citadel-shield.service
— self-hosted coordination plane
- Loaded
- loaded (headscale v0.29.1)
- Active
- active (running)
- Node
- ammers-macbook-air (100.64.0.1)
- Nodes connected
- 1
- ACL
- closed-default · group:home
- Reachable
- tailnet-only
BUILD LOG
-
[DEPLOYED]
Stood up the coordination server
Headscale running in Docker — a self-hosted, Tailscale-compatible control plane. No third-party SaaS coordination server in the loop.
-
[PATCHED]
Fixed three breaking changes
Entrypoint duplication, a restructured config schema, and a missing DERP relay map — all surfaced by running a current headscale version against an older config format.
-
[REGISTERED]
Brought the first node online
Created the primary user, generated a pre-auth key, and approved the node registration through the CLI.
-
[HARDENED]
Closed the ACL
Replaced the default accept-all policy with a closed-by-default rule — only devices under one user can reach each other.
-
[SHIPPED]
This page
Containerized, live-reloading, and reachable only over the tailnet — not exposed publicly.