Ananth
Missed it. My bad!
I can pitch in code for this as well @teleclimber. Would love to see this feature on Headscale.
@pavanbuzz since the new beta release changes Node Magic DNS names to `.` instead of `..`, we could also solve HTTP-01 or TLS-ALPN-01 challenges. Users can point *. to their...
@pavanbuzz I get it now. With the DNS challenge, the node requesting the cert can fetch it directly from an ACME issuer. Letting the node handle its own secret material...
As @teleclimber pointed out earlier, we could embed a DNS server inside the headscale server and make it authoritative for a domain.
Leaning on lego for challenge providers sounds promising.
It was @teleclimber's idea to embed an authoritative DNS server in headscale. They've even linked to one we can use. But, the more I think about it, the less this...
As to the question of DNS zone security, the blast radius is the same whether headscale can manipulate a third-party hosted zone or whether its hosting the zone. Self-hosting reliable...
Funnel definitely needs more from the community than I think we can ask of it/ourselves for now. I'm also comfortable pitching in on serve. @pavanbuzz we can work together on...
My email and matrix links are on my GitHub profile.