| 26 Jul 2025 |
 ElvishJerricco | it basically just does an https proxy and handles getting the cert for $machine.$net.ts.net automatically | 07:47:58 |
 Zhaofeng Li | yeah, it's pretty convenient but one cert per device and you can't really control the $net part | 07:48:22 |
| ElvishJerricco | that's what makes sidecars attractive; you just hit the button and it does all the stuff | 07:48:23 |
 magic_rb | my bpi is officially running openwrt 🥲 | 13:58:12 |
| 27 Jul 2025 |
 antifuchs | In reply to @elvishjerricco:matrix.org
the point being that one machine can have a variety of services each with its own e.g. https://jellyfin.my-net.ts.net I wrote tsnsrv for that purpose: https://github.com/boinkor-net/tsnsrv | 00:57:52 |
| antifuchs | Best thing about it is that you can define acls for specific services that way too | 00:58:27 |
| antifuchs | * Best thing about it is that you can define acls for specific services that way too (as opposed to ports alone) | 00:58:50 |
| ElvishJerricco | ooh this is interesting | 00:59:37 |
| ElvishJerricco | I mean the caveats in the readme make me feel like I need to read every line of code for myself :P But I'm interested enough | 00:59:58 |
 Sandro 🐧 | If you trust the traffic in your tailscale net then the caveats are not that big | 01:01:36 |
| Sandro 🐧 | the listener is not even exposed to the normal os | 01:01:45 |
| antifuchs | (The readme is more cautious about promises it makes about the functionality there; I’ve been using this for like a year or two and it has pretty good e2e tests. I’d say it’s pretty ready for prime time (:) | 01:16:34 |
