While I was pretty happy with my headscale/tailscale setup, I missed one part: Vanity hostnames for services. In my tailnet, only machines get nice hostnames, but for example I want access to a host like http://grafana/ for my central Grafana (a service on a random port on one box). It took a total of 49 lines of go code to build a reverse-proxy that does this. This proxy is it's own node on the tailnet, therefore it gets a hostname and takes part in the usual routing. It then uses the reverse proxy lib built into golang to proxy to the real host.