Tailscale (and similar services) is an abstraction on top of Wireguard. This gives you a few benefits:
1. You get a mesh network out of the box without having to keep track of Wireguard peers. It saves a bunch of work once you’re beyond the ~5 node range.
2. You can quickly share access to your network with others - think family & friends.
3. You have the ability to easily define fine grained connectivity policies. For example, machines in the “untrusted” group cannot reach machines in the “trusted” group.
4. It “just works”. No need to worry about NAT or port forwarding, especially when dealing with devices in your home network.
Also it has a very rich ACL system. The Immich node can be locked out from accessing any other node in the network, but other nodes can be allowed to access it.
1. You get a mesh network out of the box without having to keep track of Wireguard peers. It saves a bunch of work once you’re beyond the ~5 node range.
2. You can quickly share access to your network with others - think family & friends.
3. You have the ability to easily define fine grained connectivity policies. For example, machines in the “untrusted” group cannot reach machines in the “trusted” group.
4. It “just works”. No need to worry about NAT or port forwarding, especially when dealing with devices in your home network.