I guess it probably only needs a hostname. Although I'd still feel uneasy about running it at home, because I don't want any incoming connections to my home network unless it's over Tailscale, and headscale would need some kind of firewall exception.

Maybe headscale could run at home, served over a tunnel[1] to a VPS. But honestly, if I ever lost confidence in the trustworthiness of Tailscale the company, I would just connect my devices with some other overlay network like Yggdrasil[2] or Tor.

[1]: https://github.com/anderspitman/awesome-tunneling [2]: https://yggdrasil-network.github.io/

I think Nebula is the current favorite, but it's not as plug and play as Tailscale.