This is an addon to run Yggdrasil on Home Assistant. I’ve been using a local build version for a while and yesterday I decided to polish it with pre-built images and to share it with you.
It’s currently missing specific documentation. Have a look at the official Yggdrasil Config Reference (link pending due to new user status) to learn how it works.
Every option except “peers” is optional. You need peers to establish a connection to the/a wider network. You can use a few public peers (link pending due to new user status) to join the official Yggdrasil network.
Thanks for your work.
I’m thinking about replacing tailscale with yggdrasil, but i read mixed things security wise.
I’ve read that just whitelisting is not secure enough.
Do you have any pointers for further reading for this use case?
Whitelisting doesn’t apply to multicast peer discovery, so make sure to only use that on trusted interfaces and with a password.
It also doesn’t protect you if any one other node is reachable from the wider Yggdrasil network. Then anyone could just hop from the public Yggdrasil network → your one joined node → any other node you have with whitelisting.
I only use my own nodes for connections and none of them are joined to the public Yggdrasil network. Most of them have whitelisting enabled, especially those that are publicly reachable. The only nodes without whitelisting are my Home Assistant box, my NAS and “client” devices because it’d be a huge hassle to automate key distribution.
Apart from that having a firewall is recommended and you could use that to only allow traffic from specific ips.
In general, using Yggdrasil will be much more effort to set up than Tailscale. You’ll need to build some of your own automation for key distribution.
It’s alpha-ish software so there can be more breaking changes in the future.
There are also a bunch of other small issues you’ll run into. For example, I often have to reload links going through Yggdrasil because the timeout in Firefox is slightly too short before it gives up.
The Android app might also have issues for you. In my case with LineageOS, I can’t have an ipv6 address. Otherwise it won’t route through Yggdrasil issue 76
In conclusion, it’s a lot of small annoyances and paper cuts, but it’s probably still the best fully distributed, self healing mesh system you can have.
