I am wondering what people’s solutions are for this conundrum. The simplest solution would be to just add this person as a user to my tailnet and have them access my sites that way, perhaps I could also limit access to certain cites by ACL e.g. the Cockpit web-management interface. I would, however, much prefer being able to just share-out my server node, and pick which services are served on their tailnet. Is this a plausible route to go?
If the other person has a Tailscale account, it sounds like the most expedient method is to simply invite them to the tailnet as a non-admin user with strict access control.
You could share a node with an outside user, but I don’t know how much the quarantine would affect its functionality. You could also use Funnel to expose the node to the internet (essentially like a reverse proxy), but there are obvious vital security considerations with that approach.
That is what it seems like based on what I have read :/
I guess the best option in my case then is likely to add them as a non-admin user to my tailnet. The only concern I have is with the potential of one user deactivating the VPN connection unkowingly, which is probably where Funnel comes in as a better option, but I would prefer to avoid serving stuff on the web when possible. (It is specifically a FreshRSS instance for now)