The last time I looked (i.e. A couple of days ago), the documents sounded like Headscale now supports DERP [0].

[0]: https://headscale.net/stable/setup/requirements/#ports-in-us...

It’s not super well fleshed out by Tailscale but they have a guide.

https://tailscale.com/kb/1118/custom-derp-servers

My last company ran our own DERP servers to have more consistent endpoints we controlled

I use the built in derp server. I have run a standalone derp server hackily deployed for a month, it worked fine but didn't provide much benefit over the built in one. It was basically just a go package. If you're familiar with running Go code, it's straight forward to run, it's very, very light/unproductionised.

I have a todo task to integrate derp into my headscale deployment properly ("finish ansible role"), but when I picked it up last month, I noticed tailscale had release relay nodes, and they seem like they'd be better suited than dedicated derp nodes, but headscale hasn't implemented support for them yet.

tldr: not to hard to host DERP, just needs publicly facing endpoint (incl. letsencrypt) but the built in one is fine. But relay nodes look like they'll be a better option for most and I'd guess will be implemented in headscale sometime this year.