nydragon/nix-da
1
Fork 0
Code Issues Pull requests Activity Actions 1

feat: add guest tag to headscale acl

Browse source
This commit is contained in:
Nydragon 2025-01-09 11:19:09 +01:00
parent 46f9d4328b
commit dd3a615c53
Signed by: nydragon
SSH key fingerprint: SHA256:WcjW5NJPQ8Dx4uQDmoIlVPLWE27Od3fxoe0IUvuoPHE
1 changed files with 30 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
hosts/raptus/headscale/acls.nix
View file

@ -19,27 +19,45 @@ in
name = "headscale-acl.hujson"; name = "headscale-acl.hujson";
text = builtins.toJSON { text = builtins.toJSON {
acls = [ acls = [
(mkAcl [ "tag:client" ] [ (mkAcl
[ "tag:client" ]
[
"tag:client:*" "tag:client:*"
"tag:server:*" "tag:server:*"
]) # client -> {client, server} ]
(mkAcl [ ) # client -> {client, server}
(mkAcl
[
"tag:client" "tag:client"
"tag:server" "tag:server"
] [ "tag:backup:${toString options.modules.server.rsync-daemon.port.default}" ]) ]
[ "tag:backup:${toString options.modules.server.rsync-daemon.port.default}" ]
)
(mkAcl
[
"tag:guest"
]
[ "paperless.ccnlc.eu:443" "immich.ccnlc.eu:443" ]
)
]; ];
ssh = [ ssh = [
(mkSshAcl [ "tag:client" ] [ (mkSshAcl [ "tag:client" ]
[
"tag:server" "tag:server"
"tag:client" "tag:client"
] [ "ny" ]) # client -> {client, server} ]
[ "ny" ]
) # client -> {client, server}
]; ];
tags = [ tags = [
"tag:client" "tag:client"
"tag:server" "tag:server"
"tag:backup" "tag:backup"
"tag:guest"
]; ];
tagOwners = tagOwners =