nydragon/nix-da
1
Fork 0
Code Issues Pull requests Activity Actions 1

feat: add guest tag to headscale acl

Browse source
This commit is contained in:
Nydragon 2025-01-09 11:19:09 +01:00
parent 46f9d4328b
commit dd3a615c53
Signed by: nydragon
SSH key fingerprint: SHA256:WcjW5NJPQ8Dx4uQDmoIlVPLWE27Od3fxoe0IUvuoPHE
1 changed files with 30 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
hosts/raptus/headscale/acls.nix
View file

@ -19,27 +19,45 @@ in
name = "headscale-acl.hujson"; name = "headscale-acl.hujson";
text = builtins.toJSON { text = builtins.toJSON {
acls = [ acls = [
(mkAcl [ "tag:client" ] [ (mkAcl
"tag:client:*" [ "tag:client" ]
"tag:server:*" [
]) # client -> {client, server} "tag:client:*"
(mkAcl [ "tag:server:*"
"tag:client" ]
"tag:server" ) # client -> {client, server}
] [ "tag:backup:${toString options.modules.server.rsync-daemon.port.default}" ])
(mkAcl
[
"tag:client"
"tag:server"
]
[ "tag:backup:${toString options.modules.server.rsync-daemon.port.default}" ]
)
(mkAcl
[
"tag:guest"
]
[ "paperless.ccnlc.eu:443" "immich.ccnlc.eu:443" ]
)
]; ];
ssh = [ ssh = [
(mkSshAcl [ "tag:client" ] [ (mkSshAcl [ "tag:client" ]
"tag:server" [
"tag:client" "tag:server"
] [ "ny" ]) # client -> {client, server} "tag:client"
]
[ "ny" ]
) # client -> {client, server}
]; ];
tags = [ tags = [
"tag:client" "tag:client"
"tag:server" "tag:server"
"tag:backup" "tag:backup"
"tag:guest"
]; ];
tagOwners = tagOwners =