feat: add guest tag to headscale acl

2025-01-09 11:19:09 +01:00 · 2025-01-09 11:19:09 +01:00 · dd3a615c53
commit dd3a615c53
parent 46f9d4328b
1 changed files with 30 additions and 12 deletions
--- a/hosts/raptus/headscale/acls.nix
+++ b/hosts/raptus/headscale/acls.nix
@ -19,27 +19,45 @@ in
    name = "headscale-acl.hujson";
    text = builtins.toJSON {
      acls = [
-        (mkAcl [ "tag:client" ] [
+        (mkAcl
+          [ "tag:client" ]
+          [
            "tag:client:*"
            "tag:server:*"
-        ]) # client -> {client, server}
-        (mkAcl [
+          ]
+        ) # client -> {client, server}
+
+        (mkAcl
+          [
            "tag:client"
            "tag:server"
-        ] [ "tag:backup:${toString options.modules.server.rsync-daemon.port.default}" ])
+          ]
+          [ "tag:backup:${toString options.modules.server.rsync-daemon.port.default}" ]
+        )
+
+        (mkAcl
+          [
+            "tag:guest"
+          ]
+          [ "paperless.ccnlc.eu:443" "immich.ccnlc.eu:443" ]
+        )
      ];

      ssh = [
-        (mkSshAcl [ "tag:client" ] [
+        (mkSshAcl [ "tag:client" ]
+          [
            "tag:server"
            "tag:client"
-        ] [ "ny" ]) # client -> {client, server}
+          ]
+          [ "ny" ]
+        ) # client -> {client, server}
      ];

      tags = [
        "tag:client"
        "tag:server"
        "tag:backup"
+        "tag:guest"
      ];

      tagOwners =