terranix: remove gha tag from acls

2 files changed, 3 insertions, 4 deletions

diff --git a/ext/terranix/tailscale/acl.nix b/ext/terranix/tailscale/acl.nix
index d27d3e1..338e373 100644
--- a/ext/terranix/tailscale/acl.nix
+++ b/ext/terranix/tailscale/acl.nix
@@ -3,7 +3,7 @@
     acl = toString (builtins.toJSON {
       tagOwners = let
         me = ["getchoo@github"];
-        tags = map (name: "tag:${name}") ["server" "personal" "gha"];
+        tags = map (name: "tag:${name}") ["server" "personal"];
       in
         lib.genAttrs tags (_: me);
 
@@ -11,14 +11,13 @@
         mkAcl = action: src: dst: {inherit action src dst;};
       in [
         (mkAcl "accept" ["tag:personal"] ["*:*"])
-        (mkAcl "accept" ["tag:server" "tag:gha"] ["tag:server:*"])
+        (mkAcl "accept" ["tag:server"] ["tag:server:*"])
       ];
 
       ssh = let
         mkSshAcl = action: src: dst: users: {inherit action src dst users;};
       in [
         (mkSshAcl "accept" ["tag:personal"] ["tag:server" "tag:personal"] ["autogroup:nonroot" "root"])
-        (mkSshAcl "accept" ["tag:gha"] ["tag:server"] ["root"])
       ];
     });
   };
diff --git a/ext/terranix/tailscale/tags.nix b/ext/terranix/tailscale/tags.nix
index a776756..ff41c82 100644
--- a/ext/terranix/tailscale/tags.nix
+++ b/ext/terranix/tailscale/tags.nix
@@ -3,7 +3,7 @@
     getDeviceID = device: lib.tfRef "data.tailscale_device.${device}.id";
     toTags = n: v: {device_id = getDeviceID n;} // v;
 
-    tags = lib.genAttrs ["server" "personal" "gha"] (n: ["tag:${n}"]);
+    tags = lib.genAttrs ["server" "personal"] (n: ["tag:${n}"]);
   in
     builtins.mapAttrs toTags {
       atlas.tags = tags.server;