terranix: remove gha tag from acls

author: seth <[email protected]> 2024-02-09 01:20:53 -0500
committer: seth <[email protected]> 2024-02-09 01:20:53 -0500
commit: 700fa81dd66cffdf0e8fa5a3e02b76bc7124d33a (patch)
tree: 16b5692e5065eecbf58e325eafa01236d7983c93 /ext/terranix/tailscale/acl.nix
parent: 01af1992af7bee7705849c1ac6e844adce5ec583 (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/ext/terranix/tailscale/acl.nix b/ext/terranix/tailscale/acl.nix
index d27d3e1..338e373 100644
--- a/ext/terranix/tailscale/acl.nix
+++ b/ext/terranix/tailscale/acl.nix
@@ -3,7 +3,7 @@
     acl = toString (builtins.toJSON {
       tagOwners = let
         me = ["getchoo@github"];
-        tags = map (name: "tag:${name}") ["server" "personal" "gha"];
+        tags = map (name: "tag:${name}") ["server" "personal"];
       in
         lib.genAttrs tags (_: me);
 
@@ -11,14 +11,13 @@
         mkAcl = action: src: dst: {inherit action src dst;};
       in [
         (mkAcl "accept" ["tag:personal"] ["*:*"])
-        (mkAcl "accept" ["tag:server" "tag:gha"] ["tag:server:*"])
+        (mkAcl "accept" ["tag:server"] ["tag:server:*"])
       ];
 
       ssh = let
         mkSshAcl = action: src: dst: users: {inherit action src dst users;};
       in [
         (mkSshAcl "accept" ["tag:personal"] ["tag:server" "tag:personal"] ["autogroup:nonroot" "root"])
-        (mkSshAcl "accept" ["tag:gha"] ["tag:server"] ["root"])
       ];
     });
   };
author	seth <[email protected]>	2024-02-09 01:20:53 -0500
committer	seth <[email protected]>	2024-02-09 01:20:53 -0500
commit	700fa81dd66cffdf0e8fa5a3e02b76bc7124d33a (patch)
tree	16b5692e5065eecbf58e325eafa01236d7983c93 /ext/terranix/tailscale/acl.nix
parent	01af1992af7bee7705849c1ac6e844adce5ec583 (diff)