diff options
Diffstat (limited to 'terranix/tailscale/acl.nix')
| -rw-r--r-- | terranix/tailscale/acl.nix | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/terranix/tailscale/acl.nix b/terranix/tailscale/acl.nix new file mode 100644 index 0000000..80e3537 --- /dev/null +++ b/terranix/tailscale/acl.nix @@ -0,0 +1,51 @@ +{ lib, ... }: +{ + resource.tailscale_acl.default = { + acl = toString ( + builtins.toJSON { + tagOwners = + let + me = [ "getchoo@github" ]; + tags = map (name: "tag:${name}") [ + "server" + "personal" + ]; + in + lib.genAttrs tags (_: me); + + acls = + let + mkAcl = action: src: dst: { inherit action src dst; }; + in + [ + (mkAcl "accept" [ "tag:personal" ] [ "*:*" ]) + (mkAcl "accept" [ "tag:server" ] [ "tag:server:*" ]) + ]; + + ssh = + let + mkSshAcl = action: src: dst: users: { + inherit + action + src + dst + users + ; + }; + in + [ + (mkSshAcl "accept" [ "tag:personal" ] + [ + "tag:server" + "tag:personal" + ] + [ + "autogroup:nonroot" + "root" + ] + ) + ]; + } + ); + }; +} |