headscale: trying policies

2025-11-03 22:31:35 +00:00
parent 0cc7f2f129
commit b214b41c0c
2 changed files with 38 additions and 0 deletions
--- a/modules/services/headscale/acl-policy.json
+++ b/modules/services/headscale/acl-policy.json
@@ -0,0 +1,37 @@
+{
+  "groups": {
+    "group:admin": ["motiejus@", "servers@"]
+  },
+  
+  "tagOwners": {
+    "tag:public-server": ["group:admin"]
+  },
+  
+  "acls": [
+    {
+      "action": "accept",
+      "src": ["group:admin"],
+      "dst": ["*:*"]
+    },
+    
+    {
+      "action": "accept",
+      "src": ["*"],
+      "dst": ["tag:public-server:*"]
+    },
+    
+    {
+      "action": "accept",
+      "src": ["*"],
+      "proto": "tcp",
+      "dst": ["*:22"]
+    },
+    
+    {
+      "action": "accept",
+      "src": ["*"],
+      "proto": "icmp",
+      "dst": ["*:*"]
+    }
+  ]
+}