motiejus/config
1
Fork 0
Code Packages Releases Activity

headscale: trying policies

Browse Source
This commit is contained in:
Motiejus Jakštys
2025-11-03 22:31:35 +00:00
parent 0cc7f2f129
commit b214b41c0c
2 changed files with 38 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
modules/services/headscale/acl-policy.json Normal file
View File

@@ -0,0 +1,37 @@
{
"groups": {
"group:admin": ["motiejus@", "servers@"]
},
"tagOwners": {
"tag:public-server": ["group:admin"]
},
"acls": [
{
"action": "accept",
"src": ["group:admin"],
"dst": ["*:*"]
},
{
"action": "accept",
"src": ["*"],
"dst": ["tag:public-server:*"]
},
{
"action": "accept",
"src": ["*"],
"proto": "tcp",
"dst": ["*:22"]
},
{
"action": "accept",
"src": ["*"],
"proto": "icmp",
"dst": ["*:*"]
}
]
}

1
modules/services/headscale/default.nix
View File

@@ -28,6 +28,7 @@
ip_prefixes = [ config.mj.services.headscale.subnetCIDR ]; ip_prefixes = [ config.mj.services.headscale.subnetCIDR ];
prefixes.v4 = config.mj.services.headscale.subnetCIDR; prefixes.v4 = config.mj.services.headscale.subnetCIDR;
log.level = "warn"; log.level = "warn";
policy.path = ./acl-policy.json;
dns = { dns = {
nameservers.global = [ nameservers.global = [
"1.1.1.1" "1.1.1.1"