diff --git a/headscale/acl.json b/headscale/acl.json index 7639437..c993bfd 100644 --- a/headscale/acl.json +++ b/headscale/acl.json @@ -1,41 +1,51 @@ { - "groups": { - "group:admin": ["davide"], - "group:family": ["davide", "dario"], - "group:services": ["services"], - "group:external": [] - }, - "tagOwners": { - "tag:web": ["group:admin"], - "tag:dns": ["group:admin"], - "tag:exitnode": ["group:admin"], - "tag:game": ["group:admin", "group:family"] - }, - "acls": [ - // Family and admin should be able to access everything - { - "action": "accept", - "src": ["group:admin", "group:family"], - "dst": [ - "*:*" - ] - }, - // External can access only hosted games - { - "action": "accept", - "src": ["group:external"], - "dst": [ - "tag:game:*" - ] - }, - // Everyone should access DNS server (or we break their internet connection) - { - "action": "accept", - "src": ["*"], - "proto": "udp", - "dst": [ - "tag:dns:53" - ] - } - ] + "groups": { + "group:admin": ["davide"], + "group:family": ["davide", "dario"], + "group:services": ["services"], + "group:external": [] + }, + "tagOwners": { + "tag:web": ["group:admin"], + "tag:dns": ["group:admin"], + "tag:exitnode": ["group:admin"], + "tag:game": ["group:admin", "group:family"] + }, + "acls": [ + // Family and admin should be able to access everything + { + "action": "accept", + "src": ["group:admin", "group:family"], + "dst": [ + "*:*" + ] + }, + // External can access only hosted games + { + "action": "accept", + "src": ["group:external"], + "dst": [ + "tag:game:*" + ] + }, + // Everyone should access DNS server (or we break their internet connection) + { + "action": "accept", + "src": ["*"], + "proto": "udp", + "dst": [ + "tag:dns:53" + ] + }, + // Patrizio needs access to web services + { + "action": "accept", + "src": [ + "tag:patrizio" + ], + "dst": [ + "tag:web:443" + ] + } + ] }