headscale/acl.json

@@ -1,41 +1,51 @@
 {
-	"groups": {
+  "groups": {
-		"group:admin": ["davide"],
+    "group:admin": ["davide"],
-		"group:family": ["davide", "dario"],
+    "group:family": ["davide", "dario"],
-		"group:services": ["services"],
+    "group:services": ["services"],
-		"group:external": []
+    "group:external": []
-	},
+  },
-	"tagOwners": {
+  "tagOwners": {
-		"tag:web": ["group:admin"],
+    "tag:web": ["group:admin"],
-		"tag:dns": ["group:admin"],
+    "tag:dns": ["group:admin"],
-		"tag:exitnode": ["group:admin"],
+    "tag:exitnode": ["group:admin"],
-		"tag:game": ["group:admin", "group:family"]
+    "tag:game": ["group:admin", "group:family"]
-	},
+  },
-	"acls": [
+  "acls": [
-		// Family and admin should be able to access everything
+    // Family and admin should be able to access everything
-		{
+    {
-			"action": "accept",
+      "action": "accept",
-			"src": ["group:admin", "group:family"],
+      "src": ["group:admin", "group:family"],
-			"dst": [
+      "dst": [
-				"*:*"
+        "*:*"
-			]
+      ]
-		},
+    },
-		// External can access only hosted games
+    // External can access only hosted games
-		{
+    {
-			"action": "accept",
+      "action": "accept",
-			"src": ["group:external"],
+      "src": ["group:external"],
-			"dst": [
+      "dst": [
-				"tag:game:*"
+        "tag:game:*"
-			]
+      ]
-		},
+    },
-		// Everyone should access DNS server (or we break their internet connection)
+    // Everyone should access DNS server (or we break their internet connection)
-		{
+    {
-			"action": "accept",
+      "action": "accept",
-			"src": ["*"],
+      "src": ["*"],
-			"proto": "udp",
+      "proto": "udp",
-			"dst": [
+      "dst": [
-				"tag:dns:53"
+        "tag:dns:53"
-			]
+      ]
-		}
+    },
-	]
+    // Patrizio needs access to web services
+    {
+        "action": "accept",
+        "src": [
+            "tag:patrizio"
+        ],
+        "dst": [
+            "tag:web:443"
+        ]
+    }
+  ]
 }