polpetta/server-dotfiles
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
server-dotfiles/headscale/acl.json
Davide Polonio a8aee24639 feat: put Patrizio inside VPN (#43) 
Co-authored-by: Davide Polonio <davide.polonio@infinitaslearning.com>
Reviewed-on: #43
Co-authored-by: Davide Polonio <poloniodavide@gmail.com>
Co-committed-by: Davide Polonio <poloniodavide@gmail.com>
2026-04-17 11:32:59 +02:00

52 lines
1.1 KiB
JSON
Raw Blame History

{
"groups": {
"group:admin": ["davide"],
"group:family": ["davide", "dario"],
"group:services": ["services"],
"group:external": []
},
"tagOwners": {
"tag:web": ["group:admin"],
"tag:dns": ["group:admin"],
"tag:exitnode": ["group:admin"],
"tag:game": ["group:admin", "group:family"]
},
"acls": [
// Family and admin should be able to access everything
{
"action": "accept",
"src": ["group:admin", "group:family"],
"dst": [
"*:*"
]
},
// External can access only hosted games
{
"action": "accept",
"src": ["group:external"],
"dst": [
"tag:game:*"
]
},
// Everyone should access DNS server (or we break their internet connection)
{
"action": "accept",
"src": ["*"],
"proto": "udp",
"dst": [
"tag:dns:53"
]
},
// Patrizio needs access to web services
{
"action": "accept",
"src": [
"tag:patrizio"
],
"dst": [
"tag:web:443"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink