mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(nix/tailscale): Add function for generating tailscale ACLs

Browse source 
... and use it on Camden!
This commit is contained in:
Vincent Ambo 2020-02-11 16:36:28 +00:00
parent 44b57d095b
commit df1a4fef2b
2 changed files with 27 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
nix/tailscale/default.nix Normal file
View file

@ -0,0 +1,19 @@
# This file defines a Nix helper function to create Tailscale ACL files.
#
# https://tailscale.com/kb/1018/install-acls
{ pkgs, ... }:
with pkgs.nix.yants;
let
inherit (builtins) toFile toJSON;
entry = struct "aclEntry" {
Action = enum [ "accept" "reject" ];
Users = list string;
Ports = list string;
};
acl = list entry;
in entries: toFile "tailscale-acl.json" (toJSON (acl entries))

9
ops/nixos/camden/default.nix
View file

@ -100,8 +100,15 @@ in pkgs.lib.fix(self: {
services.tailscale = { services.tailscale = {
enable = true; enable = true;
relayConf = "/etc/tailscale.conf"; relayConf = "/etc/tailscale.conf";
aclFile = null; # allow all traffic for testing
package = pkgs.third_party.tailscale; package = pkgs.third_party.tailscale;
aclFile = pkgs.nix.tailscale [
# Allow any traffic from myself
{
Action = "accept";
Users = [ "mail@tazj.in" ];
Ports = [ "*:*" ];
}
];
}; };
system.stateVersion = "19.09"; system.stateVersion = "19.09";