mirror of
https://github.com/foo-dogsquared/nixos-config.git
synced 2025-02-12 18:18:59 +00:00
50 lines
1007 B
HCL
50 lines
1007 B
HCL
data "tailscale_devices" "foodogsquared" {
|
|
name_prefix = "foodogsquared-"
|
|
}
|
|
|
|
resource "tailscale_contacts" "default" {
|
|
account {
|
|
email = "foodogsquared@foodogsquared.one"
|
|
}
|
|
|
|
support {
|
|
email = "foodogsquared@foodogsquared.one"
|
|
}
|
|
|
|
security {
|
|
email = "welp@foodogsquared.one"
|
|
}
|
|
}
|
|
|
|
resource "tailscale_acl" "basic" {
|
|
acl = jsonencode({
|
|
tagOwners : {
|
|
"tag:dev" : ["group:dev"],
|
|
"tag:server" : ["group:admin"],
|
|
"tag:family" : [
|
|
"foodogsquared@foodogsquared.one"
|
|
],
|
|
}
|
|
groups : {
|
|
"group:admin" : ["foodogsquared@foodogsquared.one"],
|
|
"group:dev" : ["foodogsquared@foodogsquared.one"],
|
|
}
|
|
ssh : [
|
|
{
|
|
action : "accept"
|
|
src : ["autogroup:members"]
|
|
dst : ["autogroup:self"]
|
|
users : ["autogroup:nonroot"]
|
|
},
|
|
|
|
{
|
|
action : "accept"
|
|
src : ["group:dev"]
|
|
dst : ["tag:dev"]
|
|
users : ["admin"]
|
|
}
|
|
]
|
|
})
|
|
depends_on = [module.hetzner_vps_plover]
|
|
}
|