riley vpn acl

2024-01-08 04:11:51 -05:00 · 2024-01-08 04:11:51 -05:00 · a5ddb4f7f6
commit a5ddb4f7f6
parent 2227a2c0aa
2 changed files with 18 additions and 0 deletions
--- a/group_vars/vpn.yml
+++ b/group_vars/vpn.yml
@ -2,3 +2,4 @@
 headscale_oidc_secret: "{{ lookup('env', 'HEADSCALE_OIDC_SECRET') }}"
 headscale_allowed_users:
  - "elizabeth.hunt@simponic.xyz"
+  - "riley.ferguson@simponic.xyz"
--- a/roles/vpn/files/config/acl.json
+++ b/roles/vpn/files/config/acl.json
@ -1,6 +1,8 @@
 {
  "groups": {
    "group:admin": ["elizabeth.hunt"],
+    "group:roomates": ["riley.ferguson"],
+    "group:friends": ["riley.ferguson"],
    "group:sys": ["sys"]
  },
  "tagOwners": {
@ -23,6 +25,21 @@
      "action": "accept",
      "src": ["group:sys"],
      "dst": ["group:sys:*"]
+    },
+    {
+      "action": "accept",
+      "src": ["group:admin"],
+      "dst": ["10.0.0.0/24:*"]
+    },
+    {
+      "action": "accept",
+      "src": ["group:roomates"],
+      "dst": ["10.0.0.0/24:*", "tag:router:*"]
+    },
+    {
+      "action": "accept",
+      "src": ["group:friends"],
+      "dst": ["group:sys:*"]
    }
  ]
 }