-
-
Notifications
You must be signed in to change notification settings - Fork 1
/
policy.hujson
41 lines (41 loc) Β· 1.18 KB
/
policy.hujson
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
// This tailnet's ACLs are maintained in https://gitlab.com/garuda-linux/infra-nix
{
// Define access control lists for users, groups, autogroups, tags,
// Tailscale IP addresses, and subnet ranges
"acls": [
// All servers can connect to each other, use exit nodes and oracle-dragon as DNS
{
"action": "accept",
"src": ["tag:infra"],
"dst": ["tag:infra:*", "autogroup:internet:*", "100.86.102.115:*"],
},
// Tailscale admins can access every device
{
"action": "accept",
"src": ["autogroup:admin"],
"dst": ["*:*"],
},
// Shared out nodes can be accessed on SSH / Mosh ports
{
"action": "accept",
"src": ["autogroup:shared"],
"dst": ["*:22,222-230,666,60000-61000"],
},
// Let the chaotic nodes connect to chaotic-v4's Redis (build distribution)
{
"action": "accept",
"src": ["tag:chaotic-node"],
"dst": ["100.75.227.149:22,6379"],
},
],
// Current infra maintainers
"groups": {
"group:admins": ["dr460nf1r3@github", "JustTNE@github"],
},
// Define a tag to use as destinations
"tagOwners": {
// Admins may apply the "infra" tag
"tag:infra": ["group:admins"],
"tag:chaotic-node": ["group:admins"],
},
}