feat(tvl-headscale): configure tag for TVL builders
Configures an ACL for a tailscale tag that can be added by the `tvl` and `tvl-builders` users. This tag will be used by dynamic builders to bootstrap and advertise to other builders that they might be valid substitution targets. Relates to b/432. Change-Id: I561a5b4bfeb7e7b306edfaf18b42404d33d84519 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12948 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
This commit is contained in:
Vincent Ambo
clbot
parent
1aeecaedae
commit
45f8f7d39f
1 changed files with 7 additions and 0 deletions
|
|
@ -14,6 +14,12 @@
|
|||
# tailscale up --login-server https://net.tvl.fyi --accept-dns=false
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
acl = with builtins; toFile "headscale-acl.json" (toJSON {
|
||||
groups."group:builders" = [ "tvl" "tvl-builders" ];
|
||||
tagOwners."tag:builders" = [ "group:builders" ];
|
||||
});
|
||||
in
|
||||
{
|
||||
# TODO(tazjin): run embedded DERP server
|
||||
services.headscale = {
|
||||
|
|
@ -23,6 +29,7 @@
|
|||
settings = {
|
||||
server_url = "https://net.tvl.fyi";
|
||||
dns.magic_dns = false;
|
||||
policy.path = acl;
|
||||
|
||||
# TLS is handled by nginx
|
||||
tls_cert_path = null;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue