feat(tvl-headscale): configure tag for TVL builders
Configures an ACL for a tailscale tag that can be added by the `tvl` and `tvl-builders` users. This tag will be used by dynamic builders to bootstrap and advertise to other builders that they might be valid substitution targets. Relates to b/432. Change-Id: I561a5b4bfeb7e7b306edfaf18b42404d33d84519 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12948 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
This commit is contained in:
Vincent Ambo
clbot
parent
1aeecaedae
commit
45f8f7d39f
1 changed files with 7 additions and 0 deletions
|
|
@ -14,6 +14,12 @@
|
||||||
# tailscale up --login-server https://net.tvl.fyi --accept-dns=false
|
# tailscale up --login-server https://net.tvl.fyi --accept-dns=false
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
acl = with builtins; toFile "headscale-acl.json" (toJSON {
|
||||||
|
groups."group:builders" = [ "tvl" "tvl-builders" ];
|
||||||
|
tagOwners."tag:builders" = [ "group:builders" ];
|
||||||
|
});
|
||||||
|
in
|
||||||
{
|
{
|
||||||
# TODO(tazjin): run embedded DERP server
|
# TODO(tazjin): run embedded DERP server
|
||||||
services.headscale = {
|
services.headscale = {
|
||||||
|
|
@ -23,6 +29,7 @@
|
||||||
settings = {
|
settings = {
|
||||||
server_url = "https://net.tvl.fyi";
|
server_url = "https://net.tvl.fyi";
|
||||||
dns.magic_dns = false;
|
dns.magic_dns = false;
|
||||||
|
policy.path = acl;
|
||||||
|
|
||||||
# TLS is handled by nginx
|
# TLS is handled by nginx
|
||||||
tls_cert_path = null;
|
tls_cert_path = null;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue