d34c527372
I'm looking at removing some of these because they can cause unnecessary build steps during CI pipeline generation. Change-Id: I84742968918090c050d2eedab8a1b42692632a42 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2655 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
30 lines
700 B
Nix
30 lines
700 B
Nix
# This file defines a Nix helper function to create Tailscale ACL files.
|
|
#
|
|
# https://tailscale.com/kb/1018/install-acls
|
|
|
|
{ depot, pkgs, ... }:
|
|
|
|
with depot.nix.yants;
|
|
|
|
let
|
|
inherit (builtins) toFile toJSON;
|
|
|
|
acl = struct "acl" {
|
|
Action = enum [ "accept" "reject" ];
|
|
Users = list string;
|
|
Ports = list string;
|
|
};
|
|
|
|
acls = list entry;
|
|
|
|
aclConfig = struct "aclConfig" {
|
|
# Static group mappings from group names to lists of users
|
|
Groups = option (attrs (list string));
|
|
|
|
# Hostname aliases to use in place of IPs
|
|
Hosts = option (attrs string);
|
|
|
|
# Actual ACL entries
|
|
ACLs = list acl;
|
|
};
|
|
in config: pkgs.writeText "tailscale-acl.json" (toJSON (aclConfig config))
|