headscale ssh acl

2026-02-16 18:59:34 +01:00
parent 105e573c53
commit 7b9caedaa4
6 changed files with 36 additions and 15 deletions
--- a/hosts/m3-atlas/services/headscale.nix
+++ b/hosts/m3-atlas/services/headscale.nix
@@ -36,7 +36,21 @@
          dst = ["${adminUser}:*"];
        }
      ];
-
+      # Tailscale SSH rules
+      ssh = [
+        {
+          action = "accept";
+          src = ["${adminUser}"];
+          dst = ["*"];
+          users = ["*"];
+        }
+        {
+          action = "accept";
+          src = ["group:admins"];
+          dst = ["*"];
+          users = ["*"];
+        }
+      ];
      # Auto-approvers section for routes
      autoApprovers = {
        routes = {
@@ -60,7 +74,7 @@
    services = {
      headscale = {
        enable = true;
-        adminUser = "m3tam3re@m3ta.loc";
+        adminUser = "m3tam3re";
        port = 3009;
        settings = {
          server_url = "https://va.m3tam3re.com";