1 files changed, 8 insertions, 8 deletions

diff --git a/playbooks/roles/outbound/templates/headscale/config/acl.json b/playbooks/roles/outbound/templates/headscale/config/acl.json
index dcdd954..410de11 100644
--- a/playbooks/roles/outbound/templates/headscale/config/acl.json
+++ b/playbooks/roles/outbound/templates/headscale/config/acl.json
@@ -2,7 +2,7 @@
   "groups": {
     "group:vpn_admins": [
 {% for user in vpn_admins %}
-      "{{ user }}{{ oauth_user_suffix }}"{{ ", " if not loop.last else "" }}
+      "{{ user }}@{{ oauth_user_suffix }}"{{ ", " if not loop.last else "" }}
 {% endfor %}
     ]
   },
@@ -10,26 +10,26 @@
 {% for user in vpn_users %}
     {
       "action": "accept",
-      "src": ["{{ user }}{{ oauth_user_suffix }}"],
-      "dst": ["{{ user }}{{ oauth_user_suffix }}:*"]
+      "src": ["{{ user }}@{{ oauth_user_suffix }}"],
+      "dst": ["{{ user }}@{{ oauth_user_suffix }}:*"]
     },
 {% endfor %}
     {
       "action": "accept",
-      "src": ["{{ auth_key_user }}"],
-      "dst": ["{{ auth_key_user }}:*", "{{ loadbalancer_ip }}/32:*"]
+      "src": ["{{ auth_key_user }}@"],
+      "dst": ["{{ auth_key_user }}@:*", "{{ loadbalancer_ip }}/32:*"]
     },
 {% for user, m in mesh.items() %}
     {
       "action": "accept",
-      "src": ["{{ user }}{{ oauth_user_suffix }}"],
-      "dst": ["{{ m.gateway }}/32:*]"
+      "src": ["{{ user }}@{{ oauth_user_suffix }}"],
+      "dst": ["{{ m.gateway }}/32:*"]
     },
 {% endfor %}
     {
       "action": "accept",
       "src": ["group:vpn_admins"],
-      "dst": ["{{ loadbalancer_ip }}/32:*"]
+      "dst": [{% for user, m in mesh.items() %} "{{ m.gateway }}/32:*", {% endfor %} "{{ loadbalancer_ip }}/32:*"]
     }
   ]
 }