1 files changed, 14 insertions, 3 deletions

diff --git a/playbooks/roles/outbound/templates/headscale/config/acl.json b/playbooks/roles/outbound/templates/headscale/config/acl.json
index 242d01e..dcdd954 100644
--- a/playbooks/roles/outbound/templates/headscale/config/acl.json
+++ b/playbooks/roles/outbound/templates/headscale/config/acl.json
@@ -1,9 +1,13 @@
 {
   "groups": {
-    "group:coffee_admins": ["liz{{ oauth_user_suffix }}", "lucina{{ oauth_user_suffix }}"],
+    "group:vpn_admins": [
+{% for user in vpn_admins %}
+      "{{ user }}{{ oauth_user_suffix }}"{{ ", " if not loop.last else "" }}
+{% endfor %}
+    ]
   },
   "acls": [
-{% for user in ["liz", "lucina", "riley"] %}
+{% for user in vpn_users %}
     {
       "action": "accept",
       "src": ["{{ user }}{{ oauth_user_suffix }}"],
@@ -15,9 +19,16 @@
       "src": ["{{ auth_key_user }}"],
       "dst": ["{{ auth_key_user }}:*", "{{ loadbalancer_ip }}/32:*"]
     },
+{% for user, m in mesh.items() %}
+    {
+      "action": "accept",
+      "src": ["{{ user }}{{ oauth_user_suffix }}"],
+      "dst": ["{{ m.gateway }}/32:*]"
+    },
+{% endfor %}
     {
       "action": "accept",
-      "src": ["group:coffee_admins"],
+      "src": ["group:vpn_admins"],
       "dst": ["{{ loadbalancer_ip }}/32:*"]
     }
   ]