From b8ffbfe27eae919750ef4d3facf02393d1004287 Mon Sep 17 00:00:00 2001
From: Elizabeth Alexander Hunt <me@liz.coffee>
Date: Wed, 7 May 2025 18:10:57 -0700
Subject: .git was corrupted on the machine i worked on these many commits. so
 here it is all at once :P

---
 .../roles/outbound/templates/headscale/config/acl.json    | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

(limited to 'playbooks/roles/outbound/templates/headscale')

diff --git a/playbooks/roles/outbound/templates/headscale/config/acl.json b/playbooks/roles/outbound/templates/headscale/config/acl.json
index 449207d..242d01e 100644
--- a/playbooks/roles/outbound/templates/headscale/config/acl.json
+++ b/playbooks/roles/outbound/templates/headscale/config/acl.json
@@ -1,17 +1,24 @@
 {
   "groups": {
-    "group:internal": ["liz{{ oauth_user_suffix }}", "lucina{{ oauth_user_suffix }}", "riley{{ oauth_user_suffix }}"],
+    "group:coffee_admins": ["liz{{ oauth_user_suffix }}", "lucina{{ oauth_user_suffix }}"],
   },
   "acls": [
+{% for user in ["liz", "lucina", "riley"] %}
+    {
+      "action": "accept",
+      "src": ["{{ user }}{{ oauth_user_suffix }}"],
+      "dst": ["{{ user }}{{ oauth_user_suffix }}:*"]
+    },
+{% endfor %}
     {
       "action": "accept",
       "src": ["{{ auth_key_user }}"],
-      "dst": ["{{ auth_key_user }}:*", "10.0.0.0/8:*"]
+      "dst": ["{{ auth_key_user }}:*", "{{ loadbalancer_ip }}/32:*"]
     },
     {
       "action": "accept",
-      "src": ["group:internal"],
-      "dst": ["10.0.0.0/8:*"]
+      "src": ["group:coffee_admins"],
+      "dst": ["{{ loadbalancer_ip }}/32:*"]
     }
   ]
 }
-- 
cgit v1.2.3-70-g09d2