diff options
| author | Elizabeth Hunt <elizabeth.hunt@simponic.xyz> | 2024-01-08 04:11:51 -0500 |
|---|---|---|
| committer | Elizabeth Hunt <elizabeth.hunt@simponic.xyz> | 2024-01-08 04:11:51 -0500 |
| commit | a5ddb4f7f64fc4a077696a0fdd92d41f7d9626d2 (patch) | |
| tree | 7ff108d1930f4c14dc4ab8b282ab1d041e040749 | |
| parent | 2227a2c0aa044b22eff4cd5355c1f30f31bb77ad (diff) | |
| download | oldinfra-a5ddb4f7f64fc4a077696a0fdd92d41f7d9626d2.tar.gz oldinfra-a5ddb4f7f64fc4a077696a0fdd92d41f7d9626d2.zip | |
riley vpn acl
| -rw-r--r-- | group_vars/vpn.yml | 1 | ||||
| -rw-r--r-- | roles/vpn/files/config/acl.json | 17 |
2 files changed, 18 insertions, 0 deletions
diff --git a/group_vars/vpn.yml b/group_vars/vpn.yml index ddf8081..e644e16 100644 --- a/group_vars/vpn.yml +++ b/group_vars/vpn.yml @@ -2,3 +2,4 @@ headscale_oidc_secret: "{{ lookup('env', 'HEADSCALE_OIDC_SECRET') }}" headscale_allowed_users: - "elizabeth.hunt@simponic.xyz" + - "riley.ferguson@simponic.xyz" diff --git a/roles/vpn/files/config/acl.json b/roles/vpn/files/config/acl.json index 7c28276..50095da 100644 --- a/roles/vpn/files/config/acl.json +++ b/roles/vpn/files/config/acl.json @@ -1,6 +1,8 @@ { "groups": { "group:admin": ["elizabeth.hunt"], + "group:roomates": ["riley.ferguson"], + "group:friends": ["riley.ferguson"], "group:sys": ["sys"] }, "tagOwners": { @@ -23,6 +25,21 @@ "action": "accept", "src": ["group:sys"], "dst": ["group:sys:*"] + }, + { + "action": "accept", + "src": ["group:admin"], + "dst": ["10.0.0.0/24:*"] + }, + { + "action": "accept", + "src": ["group:roomates"], + "dst": ["10.0.0.0/24:*", "tag:router:*"] + }, + { + "action": "accept", + "src": ["group:friends"], + "dst": ["group:sys:*"] } ] } |