From 562df598d0303b17e0b040411507f52f3b40d967 Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <elizabeth.hunt@simponic.xyz>
Date: Wed, 3 Jan 2024 01:56:01 -0500
Subject: fix empty acl error and begin work on webserver deployments with
 nginx

---
 roles/vpn/files/config/acl.yml    |  3 +++
 roles/vpn/files/config/config.yml | 33 +--------------------------------
 2 files changed, 4 insertions(+), 32 deletions(-)

(limited to 'roles/vpn/files')

diff --git a/roles/vpn/files/config/acl.yml b/roles/vpn/files/config/acl.yml
index ed97d53..c00cf48 100644
--- a/roles/vpn/files/config/acl.yml
+++ b/roles/vpn/files/config/acl.yml
@@ -1 +1,4 @@
 ---
+groups:
+  admin:
+    - "lizzy"
diff --git a/roles/vpn/files/config/config.yml b/roles/vpn/files/config/config.yml
index 17ab98b..3942feb 100644
--- a/roles/vpn/files/config/config.yml
+++ b/roles/vpn/files/config/config.yml
@@ -149,37 +149,6 @@ db_path: /var/lib/headscale/db.sqlite
 # in the 'db_ssl' field. Refers to https://www.postgresql.org/docs/current/libpq-ssl.html Table 34.1.
 # db_ssl: false
 
-### TLS configuration
-#
-## Let's encrypt / ACME
-#
-# headscale supports automatically requesting and setting up
-# TLS for a domain with Let's Encrypt.
-#
-# URL to ACME directory
-acme_url: https://acme-v02.api.letsencrypt.org/directory
-
-# Email to register with ACME provider
-acme_email: "elizabeth.hunt@simponic.xyz"
-
-# Domain name to request a TLS certificate for:
-tls_letsencrypt_hostname: "headscale.simponic.xyz"
-
-# Path to store certificates and metadata needed by
-# letsencrypt
-# For production:
-tls_letsencrypt_cache_dir: /var/lib/headscale/cache
-
-# Type of ACME challenge to use, currently supported types:
-# HTTP-01 or TLS-ALPN-01
-# See [docs/tls.md](docs/tls.md) for more information
-tls_letsencrypt_challenge_type: HTTP-01
-# When HTTP-01 challenge is chosen, letsencrypt must set up a
-# verification endpoint, and it will be listening on:
-# :http = port 80
-tls_letsencrypt_listen: ":http"
-
-## Use already defined certificates:
 tls_cert_path: ""
 tls_key_path: ""
 
@@ -191,7 +160,7 @@ log:
 # Path to a file containg ACL policies.
 # ACLs can be defined as YAML or HUJSON.
 # https://tailscale.com/kb/1018/acls/
-acl_policy_path: ""
+acl_policy_path: "/etc/headscale/acl.yml"
 
 ## DNS
 #
-- 
cgit v1.2.3-70-g09d2