feat(nix/tailscale): Add function for generating tailscale ACLs r/537

... and use it on Camden!
author: Vincent Ambo <tazjin@google.com> 2020-02-11T16·36+0000
committer: Vincent Ambo <tazjin@google.com> 2020-02-11T16·36+0000
commit: df1a4fef2bcf20a3b54f2fc1b4c8220d663d04cd (patch)
tree: 074059df9bd206850d622a4b5957c6693458edb8 /nix/tailscale/default.nix
parent: 44b57d095ba424df49e7a64f0dd9eba877d62386 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/nix/tailscale/default.nix b/nix/tailscale/default.nix
new file mode 100644
index 000000000000..4f533f6d61d2
--- /dev/null
+++ b/nix/tailscale/default.nix
@@ -0,0 +1,19 @@
+# This file defines a Nix helper function to create Tailscale ACL files.
+#
+# https://tailscale.com/kb/1018/install-acls
+
+{ pkgs, ... }:
+
+with pkgs.nix.yants;
+
+let
+  inherit (builtins) toFile toJSON;
+
+  entry = struct "aclEntry" {
+    Action = enum [ "accept" "reject" ];
+    Users = list string;
+    Ports = list string;
+  };
+
+  acl = list entry;
+in entries: toFile "tailscale-acl.json" (toJSON (acl entries))
author	Vincent Ambo <tazjin@google.com>	2020-02-11T16·36+0000
committer	Vincent Ambo <tazjin@google.com>	2020-02-11T16·36+0000
commit	df1a4fef2bcf20a3b54f2fc1b4c8220d663d04cd (patch)
tree	074059df9bd206850d622a4b5957c6693458edb8 /nix/tailscale/default.nix
parent	44b57d095ba424df49e7a64f0dd9eba877d62386 (diff)