feat(nix/tailscale): Add function for generating tailscale ACLs r/537

... and use it on Camden!
author: Vincent Ambo <tazjin@google.com> 2020-02-11T16·36+0000
committer: Vincent Ambo <tazjin@google.com> 2020-02-11T16·36+0000
commit: df1a4fef2bcf20a3b54f2fc1b4c8220d663d04cd (patch)
tree: 074059df9bd206850d622a4b5957c6693458edb8 /ops/nixos/camden/default.nix
parent: 44b57d095ba424df49e7a64f0dd9eba877d62386 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/ops/nixos/camden/default.nix b/ops/nixos/camden/default.nix
index d1d601ecb000..ccb580a15899 100644
--- a/ops/nixos/camden/default.nix
+++ b/ops/nixos/camden/default.nix
@@ -100,8 +100,15 @@ in pkgs.lib.fix(self: {
   services.tailscale = {
     enable = true;
     relayConf = "/etc/tailscale.conf";
-    aclFile = null; # allow all traffic for testing
     package = pkgs.third_party.tailscale;
+    aclFile = pkgs.nix.tailscale [
+      # Allow any traffic from myself
+      {
+        Action = "accept";
+        Users = [ "mail@tazj.in" ];
+        Ports = [ "*:*" ];
+      }
+    ];
   };
 
   system.stateVersion = "19.09";
author	Vincent Ambo <tazjin@google.com>	2020-02-11T16·36+0000
committer	Vincent Ambo <tazjin@google.com>	2020-02-11T16·36+0000
commit	df1a4fef2bcf20a3b54f2fc1b4c8220d663d04cd (patch)
tree	074059df9bd206850d622a4b5957c6693458edb8 /ops/nixos/camden/default.nix
parent	44b57d095ba424df49e7a64f0dd9eba877d62386 (diff)