about summary refs log tree commit diff
path: root/nix/tailscale
diff options
context:
space:
mode:
Diffstat (limited to 'nix/tailscale')
-rw-r--r--nix/tailscale/default.nix31
1 files changed, 31 insertions, 0 deletions
diff --git a/nix/tailscale/default.nix b/nix/tailscale/default.nix
new file mode 100644
index 000000000000..363f717db6de
--- /dev/null
+++ b/nix/tailscale/default.nix
@@ -0,0 +1,31 @@
+# This file defines a Nix helper function to create Tailscale ACL files.
+#
+# https://tailscale.com/kb/1018/install-acls
+
+{ depot, pkgs, ... }:
+
+with depot.nix.yants;
+
+let
+  inherit (builtins) toFile toJSON;
+
+  acl = struct "acl" {
+    Action = enum [ "accept" "reject" ];
+    Users = list string;
+    Ports = list string;
+  };
+
+  acls = list entry;
+
+  aclConfig = struct "aclConfig" {
+    # Static group mappings from group names to lists of users
+    Groups = option (attrs (list string));
+
+    # Hostname aliases to use in place of IPs
+    Hosts = option (attrs string);
+
+    # Actual ACL entries
+    ACLs = list acl;
+  };
+in
+config: pkgs.writeText "tailscale-acl.json" (toJSON (aclConfig config))
generated by cgit-pink 1.4.1 (git 2.44.2) at 2024-11-07T08ยท44+0000