From b4c0292753bf06663ea5a10b3575817b0077c02e Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Tue, 11 Feb 2020 21:00:50 +0000 Subject: fix(nix/tailscale): Fix incorrect Tailscale ACL config type --- nix/tailscale/default.nix | 17 ++++++++++++++--- ops/nixos/camden/default.nix | 18 ++++++++++-------- 2 files changed, 24 insertions(+), 11 deletions(-) diff --git a/nix/tailscale/default.nix b/nix/tailscale/default.nix index 4f533f6d61..d836850aa1 100644 --- a/nix/tailscale/default.nix +++ b/nix/tailscale/default.nix @@ -9,11 +9,22 @@ with pkgs.nix.yants; let inherit (builtins) toFile toJSON; - entry = struct "aclEntry" { + acl = struct "acl" { Action = enum [ "accept" "reject" ]; Users = list string; Ports = list string; }; - acl = list entry; -in entries: toFile "tailscale-acl.json" (toJSON (acl entries)) + acls = list entry; + + aclConfig = struct "aclConfig" { + # Static group mappings from group names to lists of users + Groups = option (attrs (list string)); + + # Hostname aliases to use in place of IPs + Hosts = option (attrs string); + + # Actual ACL entries + ACLs = list acl; + }; +in config: toFile "tailscale-acl.json" (toJSON (aclConfig config)) diff --git a/ops/nixos/camden/default.nix b/ops/nixos/camden/default.nix index e809446bb6..64f1e8d54d 100644 --- a/ops/nixos/camden/default.nix +++ b/ops/nixos/camden/default.nix @@ -109,14 +109,16 @@ in pkgs.lib.fix(self: { enable = true; relayConf = "/etc/tailscale.conf"; package = pkgs.third_party.tailscale; - aclFile = pkgs.nix.tailscale [ - # Allow any traffic from myself - { - Action = "accept"; - Users = [ "mail@tazj.in" ]; - Ports = [ "*:*" ]; - } - ]; + aclFile = pkgs.nix.tailscale { + ACLs = [ + # Allow any traffic from myself + { + Action = "accept"; + Users = [ "mail@tazj.in" ]; + Ports = [ "*:*" ]; + } + ]; + } ; }; # serve my website -- cgit 1.4.1