Refactor repository structure and add new features

- Reorganized repository structure by moving dotfiles into a dedicated subdirectory - Updated bootstrap.sh and setup.sh scripts to reference the new file paths - Fixed Nala repository GPG key setup to use gpg --dearmor for proper key format - Added Lazydocker installation to the setup script for Docker management - Updated README.md with references to new paths and additional features - Added documentation for Lazydocker in the dotfiles README.md - Updated all symlink paths to point to the new dotfiles location
2025-12-06 05:40:11 -08:00 · 2025-05-12 07:02:14 -04:00
parent b73d4a2c3b
commit 0cd9c5219d
14 changed files with 966 additions and 2 deletions
--- a/dotfiles/tailscale-acl.json
+++ b/dotfiles/tailscale-acl.json
@@ -0,0 +1,59 @@
+// Example/default ACLs for unrestricted connections.
+{
+	// Define access control lists for users, groups, autogroups, tags,
+	// Tailscale IP addresses, and subnet ranges.
+	"acls": [
+		{
+			"action": "accept",
+			"src":    ["tag:client", "tag:server", "acedanger49@gmail.com"],
+			"dst":    ["tag:golink:*", "tag:server:*"],
+		},
+		// Allow all connections.
+		// Comment this section out if you want to define specific restrictions.
+		{"action": "accept", "src": ["*"], "dst": ["*:*"]},
+	],
+
+	// Define users and devices that can use Tailscale SSH.
+	"ssh": [
+		{
+			// any user can use Tailscale SSH to connect to their own devices
+			// in check mode as a root or non-root user
+			"action": "accept",
+			"src":    ["tag:client", "tag:server", "acedanger49@gmail.com"],
+			"dst":    ["tag:server"],
+			"users":  ["autogroup:nonroot", "root"],
+		},
+		{
+			// any user can use Tailscale SSH to connect to their own devices
+			// in check mode as a root or non-root user
+			"action": "check",
+			"src":    ["autogroup:member"],
+			"dst":    ["autogroup:self"],
+			"users":  ["autogroup:nonroot", "root"],
+		},
+	],
+
+	"nodeAttrs": [
+		{
+			// Funnel policy, which lets tailnet members control Funnel
+			// for their own devices.
+			// Learn more at https://tailscale.com/kb/1223/tailscale-funnel/
+			"target": ["autogroup:member"],
+			"attr":   ["funnel"],
+		},
+		{"target": ["*"], "app": {"tailscale.com/app-connectors": []}},
+	],
+
+	// Define the tags which can be applied to devices and by which users.
+	"tagOwners": {
+		"tag:golink": ["acedanger49@gmail.com"],
+		"tag:server": ["acedanger49@gmail.com"],
+		"tag:client": ["acedanger49@gmail.com"],
+		"tag:docker": ["acedanger49@gmail.com"],
+	},
+
+	"autoapprovers": {
+		"exitNode": ["autogroup:admin"],
+	},
+	// Test access rules every time they're saved.
+}