mirror of
https://github.com/acedanger/shell.git
synced 2025-12-05 21:40:12 -08:00
0cd9c5219d
- Reorganized repository structure by moving dotfiles into a dedicated subdirectory - Updated bootstrap.sh and setup.sh scripts to reference the new file paths - Fixed Nala repository GPG key setup to use gpg --dearmor for proper key format - Added Lazydocker installation to the setup script for Docker management - Updated README.md with references to new paths and additional features - Added documentation for Lazydocker in the dotfiles README.md - Updated all symlink paths to point to the new dotfiles location
60 lines
1.8 KiB
JSON
60 lines
1.8 KiB
JSON
// Example/default ACLs for unrestricted connections.
|
|
{
|
|
// Define access control lists for users, groups, autogroups, tags,
|
|
// Tailscale IP addresses, and subnet ranges.
|
|
"acls": [
|
|
{
|
|
"action": "accept",
|
|
"src": ["tag:client", "tag:server", "acedanger49@gmail.com"],
|
|
"dst": ["tag:golink:*", "tag:server:*"],
|
|
},
|
|
// Allow all connections.
|
|
// Comment this section out if you want to define specific restrictions.
|
|
{"action": "accept", "src": ["*"], "dst": ["*:*"]},
|
|
],
|
|
|
|
// Define users and devices that can use Tailscale SSH.
|
|
"ssh": [
|
|
{
|
|
// any user can use Tailscale SSH to connect to their own devices
|
|
// in check mode as a root or non-root user
|
|
"action": "accept",
|
|
"src": ["tag:client", "tag:server", "acedanger49@gmail.com"],
|
|
"dst": ["tag:server"],
|
|
"users": ["autogroup:nonroot", "root"],
|
|
},
|
|
{
|
|
// any user can use Tailscale SSH to connect to their own devices
|
|
// in check mode as a root or non-root user
|
|
"action": "check",
|
|
"src": ["autogroup:member"],
|
|
"dst": ["autogroup:self"],
|
|
"users": ["autogroup:nonroot", "root"],
|
|
},
|
|
],
|
|
|
|
"nodeAttrs": [
|
|
{
|
|
// Funnel policy, which lets tailnet members control Funnel
|
|
// for their own devices.
|
|
// Learn more at https://tailscale.com/kb/1223/tailscale-funnel/
|
|
"target": ["autogroup:member"],
|
|
"attr": ["funnel"],
|
|
},
|
|
{"target": ["*"], "app": {"tailscale.com/app-connectors": []}},
|
|
],
|
|
|
|
// Define the tags which can be applied to devices and by which users.
|
|
"tagOwners": {
|
|
"tag:golink": ["acedanger49@gmail.com"],
|
|
"tag:server": ["acedanger49@gmail.com"],
|
|
"tag:client": ["acedanger49@gmail.com"],
|
|
"tag:docker": ["acedanger49@gmail.com"],
|
|
},
|
|
|
|
"autoapprovers": {
|
|
"exitNode": ["autogroup:admin"],
|
|
},
|
|
// Test access rules every time they're saved.
|
|
}
|