I occasionally find myself just wanting to get a glance of how my ACL rules look without reading through the code. This is also useful for showing how our policies are set up to people who are not devs by trade.
- You will need Python3 and git installed.
git clone https://github.com/SimplyMinimal/tailscale-network-topology-mappercd tailscale-network-topology-mapperpip install -r requirements.txt- Copy your ACL policy into the contents of the example
policy.hujson - Edit
create-network-map.pyand changeCOMPANY_DOMAIN="example.com"to your actual company domain
- Run
python create-network-map.pyto generate your network map. It should produce an updatednetwork_topology.htmlfile that you can open in your browser.
You can filter down to specific groups or nodes using the filter bar at the top or by clicking on a node on the graph.
If you would like to have the network map be automatically updated whenever you push an update to your ACL file then take a look at this example workflow: .github/workflows/tailscale.yml
- This project is in an early alpha stage.
- It can only map what is available in the ACL policy file. It is not an active scanning tool that will seek out other hosts.
- It only focuses on the ACL rules themselves but eventually this may start capturing ALL the available valid ACL sections.
Pull requests welcome! :)
- Use
tailscale debug netmapto build a more in-depth map - Allow switching between layers such as port level, host level, user/group level