Giters

zombiezen / tailscale-acls.nix

Tailscale ACLs using the Nix module system

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Tailscale ACLs using the Nix module system

This repository contains a Nix flake that enables managing Tailscale ACLs using the Nix module system.

Using the Nix module system for Tailscale ACLs allows writing complex or reusable rules using the Nix language. A policy like this:

{
  "acls": [
    {
      "action": "accept",
      "src": ["dave@example.com"],
      "dst": [
        "example-host-1:*",
        "vega:80,443"
      ]
    }
  ],
  "hosts": {
    "example-host-1": "100.100.100.100",
    "vega": "100.101.102.103",
  },
  "tests": [
    {
      "src": "dave@example.com",
      "proto": "tcp",
      "accept": ["example-host-1:22", "vega:80"],
      "deny": ["1.2.3.4:443"],
    },
  ]
}

Can be rewritten to this:

let
  admin = "dave@example.com";
in

{
  acls = [
    {
      src = [admin];
      dst = [
        "example-host-1:*"
        "vega:80,443"
      ];
    }
  ];

  hosts.example-host-1 = "100.100.100.100";
  hosts.vega = "100.101.102.103";

  tests = [
    {
      src = admin;
      proto = "tcp";
      accept = ["example-host-1:22" "vega:80"];
      deny = ["1.2.3.4:443"];
    }
  ];
}

You can also split up your configuration into multiple files using the imports syntax.

License

Apache 2.0

About

Tailscale ACLs using the Nix module system

License:Apache License 2.0

Languages

Language:Nix 100.0%