| commit | 107cb5e892d3f22c9603ff1b2e02f0ae68bc844d | [log] [tgz] |
|---|---|---|
| author | Skyler Grey <minion@clicks.codes> | Mon Jun 10 17:15:45 2024 +0000 |
| committer | Samuel Shuert <coded@clicks.codes> | Mon Jun 10 17:29:42 2024 +0000 |
| tree | 01081755a2f127268cf250c8c6a81fb8d44f9775 | |
| parent | 772dcbbeec5cb971114bcd6433975ff2894997f1 [diff] |
feat(headscale): Add ACL support Tailscale ACLs allow you to restrict connections from/to different machines on your tailnet; you can think of it as an in-tailnet firewall It requires a JSON file to be referenced in the tailscale config, but we can use nix to write this from a normal configuration option Change-Id: I070f8f124ead7a4fc9b385af6f189c13ecbfe4d3 Reviewed-on: https://git.clicks.codes/c/Infra/NixFiles/+/744 Reviewed-by: Samuel Shuert <coded@clicks.codes> Tested-by: Skyler Grey <minion@clicks.codes>
This repository contains system configuration for Clicks's infrastructure.
Config is written using Snowfall lib. It keeps us organized and has some nice features like namespaces.
Devices are named after colors, areas are named as a letter, with the matching phonetic alphabet word. Areas are generally managed by one member of Clicks, who has full access to all of the servers in that area. If you require help for a specific area you can email admin@clicks.codes and in the subject line include the area you want help for.
| System | Description | Address |
|---|---|---|
| teal | Primary Host | teal.alpha.clicks.domains |
| a1d2 | Build Server | d2.a1.clicks.domains |
Deploys are done with deploy-rs, you'll need to be able to ssh into a machine with its hostname (either by a nifty .ssh/config rule or tailscale).
Once you've done that, you'll be able to deploy with
$ deploy .#MACHINE_NAME