installer: combine private ingress and proxy into private-network

commit: 2dbce6c29b843b13f2f3b9201cc7f452d44f3312 [log] [tgz]
author: Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local> Tue Dec 05 15:16:27 2023 +0400
committer: Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local> Tue Dec 05 19:13:09 2023 +0400
tree: 61bd166d6c4c0c71af9ff499d07cac05d493a691
parent: 39913697ac3878fcbec0a110b424cc2d9a5d458f [diff] [blame]
diff --git a/core/headscale/main.go b/core/headscale/main.go
index 1ca4f6b..942d71a 100644
--- a/core/headscale/main.go
+++ b/core/headscale/main.go

@@ -17,19 +17,26 @@
 var acls = flag.String("acls", "", "Path to the headscale acls file")
 var domain = flag.String("domain", "", "Environment domain")
 
-// TODO(gio): ingress-private user name must be configurable
+// TODO(gio): make internal network cidr and proxy user configurable
 const defaultACLs = `
 {
   "autoApprovers": {
     "routes": {
-      "10.1.0.0/24": ["private-network-proxy@{{ .Domain }}"],
+      // "10.1.0.0/24": ["private-network-proxy@{{ .Domain }}"],
+      "10.1.0.0/24": ["*"],
     },
   },
   "acls": [
-    { // Everyone can access ingress-private service
+    { // Everyone has passthough access to private-network-proxy node
       "action": "accept",
       "src": ["*"],
-      "dst": ["10.1.0.0/24:*"],
+      "dst": ["10.1.0.0/24:*", "private-network-proxy:0"],
+    },
+  ],
+  "tests": [
+    {
+      "src": "*",
+      "accept": ["10.1.0.1:80", "10.1.0.1:443"],
     },
   ],
 }
commit	2dbce6c29b843b13f2f3b9201cc7f452d44f3312	[log] [tgz]
author	Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local>	Tue Dec 05 15:16:27 2023 +0400
committer	Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local>	Tue Dec 05 19:13:09 2023 +0400
tree	61bd166d6c4c0c71af9ff499d07cac05d493a691
parent	39913697ac3878fcbec0a110b424cc2d9a5d458f [diff] [blame]