diff --git a/values/headscale-router/values/values.yaml b/values/headscale-router/values/values.yaml index 509820f9..936c2fd6 100644 --- a/values/headscale-router/values/values.yaml +++ b/values/headscale-router/values/values.yaml @@ -106,8 +106,8 @@ configMaps: "tagOwners": { "tag:k8s": [ "group:admin" ], "tag:hpc": [ "group:admin" ], - "tag:tos-relay": [ "group:admin" ], - "tag:vtn-relay": [ "group:admin" ], + "tag:tos-router": [ "group:admin" ], + "tag:vtn-router": [ "group:admin" ], "tag:mumindalen": [ "group:admin" ], "tag:ekman": [ "group:admin" ], "tag:rossby": [ "group:admin" ], @@ -117,40 +117,30 @@ configMaps: // as they're prone to be hijacked by replacing their IP addresses. // see https://github.com/tailscale/tailscale/issues/3800 for more information. "hosts": { - "ingress.ekman.tos": "10.255.241.99/32", - "ingress.ceph.tos": "10.255.241.10/32", - "ingress.ceph.vtn": "172.16.239.50/32", - "ingress.adm.ceph.vtn": "172.16.239.51/32", - "ingress.oceanbox.tos": "10.255.241.11/32", - "manage.ekman.tos": "10.255.241.99/32", - "k8s.oceanbox.tos": "10.255.241.200/32", - "k8s.ekman.tos": "10.255.241.99/32", - "k8s.ceph.tos": "10.255.241.29/32", - "printer.office.tos": "10.132.46.108/32", - "net.office.tos": "10.132.46.0/24", - "net.dc.tos": "10.255.241.0/24", - "net.100gbe.tos": "10.255.244.0/24", - "net.mgmt.tos": "10.255.240.0/24", - "net.dc.vtn": "172.16.239.0/24", - "net.mgmt.vtn": "172.16.238.0/24", + "office.tos.net": "10.132.46.0/24", + "dc.tos.net": "10.255.241.0/24", + "100gbe.tos.net": "10.255.244.0/24", + "mgmt.tos.net": "10.255.240.0/24", + "dc.vtn.net": "172.16.239.0/24", + "mgmt.vtn.net": "172.16.238.0/24", }, "acls": [ - { - "action": "accept", - "src": [ "tag:tos-relay", "net.dc.tos" ], - "dst": [ - "tag:vtn-relay:*", - "net.dc.vtn:*", - ] - }, - { - "action": "accept", - "src": [ "tag:vtn-relay", "net.dc.vtn" ], - "dst": [ - "tag:tos-relay:*", - "net.dc.tos:*", - ] - }, + { + "action": "accept", + "src": [ "tag:tos-router", "dc.tos.net" ], + "dst": [ + "tag:vtn-router:*", + "dc.vtn.net:*", + ] + }, + { + "action": "accept", + "src": [ "tag:vtn-router", "dc.vtn.net" ], + "dst": [ + "tag:tos-router:*", + "dc.tos.net:*", + ] + }, ] } dns: diff --git a/values/headscale/values/values.yaml b/values/headscale/values/values.yaml index 896079cd..e5e8446c 100644 --- a/values/headscale/values/values.yaml +++ b/values/headscale/values/values.yaml @@ -132,8 +132,6 @@ configMaps: "tagOwners": { "tag:k8s": [ "group:admin" ], "tag:hpc": [ "group:admin" ], - "tag:tos-relay": [ "group:admin" ], - "tag:vtn-relay": [ "group:admin" ], "tag:mumindalen": [ "group:admin" ], "tag:ekman": [ "group:admin" ], "tag:rossby": [ "group:admin" ], @@ -153,40 +151,37 @@ configMaps: "k8s.ekman.tos": "10.255.241.99/32", "k8s.ceph.tos": "10.255.241.29/32", "printer.office.tos": "10.132.46.108/32", - "net.office.tos": "10.132.46.0/24", - "net.dc.tos": "10.255.241.0/24", - "net.100gbe.tos": "10.255.244.0/24", - "net.mgmt.tos": "10.255.240.0/24", - "net.dc.vtn": "172.16.239.0/24", - "net.mgmt.vtn": "172.16.238.0/24", + "office.tos.net": "10.132.46.0/24", + "dc.tos.net": "10.255.241.0/24", + "100gbe.tos.net": "10.255.244.0/24", + "mgmt.tos.net": "10.255.240.0/24", + "dc.vtn.net": "172.16.239.0/24", + "mgmt.vtn.net": "172.16.238.0/24", }, "acls": [ { "action": "accept", - "src": [ "tag:tos-relay", "net.dc.tos" ], + "src": [ + "group:admin", + ], "dst": [ - "tag:vtn-relay:*", - "net.dc.vtn:*", - ] - }, - { - "action": "accept", - "src": [ "tag:vtn-relay", "net.dc.vtn" ], - "dst": [ - "tag:tos-relay:*", - "net.dc.tos:*", + "tag:hpc:*", + "tag:rossby:*", + "tag:mumindalen:*", + "100.64.0.0/10:*", + "autogroup:internet:*", ] }, { "action": "accept", "src": [ "group:admin" ], "dst": [ - "net.dc.tos:*", - "net.mgmt.tos:*", - "net.100gbe.tos:*", - "net.office.tos:*", - "net.dc.vtn:*", - "net.mgmt.vtn:*", + "dc.tos.net:*", + "mgmt.tos.net:*", + "100gbe.tos.net:*", + "office.tos.net:*", + "dc.vtn.net:*", + "mgmt.vtn.net:*", ] }, { @@ -194,7 +189,7 @@ configMaps: "src": [ "group:devops" ], "dst": [ "k8s.oceanbox.tos:6443", - "k8s.ekman.tos:4443", + "k8s.ekman.tos:6443", ] }, { @@ -215,20 +210,12 @@ configMaps: { "action": "accept", "src": [ "tag:mumindalen", ], - "dst": [ "100.64.0.0/10:*", ] - }, - { - "action": "accept", - "src": [ - "group:admin", - "group:devops", - "group:oceanographer", - "group:manager", - "group:dev", - ], "dst": [ "tag:hpc:*", - "tag:mumindalen:*", + "tag:rossby:*", + "100.64.0.0/10:*", + "dc.vtn.net:*", + "mgmt.vtn.net:*", "autogroup:internet:*", ] }, @@ -242,8 +229,10 @@ configMaps: "group:dev", ], "dst": [ + "tag:mumindalen:*", "tag:hpc:*", - "100.64.0.0/10:22", + "tag:rossby:*", + "dc.tos.net:*", "autogroup:internet:*", ] },