diff --git a/values/headscale/values/values.yaml b/values/headscale/values/values.yaml index e5e8446c..5c1b2733 100644 --- a/values/headscale/values/values.yaml +++ b/values/headscale/values/values.yaml @@ -105,12 +105,8 @@ configMaps: "stig.r.jensen@oceanbox.io", ], "group:devops": [ - "jonas.juselius@oceanbox.io", - "Moritz.Jorg@oceanbox.io", - "stig.r.jensen@oceanbox.io", "radovan.bast@oceanbox.io", - "simen.kirkvik@oceanbox.io", - "Ole.Tytlandsvik@tromso.serit.no", + "ole.tytlandsvik@oceanbox.io", ], "group:oceanographer": [ "frank.gaardsted@oceanbox.io", @@ -121,7 +117,10 @@ configMaps: ], "group:manager": [ "svenn.hanssen@oceanbox.io", + ], + "group:marketing": [ "hilde.iversen@oceanbox.io", + "pal.herstad@oceanbox.io", ], "group:dev": [], "group:intern": [], @@ -133,8 +132,6 @@ configMaps: "tag:k8s": [ "group:admin" ], "tag:hpc": [ "group:admin" ], "tag:mumindalen": [ "group:admin" ], - "tag:ekman": [ "group:admin" ], - "tag:rossby": [ "group:admin" ], }, // hosts should be defined using its IP addresses and a subnet mask. // to define a single host, use a /32 mask. You cannot use DNS entries here, @@ -163,25 +160,18 @@ configMaps: "action": "accept", "src": [ "group:admin", + "tag:mumindalen", ], "dst": [ "tag:hpc:*", - "tag:rossby:*", "tag:mumindalen:*", - "100.64.0.0/10:*", - "autogroup:internet:*", - ] - }, - { - "action": "accept", - "src": [ "group:admin" ], - "dst": [ "dc.tos.net:*", "mgmt.tos.net:*", "100gbe.tos.net:*", "office.tos.net:*", "dc.vtn.net:*", "mgmt.vtn.net:*", + "100.64.0.0/10:*", ] }, { @@ -190,52 +180,30 @@ configMaps: "dst": [ "k8s.oceanbox.tos:6443", "k8s.ekman.tos:6443", - ] - }, - { - "action": "accept", - "src": [ - "group:admin", - "group:devops", - "group:oceanographer", - "group:manager", - "group:dev", - ], - "dst": [ - "ingress.oceanbox.tos:443", - "ingress.ekman.tos:443", - "printer.office.tos:631", - ] - }, - { - "action": "accept", - "src": [ "tag:mumindalen", ], - "dst": [ "tag:hpc:*", - "tag:rossby:*", - "100.64.0.0/10:*", - "dc.vtn.net:*", - "mgmt.vtn.net:*", - "autogroup:internet:*", - ] - }, - { - "action": "accept", - "src": [ - "group:admin", - "group:devops", - "group:oceanographer", - "group:manager", - "group:dev", - ], - "dst": [ "tag:mumindalen:*", - "tag:hpc:*", - "tag:rossby:*", "dc.tos.net:*", + ] + }, + { + "action": "accept", + "src": [ + "group:oceanographer", + "group:manager", + "group:marketing", + ], + "dst": [ + "tag:mumindalen:0", + "tag:hpc:22,80,443", + "dc.tos.net:22,80,443", "autogroup:internet:*", ] }, + { + "action": "accept", + "src": [ "*" ], + "dst": [ "autogroup:internet:*", ] + }, ] } dns: