From e64ddf76f2a674978f90c15560c7e15de477e5a7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moritz=20J=C3=B6rg?= <moritz.jorg@oceanbox.io>
Date: Mon, 13 Oct 2025 10:41:41 +0200
Subject: [PATCH] fix(hs): Persist

---
 values/headscale/values/values.yaml | 34 +++++------------------------
 1 file changed, 5 insertions(+), 29 deletions(-)

diff --git a/values/headscale/values/values.yaml b/values/headscale/values/values.yaml
index 94bfc6c0..896079cd 100644
--- a/values/headscale/values/values.yaml
+++ b/values/headscale/values/values.yaml
@@ -135,6 +135,8 @@ configMaps:
             "tag:tos-relay": [ "group:admin" ],
             "tag:vtn-relay": [ "group:admin" ],
             "tag:mumindalen": [ "group:admin" ],
+            "tag:ekman": [ "group:admin" ],
+            "tag:rossby": [ "group:admin" ],
           },
           // hosts should be defined using its IP addresses and a subnet mask.
           // to define a single host, use a /32 mask. You cannot use DNS entries here,
@@ -159,25 +161,10 @@ configMaps:
             "net.mgmt.vtn": "172.16.238.0/24",
           },
           "acls": [
-            {
-              "action": "accept",
-              "src": [
-                 "group:admin",
-                 "group:devops",
-                 "group:oceanographer",
-                 "group:manager",
-                 "group:dev",
-              ],
-              "dst": [
-                 "100.64.0.0/10:0",
-                 "100.64.0.0/10:22",
-              ]
-            },
             {
               "action": "accept",
               "src": [ "tag:tos-relay", "net.dc.tos" ],
               "dst": [
-                 "tag:vtn-relay:0",
                  "tag:vtn-relay:*",
                  "net.dc.vtn:*",
               ]
@@ -186,7 +173,6 @@ configMaps:
               "action": "accept",
               "src": [ "tag:vtn-relay", "net.dc.vtn" ],
               "dst": [
-                 "tag:tos-relay:0",
                  "tag:tos-relay:*",
                  "net.dc.tos:*",
               ]
@@ -224,19 +210,12 @@ configMaps:
                  "ingress.oceanbox.tos:443",
                  "ingress.ekman.tos:443",
                  "printer.office.tos:631",
-                 "10.255.241.99/32:22",
-                 "10.255.241.100/32:22",
               ]
             },
             {
               "action": "accept",
-              "src": [
-                 "tag:mumindalen",
-                 "group:admin",
-              ],
-              "dst": [
-                 "100.64.0.0/10:*",
-              ]
+              "src": [ "tag:mumindalen", ],
+              "dst": [ "100.64.0.0/10:*", ]
             },
             {
               "action": "accept",
@@ -250,7 +229,6 @@ configMaps:
               "dst": [
                  "tag:hpc:*",
                  "tag:mumindalen:*",
-                 "tag:tos-relay:*",
                  "autogroup:internet:*",
               ]
             },
@@ -265,9 +243,7 @@ configMaps:
               ],
               "dst": [
                  "tag:hpc:*",
-                 "tag:tos-relay:*",
-                 "100.64.0.2/32:0",
-                 "100.64.0.0/10:*",
+                 "100.64.0.0/10:22",
                  "autogroup:internet:*",
               ]
             },