myriation/headscale
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity

docs(acl-proposals): integrate comments

Browse source
This commit is contained in:
Adrien Raffin-Caboisse 2022-02-15 09:52:05 +01:00
parent 86b329d8bf
commit e540679dbd
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
docs/proposals/001-acls.md
View file

@ -43,9 +43,12 @@ For personal users the default behavior could either allow all communications be
For businesses and organisations, viewing a headscale instance a single tailnet would allow users (namespace) to talk to each other with the ACLs. As described in tailscale's documentation [[1]], a server should be tagged and personnal devices should be tied to a user. Translated in headscale's terms each user can have multiple devices and all those devices should be in the same namespace. The servers should be tagged and used as such. For businesses and organisations, viewing a headscale instance a single tailnet would allow users (namespace) to talk to each other with the ACLs. As described in tailscale's documentation [[1]], a server should be tagged and personnal devices should be tied to a user. Translated in headscale's terms each user can have multiple devices and all those devices should be in the same namespace. The servers should be tagged and used as such.
This implementation would render useless the sharing feature that is currently implemented since an ACL could do the same. This implementation would render useless the sharing feature that is currently
implemented since an ACL could do the same. Simplifying to only one user
interface to do one thing is easier and less confusing for the users.
What could be improved would be to peer different headscale installation and allow `sharing`. This would raises issues about compatible network IPs range. As a sidenote, users would like to write ACLs as YAML. We should offer users
the ability to rules in either format (HuJSON or YAML).
[1]: https://tailscale.com/kb/1068/acl-tags/ [1]: https://tailscale.com/kb/1068/acl-tags/