From 77415c6c6e75f291a7085292499af27f3b69b1c2 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Sun, 3 Nov 2024 14:14:32 +0000
Subject: [PATCH] Add tag for access to private services

---
 ansible/roles/headscale/files/acls.json | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/headscale/files/acls.json b/ansible/roles/headscale/files/acls.json
index 5a0a171..96c47e8 100644
--- a/ansible/roles/headscale/files/acls.json
+++ b/ansible/roles/headscale/files/acls.json
@@ -1,6 +1,7 @@
 {
     "tagOwners": {
-        "tag:client": []
+        "tag:client": [],
+        "tag:private-svcs": []
 
     },
     "acls": [
@@ -8,6 +9,11 @@
             "action": "accept",
             "src": ["tag:client"],
             "dst": ["*:*"]
+        },
+        {
+            "action": "accept",
+            "src": ["tag:private-svcs"],
+            "dst": ["{{ vps_hosts.private_ipv6_marker }}:80,443"]
         }
     ]
 }