init
This commit is contained in:
29
files/acl.hujson.tftpl
Normal file
29
files/acl.hujson.tftpl
Normal file
@ -0,0 +1,29 @@
|
||||
{
|
||||
"groups": {
|
||||
"group:admin": [ %{~ for admin in admins ~} "${admin}@${domain}", %{~ endfor ~} ]
|
||||
},
|
||||
"acls": [
|
||||
{ "action": "accept", "users": ["*"], "ports": ["*:*"] }
|
||||
],
|
||||
"tagOwners": {
|
||||
"${tag}": ["group:admin", "${tag}"]
|
||||
},
|
||||
"autoApprovers": {
|
||||
"routes": {
|
||||
%{~ for route in routes ~}
|
||||
"${route}": ["group:admin", "${tag}"],
|
||||
%{~ endfor ~}
|
||||
},
|
||||
"exitNode": ["${tag}"]
|
||||
},
|
||||
%{~ if enable_ssh ~}
|
||||
"ssh": [
|
||||
{
|
||||
"action": "check",
|
||||
"src": ["autogroup:members"],
|
||||
"dst": ["autogroup:self"],
|
||||
"users": ["autogroup:nonroot", "root"]
|
||||
}
|
||||
]
|
||||
%{~ endif ~}
|
||||
}
|
||||
Reference in New Issue
Block a user