✨ (headscale): Add ACL policy ConfigMap (see #126)

charts/headscale/Chart.yaml

@@ -4,7 +4,7 @@ description: An open source, self-hosted implementation of the Tailscale control
 home: https://charts.gabe565.com/charts/headscale/
 icon: https://raw.githubusercontent.com/juanfont/headscale/56a7b1e34952c3e0306a134b2be9b4277f5d8d6e/docs/logo/headscale3-dots.svg
 type: application
-version: 0.11.0
+version: 0.11.1
 # renovate datasource=docker depName=ghcr.io/juanfont/headscale
 appVersion: 0.22.1
 kubeVersion: ">=1.22.0-0"
@@ -25,8 +25,8 @@ sources:
   - https://github.com/juanfont/headscale
 annotations:
   artifacthub.io/changes: |-
-    - kind: changed
-      description: Update ghcr.io/juanfont/headscale Docker tag to v0.22.1
+    - kind: added
+      description: Add ACL policy ConfigMap
   artifacthub.io/links: |-
     - name: App Source
       url: https://github.com/juanfont/headscale

charts/headscale/README.md

@@ -2,7 +2,7 @@
 
 <img src="https://raw.githubusercontent.com/juanfont/headscale/56a7b1e34952c3e0306a134b2be9b4277f5d8d6e/docs/logo/headscale3-dots.svg" align="right" width="92" alt="headscale logo">
 
-![Version: 0.11.0](https://img.shields.io/badge/Version-0.11.0-informational?style=flat)
+![Version: 0.11.1](https://img.shields.io/badge/Version-0.11.1-informational?style=flat)
 ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat)
 ![AppVersion: 0.22.1](https://img.shields.io/badge/AppVersion-0.22.1-informational?style=flat)
 
@@ -11,7 +11,7 @@ An open source, self-hosted implementation of the Tailscale control server.
 **Homepage:** <https://charts.gabe565.com/charts/headscale/>
 
 **This chart is not maintained by the upstream project and any issues with the chart should be raised
-[here](https://github.com/gabe565/charts/issues/new?assignees=gabe565&labels=bug&template=bug_report.yaml&name=headscale&version=0.11.0)**
+[here](https://github.com/gabe565/charts/issues/new?assignees=gabe565&labels=bug&template=bug_report.yaml&name=headscale&version=0.11.1)**
 
 ## Source Code
 
@@ -143,6 +143,8 @@ Once deployed, the UI will be available at `/web`.
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| configMaps.acl.data.policy | string | `nil` | ACL policy JSON [[ref]](https://tailscale.com/kb/1018/acls/) |
+| configMaps.acl.enabled | bool | `false` | Enables ACL policy |
 | env | object | See [values.yaml](./values.yaml) | Environment variables. [[ref]](https://github.com/juanfont/headscale/blob/main/config-example.yaml) |
 | env.HEADSCALE_DNS_CONFIG_BASE_DOMAIN | string | `"example.com"` | Defines the base domain to create the hostnames for MagicDNS. `base_domain` must be a FQDNs, without the trailing dot. The FQDN of the hosts will be `hostname.user.base_domain` (e.g., _myhost.myuser.example.com_). |
 | image.pullPolicy | string | `"IfNotPresent"` | image pull policy |

charts/headscale/templates/common.yaml

@@ -78,6 +78,19 @@ env:
   HEADSCALE_DB_PATH: "{{ $.Values.persistence.config.mountPath }}/db.sqlite"
   {{- end }}
   {{- end }}
+
+{{- with .Values.configMaps.acl }}
+{{- if .enabled }}
+  HEADSCALE_ACL_POLICY_PATH: /acl/{{ keys .data | first }}
+
+persistence:
+  acl:
+    enabled: true
+    type: configMap
+    name: {{ include "bjw-s.common.lib.chart.names.fullname" $ }}-acl
+
+{{- end }}
+{{- end }}
 {{- end -}}
 {{- $_ := merge .Values (include "headscale.harcodedValues" . | fromYaml) -}}
 

charts/headscale/values.yaml

@@ -52,6 +52,14 @@ ingress:
     #     hosts:
     #       - chart-example.local
 
+configMaps:
+  acl:
+    # -- Enables ACL policy
+    enabled: false
+    data:
+      # -- ACL policy JSON [[ref]](https://tailscale.com/kb/1018/acls/)
+      policy:
+
 persistence:
   # -- Configure persistence settings for the chart under this key.
   # @default -- See [values.yaml](./values.yaml)