diff --git a/charts/headscale/Chart.yaml b/charts/headscale/Chart.yaml
index 27acc3ab6..ca4db1dfc 100644
--- a/charts/headscale/Chart.yaml
+++ b/charts/headscale/Chart.yaml
@@ -4,7 +4,7 @@ description: An open source, self-hosted implementation of the Tailscale control
home: https://charts.gabe565.com/charts/headscale/
icon: https://raw.githubusercontent.com/juanfont/headscale/56a7b1e34952c3e0306a134b2be9b4277f5d8d6e/docs/logo/headscale3-dots.svg
type: application
-version: 0.11.0
+version: 0.11.1
# renovate datasource=docker depName=ghcr.io/juanfont/headscale
appVersion: 0.22.1
kubeVersion: ">=1.22.0-0"
@@ -25,8 +25,8 @@ sources:
- https://github.com/juanfont/headscale
annotations:
artifacthub.io/changes: |-
- - kind: changed
- description: Update ghcr.io/juanfont/headscale Docker tag to v0.22.1
+ - kind: added
+ description: Add ACL policy ConfigMap
artifacthub.io/links: |-
- name: App Source
url: https://github.com/juanfont/headscale
diff --git a/charts/headscale/README.md b/charts/headscale/README.md
index 0ac761183..537f2807c 100644
--- a/charts/headscale/README.md
+++ b/charts/headscale/README.md
@@ -2,7 +2,7 @@
-
+
@@ -11,7 +11,7 @@ An open source, self-hosted implementation of the Tailscale control server.
**Homepage:**
**This chart is not maintained by the upstream project and any issues with the chart should be raised
-[here](https://github.com/gabe565/charts/issues/new?assignees=gabe565&labels=bug&template=bug_report.yaml&name=headscale&version=0.11.0)**
+[here](https://github.com/gabe565/charts/issues/new?assignees=gabe565&labels=bug&template=bug_report.yaml&name=headscale&version=0.11.1)**
## Source Code
@@ -143,6 +143,8 @@ Once deployed, the UI will be available at `/web`.
| Key | Type | Default | Description |
|-----|------|---------|-------------|
+| configMaps.acl.data.policy | string | `nil` | ACL policy JSON [[ref]](https://tailscale.com/kb/1018/acls/) |
+| configMaps.acl.enabled | bool | `false` | Enables ACL policy |
| env | object | See [values.yaml](./values.yaml) | Environment variables. [[ref]](https://github.com/juanfont/headscale/blob/main/config-example.yaml) |
| env.HEADSCALE_DNS_CONFIG_BASE_DOMAIN | string | `"example.com"` | Defines the base domain to create the hostnames for MagicDNS. `base_domain` must be a FQDNs, without the trailing dot. The FQDN of the hosts will be `hostname.user.base_domain` (e.g., _myhost.myuser.example.com_). |
| image.pullPolicy | string | `"IfNotPresent"` | image pull policy |
diff --git a/charts/headscale/templates/common.yaml b/charts/headscale/templates/common.yaml
index 236a0fc6e..45199acb1 100644
--- a/charts/headscale/templates/common.yaml
+++ b/charts/headscale/templates/common.yaml
@@ -78,6 +78,19 @@ env:
HEADSCALE_DB_PATH: "{{ $.Values.persistence.config.mountPath }}/db.sqlite"
{{- end }}
{{- end }}
+
+{{- with .Values.configMaps.acl }}
+{{- if .enabled }}
+ HEADSCALE_ACL_POLICY_PATH: /acl/{{ keys .data | first }}
+
+persistence:
+ acl:
+ enabled: true
+ type: configMap
+ name: {{ include "bjw-s.common.lib.chart.names.fullname" $ }}-acl
+
+{{- end }}
+{{- end }}
{{- end -}}
{{- $_ := merge .Values (include "headscale.harcodedValues" . | fromYaml) -}}
diff --git a/charts/headscale/values.yaml b/charts/headscale/values.yaml
index 3a3d2b0a0..2b6c10697 100644
--- a/charts/headscale/values.yaml
+++ b/charts/headscale/values.yaml
@@ -52,6 +52,14 @@ ingress:
# hosts:
# - chart-example.local
+configMaps:
+ acl:
+ # -- Enables ACL policy
+ enabled: false
+ data:
+ # -- ACL policy JSON [[ref]](https://tailscale.com/kb/1018/acls/)
+ policy:
+
persistence:
# -- Configure persistence settings for the chart under this key.
# @default -- See [values.yaml](./values.yaml)