diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V01.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V01.json new file mode 100644 index 00000000..c467cb5e --- /dev/null +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V01.json @@ -0,0 +1,60 @@ +{ + "test_id": "GRANT-V01", + "description": "", + "timestamp": "2026-02-23T15:12:54Z", + "error": true, + "input": { + "policy_file": "grant_policies_v2/grant_v01.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "grants": [ + { + "src": ["*"], + "dst": ["autogroup:internet"], + "app": { + "example.com/cap/internet-access": [ + { + "level": "full" + } + ] + } + } + ] + }, + "grants_section": [ + { + "src": ["*"], + "dst": ["autogroup:internet"], + "app": { "example.com/cap/internet-access": [{ "level": "full" }] } + } + ], + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_method": "POST", + "api_response_code": 400, + "api_response_body": { "message": "cannot use app grants with autogroup:internet" } + } +} diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V02.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V02.json new file mode 100644 index 00000000..8ebdb4f9 --- /dev/null +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V02.json @@ -0,0 +1,1033 @@ +{ + "test_id": "GRANT-V02", + "timestamp": "2026-02-23T15:39:40Z", + "propagation_wait_seconds": 8, + "input": { + "policy_file": "grant_policies_v2/grant_v02.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "grants": [ + { + "src": ["*"], + "dst": ["tag:exit"], + "app": { + "example.com/cap/exit-control": [ + { + "mode": "full" + } + ] + } + } + ] + }, + "grants_section": [ + { "src": ["*"], "dst": ["tag:exit"], "app": { "example.com/cap/exit-control": [{ "mode": "full" }] } } + ], + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_method": "POST", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "mts_name": "exit-node", + "socket": "/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock", + "hostname": "exit-node", + "user_id": 4041918547170221, + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "mts_name": "subnet-router", + "socket": "/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock", + "hostname": "subnet-router", + "user_id": 7489538288452506, + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "mts_name": "tagged-client", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock", + "hostname": "tagged-client", + "user_id": 4031348162889210, + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "mts_name": "tagged-prod", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock", + "hostname": "tagged-prod", + "user_id": 301794218943819, + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "mts_name": "tagged-server", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock", + "hostname": "tagged-server", + "user_id": 1440249486084758, + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "mts_name": "user-kris", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock", + "hostname": "user-kris", + "user_id": 4538565228176803, + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "mts_name": "user-mon", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock", + "hostname": "user-mon", + "user_id": 3982058329734709, + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "mts_name": "user1", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock", + "hostname": "user1", + "user_id": 4156223528223174, + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "CapGrant": [ + { + "Dsts": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "CapMap": { "example.com/cap/exit-control": [{ "mode": "full" }] } + } + ] + } + ], + "packet_filter_matches": [ + { + "IPProto": [6, 17, 1, 58], + "Srcs": [ + "10.33.0.0/16", + "100.115.94.0/23", + "100.115.96.0/19", + "100.115.128.0/17", + "100.116.0.0/14", + "100.120.0.0/13", + "100.64.0.0/11", + "100.96.0.0/12", + "100.112.0.0/15", + "100.114.0.0/16", + "100.115.0.0/18", + "100.115.64.0/20", + "100.115.80.0/21", + "100.115.88.0/22", + "fd7a:115c:a1e0::/48" + ], + "SrcCaps": null, + "Dsts": [], + "Caps": [ + { "Dst": "100.85.66.106/32", "Cap": "example.com/cap/exit-control", "Values": [{ "mode": "full" }] }, + { + "Dst": "fd7a:115c:a1e0::7c37:426a/128", + "Cap": "example.com/cap/exit-control", + "Values": [{ "mode": "full" }] + } + ] + } + ], + "whois": { + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "example.com/cap/exit-control": [{ "mode": "full" }] } + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.83.200.69", + "response": { + "Node": { + "ID": 4031348162889210, + "StableID": "nf7BTTgoUY11CNTRL", + "Name": "tagged-client.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:3011e53353e49142ea56ae11f81e0dceae0d667093d04ee086dcb1e9c5d3c844", + "DiscoKey": "discokey:7e9099516456f84f9af01c51ce03bc38764c4c02bf6c73a6d4b2495771a6c449", + "Addresses": ["100.83.200.69/32", "fd7a:115c:a1e0::c537:c845/128"], + "AllowedIPs": ["100.83.200.69/32", "fd7a:115c:a1e0::c537:c845/128"], + "Endpoints": [ + "77.164.248.136:47452", + "10.65.0.27:47452", + "172.17.0.1:47452", + "172.18.0.1:47452", + "172.19.0.1:47452" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-client", + "Services": [ + { "Proto": "peerapi4", "Port": 41378 }, + { "Proto": "peerapi6", "Port": 41378 } + ] + }, + "Created": "2026-02-23T00:13:11.017324028Z", + "Cap": 131, + "Tags": ["tag:client"], + "Online": true, + "ComputedName": "tagged-client", + "ComputedNameWithHost": "tagged-client" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "example.com/cap/exit-control": [{ "mode": "full" }] } + } + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.8.15", + "response": { + "Node": { + "ID": 301794218943819, + "StableID": "neJag6dgM311CNTRL", + "Name": "tagged-prod.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:54c79503322a5d0a9701ce19d11963cfff9c05667ac06ef976af86275ba7080e", + "DiscoKey": "discokey:2dd2ca7f9f1378d3ec23a7d6ba57a735032f9a4f90b6c95b2c2385950ec7ae45", + "Addresses": ["100.103.8.15/32", "fd7a:115c:a1e0::5b37:80f/128"], + "AllowedIPs": ["100.103.8.15/32", "fd7a:115c:a1e0::5b37:80f/128"], + "Endpoints": [ + "77.164.248.136:54907", + "10.65.0.27:54907", + "172.17.0.1:54907", + "172.18.0.1:54907", + "172.19.0.1:54907" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-prod", + "Services": [ + { "Proto": "peerapi4", "Port": 37678 }, + { "Proto": "peerapi6", "Port": 37678 } + ] + }, + "Created": "2026-02-20T14:03:12.89283153Z", + "Cap": 131, + "Tags": ["tag:prod"], + "Online": true, + "ComputedName": "tagged-prod", + "ComputedNameWithHost": "tagged-prod" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "example.com/cap/exit-control": [{ "mode": "full" }] } + } + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.108.74.26", + "response": { + "Node": { + "ID": 1440249486084758, + "StableID": "nXRbBtuHFC11CNTRL", + "Name": "tagged-server.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:7d5c34b3e8082069d0a82838165c33f8e1b5eb32c6211c2d23d4fe8fb9ec4a19", + "DiscoKey": "discokey:9f71ff1e1652916263ef05d0a5e9d9e18239aa598f956b24c563c03a1088cb39", + "Addresses": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "AllowedIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "Endpoints": [ + "77.164.248.136:34495", + "10.65.0.27:34495", + "172.17.0.1:34495", + "172.18.0.1:34495", + "172.19.0.1:34495" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-server", + "Services": [ + { "Proto": "peerapi4", "Port": 46499 }, + { "Proto": "peerapi6", "Port": 46499 } + ] + }, + "Created": "2026-01-23T10:10:26.365653609Z", + "Cap": 131, + "Tags": ["tag:server"], + "Online": true, + "ComputedName": "tagged-server", + "ComputedNameWithHost": "tagged-server" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "example.com/cap/exit-control": [{ "mode": "full" }] } + } + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.110.121.96", + "response": { + "Node": { + "ID": 7728836216590060, + "StableID": "nf4dJTRQM321CNTRL", + "Name": "user-kris.tail78f774.ts.net.", + "User": 4538565228176803, + "Key": "nodekey:40d0f8f49fd519e4a4a2b7d278dcc8863254d4fb8b0219f1d1304cdd172e795f", + "KeyExpiry": "2026-08-19T14:09:34Z", + "DiscoKey": "discokey:9841ea823abefc7197a67b2b33ba551868a344e64ecd27e00d1a100e5e9e5427", + "Addresses": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "AllowedIPs": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "Endpoints": [ + "77.164.248.136:42311", + "10.65.0.27:42311", + "172.17.0.1:42311", + "172.18.0.1:42311", + "172.19.0.1:42311" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user-kris", + "Services": [ + { "Proto": "peerapi4", "Port": 40159 }, + { "Proto": "peerapi6", "Port": 40159 } + ] + }, + "Created": "2026-02-20T14:09:34.803901523Z", + "Cap": 131, + "Online": true, + "ComputedName": "user-kris", + "ComputedNameWithHost": "user-kris" + }, + "UserProfile": { "ID": 4538565228176803, "LoginName": "kristoffer@dalby.cc", "DisplayName": "kristoffer" }, + "CapMap": { "example.com/cap/exit-control": [{ "mode": "full" }] } + } + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.90.82", + "response": { + "Node": { + "ID": 1840115676059256, + "StableID": "nFzZ7giPNF11CNTRL", + "Name": "user-mon.tail78f774.ts.net.", + "User": 3982058329734709, + "Key": "nodekey:1ca6cca66d2b3811ec290c2f7ac30125c3568e19e303a8e30f6b165c9ee75a51", + "KeyExpiry": "2026-08-19T14:09:00Z", + "DiscoKey": "discokey:733598f0f74431b5b2b28fb5980d8b2f79b5ca5524664998d1d011a651643211", + "Addresses": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "AllowedIPs": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "Endpoints": [ + "77.164.248.136:50398", + "10.65.0.27:50398", + "172.17.0.1:50398", + "172.18.0.1:50398", + "172.19.0.1:50398" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user-mon", + "Services": [ + { "Proto": "peerapi4", "Port": 33201 }, + { "Proto": "peerapi6", "Port": 33201 } + ] + }, + "Created": "2026-02-20T14:09:00.203639664Z", + "Cap": 131, + "Online": true, + "ComputedName": "user-mon", + "ComputedNameWithHost": "user-mon" + }, + "UserProfile": { + "ID": 3982058329734709, + "LoginName": "monitorpasskeykradalby@passkey", + "DisplayName": "monitorpasskeykradalby" + }, + "CapMap": { "example.com/cap/exit-control": [{ "mode": "full" }] } + } + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.90.199.68", + "response": { + "Node": { + "ID": 539541576444929, + "StableID": "nSq9YrqMD511CNTRL", + "Name": "user1.tail78f774.ts.net.", + "User": 4156223528223174, + "Key": "nodekey:96338a2cd2ea803c915ed8fdf882d66ca0c6a59d0fcf0bc4b3f928d22d1ac743", + "KeyExpiry": "2026-07-22T10:04:13Z", + "DiscoKey": "discokey:203d3bfbd67a06d210c027c546a05658fba93aeaea5042b12d50b93d31a5d156", + "Addresses": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "AllowedIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "Endpoints": [ + "77.164.248.136:44240", + "10.65.0.27:44240", + "172.17.0.1:44240", + "172.18.0.1:44240", + "172.19.0.1:44240" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user1", + "Services": [ + { "Proto": "peerapi4", "Port": 46708 }, + { "Proto": "peerapi6", "Port": 46708 } + ] + }, + "Created": "2026-01-23T10:04:13.531671894Z", + "Cap": 131, + "Online": true, + "ComputedName": "user1", + "ComputedNameWithHost": "user1" + }, + "UserProfile": { "ID": 4156223528223174, "LoginName": "kratail2tid@passkey", "DisplayName": "kratail2tid" }, + "CapMap": { "example.com/cap/exit-control": [{ "mode": "full" }] } + } + } + } + }, + "subnet-router": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-client": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-prod": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-server": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-kris": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-mon": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user1": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.90.82", + "response": null + } + } + } + } +} diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V03.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V03.json new file mode 100644 index 00000000..b3b46e8a --- /dev/null +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V03.json @@ -0,0 +1,1032 @@ +{ + "test_id": "GRANT-V03", + "timestamp": "2026-02-23T15:39:49Z", + "propagation_wait_seconds": 8, + "input": { + "policy_file": "grant_policies_v2/grant_v03.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "grants": [ + { + "src": ["*"], + "dst": ["tag:router"], + "app": { + "example.com/cap/router-admin": [ + { + "role": "admin" + } + ] + } + } + ] + }, + "grants_section": [ + { "src": ["*"], "dst": ["tag:router"], "app": { "example.com/cap/router-admin": [{ "role": "admin" }] } } + ], + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_method": "POST", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "mts_name": "exit-node", + "socket": "/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock", + "hostname": "exit-node", + "user_id": 4041918547170221, + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "mts_name": "subnet-router", + "socket": "/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock", + "hostname": "subnet-router", + "user_id": 7489538288452506, + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "mts_name": "tagged-client", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock", + "hostname": "tagged-client", + "user_id": 4031348162889210, + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "mts_name": "tagged-prod", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock", + "hostname": "tagged-prod", + "user_id": 301794218943819, + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "mts_name": "tagged-server", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock", + "hostname": "tagged-server", + "user_id": 1440249486084758, + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "mts_name": "user-kris", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock", + "hostname": "user-kris", + "user_id": 4538565228176803, + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "mts_name": "user-mon", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock", + "hostname": "user-mon", + "user_id": 3982058329734709, + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "mts_name": "user1", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock", + "hostname": "user1", + "user_id": 4156223528223174, + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "subnet-router": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "CapGrant": [ + { + "Dsts": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "CapMap": { "example.com/cap/router-admin": [{ "role": "admin" }] } + } + ] + } + ], + "packet_filter_matches": [ + { + "IPProto": [6, 17, 1, 58], + "Srcs": [ + "10.33.0.0/16", + "100.115.94.0/23", + "100.115.96.0/19", + "100.115.128.0/17", + "100.116.0.0/14", + "100.120.0.0/13", + "100.64.0.0/11", + "100.96.0.0/12", + "100.112.0.0/15", + "100.114.0.0/16", + "100.115.0.0/18", + "100.115.64.0/20", + "100.115.80.0/21", + "100.115.88.0/22", + "fd7a:115c:a1e0::/48" + ], + "SrcCaps": null, + "Dsts": [], + "Caps": [ + { "Dst": "100.92.142.61/32", "Cap": "example.com/cap/router-admin", "Values": [{ "role": "admin" }] }, + { + "Dst": "fd7a:115c:a1e0::3e37:8e3d/128", + "Cap": "example.com/cap/router-admin", + "Values": [{ "role": "admin" }] + } + ] + } + ], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "example.com/cap/router-admin": [{ "role": "admin" }] } + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.83.200.69", + "response": { + "Node": { + "ID": 4031348162889210, + "StableID": "nf7BTTgoUY11CNTRL", + "Name": "tagged-client.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:3011e53353e49142ea56ae11f81e0dceae0d667093d04ee086dcb1e9c5d3c844", + "DiscoKey": "discokey:7e9099516456f84f9af01c51ce03bc38764c4c02bf6c73a6d4b2495771a6c449", + "Addresses": ["100.83.200.69/32", "fd7a:115c:a1e0::c537:c845/128"], + "AllowedIPs": ["100.83.200.69/32", "fd7a:115c:a1e0::c537:c845/128"], + "Endpoints": [ + "77.164.248.136:47452", + "10.65.0.27:47452", + "172.17.0.1:47452", + "172.18.0.1:47452", + "172.19.0.1:47452" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-client", + "Services": [ + { "Proto": "peerapi4", "Port": 41378 }, + { "Proto": "peerapi6", "Port": 41378 } + ] + }, + "Created": "2026-02-23T00:13:11.017324028Z", + "Cap": 131, + "Tags": ["tag:client"], + "Online": true, + "ComputedName": "tagged-client", + "ComputedNameWithHost": "tagged-client" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "example.com/cap/router-admin": [{ "role": "admin" }] } + } + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.8.15", + "response": { + "Node": { + "ID": 301794218943819, + "StableID": "neJag6dgM311CNTRL", + "Name": "tagged-prod.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:54c79503322a5d0a9701ce19d11963cfff9c05667ac06ef976af86275ba7080e", + "DiscoKey": "discokey:2dd2ca7f9f1378d3ec23a7d6ba57a735032f9a4f90b6c95b2c2385950ec7ae45", + "Addresses": ["100.103.8.15/32", "fd7a:115c:a1e0::5b37:80f/128"], + "AllowedIPs": ["100.103.8.15/32", "fd7a:115c:a1e0::5b37:80f/128"], + "Endpoints": [ + "77.164.248.136:54907", + "10.65.0.27:54907", + "172.17.0.1:54907", + "172.18.0.1:54907", + "172.19.0.1:54907" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-prod", + "Services": [ + { "Proto": "peerapi4", "Port": 37678 }, + { "Proto": "peerapi6", "Port": 37678 } + ] + }, + "Created": "2026-02-20T14:03:12.89283153Z", + "Cap": 131, + "Tags": ["tag:prod"], + "Online": true, + "ComputedName": "tagged-prod", + "ComputedNameWithHost": "tagged-prod" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "example.com/cap/router-admin": [{ "role": "admin" }] } + } + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.108.74.26", + "response": { + "Node": { + "ID": 1440249486084758, + "StableID": "nXRbBtuHFC11CNTRL", + "Name": "tagged-server.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:7d5c34b3e8082069d0a82838165c33f8e1b5eb32c6211c2d23d4fe8fb9ec4a19", + "DiscoKey": "discokey:9f71ff1e1652916263ef05d0a5e9d9e18239aa598f956b24c563c03a1088cb39", + "Addresses": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "AllowedIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "Endpoints": [ + "77.164.248.136:34495", + "10.65.0.27:34495", + "172.17.0.1:34495", + "172.18.0.1:34495", + "172.19.0.1:34495" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-server", + "Services": [ + { "Proto": "peerapi4", "Port": 46499 }, + { "Proto": "peerapi6", "Port": 46499 } + ] + }, + "Created": "2026-01-23T10:10:26.365653609Z", + "Cap": 131, + "Tags": ["tag:server"], + "Online": true, + "ComputedName": "tagged-server", + "ComputedNameWithHost": "tagged-server" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "example.com/cap/router-admin": [{ "role": "admin" }] } + } + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.110.121.96", + "response": { + "Node": { + "ID": 7728836216590060, + "StableID": "nf4dJTRQM321CNTRL", + "Name": "user-kris.tail78f774.ts.net.", + "User": 4538565228176803, + "Key": "nodekey:40d0f8f49fd519e4a4a2b7d278dcc8863254d4fb8b0219f1d1304cdd172e795f", + "KeyExpiry": "2026-08-19T14:09:34Z", + "DiscoKey": "discokey:9841ea823abefc7197a67b2b33ba551868a344e64ecd27e00d1a100e5e9e5427", + "Addresses": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "AllowedIPs": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "Endpoints": [ + "77.164.248.136:42311", + "10.65.0.27:42311", + "172.17.0.1:42311", + "172.18.0.1:42311", + "172.19.0.1:42311" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user-kris", + "Services": [ + { "Proto": "peerapi4", "Port": 40159 }, + { "Proto": "peerapi6", "Port": 40159 } + ] + }, + "Created": "2026-02-20T14:09:34.803901523Z", + "Cap": 131, + "Online": true, + "ComputedName": "user-kris", + "ComputedNameWithHost": "user-kris" + }, + "UserProfile": { "ID": 4538565228176803, "LoginName": "kristoffer@dalby.cc", "DisplayName": "kristoffer" }, + "CapMap": { "example.com/cap/router-admin": [{ "role": "admin" }] } + } + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.90.82", + "response": { + "Node": { + "ID": 1840115676059256, + "StableID": "nFzZ7giPNF11CNTRL", + "Name": "user-mon.tail78f774.ts.net.", + "User": 3982058329734709, + "Key": "nodekey:1ca6cca66d2b3811ec290c2f7ac30125c3568e19e303a8e30f6b165c9ee75a51", + "KeyExpiry": "2026-08-19T14:09:00Z", + "DiscoKey": "discokey:733598f0f74431b5b2b28fb5980d8b2f79b5ca5524664998d1d011a651643211", + "Addresses": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "AllowedIPs": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "Endpoints": [ + "77.164.248.136:50398", + "10.65.0.27:50398", + "172.17.0.1:50398", + "172.18.0.1:50398", + "172.19.0.1:50398" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user-mon", + "Services": [ + { "Proto": "peerapi4", "Port": 33201 }, + { "Proto": "peerapi6", "Port": 33201 } + ] + }, + "Created": "2026-02-20T14:09:00.203639664Z", + "Cap": 131, + "Online": true, + "ComputedName": "user-mon", + "ComputedNameWithHost": "user-mon" + }, + "UserProfile": { + "ID": 3982058329734709, + "LoginName": "monitorpasskeykradalby@passkey", + "DisplayName": "monitorpasskeykradalby" + }, + "CapMap": { "example.com/cap/router-admin": [{ "role": "admin" }] } + } + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.90.199.68", + "response": { + "Node": { + "ID": 539541576444929, + "StableID": "nSq9YrqMD511CNTRL", + "Name": "user1.tail78f774.ts.net.", + "User": 4156223528223174, + "Key": "nodekey:96338a2cd2ea803c915ed8fdf882d66ca0c6a59d0fcf0bc4b3f928d22d1ac743", + "KeyExpiry": "2026-07-22T10:04:13Z", + "DiscoKey": "discokey:203d3bfbd67a06d210c027c546a05658fba93aeaea5042b12d50b93d31a5d156", + "Addresses": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "AllowedIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "Endpoints": [ + "77.164.248.136:44240", + "10.65.0.27:44240", + "172.17.0.1:44240", + "172.18.0.1:44240", + "172.19.0.1:44240" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user1", + "Services": [ + { "Proto": "peerapi4", "Port": 46708 }, + { "Proto": "peerapi6", "Port": 46708 } + ] + }, + "Created": "2026-01-23T10:04:13.531671894Z", + "Cap": 131, + "Online": true, + "ComputedName": "user1", + "ComputedNameWithHost": "user1" + }, + "UserProfile": { "ID": 4156223528223174, "LoginName": "kratail2tid@passkey", "DisplayName": "kratail2tid" }, + "CapMap": { "example.com/cap/router-admin": [{ "role": "admin" }] } + } + } + } + }, + "tagged-client": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-prod": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-server": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-kris": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-mon": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user1": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.90.82", + "response": null + } + } + } + } +} diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V04.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V04.json new file mode 100644 index 00000000..20cfefc5 --- /dev/null +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V04.json @@ -0,0 +1,52 @@ +{ + "test_id": "GRANT-V04", + "description": "", + "timestamp": "2026-02-23T15:39:59Z", + "error": true, + "input": { + "policy_file": "grant_policies_v2/grant_v04.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "grants": [ + { + "src": ["*"], + "dst": ["0.0.0.0/0"], + "app": { + "example.com/cap/global-access": [{}] + } + } + ] + }, + "grants_section": [{ "src": ["*"], "dst": ["0.0.0.0/0"], "app": { "example.com/cap/global-access": [{}] } }], + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_method": "POST", + "api_response_code": 400, + "api_response_body": { + "message": "dst \"0.0.0.0/0\": to allow all IP addresses, use \"*\" or \"autogroup:internet\"" + } + } +} diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V05.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V05.json new file mode 100644 index 00000000..429dd519 --- /dev/null +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V05.json @@ -0,0 +1,50 @@ +{ + "test_id": "GRANT-V05", + "description": "", + "timestamp": "2026-02-23T15:39:59Z", + "error": true, + "input": { + "policy_file": "grant_policies_v2/grant_v05.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "grants": [ + { + "src": ["*"], + "dst": ["::/0"], + "app": { + "example.com/cap/global-v6": [{}] + } + } + ] + }, + "grants_section": [{ "src": ["*"], "dst": ["::/0"], "app": { "example.com/cap/global-v6": [{}] } }], + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_method": "POST", + "api_response_code": 400, + "api_response_body": { "message": "dst \"::/0\": to allow all IP addresses, use \"*\" or \"autogroup:internet\"" } + } +} diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V06.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V06.json new file mode 100644 index 00000000..fbda0bb2 --- /dev/null +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V06.json @@ -0,0 +1,1504 @@ +{ + "test_id": "GRANT-V06", + "timestamp": "2026-02-23T15:39:59Z", + "propagation_wait_seconds": 8, + "input": { + "policy_file": "grant_policies_v2/grant_v06.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "grants": [ + { + "src": ["*"], + "dst": ["tag:server", "tag:exit"], + "app": { + "example.com/cap/multi-dst": [ + { + "scope": "both" + } + ] + } + } + ] + }, + "grants_section": [ + { "src": ["*"], "dst": ["tag:server", "tag:exit"], "app": { "example.com/cap/multi-dst": [{ "scope": "both" }] } } + ], + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_method": "POST", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "mts_name": "exit-node", + "socket": "/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock", + "hostname": "exit-node", + "user_id": 4041918547170221, + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "mts_name": "subnet-router", + "socket": "/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock", + "hostname": "subnet-router", + "user_id": 7489538288452506, + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "mts_name": "tagged-client", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock", + "hostname": "tagged-client", + "user_id": 4031348162889210, + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "mts_name": "tagged-prod", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock", + "hostname": "tagged-prod", + "user_id": 301794218943819, + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "mts_name": "tagged-server", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock", + "hostname": "tagged-server", + "user_id": 1440249486084758, + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "mts_name": "user-kris", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock", + "hostname": "user-kris", + "user_id": 4538565228176803, + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "mts_name": "user-mon", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock", + "hostname": "user-mon", + "user_id": 3982058329734709, + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "mts_name": "user1", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock", + "hostname": "user1", + "user_id": 4156223528223174, + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "CapGrant": [ + { + "Dsts": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "CapMap": { "example.com/cap/multi-dst": [{ "scope": "both" }] } + } + ] + } + ], + "packet_filter_matches": [ + { + "IPProto": [6, 17, 1, 58], + "Srcs": [ + "10.33.0.0/16", + "100.115.94.0/23", + "100.115.96.0/19", + "100.115.128.0/17", + "100.116.0.0/14", + "100.120.0.0/13", + "100.64.0.0/11", + "100.96.0.0/12", + "100.112.0.0/15", + "100.114.0.0/16", + "100.115.0.0/18", + "100.115.64.0/20", + "100.115.80.0/21", + "100.115.88.0/22", + "fd7a:115c:a1e0::/48" + ], + "SrcCaps": null, + "Dsts": [], + "Caps": [ + { "Dst": "100.85.66.106/32", "Cap": "example.com/cap/multi-dst", "Values": [{ "scope": "both" }] }, + { + "Dst": "fd7a:115c:a1e0::7c37:426a/128", + "Cap": "example.com/cap/multi-dst", + "Values": [{ "scope": "both" }] + } + ] + } + ], + "whois": { + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "example.com/cap/multi-dst": [{ "scope": "both" }] } + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.83.200.69", + "response": { + "Node": { + "ID": 4031348162889210, + "StableID": "nf7BTTgoUY11CNTRL", + "Name": "tagged-client.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:3011e53353e49142ea56ae11f81e0dceae0d667093d04ee086dcb1e9c5d3c844", + "DiscoKey": "discokey:7e9099516456f84f9af01c51ce03bc38764c4c02bf6c73a6d4b2495771a6c449", + "Addresses": ["100.83.200.69/32", "fd7a:115c:a1e0::c537:c845/128"], + "AllowedIPs": ["100.83.200.69/32", "fd7a:115c:a1e0::c537:c845/128"], + "Endpoints": [ + "77.164.248.136:47452", + "10.65.0.27:47452", + "172.17.0.1:47452", + "172.18.0.1:47452", + "172.19.0.1:47452" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-client", + "Services": [ + { "Proto": "peerapi4", "Port": 41378 }, + { "Proto": "peerapi6", "Port": 41378 } + ] + }, + "Created": "2026-02-23T00:13:11.017324028Z", + "Cap": 131, + "Tags": ["tag:client"], + "Online": true, + "ComputedName": "tagged-client", + "ComputedNameWithHost": "tagged-client" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "example.com/cap/multi-dst": [{ "scope": "both" }] } + } + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.8.15", + "response": { + "Node": { + "ID": 301794218943819, + "StableID": "neJag6dgM311CNTRL", + "Name": "tagged-prod.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:54c79503322a5d0a9701ce19d11963cfff9c05667ac06ef976af86275ba7080e", + "DiscoKey": "discokey:2dd2ca7f9f1378d3ec23a7d6ba57a735032f9a4f90b6c95b2c2385950ec7ae45", + "Addresses": ["100.103.8.15/32", "fd7a:115c:a1e0::5b37:80f/128"], + "AllowedIPs": ["100.103.8.15/32", "fd7a:115c:a1e0::5b37:80f/128"], + "Endpoints": [ + "77.164.248.136:54907", + "10.65.0.27:54907", + "172.17.0.1:54907", + "172.18.0.1:54907", + "172.19.0.1:54907" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-prod", + "Services": [ + { "Proto": "peerapi4", "Port": 37678 }, + { "Proto": "peerapi6", "Port": 37678 } + ] + }, + "Created": "2026-02-20T14:03:12.89283153Z", + "Cap": 131, + "Tags": ["tag:prod"], + "Online": true, + "ComputedName": "tagged-prod", + "ComputedNameWithHost": "tagged-prod" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "example.com/cap/multi-dst": [{ "scope": "both" }] } + } + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.108.74.26", + "response": { + "Node": { + "ID": 1440249486084758, + "StableID": "nXRbBtuHFC11CNTRL", + "Name": "tagged-server.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:7d5c34b3e8082069d0a82838165c33f8e1b5eb32c6211c2d23d4fe8fb9ec4a19", + "DiscoKey": "discokey:9f71ff1e1652916263ef05d0a5e9d9e18239aa598f956b24c563c03a1088cb39", + "Addresses": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "AllowedIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "Endpoints": [ + "77.164.248.136:34495", + "10.65.0.27:34495", + "172.17.0.1:34495", + "172.18.0.1:34495", + "172.19.0.1:34495" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-server", + "Services": [ + { "Proto": "peerapi4", "Port": 46499 }, + { "Proto": "peerapi6", "Port": 46499 } + ] + }, + "Created": "2026-01-23T10:10:26.365653609Z", + "Cap": 131, + "Tags": ["tag:server"], + "Online": true, + "ComputedName": "tagged-server", + "ComputedNameWithHost": "tagged-server" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "example.com/cap/multi-dst": [{ "scope": "both" }] } + } + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.110.121.96", + "response": { + "Node": { + "ID": 7728836216590060, + "StableID": "nf4dJTRQM321CNTRL", + "Name": "user-kris.tail78f774.ts.net.", + "User": 4538565228176803, + "Key": "nodekey:40d0f8f49fd519e4a4a2b7d278dcc8863254d4fb8b0219f1d1304cdd172e795f", + "KeyExpiry": "2026-08-19T14:09:34Z", + "DiscoKey": "discokey:9841ea823abefc7197a67b2b33ba551868a344e64ecd27e00d1a100e5e9e5427", + "Addresses": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "AllowedIPs": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "Endpoints": [ + "77.164.248.136:42311", + "10.65.0.27:42311", + "172.17.0.1:42311", + "172.18.0.1:42311", + "172.19.0.1:42311" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user-kris", + "Services": [ + { "Proto": "peerapi4", "Port": 40159 }, + { "Proto": "peerapi6", "Port": 40159 } + ] + }, + "Created": "2026-02-20T14:09:34.803901523Z", + "Cap": 131, + "Online": true, + "ComputedName": "user-kris", + "ComputedNameWithHost": "user-kris" + }, + "UserProfile": { "ID": 4538565228176803, "LoginName": "kristoffer@dalby.cc", "DisplayName": "kristoffer" }, + "CapMap": { "example.com/cap/multi-dst": [{ "scope": "both" }] } + } + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.90.82", + "response": { + "Node": { + "ID": 1840115676059256, + "StableID": "nFzZ7giPNF11CNTRL", + "Name": "user-mon.tail78f774.ts.net.", + "User": 3982058329734709, + "Key": "nodekey:1ca6cca66d2b3811ec290c2f7ac30125c3568e19e303a8e30f6b165c9ee75a51", + "KeyExpiry": "2026-08-19T14:09:00Z", + "DiscoKey": "discokey:733598f0f74431b5b2b28fb5980d8b2f79b5ca5524664998d1d011a651643211", + "Addresses": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "AllowedIPs": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "Endpoints": [ + "77.164.248.136:50398", + "10.65.0.27:50398", + "172.17.0.1:50398", + "172.18.0.1:50398", + "172.19.0.1:50398" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user-mon", + "Services": [ + { "Proto": "peerapi4", "Port": 33201 }, + { "Proto": "peerapi6", "Port": 33201 } + ] + }, + "Created": "2026-02-20T14:09:00.203639664Z", + "Cap": 131, + "Online": true, + "ComputedName": "user-mon", + "ComputedNameWithHost": "user-mon" + }, + "UserProfile": { + "ID": 3982058329734709, + "LoginName": "monitorpasskeykradalby@passkey", + "DisplayName": "monitorpasskeykradalby" + }, + "CapMap": { "example.com/cap/multi-dst": [{ "scope": "both" }] } + } + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.90.199.68", + "response": { + "Node": { + "ID": 539541576444929, + "StableID": "nSq9YrqMD511CNTRL", + "Name": "user1.tail78f774.ts.net.", + "User": 4156223528223174, + "Key": "nodekey:96338a2cd2ea803c915ed8fdf882d66ca0c6a59d0fcf0bc4b3f928d22d1ac743", + "KeyExpiry": "2026-07-22T10:04:13Z", + "DiscoKey": "discokey:203d3bfbd67a06d210c027c546a05658fba93aeaea5042b12d50b93d31a5d156", + "Addresses": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "AllowedIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "Endpoints": [ + "77.164.248.136:44240", + "10.65.0.27:44240", + "172.17.0.1:44240", + "172.18.0.1:44240", + "172.19.0.1:44240" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user1", + "Services": [ + { "Proto": "peerapi4", "Port": 46708 }, + { "Proto": "peerapi6", "Port": 46708 } + ] + }, + "Created": "2026-01-23T10:04:13.531671894Z", + "Cap": 131, + "Online": true, + "ComputedName": "user1", + "ComputedNameWithHost": "user1" + }, + "UserProfile": { "ID": 4156223528223174, "LoginName": "kratail2tid@passkey", "DisplayName": "kratail2tid" }, + "CapMap": { "example.com/cap/multi-dst": [{ "scope": "both" }] } + } + } + } + }, + "subnet-router": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.108.74.26", + "response": { + "Node": { + "ID": 1440249486084758, + "StableID": "nXRbBtuHFC11CNTRL", + "Name": "tagged-server.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:7d5c34b3e8082069d0a82838165c33f8e1b5eb32c6211c2d23d4fe8fb9ec4a19", + "DiscoKey": "discokey:9f71ff1e1652916263ef05d0a5e9d9e18239aa598f956b24c563c03a1088cb39", + "Addresses": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "AllowedIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "Endpoints": [ + "77.164.248.136:34495", + "10.65.0.27:34495", + "172.17.0.1:34495", + "172.18.0.1:34495", + "172.19.0.1:34495" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-server", + "Services": [ + { "Proto": "peerapi4", "Port": 46499 }, + { "Proto": "peerapi6", "Port": 46499 } + ] + }, + "Created": "2026-01-23T10:10:26.365653609Z", + "Cap": 131, + "Tags": ["tag:server"], + "Online": true, + "ComputedName": "tagged-server", + "ComputedNameWithHost": "tagged-server" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-client": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.108.74.26", + "response": { + "Node": { + "ID": 1440249486084758, + "StableID": "nXRbBtuHFC11CNTRL", + "Name": "tagged-server.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:7d5c34b3e8082069d0a82838165c33f8e1b5eb32c6211c2d23d4fe8fb9ec4a19", + "DiscoKey": "discokey:9f71ff1e1652916263ef05d0a5e9d9e18239aa598f956b24c563c03a1088cb39", + "Addresses": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "AllowedIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "Endpoints": [ + "77.164.248.136:34495", + "10.65.0.27:34495", + "172.17.0.1:34495", + "172.18.0.1:34495", + "172.19.0.1:34495" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-server", + "Services": [ + { "Proto": "peerapi4", "Port": 46499 }, + { "Proto": "peerapi6", "Port": 46499 } + ] + }, + "Created": "2026-01-23T10:10:26.365653609Z", + "Cap": 131, + "Tags": ["tag:server"], + "Online": true, + "ComputedName": "tagged-server", + "ComputedNameWithHost": "tagged-server" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-prod": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.108.74.26", + "response": { + "Node": { + "ID": 1440249486084758, + "StableID": "nXRbBtuHFC11CNTRL", + "Name": "tagged-server.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:7d5c34b3e8082069d0a82838165c33f8e1b5eb32c6211c2d23d4fe8fb9ec4a19", + "DiscoKey": "discokey:9f71ff1e1652916263ef05d0a5e9d9e18239aa598f956b24c563c03a1088cb39", + "Addresses": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "AllowedIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "Endpoints": [ + "77.164.248.136:34495", + "10.65.0.27:34495", + "172.17.0.1:34495", + "172.18.0.1:34495", + "172.19.0.1:34495" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-server", + "Services": [ + { "Proto": "peerapi4", "Port": 46499 }, + { "Proto": "peerapi6", "Port": 46499 } + ] + }, + "Created": "2026-01-23T10:10:26.365653609Z", + "Cap": 131, + "Tags": ["tag:server"], + "Online": true, + "ComputedName": "tagged-server", + "ComputedNameWithHost": "tagged-server" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-server": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "CapGrant": [ + { + "Dsts": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "CapMap": { "example.com/cap/multi-dst": [{ "scope": "both" }] } + } + ] + } + ], + "packet_filter_matches": [ + { + "IPProto": [6, 17, 1, 58], + "Srcs": [ + "10.33.0.0/16", + "100.115.94.0/23", + "100.115.96.0/19", + "100.115.128.0/17", + "100.116.0.0/14", + "100.120.0.0/13", + "100.64.0.0/11", + "100.96.0.0/12", + "100.112.0.0/15", + "100.114.0.0/16", + "100.115.0.0/18", + "100.115.64.0/20", + "100.115.80.0/21", + "100.115.88.0/22", + "fd7a:115c:a1e0::/48" + ], + "SrcCaps": null, + "Dsts": [], + "Caps": [ + { "Dst": "100.108.74.26/32", "Cap": "example.com/cap/multi-dst", "Values": [{ "scope": "both" }] }, + { + "Dst": "fd7a:115c:a1e0::b901:4a87/128", + "Cap": "example.com/cap/multi-dst", + "Values": [{ "scope": "both" }] + } + ] + } + ], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "example.com/cap/multi-dst": [{ "scope": "both" }] } + } + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "example.com/cap/multi-dst": [{ "scope": "both" }] } + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.83.200.69", + "response": { + "Node": { + "ID": 4031348162889210, + "StableID": "nf7BTTgoUY11CNTRL", + "Name": "tagged-client.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:3011e53353e49142ea56ae11f81e0dceae0d667093d04ee086dcb1e9c5d3c844", + "DiscoKey": "discokey:7e9099516456f84f9af01c51ce03bc38764c4c02bf6c73a6d4b2495771a6c449", + "Addresses": ["100.83.200.69/32", "fd7a:115c:a1e0::c537:c845/128"], + "AllowedIPs": ["100.83.200.69/32", "fd7a:115c:a1e0::c537:c845/128"], + "Endpoints": [ + "77.164.248.136:47452", + "10.65.0.27:47452", + "172.17.0.1:47452", + "172.18.0.1:47452", + "172.19.0.1:47452" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-client", + "Services": [ + { "Proto": "peerapi4", "Port": 41378 }, + { "Proto": "peerapi6", "Port": 41378 } + ] + }, + "Created": "2026-02-23T00:13:11.017324028Z", + "Cap": 131, + "Tags": ["tag:client"], + "Online": true, + "ComputedName": "tagged-client", + "ComputedNameWithHost": "tagged-client" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "example.com/cap/multi-dst": [{ "scope": "both" }] } + } + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.8.15", + "response": { + "Node": { + "ID": 301794218943819, + "StableID": "neJag6dgM311CNTRL", + "Name": "tagged-prod.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:54c79503322a5d0a9701ce19d11963cfff9c05667ac06ef976af86275ba7080e", + "DiscoKey": "discokey:2dd2ca7f9f1378d3ec23a7d6ba57a735032f9a4f90b6c95b2c2385950ec7ae45", + "Addresses": ["100.103.8.15/32", "fd7a:115c:a1e0::5b37:80f/128"], + "AllowedIPs": ["100.103.8.15/32", "fd7a:115c:a1e0::5b37:80f/128"], + "Endpoints": [ + "77.164.248.136:54907", + "10.65.0.27:54907", + "172.17.0.1:54907", + "172.18.0.1:54907", + "172.19.0.1:54907" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-prod", + "Services": [ + { "Proto": "peerapi4", "Port": 37678 }, + { "Proto": "peerapi6", "Port": 37678 } + ] + }, + "Created": "2026-02-20T14:03:12.89283153Z", + "Cap": 131, + "Tags": ["tag:prod"], + "Online": true, + "ComputedName": "tagged-prod", + "ComputedNameWithHost": "tagged-prod" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "example.com/cap/multi-dst": [{ "scope": "both" }] } + } + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.110.121.96", + "response": { + "Node": { + "ID": 7728836216590060, + "StableID": "nf4dJTRQM321CNTRL", + "Name": "user-kris.tail78f774.ts.net.", + "User": 4538565228176803, + "Key": "nodekey:40d0f8f49fd519e4a4a2b7d278dcc8863254d4fb8b0219f1d1304cdd172e795f", + "KeyExpiry": "2026-08-19T14:09:34Z", + "DiscoKey": "discokey:9841ea823abefc7197a67b2b33ba551868a344e64ecd27e00d1a100e5e9e5427", + "Addresses": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "AllowedIPs": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "Endpoints": [ + "77.164.248.136:42311", + "10.65.0.27:42311", + "172.17.0.1:42311", + "172.18.0.1:42311", + "172.19.0.1:42311" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user-kris", + "Services": [ + { "Proto": "peerapi4", "Port": 40159 }, + { "Proto": "peerapi6", "Port": 40159 } + ] + }, + "Created": "2026-02-20T14:09:34.803901523Z", + "Cap": 131, + "Online": true, + "ComputedName": "user-kris", + "ComputedNameWithHost": "user-kris" + }, + "UserProfile": { "ID": 4538565228176803, "LoginName": "kristoffer@dalby.cc", "DisplayName": "kristoffer" }, + "CapMap": { "example.com/cap/multi-dst": [{ "scope": "both" }] } + } + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.90.82", + "response": { + "Node": { + "ID": 1840115676059256, + "StableID": "nFzZ7giPNF11CNTRL", + "Name": "user-mon.tail78f774.ts.net.", + "User": 3982058329734709, + "Key": "nodekey:1ca6cca66d2b3811ec290c2f7ac30125c3568e19e303a8e30f6b165c9ee75a51", + "KeyExpiry": "2026-08-19T14:09:00Z", + "DiscoKey": "discokey:733598f0f74431b5b2b28fb5980d8b2f79b5ca5524664998d1d011a651643211", + "Addresses": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "AllowedIPs": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "Endpoints": [ + "77.164.248.136:50398", + "10.65.0.27:50398", + "172.17.0.1:50398", + "172.18.0.1:50398", + "172.19.0.1:50398" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user-mon", + "Services": [ + { "Proto": "peerapi4", "Port": 33201 }, + { "Proto": "peerapi6", "Port": 33201 } + ] + }, + "Created": "2026-02-20T14:09:00.203639664Z", + "Cap": 131, + "Online": true, + "ComputedName": "user-mon", + "ComputedNameWithHost": "user-mon" + }, + "UserProfile": { + "ID": 3982058329734709, + "LoginName": "monitorpasskeykradalby@passkey", + "DisplayName": "monitorpasskeykradalby" + }, + "CapMap": { "example.com/cap/multi-dst": [{ "scope": "both" }] } + } + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.90.199.68", + "response": { + "Node": { + "ID": 539541576444929, + "StableID": "nSq9YrqMD511CNTRL", + "Name": "user1.tail78f774.ts.net.", + "User": 4156223528223174, + "Key": "nodekey:96338a2cd2ea803c915ed8fdf882d66ca0c6a59d0fcf0bc4b3f928d22d1ac743", + "KeyExpiry": "2026-07-22T10:04:13Z", + "DiscoKey": "discokey:203d3bfbd67a06d210c027c546a05658fba93aeaea5042b12d50b93d31a5d156", + "Addresses": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "AllowedIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "Endpoints": [ + "77.164.248.136:44240", + "10.65.0.27:44240", + "172.17.0.1:44240", + "172.18.0.1:44240", + "172.19.0.1:44240" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user1", + "Services": [ + { "Proto": "peerapi4", "Port": 46708 }, + { "Proto": "peerapi6", "Port": 46708 } + ] + }, + "Created": "2026-01-23T10:04:13.531671894Z", + "Cap": 131, + "Online": true, + "ComputedName": "user1", + "ComputedNameWithHost": "user1" + }, + "UserProfile": { "ID": 4156223528223174, "LoginName": "kratail2tid@passkey", "DisplayName": "kratail2tid" }, + "CapMap": { "example.com/cap/multi-dst": [{ "scope": "both" }] } + } + } + } + }, + "user-kris": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.108.74.26", + "response": { + "Node": { + "ID": 1440249486084758, + "StableID": "nXRbBtuHFC11CNTRL", + "Name": "tagged-server.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:7d5c34b3e8082069d0a82838165c33f8e1b5eb32c6211c2d23d4fe8fb9ec4a19", + "DiscoKey": "discokey:9f71ff1e1652916263ef05d0a5e9d9e18239aa598f956b24c563c03a1088cb39", + "Addresses": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "AllowedIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "Endpoints": [ + "77.164.248.136:34495", + "10.65.0.27:34495", + "172.17.0.1:34495", + "172.18.0.1:34495", + "172.19.0.1:34495" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-server", + "Services": [ + { "Proto": "peerapi4", "Port": 46499 }, + { "Proto": "peerapi6", "Port": 46499 } + ] + }, + "Created": "2026-01-23T10:10:26.365653609Z", + "Cap": 131, + "Tags": ["tag:server"], + "Online": true, + "ComputedName": "tagged-server", + "ComputedNameWithHost": "tagged-server" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-mon": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.108.74.26", + "response": { + "Node": { + "ID": 1440249486084758, + "StableID": "nXRbBtuHFC11CNTRL", + "Name": "tagged-server.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:7d5c34b3e8082069d0a82838165c33f8e1b5eb32c6211c2d23d4fe8fb9ec4a19", + "DiscoKey": "discokey:9f71ff1e1652916263ef05d0a5e9d9e18239aa598f956b24c563c03a1088cb39", + "Addresses": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "AllowedIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "Endpoints": [ + "77.164.248.136:34495", + "10.65.0.27:34495", + "172.17.0.1:34495", + "172.18.0.1:34495", + "172.19.0.1:34495" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-server", + "Services": [ + { "Proto": "peerapi4", "Port": 46499 }, + { "Proto": "peerapi6", "Port": 46499 } + ] + }, + "Created": "2026-01-23T10:10:26.365653609Z", + "Cap": 131, + "Tags": ["tag:server"], + "Online": true, + "ComputedName": "tagged-server", + "ComputedNameWithHost": "tagged-server" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user1": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.108.74.26", + "response": { + "Node": { + "ID": 1440249486084758, + "StableID": "nXRbBtuHFC11CNTRL", + "Name": "tagged-server.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:7d5c34b3e8082069d0a82838165c33f8e1b5eb32c6211c2d23d4fe8fb9ec4a19", + "DiscoKey": "discokey:9f71ff1e1652916263ef05d0a5e9d9e18239aa598f956b24c563c03a1088cb39", + "Addresses": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "AllowedIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "Endpoints": [ + "77.164.248.136:34495", + "10.65.0.27:34495", + "172.17.0.1:34495", + "172.18.0.1:34495", + "172.19.0.1:34495" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-server", + "Services": [ + { "Proto": "peerapi4", "Port": 46499 }, + { "Proto": "peerapi6", "Port": 46499 } + ] + }, + "Created": "2026-01-23T10:10:26.365653609Z", + "Cap": 131, + "Tags": ["tag:server"], + "Online": true, + "ComputedName": "tagged-server", + "ComputedNameWithHost": "tagged-server" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.90.82", + "response": null + } + } + } + } +} diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V07.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V07.json new file mode 100644 index 00000000..eab8a5f3 --- /dev/null +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V07.json @@ -0,0 +1,484 @@ +{ + "test_id": "GRANT-V07", + "timestamp": "2026-02-23T15:40:09Z", + "propagation_wait_seconds": 8, + "input": { + "policy_file": "grant_policies_v2/grant_v07.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "grants": [ + { + "src": ["*"], + "dst": ["autogroup:internet"], + "ip": ["tcp:443"] + } + ] + }, + "grants_section": [{ "src": ["*"], "dst": ["autogroup:internet"], "ip": ["tcp:443"] }], + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_method": "POST", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "mts_name": "exit-node", + "socket": "/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock", + "hostname": "exit-node", + "user_id": 4041918547170221, + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "mts_name": "subnet-router", + "socket": "/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock", + "hostname": "subnet-router", + "user_id": 7489538288452506, + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "mts_name": "tagged-client", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock", + "hostname": "tagged-client", + "user_id": 4031348162889210, + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "mts_name": "tagged-prod", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock", + "hostname": "tagged-prod", + "user_id": 301794218943819, + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "mts_name": "tagged-server", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock", + "hostname": "tagged-server", + "user_id": 1440249486084758, + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "mts_name": "user-kris", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock", + "hostname": "user-kris", + "user_id": 4538565228176803, + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "mts_name": "user-mon", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock", + "hostname": "user-mon", + "user_id": 3982058329734709, + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "mts_name": "user1", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock", + "hostname": "user1", + "user_id": 4156223528223174, + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "subnet-router": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-client": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-prod": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-server": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-kris": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-mon": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user1": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.90.82", + "response": null + } + } + } + } +} diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V08.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V08.json new file mode 100644 index 00000000..e844c3e2 --- /dev/null +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V08.json @@ -0,0 +1,50 @@ +{ + "test_id": "GRANT-V08", + "description": "", + "timestamp": "2026-02-23T15:40:19Z", + "error": true, + "input": { + "policy_file": "grant_policies_v2/grant_v08.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "grants": [ + { + "src": ["*"], + "dst": ["0.0.0.0/0"], + "ip": ["tcp:80", "tcp:443"] + } + ] + }, + "grants_section": [{ "src": ["*"], "dst": ["0.0.0.0/0"], "ip": ["tcp:80", "tcp:443"] }], + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_method": "POST", + "api_response_code": 400, + "api_response_body": { + "message": "dst \"0.0.0.0/0\": to allow all IP addresses, use \"*\" or \"autogroup:internet\"" + } + } +} diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V09.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V09.json new file mode 100644 index 00000000..ac192bd1 --- /dev/null +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V09.json @@ -0,0 +1,1078 @@ +{ + "test_id": "GRANT-V09", + "timestamp": "2026-02-23T15:40:19Z", + "propagation_wait_seconds": 8, + "input": { + "policy_file": "grant_policies_v2/grant_v09.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "grants": [ + { + "src": ["*"], + "dst": ["tag:exit"], + "ip": ["tcp:443"], + "app": { + "example.com/cap/exit-mixed": [ + { + "mode": "proxy" + } + ] + } + } + ] + }, + "grants_section": [ + { + "src": ["*"], + "dst": ["tag:exit"], + "ip": ["tcp:443"], + "app": { "example.com/cap/exit-mixed": [{ "mode": "proxy" }] } + } + ], + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_method": "POST", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "mts_name": "exit-node", + "socket": "/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock", + "hostname": "exit-node", + "user_id": 4041918547170221, + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "mts_name": "subnet-router", + "socket": "/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock", + "hostname": "subnet-router", + "user_id": 7489538288452506, + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "mts_name": "tagged-client", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock", + "hostname": "tagged-client", + "user_id": 4031348162889210, + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "mts_name": "tagged-prod", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock", + "hostname": "tagged-prod", + "user_id": 301794218943819, + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "mts_name": "tagged-server", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock", + "hostname": "tagged-server", + "user_id": 1440249486084758, + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "mts_name": "user-kris", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock", + "hostname": "user-kris", + "user_id": 4538565228176803, + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "mts_name": "user-mon", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock", + "hostname": "user-mon", + "user_id": 3982058329734709, + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "mts_name": "user1", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock", + "hostname": "user1", + "user_id": 4156223528223174, + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { "IP": "100.85.66.106", "Ports": { "First": 443, "Last": 443 } }, + { "IP": "fd7a:115c:a1e0::7c37:426a", "Ports": { "First": 443, "Last": 443 } } + ], + "IPProto": [6] + }, + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "CapGrant": [ + { + "Dsts": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "CapMap": { "example.com/cap/exit-mixed": [{ "mode": "proxy" }] } + } + ] + } + ], + "packet_filter_matches": [ + { + "IPProto": [6], + "Srcs": [ + "10.33.0.0/16", + "100.115.94.0/23", + "100.115.96.0/19", + "100.115.128.0/17", + "100.116.0.0/14", + "100.120.0.0/13", + "100.64.0.0/11", + "100.96.0.0/12", + "100.112.0.0/15", + "100.114.0.0/16", + "100.115.0.0/18", + "100.115.64.0/20", + "100.115.80.0/21", + "100.115.88.0/22", + "fd7a:115c:a1e0::/48" + ], + "SrcCaps": null, + "Dsts": [ + { "Net": "100.85.66.106/32", "Ports": { "First": 443, "Last": 443 } }, + { "Net": "fd7a:115c:a1e0::7c37:426a/128", "Ports": { "First": 443, "Last": 443 } } + ], + "Caps": [] + }, + { + "IPProto": [6, 17, 1, 58], + "Srcs": [ + "10.33.0.0/16", + "100.115.94.0/23", + "100.115.96.0/19", + "100.115.128.0/17", + "100.116.0.0/14", + "100.120.0.0/13", + "100.64.0.0/11", + "100.96.0.0/12", + "100.112.0.0/15", + "100.114.0.0/16", + "100.115.0.0/18", + "100.115.64.0/20", + "100.115.80.0/21", + "100.115.88.0/22", + "fd7a:115c:a1e0::/48" + ], + "SrcCaps": null, + "Dsts": [], + "Caps": [ + { "Dst": "100.85.66.106/32", "Cap": "example.com/cap/exit-mixed", "Values": [{ "mode": "proxy" }] }, + { + "Dst": "fd7a:115c:a1e0::7c37:426a/128", + "Cap": "example.com/cap/exit-mixed", + "Values": [{ "mode": "proxy" }] + } + ] + } + ], + "whois": { + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "example.com/cap/exit-mixed": [{ "mode": "proxy" }] } + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.83.200.69", + "response": { + "Node": { + "ID": 4031348162889210, + "StableID": "nf7BTTgoUY11CNTRL", + "Name": "tagged-client.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:3011e53353e49142ea56ae11f81e0dceae0d667093d04ee086dcb1e9c5d3c844", + "DiscoKey": "discokey:7e9099516456f84f9af01c51ce03bc38764c4c02bf6c73a6d4b2495771a6c449", + "Addresses": ["100.83.200.69/32", "fd7a:115c:a1e0::c537:c845/128"], + "AllowedIPs": ["100.83.200.69/32", "fd7a:115c:a1e0::c537:c845/128"], + "Endpoints": [ + "77.164.248.136:47452", + "10.65.0.27:47452", + "172.17.0.1:47452", + "172.18.0.1:47452", + "172.19.0.1:47452" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-client", + "Services": [ + { "Proto": "peerapi4", "Port": 41378 }, + { "Proto": "peerapi6", "Port": 41378 } + ] + }, + "Created": "2026-02-23T00:13:11.017324028Z", + "Cap": 131, + "Tags": ["tag:client"], + "Online": true, + "ComputedName": "tagged-client", + "ComputedNameWithHost": "tagged-client" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "example.com/cap/exit-mixed": [{ "mode": "proxy" }] } + } + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.8.15", + "response": { + "Node": { + "ID": 301794218943819, + "StableID": "neJag6dgM311CNTRL", + "Name": "tagged-prod.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:54c79503322a5d0a9701ce19d11963cfff9c05667ac06ef976af86275ba7080e", + "DiscoKey": "discokey:2dd2ca7f9f1378d3ec23a7d6ba57a735032f9a4f90b6c95b2c2385950ec7ae45", + "Addresses": ["100.103.8.15/32", "fd7a:115c:a1e0::5b37:80f/128"], + "AllowedIPs": ["100.103.8.15/32", "fd7a:115c:a1e0::5b37:80f/128"], + "Endpoints": [ + "77.164.248.136:54907", + "10.65.0.27:54907", + "172.17.0.1:54907", + "172.18.0.1:54907", + "172.19.0.1:54907" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-prod", + "Services": [ + { "Proto": "peerapi4", "Port": 37678 }, + { "Proto": "peerapi6", "Port": 37678 } + ] + }, + "Created": "2026-02-20T14:03:12.89283153Z", + "Cap": 131, + "Tags": ["tag:prod"], + "Online": true, + "ComputedName": "tagged-prod", + "ComputedNameWithHost": "tagged-prod" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "example.com/cap/exit-mixed": [{ "mode": "proxy" }] } + } + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.108.74.26", + "response": { + "Node": { + "ID": 1440249486084758, + "StableID": "nXRbBtuHFC11CNTRL", + "Name": "tagged-server.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:7d5c34b3e8082069d0a82838165c33f8e1b5eb32c6211c2d23d4fe8fb9ec4a19", + "DiscoKey": "discokey:9f71ff1e1652916263ef05d0a5e9d9e18239aa598f956b24c563c03a1088cb39", + "Addresses": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "AllowedIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "Endpoints": [ + "77.164.248.136:34495", + "10.65.0.27:34495", + "172.17.0.1:34495", + "172.18.0.1:34495", + "172.19.0.1:34495" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-server", + "Services": [ + { "Proto": "peerapi4", "Port": 46499 }, + { "Proto": "peerapi6", "Port": 46499 } + ] + }, + "Created": "2026-01-23T10:10:26.365653609Z", + "Cap": 131, + "Tags": ["tag:server"], + "Online": true, + "ComputedName": "tagged-server", + "ComputedNameWithHost": "tagged-server" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "example.com/cap/exit-mixed": [{ "mode": "proxy" }] } + } + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.110.121.96", + "response": { + "Node": { + "ID": 7728836216590060, + "StableID": "nf4dJTRQM321CNTRL", + "Name": "user-kris.tail78f774.ts.net.", + "User": 4538565228176803, + "Key": "nodekey:40d0f8f49fd519e4a4a2b7d278dcc8863254d4fb8b0219f1d1304cdd172e795f", + "KeyExpiry": "2026-08-19T14:09:34Z", + "DiscoKey": "discokey:9841ea823abefc7197a67b2b33ba551868a344e64ecd27e00d1a100e5e9e5427", + "Addresses": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "AllowedIPs": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "Endpoints": [ + "77.164.248.136:42311", + "10.65.0.27:42311", + "172.17.0.1:42311", + "172.18.0.1:42311", + "172.19.0.1:42311" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user-kris", + "Services": [ + { "Proto": "peerapi4", "Port": 40159 }, + { "Proto": "peerapi6", "Port": 40159 } + ] + }, + "Created": "2026-02-20T14:09:34.803901523Z", + "Cap": 131, + "Online": true, + "ComputedName": "user-kris", + "ComputedNameWithHost": "user-kris" + }, + "UserProfile": { "ID": 4538565228176803, "LoginName": "kristoffer@dalby.cc", "DisplayName": "kristoffer" }, + "CapMap": { "example.com/cap/exit-mixed": [{ "mode": "proxy" }] } + } + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.90.82", + "response": { + "Node": { + "ID": 1840115676059256, + "StableID": "nFzZ7giPNF11CNTRL", + "Name": "user-mon.tail78f774.ts.net.", + "User": 3982058329734709, + "Key": "nodekey:1ca6cca66d2b3811ec290c2f7ac30125c3568e19e303a8e30f6b165c9ee75a51", + "KeyExpiry": "2026-08-19T14:09:00Z", + "DiscoKey": "discokey:733598f0f74431b5b2b28fb5980d8b2f79b5ca5524664998d1d011a651643211", + "Addresses": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "AllowedIPs": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "Endpoints": [ + "77.164.248.136:50398", + "10.65.0.27:50398", + "172.17.0.1:50398", + "172.18.0.1:50398", + "172.19.0.1:50398" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user-mon", + "Services": [ + { "Proto": "peerapi4", "Port": 33201 }, + { "Proto": "peerapi6", "Port": 33201 } + ] + }, + "Created": "2026-02-20T14:09:00.203639664Z", + "Cap": 131, + "Online": true, + "ComputedName": "user-mon", + "ComputedNameWithHost": "user-mon" + }, + "UserProfile": { + "ID": 3982058329734709, + "LoginName": "monitorpasskeykradalby@passkey", + "DisplayName": "monitorpasskeykradalby" + }, + "CapMap": { "example.com/cap/exit-mixed": [{ "mode": "proxy" }] } + } + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.90.199.68", + "response": { + "Node": { + "ID": 539541576444929, + "StableID": "nSq9YrqMD511CNTRL", + "Name": "user1.tail78f774.ts.net.", + "User": 4156223528223174, + "Key": "nodekey:96338a2cd2ea803c915ed8fdf882d66ca0c6a59d0fcf0bc4b3f928d22d1ac743", + "KeyExpiry": "2026-07-22T10:04:13Z", + "DiscoKey": "discokey:203d3bfbd67a06d210c027c546a05658fba93aeaea5042b12d50b93d31a5d156", + "Addresses": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "AllowedIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "Endpoints": [ + "77.164.248.136:44240", + "10.65.0.27:44240", + "172.17.0.1:44240", + "172.18.0.1:44240", + "172.19.0.1:44240" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user1", + "Services": [ + { "Proto": "peerapi4", "Port": 46708 }, + { "Proto": "peerapi6", "Port": 46708 } + ] + }, + "Created": "2026-01-23T10:04:13.531671894Z", + "Cap": 131, + "Online": true, + "ComputedName": "user1", + "ComputedNameWithHost": "user1" + }, + "UserProfile": { "ID": 4156223528223174, "LoginName": "kratail2tid@passkey", "DisplayName": "kratail2tid" }, + "CapMap": { "example.com/cap/exit-mixed": [{ "mode": "proxy" }] } + } + } + } + }, + "subnet-router": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-client": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-prod": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-server": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-kris": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-mon": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user1": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.90.82", + "response": null + } + } + } + } +} diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V10.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V10.json new file mode 100644 index 00000000..e708a7aa --- /dev/null +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V10.json @@ -0,0 +1,1077 @@ +{ + "test_id": "GRANT-V10", + "timestamp": "2026-02-23T15:40:28Z", + "propagation_wait_seconds": 8, + "input": { + "policy_file": "grant_policies_v2/grant_v10.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "grants": [ + { + "src": ["*"], + "dst": ["tag:router"], + "ip": ["tcp:80"], + "app": { + "example.com/cap/router-mixed": [ + { + "role": "viewer" + } + ] + } + } + ] + }, + "grants_section": [ + { + "src": ["*"], + "dst": ["tag:router"], + "ip": ["tcp:80"], + "app": { "example.com/cap/router-mixed": [{ "role": "viewer" }] } + } + ], + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_method": "POST", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "mts_name": "exit-node", + "socket": "/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock", + "hostname": "exit-node", + "user_id": 4041918547170221, + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "mts_name": "subnet-router", + "socket": "/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock", + "hostname": "subnet-router", + "user_id": 7489538288452506, + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "mts_name": "tagged-client", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock", + "hostname": "tagged-client", + "user_id": 4031348162889210, + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "mts_name": "tagged-prod", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock", + "hostname": "tagged-prod", + "user_id": 301794218943819, + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "mts_name": "tagged-server", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock", + "hostname": "tagged-server", + "user_id": 1440249486084758, + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "mts_name": "user-kris", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock", + "hostname": "user-kris", + "user_id": 4538565228176803, + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "mts_name": "user-mon", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock", + "hostname": "user-mon", + "user_id": 3982058329734709, + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "mts_name": "user1", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock", + "hostname": "user1", + "user_id": 4156223528223174, + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "subnet-router": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { "IP": "100.92.142.61", "Ports": { "First": 80, "Last": 80 } }, + { "IP": "fd7a:115c:a1e0::3e37:8e3d", "Ports": { "First": 80, "Last": 80 } } + ], + "IPProto": [6] + }, + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "CapGrant": [ + { + "Dsts": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "CapMap": { "example.com/cap/router-mixed": [{ "role": "viewer" }] } + } + ] + } + ], + "packet_filter_matches": [ + { + "IPProto": [6], + "Srcs": [ + "10.33.0.0/16", + "100.115.94.0/23", + "100.115.96.0/19", + "100.115.128.0/17", + "100.116.0.0/14", + "100.120.0.0/13", + "100.64.0.0/11", + "100.96.0.0/12", + "100.112.0.0/15", + "100.114.0.0/16", + "100.115.0.0/18", + "100.115.64.0/20", + "100.115.80.0/21", + "100.115.88.0/22", + "fd7a:115c:a1e0::/48" + ], + "SrcCaps": null, + "Dsts": [ + { "Net": "100.92.142.61/32", "Ports": { "First": 80, "Last": 80 } }, + { "Net": "fd7a:115c:a1e0::3e37:8e3d/128", "Ports": { "First": 80, "Last": 80 } } + ], + "Caps": [] + }, + { + "IPProto": [6, 17, 1, 58], + "Srcs": [ + "10.33.0.0/16", + "100.115.94.0/23", + "100.115.96.0/19", + "100.115.128.0/17", + "100.116.0.0/14", + "100.120.0.0/13", + "100.64.0.0/11", + "100.96.0.0/12", + "100.112.0.0/15", + "100.114.0.0/16", + "100.115.0.0/18", + "100.115.64.0/20", + "100.115.80.0/21", + "100.115.88.0/22", + "fd7a:115c:a1e0::/48" + ], + "SrcCaps": null, + "Dsts": [], + "Caps": [ + { "Dst": "100.92.142.61/32", "Cap": "example.com/cap/router-mixed", "Values": [{ "role": "viewer" }] }, + { + "Dst": "fd7a:115c:a1e0::3e37:8e3d/128", + "Cap": "example.com/cap/router-mixed", + "Values": [{ "role": "viewer" }] + } + ] + } + ], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "example.com/cap/router-mixed": [{ "role": "viewer" }] } + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.83.200.69", + "response": { + "Node": { + "ID": 4031348162889210, + "StableID": "nf7BTTgoUY11CNTRL", + "Name": "tagged-client.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:3011e53353e49142ea56ae11f81e0dceae0d667093d04ee086dcb1e9c5d3c844", + "DiscoKey": "discokey:7e9099516456f84f9af01c51ce03bc38764c4c02bf6c73a6d4b2495771a6c449", + "Addresses": ["100.83.200.69/32", "fd7a:115c:a1e0::c537:c845/128"], + "AllowedIPs": ["100.83.200.69/32", "fd7a:115c:a1e0::c537:c845/128"], + "Endpoints": [ + "77.164.248.136:47452", + "10.65.0.27:47452", + "172.17.0.1:47452", + "172.18.0.1:47452", + "172.19.0.1:47452" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-client", + "Services": [ + { "Proto": "peerapi4", "Port": 41378 }, + { "Proto": "peerapi6", "Port": 41378 } + ] + }, + "Created": "2026-02-23T00:13:11.017324028Z", + "Cap": 131, + "Tags": ["tag:client"], + "Online": true, + "ComputedName": "tagged-client", + "ComputedNameWithHost": "tagged-client" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "example.com/cap/router-mixed": [{ "role": "viewer" }] } + } + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.8.15", + "response": { + "Node": { + "ID": 301794218943819, + "StableID": "neJag6dgM311CNTRL", + "Name": "tagged-prod.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:54c79503322a5d0a9701ce19d11963cfff9c05667ac06ef976af86275ba7080e", + "DiscoKey": "discokey:2dd2ca7f9f1378d3ec23a7d6ba57a735032f9a4f90b6c95b2c2385950ec7ae45", + "Addresses": ["100.103.8.15/32", "fd7a:115c:a1e0::5b37:80f/128"], + "AllowedIPs": ["100.103.8.15/32", "fd7a:115c:a1e0::5b37:80f/128"], + "Endpoints": [ + "77.164.248.136:54907", + "10.65.0.27:54907", + "172.17.0.1:54907", + "172.18.0.1:54907", + "172.19.0.1:54907" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-prod", + "Services": [ + { "Proto": "peerapi4", "Port": 37678 }, + { "Proto": "peerapi6", "Port": 37678 } + ] + }, + "Created": "2026-02-20T14:03:12.89283153Z", + "Cap": 131, + "Tags": ["tag:prod"], + "Online": true, + "ComputedName": "tagged-prod", + "ComputedNameWithHost": "tagged-prod" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "example.com/cap/router-mixed": [{ "role": "viewer" }] } + } + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.108.74.26", + "response": { + "Node": { + "ID": 1440249486084758, + "StableID": "nXRbBtuHFC11CNTRL", + "Name": "tagged-server.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:7d5c34b3e8082069d0a82838165c33f8e1b5eb32c6211c2d23d4fe8fb9ec4a19", + "DiscoKey": "discokey:9f71ff1e1652916263ef05d0a5e9d9e18239aa598f956b24c563c03a1088cb39", + "Addresses": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "AllowedIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "Endpoints": [ + "77.164.248.136:34495", + "10.65.0.27:34495", + "172.17.0.1:34495", + "172.18.0.1:34495", + "172.19.0.1:34495" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-server", + "Services": [ + { "Proto": "peerapi4", "Port": 46499 }, + { "Proto": "peerapi6", "Port": 46499 } + ] + }, + "Created": "2026-01-23T10:10:26.365653609Z", + "Cap": 131, + "Tags": ["tag:server"], + "Online": true, + "ComputedName": "tagged-server", + "ComputedNameWithHost": "tagged-server" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "example.com/cap/router-mixed": [{ "role": "viewer" }] } + } + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.110.121.96", + "response": { + "Node": { + "ID": 7728836216590060, + "StableID": "nf4dJTRQM321CNTRL", + "Name": "user-kris.tail78f774.ts.net.", + "User": 4538565228176803, + "Key": "nodekey:40d0f8f49fd519e4a4a2b7d278dcc8863254d4fb8b0219f1d1304cdd172e795f", + "KeyExpiry": "2026-08-19T14:09:34Z", + "DiscoKey": "discokey:9841ea823abefc7197a67b2b33ba551868a344e64ecd27e00d1a100e5e9e5427", + "Addresses": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "AllowedIPs": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "Endpoints": [ + "77.164.248.136:42311", + "10.65.0.27:42311", + "172.17.0.1:42311", + "172.18.0.1:42311", + "172.19.0.1:42311" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user-kris", + "Services": [ + { "Proto": "peerapi4", "Port": 40159 }, + { "Proto": "peerapi6", "Port": 40159 } + ] + }, + "Created": "2026-02-20T14:09:34.803901523Z", + "Cap": 131, + "Online": true, + "ComputedName": "user-kris", + "ComputedNameWithHost": "user-kris" + }, + "UserProfile": { "ID": 4538565228176803, "LoginName": "kristoffer@dalby.cc", "DisplayName": "kristoffer" }, + "CapMap": { "example.com/cap/router-mixed": [{ "role": "viewer" }] } + } + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.90.82", + "response": { + "Node": { + "ID": 1840115676059256, + "StableID": "nFzZ7giPNF11CNTRL", + "Name": "user-mon.tail78f774.ts.net.", + "User": 3982058329734709, + "Key": "nodekey:1ca6cca66d2b3811ec290c2f7ac30125c3568e19e303a8e30f6b165c9ee75a51", + "KeyExpiry": "2026-08-19T14:09:00Z", + "DiscoKey": "discokey:733598f0f74431b5b2b28fb5980d8b2f79b5ca5524664998d1d011a651643211", + "Addresses": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "AllowedIPs": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "Endpoints": [ + "77.164.248.136:50398", + "10.65.0.27:50398", + "172.17.0.1:50398", + "172.18.0.1:50398", + "172.19.0.1:50398" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user-mon", + "Services": [ + { "Proto": "peerapi4", "Port": 33201 }, + { "Proto": "peerapi6", "Port": 33201 } + ] + }, + "Created": "2026-02-20T14:09:00.203639664Z", + "Cap": 131, + "Online": true, + "ComputedName": "user-mon", + "ComputedNameWithHost": "user-mon" + }, + "UserProfile": { + "ID": 3982058329734709, + "LoginName": "monitorpasskeykradalby@passkey", + "DisplayName": "monitorpasskeykradalby" + }, + "CapMap": { "example.com/cap/router-mixed": [{ "role": "viewer" }] } + } + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.90.199.68", + "response": { + "Node": { + "ID": 539541576444929, + "StableID": "nSq9YrqMD511CNTRL", + "Name": "user1.tail78f774.ts.net.", + "User": 4156223528223174, + "Key": "nodekey:96338a2cd2ea803c915ed8fdf882d66ca0c6a59d0fcf0bc4b3f928d22d1ac743", + "KeyExpiry": "2026-07-22T10:04:13Z", + "DiscoKey": "discokey:203d3bfbd67a06d210c027c546a05658fba93aeaea5042b12d50b93d31a5d156", + "Addresses": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "AllowedIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "Endpoints": [ + "77.164.248.136:44240", + "10.65.0.27:44240", + "172.17.0.1:44240", + "172.18.0.1:44240", + "172.19.0.1:44240" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user1", + "Services": [ + { "Proto": "peerapi4", "Port": 46708 }, + { "Proto": "peerapi6", "Port": 46708 } + ] + }, + "Created": "2026-01-23T10:04:13.531671894Z", + "Cap": 131, + "Online": true, + "ComputedName": "user1", + "ComputedNameWithHost": "user1" + }, + "UserProfile": { "ID": 4156223528223174, "LoginName": "kratail2tid@passkey", "DisplayName": "kratail2tid" }, + "CapMap": { "example.com/cap/router-mixed": [{ "role": "viewer" }] } + } + } + } + }, + "tagged-client": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-prod": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-server": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-kris": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-mon": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user1": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.90.82", + "response": null + } + } + } + } +} diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V11.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V11.json new file mode 100644 index 00000000..86e54308 --- /dev/null +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V11.json @@ -0,0 +1,569 @@ +{ + "test_id": "GRANT-V11", + "timestamp": "2026-02-23T15:40:38Z", + "propagation_wait_seconds": 8, + "input": { + "policy_file": "grant_policies_v2/grant_v11.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "grants": [ + { + "src": ["tag:client"], + "dst": ["10.33.0.0/16"], + "via": ["tag:router"], + "ip": ["*"] + } + ] + }, + "grants_section": [{ "src": ["tag:client"], "dst": ["10.33.0.0/16"], "via": ["tag:router"], "ip": ["*"] }], + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_method": "POST", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "mts_name": "exit-node", + "socket": "/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock", + "hostname": "exit-node", + "user_id": 4041918547170221, + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "mts_name": "subnet-router", + "socket": "/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock", + "hostname": "subnet-router", + "user_id": 7489538288452506, + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "mts_name": "tagged-client", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock", + "hostname": "tagged-client", + "user_id": 4031348162889210, + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "mts_name": "tagged-prod", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock", + "hostname": "tagged-prod", + "user_id": 301794218943819, + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "mts_name": "tagged-server", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock", + "hostname": "tagged-server", + "user_id": 1440249486084758, + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "mts_name": "user-kris", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock", + "hostname": "user-kris", + "user_id": 4538565228176803, + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "mts_name": "user-mon", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock", + "hostname": "user-mon", + "user_id": 3982058329734709, + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "mts_name": "user1", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock", + "hostname": "user1", + "user_id": 4156223528223174, + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "subnet-router": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": [ + { + "SrcIPs": ["100.83.200.69", "fd7a:115c:a1e0::c537:c845"], + "DstPorts": [{ "IP": "10.33.0.0/16", "Ports": { "First": 0, "Last": 65535 } }] + } + ], + "packet_filter_matches": [ + { + "IPProto": [6, 17, 1, 58], + "Srcs": ["100.83.200.69/32", "fd7a:115c:a1e0::c537:c845/128"], + "SrcCaps": null, + "Dsts": [{ "Net": "10.33.0.0/16", "Ports": { "First": 0, "Last": 65535 } }], + "Caps": [] + } + ], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.83.200.69", + "response": { + "Node": { + "ID": 4031348162889210, + "StableID": "nf7BTTgoUY11CNTRL", + "Name": "tagged-client.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:3011e53353e49142ea56ae11f81e0dceae0d667093d04ee086dcb1e9c5d3c844", + "DiscoKey": "discokey:7e9099516456f84f9af01c51ce03bc38764c4c02bf6c73a6d4b2495771a6c449", + "Addresses": ["100.83.200.69/32", "fd7a:115c:a1e0::c537:c845/128"], + "AllowedIPs": ["100.83.200.69/32", "fd7a:115c:a1e0::c537:c845/128"], + "Endpoints": [ + "77.164.248.136:47452", + "10.65.0.27:47452", + "172.17.0.1:47452", + "172.18.0.1:47452", + "172.19.0.1:47452" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-client", + "Services": [ + { "Proto": "peerapi4", "Port": 41378 }, + { "Proto": "peerapi6", "Port": 41378 } + ] + }, + "Created": "2026-02-23T00:13:11.017324028Z", + "Cap": 131, + "Tags": ["tag:client"], + "Online": true, + "ComputedName": "tagged-client", + "ComputedNameWithHost": "tagged-client" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-client": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-prod": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-server": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-kris": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-mon": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user1": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.90.82", + "response": null + } + } + } + } +} diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V12.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V12.json new file mode 100644 index 00000000..a96746d0 --- /dev/null +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V12.json @@ -0,0 +1,729 @@ +{ + "test_id": "GRANT-V12", + "timestamp": "2026-02-23T15:40:48Z", + "propagation_wait_seconds": 8, + "input": { + "policy_file": "grant_policies_v2/grant_v12.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "grants": [ + { + "src": ["autogroup:member"], + "dst": ["10.33.0.0/16"], + "via": ["tag:router"], + "ip": ["*"] + } + ] + }, + "grants_section": [{ "src": ["autogroup:member"], "dst": ["10.33.0.0/16"], "via": ["tag:router"], "ip": ["*"] }], + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_method": "POST", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "mts_name": "exit-node", + "socket": "/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock", + "hostname": "exit-node", + "user_id": 4041918547170221, + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "mts_name": "subnet-router", + "socket": "/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock", + "hostname": "subnet-router", + "user_id": 7489538288452506, + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "mts_name": "tagged-client", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock", + "hostname": "tagged-client", + "user_id": 4031348162889210, + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "mts_name": "tagged-prod", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock", + "hostname": "tagged-prod", + "user_id": 301794218943819, + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "mts_name": "tagged-server", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock", + "hostname": "tagged-server", + "user_id": 1440249486084758, + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "mts_name": "user-kris", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock", + "hostname": "user-kris", + "user_id": 4538565228176803, + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "mts_name": "user-mon", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock", + "hostname": "user-mon", + "user_id": 3982058329734709, + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "mts_name": "user1", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock", + "hostname": "user1", + "user_id": 4156223528223174, + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "subnet-router": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "DstPorts": [{ "IP": "10.33.0.0/16", "Ports": { "First": 0, "Last": 65535 } }] + } + ], + "packet_filter_matches": [ + { + "IPProto": [6, 17, 1, 58], + "Srcs": [ + "100.103.90.82/32", + "100.110.121.96/32", + "100.90.199.68/32", + "fd7a:115c:a1e0::1737:7960/128", + "fd7a:115c:a1e0::2d01:c747/128", + "fd7a:115c:a1e0::9e37:5a52/128" + ], + "SrcCaps": null, + "Dsts": [{ "Net": "10.33.0.0/16", "Ports": { "First": 0, "Last": 65535 } }], + "Caps": [] + } + ], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.110.121.96", + "response": { + "Node": { + "ID": 7728836216590060, + "StableID": "nf4dJTRQM321CNTRL", + "Name": "user-kris.tail78f774.ts.net.", + "User": 4538565228176803, + "Key": "nodekey:40d0f8f49fd519e4a4a2b7d278dcc8863254d4fb8b0219f1d1304cdd172e795f", + "KeyExpiry": "2026-08-19T14:09:34Z", + "DiscoKey": "discokey:9841ea823abefc7197a67b2b33ba551868a344e64ecd27e00d1a100e5e9e5427", + "Addresses": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "AllowedIPs": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "Endpoints": [ + "77.164.248.136:42311", + "10.65.0.27:42311", + "172.17.0.1:42311", + "172.18.0.1:42311", + "172.19.0.1:42311" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user-kris", + "Services": [ + { "Proto": "peerapi4", "Port": 40159 }, + { "Proto": "peerapi6", "Port": 40159 } + ] + }, + "Created": "2026-02-20T14:09:34.803901523Z", + "Cap": 131, + "Online": true, + "ComputedName": "user-kris", + "ComputedNameWithHost": "user-kris" + }, + "UserProfile": { "ID": 4538565228176803, "LoginName": "kristoffer@dalby.cc", "DisplayName": "kristoffer" }, + "CapMap": null + } + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.90.82", + "response": { + "Node": { + "ID": 1840115676059256, + "StableID": "nFzZ7giPNF11CNTRL", + "Name": "user-mon.tail78f774.ts.net.", + "User": 3982058329734709, + "Key": "nodekey:1ca6cca66d2b3811ec290c2f7ac30125c3568e19e303a8e30f6b165c9ee75a51", + "KeyExpiry": "2026-08-19T14:09:00Z", + "DiscoKey": "discokey:733598f0f74431b5b2b28fb5980d8b2f79b5ca5524664998d1d011a651643211", + "Addresses": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "AllowedIPs": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "Endpoints": [ + "77.164.248.136:50398", + "10.65.0.27:50398", + "172.17.0.1:50398", + "172.18.0.1:50398", + "172.19.0.1:50398" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user-mon", + "Services": [ + { "Proto": "peerapi4", "Port": 33201 }, + { "Proto": "peerapi6", "Port": 33201 } + ] + }, + "Created": "2026-02-20T14:09:00.203639664Z", + "Cap": 131, + "Online": true, + "ComputedName": "user-mon", + "ComputedNameWithHost": "user-mon" + }, + "UserProfile": { + "ID": 3982058329734709, + "LoginName": "monitorpasskeykradalby@passkey", + "DisplayName": "monitorpasskeykradalby" + }, + "CapMap": null + } + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.90.199.68", + "response": { + "Node": { + "ID": 539541576444929, + "StableID": "nSq9YrqMD511CNTRL", + "Name": "user1.tail78f774.ts.net.", + "User": 4156223528223174, + "Key": "nodekey:96338a2cd2ea803c915ed8fdf882d66ca0c6a59d0fcf0bc4b3f928d22d1ac743", + "KeyExpiry": "2026-07-22T10:04:13Z", + "DiscoKey": "discokey:203d3bfbd67a06d210c027c546a05658fba93aeaea5042b12d50b93d31a5d156", + "Addresses": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "AllowedIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "Endpoints": [ + "77.164.248.136:44240", + "10.65.0.27:44240", + "172.17.0.1:44240", + "172.18.0.1:44240", + "172.19.0.1:44240" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user1", + "Services": [ + { "Proto": "peerapi4", "Port": 46708 }, + { "Proto": "peerapi6", "Port": 46708 } + ] + }, + "Created": "2026-01-23T10:04:13.531671894Z", + "Cap": 131, + "Online": true, + "ComputedName": "user1", + "ComputedNameWithHost": "user1" + }, + "UserProfile": { "ID": 4156223528223174, "LoginName": "kratail2tid@passkey", "DisplayName": "kratail2tid" }, + "CapMap": null + } + } + } + }, + "tagged-client": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-prod": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-server": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-kris": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-mon": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user1": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.90.82", + "response": null + } + } + } + } +} diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V13.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V13.json new file mode 100644 index 00000000..9e12260c --- /dev/null +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V13.json @@ -0,0 +1,654 @@ +{ + "test_id": "GRANT-V13", + "timestamp": "2026-02-23T15:40:58Z", + "propagation_wait_seconds": 8, + "input": { + "policy_file": "grant_policies_v2/grant_v13.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "grants": [ + { + "src": ["group:developers"], + "dst": ["10.33.0.0/16"], + "via": ["tag:router"], + "ip": ["tcp:80", "tcp:443"] + } + ] + }, + "grants_section": [ + { "src": ["group:developers"], "dst": ["10.33.0.0/16"], "via": ["tag:router"], "ip": ["tcp:80", "tcp:443"] } + ], + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_method": "POST", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "mts_name": "exit-node", + "socket": "/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock", + "hostname": "exit-node", + "user_id": 4041918547170221, + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "mts_name": "subnet-router", + "socket": "/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock", + "hostname": "subnet-router", + "user_id": 7489538288452506, + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "mts_name": "tagged-client", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock", + "hostname": "tagged-client", + "user_id": 4031348162889210, + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "mts_name": "tagged-prod", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock", + "hostname": "tagged-prod", + "user_id": 301794218943819, + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "mts_name": "tagged-server", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock", + "hostname": "tagged-server", + "user_id": 1440249486084758, + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "mts_name": "user-kris", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock", + "hostname": "user-kris", + "user_id": 4538565228176803, + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "mts_name": "user-mon", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock", + "hostname": "user-mon", + "user_id": 3982058329734709, + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "mts_name": "user1", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock", + "hostname": "user1", + "user_id": 4156223528223174, + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "subnet-router": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "100.90.199.68", "fd7a:115c:a1e0::1737:7960", "fd7a:115c:a1e0::2d01:c747"], + "DstPorts": [ + { "IP": "10.33.0.0/16", "Ports": { "First": 80, "Last": 80 } }, + { "IP": "10.33.0.0/16", "Ports": { "First": 443, "Last": 443 } } + ], + "IPProto": [6] + } + ], + "packet_filter_matches": [ + { + "IPProto": [6], + "Srcs": [ + "100.110.121.96/32", + "100.90.199.68/32", + "fd7a:115c:a1e0::1737:7960/128", + "fd7a:115c:a1e0::2d01:c747/128" + ], + "SrcCaps": null, + "Dsts": [ + { "Net": "10.33.0.0/16", "Ports": { "First": 80, "Last": 80 } }, + { "Net": "10.33.0.0/16", "Ports": { "First": 443, "Last": 443 } } + ], + "Caps": [] + } + ], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.110.121.96", + "response": { + "Node": { + "ID": 7728836216590060, + "StableID": "nf4dJTRQM321CNTRL", + "Name": "user-kris.tail78f774.ts.net.", + "User": 4538565228176803, + "Key": "nodekey:40d0f8f49fd519e4a4a2b7d278dcc8863254d4fb8b0219f1d1304cdd172e795f", + "KeyExpiry": "2026-08-19T14:09:34Z", + "DiscoKey": "discokey:9841ea823abefc7197a67b2b33ba551868a344e64ecd27e00d1a100e5e9e5427", + "Addresses": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "AllowedIPs": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "Endpoints": [ + "77.164.248.136:42311", + "10.65.0.27:42311", + "172.17.0.1:42311", + "172.18.0.1:42311", + "172.19.0.1:42311" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user-kris", + "Services": [ + { "Proto": "peerapi4", "Port": 40159 }, + { "Proto": "peerapi6", "Port": 40159 } + ] + }, + "Created": "2026-02-20T14:09:34.803901523Z", + "Cap": 131, + "Online": true, + "ComputedName": "user-kris", + "ComputedNameWithHost": "user-kris" + }, + "UserProfile": { "ID": 4538565228176803, "LoginName": "kristoffer@dalby.cc", "DisplayName": "kristoffer" }, + "CapMap": null + } + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.90.199.68", + "response": { + "Node": { + "ID": 539541576444929, + "StableID": "nSq9YrqMD511CNTRL", + "Name": "user1.tail78f774.ts.net.", + "User": 4156223528223174, + "Key": "nodekey:96338a2cd2ea803c915ed8fdf882d66ca0c6a59d0fcf0bc4b3f928d22d1ac743", + "KeyExpiry": "2026-07-22T10:04:13Z", + "DiscoKey": "discokey:203d3bfbd67a06d210c027c546a05658fba93aeaea5042b12d50b93d31a5d156", + "Addresses": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "AllowedIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "Endpoints": [ + "77.164.248.136:44240", + "10.65.0.27:44240", + "172.17.0.1:44240", + "172.18.0.1:44240", + "172.19.0.1:44240" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user1", + "Services": [ + { "Proto": "peerapi4", "Port": 46708 }, + { "Proto": "peerapi6", "Port": 46708 } + ] + }, + "Created": "2026-01-23T10:04:13.531671894Z", + "Cap": 131, + "Online": true, + "ComputedName": "user1", + "ComputedNameWithHost": "user1" + }, + "UserProfile": { "ID": 4156223528223174, "LoginName": "kratail2tid@passkey", "DisplayName": "kratail2tid" }, + "CapMap": null + } + } + } + }, + "tagged-client": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-prod": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-server": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-kris": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-mon": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user1": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.90.82", + "response": null + } + } + } + } +} diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V14.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V14.json new file mode 100644 index 00000000..1dc791da --- /dev/null +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V14.json @@ -0,0 +1,51 @@ +{ + "test_id": "GRANT-V14", + "description": "", + "timestamp": "2026-02-23T15:41:14Z", + "error": true, + "input": { + "policy_file": "grant_policies_v2/grant_v14.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "grants": [ + { + "src": ["*"], + "dst": ["0.0.0.0/0"], + "via": ["tag:exit"], + "ip": ["*"] + } + ] + }, + "grants_section": [{ "src": ["*"], "dst": ["0.0.0.0/0"], "via": ["tag:exit"], "ip": ["*"] }], + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_method": "POST", + "api_response_code": 400, + "api_response_body": { + "message": "dst \"0.0.0.0/0\": to allow all IP addresses, use \"*\" or \"autogroup:internet\"" + } + } +} diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V15.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V15.json new file mode 100644 index 00000000..0b14fdd1 --- /dev/null +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V15.json @@ -0,0 +1,49 @@ +{ + "test_id": "GRANT-V15", + "description": "", + "timestamp": "2026-02-23T15:41:14Z", + "error": true, + "input": { + "policy_file": "grant_policies_v2/grant_v15.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "grants": [ + { + "src": ["*"], + "dst": ["::/0"], + "via": ["tag:exit"], + "ip": ["*"] + } + ] + }, + "grants_section": [{ "src": ["*"], "dst": ["::/0"], "via": ["tag:exit"], "ip": ["*"] }], + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_method": "POST", + "api_response_code": 400, + "api_response_body": { "message": "dst \"::/0\": to allow all IP addresses, use \"*\" or \"autogroup:internet\"" } + } +} diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V16.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V16.json new file mode 100644 index 00000000..04d46049 --- /dev/null +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V16.json @@ -0,0 +1,51 @@ +{ + "test_id": "GRANT-V16", + "description": "", + "timestamp": "2026-02-23T15:41:15Z", + "error": true, + "input": { + "policy_file": "grant_policies_v2/grant_v16.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "grants": [ + { + "src": ["*"], + "dst": ["0.0.0.0/0", "::/0"], + "via": ["tag:exit"], + "ip": ["*"] + } + ] + }, + "grants_section": [{ "src": ["*"], "dst": ["0.0.0.0/0", "::/0"], "via": ["tag:exit"], "ip": ["*"] }], + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_method": "POST", + "api_response_code": 400, + "api_response_body": { + "message": "dst \"0.0.0.0/0\": to allow all IP addresses, use \"*\" or \"autogroup:internet\"" + } + } +} diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V17.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V17.json new file mode 100644 index 00000000..9abe54c9 --- /dev/null +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V17.json @@ -0,0 +1,1020 @@ +{ + "test_id": "GRANT-V17", + "timestamp": "2026-02-23T15:41:15Z", + "propagation_wait_seconds": 8, + "input": { + "policy_file": "grant_policies_v2/grant_v17.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "grants": [ + { + "src": ["*"], + "dst": ["10.33.0.0/16", "192.168.1.0/24"], + "via": ["tag:router"], + "ip": ["*"] + } + ] + }, + "grants_section": [{ "src": ["*"], "dst": ["10.33.0.0/16", "192.168.1.0/24"], "via": ["tag:router"], "ip": ["*"] }], + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_method": "POST", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "mts_name": "exit-node", + "socket": "/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock", + "hostname": "exit-node", + "user_id": 4041918547170221, + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "mts_name": "subnet-router", + "socket": "/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock", + "hostname": "subnet-router", + "user_id": 7489538288452506, + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "mts_name": "tagged-client", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock", + "hostname": "tagged-client", + "user_id": 4031348162889210, + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "mts_name": "tagged-prod", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock", + "hostname": "tagged-prod", + "user_id": 301794218943819, + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "mts_name": "tagged-server", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock", + "hostname": "tagged-server", + "user_id": 1440249486084758, + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "mts_name": "user-kris", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock", + "hostname": "user-kris", + "user_id": 4538565228176803, + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "mts_name": "user-mon", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock", + "hostname": "user-mon", + "user_id": 3982058329734709, + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "mts_name": "user1", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock", + "hostname": "user1", + "user_id": 4156223528223174, + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "subnet-router": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [{ "IP": "10.33.0.0/16", "Ports": { "First": 0, "Last": 65535 } }] + } + ], + "packet_filter_matches": [ + { + "IPProto": [6, 17, 1, 58], + "Srcs": [ + "10.33.0.0/16", + "100.115.94.0/23", + "100.115.96.0/19", + "100.115.128.0/17", + "100.116.0.0/14", + "100.120.0.0/13", + "100.64.0.0/11", + "100.96.0.0/12", + "100.112.0.0/15", + "100.114.0.0/16", + "100.115.0.0/18", + "100.115.64.0/20", + "100.115.80.0/21", + "100.115.88.0/22", + "fd7a:115c:a1e0::/48" + ], + "SrcCaps": null, + "Dsts": [{ "Net": "10.33.0.0/16", "Ports": { "First": 0, "Last": 65535 } }], + "Caps": [] + } + ], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.83.200.69", + "response": { + "Node": { + "ID": 4031348162889210, + "StableID": "nf7BTTgoUY11CNTRL", + "Name": "tagged-client.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:3011e53353e49142ea56ae11f81e0dceae0d667093d04ee086dcb1e9c5d3c844", + "DiscoKey": "discokey:7e9099516456f84f9af01c51ce03bc38764c4c02bf6c73a6d4b2495771a6c449", + "Addresses": ["100.83.200.69/32", "fd7a:115c:a1e0::c537:c845/128"], + "AllowedIPs": ["100.83.200.69/32", "fd7a:115c:a1e0::c537:c845/128"], + "Endpoints": [ + "77.164.248.136:47452", + "10.65.0.27:47452", + "172.17.0.1:47452", + "172.18.0.1:47452", + "172.19.0.1:47452" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-client", + "Services": [ + { "Proto": "peerapi4", "Port": 41378 }, + { "Proto": "peerapi6", "Port": 41378 } + ] + }, + "Created": "2026-02-23T00:13:11.017324028Z", + "Cap": 131, + "Tags": ["tag:client"], + "Online": true, + "ComputedName": "tagged-client", + "ComputedNameWithHost": "tagged-client" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.8.15", + "response": { + "Node": { + "ID": 301794218943819, + "StableID": "neJag6dgM311CNTRL", + "Name": "tagged-prod.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:54c79503322a5d0a9701ce19d11963cfff9c05667ac06ef976af86275ba7080e", + "DiscoKey": "discokey:2dd2ca7f9f1378d3ec23a7d6ba57a735032f9a4f90b6c95b2c2385950ec7ae45", + "Addresses": ["100.103.8.15/32", "fd7a:115c:a1e0::5b37:80f/128"], + "AllowedIPs": ["100.103.8.15/32", "fd7a:115c:a1e0::5b37:80f/128"], + "Endpoints": [ + "77.164.248.136:54907", + "10.65.0.27:54907", + "172.17.0.1:54907", + "172.18.0.1:54907", + "172.19.0.1:54907" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-prod", + "Services": [ + { "Proto": "peerapi4", "Port": 37678 }, + { "Proto": "peerapi6", "Port": 37678 } + ] + }, + "Created": "2026-02-20T14:03:12.89283153Z", + "Cap": 131, + "Tags": ["tag:prod"], + "Online": true, + "ComputedName": "tagged-prod", + "ComputedNameWithHost": "tagged-prod" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.108.74.26", + "response": { + "Node": { + "ID": 1440249486084758, + "StableID": "nXRbBtuHFC11CNTRL", + "Name": "tagged-server.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:7d5c34b3e8082069d0a82838165c33f8e1b5eb32c6211c2d23d4fe8fb9ec4a19", + "DiscoKey": "discokey:9f71ff1e1652916263ef05d0a5e9d9e18239aa598f956b24c563c03a1088cb39", + "Addresses": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "AllowedIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "Endpoints": [ + "77.164.248.136:34495", + "10.65.0.27:34495", + "172.17.0.1:34495", + "172.18.0.1:34495", + "172.19.0.1:34495" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-server", + "Services": [ + { "Proto": "peerapi4", "Port": 46499 }, + { "Proto": "peerapi6", "Port": 46499 } + ] + }, + "Created": "2026-01-23T10:10:26.365653609Z", + "Cap": 131, + "Tags": ["tag:server"], + "Online": true, + "ComputedName": "tagged-server", + "ComputedNameWithHost": "tagged-server" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.110.121.96", + "response": { + "Node": { + "ID": 7728836216590060, + "StableID": "nf4dJTRQM321CNTRL", + "Name": "user-kris.tail78f774.ts.net.", + "User": 4538565228176803, + "Key": "nodekey:40d0f8f49fd519e4a4a2b7d278dcc8863254d4fb8b0219f1d1304cdd172e795f", + "KeyExpiry": "2026-08-19T14:09:34Z", + "DiscoKey": "discokey:9841ea823abefc7197a67b2b33ba551868a344e64ecd27e00d1a100e5e9e5427", + "Addresses": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "AllowedIPs": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "Endpoints": [ + "77.164.248.136:42311", + "10.65.0.27:42311", + "172.17.0.1:42311", + "172.18.0.1:42311", + "172.19.0.1:42311" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user-kris", + "Services": [ + { "Proto": "peerapi4", "Port": 40159 }, + { "Proto": "peerapi6", "Port": 40159 } + ] + }, + "Created": "2026-02-20T14:09:34.803901523Z", + "Cap": 131, + "Online": true, + "ComputedName": "user-kris", + "ComputedNameWithHost": "user-kris" + }, + "UserProfile": { "ID": 4538565228176803, "LoginName": "kristoffer@dalby.cc", "DisplayName": "kristoffer" }, + "CapMap": null + } + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.90.82", + "response": { + "Node": { + "ID": 1840115676059256, + "StableID": "nFzZ7giPNF11CNTRL", + "Name": "user-mon.tail78f774.ts.net.", + "User": 3982058329734709, + "Key": "nodekey:1ca6cca66d2b3811ec290c2f7ac30125c3568e19e303a8e30f6b165c9ee75a51", + "KeyExpiry": "2026-08-19T14:09:00Z", + "DiscoKey": "discokey:733598f0f74431b5b2b28fb5980d8b2f79b5ca5524664998d1d011a651643211", + "Addresses": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "AllowedIPs": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "Endpoints": [ + "77.164.248.136:50398", + "10.65.0.27:50398", + "172.17.0.1:50398", + "172.18.0.1:50398", + "172.19.0.1:50398" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user-mon", + "Services": [ + { "Proto": "peerapi4", "Port": 33201 }, + { "Proto": "peerapi6", "Port": 33201 } + ] + }, + "Created": "2026-02-20T14:09:00.203639664Z", + "Cap": 131, + "Online": true, + "ComputedName": "user-mon", + "ComputedNameWithHost": "user-mon" + }, + "UserProfile": { + "ID": 3982058329734709, + "LoginName": "monitorpasskeykradalby@passkey", + "DisplayName": "monitorpasskeykradalby" + }, + "CapMap": null + } + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.90.199.68", + "response": { + "Node": { + "ID": 539541576444929, + "StableID": "nSq9YrqMD511CNTRL", + "Name": "user1.tail78f774.ts.net.", + "User": 4156223528223174, + "Key": "nodekey:96338a2cd2ea803c915ed8fdf882d66ca0c6a59d0fcf0bc4b3f928d22d1ac743", + "KeyExpiry": "2026-07-22T10:04:13Z", + "DiscoKey": "discokey:203d3bfbd67a06d210c027c546a05658fba93aeaea5042b12d50b93d31a5d156", + "Addresses": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "AllowedIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "Endpoints": [ + "77.164.248.136:44240", + "10.65.0.27:44240", + "172.17.0.1:44240", + "172.18.0.1:44240", + "172.19.0.1:44240" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user1", + "Services": [ + { "Proto": "peerapi4", "Port": 46708 }, + { "Proto": "peerapi6", "Port": 46708 } + ] + }, + "Created": "2026-01-23T10:04:13.531671894Z", + "Cap": 131, + "Online": true, + "ComputedName": "user1", + "ComputedNameWithHost": "user1" + }, + "UserProfile": { "ID": 4156223528223174, "LoginName": "kratail2tid@passkey", "DisplayName": "kratail2tid" }, + "CapMap": null + } + } + } + }, + "tagged-client": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-prod": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-server": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-kris": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-mon": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user1": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.90.82", + "response": null + } + } + } + } +} diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V18.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V18.json new file mode 100644 index 00000000..0e222d91 --- /dev/null +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V18.json @@ -0,0 +1,55 @@ +{ + "test_id": "GRANT-V18", + "description": "", + "timestamp": "2026-02-23T15:41:24Z", + "error": true, + "input": { + "policy_file": "grant_policies_v2/grant_v18.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "grants": [ + { + "src": ["*"], + "dst": ["0.0.0.0/0"], + "via": ["tag:exit"], + "app": { + "example.com/cap/exit-via-app": [{}] + } + } + ] + }, + "grants_section": [ + { "src": ["*"], "dst": ["0.0.0.0/0"], "via": ["tag:exit"], "app": { "example.com/cap/exit-via-app": [{}] } } + ], + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_method": "POST", + "api_response_code": 400, + "api_response_body": { + "message": "dst \"0.0.0.0/0\": to allow all IP addresses, use \"*\" or \"autogroup:internet\"" + } + } +} diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V19.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V19.json new file mode 100644 index 00000000..720fc287 --- /dev/null +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V19.json @@ -0,0 +1,817 @@ +{ + "test_id": "GRANT-V19", + "timestamp": "2026-02-23T15:41:24Z", + "propagation_wait_seconds": 8, + "input": { + "policy_file": "grant_policies_v2/grant_v19.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "grants": [ + { + "src": ["autogroup:member"], + "dst": ["tag:exit"], + "app": { + "tailscale.com/cap/drive": [ + { + "shares": ["*"], + "access": "rw" + } + ] + } + } + ] + }, + "grants_section": [ + { + "src": ["autogroup:member"], + "dst": ["tag:exit"], + "app": { "tailscale.com/cap/drive": [{ "shares": ["*"], "access": "rw" }] } + } + ], + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_method": "POST", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "mts_name": "exit-node", + "socket": "/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock", + "hostname": "exit-node", + "user_id": 4041918547170221, + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "mts_name": "subnet-router", + "socket": "/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock", + "hostname": "subnet-router", + "user_id": 7489538288452506, + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "mts_name": "tagged-client", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock", + "hostname": "tagged-client", + "user_id": 4031348162889210, + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "mts_name": "tagged-prod", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock", + "hostname": "tagged-prod", + "user_id": 301794218943819, + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "mts_name": "tagged-server", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock", + "hostname": "tagged-server", + "user_id": 1440249486084758, + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "mts_name": "user-kris", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock", + "hostname": "user-kris", + "user_id": 4538565228176803, + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "mts_name": "user-mon", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock", + "hostname": "user-mon", + "user_id": 3982058329734709, + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "mts_name": "user1", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock", + "hostname": "user1", + "user_id": 4156223528223174, + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "CapGrant": [ + { + "Dsts": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "CapMap": { "tailscale.com/cap/drive": [{ "shares": ["*"], "access": "rw" }] } + } + ] + } + ], + "packet_filter_matches": [ + { + "IPProto": [6, 17, 1, 58], + "Srcs": [ + "100.103.90.82/32", + "100.110.121.96/32", + "100.90.199.68/32", + "fd7a:115c:a1e0::1737:7960/128", + "fd7a:115c:a1e0::2d01:c747/128", + "fd7a:115c:a1e0::9e37:5a52/128" + ], + "SrcCaps": null, + "Dsts": [], + "Caps": [ + { + "Dst": "100.85.66.106/32", + "Cap": "tailscale.com/cap/drive", + "Values": [{ "shares": ["*"], "access": "rw" }] + }, + { + "Dst": "fd7a:115c:a1e0::7c37:426a/128", + "Cap": "tailscale.com/cap/drive", + "Values": [{ "shares": ["*"], "access": "rw" }] + } + ] + } + ], + "whois": { + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.110.121.96", + "response": { + "Node": { + "ID": 7728836216590060, + "StableID": "nf4dJTRQM321CNTRL", + "Name": "user-kris.tail78f774.ts.net.", + "User": 4538565228176803, + "Key": "nodekey:40d0f8f49fd519e4a4a2b7d278dcc8863254d4fb8b0219f1d1304cdd172e795f", + "KeyExpiry": "2026-08-19T14:09:34Z", + "DiscoKey": "discokey:9841ea823abefc7197a67b2b33ba551868a344e64ecd27e00d1a100e5e9e5427", + "Addresses": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "AllowedIPs": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "Endpoints": [ + "77.164.248.136:42311", + "10.65.0.27:42311", + "172.17.0.1:42311", + "172.18.0.1:42311", + "172.19.0.1:42311" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user-kris", + "Services": [ + { "Proto": "peerapi4", "Port": 40159 }, + { "Proto": "peerapi6", "Port": 40159 } + ] + }, + "Created": "2026-02-20T14:09:34.803901523Z", + "Cap": 131, + "Online": true, + "ComputedName": "user-kris", + "ComputedNameWithHost": "user-kris" + }, + "UserProfile": { "ID": 4538565228176803, "LoginName": "kristoffer@dalby.cc", "DisplayName": "kristoffer" }, + "CapMap": { "tailscale.com/cap/drive": [{ "shares": ["*"], "access": "rw" }] } + } + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.90.82", + "response": { + "Node": { + "ID": 1840115676059256, + "StableID": "nFzZ7giPNF11CNTRL", + "Name": "user-mon.tail78f774.ts.net.", + "User": 3982058329734709, + "Key": "nodekey:1ca6cca66d2b3811ec290c2f7ac30125c3568e19e303a8e30f6b165c9ee75a51", + "KeyExpiry": "2026-08-19T14:09:00Z", + "DiscoKey": "discokey:733598f0f74431b5b2b28fb5980d8b2f79b5ca5524664998d1d011a651643211", + "Addresses": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "AllowedIPs": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "Endpoints": [ + "77.164.248.136:50398", + "10.65.0.27:50398", + "172.17.0.1:50398", + "172.18.0.1:50398", + "172.19.0.1:50398" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user-mon", + "Services": [ + { "Proto": "peerapi4", "Port": 33201 }, + { "Proto": "peerapi6", "Port": 33201 } + ] + }, + "Created": "2026-02-20T14:09:00.203639664Z", + "Cap": 131, + "Online": true, + "ComputedName": "user-mon", + "ComputedNameWithHost": "user-mon" + }, + "UserProfile": { + "ID": 3982058329734709, + "LoginName": "monitorpasskeykradalby@passkey", + "DisplayName": "monitorpasskeykradalby" + }, + "CapMap": { "tailscale.com/cap/drive": [{ "shares": ["*"], "access": "rw" }] } + } + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.90.199.68", + "response": { + "Node": { + "ID": 539541576444929, + "StableID": "nSq9YrqMD511CNTRL", + "Name": "user1.tail78f774.ts.net.", + "User": 4156223528223174, + "Key": "nodekey:96338a2cd2ea803c915ed8fdf882d66ca0c6a59d0fcf0bc4b3f928d22d1ac743", + "KeyExpiry": "2026-07-22T10:04:13Z", + "DiscoKey": "discokey:203d3bfbd67a06d210c027c546a05658fba93aeaea5042b12d50b93d31a5d156", + "Addresses": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "AllowedIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "Endpoints": [ + "77.164.248.136:44240", + "10.65.0.27:44240", + "172.17.0.1:44240", + "172.18.0.1:44240", + "172.19.0.1:44240" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user1", + "Services": [ + { "Proto": "peerapi4", "Port": 46708 }, + { "Proto": "peerapi6", "Port": 46708 } + ] + }, + "Created": "2026-01-23T10:04:13.531671894Z", + "Cap": 131, + "Online": true, + "ComputedName": "user1", + "ComputedNameWithHost": "user1" + }, + "UserProfile": { "ID": 4156223528223174, "LoginName": "kratail2tid@passkey", "DisplayName": "kratail2tid" }, + "CapMap": { "tailscale.com/cap/drive": [{ "shares": ["*"], "access": "rw" }] } + } + } + } + }, + "subnet-router": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-client": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-prod": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-server": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-kris": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": [ + { + "SrcIPs": ["100.85.66.106", "fd7a:115c:a1e0::7c37:426a"], + "CapGrant": [ + { + "Dsts": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "CapMap": { "tailscale.com/cap/drive-sharer": null } + } + ] + } + ], + "packet_filter_matches": [ + { + "IPProto": [6, 17, 1, 58], + "Srcs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "SrcCaps": null, + "Dsts": [], + "Caps": [ + { "Dst": "100.110.121.96/32", "Cap": "tailscale.com/cap/drive-sharer", "Values": null }, + { "Dst": "fd7a:115c:a1e0::1737:7960/128", "Cap": "tailscale.com/cap/drive-sharer", "Values": null } + ] + } + ], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "tailscale.com/cap/drive-sharer": null } + } + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-mon": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": [ + { + "SrcIPs": ["100.85.66.106", "fd7a:115c:a1e0::7c37:426a"], + "CapGrant": [ + { + "Dsts": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "CapMap": { "tailscale.com/cap/drive-sharer": null } + } + ] + } + ], + "packet_filter_matches": [ + { + "IPProto": [6, 17, 1, 58], + "Srcs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "SrcCaps": null, + "Dsts": [], + "Caps": [ + { "Dst": "100.103.90.82/32", "Cap": "tailscale.com/cap/drive-sharer", "Values": null }, + { "Dst": "fd7a:115c:a1e0::9e37:5a52/128", "Cap": "tailscale.com/cap/drive-sharer", "Values": null } + ] + } + ], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "tailscale.com/cap/drive-sharer": null } + } + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user1": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": [ + { + "SrcIPs": ["100.85.66.106", "fd7a:115c:a1e0::7c37:426a"], + "CapGrant": [ + { + "Dsts": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "CapMap": { "tailscale.com/cap/drive-sharer": null } + } + ] + } + ], + "packet_filter_matches": [ + { + "IPProto": [6, 17, 1, 58], + "Srcs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "SrcCaps": null, + "Dsts": [], + "Caps": [ + { "Dst": "100.90.199.68/32", "Cap": "tailscale.com/cap/drive-sharer", "Values": null }, + { "Dst": "fd7a:115c:a1e0::2d01:c747/128", "Cap": "tailscale.com/cap/drive-sharer", "Values": null } + ] + } + ], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": { "tailscale.com/cap/drive-sharer": null } + } + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.90.82", + "response": null + } + } + } + } +} diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V20.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V20.json new file mode 100644 index 00000000..791989b3 --- /dev/null +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V20.json @@ -0,0 +1,755 @@ +{ + "test_id": "GRANT-V20", + "timestamp": "2026-02-23T15:41:34Z", + "propagation_wait_seconds": 8, + "input": { + "policy_file": "grant_policies_v2/grant_v20.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "grants": [ + { + "src": ["autogroup:member"], + "dst": ["tag:router"], + "app": { + "tailscale.com/cap/kubernetes": [ + { + "impersonate": { + "groups": ["system:masters"] + } + } + ] + } + } + ] + }, + "grants_section": [ + { + "src": ["autogroup:member"], + "dst": ["tag:router"], + "app": { "tailscale.com/cap/kubernetes": [{ "impersonate": { "groups": ["system:masters"] } }] } + } + ], + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_method": "POST", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "mts_name": "exit-node", + "socket": "/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock", + "hostname": "exit-node", + "user_id": 4041918547170221, + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "mts_name": "subnet-router", + "socket": "/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock", + "hostname": "subnet-router", + "user_id": 7489538288452506, + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "mts_name": "tagged-client", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock", + "hostname": "tagged-client", + "user_id": 4031348162889210, + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "mts_name": "tagged-prod", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock", + "hostname": "tagged-prod", + "user_id": 301794218943819, + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "mts_name": "tagged-server", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock", + "hostname": "tagged-server", + "user_id": 1440249486084758, + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "mts_name": "user-kris", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock", + "hostname": "user-kris", + "user_id": 4538565228176803, + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "mts_name": "user-mon", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock", + "hostname": "user-mon", + "user_id": 3982058329734709, + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "mts_name": "user1", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock", + "hostname": "user1", + "user_id": 4156223528223174, + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "subnet-router": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": [ + { + "SrcIPs": [ + "100.103.90.82", + "100.110.121.96", + "100.90.199.68", + "fd7a:115c:a1e0::1737:7960", + "fd7a:115c:a1e0::2d01:c747", + "fd7a:115c:a1e0::9e37:5a52" + ], + "CapGrant": [ + { + "Dsts": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "CapMap": { "tailscale.com/cap/kubernetes": [{ "impersonate": { "groups": ["system:masters"] } }] } + } + ] + } + ], + "packet_filter_matches": [ + { + "IPProto": [6, 17, 1, 58], + "Srcs": [ + "100.103.90.82/32", + "100.110.121.96/32", + "100.90.199.68/32", + "fd7a:115c:a1e0::1737:7960/128", + "fd7a:115c:a1e0::2d01:c747/128", + "fd7a:115c:a1e0::9e37:5a52/128" + ], + "SrcCaps": null, + "Dsts": [], + "Caps": [ + { + "Dst": "100.92.142.61/32", + "Cap": "tailscale.com/cap/kubernetes", + "Values": [{ "impersonate": { "groups": ["system:masters"] } }] + }, + { + "Dst": "fd7a:115c:a1e0::3e37:8e3d/128", + "Cap": "tailscale.com/cap/kubernetes", + "Values": [{ "impersonate": { "groups": ["system:masters"] } }] + } + ] + } + ], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.110.121.96", + "response": { + "Node": { + "ID": 7728836216590060, + "StableID": "nf4dJTRQM321CNTRL", + "Name": "user-kris.tail78f774.ts.net.", + "User": 4538565228176803, + "Key": "nodekey:40d0f8f49fd519e4a4a2b7d278dcc8863254d4fb8b0219f1d1304cdd172e795f", + "KeyExpiry": "2026-08-19T14:09:34Z", + "DiscoKey": "discokey:9841ea823abefc7197a67b2b33ba551868a344e64ecd27e00d1a100e5e9e5427", + "Addresses": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "AllowedIPs": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "Endpoints": [ + "77.164.248.136:42311", + "10.65.0.27:42311", + "172.17.0.1:42311", + "172.18.0.1:42311", + "172.19.0.1:42311" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user-kris", + "Services": [ + { "Proto": "peerapi4", "Port": 40159 }, + { "Proto": "peerapi6", "Port": 40159 } + ] + }, + "Created": "2026-02-20T14:09:34.803901523Z", + "Cap": 131, + "Online": true, + "ComputedName": "user-kris", + "ComputedNameWithHost": "user-kris" + }, + "UserProfile": { "ID": 4538565228176803, "LoginName": "kristoffer@dalby.cc", "DisplayName": "kristoffer" }, + "CapMap": { "tailscale.com/cap/kubernetes": [{ "impersonate": { "groups": ["system:masters"] } }] } + } + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.90.82", + "response": { + "Node": { + "ID": 1840115676059256, + "StableID": "nFzZ7giPNF11CNTRL", + "Name": "user-mon.tail78f774.ts.net.", + "User": 3982058329734709, + "Key": "nodekey:1ca6cca66d2b3811ec290c2f7ac30125c3568e19e303a8e30f6b165c9ee75a51", + "KeyExpiry": "2026-08-19T14:09:00Z", + "DiscoKey": "discokey:733598f0f74431b5b2b28fb5980d8b2f79b5ca5524664998d1d011a651643211", + "Addresses": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "AllowedIPs": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "Endpoints": [ + "77.164.248.136:50398", + "10.65.0.27:50398", + "172.17.0.1:50398", + "172.18.0.1:50398", + "172.19.0.1:50398" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user-mon", + "Services": [ + { "Proto": "peerapi4", "Port": 33201 }, + { "Proto": "peerapi6", "Port": 33201 } + ] + }, + "Created": "2026-02-20T14:09:00.203639664Z", + "Cap": 131, + "Online": true, + "ComputedName": "user-mon", + "ComputedNameWithHost": "user-mon" + }, + "UserProfile": { + "ID": 3982058329734709, + "LoginName": "monitorpasskeykradalby@passkey", + "DisplayName": "monitorpasskeykradalby" + }, + "CapMap": { "tailscale.com/cap/kubernetes": [{ "impersonate": { "groups": ["system:masters"] } }] } + } + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.90.199.68", + "response": { + "Node": { + "ID": 539541576444929, + "StableID": "nSq9YrqMD511CNTRL", + "Name": "user1.tail78f774.ts.net.", + "User": 4156223528223174, + "Key": "nodekey:96338a2cd2ea803c915ed8fdf882d66ca0c6a59d0fcf0bc4b3f928d22d1ac743", + "KeyExpiry": "2026-07-22T10:04:13Z", + "DiscoKey": "discokey:203d3bfbd67a06d210c027c546a05658fba93aeaea5042b12d50b93d31a5d156", + "Addresses": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "AllowedIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "Endpoints": [ + "77.164.248.136:44240", + "10.65.0.27:44240", + "172.17.0.1:44240", + "172.18.0.1:44240", + "172.19.0.1:44240" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user1", + "Services": [ + { "Proto": "peerapi4", "Port": 46708 }, + { "Proto": "peerapi6", "Port": 46708 } + ] + }, + "Created": "2026-01-23T10:04:13.531671894Z", + "Cap": 131, + "Online": true, + "ComputedName": "user1", + "ComputedNameWithHost": "user1" + }, + "UserProfile": { "ID": 4156223528223174, "LoginName": "kratail2tid@passkey", "DisplayName": "kratail2tid" }, + "CapMap": { "tailscale.com/cap/kubernetes": [{ "impersonate": { "groups": ["system:masters"] } }] } + } + } + } + }, + "tagged-client": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-prod": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-server": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-kris": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-mon": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user1": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.90.82", + "response": null + } + } + } + } +} diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V21.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V21.json new file mode 100644 index 00000000..894844ff --- /dev/null +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V21.json @@ -0,0 +1,1020 @@ +{ + "test_id": "GRANT-V21", + "timestamp": "2026-02-23T15:41:43Z", + "propagation_wait_seconds": 8, + "input": { + "policy_file": "grant_policies_v2/grant_v21.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "grants": [ + { + "src": ["*"], + "dst": ["10.33.0.0/16"], + "via": ["tag:router", "tag:exit"], + "ip": ["*"] + } + ] + }, + "grants_section": [{ "src": ["*"], "dst": ["10.33.0.0/16"], "via": ["tag:router", "tag:exit"], "ip": ["*"] }], + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_method": "POST", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "mts_name": "exit-node", + "socket": "/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock", + "hostname": "exit-node", + "user_id": 4041918547170221, + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "mts_name": "subnet-router", + "socket": "/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock", + "hostname": "subnet-router", + "user_id": 7489538288452506, + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "mts_name": "tagged-client", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock", + "hostname": "tagged-client", + "user_id": 4031348162889210, + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "mts_name": "tagged-prod", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock", + "hostname": "tagged-prod", + "user_id": 301794218943819, + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "mts_name": "tagged-server", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock", + "hostname": "tagged-server", + "user_id": 1440249486084758, + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "mts_name": "user-kris", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock", + "hostname": "user-kris", + "user_id": 4538565228176803, + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "mts_name": "user-mon", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock", + "hostname": "user-mon", + "user_id": 3982058329734709, + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "mts_name": "user1", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock", + "hostname": "user1", + "user_id": 4156223528223174, + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "subnet-router": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [{ "IP": "10.33.0.0/16", "Ports": { "First": 0, "Last": 65535 } }] + } + ], + "packet_filter_matches": [ + { + "IPProto": [6, 17, 1, 58], + "Srcs": [ + "10.33.0.0/16", + "100.115.94.0/23", + "100.115.96.0/19", + "100.115.128.0/17", + "100.116.0.0/14", + "100.120.0.0/13", + "100.64.0.0/11", + "100.96.0.0/12", + "100.112.0.0/15", + "100.114.0.0/16", + "100.115.0.0/18", + "100.115.64.0/20", + "100.115.80.0/21", + "100.115.88.0/22", + "fd7a:115c:a1e0::/48" + ], + "SrcCaps": null, + "Dsts": [{ "Net": "10.33.0.0/16", "Ports": { "First": 0, "Last": 65535 } }], + "Caps": [] + } + ], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.83.200.69", + "response": { + "Node": { + "ID": 4031348162889210, + "StableID": "nf7BTTgoUY11CNTRL", + "Name": "tagged-client.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:3011e53353e49142ea56ae11f81e0dceae0d667093d04ee086dcb1e9c5d3c844", + "DiscoKey": "discokey:7e9099516456f84f9af01c51ce03bc38764c4c02bf6c73a6d4b2495771a6c449", + "Addresses": ["100.83.200.69/32", "fd7a:115c:a1e0::c537:c845/128"], + "AllowedIPs": ["100.83.200.69/32", "fd7a:115c:a1e0::c537:c845/128"], + "Endpoints": [ + "77.164.248.136:47452", + "10.65.0.27:47452", + "172.17.0.1:47452", + "172.18.0.1:47452", + "172.19.0.1:47452" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-client", + "Services": [ + { "Proto": "peerapi4", "Port": 41378 }, + { "Proto": "peerapi6", "Port": 41378 } + ] + }, + "Created": "2026-02-23T00:13:11.017324028Z", + "Cap": 131, + "Tags": ["tag:client"], + "Online": true, + "ComputedName": "tagged-client", + "ComputedNameWithHost": "tagged-client" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.8.15", + "response": { + "Node": { + "ID": 301794218943819, + "StableID": "neJag6dgM311CNTRL", + "Name": "tagged-prod.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:54c79503322a5d0a9701ce19d11963cfff9c05667ac06ef976af86275ba7080e", + "DiscoKey": "discokey:2dd2ca7f9f1378d3ec23a7d6ba57a735032f9a4f90b6c95b2c2385950ec7ae45", + "Addresses": ["100.103.8.15/32", "fd7a:115c:a1e0::5b37:80f/128"], + "AllowedIPs": ["100.103.8.15/32", "fd7a:115c:a1e0::5b37:80f/128"], + "Endpoints": [ + "77.164.248.136:54907", + "10.65.0.27:54907", + "172.17.0.1:54907", + "172.18.0.1:54907", + "172.19.0.1:54907" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-prod", + "Services": [ + { "Proto": "peerapi4", "Port": 37678 }, + { "Proto": "peerapi6", "Port": 37678 } + ] + }, + "Created": "2026-02-20T14:03:12.89283153Z", + "Cap": 131, + "Tags": ["tag:prod"], + "Online": true, + "ComputedName": "tagged-prod", + "ComputedNameWithHost": "tagged-prod" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.108.74.26", + "response": { + "Node": { + "ID": 1440249486084758, + "StableID": "nXRbBtuHFC11CNTRL", + "Name": "tagged-server.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:7d5c34b3e8082069d0a82838165c33f8e1b5eb32c6211c2d23d4fe8fb9ec4a19", + "DiscoKey": "discokey:9f71ff1e1652916263ef05d0a5e9d9e18239aa598f956b24c563c03a1088cb39", + "Addresses": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "AllowedIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "Endpoints": [ + "77.164.248.136:34495", + "10.65.0.27:34495", + "172.17.0.1:34495", + "172.18.0.1:34495", + "172.19.0.1:34495" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-server", + "Services": [ + { "Proto": "peerapi4", "Port": 46499 }, + { "Proto": "peerapi6", "Port": 46499 } + ] + }, + "Created": "2026-01-23T10:10:26.365653609Z", + "Cap": 131, + "Tags": ["tag:server"], + "Online": true, + "ComputedName": "tagged-server", + "ComputedNameWithHost": "tagged-server" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.110.121.96", + "response": { + "Node": { + "ID": 7728836216590060, + "StableID": "nf4dJTRQM321CNTRL", + "Name": "user-kris.tail78f774.ts.net.", + "User": 4538565228176803, + "Key": "nodekey:40d0f8f49fd519e4a4a2b7d278dcc8863254d4fb8b0219f1d1304cdd172e795f", + "KeyExpiry": "2026-08-19T14:09:34Z", + "DiscoKey": "discokey:9841ea823abefc7197a67b2b33ba551868a344e64ecd27e00d1a100e5e9e5427", + "Addresses": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "AllowedIPs": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "Endpoints": [ + "77.164.248.136:42311", + "10.65.0.27:42311", + "172.17.0.1:42311", + "172.18.0.1:42311", + "172.19.0.1:42311" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user-kris", + "Services": [ + { "Proto": "peerapi4", "Port": 40159 }, + { "Proto": "peerapi6", "Port": 40159 } + ] + }, + "Created": "2026-02-20T14:09:34.803901523Z", + "Cap": 131, + "Online": true, + "ComputedName": "user-kris", + "ComputedNameWithHost": "user-kris" + }, + "UserProfile": { "ID": 4538565228176803, "LoginName": "kristoffer@dalby.cc", "DisplayName": "kristoffer" }, + "CapMap": null + } + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.90.82", + "response": { + "Node": { + "ID": 1840115676059256, + "StableID": "nFzZ7giPNF11CNTRL", + "Name": "user-mon.tail78f774.ts.net.", + "User": 3982058329734709, + "Key": "nodekey:1ca6cca66d2b3811ec290c2f7ac30125c3568e19e303a8e30f6b165c9ee75a51", + "KeyExpiry": "2026-08-19T14:09:00Z", + "DiscoKey": "discokey:733598f0f74431b5b2b28fb5980d8b2f79b5ca5524664998d1d011a651643211", + "Addresses": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "AllowedIPs": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "Endpoints": [ + "77.164.248.136:50398", + "10.65.0.27:50398", + "172.17.0.1:50398", + "172.18.0.1:50398", + "172.19.0.1:50398" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user-mon", + "Services": [ + { "Proto": "peerapi4", "Port": 33201 }, + { "Proto": "peerapi6", "Port": 33201 } + ] + }, + "Created": "2026-02-20T14:09:00.203639664Z", + "Cap": 131, + "Online": true, + "ComputedName": "user-mon", + "ComputedNameWithHost": "user-mon" + }, + "UserProfile": { + "ID": 3982058329734709, + "LoginName": "monitorpasskeykradalby@passkey", + "DisplayName": "monitorpasskeykradalby" + }, + "CapMap": null + } + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.90.199.68", + "response": { + "Node": { + "ID": 539541576444929, + "StableID": "nSq9YrqMD511CNTRL", + "Name": "user1.tail78f774.ts.net.", + "User": 4156223528223174, + "Key": "nodekey:96338a2cd2ea803c915ed8fdf882d66ca0c6a59d0fcf0bc4b3f928d22d1ac743", + "KeyExpiry": "2026-07-22T10:04:13Z", + "DiscoKey": "discokey:203d3bfbd67a06d210c027c546a05658fba93aeaea5042b12d50b93d31a5d156", + "Addresses": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "AllowedIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "Endpoints": [ + "77.164.248.136:44240", + "10.65.0.27:44240", + "172.17.0.1:44240", + "172.18.0.1:44240", + "172.19.0.1:44240" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user1", + "Services": [ + { "Proto": "peerapi4", "Port": 46708 }, + { "Proto": "peerapi6", "Port": 46708 } + ] + }, + "Created": "2026-01-23T10:04:13.531671894Z", + "Cap": 131, + "Online": true, + "ComputedName": "user1", + "ComputedNameWithHost": "user1" + }, + "UserProfile": { "ID": 4156223528223174, "LoginName": "kratail2tid@passkey", "DisplayName": "kratail2tid" }, + "CapMap": null + } + } + } + }, + "tagged-client": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-prod": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-server": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-kris": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-mon": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user1": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.90.82", + "response": null + } + } + } + } +} diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V22.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V22.json new file mode 100644 index 00000000..6dd281d7 --- /dev/null +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V22.json @@ -0,0 +1,62 @@ +{ + "test_id": "GRANT-V22", + "description": "", + "timestamp": "2026-02-23T15:41:52Z", + "error": true, + "input": { + "policy_file": "grant_policies_v2/grant_v22.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "grants": [ + { + "src": ["autogroup:member"], + "dst": ["autogroup:internet"], + "ip": ["tcp:443"], + "app": { + "example.com/cap/internet-mixed": [ + { + "proxy": "yes" + } + ] + } + } + ] + }, + "grants_section": [ + { + "src": ["autogroup:member"], + "dst": ["autogroup:internet"], + "ip": ["tcp:443"], + "app": { "example.com/cap/internet-mixed": [{ "proxy": "yes" }] } + } + ], + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_method": "POST", + "api_response_code": 400, + "api_response_body": { "message": "cannot use app grants with autogroup:internet" } + } +} diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V23.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V23.json new file mode 100644 index 00000000..8621ad1e --- /dev/null +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V23.json @@ -0,0 +1,1031 @@ +{ + "test_id": "GRANT-V23", + "timestamp": "2026-02-23T15:41:53Z", + "propagation_wait_seconds": 8, + "input": { + "policy_file": "grant_policies_v2/grant_v23.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "grants": [ + { + "src": ["*"], + "dst": ["10.33.0.0/16"], + "via": ["tag:router"], + "ip": ["tcp:22", "tcp:80", "tcp:443"] + } + ] + }, + "grants_section": [ + { "src": ["*"], "dst": ["10.33.0.0/16"], "via": ["tag:router"], "ip": ["tcp:22", "tcp:80", "tcp:443"] } + ], + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_method": "POST", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "mts_name": "exit-node", + "socket": "/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock", + "hostname": "exit-node", + "user_id": 4041918547170221, + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "mts_name": "subnet-router", + "socket": "/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock", + "hostname": "subnet-router", + "user_id": 7489538288452506, + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "mts_name": "tagged-client", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock", + "hostname": "tagged-client", + "user_id": 4031348162889210, + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "mts_name": "tagged-prod", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock", + "hostname": "tagged-prod", + "user_id": 301794218943819, + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "mts_name": "tagged-server", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock", + "hostname": "tagged-server", + "user_id": 1440249486084758, + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "mts_name": "user-kris", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock", + "hostname": "user-kris", + "user_id": 4538565228176803, + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "mts_name": "user-mon", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock", + "hostname": "user-mon", + "user_id": 3982058329734709, + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "mts_name": "user1", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock", + "hostname": "user1", + "user_id": 4156223528223174, + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "subnet-router": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": [ + { + "SrcIPs": [ + "10.33.0.0/16", + "100.115.94.0-100.127.255.255", + "100.64.0.0-100.115.91.255", + "fd7a:115c:a1e0::/48" + ], + "DstPorts": [ + { "IP": "10.33.0.0/16", "Ports": { "First": 22, "Last": 22 } }, + { "IP": "10.33.0.0/16", "Ports": { "First": 80, "Last": 80 } }, + { "IP": "10.33.0.0/16", "Ports": { "First": 443, "Last": 443 } } + ], + "IPProto": [6] + } + ], + "packet_filter_matches": [ + { + "IPProto": [6], + "Srcs": [ + "10.33.0.0/16", + "100.115.94.0/23", + "100.115.96.0/19", + "100.115.128.0/17", + "100.116.0.0/14", + "100.120.0.0/13", + "100.64.0.0/11", + "100.96.0.0/12", + "100.112.0.0/15", + "100.114.0.0/16", + "100.115.0.0/18", + "100.115.64.0/20", + "100.115.80.0/21", + "100.115.88.0/22", + "fd7a:115c:a1e0::/48" + ], + "SrcCaps": null, + "Dsts": [ + { "Net": "10.33.0.0/16", "Ports": { "First": 22, "Last": 22 } }, + { "Net": "10.33.0.0/16", "Ports": { "First": 80, "Last": 80 } }, + { "Net": "10.33.0.0/16", "Ports": { "First": 443, "Last": 443 } } + ], + "Caps": [] + } + ], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.85.66.106", + "response": { + "Node": { + "ID": 4041918547170221, + "StableID": "ngCb76MbZY11CNTRL", + "Name": "exit-node.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:90f4a7b9dc024f1ddec414a49de2aa7611a2dd86efc9d7bae30862ad7c954269", + "DiscoKey": "discokey:701f9ed9296436d3251a9d00d061859edb5ee55602bc0ecf7c64330adc77c815", + "Addresses": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "AllowedIPs": ["100.85.66.106/32", "fd7a:115c:a1e0::7c37:426a/128"], + "Endpoints": [ + "77.164.248.136:47924", + "10.65.0.27:47924", + "172.17.0.1:47924", + "172.18.0.1:47924", + "172.19.0.1:47924" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "exit-node", + "Services": [ + { "Proto": "peerapi4", "Port": 37000 }, + { "Proto": "peerapi6", "Port": 37000 } + ] + }, + "Created": "2026-02-23T00:13:20.566112173Z", + "Cap": 131, + "Tags": ["tag:exit"], + "Online": true, + "ComputedName": "exit-node", + "ComputedNameWithHost": "exit-node" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.83.200.69", + "response": { + "Node": { + "ID": 4031348162889210, + "StableID": "nf7BTTgoUY11CNTRL", + "Name": "tagged-client.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:3011e53353e49142ea56ae11f81e0dceae0d667093d04ee086dcb1e9c5d3c844", + "DiscoKey": "discokey:7e9099516456f84f9af01c51ce03bc38764c4c02bf6c73a6d4b2495771a6c449", + "Addresses": ["100.83.200.69/32", "fd7a:115c:a1e0::c537:c845/128"], + "AllowedIPs": ["100.83.200.69/32", "fd7a:115c:a1e0::c537:c845/128"], + "Endpoints": [ + "77.164.248.136:47452", + "10.65.0.27:47452", + "172.17.0.1:47452", + "172.18.0.1:47452", + "172.19.0.1:47452" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-client", + "Services": [ + { "Proto": "peerapi4", "Port": 41378 }, + { "Proto": "peerapi6", "Port": 41378 } + ] + }, + "Created": "2026-02-23T00:13:11.017324028Z", + "Cap": 131, + "Tags": ["tag:client"], + "Online": true, + "ComputedName": "tagged-client", + "ComputedNameWithHost": "tagged-client" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.8.15", + "response": { + "Node": { + "ID": 301794218943819, + "StableID": "neJag6dgM311CNTRL", + "Name": "tagged-prod.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:54c79503322a5d0a9701ce19d11963cfff9c05667ac06ef976af86275ba7080e", + "DiscoKey": "discokey:2dd2ca7f9f1378d3ec23a7d6ba57a735032f9a4f90b6c95b2c2385950ec7ae45", + "Addresses": ["100.103.8.15/32", "fd7a:115c:a1e0::5b37:80f/128"], + "AllowedIPs": ["100.103.8.15/32", "fd7a:115c:a1e0::5b37:80f/128"], + "Endpoints": [ + "77.164.248.136:54907", + "10.65.0.27:54907", + "172.17.0.1:54907", + "172.18.0.1:54907", + "172.19.0.1:54907" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-prod", + "Services": [ + { "Proto": "peerapi4", "Port": 37678 }, + { "Proto": "peerapi6", "Port": 37678 } + ] + }, + "Created": "2026-02-20T14:03:12.89283153Z", + "Cap": 131, + "Tags": ["tag:prod"], + "Online": true, + "ComputedName": "tagged-prod", + "ComputedNameWithHost": "tagged-prod" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.108.74.26", + "response": { + "Node": { + "ID": 1440249486084758, + "StableID": "nXRbBtuHFC11CNTRL", + "Name": "tagged-server.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:7d5c34b3e8082069d0a82838165c33f8e1b5eb32c6211c2d23d4fe8fb9ec4a19", + "DiscoKey": "discokey:9f71ff1e1652916263ef05d0a5e9d9e18239aa598f956b24c563c03a1088cb39", + "Addresses": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "AllowedIPs": ["100.108.74.26/32", "fd7a:115c:a1e0::b901:4a87/128"], + "Endpoints": [ + "77.164.248.136:34495", + "10.65.0.27:34495", + "172.17.0.1:34495", + "172.18.0.1:34495", + "172.19.0.1:34495" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "tagged-server", + "Services": [ + { "Proto": "peerapi4", "Port": 46499 }, + { "Proto": "peerapi6", "Port": 46499 } + ] + }, + "Created": "2026-01-23T10:10:26.365653609Z", + "Cap": 131, + "Tags": ["tag:server"], + "Online": true, + "ComputedName": "tagged-server", + "ComputedNameWithHost": "tagged-server" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.110.121.96", + "response": { + "Node": { + "ID": 7728836216590060, + "StableID": "nf4dJTRQM321CNTRL", + "Name": "user-kris.tail78f774.ts.net.", + "User": 4538565228176803, + "Key": "nodekey:40d0f8f49fd519e4a4a2b7d278dcc8863254d4fb8b0219f1d1304cdd172e795f", + "KeyExpiry": "2026-08-19T14:09:34Z", + "DiscoKey": "discokey:9841ea823abefc7197a67b2b33ba551868a344e64ecd27e00d1a100e5e9e5427", + "Addresses": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "AllowedIPs": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "Endpoints": [ + "77.164.248.136:42311", + "10.65.0.27:42311", + "172.17.0.1:42311", + "172.18.0.1:42311", + "172.19.0.1:42311" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user-kris", + "Services": [ + { "Proto": "peerapi4", "Port": 40159 }, + { "Proto": "peerapi6", "Port": 40159 } + ] + }, + "Created": "2026-02-20T14:09:34.803901523Z", + "Cap": 131, + "Online": true, + "ComputedName": "user-kris", + "ComputedNameWithHost": "user-kris" + }, + "UserProfile": { "ID": 4538565228176803, "LoginName": "kristoffer@dalby.cc", "DisplayName": "kristoffer" }, + "CapMap": null + } + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.90.82", + "response": { + "Node": { + "ID": 1840115676059256, + "StableID": "nFzZ7giPNF11CNTRL", + "Name": "user-mon.tail78f774.ts.net.", + "User": 3982058329734709, + "Key": "nodekey:1ca6cca66d2b3811ec290c2f7ac30125c3568e19e303a8e30f6b165c9ee75a51", + "KeyExpiry": "2026-08-19T14:09:00Z", + "DiscoKey": "discokey:733598f0f74431b5b2b28fb5980d8b2f79b5ca5524664998d1d011a651643211", + "Addresses": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "AllowedIPs": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "Endpoints": [ + "77.164.248.136:50398", + "10.65.0.27:50398", + "172.17.0.1:50398", + "172.18.0.1:50398", + "172.19.0.1:50398" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user-mon", + "Services": [ + { "Proto": "peerapi4", "Port": 33201 }, + { "Proto": "peerapi6", "Port": 33201 } + ] + }, + "Created": "2026-02-20T14:09:00.203639664Z", + "Cap": 131, + "Online": true, + "ComputedName": "user-mon", + "ComputedNameWithHost": "user-mon" + }, + "UserProfile": { + "ID": 3982058329734709, + "LoginName": "monitorpasskeykradalby@passkey", + "DisplayName": "monitorpasskeykradalby" + }, + "CapMap": null + } + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.90.199.68", + "response": { + "Node": { + "ID": 539541576444929, + "StableID": "nSq9YrqMD511CNTRL", + "Name": "user1.tail78f774.ts.net.", + "User": 4156223528223174, + "Key": "nodekey:96338a2cd2ea803c915ed8fdf882d66ca0c6a59d0fcf0bc4b3f928d22d1ac743", + "KeyExpiry": "2026-07-22T10:04:13Z", + "DiscoKey": "discokey:203d3bfbd67a06d210c027c546a05658fba93aeaea5042b12d50b93d31a5d156", + "Addresses": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "AllowedIPs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "Endpoints": [ + "77.164.248.136:44240", + "10.65.0.27:44240", + "172.17.0.1:44240", + "172.18.0.1:44240", + "172.19.0.1:44240" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "user1", + "Services": [ + { "Proto": "peerapi4", "Port": 46708 }, + { "Proto": "peerapi6", "Port": 46708 } + ] + }, + "Created": "2026-01-23T10:04:13.531671894Z", + "Cap": 131, + "Online": true, + "ComputedName": "user1", + "ComputedNameWithHost": "user1" + }, + "UserProfile": { "ID": 4156223528223174, "LoginName": "kratail2tid@passkey", "DisplayName": "kratail2tid" }, + "CapMap": null + } + } + } + }, + "tagged-client": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-prod": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-server": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-kris": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-mon": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user1": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.92.142.61", + "response": { + "Node": { + "ID": 7489538288452506, + "StableID": "nTPEqJU2V121CNTRL", + "Name": "subnet-router.tail78f774.ts.net.", + "User": 1260082990019555, + "Key": "nodekey:887ae2351c09c3b952f1f42bdac4095ec396ebf15824a746e4193c003e9c8e3c", + "DiscoKey": "discokey:9779fa96e2ddcd3dac863acc09b50304481964bfb3bccf52ff79d95bbd1a031d", + "Addresses": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128"], + "AllowedIPs": ["100.92.142.61/32", "fd7a:115c:a1e0::3e37:8e3d/128", "10.33.0.0/16"], + "Endpoints": [ + "77.164.248.136:57299", + "10.65.0.27:57299", + "172.17.0.1:57299", + "172.18.0.1:57299", + "172.19.0.1:57299" + ], + "HomeDERP": 14, + "Hostinfo": { + "OS": "linux", + "Hostname": "subnet-router", + "Services": [ + { "Proto": "peerapi4", "Port": 63250 }, + { "Proto": "peerapi6", "Port": 63250 } + ] + }, + "Created": "2026-02-23T00:13:15.731478784Z", + "Cap": 131, + "Tags": ["tag:router"], + "PrimaryRoutes": ["10.33.0.0/16"], + "Online": true, + "ComputedName": "subnet-router", + "ComputedNameWithHost": "subnet-router" + }, + "UserProfile": { "ID": 1260082990019555, "LoginName": "tagged-devices", "DisplayName": "Tagged Devices" }, + "CapMap": null + } + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.90.82", + "response": null + } + } + } + } +} diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V24.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V24.json new file mode 100644 index 00000000..59ded751 --- /dev/null +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V24.json @@ -0,0 +1,52 @@ +{ + "test_id": "GRANT-V24", + "description": "", + "timestamp": "2026-02-23T15:42:03Z", + "error": true, + "input": { + "policy_file": "grant_policies_v2/grant_v24.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "grants": [ + { + "src": ["tag:server"], + "dst": ["autogroup:self"], + "app": { + "example.com/cap/self-cap": [{}] + } + } + ] + }, + "grants_section": [ + { "src": ["tag:server"], "dst": ["autogroup:self"], "app": { "example.com/cap/self-cap": [{}] } } + ], + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_method": "POST", + "api_response_code": 400, + "api_response_body": { "message": "autogroup:self can only be used with users, groups, or supported autogroups" } + } +} diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V25.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V25.json new file mode 100644 index 00000000..1372c2ca --- /dev/null +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V25.json @@ -0,0 +1,571 @@ +{ + "test_id": "GRANT-V25", + "timestamp": "2026-02-23T15:42:04Z", + "propagation_wait_seconds": 8, + "input": { + "policy_file": "grant_policies_v2/grant_v25.json", + "full_policy": { + "groups": { + "group:admins": ["kratail2tid@passkey"], + "group:developers": ["kristoffer@dalby.cc", "kratail2tid@passkey"], + "group:monitors": ["monitorpasskeykradalby@passkey"], + "group:empty": [] + }, + "tagOwners": { + "tag:server": ["kratail2tid@passkey"], + "tag:prod": ["kratail2tid@passkey"], + "tag:client": ["kratail2tid@passkey"], + "tag:router": ["kratail2tid@passkey"], + "tag:exit": ["kratail2tid@passkey"] + }, + "hosts": { + "webserver": "100.108.74.26", + "prodbox": "100.103.8.15", + "internal": "10.0.0.0/8" + }, + "autoApprovers": { + "routes": { + "10.33.0.0/16": ["tag:router"], + "0.0.0.0/0": ["tag:exit"], + "::/0": ["tag:exit"] + } + }, + "grants": [ + { + "src": ["autogroup:member"], + "dst": ["autogroup:self"], + "app": { + "example.com/cap/self-test": [ + { + "level": "basic" + } + ] + } + } + ] + }, + "grants_section": [ + { + "src": ["autogroup:member"], + "dst": ["autogroup:self"], + "app": { "example.com/cap/self-test": [{ "level": "basic" }] } + } + ], + "api_endpoint": "https://api.tailscale.com/api/v2/tailnet/kratail2tid%40passkey/acl", + "api_method": "POST", + "api_response_code": 200 + }, + "topology": { + "nodes": { + "exit-node": { + "mts_name": "exit-node", + "socket": "/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock", + "hostname": "exit-node", + "user_id": 4041918547170221, + "tags": ["tag:exit"], + "ipv4": "100.85.66.106", + "ipv6": "fd7a:115c:a1e0::7c37:426a" + }, + "subnet-router": { + "mts_name": "subnet-router", + "socket": "/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock", + "hostname": "subnet-router", + "user_id": 7489538288452506, + "tags": ["tag:router"], + "ipv4": "100.92.142.61", + "ipv6": "fd7a:115c:a1e0::3e37:8e3d" + }, + "tagged-client": { + "mts_name": "tagged-client", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock", + "hostname": "tagged-client", + "user_id": 4031348162889210, + "tags": ["tag:client"], + "ipv4": "100.83.200.69", + "ipv6": "fd7a:115c:a1e0::c537:c845" + }, + "tagged-prod": { + "mts_name": "tagged-prod", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock", + "hostname": "tagged-prod", + "user_id": 301794218943819, + "tags": ["tag:prod"], + "ipv4": "100.103.8.15", + "ipv6": "fd7a:115c:a1e0::5b37:80f" + }, + "tagged-server": { + "mts_name": "tagged-server", + "socket": "/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock", + "hostname": "tagged-server", + "user_id": 1440249486084758, + "tags": ["tag:server"], + "ipv4": "100.108.74.26", + "ipv6": "fd7a:115c:a1e0::b901:4a87" + }, + "user-kris": { + "mts_name": "user-kris", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock", + "hostname": "user-kris", + "user_id": 4538565228176803, + "tags": [], + "ipv4": "100.110.121.96", + "ipv6": "fd7a:115c:a1e0::1737:7960" + }, + "user-mon": { + "mts_name": "user-mon", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock", + "hostname": "user-mon", + "user_id": 3982058329734709, + "tags": [], + "ipv4": "100.103.90.82", + "ipv6": "fd7a:115c:a1e0::9e37:5a52" + }, + "user1": { + "mts_name": "user1", + "socket": "/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock", + "hostname": "user1", + "user_id": 4156223528223174, + "tags": [], + "ipv4": "100.90.199.68", + "ipv6": "fd7a:115c:a1e0::2d01:c747" + } + } + }, + "captures": { + "exit-node": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/exit-node/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "subnet-router": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/subnet-router/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-client": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-client/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-prod": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-prod/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "tagged-server": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": null, + "packet_filter_matches": [], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/tagged-server/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-kris": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": [ + { + "SrcIPs": ["100.110.121.96", "fd7a:115c:a1e0::1737:7960"], + "CapGrant": [ + { + "Dsts": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "CapMap": { "example.com/cap/self-test": [{ "level": "basic" }] } + } + ] + } + ], + "packet_filter_matches": [ + { + "IPProto": [6, 17, 1, 58], + "Srcs": ["100.110.121.96/32", "fd7a:115c:a1e0::1737:7960/128"], + "SrcCaps": null, + "Dsts": [], + "Caps": [ + { "Dst": "100.110.121.96/32", "Cap": "example.com/cap/self-test", "Values": [{ "level": "basic" }] }, + { + "Dst": "fd7a:115c:a1e0::1737:7960/128", + "Cap": "example.com/cap/self-test", + "Values": [{ "level": "basic" }] + } + ] + } + ], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.103.90.82", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-kris/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user-mon": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": [ + { + "SrcIPs": ["100.103.90.82", "fd7a:115c:a1e0::9e37:5a52"], + "CapGrant": [ + { + "Dsts": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "CapMap": { "example.com/cap/self-test": [{ "level": "basic" }] } + } + ] + } + ], + "packet_filter_matches": [ + { + "IPProto": [6, 17, 1, 58], + "Srcs": ["100.103.90.82/32", "fd7a:115c:a1e0::9e37:5a52/128"], + "SrcCaps": null, + "Dsts": [], + "Caps": [ + { "Dst": "100.103.90.82/32", "Cap": "example.com/cap/self-test", "Values": [{ "level": "basic" }] }, + { + "Dst": "fd7a:115c:a1e0::9e37:5a52/128", + "Cap": "example.com/cap/self-test", + "Values": [{ "level": "basic" }] + } + ] + } + ], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.90.199.68": { + "peer_name": "user1", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user-mon/tailscaled.sock whois --json 100.90.199.68", + "response": null + } + } + }, + "user1": { + "commands": { + "packet_filter_rules": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-rules", + "packet_filter_matches": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock debug localapi POST debug-packet-filter-matches" + }, + "packet_filter_rules": [ + { + "SrcIPs": ["100.90.199.68", "fd7a:115c:a1e0::2d01:c747"], + "CapGrant": [ + { + "Dsts": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "CapMap": { "example.com/cap/self-test": [{ "level": "basic" }] } + } + ] + } + ], + "packet_filter_matches": [ + { + "IPProto": [6, 17, 1, 58], + "Srcs": ["100.90.199.68/32", "fd7a:115c:a1e0::2d01:c747/128"], + "SrcCaps": null, + "Dsts": [], + "Caps": [ + { "Dst": "100.90.199.68/32", "Cap": "example.com/cap/self-test", "Values": [{ "level": "basic" }] }, + { + "Dst": "fd7a:115c:a1e0::2d01:c747/128", + "Cap": "example.com/cap/self-test", + "Values": [{ "level": "basic" }] + } + ] + } + ], + "whois": { + "100.85.66.106": { + "peer_name": "exit-node", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.85.66.106", + "response": null + }, + "100.92.142.61": { + "peer_name": "subnet-router", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.92.142.61", + "response": null + }, + "100.83.200.69": { + "peer_name": "tagged-client", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.83.200.69", + "response": null + }, + "100.103.8.15": { + "peer_name": "tagged-prod", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.8.15", + "response": null + }, + "100.108.74.26": { + "peer_name": "tagged-server", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.108.74.26", + "response": null + }, + "100.110.121.96": { + "peer_name": "user-kris", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.110.121.96", + "response": null + }, + "100.103.90.82": { + "peer_name": "user-mon", + "command": "/home/kradalby/go/bin/tailscale --socket=/home/kradalby/.config/multi-tailscale-dev/user1/tailscaled.sock whois --json 100.103.90.82", + "response": null + } + } + } + } +}