starred/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-03-31 22:43:31 +02:00
Code Issues 98 Packages Projects Releases 10 Wiki Activity

Deployed acddd731 to development with MkDocs 1.6.1 and mike 2.1.3

Browse Source
This commit is contained in:
github-actions
2026-03-01 08:25:29 +00:00
parent c56a93a6d7
commit dea02c58ed
7 changed files with 40 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
development/ref/acls/index.html
View File

@@ -142,12 +142,12 @@
</span><span id=__span-5-3><a id=__codelineno-5-3 name=__codelineno-5-3 href=#__codelineno-5-3></a><span class=w> </span><span class=nt>&quot;src&quot;</span><span class=p>:</span><span class=w> </span><span class=p>[</span><span class=s2>&quot;autogroup:tagged&quot;</span><span class=p>],</span>
</span><span id=__span-5-4><a id=__codelineno-5-4 name=__codelineno-5-4 href=#__codelineno-5-4></a><span class=w> </span><span class=nt>&quot;dst&quot;</span><span class=p>:</span><span class=w> </span><span class=p>[</span><span class=s2>&quot;tag:monitoring:9090&quot;</span><span class=p>]</span>
</span><span id=__span-5-5><a id=__codelineno-5-5 name=__codelineno-5-5 href=#__codelineno-5-5></a><span class=p>}</span>
</span></code></pre></div> <h3 id=autogroupself><code>autogroup:self</code><a class=headerlink href=#autogroupself title="Permanent link">&para;</a></h3> <div class="admonition warning"> <p class=admonition-title>The current implementation of <code>autogroup:self</code> is inefficient</p> </div> <p>Includes devices where the same user is authenticated on both the source and destination. Does not include tagged devices. Can only be used in ACL destinations.</p> <p><div class="language-json highlight"><pre><span></span><code><span id=__span-6-1><a id=__codelineno-6-1 name=__codelineno-6-1 href=#__codelineno-6-1></a><span class=p>{</span>
</span></code></pre></div> <h3 id=autogroupself><code>autogroup:self</code><a class=headerlink href=#autogroupself title="Permanent link">&para;</a></h3> <div class="admonition warning"> <p class=admonition-title>The current implementation of <code>autogroup:self</code> is inefficient</p> </div> <p>Includes devices where the same user is authenticated on both the source and destination. Does not include tagged devices. Can only be used in ACL destinations.</p> <div class="language-json highlight"><pre><span></span><code><span id=__span-6-1><a id=__codelineno-6-1 name=__codelineno-6-1 href=#__codelineno-6-1></a><span class=p>{</span>
</span><span id=__span-6-2><a id=__codelineno-6-2 name=__codelineno-6-2 href=#__codelineno-6-2></a><span class=w> </span><span class=nt>&quot;action&quot;</span><span class=p>:</span><span class=w> </span><span class=s2>&quot;accept&quot;</span><span class=p>,</span>
</span><span id=__span-6-3><a id=__codelineno-6-3 name=__codelineno-6-3 href=#__codelineno-6-3></a><span class=w> </span><span class=nt>&quot;src&quot;</span><span class=p>:</span><span class=w> </span><span class=p>[</span><span class=s2>&quot;autogroup:member&quot;</span><span class=p>],</span>
</span><span id=__span-6-4><a id=__codelineno-6-4 name=__codelineno-6-4 href=#__codelineno-6-4></a><span class=w> </span><span class=nt>&quot;dst&quot;</span><span class=p>:</span><span class=w> </span><span class=p>[</span><span class=s2>&quot;autogroup:self:*&quot;</span><span class=p>]</span>
</span><span id=__span-6-5><a id=__codelineno-6-5 name=__codelineno-6-5 href=#__codelineno-6-5></a><span class=p>}</span>
</span></code></pre></div> <em>Using <code>autogroup:self</code> may cause performance degradation on the Headscale coordinator server in large deployments, as filter rules must be compiled per-node rather than globally and the current implementation is not very efficient.</em></p> <p>If you experience performance issues, consider using more specific ACL rules or limiting the use of <code>autogroup:self</code>. <div class="language-json highlight"><pre><span></span><code><span id=__span-7-1><a id=__codelineno-7-1 name=__codelineno-7-1 href=#__codelineno-7-1></a><span class=p>{</span>
</span></code></pre></div> <p><em>Using <code>autogroup:self</code> may cause performance degradation on the Headscale coordinator server in large deployments, as filter rules must be compiled per-node rather than globally and the current implementation is not very efficient.</em></p> <p>If you experience performance issues, consider using more specific ACL rules or limiting the use of <code>autogroup:self</code>.</p> <div class="language-json highlight"><pre><span></span><code><span id=__span-7-1><a id=__codelineno-7-1 name=__codelineno-7-1 href=#__codelineno-7-1></a><span class=p>{</span>
</span><span id=__span-7-2><a id=__codelineno-7-2 name=__codelineno-7-2 href=#__codelineno-7-2></a><span class=w> </span><span class=c1>// The following rules allow internal users to communicate with their</span>
</span><span id=__span-7-3><a id=__codelineno-7-3 name=__codelineno-7-3 href=#__codelineno-7-3></a><span class=w> </span><span class=c1>// own nodes in case autogroup:self is causing performance issues.</span>
</span><span id=__span-7-4><a id=__codelineno-7-4 name=__codelineno-7-4 href=#__codelineno-7-4></a><span class=w> </span><span class=p>{</span><span class=w> </span><span class=nt>&quot;action&quot;</span><span class=p>:</span><span class=w> </span><span class=s2>&quot;accept&quot;</span><span class=p>,</span><span class=w> </span><span class=nt>&quot;src&quot;</span><span class=p>:</span><span class=w> </span><span class=p>[</span><span class=s2>&quot;boss@&quot;</span><span class=p>],</span><span class=w> </span><span class=nt>&quot;dst&quot;</span><span class=p>:</span><span class=w> </span><span class=p>[</span><span class=s2>&quot;boss@:*&quot;</span><span class=p>]</span><span class=w> </span><span class=p>},</span>
@@ -156,7 +156,7 @@
</span><span id=__span-7-7><a id=__codelineno-7-7 name=__codelineno-7-7 href=#__codelineno-7-7></a><span class=w> </span><span class=p>{</span><span class=w> </span><span class=nt>&quot;action&quot;</span><span class=p>:</span><span class=w> </span><span class=s2>&quot;accept&quot;</span><span class=p>,</span><span class=w> </span><span class=nt>&quot;src&quot;</span><span class=p>:</span><span class=w> </span><span class=p>[</span><span class=s2>&quot;admin1@&quot;</span><span class=p>],</span><span class=w> </span><span class=nt>&quot;dst&quot;</span><span class=p>:</span><span class=w> </span><span class=p>[</span><span class=s2>&quot;admin1@:*&quot;</span><span class=p>]</span><span class=w> </span><span class=p>},</span>
</span><span id=__span-7-8><a id=__codelineno-7-8 name=__codelineno-7-8 href=#__codelineno-7-8></a><span class=w> </span><span class=p>{</span><span class=w> </span><span class=nt>&quot;action&quot;</span><span class=p>:</span><span class=w> </span><span class=s2>&quot;accept&quot;</span><span class=p>,</span><span class=w> </span><span class=nt>&quot;src&quot;</span><span class=p>:</span><span class=w> </span><span class=p>[</span><span class=s2>&quot;intern1@&quot;</span><span class=p>],</span><span class=w> </span><span class=nt>&quot;dst&quot;</span><span class=p>:</span><span class=w> </span><span class=p>[</span><span class=s2>&quot;intern1@:*&quot;</span><span class=p>]</span><span class=w> </span><span class=p>}</span>
</span><span id=__span-7-9><a id=__codelineno-7-9 name=__codelineno-7-9 href=#__codelineno-7-9></a><span class=p>}</span>
</span></code></pre></div></p> <h3 id=autogroupnonroot><code>autogroup:nonroot</code><a class=headerlink href=#autogroupnonroot title="Permanent link">&para;</a></h3> <p>Used in Tailscale SSH rules to allow access to any user except root. Can only be used in the <code>users</code> field of SSH rules.</p> <div class="language-json highlight"><pre><span></span><code><span id=__span-8-1><a id=__codelineno-8-1 name=__codelineno-8-1 href=#__codelineno-8-1></a><span class=p>{</span>
</span></code></pre></div> <h3 id=autogroupnonroot><code>autogroup:nonroot</code><a class=headerlink href=#autogroupnonroot title="Permanent link">&para;</a></h3> <p>Used in Tailscale SSH rules to allow access to any user except root. Can only be used in the <code>users</code> field of SSH rules.</p> <div class="language-json highlight"><pre><span></span><code><span id=__span-8-1><a id=__codelineno-8-1 name=__codelineno-8-1 href=#__codelineno-8-1></a><span class=p>{</span>
</span><span id=__span-8-2><a id=__codelineno-8-2 name=__codelineno-8-2 href=#__codelineno-8-2></a><span class=w> </span><span class=nt>&quot;action&quot;</span><span class=p>:</span><span class=w> </span><span class=s2>&quot;accept&quot;</span><span class=p>,</span>
</span><span id=__span-8-3><a id=__codelineno-8-3 name=__codelineno-8-3 href=#__codelineno-8-3></a><span class=w> </span><span class=nt>&quot;src&quot;</span><span class=p>:</span><span class=w> </span><span class=p>[</span><span class=s2>&quot;autogroup:member&quot;</span><span class=p>],</span>
</span><span id=__span-8-4><a id=__codelineno-8-4 name=__codelineno-8-4 href=#__codelineno-8-4></a><span class=w> </span><span class=nt>&quot;dst&quot;</span><span class=p>:</span><span class=w> </span><span class=p>[</span><span class=s2>&quot;autogroup:self&quot;</span><span class=p>],</span>