From e540679dbd6d4d9d11d9838ecf6e522d3d8a9a04 Mon Sep 17 00:00:00 2001 From: Adrien Raffin-Caboisse Date: Tue, 15 Feb 2022 09:52:05 +0100 Subject: [PATCH] docs(acl-proposals): integrate comments --- docs/proposals/001-acls.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/docs/proposals/001-acls.md b/docs/proposals/001-acls.md index 31b1c8a5..92e000a7 100644 --- a/docs/proposals/001-acls.md +++ b/docs/proposals/001-acls.md @@ -43,9 +43,12 @@ For personal users the default behavior could either allow all communications be For businesses and organisations, viewing a headscale instance a single tailnet would allow users (namespace) to talk to each other with the ACLs. As described in tailscale's documentation [[1]], a server should be tagged and personnal devices should be tied to a user. Translated in headscale's terms each user can have multiple devices and all those devices should be in the same namespace. The servers should be tagged and used as such. -This implementation would render useless the sharing feature that is currently implemented since an ACL could do the same. +This implementation would render useless the sharing feature that is currently +implemented since an ACL could do the same. Simplifying to only one user +interface to do one thing is easier and less confusing for the users. -What could be improved would be to peer different headscale installation and allow `sharing`. This would raises issues about compatible network IPs range. +As a sidenote, users would like to write ACLs as YAML. We should offer users +the ability to rules in either format (HuJSON or YAML). [1]: https://tailscale.com/kb/1068/acl-tags/