Tailscale recently introduced the possibility to manage Tailnet ACLs in Git Repositories. This is my tailscale.yml
which has a notable difference to the one proposed by Tailscale. By putting the ACL test in front of the ACL deployment, it becomes a bit clearer that a failure happened b/c of a failed ACL.
Bonus: by installing act
, one can actually run these tests locally, e.g. before committing / pushing to Github. Works well with a Git pre-commit hook that will fail if the ACL test is unsusscessful. Combined with the 1Password cli
op
command, you can get a nice little ACL workflow.
op run --env-file=".github/act/.env" -- act --secret TS_API_KEY --secret TS_TAILNET