Using node tags breaks my user access
lucasew opened this issue · 1 comments
I was studying about tclip and the rule system used in the ACLs tab and decided to organize the following way:
- All my nodes such as PC, laptop and phone in the
trusted-nodes
tag. - All my services such as invidious and tclip to the
services
tag - Stuff that I want to expose to the internet using funnel, such as services, to the
internet
tag.
But my user is not appearing anymore in the autologin thing. The tag of my machine is now the user lol.
Is there a way to solve this without having to rollback my ACL settings?
I think I found the issue
Tagging a device kind of disassociates it to a user, so the user of the device become it's tag, not autogroup:members
anymore.
I had to drop the tags for my three devices by reauthenticating them, now it's working again. And yeah, it's very likely you will lose access to them in the process so have a escape hatch or open a tmux session and curl the stdout of tailscale to ntfy for example so when you lose access you have the authentication link to reauthenticate the device.
I am actually doing this because I am looking to add my relatives to the tailnet so I can use my PC to selfhost some stuff, mostly because of the Google Photos rugpull (not so serious tho, it's not very expensive), but they are dumb security wise and I am not willing to compromise my infra because my brother installed a completely trusty (source: bought review) piece of software in his Windows PC.