From 67b7c3a9fddce3c86d4c142f67d307e64b935fe0 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Wed, 13 May 2026 09:06:40 +0200
Subject: [PATCH] feat(headscale): add ACL policy, isolate mx, make mx an exit
 node

Introduces a headscale ACL policy (file-mode) plus matching client config:

- New systems/x86_64-linux/attic/headscale-policy.hujson:
  * tag:llm restricts a node to talking only to halo:8000
  * all other harald@ nodes have full mesh access to each other
  * harald@ nodes can route internet traffic via approved exit nodes
  * autoApprovers.exitNode = [tag:llm] auto-approves the exit route
    advertised by any tag:llm node (currently mx)

- attic headscale.nix: wire policy.mode = "file" / policy.path to
  the .hujson above.

- mx default.nix: enable useRoutingFeatures = "server" (needed for IP
  forwarding) and add extraSetFlags = ["--advertise-exit-node"] so the
  flag is reapplied on every activation, not just initial login.

Operational steps after deploy:
  headscale nodes tag -i 10 -t tag:llm
---
 .../attic/headscale-policy.hujson             | 28 +++++++++++++++++++
 systems/x86_64-linux/attic/headscale.nix      |  4 +++
 systems/x86_64-linux/mx/default.nix           |  6 +++-
 3 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 systems/x86_64-linux/attic/headscale-policy.hujson

diff --git a/systems/x86_64-linux/attic/headscale-policy.hujson b/systems/x86_64-linux/attic/headscale-policy.hujson
new file mode 100644
index 0000000..06e1fe6
--- /dev/null
+++ b/systems/x86_64-linux/attic/headscale-policy.hujson
@@ -0,0 +1,28 @@
+{
+  "tagOwners": {
+    "tag:llm": ["harald@"],
+  },
+  "hosts": {
+    "halo": "100.64.0.3",
+  },
+  "autoApprovers": {
+    "exitNode": ["tag:llm"],
+  },
+  "acls": [
+    {
+      "action": "accept",
+      "src":    ["tag:llm"],
+      "dst":    ["halo:8000"],
+    },
+    {
+      "action": "accept",
+      "src":    ["harald@"],
+      "dst":    ["harald@:*"],
+    },
+    {
+      "action": "accept",
+      "src":    ["harald@"],
+      "dst":    ["autogroup:internet:*"],
+    },
+  ],
+}
diff --git a/systems/x86_64-linux/attic/headscale.nix b/systems/x86_64-linux/attic/headscale.nix
index 08b1a3c..fe52221 100644
--- a/systems/x86_64-linux/attic/headscale.nix
+++ b/systems/x86_64-linux/attic/headscale.nix
@@ -25,6 +25,10 @@ in
           client_secret_path = "/var/lib/headscale/client_secret";
           issuer = "https://nc.hoyer.xyz";
         };
+        policy = {
+          mode = "file";
+          path = toString ./headscale-policy.hujson;
+        };
       };
     };
 
diff --git a/systems/x86_64-linux/mx/default.nix b/systems/x86_64-linux/mx/default.nix
index 4b0c4a5..8e07450 100644
--- a/systems/x86_64-linux/mx/default.nix
+++ b/systems/x86_64-linux/mx/default.nix
@@ -26,7 +26,11 @@
     ./users.nix
   ];
 
-  services.tailscale.enable = true;
+  services.tailscale = {
+    enable = true;
+    useRoutingFeatures = "server";
+    extraSetFlags = [ "--advertise-exit-node" ];
+  };
 
   metacfg = {
     services.nginxBase.enable = true;