juanfont
[Feature] Add Taildrop-Flag to Config
Use case
If you don't want to use the feature, it might be better to just disable it as it bypasses ACLs. There are usecases, where you want connections to be ONLY possible how defined in the ACLs whatsoever.
Description
Taildrop is currently activated by default and I think there is no way to disable it in Headscale. However, the Tailscale Admin Console offers a toggle to disable it, so I think the best place to add this feature in headscale is the config file.
Contribution
- [ ] I can write the design doc for this feature
- [ ] I can contribute this feature
How can it be implemented?
I think, the best place for this setting might be the headscale config file.
It could be a simple flag, such as: enable_taildrop = true/false.
This issue is stale because it has been open for 90 days with no activity.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
No, please no stale label 😢
It still would be really nice, and maybe it even is in line with the planned changes regarding ACLs and tags, which also includes an issue where tagged devices can taildrop to user devices and vice-versa?
I also think that this is quite some problem.
If my tag:prod-server-tagged server can send files to my personal macbook, even if according to ACLs it should not be allowed to talk to anything by itself, and as Taildrop on macOS currently just blindly accepts what ever comes via Taildrop and just puts that in the Downloads folder automatically, I think this is quite a big issue.
Bumping because I'd also like this to be both configurable and opt-in (disabled by default)
