Headscale: Add ACLs to isolate tunneled traffic from homelab traffic.

Ferris is no longer able to access any devices on the home network other than duke.
This makes sure that even if ferris got compromised, the other devices would be safe(r)

01-headscale/config/acl.json

@@ -0,0 +1,32 @@
+{
+	"tagOwners": {
+		"tag:ferris": ["weckyy702@"]
+	},
+
+	"hosts": {
+		"duke.veltnet": "10.10.0.135/32",
+		"homenet": "10.10.0.0/16"
+	},
+
+	"acls": [
+		/*Untagged devices have access to everything*/
+		{
+			"action": "accept",
+			"src": ["autogroup:member"],
+			"dst": [
+				"autogroup:internet:*",
+				"autogroup:member:*",
+				"autogroup:tagged:*",
+				"homenet:*"
+			]
+		},
+		/*Ferris can only access the services hosted on duke*/
+		{
+			"action": "accept",
+			"src": ["tag:ferris"],
+			"dst": [
+				"duke.veltnet:*"
+			]
+		}
+	]
+}