I occasionally find myself just wanting to get a glance of how my ACL rules look without reading through the code. This is also useful for showing how our policies are set up to people who are not devs by trade.
- You will need Python3 and git installed.
git clone https://github.com/SimplyMinimal/tailscale-network-topology-mapper
cd tailscale-network-topology-mapper
pip install -r requirements.txt
- Copy your ACL policy into the contents of the example
policy.hujson
- Edit
create-network-map.py
and changeCOMPANY_DOMAIN="example.com"
to your actual company domain
- Run
python create-network-map.py
to generate your network map. It should produce an updatednetwork_topology.html
file that you can open in your browser.
You can filter down to specific groups or nodes using the filter bar at the top or by clicking on a node on the graph.
If you would like to have the network map be automatically updated whenever you push an update to your ACL file then take a look at this example workflow: .github/workflows/tailscale.yml
- This project is in an early alpha stage.
- It can only map what is available in the ACL policy file. It is not an active scanning tool that will seek out other hosts.
- It only focuses on the ACL rules themselves but eventually this may start capturing ALL the available valid ACL sections.
Pull requests welcome! :)
- Use
tailscale debug netmap
to build a more in-depth map - Allow switching between layers such as port level, host level, user/group level