Document availability of autgroup:internet

2026-04-25 17:15:33 +02:00 · 2026-04-17 21:22:59 +02:00
parent 9ea09ea4b6
commit 7e6c7924ad
2 changed files with 7 additions and 1 deletions
--- a/docs/about/features.md
+++ b/docs/about/features.md
@@ -24,7 +24,7 @@ provides on overview of Headscale's feature and compatibility with the Tailscale
 - [x] Access control lists ([GitHub label "policy"](https://github.com/juanfont/headscale/labels/policy%20%F0%9F%93%9D))
    - [x] ACL management via API
    - [x] Some [Autogroups](https://tailscale.com/kb/1396/targets#autogroups), currently: `autogroup:internet`,
-      `autogroup:nonroot`, `autogroup:member`, `autogroup:tagged`, `autogroup:self`
+      `autogroup:nonroot`, `autogroup:member`, `autogroup:tagged`, `autogroup:self`, `autogroup:danger-all`
    - [x] [Auto approvers](https://tailscale.com/kb/1337/acl-syntax#auto-approvers) for [subnet
      routers](../ref/routes.md#automatically-approve-routes-of-a-subnet-router) and [exit
      nodes](../ref/routes.md#automatically-approve-an-exit-node-with-auto-approvers)
--- a/docs/ref/acls.md
+++ b/docs/ref/acls.md
@@ -286,3 +286,9 @@ Used in Tailscale SSH rules to allow access to any user except root. Can only be
  "users": ["autogroup:nonroot"]
 }
 ```
+
+### `autogroup:danger-all`
+
+This autogroup resolves to all IP addresses (`0.0.0.0/0` and `::/0`) which also includes all IP addresses outside the
+standard Tailscale IP ranges. [This autogroup can only be used as
+source](https://tailscale.com/docs/reference/targets-and-selectors#autogroupdanger-all).