I’ve seen the feature request at Allow easily specifying "all internal users" in ACLs · Issue #1447 · tailscale/tailscale · GitHub and I’m guessing this is the only answer to this question, but thought I’d ask anyway.
Is there a way to have all authenticated users in an ACL without having to maintain a group for all users. At the moment, just allowing user “*” works, but as soon as I want to start adding external servers into the mix I will need to exclude them from this ACL.
Ideally, I’d be looking for something like an autogroup:untagged, which may or may not be the same as the options listed in the github issue.
Other alternatives are an option in the ACL for anyone except this user or something that worked as a ‘for this tag/user/group stop processing further ACL entries’ but that is almost a deny rule which moves currently ACL model. I suspect these would also be considerably more work to implement.
Am i right to assume this isn’t an issue that’s likely to be addressed soon?
Currently my only options are a large ACL group or tagging absolutely everything.