[Bug] peers are not propagated to tagged nodes

[bartishv]

Is this a support request?

• This is not a support request

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

Given headscale 0.24.0, two tailscale 1.78.3 nodes one tagged as tag:device and the other as tag:proxy, and ACL

{
  "tagOwners": {
    "tag:device": [],
    "tag:proxy": []
  },
  "acls": [
    {
      "action": "accept",
      "src": ["tag:device"],
      "dst": ["tag:proxy:*"]
    }
  ]
}

tailscale nodes tagged as tag:device do not receive peers. Meaning tailscale status returns only one record of the node itself.

Changing ACL to use users or groups instead of tags - works like a charm.

Expected Behavior

nodes tagged as tag:device should receive a peer tagged as tag:proxy

Steps To Reproduce

1. define ACLs as in "Current behavior" in a policy file.
2. start headscale
3. add two users
4. generate two pre-auth keys - 1 for each user
5. start two tailscale nodes, specifying pre-auth keys generated above
6. in headscale terminal tag one node as described in "current behavior"

Environment

- Docker compose
- Headscale version: 0.24.0
- Tailscale version: 1.78.3

Runtime environment

• Headscale is behind a (reverse) proxy
• Headscale runs in a container

Anything else?

Similar problem was reported in #809

[DevId-E]

I can confirm this. As soon as tags are removed peering defined in acls work as expected.