From f362396514d92236451bc62805db28fb5950ff86 Mon Sep 17 00:00:00 2001
From: 0x7fffff92 <40755502+0x7fffff92@users.noreply.github.com>
Date: Sat, 19 Jul 2025 09:25:55 +0800
Subject: [PATCH] fix: nftables only for owner (#1571)

* fix: nftables only for owner

* typo

---------

Co-authored-by: 0x7fffff92 <0x7fffff92@example.com>
---
 .../helm-charts/headscale/templates/headscale_deploy.yaml     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/framework/headscale/.olares/config/user/helm-charts/headscale/templates/headscale_deploy.yaml b/framework/headscale/.olares/config/user/helm-charts/headscale/templates/headscale_deploy.yaml
index 0d27bf630..085b91485 100644
--- a/framework/headscale/.olares/config/user/helm-charts/headscale/templates/headscale_deploy.yaml
+++ b/framework/headscale/.olares/config/user/helm-charts/headscale/templates/headscale_deploy.yaml
@@ -301,7 +301,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: status.hostIP
-        {{- if or (eq $role "owner") (eq $role "admin") }}
+        {{- if eq $role "owner" }}
         - name: TS_DEBUG_FIREWALL_MODE
           value: nftables
         {{- end }}
@@ -321,7 +321,7 @@ spec:
         - name: TS_EXTRA_ARGS
           value: >-
             --login-server http://headscale-server-svc:8080
-            --netfilter-mode {{ if or (eq $role "owner") (eq $role "admin") }}on{{ else }}off{{ end }}
+            --netfilter-mode {{ if eq $role "owner" }}on{{ else }}off{{ end }}
         - name: TS_USERSPACE
           value: "false"