diff --git a/opentofu/modules/tailscale/main.tofu b/opentofu/modules/tailscale/main.tofu
index 80896d4..d684e1e 100644
--- a/opentofu/modules/tailscale/main.tofu
+++ b/opentofu/modules/tailscale/main.tofu
@@ -84,6 +84,11 @@ resource "tailscale_acl" "soc_tailnet_acl" {
         "src" : ["tag:officina-instance"],
         "dst" : ["tag:infisical"],
         "ip" : ["443"]
+      },
+      {
+        "src" : ["tag:officina-ci"],
+        "dst" : ["tag:officina-instance"],
+        "ip" : ["22"]
       }
     ],
     "ssh" = [
@@ -119,6 +124,12 @@ resource "tailscale_acl" "soc_tailnet_acl" {
         "dst"    = ["tag:officina-instance"],
         "users"  = ["core"],
       },
+      {
+        "action" = "accept",
+        "src"    = ["tag:officina-ci"],
+        "dst"    = ["tag:officina-instance"],
+        "users"  = ["root"],
+      },
     ],
     "groups" = {
       "group:devs" = ["noah@noahwhite.net"],