summaryrefslogtreecommitdiff
path: root/terraform/tailscale.tf
diff options
context:
space:
mode:
Diffstat (limited to 'terraform/tailscale.tf')
-rw-r--r--terraform/tailscale.tf70
1 files changed, 70 insertions, 0 deletions
diff --git a/terraform/tailscale.tf b/terraform/tailscale.tf
new file mode 100644
index 0000000..6bb4752
--- /dev/null
+++ b/terraform/tailscale.tf
@@ -0,0 +1,70 @@
+locals {
+ personal_devices = [
+ "caroline",
+ "glados",
+ "glados-windows",
+ "iphone-14"
+ ]
+
+ server_devices = [
+ "atlas"
+ ]
+
+ devices = concat(local.personal_devices, local.server_devices)
+}
+
+data "tailscale_device" "devices" {
+ for_each = toset(local.devices)
+
+ name = "${each.key}.tailc59d6.ts.net"
+ wait_for = "60s"
+}
+
+resource "tailscale_device_tags" "personal" {
+ for_each = toset(local.personal_devices)
+
+ device_id = data.tailscale_device.devices[each.key].id
+ tags = ["tag:personal"]
+}
+
+resource "tailscale_device_tags" "server" {
+ for_each = toset(local.server_devices)
+
+ device_id = data.tailscale_device.devices[each.key].id
+ tags = ["tag:server"]
+}
+
+resource "tailscale_dns_preferences" "preferences" {
+ magic_dns = true
+}
+
+resource "tailscale_acl" "acl" {
+ acl = jsonencode({
+ acls = [
+ {
+ action = "accept"
+ dst = ["*:*"]
+ src = ["tag:personal"]
+ },
+ {
+ action = "accept"
+ dst = ["tag:server:*"]
+ src = ["tag:server"]
+ }
+ ]
+
+ ssh = [
+ {
+ action = "accept"
+ dst = ["tag:server", "tag:personal"]
+ src = ["tag:personal"]
+ users = ["autogroup:nonroot", "root"]
+ }
+ ]
+
+ tagOwners = {
+ "tag:personal" = ["getchoo@github"]
+ "tag:server" = ["getchoo@github"]
+ }
+ })
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 17:28:22 +0000