From 082ef6167ea188de4a0439fe63baaca41b19b45b Mon Sep 17 00:00:00 2001
From: Seth Flynn <getchoo@tuta.io>
Date: Fri, 31 Jan 2025 08:14:23 -0500
Subject: terraform: switch to plain hcl
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

• Removed input 'terranix'
• Removed input 'terranix/bats-assert'
• Removed input 'terranix/bats-support'
• Removed input 'terranix/flake-parts'
• Removed input 'terranix/nixpkgs'
• Removed input 'terranix/systems'
• Removed input 'terranix/terranix-examples'
---
 terraform/tailscale.tf | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 70 insertions(+)
 create mode 100644 terraform/tailscale.tf

(limited to 'terraform/tailscale.tf')

diff --git a/terraform/tailscale.tf b/terraform/tailscale.tf
new file mode 100644
index 0000000..6bb4752
--- /dev/null
+++ b/terraform/tailscale.tf
@@ -0,0 +1,70 @@
+locals {
+  personal_devices = [
+    "caroline",
+    "glados",
+    "glados-windows",
+    "iphone-14"
+  ]
+
+  server_devices = [
+    "atlas"
+  ]
+
+  devices = concat(local.personal_devices, local.server_devices)
+}
+
+data "tailscale_device" "devices" {
+  for_each = toset(local.devices)
+
+  name     = "${each.key}.tailc59d6.ts.net"
+  wait_for = "60s"
+}
+
+resource "tailscale_device_tags" "personal" {
+  for_each = toset(local.personal_devices)
+
+  device_id = data.tailscale_device.devices[each.key].id
+  tags      = ["tag:personal"]
+}
+
+resource "tailscale_device_tags" "server" {
+  for_each = toset(local.server_devices)
+
+  device_id = data.tailscale_device.devices[each.key].id
+  tags      = ["tag:server"]
+}
+
+resource "tailscale_dns_preferences" "preferences" {
+  magic_dns = true
+}
+
+resource "tailscale_acl" "acl" {
+  acl = jsonencode({
+    acls = [
+      {
+        action = "accept"
+        dst    = ["*:*"]
+        src    = ["tag:personal"]
+      },
+      {
+        action = "accept"
+        dst    = ["tag:server:*"]
+        src    = ["tag:server"]
+      }
+    ]
+
+    ssh = [
+      {
+        action = "accept"
+        dst    = ["tag:server", "tag:personal"]
+        src    = ["tag:personal"]
+        users  = ["autogroup:nonroot", "root"]
+      }
+    ]
+
+    tagOwners = {
+      "tag:personal" = ["getchoo@github"]
+      "tag:server"   = ["getchoo@github"]
+    }
+  })
+}
-- 
cgit v1.2.3