add node name variable & adjust tailscale up flags

data.tf

@@ -10,7 +10,6 @@ data "aws_subnet" "selected" {
 data "aws_ami" "selected" {
   most_recent = true
   owners      = ["amazon"]
-
   filter {
     name   = "name"
     values = ["amzn2-ami-*"]
@@ -19,10 +18,44 @@ data "aws_ami" "selected" {
 
 data "http" "relay_auth_key_response" {
   url = "https://api.tailscale.com/api/v2/tailnet/${var.tailscale_domain}/keys/${tailscale_tailnet_key.relay_auth.id}"
-
-  # Optional request headers
   request_headers = {
     Accept        = "application/json"
     Authorization = "Basic ${local.tailscale_auth_token}"
   }
 }
+
+data "aws_route_tables" "_subnet_filtered" {
+  filter {
+    name   = "association.subnet-id"
+    values = [var.subnet_id]
+  }
+}
+
+data "aws_route_table" "selected" {
+  route_table_id = (length(data.aws_route_tables._subnet_filtered.ids) > 0
+    ? data.aws_route_tables._subnet_filtered.ids[0]
+    : data.aws_vpc.selected.main_route_table_id
+  )
+}
+
+data "aws_vpc_peering_connections" "requested_peerings" {
+  filter {
+    name   = "requester-vpc-info.vpc-id"
+    values = [var.vpc_id]
+  }
+  filter {
+    name   = "status-code"
+    values = ["active"]
+  }
+}
+
+data "aws_vpc_peering_connections" "accepted_peerings" {
+  filter {
+    name   = "accepter-vpc-info.vpc-id"
+    values = [var.vpc_id]
+  }
+  filter {
+    name   = "status-code"
+    values = ["active"]
+  }
+}

files/relay-init.sh.tftpl

@@ -3,4 +3,4 @@ echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
 echo 'net.ipv6.conf.all.forwarding = 1' >> /etc/sysctl.conf
 sysctl -p /etc/sysctl.conf
 curl -fsSL https://gist.githubusercontent.com/bdeshi/ba8fed1b5d357320d0314e8380c58454/raw/4978c0b60443e448607b59bc67c09f1dbbac9a56/tailscale-install.sh | sh
-tailscale up %{ if length(routes) > 0 } --advertise-routes "${join(",", routes)}" %{ endif } %{ if exit_node } --advertise-exit-node %{ endif } --authkey "${auth_key}" --accept-dns=false
+tailscale up --accept-dns=false --accept-routes=false --hostname "${node_name}" %{ if length(routes) > 0 } --advertise-routes "${join(",", routes)}" %{ endif } %{ if exit_node } --advertise-exit-node %{ endif } --authkey "${auth_key}"

locals.tf

@@ -2,15 +2,30 @@ locals {
 
   tailscale_auth_token = base64encode("${var.tailscale_api_key}:")
 
-  # list of cidr routes: cidrs of selected vpc + additional cidrs if defined
+  vpc_peering_connections = setunion(
+    data.aws_vpc_peering_connections.requested_peerings.ids,
+    data.aws_vpc_peering_connections.accepted_peerings.ids
+  )
+
+  # list of cidr routes: cidrs of selected vpc + cidr of peers + additional cidrs if defined
   tailscale_routes = var.advertise_routes ? concat(
     data.aws_vpc.selected.cidr_block_associations[*].cidr_block,
+    [
+      for route in data.aws_route_table.selected.routes :
+      route.cidr_block if contains(
+        local.vpc_peering_connections,
+        route.vpc_peering_connection_id
+      )
+    ],
     length(var.additional_routes) > 0 ? var.additional_routes : []
   ) : []
 
-  # list of vpc dns servers: each vpc cidr base + 2 & fallback_nameservers if defined
+  # list of vpc dns servers: (cidr base + 2) for vpc cidrs + fallback_nameservers if defined
   tailscale_nameservers = var.advertise_nameservers ? concat(
-    [for cidr_block in data.aws_vpc.selected.cidr_block_associations : cidrhost(cidr_block.cidr_block, 2)],
+    [
+      for cidr_block in data.aws_vpc.selected.cidr_block_associations :
+      cidrhost(cidr_block.cidr_block, 2)
+    ],
     length(var.fallback_nameservers) > 0 ? var.fallback_nameservers : []
   ) : []
 

tailscale-server.tf

@@ -17,9 +17,10 @@ resource "aws_instance" "tailscale" {
   subnet_id                   = var.subnet_id
   vpc_security_group_ids      = [aws_security_group.tailscale.id]
   user_data = templatefile("${path.module}/files/relay-init.sh.tftpl", {
-    routes   = local.tailscale_routes
-    auth_key = tailscale_tailnet_key.relay_auth.key
+    routes    = local.tailscale_routes
+    auth_key  = tailscale_tailnet_key.relay_auth.key
     exit_node = var.advertise_exit_node
+    node_name = var.relay_node_name
   })
   tags = {
     Name = "tailscale"

variables.tf

@@ -17,7 +17,17 @@ variable "tailscale_api_key" {
   description = "The tailscale API key to use."
   validation {
     condition     = can(regex("^tskey-", var.tailscale_api_key))
-    error_message = "The tailscale API key must start with `tskey-`"
+    error_message = "The tailscale API key must start with `tskey-`."
+  }
+}
+
+variable "relay_node_name" {
+  type        = string
+  default     = "tailscale-relay"
+  description = "The name of the relay node in tailscale network."
+  validation {
+    condition     = can(regex("^\\w+$", var.relay_node_name))
+    error_message = "tailscale node name must be alphanumeric."
   }
 }
 
@@ -40,7 +50,7 @@ variable "relay_instance_type" {
 variable "relay_key_name" {
   type        = string
   default     = "default"
-  description = "The name of the pre-existing key pair to use for ssh access to the relay server."
+  description = "Name of key pair to use for the relay server, or empty to disable ssh access."
 }
 
 variable "aws_region" {