support for peered vpn cidrs

main
bdeshi 2 years ago
parent 9ab22c99c9
commit 56bd3212f9
Signed by: bdeshi
GPG Key ID: 410D03DA9A3468E0

@ -10,7 +10,6 @@ data "aws_subnet" "selected" {
data "aws_ami" "selected" { data "aws_ami" "selected" {
most_recent = true most_recent = true
owners = ["amazon"] owners = ["amazon"]
filter { filter {
name = "name" name = "name"
values = ["amzn2-ami-*"] values = ["amzn2-ami-*"]
@ -19,10 +18,44 @@ data "aws_ami" "selected" {
data "http" "relay_auth_key_response" { data "http" "relay_auth_key_response" {
url = "https://api.tailscale.com/api/v2/tailnet/${var.tailscale_domain}/keys/${tailscale_tailnet_key.relay_auth.id}" url = "https://api.tailscale.com/api/v2/tailnet/${var.tailscale_domain}/keys/${tailscale_tailnet_key.relay_auth.id}"
# Optional request headers
request_headers = { request_headers = {
Accept = "application/json" Accept = "application/json"
Authorization = "Basic ${local.tailscale_auth_token}" Authorization = "Basic ${local.tailscale_auth_token}"
} }
} }
data "aws_route_tables" "_subnet_filtered" {
filter {
name = "association.subnet-id"
values = [var.subnet_id]
}
}
data "aws_route_table" "selected" {
route_table_id = (length(data.aws_route_tables._subnet_filtered.ids) > 0
? data.aws_route_tables._subnet_filtered.ids[0]
: data.aws_vpc.selected.main_route_table_id
)
}
data "aws_vpc_peering_connections" "requested_peerings" {
filter {
name = "requester-vpc-info.vpc-id"
values = [var.vpc_id]
}
filter {
name = "status-code"
values = ["active"]
}
}
data "aws_vpc_peering_connections" "accepted_peerings" {
filter {
name = "accepter-vpc-info.vpc-id"
values = [var.vpc_id]
}
filter {
name = "status-code"
values = ["active"]
}
}

@ -2,15 +2,30 @@ locals {
tailscale_auth_token = base64encode("${var.tailscale_api_key}:") tailscale_auth_token = base64encode("${var.tailscale_api_key}:")
# list of cidr routes: cidrs of selected vpc + additional cidrs if defined vpc_peering_connections = setunion(
data.aws_vpc_peering_connections.requested_peerings.ids,
data.aws_vpc_peering_connections.accepted_peerings.ids
)
# list of cidr routes: cidrs of selected vpc + cidr of peers + additional cidrs if defined
tailscale_routes = var.advertise_routes ? concat( tailscale_routes = var.advertise_routes ? concat(
data.aws_vpc.selected.cidr_block_associations[*].cidr_block, data.aws_vpc.selected.cidr_block_associations[*].cidr_block,
[
for route in data.aws_route_table.selected.routes :
route.cidr_block if contains(
local.vpc_peering_connections,
route.vpc_peering_connection_id
)
],
length(var.additional_routes) > 0 ? var.additional_routes : [] length(var.additional_routes) > 0 ? var.additional_routes : []
) : [] ) : []
# list of vpc dns servers: each vpc cidr base + 2 & fallback_nameservers if defined # list of vpc dns servers: (cidr base + 2) for vpc cidrs + fallback_nameservers if defined
tailscale_nameservers = var.advertise_nameservers ? concat( tailscale_nameservers = var.advertise_nameservers ? concat(
[for cidr_block in data.aws_vpc.selected.cidr_block_associations : cidrhost(cidr_block.cidr_block, 2)], [
for cidr_block in data.aws_vpc.selected.cidr_block_associations :
cidrhost(cidr_block.cidr_block, 2)
],
length(var.fallback_nameservers) > 0 ? var.fallback_nameservers : [] length(var.fallback_nameservers) > 0 ? var.fallback_nameservers : []
) : [] ) : []

Loading…
Cancel
Save