bdeshi/terraform-tailscale-aws
bdeshi/terraform-tailscale-aws
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix cidr validation & suport exit node setting

Browse Source
This commit is contained in:
bdeshi 2022-08-24 02:03:13 +06:00
parent 4f0e62de9f
commit 9ab22c99c9
Signed by: bdeshi
GPG Key ID: 410D03DA9A3468E0
4 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
files/acl.hujson.tftpl
View File

@ -11,7 +11,7 @@
"autoApprovers": { "autoApprovers": {
"routes": { "routes": {
%{~ for route in routes ~} %{~ for route in routes ~}
"${route}": ["group:admin", "${tag}"], "${route}": ["${tag}"],
%{~ endfor ~} %{~ endfor ~}
}, },
"exitNode": ["${tag}"] "exitNode": ["${tag}"]

2
files/relay-init.sh.tftpl
View File

@ -3,4 +3,4 @@ echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' >> /etc/sysctl.conf echo 'net.ipv6.conf.all.forwarding = 1' >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf sysctl -p /etc/sysctl.conf
curl -fsSL https://gist.githubusercontent.com/bdeshi/ba8fed1b5d357320d0314e8380c58454/raw/4978c0b60443e448607b59bc67c09f1dbbac9a56/tailscale-install.sh | sh curl -fsSL https://gist.githubusercontent.com/bdeshi/ba8fed1b5d357320d0314e8380c58454/raw/4978c0b60443e448607b59bc67c09f1dbbac9a56/tailscale-install.sh | sh
tailscale up %{ if length(routes) > 0 } --advertise-routes "${join(",", routes)}" %{ endif } --authkey "${auth_key}" --accept-dns=false tailscale up %{ if length(routes) > 0 } --advertise-routes "${join(",", routes)}" %{ endif } %{ if exit_node } --advertise-exit-node %{ endif } --authkey "${auth_key}" --accept-dns=false

1
tailscale-server.tf
View File

@ -19,6 +19,7 @@ resource "aws_instance" "tailscale" {
user_data = templatefile("${path.module}/files/relay-init.sh.tftpl", { user_data = templatefile("${path.module}/files/relay-init.sh.tftpl", {
routes = local.tailscale_routes routes = local.tailscale_routes
auth_key = tailscale_tailnet_key.relay_auth.key auth_key = tailscale_tailnet_key.relay_auth.key
exit_node = var.advertise_exit_node
}) })
tags = { tags = {
Name = "tailscale" Name = "tailscale"

12
variables.tf
View File

@ -66,9 +66,9 @@ variable "additional_routes" {
default = [] default = []
description = "The routes in addition to selected VPC's routes, to add to the tailscale network." description = "The routes in addition to selected VPC's routes, to add to the tailscale network."
validation { validation {
condition = length(var.additional_routes) == 0 ? true : alltrue([ condition = alltrue([
for route in var.additional_routes : for route in var.additional_routes :
regex("^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/\\d{1,2}$", route) can(regex("^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/\\d{1,2}$", route))
]) ])
error_message = "routes must be in CIDR format." error_message = "routes must be in CIDR format."
} }
@ -93,9 +93,15 @@ variable "advertise_routes" {
description = "Whether to advertise the tailscale server's subnet routes to clients." description = "Whether to advertise the tailscale server's subnet routes to clients."
} }
variable "enable_tailscale_ssh" { variable "advertise_exit_node" {
type = bool type = bool
default = true default = true
description = "Whether to advertise the tailscale server as an exit node."
}
variable "enable_tailscale_ssh" {
type = bool
default = false
description = "Whether to enable ssh-over-tailscale for tailscale network nodes." description = "Whether to enable ssh-over-tailscale for tailscale network nodes."
} }