terraform config to deploy a tailscale subnet router on aws and prepare a tailscale network.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

122 lines
3.5 KiB

variable "tailscale_domain" {
type = string
default = "example.net"
description = "The domain name of the tailscale network to manage."
}
variable "tailscale_admin_users" {
type = list(string)
default = ["admin"]
description = "usernames of the tailscale network's admins, minus the `@domain` part."
}
variable "tailscale_api_key" {
type = string
default = "tskey-XXXXXXXXXXXX-XXXXXXXXXXXXXXXXXXXXXX"
sensitive = true
description = "The tailscale API key to use."
validation {
condition = can(regex("^tskey-", var.tailscale_api_key))
error_message = "The tailscale API key must start with `tskey-`."
}
}
variable "relay_node_name" {
type = string
default = "tailscale-relay"
description = "The name of the relay node in tailscale network."
validation {
condition = can(regex("^\\w+$", var.relay_node_name))
error_message = "tailscale node name must be alphanumeric."
}
}
variable "relay_tag" {
type = string
default = "tag:tailscale"
description = "The tag to use for the tailscale network's relay nodes."
validation {
condition = can(regex("^tag:\\w+", var.relay_tag))
error_message = "tailscale tags must start with `tag:` followed by a tag name."
}
}
variable "relay_instance_type" {
type = string
default = "t2.micro"
description = "The EC2 instance type to use for the relay server."
}
variable "relay_key_name" {
type = string
default = "default"
description = "Name of key pair to use for the relay server, or empty to disable ssh access."
}
variable "aws_region" {
type = string
default = "us-east-1"
description = "The AWS region to use."
}
variable "vpc_id" {
type = string
default = "vpc-XXXXXXXXXXXXXXXXXXXX"
description = "ID of the vpc to deploy tailscale relay to."
}
variable "subnet_id" {
type = string
default = "subnet-XXXXXXXXXXXXXXXXXXXX"
description = "ID of the subnet to attach tailscale relay to."
}
variable "additional_routes" {
type = list(string)
default = []
description = "The routes in addition to selected VPC's routes, to add to the tailscale network."
validation {
condition = alltrue([
for route in var.additional_routes :
can(regex("^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/\\d{1,2}$", route))
])
error_message = "routes must be in CIDR format."
}
}
variable "fallback_nameservers" {
type = list(string)
# default = ["169.254.169.253", "1.1.1.1", "1.0.0.1", "8.8.8.8", "8.8.4.4"]
default = ["1.1.1.1", "1.0.0.1", "8.8.8.8", "8.8.4.4"]
description = "additional nameservers to push to the tailscale network."
}
variable "advertise_nameservers" {
type = bool
default = true
description = "Whether to advertise the tailscale network's nameservers to clients."
}
variable "advertise_routes" {
type = bool
default = true
description = "Whether to advertise the tailscale server's subnet routes to clients."
}
variable "advertise_exit_node" {
type = bool
default = true
description = "Whether to advertise the tailscale server as an exit node."
}
variable "enable_tailscale_ssh" {
type = bool
default = false
description = "Whether to enable ssh-over-tailscale for tailscale network nodes."
}
variable "relay_associate_public_ip" {
type = bool
default = true
description = "Whether to associate a public IP address with the relay server."
}