terraform: refactor module inputs (#19)

* terraform: use tailscale_set_preferences for all (most) inputs

This removes the `tailscale_ssh`, `tailscale_advertise_exit_node`, `tailscale_advertise_routes`, etc inputs that were just `tailscale set ...` calls. Use `tailscale_set_preferences` instead.

Author: clstokes

terraform/aws/aws-ec2-autoscaling-dual-subnet/main.tf

@@ -69,21 +69,13 @@ module "tailscale_aws_ec2_autoscaling" {
   tailscale_auth_key = tailscale_tailnet_key.main.key
   tailscale_set_preferences = [
     "--auto-update",
+    "--ssh",
+    "--advertise-connector",
+    "--advertise-exit-node",
+    "--advertise-routes=${join(",", [module.vpc.vpc_cidr_block])}",
   ]
-  tailscale_ssh                 = true
-  tailscale_advertise_exit_node = true
-
-  tailscale_advertise_routes = [
-    module.vpc.vpc_cidr_block,
-  ]
-
-  tailscale_advertise_connector = true
-  # tailscale_advertise_aws_service_names = [
-  #   "GLOBALACCELERATOR",
-  # ]
 
   depends_on = [
     module.vpc.natgw_ids, # ensure NAT gateway is available before instance provisioning - primarily for private subnets
   ]
 }
-

terraform/aws/aws-ec2-autoscaling-session-recorder/main.tf

@@ -158,8 +158,8 @@ module "tailscale_aws_ec2_autoscaling" {
   tailscale_auth_key = tailscale_tailnet_key.main.key
   tailscale_set_preferences = [
     "--auto-update",
+    "-ssh",
   ]
-  tailscale_ssh = true
 
   #
   # Set up Tailscale Session Recorder (tsrecorder)

terraform/aws/aws-ec2-autoscaling/main.tf

@@ -58,18 +58,11 @@ module "tailscale_aws_ec2_autoscaling" {
   tailscale_hostname = local.name
   tailscale_set_preferences = [
     "--auto-update",
+    "--ssh",
+    "--advertise-connector",
+    "--advertise-exit-node",
+    "--advertise-routes=${join(",", [module.vpc.vpc_cidr_block])}",
   ]
-  tailscale_ssh                 = true
-  tailscale_advertise_exit_node = true
-
-  tailscale_advertise_routes = [
-    module.vpc.vpc_cidr_block,
-  ]
-
-  tailscale_advertise_connector = true
-  # tailscale_advertise_aws_service_names = [
-  #   "GLOBALACCELERATOR",
-  # ]
 
   depends_on = [
     module.vpc.natgw_ids, # ensure NAT gateway is available before instance provisioning - primarily for private subnets

terraform/aws/aws-ec2-instance-dual-stack-ipv4-ipv6/main.tf

@@ -50,16 +50,14 @@ module "tailscale_aws_ec2" {
   tailscale_auth_key = tailscale_tailnet_key.main.key
   tailscale_set_preferences = [
     "--auto-update",
+    "--ssh",
+    "--advertise-connector",
+    "--advertise-exit-node",
+    "--advertise-routes=${join(",", [
+      module.vpc.vpc_cidr_block,
+      module.vpc.vpc_ipv6_cidr_block,
+    ])}",
   ]
-  tailscale_ssh                 = true
-  tailscale_advertise_exit_node = true
-
-  tailscale_advertise_routes = concat(
-    [module.vpc.vpc_cidr_block],
-    [module.vpc.vpc_ipv6_cidr_block],
-  )
-
-  tailscale_advertise_connector = true
 
   depends_on = [
     module.vpc.natgw_ids, # ensure NAT gateway is available before instance provisioning - primarily for private subnets

terraform/aws/aws-ec2-instance/main.tf

@@ -47,18 +47,11 @@ module "tailscale_aws_ec2" {
   tailscale_auth_key = tailscale_tailnet_key.main.key
   tailscale_set_preferences = [
     "--auto-update",
+    "--ssh",
+    "--advertise-connector",
+    "--advertise-exit-node",
+    "--advertise-routes=${join(",", [module.vpc.vpc_cidr_block])}",
   ]
-  tailscale_ssh                 = true
-  tailscale_advertise_exit_node = true
-
-  tailscale_advertise_routes = [
-    module.vpc.vpc_cidr_block,
-  ]
-
-  tailscale_advertise_connector = true
-  # tailscale_advertise_aws_service_names = [
-  #   "GLOBALACCELERATOR",
-  # ]
 
   depends_on = [
     module.vpc.natgw_ids, # ensure NAT gateway is available before instance provisioning - primarily for private subnets

terraform/aws/internal-modules/aws-ec2-autoscaling/main.tf

@@ -1,15 +1,9 @@
 module "tailscale_install_scripts" {
   source = "../../../internal-modules/tailscale-install-scripts"
 
-  tailscale_advertise_connector = var.tailscale_advertise_connector
-  tailscale_advertise_exit_node = var.tailscale_advertise_exit_node
-  tailscale_auth_key            = var.tailscale_auth_key
-  tailscale_hostname            = var.tailscale_hostname
-  tailscale_set_preferences     = var.tailscale_set_preferences
-  tailscale_ssh                 = var.tailscale_ssh
-
-  tailscale_advertise_routes            = var.tailscale_advertise_routes
-  tailscale_advertise_aws_service_names = var.tailscale_advertise_aws_service_names
+  tailscale_auth_key        = var.tailscale_auth_key
+  tailscale_hostname        = var.tailscale_hostname
+  tailscale_set_preferences = var.tailscale_set_preferences
 
   additional_before_scripts = var.additional_before_scripts
   additional_after_scripts  = var.additional_after_scripts

terraform/aws/internal-modules/aws-ec2-autoscaling/variables-tailscale-install-scripts.tf

@@ -9,21 +9,6 @@ variable "tailscale_hostname" {
   description = "Hostname to assign to the device"
   type        = string
 }
-variable "tailscale_ssh" {
-  description = "Boolean flag to enable Tailscale SSH"
-  type        = bool
-  default     = true
-}
-variable "tailscale_advertise_exit_node" {
-  description = "Boolean flag to enable Tailscale Exit Node"
-  type        = bool
-  default     = false
-}
-variable "tailscale_advertise_connector" {
-  description = "Boolean flag to enable Tailscale App Connector"
-  type        = bool
-  default     = false
-}
 variable "tailscale_set_preferences" {
   description = "Preferences to run via `tailscale set ...`. Do not include `tailscale set`."
   type        = set(string)
@@ -43,17 +28,3 @@ variable "additional_after_scripts" {
   type        = list(string)
   default     = []
 }
-
-#
-# Variables for tailscale-advertise-routes
-#
-variable "tailscale_advertise_routes" {
-  description = "List of routes to advertise"
-  type        = set(string)
-  default     = []
-}
-variable "tailscale_advertise_aws_service_names" {
-  description = "List of AWS Services to retrieve IP prefixes for - e.g. ['GLOBALACCELERATOR','AMAZON']"
-  type        = set(string)
-  default     = []
-}

terraform/aws/internal-modules/aws-ec2-instance/main.tf

@@ -1,15 +1,9 @@
 module "tailscale_install_scripts" {
   source = "../../../internal-modules/tailscale-install-scripts"
 
-  tailscale_advertise_connector = var.tailscale_advertise_connector
-  tailscale_advertise_exit_node = var.tailscale_advertise_exit_node
-  tailscale_auth_key            = var.tailscale_auth_key
-  tailscale_hostname            = var.tailscale_hostname
-  tailscale_set_preferences     = var.tailscale_set_preferences
-  tailscale_ssh                 = var.tailscale_ssh
-
-  tailscale_advertise_routes            = var.tailscale_advertise_routes
-  tailscale_advertise_aws_service_names = var.tailscale_advertise_aws_service_names
+  tailscale_auth_key        = var.tailscale_auth_key
+  tailscale_hostname        = var.tailscale_hostname
+  tailscale_set_preferences = var.tailscale_set_preferences
 
   additional_before_scripts = var.additional_before_scripts
   additional_after_scripts  = var.additional_after_scripts

terraform/aws/internal-modules/aws-ec2-instance/variables-tailscale-install-scripts.tf

@@ -9,21 +9,6 @@ variable "tailscale_hostname" {
   description = "Hostname to assign to the device"
   type        = string
 }
-variable "tailscale_ssh" {
-  description = "Boolean flag to enable Tailscale SSH"
-  type        = bool
-  default     = true
-}
-variable "tailscale_advertise_exit_node" {
-  description = "Boolean flag to enable Tailscale Exit Node"
-  type        = bool
-  default     = false
-}
-variable "tailscale_advertise_connector" {
-  description = "Boolean flag to enable Tailscale App Connector"
-  type        = bool
-  default     = false
-}
 variable "tailscale_set_preferences" {
   description = "Preferences to run via `tailscale set ...`. Do not include `tailscale set`."
   type        = set(string)
@@ -43,17 +28,3 @@ variable "additional_after_scripts" {
   type        = list(string)
   default     = []
 }
-
-#
-# Variables for tailscale-advertise-routes
-#
-variable "tailscale_advertise_routes" {
-  description = "List of routes to advertise"
-  type        = set(string)
-  default     = []
-}
-variable "tailscale_advertise_aws_service_names" {
-  description = "List of AWS Services to retrieve IP prefixes for - e.g. ['GLOBALACCELERATOR','AMAZON']"
-  type        = set(string)
-  default     = []
-}

terraform/azure/azure-linux-vm/main.tf

@@ -66,13 +66,11 @@ module "tailscale_azure_linux_virtual_machine" {
   tailscale_auth_key = tailscale_tailnet_key.main.key
   tailscale_set_preferences = [
     "--auto-update",
+    "--ssh",
+    "--advertise-connector",
+    "--advertise-exit-node",
+    "--advertise-routes=${join(",", module.network.vnet_address_space)}",
   ]
-  tailscale_ssh                 = true
-  tailscale_advertise_exit_node = true
-
-  tailscale_advertise_routes = module.network.vnet_address_space
-
-  tailscale_advertise_connector = true
 
   depends_on = [
     module.network.natgw_ids, # for private subnets - ensure NAT gateway is available before instance provisioning

terraform/azure/internal-modules/azure-linux-vm/main.tf

@@ -1,15 +1,9 @@
 module "tailscale_install_scripts" {
   source = "../../../internal-modules/tailscale-install-scripts"
 
-  tailscale_advertise_connector = var.tailscale_advertise_connector
-  tailscale_advertise_exit_node = var.tailscale_advertise_exit_node
-  tailscale_auth_key            = var.tailscale_auth_key
-  tailscale_hostname            = var.tailscale_hostname
-  tailscale_set_preferences     = var.tailscale_set_preferences
-  tailscale_ssh                 = var.tailscale_ssh
-
-  tailscale_advertise_routes            = var.tailscale_advertise_routes
-  tailscale_advertise_aws_service_names = var.tailscale_advertise_aws_service_names
+  tailscale_auth_key        = var.tailscale_auth_key
+  tailscale_hostname        = var.tailscale_hostname
+  tailscale_set_preferences = var.tailscale_set_preferences
 
   additional_before_scripts = var.additional_before_scripts
   additional_after_scripts  = var.additional_after_scripts

terraform/azure/internal-modules/azure-linux-vm/variables-tailscale-install-scripts.tf

@@ -9,21 +9,6 @@ variable "tailscale_hostname" {
   description = "Hostname to assign to the device"
   type        = string
 }
-variable "tailscale_ssh" {
-  description = "Boolean flag to enable Tailscale SSH"
-  type        = bool
-  default     = true
-}
-variable "tailscale_advertise_exit_node" {
-  description = "Boolean flag to enable Tailscale Exit Node"
-  type        = bool
-  default     = false
-}
-variable "tailscale_advertise_connector" {
-  description = "Boolean flag to enable Tailscale App Connector"
-  type        = bool
-  default     = false
-}
 variable "tailscale_set_preferences" {
   description = "Preferences to run via `tailscale set ...`. Do not include `tailscale set`."
   type        = set(string)
@@ -43,17 +28,3 @@ variable "additional_after_scripts" {
   type        = list(string)
   default     = []
 }
-
-#
-# Variables for tailscale-advertise-routes
-#
-variable "tailscale_advertise_routes" {
-  description = "List of routes to advertise"
-  type        = set(string)
-  default     = []
-}
-variable "tailscale_advertise_aws_service_names" {
-  description = "List of AWS Services to retrieve IP prefixes for - e.g. ['GLOBALACCELERATOR','AMAZON']"
-  type        = set(string)
-  default     = []
-}

terraform/google/google-compute-instance/main.tf

@@ -59,13 +59,11 @@ module "tailscale_instance" {
   tailscale_auth_key = tailscale_tailnet_key.main.key
   tailscale_set_preferences = [
     "--auto-update",
+    "--ssh",
+    "--advertise-connector",
+    "--advertise-exit-node",
+    "--advertise-routes=${join(",", module.vpc.subnets_ips)}",
   ]
-  tailscale_ssh                 = true
-  tailscale_advertise_exit_node = true
-
-  tailscale_advertise_routes = module.vpc.subnets_ips
-
-  tailscale_advertise_connector = true
 
   depends_on = [
     module.vpc.nat_ids, # ensure NAT gateway is available before instance provisioning - primarily for private subnets

terraform/google/internal-modules/google-compute-instance/main.tf

@@ -1,15 +1,9 @@
 module "tailscale_install_scripts" {
   source = "../../../internal-modules/tailscale-install-scripts"
 
-  tailscale_advertise_connector = var.tailscale_advertise_connector
-  tailscale_advertise_exit_node = var.tailscale_advertise_exit_node
-  tailscale_auth_key            = var.tailscale_auth_key
-  tailscale_hostname            = var.tailscale_hostname
-  tailscale_set_preferences     = var.tailscale_set_preferences
-  tailscale_ssh                 = var.tailscale_ssh
-
-  tailscale_advertise_routes            = var.tailscale_advertise_routes
-  tailscale_advertise_aws_service_names = var.tailscale_advertise_aws_service_names
+  tailscale_auth_key        = var.tailscale_auth_key
+  tailscale_hostname        = var.tailscale_hostname
+  tailscale_set_preferences = var.tailscale_set_preferences
 
   additional_before_scripts = var.additional_before_scripts
   additional_after_scripts  = var.additional_after_scripts

terraform/google/internal-modules/google-compute-instance/variables-tailscale-install-scripts.tf

@@ -9,21 +9,6 @@ variable "tailscale_hostname" {
   description = "Hostname to assign to the device"
   type        = string
 }
-variable "tailscale_ssh" {
-  description = "Boolean flag to enable Tailscale SSH"
-  type        = bool
-  default     = true
-}
-variable "tailscale_advertise_exit_node" {
-  description = "Boolean flag to enable Tailscale Exit Node"
-  type        = bool
-  default     = false
-}
-variable "tailscale_advertise_connector" {
-  description = "Boolean flag to enable Tailscale App Connector"
-  type        = bool
-  default     = false
-}
 variable "tailscale_set_preferences" {
   description = "Preferences to run via `tailscale set ...`. Do not include `tailscale set`."
   type        = set(string)
@@ -43,17 +28,3 @@ variable "additional_after_scripts" {
   type        = list(string)
   default     = []
 }
-
-#
-# Variables for tailscale-advertise-routes
-#
-variable "tailscale_advertise_routes" {
-  description = "List of routes to advertise"
-  type        = set(string)
-  default     = []
-}
-variable "tailscale_advertise_aws_service_names" {
-  description = "List of AWS Services to retrieve IP prefixes for - e.g. ['GLOBALACCELERATOR','AMAZON']"
-  type        = set(string)
-  default     = []
-}