From 4f790599ee647ae9c01c9528cd6e520dd3f875f9 Mon Sep 17 00:00:00 2001 From: Cameron Stokes Date: Sat, 17 Aug 2024 12:02:54 -0700 Subject: [PATCH 1/9] terraform: use tailscale_set_preferences for all (most) inputs This removes the `tailscale_ssh`, `tailscale_advertise_exit_node`, `tailscale_advertise_routes`, etc inputs that were just `tailscale set ...` calls. Use `tailscale_set_preferences` instead. --- terraform/aws/aws-ec2-autoscaling/main.tf | 15 +++------- .../aws-ec2-autoscaling/main.tf | 12 ++------ .../variables-tailscale-install-scripts.tf | 29 ------------------- .../variables-tailscale-install-scripts.tf | 29 ------------------- .../variables-tailscale-install-scripts.tf | 29 ------------------- .../variables-tailscale-install-scripts.tf | 29 ------------------- .../tailscale-advertise-routes/README.md | 21 ++++++++++++++ .../tailscale-advertise-routes/variables.tf | 1 + .../tailscale-install-scripts/main.tf | 22 ++------------ .../tailscale-install-scripts/variables.tf | 29 ------------------- 10 files changed, 31 insertions(+), 185 deletions(-) diff --git a/terraform/aws/aws-ec2-autoscaling/main.tf b/terraform/aws/aws-ec2-autoscaling/main.tf index d53d425..fad3e8c 100644 --- a/terraform/aws/aws-ec2-autoscaling/main.tf +++ b/terraform/aws/aws-ec2-autoscaling/main.tf @@ -58,18 +58,11 @@ module "tailscale_aws_ec2_autoscaling" { tailscale_hostname = local.name tailscale_set_preferences = [ "--auto-update", + "--ssh", + "--advertise-routes=${join(",", [module.vpc.vpc_cidr_block])}", + "--advertise-exit-node=true", + "--advertise-connector=true", ] - tailscale_ssh = true - tailscale_advertise_exit_node = true - - tailscale_advertise_routes = [ - module.vpc.vpc_cidr_block, - ] - - tailscale_advertise_connector = true - # tailscale_advertise_aws_service_names = [ - # "GLOBALACCELERATOR", - # ] depends_on = [ module.vpc.natgw_ids, # ensure NAT gateway is available before instance provisioning - primarily for private subnets diff --git a/terraform/aws/internal-modules/aws-ec2-autoscaling/main.tf b/terraform/aws/internal-modules/aws-ec2-autoscaling/main.tf index a98bef5..3b82991 100644 --- a/terraform/aws/internal-modules/aws-ec2-autoscaling/main.tf +++ b/terraform/aws/internal-modules/aws-ec2-autoscaling/main.tf @@ -1,15 +1,9 @@ module "tailscale_install_scripts" { source = "../../../internal-modules/tailscale-install-scripts" - tailscale_advertise_connector = var.tailscale_advertise_connector - tailscale_advertise_exit_node = var.tailscale_advertise_exit_node - tailscale_auth_key = var.tailscale_auth_key - tailscale_hostname = var.tailscale_hostname - tailscale_set_preferences = var.tailscale_set_preferences - tailscale_ssh = var.tailscale_ssh - - tailscale_advertise_routes = var.tailscale_advertise_routes - tailscale_advertise_aws_service_names = var.tailscale_advertise_aws_service_names + tailscale_auth_key = var.tailscale_auth_key + tailscale_hostname = var.tailscale_hostname + tailscale_set_preferences = var.tailscale_set_preferences additional_before_scripts = var.additional_before_scripts additional_after_scripts = var.additional_after_scripts diff --git a/terraform/aws/internal-modules/aws-ec2-autoscaling/variables-tailscale-install-scripts.tf b/terraform/aws/internal-modules/aws-ec2-autoscaling/variables-tailscale-install-scripts.tf index c7206f9..e4ff234 100644 --- a/terraform/aws/internal-modules/aws-ec2-autoscaling/variables-tailscale-install-scripts.tf +++ b/terraform/aws/internal-modules/aws-ec2-autoscaling/variables-tailscale-install-scripts.tf @@ -9,21 +9,6 @@ variable "tailscale_hostname" { description = "Hostname to assign to the device" type = string } -variable "tailscale_ssh" { - description = "Boolean flag to enable Tailscale SSH" - type = bool - default = true -} -variable "tailscale_advertise_exit_node" { - description = "Boolean flag to enable Tailscale Exit Node" - type = bool - default = false -} -variable "tailscale_advertise_connector" { - description = "Boolean flag to enable Tailscale App Connector" - type = bool - default = false -} variable "tailscale_set_preferences" { description = "Preferences to run via `tailscale set ...`. Do not include `tailscale set`." type = set(string) @@ -43,17 +28,3 @@ variable "additional_after_scripts" { type = list(string) default = [] } - -# -# Variables for tailscale-advertise-routes -# -variable "tailscale_advertise_routes" { - description = "List of routes to advertise" - type = set(string) - default = [] -} -variable "tailscale_advertise_aws_service_names" { - description = "List of AWS Services to retrieve IP prefixes for - e.g. ['GLOBALACCELERATOR','AMAZON']" - type = set(string) - default = [] -} diff --git a/terraform/aws/internal-modules/aws-ec2-instance/variables-tailscale-install-scripts.tf b/terraform/aws/internal-modules/aws-ec2-instance/variables-tailscale-install-scripts.tf index c7206f9..e4ff234 100644 --- a/terraform/aws/internal-modules/aws-ec2-instance/variables-tailscale-install-scripts.tf +++ b/terraform/aws/internal-modules/aws-ec2-instance/variables-tailscale-install-scripts.tf @@ -9,21 +9,6 @@ variable "tailscale_hostname" { description = "Hostname to assign to the device" type = string } -variable "tailscale_ssh" { - description = "Boolean flag to enable Tailscale SSH" - type = bool - default = true -} -variable "tailscale_advertise_exit_node" { - description = "Boolean flag to enable Tailscale Exit Node" - type = bool - default = false -} -variable "tailscale_advertise_connector" { - description = "Boolean flag to enable Tailscale App Connector" - type = bool - default = false -} variable "tailscale_set_preferences" { description = "Preferences to run via `tailscale set ...`. Do not include `tailscale set`." type = set(string) @@ -43,17 +28,3 @@ variable "additional_after_scripts" { type = list(string) default = [] } - -# -# Variables for tailscale-advertise-routes -# -variable "tailscale_advertise_routes" { - description = "List of routes to advertise" - type = set(string) - default = [] -} -variable "tailscale_advertise_aws_service_names" { - description = "List of AWS Services to retrieve IP prefixes for - e.g. ['GLOBALACCELERATOR','AMAZON']" - type = set(string) - default = [] -} diff --git a/terraform/azure/internal-modules/azure-linux-vm/variables-tailscale-install-scripts.tf b/terraform/azure/internal-modules/azure-linux-vm/variables-tailscale-install-scripts.tf index c7206f9..e4ff234 100644 --- a/terraform/azure/internal-modules/azure-linux-vm/variables-tailscale-install-scripts.tf +++ b/terraform/azure/internal-modules/azure-linux-vm/variables-tailscale-install-scripts.tf @@ -9,21 +9,6 @@ variable "tailscale_hostname" { description = "Hostname to assign to the device" type = string } -variable "tailscale_ssh" { - description = "Boolean flag to enable Tailscale SSH" - type = bool - default = true -} -variable "tailscale_advertise_exit_node" { - description = "Boolean flag to enable Tailscale Exit Node" - type = bool - default = false -} -variable "tailscale_advertise_connector" { - description = "Boolean flag to enable Tailscale App Connector" - type = bool - default = false -} variable "tailscale_set_preferences" { description = "Preferences to run via `tailscale set ...`. Do not include `tailscale set`." type = set(string) @@ -43,17 +28,3 @@ variable "additional_after_scripts" { type = list(string) default = [] } - -# -# Variables for tailscale-advertise-routes -# -variable "tailscale_advertise_routes" { - description = "List of routes to advertise" - type = set(string) - default = [] -} -variable "tailscale_advertise_aws_service_names" { - description = "List of AWS Services to retrieve IP prefixes for - e.g. ['GLOBALACCELERATOR','AMAZON']" - type = set(string) - default = [] -} diff --git a/terraform/google/internal-modules/google-compute-instance/variables-tailscale-install-scripts.tf b/terraform/google/internal-modules/google-compute-instance/variables-tailscale-install-scripts.tf index c7206f9..e4ff234 100644 --- a/terraform/google/internal-modules/google-compute-instance/variables-tailscale-install-scripts.tf +++ b/terraform/google/internal-modules/google-compute-instance/variables-tailscale-install-scripts.tf @@ -9,21 +9,6 @@ variable "tailscale_hostname" { description = "Hostname to assign to the device" type = string } -variable "tailscale_ssh" { - description = "Boolean flag to enable Tailscale SSH" - type = bool - default = true -} -variable "tailscale_advertise_exit_node" { - description = "Boolean flag to enable Tailscale Exit Node" - type = bool - default = false -} -variable "tailscale_advertise_connector" { - description = "Boolean flag to enable Tailscale App Connector" - type = bool - default = false -} variable "tailscale_set_preferences" { description = "Preferences to run via `tailscale set ...`. Do not include `tailscale set`." type = set(string) @@ -43,17 +28,3 @@ variable "additional_after_scripts" { type = list(string) default = [] } - -# -# Variables for tailscale-advertise-routes -# -variable "tailscale_advertise_routes" { - description = "List of routes to advertise" - type = set(string) - default = [] -} -variable "tailscale_advertise_aws_service_names" { - description = "List of AWS Services to retrieve IP prefixes for - e.g. ['GLOBALACCELERATOR','AMAZON']" - type = set(string) - default = [] -} diff --git a/terraform/internal-modules/tailscale-advertise-routes/README.md b/terraform/internal-modules/tailscale-advertise-routes/README.md index d760650..7e945e9 100644 --- a/terraform/internal-modules/tailscale-advertise-routes/README.md +++ b/terraform/internal-modules/tailscale-advertise-routes/README.md @@ -1,3 +1,24 @@ # saas-route-lists Scripts to download, parse, and save various SaaS IP and domain lists to advertise via a Tailscale App Connector or Subnet Router. + +## Usage + +```hcl +module "tailscale-advertise-routes" { + source = "../../internal-modules/tailscale-advertise-routes" + + tailscale_advertise_aws_service_names = ["GLOBALACCELERATOR"] + tailscale_advertise_routes = [module.vpc.vpc_cidr_block] # ensure initial routes list is re-added +} + +module "tailscale_aws_ec2_autoscaling" { + source = "../internal-modules/aws-ec2-autoscaling/" + + // other inputs omitted + + additional_after_scripts = [ + module.tailscale-advertise-routes.routes_script, + ] +} +``` diff --git a/terraform/internal-modules/tailscale-advertise-routes/variables.tf b/terraform/internal-modules/tailscale-advertise-routes/variables.tf index aeab852..7192178 100644 --- a/terraform/internal-modules/tailscale-advertise-routes/variables.tf +++ b/terraform/internal-modules/tailscale-advertise-routes/variables.tf @@ -5,6 +5,7 @@ variable "tailscale_advertise_routes_from_file_on_host" { description = "File on the host to append (sorted and distinct) routes to" type = string + default = "/root/tailscale-routes-to-advertise.txt" } variable "tailscale_advertise_routes" { description = "List of subnets to advertise" diff --git a/terraform/internal-modules/tailscale-install-scripts/main.tf b/terraform/internal-modules/tailscale-install-scripts/main.tf index 2b43663..24585cc 100644 --- a/terraform/internal-modules/tailscale-install-scripts/main.tf +++ b/terraform/internal-modules/tailscale-install-scripts/main.tf @@ -14,7 +14,6 @@ locals { ]), after_scripts = flatten([ # scripts to run AFTER tailscale install - module.tailscale-advertise-routes.routes_script, var.additional_after_scripts, ]), } @@ -31,27 +30,10 @@ locals { tailscale_arguments = [ "--authkey=${var.tailscale_auth_key}", "--hostname=${var.tailscale_hostname}", - var.tailscale_ssh == false ? "" : "--ssh", - var.tailscale_advertise_connector == false ? "" : "--advertise-connector", - var.tailscale_advertise_exit_node == false ? "" : "--advertise-exit-node", - // Don't set --advertise-routes here, use advertise_routes_script instead. ] - ip_forwarding_required = local.ip_forwarding_script != "" - ip_forwarding_script = ( - var.tailscale_advertise_exit_node == false - && var.tailscale_advertise_connector == false - && length(var.tailscale_advertise_routes) == 0 ? - "" : templatefile("${path.module}/scripts/additional-scripts/ip-forwarding.tftpl", {}) - ) + ip_forwarding_required = length([for x in ["--advertise-exit-node", "--advertise-connector", "--advertise-routes"] : x if strcontains(x, "advertisfe")]) > 0 + ip_forwarding_script = local.ip_forwarding_required ? "" : templatefile("${path.module}/scripts/additional-scripts/ip-forwarding.tftpl", {}) ethtool_udp_optimization_script = templatefile("${path.module}/scripts/additional-scripts/ethtool-udp.tftpl", {}) } - -module "tailscale-advertise-routes" { - source = "../tailscale-advertise-routes" - tailscale_advertise_routes = var.tailscale_advertise_routes - - tailscale_advertise_routes_from_file_on_host = "/root/tailscale-routes-to-advertise.txt" - tailscale_advertise_aws_service_names = var.tailscale_advertise_aws_service_names -} diff --git a/terraform/internal-modules/tailscale-install-scripts/variables.tf b/terraform/internal-modules/tailscale-install-scripts/variables.tf index c7206f9..e4ff234 100644 --- a/terraform/internal-modules/tailscale-install-scripts/variables.tf +++ b/terraform/internal-modules/tailscale-install-scripts/variables.tf @@ -9,21 +9,6 @@ variable "tailscale_hostname" { description = "Hostname to assign to the device" type = string } -variable "tailscale_ssh" { - description = "Boolean flag to enable Tailscale SSH" - type = bool - default = true -} -variable "tailscale_advertise_exit_node" { - description = "Boolean flag to enable Tailscale Exit Node" - type = bool - default = false -} -variable "tailscale_advertise_connector" { - description = "Boolean flag to enable Tailscale App Connector" - type = bool - default = false -} variable "tailscale_set_preferences" { description = "Preferences to run via `tailscale set ...`. Do not include `tailscale set`." type = set(string) @@ -43,17 +28,3 @@ variable "additional_after_scripts" { type = list(string) default = [] } - -# -# Variables for tailscale-advertise-routes -# -variable "tailscale_advertise_routes" { - description = "List of routes to advertise" - type = set(string) - default = [] -} -variable "tailscale_advertise_aws_service_names" { - description = "List of AWS Services to retrieve IP prefixes for - e.g. ['GLOBALACCELERATOR','AMAZON']" - type = set(string) - default = [] -} From ef6d0063ddf1ce9aaba1458db6682fcefcdf32f0 Mon Sep 17 00:00:00 2001 From: Cameron Stokes Date: Sat, 17 Aug 2024 12:24:53 -0700 Subject: [PATCH 2/9] update aws-ec2-autoscaling-dual-subnet --- .../aws/aws-ec2-autoscaling-dual-subnet/main.tf | 16 ++++------------ .../internal-modules/aws-ec2-instance/main.tf | 6 ------ 2 files changed, 4 insertions(+), 18 deletions(-) diff --git a/terraform/aws/aws-ec2-autoscaling-dual-subnet/main.tf b/terraform/aws/aws-ec2-autoscaling-dual-subnet/main.tf index 1336006..710345b 100644 --- a/terraform/aws/aws-ec2-autoscaling-dual-subnet/main.tf +++ b/terraform/aws/aws-ec2-autoscaling-dual-subnet/main.tf @@ -69,21 +69,13 @@ module "tailscale_aws_ec2_autoscaling" { tailscale_auth_key = tailscale_tailnet_key.main.key tailscale_set_preferences = [ "--auto-update", + "--ssh", + "--advertise-routes=${join(",", [module.vpc.vpc_cidr_block])}", + "--advertise-exit-node=true", + "--advertise-connector=true", ] - tailscale_ssh = true - tailscale_advertise_exit_node = true - - tailscale_advertise_routes = [ - module.vpc.vpc_cidr_block, - ] - - tailscale_advertise_connector = true - # tailscale_advertise_aws_service_names = [ - # "GLOBALACCELERATOR", - # ] depends_on = [ module.vpc.natgw_ids, # ensure NAT gateway is available before instance provisioning - primarily for private subnets ] } - diff --git a/terraform/aws/internal-modules/aws-ec2-instance/main.tf b/terraform/aws/internal-modules/aws-ec2-instance/main.tf index 304b392..7145ada 100644 --- a/terraform/aws/internal-modules/aws-ec2-instance/main.tf +++ b/terraform/aws/internal-modules/aws-ec2-instance/main.tf @@ -1,15 +1,9 @@ module "tailscale_install_scripts" { source = "../../../internal-modules/tailscale-install-scripts" - tailscale_advertise_connector = var.tailscale_advertise_connector - tailscale_advertise_exit_node = var.tailscale_advertise_exit_node tailscale_auth_key = var.tailscale_auth_key tailscale_hostname = var.tailscale_hostname tailscale_set_preferences = var.tailscale_set_preferences - tailscale_ssh = var.tailscale_ssh - - tailscale_advertise_routes = var.tailscale_advertise_routes - tailscale_advertise_aws_service_names = var.tailscale_advertise_aws_service_names additional_before_scripts = var.additional_before_scripts additional_after_scripts = var.additional_after_scripts From 3aea8d61e575f0e1d300859b3ecce20e188340a6 Mon Sep 17 00:00:00 2001 From: Cameron Stokes Date: Sat, 17 Aug 2024 12:32:09 -0700 Subject: [PATCH 3/9] update aws-ec2-autoscaling-session-recorder --- terraform/aws/aws-ec2-autoscaling-session-recorder/main.tf | 2 +- terraform/aws/internal-modules/aws-ec2-instance/main.tf | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/terraform/aws/aws-ec2-autoscaling-session-recorder/main.tf b/terraform/aws/aws-ec2-autoscaling-session-recorder/main.tf index 56b790f..e3e2ebd 100644 --- a/terraform/aws/aws-ec2-autoscaling-session-recorder/main.tf +++ b/terraform/aws/aws-ec2-autoscaling-session-recorder/main.tf @@ -158,8 +158,8 @@ module "tailscale_aws_ec2_autoscaling" { tailscale_auth_key = tailscale_tailnet_key.main.key tailscale_set_preferences = [ "--auto-update", + "-ssh", ] - tailscale_ssh = true # # Set up Tailscale Session Recorder (tsrecorder) diff --git a/terraform/aws/internal-modules/aws-ec2-instance/main.tf b/terraform/aws/internal-modules/aws-ec2-instance/main.tf index 7145ada..f571791 100644 --- a/terraform/aws/internal-modules/aws-ec2-instance/main.tf +++ b/terraform/aws/internal-modules/aws-ec2-instance/main.tf @@ -1,9 +1,9 @@ module "tailscale_install_scripts" { source = "../../../internal-modules/tailscale-install-scripts" - tailscale_auth_key = var.tailscale_auth_key - tailscale_hostname = var.tailscale_hostname - tailscale_set_preferences = var.tailscale_set_preferences + tailscale_auth_key = var.tailscale_auth_key + tailscale_hostname = var.tailscale_hostname + tailscale_set_preferences = var.tailscale_set_preferences additional_before_scripts = var.additional_before_scripts additional_after_scripts = var.additional_after_scripts From fc43fa950a6fe5491461fc01aadd465ddc57c885 Mon Sep 17 00:00:00 2001 From: Cameron Stokes Date: Sat, 17 Aug 2024 12:41:41 -0700 Subject: [PATCH 4/9] update google --- terraform/google/google-compute-instance/main.tf | 10 ++++------ .../internal-modules/google-compute-instance/main.tf | 6 ------ 2 files changed, 4 insertions(+), 12 deletions(-) diff --git a/terraform/google/google-compute-instance/main.tf b/terraform/google/google-compute-instance/main.tf index 449d96d..7683962 100644 --- a/terraform/google/google-compute-instance/main.tf +++ b/terraform/google/google-compute-instance/main.tf @@ -59,13 +59,11 @@ module "tailscale_instance" { tailscale_auth_key = tailscale_tailnet_key.main.key tailscale_set_preferences = [ "--auto-update", + "--ssh", + "--advertise-routes=${join(",", module.vpc.subnets_ips)}", + "--advertise-exit-node=true", + "--advertise-connector=true", ] - tailscale_ssh = true - tailscale_advertise_exit_node = true - - tailscale_advertise_routes = module.vpc.subnets_ips - - tailscale_advertise_connector = true depends_on = [ module.vpc.nat_ids, # ensure NAT gateway is available before instance provisioning - primarily for private subnets diff --git a/terraform/google/internal-modules/google-compute-instance/main.tf b/terraform/google/internal-modules/google-compute-instance/main.tf index e4c7f97..6b4624b 100644 --- a/terraform/google/internal-modules/google-compute-instance/main.tf +++ b/terraform/google/internal-modules/google-compute-instance/main.tf @@ -1,15 +1,9 @@ module "tailscale_install_scripts" { source = "../../../internal-modules/tailscale-install-scripts" - tailscale_advertise_connector = var.tailscale_advertise_connector - tailscale_advertise_exit_node = var.tailscale_advertise_exit_node tailscale_auth_key = var.tailscale_auth_key tailscale_hostname = var.tailscale_hostname tailscale_set_preferences = var.tailscale_set_preferences - tailscale_ssh = var.tailscale_ssh - - tailscale_advertise_routes = var.tailscale_advertise_routes - tailscale_advertise_aws_service_names = var.tailscale_advertise_aws_service_names additional_before_scripts = var.additional_before_scripts additional_after_scripts = var.additional_after_scripts From 76728427b7308dee6897fcd6dedb5f4bea278ecf Mon Sep 17 00:00:00 2001 From: Cameron Stokes Date: Sat, 17 Aug 2024 12:41:48 -0700 Subject: [PATCH 5/9] update azure --- terraform/azure/azure-linux-vm/main.tf | 10 ++++------ .../azure/internal-modules/azure-linux-vm/main.tf | 6 ------ 2 files changed, 4 insertions(+), 12 deletions(-) diff --git a/terraform/azure/azure-linux-vm/main.tf b/terraform/azure/azure-linux-vm/main.tf index c464a8b..84a2888 100644 --- a/terraform/azure/azure-linux-vm/main.tf +++ b/terraform/azure/azure-linux-vm/main.tf @@ -66,13 +66,11 @@ module "tailscale_azure_linux_virtual_machine" { tailscale_auth_key = tailscale_tailnet_key.main.key tailscale_set_preferences = [ "--auto-update", + "--ssh", + "--advertise-routes=${join(",", module.network.vnet_address_space)}", + "--advertise-exit-node=true", + "--advertise-connector=true", ] - tailscale_ssh = true - tailscale_advertise_exit_node = true - - tailscale_advertise_routes = module.network.vnet_address_space - - tailscale_advertise_connector = true depends_on = [ module.network.natgw_ids, # for private subnets - ensure NAT gateway is available before instance provisioning diff --git a/terraform/azure/internal-modules/azure-linux-vm/main.tf b/terraform/azure/internal-modules/azure-linux-vm/main.tf index 7c4988d..9e89a46 100644 --- a/terraform/azure/internal-modules/azure-linux-vm/main.tf +++ b/terraform/azure/internal-modules/azure-linux-vm/main.tf @@ -1,15 +1,9 @@ module "tailscale_install_scripts" { source = "../../../internal-modules/tailscale-install-scripts" - tailscale_advertise_connector = var.tailscale_advertise_connector - tailscale_advertise_exit_node = var.tailscale_advertise_exit_node tailscale_auth_key = var.tailscale_auth_key tailscale_hostname = var.tailscale_hostname tailscale_set_preferences = var.tailscale_set_preferences - tailscale_ssh = var.tailscale_ssh - - tailscale_advertise_routes = var.tailscale_advertise_routes - tailscale_advertise_aws_service_names = var.tailscale_advertise_aws_service_names additional_before_scripts = var.additional_before_scripts additional_after_scripts = var.additional_after_scripts From 9c42830cd7f1e8aacc9a89be43da402e0ca8aa24 Mon Sep 17 00:00:00 2001 From: Cameron Stokes Date: Sat, 17 Aug 2024 12:43:58 -0700 Subject: [PATCH 6/9] update aws-ec2-instance-dual-stack-ipv4-ipv6 --- .../main.tf | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/terraform/aws/aws-ec2-instance-dual-stack-ipv4-ipv6/main.tf b/terraform/aws/aws-ec2-instance-dual-stack-ipv4-ipv6/main.tf index 0fadc53..22df94a 100644 --- a/terraform/aws/aws-ec2-instance-dual-stack-ipv4-ipv6/main.tf +++ b/terraform/aws/aws-ec2-instance-dual-stack-ipv4-ipv6/main.tf @@ -50,16 +50,14 @@ module "tailscale_aws_ec2" { tailscale_auth_key = tailscale_tailnet_key.main.key tailscale_set_preferences = [ "--auto-update", + "--ssh", + "--advertise-routes=${join(",", [ + module.vpc.vpc_cidr_block, + module.vpc.vpc_ipv6_cidr_block, + ])}", + "--advertise-exit-node=true", + "--advertise-connector=true", ] - tailscale_ssh = true - tailscale_advertise_exit_node = true - - tailscale_advertise_routes = concat( - [module.vpc.vpc_cidr_block], - [module.vpc.vpc_ipv6_cidr_block], - ) - - tailscale_advertise_connector = true depends_on = [ module.vpc.natgw_ids, # ensure NAT gateway is available before instance provisioning - primarily for private subnets From b7a3693298f6bd80517b44db24c876feb976f9ad Mon Sep 17 00:00:00 2001 From: Cameron Stokes Date: Sat, 17 Aug 2024 12:44:23 -0700 Subject: [PATCH 7/9] terraform fmt -recursive --- terraform/azure/internal-modules/azure-linux-vm/main.tf | 6 +++--- .../google/internal-modules/google-compute-instance/main.tf | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/terraform/azure/internal-modules/azure-linux-vm/main.tf b/terraform/azure/internal-modules/azure-linux-vm/main.tf index 9e89a46..6b378dc 100644 --- a/terraform/azure/internal-modules/azure-linux-vm/main.tf +++ b/terraform/azure/internal-modules/azure-linux-vm/main.tf @@ -1,9 +1,9 @@ module "tailscale_install_scripts" { source = "../../../internal-modules/tailscale-install-scripts" - tailscale_auth_key = var.tailscale_auth_key - tailscale_hostname = var.tailscale_hostname - tailscale_set_preferences = var.tailscale_set_preferences + tailscale_auth_key = var.tailscale_auth_key + tailscale_hostname = var.tailscale_hostname + tailscale_set_preferences = var.tailscale_set_preferences additional_before_scripts = var.additional_before_scripts additional_after_scripts = var.additional_after_scripts diff --git a/terraform/google/internal-modules/google-compute-instance/main.tf b/terraform/google/internal-modules/google-compute-instance/main.tf index 6b4624b..61c1691 100644 --- a/terraform/google/internal-modules/google-compute-instance/main.tf +++ b/terraform/google/internal-modules/google-compute-instance/main.tf @@ -1,9 +1,9 @@ module "tailscale_install_scripts" { source = "../../../internal-modules/tailscale-install-scripts" - tailscale_auth_key = var.tailscale_auth_key - tailscale_hostname = var.tailscale_hostname - tailscale_set_preferences = var.tailscale_set_preferences + tailscale_auth_key = var.tailscale_auth_key + tailscale_hostname = var.tailscale_hostname + tailscale_set_preferences = var.tailscale_set_preferences additional_before_scripts = var.additional_before_scripts additional_after_scripts = var.additional_after_scripts From 92354961175be257102a195ac6934e36d73e1674 Mon Sep 17 00:00:00 2001 From: Cameron Stokes Date: Sat, 17 Aug 2024 12:50:02 -0700 Subject: [PATCH 8/9] update aws-ec2-instance --- terraform/aws/aws-ec2-instance/main.tf | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/terraform/aws/aws-ec2-instance/main.tf b/terraform/aws/aws-ec2-instance/main.tf index 3784c06..47c6dd9 100644 --- a/terraform/aws/aws-ec2-instance/main.tf +++ b/terraform/aws/aws-ec2-instance/main.tf @@ -47,18 +47,11 @@ module "tailscale_aws_ec2" { tailscale_auth_key = tailscale_tailnet_key.main.key tailscale_set_preferences = [ "--auto-update", + "--ssh", + "--advertise-connector", + "--advertise-exit-node", + "--advertise-routes=${join(",", [module.vpc.vpc_cidr_block])}", ] - tailscale_ssh = true - tailscale_advertise_exit_node = true - - tailscale_advertise_routes = [ - module.vpc.vpc_cidr_block, - ] - - tailscale_advertise_connector = true - # tailscale_advertise_aws_service_names = [ - # "GLOBALACCELERATOR", - # ] depends_on = [ module.vpc.natgw_ids, # ensure NAT gateway is available before instance provisioning - primarily for private subnets From f99413d4317166b7c26abdb5d86c69fc5f6efdf8 Mon Sep 17 00:00:00 2001 From: Cameron Stokes Date: Sat, 17 Aug 2024 12:50:18 -0700 Subject: [PATCH 9/9] remove unnecessary `=true` in args --- terraform/aws/aws-ec2-autoscaling-dual-subnet/main.tf | 4 ++-- terraform/aws/aws-ec2-autoscaling/main.tf | 4 ++-- terraform/aws/aws-ec2-instance-dual-stack-ipv4-ipv6/main.tf | 4 ++-- terraform/azure/azure-linux-vm/main.tf | 4 ++-- terraform/google/google-compute-instance/main.tf | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/terraform/aws/aws-ec2-autoscaling-dual-subnet/main.tf b/terraform/aws/aws-ec2-autoscaling-dual-subnet/main.tf index 710345b..4ad2a0d 100644 --- a/terraform/aws/aws-ec2-autoscaling-dual-subnet/main.tf +++ b/terraform/aws/aws-ec2-autoscaling-dual-subnet/main.tf @@ -70,9 +70,9 @@ module "tailscale_aws_ec2_autoscaling" { tailscale_set_preferences = [ "--auto-update", "--ssh", + "--advertise-connector", + "--advertise-exit-node", "--advertise-routes=${join(",", [module.vpc.vpc_cidr_block])}", - "--advertise-exit-node=true", - "--advertise-connector=true", ] depends_on = [ diff --git a/terraform/aws/aws-ec2-autoscaling/main.tf b/terraform/aws/aws-ec2-autoscaling/main.tf index fad3e8c..1ceb9b2 100644 --- a/terraform/aws/aws-ec2-autoscaling/main.tf +++ b/terraform/aws/aws-ec2-autoscaling/main.tf @@ -59,9 +59,9 @@ module "tailscale_aws_ec2_autoscaling" { tailscale_set_preferences = [ "--auto-update", "--ssh", + "--advertise-connector", + "--advertise-exit-node", "--advertise-routes=${join(",", [module.vpc.vpc_cidr_block])}", - "--advertise-exit-node=true", - "--advertise-connector=true", ] depends_on = [ diff --git a/terraform/aws/aws-ec2-instance-dual-stack-ipv4-ipv6/main.tf b/terraform/aws/aws-ec2-instance-dual-stack-ipv4-ipv6/main.tf index 22df94a..5ddb48d 100644 --- a/terraform/aws/aws-ec2-instance-dual-stack-ipv4-ipv6/main.tf +++ b/terraform/aws/aws-ec2-instance-dual-stack-ipv4-ipv6/main.tf @@ -51,12 +51,12 @@ module "tailscale_aws_ec2" { tailscale_set_preferences = [ "--auto-update", "--ssh", + "--advertise-connector", + "--advertise-exit-node", "--advertise-routes=${join(",", [ module.vpc.vpc_cidr_block, module.vpc.vpc_ipv6_cidr_block, ])}", - "--advertise-exit-node=true", - "--advertise-connector=true", ] depends_on = [ diff --git a/terraform/azure/azure-linux-vm/main.tf b/terraform/azure/azure-linux-vm/main.tf index 84a2888..d6b4d33 100644 --- a/terraform/azure/azure-linux-vm/main.tf +++ b/terraform/azure/azure-linux-vm/main.tf @@ -67,9 +67,9 @@ module "tailscale_azure_linux_virtual_machine" { tailscale_set_preferences = [ "--auto-update", "--ssh", + "--advertise-connector", + "--advertise-exit-node", "--advertise-routes=${join(",", module.network.vnet_address_space)}", - "--advertise-exit-node=true", - "--advertise-connector=true", ] depends_on = [ diff --git a/terraform/google/google-compute-instance/main.tf b/terraform/google/google-compute-instance/main.tf index 7683962..5a4278a 100644 --- a/terraform/google/google-compute-instance/main.tf +++ b/terraform/google/google-compute-instance/main.tf @@ -60,9 +60,9 @@ module "tailscale_instance" { tailscale_set_preferences = [ "--auto-update", "--ssh", + "--advertise-connector", + "--advertise-exit-node", "--advertise-routes=${join(",", module.vpc.subnets_ips)}", - "--advertise-exit-node=true", - "--advertise-connector=true", ] depends_on = [