terraform: add more Tailscale resources

terraform/.terraform.lock.hcl

@@ -1,6 +1,24 @@
 # This file is maintained automatically by "tofu init".
 # Manual edits may be lost in future updates.
 
+provider "registry.opentofu.org/hashicorp/local" {
+  version     = "2.5.2"
+  constraints = "2.5.2"
+  hashes = [
+    "h1:6lS+5A/4WFAqY3/RHWFRBSiFVLPRjvLaUgxPQvjXLHU=",
+    "zh:25b95b76ceaa62b5c95f6de2fa6e6242edbf51e7fc6c057b7f7101aa4081f64f",
+    "zh:3c974fdf6b42ca6f93309cf50951f345bfc5726ec6013b8832bcd3be0eb3429e",
+    "zh:5de843bf6d903f5cca97ce1061e2e06b6441985c68d013eabd738a9e4b828278",
+    "zh:86beead37c7b4f149a54d2ae633c99ff92159c748acea93ff0f3603d6b4c9f4f",
+    "zh:8e52e81d3dc50c3f79305d257da7fde7af634fed65e6ab5b8e214166784a720e",
+    "zh:9882f444c087c69559873b2d72eec406a40ede21acb5ac334d6563bf3a2387df",
+    "zh:a4484193d110da4a06c7bffc44cc6b61d3b5e881cd51df2a83fdda1a36ea25d2",
+    "zh:a53342426d173e29d8ee3106cb68abecdf4be301a3f6589e4e8d42015befa7da",
+    "zh:d25ef2aef6a9004363fc6db80305d30673fc1f7dd0b980d41d863b12dacd382a",
+    "zh:fa2d522fb323e2121f65b79709fd596514b293d816a1d969af8f72d108888e4c",
+  ]
+}
+
 provider "registry.opentofu.org/hetznercloud/hcloud" {
   version     = "1.48.1"
   constraints = "1.48.1"
@@ -23,6 +41,28 @@ provider "registry.opentofu.org/hetznercloud/hcloud" {
   ]
 }
 
+provider "registry.opentofu.org/tailscale/tailscale" {
+  version     = "0.17.2"
+  constraints = "0.17.2"
+  hashes = [
+    "h1:0bZpffptYi/bXOXEnFjUYD6UwaR4vqUdMULdeeBhz84=",
+    "zh:13d21db507bfb17018005c5c4f19314591a5734c76bcd51ab6e80984164c2a71",
+    "zh:13dbb3d978aca16f66c49596e5a38d236264d10a66879dc0d06839aca9cdad3f",
+    "zh:1589a8b006da14d60e3fcd55fbc465ccdce7a99e833b6a7455fbf81be59f07f3",
+    "zh:1de3673533c0c20c4fc6070822f0c416a64734656f2e181e6bab5e9df5383ed9",
+    "zh:24eaaf37dacb48e26b53a2a0491ffa7bc5c1977d9c27753ada734ed0191f28aa",
+    "zh:2a0890a012829aa370bb930a8155af49accf53832324e8124e123d0679878c3c",
+    "zh:4f8a462d462b0942add33cf376655c0470b6826db34e57aecc9a62742e286283",
+    "zh:5cf38de52c7e2e8f3a5f8e05e1fbef4db4545c5b2dc2f89b0bfb4b8eea293a14",
+    "zh:8bbf0a4c9a6c37b31dda332a8a7436516fc62ce777e0e586772883f39de56e52",
+    "zh:9213bbdea053d1edbeccb51a7e86829e1539b5295fba08bf0eda9af729e8ba60",
+    "zh:9a645a49430297e27304e93ebc699fcb0d1a068ba8b431c4ec0f9ad4a4e134bf",
+    "zh:b3b70b083161cb97ef0618be579453d13b25ba95c785744cd0c4a84eecc7a0f9",
+    "zh:b3e1e5ac6087120ef548d2ceeafef1b0b469aad17a84eb873f0f4d5eaa2bf6f9",
+    "zh:e323626e070442308bcadfcc51a3ce5b0e6ae41a7632f82bb24318706920a9d3",
+  ]
+}
+
 provider "registry.opentofu.org/timohirt/hetznerdns" {
   version     = "2.2.0"
   constraints = "2.2.0"

terraform/tailscale.tf

@@ -0,0 +1,49 @@
+data "tailscale_devices" "foodogsquared" {
+  name_prefix = "foodogsquared-"
+}
+
+resource "tailscale_contacts" "default" {
+  account {
+    email = "foodogsquared@foodogsquared.one"
+  }
+
+  support {
+    email = "foodogsquared@foodogsquared.one"
+  }
+
+  security {
+    email = "welp@foodogsquared.one"
+  }
+}
+
+resource "tailscale_acl" "basic" {
+  acl = jsonencode({
+    tagOwners : {
+      "tag:dev": [ "group:dev" ],
+      "tag:server": [ "group:admin" ],
+      "tag:family": [
+        "foodogsquared@foodogsquared.one"
+      ],
+    }
+    groups : {
+      "group:admin": [ "foodogsquared@foodogsquared.one" ],
+      "group:dev": [ "foodogsquared@foodogsquared.one" ],
+    }
+    ssh : [
+      {
+        action: "accept"
+        src: [ "autogroup:members" ]
+        dst: [ "autogroup:self" ]
+        users: [ "autogroup:nonroot" ]
+      },
+
+      {
+        action: "accept"
+        src: [ "group:dev" ]
+        dst: [ "tag:dev" ]
+        users: [ "admin" ]
+      }
+    ]
+  })
+  depends_on = [ module.hetzner_vps_plover ]
+}

terraform/version.tf

@@ -9,5 +9,10 @@ terraform {
       source = "timohirt/hetznerdns"
       version = "2.2.0"
     }
+
+    tailscale = {
+      source = "tailscale/tailscale"
+      version = "0.17.2"
+    }
   }
 }