diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl index 05ca9cfd..aa5c9f27 100644 --- a/terraform/.terraform.lock.hcl +++ b/terraform/.terraform.lock.hcl @@ -1,6 +1,24 @@ # This file is maintained automatically by "tofu init". # Manual edits may be lost in future updates. +provider "registry.opentofu.org/hashicorp/local" { + version = "2.5.2" + constraints = "2.5.2" + hashes = [ + "h1:6lS+5A/4WFAqY3/RHWFRBSiFVLPRjvLaUgxPQvjXLHU=", + "zh:25b95b76ceaa62b5c95f6de2fa6e6242edbf51e7fc6c057b7f7101aa4081f64f", + "zh:3c974fdf6b42ca6f93309cf50951f345bfc5726ec6013b8832bcd3be0eb3429e", + "zh:5de843bf6d903f5cca97ce1061e2e06b6441985c68d013eabd738a9e4b828278", + "zh:86beead37c7b4f149a54d2ae633c99ff92159c748acea93ff0f3603d6b4c9f4f", + "zh:8e52e81d3dc50c3f79305d257da7fde7af634fed65e6ab5b8e214166784a720e", + "zh:9882f444c087c69559873b2d72eec406a40ede21acb5ac334d6563bf3a2387df", + "zh:a4484193d110da4a06c7bffc44cc6b61d3b5e881cd51df2a83fdda1a36ea25d2", + "zh:a53342426d173e29d8ee3106cb68abecdf4be301a3f6589e4e8d42015befa7da", + "zh:d25ef2aef6a9004363fc6db80305d30673fc1f7dd0b980d41d863b12dacd382a", + "zh:fa2d522fb323e2121f65b79709fd596514b293d816a1d969af8f72d108888e4c", + ] +} + provider "registry.opentofu.org/hetznercloud/hcloud" { version = "1.48.1" constraints = "1.48.1" @@ -23,6 +41,28 @@ provider "registry.opentofu.org/hetznercloud/hcloud" { ] } +provider "registry.opentofu.org/tailscale/tailscale" { + version = "0.17.2" + constraints = "0.17.2" + hashes = [ + "h1:0bZpffptYi/bXOXEnFjUYD6UwaR4vqUdMULdeeBhz84=", + "zh:13d21db507bfb17018005c5c4f19314591a5734c76bcd51ab6e80984164c2a71", + "zh:13dbb3d978aca16f66c49596e5a38d236264d10a66879dc0d06839aca9cdad3f", + "zh:1589a8b006da14d60e3fcd55fbc465ccdce7a99e833b6a7455fbf81be59f07f3", + "zh:1de3673533c0c20c4fc6070822f0c416a64734656f2e181e6bab5e9df5383ed9", + "zh:24eaaf37dacb48e26b53a2a0491ffa7bc5c1977d9c27753ada734ed0191f28aa", + "zh:2a0890a012829aa370bb930a8155af49accf53832324e8124e123d0679878c3c", + "zh:4f8a462d462b0942add33cf376655c0470b6826db34e57aecc9a62742e286283", + "zh:5cf38de52c7e2e8f3a5f8e05e1fbef4db4545c5b2dc2f89b0bfb4b8eea293a14", + "zh:8bbf0a4c9a6c37b31dda332a8a7436516fc62ce777e0e586772883f39de56e52", + "zh:9213bbdea053d1edbeccb51a7e86829e1539b5295fba08bf0eda9af729e8ba60", + "zh:9a645a49430297e27304e93ebc699fcb0d1a068ba8b431c4ec0f9ad4a4e134bf", + "zh:b3b70b083161cb97ef0618be579453d13b25ba95c785744cd0c4a84eecc7a0f9", + "zh:b3e1e5ac6087120ef548d2ceeafef1b0b469aad17a84eb873f0f4d5eaa2bf6f9", + "zh:e323626e070442308bcadfcc51a3ce5b0e6ae41a7632f82bb24318706920a9d3", + ] +} + provider "registry.opentofu.org/timohirt/hetznerdns" { version = "2.2.0" constraints = "2.2.0" diff --git a/terraform/tailscale.tf b/terraform/tailscale.tf new file mode 100644 index 00000000..a1d35c39 --- /dev/null +++ b/terraform/tailscale.tf @@ -0,0 +1,49 @@ +data "tailscale_devices" "foodogsquared" { + name_prefix = "foodogsquared-" +} + +resource "tailscale_contacts" "default" { + account { + email = "foodogsquared@foodogsquared.one" + } + + support { + email = "foodogsquared@foodogsquared.one" + } + + security { + email = "welp@foodogsquared.one" + } +} + +resource "tailscale_acl" "basic" { + acl = jsonencode({ + tagOwners : { + "tag:dev": [ "group:dev" ], + "tag:server": [ "group:admin" ], + "tag:family": [ + "foodogsquared@foodogsquared.one" + ], + } + groups : { + "group:admin": [ "foodogsquared@foodogsquared.one" ], + "group:dev": [ "foodogsquared@foodogsquared.one" ], + } + ssh : [ + { + action: "accept" + src: [ "autogroup:members" ] + dst: [ "autogroup:self" ] + users: [ "autogroup:nonroot" ] + }, + + { + action: "accept" + src: [ "group:dev" ] + dst: [ "tag:dev" ] + users: [ "admin" ] + } + ] + }) + depends_on = [ module.hetzner_vps_plover ] +} diff --git a/terraform/version.tf b/terraform/version.tf index 5f5c1832..8378b9bc 100644 --- a/terraform/version.tf +++ b/terraform/version.tf @@ -9,5 +9,10 @@ terraform { source = "timohirt/hetznerdns" version = "2.2.0" } + + tailscale = { + source = "tailscale/tailscale" + version = "0.17.2" + } } }