From 32e977877247dce9f225fb29416c8228ca4c227f Mon Sep 17 00:00:00 2001 From: arcnmx Date: Thu, 5 Sep 2024 16:42:05 -0700 Subject: [PATCH] fix(tf): tailscale tag indirection --- tf/tailscale_devices.tf | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/tf/tailscale_devices.tf b/tf/tailscale_devices.tf index ca8ed215..4e2062b0 100644 --- a/tf/tailscale_devices.tf +++ b/tf/tailscale_devices.tf @@ -2,13 +2,16 @@ locals { tailscale_tag_infra = "tag:infrastructure" tailscale_tag_genso = "tag:gensokyo" tailscale_tag_reisen = "tag:reisen" - tailscale_tag_arc = "tag:arc" - tailscale_tag_kat = "tag:kat" - tailscale_group_admin = "autogroup:admin" + tailscale_tag_arc = "tag:arc" + tailscale_tag_arc_deploy = "tag:arc-deploy" + tailscale_tag_kat = "tag:kat" + tailscale_tag_kat_deploy = "tag:kat-deploy" tailscale_user_arc = "arc@${var.tailscale_tailnet}" tailscale_user_kat = "kat@${var.tailscale_tailnet}" + + tailscale_group_admin = "autogroup:admin" } resource "tailscale_acl" "tailnet" { @@ -16,9 +19,11 @@ resource "tailscale_acl" "tailnet" { tagOwners = { "${local.tailscale_tag_infra}" : [local.tailscale_group_admin], "${local.tailscale_tag_reisen}" : [local.tailscale_group_admin, local.tailscale_tag_infra], - "${local.tailscale_tag_genso}" : [local.tailscale_group_admin, local.tailscale_tag_arc, local.tailscale_tag_kat], - "${local.tailscale_tag_arc}" : [local.tailscale_user_arc], - "${local.tailscale_tag_kat}" : [local.tailscale_user_kat], + "${local.tailscale_tag_genso}" : [local.tailscale_group_admin, local.tailscale_tag_arc_deploy, local.tailscale_tag_kat_deploy], + "${local.tailscale_tag_arc}" : [local.tailscale_user_arc, local.tailscale_tag_arc_deploy], + "${local.tailscale_tag_arc_deploy}" : [local.tailscale_user_arc], + "${local.tailscale_tag_kat}" : [local.tailscale_user_kat, local.tailscale_tag_kat_deploy], + "${local.tailscale_tag_kat_deploy}" : [local.tailscale_user_kat], } acls = [ {