mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-09 04:19:19 -08:00
feat(tf): tailscale
This commit is contained in:
arcnmx
parent
ff688fb97a
commit
a618279fed
10 changed files with 111 additions and 22 deletions
|
|
@ -4,7 +4,11 @@
|
||||||
pkgs,
|
pkgs,
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
with lib; let
|
let
|
||||||
|
inherit (lib.options) mkEnableOption;
|
||||||
|
inherit (lib.modules) mkIf mkDefault;
|
||||||
|
inherit (lib.strings) optionalString;
|
||||||
|
inherit (lib.meta) getExe;
|
||||||
cfg = config.services.tailscale;
|
cfg = config.services.tailscale;
|
||||||
in {
|
in {
|
||||||
options.services.tailscale = with types; {
|
options.services.tailscale = with types; {
|
||||||
|
|
@ -27,7 +31,9 @@ in {
|
||||||
|
|
||||||
services.tailscale.enable = mkDefault true;
|
services.tailscale.enable = mkDefault true;
|
||||||
|
|
||||||
sops.secrets.tailscale-key = mkIf cfg.enable {};
|
sops.secrets.tailscale-key = mkIf cfg.enable {
|
||||||
|
sopsFile = mkDefault ./secrets/tailscale.yaml;
|
||||||
|
};
|
||||||
systemd.services.tailscale-autoconnect = mkIf cfg.enable rec {
|
systemd.services.tailscale-autoconnect = mkIf cfg.enable rec {
|
||||||
description = "Automatic connection to Tailscale";
|
description = "Automatic connection to Tailscale";
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,3 @@
|
||||||
tailscale-key: ENC[AES256_GCM,data:xPRB5YqJxDEcesHB3og1Gw0g8y1pgILN/BPt4Wxzznw8l+zSgbIt9HIUVxyCjFHqUEGt3FmUAhk=,iv:8FA7r5GhsYuG0dNDkm7O+jHtxNxTdA4lLQrOHUxoSNk=,tag:hWgMBmQAq8mi4775K/wgfA==,type:str]
|
|
||||||
sops:
|
sops:
|
||||||
shamir_threshold: 1
|
shamir_threshold: 1
|
||||||
kms: []
|
kms: []
|
||||||
|
|
@ -15,8 +14,8 @@ sops:
|
||||||
dDdDUVNiS3JQakxYelBkYUJuYlpUNGMKKPwnEeeuk7duE8X6fyuPCEyFJjnwgcXb
|
dDdDUVNiS3JQakxYelBkYUJuYlpUNGMKKPwnEeeuk7duE8X6fyuPCEyFJjnwgcXb
|
||||||
1yW0OY0sLOIjSBAacDg4z+nTG4G0rqmwokS9MF3nHv0KCRF6Iv1f1Q==
|
1yW0OY0sLOIjSBAacDg4z+nTG4G0rqmwokS9MF3nHv0KCRF6Iv1f1Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-02-12T19:30:41Z"
|
lastmodified: "2024-09-05T20:35:18Z"
|
||||||
mac: ENC[AES256_GCM,data:WG2588t0RzQ4jYULy/IyRMCrjDgApAHgZL0GEMV0t7ZVtcXgu+v6uUAC7u3VdctBE+tNKmO9qybeUHkRrNko/zm/v32f0bad435EVcBdMM3H+AkuctOYaXKOjUC1n7ySLlTREjR1JPT3RhSnt+pTqR8r4EFC73PquZcqi1kBOQw=,iv:CN+X6HaChq9s94JaP6YMBGcrg6fXqHHTK2i666chhLI=,tag:vNuAWQ20G/t95d8Yn3YPGQ==,type:str]
|
mac: ENC[AES256_GCM,data:FMRTKVv4qO4Q/lox8hshC4I53JhnzDZX0P/b98PBuwIM3OlGDzHBiAp6or/pO67aVufgr91oRrh9g3ZH3MBBokcoYnDZhtgbcZ3vSl3lqWFeCUAHImqcOLPSQSUAGK8IraSypZFT6S06Fkj3i4ieEGranPWUkNO90N3D8BnKUpE=,iv:InIqRn0admX5gbGi464oRqxOMwr+iVY6T1gMcwOh5/s=,tag:CfQp/0MeEHNaSfsq2VbcAw==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2024-02-12T20:14:27Z"
|
- created_at: "2024-02-12T20:14:27Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
|
|
@ -54,4 +53,4 @@ sops:
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: 65BD3044771CB6FB
|
fp: 65BD3044771CB6FB
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.9.0
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,3 @@
|
||||||
tailscale-key: ENC[AES256_GCM,data:HmowloL0TsKM/XFI5GDd6Nl+9uSZcYevB6CObq1Eg5cvyhtb4pJgMA2GRxE6mJQXva5cet56Udlj,iv:4gSDgWIAAZLokvJzEW+JF0xoNzHr4zW1Zc9qJdpgcc0=,tag:hWMRNc6Odfi19HnjwQSGgQ==,type:str]
|
|
||||||
cloudflared-tunnel-hakurei: ENC[AES256_GCM,data:Pwj8/8RSLrfylwl1Et6SHOJSMWxm+Kn1WpYgZhvWoUQ9GsiuRFf2j0mdu36zid9N+6QC3NK9yv6mMfIgvLJkjXhiYtMidZD4e6a4kQMVbbui+Ohj6wf92Jg5rRdassFHJZSCyZtbaeBXqOzzqF51QrEEWRFxfxt6cvwqZjvSMsbctjltwiD7CehhzQGvDdstZAsVhJC6c+GKDs5pFU3KPTTIHc6b1IzZFijgJZKtNNgKrc4Wqw0=,iv:i2YZq7WMuKiDEHMUJS3QD+SP68Rkpt2fS4X8pkv8s3I=,tag:+0RuoOBf9Vm6aJdCsDfvKg==,type:str]
|
cloudflared-tunnel-hakurei: ENC[AES256_GCM,data:Pwj8/8RSLrfylwl1Et6SHOJSMWxm+Kn1WpYgZhvWoUQ9GsiuRFf2j0mdu36zid9N+6QC3NK9yv6mMfIgvLJkjXhiYtMidZD4e6a4kQMVbbui+Ohj6wf92Jg5rRdassFHJZSCyZtbaeBXqOzzqF51QrEEWRFxfxt6cvwqZjvSMsbctjltwiD7CehhzQGvDdstZAsVhJC6c+GKDs5pFU3KPTTIHc6b1IzZFijgJZKtNNgKrc4Wqw0=,iv:i2YZq7WMuKiDEHMUJS3QD+SP68Rkpt2fS4X8pkv8s3I=,tag:+0RuoOBf9Vm6aJdCsDfvKg==,type:str]
|
||||||
tf-proxmox-passwd: ENC[AES256_GCM,data:kLLFPr5jILsUt7yecUc1Eb1V9hXEUFBytT7ehcwLv7W9Vfar/BdMQasNecs8S1Ilt7uAjpiXIkNGr5hkktNanIegJw539B43Pnk=,iv:rOy27QkhMM7LrNgYoHgZCwoZHtzUzDrUnhroLSqbKSw=,tag:HkFBkiws/jlQmXP8SpcUYg==,type:str]
|
tf-proxmox-passwd: ENC[AES256_GCM,data:kLLFPr5jILsUt7yecUc1Eb1V9hXEUFBytT7ehcwLv7W9Vfar/BdMQasNecs8S1Ilt7uAjpiXIkNGr5hkktNanIegJw539B43Pnk=,iv:rOy27QkhMM7LrNgYoHgZCwoZHtzUzDrUnhroLSqbKSw=,tag:HkFBkiws/jlQmXP8SpcUYg==,type:str]
|
||||||
tf-proxmox-identity: ENC[AES256_GCM,data:DxcMFL9FqeulnxRZZHn4ByuRBPSI3hrAntvtwONDFIJhm7G9X2YPij9K36Sl7pE9oTHu/BQCFQdypt4LJyLVIg2AuTJusf1UCR1YcECEPnjFkJybM2Ggiuo34rrJOZh3b9SzD64ks4fFgv9S5P1JuOW9LewjH75v0iAZHvskznak0QiVgPy24pnRQwpR7znkjrH5Hmx9UHZ4JDIw7y8rXWBl7/HOV8mAsZOWZVwuhtKt+se/CDlaG2AlVJJmCjpAi5bi0yfhXlWXfjSy6cyhVCgiv4Ua+V4F+JSyZHk+wMEmICROWzmUuu5ZT2iHkh1SS9AutH307JNF8muDVzdZUVxdpQQHEFCu+SNjhEdcgJdmSZ3O04glzPZTBTAl2PLFGKXMKq24bLtBQquoWw2wneu1/Gha6bIpMjxJFmmaLaAoL9OPDysBALsTJxpsH38g12sk3t2Lk2EYCluyp313CTmWDVj0O8DT//Daigvk2eFmc72WCTsY4bucof9mF4/mzDAdDZDKOx7EAYVJmYgRW8HJK/nv4MQEidqy,iv:dUUGP+HspbqutGpcGxrVn8071S+h8nobUlfgUuFz9io=,tag:HhgrC6699p36RFzpSwvf0Q==,type:str]
|
tf-proxmox-identity: ENC[AES256_GCM,data:DxcMFL9FqeulnxRZZHn4ByuRBPSI3hrAntvtwONDFIJhm7G9X2YPij9K36Sl7pE9oTHu/BQCFQdypt4LJyLVIg2AuTJusf1UCR1YcECEPnjFkJybM2Ggiuo34rrJOZh3b9SzD64ks4fFgv9S5P1JuOW9LewjH75v0iAZHvskznak0QiVgPy24pnRQwpR7znkjrH5Hmx9UHZ4JDIw7y8rXWBl7/HOV8mAsZOWZVwuhtKt+se/CDlaG2AlVJJmCjpAi5bi0yfhXlWXfjSy6cyhVCgiv4Ua+V4F+JSyZHk+wMEmICROWzmUuu5ZT2iHkh1SS9AutH307JNF8muDVzdZUVxdpQQHEFCu+SNjhEdcgJdmSZ3O04glzPZTBTAl2PLFGKXMKq24bLtBQquoWw2wneu1/Gha6bIpMjxJFmmaLaAoL9OPDysBALsTJxpsH38g12sk3t2Lk2EYCluyp313CTmWDVj0O8DT//Daigvk2eFmc72WCTsY4bucof9mF4/mzDAdDZDKOx7EAYVJmYgRW8HJK/nv4MQEidqy,iv:dUUGP+HspbqutGpcGxrVn8071S+h8nobUlfgUuFz9io=,tag:HhgrC6699p36RFzpSwvf0Q==,type:str]
|
||||||
|
|
@ -19,8 +18,8 @@ sops:
|
||||||
ZEpzdWJZWGdEaElLZUc1YW5ON0YrM2MKk/dZvaFVzfkMD3poreaDGfJwG5j5fL3L
|
ZEpzdWJZWGdEaElLZUc1YW5ON0YrM2MKk/dZvaFVzfkMD3poreaDGfJwG5j5fL3L
|
||||||
kuV/3fEHBf5HszR/VTy/bZ2+abN6x3UG5h0l+QaS9ux+mtwFCyYYjg==
|
kuV/3fEHBf5HszR/VTy/bZ2+abN6x3UG5h0l+QaS9ux+mtwFCyYYjg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-03-17T22:21:26Z"
|
lastmodified: "2024-09-05T20:34:57Z"
|
||||||
mac: ENC[AES256_GCM,data:q0YqiY24G58KUk6UJ2kqjtERe9AcTSsb2MS3CP8zyPUVrYtP0V8MUyJ0z7ZfbeD0cXlY6UtVLBV+EwXyFCyR2enyP1FufAdR7jQLxDS219JPVipKfOGu12N3F7e91PK4Glh36bVoBNsXjbtWlQMiwZe7sV9e/rnRBe3gks6PCnU=,iv:A7i8+WKZwifRBTwrBnxMDHk6JtvqD7JVZA7TXShKJRM=,tag:dpJ/J/AUHXx4F98PuqEbjw==,type:str]
|
mac: ENC[AES256_GCM,data:HiKKvpvkZK4oTVgbFMHS+sducf4y15/6jGbeBjcXRZVfBQQaHKP/OTgkVtsFmX+qIpwIBVOqmPtEkRiBqlGXHtnsD7e0JczWLxKh3s/rf5pZKRTnS7hROWAP48qiIEqSNSy4kkltHOsnz/W2n0+nXe1QoMmlXnCvG1mVbVrJvPo=,iv:OtkteqXGWAcbQi0zyy/1h5FTgw2X8Qbx5i5rWvCrLOc=,tag:V880Zj9cpKUjoi6Bj+SFIQ==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2024-01-19T18:57:37Z"
|
- created_at: "2024-01-19T18:57:37Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
|
|
@ -58,4 +57,4 @@ sops:
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: 65BD3044771CB6FB
|
fp: 65BD3044771CB6FB
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.9.0
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,3 @@
|
||||||
tailscale-key: ENC[AES256_GCM,data:0ify9ntv5wgr8S8wUdV72mbjt3h/jjceFnocMEIndeEJ1VYTINKlyoPL8VxVJpsi0QxtH7T7pvw=,iv:iapyEmjAT2gGBj+fTfSRtGX1/cvBmqbyI9h1flPprPM=,tag:UZDyojQcVwkquDPiRtfGKQ==,type:str]
|
|
||||||
cloudflared-tunnel-apartment: ENC[AES256_GCM,data:+E2kqSI52WANem2rqwahuv0F99g8tCs32X1+Lv0f3pyMHcCZF6zjZ2cFIeFsLMxxNiF3trsLd0hJuQyW9nwk/i0VlWY0wgMLEJ3EDpV1kyJBlwX1+84PL2MFsNSqtxQYt3kFIr5u3a6MtIjG5PXROfCc4T/dCk9VQ7iK+W2GmRDI6kA4ystorHWAtrOpc9hkuMsBUzLfiZKdau5fHmf7gJN5T1T+hxTEd51ESoD5qKw6sHgRUyWOIhxcTqZfoPSnA1drrxo9aqax9wCCp8LuVZMr/zSaWNSKioTCmBWdbfHuVl1ZP9N+B4vr19bM9DugLNzDI/0wGBVf7gPyH/5D7lEl2swmf3p1bawCs4sGr/Y+xWL1SHHzyYDhh65Y7ivc8LU/me3cKcOMNgq8ru4=,iv:O23T0H0BzkxwI1v7QdZmYrDAA/NFXxZgbFPpNfXfeZ0=,tag:8S6yRCyPkiTlo8tM98++mA==,type:str]
|
cloudflared-tunnel-apartment: ENC[AES256_GCM,data:+E2kqSI52WANem2rqwahuv0F99g8tCs32X1+Lv0f3pyMHcCZF6zjZ2cFIeFsLMxxNiF3trsLd0hJuQyW9nwk/i0VlWY0wgMLEJ3EDpV1kyJBlwX1+84PL2MFsNSqtxQYt3kFIr5u3a6MtIjG5PXROfCc4T/dCk9VQ7iK+W2GmRDI6kA4ystorHWAtrOpc9hkuMsBUzLfiZKdau5fHmf7gJN5T1T+hxTEd51ESoD5qKw6sHgRUyWOIhxcTqZfoPSnA1drrxo9aqax9wCCp8LuVZMr/zSaWNSKioTCmBWdbfHuVl1ZP9N+B4vr19bM9DugLNzDI/0wGBVf7gPyH/5D7lEl2swmf3p1bawCs4sGr/Y+xWL1SHHzyYDhh65Y7ivc8LU/me3cKcOMNgq8ru4=,iv:O23T0H0BzkxwI1v7QdZmYrDAA/NFXxZgbFPpNfXfeZ0=,tag:8S6yRCyPkiTlo8tM98++mA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
shamir_threshold: 1
|
shamir_threshold: 1
|
||||||
|
|
@ -16,8 +15,8 @@ sops:
|
||||||
bGU0VHd0aFhHRC91WHh0Z0Y4TTE5QzgKpHehWfoJT4F1TtMHJ0tZkoJAPFAihQ7T
|
bGU0VHd0aFhHRC91WHh0Z0Y4TTE5QzgKpHehWfoJT4F1TtMHJ0tZkoJAPFAihQ7T
|
||||||
aunsQeLHJkHv1eWKpraTmo+04GVZofwId/1TtOContveBynfxcuG7Q==
|
aunsQeLHJkHv1eWKpraTmo+04GVZofwId/1TtOContveBynfxcuG7Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-01-16T19:17:58Z"
|
lastmodified: "2024-09-05T20:35:04Z"
|
||||||
mac: ENC[AES256_GCM,data:uq1675bH0YsSbB+OGJLaSdQ4UiEogOgR3eu+thPFcf3ZCcHHUBuuw8cOFVGOnZzjmo3pQ2cc9AFqsUH/C62YipWFGkOeBAKfpRDMwgf9YS4ug4VEnFTbK7e+KUHvk4x3Xx0WrQM49Sgh0aiYZRBYXPqXXDO4TCgHUOzcq2eo+ws=,iv:vN7/YOMLMecagp5MuZWpXPtqdQ/cHbsNFDSMLb3c4Dk=,tag:ICWIUrHpgpFlCm/EN/odiA==,type:str]
|
mac: ENC[AES256_GCM,data:r06EEDH4R1/hPW1iKTdfx4J9c/bdw1/bFB669X0sHYNrH3xTOinIcYnA8baRZBP1y1yUkGFdnMj+5mobNVmbXrlOk+82EsjdhexP/nWM8c0lFbaG1D5VzSa+ffxGJk/CAVdKelP/sZ1rt8k9sG/vkbq+gkFAYjUIqix3645AxC0=,iv:FPRRrQv2wLK4vOvfavFPkSjcE+kyvyRibDM+FhbwuuQ=,tag:WEH0fw6yJNy4eYHgtC3rHg==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2024-01-07T21:18:21Z"
|
- created_at: "2024-01-07T21:18:21Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
|
|
@ -55,4 +54,4 @@ sops:
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: 65BD3044771CB6FB
|
fp: 65BD3044771CB6FB
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.9.0
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,3 @@
|
||||||
tailscale-key: ENC[AES256_GCM,data:dGqnKoCFSF6ZmeptOP7bGy4HYDdUCC1oTdXpiUURDgXl/FltOKExby0=,iv:c8yN1XLk3ZAAzkBozzHJ9BWerWdiNQG/p8e46j8cZyo=,tag:E5Ey5R+t372yLE6XegoOrA==,type:str]
|
|
||||||
sops:
|
sops:
|
||||||
shamir_threshold: 1
|
shamir_threshold: 1
|
||||||
kms: []
|
kms: []
|
||||||
|
|
@ -24,8 +23,8 @@ sops:
|
||||||
VndVTG0zQWhsUHcwTkFjK2ZPdzRPUUEKJ3flgZ6/s+TjlFgzsANYaOFiEPQuE4zR
|
VndVTG0zQWhsUHcwTkFjK2ZPdzRPUUEKJ3flgZ6/s+TjlFgzsANYaOFiEPQuE4zR
|
||||||
7npNUDFLe26Q32G3j/lLSBzZZfKoOC5SOSp9TB8eWMYSxfNnXEIu0g==
|
7npNUDFLe26Q32G3j/lLSBzZZfKoOC5SOSp9TB8eWMYSxfNnXEIu0g==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-01-16T17:09:37Z"
|
lastmodified: "2024-09-05T20:35:31Z"
|
||||||
mac: ENC[AES256_GCM,data:Y3PRQkpAh76TIGJZ3t5ehyx6mt3s3Tg3Kd5xR8nImjtFcMOF3MthW73ZTadL41MipOepcT8lm/mUBB5e91vKk8Q1LjccnN1IBorS/yfppvtwFhHn4MOX3TjHbpKXDgRYgi6PzS3/jTXsreghnZjurHE69qi6pFUA1jJceqnvqsU=,iv:bX3OeJfmGQVw7V1xyT0D1PQ6yZ8HlaDStYdm4OtDQxs=,tag:71YXH9/Wdf4SAjwMjHi1TQ==,type:str]
|
mac: ENC[AES256_GCM,data:6mtDQkJwZUPqqrcunOF3ZyK5baTIzYOkvOr7JhftGllZtfx2sKcJMJk6996fwhpwpeMgltIBvs/zQNgp15tzqy18HsdqjF0FpTzcj5cly5GKjbFCmkTSw9Eya1dsfg4OXhD9CkAI1el6/Qel1oVJg2abb1h0FCVUElwQaIG96dw=,iv:9OtJBbG2wKwgVH3mRtq1nmv3iwCqCRS/F+5oMiOPetE=,tag:VbMMklgXZ5wrUMNPQFpaaw==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2023-03-10T17:06:53Z"
|
- created_at: "2023-03-10T17:06:53Z"
|
||||||
enc: |
|
enc: |
|
||||||
|
|
@ -63,4 +62,4 @@ sops:
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: 65BD3044771CB6FB
|
fp: 65BD3044771CB6FB
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.9.0
|
||||||
|
|
|
||||||
22
tf/.terraform.lock.hcl
generated
22
tf/.terraform.lock.hcl
generated
|
|
@ -87,6 +87,28 @@ provider "registry.terraform.io/hashicorp/tls" {
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
provider "registry.terraform.io/tailscale/tailscale" {
|
||||||
|
version = "0.16.2"
|
||||||
|
constraints = ">= 0.16.2"
|
||||||
|
hashes = [
|
||||||
|
"h1:m8r5+K4JWe+tdT4IyryZkAQ7d38GVPtoQ9mzp+5Scaw=",
|
||||||
|
"zh:2a37ef43b88ad8e26ecad79e6b34a896769be2b7d18140f855f6063775367841",
|
||||||
|
"zh:3867d3331b59c8281dd8a742260b22e18750ae84a9bd2009e8f9d90412d2c044",
|
||||||
|
"zh:5e5e5ee08e0ecefa08a0ce7a9281a858f9b3a2a66bc9c06802b1624a1cb3eae0",
|
||||||
|
"zh:6298e8ed55bccd5513060e0d357d055919b3a22146fcfb6c34881efd49ec33f8",
|
||||||
|
"zh:6ce0ab6564fbbc673ab98ce4b7db7d64258a916394436a005d14b25c3ea58ad1",
|
||||||
|
"zh:6fdc1fb66074d2af5124a6988f81efdc77011b185e710629140e87ffb8624956",
|
||||||
|
"zh:7ff7888d77a17b18c9bdc9dfc1bf1e7f98f512410c29d1a8c2e6c21c8fe2a5c4",
|
||||||
|
"zh:9cafb8660daffd5c9c490d4529c7ba3d691fee5e4093b55e73f188b17e34cead",
|
||||||
|
"zh:b11e0e1b6c8485eb832336a69be02dfae151b71350e25288ec7bf0637df35485",
|
||||||
|
"zh:c7371d0dcde253fcd1808f86be2fcfc6e0b6ec82aa714e5dc6b533ba10007d48",
|
||||||
|
"zh:dcddd847b8a03a3b7c9288d68e781d65a3b911ef9cc96df9502a2d069195ae42",
|
||||||
|
"zh:dfd37ec661fe5b1520b595dcb93cca65f716270edc173a393a600c85b3f842d7",
|
||||||
|
"zh:e3b623167859344ed93f4125e97d24c5793246ccb329e4d82b2d9d8e5c356380",
|
||||||
|
"zh:f4d38ec08191ae70ef05ffd3943df1c27e2b11192a02e1979498a59ea1881ee3",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
provider "registry.terraform.io/vancluever/acme" {
|
provider "registry.terraform.io/vancluever/acme" {
|
||||||
version = "2.26.0"
|
version = "2.26.0"
|
||||||
constraints = "~> 2.0"
|
constraints = "~> 2.0"
|
||||||
|
|
|
||||||
40
tf/tailscale_devices.tf
Normal file
40
tf/tailscale_devices.tf
Normal file
|
|
@ -0,0 +1,40 @@
|
||||||
|
resource "tailscale_acl" "tailnet" {
|
||||||
|
acl = jsonencode({
|
||||||
|
tagOwners = {
|
||||||
|
"tag:reisen" : ["autogroup:admin"],
|
||||||
|
"tag:gensokyo" : ["autogroup:admin"],
|
||||||
|
}
|
||||||
|
acls = [
|
||||||
|
{
|
||||||
|
# Allow all connections
|
||||||
|
action = "accept"
|
||||||
|
src = ["*"]
|
||||||
|
dst = ["*:*"]
|
||||||
|
},
|
||||||
|
]
|
||||||
|
# Define users and devices that can use Tailscale SSH.
|
||||||
|
ssh = [
|
||||||
|
# Allow all users to SSH into their own devices in check mode.
|
||||||
|
{
|
||||||
|
action = "check",
|
||||||
|
src = ["autogroup:member"],
|
||||||
|
dst = ["autogroup:self"],
|
||||||
|
users = ["autogroup:nonroot", "root"],
|
||||||
|
},
|
||||||
|
],
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "tailscale_tailnet_key" "reisen" {
|
||||||
|
reusable = true
|
||||||
|
ephemeral = false
|
||||||
|
preauthorized = true
|
||||||
|
description = "Reisen VM"
|
||||||
|
tags = ["tag:gensokyo", "tag:reisen"]
|
||||||
|
depends_on = [tailscale_acl.tailnet]
|
||||||
|
}
|
||||||
|
|
||||||
|
output "tailscale_key_reisen" {
|
||||||
|
value = tailscale_tailnet_key.reisen.key
|
||||||
|
sensitive = true
|
||||||
|
}
|
||||||
21
tf/tailscale_provider.tf
Normal file
21
tf/tailscale_provider.tf
Normal file
|
|
@ -0,0 +1,21 @@
|
||||||
|
variable "tailscale_oauth_client_id" {
|
||||||
|
type = string
|
||||||
|
sensitive = false
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "tailscale_oauth_client_secret" {
|
||||||
|
type = string
|
||||||
|
sensitive = true
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "tailscale_tailnet" {
|
||||||
|
type = string
|
||||||
|
sensitive = false
|
||||||
|
default = "gensokyo.zone"
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "tailscale" {
|
||||||
|
oauth_client_id = var.tailscale_oauth_client_id
|
||||||
|
oauth_client_secret = var.tailscale_oauth_client_secret
|
||||||
|
tailnet = var.tailscale_tailnet
|
||||||
|
}
|
||||||
|
|
@ -18,6 +18,10 @@ terraform {
|
||||||
source = "hashicorp/random"
|
source = "hashicorp/random"
|
||||||
version = ">= 3.6.0"
|
version = ">= 3.6.0"
|
||||||
}
|
}
|
||||||
|
tailscale = {
|
||||||
|
source = "tailscale/tailscale"
|
||||||
|
version = ">= 0.16.2"
|
||||||
|
}
|
||||||
tls = {
|
tls = {
|
||||||
source = "hashicorp/tls"
|
source = "hashicorp/tls"
|
||||||
version = ">= 4.0.5"
|
version = ">= 4.0.5"
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
{
|
{
|
||||||
"data": "ENC[AES256_GCM,data:iYpHoTiF+5qNkJ/ZHU37H3fqSIYgaqJnz+LVqcUhbmDpfKLngXeXV3dBqwk6ilBxVyRJ33v+ZbfeatLByk9v6JL3YmfKe/f/w+EBWEbKVy0qXb2lOHOCGMm3PFe+FP7DLb9deAWTi8S4FMGAa41xufbVIM+kOjQXwL3JH35dbgyyaqhmXknX4p800rt/T4TWo4NTfkRrR9G1/J+EaqeO0qRIJk2Vu/mqeXtbtyY13MrFCri1qw7FcvNwseFKWjzCCclfI2X+juNCxfYdXqjACmXyFMq0J3oYKHofMrts64+B4E5RjQb3j2FoCMNIAsKAGOoMEHQtWhiDEMPG3/yRIBoQ7TFFte5C6rN5O6fDTMel3q1vUHsazdrDX6nZ9HoV7H9GHlGApOqQ3AF4Zh7SMT6cN7hQ1G846o3igJ4UvX2J+q0Y8y3+Kl7JHo7axvRxEQ3h0jrj8KP8F4RpZqf07kDgfPyd2sZW1f1BMc3zHbyupWOfp7iGd2mRSdp5LRd7QCsryaX1e/P63NhqKfckScG85GEEGIsPRymeEmBLrhyUkTRr0t8I5fACdURbsRYYMVdd2Sy12DXJ8WfJQYunVJmIBkC2D8ZLy1+BGyuUpHFcOMEYmg6zHor32ghnEYVntp/XrwjOxBdeo7T8ntExbRNqAHqhFE1HT72cwCDWHt6EUtArOL4/BEzmkq43lgo1VuKrW2QjZDmFTTd8WlaAoVoZtJphY4RWkvJjjNmaGv+UiProVYFGRyg7hIHiwj+jP49WGEq5enONR6mnws3cog9pkRjH6IZrUIqcU4Aqmee1NU78KjM4G9q03/T+0P3YqP1VxGe39SBK6z7L6VQFVKU7Tl4kK4A6lWu4o1Q/HxBMFGZ/zVrx+kuPPVirHXy7F7TXFT4LghTi75Ve4ZCYdUrFvphVojS+XraUKEHWpO0urxR+4Gpd5BwBmbB+llLoOBkwbAwcdx+oi/qYm22entZsqLNi9oq6FvWc/AJIQ+Aya1ejMP1Ec2UYbIPDCR9RnGCQO4dOw3Mp+H6yByFvBWJuukvnv09mJQVLALrD35kJwdYfWPo5G14+ASDZIrvpWlm0Dk9LhWF/LPqPLvik0srtEoT+pZkLU9qE+i0bgvTXJqgYkyn/Exgi6XOy3zhVQ9zHDO/jiUa50KwxE+/g9WedfB00YRx2rndTs455K2eCUtxRJObl/eBkbyBes9bU6zIu3GuQshgt6h9UxgwK+73ofF293zKFpgHLgFATqMN/8rLH5rODxcPNY3VwTLIlmYtDo4otvKRWm0MPxBflbBun3fe6D6uoYqVJetjEypmU6XpqT89WUxah4NFpvEjXf5FTyoDPrb8O1oDGPMgbwbFh2W22z34A6T52lUg5nJzatlUPXweGY1NMGcPO8Z7Pv7yJMdcBidaxFRsLzKePkoOmUk1zW/cdtrjugURuy2958pp2CRfOQs0/XnPu+WWWwaSoWzI8ZgBMxuCWxtoJRusIHi1hfDw7T9gnvr9+TQsD4/nXeB4td1aFvggUAqsf/2Ahe7UvcJPM7nfgcymnpqwbfWHtWqkqjI4sJnKEAlxaDe2Xx/dC3eI8VWsZFJnepDSeA8TufJObK5TtYaCe+htLM5/4mCphRsb73DHdnlQ7PIG872kdrCapnA54SnDKBC8Z+t1W7LoWUTrQ752Nr3M0DRu5RfqTigyJ5zMMuOfXjVSJ1dy0xUp7Tn4JhkjpNX9DAOPMmvB19mA0lLF9hunfpT96lBf1grxo6x2oagqvg4N9a7+Bha8aQ5QtLB7maBLTOGbCI9zL0SYU+8qI+BHGZIndKSkLWc6XmcLMWyvypDC7XcjRVqFXMiYAFhPaFgPEjz31xycYYFvGa7mC0sV4OISEvdxoXE34IMfeI+Wf5wjURsWSkJ8Kub4pH3LjifX2gkWazQjsB9Ry0uLuCJbH+j9oOfrfz0xmFFVikkQSalLdWFqPg8UOJZMt/heO7w3MUE1RNXlV8k1m5d4lKTsLfcCgGF+NE3rC9oTIJgA0gTjOb/DImkE7MTFsMqJ+TesaFeYNx1Ll8T3P5zAuK+YGN2BNKOMD4oM5Qt3zfnDraL7i3ITJ39WvArjobBVKcMUg+h0uwD7NFo0up4fo7pOmy1KTYEjNZcOGKPHMZ8pli/ZM2+yiJ928Kdu7Bwe/MnmVA6xBFyjNRXcNWcDt6p6M+6NY9gr8sANVOj6Eb905ExC6XmgxOOW06K8Y81zYt+ggEna9QG1WwPpSxRQgtMlgada5DGy0ivHyrIuvSYCgtwiX3tc67ZCjQ0/7S2F7FxqQztfpO8x3FRMvr6DxCTSZmtyySClCqa+JZET5xO8bxkHGPnh/Pm97qy5085t6ablBKw==,iv:r/r8/D765tpIYa+qltuLohs/GtU3I6/P3qslXkbnCgE=,tag:ump5hDeTECGJWYkuPENAvQ==,type:str]",
|
"data": "ENC[AES256_GCM,data:yZ99iHyMHnnrJRG1CyImpe2VjmLWUKEPRjlmRWiPkrU3e+ynEFJbYvUl5jgCY1cpgEetEoMh9YC/H/dcBQ2/DXyXWKcttI1mmuWZlgZ4US0YLh9ul3TLITVwgBgHl2Ngr2d1M7b5YB0aBVTmwVTCWDYOROFYIaPD/PFK51fvcb2Li9CTbcdo9t+6f22cqqkMpaSDcxpSwGvoeraaYTip6er4SGPbTEA7jMITpTm3ofK5w2ji5zXIM9Etyt9SNJsjXf11IqwZjcAaUuEfIhrMcH2gOHSH52jcvJNeZkwVLTHBhU1CTfuXqoWwe36cSN5rDXCHnOhKZZ8CrXPU3i8/QYRAfhD2WA2Uw0XosLMBzQy7RVr+9L9Qo2H04HTTGZNKyNlDHNUH/l+twi9L8Zy1VreZ4gOmCze5irIbg334DT9OyLaqNZbAXUlcJQEb9rPIgr6ZLyJWvvl8AgV+HyVU4bGzD4pbKV3Nw/d4erF3RZohk6Zj6t5eZPFcwig4w9NiTHU8dOHmZMvPtk2HS+KOMzZGWIZdN5G4p57jTGY69W6QVIQGZ6sEIOPs1YePNAlbI3FEEV4dr7aCTHzoZAEy5+gknpcF/ruCRj+M8b5pDUbiDZ7v0W/PFiDq8mcZC4+fWDWGuLoT40nSTvcm4136+LczKsuN5VIDdEun1PFu0M58JwXDZRjOag5gdy+/Uw2t79eMkoAFDfTyuxtc2UkPpIKWoAnpjYncp0p+pYNSjRHkAwEgVfcC3UF2LUM6FiNsPZwNQfyvFxdFOY4YSpw033RU+4pdVd/kNJBbayeopTHwLd+nxTRc59k1cyA39yYJIV/H7pyw2Bs2gNHgT+A4RhU4Cl2FEWT7bUeo18/DjaJg5vmeEb8JMnew7cz9+GJa3UjBQuH76rTewj0Zl0n5akJjImnJ6argVR9uRgs813wKNRrsEo7avrNreB7mMP3vtjiAru/X03QgOtRywittDLRTOQLxiAd3h7hgV96V5DWHqBwwduPUAX98f35qskG4eVX74EvGfXepA54odYYojCmjGshRNboKddEOASqRjp7e0K5TA4xYt7VvOINA4ev84vemqZ09TfsSiD0I8ieou22NsiHyVoKpDqh6OaNCOzJ8pVz/X2fJUCiGgm40rqjxVfEtScQuwnk+2VrHtERWlv3tlvp8BbU2OfMSYPRZkib+6wxi4XE1WIsnmQS5u2kDi80WZSpR/xQ/sKSVmlYfVMqDqBzHTsd83lzmgsD4F1PqhR5JD+EsfEFRK++hxMc0NfNp4MT+Pdb2wgmFve7STf+dEw2AkTbhj9A6A5AT1WDmBL21WeJ4RxP+rFiyNGVM1mNfyq1/fVwlcdAQwq9P8Irtq7Uevo6mlkRd2jQ4tU0wfhqB0qDjFJtptBUD3kluq8igvNq/UEm8xc9o4aAnXyPmDVVPmqWy+HJUjMazD2edujAOBJy07bFTEWQQHbLyJEfNPJVAwHp4uh8/RVHBId41BFj679WWETkoLyYDwG+GiBBaEcW+KRcLQWcAcBHaeajnDcfPePYf+Q33dvXO4uJA0TnmxYSPGb7eEwhLpTDbgm4xVrcb4iop+8CXZeYr/zVaGHcJWNeze4/FoPjk3LLwTEFWATLC51Tguvycn3E7vrvvXbLlGUFY+4twH8VfwCh0hdjmng082L5/k7xq0IvTkO79ed3F0At8ntA0RS5w4w3t29lrpeSrOwc9INCoQ4d708vfYnaqtkqUFYpuGA34+sr6LygGGxnDb7PwgWXSoGGd7g2s4+h4WtDCNxjHsjo5sarSyWX+OS3p274e3K5qWUB7MRcv4zQ98RsBMT3tJBTHf6sRHMU3ELrZYFzJU566vjY3ysV7YMqKNdeQ17Xtijkf0NeTCyj9ViICV8EmlGvyYTnwWPZekTOekDHTj6sywf9lxgs9AddgUFvBXT9A+FZnGQDEoIyLfNLNJteR6UWqHfCHpo1hi4TwZe/9CYHwDQy+ZYyc7HeutHDDwggb4z/nh+VBSv+Ty0ZUQcx0n8xAeE0LXGfulE4m+peVCFIZlKewyS6o0nrdfwC3AfRuGHjQ2f5JtrpmoiY1d8r5hqwSeBnq9y1UYYAgvUrwj50CBbAuSE5t3yohoKXUWJ6MFh6XSzY5ZYCfYRzv5TOsBaWo6G+so0Ju1EgEv1A/Tbxse/r5+UeHF/9nGkBRkJ0g4UAZSn0/l86sFIOY7UsAnWM93+As+fcgL7h8eJ5aszRF3iHIE5L7b23LPXRSkttQkW6YanSSds8OYb0sgTsMBD0PT2spJNquiRW/DnuVlZvK7gsgChplhiyzTUBCTvgzNvpUimCti6/Dd3/5zOcOAa1+6F+xxpC2QxgFT/Nde1RnpJuNz+H9jehS9WvqKBnfOpSQHXC3+VzNoKSpMturU/2bQ4OHO/ApvzELDqbneBXZOkCpEPkgxWNisjTsZKUdsHRxrrH8AGgj3jzEIqwtEZAY3ThZ8AEvI2refcFM3Y8EBWjftnmebHNIvPSQtwm60t1E3EHZKAUm5LjMobqoLrpXdYV96nQwjy9c72MRqgwFuxP0,iv:1J+7Bz7U/O0koWhjDh5zWtGoL8nXATSc+DnyUxQzJXA=,tag:ot3RxgLj+TakFdA7t6Gfzw==,type:str]",
|
||||||
"sops": {
|
"sops": {
|
||||||
"shamir_threshold": 1,
|
"shamir_threshold": 1,
|
||||||
"kms": null,
|
"kms": null,
|
||||||
|
|
@ -7,8 +7,8 @@
|
||||||
"azure_kv": null,
|
"azure_kv": null,
|
||||||
"hc_vault": null,
|
"hc_vault": null,
|
||||||
"age": null,
|
"age": null,
|
||||||
"lastmodified": "2024-03-21T15:14:28Z",
|
"lastmodified": "2024-09-05T20:26:36Z",
|
||||||
"mac": "ENC[AES256_GCM,data:kFloPwB/TeHMMk1VYcQkHf2wDFrUr0zcvP8u39wNcXFDWilMqzW9W+/vlpfvR3qbSWwlN7tpippwBNY+pu6/ZaA2JZP7DUczA3xpFn+BUljiX4JV/+YAz1KwZT4VA4EimAMWr90sHSMKKxp7AjqiNqhirajxjfgspBluQkKCH8Q=,iv:sY35Kef/MGwl9SrZs+pdXziQCHX27MsBaRt4q7Cb9Fg=,tag:pPWqSaZlzOro1P1fmUSVxw==,type:str]",
|
"mac": "ENC[AES256_GCM,data:xZPZX1+Qs8kCfiivQN1fXJsMJxOTF6kDEYeAjomjgnhp6LYLev5cmn50Bs70U7VZCd5LCm+RlHbbWH85Ju3gWYb543y5X6dRcfhZTM7zA0HKwP0GHJBS2DPqDRo+GFMOXNv9ypIgEpcciQ8y6XxQa5aBSv98tZj2ME15n4+RwP4=,iv:r48PeNiDVaMx/h4OfsxRJXDZCn5eoHebXgak0RcYkx4=,tag:F1NgmNs+CWr7lHiunK7lMg==,type:str]",
|
||||||
"pgp": [
|
"pgp": [
|
||||||
{
|
{
|
||||||
"created_at": "2024-01-14T19:49:29Z",
|
"created_at": "2024-01-14T19:49:29Z",
|
||||||
|
|
@ -22,6 +22,6 @@
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"unencrypted_suffix": "_unencrypted",
|
"unencrypted_suffix": "_unencrypted",
|
||||||
"version": "3.8.1"
|
"version": "3.9.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue