[TAILSCALE DNS] Interfacing tailscale to cloudflare records

2026-02-09 04:19:19 -08:00 · 2023-04-29 15:27:26 -07:00 · 2023-04-29 15:27:26 -07:00 · 5d9173c0a3
commit 5d9173c0a3
parent 0862be524a
4 changed files with 47 additions and 184 deletions
--- a/README.md
+++ b/README.md
@ -1 +1,21 @@
 # kittywitch
+
+This project uses:
+
+* Nix
+* deploy-rs (without nix flake check malarkey)
+* sops-nix
+* Terraform Cloud
+* and many other things ...
+
+## Usage
+
+```bash
+nix shell nixpkgs#repo
+nix shell github:kittywitch/kittywitch#repo
+direnv allow
+sudo nixos-rebuild --flake .#$HOST switch --show-trace
+deploy-rs .#$HOST
+sops ./systems/yukari.yaml
+terraform plan
+```
--- a/cf-inskip.me-records.tf
+++ b/cf-inskip.me-records.tf
@ -123,186 +123,3 @@ resource "cloudflare_record" "terraform_managed_resource_f5b4da4e6ffacca4bf188f8
  value   = "v=spf1 include:_spf.google.com -all"
  zone_id = "635716e7dd314fd5ec52f9434bd4527d"
 }
-
-/*
-// Here lies the graveyard of automatically generated resources from the terraform automagic importer
-resource "cloudflare_record" "terraform_managed_resource_2faa6696595383c5a7a76c8b8c656fe3" {
-  name    = "chen"
-  proxied = false
-  ttl     = 3600
-  type    = "A"
-  value   = "100.117.156.108"
-  zone_id = "635716e7dd314fd5ec52f9434bd4527d"
-}
-
-resource "cloudflare_record" "terraform_managed_resource_9a5ce913ff5ae6f2df89962bcaf90094" {
-  name    = "daiyousei"
-  proxied = false
-  ttl     = 3600
-  type    = "A"
-  value   = "100.114.236.33"
-  zone_id = "635716e7dd314fd5ec52f9434bd4527d"
-}
-
-resource "cloudflare_record" "terraform_managed_resource_071e1a2b4031909fdb2572bbab7c52c0" {
-  name    = "goliath"
-  proxied = false
-  ttl     = 3600
-  type    = "A"
-  value   = "100.112.191.15"
-  zone_id = "635716e7dd314fd5ec52f9434bd4527d"
-}
-
-resource "cloudflare_record" "terraform_managed_resource_361c4e4af30cbaa4c451533ae377dfbf" {
-  name    = "koishi"
-  proxied = false
-  ttl     = 3600
-  type    = "A"
-  value   = "100.123.70.36"
-  zone_id = "635716e7dd314fd5ec52f9434bd4527d"
-}
-
-resource "cloudflare_record" "terraform_managed_resource_de7c5dc87f1d69d1dd19150e2077f509" {
-  name    = "marisa"
-  proxied = false
-  ttl     = 3600
-  type    = "A"
-  value   = "100.104.232.100"
-  zone_id = "635716e7dd314fd5ec52f9434bd4527d"
-}
-
-resource "cloudflare_record" "terraform_managed_resource_716c060932e9c224fdad0731c4fa3dc5" {
-  name    = "renko"
-  proxied = false
-  ttl     = 3600
-  type    = "A"
-  value   = "100.124.19.103"
-  zone_id = "635716e7dd314fd5ec52f9434bd4527d"
-}
-
-resource "cloudflare_record" "terraform_managed_resource_fe5d3b54a1b9ba6afdf1eb593cdc3093" {
-  name    = "rinnosuke"
-  proxied = false
-  ttl     = 3600
-  type    = "A"
-  value   = "100.119.78.63"
-  zone_id = "635716e7dd314fd5ec52f9434bd4527d"
-}
-
-resource "cloudflare_record" "terraform_managed_resource_38f238bf5194144e86e646d86b9a1e25" {
-  name    = "sumireko"
-  proxied = false
-  ttl     = 3600
-  type    = "A"
-  value   = "100.108.61.50"
-  zone_id = "635716e7dd314fd5ec52f9434bd4527d"
-}
-
-resource "cloudflare_record" "terraform_managed_resource_3726e2fdd672b967355c6c93da604e91" {
-  name    = "tewi"
-  proxied = false
-  ttl     = 3600
-  type    = "A"
-  value   = "100.88.107.41"
-  zone_id = "635716e7dd314fd5ec52f9434bd4527d"
-}
-
-resource "cloudflare_record" "terraform_managed_resource_84db1ec5ebd20881eac4bafff497960b" {
-  name    = "yukari"
-  proxied = false
-  ttl     = 3600
-  type    = "A"
-  value   = "100.105.152.16"
-  zone_id = "635716e7dd314fd5ec52f9434bd4527d"
-}
-
-resource "cloudflare_record" "terraform_managed_resource_0bf70957632d29b175cc9592543499d3" {
-  name    = "chen"
-  proxied = false
-  ttl     = 3600
-  type    = "AAAA"
-  value   = "fd7a:115c:a1e0:ab12:4843:cd96:6275:9c6c"
-  zone_id = "635716e7dd314fd5ec52f9434bd4527d"
-}
-
-resource "cloudflare_record" "terraform_managed_resource_847deacc094647e3101e4030b22a629b" {
-  name    = "daiyousei"
-  proxied = false
-  ttl     = 3600
-  type    = "AAAA"
-  value   = "fd7a:115c:a1e0:ab12:4843:cd96:6272:ec21"
-  zone_id = "635716e7dd314fd5ec52f9434bd4527d"
-}
-
-resource "cloudflare_record" "terraform_managed_resource_2a4a95acbdc25d9819af1d23d772ff75" {
-  name    = "goliath"
-  proxied = false
-  ttl     = 3600
-  type    = "AAAA"
-  value   = "fd7a:115c:a1e0:ab12:4843:cd96:6270:bf0f"
-  zone_id = "635716e7dd314fd5ec52f9434bd4527d"
-}
-
-resource "cloudflare_record" "terraform_managed_resource_a15b6ce3848df894cf00f6e38612c4ff" {
-  name    = "koishi"
-  proxied = false
-  ttl     = 3600
-  type    = "AAAA"
-  value   = "fd7a:115c:a1e0:ab12:4843:cd96:627b:4624"
-  zone_id = "635716e7dd314fd5ec52f9434bd4527d"
-}
-
-resource "cloudflare_record" "terraform_managed_resource_6c5b4d90c405a5829ca08f727e97b156" {
-  name    = "marisa"
-  proxied = false
-  ttl     = 3600
-  type    = "AAAA"
-  value   = "fd7a:115c:a1e0:ab12:4843:cd96:6268:e864"
-  zone_id = "635716e7dd314fd5ec52f9434bd4527d"
-}
-
-resource "cloudflare_record" "terraform_managed_resource_bbcb1b87606a15ce9772cd2b4a8eb9a7" {
-  name    = "renko"
-  proxied = false
-  ttl     = 3600
-  type    = "AAAA"
-  value   = "fd7a:115c:a1e0:ab12:4843:cd96:627c:1367"
-  zone_id = "635716e7dd314fd5ec52f9434bd4527d"
-}
-
-resource "cloudflare_record" "terraform_managed_resource_fa7ed7634ecf7864e1c277b810941ef7" {
-  name    = "rinnosuke"
-  proxied = false
-  ttl     = 3600
-  type    = "AAAA"
-  value   = "fd7a:115c:a1e0:ab12:4843:cd96:6277:4e3f"
-  zone_id = "635716e7dd314fd5ec52f9434bd4527d"
-}
-
-resource "cloudflare_record" "terraform_managed_resource_ce34c94fd9f7ca9b70ffb2cff108b690" {
-  name    = "sumireko"
-  proxied = false
-  ttl     = 3600
-  type    = "AAAA"
-  value   = "fd7a:115c:a1e0:ab12:4843:cd96:626c:3d32"
-  zone_id = "635716e7dd314fd5ec52f9434bd4527d"
-}
-
-resource "cloudflare_record" "terraform_managed_resource_4e04c4433b8ae1c6464832d910952883" {
-  name    = "tewi"
-  proxied = false
-  ttl     = 3600
-  type    = "AAAA"
-  value   = "fd7a:115c:a1e0:ab12:4843:cd96:6258:6b29"
-  zone_id = "635716e7dd314fd5ec52f9434bd4527d"
-}
-
-resource "cloudflare_record" "terraform_managed_resource_3705df99f250ac32e71ccd245a87eab8" {
-  name    = "yukari"
-  proxied = false
-  ttl     = 3600
-  type    = "AAAA"
-  value   = "fd7a:115c:a1e0:ab12:4843:cd96:6269:9810"
-  zone_id = "635716e7dd314fd5ec52f9434bd4527d"
-}
-*/
--- a/tailscale-dns-interface.tf
+++ b/tailscale-dns-interface.tf
@ -0,0 +1,26 @@
+data "tailscale_devices" "tailnet" {
+}
+
+locals {
+    tailscale_devices = data.tailscale_devices.tailnet.devices
+}
+
+resource "cloudflare_record" "tailscale_device_v4_record" {
+  for_each = { for device_name, device in local.tailscale_devices : device_name => device.addresses[0] if device.user == "kat@inskip.me" }
+  name    = each.key
+  proxied = false
+  ttl     = 3600
+  type    = "A"
+  value   = each.value
+  zone_id = "635716e7dd314fd5ec52f9434bd4527d"
+}
+
+resource "cloudflare_record" "tailscale_device_v6_record" {
+  for_each = { for device_name, device in local.tailscale_devices : device_name => device.addresses[1] if device.user == "kat@inskip.me" }
+  name    = each.key
+  proxied = false
+  ttl     = 3600
+  type    = "AAAA"
+  value   = each.value
+  zone_id = "635716e7dd314fd5ec52f9434bd4527d"
+}
--- a/tailscale-provider.tf
+++ b/tailscale-provider.tf