diff --git a/terraform/aws/aws-ec2-autoscaling-dual-subnet/main.tf b/terraform/aws/aws-ec2-autoscaling-dual-subnet/main.tf index 1336006..4ad2a0d 100644 --- a/terraform/aws/aws-ec2-autoscaling-dual-subnet/main.tf +++ b/terraform/aws/aws-ec2-autoscaling-dual-subnet/main.tf @@ -69,21 +69,13 @@ module "tailscale_aws_ec2_autoscaling" { tailscale_auth_key = tailscale_tailnet_key.main.key tailscale_set_preferences = [ "--auto-update", + "--ssh", + "--advertise-connector", + "--advertise-exit-node", + "--advertise-routes=${join(",", [module.vpc.vpc_cidr_block])}", ] - tailscale_ssh = true - tailscale_advertise_exit_node = true - - tailscale_advertise_routes = [ - module.vpc.vpc_cidr_block, - ] - - tailscale_advertise_connector = true - # tailscale_advertise_aws_service_names = [ - # "GLOBALACCELERATOR", - # ] depends_on = [ module.vpc.natgw_ids, # ensure NAT gateway is available before instance provisioning - primarily for private subnets ] } - diff --git a/terraform/aws/aws-ec2-autoscaling-session-recorder/main.tf b/terraform/aws/aws-ec2-autoscaling-session-recorder/main.tf index 56b790f..e3e2ebd 100644 --- a/terraform/aws/aws-ec2-autoscaling-session-recorder/main.tf +++ b/terraform/aws/aws-ec2-autoscaling-session-recorder/main.tf @@ -158,8 +158,8 @@ module "tailscale_aws_ec2_autoscaling" { tailscale_auth_key = tailscale_tailnet_key.main.key tailscale_set_preferences = [ "--auto-update", + "-ssh", ] - tailscale_ssh = true # # Set up Tailscale Session Recorder (tsrecorder) diff --git a/terraform/aws/aws-ec2-autoscaling/main.tf b/terraform/aws/aws-ec2-autoscaling/main.tf index d53d425..1ceb9b2 100644 --- a/terraform/aws/aws-ec2-autoscaling/main.tf +++ b/terraform/aws/aws-ec2-autoscaling/main.tf @@ -58,18 +58,11 @@ module "tailscale_aws_ec2_autoscaling" { tailscale_hostname = local.name tailscale_set_preferences = [ "--auto-update", + "--ssh", + "--advertise-connector", + "--advertise-exit-node", + "--advertise-routes=${join(",", [module.vpc.vpc_cidr_block])}", ] - tailscale_ssh = true - tailscale_advertise_exit_node = true - - tailscale_advertise_routes = [ - module.vpc.vpc_cidr_block, - ] - - tailscale_advertise_connector = true - # tailscale_advertise_aws_service_names = [ - # "GLOBALACCELERATOR", - # ] depends_on = [ module.vpc.natgw_ids, # ensure NAT gateway is available before instance provisioning - primarily for private subnets diff --git a/terraform/aws/aws-ec2-instance-dual-stack-ipv4-ipv6/main.tf b/terraform/aws/aws-ec2-instance-dual-stack-ipv4-ipv6/main.tf index 0fadc53..5ddb48d 100644 --- a/terraform/aws/aws-ec2-instance-dual-stack-ipv4-ipv6/main.tf +++ b/terraform/aws/aws-ec2-instance-dual-stack-ipv4-ipv6/main.tf @@ -50,16 +50,14 @@ module "tailscale_aws_ec2" { tailscale_auth_key = tailscale_tailnet_key.main.key tailscale_set_preferences = [ "--auto-update", + "--ssh", + "--advertise-connector", + "--advertise-exit-node", + "--advertise-routes=${join(",", [ + module.vpc.vpc_cidr_block, + module.vpc.vpc_ipv6_cidr_block, + ])}", ] - tailscale_ssh = true - tailscale_advertise_exit_node = true - - tailscale_advertise_routes = concat( - [module.vpc.vpc_cidr_block], - [module.vpc.vpc_ipv6_cidr_block], - ) - - tailscale_advertise_connector = true depends_on = [ module.vpc.natgw_ids, # ensure NAT gateway is available before instance provisioning - primarily for private subnets diff --git a/terraform/aws/aws-ec2-instance/main.tf b/terraform/aws/aws-ec2-instance/main.tf index 3784c06..47c6dd9 100644 --- a/terraform/aws/aws-ec2-instance/main.tf +++ b/terraform/aws/aws-ec2-instance/main.tf @@ -47,18 +47,11 @@ module "tailscale_aws_ec2" { tailscale_auth_key = tailscale_tailnet_key.main.key tailscale_set_preferences = [ "--auto-update", + "--ssh", + "--advertise-connector", + "--advertise-exit-node", + "--advertise-routes=${join(",", [module.vpc.vpc_cidr_block])}", ] - tailscale_ssh = true - tailscale_advertise_exit_node = true - - tailscale_advertise_routes = [ - module.vpc.vpc_cidr_block, - ] - - tailscale_advertise_connector = true - # tailscale_advertise_aws_service_names = [ - # "GLOBALACCELERATOR", - # ] depends_on = [ module.vpc.natgw_ids, # ensure NAT gateway is available before instance provisioning - primarily for private subnets diff --git a/terraform/aws/internal-modules/aws-ec2-autoscaling/main.tf b/terraform/aws/internal-modules/aws-ec2-autoscaling/main.tf index a98bef5..3b82991 100644 --- a/terraform/aws/internal-modules/aws-ec2-autoscaling/main.tf +++ b/terraform/aws/internal-modules/aws-ec2-autoscaling/main.tf @@ -1,15 +1,9 @@ module "tailscale_install_scripts" { source = "../../../internal-modules/tailscale-install-scripts" - tailscale_advertise_connector = var.tailscale_advertise_connector - tailscale_advertise_exit_node = var.tailscale_advertise_exit_node - tailscale_auth_key = var.tailscale_auth_key - tailscale_hostname = var.tailscale_hostname - tailscale_set_preferences = var.tailscale_set_preferences - tailscale_ssh = var.tailscale_ssh - - tailscale_advertise_routes = var.tailscale_advertise_routes - tailscale_advertise_aws_service_names = var.tailscale_advertise_aws_service_names + tailscale_auth_key = var.tailscale_auth_key + tailscale_hostname = var.tailscale_hostname + tailscale_set_preferences = var.tailscale_set_preferences additional_before_scripts = var.additional_before_scripts additional_after_scripts = var.additional_after_scripts diff --git a/terraform/aws/internal-modules/aws-ec2-autoscaling/variables-tailscale-install-scripts.tf b/terraform/aws/internal-modules/aws-ec2-autoscaling/variables-tailscale-install-scripts.tf index c7206f9..e4ff234 100644 --- a/terraform/aws/internal-modules/aws-ec2-autoscaling/variables-tailscale-install-scripts.tf +++ b/terraform/aws/internal-modules/aws-ec2-autoscaling/variables-tailscale-install-scripts.tf @@ -9,21 +9,6 @@ variable "tailscale_hostname" { description = "Hostname to assign to the device" type = string } -variable "tailscale_ssh" { - description = "Boolean flag to enable Tailscale SSH" - type = bool - default = true -} -variable "tailscale_advertise_exit_node" { - description = "Boolean flag to enable Tailscale Exit Node" - type = bool - default = false -} -variable "tailscale_advertise_connector" { - description = "Boolean flag to enable Tailscale App Connector" - type = bool - default = false -} variable "tailscale_set_preferences" { description = "Preferences to run via `tailscale set ...`. Do not include `tailscale set`." type = set(string) @@ -43,17 +28,3 @@ variable "additional_after_scripts" { type = list(string) default = [] } - -# -# Variables for tailscale-advertise-routes -# -variable "tailscale_advertise_routes" { - description = "List of routes to advertise" - type = set(string) - default = [] -} -variable "tailscale_advertise_aws_service_names" { - description = "List of AWS Services to retrieve IP prefixes for - e.g. ['GLOBALACCELERATOR','AMAZON']" - type = set(string) - default = [] -} diff --git a/terraform/aws/internal-modules/aws-ec2-instance/main.tf b/terraform/aws/internal-modules/aws-ec2-instance/main.tf index 304b392..f571791 100644 --- a/terraform/aws/internal-modules/aws-ec2-instance/main.tf +++ b/terraform/aws/internal-modules/aws-ec2-instance/main.tf @@ -1,15 +1,9 @@ module "tailscale_install_scripts" { source = "../../../internal-modules/tailscale-install-scripts" - tailscale_advertise_connector = var.tailscale_advertise_connector - tailscale_advertise_exit_node = var.tailscale_advertise_exit_node - tailscale_auth_key = var.tailscale_auth_key - tailscale_hostname = var.tailscale_hostname - tailscale_set_preferences = var.tailscale_set_preferences - tailscale_ssh = var.tailscale_ssh - - tailscale_advertise_routes = var.tailscale_advertise_routes - tailscale_advertise_aws_service_names = var.tailscale_advertise_aws_service_names + tailscale_auth_key = var.tailscale_auth_key + tailscale_hostname = var.tailscale_hostname + tailscale_set_preferences = var.tailscale_set_preferences additional_before_scripts = var.additional_before_scripts additional_after_scripts = var.additional_after_scripts diff --git a/terraform/aws/internal-modules/aws-ec2-instance/variables-tailscale-install-scripts.tf b/terraform/aws/internal-modules/aws-ec2-instance/variables-tailscale-install-scripts.tf index c7206f9..e4ff234 100644 --- a/terraform/aws/internal-modules/aws-ec2-instance/variables-tailscale-install-scripts.tf +++ b/terraform/aws/internal-modules/aws-ec2-instance/variables-tailscale-install-scripts.tf @@ -9,21 +9,6 @@ variable "tailscale_hostname" { description = "Hostname to assign to the device" type = string } -variable "tailscale_ssh" { - description = "Boolean flag to enable Tailscale SSH" - type = bool - default = true -} -variable "tailscale_advertise_exit_node" { - description = "Boolean flag to enable Tailscale Exit Node" - type = bool - default = false -} -variable "tailscale_advertise_connector" { - description = "Boolean flag to enable Tailscale App Connector" - type = bool - default = false -} variable "tailscale_set_preferences" { description = "Preferences to run via `tailscale set ...`. Do not include `tailscale set`." type = set(string) @@ -43,17 +28,3 @@ variable "additional_after_scripts" { type = list(string) default = [] } - -# -# Variables for tailscale-advertise-routes -# -variable "tailscale_advertise_routes" { - description = "List of routes to advertise" - type = set(string) - default = [] -} -variable "tailscale_advertise_aws_service_names" { - description = "List of AWS Services to retrieve IP prefixes for - e.g. ['GLOBALACCELERATOR','AMAZON']" - type = set(string) - default = [] -} diff --git a/terraform/azure/azure-linux-vm/main.tf b/terraform/azure/azure-linux-vm/main.tf index c464a8b..d6b4d33 100644 --- a/terraform/azure/azure-linux-vm/main.tf +++ b/terraform/azure/azure-linux-vm/main.tf @@ -66,13 +66,11 @@ module "tailscale_azure_linux_virtual_machine" { tailscale_auth_key = tailscale_tailnet_key.main.key tailscale_set_preferences = [ "--auto-update", + "--ssh", + "--advertise-connector", + "--advertise-exit-node", + "--advertise-routes=${join(",", module.network.vnet_address_space)}", ] - tailscale_ssh = true - tailscale_advertise_exit_node = true - - tailscale_advertise_routes = module.network.vnet_address_space - - tailscale_advertise_connector = true depends_on = [ module.network.natgw_ids, # for private subnets - ensure NAT gateway is available before instance provisioning diff --git a/terraform/azure/internal-modules/azure-linux-vm/main.tf b/terraform/azure/internal-modules/azure-linux-vm/main.tf index 7c4988d..6b378dc 100644 --- a/terraform/azure/internal-modules/azure-linux-vm/main.tf +++ b/terraform/azure/internal-modules/azure-linux-vm/main.tf @@ -1,15 +1,9 @@ module "tailscale_install_scripts" { source = "../../../internal-modules/tailscale-install-scripts" - tailscale_advertise_connector = var.tailscale_advertise_connector - tailscale_advertise_exit_node = var.tailscale_advertise_exit_node - tailscale_auth_key = var.tailscale_auth_key - tailscale_hostname = var.tailscale_hostname - tailscale_set_preferences = var.tailscale_set_preferences - tailscale_ssh = var.tailscale_ssh - - tailscale_advertise_routes = var.tailscale_advertise_routes - tailscale_advertise_aws_service_names = var.tailscale_advertise_aws_service_names + tailscale_auth_key = var.tailscale_auth_key + tailscale_hostname = var.tailscale_hostname + tailscale_set_preferences = var.tailscale_set_preferences additional_before_scripts = var.additional_before_scripts additional_after_scripts = var.additional_after_scripts diff --git a/terraform/azure/internal-modules/azure-linux-vm/variables-tailscale-install-scripts.tf b/terraform/azure/internal-modules/azure-linux-vm/variables-tailscale-install-scripts.tf index c7206f9..e4ff234 100644 --- a/terraform/azure/internal-modules/azure-linux-vm/variables-tailscale-install-scripts.tf +++ b/terraform/azure/internal-modules/azure-linux-vm/variables-tailscale-install-scripts.tf @@ -9,21 +9,6 @@ variable "tailscale_hostname" { description = "Hostname to assign to the device" type = string } -variable "tailscale_ssh" { - description = "Boolean flag to enable Tailscale SSH" - type = bool - default = true -} -variable "tailscale_advertise_exit_node" { - description = "Boolean flag to enable Tailscale Exit Node" - type = bool - default = false -} -variable "tailscale_advertise_connector" { - description = "Boolean flag to enable Tailscale App Connector" - type = bool - default = false -} variable "tailscale_set_preferences" { description = "Preferences to run via `tailscale set ...`. Do not include `tailscale set`." type = set(string) @@ -43,17 +28,3 @@ variable "additional_after_scripts" { type = list(string) default = [] } - -# -# Variables for tailscale-advertise-routes -# -variable "tailscale_advertise_routes" { - description = "List of routes to advertise" - type = set(string) - default = [] -} -variable "tailscale_advertise_aws_service_names" { - description = "List of AWS Services to retrieve IP prefixes for - e.g. ['GLOBALACCELERATOR','AMAZON']" - type = set(string) - default = [] -} diff --git a/terraform/google/google-compute-instance/main.tf b/terraform/google/google-compute-instance/main.tf index 449d96d..5a4278a 100644 --- a/terraform/google/google-compute-instance/main.tf +++ b/terraform/google/google-compute-instance/main.tf @@ -59,13 +59,11 @@ module "tailscale_instance" { tailscale_auth_key = tailscale_tailnet_key.main.key tailscale_set_preferences = [ "--auto-update", + "--ssh", + "--advertise-connector", + "--advertise-exit-node", + "--advertise-routes=${join(",", module.vpc.subnets_ips)}", ] - tailscale_ssh = true - tailscale_advertise_exit_node = true - - tailscale_advertise_routes = module.vpc.subnets_ips - - tailscale_advertise_connector = true depends_on = [ module.vpc.nat_ids, # ensure NAT gateway is available before instance provisioning - primarily for private subnets diff --git a/terraform/google/internal-modules/google-compute-instance/main.tf b/terraform/google/internal-modules/google-compute-instance/main.tf index e4c7f97..61c1691 100644 --- a/terraform/google/internal-modules/google-compute-instance/main.tf +++ b/terraform/google/internal-modules/google-compute-instance/main.tf @@ -1,15 +1,9 @@ module "tailscale_install_scripts" { source = "../../../internal-modules/tailscale-install-scripts" - tailscale_advertise_connector = var.tailscale_advertise_connector - tailscale_advertise_exit_node = var.tailscale_advertise_exit_node - tailscale_auth_key = var.tailscale_auth_key - tailscale_hostname = var.tailscale_hostname - tailscale_set_preferences = var.tailscale_set_preferences - tailscale_ssh = var.tailscale_ssh - - tailscale_advertise_routes = var.tailscale_advertise_routes - tailscale_advertise_aws_service_names = var.tailscale_advertise_aws_service_names + tailscale_auth_key = var.tailscale_auth_key + tailscale_hostname = var.tailscale_hostname + tailscale_set_preferences = var.tailscale_set_preferences additional_before_scripts = var.additional_before_scripts additional_after_scripts = var.additional_after_scripts diff --git a/terraform/google/internal-modules/google-compute-instance/variables-tailscale-install-scripts.tf b/terraform/google/internal-modules/google-compute-instance/variables-tailscale-install-scripts.tf index c7206f9..e4ff234 100644 --- a/terraform/google/internal-modules/google-compute-instance/variables-tailscale-install-scripts.tf +++ b/terraform/google/internal-modules/google-compute-instance/variables-tailscale-install-scripts.tf @@ -9,21 +9,6 @@ variable "tailscale_hostname" { description = "Hostname to assign to the device" type = string } -variable "tailscale_ssh" { - description = "Boolean flag to enable Tailscale SSH" - type = bool - default = true -} -variable "tailscale_advertise_exit_node" { - description = "Boolean flag to enable Tailscale Exit Node" - type = bool - default = false -} -variable "tailscale_advertise_connector" { - description = "Boolean flag to enable Tailscale App Connector" - type = bool - default = false -} variable "tailscale_set_preferences" { description = "Preferences to run via `tailscale set ...`. Do not include `tailscale set`." type = set(string) @@ -43,17 +28,3 @@ variable "additional_after_scripts" { type = list(string) default = [] } - -# -# Variables for tailscale-advertise-routes -# -variable "tailscale_advertise_routes" { - description = "List of routes to advertise" - type = set(string) - default = [] -} -variable "tailscale_advertise_aws_service_names" { - description = "List of AWS Services to retrieve IP prefixes for - e.g. ['GLOBALACCELERATOR','AMAZON']" - type = set(string) - default = [] -} diff --git a/terraform/internal-modules/tailscale-advertise-routes/README.md b/terraform/internal-modules/tailscale-advertise-routes/README.md index d760650..7e945e9 100644 --- a/terraform/internal-modules/tailscale-advertise-routes/README.md +++ b/terraform/internal-modules/tailscale-advertise-routes/README.md @@ -1,3 +1,24 @@ # saas-route-lists Scripts to download, parse, and save various SaaS IP and domain lists to advertise via a Tailscale App Connector or Subnet Router. + +## Usage + +```hcl +module "tailscale-advertise-routes" { + source = "../../internal-modules/tailscale-advertise-routes" + + tailscale_advertise_aws_service_names = ["GLOBALACCELERATOR"] + tailscale_advertise_routes = [module.vpc.vpc_cidr_block] # ensure initial routes list is re-added +} + +module "tailscale_aws_ec2_autoscaling" { + source = "../internal-modules/aws-ec2-autoscaling/" + + // other inputs omitted + + additional_after_scripts = [ + module.tailscale-advertise-routes.routes_script, + ] +} +``` diff --git a/terraform/internal-modules/tailscale-advertise-routes/variables.tf b/terraform/internal-modules/tailscale-advertise-routes/variables.tf index aeab852..7192178 100644 --- a/terraform/internal-modules/tailscale-advertise-routes/variables.tf +++ b/terraform/internal-modules/tailscale-advertise-routes/variables.tf @@ -5,6 +5,7 @@ variable "tailscale_advertise_routes_from_file_on_host" { description = "File on the host to append (sorted and distinct) routes to" type = string + default = "/root/tailscale-routes-to-advertise.txt" } variable "tailscale_advertise_routes" { description = "List of subnets to advertise" diff --git a/terraform/internal-modules/tailscale-install-scripts/main.tf b/terraform/internal-modules/tailscale-install-scripts/main.tf index 2b43663..24585cc 100644 --- a/terraform/internal-modules/tailscale-install-scripts/main.tf +++ b/terraform/internal-modules/tailscale-install-scripts/main.tf @@ -14,7 +14,6 @@ locals { ]), after_scripts = flatten([ # scripts to run AFTER tailscale install - module.tailscale-advertise-routes.routes_script, var.additional_after_scripts, ]), } @@ -31,27 +30,10 @@ locals { tailscale_arguments = [ "--authkey=${var.tailscale_auth_key}", "--hostname=${var.tailscale_hostname}", - var.tailscale_ssh == false ? "" : "--ssh", - var.tailscale_advertise_connector == false ? "" : "--advertise-connector", - var.tailscale_advertise_exit_node == false ? "" : "--advertise-exit-node", - // Don't set --advertise-routes here, use advertise_routes_script instead. ] - ip_forwarding_required = local.ip_forwarding_script != "" - ip_forwarding_script = ( - var.tailscale_advertise_exit_node == false - && var.tailscale_advertise_connector == false - && length(var.tailscale_advertise_routes) == 0 ? - "" : templatefile("${path.module}/scripts/additional-scripts/ip-forwarding.tftpl", {}) - ) + ip_forwarding_required = length([for x in ["--advertise-exit-node", "--advertise-connector", "--advertise-routes"] : x if strcontains(x, "advertisfe")]) > 0 + ip_forwarding_script = local.ip_forwarding_required ? "" : templatefile("${path.module}/scripts/additional-scripts/ip-forwarding.tftpl", {}) ethtool_udp_optimization_script = templatefile("${path.module}/scripts/additional-scripts/ethtool-udp.tftpl", {}) } - -module "tailscale-advertise-routes" { - source = "../tailscale-advertise-routes" - tailscale_advertise_routes = var.tailscale_advertise_routes - - tailscale_advertise_routes_from_file_on_host = "/root/tailscale-routes-to-advertise.txt" - tailscale_advertise_aws_service_names = var.tailscale_advertise_aws_service_names -} diff --git a/terraform/internal-modules/tailscale-install-scripts/variables.tf b/terraform/internal-modules/tailscale-install-scripts/variables.tf index c7206f9..e4ff234 100644 --- a/terraform/internal-modules/tailscale-install-scripts/variables.tf +++ b/terraform/internal-modules/tailscale-install-scripts/variables.tf @@ -9,21 +9,6 @@ variable "tailscale_hostname" { description = "Hostname to assign to the device" type = string } -variable "tailscale_ssh" { - description = "Boolean flag to enable Tailscale SSH" - type = bool - default = true -} -variable "tailscale_advertise_exit_node" { - description = "Boolean flag to enable Tailscale Exit Node" - type = bool - default = false -} -variable "tailscale_advertise_connector" { - description = "Boolean flag to enable Tailscale App Connector" - type = bool - default = false -} variable "tailscale_set_preferences" { description = "Preferences to run via `tailscale set ...`. Do not include `tailscale set`." type = set(string) @@ -43,17 +28,3 @@ variable "additional_after_scripts" { type = list(string) default = [] } - -# -# Variables for tailscale-advertise-routes -# -variable "tailscale_advertise_routes" { - description = "List of routes to advertise" - type = set(string) - default = [] -} -variable "tailscale_advertise_aws_service_names" { - description = "List of AWS Services to retrieve IP prefixes for - e.g. ['GLOBALACCELERATOR','AMAZON']" - type = set(string) - default = [] -}