Tailscale: Terraform Root Detail
Level 3 (Detail) — ephemeral-castle/tailscale/ module resources, variables, and outputs.
Resource Inventory
File: ephemeral-castle/tailscale/main.tf
tailscale_acl
resource "tailscale_acl" "tazlab" {
acl = file("${path.module}/acl.json")
}
Applies the ACL policy from acl.json. Replace-on-create — any change triggers a full ACL replacement.
tailscale_tailnet_settings
resource "tailscale_tailnet_settings" "tazlab" {
devices_approval_on = false
devices_auto_updates_on = false
devices_key_duration_days = 180
}
| Setting | Value | Effect |
|---|---|---|
devices_approval_on | false | New devices join without manual approval |
devices_auto_updates_on | false | Updates are manual |
devices_key_duration_days | 180 | Auth keys expire after 180 days |
tailscale_oauth_client
resource "tailscale_oauth_client" "bootstrap" {
description = "tazlab-bootstrap"
scopes = ["auth_keys", "devices"]
tags = ["tag:tazpod"]
}
| Field | Value | Description |
|---|---|---|
| description | tazlab-bootstrap | Human-readable name |
| scopes | auth_keys, devices | Key creation + device management |
| tags | tag:tazpod | Devices created with this client get this tag |
Variables
File: ephemeral-castle/tailscale/variables.tf
| Variable | Type | Description |
|---|---|---|
tailscale_api_key | string | Tailscale API key (from Infisical) |
tailnet | string | Tailscale tailnet name |
Outputs
File: ephemeral-castle/tailscale/outputs.tf
- OAuth client ID
- OAuth client secret
See Also
- Topic: IaC Management
- Reference: main.tf, acl.json
- Hub: Tailscale