Tailscale: Terraform Root Detail

Level 3 (Detail) — ephemeral-castle/tailscale/ module resources, variables, and outputs.

Resource Inventory

File: ephemeral-castle/tailscale/main.tf

tailscale_acl

resource "tailscale_acl" "tazlab" {
  acl = file("${path.module}/acl.json")
}

Applies the ACL policy from acl.json. Replace-on-create — any change triggers a full ACL replacement.

tailscale_tailnet_settings

resource "tailscale_tailnet_settings" "tazlab" {
  devices_approval_on       = false
  devices_auto_updates_on   = false
  devices_key_duration_days = 180
}
SettingValueEffect
devices_approval_onfalseNew devices join without manual approval
devices_auto_updates_onfalseUpdates are manual
devices_key_duration_days180Auth keys expire after 180 days

tailscale_oauth_client

resource "tailscale_oauth_client" "bootstrap" {
  description = "tazlab-bootstrap"
  scopes      = ["auth_keys", "devices"]
  tags        = ["tag:tazpod"]
}
FieldValueDescription
descriptiontazlab-bootstrapHuman-readable name
scopesauth_keys, devicesKey creation + device management
tagstag:tazpodDevices created with this client get this tag

Variables

File: ephemeral-castle/tailscale/variables.tf

VariableTypeDescription
tailscale_api_keystringTailscale API key (from Infisical)
tailnetstringTailscale tailnet name

Outputs

File: ephemeral-castle/tailscale/outputs.tf

  • OAuth client ID
  • OAuth client secret

See Also