-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
122 lines (106 loc) · 3.47 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
variable "tailscale_domain" {
type = string
default = "example.net"
description = "The domain name of the tailscale network to manage."
}
variable "tailscale_admin_users" {
type = list(string)
default = ["admin"]
description = "usernames of the tailscale network's admins, minus the `@domain` part."
}
variable "tailscale_api_key" {
type = string
default = "tskey-XXXXXXXXXXXX-XXXXXXXXXXXXXXXXXXXXXX"
sensitive = true
description = "The tailscale API key to use."
validation {
condition = can(regex("^tskey-", var.tailscale_api_key))
error_message = "The tailscale API key must start with `tskey-`."
}
}
variable "relay_node_name" {
type = string
default = "tailscale-relay"
description = "The name of the relay node in tailscale network."
validation {
condition = can(regex("^\\w+$", var.relay_node_name))
error_message = "tailscale node name must be alphanumeric."
}
}
variable "relay_tag" {
type = string
default = "tag:tailscale"
description = "The tag to use for the tailscale network's relay nodes."
validation {
condition = can(regex("^tag:\\w+", var.relay_tag))
error_message = "tailscale tags must start with `tag:` followed by a tag name."
}
}
variable "relay_instance_type" {
type = string
default = "t2.micro"
description = "The EC2 instance type to use for the relay server."
}
variable "relay_key_name" {
type = string
default = "default"
description = "Name of key pair to use for the relay server, or empty to disable ssh access."
}
variable "aws_region" {
type = string
default = "us-east-1"
description = "The AWS region to use."
}
variable "vpc_id" {
type = string
default = "vpc-XXXXXXXXXXXXXXXXXXXX"
description = "ID of the vpc to deploy tailscale relay to."
}
variable "subnet_id" {
type = string
default = "subnet-XXXXXXXXXXXXXXXXXXXX"
description = "ID of the subnet to attach tailscale relay to."
}
variable "additional_routes" {
type = list(string)
default = []
description = "The routes in addition to selected VPC's routes, to add to the tailscale network."
validation {
condition = alltrue([
for route in var.additional_routes :
can(regex("^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/\\d{1,2}$", route))
])
error_message = "routes must be in CIDR format."
}
}
variable "fallback_nameservers" {
type = list(string)
# default = ["169.254.169.253", "1.1.1.1", "1.0.0.1", "8.8.8.8", "8.8.4.4"]
default = ["1.1.1.1", "1.0.0.1", "8.8.8.8", "8.8.4.4"]
description = "additional nameservers to push to the tailscale network."
}
variable "advertise_nameservers" {
type = bool
default = true
description = "Whether to advertise the tailscale network's nameservers to clients."
}
variable "advertise_routes" {
type = bool
default = true
description = "Whether to advertise the tailscale server's subnet routes to clients."
}
variable "advertise_exit_node" {
type = bool
default = true
description = "Whether to advertise the tailscale server as an exit node."
}
variable "enable_tailscale_ssh" {
type = bool
default = false
description = "Whether to enable ssh-over-tailscale for tailscale network nodes."
}
variable "relay_associate_public_ip" {
type = bool
default = true
description = "Whether to associate a public IP address with the relay server."
}