fix: pass primary tag to --advertise-tags + clean up naming / docs

masterpointio · Feb 19, 2024 · 02673eb · 02673eb
1 parent d7a7f56
commit 02673eb
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 7 deletions.
diff --git a/main.tf b/main.tf
@@ -1,14 +1,15 @@
 locals {
 
-  primary_tag           = coalesce(var.primary_tag, "tag:${module.this.id}")
-  prefixed_machine_tags = [for tag in var.machine_tags : "tag:${tag}"]
-  tailscale_tags        = concat([local.primary_tag], local.prefixed_machine_tags)
+  primary_tag              = coalesce(var.primary_tag, module.this.id)
+  prefixed_primary_tag     = "tag:${local.primary_tag}"
+  prefixed_additional_tags = [for tag in var.additional_tags : "tag:${tag}"]
+  tailscale_tags           = concat([local.prefixed_primary_tag], local.prefixed_additional_tags)
 
   userdata = templatefile("${path.module}/userdata.sh.tmpl", {
     routes      = join(",", var.advertise_routes)
     authkey     = tailscale_tailnet_key.default.key
     hostname    = module.this.id
-    tags        = join(",", local.prefixed_machine_tags)
+    tags        = join(",", local.tailscale_tags)
     ssh_enabled = var.ssh_enabled
   })
 }

diff --git a/userdata.sh.tmpl b/userdata.sh.tmpl
@@ -18,6 +18,8 @@ sudo systemctl enable --now tailscaled
 sleep 5
 
 # Start tailscale
+# We pass --advertise-tags below even though the authkey being created with those tags should result
+# in the same effect. This is to be more explicit because tailscale tags are a complicated topic.
 sudo tailscale up \
   --advertise-routes=${routes} \
   --advertise-tags=${tags} \

diff --git a/variables.tf b/variables.tf
@@ -105,13 +105,13 @@ variable "associate_public_ip_address" {
 variable "primary_tag" {
   default     = null
   type        = string
-  description = "The primary tag to apply to the Tailscale Subnet Router machine. This must match the OAuth client's tag. If not provided, the module will use the module's ID as the primary tag, which is configured in context.tf"
+  description = "The primary tag to apply to the Tailscale Subnet Router machine. Do not include the `tag:` prefix. This must match the OAuth client's tag. If not provided, the module will use the module's ID as the primary tag, which is configured in context.tf"
 }
 
-variable "machine_tags" {
+variable "additional_tags" {
   default     = []
   type        = list(string)
-  description = "Additional Tailscale tags to apply to the Tailscale Subnet Router machine in addition to `primary_tag`."
+  description = "Additional Tailscale tags to apply to the Tailscale Subnet Router machine in addition to `primary_tag`. These should not include the `tag:` prefix."
 }
 
 variable "ssh_enabled" {