From 02673eb1ac6eb72266deccd56f46c943092f0bf4 Mon Sep 17 00:00:00 2001
From: Matt Gowie <matt@masterpoint.io>
Date: Mon, 19 Feb 2024 11:14:19 -0700
Subject: [PATCH] fix: pass primary tag to --advertise-tags + clean up naming /
 docs

---
 main.tf          | 9 +++++----
 userdata.sh.tmpl | 2 ++
 variables.tf     | 6 +++---
 3 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/main.tf b/main.tf
index fc45c63..1a1c34c 100644
--- a/main.tf
+++ b/main.tf
@@ -1,14 +1,15 @@
 locals {
 
-  primary_tag           = coalesce(var.primary_tag, "tag:${module.this.id}")
-  prefixed_machine_tags = [for tag in var.machine_tags : "tag:${tag}"]
-  tailscale_tags        = concat([local.primary_tag], local.prefixed_machine_tags)
+  primary_tag              = coalesce(var.primary_tag, module.this.id)
+  prefixed_primary_tag     = "tag:${local.primary_tag}"
+  prefixed_additional_tags = [for tag in var.additional_tags : "tag:${tag}"]
+  tailscale_tags           = concat([local.prefixed_primary_tag], local.prefixed_additional_tags)
 
   userdata = templatefile("${path.module}/userdata.sh.tmpl", {
     routes      = join(",", var.advertise_routes)
     authkey     = tailscale_tailnet_key.default.key
     hostname    = module.this.id
-    tags        = join(",", local.prefixed_machine_tags)
+    tags        = join(",", local.tailscale_tags)
     ssh_enabled = var.ssh_enabled
   })
 }
diff --git a/userdata.sh.tmpl b/userdata.sh.tmpl
index 5101643..39ecaf2 100644
--- a/userdata.sh.tmpl
+++ b/userdata.sh.tmpl
@@ -18,6 +18,8 @@ sudo systemctl enable --now tailscaled
 sleep 5
 
 # Start tailscale
+# We pass --advertise-tags below even though the authkey being created with those tags should result
+# in the same effect. This is to be more explicit because tailscale tags are a complicated topic.
 sudo tailscale up \
   --advertise-routes=${routes} \
   --advertise-tags=${tags} \
diff --git a/variables.tf b/variables.tf
index 196a3ea..29b4659 100644
--- a/variables.tf
+++ b/variables.tf
@@ -105,13 +105,13 @@ variable "associate_public_ip_address" {
 variable "primary_tag" {
   default     = null
   type        = string
-  description = "The primary tag to apply to the Tailscale Subnet Router machine. This must match the OAuth client's tag. If not provided, the module will use the module's ID as the primary tag, which is configured in context.tf"
+  description = "The primary tag to apply to the Tailscale Subnet Router machine. Do not include the `tag:` prefix. This must match the OAuth client's tag. If not provided, the module will use the module's ID as the primary tag, which is configured in context.tf"
 }
 
-variable "machine_tags" {
+variable "additional_tags" {
   default     = []
   type        = list(string)
-  description = "Additional Tailscale tags to apply to the Tailscale Subnet Router machine in addition to `primary_tag`."
+  description = "Additional Tailscale tags to apply to the Tailscale Subnet Router machine in addition to `primary_tag`. These should not include the `tag:` prefix."
 }
 
 variable "ssh_enabled" {