infra: add servers to tailscale

Author: JuArce

infra/aggregation_mode/terraform/.terraform.lock.hcl

@@ -36,3 +36,7 @@ packages:
 
 runcmd:
   - loginctl enable-linger app
+  # Tailscale installation https://tailscale.com/kb/1293/cloud-init
+  - curl -fsSL https://tailscale.com/install.sh | sh
+  - tailscale up --ssh --advertise-tags=tag:server --auth-key=${tailscale_auth_key}
+  - tailscale set --auto-update

infra/aggregation_mode/terraform/cloudinit/postgres-monitor-cloud-init.yaml

@@ -36,3 +36,7 @@ packages:
 
 runcmd:
   - loginctl enable-linger app
+  # Tailscale installation https://tailscale.com/kb/1293/cloud-init
+  - curl -fsSL https://tailscale.com/install.sh | sh
+  - tailscale up --ssh --advertise-tags=tag:server --auth-key=${tailscale_auth_key}
+  - tailscale set --auto-update

infra/aggregation_mode/terraform/cloudinit/scaleway-cloud-init.yaml

@@ -2,15 +2,19 @@ provider "aws" {
   region = "us-east-2"
 }
 
+provider "tailscale" {
+  # Configure via environment variables:
+  # TAILSCALE_API_KEY
+}
 
 module "postgres_monitor" {
   source = "./postgres_monitor"
 }
 
-module "postgres_primary" {
-  source = "./postgres_primary"
-}
+# module "postgres_primary" {
+#   source = "./postgres_primary"
+# }
 
-module "postgres_secondary" {
-  source = "./postgres_secondary"
-}
+# module "postgres_secondary" {
+#   source = "./postgres_secondary"
+# }

infra/aggregation_mode/terraform/main.tf

@@ -1,9 +1,14 @@
-output "postgres_monitor_instance_hostname" {
-  description = "Private DNS name of the EC2 instance."
-  value       = module.postgres_monitor.instance_hostname
-}
-
 output "postgres_monitor_public_ip" {
-  description = "Public IP address of the EC2 instance."
+  description = "Public IP address of the Postgres Monitor."
   value       = module.postgres_monitor.public_ip
 }
+
+# output "postgres_primary_public_ip" {
+#   description = "Public IP address of the Postgres Primary."
+#   value       = module.postgres_primary.public_ip
+# }
+#
+# output "postgres_secondary_public_ip" {
+#   description = "Public IP address of the Postgres Secondary."
+#   value       = module.postgres_secondary.public_ip
+# }

infra/aggregation_mode/terraform/output.tf

@@ -1,3 +1,21 @@
+terraform {
+  required_providers {
+    tailscale = {
+      source = "tailscale/tailscale"
+    }
+  }
+}
+
+# Create ephemeral Tailscale auth key
+resource "tailscale_tailnet_key" "postgres_monitor" {
+  reusable      = false
+  ephemeral     = true
+  preauthorized = true
+  expiry        = 3600
+  description   = "Ephemeral key for postgres-monitor"
+  tags          = ["tag:server"]
+}
+
 # Upload existing SSH public key to AWS
 resource "aws_key_pair" "ssh_key" {
   key_name   = var.ssh_key_name
@@ -58,8 +76,9 @@ resource "aws_instance" "postgres_monitor" {
   vpc_security_group_ids = [aws_security_group.ssh_access.id]
 
   user_data = templatefile("${path.module}/../cloudinit/postgres-monitor-cloud-init.yaml", {
-    hostname       = var.hostname
-    ssh_public_key = trimspace(file(var.ssh_public_key_path))
+    hostname           = var.hostname
+    ssh_public_key     = trimspace(file(var.ssh_public_key_path))
+    tailscale_auth_key = tailscale_tailnet_key.postgres_monitor.key
   })
 
   user_data_replace_on_change = true

infra/aggregation_mode/terraform/postgres_monitor/main.tf

@@ -3,9 +3,22 @@ terraform {
     scaleway = {
       source = "scaleway/scaleway"
     }
+    tailscale = {
+      source = "tailscale/tailscale"
+    }
   }
 }
 
+# Create ephemeral Tailscale auth key
+resource "tailscale_tailnet_key" "postgres_primary" {
+  reusable      = false
+  ephemeral     = true
+  preauthorized = true
+  expiry        = 3600
+  description   = "Ephemeral key for postgres-primary"
+  tags          = ["tag:server"]
+}
+
 # Get available bare metal offer
 data "scaleway_baremetal_offer" "offer" {
   zone = var.zone
@@ -41,8 +54,9 @@ resource "scaleway_baremetal_server" "postgres_primary" {
 
   # Cloud-init configuration
 #   cloud_init = templatefile("${path.module}/../cloudinit/scaleway-cloud-init.yaml", {
-#     hostname       = var.hostname
-#     ssh_public_key = trimspace(file(var.ssh_public_key_path))
+#     hostname           = var.hostname
+#     ssh_public_key     = trimspace(file(var.ssh_public_key_path))
+#     tailscale_auth_key = tailscale_tailnet_key.postgres_primary.key
 #   })
 
   tags = var.tags

infra/aggregation_mode/terraform/postgres_primary/main.tf

@@ -0,0 +1,4 @@
+output public_ip {
+  description = "Public IP address of the Postgres Primary."
+  value       = scaleway_baremetal_server.postgres_primary.ips
+}

infra/aggregation_mode/terraform/postgres_primary/output.tf

@@ -0,0 +1,4 @@
+output public_ip {
+  description = "Public IP address of the Postgres Secondary."
+  value       = scaleway_baremetal_server.postgres_secondary.ips
+}

infra/aggregation_mode/terraform/postgres_secondary/output.tf

@@ -8,6 +8,10 @@ terraform {
       source = "scaleway/scaleway"
       version = "2.64.0"
     }
+    tailscale = {
+      source = "tailscale/tailscale"
+      version = "0.24.0"
+    }
   }
 
   required_version = ">= 1.2"