From 6a613f8369f15e26ccf94aa23fddbbef16dcd1b6 Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Wed, 21 Jan 2026 20:13:35 -0800 Subject: [PATCH] Remove migrated service tags from indri Services grafana, kiwix, devpi, pg (blumeops-pg), and feed (miniflux) have migrated to Kubernetes. They now have their own Tailscale devices via the tailscale-operator, so indri no longer needs these service tags. Remaining tags on indri: homelab, blumeops, forge, loki, registry, k8s-api Co-Authored-By: Claude Opus 4.5 --- pulumi/__main__.py | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/pulumi/__main__.py b/pulumi/__main__.py index 0a08ee8..7c76c26 100644 --- a/pulumi/__main__.py +++ b/pulumi/__main__.py @@ -36,7 +36,8 @@ acl = tailscale.Acl( # Tags control access via the ACL policy in policy.hujson. # indri - Mac Mini M1, primary homelab server -# Hosts all user-facing services (grafana, forge, kiwix, etc.) +# Hosts forge, loki, zot registry, and the k8s control plane. +# Other services (grafana, kiwix, devpi, etc.) run in k8s with their own Tailscale devices. indri = tailscale.get_device(name="indri.tail8d86e.ts.net") indri_tags = tailscale.DeviceTags( "indri-tags", @@ -44,16 +45,11 @@ indri_tags = tailscale.DeviceTags( tags=[ "tag:homelab", # Server role - allows SSH from workstations "tag:blumeops", # Managed by this IaC - # Service tags - enable fine-grained access control per service - "tag:grafana", + # Service tags for services still hosted directly on indri "tag:forge", - "tag:kiwix", - "tag:devpi", "tag:loki", - "tag:pg", - "tag:feed", "tag:registry", # Zot container registry - "tag:k8s-api", # Kubernetes API server + "tag:k8s-api", # Kubernetes API server (minikube) ], )