Add ringtail DeviceTags and homelab-to-homelab SSH rule #210

Merged

eblume merged 2 commits from fix/tailscale-ssh-ringtail into main 2026-02-18 21:48:12 -08:00

Conversation 0 Commits 2 Files changed 3 +24 -13

eblume commented 2026-02-18 21:38:41 -08:00

Owner

Copy link

Summary

• Add ringtail DeviceTags Pulumi resource with tag:homelab + tag:blumeops (matching indri/sifaka pattern)
• Remove the bootstrap ringtail_key auth key — ringtail is already on the tailnet
• Add SSH ACL rule allowing tag:homelab → tag:homelab SSH, unblocking cross-host management (e.g., ringtail running ansible against indri)

Deployment and Testing

• mise run tailnet-preview — dry run, confirm diff
• mise run tailnet-up — apply
• From ringtail: ssh indri 'hostname' — should succeed

🤖 Generated with Claude Code

## Summary - Add `ringtail` DeviceTags Pulumi resource with `tag:homelab` + `tag:blumeops` (matching indri/sifaka pattern) - Remove the bootstrap `ringtail_key` auth key — ringtail is already on the tailnet - Add SSH ACL rule allowing `tag:homelab` → `tag:homelab` SSH, unblocking cross-host management (e.g., ringtail running ansible against indri) ## Deployment and Testing - [ ] `mise run tailnet-preview` — dry run, confirm diff - [ ] `mise run tailnet-up` — apply - [ ] From ringtail: `ssh indri 'hostname'` — should succeed 🤖 Generated with [Claude Code](https://claude.com/claude-code)

eblume added 1 commit 2026-02-18 21:38:41 -08:00

Add ringtail DeviceTags and homelab-to-homelab SSH rule ... c87dd1c6d7

Ringtail is already on the tailnet but had no DeviceTags resource —
add one matching the indri/sifaka pattern. Remove the bootstrap auth
key since ringtail is fully provisioned.

Add an SSH ACL rule so tag:homelab devices can SSH to each other,
which unblocks ansible/cross-host management from ringtail to indri.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

eblume added 1 commit 2026-02-18 21:40:09 -08:00

Use accept action for homelab-to-homelab SSH rule ... e4b930d4f4

Tagged devices cannot perform interactive browser-based "check" auth,
so use "accept" for tag:homelab → tag:homelab SSH.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

eblume merged commit 630ebcd12d into main 2026-02-18 21:48:12 -08:00

eblume referenced this pull request from a commit 2026-02-18 21:48:15 -08:00

Add ringtail DeviceTags and homelab-to-homelab SSH rule (#210)

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

eblume/blumeops!210

No description provided.