Add Pulumi for tailnet IaC management #15

Merged

eblume merged 2 commits from feature/pulumi-tailnet-iac into main 2026-01-15 20:55:26 -08:00

Conversation 0 Commits 2 Files changed 13 +231

2 commits

Author	SHA1	Message	Date
Erich Blume	6f244e6f4f	Add tailscale_serve ansible role for Layer 2 IaC ... - Manage tailscale serve configuration declaratively via ansible - Define services in defaults/main.yml (grafana, forge, kiwix, pypi) - Role depends on service roles to ensure correct execution order - Incremental idempotency: only apply if service missing Two-layer tailnet IaC is now complete: - Layer 1 (Pulumi): ACLs, tags, DNS - Layer 2 (Ansible): tailscale serve config Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-15 20:53:24 -08:00
Erich Blume	63e99998dd	Add Pulumi for tailnet IaC management ... - Manage tail8d86e.ts.net ACLs, tags, and DNS via Pulumi + Python - State stored in Pulumi Cloud (free tier) to avoid circular dependency - OAuth authentication via 1Password for secure credential management - mise tasks: tailnet-preview, tailnet-up Two-layer approach: - Layer 1 (Pulumi): Tailnet-wide config (ACLs, tags, DNS) - Layer 2 (Ansible): Node-local tailscale serve config (unchanged) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-15 20:24:28 -08:00