Erich Blume
3f4e40f3ae
## Summary - Manage tail8d86e.ts.net ACLs, tags, and DNS via Pulumi + Python - State stored in Pulumi Cloud (free tier) to avoid circular dependency - OAuth authentication via 1Password for secure credential management - New mise tasks: `tailnet-preview`, `tailnet-up` ## Architecture Two-layer approach: - **Layer 1 (Pulumi)**: Tailnet-wide config (ACLs, tags, DNS) - **Layer 2 (Ansible)**: Node-local `tailscale serve` config (unchanged) ## Test plan - [x] Exported current ACL from Tailscale API - [x] Imported existing ACL into Pulumi state - [x] Verified `mise run tailnet-preview` shows no changes - [x] Verified `mise run tailnet-up` applies successfully 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.tail8d86e.ts.net/eblume/blumeops/pulls/15
30 lines
638 B
YAML
30 lines
638 B
YAML
---
|
|
- name: Configure indri
|
|
hosts: indri
|
|
roles:
|
|
- role: loki
|
|
tags: loki
|
|
- role: alloy
|
|
tags: alloy
|
|
- role: prometheus
|
|
tags: prometheus
|
|
- role: grafana
|
|
tags: grafana
|
|
- role: transmission
|
|
tags: transmission
|
|
- role: transmission_metrics
|
|
tags: transmission_metrics
|
|
- role: kiwix
|
|
tags: kiwix
|
|
- role: borgmatic
|
|
tags: borgmatic
|
|
- role: forgejo
|
|
tags: forgejo
|
|
- role: devpi
|
|
tags: devpi
|
|
- role: devpi_metrics
|
|
tags: devpi_metrics
|
|
- role: plex_metrics
|
|
tags: plex_metrics
|
|
- role: tailscale_serve
|
|
tags: tailscale-serve
|