Erich Blume
3f4e40f3ae
## Summary - Manage tail8d86e.ts.net ACLs, tags, and DNS via Pulumi + Python - State stored in Pulumi Cloud (free tier) to avoid circular dependency - OAuth authentication via 1Password for secure credential management - New mise tasks: `tailnet-preview`, `tailnet-up` ## Architecture Two-layer approach: - **Layer 1 (Pulumi)**: Tailnet-wide config (ACLs, tags, DNS) - **Layer 2 (Ansible)**: Node-local `tailscale serve` config (unchanged) ## Test plan - [x] Exported current ACL from Tailscale API - [x] Imported existing ACL into Pulumi state - [x] Verified `mise run tailnet-preview` shows no changes - [x] Verified `mise run tailnet-up` applies successfully 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.tail8d86e.ts.net/eblume/blumeops/pulls/15 |
||
|---|---|---|
| .. | ||
| alloy | ||
| borgmatic | ||
| devpi | ||
| devpi_metrics | ||
| forgejo | ||
| grafana | ||
| kiwix | ||
| loki | ||
| node_exporter | ||
| plex_metrics | ||
| prometheus | ||
| tailscale_serve | ||
| transmission | ||
| transmission_metrics | ||