fix: allow optional non-tailnet CIDRs alongside tailnet restrictions

2026-03-01 14:01:32 +00:00
parent d29a428f2d
commit 0d83ef45c1
1 changed files with 2 additions and 2 deletions
--- a/terraform/firewall.tf
+++ b/terraform/firewall.tf
@@ -1,6 +1,6 @@
 locals {
-  ssh_source_ips = var.restrict_api_ssh_to_tailnet ? [var.tailnet_cidr] : var.allowed_ssh_ips
-  api_source_ips = var.restrict_api_ssh_to_tailnet ? [var.tailnet_cidr] : var.allowed_api_ips
+  ssh_source_ips = var.restrict_api_ssh_to_tailnet ? concat([var.tailnet_cidr], var.allowed_ssh_ips) : var.allowed_ssh_ips
+  api_source_ips = var.restrict_api_ssh_to_tailnet ? concat([var.tailnet_cidr], var.allowed_api_ips) : var.allowed_api_ips
 }

 resource "hcloud_firewall" "cluster" {