From c516c8ba3522a398edbf50a0af6df26b5118f8db Mon Sep 17 00:00:00 2001 From: MichaelFisher1997 Date: Sat, 28 Feb 2026 13:46:11 +0000 Subject: [PATCH] chore: disable VM tailscale bootstrap for now Remove tailscale auth/bootstrap from cloud-init and workflows, keeping VM provisioning focused on core network behind pfSense while preserving SSH key cloud-init setup. --- .gitea/workflows/terraform-apply.yml | 1 - .gitea/workflows/terraform-destroy.yml | 1 - .gitea/workflows/terraform-plan.yml | 1 - terraform/cloud-init.tf | 1 - terraform/files/cloud_init_global.tpl | 4 ---- terraform/variables.tf | 6 ------ 6 files changed, 14 deletions(-) diff --git a/.gitea/workflows/terraform-apply.yml b/.gitea/workflows/terraform-apply.yml index 1f12c35..533734a 100644 --- a/.gitea/workflows/terraform-apply.yml +++ b/.gitea/workflows/terraform-apply.yml @@ -24,7 +24,6 @@ jobs: cat > secrets.auto.tfvars << EOF pm_api_token_secret = "${{ secrets.PM_API_TOKEN_SECRET }}" SSH_KEY_PUBLIC = "$(printf '%s' "${{ secrets.SSH_KEY_PUBLIC }}" | tr -d '\r\n')" - TS_AUTHKEY = "$(printf '%s' "${{ secrets.TS_AUTHKEY }}" | tr -d '\r\n')" EOF cat > backend.hcl << EOF bucket = "${{ secrets.B2_TF_BUCKET }}" diff --git a/.gitea/workflows/terraform-destroy.yml b/.gitea/workflows/terraform-destroy.yml index c07d3a1..e592710 100644 --- a/.gitea/workflows/terraform-destroy.yml +++ b/.gitea/workflows/terraform-destroy.yml @@ -44,7 +44,6 @@ jobs: cat > secrets.auto.tfvars << EOF pm_api_token_secret = "${{ secrets.PM_API_TOKEN_SECRET }}" SSH_KEY_PUBLIC = "$(printf '%s' "${{ secrets.SSH_KEY_PUBLIC }}" | tr -d '\r\n')" - TS_AUTHKEY = "$(printf '%s' "${{ secrets.TS_AUTHKEY }}" | tr -d '\r\n')" EOF cat > backend.hcl << EOF bucket = "${{ secrets.B2_TF_BUCKET }}" diff --git a/.gitea/workflows/terraform-plan.yml b/.gitea/workflows/terraform-plan.yml index 8fb5688..3bd9459 100644 --- a/.gitea/workflows/terraform-plan.yml +++ b/.gitea/workflows/terraform-plan.yml @@ -26,7 +26,6 @@ jobs: cat > secrets.auto.tfvars << EOF pm_api_token_secret = "${{ secrets.PM_API_TOKEN_SECRET }}" SSH_KEY_PUBLIC = "$(printf '%s' "${{ secrets.SSH_KEY_PUBLIC }}" | tr -d '\r\n')" - TS_AUTHKEY = "$(printf '%s' "${{ secrets.TS_AUTHKEY }}" | tr -d '\r\n')" EOF cat > backend.hcl << EOF bucket = "${{ secrets.B2_TF_BUCKET }}" diff --git a/terraform/cloud-init.tf b/terraform/cloud-init.tf index afe4e58..1c6340a 100644 --- a/terraform/cloud-init.tf +++ b/terraform/cloud-init.tf @@ -3,7 +3,6 @@ data "template_file" "cloud_init_global" { vars = { SSH_KEY_PUBLIC = var.SSH_KEY_PUBLIC - TS_AUTHKEY = var.TS_AUTHKEY } } diff --git a/terraform/files/cloud_init_global.tpl b/terraform/files/cloud_init_global.tpl index a3134fc..2275158 100644 --- a/terraform/files/cloud_init_global.tpl +++ b/terraform/files/cloud_init_global.tpl @@ -11,7 +11,3 @@ users: - name: micqdf ssh_authorized_keys: - ${SSH_KEY_PUBLIC} - -runcmd: - - [ /run/current-system/sw/bin/sh, -lc, "set -eu; install -d -m 700 /var/lib/tailscale; rm -f /var/lib/tailscale/tailscaled.state" ] - - [ /run/current-system/sw/bin/sh, -lc, "set -eu; for i in 1 2 3 4 5; do /run/current-system/sw/bin/tailscale up --reset --auth-key='${TS_AUTHKEY}' --hostname='$(hostname)' --advertise-tags='tag:k8s' && exit 0; sleep 15; done; /run/current-system/sw/bin/tailscale up --reset --auth-key='${TS_AUTHKEY}' --hostname='$(hostname)'" ] diff --git a/terraform/variables.tf b/terraform/variables.tf index 020f304..e805ebe 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -71,9 +71,3 @@ variable "SSH_KEY_PUBLIC" { type = string description = "Public SSH key injected via cloud-init" } - -variable "TS_AUTHKEY" { - type = string - sensitive = true - description = "Tailscale auth key used during cloud-init enrollment" -} -- 2.49.1