| accept_dns |
Accept DNS configuration from Tailscale |
bool |
true |
no |
| accept_routes |
Accept routes from Tailscale |
bool |
false |
no |
| additional_parts |
Additional user defined part blocks for the cloudinit_config data source |
list(object({
filename = string
content_type = optional(string)
content = optional(string)
merge_type = optional(string)
})) |
[] |
no |
| advertise_connector |
Advertise this node as an app connector |
bool |
false |
no |
| advertise_exit_node |
Offer to be an exit node for internet traffic for the tailnet |
bool |
false |
no |
| advertise_routes |
Routes to advertise to other nodes |
list(string) |
[] |
no |
| advertise_tags |
ACL tags to request; each must start with 'tag:' (e.g. 'tag:eng,tag:montreal,tag:ssh') |
list(string) |
[] |
no |
| auth_key |
Node authorization key; if it begins with 'file:', then it's a path to a file containing the authkey |
string |
n/a |
yes |
| base64_encode |
Whether to base64 encode the cloud-init data |
bool |
true |
no |
| enable_ssh |
Enable SSH access via Tailscale |
bool |
false |
no |
| exit_node |
Tailscale exit node (IP or base name) for internet traffic |
string |
"" |
no |
| exit_node_allow_lan_access |
Allow direct access to the local network when routing traffic via an exit node |
bool |
false |
no |
| force_reauth |
force reauthentication |
bool |
false |
no |
| gzip |
Whether to gzip the cloud-init data |
bool |
false |
no |
| hostname |
Hostname of the instance |
string |
"" |
no |
| json |
output in JSON format |
bool |
false |
no |
| login_server |
base URL of control server |
string |
"https://controlplane.tailscale.com" |
no |
| max_retries |
maximum number of retries to connect to the control server |
number |
3 |
no |
| netfilter_mode |
netfilter mode |
string |
"on" |
no |
| operator |
Unix username to allow to operate on tailscaled without sudo |
string |
"" |
no |
| relay_server_port |
Port for the Tailscale relay server |
number |
7878 |
no |
| reset |
reset unspecified settings to their default values |
bool |
false |
no |
| retry_delay |
delay in seconds between retries to connect to the control server |
number |
5 |
no |
| shields_up |
don't allow incoming connections |
bool |
false |
no |
| snat_subnet_routes |
source NAT traffic to local routes advertised with --advertise-routes |
bool |
true |
no |
| stateful_filtering |
apply stateful filtering to forwarded packets |
bool |
false |
no |
| tailscaled_flag_bird_socket |
path of the bird unix socket |
string |
"" |
no |
| tailscaled_flag_config |
path to config file, or 'vm:user-data' to use the VM's user-data (EC2) |
string |
"" |
no |
| tailscaled_flag_debug |
listen address ([ip]:port) of optional debug server |
string |
"" |
no |
| tailscaled_flag_encrypt_state |
encrypt the state file on disk; uses TPM on Linux and Windows |
bool |
false |
no |
| tailscaled_flag_no_logs_no_support |
disable log uploads; this also disables any technical support |
bool |
false |
no |
| tailscaled_flag_outbound_http_proxy_listen |
optional [ip]:port to run an outbound HTTP proxy (e.g. "localhost:8080") |
string |
"" |
no |
| tailscaled_flag_port |
UDP port to listen on for WireGuard and peer-to-peer traffic; 0 means automatically select |
number |
41641 |
no |
| tailscaled_flag_socket |
path of the service unix socket |
string |
"/run/tailscale/tailscaled.sock" |
no |
| tailscaled_flag_socks5_server |
optional [ip]:port to run a SOCK5 server (e.g. "localhost:1080") |
string |
"" |
no |
| tailscaled_flag_state |
absolute path of state file; use 'kube:' to use Kubernetes secrets or 'arn:aws:ssm:...' to store in AWS SSM; use 'mem:' to not store state and register as an ephemeral node |
string |
"" |
no |
| tailscaled_flag_statedir |
path to directory for storage of config state, TLS certs, temporary incoming Taildrop files, etc. |
string |
"/var/lib/tailscale/tailscaled.state" |
no |
| tailscaled_flag_tun |
tunnel interface name; use "userspace-networking" (beta) to not use TUN |
string |
"" |
no |
| tailscaled_flag_verbose |
log verbosity level; 0 is default, 1 or higher are increasingly verbose |
number |
0 |
no |
| timeout |
maximum amount of time to wait for tailscaled to enter a Running state |
string |
"0s" |
no |
| track |
Version of the Tailscale client to install |
string |
"stable" |
no |