Inputs

Name	Description	Type	Default	Required
accept_dns	Accept DNS configuration from Tailscale	bool	true	no
accept_routes	Accept routes from Tailscale	bool	false	no
additional_parts	Additional user defined part blocks for the cloudinit_config data source	list(object({ filename = string content_type = optional(string) content = optional(string) merge_type = optional(string) }))	[]	no
advertise_connector	Advertise this node as an app connector	bool	false	no
advertise_exit_node	Offer to be an exit node for internet traffic for the tailnet	bool	false	no
advertise_routes	Routes to advertise to other nodes	list(string)	[]	no
advertise_tags	ACL tags to request; each must start with 'tag:' (e.g. 'tag:eng,tag:montreal,tag:ssh')	list(string)	[]	no
auth_key	Node authorization key; if it begins with 'file:', then it's a path to a file containing the authkey	string	n/a	yes
base64_encode	Whether to base64 encode the cloud-init data	bool	true	no
enable_ssh	Enable SSH access via Tailscale	bool	false	no
exit_node	Tailscale exit node (IP or base name) for internet traffic	string	""	no
exit_node_allow_lan_access	Allow direct access to the local network when routing traffic via an exit node	bool	false	no
force_reauth	force reauthentication	bool	false	no
gzip	Whether to gzip the cloud-init data	bool	false	no
hostname	Hostname of the instance	string	""	no
json	output in JSON format	bool	false	no
login_server	base URL of control server	string	"https://controlplane.tailscale.com"	no
max_retries	maximum number of retries to connect to the control server	number	3	no
netfilter_mode	netfilter mode	string	"on"	no
operator	Unix username to allow to operate on tailscaled without sudo	string	""	no
relay_server_port	Port for the Tailscale relay server	number	7878	no
reset	reset unspecified settings to their default values	bool	false	no
retry_delay	delay in seconds between retries to connect to the control server	number	5	no
shields_up	don't allow incoming connections	bool	false	no
snat_subnet_routes	source NAT traffic to local routes advertised with --advertise-routes	bool	true	no
stateful_filtering	apply stateful filtering to forwarded packets	bool	false	no
tailscaled_flag_bird_socket	path of the bird unix socket	string	""	no
tailscaled_flag_config	path to config file, or 'vm:user-data' to use the VM's user-data (EC2)	string	""	no
tailscaled_flag_debug	listen address ([ip]:port) of optional debug server	string	""	no
tailscaled_flag_encrypt_state	encrypt the state file on disk; uses TPM on Linux and Windows	bool	false	no
tailscaled_flag_no_logs_no_support	disable log uploads; this also disables any technical support	bool	false	no
tailscaled_flag_outbound_http_proxy_listen	optional [ip]:port to run an outbound HTTP proxy (e.g. "localhost:8080")	string	""	no
tailscaled_flag_port	UDP port to listen on for WireGuard and peer-to-peer traffic; 0 means automatically select	number	41641	no
tailscaled_flag_socket	path of the service unix socket	string	"/run/tailscale/tailscaled.sock"	no
tailscaled_flag_socks5_server	optional [ip]:port to run a SOCK5 server (e.g. "localhost:1080")	string	""	no
tailscaled_flag_state	absolute path of state file; use 'kube:' to use Kubernetes secrets or 'arn:aws:ssm:...' to store in AWS SSM; use 'mem:' to not store state and register as an ephemeral node	string	""	no
tailscaled_flag_statedir	path to directory for storage of config state, TLS certs, temporary incoming Taildrop files, etc.	string	"/var/lib/tailscale/tailscaled.state"	no
tailscaled_flag_tun	tunnel interface name; use "userspace-networking" (beta) to not use TUN	string	""	no
tailscaled_flag_verbose	log verbosity level; 0 is default, 1 or higher are increasingly verbose	number	0	no
timeout	maximum amount of time to wait for tailscaled to enter a Running state	string	"0s"	no
track	Version of the Tailscale client to install	string	"stable"	no

Modules

No modules.

Outputs

Name	Description
rendered	n/a

Providers

Name	Version
cloudinit	>= 2.0

Requirements

Name	Version
terraform	>= 1.0
cloudinit	>= 2.0

Resources

Name	Type
cloudinit_config.main	data source