{"id":25319764,"url":"https://github.com/jlucktay/terraform-google-tailscale-exit-node","last_synced_at":"2026-03-05T14:03:48.668Z","repository":{"id":160235754,"uuid":"628586125","full_name":"jlucktay/terraform-google-tailscale-exit-node","owner":"jlucktay","description":"Tailscale Exit Node on Google Cloud","archived":false,"fork":false,"pushed_at":"2026-01-18T17:09:36.000Z","size":53,"stargazers_count":8,"open_issues_count":0,"forks_count":3,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-01-19T01:23:03.612Z","etag":null,"topics":["exit-node","google-cloud","tailscale","terraform","terraform-module"],"latest_commit_sha":null,"homepage":"https://registry.terraform.io/modules/jlucktay/tailscale-exit-node/google","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jlucktay.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-04-16T12:19:33.000Z","updated_at":"2026-01-18T17:09:41.000Z","dependencies_parsed_at":"2024-08-28T06:32:45.345Z","dependency_job_id":"f594d73f-3ab2-47f6-8623-bcbb5cd54436","html_url":"https://github.com/jlucktay/terraform-google-tailscale-exit-node","commit_stats":null,"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"purl":"pkg:github/jlucktay/terraform-google-tailscale-exit-node","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jlucktay%2Fterraform-google-tailscale-exit-node","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jlucktay%2Fterraform-google-tailscale-exit-node/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jlucktay%2Fterraform-google-tailscale-exit-node/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jlucktay%2Fterraform-google-tailscale-exit-node/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jlucktay","download_url":"https://codeload.github.com/jlucktay/terraform-google-tailscale-exit-node/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jlucktay%2Fterraform-google-tailscale-exit-node/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30130031,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-05T12:40:50.676Z","status":"ssl_error","status_checked_at":"2026-03-05T12:39:32.209Z","response_time":93,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["exit-node","google-cloud","tailscale","terraform","terraform-module"],"created_at":"2025-02-13T20:54:59.904Z","updated_at":"2026-03-05T14:03:48.660Z","avatar_url":"https://github.com/jlucktay.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Tailscale Exit Node on Google Cloud\n\nInfrastructure for a Tailscale exit node.\n\n- VM running Debian that will join the tailnet at launch and advertise as an exit node.\n  - If [Device Approval](https://login.tailscale.com/admin/settings/device-management) is switched on, and/or the user\n    generating the auth key is not set up as an `autoApprover` in tailnet policy, then the exit node will need to be\n    manually approved on [the Machines tab of the Tailscale admin console](https://login.tailscale.com/admin/machines).\n- Dedicated VPC network and subnet, and a firewall rule to allow SSHing into the exit node VM via Identity-Aware Proxy.\n- Enablement of the necessary Google Cloud APIs/services.\n\n## Usage\n\nBoth the Google Cloud and Tailscale providers will require authentication:\n\n- For Tailscale, it is recommended to\n  [set the `TAILSCALE_API_KEY` environment variable](https://registry.terraform.io/providers/tailscale/tailscale/latest/docs#api_key)\n  with a [valid API access token](https://login.tailscale.com/admin/settings/keys) generated from the admin console.\n  - The shell script executed by `null_resource.remove_previous_exit_node` will also make use of this\n    `TAILSCALE_API_KEY` environment variable.\n- Google Cloud provider authentication is\n  [documented here](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#authentication).\n\n### Google Cloud project\n\nThe module has an input variable for the Google Cloud project into which it will provision the resources detailed below.\nThis project **must already exist**; the module will not provision the project itself, only the resources inside of it, and the necessary APIs/services for these resources.\n\n### Tailscale key replacement\n\nIf the exit node VM needs to be rotated, into a different region for example, it is recommended to have Terraform\nforce-replace the `tailscale_tailnet_key` resource, like so:\n\n```shell\nterraform apply --replace=module.this.tailscale_tailnet_key.one_time_use\n```\n\n\u003c!-- BEGIN_TF_DOCS --\u003e\n\n## Requirements\n\nThe following requirements are needed by this module:\n\n- \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) (~\u003e 1.0)\n\n- \u003ca name=\"requirement_google\"\u003e\u003c/a\u003e [google](#requirement\\_google) (~\u003e 7.0)\n\n- \u003ca name=\"requirement_tailscale\"\u003e\u003c/a\u003e [tailscale](#requirement\\_tailscale) (~\u003e 0.0)\n\n## Providers\n\nThe following providers are used by this module:\n\n- \u003ca name=\"provider_google\"\u003e\u003c/a\u003e [google](#provider\\_google) (~\u003e 7.0)\n\n- \u003ca name=\"provider_null\"\u003e\u003c/a\u003e [null](#provider\\_null)\n\n- \u003ca name=\"provider_random\"\u003e\u003c/a\u003e [random](#provider\\_random)\n\n- \u003ca name=\"provider_tailscale\"\u003e\u003c/a\u003e [tailscale](#provider\\_tailscale) (~\u003e 0.0)\n\n## Modules\n\nNo modules.\n\n## Resources\n\nThe following resources are used by this module:\n\n- [google_compute_address.main](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_address) (resource)\n- [google_compute_firewall.main](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall) (resource)\n- [google_compute_instance.main](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance) (resource)\n- [google_compute_network.main](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_network) (resource)\n- [google_compute_project_default_network_tier.main](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_project_default_network_tier) (resource)\n- [google_compute_project_metadata_item.vm_metadata_guest_attributes](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_project_metadata_item) (resource)\n- [google_compute_subnetwork.main](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork) (resource)\n- [google_project_iam_member.compute_gsa_logwriter](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) (resource)\n- [google_project_service.main](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_service) (resource)\n- [google_secret_manager_secret.healthchecks_io_uuid](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/secret_manager_secret) (resource)\n- [google_secret_manager_secret.tailscale_auth_key](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/secret_manager_secret) (resource)\n- [google_secret_manager_secret_iam_member.compute_gsa_secretaccessor_healthchecks](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/secret_manager_secret_iam_member) (resource)\n- [google_secret_manager_secret_iam_member.compute_gsa_secretaccessor_tailscale](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/secret_manager_secret_iam_member) (resource)\n- [google_secret_manager_secret_version.healthchecks_io_uuid](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/secret_manager_secret_version) (resource)\n- [google_secret_manager_secret_version.tailscale_auth_key](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/secret_manager_secret_version) (resource)\n- [google_service_account.compute](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account) (resource)\n- [null_resource.remove_previous_exit_node](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) (resource)\n- [random_integer.region_selector](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) (resource)\n- [tailscale_tailnet_key.one_time_use](https://registry.terraform.io/providers/tailscale/tailscale/latest/docs/resources/tailnet_key) (resource)\n- [google_compute_image.debian](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_image) (data source)\n- [google_compute_zones.region](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_zones) (data source)\n- [google_project.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/project) (data source)\n\n## Required Inputs\n\nThe following input variables are required:\n\n### \u003ca name=\"input_project_id\"\u003e\u003c/a\u003e [project\\_id](#input\\_project\\_id)\n\nDescription: The ID of the Google Cloud project in which resources will be created.\n\nType: `string`\n\n### \u003ca name=\"input_region\"\u003e\u003c/a\u003e [region](#input\\_region)\n\nDescription: Google Cloud region to deploy resources in.\n\nType: `string`\n\n## Optional Inputs\n\nThe following input variables are optional (have default values):\n\n### \u003ca name=\"input_enable_apis\"\u003e\u003c/a\u003e [enable\\_apis](#input\\_enable\\_apis)\n\nDescription: Activate required API services for the Google Cloud project.\n\nType: `bool`\n\nDefault: `true`\n\n### \u003ca name=\"input_enable_tailscale_ssh\"\u003e\u003c/a\u003e [enable\\_tailscale\\_ssh](#input\\_enable\\_tailscale\\_ssh)\n\nDescription: Enable [Tailscale SSH](https://tailscale.com/kb/1193/tailscale-ssh/) on the exit node.\n\nType: `bool`\n\nDefault: `false`\n\n### \u003ca name=\"input_use_premium_network_tier\"\u003e\u003c/a\u003e [use\\_premium\\_network\\_tier](#input\\_use\\_premium\\_network\\_tier)\n\nDescription: Whether or not to use [Google Cloud's Premium Tier network](https://cloud.google.com/network-tiers/docs/overview).\n\nType: `bool`\n\nDefault: `false`\n\n### \u003ca name=\"input_labels\"\u003e\u003c/a\u003e [labels](#input\\_labels)\n\nDescription: A map of labels to apply to contained resources.\n\nType: `map(string)`\n\nDefault: `{}`\n\n### \u003ca name=\"input_healthchecks_io_uuid\"\u003e\u003c/a\u003e [healthchecks\\_io\\_uuid](#input\\_healthchecks\\_io\\_uuid)\n\nDescription: UUID of a check at Healthchecks.io that the exit node VM will poll every 15 minutes with curl from a cron job. If left unset then the check will not be set up.\n\nType: `string`\n\nDefault: `\"\"`\n\n## Outputs\n\nThe following outputs are exported:\n\n### \u003ca name=\"output_compute_google_service_account_id\"\u003e\u003c/a\u003e [compute\\_google\\_service\\_account\\_id](#output\\_compute\\_google\\_service\\_account\\_id)\n\nDescription: The ID of the Google service account attached to the exit node VM.\n\n### \u003ca name=\"output_enabled_apis\"\u003e\u003c/a\u003e [enabled\\_apis](#output\\_enabled\\_apis)\n\nDescription: The service APIs that have been enabled by this module.\n\n### \u003ca name=\"output_instance_id\"\u003e\u003c/a\u003e [instance\\_id](#output\\_instance\\_id)\n\nDescription: The ID of the exit node VM.\n\n### \u003ca name=\"output_instance_logs_url\"\u003e\u003c/a\u003e [instance\\_logs\\_url](#output\\_instance\\_logs\\_url)\n\nDescription: The URL to access Google Cloud logging for the exit node VM.\n\n### \u003ca name=\"output_instance_public_ip\"\u003e\u003c/a\u003e [instance\\_public\\_ip](#output\\_instance\\_public\\_ip)\n\nDescription: The public IP address of the exit node VM.\n\n### \u003ca name=\"output_instance_ssh_command\"\u003e\u003c/a\u003e [instance\\_ssh\\_command](#output\\_instance\\_ssh\\_command)\n\nDescription: The command line to run for SSH access into the exit node VM.\n\n### \u003ca name=\"output_subnet_id\"\u003e\u003c/a\u003e [subnet\\_id](#output\\_subnet\\_id)\n\nDescription: The ID of the regional subnet.\n\n### \u003ca name=\"output_tailscale_key_id\"\u003e\u003c/a\u003e [tailscale\\_key\\_id](#output\\_tailscale\\_key\\_id)\n\nDescription: The ID of the Tailscale auth key that the exit node VM joined the tailnet with.\n\n### \u003ca name=\"output_vpc_id\"\u003e\u003c/a\u003e [vpc\\_id](#output\\_vpc\\_id)\n\nDescription: The ID of the main VPC.\n\n\u003c!-- END_TF_DOCS --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjlucktay%2Fterraform-google-tailscale-exit-node","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjlucktay%2Fterraform-google-tailscale-exit-node","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjlucktay%2Fterraform-google-tailscale-exit-node/lists"}