feat(GHO-127): add tag:infisical to Tailscale ACL tagOwners (#353)

noahwhite · web-flow · commit 3f09bd0a5d2c · 2026-03-28T01:36:37.000-04:00
* feat(GHO-127): add tag:infisical to Tailscale ACL tagOwners

infisical-stack provisions its Hetzner server on this tailnet and needs
tag:infisical to exist in tagOwners before auth keys can be created.
ACL ownership stays with ghost-stack; infisical-stack only creates keys.

* fix(GHO-127): add trailing newline to tailscale main.tofu
diff --git a/opentofu/modules/tailscale/main.tofu b/opentofu/modules/tailscale/main.tofu
@@ -86,7 +86,8 @@ resource "tailscale_acl" "soc_tailnet_acl" {
     },
     "tagOwners" = {
       "tag:ghost-dev"             = ["group:devs"],
-      "tag:ghost-dev-workstation" = ["group:devs"]
+      "tag:ghost-dev-workstation" = ["group:devs"],
+      "tag:infisical"             = ["group:devs"]
     },
   })
-}
+}
