Update Terraform cloudflare to v4

ansible/roles/ingress/files/nftables.conf

@@ -30,7 +30,7 @@ table inet filter {
 
         # NAT - because the proxmox machines may not have routes back
         ip saddr {{ nebula.cidr }} ip daddr {{ pve_hosts.internal_cidr }} counter masquerade
-        ip saddr {{ tailscale_cidr }} ip daddr {{ pve_hosts.internal_cidr }} counter masquerade
+        ip saddr {{ tailscale_cidr }} counter masquerade
     }
 
     chain FORWARD {
@@ -44,8 +44,9 @@ table inet filter {
         # Allow monitoring of nebula network
         ip saddr {{ pve_hosts.forrest.ip }}/32 ip daddr {{ nebula.cidr }} accept
 
-        # Allow traffic from Tailscale to proxmox network
-        ip saddr {{ tailscale_cidr }} ip daddr {{ pve_hosts.internal_cidr }} accept
-        ip saddr {{ pve_hosts.internal_cidr }} ip daddr {{ tailscale_cidr }} ct state related,established accept
+        # Allow Tailscale exit node
+        ip saddr {{ tailscale_cidr }} ip daddr 192.168.0.0/16 drop
+        ip saddr {{ tailscale_cidr }} accept
+        ip daddr {{ tailscale_cidr }} ct state related,established accept
     }
 }

terraform/.terraform.lock.hcl

@@ -17,38 +17,38 @@ provider "registry.terraform.io/backblaze/b2" {
 }
 
 provider "registry.terraform.io/cloudflare/cloudflare" {
-  version     = "4.28.0"
-  constraints = "4.28.0"
+  version     = "4.29.0"
+  constraints = "4.29.0"
   hashes = [
-    "h1:1cbyofIcJE2Zqgwii9+1r9bjHBzGeea62eEPtOyFlmg=",
-    "h1:6n93yKVG5miY66OD/LZGo6jE8NHykvtvAQOgKagTmNk=",
-    "h1:9ZndsnDXpPfOBxCmM4uE/py7AuHdNQ8FwN5dhrRtOHk=",
-    "h1:C1mHfN0Vr2jwAx2gcBsuwFvrxjDt6SGI9yiAc3+qfXk=",
-    "h1:I89HB9yIYPxAD/eZNdHDLFmpi43L5EJnHilDBJbbLhw=",
-    "h1:Plmon+KjXDyLgK/YRS2I+kSu70ypzFvrWQOHDQaVANU=",
-    "h1:QAWNtfkTvo57Pyy1oGrDrw+tyX5c2TEjSPdSsg9brZo=",
-    "h1:QyoRRrWqDLLjgtxQsafyAy8sWs6L3D68waeoxFiFFHk=",
-    "h1:RP176WYI5vc3I12b3sbMJnuKgHFsry0j2kP7za3ttzo=",
-    "h1:ZRd3ZSFxVlGBz3pR/mGShLrdqWn7C6msrARvIVTfOow=",
-    "h1:ZnNpTzEO2OgvdTlwZYYvWK0FldOYb8iw15PjuhW6e+8=",
-    "h1:dYOVSGWhOc/57qNg+k3FGm6LQDBb2aFPybtay3zDP6Y=",
-    "h1:kZFRGAxnj21/ahoLDN8SdV5rkW+DdRtWm1/GBmfij5I=",
-    "h1:zCaMHteChjMdHnoTBbrTDXIXdaqY42kiGL+ICoZpouM=",
-    "zh:31d5ec400a9ce2168ecac577af8b9d81a684d7496a7b5b6e187923cc8cf17139",
-    "zh:3f14d1fe124b5476e1a61f142be113ee5521eec1f5fd66b43092d486c3f8465b",
-    "zh:4a320ba93bf29be99b25fbc55771cf6dd8eeb330dd05a45394da8b3cd7f54b75",
-    "zh:56cc2be82b22c9b9bbe682c2abcc7e28f439187afff4b2ff39825a9a6eb02b4e",
-    "zh:59d5008d1e1d694c3dc03fbcde7f34b18f106290fa848b1d4c5e09bf0c041150",
-    "zh:6048cabd9793e1e0b4529dfc57414f8eff852135014eccb26b0b8ae591f67c8e",
-    "zh:677a0242fc44bdb9fd63617801dfd7ced05b660f1f6234f16c396fb4a4c4c0e8",
-    "zh:711c7d7e86420a76e7dda39f1a9543210c4aec5bf08bbf2ce46df1f4d24530ed",
-    "zh:86a21510e9d6ce57580cb4dbb679cff060d8adcec9e98c97404d90fa9077fdd9",
+    "h1:21/xNMcfmzqmsWKV0UypQtFe5Z2Hrbk/GV5E09ySwlg=",
+    "h1:8wvC0O0LqYgMr18rIbNICu3NDBFbbgdqicvpoA6SJBI=",
+    "h1:CzrafZAL3XbdbjoWdpnRhKm5oQIP0gLKpbp1rvmUhGc=",
+    "h1:DGww8CtlK3IcQR7V0eQU0mFVdgev5M82le1kSCd+woM=",
+    "h1:E3Zb32xz1w2b5vMGhObP0Fr189lo0eSUPjEITqKcEDE=",
+    "h1:GJQlGrnyC0tAhJ01rjPqfmubdvVKE/d4TgME4X8+rCM=",
+    "h1:MyvgKGvKUaLk/bA8Sk18ToyWEibW59qNXupup+teYIg=",
+    "h1:Pac3xOxprwnFpbNeli2R87QDV4RwNQgks7hNtkqG4WM=",
+    "h1:PwTYuKiXrQjjiFkmlPtXVbNT/d4gfS8hXJE2EndWuvA=",
+    "h1:VUy6+mQC8SIzGduQo74Jg7iyD8X6eRTcoLh/kO5GygM=",
+    "h1:gDBSNN0PhViBnshoPeHggQPspX43jNwYSDV2ObvJfWk=",
+    "h1:seCW7Vst44dt9xut3S00x2IF10MOYECx0lRwzLeKKX0=",
+    "h1:vSbEUEESCoqCrFv+AfCGcbaslrwi8J4LOX1EG7nyVys=",
+    "h1:vX2WKgO/3txh/kPMr1FsUiCnSXjNn2G0WFDPqjVmLPU=",
+    "zh:01f3af4c121bec29a057ec8dc5dd6609fcd0bf651c7cdb8aa03de407516fffd2",
+    "zh:14d8aa9b3482dda6fb189bc202c225259d074ce595466f80a23cffc5e0aa7eb5",
+    "zh:3e7d5466e8992ea2c8256c983e8e34bb586192df2010f2222e88f359a468115d",
+    "zh:4355f1e4cd9418106bf79cd00170fee5e503355048a9485c6a5cd22dc7949828",
     "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
-    "zh:a5bcf40c58df98ec555144b6790bb908b9b6535889c4dada87b1f9da2cf89196",
-    "zh:c33eee1c6bf277718ff2cbdc8a93fd46dfb655eb7381ca2d88a6aaef8e24f619",
-    "zh:dc64498427b9f78f49a233cc6cb280aa950fde46ef022b64fddb0b74c8505178",
-    "zh:ead016fc81994ece080e17b2e8d9efed09ac995c164a7faf576475e2fb7abdc5",
-    "zh:ec8b9acef18196c13ab9244dc45cf3ed869eb921925194e56370f1567675bd53",
+    "zh:901c0e875364084b65c5d3aec69717b05ee3c147b4bf585fce413678c784c100",
+    "zh:a8470085540a1620cd4b9561f8578c99e9b04b5410a4198a4b2ef93470e3c7ec",
+    "zh:a85715022889d64ccdde46d17bd46554951bc80db26b9d622c60d2ec46082c4d",
+    "zh:ac5e05e936ffc6abe5407b87b1e65633c0facce2944d6a8199db4e47c09170a3",
+    "zh:b3d70a629cb145ac32bebe0924e38796b5f54556b90ac0f8dca9cf469bb259ef",
+    "zh:db04c9ee548a9ddb5e7c47d2d7ef9216a58e637af77cfbff923af76883a1cc7b",
+    "zh:e1412a17cdc53ac8fce625910c74584a45d593e6ff20c76922b8b9fc2888b48f",
+    "zh:e3da8759c033d7bfab8ebcf1d636058e2e080dd27aed89f1edbc5df5168a9e8e",
+    "zh:f4f61c62830e552451e9f171a3a69d76c33359ec0db85aa720335edbf0b1a453",
+    "zh:f6aaa156c61fb2a06de349a3e3ddd1e5b4bcea1acf8bf99fa3b67e6885bb92ae",
   ]
 }
 

terraform/terraform.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     cloudflare = {
       source  = "cloudflare/cloudflare"
-      version = "4.28.0"
+      version = "4.29.0"
     }
     vultr = {
       source  = "vultr/vultr"