From f3cda8f36c455d3b9fd0f89ab62e1ebe32f5e414 Mon Sep 17 00:00:00 2001 From: Tanguy Herbron Date: Sun, 14 Jan 2024 01:31:57 +0100 Subject: [PATCH] feat(tailscale): Complete configuration --- headscale/tasks/main.yml | 72 +++++++++++++++++++++++++++++----------- 1 file changed, 52 insertions(+), 20 deletions(-) diff --git a/headscale/tasks/main.yml b/headscale/tasks/main.yml index 0d3fd44..8b14851 100644 --- a/headscale/tasks/main.yml +++ b/headscale/tasks/main.yml @@ -1,50 +1,82 @@ --- # tasks file for headscale +- name: Check if tailscale (client) is installed + shell: command -v tailscale >/dev/null 2>&1 + register: tailscale_exists + ignore_errors: true + changed_when: false + +- name: Check if headscale is installed + shell: command -v headscale >/dev/null 2>&1 + register: headscale_exists + ignore_errors: true + changed_when: false + - name: Download headscale binary (arm64) - ansible.builtin.get_url: + get_url: url: https://github.com/juanfont/headscale/releases/download/v0.22.3/headscale_0.22.3_linux_arm64.deb dest: /tmp/headscale_install.deb - when: ansible_architecture == "aarch64" + mode: u+rwx + when: ansible_architecture == "aarch64" and inventory_hostname in groups['headscale_server'] - name: Download headscale binary (amd64) - ansible.builtin.get_url: + get_url: url: https://github.com/juanfont/headscale/releases/download/v0.22.3/headscale_0.22.3_linux_amd64.deb dest: /tmp/headscale_install.deb - when: ansible_architecture == "x86_64" + mode: u+rwx + when: ansible_architecture == "x86_64" and inventory_hostname in groups['headscale_server'] -- name: Install headscale +- name: Download tailscale install script + get_url: + url: https://tailscale.com/install.sh + dest: /tmp/tailscale_install.sh + mode: u+rwx + when: tailscale_exists.rc != 0 + +- name: Install headscale (server) apt: deb: /tmp/headscale_install.deb become: true + when: inventory_hostname in groups['headscale_server'] -- name: Enable and start headscale service - ansible.builtin.service: +- name: Install tailscale (client) + command: /tmp/tailscale_install.sh + become: true + when: tailscale_exists.rc != 0 + changed_when: true + +- name: Enable and start headscale server + service: name: headscale state: started - enabled: yes + enabled: true become: true when: inventory_hostname in groups['headscale_server'] - name: Create headscale users - loop: "{{ groups['headscale_client'] }}" - command: headscale users create "{{ hostname }}" + loop: "{{ groups['all'] }}" + command: headscale users create "{{ item }}" when: inventory_hostname in groups['headscale_server'] become: true - name: Generate pre authentication keys - loop: "{{ groups['headscale_client'] }}" - command: headscale --user "{{ hostname }}" preauthkeys create --expiration 1h + with_items: "{{ groups['all'] }}" + command: headscale --user "{{ item }}" preauthkeys create --expiration 1h when: inventory_hostname in groups['headscale_server'] become: true register: headscale_preauthkey -- name: Print keys - loop: "{{ headscale_preauthkey.results }}" - debug: - msg: "{{ item.stdout }}" +- name: Register clients + with_items: "{{ hostvars[groups['headscale_server'][0]].headscale_preauthkey.results }}" + command: | + tailscale up --reset --login-server + http://"{{ hostvars[groups['headscale_server'][0]]['ansible_default_ipv4']['address'] }}":8080 + --auth-key "{{ item.stdout }}" + become: true + when: inventory_hostname in groups['all'] and inventory_hostname in item['item'] + +- name: Advertise exit nodes + command: tailscale set --advertise-exit-node + become: true when: inventory_hostname in groups['headscale_server'] - - #- name: - # ansible.builtin.command: headscale -- - # register: