feat(tailscale): Complete configuration
This commit is contained in:
parent
73e48b3203
commit
f3cda8f36c
@ -1,50 +1,82 @@
|
|||||||
---
|
---
|
||||||
# tasks file for headscale
|
# tasks file for headscale
|
||||||
|
|
||||||
|
- name: Check if tailscale (client) is installed
|
||||||
|
shell: command -v tailscale >/dev/null 2>&1
|
||||||
|
register: tailscale_exists
|
||||||
|
ignore_errors: true
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
|
- name: Check if headscale is installed
|
||||||
|
shell: command -v headscale >/dev/null 2>&1
|
||||||
|
register: headscale_exists
|
||||||
|
ignore_errors: true
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
- name: Download headscale binary (arm64)
|
- name: Download headscale binary (arm64)
|
||||||
ansible.builtin.get_url:
|
get_url:
|
||||||
url: https://github.com/juanfont/headscale/releases/download/v0.22.3/headscale_0.22.3_linux_arm64.deb
|
url: https://github.com/juanfont/headscale/releases/download/v0.22.3/headscale_0.22.3_linux_arm64.deb
|
||||||
dest: /tmp/headscale_install.deb
|
dest: /tmp/headscale_install.deb
|
||||||
when: ansible_architecture == "aarch64"
|
mode: u+rwx
|
||||||
|
when: ansible_architecture == "aarch64" and inventory_hostname in groups['headscale_server']
|
||||||
|
|
||||||
- name: Download headscale binary (amd64)
|
- name: Download headscale binary (amd64)
|
||||||
ansible.builtin.get_url:
|
get_url:
|
||||||
url: https://github.com/juanfont/headscale/releases/download/v0.22.3/headscale_0.22.3_linux_amd64.deb
|
url: https://github.com/juanfont/headscale/releases/download/v0.22.3/headscale_0.22.3_linux_amd64.deb
|
||||||
dest: /tmp/headscale_install.deb
|
dest: /tmp/headscale_install.deb
|
||||||
when: ansible_architecture == "x86_64"
|
mode: u+rwx
|
||||||
|
when: ansible_architecture == "x86_64" and inventory_hostname in groups['headscale_server']
|
||||||
|
|
||||||
- name: Install headscale
|
- name: Download tailscale install script
|
||||||
|
get_url:
|
||||||
|
url: https://tailscale.com/install.sh
|
||||||
|
dest: /tmp/tailscale_install.sh
|
||||||
|
mode: u+rwx
|
||||||
|
when: tailscale_exists.rc != 0
|
||||||
|
|
||||||
|
- name: Install headscale (server)
|
||||||
apt:
|
apt:
|
||||||
deb: /tmp/headscale_install.deb
|
deb: /tmp/headscale_install.deb
|
||||||
become: true
|
become: true
|
||||||
|
when: inventory_hostname in groups['headscale_server']
|
||||||
|
|
||||||
- name: Enable and start headscale service
|
- name: Install tailscale (client)
|
||||||
ansible.builtin.service:
|
command: /tmp/tailscale_install.sh
|
||||||
|
become: true
|
||||||
|
when: tailscale_exists.rc != 0
|
||||||
|
changed_when: true
|
||||||
|
|
||||||
|
- name: Enable and start headscale server
|
||||||
|
service:
|
||||||
name: headscale
|
name: headscale
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: true
|
||||||
become: true
|
become: true
|
||||||
when: inventory_hostname in groups['headscale_server']
|
when: inventory_hostname in groups['headscale_server']
|
||||||
|
|
||||||
- name: Create headscale users
|
- name: Create headscale users
|
||||||
loop: "{{ groups['headscale_client'] }}"
|
loop: "{{ groups['all'] }}"
|
||||||
command: headscale users create "{{ hostname }}"
|
command: headscale users create "{{ item }}"
|
||||||
when: inventory_hostname in groups['headscale_server']
|
when: inventory_hostname in groups['headscale_server']
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
- name: Generate pre authentication keys
|
- name: Generate pre authentication keys
|
||||||
loop: "{{ groups['headscale_client'] }}"
|
with_items: "{{ groups['all'] }}"
|
||||||
command: headscale --user "{{ hostname }}" preauthkeys create --expiration 1h
|
command: headscale --user "{{ item }}" preauthkeys create --expiration 1h
|
||||||
when: inventory_hostname in groups['headscale_server']
|
when: inventory_hostname in groups['headscale_server']
|
||||||
become: true
|
become: true
|
||||||
register: headscale_preauthkey
|
register: headscale_preauthkey
|
||||||
|
|
||||||
- name: Print keys
|
- name: Register clients
|
||||||
loop: "{{ headscale_preauthkey.results }}"
|
with_items: "{{ hostvars[groups['headscale_server'][0]].headscale_preauthkey.results }}"
|
||||||
debug:
|
command: |
|
||||||
msg: "{{ item.stdout }}"
|
tailscale up --reset --login-server
|
||||||
when: inventory_hostname in groups['headscale_server']
|
http://"{{ hostvars[groups['headscale_server'][0]]['ansible_default_ipv4']['address'] }}":8080
|
||||||
|
--auth-key "{{ item.stdout }}"
|
||||||
|
become: true
|
||||||
|
when: inventory_hostname in groups['all'] and inventory_hostname in item['item']
|
||||||
|
|
||||||
#- name:
|
- name: Advertise exit nodes
|
||||||
# ansible.builtin.command: headscale --
|
command: tailscale set --advertise-exit-node
|
||||||
# register:
|
become: true
|
||||||
|
when: inventory_hostname in groups['headscale_server']
|
||||||
|
Loading…
Reference in New Issue
Block a user