---
# tasks file for headscale

- name: Check if tailscale (client) is installed
  shell: command -v tailscale >/dev/null 2>&1
  register: tailscale_exists
  ignore_errors: true
  changed_when: false

- name: Check if headscale is installed
  shell: command -v headscale >/dev/null 2>&1
  register: headscale_exists
  ignore_errors: true
  changed_when: false

- name: Download headscale binary (arm64)
  get_url:
    url: https://github.com/juanfont/headscale/releases/download/v0.22.3/headscale_0.22.3_linux_arm64.deb
    dest: /tmp/headscale_install.deb
    mode: u+rwx
  when: ansible_architecture == "aarch64" and inventory_hostname in groups['headscale_server']

- name: Download headscale binary (amd64)
  get_url:
    url: https://github.com/juanfont/headscale/releases/download/v0.22.3/headscale_0.22.3_linux_amd64.deb
    dest: /tmp/headscale_install.deb
    mode: u+rwx
  when: ansible_architecture == "x86_64" and inventory_hostname in groups['headscale_server']

- name: Download tailscale install script
  get_url:
    url: https://tailscale.com/install.sh
    dest: /tmp/tailscale_install.sh
    mode: u+rwx
  when: tailscale_exists.rc != 0

- name: Install headscale (server)
  apt:
    deb: /tmp/headscale_install.deb
  become: true
  when: inventory_hostname in groups['headscale_server']

- name: Install tailscale (client)
  command: /tmp/tailscale_install.sh
  become: true
  when: tailscale_exists.rc != 0
  changed_when: true

- name: Enable and start headscale server
  service:
    name: headscale
    state: started
    enabled: true
  become: true
  when: inventory_hostname in groups['headscale_server']

- name: Create headscale users
  loop: "{{ groups['all'] }}"
  command: headscale users create "{{ item }}"
  when: inventory_hostname in groups['headscale_server']
  become: true

- name: Generate pre authentication keys
  with_items: "{{ groups['all'] }}"
  command: headscale --user "{{ item }}" preauthkeys create --expiration 1h
  when: inventory_hostname in groups['headscale_server']
  become: true
  register: headscale_preauthkey
  
- name: Register clients
  with_items: "{{ hostvars[groups['headscale_server'][0]].headscale_preauthkey.results }}"
  command: |
    tailscale up --reset --login-server
    http://"{{ hostvars[groups['headscale_server'][0]]['ansible_default_ipv4']['address'] }}":8080
    --auth-key "{{ item.stdout }}"
  become: true
  when: inventory_hostname in groups['all'] and inventory_hostname in item['item']
  
- name: Advertise exit nodes
  command: tailscale set --advertise-exit-node
  become: true
  when: inventory_hostname in groups['headscale_server']