111 lines
2.8 KiB
YAML
111 lines
2.8 KiB
YAML
---
|
|
## UFW
|
|
- name: allow headscale tcp on 8080
|
|
ufw:
|
|
rule: allow
|
|
port: '8080'
|
|
proto: tcp
|
|
|
|
## INSTALL
|
|
- name: create headscale user group
|
|
group:
|
|
name: '{{ headscale_user_group }}'
|
|
gid: '{{ headscale_user_gid }}'
|
|
system: true
|
|
state: present
|
|
|
|
- name: create headscale user
|
|
user:
|
|
name: '{{ headscale_user_name }}'
|
|
uid: '{{ headscale_user_uid }}'
|
|
group: '{{ headscale_user_group }}'
|
|
shell: /bin/false
|
|
system: true
|
|
create_home: false
|
|
|
|
- name: download headscale binary
|
|
get_url:
|
|
url: 'https://github.com/juanfont/headscale/releases/download/v{{ headscale_version }}/headscale_{{ headscale_version }}_linux_{{ headscale_arch }}'
|
|
dest: '{{ headscale_binary_path }}'
|
|
owner: '{{ headscale_user_uid }}'
|
|
group: '{{ headscale_user_gid }}'
|
|
mode: 0770
|
|
|
|
- name: ensure headscale directories exist
|
|
file:
|
|
path: '{{ item }}'
|
|
state: directory
|
|
owner: '{{ headscale_user_name }}'
|
|
group: '{{ headscale_user_group }}'
|
|
mode: 0755
|
|
loop: '{{ headscale_directories }}'
|
|
|
|
- name: ensure sqlite exists
|
|
file:
|
|
path: '{{ headscale_var_data_dir }}/db.sqlite'
|
|
state: touch
|
|
owner: '{{ headscale_user_uid }}'
|
|
group: '{{ headscale_user_gid }}'
|
|
mode: 0600
|
|
modification_time: preserve
|
|
access_time: preserve
|
|
|
|
- name: copy systemd unit file
|
|
template:
|
|
src: '../templates/headscale.service.j2'
|
|
dest: '/etc/systemd/system/headscale.service'
|
|
owner: '{{ headscale_user_uid }}'
|
|
group: '{{ headscale_user_gid }}'
|
|
mode: 0600
|
|
|
|
## CONFIG
|
|
|
|
- name: copy configuration file template
|
|
template:
|
|
src: "../templates/config.yml.j2"
|
|
dest: "{{ headscale_config_dir }}/config.yaml"
|
|
owner: "{{ headscale_user_uid }}"
|
|
group: "{{ headscale_user_gid }}"
|
|
mode: "0600"
|
|
|
|
- name: copy acl policies file
|
|
copy:
|
|
content: '../files/acl.yml'
|
|
dest: '{{ headscale_config_dir }}/acl.yaml'
|
|
owner: '{{ headscale_user_uid }}'
|
|
group: '{{ headscale_user_gid }}'
|
|
mode: 0600
|
|
|
|
## ENABLE
|
|
- name: daemon-reload and enable headscale
|
|
ansible.builtin.systemd_service:
|
|
state: restarted
|
|
daemon_reload: true
|
|
enabled: true
|
|
name: headscale
|
|
|
|
## CREATE USER
|
|
- name: ensure predefined users exist
|
|
command:
|
|
cmd: 'headscale users create {{ item }}'
|
|
loop: '{{ headscale_users }}'
|
|
register: user_created
|
|
changed_when: '"User created" in user_created.stdout'
|
|
|
|
## ROUTES
|
|
- name: enable routes for node
|
|
command:
|
|
cmd: 'headscale routes enable -i {{ item.id }} -r {{ item.routes }}'
|
|
loop: '{{ headscale_enable_routes }}'
|
|
loop_control:
|
|
label: '{{ item.comment | default(item) }}'
|
|
when: not ansible_check_mode
|
|
|
|
- name: enable exit nodes
|
|
command:
|
|
cmd: 'headscale routes enable -i {{ item.id }} -r 0.0.0.0/0,::/0'
|
|
loop: '{{ headscale_exit_nodes }}'
|
|
loop_control:
|
|
label: '{{ item.comment | default(item) }}'
|
|
when: not ansible_check_mode
|