---
- name: Tailscale | PATCH | Add Tailscale repository
  ansible.builtin.yum_repository:
    name: tailscale-stable
    description: Tailscale stable
    baseurl: https://pkgs.tailscale.com/stable/rhel/$releasever/$basearch
    gpgcheck: true
    gpgkey: https://pkgs.tailscale.com/stable/rhel/{{ ansible_distribution_major_version }}/repo.gpg
    repo_gpgcheck: true
    enabled: true
    includepkgs: tailscale
  become: true

- name: Tailscale | PATCH | Install Tailscale
  ansible.builtin.dnf:
    name: tailscale
    state: present
    update_cache: yes
  become: true

- name: Tailscale | PATCH | Enable and start tailscaled service
  ansible.builtin.systemd:
    name: tailscaled
    enabled: yes
    state: started
  become: true

- name: Tailscale | AUDIT | Check if Tailscale is already up
  ansible.builtin.command: tailscale status
  register: tailscale_status
  ignore_errors: yes
  changed_when: false
  become: true

- name: Tailscale | PATCH | Bring up Tailscale with custom login server
  ansible.builtin.command:
    cmd: "tailscale up --login-server={{ baseline_tailscale_login_server }} --authkey={{ baseline_tailscale_auth_key }}"
  when: tailscale_status.rc != 0 or "Logged out" in tailscale_status.stdout
  no_log: yes  # Hide auth key from logs
  become: true