52 lines
1.5 KiB
YAML
52 lines
1.5 KiB
YAML
---
|
|
- name: Tailscale | PATCH | Add Tailscale repository
|
|
ansible.builtin.yum_repository:
|
|
name: tailscale-stable
|
|
description: Tailscale stable
|
|
baseurl: https://pkgs.tailscale.com/stable/rhel/$releasever/$basearch
|
|
gpgcheck: true
|
|
gpgkey: https://pkgs.tailscale.com/stable/rhel/{{ ansible_distribution_major_version }}/repo.gpg
|
|
repo_gpgcheck: true
|
|
enabled: true
|
|
includepkgs: tailscale
|
|
become: true
|
|
|
|
- name: Tailscale | PATCH | Install Tailscale
|
|
ansible.builtin.dnf:
|
|
name: tailscale
|
|
state: present
|
|
update_cache: yes
|
|
become: true
|
|
|
|
- name: Tailscale | PATCH | Enable and start tailscaled service
|
|
ansible.builtin.systemd:
|
|
name: tailscaled
|
|
enabled: yes
|
|
state: started
|
|
become: true
|
|
|
|
- name: Tailscale | AUDIT | Check if Tailscale is already up
|
|
ansible.builtin.command: tailscale status
|
|
register: tailscale_status
|
|
ignore_errors: yes
|
|
changed_when: false
|
|
become: true
|
|
|
|
- name: Tailscale | PATCH | Bring up Tailscale with custom login server
|
|
ansible.builtin.command:
|
|
cmd: "tailscale up --login-server={{ baseline_tailscale_login_server }} --authkey={{ baseline_tailscale_auth_key }}"
|
|
when: tailscale_status.rc != 0 or "Logged out" in tailscale_status.stdout
|
|
no_log: yes # Hide auth key from logs
|
|
become: true
|
|
|
|
- name: Tailscale | PATCH | Add Tailscale interface to internal zone
|
|
ansible.posix.firewalld:
|
|
zone: internal
|
|
interface: "{{ item }}"
|
|
permanent: yes
|
|
immediate: yes
|
|
state: enabled
|
|
with_items:
|
|
- tailscale0
|
|
become: true
|
|
|