--- # Headscale setup - name: Build headscale compose dirs and files ansible.builtin.file: state: directory dest: '/etc/docker/compose/headscale/{{ item.path }}' with_filetree: '../templates/headscale' when: item.state == 'directory' - name: Build headscale compose templates ansible.builtin.template: src: '{{ item.src }}' dest: '/etc/docker/compose/headscale/{{ item.path }}' with_filetree: '../templates/headscale' when: item.state == 'file' - name: Daemon-reload and enable headscale ansible.builtin.systemd_service: state: started enabled: true daemon_reload: true name: docker-compose@headscale - name: Perform rollout for headscale ansible.builtin.shell: cmd: "/usr/local/bin/docker-rollout rollout -f docker-compose.yml headscale" chdir: "/etc/docker/compose/headscale" # User API Key - name: Generate API key if homelab build ansible.builtin.shell: cmd: docker compose exec -it headscale headscale apikeys create --expiration "{{ api_key_expiration }}" chdir: /etc/docker/compose/headscale register: api_key_result when: generate_api_key - name: Store and display API key when: generate_api_key block: - name: Define API Key Variable set_fact: headscale_api_key: "{{ api_key_result.stdout }}" - name: Echo new key ansible.builtin.debug: msg: "Please store this API Key! {{ headscale_api_key }}" - name: Pause until user confirms ansible.builtin.pause: prompt: "Press return when ready!" # System user auth key - name: Create system key user and auth key if homelab build when: generate_auth_key block: - name: Create system key user ansible.builtin.shell: cmd: docker compose exec -it headscale headscale users create "{{ auth_key_user }}" chdir: /etc/docker/compose/headscale - name: Create auth key preauthkey ansible.builtin.shell: cmd: docker compose exec -it headscale headscale preauthkeys create --reusable --expiration "{{ auth_key_expiration }}" --user "{{ auth_key_user }}" chdir: /etc/docker/compose/headscale register: auth_key_result - name: Store and display Auth Key block: - name: Define Auth Key Variable set_fact: headscale_user_auth_key: "{{ auth_key_result.stdout }}" - name: Echo new auth key ansible.builtin.debug: msg: "Please store this Auth Key for user {{ auth_key_user }}! {{ headscale_user_auth_key }}" - name: Pause until user confirms ansible.builtin.pause: prompt: "Press return when ready!" # Proxy setup (AFTER API key generation) - name: Build proxy compose dirs and files ansible.builtin.file: state: directory dest: '/etc/docker/compose/proxy/{{ item.path }}' with_filetree: '../templates/proxy' when: item.state == 'directory' - name: Build proxy compose templates ansible.builtin.template: src: '{{ item.src }}' dest: '/etc/docker/compose/proxy/{{ item.path }}' with_filetree: '../templates/proxy' when: item.state == 'file' - name: Allow mail ports with_items: - "25" - "587" - "465" - "993" - "4190" community.general.ufw: rule: allow port: "{{ item }}" state: "enabled" - name: Daemon-reload and enable proxy ansible.builtin.systemd_service: state: started enabled: true daemon_reload: true name: docker-compose@proxy - name: Perform rollout for proxy ansible.builtin.shell: cmd: "/usr/local/bin/docker-rollout rollout -f docker-compose.yml proxy" chdir: "/etc/docker/compose/proxy"