blob: 107e71ae240487f1de1b89d3367405d5d910c32f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
---
# Headscale setup
- name: Build headscale compose dirs and files
ansible.builtin.file:
state: directory
dest: '/etc/docker/compose/headscale/{{ item.path }}'
with_filetree: '../templates/headscale'
when: item.state == 'directory'
- name: Build headscale compose templates
ansible.builtin.template:
src: '{{ item.src }}'
dest: '/etc/docker/compose/headscale/{{ item.path }}'
with_filetree: '../templates/headscale'
when: item.state == 'file'
- name: Daemon-reload and enable headscale
ansible.builtin.systemd_service:
state: started
enabled: true
daemon_reload: true
name: docker-compose@headscale
- name: Perform rollout for headscale
ansible.builtin.shell:
cmd: "/usr/local/bin/docker-rollout rollout -f docker-compose.yml headscale"
chdir: "/etc/docker/compose/headscale"
# User API Key
- name: Generate API key if homelab build
ansible.builtin.shell:
cmd: docker compose exec -it headscale headscale apikeys create --expiration "{{ api_key_expiration }}"
chdir: /etc/docker/compose/headscale
register: api_key_result
when: generate_api_key
- name: Store and display API key
when: generate_api_key
block:
- name: Define API Key Variable
set_fact:
headscale_api_key: "{{ api_key_result.stdout }}"
- name: Echo new key
ansible.builtin.debug:
msg: "Please store this API Key! {{ headscale_api_key }}"
- name: Pause until user confirms
ansible.builtin.pause:
prompt: "Press return when ready!"
# System user auth key
- name: Create system key user and auth key if homelab build
when: generate_auth_key
block:
- name: Create system key user
ansible.builtin.shell:
cmd: docker compose exec -it headscale headscale users create "{{ auth_key_user }}"
chdir: /etc/docker/compose/headscale
- name: Create auth key preauthkey
ansible.builtin.shell:
cmd: docker compose exec -it headscale headscale preauthkeys create --reusable --expiration "{{ auth_key_expiration }}" --user "{{ auth_key_user }}"
chdir: /etc/docker/compose/headscale
register: auth_key_result
- name: Store and display Auth Key
block:
- name: Define Auth Key Variable
set_fact:
headscale_user_auth_key: "{{ auth_key_result.stdout }}"
- name: Echo new auth key
ansible.builtin.debug:
msg: "Please store this Auth Key for user {{ auth_key_user }}! {{ headscale_user_auth_key }}"
- name: Pause until user confirms
ansible.builtin.pause:
prompt: "Press return when ready!"
# Proxy setup (AFTER API key generation)
- name: Build proxy compose dirs and files
ansible.builtin.file:
state: directory
dest: '/etc/docker/compose/proxy/{{ item.path }}'
with_filetree: '../templates/proxy'
when: item.state == 'directory'
- name: Build proxy compose templates
ansible.builtin.template:
src: '{{ item.src }}'
dest: '/etc/docker/compose/proxy/{{ item.path }}'
with_filetree: '../templates/proxy'
when: item.state == 'file'
- name: Allow mail ports
with_items:
- "25"
- "587"
- "465"
- "993"
- "4190"
community.general.ufw:
rule: allow
port: "{{ item }}"
state: "enabled"
- name: Daemon-reload and enable proxy
ansible.builtin.systemd_service:
state: started
enabled: true
daemon_reload: true
name: docker-compose@proxy
- name: Perform rollout for proxy
ansible.builtin.shell:
cmd: "/usr/local/bin/docker-rollout rollout -f docker-compose.yml proxy"
chdir: "/etc/docker/compose/proxy"
|
