summaryrefslogtreecommitdiff
path: root/playbooks/roles/outbound/tasks/main.yml
blob: 45540b4f52bb4752433856bb0baa4455492f3243 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

---

- name: Deploy Headscale
  ansible.builtin.import_tasks: manage-docker-compose-service.yml
  vars:
    service_name: headscale
    template_render_dir: "../templates/headscale"
    service_destination_dir: "{{ headscale_base }}"
    state: started
    rollout_services:
      - name: headscale

- name: Generate Headscale API key (if requested)
  when: generate_api_key | default(false)
  block:
    - name: Execute API key generation command
      ansible.builtin.command:
        cmd: "docker compose exec headscale headscale apikeys create --expiration {{ api_key_expiration }}"
        chdir: /etc/docker/compose/headscale
      register: api_key_result
      changed_when: true

    - name: Store and display newly generated API key
      block:
        - name: Store API Key in fact
          ansible.builtin.set_fact:
            headscale_api_key: "{{ api_key_result.stdout }}"

        - name: Display API Key (Requires User Action)
          ansible.builtin.debug:
            msg: "IMPORTANT: Please store this newly generated Headscale API Key! {{ headscale_api_key }}"

        - name: Pause for user confirmation (API Key)
          ansible.builtin.pause:
            prompt: "API Key displayed. Press return to continue..."
      when: api_key_result.rc == 0 # Only proceed if key generation succeeded

- name: Create Headscale system user and auth key (if requested)
  when: generate_auth_key | default(false) # Default to false if var is undefined
  block:
    # Note: These steps might not be fully idempotent. Re-running will attempt creation again.
    - name: Create system key user '{{ auth_key_user }}'
      ansible.builtin.command: # Using command module is safer
        cmd: "docker compose exec headscale headscale users create {{ auth_key_user }}"
        chdir: /etc/docker/compose/headscale
      register: user_create_result
      changed_when: "'User created' in user_create_result.stdout"
      failed_when: user_create_result.rc != 0 and 'Cannot create user' not in user_create_result.stderr

    - name: Create auth key for user '{{ auth_key_user }}'
      ansible.builtin.command: # Using command module is safer
        cmd: "docker compose exec headscale headscale preauthkeys create --reusable --expiration {{ auth_key_expiration }} --user {{ auth_key_user }}"
        chdir: /etc/docker/compose/headscale
      register: auth_key_result
      changed_when: true

    - name: Store and display newly generated Auth Key
      block:
        # This stores the *newly generated* key. Be aware of Ansible variable precedence
        # if 'headscale_user_auth_key' is also defined elsewhere (like vaults).
        # This fact is primarily for immediate display and user interaction below.
        - name: Store Auth Key in fact
          ansible.builtin.set_fact:
            headscale_user_auth_key: "{{ auth_key_result.stdout }}"

        - name: Display Auth Key (Requires User Action)
          ansible.builtin.debug:
            msg: "IMPORTANT: Please store this newly generated Auth Key for user '{{ auth_key_user }}'! {{ headscale_user_auth_key }}"

        - name: Pause for user confirmation (Auth Key)
          ansible.builtin.pause:
            prompt: "Auth Key displayed. Press return to continue..."
      when: auth_key_result.rc == 0

- name: Deploy Open Internet -> Headnet Proxy
  ansible.builtin.import_tasks: manage-docker-compose-service.yml
  vars:
    service_name: proxy
    template_render_dir: "../templates/proxy"
    service_destination_dir: "{{ proxy_base }}"
    state: started
    rollout_services:
      - name: "{{ vpn_proxy_filter_container_name }}"
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-09-21 15:17:10 +0000