finish headscale setup

1 files changed, 16 insertions, 9 deletions

diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml
index 1715886..22ca2f8 100644
--- a/roles/vpn/tasks/main.yml
+++ b/roles/vpn/tasks/main.yml
@@ -1,4 +1,11 @@
 ---
+## UFW
+- name: allow headscale tcp on 8080
+  ufw:
+    rule: allow
+    port: '8080'
+    proto: tcp
+
 ## INSTALL
 - name: create headscale user group
   group:
@@ -51,13 +58,6 @@
     group: '{{ headscale_user_gid }}'
     mode: 0600
 
-- name: daemon-reload and enable headscale
-  ansible.builtin.systemd_service:
-    state: restarted
-    daemon_reload: true
-    enabled: true
-    name: headscale
-
 ## CONFIG
 
 - name: copy configuration file template
@@ -67,7 +67,6 @@
     owner: "{{ headscale_user_uid }}"
     group: "{{ headscale_user_gid }}"
     mode: "0600"
-  notify: reload headscale
 
 - name: copy acl policies file
   copy:
@@ -76,8 +75,16 @@
     owner: '{{ headscale_user_uid }}'
     group: '{{ headscale_user_gid }}'
     mode: 0600
-  notify: reload headscale
 
+## ENABLE
+- name: daemon-reload and enable headscale
+  ansible.builtin.systemd_service:
+    state: restarted
+    daemon_reload: true
+    enabled: true
+    name: headscale
+
+## CREATE USER
 - name: ensure predefined users exist
   command:
     cmd: 'headscale users create {{ item }}'