diff options
| author | Elizabeth Hunt <elizabeth.hunt@simponic.xyz> | 2024-01-02 15:42:42 -0500 |
|---|---|---|
| committer | Elizabeth Hunt <elizabeth.hunt@simponic.xyz> | 2024-01-02 15:42:42 -0500 |
| commit | c6a770bd1a6cab43ec4282043bf4f5d6e175c19c (patch) | |
| tree | a478467aeeb1d3ab47c07cdbacaa7f0a58f1f584 /roles/vpn/tasks/main.yml | |
| parent | 1f9f2b7608d3915d2f8a3a556db19c27040d3a4d (diff) | |
| download | oldinfra-c6a770bd1a6cab43ec4282043bf4f5d6e175c19c.tar.gz oldinfra-c6a770bd1a6cab43ec4282043bf4f5d6e175c19c.zip | |
initial headscale foo & dns updates
Diffstat (limited to 'roles/vpn/tasks/main.yml')
| -rw-r--r-- | roles/vpn/tasks/main.yml | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml new file mode 100644 index 0000000..1715886 --- /dev/null +++ b/roles/vpn/tasks/main.yml @@ -0,0 +1,103 @@ +--- +## INSTALL +- name: create headscale user group + group: + name: '{{ headscale_user_group }}' + gid: '{{ headscale_user_gid }}' + system: true + state: present + +- name: create headscale user + user: + name: '{{ headscale_user_name }}' + uid: '{{ headscale_user_uid }}' + group: '{{ headscale_user_group }}' + shell: /bin/false + system: true + create_home: false + +- name: download headscale binary + get_url: + url: 'https://github.com/juanfont/headscale/releases/download/v{{ headscale_version }}/headscale_{{ headscale_version }}_linux_{{ headscale_arch }}' + dest: '{{ headscale_binary_path }}' + owner: '{{ headscale_user_uid }}' + group: '{{ headscale_user_gid }}' + mode: 0770 + +- name: ensure headscale directories exist + file: + path: '{{ item }}' + state: directory + owner: '{{ headscale_user_name }}' + group: '{{ headscale_user_group }}' + mode: 0755 + loop: '{{ headscale_directories }}' + +- name: ensure sqlite exists + file: + path: '{{ headscale_var_data_dir }}/db.sqlite' + state: touch + owner: '{{ headscale_user_uid }}' + group: '{{ headscale_user_gid }}' + mode: 0600 + modification_time: preserve + access_time: preserve + +- name: copy systemd unit file + template: + src: '../templates/headscale.service.j2' + dest: '/etc/systemd/system/headscale.service' + owner: '{{ headscale_user_uid }}' + group: '{{ headscale_user_gid }}' + mode: 0600 + +- name: daemon-reload and enable headscale + ansible.builtin.systemd_service: + state: restarted + daemon_reload: true + enabled: true + name: headscale + +## CONFIG + +- name: copy configuration file template + template: + src: "../templates/config.yml.j2" + dest: "{{ headscale_config_dir }}/config.yaml" + owner: "{{ headscale_user_uid }}" + group: "{{ headscale_user_gid }}" + mode: "0600" + notify: reload headscale + +- name: copy acl policies file + copy: + content: '../files/acl.yml' + dest: '{{ headscale_config_dir }}/acl.yaml' + owner: '{{ headscale_user_uid }}' + group: '{{ headscale_user_gid }}' + mode: 0600 + notify: reload headscale + +- name: ensure predefined users exist + command: + cmd: 'headscale users create {{ item }}' + loop: '{{ headscale_users }}' + register: user_created + changed_when: '"User created" in user_created.stdout' + +## ROUTES +- name: enable routes for node + command: + cmd: 'headscale routes enable -i {{ item.id }} -r {{ item.routes }}' + loop: '{{ headscale_enable_routes }}' + loop_control: + label: '{{ item.comment | default(item) }}' + when: not ansible_check_mode + +- name: enable exit nodes + command: + cmd: 'headscale routes enable -i {{ item.id }} -r 0.0.0.0/0,::/0' + loop: '{{ headscale_exit_nodes }}' + loop_control: + label: '{{ item.comment | default(item) }}' + when: not ansible_check_mode |