diff options
Diffstat (limited to 'roles/vpn/tasks/main.yml')
| -rw-r--r-- | roles/vpn/tasks/main.yml | 126 |
1 files changed, 27 insertions, 99 deletions
diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml index 22ca2f8..4f6bcca 100644 --- a/roles/vpn/tasks/main.yml +++ b/roles/vpn/tasks/main.yml @@ -1,110 +1,38 @@ --- -## UFW -- name: allow headscale tcp on 8080 - ufw: - rule: allow - port: '8080' - proto: tcp - -## INSTALL -- name: create headscale user group - group: - name: '{{ headscale_user_group }}' - gid: '{{ headscale_user_gid }}' - system: true - state: present - -- name: create headscale user - user: - name: '{{ headscale_user_name }}' - uid: '{{ headscale_user_uid }}' - group: '{{ headscale_user_group }}' - shell: /bin/false - system: true - create_home: false - -- name: download headscale binary - get_url: - url: 'https://github.com/juanfont/headscale/releases/download/v{{ headscale_version }}/headscale_{{ headscale_version }}_linux_{{ headscale_arch }}' - dest: '{{ headscale_binary_path }}' - owner: '{{ headscale_user_uid }}' - group: '{{ headscale_user_gid }}' - mode: 0770 - -- name: ensure headscale directories exist +- name: ensure headscale docker/compose exist file: - path: '{{ item }}' + path: /etc/docker/compose/headscale state: directory - owner: '{{ headscale_user_name }}' - group: '{{ headscale_user_group }}' - mode: 0755 - loop: '{{ headscale_directories }}' - -- name: ensure sqlite exists - file: - path: '{{ headscale_var_data_dir }}/db.sqlite' - state: touch - owner: '{{ headscale_user_uid }}' - group: '{{ headscale_user_gid }}' - mode: 0600 - modification_time: preserve - access_time: preserve - -- name: copy systemd unit file - template: - src: '../templates/headscale.service.j2' - dest: '/etc/systemd/system/headscale.service' - owner: '{{ headscale_user_uid }}' - group: '{{ headscale_user_gid }}' - mode: 0600 - -## CONFIG + owner: root + group: root + mode: 0700 -- name: copy configuration file template - template: - src: "../templates/config.yml.j2" - dest: "{{ headscale_config_dir }}/config.yaml" - owner: "{{ headscale_user_uid }}" - group: "{{ headscale_user_gid }}" - mode: "0600" +- name: copy headscale docker-compose.yml + copy: + src: ../files/docker-compose.yml + dest: /etc/docker/compose/headscale/docker-compose.yml + owner: root + group: root + mode: u=rw,g=r,o=r -- name: copy acl policies file +- name: copy headscale config volume copy: - content: '../files/acl.yml' - dest: '{{ headscale_config_dir }}/acl.yaml' - owner: '{{ headscale_user_uid }}' - group: '{{ headscale_user_gid }}' - mode: 0600 + src: ../files/config + dest: /etc/docker/compose/headscale/ + owner: root + group: root + mode: u=rw,g=r,o=r + +- name: ensure headscale data volume exist + file: + path: /etc/docker/compose/headscale/data + state: directory + owner: root + group: root + mode: 0700 -## ENABLE - name: daemon-reload and enable headscale ansible.builtin.systemd_service: state: restarted - daemon_reload: true enabled: true - name: headscale - -## CREATE USER -- name: ensure predefined users exist - command: - cmd: 'headscale users create {{ item }}' - loop: '{{ headscale_users }}' - register: user_created - changed_when: '"User created" in user_created.stdout' - -## ROUTES -- name: enable routes for node - command: - cmd: 'headscale routes enable -i {{ item.id }} -r {{ item.routes }}' - loop: '{{ headscale_enable_routes }}' - loop_control: - label: '{{ item.comment | default(item) }}' - when: not ansible_check_mode - -- name: enable exit nodes - command: - cmd: 'headscale routes enable -i {{ item.id }} -r 0.0.0.0/0,::/0' - loop: '{{ headscale_exit_nodes }}' - loop_control: - label: '{{ item.comment | default(item) }}' - when: not ansible_check_mode + name: docker-compose@headscale |