From b0a563db34c7ac86f36c3f293ea8610de1c8a35c Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <elizabeth.hunt@simponic.xyz>
Date: Tue, 2 Jan 2024 19:05:01 -0500
Subject: finish headscale setup

---
 roles/vpn/tasks/main.yml | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

(limited to 'roles/vpn/tasks/main.yml')

diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml
index 1715886..22ca2f8 100644
--- a/roles/vpn/tasks/main.yml
+++ b/roles/vpn/tasks/main.yml
@@ -1,4 +1,11 @@
 ---
+## UFW
+- name: allow headscale tcp on 8080
+  ufw:
+    rule: allow
+    port: '8080'
+    proto: tcp
+
 ## INSTALL
 - name: create headscale user group
   group:
@@ -51,13 +58,6 @@
     group: '{{ headscale_user_gid }}'
     mode: 0600
 
-- name: daemon-reload and enable headscale
-  ansible.builtin.systemd_service:
-    state: restarted
-    daemon_reload: true
-    enabled: true
-    name: headscale
-
 ## CONFIG
 
 - name: copy configuration file template
@@ -67,7 +67,6 @@
     owner: "{{ headscale_user_uid }}"
     group: "{{ headscale_user_gid }}"
     mode: "0600"
-  notify: reload headscale
 
 - name: copy acl policies file
   copy:
@@ -76,8 +75,16 @@
     owner: '{{ headscale_user_uid }}'
     group: '{{ headscale_user_gid }}'
     mode: 0600
-  notify: reload headscale
 
+## ENABLE
+- name: daemon-reload and enable headscale
+  ansible.builtin.systemd_service:
+    state: restarted
+    daemon_reload: true
+    enabled: true
+    name: headscale
+
+## CREATE USER
 - name: ensure predefined users exist
   command:
     cmd: 'headscale users create {{ item }}'
-- 
cgit v1.2.3-70-g09d2