2022-08-29 13:42:43 +02:00
|
|
|
---
|
|
|
|
|
|
|
|
- name: dirs
|
2024-01-07 23:05:56 +01:00
|
|
|
file: state=directory path="{{ item }}" mode="0700" # o= g=
|
2022-08-29 13:42:43 +02:00
|
|
|
loop:
|
|
|
|
- "{{ headscale_dir }}"
|
|
|
|
- "{{ headscale_dir }}/config"
|
|
|
|
- "{{ headscale_dir }}/data"
|
|
|
|
|
|
|
|
- name: config file
|
2024-01-07 23:05:56 +01:00
|
|
|
template: src="config.yaml.j2" dest="{{ headscale_dir }}/config/config.yaml" mode="0600" # o= g=
|
2022-08-29 13:42:43 +02:00
|
|
|
|
2024-01-06 23:05:16 +01:00
|
|
|
- name: create an empty database file if it doesn't exist
|
2024-01-07 23:05:56 +01:00
|
|
|
copy: force=false content="" dest="{{ headscale_dir }}/data/db.sqlite" mode="0600" # o= g=
|
2022-08-29 13:42:43 +02:00
|
|
|
|
|
|
|
- name: headscale coordination server
|
|
|
|
docker_container:
|
|
|
|
name: headscale
|
2024-01-06 23:05:16 +01:00
|
|
|
image: "{{ headscale_docker_image }}"
|
2022-08-29 13:42:43 +02:00
|
|
|
pull: "{{ headscale_pull }}"
|
|
|
|
command: headscale serve
|
|
|
|
restart_policy: unless-stopped
|
2024-01-07 23:05:56 +01:00
|
|
|
networks:
|
|
|
|
- name: servicenet
|
|
|
|
networks_cli_compatible: yes # don't add a default network
|
2022-08-29 13:42:43 +02:00
|
|
|
volumes:
|
|
|
|
- "{{ headscale_dir }}/config:/etc/headscale:ro"
|
|
|
|
- "{{ headscale_dir }}/data:/var/lib/headscale"
|
|
|
|
labels:
|
|
|
|
traefik.enable: "true"
|
|
|
|
traefik.http.routers.headscale.entryPoints: "web_https"
|
|
|
|
traefik.http.routers.headscale.rule: "Host(`{{ headscale_domain }}`)"
|
2024-01-07 23:05:56 +01:00
|
|
|
traefik.http.routers.headscale.service: "headscale"
|
|
|
|
traefik.http.services.headscale.loadbalancer.server.port: "8080"
|
|
|
|
#published_ports: ### local testing
|
|
|
|
# - "9441:8080"
|
|
|
|
# - "9442:9090" # /metrics
|
|
|
|
# - "50443:50443" # /headscale grpc API
|
2022-08-29 13:42:43 +02:00
|
|
|
|
|
|
|
# (If a given namespace already exists, the command issues an error
|
|
|
|
# message but the exit code is 0 (successful).)
|
|
|
|
- name: namespaces aka tailnets
|
|
|
|
community.docker.docker_container_exec:
|
|
|
|
container: headscale
|
|
|
|
argv: ['headscale', 'namespaces', 'create', "{{ item }}"]
|
2024-01-07 23:05:56 +01:00
|
|
|
register: _result
|
|
|
|
changed_when: "'User created' == _result.stdout"
|
2022-08-29 13:42:43 +02:00
|
|
|
loop: "{{ headscale_namespaces }}"
|
|
|
|
|
2024-01-07 23:05:56 +01:00
|
|
|
# Create a new API key.
|
|
|
|
# ### Doesn't report an existing API key or expire the old one.
|
|
|
|
# See 'headscale apikeys list', 'headscale apikeys expire --prefix ...'
|
|
|
|
- name: API key
|
|
|
|
community.docker.docker_container_exec:
|
|
|
|
container: headscale
|
|
|
|
argv: ['headscale', 'apikeys', 'create', '--expiration=24h']
|
|
|
|
register: headscale_api_key_create_result
|
|
|
|
changed_when: true
|
|
|
|
|
|
|
|
- debug:
|
|
|
|
msg: "This is the API key to use in the web UI:\n{{ headscale_api_key_create_result.stdout }}"
|
|
|
|
when: not ansible_check_mode
|
|
|
|
|
2022-08-29 13:42:43 +02:00
|
|
|
# https://github.com/gurucomputing/headscale-ui
|
|
|
|
- name: headscale UI
|
|
|
|
docker_container:
|
|
|
|
name: headscale-ui
|
2024-01-06 23:05:16 +01:00
|
|
|
image: "{{ headscale_ui_docker_image }}"
|
2022-08-29 13:42:43 +02:00
|
|
|
pull: "{{ headscale_pull }}"
|
|
|
|
restart_policy: unless-stopped
|
2024-01-07 23:05:56 +01:00
|
|
|
networks:
|
|
|
|
- name: servicenet
|
|
|
|
networks_cli_compatible: yes # don't add a default network
|
2022-08-29 13:42:43 +02:00
|
|
|
labels:
|
|
|
|
traefik.enable: "true"
|
2024-01-07 23:05:56 +01:00
|
|
|
traefik.http.routers.headscale-ui.entryPoints: "web_https"
|
|
|
|
traefik.http.routers.headscale-ui.rule: "Host(`{{ headscale_domain }}`) && PathPrefix(`/web`)"
|
|
|
|
#traefik.http.routers.headscale-ui.middlewares: "chain-authelia@file"
|