1
0
Fork 0

fixes; headscale API and headscale-ui now work

This commit is contained in:
Julian Foad 2024-01-07 22:05:56 +00:00
parent 603e95ddc7
commit 0dfe7407eb

View file

@ -1,17 +1,17 @@
---
- name: dirs
file: state=directory path="{{ item }}" # mode= o= g=
file: state=directory path="{{ item }}" mode="0700" # o= g=
loop:
- "{{ headscale_dir }}"
- "{{ headscale_dir }}/config"
- "{{ headscale_dir }}/data"
- name: config file
template: src="config.yaml.j2" dest="{{ headscale_dir }}/config/config.yaml" # mode= o= g=
template: src="config.yaml.j2" dest="{{ headscale_dir }}/config/config.yaml" mode="0600" # o= g=
- name: create an empty database file if it doesn't exist
copy: force=false content="" dest="{{ headscale_dir }}/data/db.sqlite" # mode= o= g=
copy: force=false content="" dest="{{ headscale_dir }}/data/db.sqlite" mode="0600" # o= g=
- name: headscale coordination server
docker_container:
@ -20,6 +20,9 @@
pull: "{{ headscale_pull }}"
command: headscale serve
restart_policy: unless-stopped
networks:
- name: servicenet
networks_cli_compatible: yes # don't add a default network
volumes:
- "{{ headscale_dir }}/config:/etc/headscale:ro"
- "{{ headscale_dir }}/data:/var/lib/headscale"
@ -27,11 +30,12 @@
traefik.enable: "true"
traefik.http.routers.headscale.entryPoints: "web_https"
traefik.http.routers.headscale.rule: "Host(`{{ headscale_domain }}`)"
traefik.http.routers.headscale.middlewares: "chain-authelia@file"
published_ports: ### local testing
- "9441:8080"
- "9442:9090" # /metrics
- "50443:50443" # /headscale grpc API
traefik.http.routers.headscale.service: "headscale"
traefik.http.services.headscale.loadbalancer.server.port: "8080"
#published_ports: ### local testing
# - "9441:8080"
# - "9442:9090" # /metrics
# - "50443:50443" # /headscale grpc API
# (If a given namespace already exists, the command issues an error
# message but the exit code is 0 (successful).)
@ -39,10 +43,24 @@
community.docker.docker_container_exec:
container: headscale
argv: ['headscale', 'namespaces', 'create', "{{ item }}"]
register: result
changed_when: "'Namespace created' in result.stdout_lines"
register: _result
changed_when: "'User created' == _result.stdout"
loop: "{{ headscale_namespaces }}"
# Create a new API key.
# ### Doesn't report an existing API key or expire the old one.
# See 'headscale apikeys list', 'headscale apikeys expire --prefix ...'
- name: API key
community.docker.docker_container_exec:
container: headscale
argv: ['headscale', 'apikeys', 'create', '--expiration=24h']
register: headscale_api_key_create_result
changed_when: true
- debug:
msg: "This is the API key to use in the web UI:\n{{ headscale_api_key_create_result.stdout }}"
when: not ansible_check_mode
# https://github.com/gurucomputing/headscale-ui
- name: headscale UI
docker_container:
@ -50,10 +68,11 @@
image: "{{ headscale_ui_docker_image }}"
pull: "{{ headscale_pull }}"
restart_policy: unless-stopped
networks:
- name: servicenet
networks_cli_compatible: yes # don't add a default network
labels:
traefik.enable: "true"
traefik.http.routers.headscale.entryPoints: "web_https"
traefik.http.routers.headscale.rule: "Host(`{{ headscale_domain }}`) && PathPrefix(`/web`)"
traefik.http.routers.headscale.middlewares: "chain-authelia@file"
exposed_ports:
- "80"
traefik.http.routers.headscale-ui.entryPoints: "web_https"
traefik.http.routers.headscale-ui.rule: "Host(`{{ headscale_domain }}`) && PathPrefix(`/web`)"
#traefik.http.routers.headscale-ui.middlewares: "chain-authelia@file"