---
# This is an Ansible playbook example to set up Headscale
# (for a self-managed tailscale deployment)
#
# Includes:
#
#   - headscale (control-plane server)
#   - headscale-ui (web UI for managing headscale)
#   - labels to configure Traefik-2 reverse-proxy
#     - ### currently hard-codes a Traefik middleware 'chain@authelia'
#   - ### currently exposes the ports for local connections, for debugging
#
# Configuration:
#
#   - `templates/config.yaml.j2`:
#     config used by this role, with customisations and variables
#
#   - `templates/config-example.yaml`:
#     a copy of upstream config example, with documentation
#
# Usage:
#
#   - set up by running your playbook
#     (add `-e pull=yes` to update to the latest docker images)
#   - tell your tailscale clients to connect to: <https://$headscale_domain/>
#   - access headscale admin web page at: <https://$headscale_domain/web>

# The following is an example of how a playbook can import the role:

- name: "Set up headscale"
  hosts: example.org
  vars:
    pull: false
  become: yes

  roles:

    - role: headscale
      # example of tags you may wish to use for this task
      tags: headscale
      # the following variables must be defined to use the role
      vars:
        # the (sub)domain of this server
        # (your reverse-proxy will route it)
        # (use just a (sub)domain; a URL path part is NOT currently supported)
        headscale_domain: headscale.example.org
        # where to store the config file and the database on your server
        headscale_dir: /home/headscale
        # namespaces ("tailnets") to create (and/or you can create them manually)
        headscale_namespaces:
          - my_tailnet_name
        # whether to update to the latest docker images
        headscale_pull: "{{ pull }}"