quantumkid · March 9, 2025 15:59
diff --git a/main.yaml b/main.yaml
 - name: Install dependencies
  ansible.builtin.apt:
    name: "{{ item }}"
    state: present
    update_cache: true
    cache_valid_time: 3600
  loop:
    - curl
    - ethtool

 - name: Add tailscale's signing key
  ansible.builtin.get_url:
    url: "{{ tailscale_signing_key_url }}"
    dest: /usr/share/keyrings/tailscale-archive-keyring.gpg
    username: root
    group: root
    mode: '0644'

 - name: Add tailscale's repository
  ansible.builtin.get_url:
    url: "{{ tailscale_repository_url }}"
    dest: /etc/apt/sources.list.d/tailscale.list
    username: root
    group: root
    mode: '0644'

 - name: Update the package manager
  ansible.builtin.apt:
    update_cache: true
    cache_valid_time: 0

 - name: Install tailscale
  ansible.builtin.apt:
    name: tailscale
    state: present

 - name: Start the tailscale service
  ansible.builtin.systemd:
    name: tailscaled
    state: started
    enabled: true

 - name: Configure ip forwarding for exit nodes
  when: tailscale_exit_node | bool
  block:
    - name: Turn on ipv4 forwarding
      ansible.posix.sysctl:
        name: net.ipv4.ip_forward
        value: 1
        sysctl_set: true
        reload: true

    - name: Turn on ipv6 forwarding
      ansible.posix.sysctl:
        name: net.ipv6.conf.all.forwarding
        value: 1
        sysctl_set: true
        reload: true

    - name: Set the UDP GRO features on boot
      ansible.builtin.cron:
        name: set_udp_gro
        special_time: reboot
        job: sudo ethtool -K eth0 rx-udp-gro-forwarding on rx-gro-list off
      notify: "tailscale : Reboot container"

 - name: Get tailscale status
  ansible.builtin.command: tailscale status
  register: tailscale_status
  changed_when: false
  ignore_errors: true

 - name: Start tailscale
  ansible.builtin.shell:
    cmd: "tailscale up \
         --advertise-exit-node={% if tailscale_exit_node | bool %}true{% else %}false{% endif %} \
         --hostname {{ inventory_hostname }} \
         --authkey {{ tailscale_auth_key }}"
  args:
    executable: /bin/bash
  when: tailscale_status.rc != 0
  changed_when: true

 - name: Get the device id
  ansible.builtin.command:
    cmd: tailscale status --peers=false --json
  no_log: true
  register: device_id
  changed_when: false

 - name: Write the device ID to 1Password
  ansible.builtin.shell:
    cmd: "op item edit {{ op_item_uuid }} 'tailscale device ID={{ device_id.stdout | from_json | json_query('Self.ID') }}' 0<&-"
    executable: /bin/bash
  become: false
  changed_when: false
  when: op_item_uuid is defined
  delegate_to: localhost

 - name: Flush handlers
  ansible.builtin.meta: flush_handlers
	- name: Install dependencies
	ansible.builtin.apt:
	name: "{{ item }}"
	state: present
	update_cache: true
	cache_valid_time: 3600
	loop:
	- curl
	- ethtool

	- name: Add tailscale's signing key
	ansible.builtin.get_url:
	url: "{{ tailscale_signing_key_url }}"
	dest: /usr/share/keyrings/tailscale-archive-keyring.gpg
	username: root
	group: root
	mode: '0644'

	- name: Add tailscale's repository
	ansible.builtin.get_url:
	url: "{{ tailscale_repository_url }}"
	dest: /etc/apt/sources.list.d/tailscale.list
	username: root
	group: root
	mode: '0644'

	- name: Update the package manager
	ansible.builtin.apt:
	update_cache: true
	cache_valid_time: 0

	- name: Install tailscale
	ansible.builtin.apt:
	name: tailscale
	state: present

	- name: Start the tailscale service
	ansible.builtin.systemd:
	name: tailscaled
	state: started
	enabled: true

	- name: Configure ip forwarding for exit nodes
	when: tailscale_exit_node \| bool
	block:
	- name: Turn on ipv4 forwarding
	ansible.posix.sysctl:
	name: net.ipv4.ip_forward
	value: 1
	sysctl_set: true
	reload: true

	- name: Turn on ipv6 forwarding
	ansible.posix.sysctl:
	name: net.ipv6.conf.all.forwarding
	value: 1
	sysctl_set: true
	reload: true

	- name: Set the UDP GRO features on boot
	ansible.builtin.cron:
	name: set_udp_gro
	special_time: reboot
	job: sudo ethtool -K eth0 rx-udp-gro-forwarding on rx-gro-list off
	notify: "tailscale : Reboot container"

	- name: Get tailscale status
	ansible.builtin.command: tailscale status
	register: tailscale_status
	changed_when: false
	ignore_errors: true

	- name: Start tailscale
	ansible.builtin.shell:
	cmd: "tailscale up \
	--advertise-exit-node={% if tailscale_exit_node \| bool %}true{% else %}false{% endif %} \
	--hostname {{ inventory_hostname }} \
	--authkey {{ tailscale_auth_key }}"
	args:
	executable: /bin/bash
	when: tailscale_status.rc != 0
	changed_when: true

	- name: Get the device id
	ansible.builtin.command:
	cmd: tailscale status --peers=false --json
	no_log: true
	register: device_id
	changed_when: false

	- name: Write the device ID to 1Password
	ansible.builtin.shell:
	cmd: "op item edit {{ op_item_uuid }} 'tailscale device ID={{ device_id.stdout \| from_json \| json_query('Self.ID') }}' 0<&-"
	executable: /bin/bash
	become: false
	changed_when: false
	when: op_item_uuid is defined
	delegate_to: localhost

	- name: Flush handlers
	ansible.builtin.meta: flush_handlers