---
- name: Install and configure Tailscale on all machines
  hosts: all
  become: true
  gather_facts: true

  vars:
    # Variables are set in group_vars/all.yml
    # Override here if needed or pass via: --extra-vars "tailscale_auth_key=your_key"
    tailscale_auth_key: "{{ vault_tailscale_auth_key | default('') }}"

  roles:
    - {role: tailscale, tags: ['tailscale', 'vpn']}

  post_tasks:
    - name: Display Tailscale installation completion
      ansible.builtin.debug:
        msg: |
          Tailscale has been installed and configured on {{ inventory_hostname }}.

          To connect this machine to your Tailscale network:
          1. If you provided an auth key, the machine should already be connected
          2. If no auth key was provided, run: sudo tailscale up
          3. Check status with: tailscale status

          Remember to authorize the machine in your Tailscale admin console if needed.