---
# Default variables for Tailscale role

# REQUIRED: Your Tailscale auth key (store in vault for security)
tailscale_auth_key: ""

# COMMON OPTIONS:
tailscale_hostname: ""              # Custom hostname (default: uses inventory name)
tailscale_ssh: true                 # Enable SSH access through Tailscale
tailscale_accept_routes: true       # Accept subnet routes from other nodes
tailscale_accept_dns: true          # Accept DNS settings from Tailscale

# ADVANCED OPTIONS (usually not needed):
tailscale_advertise_routes: ""      # Advertise subnets (e.g., "192.168.1.0/24")
tailscale_shields_up: false        # Block all incoming connections
tailscale_reset: false             # Force reconnection (will logout first)

# ENTERPRISE OPTIONS (leave empty for personal use):
tailscale_login_server: ""         # Custom control server URL
tailscale_operator: ""             # Operator user for Tailscale