63 lines
1.7 KiB
Markdown
63 lines
1.7 KiB
Markdown
# Role: tailscale
|
|
|
|
## Description
|
|
Installs and configures Tailscale VPN mesh networking for secure connectivity across all managed hosts.
|
|
|
|
## Requirements
|
|
- Ansible 2.9+
|
|
- Debian/Ubuntu/Alpine Linux
|
|
- Tailscale account and auth key
|
|
- Internet connectivity
|
|
|
|
## Features
|
|
- Cross-platform support (Debian, Ubuntu, Alpine)
|
|
- Automatic OS detection and package installation
|
|
- Secure auth key management via vault
|
|
- Configurable network settings
|
|
- SSH over Tailscale support
|
|
|
|
## Variables
|
|
|
|
| Variable | Default | Description |
|
|
|----------|---------|-------------|
|
|
| `tailscale_auth_key` | `{{ vault_tailscale_auth_key }}` | Auth key from vault |
|
|
| `tailscale_hostname` | `{{ inventory_hostname }}` | Custom hostname |
|
|
| `tailscale_accept_routes` | `true` | Accept subnet routes |
|
|
| `tailscale_accept_dns` | `true` | Accept DNS settings |
|
|
| `tailscale_ssh` | `true` | Enable SSH server |
|
|
| `tailscale_shields_up` | `false` | Block incoming connections |
|
|
|
|
## Vault Variables (Required)
|
|
|
|
| Variable | Description |
|
|
|----------|-------------|
|
|
| `vault_tailscale_auth_key` | Tailscale authentication key |
|
|
|
|
## Dependencies
|
|
- Valid Tailscale account
|
|
- Auth key stored in Ansible vault
|
|
|
|
## Example Playbook
|
|
|
|
```yaml
|
|
- hosts: all
|
|
roles:
|
|
- role: tailscale
|
|
tailscale_accept_routes: false
|
|
```
|
|
|
|
## Tags
|
|
- `tailscale`: All Tailscale tasks
|
|
- `vpn`: VPN configuration
|
|
- `network`: Network setup
|
|
|
|
## Supported Platforms
|
|
- **Debian**: bullseye, bookworm, trixie
|
|
- **Ubuntu**: focal, jammy, noble
|
|
- **Alpine**: all versions
|
|
|
|
## Notes
|
|
- Requires Tailscale auth key in vault
|
|
- Machines need approval in Tailscale admin console
|
|
- Supports both reusable and ephemeral keys
|
|
- Automatic logout/re-auth on key changes |