ilia
3415340e26
All checks were successful
CI / skip-ci-check (pull_request) Successful in 1m18s
CI / lint-and-test (pull_request) Successful in 1m21s
CI / ansible-validation (pull_request) Successful in 2m43s
CI / secret-scanning (pull_request) Successful in 1m19s
CI / dependency-scan (pull_request) Successful in 1m23s
CI / sast-scan (pull_request) Successful in 2m28s
CI / license-check (pull_request) Successful in 1m20s
CI / vault-check (pull_request) Successful in 2m21s
CI / playbook-test (pull_request) Successful in 2m19s
CI / container-scan (pull_request) Successful in 1m48s
CI / sonar-analysis (pull_request) Successful in 1m26s
CI / workflow-summary (pull_request) Successful in 1m17s
107 lines
3.1 KiB
YAML
107 lines
3.1 KiB
YAML
---
|
|
- name: Check if Tailscale is already installed
|
|
ansible.builtin.command: tailscale version
|
|
register: tailscale_version_check
|
|
failed_when: false
|
|
changed_when: false
|
|
|
|
- name: Check if Tailscale GPG key exists and is correct
|
|
ansible.builtin.shell: |
|
|
if [ -f /usr/share/keyrings/tailscale-archive-keyring.gpg ]; then
|
|
if file /usr/share/keyrings/tailscale-archive-keyring.gpg | grep -q "PGP"; then
|
|
echo "correct_key"
|
|
else
|
|
echo "wrong_key"
|
|
fi
|
|
else
|
|
echo "not_exists"
|
|
fi
|
|
register: tailscale_key_check
|
|
failed_when: false
|
|
changed_when: false
|
|
when: tailscale_version_check.rc != 0
|
|
|
|
- name: Check if Tailscale repository exists and is correct
|
|
ansible.builtin.shell: |
|
|
if [ -f /etc/apt/sources.list.d/tailscale.list ]; then
|
|
if grep -q "deb \[signed-by=/usr/share/keyrings/tailscale-archive-keyring.gpg\]" /etc/apt/sources.list.d/tailscale.list; then
|
|
echo "correct_config"
|
|
else
|
|
echo "wrong_config"
|
|
fi
|
|
else
|
|
echo "not_exists"
|
|
fi
|
|
register: tailscale_repo_check
|
|
failed_when: false
|
|
changed_when: false
|
|
when: tailscale_version_check.rc != 0
|
|
|
|
- name: Remove incorrect Tailscale GPG key
|
|
ansible.builtin.file:
|
|
path: /usr/share/keyrings/tailscale-archive-keyring.gpg
|
|
state: absent
|
|
become: true
|
|
when:
|
|
- tailscale_version_check.rc != 0
|
|
- tailscale_key_check.stdout == "wrong_key"
|
|
|
|
- name: Remove incorrect Tailscale repository
|
|
ansible.builtin.file:
|
|
path: /etc/apt/sources.list.d/tailscale.list
|
|
state: absent
|
|
become: true
|
|
when:
|
|
- tailscale_version_check.rc != 0
|
|
- tailscale_repo_check.stdout == "wrong_config"
|
|
|
|
- name: Add Tailscale GPG key only if needed
|
|
ansible.builtin.get_url:
|
|
url: https://pkgs.tailscale.com/stable/ubuntu/jammy.noarmor.gpg
|
|
dest: /usr/share/keyrings/tailscale-archive-keyring.gpg
|
|
mode: '0644'
|
|
become: true
|
|
when:
|
|
- tailscale_version_check.rc != 0
|
|
- tailscale_key_check.stdout in ["not_exists", "wrong_key"]
|
|
|
|
- name: Determine repository codename
|
|
ansible.builtin.set_fact:
|
|
tailscale_repo_codename: "{{ 'jammy' if ansible_distribution == 'Ubuntu' else 'bookworm' }}"
|
|
when: tailscale_version_check.rc != 0
|
|
|
|
- name: Add Tailscale repository only if needed
|
|
ansible.builtin.apt_repository:
|
|
repo: >-
|
|
deb [signed-by=/usr/share/keyrings/tailscale-archive-keyring.gpg]
|
|
https://pkgs.tailscale.com/stable/{{ 'ubuntu' if ansible_distribution == 'Ubuntu' else 'debian' }}
|
|
{{ tailscale_repo_codename }} main
|
|
state: present
|
|
filename: tailscale
|
|
become: true
|
|
when:
|
|
- tailscale_version_check.rc != 0
|
|
- tailscale_repo_check.stdout in ["not_exists", "wrong_config"]
|
|
|
|
- name: Update apt cache
|
|
ansible.builtin.apt:
|
|
update_cache: true
|
|
become: true
|
|
when: tailscale_version_check.rc != 0
|
|
|
|
- name: Install Tailscale
|
|
ansible.builtin.apt:
|
|
name: tailscale
|
|
state: present
|
|
become: true
|
|
when: tailscale_version_check.rc != 0
|
|
notify: Start tailscaled
|
|
|
|
- name: Enable and start Tailscale daemon
|
|
ansible.builtin.systemd:
|
|
name: tailscaled
|
|
enabled: true
|
|
state: started
|
|
become: true
|
|
when: tailscale_version_check.rc != 0
|