ilia/ansible
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
ansible/SIMPLE_SETUP.md

61 lines
1.8 KiB
Markdown
Raw Blame History

# Simple Tailscale Setup
## What you need:
1. A Tailscale account (free at https://tailscale.com)
2. An auth key from your Tailscale admin console
## 3-Step Setup:
### Step 1: Get your auth key
1. Go to https://login.tailscale.com/admin/settings/keys
2. Click "Generate auth key"
3. Make it **Reusable** and set expiration to **90 days** (or longer)
4. Copy the key (starts with `tskey-auth-`)
### Step 2: Store the key securely
```bash
make create-vault
```
When prompted, add this content:
```yaml
---
vault_tailscale_auth_key: "tskey-auth-your-actual-key-here"
```
Save and exit.
### Step 3: Install Tailscale everywhere
```bash
# Check what will happen (dry run)
make tailscale-check
# Install on all machines
make tailscale
```
That's it! Your machines should now be connected to your Tailscale network.
## Check if it worked:
```bash
make tailscale-status
```
## How the vault connects to your settings:
The `group_vars/all.yml` file now contains:
```yaml
tailscale_auth_key: "{{ vault_tailscale_auth_key | default('') }}"
```
This tells Ansible: "Look for `vault_tailscale_auth_key` in the encrypted vault file, and if it's not there, use an empty string."
So when you put your real auth key in the vault, it automatically gets used!
## The confusing variables explained:
- `tailscale_auth_key`: **YOU NEED THIS** - your authentication key
- `tailscale_ssh`: **USEFUL** - lets you SSH through Tailscale network
- `tailscale_accept_routes`: **USEFUL** - access other networks through Tailscale
- `tailscale_hostname`: **OPTIONAL** - custom name (defaults to your server names)
- `tailscale_advertise_routes`: **ADVANCED** - share your local network with others
- `tailscale_shields_up`: **SECURITY** - blocks incoming connections
- Everything else: **IGNORE** unless you have specific enterprise needs
Reference in New Issue View Git Blame Copy Permalink