ilia/ansible
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
ansible/roles/tailscale/tasks/debian.yml
ilia b424e9b55b Add checks and conditional tasks for package management across roles 
- Introduce checks for existing GPG keys and repositories for Docker, NodeSource, and Tailscale to ensure correct configurations before installation.
- Implement conditional removal of incorrect keys and repositories to maintain a clean setup.
- Update Makefile to include a command for editing group vault variables.

These changes enhance package management reliability and streamline the installation process across different roles.
2025-09-11 21:05:31 -04:00

104 lines
3.1 KiB
YAML
Raw Blame History

---
- name: Check if Tailscale is already installed
ansible.builtin.command: tailscale version
register: tailscale_version_check
failed_when: false
changed_when: false
- name: Check if Tailscale GPG key exists and is correct
ansible.builtin.shell: |
if [ -f /usr/share/keyrings/tailscale-archive-keyring.gpg ]; then
if file /usr/share/keyrings/tailscale-archive-keyring.gpg | grep -q "PGP"; then
echo "correct_key"
else
echo "wrong_key"
fi
else
echo "not_exists"
fi
register: tailscale_key_check
failed_when: false
when: tailscale_version_check.rc != 0
- name: Check if Tailscale repository exists and is correct
ansible.builtin.shell: |
if [ -f /etc/apt/sources.list.d/tailscale.list ]; then
if grep -q "deb \[signed-by=/usr/share/keyrings/tailscale-archive-keyring.gpg\]" /etc/apt/sources.list.d/tailscale.list; then
echo "correct_config"
else
echo "wrong_config"
fi
else
echo "not_exists"
fi
register: tailscale_repo_check
failed_when: false
when: tailscale_version_check.rc != 0
- name: Remove incorrect Tailscale GPG key
ansible.builtin.file:
path: /usr/share/keyrings/tailscale-archive-keyring.gpg
state: absent
become: true
when:
- tailscale_version_check.rc != 0
- tailscale_key_check.stdout == "wrong_key"
- name: Remove incorrect Tailscale repository
ansible.builtin.file:
path: /etc/apt/sources.list.d/tailscale.list
state: absent
become: true
when:
- tailscale_version_check.rc != 0
- tailscale_repo_check.stdout == "wrong_config"
- name: Add Tailscale GPG key only if needed
ansible.builtin.get_url:
url: https://pkgs.tailscale.com/stable/ubuntu/jammy.noarmor.gpg
dest: /usr/share/keyrings/tailscale-archive-keyring.gpg
mode: '0644'
become: true
when:
- tailscale_version_check.rc != 0
- tailscale_key_check.stdout in ["not_exists", "wrong_key"]
- name: Determine repository codename
ansible.builtin.set_fact:
tailscale_repo_codename: "{{ 'jammy' if ansible_distribution == 'Ubuntu' else 'bookworm' }}"
when: tailscale_version_check.rc != 0
- name: Add Tailscale repository only if needed
ansible.builtin.apt_repository:
repo: >-
deb [signed-by=/usr/share/keyrings/tailscale-archive-keyring.gpg]
https://pkgs.tailscale.com/stable/{{ 'ubuntu' if ansible_distribution == 'Ubuntu' else 'debian' }}
{{ tailscale_repo_codename }} main
state: present
filename: tailscale
become: true
when:
- tailscale_version_check.rc != 0
- tailscale_repo_check.stdout in ["not_exists", "wrong_config"]
- name: Update apt cache
ansible.builtin.apt:
update_cache: true
become: true
when: tailscale_version_check.rc != 0
- name: Install Tailscale
ansible.builtin.apt:
name: tailscale
state: present
become: true
when: tailscale_version_check.rc != 0
notify: Start tailscaled
- name: Enable and start Tailscale daemon
ansible.builtin.systemd:
name: tailscaled
enabled: true
state: started
become: true
when: tailscale_version_check.rc != 0
Reference in New Issue View Git Blame Copy Permalink