Jake Howard
7c8d224c4a
Tags are managed entirely server side, so there's no priv esc issues. This lets my devices do what they want, and server style devices can't do anything.
33 lines
660 B
YAML
33 lines
660 B
YAML
- name: Include vault
|
|
include_vars: vault.yml
|
|
|
|
- name: Install Headscale
|
|
package:
|
|
name: headscale
|
|
become: true
|
|
|
|
- name: Install headscale config file
|
|
template:
|
|
src: files/headscale.yml
|
|
dest: /etc/headscale/config.yaml
|
|
owner: headscale
|
|
mode: "0600"
|
|
notify: restart headscale
|
|
become: true
|
|
|
|
- name: Install ACLs
|
|
template:
|
|
src: files/acls.json
|
|
dest: /etc/headscale/acls.json
|
|
owner: headscale
|
|
mode: "0600"
|
|
notify: restart headscale
|
|
become: true
|
|
|
|
- name: Install nginx config
|
|
template:
|
|
src: files/nginx.conf
|
|
dest: /etc/nginx/http.d/headscale.conf
|
|
mode: "0644"
|
|
become: true
|
|
notify: reload nginx
|