Ansible role to install and configure a Tailscale node.
MIT License
Bot releases are hidden (Show)
tailscale up
wouldn't properly redact the authkey when it was used with headscale keys, since their format doesn't match the tskey
pattern. The redaction now uses the tailscale_authkey
variable to ensure that exact value is always redacted. This is how redaction already worked in other areas of the role, but was missed in this step. #456 (Thanks @fredrikekre !)Published by artis3n 7 months ago
tailscale update
due to an incorrect name for the tailscale source list file. This is now corrected. #449 (Thanks @cnkk !)Published by artis3n 8 months ago
state: absent
now fully removes all Tailscale configuration data from your device. Previously, this role would uninstall Tailscale, but that might leave the /var/lib/tailscale
directory behind, which contains a tailscaled.state
file alongside log files which may contain information about your tailnet. The tailscaled.state
file could also hypothetically be used to re-authenticate the server to your tailnet if the server is not de-authorized, however this role runs tailscale logout
during uninstallation so the server is always de-authorized from your tailnet. However, I expect users don't want log files, and even stale configuration files, lying around after state: absent
. #435 (Thanks @McSim85 !) #444geerlingguy/docker-debian12-ansible
instead of cisagov/docker-debian12-ansible
in the CI suite because the cisagov repo has been archived.Published by artis3n 9 months ago
tailscale up
command now incorporates tailscale_up_timeout
. Previously the tailscale_up_timeout
would just be passed to the tailscale up
command and would signify how long the process should wait for tail scaled
to become available. However, if that took longer than 60s, ansible would kill the async task. The async polling will now always be larger than the value in tailscale_up_timeout
. #426 (Thanks @McSim85 !)tailscale_authkey_sting
to tailscale_authkey_string
. This is an internal fact created inside the role so this rename should not impact end users, therefore we are keeping this a patch release.Published by artis3n 9 months ago
pause
module with wait_for
, which ensures compatibility with playbooks running under strategy: free
.Published by artis3n 10 months ago
tailscale_oauth_tags
variable with tailscale_tags
. All --advertise-tags
usage should now use tailscale_tags
to list their desired tags. (#407) Thanks @McSim85 !Published by artis3n 10 months ago
tailscale_authkey
documentation on the README for usage instructions.[!IMPORTANT]
- The README uses more modern GitHub Markdown syntax. See if you can spot it.
Published by artis3n about 1 year ago
Published by artis3n over 1 year ago
Report non-sensitive stdout from "tailscale up"
step. (#344) Thanks @jonvmey !Published by artis3n over 1 year ago
ansible_distribution
translation to debian
(#331) Thanks @frodera!tailscale status
commands now output in JSON for much easier parsing of tailscale state throughout the role (#328) Thanks @mprasil!Published by artis3n over 1 year ago
tailscale up
is now fixed. (#320) Thanks @mprasil !tailscale up
fails, the role will clear its state so that re-running the role will always run tailscale up
and re-save the state. The tailscale up
command is idempotent if all passed parameters remain the same, so this change will not break users, but may fix some erroneous failures to re-run tailscale up
in some edge cases.Published by artis3n over 1 year ago
Published by artis3n over 1 year ago
BREAKING CHANGE
: This role now adheres to https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html and stores state in $XDG_STATE_HOME/artis3n-tailscale
, or $HOME/.local/state/artis3n-tailscale
if that env var is not present. This is technically a breaking change as this role will report state as "changed" upon the next run even if no state has changed. After the first time in which the state migrates to this new location, the role will correctly report state idempotency again. #286$HOME/.artis3n-tailscale
will be removed from target machines the next time this role is run.community.general
collection directory from its Git URL. This has no impact on end users, but contributors to this role should no longer experience failing tests due to Galaxy timeouts.BREAKING CHANGE
: The vars/main.yml
variables have all been updated with a prefix to help prevent conflicting with other role's parameters. These variables are not intended to be modified by end users, but if any end users are modifying these variables, they will need to update their references. #284 Thanks @hollow !Published by artis3n almost 2 years ago
apt update
now set a cache expiration of one hour, to prevent this role from triggering false idempotency failures (#278). Thanks @mnaser for the PR and @dgibbs64 for raising!ansible_distribution_major_version
of pre-release Debian distros (#259)Published by artis3n almost 2 years ago
/usr/share/keyrings
instead of using the legacy apt-key
tool, which is deprecated in Ubuntu 22.04. This is backwards-compatible with earlier Ubuntu/Debian-based distributions. #249 Thanks @wormi4ok !Published by artis3n about 2 years ago
latest
state, making the possible state
parameter values latest
, present
, or absent
. #239This role uses latest
by default to help ensure your software remains up-to-date and incorporates the latest security and product features. For users who desire more control over configuration drift, present
will not update Tailscale if it is already installed. Changes to tailscale_args will be applied under both latest
and present
; this parameter only impacts the version of Tailscale installed to the target system.
Published by artis3n over 2 years ago
Published by artis3n over 2 years ago
tailscale up
arguments such that errors are clearly funneled up instead of masked behind an invalid auth key message. Thanks @panos-- ! #206tailscale up
argument formatting. Thanks @panos-- ! #206Published by artis3n over 2 years ago
tailscale up
command which in 3.2.0 incorrectly quoted multiple flag arguments, resulting in a command-line failure of the ansible.builtin.command
module. Thanks @h3poteto ! #204Published by artis3n over 2 years ago