Erich Blume
6f244e6f4f
- Manage tailscale serve configuration declaratively via ansible - Define services in defaults/main.yml (grafana, forge, kiwix, pypi) - Role depends on service roles to ensure correct execution order - Incremental idempotency: only apply if service missing Two-layer tailnet IaC is now complete: - Layer 1 (Pulumi): ACLs, tags, DNS - Layer 2 (Ansible): tailscale serve config Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
25 lines
855 B
YAML
25 lines
855 B
YAML
---
|
|
- name: Get current tailscale serve status
|
|
ansible.builtin.command: tailscale serve status --json
|
|
register: serve_status
|
|
changed_when: false
|
|
|
|
- name: Configure HTTPS services
|
|
ansible.builtin.command: >
|
|
tailscale serve --service="{{ item.name }}"
|
|
--https={{ item.https.port }} {{ item.https.upstream }}
|
|
loop: "{{ tailscale_services }}"
|
|
when: item.https is defined
|
|
register: https_result
|
|
changed_when: "'already serving' not in https_result.stderr | default('')"
|
|
failed_when: false
|
|
|
|
- name: Configure TCP services
|
|
ansible.builtin.command: >
|
|
tailscale serve --service="{{ item.name }}"
|
|
--tcp={{ item.tcp.port }} {{ item.tcp.upstream }}
|
|
loop: "{{ tailscale_services }}"
|
|
when: item.tcp is defined
|
|
register: tcp_result
|
|
changed_when: "'already serving' not in tcp_result.stderr | default('')"
|
|
failed_when: false
|