artis3n
commented
4 months ago Going to start thinking about this more actively. Collected current list of flags from https://tailscale.com/kb/1241/tailscale-up in the description.
Open artis3n opened 11 months ago
artis3n
commented
4 months ago Going to start thinking about this more actively. Collected current list of flags from https://tailscale.com/kb/1241/tailscale-up in the description.
We're up to 3 or so exceptions to
tailscale_args, where some flags are handled by dedicated variables in this role and most are not. This is confusing behavior. Originally,tailscale_argswas set up this way because the Tailscale CLI was new and undergoing rapid development and there wasn't a guarantee that flags would be stable. This is no longer the case, and supporting all flags as arguments to this role would simplify usage and "Ansible-ize" the rest of the parameters.Edit July 2024, starting on this:
Please comment on this issue and get sign-off from @artis3n before making PRs for any of these flags. I have an idea how I want this to work and I welcome contributions for it, but I don't want you to waste effort!
Flags that will become input variables to this role:
--accept-dns. Possible values:true/false--accept-risk. Possible values:"lose-ssh","all", or""--advertise-exit-node. Possible values:true/false--advertise-routes. Values will be alist<string>and each input will be validated as valid CIDR syntax.--advertise-tags. Values will be alist<string>.--authkey. Already a dedicated variable.--exit-node. Value will be a string, and can be an empty string to disable a previously set configuration.--exit-node-allow-lan-access. Possible values:true/false--force-reauth. Possible values:true/false--hostname. Value will be a string.--login-server. Value will be a string.--netfilter-mode. Possible values:"off","nodivert","on".--operator. Value will be a string. Value must be an existing Linux user on the target, or the role will fail.--qr. Won't be supported by this role.--reset. Possible values:true/false--shields-up. Possible values:true/false--snat-subnet-routes. Possible values:true/false--stateful-filtering. Possible values:true/false--ssh. Possible values:true/false--timeout. Value will be an integer representing time in seconds.--unattended. Windows-only, so won't be supported by this role.