search

jason-riddle / ansible-role-tailscale

Tailscale on Linux.
https://galaxy.ansible.com/ui/standalone/roles/jason_riddle/tailscale/
MIT License
6 stars 0 forks source link

How to handle additional tailscale up args? #9

Closed jason-riddle closed 2 years ago

jason-riddle commented 2 years ago

It might be nice to handle additional args. One approach is to let the user define a variable with the extra args. Another approach is to define an ansible variable for each arg. Here's the tailscale up --help page:

USAGE
  up [flags]

"tailscale up" connects this machine to your Tailscale network,
triggering authentication if necessary.

With no flags, "tailscale up" brings the network online without
changing any settings. (That is, it's the opposite of "tailscale
down").

If flags are specified, the flags must be the complete set of desired
settings. An error is returned if any setting would be changed as a
result of an unspecified flag's default value, unless the --reset
flag is also used.

FLAGS
  --accept-dns, --accept-dns=false
        accept DNS configuration from the admin panel (default true)
  --accept-routes, --accept-routes=false
        accept routes advertised by other Tailscale nodes (default false)
  --advertise-exit-node, --advertise-exit-node=false
        offer to be an exit node for internet traffic for the tailnet (default false)
  --advertise-routes string
        routes to advertise to other nodes (comma-separated, e.g. "10.0.0.0/8,192.168.0.0/24") or empty string to not advertise routes
  --advertise-tags string
        comma-separated ACL tags to request; each must start with "tag:" (e.g. "tag:eng,tag:montreal,tag:ssh")
  --authkey string
        node authorization key; if it begins with "file:", then it's a path to a file containing the authkey
  --exit-node string
        Tailscale IP of the exit node for internet traffic, or empty string to not use an exit node
  --exit-node-allow-lan-access, --exit-node-allow-lan-access=false
        Allow direct access to the local network when routing traffic via an exit node (default false)
  --force-reauth, --force-reauth=false
        force reauthentication (default false)
  --host-routes, --host-routes=false
        install host routes to other Tailscale nodes (default true)
  --hostname string
        hostname to use instead of the one provided by the OS
  --login-server string
        base URL of control server (default https://controlplane.tailscale.com)
  --netfilter-mode string
        netfilter mode (one of on, nodivert, off) (default on)
  --operator string
        Unix username to allow to operate on tailscaled without sudo
  --qr, --qr=false
        show QR code for login URLs (default false)
  --reset, --reset=false
        reset unspecified settings to their default values (default false)
  --shields-up, --shields-up=false
        don't allow incoming connections (default false)
  --snat-subnet-routes, --snat-subnet-routes=false
        source NAT traffic to local routes advertised with --advertise-routes (default true)
jason-riddle commented 2 years ago

Some of the most interesting args --hostname ${HOSTNAME} --advertise-tags ${TAILSCALE_LABELS} --accept-routes --host-routes=false

jason-riddle commented 2 years ago

Another idea is something like this:

tailscale_up_args:
  - --hostname=foo
  - --host-routes=false
jason-riddle commented 2 years ago

Fixed in https://github.com/jason-riddle/ansible-role-tailscale/pull/11.