headscale
Headscale Installer and Configuration
An ansible role to install and configure headscale. Inspiration and much of the configuration options come from @kazauwa. I prefer my binary install method better though so I changed that part.
Install with ansible-galaxy install fuzzymistborn.headscale
Features
- Installation and configuration of
headscale
binary. - Copying/updating
headscale
config file. - Updating binaries if there is an update and version is not pinned.
Configuration
This role has a number of variables that can be configured.
Additionally, you can pin a specific version with headscale_pinned_ver
. By default the role fetches and installs the latest available version, and will run the update command if the binary is already present every time the role is run. You can disable this by pinning to a specific version. Here's an example if you wanted to set the version.
headscale_download_latest_ver: false
headscale_pinned_ver: 0.16.1
By setting a pinned version, the updater commands will not run and a version will only be pulled if the installed version does not match the pinned version.
You can set the headscale config in yaml format. See the default config as a starting point.
The other variables, like headscale_gh_url
, headscale_install_directory
, etc I do not recommend changing unless you want to customize the install.
See the release pages for headscale to find the correct distribution for your install.
Github API
This role utilizes the GitHub API to determine the latest release available. By default, the role utilizes unauthenticated requests, which are limited by GitHub to 60 requests per hour. Requests are associated with the originating IP address. For most usecases, this is not an issue. However, you may find yourself rate limited. If you authenticate, you can make 5,000 requests per hour.
To authenticate, you must obtain a Personal Access Token. The token does not need any scopes selected. Then add the following variables:
github_api_user: fuzzymistborn
github_api_pass: YOUR_TOKEN
github_api_auth: yes
That's it!