# https://tailscale.com/download/linux/debian-bullseye
- name: Install Tailscale
  hosts: all
  become: true
  tasks:

    # curl -fsSL https://pkgs.tailscale.com/stable/debian/bullseye.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
    - name: Download Tailscale package signing key
      ansible.builtin.get_url:
        url: https://pkgs.tailscale.com/stable/debian/bullseye.noarmor.gpg
        dest: /usr/share/keyrings/tailscale-archive-keyring.gpg
        mode: "0644"

    # curl -fsSL https://pkgs.tailscale.com/stable/debian/bullseye.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list
    - name: Add Tailscale repository
      ansible.builtin.apt_repository:
        repo: deb [signed-by=/usr/share/keyrings/tailscale-archive-keyring.gpg] https://pkgs.tailscale.com/stable/debian bullseye main
        state: present

    # sudo apt-get update
    - name: Update apt-get
      ansible.builtin.apt:
        update_cache: true

    # sudo apt-get install tailscale
    - name: Install Tailscale
      ansible.builtin.package:
        name: tailscale
        state: present

- name: Restrict tailscaled logging
  hosts: all
  become: true
  tasks:

    - name: Create systemd override dir for tailscaled
      ansible.builtin.file:
        path: /etc/systemd/system/tailscaled.service.d
        state: directory
        mode: "0644"

    - name: Create systemd override
      ansible.builtin.copy:
        content: |
          [Service]
          LogLevelMax=notice
        dest: /etc/systemd/system/tailscaled.service.d/override.conf
        mode: "0644"
      notify:
        - Restart Tailscale

  handlers:

    - name: Restart Tailscale
      ansible.builtin.systemd:
        name: tailscaled
        state: restarted
        daemon_reload: true

# vim: ft=yaml.ansible