From d1d15ea480d5f592f24db29a9e078f25e3982c27 Mon Sep 17 00:00:00 2001
From: Rene Mewissen <rene@tantooine.myfirewall.org>
Date: Tue, 14 Oct 2025 09:19:55 +0200
Subject: [PATCH] add tailscale to backup role

---
 roles/backup/handlers/main.yml                |  5 +++
 roles/backup/tasks/main.yml                   |  1 +
 .../tasks/software/packages_utilities.yml     | 35 ++++++++++++++++++-
 .../system_setup/configure_tailscale.yml      | 21 +++++++++++
 roles/backup/vars/headscale.yml               | 11 ++++++
 5 files changed, 72 insertions(+), 1 deletion(-)
 create mode 100644 roles/backup/handlers/main.yml
 create mode 100644 roles/backup/tasks/system_setup/configure_tailscale.yml
 create mode 100644 roles/backup/vars/headscale.yml

diff --git a/roles/backup/handlers/main.yml b/roles/backup/handlers/main.yml
new file mode 100644
index 0000000..7067a58
--- /dev/null
+++ b/roles/backup/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart tailscaled
+  service:
+    name: tailscaled
+    state: restarted
diff --git a/roles/backup/tasks/main.yml b/roles/backup/tasks/main.yml
index aa8555f..e7f3b76 100644
--- a/roles/backup/tasks/main.yml
+++ b/roles/backup/tasks/main.yml
@@ -12,6 +12,7 @@
   # Perform remaining tasks:
   - import_tasks: system_setup/cron.yml
   - import_tasks: system_setup/copy_backup_config.yml
+  - import_tasks: system_setup/configure_tailscale.yml
 
   rescue:
     - set_fact: task_failed=true
\ No newline at end of file
diff --git a/roles/backup/tasks/software/packages_utilities.yml b/roles/backup/tasks/software/packages_utilities.yml
index 7b7186a..97113d2 100644
--- a/roles/backup/tasks/software/packages_utilities.yml
+++ b/roles/backup/tasks/software/packages_utilities.yml
@@ -20,4 +20,37 @@
     state: latest
     name:
       - mariadb-client
-  when: ansible_distribution in [ "Debian", "Ubuntu", "Linux Mint" ]
\ No newline at end of file
+  when: ansible_distribution in [ "Debian", "Ubuntu", "Linux Mint" ]
+
+- name: backup | tailscale | install tailscale (arch)
+  tags: packages,system,system setup,tailscale
+  package:
+    name: tailscale
+    state: latest
+  when: ansible_distribution == "Archlinux"
+
+- name: backup | tailscale | install prerequisites (debian-based)
+  tags: packages,system,system setup,tailscale
+  apt:
+    name:
+      - apt-transport-https
+      - ca-certificates
+    state: present
+  when: ansible_distribution in [ "Debian", "Ubuntu", "Linux Mint" ]
+
+- name: backup | tailscale | add tailscale apt key (debian-based)
+  tags: packages,system,system setup,tailscale
+  get_url:
+    url: "https://pkgs.tailscale.com/stable/{{ ansible_distribution | lower }}/{{ ansible_distribution_release }}.noarmor.gpg"
+    dest: /usr/share/keyrings/tailscale-archive-keyring.gpg
+    mode: '0644'
+  when: ansible_distribution in [ "Debian", "Ubuntu", "Linux Mint" ]
+
+- name: backup | tailscale | add tailscale repository (debian-based)
+  tags: packages,system,system setup,tailscale
+  apt_repository:
+    repo: "deb [signed-by=/usr/share/keyrings/tailscale-archive-keyring.gpg] https://pkgs.tailscale.com/stable/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main"
+    state: present
+    filename: tailscale
+  when: ansible_distribution in [ "Debian", "Ubuntu", "Linux Mint" ]
+  notify: update apt cache
\ No newline at end of file
diff --git a/roles/backup/tasks/system_setup/configure_tailscale.yml b/roles/backup/tasks/system_setup/configure_tailscale.yml
new file mode 100644
index 0000000..ace5580
--- /dev/null
+++ b/roles/backup/tasks/system_setup/configure_tailscale.yml
@@ -0,0 +1,21 @@
+---
+- include_vars: "headscale.yml"
+  ignore_errors: True
+
+- name: backup | tailscale | ensure tailscale is enabled and running
+  tags: tailscale,system,system setup
+  service:
+    name: tailscaled
+    state: started
+    enabled: true
+
+- name: backup | tailscale | connect to headscale
+  tags: tailscale,system,system setup
+  command: "tailscale up --login-server {{ headscale_url }} --authkey {{ headscale_authkey }}"
+  args:
+    creates: /var/lib/tailscale/tailscaled.state
+  when:
+    - headscale_url is defined
+    - headscale_authkey is defined
+  changed_when: true
+  notify: restart tailscaled
\ No newline at end of file
diff --git a/roles/backup/vars/headscale.yml b/roles/backup/vars/headscale.yml
new file mode 100644
index 0000000..fa6f898
--- /dev/null
+++ b/roles/backup/vars/headscale.yml
@@ -0,0 +1,11 @@
+$ANSIBLE_VAULT;1.1;AES256
+32373331653731636537663762373062353661303032313134323235343933313661633332663831
+6436313964316664383437333737326134326135646364370a653465666362316464333935663737
+35383666616361333538303364643632396535306562616664653662616463663537333933396139
+3336363839356436650a396333626434396537643364653664393930376539373935383337373437
+61396565366630386137306534333035666239316433636131323033356638363431623661373532
+65313565306532613962623234663338663134346165353165663539376466333166643539636138
+36376439353132363832306536316263323336616565313365633030363965343533623865333134
+36363165333461623132313763313131653262623736653736613938613066306264653838396263
+64646632343533323438326139396638663361316230306433303438616265366137633235636535
+3337646265383437613134636131303038653233353039626365