add tailscale to backup role

roles/backup/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: restart tailscaled
+  service:
+    name: tailscaled
+    state: restarted

roles/backup/tasks/main.yml

@@ -12,6 +12,7 @@
   # Perform remaining tasks:
   - import_tasks: system_setup/cron.yml
   - import_tasks: system_setup/copy_backup_config.yml
+  - import_tasks: system_setup/configure_tailscale.yml
 
   rescue:
     - set_fact: task_failed=true

roles/backup/tasks/software/packages_utilities.yml

@@ -21,3 +21,36 @@
     name:
       - mariadb-client
   when: ansible_distribution in [ "Debian", "Ubuntu", "Linux Mint" ]
+
+- name: backup | tailscale | install tailscale (arch)
+  tags: packages,system,system setup,tailscale
+  package:
+    name: tailscale
+    state: latest
+  when: ansible_distribution == "Archlinux"
+
+- name: backup | tailscale | install prerequisites (debian-based)
+  tags: packages,system,system setup,tailscale
+  apt:
+    name:
+      - apt-transport-https
+      - ca-certificates
+    state: present
+  when: ansible_distribution in [ "Debian", "Ubuntu", "Linux Mint" ]
+
+- name: backup | tailscale | add tailscale apt key (debian-based)
+  tags: packages,system,system setup,tailscale
+  get_url:
+    url: "https://pkgs.tailscale.com/stable/{{ ansible_distribution | lower }}/{{ ansible_distribution_release }}.noarmor.gpg"
+    dest: /usr/share/keyrings/tailscale-archive-keyring.gpg
+    mode: '0644'
+  when: ansible_distribution in [ "Debian", "Ubuntu", "Linux Mint" ]
+
+- name: backup | tailscale | add tailscale repository (debian-based)
+  tags: packages,system,system setup,tailscale
+  apt_repository:
+    repo: "deb [signed-by=/usr/share/keyrings/tailscale-archive-keyring.gpg] https://pkgs.tailscale.com/stable/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main"
+    state: present
+    filename: tailscale
+  when: ansible_distribution in [ "Debian", "Ubuntu", "Linux Mint" ]
+  notify: update apt cache

roles/backup/tasks/system_setup/configure_tailscale.yml

@@ -0,0 +1,21 @@
+---
+- include_vars: "headscale.yml"
+  ignore_errors: True
+
+- name: backup | tailscale | ensure tailscale is enabled and running
+  tags: tailscale,system,system setup
+  service:
+    name: tailscaled
+    state: started
+    enabled: true
+
+- name: backup | tailscale | connect to headscale
+  tags: tailscale,system,system setup
+  command: "tailscale up --login-server {{ headscale_url }} --authkey {{ headscale_authkey }}"
+  args:
+    creates: /var/lib/tailscale/tailscaled.state
+  when:
+    - headscale_url is defined
+    - headscale_authkey is defined
+  changed_when: true
+  notify: restart tailscaled

roles/backup/vars/headscale.yml

@@ -0,0 +1,11 @@
+$ANSIBLE_VAULT;1.1;AES256
+32373331653731636537663762373062353661303032313134323235343933313661633332663831
+6436313964316664383437333737326134326135646364370a653465666362316464333935663737
+35383666616361333538303364643632396535306562616664653662616463663537333933396139
+3336363839356436650a396333626434396537643364653664393930376539373935383337373437
+61396565366630386137306534333035666239316433636131323033356638363431623661373532
+65313565306532613962623234663338663134346165353165663539376466333166643539636138
+36376439353132363832306536316263323336616565313365633030363965343533623865333134
+36363165333461623132313763313131653262623736653736613938613066306264653838396263
+64646632343533323438326139396638663361316230306433303438616265366137633235636535
+3337646265383437613134636131303038653233353039626365