Add force flag to always run tailscale up if enabled (#89)

* Add force flag to always run tailscale up if enabled

* Update README with example usage

* Update pre-commit and fix new molecule issues

* Update molecule to match checks happening in pre-commit hook

* hello.ipn.dev -> hello-ipn-dev

* Remove needlessly committed directory

.ansible-lint

@@ -0,0 +1,8 @@
+exclude_paths:
+    - .cache/
+    - .github/
+    - .idea/
+    - .vscode/
+
+skip_list:
+    - line-length

.gitignore

@@ -1,4 +1,4 @@
 .idea
 .vscode
-
+.cache
 .*vault-pass

.pre-commit-config.yaml

@@ -1,27 +1,25 @@
 repos:
-- repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v3.4.0
-  hooks:
-    - id: check-yaml
-      # https://github.com/pre-commit/pre-commit-hooks/issues/273
-      # Not the best option but it doesn't seem to accept an 'ignore' option
-      args: [--unsafe]
-    - id: end-of-file-fixer
-    - id: trailing-whitespace
-    - id: check-executables-have-shebangs
-    - id: check-merge-conflict
-    - id: mixed-line-ending
-    - id: sort-simple-yaml
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v3.4.0
+    hooks:
+      - id: check-yaml
+        # https://github.com/pre-commit/pre-commit-hooks/issues/273
+        # Not the best option but it doesn't seem to accept an 'ignore' option
+        args: [--unsafe]
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: check-executables-have-shebangs
+      - id: check-merge-conflict
+      - id: mixed-line-ending
+      - id: sort-simple-yaml
 
-- repo: https://github.com/jumanjihouse/pre-commit-hooks
-  rev: 2.1.4
-  hooks:
-    - id: shellcheck
-      # Temporary until https://github.com/jumanjihouse/pre-commit-hooks/pull/81 is merged
-      additional_dependencies: []
+  - repo: https://github.com/jumanjihouse/pre-commit-hooks
+    rev: 2.1.5
+    hooks:
+      - id: shellcheck
 
-- repo: https://github.com/ansible/ansible-lint
-  rev: v4.3.7
-  hooks:
-    - id: ansible-lint
-      files: \.(yaml|yml)$
+  - repo: https://github.com/ansible/ansible-lint
+    rev: v5.0.6
+    hooks:
+      - id: ansible-lint
+        files: \.(yaml|yml)$

Makefile

@@ -11,6 +11,16 @@ install:
 	if [ ! $$(find ~/.local/share/virtualenvs/ -name "artis3n.tailscale*") ]; then pipenv install --dev; fi;
 	if [ ! -f .git/hooks/pre-commit ]; then pipenv run pre-commit install; fi;
 
+# Only run this on GitHub Codespaces in order to set up Python 3.9
+.PHONY: codespaces-install
+codespaces-install:
+	sudo add-apt-repository ppa:deadsnakes/ppa
+	sudo apt-get update
+	sudo apt-get install python3.9
+	sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 1
+	sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.9 2
+	make install
+
 .PHONY: clean
 clean:
 	pipenv --rm

README.md

@@ -78,6 +78,13 @@ Helpful for debugging and collecting information to submit in a GitHub issue on
 Whether to install and configure Tailscale as a service but skip running `tailscale up`.
 Helpful when packaging up a Tailscale installation into a build process such as AMI creation when the server should not yet authenticate to your Tailscale network.
 
+### force
+
+**Default**: `false`
+
+If set to `true`, `tailscale up` will always run.
+This can be beneficial if tailscale has already been configured on a host but you want to re-run `up` with different arguments.
+
 ## Dependencies
 
 None
@@ -169,7 +176,7 @@ Get verbose output:
         verbose: true
 ```
 
-Install Tailscale, but don't authenticate to the network
+Install Tailscale, but don't authenticate to the network:
 
 ```yaml
 - name: Servers
@@ -180,6 +187,25 @@ Install Tailscale, but don't authenticate to the network
         tailscale_up_skip: true
 ```
 
+Run `tailscale up` on a host that has been previously configured:
+
+```yaml
+- name: Servers
+  hosts: all
+  roles:
+    - role: artis3n.tailscale
+      vars:
+        # Fake example encrypted by ansible-vault
+        tailscale_auth_key: !vault |
+          $ANSIBLE_VAULT;1.2;AES256;tailscale
+          32616238303134343065613038383933333733383765653166346564363332343761653761646363
+          6637666565626333333664363739613366363461313063640a613330393062323161636235383936
+          37373734653036613133613533376139383138613164323661386362376335316364653037353631
+          6539646561373535610a643334396234396332376431326565383432626232383131303131363362
+          3537
+        force: true
+```
+
 ## License
 
 MIT

molecule/default/cleanup.yml

@@ -3,6 +3,6 @@
   hosts: all
   tasks:
   - name: De-register Tailscale node
-    become: yes
+    become: true
     command: tailscale down
     changed_when: false

molecule/default/verify.yml

@@ -3,12 +3,12 @@
   hosts: all
   tasks:
   - name: Get Tailscale status
-    become: yes
+    become: true
     command: tailscale status
     changed_when: false
     register: tailscale_status
 
   - name: Assertions
     assert:
       that:
-        - '"hello.ipn.dev" in tailscale_status.stdout'
+        - '"hello-ipn-dev" in tailscale_status.stdout'

molecule/skip-authentication/verify.yml

@@ -3,12 +3,12 @@
   hosts: all
   tasks:
   - name: Get Tailscale status
-    become: yes
+    become: true
     command: tailscale status
     changed_when: false
     register: tailscale_status
 
   - name: Assertions
     assert:
       that:
-        - '"hello.ipn.dev" not in tailscale_status.stdout'
+        - '"hello-ipn-dev" not in tailscale_status.stdout'

tasks/arch.yml

@@ -1,8 +1,8 @@
 ---
 
 - name: Arch | Install Tailscale
-  become: yes
+  become: true
   pacman:
     name: '{{ tailscale_package }}'
-    update_cache: yes
+    update_cache: true
     state: present

tasks/centos.yml

@@ -1,19 +1,19 @@
 ---
 - name: CentOS | Yum Dependencies
-  become: yes
+  become: true
   yum:
     name: "{{ yum_dependencies }}"
     state: present
 
 - name: CentOS | Add Yum Repo
-  become: yes
+  become: true
   command: yum-config-manager --add-repo {{ yum_repos[ansible_distribution] }}
   args:
     creates: /etc/yum.repos.d/tailscale.repo
 
 - name: CentOS | Install Tailscale
-  become: yes
+  become: true
   yum:
     name: "{{ tailscale_package }}"
-    disable_gpg_check: yes
+    disable_gpg_check: true
     state: present

tasks/debian.yml

@@ -1,36 +1,36 @@
 ---
 - name: Debian | Apt Update
-  become: yes
+  become: true
   apt:
-    update_cache: yes
+    update_cache: true
 
 - name: Debian | Apt Dependencies
-  become: yes
+  become: true
   apt:
     name: "{{ apt_dependencies }}"
     state: present
 
 - name: Debian | Legacy Apt Dependencies
-  become: yes
+  become: true
   apt:
     name: "{{ legacy_apt_dependencies }}"
   when: ansible_distribution_major_version | int < 20
 
 - name: Debian | Tailscale Signing Key
-  become: yes
+  become: true
   apt_key:
     url: "{{ apt_signkey }}"
     state: present
 
 - name: Debian | Add Tailscale Deb
-  become: yes
+  become: true
   apt_repository:
     repo: "{{ apt_deb }}"
     state: present
 
 - name: Debian | Install Tailscale
-  become: yes
+  become: true
   apt:
     name: "{{ tailscale_package }}"
     state: present
-    update_cache: yes
+    update_cache: true

tasks/fedora.yml

@@ -1,7 +1,7 @@
 ---
 
 # https://www.jeffgeerling.com/blog/2020/resolving-fedora-dnf-error-no-such-file-or-directory-varlibdnfrpmdblockpid
-- name: Fedora | Wait for systemd to complete initialization. # noqa 303
+- name: Fedora | Wait for systemd to complete initialization.  # noqa command-instead-of-module
   command: systemctl is-system-running
   register: systemctl_status
   until: >
@@ -13,27 +13,27 @@
   changed_when: false
 
 - name: Fedora | Yum Dependencies
-  become: yes
+  become: true
   yum:
     name: "{{ dnf_yum_dependencies }}"
-    update_cache: yes
+    update_cache: true
     state: present
 
 - name: Fedora | Dnf Dependencies
-  become: yes
+  become: true
   dnf:
     name: "{{ dnf_dependencies }}"
     state: present
 
 - name: Fedora | Add Dnf Repo
-  become: yes
+  become: true
   command: dnf config-manager --add-repo {{ dnf_repos[ansible_distribution] }}
   args:
     creates: /etc/yum.repos.d/tailscale.repo
-    warn: no
+    warn: false
 
 - name: Fedora | Install Tailscale
-  become: yes
+  become: true
   dnf:
     name: "{{ tailscale_package }}"
     state: present

tasks/main.yml

@@ -21,7 +21,7 @@
       This is bleeding edge and may have issues.
       Be warned.
   when: release_stability | lower == 'unstable'
-  ignore_errors: yes
+  ignore_errors: true
 
 - name: Operating System
   debug:
@@ -44,11 +44,11 @@
   include_tasks: arch.yml
 
 - name: Enable Service
-  become: yes
+  become: true
   service:
     name: "{{ tailscale_service }}"
     state: started
-    enabled: yes
+    enabled: true
 
 - name: Check if Tailscale is connected
   command: tailscale status
@@ -72,14 +72,15 @@
   when: verbose | bool
 
 - name: Bring Tailscale Up
-  become: yes
+  become: true
   # The command module cannot use | ; &
   # So we are ok not quoting the variables
   command: tailscale up --authkey={{ tailscale_auth_key }} {{ tailscale_args | default() }}
   # Since the auth key is included in this task, we do not want to log output
   no_log: true
   register: tailscale_start
   when: >
-    not tailscale_up_skip | bool
-    and '"hello.ipn.dev"' not in tailscale_status.stdout
+    force | bool or
+    (not tailscale_up_skip | bool
+    and 'hello-ipn-dev' not in tailscale_status.stdout)
   notify: Confirm Tailscale is Connected

vars/main.yml

@@ -3,4 +3,7 @@
 
 # Whether to output debug information during role execution
 verbose: false
+# Whether to skip 'tailscale up'
 tailscale_up_skip: false
+# Whether to always run 'tailscale up'
+force: false