jason-riddle · jason-riddle · Jul 11, 2023 · Jul 11, 2023 · Jul 11, 2023 · Jul 11, 2023
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -46,15 +46,15 @@
 strategy:
 matrix:
  include:
  - distro: debian10 # Buster
  playbook: converge.yml
- - distro: ubuntu1804 # Bionic Beaver
- playbook: converge.yml
+ # - distro: ubuntu1804 # Bionic Beaver
+ #  playbook: converge.yml
  # TODO: Failed to get D-Bus connection: No such file or directory
  # - distro: centos7
  # playbook: converge.yml
- - distro: centos8
- playbook: converge.yml
+ # - distro: centos8
+ #  playbook: converge.yml
 
  steps:
  - name: Check out the codebase.
@@ -73,20 +73,32 @@
  - name: Set HOSTNAME.
  run: echo "HOSTNAME=$(cat /etc/hostname)" >> $GITHUB_ENV
 
- - name: Run Molecule default test.
- run: |
- molecule test --scenario-name default
- env:
- PY_COLORS: '1'
- ANSIBLE_FORCE_COLOR: '1'
- ANSIBLE_LOAD_CALLBACK_PLUGINS: true
- ANSIBLE_STDOUT_CALLBACK: 'yaml'
- MOLECULE_DISTRO: ${{ matrix.distro }}
- MOLECULE_PLAYBOOK: ${{ matrix.playbook }}
+ # - name: Run Molecule default test.
+ # run: |
+ # molecule test --scenario-name default
+ # env:
+ # PY_COLORS: '1'
+ # ANSIBLE_FORCE_COLOR: '1'
+ # ANSIBLE_LOAD_CALLBACK_PLUGINS: true
+ # ANSIBLE_STDOUT_CALLBACK: 'yaml'
+ # MOLECULE_DISTRO: ${{ matrix.distro }}
+ # MOLECULE_PLAYBOOK: ${{ matrix.playbook }}
+
+ # - name: Run Molecule up test.
+ # run: |
+ # molecule test --scenario-name up
+ # env:
+ # PY_COLORS: '1'
+ # ANSIBLE_FORCE_COLOR: '1'
+ # ANSIBLE_LOAD_CALLBACK_PLUGINS: true
+ # ANSIBLE_STDOUT_CALLBACK: 'yaml'
+ # MOLECULE_DISTRO: ${{ matrix.distro }}
+ # MOLECULE_PLAYBOOK: ${{ matrix.playbook }}
+ # TAILSCALE_AUTHKEY: "${{ secrets.TAILSCALE_AUTHKEY }}"
 
- - name: Run Molecule up test.
+ - name: Run Molecule funnel test.
  run: |
- molecule test --scenario-name up
+ molecule test --scenario-name funnel
  env:
  PY_COLORS: '1'
  ANSIBLE_FORCE_COLOR: '1'

diff --git a/README.md b/README.md
@@ -8,6 +8,7 @@ Features:
 - Install Tailscale.
 - Register Node to Tailnet.
 - (Beta Feature) Provision HTTPS certificates.
+- (Beta Feature) Run Funnel.
 
 ## Requirements
 
@@ -55,6 +56,14 @@ Run `tailscale cert` with arguments. `tailscale_cert_domain` must be set.
 
 See https://tailscale.com/kb/1153/enabling-https/.
 
+ tailscale_funnel_enabled: false
+
+**This feature is in beta. It may be removed or changed in a future release.**
+
+Run `tailscale funnel` with arguments.
+
+See https://tailscale.com/kb/1223/tailscale-funnel/.
+
  tailscale_default_options_enabled: false
  tailscale_default_options_settings:
  # Allow caddy user to fetch cert.
@@ -119,6 +128,22 @@ See https://tailscale.com/kb/1153/enabling-https/.
  - jason_riddle.tailscale
 ```
 
+### (Beta Feature) Run Funnel.
+
+See https://tailscale.com/kb/1223/tailscale-funnel/.
+
+```yaml
+- hosts: all
+
+ vars:
+ tailscale_up_node: true
+ tailscale_up_authkey: "{{ lookup('env', 'TAILSCALE_AUTHKEY') }}"
+ tailscale_funnel_enabled: true
+
+ roles:
+ - jason_riddle.tailscale
+```
+
 ## License
 
 MIT
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -26,6 +26,9 @@ tailscale_cert_filename: "{{ tailscale_cert_domain }}.crt"
 tailscale_cert_private_key_dir: "/usr/local/etc/ssl/private"
 tailscale_cert_private_key_filename: "{{ tailscale_cert_domain }}.key"
 
+# Funnel options.
+tailscale_funnel_enabled: false
+
 # Configure /etc/default/tailscaled options.
 tailscale_default_options_enabled: false
 tailscale_default_options_settings:

diff --git a/molecule/funnel/converge.yml b/molecule/funnel/converge.yml
@@ -0,0 +1,36 @@
+---
+- name: Converge
+ hosts: all
+ become: true
+
+ vars:
+ tailscale_up_node: true
+ tailscale_up_authkey: "{{ lookup('env', 'TAILSCALE_AUTHKEY') }}"
+ tailscale_up_extra_args: "--hostname=github-ci-funnel-{{ lookup('env', 'HOSTNAME') }}-{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower }}-{{ ansible_architecture | replace('_', '-') }}"
+ tailscale_funnel_enabled: true
+
+ pre_tasks:
+ - name: Update apt cache.
+ apt: update_cache=true cache_valid_time=600
+ changed_when: false
+ when: ansible_os_family == 'Debian'
+
+ - name: Wait for systemd to complete initialization. # noqa 303
+ command: systemctl is-system-running
+ register: systemctl_status
+ until: >
+ 'running' in systemctl_status.stdout or
+ 'degraded' in systemctl_status.stdout
+ retries: 30
+ delay: 5
+ when: ansible_service_mgr == 'systemd'
+ changed_when: false
+ failed_when: systemctl_status.rc > 1
+
+ roles:
+ - role: jason_riddle.tailscale
+
+ post_tasks:
+ - name: Verify Tailscale is installed.
+ command: tailscale --version
+ changed_when: false
diff --git a/molecule/funnel/molecule.yml b/molecule/funnel/molecule.yml
@@ -0,0 +1,23 @@
+---
+dependency:
+ name: galaxy
+driver:
+ name: docker
+platforms:
+ - name: instance
+ image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian10}-ansible:latest"
+ command: ${MOLECULE_DOCKER_COMMAND:-""}
+ # REF: https://www.jeffgeerling.com/blog/2022/docker-and-systemd-getting-rid-dreaded-failed-connect-bus-error
+ volumes:
+ - /sys/fs/cgroup:/sys/fs/cgroup:rw
+ cgroupns_mode: host
+ privileged: true
+ pre_build_image: true
+provisioner:
+ name: ansible
+ # inventory:
+ # host_vars:
+ # instance:
+ # tailscale_up_no_log: false
+ playbooks:
+ converge: ${MOLECULE_PLAYBOOK:-converge.yml}
diff --git a/molecule/up/converge.yml b/molecule/up/converge.yml
@@ -6,7 +6,7 @@
  vars:
  tailscale_up_node: true
  tailscale_up_authkey: "{{ lookup('env', 'TAILSCALE_AUTHKEY') }}"
- tailscale_up_extra_args: "--hostname=github-ci-{{ lookup('env', 'HOSTNAME') }}-{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower }}-{{ ansible_architecture | replace('_', '-') }}"
+ tailscale_up_extra_args: "--hostname=github-ci-up-{{ lookup('env', 'HOSTNAME') }}-{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower }}-{{ ansible_architecture | replace('_', '-') }}"
 
  pre_tasks:
  - name: Update apt cache.

diff --git a/molecule/up/molecule.yml b/molecule/up/molecule.yml
@@ -15,9 +15,9 @@ platforms:
  pre_build_image: true
 provisioner:
  name: ansible
- inventory:
- host_vars:
- instance:
- tailscale_up_no_log: false
+ # inventory:
+ #  host_vars:
+ #  instance:
+ #  tailscale_up_no_log: false
  playbooks:
  converge: ${MOLECULE_PLAYBOOK:-converge.yml}
diff --git a/tasks/funnel.yml b/tasks/funnel.yml
@@ -0,0 +1,24 @@
+---
+# - name: Assert that tailscale_up_authkey is not empty.
+# assert:
+# that:
+# - tailscale_up_authkey | length > 0
+# quiet: true
+
+# - name: Assert that tailscale_up_timeout is not empty.
+# assert:
+# that:
+# - tailscale_up_timeout | length > 0
+# quiet: true
+
+- name: Run serve.
+ command: |
+ tailscale serve https / http://127.0.0.1:3000
+ tags:
+ - molecule-idempotence-notest
+
+- name: Run funnel.
+ command: |
+ tailscale funnel 443 on
+ tags:
+ - molecule-idempotence-notest
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -27,3 +27,6 @@
 
 - include_tasks: cert.yml
  when: tailscale_cert_enabled | bool
+
+- include_tasks: funnel.yml
+ when: tailscale_funnel_enabled | bool