Merge pull request #7 from wandansible/reconfigure-tags

Various authentication fixes

defaults/main.yml

@@ -36,7 +36,6 @@ tailscale_valid_args:
   - exit-node-allow-lan-access
   - hostname
   - netfilter-mode
-  - nickname
   - operator
   - shields-up
   - snat-subnet-routes
@@ -48,6 +47,7 @@ tailscale_valid_login_args:
 tailscale_valid_set_args:
   - accept-risk
   - auto-update
+  - nickname
   - update-check
   - webclient
 

tasks/auth.yml

@@ -50,17 +50,18 @@
     - name: Prompt user to authenticate with tailscale in web browser
       ansible.builtin.pause:
         prompt: |-
-          To authenticate {{ inventory_hostname }} with tailscale, visit:
+          To authenticate {{ item }} with tailscale, visit:
 
-              {{ _tailscale_state.AuthURL }}
+              {{ hostvars[item]["_tailscale_state"].AuthURL }}
 
           Press enter to continue
+      loop: "{{ play_hosts }}"
 
     - name: Wait for device to be authenticated and approved
       ansible.builtin.command:
         cmd: "tailscale status --peers=false --json"
       register: _tailscale_status_cmd
-      retries: 10
+      retries: 15
       delay: 5
       until: (_tailscale_status_cmd.stdout | from_json).BackendState == "Running"
       changed_when: false

tasks/config.yml

@@ -47,8 +47,15 @@
       --{{ item.option }}="{{ item.value }}"{{ " " if not loop.last else "" }}
         {%- endif %}
       {%- endfor %}
+    _configured_tags: >-
+      {{ tailscale_args
+         | selectattr("option", "equalto", "advertise-tags")
+         | map(attribute="value")
+         | map("split", ",")
+         | flatten }}
   when:
     - _tailscale_state.BackendState == "NeedsLogin"
+      or _tailscale_state.Self.Tags | default([]) | sort != _configured_tags | sort
   tags: molecule-idempotence-notest
 
 - name: Run tailscale set