role(headscale): set firewall+add handler

2023-08-02 20:43:50 +02:00 · 2023-08-02 20:43:50 +02:00 · 4a212bde39
commit 4a212bde39
parent 202f2e2e29
2 changed files with 28 additions and 6 deletions
--- a/ansible/roles/headscale/handlers/main.yml
+++ b/ansible/roles/headscale/handlers/main.yml
@ -0,0 +1,7 @@
+---
+- name: Restart caddy-hs
+  ansible.builtin.systemd:
+    name: caddy-hs
+    state: restarted
+  when: caddyfile.changed or caddysystemd.changed
+...
--- a/ansible/roles/headscale/tasks/main.yml
+++ b/ansible/roles/headscale/tasks/main.yml
@ -59,6 +59,26 @@
      - "%s"
  register: caddyfile

+- name: Enable services in the firewall
+  ansible.posix.firewalld:
+    zone: "{{ firewalld_default_zone }}"
+    service: "{{ item }}"
+    permanent: true
+    immediate: true
+    state: enabled
+  with_items:
+    - http
+    - https
+  when: "firewalld_configure"
+
+- name: Expose gRPC
+  ansible.posix.firewalld:
+    port: 50443/tcp
+    permanent: true
+    immediate: true
+    state: enabled
+  when: "firewalld_configure"
+
 # - name: Install xcaddy
 #   ansible.builtin.command:
 #     cmd: >
@ -100,12 +120,7 @@
    state: started
    enabled: true
    daemon_reload: true
-
- name: Restart caddy-hs
-  ansible.builtin.systemd:
-    name: caddy-hs
-    state: restarted
-  when: caddyfile.changed or caddysystemd.changed
+  notify: Restart caddy-hs

 - name: Fetch crt,key
  ansible.builtin.fetch: