fix(headscale): don't install tailscale agent on headscale node

raypappa · raypappa · commit 316ff5d3f47e · 2025-11-14T20:48:03.000-08:00
Overriding the group var for headscale to be blank causes the role to create a new token, which isn't needed. Instead fixing the code to only run the install for tailscale agent on not the nodes fixes the issue
diff --git a/ansible/group_vars/headscale.yaml b/ansible/group_vars/headscale.yaml
@@ -1,4 +1,3 @@
 ---
 headscale_version: 0.23.0-alpha9
 tailscale_args: "--login-server='http://weasel.stoneydavis.com' --advertise-exit-node"
-tailscale_authkey: ""
diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml
@@ -85,6 +85,7 @@
   when:
     - tailscale_authkey is defined
     - tailscale_authkey | length > 0
+    - inventory_hostname not in groups['headscale']
   tags:
     - tailscale
 - name: Set hostname if specified
diff --git a/ansible/roles/headscale/tasks/main.yaml b/ansible/roles/headscale/tasks/main.yaml
@@ -89,5 +89,5 @@
       community.aws.secretsmanager_secret:
         name: weasel.stoneydavis.com/headscale/pre-auth-key
         secret_type: string
-        secret: "{{ headscale_pre_auth_key.stdout | from_json | json_query('.key')
+        secret: "{{ headscale_pre_auth_key.stdout | from_json | json_query('key')
           }}"
