Adding molecule unit tests

roles/headscale/handlers/main.yml

@@ -4,3 +4,4 @@
     project_src: "{{ headscale_data_dir }}"
     state: present
     recreate: always
+  when: not (molecule_test_mode | default(false))

roles/headscale/molecule/default/converge.yml

@@ -0,0 +1,8 @@
+---
+- name: Converge
+  hosts: localhost
+  gather_facts: false
+  vars_files:
+    - ../../../molecule/shared/vars.yml
+  roles:
+    - role: headscale

roles/headscale/molecule/default/molecule.yml

@@ -0,0 +1,23 @@
+---
+dependency:
+  name: galaxy
+  options:
+    requirements-file: requirements.yml
+driver:
+  name: delegated
+  options:
+    managed: false
+    ansible_connection_options:
+      ansible_connection: local
+platforms:
+  - name: localhost
+    groups:
+      - sovereign
+provisioner:
+  name: ansible
+  inventory:
+    host_vars:
+      localhost:
+        ansible_connection: local
+verifier:
+  name: ansible

roles/headscale/molecule/default/verify.yml

@@ -0,0 +1,113 @@
+---
+- name: Verify headscale role
+  hosts: localhost
+  gather_facts: false
+  vars:
+    headscale_data_dir: /tmp/sovereign_test/headscale
+    headscale_domain: headscale.test.example.com
+    base_domain: test.example.com
+    authentik_domain: auth.test.example.com
+
+  tasks:
+    - name: Check headscale data directory exists
+      ansible.builtin.stat:
+        path: "/tmp/sovereign_test/headscale"
+      register: data_dir_stat
+
+    - name: Assert headscale data directory is present
+      ansible.builtin.assert:
+        that: data_dir_stat.stat.isdir
+        fail_msg: "Data directory /tmp/sovereign_test/headscale was not created"
+
+    - name: Check config subdirectory exists
+      ansible.builtin.stat:
+        path: "/tmp/sovereign_test/headscale/config"
+      register: config_dir_stat
+
+    - name: Assert config subdirectory is present
+      ansible.builtin.assert:
+        that: config_dir_stat.stat.isdir
+        fail_msg: "Config directory /tmp/sovereign_test/headscale/config was not created"
+
+    - name: Check data subdirectory exists
+      ansible.builtin.stat:
+        path: "/tmp/sovereign_test/headscale/data"
+      register: data_subdir_stat
+
+    - name: Assert data subdirectory is present
+      ansible.builtin.assert:
+        that: data_subdir_stat.stat.isdir
+        fail_msg: "Data subdirectory /tmp/sovereign_test/headscale/data was not created"
+
+    - name: Check config.yaml exists
+      ansible.builtin.stat:
+        path: "/tmp/sovereign_test/headscale/config/config.yaml"
+      register: config_yaml_stat
+
+    - name: Assert config.yaml was rendered
+      ansible.builtin.assert:
+        that: config_yaml_stat.stat.exists
+        fail_msg: "config/config.yaml was not rendered for headscale"
+
+    - name: Read config.yaml
+      ansible.builtin.slurp:
+        src: "/tmp/sovereign_test/headscale/config/config.yaml"
+      register: config_yaml_raw
+
+    - name: Set config content fact
+      ansible.builtin.set_fact:
+        headscale_config: "{{ config_yaml_raw.content | b64decode }}"
+
+    - name: Assert config contains headscale server URL
+      ansible.builtin.assert:
+        that: "'https://headscale.test.example.com' in headscale_config"
+        fail_msg: "config.yaml does not contain https://headscale.test.example.com"
+
+    - name: Assert config contains base_domain
+      ansible.builtin.assert:
+        that: "'base_domain: \"test.example.com\"' in headscale_config"
+        fail_msg: "config.yaml does not contain base_domain: \"test.example.com\""
+
+    - name: Assert config contains authentik domain for OIDC
+      ansible.builtin.assert:
+        that: "'auth.test.example.com' in headscale_config"
+        fail_msg: "config.yaml does not contain auth.test.example.com for OIDC"
+
+    - name: Check docker-compose.yml exists
+      ansible.builtin.stat:
+        path: "/tmp/sovereign_test/headscale/docker-compose.yml"
+      register: compose_stat
+
+    - name: Assert docker-compose.yml was rendered
+      ansible.builtin.assert:
+        that: compose_stat.stat.exists
+        fail_msg: "docker-compose.yml was not rendered for headscale"
+
+    - name: Read docker-compose.yml
+      ansible.builtin.slurp:
+        src: "/tmp/sovereign_test/headscale/docker-compose.yml"
+      register: compose_raw
+
+    - name: Set compose content fact
+      ansible.builtin.set_fact:
+        compose: "{{ compose_raw.content | b64decode }}"
+
+    - name: Assert headscale image is present
+      ansible.builtin.assert:
+        that: "'headscale/headscale' in compose"
+        fail_msg: "headscale/headscale image not found in docker-compose.yml"
+
+    - name: Assert headscale domain traefik rule is present
+      ansible.builtin.assert:
+        that: "'Host(`headscale.test.example.com`)' in compose"
+        fail_msg: "Traefik rule for headscale.test.example.com not found in docker-compose.yml"
+
+    - name: Assert GELF logging address is present
+      ansible.builtin.assert:
+        that: "'udp://127.0.0.1:12201' in compose"
+        fail_msg: "GELF logging address udp://127.0.0.1:12201 not found in docker-compose.yml"
+
+    - name: Assert sovereign network is external
+      ansible.builtin.assert:
+        that: "'external: true' in compose"
+        fail_msg: "external: true not found in docker-compose.yml networks section"

roles/headscale/tasks/main.yml

@@ -27,3 +27,4 @@
   community.docker.docker_compose_v2:
     project_src: "{{ headscale_data_dir }}"
     state: present
+  when: not (molecule_test_mode | default(false))