--- - name: Verify headscale role hosts: localhost gather_facts: false vars: headscale_data_dir: /tmp/sovereign_test/headscale headscale_domain: headscale.test.example.com base_domain: test.example.com authentik_domain: auth.test.example.com tasks: - name: Check headscale data directory exists ansible.builtin.stat: path: "/tmp/sovereign_test/headscale" register: data_dir_stat - name: Assert headscale data directory is present ansible.builtin.assert: that: data_dir_stat.stat.isdir fail_msg: "Data directory /tmp/sovereign_test/headscale was not created" - name: Check config subdirectory exists ansible.builtin.stat: path: "/tmp/sovereign_test/headscale/config" register: config_dir_stat - name: Assert config subdirectory is present ansible.builtin.assert: that: config_dir_stat.stat.isdir fail_msg: "Config directory /tmp/sovereign_test/headscale/config was not created" - name: Check data subdirectory exists ansible.builtin.stat: path: "/tmp/sovereign_test/headscale/data" register: data_subdir_stat - name: Assert data subdirectory is present ansible.builtin.assert: that: data_subdir_stat.stat.isdir fail_msg: "Data subdirectory /tmp/sovereign_test/headscale/data was not created" - name: Check config.yaml exists ansible.builtin.stat: path: "/tmp/sovereign_test/headscale/config/config.yaml" register: config_yaml_stat - name: Assert config.yaml was rendered ansible.builtin.assert: that: config_yaml_stat.stat.exists fail_msg: "config/config.yaml was not rendered for headscale" - name: Read config.yaml ansible.builtin.slurp: src: "/tmp/sovereign_test/headscale/config/config.yaml" register: config_yaml_raw - name: Set config content fact ansible.builtin.set_fact: headscale_config: "{{ config_yaml_raw.content | b64decode }}" - name: Assert config contains headscale server URL ansible.builtin.assert: that: "'https://headscale.test.example.com' in headscale_config" fail_msg: "config.yaml does not contain https://headscale.test.example.com" - name: Assert config contains base_domain ansible.builtin.assert: that: "'base_domain: \"test.example.com\"' in headscale_config" fail_msg: "config.yaml does not contain base_domain: \"test.example.com\"" - name: Assert config contains authentik domain for OIDC ansible.builtin.assert: that: "'auth.test.example.com' in headscale_config" fail_msg: "config.yaml does not contain auth.test.example.com for OIDC" - name: Check docker-compose.yml exists ansible.builtin.stat: path: "/tmp/sovereign_test/headscale/docker-compose.yml" register: compose_stat - name: Assert docker-compose.yml was rendered ansible.builtin.assert: that: compose_stat.stat.exists fail_msg: "docker-compose.yml was not rendered for headscale" - name: Read docker-compose.yml ansible.builtin.slurp: src: "/tmp/sovereign_test/headscale/docker-compose.yml" register: compose_raw - name: Set compose content fact ansible.builtin.set_fact: compose: "{{ compose_raw.content | b64decode }}" - name: Assert headscale image is present ansible.builtin.assert: that: "'headscale/headscale' in compose" fail_msg: "headscale/headscale image not found in docker-compose.yml" - name: Assert headscale domain traefik rule is present ansible.builtin.assert: that: "'Host(`headscale.test.example.com`)' in compose" fail_msg: "Traefik rule for headscale.test.example.com not found in docker-compose.yml" - name: Assert GELF logging address is present ansible.builtin.assert: that: "'udp://127.0.0.1:12201' in compose" fail_msg: "GELF logging address udp://127.0.0.1:12201 not found in docker-compose.yml" - name: Assert sovereign network is external ansible.builtin.assert: that: "'external: true' in compose" fail_msg: "external: true not found in docker-compose.yml networks section"