---
# tailscale/tasks/main.yml
- name: Add Tailscale repository
  become: true
  ansible.builtin.get_url:
    url: https://pkgs.tailscale.com/stable/rhel/9/tailscale.repo
    dest: /etc/yum.repos.d/tailscale.repo
    mode: '0644'

- name: Install required base packages
  become: true
  dnf:
    name: "{{ item }}"
    state: present
  loop: "{{ tailscale_install_packages }}"
  
- name: Start tailscaled
  become: true
  ansible.builtin.systemd:
    name: tailscaled
    state: started
    enabled: true

- name: Bring Tailscale up (without hijacking DNS)
  become: true
  ansible.builtin.command:
    cmd: >
      tailscale up 
      --authkey={{ vault_tailscale_auth_key }} 
      --accept-dns=false 
      --reset
  register: ts_up
  changed_when: "'already authenticated' not in ts_up.stderr"
  failed_when:
    - ts_up.rc != 0
    - "'already authenticated' not in ts_up.stderr"