fix: avoid server replacement; install tailscale via Ansible

ansible/roles/common/defaults/main.yml

@@ -1,2 +1,5 @@
 ---
 common_upgrade_packages: false
+tailscale_auth_key: ""
+tailscale_ssh: false
+tailscale_accept_routes: false

ansible/roles/common/tasks/main.yml

@@ -56,3 +56,31 @@
     - { name: net.bridge.bridge-nf-call-iptables, value: 1 }
     - { name: net.bridge.bridge-nf-call-ip6tables, value: 1 }
     - { name: net.ipv4.ip_forward, value: 1 }
+
+- name: Check if tailscale is installed
+  command: which tailscale
+  register: tailscale_binary
+  changed_when: false
+  failed_when: false
+  when: tailscale_auth_key | length > 0
+
+- name: Install tailscale
+  shell: curl -fsSL https://tailscale.com/install.sh | sh
+  when:
+    - tailscale_auth_key | length > 0
+    - tailscale_binary.rc != 0
+  changed_when: true
+
+- name: Check tailscale connection state
+  command: tailscale status --json
+  register: tailscale_status
+  changed_when: false
+  failed_when: false
+  when: tailscale_auth_key | length > 0
+
+- name: Connect node to tailnet
+  command: tailscale up --authkey {{ tailscale_auth_key }} --hostname {{ inventory_hostname }} --ssh={{ tailscale_ssh | ternary('true', 'false') }} --accept-routes={{ tailscale_accept_routes | ternary('true', 'false') }}
+  when:
+    - tailscale_auth_key | length > 0
+    - tailscale_status.rc != 0 or '"BackendState":"Running"' not in tailscale_status.stdout
+  changed_when: true