From 7c95e0d0a0e9f7af2f1de9a7680bcf45970394de Mon Sep 17 00:00:00 2001
From: CJ_Clippy <cj@futureporn.net>
Date: Wed, 8 Oct 2025 10:57:56 -0800
Subject: [PATCH] fix quote issue

---
 ansible/roles/our/tasks/main.yml              |  4 ++++
 ansible/roles/our/tasks/stack.yml             | 13 ++++++++-----
 ansible/roles/our/tasks/tailscale.yml         | 16 ++++++++++++++++
 .../our/templates/tailscale-pgadmin.json.j2   | 19 +++++++++++++++++++
 services/our/compose.production.yaml          |  2 +-
 5 files changed, 48 insertions(+), 6 deletions(-)
 create mode 100644 ansible/roles/our/tasks/tailscale.yml
 create mode 100644 ansible/roles/our/templates/tailscale-pgadmin.json.j2

diff --git a/ansible/roles/our/tasks/main.yml b/ansible/roles/our/tasks/main.yml
index 4f392c4..fe5f700 100644
--- a/ansible/roles/our/tasks/main.yml
+++ b/ansible/roles/our/tasks/main.yml
@@ -8,6 +8,10 @@
   ansible.builtin.include_tasks:
     file: filesystem.yml
 
+- name: Configure tailscale
+  ansible.builtin.include_tasks:
+    file: tailscale.yml
+
 - name: Configure docker stack app
   ansible.builtin.include_tasks:
     file: stack.yml
diff --git a/ansible/roles/our/tasks/stack.yml b/ansible/roles/our/tasks/stack.yml
index ada22e1..bab9b28 100644
--- a/ansible/roles/our/tasks/stack.yml
+++ b/ansible/roles/our/tasks/stack.yml
@@ -39,8 +39,8 @@
     compose:
       - /etc/futureporn/our/compose.production.yaml
       - services:
-          environment:
-            server:
+          server:
+            environment:
               DATABASE_URL: "{{ lookup('dotenv', 'DATABASE_URL', file='../../../../.env.production') }}"
               NODE_ENV: "{{ lookup('dotenv', 'NODE_ENV', file='../../../../.env.production') }}"
               ORIGIN: "{{ lookup('dotenv', 'ORIGIN', file='../../../../.env.production') }}"
@@ -63,7 +63,8 @@
               SEEDBOX_SFTP_URL: "{{ lookup('dotenv', 'SEEDBOX_SFTP_URL', file='../../../../.env.production') }}"
               SEEDBOX_SFTP_USERNAME: "{{ lookup('dotenv', 'SEEDBOX_SFTP_USERNAME', file='../../../../.env.production') }}"
               SEEDBOX_SFTP_PASSWORD: "{{ lookup('dotenv', 'SEEDBOX_SFTP_PASSWORD', file='../../../../.env.production') }}"
-            worker:
+          worker:
+            environment:
               DATABASE_URL: "{{ lookup('dotenv', 'DATABASE_URL', file='../../../../.env.production') }}"
               NODE_ENV: "{{ lookup('dotenv', 'NODE_ENV', file='../../../../.env.production') }}"
               ORIGIN: "{{ lookup('dotenv', 'ORIGIN', file='../../../../.env.production') }}"
@@ -86,8 +87,10 @@
               SEEDBOX_SFTP_URL: "{{ lookup('dotenv', 'SEEDBOX_SFTP_URL', file='../../../../.env.production') }}"
               SEEDBOX_SFTP_USERNAME: "{{ lookup('dotenv', 'SEEDBOX_SFTP_USERNAME', file='../../../../.env.production') }}"
               SEEDBOX_SFTP_PASSWORD: "{{ lookup('dotenv', 'SEEDBOX_SFTP_PASSWORD', file='../../../../.env.production') }}"
-            pgadmin:
+          pgadmin:
+            environment:
               PGADMIN_DEFAULT_EMAIL: "{{ lookup('dotenv', 'PGADMIN_DEFAULT_EMAIL', file='../../../../.env.production') }}"
               PGADMIN_DEFAULT_PASSWORD: "{{ lookup('dotenv', 'PGADMIN_DEFAULT_PASSWORD', file='../../../../.env.production') }}"
-            tailscale-pgadmin:
+          tailscale-pgadmin:
+            environment:
               TS_AUTHKEY: "{{ lookup('dotenv', 'TS_AUTHKEY', file='../../../../.env.production') }}"
diff --git a/ansible/roles/our/tasks/tailscale.yml b/ansible/roles/our/tasks/tailscale.yml
new file mode 100644
index 0000000..0674f28
--- /dev/null
+++ b/ansible/roles/our/tasks/tailscale.yml
@@ -0,0 +1,16 @@
+---
+- name: Ensure Tailscale directories exist with proper permissions
+  ansible.builtin.file:
+    path: "/mnt/vfs/futureporn/tailscale/{{ item }}"
+    state: directory
+    mode: "0755"
+    recurse: true
+  loop:
+    - config
+    - state
+
+- name: Render tailscale template
+  ansible.builtin.template:
+    mode: "0755"
+    src: tailscale-pgadmin.json.j2
+    dest: /mnt/vfs/futureporn/tailscale/tailscale-pgadmin.json
diff --git a/ansible/roles/our/templates/tailscale-pgadmin.json.j2 b/ansible/roles/our/templates/tailscale-pgadmin.json.j2
new file mode 100644
index 0000000..a437168
--- /dev/null
+++ b/ansible/roles/our/templates/tailscale-pgadmin.json.j2
@@ -0,0 +1,19 @@
+{
+  "TCP": {
+    "443": {
+      "HTTPS": true
+    }
+  },
+  "Web": {
+    "${TS_CERT_DOMAIN}:443": {
+      "Handlers": {
+        "/": {
+          "Proxy": "http://127.0.0.1:5050"
+        }
+      }
+    }
+  },
+  "AllowFunnel": {
+    "${TS_CERT_DOMAIN}:443": false
+  }
+}
\ No newline at end of file
diff --git a/services/our/compose.production.yaml b/services/our/compose.production.yaml
index b9bfbf7..4f833bf 100644
--- a/services/our/compose.production.yaml
+++ b/services/our/compose.production.yaml
@@ -81,7 +81,7 @@ services:
       - net_admin
     restart: unless-stopped
     environment:
-      TS_EXTRA_ARGS: --advertise-tags=tag:container --reset"
+      TS_EXTRA_ARGS: "--advertise-tags=tag:container --reset"
       TS_SERVE_CONFIG: /config/pgadmin.json
       TS_STATE_DIR: /var/lib/tailscale
       TS_USERSPACE: "false"