fix: generate VPN passwords without pwgen, set EDITOR=nano

Use Ansible password lookup on the control node so install works before packages are installed on VPS and without pwgen on macOS. Export EDITOR=nano in Makefile for vault-edit.
This commit is contained in:
Sergey Antropoff
2026-07-01 11:42:40 +03:00
parent ad7846febe
commit 3ca7dde4b2
6 changed files with 24 additions and 32 deletions
+2
View File
@@ -5,6 +5,8 @@
SHELL := /bin/bash SHELL := /bin/bash
.DEFAULT_GOAL := help .DEFAULT_GOAL := help
export EDITOR="nano"
ANSIBLE ?= ansible-playbook ANSIBLE ?= ansible-playbook
ANSIBLE_ADHOC ?= ansible ANSIBLE_ADHOC ?= ansible
INVENTORY ?= inventory/hosts.yml INVENTORY ?= inventory/hosts.yml
+1 -1
View File
@@ -198,7 +198,7 @@ hysteria2_user_passwords:
friend: "custom-password" friend: "custom-password"
``` ```
3. **Автогенерация**`pwgen -s 40`, если пароль не задан. 3. **Автогенерация**Ansible `password` lookup (длина `hysteria2_password_length`), если пароль не задан.
При `make update` пароли подтягиваются из `output/<server>/server-info.yml`, если не указаны в vault/inventory. При `make update` пароли подтягиваются из `output/<server>/server-info.yml`, если не указаны в vault/inventory.
+1 -1
View File
@@ -2,7 +2,7 @@
# Email для Let's Encrypt (ACME) # Email для Let's Encrypt (ACME)
hysteria2_acme_email: admin@example.com hysteria2_acme_email: admin@example.com
# Длина автогенерируемых паролей (pwgen) # Длина автогенерируемых паролей VPN-пользователей
hysteria2_password_length: 40 hysteria2_password_length: 40
# Обновлять систему перед установкой (apt update && apt upgrade) # Обновлять систему перед установкой (apt update && apt upgrade)
+1 -1
View File
@@ -9,7 +9,7 @@ hysteria2_acme_email: ""
hysteria2_users: [] hysteria2_users: []
# Опционально: фиксированные пароли { username: password } # Опционально: фиксированные пароли { username: password }
# Пустое значение или отсутствие ключа — автогенерация через pwgen # Пустое значение или отсутствие ключа — автогенерация на control node (Ansible password lookup)
hysteria2_password_length: 40 hysteria2_password_length: 40
hysteria2_listen_port: 443 hysteria2_listen_port: 443
+2 -2
View File
@@ -11,7 +11,7 @@
ansible.builtin.apt: ansible.builtin.apt:
upgrade: dist upgrade: dist
- name: Install curl, micro, pwgen and qrencode - name: Install curl, micro and qrencode
ansible.builtin.apt: ansible.builtin.apt:
name: "{{ _hysteria2_apt_packages }}" name: "{{ _hysteria2_apt_packages }}"
state: present state: present
@@ -19,7 +19,7 @@
vars: vars:
_hysteria2_apt_packages: >- _hysteria2_apt_packages: >-
{{ {{
['curl', 'micro', 'pwgen'] ['curl', 'micro']
+ (['qrencode'] if hysteria2_generate_qr_png | bool else []) + (['qrencode'] if hysteria2_generate_qr_png | bool else [])
}} }}
+16 -26
View File
@@ -60,16 +60,24 @@
- update - update
- export - export
- name: Generate missing user passwords with pwgen - name: Generate missing user passwords
ansible.builtin.command: ansible.builtin.set_fact:
cmd: "pwgen -s {{ hysteria2_password_length }} 1" _hysteria2_users_with_passwords: "{{ _hysteria2_users_with_passwords | default([]) + [ _entry ] }}"
register: _hysteria2_pwgen vars:
changed_when: false _entry:
when: item.password | length == 0 name: "{{ item.name }}"
password: >-
{{
lookup(
'password',
'/dev/null chars=ascii_letters,digits length=' ~ (hysteria2_password_length | string)
)
if item.password | length == 0
else item.password
}}
loop: "{{ hysteria2_resolved_users }}" loop: "{{ hysteria2_resolved_users }}"
loop_control: loop_control:
label: "{{ item.name }}" label: "{{ item.name }}"
index_var: _hysteria2_user_idx
tags: tags:
- install - install
- update - update
@@ -77,25 +85,7 @@
- name: Apply generated passwords - name: Apply generated passwords
ansible.builtin.set_fact: ansible.builtin.set_fact:
hysteria2_resolved_users: "{{ hysteria2_resolved_users | default([]) + [ _entry ] }}" hysteria2_resolved_users: "{{ _hysteria2_users_with_passwords }}"
vars:
_generated: >-
{{
_hysteria2_pwgen.results[_hysteria2_user_idx].stdout | default('')
if (
item.password | length == 0
and not (_hysteria2_pwgen.results[_hysteria2_user_idx].skipped | default(false))
)
else item.password
}}
_entry:
name: "{{ item.name }}"
password: "{{ _generated }}"
loop: "{{ hysteria2_resolved_users }}"
loop_control:
label: "{{ item.name }}"
index_var: _hysteria2_user_idx
when: _hysteria2_pwgen is defined
tags: tags:
- install - install
- update - update