fix: generate VPN passwords without pwgen, set EDITOR=nano
Use Ansible password lookup on the control node so install works before packages are installed on VPS and without pwgen on macOS. Export EDITOR=nano in Makefile for vault-edit. Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
@@ -14,7 +14,7 @@ hysteria2_users: []
|
||||
# Опционально: фиксированные пароли { username: password }
|
||||
|
||||
# Пароль обфускации Salamander (общий для сервера).
|
||||
# Пусто — автогенерация через pwgen или загрузка из output/<server>/server-info.yml
|
||||
# Пусто — автогенерация на control node (Ansible password lookup) или загрузка из output/<server>/server-info.yml
|
||||
hysteria2_obfs_password: ""
|
||||
|
||||
hysteria2_password_length: 40
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
ansible.builtin.apt:
|
||||
upgrade: dist
|
||||
|
||||
- name: Install curl, micro, pwgen and qrencode
|
||||
- name: Install curl, micro and qrencode
|
||||
ansible.builtin.apt:
|
||||
name: "{{ _hysteria2_apt_packages }}"
|
||||
state: present
|
||||
@@ -19,7 +19,7 @@
|
||||
vars:
|
||||
_hysteria2_apt_packages: >-
|
||||
{{
|
||||
['curl', 'micro', 'pwgen']
|
||||
['curl', 'micro']
|
||||
+ (['qrencode'] if hysteria2_generate_qr_png | bool else [])
|
||||
}}
|
||||
|
||||
|
||||
@@ -42,24 +42,17 @@
|
||||
- update
|
||||
- export
|
||||
|
||||
- name: Generate Salamander obfs password with pwgen
|
||||
ansible.builtin.command:
|
||||
cmd: "pwgen -s {{ hysteria2_obfs_password_length }} 1"
|
||||
register: _hysteria2_obfs_pwgen
|
||||
changed_when: false
|
||||
- name: Generate Salamander obfs password
|
||||
ansible.builtin.set_fact:
|
||||
hysteria2_obfs_password: >-
|
||||
{{
|
||||
lookup(
|
||||
'password',
|
||||
'/dev/null chars=ascii_letters,digits length=' ~ (hysteria2_obfs_password_length | string)
|
||||
)
|
||||
}}
|
||||
when: hysteria2_obfs_password | length == 0
|
||||
tags:
|
||||
- install
|
||||
- update
|
||||
- export
|
||||
|
||||
- name: Apply generated Salamander obfs password
|
||||
ansible.builtin.set_fact:
|
||||
hysteria2_obfs_password: "{{ _hysteria2_obfs_pwgen.stdout }}"
|
||||
when:
|
||||
- _hysteria2_obfs_pwgen is defined
|
||||
- not (_hysteria2_obfs_pwgen.skipped | default(false))
|
||||
tags:
|
||||
- install
|
||||
- update
|
||||
- export
|
||||
|
||||
@@ -60,16 +60,24 @@
|
||||
- update
|
||||
- export
|
||||
|
||||
- name: Generate missing user passwords with pwgen
|
||||
ansible.builtin.command:
|
||||
cmd: "pwgen -s {{ hysteria2_password_length }} 1"
|
||||
register: _hysteria2_pwgen
|
||||
changed_when: false
|
||||
when: item.password | length == 0
|
||||
- name: Generate missing user passwords
|
||||
ansible.builtin.set_fact:
|
||||
_hysteria2_users_with_passwords: "{{ _hysteria2_users_with_passwords | default([]) + [ _entry ] }}"
|
||||
vars:
|
||||
_entry:
|
||||
name: "{{ item.name }}"
|
||||
password: >-
|
||||
{{
|
||||
lookup(
|
||||
'password',
|
||||
'/dev/null chars=ascii_letters,digits length=' ~ (hysteria2_password_length | string)
|
||||
)
|
||||
if item.password | length == 0
|
||||
else item.password
|
||||
}}
|
||||
loop: "{{ hysteria2_resolved_users }}"
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
index_var: _hysteria2_user_idx
|
||||
tags:
|
||||
- install
|
||||
- update
|
||||
@@ -77,25 +85,7 @@
|
||||
|
||||
- name: Apply generated passwords
|
||||
ansible.builtin.set_fact:
|
||||
hysteria2_resolved_users: "{{ hysteria2_resolved_users | default([]) + [ _entry ] }}"
|
||||
vars:
|
||||
_generated: >-
|
||||
{{
|
||||
_hysteria2_pwgen.results[_hysteria2_user_idx].stdout | default('')
|
||||
if (
|
||||
item.password | length == 0
|
||||
and not (_hysteria2_pwgen.results[_hysteria2_user_idx].skipped | default(false))
|
||||
)
|
||||
else item.password
|
||||
}}
|
||||
_entry:
|
||||
name: "{{ item.name }}"
|
||||
password: "{{ _generated }}"
|
||||
loop: "{{ hysteria2_resolved_users }}"
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
index_var: _hysteria2_user_idx
|
||||
when: _hysteria2_pwgen is defined
|
||||
hysteria2_resolved_users: "{{ _hysteria2_users_with_passwords }}"
|
||||
tags:
|
||||
- install
|
||||
- update
|
||||
|
||||
Reference in New Issue
Block a user