Add Salamander obfs branch: replace masquerade with packet obfuscation.

- ACME TLS challenge on 443 (no port 80 or nginx decoy)
- Auto-generate and persist obfs password per server
- Update client export, HTML catalog, and vault examples
- Document Salamander vs main and ACME auto-renewal in README

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Sergey Antropoff
2026-07-01 02:17:22 +03:00
parent 47e440341a
commit 8a7a4c0889
19 changed files with 367 additions and 182 deletions
@@ -4,3 +4,6 @@
# Проброс VPN-паролей из vault в переменные роли (опционально)
hysteria2_user_passwords: "{{ (vault_hysteria2_user_passwords | default({}))[inventory_hostname] | default({}) }}"
# Опционально: фиксированный пароль Salamander obfs для сервера
hysteria2_obfs_password: "{{ (vault_hysteria2_obfs_passwords | default({}))[inventory_hostname] | default('') }}"
@@ -14,5 +14,8 @@ vault_ssh_passwords:
# vault_hysteria2_user_passwords:
# vps-de:
# friend: "Aingae0Okit1eek4eeZahFohVei4akee"
# vps-nl:
# alice: "CustomAlicePassword40chars................"
# Опционально: пароль Salamander obfs (один на сервер)
# vault_hysteria2_obfs_passwords:
# vps-de: "cry_me_a_r1ver_salamander_obfs_pass"
# vps-nl: "another_obfs_password_32chars!!"