Commit Graph

9 Commits

Author SHA1 Message Date
Sergey Antropoff 13af9e814c Полная очистка при uninstall: VPS и output/<server>/
Скрипт --remove снимает только бинарник и systemd; Ansible дочищает конфиг,
пользователя, ufw, пакеты и всегда удаляет локальную папку экспорта.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-07-01 13:28:59 +03:00
Sergey Antropoff 5d0d3e49a0 fix: run only uninstall tasks, not full role on make uninstall
Tagging the whole role with uninstall caused install/configure/update/export to run first. Use include_role tasks_from uninstall.yml; add safe defaults for uninstall variables.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-07-01 13:20:17 +03:00
Sergey Antropoff 0745fdce2c feat: incremental user passwords and export on update
Preserve passwords from server-info.yml and vault; generate only for new users; remove deleted users from output; re-export URL/QR only when password, domain, port, obfs or files changed.
2026-07-01 13:06:33 +03:00
Sergey Antropoff 5e42d60778 feat: complete uninstall cleanup on server and local output
Remove binary, config, masq, system user, ufw rules, and apt packages from VPS; delete output/<server>/ by default and rebuild global index.html via localhost play.
2026-07-01 12:56:20 +03:00
Sergey Antropoff b9e622e5c2 feat: bundle and sync official Hysteria2 install script locally
Store install_server.sh in role files, compare SHA256 with get.hy2.sh on the control node before install/update, refresh the bundled copy when upstream changes, then copy and run it on VPS.
2026-07-01 12:00:37 +03:00
Sergey Antropoff 2f88108a8d fix: disable become on localhost play and drop deprecated facts
Use now() for export timestamps and ansible_facts['system'] for browser detection. Set become: false on the localhost play to avoid sudo on local fact gathering.
2026-07-01 11:56:18 +03:00
Sergey Antropoff 4242093ca1 fix: generate VPN passwords without pwgen, set EDITOR=nano
Use Ansible password lookup on the control node so install works before packages are installed on VPS and without pwgen on macOS. Export EDITOR=nano in Makefile for vault-edit.
2026-07-01 11:43:34 +03:00
Sergey Antropoff 0aec9e6e54 Add Salamander obfs branch: replace masquerade with packet obfuscation.
- ACME TLS challenge on 443 (no port 80 or nginx decoy)
- Auto-generate and persist obfs password per server
- Update client export, HTML catalog, and vault examples
- Document Salamander vs main and ACME auto-renewal in README
2026-07-01 02:17:22 +03:00
Sergey Antropoff 6f96a26bed Initial commit: Ansible role for Hysteria2 VPN server deployment.
Includes install/update/uninstall playbooks, Makefile, vault-based SSH credentials, per-server and global HTML export with QR codes.
2026-07-01 02:02:58 +03:00