# ═══════════════════════════════════════════════════════════════════════════════ # Hysteria2 Ansible — Makefile # ═══════════════════════════════════════════════════════════════════════════════ SHELL := /bin/bash .DEFAULT_GOAL := help ANSIBLE ?= ansible-playbook ANSIBLE_ADHOC ?= ansible INVENTORY ?= inventory/hosts.yml LIMIT ?= EXTRA_VARS ?= TAGS ?= ASK_PASS ?= # vault: .vault_pass или интерактивный ввод VAULT_FILE := .vault_pass VAULT_ARGS := $(if $(wildcard $(VAULT_FILE)),--vault-password-file $(VAULT_FILE),) ANSIBLE_OPTS := $(VAULT_ARGS) \ $(if $(LIMIT),--limit $(LIMIT),) \ $(if $(EXTRA_VARS),--extra-vars "$(EXTRA_VARS)",) \ $(if $(ASK_BECOME_PASS),--ask-become-pass,) \ $(if $(ASK_PASS),--ask-pass,) CYAN := \033[0;36m GREEN := \033[0;32m YELLOW := \033[1;33m BOLD := \033[1m NC := \033[0m .PHONY: help init check ping status \ install update export uninstall \ vault-init vault-encrypt vault-edit vault-view help: ## Показать справку @echo "" @echo "$(BOLD)Hysteria2 Ansible$(NC)" @echo "" @grep -E '^[a-zA-Z0-9_-]+:.*##' $(MAKEFILE_LIST) | \ awk 'BEGIN {FS = ":.*## "}; {printf " $(CYAN)%-16s$(NC) %s\n", $$1, $$2}' @echo "" @echo " $(YELLOW)Примеры:$(NC)" @echo " make init" @echo " make vault-init && make vault-encrypt" @echo " make install" @echo " make install LIMIT=vps-de" @echo " make update LIMIT=vps-nl" @echo " make uninstall LIMIT=vps-de EXTRA_VARS='hysteria2_uninstall_remove_local_output=true'" @echo "" init: ## Создать inventory, group_vars и .vault_pass из примеров @test -f inventory/hosts.yml || cp inventory/hosts.yml.example inventory/hosts.yml @test -f group_vars/all.yml || cp group_vars/all.yml.example group_vars/all.yml @test -f group_vars/hysteria2_servers/vars.yml || cp group_vars/hysteria2_servers/vars.yml.example group_vars/hysteria2_servers/vars.yml @test -f group_vars/hysteria2_servers/vault.yml || cp group_vars/hysteria2_servers/vault.yml.example group_vars/hysteria2_servers/vault.yml @test -f .vault_pass || (openssl rand -base64 32 > .vault_pass && chmod 600 .vault_pass) @grep -q 'vault_password_file' ansible.cfg || \ (echo "" >> ansible.cfg && echo "vault_password_file = .vault_pass" >> ansible.cfg) @echo "$(GREEN)Готово. Отредактируйте:$(NC)" @echo " inventory/hosts.yml" @echo " group_vars/all.yml" @echo " group_vars/hysteria2_servers/vault.yml → затем: make vault-encrypt" check: ## Проверить синтаксис playbook $(ANSIBLE) playbook.yml --syntax-check $(VAULT_ARGS) $(ANSIBLE) playbook-uninstall.yml --syntax-check $(VAULT_ARGS) ping: ## Проверить SSH-доступ ко всем VPS $(ANSIBLE_ADHOC) hysteria2_servers -m ping $(ANSIBLE_OPTS) status: ## Статус hysteria-server на VPS $(ANSIBLE_ADHOC) hysteria2_servers -m shell \ -a "systemctl status hysteria-server --no-pager || systemctl status hysteria2 --no-pager" \ -b $(VAULT_ARGS) $(if $(LIMIT),--limit $(LIMIT),) install: check ## Установить Hysteria2 на VPS (+ URL и QR локально) $(ANSIBLE) playbook.yml --tags install $(ANSIBLE_OPTS) update: check ## Обновить бинарник, перекатить конфиг, перевыпустить URL/QR $(ANSIBLE) playbook.yml --tags update --extra-vars "hysteria2_wait_for_acme=false hysteria2_upgrade_system=false" $(ANSIBLE_OPTS) export: check ## Только перевыпустить URL и QR (без изменений на сервере) $(ANSIBLE) playbook.yml --tags export $(ANSIBLE_OPTS) uninstall: ## Удалить Hysteria2 с VPS @echo "$(YELLOW)Будет выполнено удаление Hysteria2$(NC) $(if $(LIMIT),на $(LIMIT),на всех серверах)" @read -p "Продолжить? [y/N] " c; [[ "$$c" =~ ^[Yy]$$ ]] || exit 1 $(ANSIBLE) playbook-uninstall.yml --tags uninstall $(ANSIBLE_OPTS) vault-init: ## Создать .vault_pass и включить vault_password_file в ansible.cfg @test -f .vault_pass || (openssl rand -base64 32 > .vault_pass && chmod 600 .vault_pass) @if ! grep -q '^vault_password_file' ansible.cfg; then \ sed -i.bak 's/# vault_password_file/vault_password_file/' ansible.cfg; \ rm -f ansible.cfg.bak; \ fi @echo "$(GREEN).vault_pass готов$(NC)" vault-encrypt: vault-init ## Зашифровать group_vars/hysteria2_servers/vault.yml @if [ ! -f group_vars/hysteria2_servers/vault.yml ]; then \ echo "$(YELLOW)Сначала: make init$(NC)"; exit 1; \ fi @if grep -q 'ANSIBLE_VAULT' group_vars/hysteria2_servers/vault.yml 2>/dev/null; then \ echo "vault.yml уже зашифрован"; \ else \ ansible-vault encrypt group_vars/hysteria2_servers/vault.yml --vault-password-file $(VAULT_FILE); \ fi vault-edit: vault-init ## Редактировать зашифрованный vault ansible-vault edit group_vars/hysteria2_servers/vault.yml --vault-password-file $(VAULT_FILE) vault-view: vault-init ## Показать содержимое vault (расшифровка) ansible-vault view group_vars/hysteria2_servers/vault.yml --vault-password-file $(VAULT_FILE)