0aec9e6e54
- ACME TLS challenge on 443 (no port 80 or nginx decoy) - Auto-generate and persist obfs password per server - Update client export, HTML catalog, and vault examples - Document Salamander vs main and ACME auto-renewal in README
67 lines
2.0 KiB
YAML
67 lines
2.0 KiB
YAML
---
|
|
- name: Create local output directory for this server
|
|
ansible.builtin.file:
|
|
path: "{{ hysteria2_output_dir }}/{{ hysteria2_output_name }}"
|
|
state: directory
|
|
mode: "0700"
|
|
delegate_to: localhost
|
|
become: false
|
|
|
|
- name: Initialize export users list
|
|
ansible.builtin.set_fact:
|
|
hysteria2_export_users: []
|
|
|
|
- name: Install qrencode on server for PNG QR export
|
|
ansible.builtin.apt:
|
|
name: qrencode
|
|
state: present
|
|
update_cache: false
|
|
when: hysteria2_generate_qr_png | bool
|
|
|
|
- name: Build client share data for each user
|
|
ansible.builtin.include_tasks: share_user.yml
|
|
loop: "{{ hysteria2_resolved_users }}"
|
|
loop_control:
|
|
loop_var: hysteria2_current_user
|
|
label: "{{ hysteria2_current_user.name }}"
|
|
|
|
- name: Save server summary locally
|
|
ansible.builtin.copy:
|
|
dest: "{{ hysteria2_output_dir }}/{{ hysteria2_output_name }}/server-info.yml"
|
|
mode: "0600"
|
|
content: |
|
|
server: {{ hysteria2_output_name }}
|
|
mode: salamander
|
|
domain: {{ hysteria2_domain }}
|
|
port: {{ hysteria2_listen_port }}
|
|
obfs_password: "{{ hysteria2_obfs_password }}"
|
|
users:
|
|
{% for user in hysteria2_export_users %}
|
|
- name: {{ user.name }}
|
|
password: "{{ user.password }}"
|
|
url: "{{ user.url }}"
|
|
has_png: {{ user.has_png | bool | lower }}
|
|
url_file: {{ user.name }}.url
|
|
qr_png: {{ user.name }}.png
|
|
html: index.html
|
|
{% endfor %}
|
|
delegate_to: localhost
|
|
become: false
|
|
|
|
- name: Generate HTML summary page
|
|
ansible.builtin.template:
|
|
src: export/index.html.j2
|
|
dest: "{{ hysteria2_output_dir }}/{{ hysteria2_output_name }}/index.html"
|
|
mode: "0644"
|
|
vars:
|
|
generated_at: "{{ ansible_date_time.date }} {{ ansible_date_time.time }}"
|
|
hysteria2_obfs_password: "{{ hysteria2_obfs_password }}"
|
|
delegate_to: localhost
|
|
become: false
|
|
|
|
- name: Show export location
|
|
ansible.builtin.debug:
|
|
msg: >-
|
|
Клиентские URL, QR и index.html сохранены в
|
|
{{ hysteria2_output_dir }}/{{ hysteria2_output_name }}/
|