3faf21fecb
Remove binary, config, masq, system user, ufw rules, and apt packages from VPS; delete output/<server>/ by default and rebuild global index.html via localhost play.
116 lines
5.5 KiB
Makefile
116 lines
5.5 KiB
Makefile
# ═══════════════════════════════════════════════════════════════════════════════
|
||
# Hysteria2 Ansible — Makefile
|
||
# ═══════════════════════════════════════════════════════════════════════════════
|
||
|
||
SHELL := /bin/bash
|
||
.DEFAULT_GOAL := help
|
||
|
||
export EDITOR="nano"
|
||
|
||
ANSIBLE ?= ansible-playbook
|
||
ANSIBLE_ADHOC ?= ansible
|
||
INVENTORY ?= inventory/hosts.yml
|
||
LIMIT ?=
|
||
EXTRA_VARS ?=
|
||
TAGS ?=
|
||
ASK_PASS ?=
|
||
|
||
# vault: .vault_pass или интерактивный ввод
|
||
VAULT_FILE := .vault_pass
|
||
VAULT_ARGS := $(if $(wildcard $(VAULT_FILE)),--vault-password-file $(VAULT_FILE),)
|
||
|
||
ANSIBLE_OPTS := $(VAULT_ARGS) \
|
||
$(if $(LIMIT),--limit $(LIMIT),) \
|
||
$(if $(EXTRA_VARS),--extra-vars "$(EXTRA_VARS)",) \
|
||
$(if $(ASK_BECOME_PASS),--ask-become-pass,) \
|
||
$(if $(ASK_PASS),--ask-pass,)
|
||
|
||
CYAN := \033[0;36m
|
||
GREEN := \033[0;32m
|
||
YELLOW := \033[1;33m
|
||
BOLD := \033[1m
|
||
NC := \033[0m
|
||
|
||
.PHONY: help init check ping status \
|
||
install update export uninstall \
|
||
vault-init vault-encrypt vault-edit vault-view
|
||
|
||
help: ## Показать справку
|
||
@echo ""
|
||
@echo "$(BOLD)Hysteria2 Ansible$(NC)"
|
||
@echo ""
|
||
@grep -E '^[a-zA-Z0-9_-]+:.*##' $(MAKEFILE_LIST) | \
|
||
awk 'BEGIN {FS = ":.*## "}; {printf " $(CYAN)%-16s$(NC) %s\n", $$1, $$2}'
|
||
@echo ""
|
||
@echo " $(YELLOW)Примеры:$(NC)"
|
||
@echo " make init"
|
||
@echo " make vault-init && make vault-encrypt"
|
||
@echo " make install"
|
||
@echo " make install LIMIT=vps-de"
|
||
@echo " make update LIMIT=vps-nl"
|
||
@echo " make uninstall LIMIT=vps-de"
|
||
@echo ""
|
||
|
||
init: ## Создать inventory, group_vars и .vault_pass из примеров
|
||
@test -f inventory/hosts.yml || cp inventory/hosts.yml.example inventory/hosts.yml
|
||
@test -f group_vars/all.yml || cp group_vars/all.yml.example group_vars/all.yml
|
||
@test -f group_vars/hysteria2_servers/vars.yml || cp group_vars/hysteria2_servers/vars.yml.example group_vars/hysteria2_servers/vars.yml
|
||
@test -f group_vars/hysteria2_servers/vault.yml || cp group_vars/hysteria2_servers/vault.yml.example group_vars/hysteria2_servers/vault.yml
|
||
@test -f .vault_pass || (openssl rand -base64 32 > .vault_pass && chmod 600 .vault_pass)
|
||
@grep -q 'vault_password_file' ansible.cfg || \
|
||
(echo "" >> ansible.cfg && echo "vault_password_file = .vault_pass" >> ansible.cfg)
|
||
@echo "$(GREEN)Готово. Отредактируйте:$(NC)"
|
||
@echo " inventory/hosts.yml"
|
||
@echo " group_vars/all.yml"
|
||
@echo " group_vars/hysteria2_servers/vault.yml → затем: make vault-encrypt"
|
||
|
||
check: ## Проверить синтаксис playbook
|
||
$(ANSIBLE) playbook.yml --syntax-check $(VAULT_ARGS)
|
||
$(ANSIBLE) playbook-uninstall.yml --syntax-check $(VAULT_ARGS)
|
||
|
||
ping: ## Проверить SSH-доступ ко всем VPS
|
||
$(ANSIBLE_ADHOC) hysteria2_servers -m ping $(ANSIBLE_OPTS)
|
||
|
||
status: ## Статус hysteria-server на VPS
|
||
$(ANSIBLE_ADHOC) hysteria2_servers -m shell \
|
||
-a "systemctl status hysteria-server --no-pager || systemctl status hysteria2 --no-pager" \
|
||
-b $(VAULT_ARGS) $(if $(LIMIT),--limit $(LIMIT),)
|
||
|
||
install: check ## Установить Hysteria2 на VPS (+ URL и QR локально)
|
||
$(ANSIBLE) playbook.yml --tags install $(ANSIBLE_OPTS)
|
||
|
||
update: check ## Обновить бинарник, перекатить конфиг, перевыпустить URL/QR
|
||
$(ANSIBLE) playbook.yml --tags update --extra-vars "hysteria2_wait_for_acme=false hysteria2_upgrade_system=false" $(ANSIBLE_OPTS)
|
||
|
||
export: check ## Только перевыпустить URL и QR (без изменений на сервере)
|
||
$(ANSIBLE) playbook.yml --tags export $(ANSIBLE_OPTS)
|
||
|
||
uninstall: ## Удалить Hysteria2 с VPS
|
||
@echo "$(YELLOW)Будет выполнено удаление Hysteria2$(NC) $(if $(LIMIT),на $(LIMIT),на всех серверах)"
|
||
@read -p "Продолжить? [y/N] " c; [[ "$$c" =~ ^[Yy]$$ ]] || exit 1
|
||
$(ANSIBLE) playbook-uninstall.yml --tags uninstall $(ANSIBLE_OPTS)
|
||
|
||
vault-init: ## Создать .vault_pass и включить vault_password_file в ansible.cfg
|
||
@test -f .vault_pass || (openssl rand -base64 32 > .vault_pass && chmod 600 .vault_pass)
|
||
@if ! grep -q '^vault_password_file' ansible.cfg; then \
|
||
sed -i.bak 's/# vault_password_file/vault_password_file/' ansible.cfg; \
|
||
rm -f ansible.cfg.bak; \
|
||
fi
|
||
@echo "$(GREEN).vault_pass готов$(NC)"
|
||
|
||
vault-encrypt: vault-init ## Зашифровать group_vars/hysteria2_servers/vault.yml
|
||
@if [ ! -f group_vars/hysteria2_servers/vault.yml ]; then \
|
||
echo "$(YELLOW)Сначала: make init$(NC)"; exit 1; \
|
||
fi
|
||
@if grep -q 'ANSIBLE_VAULT' group_vars/hysteria2_servers/vault.yml 2>/dev/null; then \
|
||
echo "vault.yml уже зашифрован"; \
|
||
else \
|
||
ansible-vault encrypt group_vars/hysteria2_servers/vault.yml --vault-password-file $(VAULT_FILE); \
|
||
fi
|
||
|
||
vault-edit: vault-init ## Редактировать зашифрованный vault
|
||
ansible-vault edit group_vars/hysteria2_servers/vault.yml --vault-password-file $(VAULT_FILE)
|
||
|
||
vault-view: vault-init ## Показать содержимое vault (расшифровка)
|
||
ansible-vault view group_vars/hysteria2_servers/vault.yml --vault-password-file $(VAULT_FILE)
|