401f03014a
Use Ansible password lookup on the control node so install works before packages are installed on VPS and without pwgen on macOS. Export EDITOR=nano in Makefile for vault-edit. Co-authored-by: Cursor <cursoragent@cursor.com>
93 lines
2.5 KiB
YAML
93 lines
2.5 KiB
YAML
---
|
|
- name: Check for saved passwords from previous install
|
|
ansible.builtin.stat:
|
|
path: "{{ hysteria2_output_dir }}/{{ hysteria2_output_name }}/server-info.yml"
|
|
register: _hysteria2_saved_info
|
|
delegate_to: localhost
|
|
become: false
|
|
tags:
|
|
- install
|
|
- update
|
|
- export
|
|
|
|
- name: Load saved user passwords from local export
|
|
when: _hysteria2_saved_info.stat.exists
|
|
block:
|
|
- name: Read server-info.yml
|
|
ansible.builtin.slurp:
|
|
path: "{{ hysteria2_output_dir }}/{{ hysteria2_output_name }}/server-info.yml"
|
|
register: _hysteria2_saved_info_raw
|
|
delegate_to: localhost
|
|
become: false
|
|
|
|
- name: Parse saved passwords into lookup dict
|
|
ansible.builtin.set_fact:
|
|
_hysteria2_saved_passwords: >-
|
|
{{
|
|
dict(
|
|
(_hysteria2_saved_info_raw.content | b64decode | from_yaml).users
|
|
| map(attribute='name')
|
|
| zip(
|
|
(_hysteria2_saved_info_raw.content | b64decode | from_yaml).users
|
|
| map(attribute='password')
|
|
)
|
|
)
|
|
}}
|
|
tags:
|
|
- install
|
|
- update
|
|
- export
|
|
|
|
- name: Resolve user list with optional fixed passwords
|
|
ansible.builtin.set_fact:
|
|
hysteria2_resolved_users: "{{ hysteria2_resolved_users | default([]) + [ _entry ] }}"
|
|
vars:
|
|
_username: "{{ item if item is string else item.name }}"
|
|
_password: >-
|
|
{{
|
|
(
|
|
item.password if item is mapping
|
|
) | default('', true)
|
|
}}
|
|
_entry:
|
|
name: "{{ _username }}"
|
|
password: "{{ _password }}"
|
|
loop: "{{ hysteria2_users }}"
|
|
loop_control:
|
|
label: "{{ item if item is string else item.name }}"
|
|
tags:
|
|
- install
|
|
- update
|
|
- export
|
|
|
|
- name: Generate missing user passwords
|
|
ansible.builtin.set_fact:
|
|
_hysteria2_users_with_passwords: "{{ _hysteria2_users_with_passwords | default([]) + [ _entry ] }}"
|
|
vars:
|
|
_entry:
|
|
name: "{{ item.name }}"
|
|
password: >-
|
|
{{
|
|
lookup(
|
|
'password',
|
|
'/dev/null chars=ascii_letters,digits length=' ~ (hysteria2_password_length | string)
|
|
)
|
|
if item.password | length == 0
|
|
else item.password
|
|
}}
|
|
loop: "{{ hysteria2_resolved_users }}"
|
|
loop_control:
|
|
label: "{{ item.name }}"
|
|
tags:
|
|
- install
|
|
- update
|
|
- export
|
|
|
|
- name: Apply generated passwords
|
|
ansible.builtin.set_fact:
|
|
hysteria2_resolved_users: "{{ _hysteria2_users_with_passwords }}"
|
|
tags:
|
|
- install
|
|
- update
|
|
- export
|