Files
hysteria2/roles/hysteria2/tasks/users.yml
T
Sergey Antropoff 401f03014a fix: generate VPN passwords without pwgen, set EDITOR=nano
Use Ansible password lookup on the control node so install works before packages are installed on VPS and without pwgen on macOS. Export EDITOR=nano in Makefile for vault-edit.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-07-01 11:43:34 +03:00

93 lines
2.5 KiB
YAML

---
- name: Check for saved passwords from previous install
ansible.builtin.stat:
path: "{{ hysteria2_output_dir }}/{{ hysteria2_output_name }}/server-info.yml"
register: _hysteria2_saved_info
delegate_to: localhost
become: false
tags:
- install
- update
- export
- name: Load saved user passwords from local export
when: _hysteria2_saved_info.stat.exists
block:
- name: Read server-info.yml
ansible.builtin.slurp:
path: "{{ hysteria2_output_dir }}/{{ hysteria2_output_name }}/server-info.yml"
register: _hysteria2_saved_info_raw
delegate_to: localhost
become: false
- name: Parse saved passwords into lookup dict
ansible.builtin.set_fact:
_hysteria2_saved_passwords: >-
{{
dict(
(_hysteria2_saved_info_raw.content | b64decode | from_yaml).users
| map(attribute='name')
| zip(
(_hysteria2_saved_info_raw.content | b64decode | from_yaml).users
| map(attribute='password')
)
)
}}
tags:
- install
- update
- export
- name: Resolve user list with optional fixed passwords
ansible.builtin.set_fact:
hysteria2_resolved_users: "{{ hysteria2_resolved_users | default([]) + [ _entry ] }}"
vars:
_username: "{{ item if item is string else item.name }}"
_password: >-
{{
(
item.password if item is mapping
) | default('', true)
}}
_entry:
name: "{{ _username }}"
password: "{{ _password }}"
loop: "{{ hysteria2_users }}"
loop_control:
label: "{{ item if item is string else item.name }}"
tags:
- install
- update
- export
- name: Generate missing user passwords
ansible.builtin.set_fact:
_hysteria2_users_with_passwords: "{{ _hysteria2_users_with_passwords | default([]) + [ _entry ] }}"
vars:
_entry:
name: "{{ item.name }}"
password: >-
{{
lookup(
'password',
'/dev/null chars=ascii_letters,digits length=' ~ (hysteria2_password_length | string)
)
if item.password | length == 0
else item.password
}}
loop: "{{ hysteria2_resolved_users }}"
loop_control:
label: "{{ item.name }}"
tags:
- install
- update
- export
- name: Apply generated passwords
ansible.builtin.set_fact:
hysteria2_resolved_users: "{{ _hysteria2_users_with_passwords }}"
tags:
- install
- update
- export