47e440341a
Includes install/update/uninstall playbooks, Makefile, vault-based SSH credentials, per-server and global HTML export with QR codes. Co-authored-by: Cursor <cursoragent@cursor.com>
70 lines
2.0 KiB
YAML
70 lines
2.0 KiB
YAML
---
|
|
- name: Create masquerade web directory
|
|
ansible.builtin.file:
|
|
path: "{{ hysteria2_masq_dir }}"
|
|
state: directory
|
|
mode: "0755"
|
|
|
|
- name: Deploy masquerade index.html
|
|
ansible.builtin.template:
|
|
src: masq/index.html.j2
|
|
dest: "{{ hysteria2_masq_dir }}/index.html"
|
|
mode: "0644"
|
|
notify: Restart hysteria-server
|
|
|
|
- name: Remove default Hysteria config if present
|
|
ansible.builtin.file:
|
|
path: "{{ hysteria2_config_path }}"
|
|
state: absent
|
|
when: not ansible_check_mode
|
|
|
|
- name: Deploy Hysteria2 server config
|
|
ansible.builtin.template:
|
|
src: config.yaml.j2
|
|
dest: "{{ hysteria2_config_path }}"
|
|
mode: "0644"
|
|
notify: Restart hysteria-server
|
|
|
|
- name: Flush handlers before service check
|
|
ansible.builtin.meta: flush_handlers
|
|
|
|
- name: Enable and start hysteria-server
|
|
ansible.builtin.systemd:
|
|
name: "{{ hysteria2_service_name }}"
|
|
enabled: true
|
|
state: started
|
|
daemon_reload: true
|
|
|
|
- name: Check if ufw is available and active
|
|
ansible.builtin.command: ufw status
|
|
register: _hysteria2_ufw_status
|
|
changed_when: false
|
|
failed_when: false
|
|
when: hysteria2_configure_firewall | bool
|
|
|
|
- name: Allow HTTP and HTTPS in ufw
|
|
ansible.builtin.command: "ufw allow {{ item }}"
|
|
loop:
|
|
- 80/tcp
|
|
- 443/tcp
|
|
- 443/udp
|
|
register: _hysteria2_ufw_allow
|
|
changed_when: "'Skipping' not in (_hysteria2_ufw_allow.stdout | default(''))"
|
|
failed_when: false
|
|
when:
|
|
- hysteria2_configure_firewall | bool
|
|
- "'active' in (_hysteria2_ufw_status.stdout | default(''))"
|
|
|
|
- name: Wait for ACME certificate (first start may take several minutes)
|
|
ansible.builtin.pause:
|
|
seconds: 30
|
|
prompt: "Ожидание получения ACME-сертификата для {{ hysteria2_domain }}..."
|
|
when: hysteria2_wait_for_acme | default(true) | bool
|
|
|
|
- name: Verify hysteria-server is running
|
|
ansible.builtin.command:
|
|
cmd: "systemctl is-active {{ hysteria2_service_name }}"
|
|
register: _hysteria2_service_active
|
|
changed_when: false
|
|
failed_when: _hysteria2_service_active.stdout != 'active'
|