Files
hysteria2/roles/hysteria2/tasks/configure.yml
T
Sergey Antropoff 6f96a26bed Initial commit: Ansible role for Hysteria2 VPN server deployment.
Includes install/update/uninstall playbooks, Makefile, vault-based SSH credentials, per-server and global HTML export with QR codes.
2026-07-01 02:02:58 +03:00

70 lines
2.0 KiB
YAML

---
- name: Create masquerade web directory
ansible.builtin.file:
path: "{{ hysteria2_masq_dir }}"
state: directory
mode: "0755"
- name: Deploy masquerade index.html
ansible.builtin.template:
src: masq/index.html.j2
dest: "{{ hysteria2_masq_dir }}/index.html"
mode: "0644"
notify: Restart hysteria-server
- name: Remove default Hysteria config if present
ansible.builtin.file:
path: "{{ hysteria2_config_path }}"
state: absent
when: not ansible_check_mode
- name: Deploy Hysteria2 server config
ansible.builtin.template:
src: config.yaml.j2
dest: "{{ hysteria2_config_path }}"
mode: "0644"
notify: Restart hysteria-server
- name: Flush handlers before service check
ansible.builtin.meta: flush_handlers
- name: Enable and start hysteria-server
ansible.builtin.systemd:
name: "{{ hysteria2_service_name }}"
enabled: true
state: started
daemon_reload: true
- name: Check if ufw is available and active
ansible.builtin.command: ufw status
register: _hysteria2_ufw_status
changed_when: false
failed_when: false
when: hysteria2_configure_firewall | bool
- name: Allow HTTP and HTTPS in ufw
ansible.builtin.command: "ufw allow {{ item }}"
loop:
- 80/tcp
- 443/tcp
- 443/udp
register: _hysteria2_ufw_allow
changed_when: "'Skipping' not in (_hysteria2_ufw_allow.stdout | default(''))"
failed_when: false
when:
- hysteria2_configure_firewall | bool
- "'active' in (_hysteria2_ufw_status.stdout | default(''))"
- name: Wait for ACME certificate (first start may take several minutes)
ansible.builtin.pause:
seconds: 30
prompt: "Ожидание получения ACME-сертификата для {{ hysteria2_domain }}..."
when: hysteria2_wait_for_acme | default(true) | bool
- name: Verify hysteria-server is running
ansible.builtin.command:
cmd: "systemctl is-active {{ hysteria2_service_name }}"
register: _hysteria2_service_active
changed_when: false
failed_when: _hysteria2_service_active.stdout != 'active'