diff --git a/playbook_main.yml b/playbook_main.yml deleted file mode 100644 index e69de29..0000000 diff --git a/playbook_vpn.yml b/playbook_vpn.yml deleted file mode 100644 index 2961a10..0000000 --- a/playbook_vpn.yml +++ /dev/null @@ -1,6 +0,0 @@ -[vpn] -access.stanito.me - -[all:vars] -ansible_user=admin -ansible_ssh_private_key_file=~/.ssh/id_rsa \ No newline at end of file diff --git a/playbooks/vpn.yml b/playbooks/vpn.yml index 8495251..3c83186 100644 --- a/playbooks/vpn.yml +++ b/playbooks/vpn.yml @@ -1,12 +1,18 @@ +--- +# How to run: +# ansible-playbook -i ./inventory/hosts playbooks/vpn.yml --ask-become-pass --diff + - name: Setup VLESS VPN server hosts: vpn become: yes - roles: - role: xray-vps-setup - vars: - domain: access.stanito.me - setup_variant: xray - user_to_create: vpnuser - ssh_public_key: "{{ ssh_public_key }}" \ No newline at end of file + domain: access.stanito.me # домен, уровень неважен + setup_variant: xray # marzban or xray + setup_warp: false # true or false + configure_security: false # true or false + user_to_create: xray_user # если configure_security: true, то обязательно + user_password: "" # если configure_security: true, то обязательно + SSH_PORT: 22 # если configure_security: true, то обязательно + ssh_public_key: "{{ ssh_public_key }}" # если configure_security: true, то обязательно \ No newline at end of file diff --git a/readme_deploy.md b/readme_deploy.md index e69de29..10e2e36 100644 --- a/readme_deploy.md +++ b/readme_deploy.md @@ -0,0 +1,7 @@ +# Ansible keys +-D --diff +-K --ask-become-pass + +# Deploy VPN +https://github.com/Akiyamov/xray-vps-setup + diff --git a/roles/xray-vps-setup/tasks/_end_xray.yml b/roles/xray-vps-setup/tasks/_end_xray.yml new file mode 100644 index 0000000..c803d8d --- /dev/null +++ b/roles/xray-vps-setup/tasks/_end_xray.yml @@ -0,0 +1,63 @@ +- name: Print clipboard string + debug: + msg: "vless://{{ xray_uuid.stdout }}@{{ domain }}:443?type=tcp&security=reality&pbk={{ x25519_pbk.stdout }}&fp=chrome&sni={{ domain }}&sid={{ short_id.stdout }}&spx=%2F&flow=xtls-rprx-vision" +- name: XRay outbound config + debug: + msg: | + { + "tag": "default", + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "{{ domain }}", + "port": 443, + "users": [ + { + "id": "{{ xray_uuid.stdout }}", + "encryption": "none", + "flow": "xtls-rprx-vision" + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "reality", + "realitySettings": { + "serverName": "{{ domain }}", + "fingerprint": "chrome", + "publicKey": "{{ x25519_pbk.stdout }}", + "shortId": "{{ short_id.stdout }}", + "spiderX": "" + } + } + } +- name: Sing-box outbound config + debug: + msg: | + { + "type": "vless", + "server": "{{ domain }}", + "server_port": 443, + "uuid": "{{ xray_uuid.stdout }}", + "flow": "xtls-rprx-vision", + "tls": { + "enabled": true, + "insecure": false, + "server_name": "{{ domain }}", + "utls": { + "enabled": true, + "fingerprint": "chrome" + }, + "reality": { + "enabled": true, + "public_key": "{{ x25519_pbk.stdout }}", + "short_id": "{{ short_id.stdout }}" + } + } + } +- name: Print PBK, SID and UUID to connect to server. + debug: + msg: "UUID: {{ xray_uuid.stdout }}, SID: {{ short_id.stdout }}, PBK: {{ x25519_pbk.stdout }}" diff --git a/roles/xray-vps-setup/tasks/end_xray.yml b/roles/xray-vps-setup/tasks/end_xray.yml index 8c82448..ce14c52 100644 --- a/roles/xray-vps-setup/tasks/end_xray.yml +++ b/roles/xray-vps-setup/tasks/end_xray.yml @@ -1,63 +1,90 @@ -- name: Print clipboard string +--- +- name: Ensure config directories exist + become: true + file: + path: "{{ item }}" + state: directory + owner: root + group: root + mode: '0755' + loop: + - /etc/xray + - /etc/sing-box + + +- name: Normalize generated values + set_fact: + uuid: "{{ xray_uuid.stdout }}" + pbk: "{{ x25519_pbk.stdout }}" + sid: "{{ short_id.stdout }}" + no_log: true + + +- name: Build configs + set_fact: + vless_url: "vless://{{ uuid }}@{{ domain }}:443?type=tcp&security=reality&pbk={{ pbk }}&fp=chrome&sni={{ domain }}&sid={{ sid }}&spx=%2F&flow=xtls-rprx-vision" + + xray_outbound: + tag: default + protocol: vless + settings: + vnext: + - address: "{{ domain }}" + port: 443 + users: + - id: "{{ uuid }}" + encryption: none + flow: xtls-rprx-vision + streamSettings: + network: tcp + security: reality + realitySettings: + serverName: "{{ domain }}" + fingerprint: chrome + publicKey: "{{ pbk }}" + shortId: "{{ sid }}" + spiderX: "" + + singbox_outbound: + type: vless + server: "{{ domain }}" + server_port: 443 + uuid: "{{ uuid }}" + flow: xtls-rprx-vision + tls: + enabled: true + insecure: false + server_name: "{{ domain }}" + utls: + enabled: true + fingerprint: chrome + reality: + enabled: true + public_key: "{{ pbk }}" + short_id: "{{ sid }}" + no_log: true + + +- name: Write XRay outbound config + become: true + copy: + dest: /etc/xray/outbound.json + content: "{{ xray_outbound | to_nice_json }}" + owner: root + group: root + mode: '0600' + + +- name: Write Sing-box outbound config + become: true + copy: + dest: /etc/sing-box/outbound.json + content: "{{ singbox_outbound | to_nice_json }}" + owner: root + group: root + mode: '0600' + + +- name: Print connection URL debug: - msg: "vless://{{ xray_uuid.stdout }}@{{ vless.domain }}:443?type=tcp&security=reality&pbk={{ x25519_pbk.stdout }}&fp=chrome&sni={{ vless.domain }}&sid={{ short_id.stdout }}&spx=%2F&flow=xtls-rprx-vision" -- name: XRay outbound config - debug: - msg: | - { - "tag": "default", - "protocol": "vless", - "settings": { - "vnext": [ - { - "address": "{{ vless.domain }}", - "port": 443, - "users": [ - { - "id": "{{ xray_uuid.stdout }}", - "encryption": "none", - "flow": "xtls-rprx-vision" - } - ] - } - ] - }, - "streamSettings": { - "network": "tcp", - "security": "reality", - "realitySettings": { - "serverName": "{{ vless.domain }}", - "fingerprint": "chrome", - "publicKey": "{{ x25519_pbk.stdout }}", - "shortId": "{{ short_id.stdout }}", - "spiderX": "" - } - } - } -- name: Sing-box outbound config - debug: - msg: | - { - "type": "vless", - "server": "{{ vless.domain }}", - "server_port": 443, - "uuid": "{{ xray_uuid.stdout }}", - "flow": "xtls-rprx-vision", - "tls": { - "enabled": true, - "insecure": false, - "server_name": "{{ vless.domain }}", - "utls": { - "enabled": true, - "fingerprint": "chrome" - }, - "reality": { - "enabled": true, - "public_key": "{{ x25519_pbk.stdout }}", - "short_id": "{{ short_id.stdout }}" - } - } - } -- name: Print PBK, SID and UUID to connect to server. - debug: - msg: "UUID: {{ xray_uuid.stdout }}, SID: {{ short_id.stdout }}, PBK: {{ x25519_pbk.stdout }}" + msg: "{{ vless_url }}"