HomeLab/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

vpn

Browse Source
This commit is contained in:
Gabenov Stanislav
2026-02-13 10:31:46 +03:00
parent a6d2623802
commit 3054f5889f
6 changed files with 171 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
playbook_main.yml
View File

6
playbook_vpn.yml
View File

@@ -1,6 +0,0 @@
[vpn]
access.stanito.me
[all:vars]
ansible_user=admin
ansible_ssh_private_key_file=~/.ssh/id_rsa

18
playbooks/vpn.yml
View File

@@ -1,12 +1,18 @@
---
# How to run:
# ansible-playbook -i ./inventory/hosts playbooks/vpn.yml --ask-become-pass --diff
- name: Setup VLESS VPN server - name: Setup VLESS VPN server
hosts: vpn hosts: vpn
become: yes become: yes
roles: roles:
- role: xray-vps-setup - role: xray-vps-setup
vars: vars:
domain: access.stanito.me domain: access.stanito.me # домен, уровень неважен
setup_variant: xray setup_variant: xray # marzban or xray
user_to_create: vpnuser setup_warp: false # true or false
ssh_public_key: "{{ ssh_public_key }}" configure_security: false # true or false
user_to_create: xray_user # если configure_security: true, то обязательно
user_password: "" # если configure_security: true, то обязательно
SSH_PORT: 22 # если configure_security: true, то обязательно
ssh_public_key: "{{ ssh_public_key }}" # если configure_security: true, то обязательно

7
readme_deploy.md
View File

@@ -0,0 +1,7 @@
# Ansible keys
-D --diff
-K --ask-become-pass
# Deploy VPN
https://github.com/Akiyamov/xray-vps-setup

63
roles/xray-vps-setup/tasks/_end_xray.yml Normal file
View File

@@ -0,0 +1,63 @@
- name: Print clipboard string
debug:
msg: "vless://{{ xray_uuid.stdout }}@{{ domain }}:443?type=tcp&security=reality&pbk={{ x25519_pbk.stdout }}&fp=chrome&sni={{ domain }}&sid={{ short_id.stdout }}&spx=%2F&flow=xtls-rprx-vision"
- name: XRay outbound config
debug:
msg: |
{
"tag": "default",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "{{ domain }}",
"port": 443,
"users": [
{
"id": "{{ xray_uuid.stdout }}",
"encryption": "none",
"flow": "xtls-rprx-vision"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"serverName": "{{ domain }}",
"fingerprint": "chrome",
"publicKey": "{{ x25519_pbk.stdout }}",
"shortId": "{{ short_id.stdout }}",
"spiderX": ""
}
}
}
- name: Sing-box outbound config
debug:
msg: |
{
"type": "vless",
"server": "{{ domain }}",
"server_port": 443,
"uuid": "{{ xray_uuid.stdout }}",
"flow": "xtls-rprx-vision",
"tls": {
"enabled": true,
"insecure": false,
"server_name": "{{ domain }}",
"utls": {
"enabled": true,
"fingerprint": "chrome"
},
"reality": {
"enabled": true,
"public_key": "{{ x25519_pbk.stdout }}",
"short_id": "{{ short_id.stdout }}"
}
}
}
- name: Print PBK, SID and UUID to connect to server.
debug:
msg: "UUID: {{ xray_uuid.stdout }}, SID: {{ short_id.stdout }}, PBK: {{ x25519_pbk.stdout }}"

151
roles/xray-vps-setup/tasks/end_xray.yml
View File

@@ -1,63 +1,90 @@
- name: Print clipboard string ---
- name: Ensure config directories exist
become: true
file:
path: "{{ item }}"
state: directory
owner: root
group: root
mode: '0755'
loop:
- /etc/xray
- /etc/sing-box
- name: Normalize generated values
set_fact:
uuid: "{{ xray_uuid.stdout }}"
pbk: "{{ x25519_pbk.stdout }}"
sid: "{{ short_id.stdout }}"
no_log: true
- name: Build configs
set_fact:
vless_url: "vless://{{ uuid }}@{{ domain }}:443?type=tcp&security=reality&pbk={{ pbk }}&fp=chrome&sni={{ domain }}&sid={{ sid }}&spx=%2F&flow=xtls-rprx-vision"
xray_outbound:
tag: default
protocol: vless
settings:
vnext:
- address: "{{ domain }}"
port: 443
users:
- id: "{{ uuid }}"
encryption: none
flow: xtls-rprx-vision
streamSettings:
network: tcp
security: reality
realitySettings:
serverName: "{{ domain }}"
fingerprint: chrome
publicKey: "{{ pbk }}"
shortId: "{{ sid }}"
spiderX: ""
singbox_outbound:
type: vless
server: "{{ domain }}"
server_port: 443
uuid: "{{ uuid }}"
flow: xtls-rprx-vision
tls:
enabled: true
insecure: false
server_name: "{{ domain }}"
utls:
enabled: true
fingerprint: chrome
reality:
enabled: true
public_key: "{{ pbk }}"
short_id: "{{ sid }}"
no_log: true
- name: Write XRay outbound config
become: true
copy:
dest: /etc/xray/outbound.json
content: "{{ xray_outbound | to_nice_json }}"
owner: root
group: root
mode: '0600'
- name: Write Sing-box outbound config
become: true
copy:
dest: /etc/sing-box/outbound.json
content: "{{ singbox_outbound | to_nice_json }}"
owner: root
group: root
mode: '0600'
- name: Print connection URL
debug: debug:
msg: "vless://{{ xray_uuid.stdout }}@{{ vless.domain }}:443?type=tcp&security=reality&pbk={{ x25519_pbk.stdout }}&fp=chrome&sni={{ vless.domain }}&sid={{ short_id.stdout }}&spx=%2F&flow=xtls-rprx-vision" msg: "{{ vless_url }}"
- name: XRay outbound config
debug:
msg: |
{
"tag": "default",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "{{ vless.domain }}",
"port": 443,
"users": [
{
"id": "{{ xray_uuid.stdout }}",
"encryption": "none",
"flow": "xtls-rprx-vision"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"serverName": "{{ vless.domain }}",
"fingerprint": "chrome",
"publicKey": "{{ x25519_pbk.stdout }}",
"shortId": "{{ short_id.stdout }}",
"spiderX": ""
}
}
}
- name: Sing-box outbound config
debug:
msg: |
{
"type": "vless",
"server": "{{ vless.domain }}",
"server_port": 443,
"uuid": "{{ xray_uuid.stdout }}",
"flow": "xtls-rprx-vision",
"tls": {
"enabled": true,
"insecure": false,
"server_name": "{{ vless.domain }}",
"utls": {
"enabled": true,
"fingerprint": "chrome"
},
"reality": {
"enabled": true,
"public_key": "{{ x25519_pbk.stdout }}",
"short_id": "{{ short_id.stdout }}"
}
}
}
- name: Print PBK, SID and UUID to connect to server.
debug:
msg: "UUID: {{ xray_uuid.stdout }}, SID: {{ short_id.stdout }}, PBK: {{ x25519_pbk.stdout }}"