-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvless.yaml
169 lines (146 loc) · 4.29 KB
/
vless.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
---
- name: enable bbr and update packages
hosts: v2servers
remote_user: root
gather_facts: no
tasks:
- name: set net.core.default_qdisc
sysctl:
name: net.core.default_qdisc
value: fq
state: present
- name: set net.ipv4.tcp_congestion_control
sysctl:
name: net.ipv4.tcp_congestion_control
value: bbr
state: present
reload: yes
- name: update packages
apt:
update_cache: yes
upgrade: yes
- name: check if a reboot is required
stat:
path: /var/run/reboot-required
register: reboot_required_file
- name: reboot if required
reboot:
when: reboot_required_file.stat.exists == true
ignore_errors: yes
- name: install caddy v2
hosts: v2servers
remote_user: root
gather_facts: no
tasks:
- name: install dependencies and update other softwares
apt:
name:
- wget
- debian-keyring
- debian-archive-keyring
- apt-transport-https
- curl
- locate
- htop
- rsync
- unzip
- tmux
state: latest
- name: Check if Caddy GPG key is already present
stat:
path: /usr/share/keyrings/caddy-stable-archive-keyring.gpg
register: caddy_gpg_key
- name: Update GPG key for Caddy v2
shell: curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
when: not caddy_gpg_key.stat.exists
- name: update apt source for caddy v2
shell: curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
- name: install caddy v2 with apt
apt:
name: caddy
state: latest
update_cache: yes
- name: install fhs-v2ray
hosts: v2servers
remote_user: root
gather_facts: no
tasks:
- name: download fhs-v2ray script
get_url:
url: https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh
dest: /tmp/install-release.sh
mode: 0755
force: yes
- name: install and/or update v2ray and .dat files
shell: /tmp/install-release.sh
args:
executable: /bin/bash
- name: configure v2ray and caddy
hosts: v2servers
remote_user: root
gather_facts: no
vars:
uuid: your_uuid_here
path: /your_path_here
local_port: your_local_port_here
tasks:
- name: Check if Caddyfile exists and is not empty
stat:
path: /etc/caddy/Caddyfile
register: caddyfile_stat
- name: Fail if Caddyfile exists and is not empty
fail:
msg: "Caddyfile already exists and is not empty"
when: caddyfile_stat.stat.exists and caddyfile_stat.stat.size > 0
- name: generate and copy Caddyfile using template
template:
src: Caddyfile.j2
dest: /etc/caddy/Caddyfile
mode: 0644
- name: generate and copy v2ray config file using template
template:
src: config.json.j2
dest: /usr/local/etc/v2ray/config.json
mode: 0644
- name: Synchronize pseudo site files
synchronize:
src: pseudo/
dest: /var/www/pseudo
delete: yes
recursive: yes
mode: push
- name: restart and enable v2ray
systemd:
name: v2ray
state: restarted
enabled: yes
- name: restart and enable caddy
systemd:
name: caddy
state: restarted
enabled: yes
# - name: ensure that firewalls are disabled
# hosts: v2servers
# remote_user: root
# gather_facts: no
# tasks:
# - name: ensure firewalld is stopped and disabled
# systemd:
# name: firewalld
# state: stopped
# enabled: yes
# ignore_errors: yes
# - name: ensure that iptables and/or ufw is disabled
# shell: service iptables stop;chkconfig iptables off;ufw disable
# ignore_errors: yes
# - name: disable iptables at reboot
# shell: iptables -P INPUT ACCEPT;
# iptables -P FORWARD ACCEPT;
# iptables -P OUTPUT ACCEPT;
# iptables -F;
# apt purge netfilter-persistent;
# rm -rf /etc/iptables
# ignore_errors: yes
# - name: final reboot
# reboot:
# ignore_errors: yes