diff options
Diffstat (limited to 'roles/hysteria/tasks/configure_hysteria.yaml')
| -rw-r--r-- | roles/hysteria/tasks/configure_hysteria.yaml | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/roles/hysteria/tasks/configure_hysteria.yaml b/roles/hysteria/tasks/configure_hysteria.yaml new file mode 100644 index 00000000..3495f336 --- /dev/null +++ b/roles/hysteria/tasks/configure_hysteria.yaml @@ -0,0 +1,51 @@ +--- +# check if salamander password file exists +- name: "check if obfuscation password file exists " + ansible.builtin.stat: + path: "/var/reactance/hysteria/salamander_password" + register: salamander_password_file + +# generate salamander password +- name: "generate salamander password for obfuscation " + ansible.builtin.shell: "openssl rand -hex 32" + register: random_string + when: salamander_password_file.stat.exists != true + +# retrieve password from file, if exists +- name: "use previous password, if it exists" + ansible.builtin.set_fact: + salamander_password: "{{ lookup('file', '/var/reactance/hysteria/salamander_password') }}" + when: salamander_password_file.stat.exists + +- name: "set salamander password as var" + ansible.builtin.set_fact: + salamander_password: "{{ random_string.stdout }}" + when: salamander_password_file.stat.exists != true + +- name: "write obfuscation password to file" + ansible.builtin.copy: + content: "{{ salamander_password }}" + dest: "/var/reactance/hysteria/salamander_password" + + when: salamander_password_file.stat.exists != true + +- name: "template out configs" + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + loop: + - src: config.json.j2 + dest: "/var/reactance/hysteria/etc/config.json" + - src: ca.tmpl.j2 + dest: /var/reactance/hysteria/certs/ca.tmpl + - src: server.tmpl.j2 + dest: /var/reactance/hysteria/certs/server.tmpl + +# generate ca, server certs, crl file +- name: "generate ca, server certs" + ansible.builtin.shell: "{{ item }}" + loop: + - "certtool --generate-privkey --outfile /var/reactance/hysteria/certs/ca-key.pem" +R - "certtool --generate-self-signed --load-privkey /var/reactance/hysteria/certs/ca-key.pem --template /var/reactance/hysteria/certs/ca.tmpl --outfile /var/reactance/hysteria/certs/ca-cert.pem" + - "certtool --generate-privkey --outfile /var/reactance/hysteria/certs/server-key.pem" + - "certtool --generate-certificate --load-privkey /var/reactance/hysteria/certs/server-key.pem --load-ca-certificate /var/reactance/hysteria/certs/ca-cert.pem --load-ca-privkey /var/reactance/hysteria/certs/ca-key.pem --template /var/reactance/hysteria/certs/server.tmpl --outfile /var/reactance/hysteria/certs/server-cert.pem" |