1 files changed, 50 insertions, 0 deletions

diff --git a/roles/xray/tasks/configure_xray.yaml b/roles/xray/tasks/configure_xray.yaml
new file mode 100644
index 00000000..4f8cf5e6
--- /dev/null
+++ b/roles/xray/tasks/configure_xray.yaml
@@ -0,0 +1,50 @@
+---
+# generate keypair, needed for config
+- name: "generate private, public keypair for xtls-reality"
+  ansible.builtin.shell: "/var/reactance/xray/bin/xray x25519 | awk '{ print $3 }' | tr '\n' ','"
+  register: keypair
+
+- name: "set private key as var"
+  ansible.builtin.set_fact:
+    xray_private_key: "{{ (keypair.stdout | split(',')).0 }}"
+    xray_public_key: "{{ (keypair.stdout | split(',')).1 }}"
+
+- name: "write public key to file"
+  ansible.builtin.copy:
+    content: "{{ xray_public_key }}"
+    dest: "/var/reactance/xray/xray_public_key"
+
+- name: "write private key to file"
+  ansible.builtin.copy:
+    content: "{{ xray_private_key }}"
+    dest: "/var/reactance/xray/xray_private_key"
+
+- name: "template out config and init script"
+  ansible.builtin.template:
+    src: config.json.j2
+    dest: "/var/reactance/xray/etc/config.json"
+
+# xray is chrooted and has their own mechanism for logging, which is why it needs to be separatly linked later
+- name: "touch xray log files"
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: touch
+    mode: "0700"
+    owner: _vpn
+    group: _vpn
+  loop:
+    - "/var/reactance/xray/logs/xray-access.log"
+    - "/var/reactance/xray/logs/xray-error.log"
+
+# purely for convenience
+- name: "link log files to /var/log/xray"
+  ansible.builtin.file:
+    src: "/var/reactance/xray/logs/{{ item }}"
+    dest: "/var/log/xray/{{ item }}"
+    state: link
+    mode: "0700"
+    owner: _vpn
+    group: _vpn
+  loop:
+    - xray-access.log
+    - xray-error.log