2 files changed, 153 insertions, 0 deletions

diff --git a/roles/xray/templates/config.json.j2 b/roles/xray/templates/config.json.j2
new file mode 100644
index 00000000..35e78b75
--- /dev/null
+++ b/roles/xray/templates/config.json.j2
@@ -0,0 +1,131 @@
+{
+  "log": {
+    "loglevel": "debug",
+    "access": "/logs/xray-access.log",
+    "error": "/logs/xray-error.log",
+    "dnsLog": false
+  },
+  "stats": {},
+  "api": {
+    "tag": "api",
+    "services": [
+      "StatsService"
+    ]
+  },
+  "policy": {
+    "levels": {
+      "0": {
+        "statsUserUplink": true,
+        "statsUserDownlink": true
+      }
+    }
+  },
+  "inbounds": [
+{% if inventory_hostname in (groups['trojan']|default([])) + (groups['all_vpns']|default([])) %}
+    {
+      "listen": "0.0.0.0",
+      "port": {{ trojan_port|default(4436) }},
+      "protocol": "trojan",
+      "settings": {
+        "clients": []
+      },
+      "streamSettings": {
+        "network": "tcp",
+        "security": "reality",
+        "realitySettings": {
+        "show": false,
+        "dest": "behindthename.com:443",
+        "serverNames": [
+            "behindthename.com",
+            "www.behindthename.com"
+        ],
+        "xver": 0,
+        "privateKey": "{{ xray_private_key }}",
+        "maxTimeDiff": 0,
+        "shortIds": [""]
+        }
+      }
+    },
+{% endif %}
+{% if inventory_hostname in (groups['vless']|default([])) + (groups['all_vpns']|default([])) %}
+    {
+      "listen": "0.0.0.0",
+      "port": {{ vless_port|default(4437) }},
+      "protocol": "vless",
+      "settings": {
+        "decryption": "none",
+        "clients": []
+      },
+      "streamSettings": {
+        "network": "tcp",
+        "security": "reality",
+        "realitySettings": {
+        "show": false,
+        "dest": "behindthename.com:443",
+        "serverNames": [
+            "behindthename.com",
+            "www.behindthename.com"
+        ],
+        "xver": 0,
+        "privateKey": "{{ xray_private_key }}",
+        "maxTimeDiff": 0,
+        "shortIds": [""]
+        }
+      }
+    },
+{% endif %}
+{% if inventory_hostname in (groups['vmess']|default([])) + (groups['all_vpns']|default([])) %}
+    {
+      "listen": "0.0.0.0",
+      "port": {{ vmess_port|default(4438) }},
+      "protocol": "vmess",
+      "settings": {
+        "clients": []
+      },
+      "streamSettings": {
+        "network": "tcp",
+        "security": "reality",
+        "realitySettings": {
+        "show": false,
+        "dest": "behindthename.com:443",
+        "serverNames": [
+            "behindthename.com",
+            "www.behindthename.com"
+        ],
+        "xver": 0,
+        "privateKey": "{{ xray_private_key }}",
+        "maxTimeDiff": 0,
+        "shortIds": [""]
+        }
+      }
+    },
+{% endif %}
+    {
+      "listen": "127.0.0.1",
+      "port": 10085,
+      "protocol": "dokodemo-door",
+      "settings": {
+        "address": "127.0.0.1"
+      },
+      "tag": "api"
+    }
+  ],
+  "outbounds": [
+    {
+      "protocol": "freedom",
+      "tag": "direct"
+    }
+  ],
+  "routing": {
+    "rules": [
+      {
+        "inboundTag": [
+          "api"
+        ],
+        "outboundTag": "api",
+        "type": "field"
+      }
+    ]
+  }
+}
+
diff --git a/roles/xray/templates/xray.rc.j2 b/roles/xray/templates/xray.rc.j2
new file mode 100644
index 00000000..fe658fbc
--- /dev/null
+++ b/roles/xray/templates/xray.rc.j2
@@ -0,0 +1,22 @@
+#!/bin/ksh
+#
+# $OpenBSD: xray
+
+chroot_dir=/var/reactance/xray
+chroot_user=_vpn
+daemon_class=daemon
+daemon=/bin/xray
+daemon_flags="run -c /etc/config.json"
+daemon_user=root
+
+. /etc/rc.d/rc.subr
+
+rc_start() {
+	rc_exec "chroot -u $chroot_user $chroot_dir $daemon $daemon_flags"
+}
+
+rc_bg=YES
+rc_reload=NO
+
+rc_cmd $1
+