---
# generate keypair, needed for config
- name: "generate private, public keypair for xtls-reality"
  ansible.builtin.shell: "/var/reactance/xray/bin/xray x25519 | awk '{ print $3 }' | tr '\n' ','"
  register: keypair

- name: "set private key as var"
  ansible.builtin.set_fact:
    xray_private_key: "{{ (keypair.stdout | split(',')).0 }}"
    xray_public_key: "{{ (keypair.stdout | split(',')).1 }}"

- name: "write public key to file"
  ansible.builtin.copy:
    content: "{{ xray_public_key }}"
    dest: "/var/reactance/xray/xray_public_key"

- name: "write private key to file"
  ansible.builtin.copy:
    content: "{{ xray_private_key }}"
    dest: "/var/reactance/xray/xray_private_key"

- name: "template out config and init script"
  ansible.builtin.template:
    src: config.json.j2
    dest: "/var/reactance/xray/etc/config.json"

# xray is chrooted and has their own mechanism for logging, which is why it needs to be separatly linked later
- name: "touch xray log files"
  ansible.builtin.file:
    path: "{{ item }}"
    state: touch
    mode: "0700"
    owner: _vpn
    group: _vpn
  loop:
    - "/var/reactance/xray/logs/xray-access.log"
    - "/var/reactance/xray/logs/xray-error.log"

# purely for convenience
- name: "link log files to /var/log/xray"
  ansible.builtin.file:
    src: "/var/reactance/xray/logs/{{ item }}"
    dest: "/var/log/xray/{{ item }}"
    state: link
    mode: "0700"
    owner: _vpn
    group: _vpn
  loop:
    - xray-access.log
    - xray-error.log