blob: 4f8cf5e60fb58b3b0ede6e49f527372bd37e1c2d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
---
# generate keypair, needed for config
- name: "generate private, public keypair for xtls-reality"
ansible.builtin.shell: "/var/reactance/xray/bin/xray x25519 | awk '{ print $3 }' | tr '\n' ','"
register: keypair
- name: "set private key as var"
ansible.builtin.set_fact:
xray_private_key: "{{ (keypair.stdout | split(',')).0 }}"
xray_public_key: "{{ (keypair.stdout | split(',')).1 }}"
- name: "write public key to file"
ansible.builtin.copy:
content: "{{ xray_public_key }}"
dest: "/var/reactance/xray/xray_public_key"
- name: "write private key to file"
ansible.builtin.copy:
content: "{{ xray_private_key }}"
dest: "/var/reactance/xray/xray_private_key"
- name: "template out config and init script"
ansible.builtin.template:
src: config.json.j2
dest: "/var/reactance/xray/etc/config.json"
# xray is chrooted and has their own mechanism for logging, which is why it needs to be separatly linked later
- name: "touch xray log files"
ansible.builtin.file:
path: "{{ item }}"
state: touch
mode: "0700"
owner: _vpn
group: _vpn
loop:
- "/var/reactance/xray/logs/xray-access.log"
- "/var/reactance/xray/logs/xray-error.log"
# purely for convenience
- name: "link log files to /var/log/xray"
ansible.builtin.file:
src: "/var/reactance/xray/logs/{{ item }}"
dest: "/var/log/xray/{{ item }}"
state: link
mode: "0700"
owner: _vpn
group: _vpn
loop:
- xray-access.log
- xray-error.log
|
