initial pfannkuchen

roles/frp_client/tasks/main.yml

@@ -0,0 +1,104 @@
+---
+- name: frpc Binary herunterladen
+  get_url:
+    url: "https://github.com/fatedier/frp/releases/download/v{{ frp_version }}/frp_{{ frp_version }}_linux_amd64.tar.gz"
+    dest: /tmp/frp.tar.gz
+
+- name: frpc entpacken
+  unarchive:
+    src: /tmp/frp.tar.gz
+    dest: /tmp/
+    remote_src: yes
+
+- name: frpc Binary installieren
+  copy:
+    src: "/tmp/frp_{{ frp_version }}_linux_amd64/frpc"
+    dest: /usr/local/bin/frpc
+    mode: "0755"
+    remote_src: yes
+
+- name: frpc Config Verzeichnis
+  file:
+    path: /etc/frp
+    state: directory
+    mode: "0755"
+
+- name: frpc Config deployen
+  copy:
+    dest: /etc/frp/frpc.toml
+    content: |
+      serverAddr = "{{ frp_server_addr }}"
+      serverPort = {{ frp_server_port }}
+      auth.method = "token"
+      auth.token = "{{ frp_token }}"
+      transport.protocol = "quic"
+      transport.poolCount = 5
+      transport.tcpMux = true
+      {% for proxy in frp_proxies %}
+
+      [[proxies]]
+      name = "{{ proxy.name }}"
+      type = "tcp"
+      localIP = "{{ proxy.local_ip | default('127.0.0.1') }}"
+      localPort = {{ proxy.local_port }}
+      remotePort = {{ proxy.remote_port }}
+      transport.useCompression = true
+      transport.bandwidthLimit = "{{ proxy.bandwidth_limit | default('6MB') }}"
+      transport.bandwidthLimitMode = "server"
+      {% endfor %}
+    mode: "0600"
+  notify: restart frpc
+
+- name: frpc systemd Service
+  copy:
+    dest: /etc/systemd/system/frpc.service
+    content: |
+      [Unit]
+      Description=frp Client – Reverse Tunnel
+      After=network-online.target
+      Wants=network-online.target
+
+      [Service]
+      Type=simple
+      Restart=always
+      RestartSec=5
+      ExecStart=/usr/local/bin/frpc -c /etc/frp/frpc.toml
+
+      [Install]
+      WantedBy=multi-user.target
+    mode: "0644"
+  notify:
+    - reload systemd
+    - restart frpc
+
+- name: frpc aktivieren und starten
+  systemd:
+    name: frpc
+    enabled: true
+    state: started
+    daemon_reload: true
+
+- name: iproute2 installieren (fuer tc)
+  apt:
+    name: iproute2
+    state: present
+    update_cache: yes
+
+- name: tc Fair Queueing mit Per-Flow-Limit
+  shell: /sbin/tc qdisc replace dev {{ frp_tc_device | default('ens18') }} root fq maxrate {{ frp_tc_maxrate | default('50mbit') }}
+  changed_when: false
+
+- name: tc Limit persistent via post-up
+  lineinfile:
+    path: /etc/network/interfaces
+    insertafter: "iface {{ frp_tc_device | default('ens18') }}"
+    line: "    post-up /sbin/tc qdisc replace dev {{ frp_tc_device | default('ens18') }} root fq maxrate {{ frp_tc_maxrate | default('50mbit') }}"
+    regexp: "post-up.*tc qdisc"
+
+- name: Temp-Dateien aufräumen
+  file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - /tmp/frp.tar.gz
+    - "/tmp/frp_{{ frp_version }}_linux_amd64"