From 73281a3ac6dce16ad799e72f3163b08c7ff257ac Mon Sep 17 00:00:00 2001 From: sascha Date: Fri, 10 Apr 2026 22:13:41 +0200 Subject: [PATCH] ansible: add xray_client role + playbook + [xray] inventory group - New role: xray_client (deploys Xray VLESS+Reality client container) - New playbook: xray-client.yml - New inventory group: [xray] (emby-sascha, emby-chris) - pfannkuchen.sh: new command 'xray' - Prepared for migration from FRP to Xray tunnel --- pfannkuchen.ini | 38 ++++++++++++++++++----------- pfannkuchen.sh | 34 +++++++++++++++++++++++--- roles/xray_client/defaults/main.yml | 3 +++ roles/xray_client/handlers/main.yml | 6 +++++ roles/xray_client/tasks/main.yml | 28 +++++++++++++++++++++ xray-client.yml | 6 +++++ 6 files changed, 98 insertions(+), 17 deletions(-) create mode 100644 roles/xray_client/defaults/main.yml create mode 100644 roles/xray_client/handlers/main.yml create mode 100644 roles/xray_client/tasks/main.yml create mode 100644 xray-client.yml diff --git a/pfannkuchen.ini b/pfannkuchen.ini index 3d1e135..b5b9edc 100644 --- a/pfannkuchen.ini +++ b/pfannkuchen.ini @@ -12,7 +12,6 @@ ansible_user=root [media] emby-sascha ansible_host=10.6.1.103 -jellyfin ansible_host=10.5.1.112 immich ansible_host=10.4.1.107 emby-chris ansible_host=10.7.1.106 @@ -30,15 +29,24 @@ dockhand ansible_host=10.4.1.116 n8n ansible_host=10.4.1.113 openclaw ansible_host=10.4.1.100 monitoring ansible_host=10.1.1.111 -# automation ansible_host=10.1.1.115 # deprecated - VM abschalten sobald bereit automation1 ansible_host=10.5.85.5 outline ansible_host=10.1.1.100 +funkwerk-ai ansible_host=10.1.1.10 [communication] matrix ansible_host=10.4.1.110 +[infrastructure] +pbs ansible_host=10.3.1.10 ansible_user=root + +[83] +auris-integration ansible_host=10.5.83.151 ansible_user=fia ansible_password=kronerew ansible_become_password=kronerew base_user=fia +susi ansible_host=10.5.83.8 ansible_user=sascha ansible_password=GT500r8 ansible_become_password=GT500r8 base_user=sascha +tunnel-test ansible_host=10.6.1.99 + [hetzner] -pfannkuchen ansible_host=159.69.245.190 ansible_user=root ansible_ssh_private_key_file=~/.ssh/id_ed25519 +test-vps ansible_host=78.46.186.211 ansible_user=root ansible_port=22 ansible_ssh_private_key_file=~/.ssh/id_ed25519 +pfannkuchen ansible_host=159.69.245.190 ansible_user=root ansible_port=2505 ansible_ssh_private_key_file=~/.ssh/id_ed25519 [nvidia] tdarr @@ -55,7 +63,6 @@ node7 [frp] emby-sascha emby-chris -jellyfin [wireguard] node1 @@ -66,12 +73,21 @@ node5 node6 node7 +[hawser:children] +media +arr +docker +auto +communication +hetzner + [all:children] media arr docker auto communication +infrastructure hetzner proxmox @@ -83,16 +99,10 @@ auto communication proxmox hetzner +infrastructure # Credentials liegen in group_vars/ (nicht im INI, da kein Jinja2-Support) -[kubernetes] -kube-ctrl ansible_host=10.3.1.100 -kube-work1 ansible_host=10.3.1.101 -kube-work2 ansible_host=10.3.1.102 - -[kubernetes:vars] -ansible_user=sascha -ansible_become=true -ansible_ssh_extra_args='-o StrictHostKeyChecking=no' - +[xray] +emby-sascha +emby-chris diff --git a/pfannkuchen.sh b/pfannkuchen.sh index 68e0a84..6e91824 100755 --- a/pfannkuchen.sh +++ b/pfannkuchen.sh @@ -15,7 +15,8 @@ usage() { echo -e " ${C}base${N} Nur Basis + Docker" echo -e " ${C}gpu${N} NVIDIA Treiber + Docker GPU Runtime" echo -e " ${C}backup${N} [host] Borg Backup einrichten (default: alle backup-Hosts)" - echo -e " ${C}hawser${N} Hawser installieren" + echo -e " ${C}hawser${N} [host] Hawser installieren (default: alle Docker-VMs)" + echo -e " ${C}patchmon${N} [host] PatchMon Agent deployen (Docker-VMs + Proxmox)" echo -e " ${C}pve${N} [host] Proxmox Post-Install (Repos, Nag, HA)" echo -e " ${C}passthrough${N} [host] GPU PCI Passthrough vorbereiten" echo -e " ${C}telegraf${N} [host] Telegraf Monitoring deployen" @@ -23,6 +24,8 @@ usage() { echo -e " ${C}sshfs${N} [host] SSHFS Mounts einrichten" echo -e " ${C}tune${N} Sysctl Netzwerk-Tuning" echo -e " ${C}pvetune${N} [host] Proxmox Host Tuning (sysctl, resolv, hosts)" + echo -e " ${C}tc${N} [host] tc per-flow Rate-Limit (50 Mbit/s pro Connection)" + echo -e " ${C}watchdog${N} Network Watchdog deployen (Whitelist aus Ansible)" echo -e " ${C}pveexporter${N} [host] PVE Exporter (Prometheus Metriken)" echo -e " ${C}update${N} [host] Dist-Upgrade (default: alle Hosts)" echo -e " ${C}list${N} Inventory anzeigen" @@ -32,6 +35,10 @@ usage() { echo -e "" echo -e "${B}Beispiele:${N}" echo -e " $0 setup emby_sascha" + echo -e " $0 hawser" + echo -e " $0 hawser pfannkuchen" + echo -e " $0 patchmon" + echo -e " $0 patchmon dockhand" echo -e " $0 backup proxmox" echo -e " $0 update" echo -e " $0 gpu tdarr" @@ -72,8 +79,18 @@ case "$CMD" in fi ;; hawser) - [ -z "$HOST" ] && echo -e "${R}Fehler: Host angeben${N}" && exit 1 - run hawser.yml -l "$HOST" + if [ -n "$HOST" ]; then + run hawser.yml -l "$HOST" + else + run hawser.yml + fi + ;; + patchmon) + if [ -n "$HOST" ]; then + run patchmon-agent.yml -l "$HOST" + else + run patchmon-agent.yml + fi ;; sshfs) if [ -n "$HOST" ]; then @@ -135,6 +152,17 @@ case "$CMD" in run update.yml fi ;; + tc) + if [ -n "$HOST" ]; then + run tc-ratelimit.yml -l "$HOST" + else + run tc-ratelimit.yml + fi + ;; + xray) PLAYBOOK="xray-client.yml" ;; + watchdog) + run net-watchdog.yml + ;; list) ansible-inventory --list --yaml 2>/dev/null || ansible-inventory --graph ;; diff --git a/roles/xray_client/defaults/main.yml b/roles/xray_client/defaults/main.yml new file mode 100644 index 0000000..3022324 --- /dev/null +++ b/roles/xray_client/defaults/main.yml @@ -0,0 +1,3 @@ +xray_image: "teddysun/xray:latest" +xray_config_path: "/app-config/xray/client.json" +xray_container_name: "xray-client" diff --git a/roles/xray_client/handlers/main.yml b/roles/xray_client/handlers/main.yml new file mode 100644 index 0000000..48b310d --- /dev/null +++ b/roles/xray_client/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: restart xray-client + community.docker.docker_container: + name: "{{ xray_container_name }}" + state: started + restart: true diff --git a/roles/xray_client/tasks/main.yml b/roles/xray_client/tasks/main.yml new file mode 100644 index 0000000..32092ac --- /dev/null +++ b/roles/xray_client/tasks/main.yml @@ -0,0 +1,28 @@ +--- +- name: Ensure xray config directory exists + file: + path: /app-config/xray + state: directory + mode: '0750' + +- name: Copy xray client config + copy: + src: "{{ xray_config_path }}" + dest: /app-config/xray/client.json + mode: '0640' + notify: restart xray-client + +- name: Pull xray image + community.docker.docker_image: + name: "{{ xray_image }}" + source: pull + +- name: Start xray-client container + community.docker.docker_container: + name: "{{ xray_container_name }}" + image: "{{ xray_image }}" + state: started + restart_policy: unless-stopped + network_mode: host + volumes: + - "/app-config/xray/client.json:/etc/xray/config.json:ro" diff --git a/xray-client.yml b/xray-client.yml new file mode 100644 index 0000000..8400b96 --- /dev/null +++ b/xray-client.yml @@ -0,0 +1,6 @@ +--- +- name: Deploy Xray VLESS+Reality Client + hosts: "{{ target | default('xray') }}" + become: true + roles: + - xray_client