sascha/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ansible: add xray_client role + playbook + [xray] inventory group

Browse source 
- New role: xray_client (deploys Xray VLESS+Reality client container)
- New playbook: xray-client.yml
- New inventory group: [xray] (emby-sascha, emby-chris)
- pfannkuchen.sh: new command 'xray'
- Prepared for migration from FRP to Xray tunnel
This commit is contained in:
sascha 2026-04-10 22:13:41 +02:00
parent 2650391432
commit 73281a3ac6
6 changed files with 98 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

38
pfannkuchen.ini
View file

@ -12,7 +12,6 @@ ansible_user=root
[media] [media]
emby-sascha ansible_host=10.6.1.103 emby-sascha ansible_host=10.6.1.103
jellyfin ansible_host=10.5.1.112
immich ansible_host=10.4.1.107 immich ansible_host=10.4.1.107
emby-chris ansible_host=10.7.1.106 emby-chris ansible_host=10.7.1.106
@ -30,15 +29,24 @@ dockhand ansible_host=10.4.1.116
n8n ansible_host=10.4.1.113 n8n ansible_host=10.4.1.113
openclaw ansible_host=10.4.1.100 openclaw ansible_host=10.4.1.100
monitoring ansible_host=10.1.1.111 monitoring ansible_host=10.1.1.111
# automation ansible_host=10.1.1.115 # deprecated - VM abschalten sobald bereit
automation1 ansible_host=10.5.85.5 automation1 ansible_host=10.5.85.5
outline ansible_host=10.1.1.100 outline ansible_host=10.1.1.100
funkwerk-ai ansible_host=10.1.1.10
[communication] [communication]
matrix ansible_host=10.4.1.110 matrix ansible_host=10.4.1.110
[infrastructure]
pbs ansible_host=10.3.1.10 ansible_user=root
[83]
auris-integration ansible_host=10.5.83.151 ansible_user=fia ansible_password=kronerew ansible_become_password=kronerew base_user=fia
susi ansible_host=10.5.83.8 ansible_user=sascha ansible_password=GT500r8 ansible_become_password=GT500r8 base_user=sascha
tunnel-test ansible_host=10.6.1.99
[hetzner] [hetzner]
pfannkuchen ansible_host=159.69.245.190 ansible_user=root ansible_ssh_private_key_file=~/.ssh/id_ed25519 test-vps ansible_host=78.46.186.211 ansible_user=root ansible_port=22 ansible_ssh_private_key_file=~/.ssh/id_ed25519
pfannkuchen ansible_host=159.69.245.190 ansible_user=root ansible_port=2505 ansible_ssh_private_key_file=~/.ssh/id_ed25519
[nvidia] [nvidia]
tdarr tdarr
@ -55,7 +63,6 @@ node7
[frp] [frp]
emby-sascha emby-sascha
emby-chris emby-chris
jellyfin
[wireguard] [wireguard]
node1 node1
@ -66,12 +73,21 @@ node5
node6 node6
node7 node7
[hawser:children]
media
arr
docker
auto
communication
hetzner
[all:children] [all:children]
media media
arr arr
docker docker
auto auto
communication communication
infrastructure
hetzner hetzner
proxmox proxmox
@ -83,16 +99,10 @@ auto
communication communication
proxmox proxmox
hetzner hetzner
infrastructure
# Credentials liegen in group_vars/ (nicht im INI, da kein Jinja2-Support) # Credentials liegen in group_vars/ (nicht im INI, da kein Jinja2-Support)
[kubernetes] [xray]
kube-ctrl ansible_host=10.3.1.100 emby-sascha
kube-work1 ansible_host=10.3.1.101 emby-chris
kube-work2 ansible_host=10.3.1.102
[kubernetes:vars]
ansible_user=sascha
ansible_become=true
ansible_ssh_extra_args='-o StrictHostKeyChecking=no'

34
pfannkuchen.sh
View file

@ -15,7 +15,8 @@ usage() {
echo -e " ${C}base${N} <host> Nur Basis + Docker" echo -e " ${C}base${N} <host> Nur Basis + Docker"
echo -e " ${C}gpu${N} <host> NVIDIA Treiber + Docker GPU Runtime" echo -e " ${C}gpu${N} <host> NVIDIA Treiber + Docker GPU Runtime"
echo -e " ${C}backup${N} [host] Borg Backup einrichten (default: alle backup-Hosts)" echo -e " ${C}backup${N} [host] Borg Backup einrichten (default: alle backup-Hosts)"
echo -e " ${C}hawser${N} <host> Hawser installieren" echo -e " ${C}hawser${N} [host] Hawser installieren (default: alle Docker-VMs)"
echo -e " ${C}patchmon${N} [host] PatchMon Agent deployen (Docker-VMs + Proxmox)"
echo -e " ${C}pve${N} [host] Proxmox Post-Install (Repos, Nag, HA)" echo -e " ${C}pve${N} [host] Proxmox Post-Install (Repos, Nag, HA)"
echo -e " ${C}passthrough${N} [host] GPU PCI Passthrough vorbereiten" echo -e " ${C}passthrough${N} [host] GPU PCI Passthrough vorbereiten"
echo -e " ${C}telegraf${N} [host] Telegraf Monitoring deployen" echo -e " ${C}telegraf${N} [host] Telegraf Monitoring deployen"
@ -23,6 +24,8 @@ usage() {
echo -e " ${C}sshfs${N} [host] SSHFS Mounts einrichten" echo -e " ${C}sshfs${N} [host] SSHFS Mounts einrichten"
echo -e " ${C}tune${N} <host> Sysctl Netzwerk-Tuning" echo -e " ${C}tune${N} <host> Sysctl Netzwerk-Tuning"
echo -e " ${C}pvetune${N} [host] Proxmox Host Tuning (sysctl, resolv, hosts)" echo -e " ${C}pvetune${N} [host] Proxmox Host Tuning (sysctl, resolv, hosts)"
echo -e " ${C}tc${N} [host] tc per-flow Rate-Limit (50 Mbit/s pro Connection)"
echo -e " ${C}watchdog${N} Network Watchdog deployen (Whitelist aus Ansible)"
echo -e " ${C}pveexporter${N} [host] PVE Exporter (Prometheus Metriken)" echo -e " ${C}pveexporter${N} [host] PVE Exporter (Prometheus Metriken)"
echo -e " ${C}update${N} [host] Dist-Upgrade (default: alle Hosts)" echo -e " ${C}update${N} [host] Dist-Upgrade (default: alle Hosts)"
echo -e " ${C}list${N} Inventory anzeigen" echo -e " ${C}list${N} Inventory anzeigen"
@ -32,6 +35,10 @@ usage() {
echo -e "" echo -e ""
echo -e "${B}Beispiele:${N}" echo -e "${B}Beispiele:${N}"
echo -e " $0 setup emby_sascha" echo -e " $0 setup emby_sascha"
echo -e " $0 hawser"
echo -e " $0 hawser pfannkuchen"
echo -e " $0 patchmon"
echo -e " $0 patchmon dockhand"
echo -e " $0 backup proxmox" echo -e " $0 backup proxmox"
echo -e " $0 update" echo -e " $0 update"
echo -e " $0 gpu tdarr" echo -e " $0 gpu tdarr"
@ -72,8 +79,18 @@ case "$CMD" in
fi fi
;; ;;
hawser) hawser)
[ -z "$HOST" ] && echo -e "${R}Fehler: Host angeben${N}" && exit 1 if [ -n "$HOST" ]; then
run hawser.yml -l "$HOST" run hawser.yml -l "$HOST"
else
run hawser.yml
fi
;;
patchmon)
if [ -n "$HOST" ]; then
run patchmon-agent.yml -l "$HOST"
else
run patchmon-agent.yml
fi
;; ;;
sshfs) sshfs)
if [ -n "$HOST" ]; then if [ -n "$HOST" ]; then
@ -135,6 +152,17 @@ case "$CMD" in
run update.yml run update.yml
fi fi
;; ;;
tc)
if [ -n "$HOST" ]; then
run tc-ratelimit.yml -l "$HOST"
else
run tc-ratelimit.yml
fi
;;
xray) PLAYBOOK="xray-client.yml" ;;
watchdog)
run net-watchdog.yml
;;
list) list)
ansible-inventory --list --yaml 2>/dev/null || ansible-inventory --graph ansible-inventory --list --yaml 2>/dev/null || ansible-inventory --graph
;; ;;

3
roles/xray_client/defaults/main.yml Normal file
View file

@ -0,0 +1,3 @@
xray_image: "teddysun/xray:latest"
xray_config_path: "/app-config/xray/client.json"
xray_container_name: "xray-client"

6
roles/xray_client/handlers/main.yml Normal file
View file

@ -0,0 +1,6 @@
---
- name: restart xray-client
community.docker.docker_container:
name: "{{ xray_container_name }}"
state: started
restart: true

28
roles/xray_client/tasks/main.yml Normal file
View file

@ -0,0 +1,28 @@
---
- name: Ensure xray config directory exists
file:
path: /app-config/xray
state: directory
mode: '0750'
- name: Copy xray client config
copy:
src: "{{ xray_config_path }}"
dest: /app-config/xray/client.json
mode: '0640'
notify: restart xray-client
- name: Pull xray image
community.docker.docker_image:
name: "{{ xray_image }}"
source: pull
- name: Start xray-client container
community.docker.docker_container:
name: "{{ xray_container_name }}"
image: "{{ xray_image }}"
state: started
restart_policy: unless-stopped
network_mode: host
volumes:
- "/app-config/xray/client.json:/etc/xray/config.json:ro"

6
xray-client.yml Normal file
View file

@ -0,0 +1,6 @@
---
- name: Deploy Xray VLESS+Reality Client
hosts: "{{ target | default('xray') }}"
become: true
roles:
- xray_client