ansible: add xray_client role + playbook + [xray] inventory group
- New role: xray_client (deploys Xray VLESS+Reality client container) - New playbook: xray-client.yml - New inventory group: [xray] (emby-sascha, emby-chris) - pfannkuchen.sh: new command 'xray' - Prepared for migration from FRP to Xray tunnel
This commit is contained in:
sascha
parent
2650391432
commit
73281a3ac6
6 changed files with 98 additions and 17 deletions
|
|
@ -12,7 +12,6 @@ ansible_user=root
|
|||
|
||||
[media]
|
||||
emby-sascha ansible_host=10.6.1.103
|
||||
jellyfin ansible_host=10.5.1.112
|
||||
immich ansible_host=10.4.1.107
|
||||
emby-chris ansible_host=10.7.1.106
|
||||
|
||||
|
|
@ -30,15 +29,24 @@ dockhand ansible_host=10.4.1.116
|
|||
n8n ansible_host=10.4.1.113
|
||||
openclaw ansible_host=10.4.1.100
|
||||
monitoring ansible_host=10.1.1.111
|
||||
# automation ansible_host=10.1.1.115 # deprecated - VM abschalten sobald bereit
|
||||
automation1 ansible_host=10.5.85.5
|
||||
outline ansible_host=10.1.1.100
|
||||
funkwerk-ai ansible_host=10.1.1.10
|
||||
|
||||
[communication]
|
||||
matrix ansible_host=10.4.1.110
|
||||
|
||||
[infrastructure]
|
||||
pbs ansible_host=10.3.1.10 ansible_user=root
|
||||
|
||||
[83]
|
||||
auris-integration ansible_host=10.5.83.151 ansible_user=fia ansible_password=kronerew ansible_become_password=kronerew base_user=fia
|
||||
susi ansible_host=10.5.83.8 ansible_user=sascha ansible_password=GT500r8 ansible_become_password=GT500r8 base_user=sascha
|
||||
tunnel-test ansible_host=10.6.1.99
|
||||
|
||||
[hetzner]
|
||||
pfannkuchen ansible_host=159.69.245.190 ansible_user=root ansible_ssh_private_key_file=~/.ssh/id_ed25519
|
||||
test-vps ansible_host=78.46.186.211 ansible_user=root ansible_port=22 ansible_ssh_private_key_file=~/.ssh/id_ed25519
|
||||
pfannkuchen ansible_host=159.69.245.190 ansible_user=root ansible_port=2505 ansible_ssh_private_key_file=~/.ssh/id_ed25519
|
||||
|
||||
[nvidia]
|
||||
tdarr
|
||||
|
|
@ -55,7 +63,6 @@ node7
|
|||
[frp]
|
||||
emby-sascha
|
||||
emby-chris
|
||||
jellyfin
|
||||
|
||||
[wireguard]
|
||||
node1
|
||||
|
|
@ -66,12 +73,21 @@ node5
|
|||
node6
|
||||
node7
|
||||
|
||||
[hawser:children]
|
||||
media
|
||||
arr
|
||||
docker
|
||||
auto
|
||||
communication
|
||||
hetzner
|
||||
|
||||
[all:children]
|
||||
media
|
||||
arr
|
||||
docker
|
||||
auto
|
||||
communication
|
||||
infrastructure
|
||||
hetzner
|
||||
proxmox
|
||||
|
||||
|
|
@ -83,16 +99,10 @@ auto
|
|||
communication
|
||||
proxmox
|
||||
hetzner
|
||||
infrastructure
|
||||
|
||||
# Credentials liegen in group_vars/ (nicht im INI, da kein Jinja2-Support)
|
||||
|
||||
[kubernetes]
|
||||
kube-ctrl ansible_host=10.3.1.100
|
||||
kube-work1 ansible_host=10.3.1.101
|
||||
kube-work2 ansible_host=10.3.1.102
|
||||
|
||||
[kubernetes:vars]
|
||||
ansible_user=sascha
|
||||
ansible_become=true
|
||||
ansible_ssh_extra_args='-o StrictHostKeyChecking=no'
|
||||
|
||||
[xray]
|
||||
emby-sascha
|
||||
emby-chris
|
||||
|
|
|
|||
|
|
@ -15,7 +15,8 @@ usage() {
|
|||
echo -e " ${C}base${N} <host> Nur Basis + Docker"
|
||||
echo -e " ${C}gpu${N} <host> NVIDIA Treiber + Docker GPU Runtime"
|
||||
echo -e " ${C}backup${N} [host] Borg Backup einrichten (default: alle backup-Hosts)"
|
||||
echo -e " ${C}hawser${N} <host> Hawser installieren"
|
||||
echo -e " ${C}hawser${N} [host] Hawser installieren (default: alle Docker-VMs)"
|
||||
echo -e " ${C}patchmon${N} [host] PatchMon Agent deployen (Docker-VMs + Proxmox)"
|
||||
echo -e " ${C}pve${N} [host] Proxmox Post-Install (Repos, Nag, HA)"
|
||||
echo -e " ${C}passthrough${N} [host] GPU PCI Passthrough vorbereiten"
|
||||
echo -e " ${C}telegraf${N} [host] Telegraf Monitoring deployen"
|
||||
|
|
@ -23,6 +24,8 @@ usage() {
|
|||
echo -e " ${C}sshfs${N} [host] SSHFS Mounts einrichten"
|
||||
echo -e " ${C}tune${N} <host> Sysctl Netzwerk-Tuning"
|
||||
echo -e " ${C}pvetune${N} [host] Proxmox Host Tuning (sysctl, resolv, hosts)"
|
||||
echo -e " ${C}tc${N} [host] tc per-flow Rate-Limit (50 Mbit/s pro Connection)"
|
||||
echo -e " ${C}watchdog${N} Network Watchdog deployen (Whitelist aus Ansible)"
|
||||
echo -e " ${C}pveexporter${N} [host] PVE Exporter (Prometheus Metriken)"
|
||||
echo -e " ${C}update${N} [host] Dist-Upgrade (default: alle Hosts)"
|
||||
echo -e " ${C}list${N} Inventory anzeigen"
|
||||
|
|
@ -32,6 +35,10 @@ usage() {
|
|||
echo -e ""
|
||||
echo -e "${B}Beispiele:${N}"
|
||||
echo -e " $0 setup emby_sascha"
|
||||
echo -e " $0 hawser"
|
||||
echo -e " $0 hawser pfannkuchen"
|
||||
echo -e " $0 patchmon"
|
||||
echo -e " $0 patchmon dockhand"
|
||||
echo -e " $0 backup proxmox"
|
||||
echo -e " $0 update"
|
||||
echo -e " $0 gpu tdarr"
|
||||
|
|
@ -72,8 +79,18 @@ case "$CMD" in
|
|||
fi
|
||||
;;
|
||||
hawser)
|
||||
[ -z "$HOST" ] && echo -e "${R}Fehler: Host angeben${N}" && exit 1
|
||||
if [ -n "$HOST" ]; then
|
||||
run hawser.yml -l "$HOST"
|
||||
else
|
||||
run hawser.yml
|
||||
fi
|
||||
;;
|
||||
patchmon)
|
||||
if [ -n "$HOST" ]; then
|
||||
run patchmon-agent.yml -l "$HOST"
|
||||
else
|
||||
run patchmon-agent.yml
|
||||
fi
|
||||
;;
|
||||
sshfs)
|
||||
if [ -n "$HOST" ]; then
|
||||
|
|
@ -135,6 +152,17 @@ case "$CMD" in
|
|||
run update.yml
|
||||
fi
|
||||
;;
|
||||
tc)
|
||||
if [ -n "$HOST" ]; then
|
||||
run tc-ratelimit.yml -l "$HOST"
|
||||
else
|
||||
run tc-ratelimit.yml
|
||||
fi
|
||||
;;
|
||||
xray) PLAYBOOK="xray-client.yml" ;;
|
||||
watchdog)
|
||||
run net-watchdog.yml
|
||||
;;
|
||||
list)
|
||||
ansible-inventory --list --yaml 2>/dev/null || ansible-inventory --graph
|
||||
;;
|
||||
|
|
|
|||
3
roles/xray_client/defaults/main.yml
Normal file
3
roles/xray_client/defaults/main.yml
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
xray_image: "teddysun/xray:latest"
|
||||
xray_config_path: "/app-config/xray/client.json"
|
||||
xray_container_name: "xray-client"
|
||||
6
roles/xray_client/handlers/main.yml
Normal file
6
roles/xray_client/handlers/main.yml
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
- name: restart xray-client
|
||||
community.docker.docker_container:
|
||||
name: "{{ xray_container_name }}"
|
||||
state: started
|
||||
restart: true
|
||||
28
roles/xray_client/tasks/main.yml
Normal file
28
roles/xray_client/tasks/main.yml
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
---
|
||||
- name: Ensure xray config directory exists
|
||||
file:
|
||||
path: /app-config/xray
|
||||
state: directory
|
||||
mode: '0750'
|
||||
|
||||
- name: Copy xray client config
|
||||
copy:
|
||||
src: "{{ xray_config_path }}"
|
||||
dest: /app-config/xray/client.json
|
||||
mode: '0640'
|
||||
notify: restart xray-client
|
||||
|
||||
- name: Pull xray image
|
||||
community.docker.docker_image:
|
||||
name: "{{ xray_image }}"
|
||||
source: pull
|
||||
|
||||
- name: Start xray-client container
|
||||
community.docker.docker_container:
|
||||
name: "{{ xray_container_name }}"
|
||||
image: "{{ xray_image }}"
|
||||
state: started
|
||||
restart_policy: unless-stopped
|
||||
network_mode: host
|
||||
volumes:
|
||||
- "/app-config/xray/client.json:/etc/xray/config.json:ro"
|
||||
6
xray-client.yml
Normal file
6
xray-client.yml
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
- name: Deploy Xray VLESS+Reality Client
|
||||
hosts: "{{ target | default('xray') }}"
|
||||
become: true
|
||||
roles:
|
||||
- xray_client
|
||||
Loading…
Add table
Add a link
Reference in a new issue