commit 3f81345537cabddf03f1e96610d92b10c9cf2138
parent 65e0a41ff367967ea4cec22420720ba1965b6328
Author: Leah (ctucx) <leah@ctu.cx>
Date: Mon, 22 Feb 2021 11:43:15 +0100
parent 65e0a41ff367967ea4cec22420720ba1965b6328
Author: Leah (ctucx) <leah@ctu.cx>
Date: Mon, 22 Feb 2021 11:43:15 +0100
roles/frp: split
25 files changed, 262 insertions(+), 212 deletions(-)
D
|
81
-------------------------------------------------------------------------------
diff --git a/roles/frp/tasks/frpc.yml b/roles/frp/tasks/frpc.yml @@ -1,64 +0,0 @@ ---- - -- name: "[Alpine] Install package: frp" - apk: - name: frp - state: present - update_cache: yes - when: - - ansible_distribution == "Alpine" - -- name: "[Archlinux] Install package: frps" - pacman: - name: frps - state: present - update_cache: yes - when: - - ansible_distribution == "Archlinux" - -- name: "Create directory: /etc/frp" - file: - path: /etc/frp - state: directory - when: - - ansible_distribution == "Archlinux" - -- copy: - content: '# Configuration for /etc/init.d/frpc\nfrps_opts="-c /etc/frpc.ini"' - dest: /etc/conf.d/frpc - mode: 0644 - when: - - ansible_distribution == "Alpine" - -- name: "[Alpine] Generate config for frpc" - template: - src: frpc.conf.j2 - dest: /etc/frpc.ini - owner: frpc - group: frpc - mode: 0644 - when: - - ansible_distribution == "Alpine" - -- name: "[Archlinux] Generate config for frpc" - template: - src: frpc.conf.j2 - dest: /etc/frp/frpc.ini - when: - - ansible_distribution == "Archlinux" - -- name: "[OpenRC] Restart and enable service: frpc" - service: - name: frpc - state: restarted - enabled: yes - when: - - ansible_service_mgr == "openrc" - -- name: "[systemd] Restart and enable service: frpc" - systemd: - name: frpc - state: restarted - enabled: yes - when: - - ansible_service_mgr == "systemd"
diff --git a/roles/frp/tasks/frps.yml b/roles/frp/tasks/frps.yml @@ -1,81 +0,0 @@ ---- - -- name: "[Alpine] Install package: frp" - apk: - name: frp - state: present - update_cache: yes - when: - - ansible_distribution == "Alpine" - -- name: "[Archlinux] Install package: frps" - pacman: - name: frps - state: present - update_cache: yes - when: - - ansible_distribution == "Archlinux" - -- name: "Create directory: /etc/frp" - file: - path: /etc/frp - state: directory - when: - - ansible_distribution == "Archlinux" - -- name: "[nftables] Create rule for: frps" - template: - src: nftables-rule.nft.j2 - dest: /etc/nftables.d/frps.nft - when: - - network.nftables.enable is true - -- name: "[OpenRC] Restart service: nftables" - service: - name: nftables - state: restarted - when: - - ansible_service_mgr == "openrc" - - network.nftables.enable is true - -- name: "[systemd] Restart service: nftables" - systemd: - name: nftables - state: restarted - when: - - ansible_service_mgr == "systemd" - - network.nftables.enable is true - - -- name: "[OpenRC] Generate frps service config" - template: - src: frps.confd.j2 - dest: /etc/conf.d/frps - mode: 0644 - when: - - ansible_service_mgr == "openrc" - -- name: "[Archlinux] Generate frps config" - template: - src: frps.ini.j2 - dest: /etc/frp/frps.ini - mode: 0644 - when: - - ansible_distribution == "Archlinux" - - -- name: "[OpenRC] Enable and restart service: frps" - service: - name: frps - state: restarted - enabled: yes - when: - - ansible_service_mgr == "openrc" - -- name: "[systemd] Enable and restart service: frps" - systemd: - name: frps - state: restarted - enabled: yes - when: - - ansible_service_mgr == "systemd"
diff --git a/roles/frp/tasks/frps_nginx.yml b/roles/frp/tasks/frps_nginx.yml @@ -1,23 +0,0 @@ ---- - -- name: "[nginx] Create vhost" - template: - src: nginx-vhost.conf.j2 - dest: /etc/nginx/conf.d/frps.conf - mode: 0644 - owner: nginx - group: nginx - -- name: "[OpenRC] Restart service: nginx" - service: - name: nginx - state: restarted - when: - - ansible_service_mgr == "openrc" - -- name: "[systemd] Restart service: nginx" - systemd: - name: nginx - state: restarted - when: - - ansible_service_mgr == "systemd"- \ No newline at end of file
diff --git a/roles/frp/tasks/main.yml b/roles/frp/tasks/main.yml @@ -1,33 +0,0 @@ ---- - -- fail: msg="This Role only works when Option 'system.enableOwnRepos' is true!" - when: - - (services.frps.enable is defined and services.frps.enable is true) or (services.frpc.enable is defined and services.frpc.enable is true) - - system.enableOwnRepos is false - -- include: frps_checks.yml - when: - - services.frps.enable is defined - - services.frps.enable is true - -- include: frpc_checks.yml - when: - - services.frpc.enable is defined - - services.frpc.enable is true - -- include: frps.yml - when: - - services.frps.enable is defined - - services.frps.enable is true - -- include: frps_nginx.yml - when: - - services.frps.enable is defined - - services.frps.enable is true - - services.frps.nginx.enable is defined - - services.frps.nginx.enable is true - -- include: frpc.yml - when: - - services.frpc.enable is defined - - services.frpc.enable is true - \ No newline at end of file
diff --git a/roles/frp/templates/nftables-rule.nft.j2 b/roles/frp/templates/nftables-rule.nft.j2 @@ -1,8 +0,0 @@ -#!/usr/sbin/nft -f - -table inet firewall { - chain inbound { - # Allow frps on port {{ services.frps.port }}. - tcp dport {{ services.frps.port }} accept comment "frp server" - } -}- \ No newline at end of file
diff --git a/roles/frpc/handlers/main.yml b/roles/frpc/handlers/main.yml @@ -0,0 +1,17 @@ +--- + +- name: "[OpenRC] Restart service: frpc (to deploy config changes)" + service: + name: frpc + state: restarted + when: + - ansible_service_mgr == "openrc" + listen: "Restart frpc" + +- name: "[systemd] Restart service: frpc (to deploy config changes)" + systemd: + name: frpc + state: restarted + when: + - ansible_service_mgr == "systemd" + listen: "Restart frpc"
diff --git a/roles/frpc/tasks/configure.yml b/roles/frpc/tasks/configure.yml @@ -0,0 +1,33 @@ +--- + +- name: "Create directory: /etc/frp" + file: + path: /etc/frp + state: directory + +- copy: + content: '# Configuration for /etc/init.d/frpc\nfrps_opts="-c /etc/frpc.ini"' + dest: /etc/conf.d/frpc + mode: 0644 + when: + - ansible_distribution == "Alpine" + notify: "Restart frpc" + +- name: "[Alpine] Generate config for frpc" + template: + src: frpc.conf.j2 + dest: /etc/frpc.ini + owner: frpc + group: frpc + mode: 0644 + notify: "Restart frpc" + when: + - ansible_distribution == "Alpine" + +- name: "[Archlinux] Generate config for frpc" + template: + src: frpc.conf.j2 + dest: /etc/frp/frpc.ini + notify: "Restart frpc" + when: + - ansible_distribution == "Archlinux"
diff --git a/roles/frpc/tasks/install.yml b/roles/frpc/tasks/install.yml @@ -0,0 +1,15 @@ +--- + +- name: "[Alpine] Install package: frp" + apk: + name: frp + state: present + when: + - ansible_distribution == "Alpine" + +- name: "[Archlinux] Install package: frps" + pacman: + name: frps + state: present + when: + - ansible_distribution == "Archlinux"
diff --git a/roles/frpc/tasks/main.yml b/roles/frpc/tasks/main.yml @@ -0,0 +1,30 @@ +--- + +- fail: msg="This Role only works when Option 'system.enableOwnRepos' is true!" + when: + - services.frpc.enable is defined and services.frpc.enable is true + - system.enableOwnRepos is false + + +- include: checks.yml + when: + - services.frpc.enable is defined + - services.frpc.enable is true + +- include: install.yml + when: + - services.frpc.enable is defined + - services.frpc.enable is true + +- include: configure.yml + when: + - services.frpc.enable is defined + - services.frpc.enable is true + +- include: start.yml + when: + - services.frpc.enable is defined + - services.frpc.enable is true + +- name: Run handlers + meta: flush_handlers+ \ No newline at end of file
diff --git a/roles/frpc/tasks/start.yml b/roles/frpc/tasks/start.yml @@ -0,0 +1,18 @@ +--- + + +- name: "[OpenRC] Start and enable service: frpc" + service: + name: frpc + state: started + enabled: yes + when: + - ansible_service_mgr == "openrc" + +- name: "[systemd] Start and enable service: frpc" + systemd: + name: frpc + state: started + enabled: yes + when: + - ansible_service_mgr == "systemd"
diff --git a/roles/frps/handlers/main.yml b/roles/frps/handlers/main.yml @@ -0,0 +1,17 @@ +--- + +- name: "[OpenRC] Restart service: frps (to deploy config changes)" + service: + name: frps + state: restarted + when: + - ansible_service_mgr == "openrc" + listen: "Restart frps" + +- name: "[systemd] Restart service: frps (to deploy config changes)" + systemd: + name: frps + state: restarted + when: + - ansible_service_mgr == "systemd" + listen: "Restart frps"
diff --git a/roles/frps/meta/main.yml b/roles/frps/meta/main.yml @@ -0,0 +1,6 @@ +--- + +dependencies: + - nginx + - nginx-handler + - nftables-handler+ \ No newline at end of file
diff --git a/roles/frps/tasks/configure.yml b/roles/frps/tasks/configure.yml @@ -0,0 +1,32 @@ +--- + +- name: "Create directory: /etc/frp" + file: + path: /etc/frp + state: directory + +- name: "[nftables] Create rule for: frps" + template: + src: nftables-rule.nft.j2 + dest: /etc/nftables.d/frps.nft + when: + - network.nftables.enable is true + notify: "Restart nftables" + +- name: "[Alpine] Generate frps service config" + template: + src: frps.confd.j2 + dest: /etc/conf.d/frps + mode: 0644 + when: + - ansible_distribution == "Alpine" + notify: "Restart frps" + +- name: "[Archlinux] Generate frps config" + template: + src: frps.ini.j2 + dest: /etc/frp/frps.ini + mode: 0644 + when: + - ansible_distribution == "Archlinux" + notify: "Restart frps"
diff --git a/roles/frps/tasks/install.yml b/roles/frps/tasks/install.yml @@ -0,0 +1,15 @@ +--- + +- name: "[Alpine] Install package: frp" + apk: + name: frp + state: present + when: + - ansible_distribution == "Alpine" + +- name: "[Archlinux] Install package: frps" + pacman: + name: frps + state: present + when: + - ansible_distribution == "Archlinux"
diff --git a/roles/frps/tasks/main.yml b/roles/frps/tasks/main.yml @@ -0,0 +1,36 @@ +--- + +- fail: msg="This Role only works when Option 'system.enableOwnRepos' is true!" + when: + - services.frps.enable is defined and services.frps.enable is true + - system.enableOwnRepos is false + +- include: checks.yml + when: + - services.frps.enable is defined + - services.frps.enable is true + +- include: install.yml + when: + - services.frps.enable is defined + - services.frps.enable is true + +- include: configure.yml + when: + - services.frps.enable is defined + - services.frps.enable is true + +- include: nginx.yml + when: + - services.frps.enable is defined + - services.frps.enable is true + - services.frps.nginx.enable is defined + - services.frps.nginx.enable is true + +- include: start.yml + when: + - services.frps.enable is defined + - services.frps.enable is true + +- name: Run handlers + meta: flush_handlers+ \ No newline at end of file
diff --git a/roles/frps/tasks/nginx.yml b/roles/frps/tasks/nginx.yml @@ -0,0 +1,10 @@ +--- + +- name: "[nginx] Create vhost" + template: + src: nginx-vhost.conf.j2 + dest: /etc/nginx/conf.d/frps.conf + mode: 0644 + owner: nginx + group: nginx + notify: "Restart nginx"+ \ No newline at end of file
diff --git a/roles/frps/tasks/start.yml b/roles/frps/tasks/start.yml @@ -0,0 +1,17 @@ +--- + +- name: "[OpenRC] Start and enable service: frps" + service: + name: frps + state: started + enabled: yes + when: + - ansible_service_mgr == "openrc" + +- name: "[systemd] Start and enable service: frps" + systemd: + name: frps + state: started + enabled: yes + when: + - ansible_service_mgr == "systemd"
diff --git a/roles/frps/templates/nftables-rule.nft.j2 b/roles/frps/templates/nftables-rule.nft.j2 @@ -0,0 +1,11 @@ +#!/usr/sbin/nft -f +# +# !!! This file is managed by Ansible !!! +# + +table inet firewall { + chain inbound { + # Allow frps on port {{ services.frps.port }}. + tcp dport {{ services.frps.port }} accept comment "frp server" + } +}+ \ No newline at end of file