update

c2402a8f · nanahira · e93ddf92 · c2402a8f · c2402a8f · c2402a8f
Commit c2402a8f authored Jan 28, 2020 by nanahira
5 changed files
--- a/docker.yml
+++ b/docker.yml
+---
+- hosts: docker
+  remote_user: root
+  tasks:
+    - name: docker
+      include: includes/docker.yml
--- a/files/pter/pter.json.j2
+++ b/files/pter/pter.json.j2
 {
    "web": {
        "host": "0.0.0.0",
-        "listen": 8443,
+        "listen": {{https_port}},
        "ssl": {
            "enabled": true,
            "certificate": "/srv/certs/fullchain.pem",
@@ -35,7 +35,7 @@
    "sftp": {
        "path": "/srv/daemon-data",
        "ip": "0.0.0.0",
-        "port": 2022,
+        "port": {{sftp_port}},
        "keypair": {
            "bits": 2048,
            "e": 65537

--- a/includes/wireguard.yml
+++ b/includes/wireguard.yml
+---
+  - name: WireGuard 源 (Debian)
+    become: true
+    apt_repository:
+      repo: deb http://mirrors.163.com/debian/ unstable main
+      filename: unstable
+    when: ansible_distribution == 'Debian'
+  - name: WireGuard 源 (Debian)
+    become: true
+    apt_repository:
+      repo: deb http://deb.debian.org/debian/ unstable main
+      filename: unstable
+      state: absent
+    when: ansible_distribution == 'Debian'
+  - name: WireGuard 源 (Debian)
+    become: true
+    copy:
+      content: |
+        Package: *
+        Pin: release a=unstable
+        Pin-Priority: 90
+      dest: /etc/apt/preferences.d/limit-unstable
+    when: ansible_distribution == 'Debian'
+  - name: WireGuard 源 (Ubuntu)
+    become: true
+    apt_repository:
+      repo: ppa:wireguard/wireguard
+    when: ansible_distribution == 'Ubuntu'
+  - name: 安装软件包 (apt)
+    become: true
+    apt:
+      name: wireguard,resolvconf
+      state: latest
+      update_cache: yes
+    when: ansible_distribution != 'CentOS'
+  - name: WireGuard 源 (CentOS)
+    become: true
+    yum_repository:
+      name: wireguard
+      description: wireguard
+      baseurl: 'https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/epel-{{ansible_distribution_major_version}}-$basearch/'
+      ip_resolve: 4
+      gpgkey: "https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/pubkey.gpg"
+    when: "ansible_distribution == 'CentOS'"
+  - name: epel 7
+    become: true
+    yum:
+      state: latest
+      name: epel-release
+    when: "ansible_distribution == 'CentOS' and ansible_distribution_major_version|int <= 7"
+  - name: 安装软件包 (yum)
+    become: true
+    yum:
+      state: latest
+      update_cache: true
+      name: wireguard-tools,wireguard-dkms
+    when: "ansible_distribution == 'CentOS' and ansible_distribution_major_version|int <= 7"
+  - name: epel 8
+    become: true
+    dnf:
+      state: latest
+      name: epel-release
+    when: "ansible_distribution == 'CentOS' and ansible_distribution_major_version|int == 8"
+  - name: 安装软件包 (dnf)
+    become: true
+    dnf:
+      state: latest
+      name: wireguard-tools,wireguard-dkms
+    when: "ansible_distribution == 'CentOS' and ansible_distribution_major_version|int == 8"
--- a/init.yml
+++ b/init.yml
@@ -26,7 +26,7 @@
        regexp: '^#?PasswordAuthentication true.*$'
        line: 'PasswordAuthentication no'
        backrefs: true
-      when: "ansible_user_id == 'root' or ansible_user_id == 'nanahira' or ansible_user_id == 'mycard' or ansible_user_id == 'zh99998'" # Only self-managed servers
+      when: "(ansible_user_id == 'root' or ansible_user_id == 'nanahira' or ansible_user_id == 'mycard' or ansible_user_id == 'zh99998') and not allow_password is defined" # Only self-managed servers
      notify: restart_sshd
    - name: swappiness
      become: true

--- a/install_wireguard.yml
+++ b/install_wireguard.yml
+---
+- hosts: wg_install
+  remote_user: root
+  tasks:
+    - name: wireguard
+      include: includes/wireguard.yml