update

ansible/configure.yaml

+---
+- hosts: wg
+  become: true
+  tasks:
+    - name: postup
+      copy:
+        src: scripts/postup.sh
+        dest: '/etc/wireguard/postup.sh'
+        mode: a+x
+    - name: predown
+      copy:
+        src: scripts/predown.sh
+        dest: '/etc/wireguard/predown.sh'
+        mode: a+x
+# 为了提高测试时候的性能，不改动wg的时候注释掉这段
+    - name: 'loop through list from a variable'
+      include_tasks: 'protocols/{{item.protocol}}/configure.yaml'
+      vars:
+        conn: '{{item}}'
+      with_items: '{{ connections }}'
+    - name: 'frps'
+      include_tasks: 'protocols/wgfrp/frps.yaml'
+      when: 'frps_needed is defined'
+    - name: 鸟配置 (apt)
+      template:
+        src: bird.conf.j2
+        dest: '/etc/bird/bird.conf'
+      when: ansible_os_family == "Debian"
+      notify: restart_bird
+    - name: 鸟配置 (yum)
+      template:
+        src: bird.conf.j2
+        dest: '/etc/bird.conf'
+      when: ansible_os_family == "RedHat"
+      notify: restart_bird
+    - name: start bird
+      systemd:
+        name: bird
+        state: started
+        enabled: yes
+  handlers:
+    - name: restart_bird
+      systemd:
+        name: bird
+        state: reloaded

ansible/install.yaml

----
 - hosts: wg
   become: true
+  roles:
+    - wireguard
   tasks:
-    - name: postup
-      copy:
-        src: scripts/postup.sh
-        dest: '/etc/wireguard/postup.sh'
-        mode: a+x
-    - name: predown
-      copy:
-        src: scripts/predown.sh
-        dest: '/etc/wireguard/predown.sh'
-        mode: a+x
-# 为了提高测试时候的性能，不改动wg的时候注释掉这段
-    - name: 'loop through list from a variable'
-      include_tasks: 'protocols/{{item.protocol}}/{{item.protocol}}.yaml'
-      vars:
-        conn: '{{item}}'
-      with_items: '{{ connections }}'
-    - name: 'frps'
-      include_tasks: 'protocols/wgfrp/frps.yaml'
-      when: 'frps_needed is defined'
-
-#    - name: 安装软件包 (apt)
-#      apt:
-#        name: bird2
-#        state: latest
-#      when: ansible_os_family == "Debian"
-#    - name: 安装软件包 (yum)
-#      yum:
-#        name: bird2
-#        state: latest
-#      when: ansible_os_family == "RedHat"
-    - name: 鸟配置 (apt)
-      template:
-        src: bird.conf.j2
-        dest: '/etc/bird/bird.conf'
+    - name: install bird
+      apt:
+        name: bird2
+        state: latest
       when: ansible_os_family == "Debian"
-    - name: 鸟配置 (yum)
-      template:
-        src: bird.conf.j2
-        dest: '/etc/bird.conf'
+    - name: install bird
+      yum:
+        name: bird2
+        state: latest
       when: ansible_os_family == "RedHat"
-    - name: 重启鸟，测试用
-      systemd:
-        name: bird
-        state: reloaded
+    - name: frp directory
+      file:
+        path: /tmp/frp
+        state: directory
+    - name: get frp
+      unarchive:
+        src: https://github.com/fatedier/frp/releases/download/v0.31.2/frp_0.31.2_linux_amd64.tar.gz
+        remote_src: true
+        creates:
+          - /tmp/frp/frpc
+          - /tmp/frp/frps
+        dest: /tmp/frp/
+      when: 'ansible_architecture == "x86_64"'
+    - name: get frp for arm
+      unarchive:
+        src: https://github.com/fatedier/frp/releases/download/v0.31.2/frp_0.31.2_linux_arm64.tar.gz
+        remote_src: true
+        creates:
+          - /tmp/frp/frpc
+          - /tmp/frp/frps
+        dest: /tmp/frp/
+        extra_opts:
+          - --strip-components=1
+      when: 'ansible_architecture == "aarch64"'
+    - name: install frp
+      shell: 'cp -rf /tmp/frp/frpc /usr/bin/ && cp -rf /tmp/frp/frps /usr/bin/ && cp -rf /tmp/frp/systemd/* /usr/lib/systemd/systemd/'
+      name: frp config directory
+      file:
+        path: /etc/frp
+        state: directory

ansible/protocols/null/configure.yaml

+- name: stop
+  systemd:
+    name: '{{item}}@{{conn.name}}'
+    state: stopped
+    enabled: no
+  with_items:
+    - wg-quick
+    - frpc
+- name: remove config files
+  file:
+    path: '/etc/{{item}}/{{conn.name}}.conf'
+    state: absent
+  with_items:
+    - wireguard
+    - frp

ansible/protocols/wg/wg.yaml → ansible/protocols/wg/configure.yaml

 # 因为测试期间频繁改动参数，这里手动down掉
 # 调试wg的时候开这个，调试别的的时候注释掉
-- name: stop，测试用。
+- name: clean frp
   systemd:
-    name: 'wg-quick@{{conn.name}}'
+    name: '{{item}}@{{conn.name}}'
     state: stopped
+    enabled: no
+  with_items:
+    - frpc
+- name: clean frp service
+  file:
+    path: '/etc/{{item}}/{{conn.name}}.conf'
+    state: absent
+  with_items:
+    - frp
 - name: conf
   template:
     src: wg.conf.j2

ansible/protocols/wgfrp/wgfrp.yaml → ansible/protocols/wgfrp/configure.yaml

@@ -11,45 +11,12 @@
     name: 'wg-quick@{{conn.name}}'
     state: started
     enabled: yes
-- name: frp directory
-  file:
-    path: /tmp/frp
-    state: directory
-- name: get frp
-  unarchive:
-    src: https://github.com/fatedier/frp/releases/download/v0.31.2/frp_0.31.2_linux_amd64.tar.gz
-    remote_src: true
-    creates:
-      - /tmp/frp/frpc
-      - /tmp/frp/frps
-    dest: /tmp/frp/
-  when: 'ansible_architecture == "x86_64"'
-- name: get frp for arm
-  unarchive:
-    src: https://github.com/fatedier/frp/releases/download/v0.31.2/frp_0.31.2_linux_arm64.tar.gz
-    remote_src: true
-    creates:
-      - /tmp/frp/frpc
-      - /tmp/frp/frps
-    dest: /tmp/frp/
-    extra_opts:
-      - --strip-components=1
-  when: 'ansible_architecture == "aarch64"'
-- name: install frp
-  become: true
-  shell: 'cp -rf /tmp/frp/frpc /usr/bin/ && cp -rf /tmp/frp/frps /usr/bin/ && cp -rf /tmp/frp/systemd/* /usr/lib/systemd/systemd/'
-  name: frp config directory
-  file:
-    path: /tmp/frp
-    state: directory
 - name: frpc template
-  become: true
   template:
     src: 'frpc.ini.j2'
     dest: '/etc/frp/{{conn.name}}.ini'
   when: 'conn.frpType == "frpc"'
 - name: start frpc
-  become: true
   systemd:
     name: 'frpc@{{conn.name}}'
     state: restarted

ansible/protocols/wgfrp/frps.yaml

 - name: frps template
-  become: true
   template:
     src: 'frps.ini.j2'
     dest: '/etc/frp/frps.ini'
 - name: start frps
-  become: true
   systemd:
     name: 'frps'
     state: restarted

ansible/roles/wireguard/README.md

+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

ansible/roles/wireguard/defaults/main.yml

+---
+# defaults file for wireguard
\ No newline at end of file

ansible/roles/wireguard/handlers/main.yml

+---
+# handlers file for wireguard
\ No newline at end of file

ansible/roles/wireguard/meta/main.yml

+galaxy_info:
+  author: Nanahira
+  description: WireGuard
+  company: MyCard
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Some suggested licenses:
+  # - BSD (default)
+  # - MIT
+  # - GPLv2
+  # - GPLv3
+  # - Apache
+  # - CC-BY
+  license: license (GPLv2, CC-BY, etc)
+
+  min_ansible_version: 1.2
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  # Optionally specify the branch Galaxy will use when accessing the GitHub
+  # repo for this role. During role install, if no tags are available,
+  # Galaxy will use this branch. During import Galaxy will access files on
+  # this branch. If Travis integration is configured, only notifications for this
+  # branch will be accepted. Otherwise, in all cases, the repo's default branch
+  # (usually master) will be used.
+  #github_branch:
+
+  #
+  # platforms is a list of platforms, and each platform has a name and a list of versions.
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

ansible/roles/wireguard/tasks/main.yml

+---
+  - name: WireGuard 源 (Debian)
+    become: true
+    apt_repository:
+      repo: deb http://mirrors.163.com/debian/ unstable main
+      filename: unstable
+    when: ansible_distribution == 'Debian'
+  - name: WireGuard 源 (Debian)
+    become: true
+    apt_repository:
+      repo: deb http://deb.debian.org/debian/ unstable main
+      filename: unstable
+      state: absent
+    when: ansible_distribution == 'Debian'
+  - name: WireGuard 源 (Debian)
+    become: true
+    copy:
+      content: |
+        Package: *
+        Pin: release a=unstable
+        Pin-Priority: 90
+      dest: /etc/apt/preferences.d/limit-unstable
+    when: ansible_distribution == 'Debian'
+  - name: WireGuard 源 (Ubuntu)
+    become: true
+    apt_repository:
+      repo: ppa:wireguard/wireguard
+    when: ansible_distribution == 'Ubuntu'
+  - name: 安装软件包 (apt)
+    become: true
+    apt:
+      name: wireguard,resolvconf
+      state: latest
+      update_cache: yes
+    when: ansible_os_family == 'Debian'
+  - name: WireGuard 源 (CentOS)
+    become: true
+    yum_repository:
+      name: wireguard
+      description: wireguard
+      baseurl: 'https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/epel-{{ansible_distribution_major_version}}-$basearch/'
+      ip_resolve: 4
+      gpgkey: "https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/pubkey.gpg"
+    when: "ansible_distribution == 'CentOS'"
+  - name: epel 7
+    become: true
+    yum:
+      state: latest
+      name: epel-release
+    when: "ansible_distribution == 'CentOS' and ansible_distribution_major_version|int <= 7"
+  - name: 安装软件包 (yum)
+    become: true
+    yum:
+      state: latest
+      update_cache: true
+      name: wireguard-tools,wireguard-dkms
+    when: "ansible_distribution == 'CentOS' and ansible_distribution_major_version|int <= 7"
+  - name: epel 8
+    become: true
+    dnf:
+      state: latest
+      name: epel-release
+    when: "ansible_distribution == 'CentOS' and ansible_distribution_major_version|int == 8"
+  - name: 安装软件包 (dnf)
+    become: true
+    dnf:
+      state: latest
+      name: wireguard-tools,wireguard-dkms
+    when: "ansible_distribution == 'CentOS' and ansible_distribution_major_version|int == 8"

ansible/roles/wireguard/tests/inventory

+localhost
+

ansible/roles/wireguard/tests/test.yml

+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - wireguard
\ No newline at end of file

ansible/roles/wireguard/vars/main.yml

+---
+# vars file for wireguard
\ No newline at end of file

update.sh

@@ -9,4 +9,4 @@ read -p '确认无误后按回车继续'
 mkdir -p result
 npm run inventory
 cd ansible || exit
-ansible-playbook -i ../result/inventory.yaml "$@" install.yaml
+ansible-playbook -i ../result/inventory.yaml "$@" configure.yaml