finally..

5a9a6369 · nanahira · eddff34e · 5a9a6369 · 5a9a6369 · 5a9a6369
Commit 5a9a6369 authored Mar 25, 2020 by nanahira
8 changed files
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
 [defaults]
 host_key_checking = False
 strategy_plugins = mitogen-0.2.9/ansible_mitogen/plugins/strategy
-strategy = mitogen_free
+strategy = mitogen_linear
--- a/ansible/protocols/wgfrp/configure.yaml
+++ b/ansible/protocols/wgfrp/configure.yaml
@@ -15,7 +15,7 @@
 - name: '{{conn.name}}: restart frpc'
  systemd:
    name: 'frpc@{{conn.name}}'
-    state: restarted
+    state: reloaded
  when: 'conn.frpType == "frpc" and frpc_config_result.changed and not frpc_launch_result.changed'
 # frps

--- a/ansible/protocols/wgfrp/frps.yaml
+++ b/ansible/protocols/wgfrp/frps.yaml
 - name: frps template
  template:
    src: 'frps.ini.j2'
-    dest: '/etc/frp/frps.ini'
+    dest: '/etc/frp/mycard.ini'
  register: frps_config_result
 - name: start frps
  systemd:
-    name: 'frps'
+    name: 'frps@mycard'
    state: started
    enabled: true
  register: frps_launch_result
 - name: restart frps
  systemd:
-    name: 'frps'
+    name: 'frps@mycard'
-    state: restarted
+    state: reloaded
  when: 'frps_config_result.changed and not frps_launch_result.changed'
--- a/ansible/roles/bird/tasks/main.yml
+++ b/ansible/roles/bird/tasks/main.yml
@@ -16,7 +16,7 @@
  dnf:
    name: bird2
    state: latest
-  when: 'ansible_os_family == "RedHat" and ansible_distribution_major_version|int == 8'
+  when: 'ansible_os_family == "RedHat" and ansible_distribution_major_version|int >= 8'
 - name: remove old bird
  apt:
    name: bird

--- a/ansible/roles/frp/tasks/main.yml
+++ b/ansible/roles/frp/tasks/main.yml
@@ -11,7 +11,7 @@
 - name: dnf
  dnf:
    name: tar,curl,wget
-  when: 'ansible_os_family == "RedHat" and ansible_distribution_major_version|int == 8'
+  when: 'ansible_os_family == "RedHat" and ansible_distribution_major_version|int >= 8'
 - name: frp directory
  file:
    path: /tmp/frp

--- a/ansible/roles/wireguard/tasks/main.yml
+++ b/ansible/roles/wireguard/tasks/main.yml
@@ -2,15 +2,35 @@
  - name: WireGuard 源 (Debian)
    become: true
    apt_repository:
-      repo: deb http://mirrors.163.com/debian/ unstable main
+      repo: deb http://mirrors.tuna.tsinghua.edu.cn/debian/ unstable main
      filename: unstable
-    when: ansible_distribution == 'Debian'
+    when: ansible_distribution == 'Debian' and chinaMirror == 1
+  - name: WireGuard 源 (Debian)
+    become: true
+    apt_repository:
+      repo: deb http://deb.debian.org/debian/ unstable main
+      filename: unstable
+    when: ansible_distribution == 'Debian' and chinaMirror == 0
+  - name: WireGuard 源 (Debian)
+    become: true
+    apt_repository:
+      repo: deb http://mirrors.tuna.tsinghua.edu.cn/debian/ unstable main
+      filename: unstable
+      state: absent
+    when: ansible_distribution == 'Debian' and chinaMirror == 0
  - name: WireGuard 源 (Debian)
    become: true
    apt_repository:
      repo: deb http://deb.debian.org/debian/ unstable main
      filename: unstable
      state: absent
+    when: ansible_distribution == 'Debian' and chinaMirror == 1
+  - name: WireGuard 源 (Debian)
+    become: true
+    apt_repository:
+      repo: deb http://mirrors.163/debian/ unstable main
+      filename: unstable
+      state: absent
    when: ansible_distribution == 'Debian'
  - name: WireGuard 源 (Debian)
    become: true
@@ -41,32 +61,32 @@
      baseurl: 'https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/epel-{{ansible_distribution_major_version}}-$basearch/'
      ip_resolve: 4
      gpgkey: "https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/pubkey.gpg"
-    when: "ansible_distribution == 'CentOS'"
+    when: "ansible_os_family == 'RedHat'"
  - name: epel 7
    become: true
    yum:
      state: latest
      name: epel-release
-    when: "ansible_distribution == 'CentOS' and ansible_distribution_major_version|int <= 7"
+    when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version|int <= 7"
  - name: 安装软件包 (yum)
    become: true
    yum:
      state: latest
      update_cache: true
      name: wireguard-tools,wireguard-dkms
-    when: "ansible_distribution == 'CentOS' and ansible_distribution_major_version|int <= 7"
+    when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version|int <= 7"
  - name: epel 8
    become: true
    dnf:
      state: latest
      name: epel-release
-    when: "ansible_distribution == 'CentOS' and ansible_distribution_major_version|int == 8"
+    when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version|int == 8"
-  - name: 安装软件包 (dnf)
+  - name: 安装软件包 (dnf) # Fedora自己想办法，不照顾
    become: true
    dnf:
      state: latest
      name: wireguard-tools,wireguard-dkms
-    when: "ansible_distribution == 'CentOS' and ansible_distribution_major_version|int == 8"
+    when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version|int == 8"
  - name: config directories
    file:
      path: '/etc/wireguard'

--- a/src/inventory.ts
+++ b/src/inventory.ts
@@ -109,6 +109,7 @@ class InventoryBuilder {
      isCN: host.location.startsWith("CN"),
      key: host.wgPrivateKey,
      frpsPort: host.frpsPort,
+      chinaMirror: host.chinaMirror,
      //frpToken: host.frpToken,
      //gateways: _.mapValues(this.gateways[host.name], gw => _.pick(gw, ['mark_gateway'])),
      gateways: _.values(this.gateways[host.name]),
@@ -136,8 +137,8 @@ class InventoryBuilder {
    const remoteAddress = remoteGateway.address;
    const remoteLocalAddress = remote.address;
    const remoteMark = remote.mark;
-    const localPort = primary ? remote.port : remote.port2;
+    const localPort = (primary ? remote.port : remote.port2) + local.offset;
-    const remotePort = primary ? local.port : local.port2;
+    const remotePort = (primary ? local.port : local.port2) + remote.offset;
    const remoteFrpsPort = remote.frpsPort;
    const wgPublicKey = remote.wgPublickey;
    const localPeerAddress = primary ? `10.200.${local.id}.${remote.id}` : `10.201.${local.id}.${remote.id}`;
@@ -175,13 +176,15 @@ class InventoryBuilder {
  // 如果都不能做，抛异常
  // 两个参数对调返回的结果必须相反
  gatewayCompare(localGateway: any, remoteGateway: any): boolean {
-    // 两边至少一个静态地址才能连
+    // 两边至少一个有IPv4地址才能连
-    assert(localGateway.ipv4 === 'static' || remoteGateway.ipv4 === 'static');
+    assert(localGateway.ipv4 !== '' || remoteGateway.ipv4 !== '');
    // 如果都static，就让列表中更靠前的做s
    if (localGateway.ipv4 == remoteGateway.ipv4) {
      return localGateway.id < remoteGateway.id;
-    } else {
+    } else if (localGateway.ipv4 === 'static' || remoteGateway.ipv4 === 'static') {
      return localGateway.ipv4 === 'static';
+    } else { 
+      return localGateway.ipv4 === 'dynamic';
    }
  }

--- a/update.sh
+++ b/update.sh
 #!/usr/bin/env bash
 set -e
-echo "现在会真正去部署了，请务必带 --limit 运行。"
+#echo "现在会真正去部署了，请务必带 --limit 运行。"
-echo "现在开放测试的节点：south.mycard.moe,yuzurisa.mycard.moe,hk-hkg-alql2.mycard.moe,ayane.mycard.moe,hk-hkg-alql3.mycard.moe,wg-router.mycard.moe,kuroko.mycard.moe"
+#echo "现在开放测试的节点：south.mycard.moe,yuzurisa.mycard.moe,hk-hkg-alql2.mycard.moe,ayane.mycard.moe,hk-hkg-alql3.mycard.moe,wg-router.mycard.moe,kuroko.mycard.moe"
-read -p '确认无误后按回车继续'
+#read -p '确认无误后按回车继续'
 mkdir -p result