diff options
| author | Aaron LI <aly@aaronly.me> | 2018-06-24 17:08:54 +0800 |
|---|---|---|
| committer | Aaron LI <aly@aaronly.me> | 2018-06-24 17:08:54 +0800 |
| commit | b8f4a6b806ecaf157cb5e4f822c7a5c2d34bdf09 (patch) | |
| tree | 421cf54a759ef77cdb459279a5f1f8815d26ccff | |
| parent | 23e763e7f75093c3a2ad21c40ce3644984df0098 (diff) | |
| download | ansible-dfly-vps-b8f4a6b806ecaf157cb5e4f822c7a5c2d34bdf09.tar.bz2 | |
shadowsocks: Support multiple instances (share with others)
Add the "shadowsocks" rc script that allows multiple instances (based
on the uwsgi rc script).
Update the role and vars to setup two shadowsocks instances.
| -rw-r--r-- | group_vars/all/vars.yml | 17 | ||||
| -rw-r--r-- | roles/shadowsocks/files/shadowsocks | 100 | ||||
| -rw-r--r-- | roles/shadowsocks/handlers/main.yml | 2 | ||||
| -rw-r--r-- | roles/shadowsocks/tasks/main.yml | 43 | ||||
| -rw-r--r-- | roles/shadowsocks/templates/config.json.j2 | 14 |
5 files changed, 154 insertions, 22 deletions
diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 66cd4a5..be0a834 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -125,10 +125,23 @@ mail: liwt.net: n-dVRtkDeJ8k4BuSphkV-GVso0zJJWO-Z6GYoz6ayOQ aaronly.me: rSh99lenrfS-HnzvEahEDYTj9UvoKeX4NdWmDzD-pxo +# ShadowSocks servers shadowsocks: - port: 8989 - password: "{{ vault_shadowsocks_password }}" + # common parameters method: "chacha20-ietf-poly1305" + timeout: 600 + fast_open: false # not supported on dfly + reuse_port: true + no_delay: true + user: "nobody" + # + profiles: + - name: default + port: 8989 + password: "{{ vault_shadowsocks_password_default }}" + - name: share + port: 9090 + password: "{{ vault_shadowsocks_password_share }}" vpn: interface: tun0 diff --git a/roles/shadowsocks/files/shadowsocks b/roles/shadowsocks/files/shadowsocks new file mode 100644 index 0000000..4dcf706 --- /dev/null +++ b/roles/shadowsocks/files/shadowsocks @@ -0,0 +1,100 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# Aaron LI +# 2018-06-24 +# +# PROVIDE: shadowsocks +# REQUIRE: DAEMON +# KEYWORD: shutdown +# +# Add the following lines to /etc/rc.conf to enable shadowsocks: +# +# shadowsocks_enable (bool): Set it to "YES" to enable shadowsocks +# Default is "NO". +# shadowsocks_config (path): Set the path to the config file +# Default is "/usr/local/etc/shadowsocks-libev/config.json", +# or "/usr/local/etc/shadowsocks-libev/${profile}.json". +# shadowsocks_pidfile (path): Set the path to the pid file +# Default is "/var/run/shadowsocks.pid", or +# "/var/run/shadowsocks-${profile}.pid". +# shadowsocks_mode (str): Set the shadowsocks mode (server or client). +# Default is "server". +# shadowsocks_flags (str): Set the shadowsocks command line arguments +# Default is "". +# +# If you would like to have multiple shadowsocks instances running, you can +# define multiple profiles: +# +# shadowsocks_profiles (str): Set the list of shadowsocks profiles +# Default is "". +# +# For each profile you can then define different options (except for +# shadowsocks_enable) using the syntax shadowsocks_<profile>_<option> + +. /etc/rc.subr + +name="shadowsocks" +rcvar="${name}_enable" + +load_rc_config ${name} + +_configdir="/usr/local/etc/shadowsocks-libev" + +: ${shadowsocks_enable="NO"} +: ${shadowsocks_config="${_configdir}/config.json"} +: ${shadowsocks_pidfile="/var/run/${name}.pid"} +: ${shadowsocks_mode="server"} +: ${shadowsocks_flags=""} + +is_profile() { + local profile + + for profile in ${shadowsocks_profiles}; do + if [ "${profile}" = "$1" ]; then + return 0 + fi + done + + return 1 +} + +if [ -n "${shadowsocks_profiles}" ]; then + if [ -n "$2" ]; then + profile="$2" + if ! is_profile ${profile}; then + echo "$0: no such profile defined in shadowsocks_profiles." + exit 1 + fi + eval shadowsocks_config=\${shadowsocks_${profile}_config:-"${_configdir}/${profile}.json"} + eval shadowsocks_pidfile=\${shadowsocks_${profile}_pidfile:-"/var/run/${name}-${profile}.pid"} + eval shadowsocks_mode=\${shadowsocks_${profile}_mode:-"${shadowsocks_mode}"} + eval shadowsocks_flags=\${shadowsocks_${profile}_flags:-"${shadowsocks_flags}"} + elif [ -n "$1" ]; then + for profile in ${shadowsocks_profiles}; do + echo "Processing ${name} profile: ${profile}" + /usr/local/etc/rc.d/${name} $1 ${profile} + done + exit 0 + fi +fi + +pidfile="${shadowsocks_pidfile}" +required_files="${shadowsocks_config}" + +if [ "${shadowsocks_mode}" = "server" ]; then + command="/usr/local/bin/ss-server" +else + command="/usr/local/bin/ss-local" +fi +command_args="-c ${shadowsocks_config} -f ${pidfile} ${shadowsocks_flags}" + +stop_postcmd=stop_postcmd + +stop_postcmd() +{ + rm -f ${pidfile} +} + +run_rc_command "$1" diff --git a/roles/shadowsocks/handlers/main.yml b/roles/shadowsocks/handlers/main.yml index a4b1aec..f165bc8 100644 --- a/roles/shadowsocks/handlers/main.yml +++ b/roles/shadowsocks/handlers/main.yml @@ -1,3 +1,3 @@ --- - name: restart-shadowsocks - command: rcrestart shadowsocks-libev + command: service shadowsocks restart diff --git a/roles/shadowsocks/tasks/main.yml b/roles/shadowsocks/tasks/main.yml index 414ddee..26059fa 100644 --- a/roles/shadowsocks/tasks/main.yml +++ b/roles/shadowsocks/tasks/main.yml @@ -4,29 +4,48 @@ name: shadowsocks-libev state: present +- name: copy rc script + copy: + src: shadowsocks + dest: /usr/local/etc/rc.d/shadowsocks + mode: 0555 + - name: setup configuration file + vars: + profile: "{{ item }}" template: src: config.json.j2 - dest: /usr/local/etc/shadowsocks-libev/config.json + dest: /usr/local/etc/shadowsocks-libev/{{ profile.name }}.json mode: 0640 + with_items: "{{ shadowsocks.profiles }}" + +- name: setup rc.conf + lineinfile: + path: /etc/rc.conf + regexp: '^shadowsocks_profiles=.*\b{{ item.name }}\b' + line: 'shadowsocks_profiles="${shadowsocks_profiles} {{ item.name }}"' + with_items: "{{ shadowsocks.profiles }}" + +- name: enable service + lineinfile: + path: /etc/rc.conf + regexp: '^shadowsocks_enable=' + line: 'shadowsocks_enable="YES"' notify: restart-shadowsocks -- name: enable and start service - command: rcenable shadowsocks-libev +- name: start service + command: service shadowsocks start - name: show client-side config vars: config: | "{" - "server": "{{ ansible_ssh_host }}", - "server_port": {{ shadowsocks.port }}, "local_port": 1080, - "password": "{{ shadowsocks.password }}", - "method": "{{ shadowsocks.method }}", - "timeout": 600, - "fast_open": true, - "reuse_port": true, - "no_delay": true + "server": "{{ ansible_ssh_host }}", + "server_port": {{ item.port }}, + "password": "{{ item.password }}", + "method": "{{ shadowsocks.method }}" "}" debug: - msg: "{{ config.split('\n') }}" + msg: "profile<{{ item.name }}>: {{ config.split('\n') }}" + with_items: "{{ shadowsocks.profiles }}" diff --git a/roles/shadowsocks/templates/config.json.j2 b/roles/shadowsocks/templates/config.json.j2 index 73d3ef9..5e9ff0c 100644 --- a/roles/shadowsocks/templates/config.json.j2 +++ b/roles/shadowsocks/templates/config.json.j2 @@ -1,11 +1,11 @@ { "server": ["::0", "0.0.0.0"], - "server_port": {{ shadowsocks.port }}, - "password": "{{ shadowsocks.password }}", + "server_port": {{ profile.port }}, + "password": "{{ profile.password }}", "method": "{{ shadowsocks.method }}", - "timeout": 600, - "fast_open": true, - "reuse_port": true, - "no_delay": true, - "user": "nobody" + "timeout": {{ shadowsocks.timeout }}, + "fast_open": {{ shadowsocks.fast_open | to_json }}, + "reuse_port": {{ shadowsocks.reuse_port | to_json }}, + "no_delay": {{ shadowsocks.no_delay | to_json }}, + "user": "{{ shadowsocks.user }}" } |