diff options
| -rw-r--r-- | group_vars/all/vars.yml | 17 | ||||
| -rw-r--r-- | roles/shadowsocks/files/shadowsocks | 100 | ||||
| -rw-r--r-- | roles/shadowsocks/handlers/main.yml | 2 | ||||
| -rw-r--r-- | roles/shadowsocks/tasks/main.yml | 43 | ||||
| -rw-r--r-- | roles/shadowsocks/templates/config.json.j2 | 14 |
5 files changed, 154 insertions, 22 deletions
diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 66cd4a5..be0a834 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -125,10 +125,23 @@ mail: liwt.net: n-dVRtkDeJ8k4BuSphkV-GVso0zJJWO-Z6GYoz6ayOQ aaronly.me: rSh99lenrfS-HnzvEahEDYTj9UvoKeX4NdWmDzD-pxo +# ShadowSocks servers shadowsocks: - port: 8989 - password: "{{ vault_shadowsocks_password }}" + # common parameters method: "chacha20-ietf-poly1305" + timeout: 600 + fast_open: false # not supported on dfly + reuse_port: true + no_delay: true + user: "nobody" + # + profiles: + - name: default + port: 8989 + password: "{{ vault_shadowsocks_password_default }}" + - name: share + port: 9090 + password: "{{ vault_shadowsocks_password_share }}" vpn: interface: tun0 diff --git a/roles/shadowsocks/files/shadowsocks b/roles/shadowsocks/files/shadowsocks new file mode 100644 index 0000000..4dcf706 --- /dev/null +++ b/roles/shadowsocks/files/shadowsocks @@ -0,0 +1,100 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# Aaron LI +# 2018-06-24 +# +# PROVIDE: shadowsocks +# REQUIRE: DAEMON +# KEYWORD: shutdown +# +# Add the following lines to /etc/rc.conf to enable shadowsocks: +# +# shadowsocks_enable (bool): Set it to "YES" to enable shadowsocks +# Default is "NO". +# shadowsocks_config (path): Set the path to the config file +# Default is "/usr/local/etc/shadowsocks-libev/config.json", +# or "/usr/local/etc/shadowsocks-libev/${profile}.json". +# shadowsocks_pidfile (path): Set the path to the pid file +# Default is "/var/run/shadowsocks.pid", or +# "/var/run/shadowsocks-${profile}.pid". +# shadowsocks_mode (str): Set the shadowsocks mode (server or client). +# Default is "server". +# shadowsocks_flags (str): Set the shadowsocks command line arguments +# Default is "". +# +# If you would like to have multiple shadowsocks instances running, you can +# define multiple profiles: +# +# shadowsocks_profiles (str): Set the list of shadowsocks profiles +# Default is "". +# +# For each profile you can then define different options (except for +# shadowsocks_enable) using the syntax shadowsocks_<profile>_<option> + +. /etc/rc.subr + +name="shadowsocks" +rcvar="${name}_enable" + +load_rc_config ${name} + +_configdir="/usr/local/etc/shadowsocks-libev" + +: ${shadowsocks_enable="NO"} +: ${shadowsocks_config="${_configdir}/config.json"} +: ${shadowsocks_pidfile="/var/run/${name}.pid"} +: ${shadowsocks_mode="server"} +: ${shadowsocks_flags=""} + +is_profile() { + local profile + + for profile in ${shadowsocks_profiles}; do + if [ "${profile}" = "$1" ]; then + return 0 + fi + done + + return 1 +} + +if [ -n "${shadowsocks_profiles}" ]; then + if [ -n "$2" ]; then + profile="$2" + if ! is_profile ${profile}; then + echo "$0: no such profile defined in shadowsocks_profiles." + exit 1 + fi + eval shadowsocks_config=\${shadowsocks_${profile}_config:-"${_configdir}/${profile}.json"} + eval shadowsocks_pidfile=\${shadowsocks_${profile}_pidfile:-"/var/run/${name}-${profile}.pid"} + eval shadowsocks_mode=\${shadowsocks_${profile}_mode:-"${shadowsocks_mode}"} + eval shadowsocks_flags=\${shadowsocks_${profile}_flags:-"${shadowsocks_flags}"} + elif [ -n "$1" ]; then + for profile in ${shadowsocks_profiles}; do + echo "Processing ${name} profile: ${profile}" + /usr/local/etc/rc.d/${name} $1 ${profile} + done + exit 0 + fi +fi + +pidfile="${shadowsocks_pidfile}" +required_files="${shadowsocks_config}" + +if [ "${shadowsocks_mode}" = "server" ]; then + command="/usr/local/bin/ss-server" +else + command="/usr/local/bin/ss-local" +fi +command_args="-c ${shadowsocks_config} -f ${pidfile} ${shadowsocks_flags}" + +stop_postcmd=stop_postcmd + +stop_postcmd() +{ + rm -f ${pidfile} +} + +run_rc_command "$1" diff --git a/roles/shadowsocks/handlers/main.yml b/roles/shadowsocks/handlers/main.yml index a4b1aec..f165bc8 100644 --- a/roles/shadowsocks/handlers/main.yml +++ b/roles/shadowsocks/handlers/main.yml @@ -1,3 +1,3 @@ --- - name: restart-shadowsocks - command: rcrestart shadowsocks-libev + command: service shadowsocks restart diff --git a/roles/shadowsocks/tasks/main.yml b/roles/shadowsocks/tasks/main.yml index 414ddee..26059fa 100644 --- a/roles/shadowsocks/tasks/main.yml +++ b/roles/shadowsocks/tasks/main.yml @@ -4,29 +4,48 @@ name: shadowsocks-libev state: present +- name: copy rc script + copy: + src: shadowsocks + dest: /usr/local/etc/rc.d/shadowsocks + mode: 0555 + - name: setup configuration file + vars: + profile: "{{ item }}" template: src: config.json.j2 - dest: /usr/local/etc/shadowsocks-libev/config.json + dest: /usr/local/etc/shadowsocks-libev/{{ profile.name }}.json mode: 0640 + with_items: "{{ shadowsocks.profiles }}" + +- name: setup rc.conf + lineinfile: + path: /etc/rc.conf + regexp: '^shadowsocks_profiles=.*\b{{ item.name }}\b' + line: 'shadowsocks_profiles="${shadowsocks_profiles} {{ item.name }}"' + with_items: "{{ shadowsocks.profiles }}" + +- name: enable service + lineinfile: + path: /etc/rc.conf + regexp: '^shadowsocks_enable=' + line: 'shadowsocks_enable="YES"' notify: restart-shadowsocks -- name: enable and start service - command: rcenable shadowsocks-libev +- name: start service + command: service shadowsocks start - name: show client-side config vars: config: | "{" - "server": "{{ ansible_ssh_host }}", - "server_port": {{ shadowsocks.port }}, "local_port": 1080, - "password": "{{ shadowsocks.password }}", - "method": "{{ shadowsocks.method }}", - "timeout": 600, - "fast_open": true, - "reuse_port": true, - "no_delay": true + "server": "{{ ansible_ssh_host }}", + "server_port": {{ item.port }}, + "password": "{{ item.password }}", + "method": "{{ shadowsocks.method }}" "}" debug: - msg: "{{ config.split('\n') }}" + msg: "profile<{{ item.name }}>: {{ config.split('\n') }}" + with_items: "{{ shadowsocks.profiles }}" diff --git a/roles/shadowsocks/templates/config.json.j2 b/roles/shadowsocks/templates/config.json.j2 index 73d3ef9..5e9ff0c 100644 --- a/roles/shadowsocks/templates/config.json.j2 +++ b/roles/shadowsocks/templates/config.json.j2 @@ -1,11 +1,11 @@ { "server": ["::0", "0.0.0.0"], - "server_port": {{ shadowsocks.port }}, - "password": "{{ shadowsocks.password }}", + "server_port": {{ profile.port }}, + "password": "{{ profile.password }}", "method": "{{ shadowsocks.method }}", - "timeout": 600, - "fast_open": true, - "reuse_port": true, - "no_delay": true, - "user": "nobody" + "timeout": {{ shadowsocks.timeout }}, + "fast_open": {{ shadowsocks.fast_open | to_json }}, + "reuse_port": {{ shadowsocks.reuse_port | to_json }}, + "no_delay": {{ shadowsocks.no_delay | to_json }}, + "user": "{{ shadowsocks.user }}" } |