From 6e2c2eb10093938e02a0d44726f71f82c7ffc5b8 Mon Sep 17 00:00:00 2001
From: Aaron LI <aly@aaronly.me>
Date: Thu, 22 Feb 2018 00:21:22 +0800
Subject: Add role shadowsocks

---
 deploy.yml                                 |  1 +
 host_vars/vultr                            |  6 ++++++
 roles/shadowsocks/handlers/main.yml        |  3 +++
 roles/shadowsocks/tasks/main.yml           | 32 ++++++++++++++++++++++++++++++
 roles/shadowsocks/templates/config.json.j2 | 13 ++++++++++++
 5 files changed, 55 insertions(+)
 create mode 100644 roles/shadowsocks/handlers/main.yml
 create mode 100644 roles/shadowsocks/tasks/main.yml
 create mode 100644 roles/shadowsocks/templates/config.json.j2

diff --git a/deploy.yml b/deploy.yml
index e83139a..639419c 100644
--- a/deploy.yml
+++ b/deploy.yml
@@ -6,6 +6,7 @@
 
   roles:
     - packages
+    - shadowsocks
     - dns
 
 # vim: set ft=yaml sw=2: #
diff --git a/host_vars/vultr b/host_vars/vultr
index 324b8c1..630d3a2 100644
--- a/host_vars/vultr
+++ b/host_vars/vultr
@@ -3,4 +3,10 @@ ansible_ssh_host: vultr.liwt.net
 ansible_ssh_port: 8864
 ansible_python_interpreter: /usr/local/bin/python2.7
 
+shadowsocks:
+  server_port: 8989
+  password: "???"
+  method: "chacha20-ietf-poly1305"
+  nameserver: "8.8.8.8"
+
 # vim: set ft=yaml sw=2: #
diff --git a/roles/shadowsocks/handlers/main.yml b/roles/shadowsocks/handlers/main.yml
new file mode 100644
index 0000000..a4b1aec
--- /dev/null
+++ b/roles/shadowsocks/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+- name: restart-shadowsocks
+  command: rcrestart shadowsocks-libev
diff --git a/roles/shadowsocks/tasks/main.yml b/roles/shadowsocks/tasks/main.yml
new file mode 100644
index 0000000..5065085
--- /dev/null
+++ b/roles/shadowsocks/tasks/main.yml
@@ -0,0 +1,32 @@
+---
+- name: install shadowsocks-libev
+  pkgng:
+    name: shadowsocks-libev
+    state: present
+
+- name: setup configuration file
+  template:
+    src: config.json.j2
+    dest: /usr/local/etc/shadowsocks-libev/config.json
+    mode: 0640
+  notify: restart-shadowsocks
+
+- name: enable and start service
+  command: rcenable shadowsocks-libev
+
+- name: show client-side config
+  vars:
+    config: |
+      "{"
+          "server": "{{ ansible_ssh_host }}",
+          "server_port": {{ shadowsocks.server_port }},
+          "local_port": 1080,
+          "password": "{{ shadowsocks.password }}",
+          "method": "{{ shadowsocks.method }}",
+          "timeout": 600,
+          "fast_open": true,
+          "reuse_port": true,
+          "no_delay": true
+      "}"
+  debug:
+    msg: "{{ config.split('\n') }}"
diff --git a/roles/shadowsocks/templates/config.json.j2 b/roles/shadowsocks/templates/config.json.j2
new file mode 100644
index 0000000..c5fb0cb
--- /dev/null
+++ b/roles/shadowsocks/templates/config.json.j2
@@ -0,0 +1,13 @@
+{
+    "server": ["::0", "0.0.0.0"],
+    "server_port": {{ shadowsocks.server_port }},
+    "local_port": 1080,
+    "password": "{{ shadowsocks.password }}",
+    "method": "{{ shadowsocks.method }}",
+    "nameserver": "{{ shadowsocks.nameserver }}",
+    "timeout": 600,
+    "fast_open": true,
+    "reuse_port": true,
+    "no_delay": true,
+    "user": "nobody"
+}
-- 
cgit v1.2.2