update cloak plugin

bingzhangdai · Jan 3, 2024 · 3ec97ad · 3ec97ad
1 parent df1d2da
commit 3ec97ad
Show file tree

Hide file tree

Showing 7 changed files with 19 additions and 15 deletions.
diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml
@@ -4,7 +4,7 @@ ansible_port: 22
 ansible_user: atl
 
 # workaround: https://github.com/ansible/ansible/issues/24425#issuecomment-437326526
-ssh_pass: q1w2E#R$
+ssh_pass: atl
 ansible_ssh_pass: "{{ ssh_pass | string }}"
 
 # Privilege Escalation

diff --git a/group_vars/all/shadowsocks-libev.yml b/group_vars/all/shadowsocks-libev.yml
@@ -1,6 +1,6 @@
 ss_config:
   server_port: 443
-  password: q1w2E#R$
+  password: 
 
   encrypt_method: chacha20-ietf-poly1305
   plugin:
@@ -13,10 +13,10 @@ ss_config:
         - udp
         - 127.0.0.1:500
       BypassUID:
-      - dflsTpipqZsExqvhznVVfg==
+        - ck-server -uid
       RedirAddr: www.bing.com
-      PrivateKey: 'aGxPlWl7vH6ywSLe0v5Y54zeIqnevTszSqwX13NGqWY='
-      AdminUID: 'dflsTpipqZsExqvhznVVfg=='
+      PrivateKey: ck-server -key
+      PublicKey: ck-server -key
   timeout: 300
   local_port: 1080
   fast_open: true
diff --git a/hosts b/hosts
@@ -8,4 +8,4 @@ ss-wus2.westus2.cloudapp.azure.com
 centos-jpe.japaneast.cloudapp.azure.com
 
 [debian]
-hkass5.southeastasia.cloudapp.azure.com
+52.139.156.65
diff --git a/roles/shadowsocks-libev/tasks/main.yml b/roles/shadowsocks-libev/tasks/main.yml
@@ -45,6 +45,7 @@
         - name: allow a non-root process to bind to a privileged port
           command: setcap 'CAP_NET_BIND_SERVICE=+eip' /etc/shadowsocks-libev/ck-server
           when: ss_config.server_port < 1024
+      when: ss_config.plugin.cloak is defined
   when: ss_config.plugin is defined
 
 - name: optimize shadowsocks
@@ -108,6 +109,10 @@
         dest: /etc/shadowsocks-libev/config.json
         mode: '644'
       notify: restart shadowsocks-libev
+    - name: update ss_config.plugin.cloak
+      set_fact:
+        cloak_conf: "{{ ss_config.plugin.cloak | combine( { 'location': ansible_env.HOME + '/userinfo.db' } ) }}"
+      when: ss_config.plugin is defined and ss_config.plugin.cloak is defined
     - name: edit /etc/shadowsocks-libev/ckserver.json
       template:
         src: ckserver.json.j2
@@ -171,4 +176,4 @@
   delegate_to: localhost
   delegate_facts: True
   ignore_errors: yes
-  run_once: true
+  run_once: true
diff --git a/roles/shadowsocks-libev/templates/ckserver.json.j2 b/roles/shadowsocks-libev/templates/ckserver.json.j2
@@ -1,4 +1 @@
-{% do
-    ss_config.plugin.cloak['location'] = ansible_env.HOME + '/userinfo.db'
-%}
-{{ ss_config.plugin.cloak | to_nice_json(indent=4) }}
+{{ cloak_conf | to_nice_json(indent=4) }}
diff --git a/roles/shadowsocks-libev/templates/config.json.j2 b/roles/shadowsocks-libev/templates/config.json.j2
@@ -4,7 +4,7 @@
     "password": "{{ ss_config.password }}",
     "timeout": {{ ss_config.timeout }},
     "method": "{{ ss_config.encrypt_method }}",
-    "nameserver": "{{ nameservers.nameservers[0] }}",
+    "nameserver": "{{ ansible_dns.nameservers[0] }}",
     "mode": "tcp_and_udp",
     "fast_open": {{ ss_config.fast_open | default(false) | lower }}
-}
+}
diff --git a/roles/shadowsocks-libev/templates/config.local.json.j2 b/roles/shadowsocks-libev/templates/config.local.json.j2
@@ -6,5 +6,7 @@
     "password": "{{ ss_config.password }}",
     "timeout": {{ ss_config.timeout }},
     "method": "{{ ss_config.encrypt_method }}",
-    "fast_open": {{ ss_config.fast_open | default(false) | lower }}
-}
+    "fast_open": {{ ss_config.fast_open | default(false) | lower }},
+    "reuse_port": true,
+    "no_delay": true,
+}