commit 1d7f6cc8fcce2b9f9efad28906d2241c1d5f5c60 Author: YuanHui <31339626+alsesa@users.noreply.github.com> Date: Fri Jul 11 15:48:18 2025 +0800 Initial commit diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000..d20f367 Binary files /dev/null and b/.DS_Store differ diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..dfe0770 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +# Auto detect text files and perform LF normalization +* text=auto diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..ce19850 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2025 YuanHui + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/deploy_caddy.yml b/deploy_caddy.yml new file mode 100644 index 0000000..6f94bdc --- /dev/null +++ b/deploy_caddy.yml @@ -0,0 +1,47 @@ +--- +- name: Deploy and Reload Caddy & frpc on Heterogeneous Systems + hosts: caddy_servers + become: yes + + # # 'pre_tasks' 会在所有常规 'tasks' 之前执行 + # pre_tasks: + # - name: "(Alpine Only) Ensure Python 3 is installed for Ansible" + # # 使用 'raw' 模块,因为它不依赖 Python + # # 这是一个标准的在 Alpine 上引导 Ansible 的方法 + # raw: test -e /usr/bin/python3 || (apk update && apk add python3) + # register: result + # changed_when: "'OK' in result.stdout or 'fetch' in result.stdout" + # # 'when' 条件确保这个任务只在 Alpine 系统上运行 + # when: ansible_os_family == "Alpine" + + tasks: + # --- Caddy 任务 (保持不变) --- + - name: "Copy Caddyfile for {{ inventory_hostname }}" + copy: + src: "files/{{ inventory_hostname }}/Caddyfile" + dest: /etc/caddy/Caddyfile + owner: root + group: caddy + mode: '0644' + validate: 'caddy validate --config %s --adapter caddyfile' + notify: Reload Caddy + + handlers: + # --- Caddy Handlers (保持不变) --- + - name: Reload Caddy on systemd systems (e.g., Ubuntu) + # Both handlers listen for the same notification + listen: "Reload Caddy" + systemd: + name: caddy + state: reloaded + # This handler ONLY runs on systems with systemd + when: ansible_service_mgr == "systemd" + + - name: Reload Caddy on OpenRC systems (e.g., Alpine) + # Both handlers listen for the same notification + listen: "Reload Caddy" + # For Alpine, we use the 'command' module to call its service manager + command: rc-service caddy reload + # This handler ONLY runs on systems with openrc + when: ansible_service_mgr == "openrc" + diff --git a/deploy_clash.yml b/deploy_clash.yml new file mode 100644 index 0000000..08ac3e2 --- /dev/null +++ b/deploy_clash.yml @@ -0,0 +1,83 @@ +--- +- name: Deploy and Reload Caddy & frpc on Heterogeneous Systems + hosts: caddy_servers + become: yes + + # # 'pre_tasks' 会在所有常规 'tasks' 之前执行 + # pre_tasks: + # - name: "(Alpine Only) Ensure Python 3 is installed for Ansible" + # # 使用 'raw' 模块,因为它不依赖 Python + # # 这是一个标准的在 Alpine 上引导 Ansible 的方法 + # raw: test -e /usr/bin/python3 || (apk update && apk add python3) + # register: result + # changed_when: "'OK' in result.stdout or 'fetch' in result.stdout" + # # 'when' 条件确保这个任务只在 Alpine 系统上运行 + # when: ansible_os_family == "Alpine" + + tasks: + # --- Caddy 任务 (保持不变) --- + - name: "Copy Caddyfile for {{ inventory_hostname }}" + copy: + src: "files/{{ inventory_hostname }}/Caddyfile" + dest: /etc/caddy/Caddyfile + owner: root + group: caddy + mode: '0644' + validate: 'caddy validate --config %s --adapter caddyfile' + notify: Reload Caddy + # --- 新增的 FRPC 任务 --- + - name: "Copy frpc.toml for {{ inventory_hostname }}" + # 使用 copy 模块部署 frpc.toml + copy: + src: "files/{{ inventory_hostname }}/frp/frpc.toml" + dest: /etc/frp/frpc.toml + owner: root + group: root # 根据您服务器上的实际情况,frp的用户组可能是root或frp + mode: '0640' # toml文件可能包含敏感信息,使用更严格的权限 + # 当这个任务只在 192.168.31.102 上执行 + when: inventory_hostname == "192.168.31.101" + # 当文件变更时,通知 "Restart frpc" 这个 handler + notify: Restart frpc + # --- 新增的 DOCKER COMPOSE 任务 --- + - name: "Copy docker-compose.yml for {{ inventory_hostname }}" + copy: + src: "files/{{ inventory_hostname }}/ddns-go/docker-compose.yml" + dest: /root/ddns-go/docker-compose.yml + owner: root + group: root + mode: '0644' + when: inventory_hostname == "192.168.31.101" + notify: Relaunch Docker Compose application + + handlers: + # --- Caddy Handlers (保持不变) --- + - name: Reload Caddy on systemd systems (e.g., Ubuntu) + # Both handlers listen for the same notification + listen: "Reload Caddy" + systemd: + name: caddy + state: reloaded + # This handler ONLY runs on systems with systemd + when: ansible_service_mgr == "systemd" + + - name: Reload Caddy on OpenRC systems (e.g., Alpine) + # Both handlers listen for the same notification + listen: "Reload Caddy" + # For Alpine, we use the 'command' module to call its service manager + command: rc-service caddy reload + # This handler ONLY runs on systems with openrc + when: ansible_service_mgr == "openrc" + + # --- 新增的 FRPC Handler --- + - name: Restart frpc + # frpc 运行在 Alpine (OpenRC) 上,所以我们直接使用 command 模块 + command: rc-service frpc restart + # 这个 handler 监听 "Restart frpc" 通知 + listen: "Restart frpc" + + # --- 新增的 DOCKER COMPOSE Handler --- + - name: Relaunch Docker Compose application + # 使用 command 模块来执行 docker compose 命令,以应用新的配置 + # 'docker compose' 是新版语法,如果您的服务器是旧版 docker-compose,请使用 'docker-compose' + command: docker compose -f /root/ddns-go/docker-compose.yml up -d --remove-orphans + listen: "Relaunch Docker Compose application" \ No newline at end of file diff --git a/deploy_docker.yml b/deploy_docker.yml new file mode 100644 index 0000000..08ac3e2 --- /dev/null +++ b/deploy_docker.yml @@ -0,0 +1,83 @@ +--- +- name: Deploy and Reload Caddy & frpc on Heterogeneous Systems + hosts: caddy_servers + become: yes + + # # 'pre_tasks' 会在所有常规 'tasks' 之前执行 + # pre_tasks: + # - name: "(Alpine Only) Ensure Python 3 is installed for Ansible" + # # 使用 'raw' 模块,因为它不依赖 Python + # # 这是一个标准的在 Alpine 上引导 Ansible 的方法 + # raw: test -e /usr/bin/python3 || (apk update && apk add python3) + # register: result + # changed_when: "'OK' in result.stdout or 'fetch' in result.stdout" + # # 'when' 条件确保这个任务只在 Alpine 系统上运行 + # when: ansible_os_family == "Alpine" + + tasks: + # --- Caddy 任务 (保持不变) --- + - name: "Copy Caddyfile for {{ inventory_hostname }}" + copy: + src: "files/{{ inventory_hostname }}/Caddyfile" + dest: /etc/caddy/Caddyfile + owner: root + group: caddy + mode: '0644' + validate: 'caddy validate --config %s --adapter caddyfile' + notify: Reload Caddy + # --- 新增的 FRPC 任务 --- + - name: "Copy frpc.toml for {{ inventory_hostname }}" + # 使用 copy 模块部署 frpc.toml + copy: + src: "files/{{ inventory_hostname }}/frp/frpc.toml" + dest: /etc/frp/frpc.toml + owner: root + group: root # 根据您服务器上的实际情况,frp的用户组可能是root或frp + mode: '0640' # toml文件可能包含敏感信息,使用更严格的权限 + # 当这个任务只在 192.168.31.102 上执行 + when: inventory_hostname == "192.168.31.101" + # 当文件变更时,通知 "Restart frpc" 这个 handler + notify: Restart frpc + # --- 新增的 DOCKER COMPOSE 任务 --- + - name: "Copy docker-compose.yml for {{ inventory_hostname }}" + copy: + src: "files/{{ inventory_hostname }}/ddns-go/docker-compose.yml" + dest: /root/ddns-go/docker-compose.yml + owner: root + group: root + mode: '0644' + when: inventory_hostname == "192.168.31.101" + notify: Relaunch Docker Compose application + + handlers: + # --- Caddy Handlers (保持不变) --- + - name: Reload Caddy on systemd systems (e.g., Ubuntu) + # Both handlers listen for the same notification + listen: "Reload Caddy" + systemd: + name: caddy + state: reloaded + # This handler ONLY runs on systems with systemd + when: ansible_service_mgr == "systemd" + + - name: Reload Caddy on OpenRC systems (e.g., Alpine) + # Both handlers listen for the same notification + listen: "Reload Caddy" + # For Alpine, we use the 'command' module to call its service manager + command: rc-service caddy reload + # This handler ONLY runs on systems with openrc + when: ansible_service_mgr == "openrc" + + # --- 新增的 FRPC Handler --- + - name: Restart frpc + # frpc 运行在 Alpine (OpenRC) 上,所以我们直接使用 command 模块 + command: rc-service frpc restart + # 这个 handler 监听 "Restart frpc" 通知 + listen: "Restart frpc" + + # --- 新增的 DOCKER COMPOSE Handler --- + - name: Relaunch Docker Compose application + # 使用 command 模块来执行 docker compose 命令,以应用新的配置 + # 'docker compose' 是新版语法,如果您的服务器是旧版 docker-compose,请使用 'docker-compose' + command: docker compose -f /root/ddns-go/docker-compose.yml up -d --remove-orphans + listen: "Relaunch Docker Compose application" \ No newline at end of file diff --git a/files/.DS_Store b/files/.DS_Store new file mode 100644 index 0000000..5ca31be Binary files /dev/null and b/files/.DS_Store differ diff --git a/files/154.204.181.192/Caddyfile b/files/154.204.181.192/Caddyfile new file mode 100644 index 0000000..0e89adc --- /dev/null +++ b/files/154.204.181.192/Caddyfile @@ -0,0 +1,175 @@ +# The Caddyfile is an easy way to configure your Caddy web server. +# +# Unless the file starts with a global options block, the first +# uncommented line is always the address of your site. +# +# To use your own domain name (with automatic HTTPS), first make +# sure your domain's A/AAAA DNS records are properly pointed to +# this machine's public IP, then replace ":80" below with your +# domain name. + +#:80 { +# # Set this path to your site's directory. +# root * /usr/share/caddy +# +# # Enable the static file server. +# file_server +# +# # Another common task is to set up a reverse proxy: +# # reverse_proxy localhost:8080 +# +# # Or serve a PHP site through php-fpm: +# # php_fastcgi localhost:9000 +#} + +# Refer to the Caddy docs for more information: +# https://caddyserver.com/docs/caddyfile + +# ------------------------------ +# simpla.dev Services +# ------------------------------ + +# 定义一个名为 (securityHeaders) 的可重用代码片段 +(securityHeaders) { + header { + # Strict-Transport-Security (HSTS) + Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" + + # X-Frame-Options + X-Frame-Options "SAMEORIGIN" + + # X-Content-Type-Options + X-Content-Type-Options "nosniff" + + # Referrer-Policy + Referrer-Policy "strict-origin-when-cross-origin" + + # Permissions-Policy + Permissions-Policy "camera=(), microphone=(), geolocation=()" + + # Content-Security-Policy (CSP) - 通用起点 + Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests;" + + # 移除 Server 标识 + -Server + } +} + +simpla.dev { + # 设置网站根目录 + root * /srv/simpla.dev + + # 开启文件服务 + file_server + import securityHeaders +} + +hugo.simpla.dev { + reverse_proxy http://127.0.0.1:1313 + # import securityHeaders +} + +daed.simpla.dev { + reverse_proxy http://127.0.0.1:2023 + import securityHeaders +} + +gitea.simpla.dev { + reverse_proxy http://127.0.0.1:3000 + import securityHeaders +} + +lobe.simpla.dev { + reverse_proxy http://127.0.0.1:3210 + # import securityHeaders +} + +fndav.simpla.dev { + reverse_proxy http://127.0.0.1:5005 + # import securityHeaders +} + +openlist.simpla.dev { + reverse_proxy http://127.0.0.1:5244 + # import securityHeaders +} + +fnos.simpla.dev { + reverse_proxy http://127.0.0.1:5666 + # import securityHeaders +} + +frps.simpla.dev { + reverse_proxy http://127.0.0.1:7001 + import securityHeaders +} + +frpc.simpla.dev { + reverse_proxy http://127.0.0.1:7400 + import securityHeaders +} + +pve.simpla.dev { + handle { + reverse_proxy https://127.0.0.1:8006 { + transport http { + tls_insecure_skip_verify + } + header_up Host {http.reverse_proxy.host} + header_up X-Forwarded-Host {host} + } + # import securityHeaders + } +} + +kubepi.simpla.dev { + reverse_proxy http://127.0.0.1:8090 + import securityHeaders +} + +ddns.simpla.dev { + reverse_proxy http://127.0.0.1:9876 + import securityHeaders +} + +dify.simpla.dev { + reverse_proxy http://127.0.0.1:10080 + import securityHeaders +} + +1panel.simpla.dev { + reverse_proxy http://127.0.0.1:21643 + import securityHeaders +} + +gotify.simpla.dev { + reverse_proxy http://127.0.0.1:40266 + import securityHeaders +} + +b.simpla.dev { + # 将所有收到的请求转发到目标网站 + reverse_proxy https://b.watch { + # (可选) 修改发送到目标服务器的 Host 请求头 + header_up Host {http.reverse_proxy.upstream.hostport} + } +} + +# ------------------------------ +# k3s Services +# ------------------------------ + +argocd.simpla.dev { + reverse_proxy http://127.0.0.1:20180 + import securityHeaders +} + +markword.simpla.dev { + reverse_proxy http://127.0.0.1:20180 + import securityHeaders +} + +n8n.simpla.dev { + reverse_proxy http://127.0.0.1:20180 + import securityHeaders +} diff --git a/files/192.168.31.100/Caddyfile b/files/192.168.31.100/Caddyfile new file mode 100644 index 0000000..53997b3 --- /dev/null +++ b/files/192.168.31.100/Caddyfile @@ -0,0 +1,178 @@ +# Caddy's configuration file +# see: https://caddyserver.com/docs/caddyfile + +# The Caddyfile is an easy way to configure your Caddy web server. +# +# Unless the file starts with a global options block, the first +# uncommented line is always the address of your site. +# +# To use your own domain name (with automatic HTTPS), first make +# sure your domain's A/AAAA DNS records are properly pointed to +# this machine's public IP, then replace ":80" below with your +# domain name. + +#:80 { +# # Set this path to your site's directory. +# root * /usr/share/caddy +# +# # Enable the static file server. +# file_server +# +# # Another common task is to set up a reverse proxy: +# # reverse_proxy localhost:8080 +# +# # Or serve a PHP site through php-fpm: +# # php_fastcgi localhost:9000 +#} + +# Refer to the Caddy docs for more information: +# https://caddyserver.com/docs/caddyfile + +# ------------------------------ +# simpla.dev Services +# ------------------------------ + +# 定义一个名为 (securityHeaders) 的可重用代码片段 +(securityHeaders) { + header { + # Strict-Transport-Security (HSTS) + Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" + + # X-Frame-Options + X-Frame-Options "SAMEORIGIN" + + # X-Content-Type-Options + X-Content-Type-Options "nosniff" + + # Referrer-Policy + Referrer-Policy "strict-origin-when-cross-origin" + + # Permissions-Policy + Permissions-Policy "camera=(), microphone=(), geolocation=()" + + # Content-Security-Policy (CSP) - 通用起点 + Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests;" + + # 移除 Server 标识 + -Server + } +} + +simpla.dev { + # 设置网站根目录 + root * /srv/simpla.dev + + # 开启文件服务 + file_server + import securityHeaders +} + +frps.simpla.dev { + reverse_proxy http://154.204.181.192:7001 + import securityHeaders +} + +pve.simpla.dev { + handle { + reverse_proxy https://192.168.31.2:8006 { + transport http { + tls_insecure_skip_verify + } + header_up Host {http.reverse_proxy.host} + header_up X-Forwarded-Host {host} + } + # import securityHeaders + } +} + +fndav.simpla.dev { + reverse_proxy http://192.168.31.3:5005 + # import securityHeaders +} + +fnos.simpla.dev { + reverse_proxy http://192.168.31.3:5666 + # import securityHeaders +} + +hugo.simpla.dev { + reverse_proxy http://192.168.31.100:1313 + # import securityHeaders +} + +gitea.simpla.dev { + reverse_proxy http://192.168.31.100:3000 + import securityHeaders +} + +lobe.simpla.dev { + reverse_proxy http://192.168.31.100:3210 + # import securityHeaders +} + +openlist.simpla.dev { + reverse_proxy http://192.168.31.100:5244 + # import securityHeaders +} + +frpc.simpla.dev { + reverse_proxy http://192.168.31.100:7400 + import securityHeaders +} + +dify.simpla.dev { + reverse_proxy http://192.168.31.100:8080 + import securityHeaders +} + +kubepi.simpla.dev { + reverse_proxy http://192.168.31.100:8090 + import securityHeaders +} + +ddns.simpla.dev { + reverse_proxy http://192.168.31.100:9876 + import securityHeaders +} + +1panel.simpla.dev { + reverse_proxy http://192.168.31.100:21643 + import securityHeaders +} + +gotify.simpla.dev { + reverse_proxy http://192.168.31.100:40266 + import securityHeaders +} + +daed.simpla.dev { + reverse_proxy http://192.168.31.200:2023 + # import securityHeaders +} + +b.simpla.dev { + # 将所有收到的请求转发到目标网站 + reverse_proxy https://b.watch { + # (可选) 修改发送到目标服务器的 Host 请求头 + header_up Host {http.reverse_proxy.upstream.hostport} + } +} + +# ------------------------------ +# k3s Services +# ------------------------------ + +argocd.simpla.dev { + reverse_proxy http://192.168.31.201:80 + import securityHeaders +} + +markword.simpla.dev { + reverse_proxy http://192.168.31.201:80 + import securityHeaders +} + +n8n.simpla.dev { + reverse_proxy http://192.168.31.201:80 + import securityHeaders +} diff --git a/files/192.168.31.100/frp/frpc.toml b/files/192.168.31.100/frp/frpc.toml new file mode 100644 index 0000000..1f2799f --- /dev/null +++ b/files/192.168.31.100/frp/frpc.toml @@ -0,0 +1,123 @@ +serverAddr = "154.204.181.192" +serverPort = 15443 + +auth.method = "token" +auth.token = "lostecho" + +webServer.addr = "0.0.0.0" +webServer.port = 7400 +webServer.user = "lostecho" +webServer.password = "Yuanhui1234!" +webServer.pprofEnable = false + +loginFailExit=false + +[[proxies]] +name = "pve" +type = "tcp" +localIP = "192.168.31.2" +localPort = 8006 +remotePort = 8006 + +[[proxies]] +name = "fndav" +type = "tcp" +localIP = "192.168.31.3" +localPort = 5005 +remotePort = 5005 + +[[proxies]] +name = "fnos" +type = "tcp" +localIP = "192.168.31.3" +localPort = 5666 +remotePort = 5666 + +[[proxies]] +name = "hugo" +type = "tcp" +localIP = "192.168.31.100" +localPort = 1313 +remotePort = 1313 + +[[proxies]] +name = "gitea" +type = "tcp" +localIP = "192.168.31.100" +localPort = 3000 +remotePort = 3000 + +[[proxies]] +name = "lobe" +type = "tcp" +localIP = "192.168.31.100" +localPort = 3210 +remotePort = 3210 + +[[proxies]] +name = "openlist" +type = "tcp" +localIP = "192.168.31.100" +localPort = 5244 +remotePort = 5244 + +[[proxies]] +name = "frpc" +type = "tcp" +localIP = "192.168.31.100" +localPort = 7400 +remotePort = 7400 + +[[proxies]] +name = "dify" +type = "tcp" +localIP = "192.168.31.100" +localPort = 8080 +remotePort = 10080 + +[[proxies]] +name = "kubepi" +type = "tcp" +localIP = "192.168.31.100" +localPort = 8090 +remotePort = 8090 + +[[proxies]] +name = "ddns" +type = "tcp" +localIP = "192.168.31.100" +localPort = 9876 +remotePort = 9876 + +[[proxies]] +name = "1panel" +type = "tcp" +localIP = "192.168.31.100" +localPort = 21643 +remotePort = 21643 + +[[proxies]] +name = "gotify" +type = "tcp" +localIP = "192.168.31.100" +localPort = 40266 +remotePort = 40266 + +[[proxies]] +name = "daed" +type = "tcp" +localIP = "192.168.31.200" +localPort = 2023 +remotePort = 2023 + +[[proxies]] +name = "k8s" +type = "tcp" +localIP = "192.168.31.201" +localPort = 80 +remotePort = 20180 + +# tls +#transport.tls.certFile = "/etc/frp/ssl/client.crt" +#transport.tls.keyFile = "/etc/frp/ssl/client.key" +#transport.tls.trustedCaFile = "/etc/frp/ssl/ca.crt" diff --git a/files/192.168.31.100/openlist/docker-compose.yml b/files/192.168.31.100/openlist/docker-compose.yml new file mode 100644 index 0000000..3223083 --- /dev/null +++ b/files/192.168.31.100/openlist/docker-compose.yml @@ -0,0 +1,14 @@ +version: '3.3' +services: + openlist: + image: 'openlistteam/openlist:latest' + container_name: openlist + volumes: + - './data:/opt/openlist/data' + ports: + - '5244:5244' + environment: + - PUID=0 + - PGID=0 + - UMASK=022 + restart: unless-stopped diff --git a/inventory.ini b/inventory.ini new file mode 100644 index 0000000..02d4454 --- /dev/null +++ b/inventory.ini @@ -0,0 +1,17 @@ +[caddy_servers] +# 本地 1panel 服务器 +192.168.31.100 + +# 远程 Ubuntu 服务器 +154.204.181.192 + +[all:vars] +# 请替换成您登录服务器的用户名 +ansible_user=root + +# --- 可选配置 --- +# 如果您的本地服务器不需要通过SSH,而是直接在本机执行 +192.168.31.100 ansible_ssh_private_key_file=~/.ssh/id_ed25519.pub + +# 如果您的远程服务器需要使用特定的SSH密钥 +154.204.181.192 ansible_ssh_private_key_file=~/.ssh/id_ed25519.pub