From 1d7f6cc8fcce2b9f9efad28906d2241c1d5f5c60 Mon Sep 17 00:00:00 2001
From: YuanHui <31339626+alsesa@users.noreply.github.com>
Date: Fri, 11 Jul 2025 15:48:18 +0800
Subject: [PATCH] Initial commit

---
 .DS_Store                                     | Bin 0 -> 6148 bytes
 .gitattributes                                |   2 +
 LICENSE                                       |  21 +++
 deploy_caddy.yml                              |  47 +++++
 deploy_clash.yml                              |  83 ++++++++
 deploy_docker.yml                             |  83 ++++++++
 files/.DS_Store                               | Bin 0 -> 6148 bytes
 files/154.204.181.192/Caddyfile               | 175 +++++++++++++++++
 files/192.168.31.100/Caddyfile                | 178 ++++++++++++++++++
 files/192.168.31.100/frp/frpc.toml            | 123 ++++++++++++
 .../openlist/docker-compose.yml               |  14 ++
 inventory.ini                                 |  17 ++
 12 files changed, 743 insertions(+)
 create mode 100644 .DS_Store
 create mode 100644 .gitattributes
 create mode 100644 LICENSE
 create mode 100644 deploy_caddy.yml
 create mode 100644 deploy_clash.yml
 create mode 100644 deploy_docker.yml
 create mode 100644 files/.DS_Store
 create mode 100644 files/154.204.181.192/Caddyfile
 create mode 100644 files/192.168.31.100/Caddyfile
 create mode 100644 files/192.168.31.100/frp/frpc.toml
 create mode 100644 files/192.168.31.100/openlist/docker-compose.yml
 create mode 100644 inventory.ini

diff --git a/.DS_Store b/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..d20f367ce470353b373d7c1820c87bf41bd0db76
GIT binary patch
literal 6148
zcmeHK!AiqG5Pe%KR78k3FG4;*3jG0zB_2HY16rF@TTGkMsvvmC-J`!D_!<6!zu_0?
zo86@(O^X*1kr|kMo5{@X%-fRb0x;dXv;zbHT2#Tt9)}Gg??r3U@D_<Pc8wel=p(@;
z(wes#{vrc%b^%XoggG*l&oAX!wy9HO7g?SRvwUcMfiq(J(~2#r9-r|Su*7&v{Oel$
z;oANw^GI;RoEDo`Fvn{v?BWU&=0C!+nyY!*?wMV8dPzQ=+Zu5CPAsi6&EweD-1_LB
zJU<3+Qg_88{l;THF7GgqjSiUS4EM}*hFjLTuq=yhQqA15{8D0BqE(auWk4DD83x$1
zMOym~byNnF0cBvtfP5c9s$k@?aA-dr9PAZ<*reGC=W>^jn9yV7v2e&Y6yrjPF4Xud
zhH>Gvhu$ypSU7ayF#hsk{LaSTP>kK3>xb4ICUU5wGN24p8Q5`;f%O0L?f3s`kUl8`
z%D}&3z%=7t++|6=x7Lc2UK>&eR1xtj9Iiq*v8|ZC(u$9$R%j1pLX12X4r!t29|22)
K4$8o<GVlc@Vs_*J

literal 0
HcmV?d00001

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..dfe0770
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,2 @@
+# Auto detect text files and perform LF normalization
+* text=auto
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..ce19850
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 YuanHui
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/deploy_caddy.yml b/deploy_caddy.yml
new file mode 100644
index 0000000..6f94bdc
--- /dev/null
+++ b/deploy_caddy.yml
@@ -0,0 +1,47 @@
+---
+- name: Deploy and Reload Caddy & frpc on Heterogeneous Systems
+  hosts: caddy_servers
+  become: yes
+
+  # # 'pre_tasks' 会在所有常规 'tasks' 之前执行
+  # pre_tasks:
+  #   - name: "(Alpine Only) Ensure Python 3 is installed for Ansible"
+  #     # 使用 'raw' 模块，因为它不依赖 Python
+  #     # 这是一个标准的在 Alpine 上引导 Ansible 的方法
+  #     raw: test -e /usr/bin/python3 || (apk update && apk add python3)
+  #     register: result
+  #     changed_when: "'OK' in result.stdout or 'fetch' in result.stdout"
+  #     # 'when' 条件确保这个任务只在 Alpine 系统上运行
+  #     when: ansible_os_family == "Alpine"
+
+  tasks:
+    # --- Caddy 任务 (保持不变) ---
+    - name: "Copy Caddyfile for {{ inventory_hostname }}"
+      copy:
+        src: "files/{{ inventory_hostname }}/Caddyfile"
+        dest: /etc/caddy/Caddyfile
+        owner: root
+        group: caddy
+        mode: '0644'
+        validate: 'caddy validate --config %s --adapter caddyfile'
+      notify: Reload Caddy
+
+  handlers:
+    # --- Caddy Handlers (保持不变) ---
+    - name: Reload Caddy on systemd systems (e.g., Ubuntu)
+      # Both handlers listen for the same notification
+      listen: "Reload Caddy"
+      systemd:
+        name: caddy
+        state: reloaded
+      # This handler ONLY runs on systems with systemd
+      when: ansible_service_mgr == "systemd"
+
+    - name: Reload Caddy on OpenRC systems (e.g., Alpine)
+      # Both handlers listen for the same notification
+      listen: "Reload Caddy"
+      # For Alpine, we use the 'command' module to call its service manager
+      command: rc-service caddy reload
+      # This handler ONLY runs on systems with openrc
+      when: ansible_service_mgr == "openrc"
+
diff --git a/deploy_clash.yml b/deploy_clash.yml
new file mode 100644
index 0000000..08ac3e2
--- /dev/null
+++ b/deploy_clash.yml
@@ -0,0 +1,83 @@
+---
+- name: Deploy and Reload Caddy & frpc on Heterogeneous Systems
+  hosts: caddy_servers
+  become: yes
+
+  # # 'pre_tasks' 会在所有常规 'tasks' 之前执行
+  # pre_tasks:
+  #   - name: "(Alpine Only) Ensure Python 3 is installed for Ansible"
+  #     # 使用 'raw' 模块，因为它不依赖 Python
+  #     # 这是一个标准的在 Alpine 上引导 Ansible 的方法
+  #     raw: test -e /usr/bin/python3 || (apk update && apk add python3)
+  #     register: result
+  #     changed_when: "'OK' in result.stdout or 'fetch' in result.stdout"
+  #     # 'when' 条件确保这个任务只在 Alpine 系统上运行
+  #     when: ansible_os_family == "Alpine"
+
+  tasks:
+    # --- Caddy 任务 (保持不变) ---
+    - name: "Copy Caddyfile for {{ inventory_hostname }}"
+      copy:
+        src: "files/{{ inventory_hostname }}/Caddyfile"
+        dest: /etc/caddy/Caddyfile
+        owner: root
+        group: caddy
+        mode: '0644'
+        validate: 'caddy validate --config %s --adapter caddyfile'
+      notify: Reload Caddy
+    # --- 新增的 FRPC 任务 ---
+    - name: "Copy frpc.toml for {{ inventory_hostname }}"
+      # 使用 copy 模块部署 frpc.toml
+      copy:
+        src: "files/{{ inventory_hostname }}/frp/frpc.toml"
+        dest: /etc/frp/frpc.toml
+        owner: root
+        group: root # 根据您服务器上的实际情况，frp的用户组可能是root或frp
+        mode: '0640' # toml文件可能包含敏感信息，使用更严格的权限
+      # 当这个任务只在 192.168.31.102 上执行
+      when: inventory_hostname == "192.168.31.101"
+      # 当文件变更时，通知 "Restart frpc" 这个 handler
+      notify: Restart frpc
+    # --- 新增的 DOCKER COMPOSE 任务 ---
+    - name: "Copy docker-compose.yml for {{ inventory_hostname }}"
+      copy:
+        src: "files/{{ inventory_hostname }}/ddns-go/docker-compose.yml"
+        dest: /root/ddns-go/docker-compose.yml
+        owner: root
+        group: root
+        mode: '0644'
+      when: inventory_hostname == "192.168.31.101"
+      notify: Relaunch Docker Compose application
+
+  handlers:
+    # --- Caddy Handlers (保持不变) ---
+    - name: Reload Caddy on systemd systems (e.g., Ubuntu)
+      # Both handlers listen for the same notification
+      listen: "Reload Caddy"
+      systemd:
+        name: caddy
+        state: reloaded
+      # This handler ONLY runs on systems with systemd
+      when: ansible_service_mgr == "systemd"
+
+    - name: Reload Caddy on OpenRC systems (e.g., Alpine)
+      # Both handlers listen for the same notification
+      listen: "Reload Caddy"
+      # For Alpine, we use the 'command' module to call its service manager
+      command: rc-service caddy reload
+      # This handler ONLY runs on systems with openrc
+      when: ansible_service_mgr == "openrc"
+
+    # --- 新增的 FRPC Handler ---
+    - name: Restart frpc
+      # frpc 运行在 Alpine (OpenRC) 上，所以我们直接使用 command 模块
+      command: rc-service frpc restart
+      # 这个 handler 监听 "Restart frpc" 通知
+      listen: "Restart frpc"
+
+    # --- 新增的 DOCKER COMPOSE Handler ---
+    - name: Relaunch Docker Compose application
+      # 使用 command 模块来执行 docker compose 命令，以应用新的配置
+      # 'docker compose' 是新版语法，如果您的服务器是旧版 docker-compose，请使用 'docker-compose'
+      command: docker compose -f /root/ddns-go/docker-compose.yml up -d --remove-orphans
+      listen: "Relaunch Docker Compose application"
\ No newline at end of file
diff --git a/deploy_docker.yml b/deploy_docker.yml
new file mode 100644
index 0000000..08ac3e2
--- /dev/null
+++ b/deploy_docker.yml
@@ -0,0 +1,83 @@
+---
+- name: Deploy and Reload Caddy & frpc on Heterogeneous Systems
+  hosts: caddy_servers
+  become: yes
+
+  # # 'pre_tasks' 会在所有常规 'tasks' 之前执行
+  # pre_tasks:
+  #   - name: "(Alpine Only) Ensure Python 3 is installed for Ansible"
+  #     # 使用 'raw' 模块，因为它不依赖 Python
+  #     # 这是一个标准的在 Alpine 上引导 Ansible 的方法
+  #     raw: test -e /usr/bin/python3 || (apk update && apk add python3)
+  #     register: result
+  #     changed_when: "'OK' in result.stdout or 'fetch' in result.stdout"
+  #     # 'when' 条件确保这个任务只在 Alpine 系统上运行
+  #     when: ansible_os_family == "Alpine"
+
+  tasks:
+    # --- Caddy 任务 (保持不变) ---
+    - name: "Copy Caddyfile for {{ inventory_hostname }}"
+      copy:
+        src: "files/{{ inventory_hostname }}/Caddyfile"
+        dest: /etc/caddy/Caddyfile
+        owner: root
+        group: caddy
+        mode: '0644'
+        validate: 'caddy validate --config %s --adapter caddyfile'
+      notify: Reload Caddy
+    # --- 新增的 FRPC 任务 ---
+    - name: "Copy frpc.toml for {{ inventory_hostname }}"
+      # 使用 copy 模块部署 frpc.toml
+      copy:
+        src: "files/{{ inventory_hostname }}/frp/frpc.toml"
+        dest: /etc/frp/frpc.toml
+        owner: root
+        group: root # 根据您服务器上的实际情况，frp的用户组可能是root或frp
+        mode: '0640' # toml文件可能包含敏感信息，使用更严格的权限
+      # 当这个任务只在 192.168.31.102 上执行
+      when: inventory_hostname == "192.168.31.101"
+      # 当文件变更时，通知 "Restart frpc" 这个 handler
+      notify: Restart frpc
+    # --- 新增的 DOCKER COMPOSE 任务 ---
+    - name: "Copy docker-compose.yml for {{ inventory_hostname }}"
+      copy:
+        src: "files/{{ inventory_hostname }}/ddns-go/docker-compose.yml"
+        dest: /root/ddns-go/docker-compose.yml
+        owner: root
+        group: root
+        mode: '0644'
+      when: inventory_hostname == "192.168.31.101"
+      notify: Relaunch Docker Compose application
+
+  handlers:
+    # --- Caddy Handlers (保持不变) ---
+    - name: Reload Caddy on systemd systems (e.g., Ubuntu)
+      # Both handlers listen for the same notification
+      listen: "Reload Caddy"
+      systemd:
+        name: caddy
+        state: reloaded
+      # This handler ONLY runs on systems with systemd
+      when: ansible_service_mgr == "systemd"
+
+    - name: Reload Caddy on OpenRC systems (e.g., Alpine)
+      # Both handlers listen for the same notification
+      listen: "Reload Caddy"
+      # For Alpine, we use the 'command' module to call its service manager
+      command: rc-service caddy reload
+      # This handler ONLY runs on systems with openrc
+      when: ansible_service_mgr == "openrc"
+
+    # --- 新增的 FRPC Handler ---
+    - name: Restart frpc
+      # frpc 运行在 Alpine (OpenRC) 上，所以我们直接使用 command 模块
+      command: rc-service frpc restart
+      # 这个 handler 监听 "Restart frpc" 通知
+      listen: "Restart frpc"
+
+    # --- 新增的 DOCKER COMPOSE Handler ---
+    - name: Relaunch Docker Compose application
+      # 使用 command 模块来执行 docker compose 命令，以应用新的配置
+      # 'docker compose' 是新版语法，如果您的服务器是旧版 docker-compose，请使用 'docker-compose'
+      command: docker compose -f /root/ddns-go/docker-compose.yml up -d --remove-orphans
+      listen: "Relaunch Docker Compose application"
\ No newline at end of file
diff --git a/files/.DS_Store b/files/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..5ca31be56ff6f77a7e0cf290ae432232594b89bc
GIT binary patch
literal 6148
zcmeHK%}T>S5T30?Dni?vJ?;~fr2b%Uv7}GX7m!-eLqmG;zAxt4vv1@#Ka|F(Ed@nn
z24=s_WM+5g+a;4FqA+`2<wQdw>OmPhXJ|eVe$U#Hj#>C+kTE8d(G`s;r`wjd8~!2#
zymtfa*R|~1?*8Snk5ihgAM?dSU2Syv{g?d_Rb7_Lb-jcq#!shjgV(!5qE<&lZJu^l
z$LE;($Or3|_21wmj_DE>K9w0|&1^;&`}{xTGPPX3oujH7nH&_;%p>DGT$}-Cz!~@{
z22itEdgqGXIs?vtGq7cVzYh`0SQsWn`E;O>D*&(yvk3a~4+e~E02YQx5f(_$P@ske
zyJ7?lhdr8KVVD#(oPx}Zact&bH<Tc=!yd(*LZRrbGvEv~8933$A=m%;*Z2QskUu#C
z&cMH7Aau(`IYUZTTU*I-t&PxoC=2@~#cc>WQi|crrFaAtfjx2uSQsWnSRno*AT)U6
I4E!ns@BWfTk^lez

literal 0
HcmV?d00001

diff --git a/files/154.204.181.192/Caddyfile b/files/154.204.181.192/Caddyfile
new file mode 100644
index 0000000..0e89adc
--- /dev/null
+++ b/files/154.204.181.192/Caddyfile
@@ -0,0 +1,175 @@
+# The Caddyfile is an easy way to configure your Caddy web server.
+#
+# Unless the file starts with a global options block, the first
+# uncommented line is always the address of your site.
+#
+# To use your own domain name (with automatic HTTPS), first make
+# sure your domain's A/AAAA DNS records are properly pointed to
+# this machine's public IP, then replace ":80" below with your
+# domain name.
+
+#:80 {
+#	# Set this path to your site's directory.
+#	root * /usr/share/caddy
+#
+#	# Enable the static file server.
+#	file_server
+#
+#	# Another common task is to set up a reverse proxy:
+#	# reverse_proxy localhost:8080
+#
+#	# Or serve a PHP site through php-fpm:
+#	# php_fastcgi localhost:9000
+#}
+
+# Refer to the Caddy docs for more information:
+# https://caddyserver.com/docs/caddyfile
+
+# ------------------------------
+# simpla.dev Services
+# ------------------------------
+
+# 定义一个名为 (securityHeaders) 的可重用代码片段
+(securityHeaders) {
+	header {
+		# Strict-Transport-Security (HSTS)
+		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+
+		# X-Frame-Options
+		X-Frame-Options "SAMEORIGIN"
+
+		# X-Content-Type-Options
+		X-Content-Type-Options "nosniff"
+
+		# Referrer-Policy
+		Referrer-Policy "strict-origin-when-cross-origin"
+
+		# Permissions-Policy
+		Permissions-Policy "camera=(), microphone=(), geolocation=()"
+
+		# Content-Security-Policy (CSP) - 通用起点
+		Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests;"
+
+		# 移除 Server 标识
+		-Server
+	}
+}
+
+simpla.dev {
+	# 设置网站根目录
+	root * /srv/simpla.dev
+
+	# 开启文件服务
+	file_server
+	import securityHeaders
+}
+
+hugo.simpla.dev {
+	reverse_proxy http://127.0.0.1:1313
+	# import securityHeaders
+}
+
+daed.simpla.dev {
+	reverse_proxy http://127.0.0.1:2023
+	import securityHeaders
+}
+
+gitea.simpla.dev {
+	reverse_proxy http://127.0.0.1:3000
+	import securityHeaders
+}
+
+lobe.simpla.dev {
+	reverse_proxy http://127.0.0.1:3210
+	# import securityHeaders
+}
+
+fndav.simpla.dev {
+	reverse_proxy http://127.0.0.1:5005
+	# import securityHeaders
+}
+
+openlist.simpla.dev {
+	reverse_proxy http://127.0.0.1:5244
+	# import securityHeaders
+}
+
+fnos.simpla.dev {
+	reverse_proxy http://127.0.0.1:5666
+	# import securityHeaders
+}
+
+frps.simpla.dev {
+	reverse_proxy http://127.0.0.1:7001
+	import securityHeaders
+}
+
+frpc.simpla.dev {
+	reverse_proxy http://127.0.0.1:7400
+	import securityHeaders
+}
+
+pve.simpla.dev {
+	handle {
+		reverse_proxy https://127.0.0.1:8006 {
+			transport http {
+				tls_insecure_skip_verify
+			}
+			header_up Host {http.reverse_proxy.host}
+			header_up X-Forwarded-Host {host}
+		}
+		# import securityHeaders
+	}
+}
+
+kubepi.simpla.dev {
+	reverse_proxy http://127.0.0.1:8090
+	import securityHeaders
+}
+
+ddns.simpla.dev {
+	reverse_proxy http://127.0.0.1:9876
+	import securityHeaders
+}
+
+dify.simpla.dev {
+	reverse_proxy http://127.0.0.1:10080
+	import securityHeaders
+}
+
+1panel.simpla.dev {
+	reverse_proxy http://127.0.0.1:21643
+	import securityHeaders
+}
+
+gotify.simpla.dev {
+	reverse_proxy http://127.0.0.1:40266
+	import securityHeaders
+}
+
+b.simpla.dev {
+	# 将所有收到的请求转发到目标网站
+    reverse_proxy https://b.watch {
+        # (可选) 修改发送到目标服务器的 Host 请求头
+        header_up Host {http.reverse_proxy.upstream.hostport}
+    }
+}
+
+# ------------------------------
+# k3s Services
+# ------------------------------
+
+argocd.simpla.dev {
+	reverse_proxy http://127.0.0.1:20180
+	import securityHeaders
+}
+
+markword.simpla.dev {
+    reverse_proxy http://127.0.0.1:20180
+	import securityHeaders
+}
+
+n8n.simpla.dev {
+    reverse_proxy http://127.0.0.1:20180
+	import securityHeaders
+}
diff --git a/files/192.168.31.100/Caddyfile b/files/192.168.31.100/Caddyfile
new file mode 100644
index 0000000..53997b3
--- /dev/null
+++ b/files/192.168.31.100/Caddyfile
@@ -0,0 +1,178 @@
+# Caddy's configuration file
+# see: https://caddyserver.com/docs/caddyfile
+
+# The Caddyfile is an easy way to configure your Caddy web server.
+#
+# Unless the file starts with a global options block, the first
+# uncommented line is always the address of your site.
+#
+# To use your own domain name (with automatic HTTPS), first make
+# sure your domain's A/AAAA DNS records are properly pointed to
+# this machine's public IP, then replace ":80" below with your
+# domain name.
+
+#:80 {
+#	# Set this path to your site's directory.
+#	root * /usr/share/caddy
+#
+#	# Enable the static file server.
+#	file_server
+#
+#	# Another common task is to set up a reverse proxy:
+#	# reverse_proxy localhost:8080
+#
+#	# Or serve a PHP site through php-fpm:
+#	# php_fastcgi localhost:9000
+#}
+
+# Refer to the Caddy docs for more information:
+# https://caddyserver.com/docs/caddyfile
+
+# ------------------------------
+# simpla.dev Services
+# ------------------------------
+
+# 定义一个名为 (securityHeaders) 的可重用代码片段
+(securityHeaders) {
+	header {
+		# Strict-Transport-Security (HSTS)
+		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+
+		# X-Frame-Options
+		X-Frame-Options "SAMEORIGIN"
+
+		# X-Content-Type-Options
+		X-Content-Type-Options "nosniff"
+
+		# Referrer-Policy
+		Referrer-Policy "strict-origin-when-cross-origin"
+
+		# Permissions-Policy
+		Permissions-Policy "camera=(), microphone=(), geolocation=()"
+
+		# Content-Security-Policy (CSP) - 通用起点
+		Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests;"
+
+		# 移除 Server 标识
+		-Server
+	}
+}
+
+simpla.dev {
+	# 设置网站根目录
+	root * /srv/simpla.dev
+
+	# 开启文件服务
+	file_server
+	import securityHeaders
+}
+
+frps.simpla.dev {
+	reverse_proxy http://154.204.181.192:7001
+	import securityHeaders
+}
+
+pve.simpla.dev {
+	handle {
+		reverse_proxy https://192.168.31.2:8006 {
+			transport http {
+				tls_insecure_skip_verify
+			}
+			header_up Host {http.reverse_proxy.host}
+			header_up X-Forwarded-Host {host}
+		}
+		# import securityHeaders
+	}
+}
+
+fndav.simpla.dev {
+	reverse_proxy http://192.168.31.3:5005
+	# import securityHeaders
+}
+
+fnos.simpla.dev {
+	reverse_proxy http://192.168.31.3:5666
+	# import securityHeaders
+}
+
+hugo.simpla.dev {
+	reverse_proxy http://192.168.31.100:1313
+	# import securityHeaders
+}
+
+gitea.simpla.dev {
+	reverse_proxy http://192.168.31.100:3000
+	import securityHeaders
+}
+
+lobe.simpla.dev {
+	reverse_proxy http://192.168.31.100:3210
+	# import securityHeaders
+}
+
+openlist.simpla.dev {
+	reverse_proxy http://192.168.31.100:5244
+	# import securityHeaders
+}
+
+frpc.simpla.dev {
+	reverse_proxy http://192.168.31.100:7400
+	import securityHeaders
+}
+
+dify.simpla.dev {
+	reverse_proxy http://192.168.31.100:8080
+	import securityHeaders
+}
+
+kubepi.simpla.dev {
+	reverse_proxy http://192.168.31.100:8090
+	import securityHeaders
+}
+
+ddns.simpla.dev {
+	reverse_proxy http://192.168.31.100:9876
+	import securityHeaders
+}
+
+1panel.simpla.dev {
+	reverse_proxy http://192.168.31.100:21643
+	import securityHeaders
+}
+
+gotify.simpla.dev {
+	reverse_proxy http://192.168.31.100:40266
+	import securityHeaders
+}
+
+daed.simpla.dev {
+	reverse_proxy http://192.168.31.200:2023
+	# import securityHeaders
+}
+
+b.simpla.dev {
+	# 将所有收到的请求转发到目标网站
+    reverse_proxy https://b.watch {
+        # (可选) 修改发送到目标服务器的 Host 请求头
+        header_up Host {http.reverse_proxy.upstream.hostport}
+    }
+}
+
+# ------------------------------
+# k3s Services
+# ------------------------------
+
+argocd.simpla.dev {
+	reverse_proxy http://192.168.31.201:80
+	import securityHeaders
+}
+
+markword.simpla.dev {
+    reverse_proxy http://192.168.31.201:80
+	import securityHeaders
+}
+
+n8n.simpla.dev {
+	reverse_proxy http://192.168.31.201:80
+	import securityHeaders
+}
diff --git a/files/192.168.31.100/frp/frpc.toml b/files/192.168.31.100/frp/frpc.toml
new file mode 100644
index 0000000..1f2799f
--- /dev/null
+++ b/files/192.168.31.100/frp/frpc.toml
@@ -0,0 +1,123 @@
+serverAddr = "154.204.181.192"
+serverPort = 15443
+
+auth.method = "token"
+auth.token = "lostecho"
+
+webServer.addr = "0.0.0.0"
+webServer.port = 7400
+webServer.user = "lostecho"
+webServer.password = "Yuanhui1234!"
+webServer.pprofEnable = false
+
+loginFailExit=false
+
+[[proxies]]
+name = "pve"
+type = "tcp"
+localIP = "192.168.31.2"
+localPort = 8006
+remotePort = 8006
+
+[[proxies]]
+name = "fndav"
+type = "tcp"
+localIP = "192.168.31.3"
+localPort = 5005
+remotePort = 5005
+
+[[proxies]]
+name = "fnos"
+type = "tcp"
+localIP = "192.168.31.3"
+localPort = 5666
+remotePort = 5666
+
+[[proxies]]
+name = "hugo"
+type = "tcp"
+localIP = "192.168.31.100"
+localPort = 1313
+remotePort = 1313
+
+[[proxies]]
+name = "gitea"
+type = "tcp"
+localIP = "192.168.31.100"
+localPort = 3000
+remotePort = 3000
+
+[[proxies]]
+name = "lobe"
+type = "tcp"
+localIP = "192.168.31.100"
+localPort = 3210
+remotePort = 3210
+
+[[proxies]]
+name = "openlist"
+type = "tcp"
+localIP = "192.168.31.100"
+localPort = 5244
+remotePort = 5244
+
+[[proxies]]
+name = "frpc"
+type = "tcp"
+localIP = "192.168.31.100"
+localPort = 7400
+remotePort = 7400
+
+[[proxies]]
+name = "dify"
+type = "tcp"
+localIP = "192.168.31.100"
+localPort = 8080
+remotePort = 10080
+
+[[proxies]]
+name = "kubepi"
+type = "tcp"
+localIP = "192.168.31.100"
+localPort = 8090
+remotePort = 8090
+
+[[proxies]]
+name = "ddns"
+type = "tcp"
+localIP = "192.168.31.100"
+localPort = 9876
+remotePort = 9876
+
+[[proxies]]
+name = "1panel"
+type = "tcp"
+localIP = "192.168.31.100"
+localPort = 21643
+remotePort = 21643
+
+[[proxies]]
+name = "gotify"
+type = "tcp"
+localIP = "192.168.31.100"
+localPort = 40266
+remotePort = 40266
+
+[[proxies]]
+name = "daed"
+type = "tcp"
+localIP = "192.168.31.200"
+localPort = 2023
+remotePort = 2023
+
+[[proxies]]
+name = "k8s"
+type = "tcp"
+localIP = "192.168.31.201"
+localPort = 80
+remotePort = 20180
+
+# tls
+#transport.tls.certFile = "/etc/frp/ssl/client.crt"
+#transport.tls.keyFile = "/etc/frp/ssl/client.key"
+#transport.tls.trustedCaFile = "/etc/frp/ssl/ca.crt"
diff --git a/files/192.168.31.100/openlist/docker-compose.yml b/files/192.168.31.100/openlist/docker-compose.yml
new file mode 100644
index 0000000..3223083
--- /dev/null
+++ b/files/192.168.31.100/openlist/docker-compose.yml
@@ -0,0 +1,14 @@
+version: '3.3'
+services:
+  openlist:
+    image: 'openlistteam/openlist:latest'
+    container_name: openlist
+    volumes:
+      - './data:/opt/openlist/data'
+    ports:
+      - '5244:5244'
+    environment:
+      - PUID=0
+      - PGID=0
+      - UMASK=022
+    restart: unless-stopped
diff --git a/inventory.ini b/inventory.ini
new file mode 100644
index 0000000..02d4454
--- /dev/null
+++ b/inventory.ini
@@ -0,0 +1,17 @@
+[caddy_servers]
+# 本地 1panel 服务器
+192.168.31.100
+
+# 远程 Ubuntu 服务器
+154.204.181.192
+
+[all:vars]
+# 请替换成您登录服务器的用户名
+ansible_user=root
+
+# --- 可选配置 ---
+# 如果您的本地服务器不需要通过SSH，而是直接在本机执行
+192.168.31.100 ansible_ssh_private_key_file=~/.ssh/id_ed25519.pub
+
+# 如果您的远程服务器需要使用特定的SSH密钥
+154.204.181.192 ansible_ssh_private_key_file=~/.ssh/id_ed25519.pub