Роли¶
Основные (VPN серверы)¶
| Роль | Описание | Вызывается из |
|---|---|---|
ssh |
SSH hardening, ключи, revoke, MaxStartups/MaxSessions | vpn.yml, ssh.yml |
ufw |
UFW firewall (22, 80, 443, 1443, xray_port, 9100) | vpn.yml, ufw.yml |
sysctl |
37 kernel params + BBR + conntrack + ulimits + systemd limits | vpn.yml, sysctl.yml |
nginx |
Nginx + dhparam + certbot + cron renewal | vpn.yml |
node_exporter |
Prometheus node_exporter + htpasswd + UFW 9100 | vpn.yml, node_exporter.yml |
vpn |
3x-ui container + docker-compose + nginx xray.conf | vpn.yml |
Инфраструктурные¶
| Роль | Описание |
|---|---|
server-ubuntu |
Base packages, Docker, swap, optimization (services, daemon.json, RPS, journald) |
grafana |
Grafana + Prometheus + Loki + AlertManager |
loki |
Fluent Bit → Loki log collection |
prometheus |
Prometheus standalone |
vaultwarden |
Bitwarden self-hosted |
mkdocs |
MkDocs wiki deployment |
gitlab |
GitLab runner |
VPN-специфичные¶
| Роль | Описание |
|---|---|
naiveproxy-server |
Caddy-based NaiveProxy (Caddyfile + systemd) |
remnawave-node |
Remnawave VPN node (gRPC + mTLS) |
xray |
Legacy xray role |
server-ubuntu task files¶
| Task file | Что делает |
|---|---|
start.yml |
apt cache update |
docker.yml |
Docker install, user, groups |
base.yml |
30+ packages, fail2ban |
ssh.yml |
→ делегирует в roles/ssh |
sysctl.yml |
→ делегирует в roles/sysctl |
ufw.yml |
→ делегирует в roles/ufw |
nginx.yml |
→ делегирует в roles/nginx |
node_exporter.yml |
→ делегирует в roles/node_exporter |
optimization.yml |
Services disable, Docker daemon.json, I/O scheduler, RPS, nginx workers, journald |
swapfile.yml |
Swap creation/resize |
end.yml |
apt autoclean/autoremove |