Commit Graph

32 Commits

Author SHA1 Message Date
shenlan
c71a76c0d4 feat: add Vultr landing zone baseline 2025-09-29 18:50:37 +08:00
shenlan
d836b59794 feat: align pulumi modules with alicloud landing zone 2025-09-26 15:04:36 +08:00
Haitao Pan
13501153cd refactor(setup-dnat): refactor overlay config loading and current node variable extraction
- Replaced include_vars with set_fact to load overlay_config_path using standard YAML parser
- Combined overlay_data.sites and overlay_data.hubs to search for the current node by inventory_hostname
2025-05-19 10:44:26 +08:00
Haitao Pan
a1aa9fc5fd Support multi-peer site connections and unify node access structure, enhance tproxy configuration flexibility:
- Merge hubs and sites into node_map for unified access
- Refactor xray tproxy to use node_map and xray_xxx variables
- Update tproxy-config.json template references accordingly
- add vpn-keys entries including us-proxy, ca-proxy, icp-huawei
- Support list format for wireguard_peer to allow multiple peer connections
2025-05-14 17:51:23 +08:00
Haitao Pan
df5547e26c config(icp-aliyun): add WireGuard keys and xray client config 2025-05-12 16:25:56 +08:00
Haitao Pan
d8367ba012 feat(vpn-overlay): dynamic Endpoint switching and WireGuard keys generation
- Support dynamic AllowedIPs and Endpoint based on enable_vless
- Fix wg1 -> wg0 in iptables rules
- Update config files
- Support dynamic WireGuard keys generation in gen_wireguard_keys.sh
2025-04-27 15:28:16 +08:00
Haitao Pan
24c6ff4de4 Merge branch 'main' into vpn-overlay 2025-04-27 13:49:15 +08:00
Haitao Pan
6c874ae754 feat(vxlan-overlay-hub): added and modified Ansible roles
- Added new role 'vxlan-overlay-hub' to ansible playbooks
- Renamed vpn-overlay.yaml playbook to vpn-overlay-vxlan-site.yaml
- Modified sit/vpn-overlay configuration according to the new setup
2025-04-23 11:48:51 +08:00
Haitao Pan
e9bd6ca9a8 feat(vpn-overlay): add deepflow-demo site config with VLESS WS+TLS
- Added new site 'deepflow-demo' under sit environment
- Configured WireGuard IP, bridge IP, local/remote IP
- Set VLESS endpoint (WS+TLS) with UUID and path
2025-04-22 14:09:53 +08:00
Haitao Pan
ee5ae8759b refactor(wireguard-hub): restructure role path and update config files
- Moved WireGuard Hub role into playbooks directory structure
- Updated vpn-wireguard-hub.yaml to match new role path
- Modified vpn-keys.yaml and vpn-overlay.yaml
2025-04-18 15:56:21 +08:00
Haitao Pan
5595e809ca refactor(xray-tproxy): split TProxy role from hub 2025-04-18 11:21:30 +08:00
Haitao Pan
c5514f91be feat(xray-hub): add tproxy and systemd templates; update config rendering
- Add systemd templates: xray.service.j2, xray-tproxy.service.j2
- Update config.json.j2 and tproxy-config.json.j2 for per-node xray vars
- Modify main.yml to support template rendering with become
- Extend vpn-overlay.yaml with relay_address, relay_port and remote_domain
2025-04-14 21:50:53 +08:00
shenlan
8425229ecf
Merge branch 'main' into vpn-overlay 2025-04-12 19:41:33 +08:00
Haitao Pan
f8eb593d48 feat(xray): add hub role with dynamic config and playbook integration
- Add playbook: vpn-xray-hub.yaml
- Add Ansible role: vpn-overlay xray hub
- Update vpn-overlay.yaml to include per-node xray config (uuid, domain, cert paths)
2025-04-12 19:37:14 +08:00
Haitao Pan
7f21f2802b feat(vpn-overlay): add WireGuard hub role and config updates
- Added new role: wireguard/hub with tasks, defaults, and template
- Added vpn-wireguard-hub.yaml playbook
- Updated vpn-overlay.yaml with hub definitions
2025-04-12 18:57:33 +08:00
Haitao Pan
72e99501a1 chore(config): update firewall and VPN overlay settings
- allow UDP 51820 for WireGuard
- remove 10.253.0.0/16 from allowed IPs in WireGuard site configs
2025-04-07 20:10:49 +08:00
Haitao Pan
4d349ca572 feat(config): update master-1,slave-1 VPN Overlay IP 2025-04-07 15:31:53 +08:00
Haitao Pan
fcef8d55fd feat(config): add WireGuard key pair config for deepflow-demo maintenance 2025-04-07 13:33:45 +08:00
Haitao Pan
5be8955ff5 feat: enhance WireGuard VPN Overlay deployment and DNAT support
Changes:
- Fixed wg0.conf.j2 template variables
- Refactored wireguard/site logic to support dynamic peer/key selection
- Updated defaults, playbook entry, and install script for consistency

Tested:
 NodePort 443 + DNAT verified from master/slave nodes and external curl
2025-04-06 17:50:32 +08:00
Haitao Pan
bd8553f20e feat(vpn-overlay): add WireGuard Site role 2025-04-06 13:29:01 +08:00
Haitao Pan
d38c4770ac feat: Add VXLAN over WireGuard support with site automation
- Enabled VXLAN over L3 via WireGuard tunnel;
- Standardized Ansible role structure for `vpn-overlay`;
- Integrated systemd service management via `vxlan-setup.service`;
- Configured per-site VXLAN overlay in `config/sit/vpn-overlay.yaml`;
2025-04-06 00:08:17 +08:00
Haitao Pan
d7871dc331 feat(ansible): add Linux OS setup role (vhosts/common) 2025-04-05 17:46:23 +08:00
Haitao Pan
1f40718d3f Merge branch 'main' into vpn-overlay 2025-04-05 10:57:46 +08:00
Haitao Pan
a06d872a75 feat: refine firewall rules and improve AMI resolution
- Renamed and split firewall rules by VPC
- Refactored resolve_ami() to reduce duplication and improve extensibility
2025-04-04 21:35:06 +08:00
Haitao Pan
9bcefe35a2 feat(iac): support multi-VPC & multi-SG binding for EC2 instances 2025-04-03 23:01:09 +08:00
Haitao Pan
f4a426c4c3 Merge branch 'main' into vpn-overlay 2025-04-03 21:34:23 +08:00
Haitao Pan
c5a776dca2 feat(vpc): auto-create and associate route tables based on subnet type 2025-04-03 21:07:51 +08:00
Haitao Pan
fd68db5812 feat(vpc): support multiple VPC definitions in config and Pulumi module 2025-04-03 14:42:17 +08:00
Haitao Pan
be60f3e617 feat(script): add vpn-overlay config 2025-04-02 15:19:12 +08:00
Haitao Pan
fe99e929de Simplify Pulumi passphrase and teardown process
- Auto-load ~/.pulumi-passphrase if available
- Improve 'down' command: destroy → refresh → stack rm
- Default EC2 instances to associate public IP
- Cleaned up help menu and removed old 'delete' logic
2025-03-31 10:09:30 +08:00
Haitao Pan
af8a848faa feat(iac): 完善 EC2/VPC/SG 模块,支持 AMI 自动解析与资源依赖控制
- 💡 支持 config/ 中通过关键词定义 EC2 实例的 AMI(如 'Ubuntu 22.04')
- ⚙️ 安全组规则支持 source_ranges/egress_ranges 配置化控制
-  增强 create_instances 函数,支持 user_data、spot/ondemand、TTL、owner 等标签
- 🔗 自动构建依赖关系,确保 VPC/Subnet/SG 完成后再部署 EC2
- ☁️ 使用 boto3 检查 AWS credentials,有效支持 ~/.aws/config profile 管理
- 🛠️ 支持 config 中动态启用/禁用模块(vpc/security_group/ec2)
- 🌐 完整验证 pulumi up/destroy/refresh 流程,确保干净状态

This commit enables modular, dynamic provisioning of AWS VPC, EC2 and Security Groups with Pulumi.
Supports keyword-based AMI resolution, secure profile-based credential loading, and full lifecycle control.
2025-03-30 20:30:08 +08:00
Haitao Pan
c2020da184 feat(iac): Refactor structure and support multi-environment config loading
- Add config/sit and other environment-specific config directories
- Refactor deploy.py to support CONFIG_PATH environment variable
- Enable automatic merging of config/*/*.yaml files
- Enhance run.sh with Pulumi/Ansible/Terraform initialization checks
- Add inventory.py to dynamically generate Ansible hosts
- Improve ec2_instance.py with modular instance creation
- Organize base.yaml, vpc.yaml and related config files"
2025-03-29 11:09:24 +08:00