ホーム エクスプローラ ヘルプ
サインイン
kotoyuuko
/
ansible-proxy-chain
1
0
フォーク 0
ファイル 課題 0 プルリクエスト 0 Wiki
ツリー: 1a97d299df
ブランチ タグ
ansible-proxy-c...
/
openspec
/
specs
/
auto-credentials
/
spec.md

spec.md 2.2 KB
履歴 Raw

ADDED Requirements

Requirement: SS password is auto-generated on first run

The playbook SHALL generate a random 32-character alphanumeric password for Shadowsocks on first run, persisted to credentials/ss_password on the Ansible controller.

Scenario: First run generates password

  • WHEN the playbook runs for the first time and credentials/ss_password does not exist
  • THEN a random 32-character password is generated and saved to credentials/ss_password
  • THEN the generated password is used for SS configuration

Scenario: Subsequent runs reuse password

  • WHEN the playbook runs again and credentials/ss_password exists
  • THEN the existing password is read and reused

Requirement: SS port is auto-generated on first run

The playbook SHALL generate a random port in the 10000–49999 range for Shadowsocks on first run, persisted to credentials/ss_port.

Scenario: First run generates port

  • WHEN the playbook runs for the first time and credentials/ss_port does not exist
  • THEN a random port number (10000–49999) is generated and saved
  • THEN the generated port is used for SS configuration and UFW rules

Requirement: Trojan password is auto-generated on first run

The playbook SHALL generate a random 32-character alphanumeric password for Trojan on first run, persisted to credentials/trojan_password.

Scenario: First run generates password

  • WHEN the playbook runs for the first time and credentials/trojan_password does not exist
  • THEN a random 32-character password is generated and saved

Requirement: Credentials directory is gitignored

The credentials/ directory SHALL be listed in .gitignore to prevent secrets from being committed.

Scenario: Gitignore includes credentials

  • WHEN the repository is inspected
  • THEN .gitignore contains entries for credentials/ and output/

Requirement: Manual override is supported

Users SHALL be able to override auto-generated values by setting variables via --extra-vars or in group_vars.

Scenario: Manual override via extra-vars

  • WHEN the playbook is run with --extra-vars "ss_password=my-custom-pass"
  • THEN the custom value is used instead of the auto-generated one