ansible-proxy-chain/openspec/changes/archive/2026-04-22-fix-ss-vars-in-surge-template/design.md

Context

ss_port, ss_cipher, and ss_password are scoped to the relay group via group_vars/relay.yml. The Surge template on localhost can't access them directly. It already uses hostvars[groups['relay'][0]] to get ansible_host, so the same approach works for SS variables.

Goals / Non-Goals

Goals:

• Make SS variables accessible from the localhost play via hostvars

Non-Goals:

• No changes to the Surge config content or structure

Decisions

Change line 6 of the template from:

{{ ss_port }} → {{ hostvars[groups['relay'][0]]['ss_port'] }}
{{ ss_cipher }} → {{ hostvars[groups['relay'][0]]['ss_cipher'] }}
{{ ss_password }} → {{ hostvars[groups['relay'][0]]['ss_password'] }}