design.md 1.4 KB
Context
The Surge template at templates/surge-client.conf.j2 defines the relay proxy as:
Relay-SS = ss, {{ hostvars[groups['relay'][0]]['ansible_host'] }}, ...
This hardcodes the relay server's IP. The landing server already uses a trojan_domain variable for its proxy entry, so the relay should follow the same pattern for consistency and operational flexibility.
Goals / Non-Goals
Goals:
- Introduce a
relay_domainvariable ingroup_vars/relay.yml - Use it in the Surge template instead of the raw IP
- Keep the variable pattern consistent with the existing
trojan_domainapproach
Non-Goals:
- DNS or TLS configuration for the relay server
- Changing the Shadowsocks protocol or connection behavior
Decisions
Define relay_domain in group_vars/relay.yml
The relay domain is specific to the relay server, so it belongs in group_vars/relay.yml rather than all.yml. The Surge template already reads variables from hostvars for the relay (e.g., ss_port, ss_password), so relay_domain will be read the same way.
Use a simple relay_domain variable, not a lookup
Unlike ss_port which needs a random password lookup, the domain is a static value set by the user. A plain string variable is sufficient.
Risks / Trade-offs
- [DNS dependency] → The relay domain must resolve to the relay server's IP; this is an operational prerequisite outside Ansible's scope