首頁 探索 說明
登入
kotoyuuko
/
ansible-proxy
1
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: 5053ace211
分支列表 標籤列表
ansible-proxy
/
openspec
/
specs
/
snell-service
/
spec.md

spec.md 2.5 KB
文件歷史 原始文件

ADDED Requirements

Requirement: Snell binary is installed

The snell role SHALL download and install the Snell server binary from official release artifacts to /usr/local/bin/snell-server. The version SHALL be configurable via snell_version.

Scenario: Fresh installation

  • WHEN the snell role runs on a server without Snell installed
  • THEN the specified version of the Snell binary is downloaded and installed
  • THEN the binary is executable

Scenario: Version upgrade

  • WHEN snell_version is changed and the playbook is re-run
  • THEN the binary is replaced with the new version
  • THEN the Snell service is restarted

Requirement: Snell configuration is templated

The snell role SHALL generate a configuration file at /etc/snell/snell-server.conf from a Jinja2 template. The configuration SHALL include: listen address, psk (pre-shared key), and ipv6 setting.

Scenario: Configuration is generated from template

  • WHEN the snell role runs
  • THEN the config file is rendered with listen address, PSK, and ipv6 setting
  • THEN the config file permissions are restricted (readable only by root or snell service user)

Scenario: Configuration change triggers restart

  • WHEN a snell variable is changed and the playbook is re-run
  • THEN the configuration file is updated
  • THEN the Snell service is restarted via handler

Requirement: Snell runs as a systemd service

The snell role SHALL create a systemd unit file for Snell and ensure it is enabled and started.

Scenario: Service is running

  • WHEN the snell role completes
  • THEN the Snell systemd service is enabled and running
  • THEN the service runs under a dedicated non-root user

Requirement: Snell port is allowed through UFW

The snell role SHALL allow the Snell listen port through UFW.

Scenario: Firewall allows Snell port

  • WHEN the snell role runs with snell_port: 61080
  • THEN UFW allows incoming TCP traffic on port 61080

Requirement: Snell PSK is auto-generated and persisted

The snell role SHALL default the pre-shared key to an auto-generated value from credentials/snell_psk, with manual override supported via snell_psk variable.

Scenario: PSK uses auto-generated default

  • WHEN the snell role runs without manual override
  • THEN the PSK comes from credentials/snell_psk lookup value
  • THEN if the credential file does not exist, a new 32-character random value is generated and saved