diff --git a/states/roles/maintain/deluge/firewalld-direct.xml b/states/roles/maintain/deluge/firewalld-direct.xml
new file mode 100644
index 0000000..6536cb5
--- /dev/null
+++ b/states/roles/maintain/deluge/firewalld-direct.xml
@@ -0,0 +1,7 @@
+
+
+ -m owner --gid-owner deluge -o lo -j ACCEPT
+ -m owner --uid-owner deluge -p tcp --dport 53 -j ACCEPT
+ -m owner --uid-owner deluge -p udp --dport 53 -j ACCEPT
+ -m owner --gid-owner deluge '!' -o tun0 -j REJECT
+
diff --git a/states/roles/maintain/deluge/init.sls b/states/roles/maintain/deluge/init.sls
index 8f8b97a..90f7964 100644
--- a/states/roles/maintain/deluge/init.sls
+++ b/states/roles/maintain/deluge/init.sls
@@ -5,6 +5,9 @@ deluge:
python2-mako:
pkg.installed
+deluge-vpn-pkg:
+ pkg.installed:
+ - name: openvpn
#This should be handled by backup and restore states
#{% if not salt['file.directory_exists']('/srv/deluge/.config/deluge') %}
@@ -24,3 +27,39 @@ deluged:
deluge-web:
service.running:
- enable: true
+
+/etc/firewalld/direct.xml:
+ file.managed:
+ - source: salt://roles/maintain/deluge/firewalld-direct.xml
+ - user: root
+ - group: root
+ - mode: 644
+
+/etc/openvpn/client/windscribe-denmark.conf:
+ file.managed:
+ - source: salt://roles/maintain/deluge/windscribe-denmark.conf
+ - user: root
+ - group: root
+ - mode: 644
+
+/etc/openvpn/client/windscribe.login:
+ file.managed:
+ - source: salt://secure/files/windscribe.login
+ - user: root
+ - group: root
+ - mode: 644
+
+openvpn-client@windscribe-denmark:
+ service.running:
+ - enable: true
+ - watch:
+ - file: /etc/openvpn/client/windscribe-denmark.conf
+ - file: /etc/openvpn/client/windscribe.login
+
+
+deluge-firewall:
+ service.running:
+ - name: firewalld
+ - enable: true
+ - watch:
+ - file: /etc/firewalld/direct.xml
diff --git a/states/roles/maintain/deluge/windscribe-denmark.conf b/states/roles/maintain/deluge/windscribe-denmark.conf
new file mode 100644
index 0000000..56e9647
--- /dev/null
+++ b/states/roles/maintain/deluge/windscribe-denmark.conf
@@ -0,0 +1,77 @@
+client
+dev tun
+proto udp
+remote dk.windscribe.com 1194
+
+nobind
+auth-user-pass windscribe.login
+
+resolv-retry infinite
+
+auth SHA512
+cipher AES-256-CBC
+keysize 256
+comp-lzo
+verb 2
+mute-replay-warnings
+remote-cert-tls server
+persist-key
+persist-tun
+
+key-direction 1
+
+-----BEGIN CERTIFICATE-----
+MIIF3DCCA8SgAwIBAgIJAMsOivWTmu9fMA0GCSqGSIb3DQEBCwUAMHsxCzAJBgNV
+BAYTAkNBMQswCQYDVQQIDAJPTjEQMA4GA1UEBwwHVG9yb250bzEbMBkGA1UECgwS
+V2luZHNjcmliZSBMaW1pdGVkMRMwEQYDVQQLDApPcGVyYXRpb25zMRswGQYDVQQD
+DBJXaW5kc2NyaWJlIE5vZGUgQ0EwHhcNMTYwMzA5MDMyNjIwWhcNNDAxMDI5MDMy
+NjIwWjB7MQswCQYDVQQGEwJDQTELMAkGA1UECAwCT04xEDAOBgNVBAcMB1Rvcm9u
+dG8xGzAZBgNVBAoMEldpbmRzY3JpYmUgTGltaXRlZDETMBEGA1UECwwKT3BlcmF0
+aW9uczEbMBkGA1UEAwwSV2luZHNjcmliZSBOb2RlIENBMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEAruBtLR1Vufd71LeQEqChgHS4AQJ0fSRner0gmZPE
+r2TL5uWboOEWXFFoEUTthF+P/N8yy3xRZ8HhG/zKlmJ1xw+7KZRbTADD6shJPj3/
+uvTIO80sU+9LmsyKSWuPhQ1NkgNA7rrMTfz9eHJ2MVDs4XCpYWyX9iuAQrHSY6aP
+q+4TpCbUgprkM3Gwjh9RSt9IoDoc4CF2bWSaVepUcL9yz/SXLPzFx2OT9rFrDhL3
+ryHRzJQ/tA+VD8A7lo8bhOcDqiXgEFmVOZNMLw+r167Qq1Ck7X86yr2mnW/6HK2g
+JOvY0/SPKukfGJAiYZKdG+fe4ekyYcAVhDfPJg7rF9wUqPwUzejJyAs1K18JwX94
+Y8fnD6vQobjpC3qfHtwQP7Uj2AcI6QC8ytWDegV6UIkHXAMXBQSX5suSQoE11deG
+32cy7nyp5vhgy31rTyNoopqlcCAhPm6k0jVVQbvXhLcpTSL8iCCoMdrP28i/xsfv
+ktBAkl5giHMdK6hxqWgPI+Bx9uPIhRp3fJ2z8AgFm8g1ARB2ZzQ+OZZ2RUIkJuUK
+hi2kUhgKSAQ+eF89aoqDjp/J1miZqGRzt4DovSZfQOeL01RkKHEibAPYCfgHG2ZS
+woLoeaxE2vNZiX4dpXiOQYTOIXOwEPZzPvfTQf9T4Kxvx3jzQnt3PzjlMCqKk3Ai
+pm8CAwEAAaNjMGEwHQYDVR0OBBYEFEH2v9F2z938Ebngsj9RkVSSgs45MB8GA1Ud
+IwQYMBaAFEH2v9F2z938Ebngsj9RkVSSgs45MA8GA1UdEwEB/wQFMAMBAf8wDgYD
+VR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQAgI6NgYkVo5rB6yKStgHjj
+ZsINsgEvoMuHwkM0YaV22XtKNiHdsiOmY/PGCRemFobTEHk5XHcvcOTWv/D1qVf8
+fI21WAoNQVH7h8KEsr4uMGKCB6Lu8l6xALXRMjo1xb6JKBWXwIAzUu691rUD2exT
+1E+A5t+xw+gzqV8rWTMIoUaH7O1EKjN6ryGW71Khiik8/ETrP3YT32ZbS2P902iM
+Kw9rpmuS0wWhnO5k/iO/6YNA1ZMV5JG5oZvZQYEDk7enLD9HvqazofMuy/Sz/n62
+ZCDdQsnabzxl04wwv5Y3JZbV/6bOM520GgdJEoDxviY05ax2Mz05otyBzrAVjFw9
+RZt/Ls8ATifu9BusZ2ootvscdIuE3x+ZCl5lvANcFEnvgGw0qpCeASLpsfxwq1dR
+gIn7BOiTauFv4eoeFAQvCD+l+EKGWKu3M2y19DgYX94N2+Xs2bwChroaO5e4iFem
+MLMuWKZvYgnqS9OAtRSYWbNX/wliiPz7u13yj+qSWgMfu8WPYNQlMZJXuGWUvKLE
+XCUExlu7/o8D4HpsVs30E0pUdaqN0vExB1KegxPWWrmLcYnPG3knXpkC3ZBZ5P/e
+l/2eyhZRy9ydiITF8gM3L08E8aeqvzZMw2FDSmousydIzlXgeS5VuEf+lUFA2h8o
+ZYGQgrLt+ot8MbLhJlkp4Q==
+-----END CERTIFICATE-----
+
+
+-----BEGIN OpenVPN Static key V1-----
+5801926a57ac2ce27e3dfd1dd6ef8204
+2d82bd4f3f0021296f57734f6f1ea714
+a6623845541c4b0c3dea0a050fe6746c
+b66dfab14cda27e5ae09d7c155aa554f
+399fa4a863f0e8c1af787e5c602a801d
+3a2ec41e395a978d56729457fe6102d7
+d9e9119aa83643210b33c678f9d4109e
+3154ac9c759e490cb309b319cf708cae
+83ddadc3060a7a26564d1a24411cd552
+fe6620ea16b755697a4fc5e6e9d0cfc0
+c5c4a1874685429046a424c026db672e
+4c2c492898052ba59128d46200b40f88
+0027a8b6610a4d559bdc9346d33a0a6b
+08e75c7fd43192b162bfd0aef0c716b3
+1584827693f676f9a5047123466f0654
+eade34972586b31c6ce7e395f4b478cb
+-----END OpenVPN Static key V1-----
+
diff --git a/states/roles/maintain/gogs/app.ini b/states/roles/maintain/gogs/app.ini
index fa4734a..4bd0d28 100644
--- a/states/roles/maintain/gogs/app.ini
+++ b/states/roles/maintain/gogs/app.ini
@@ -199,7 +199,7 @@ RESET_PASSWD_CODE_LIVE_MINUTES = 180
; User need to confirm e-mail for registration
REGISTER_EMAIL_CONFIRM = false
; Does not allow register and admin create account only
-DISABLE_REGISTRATION = false
+DISABLE_REGISTRATION = true
; User must sign in to view anything.
REQUIRE_SIGNIN_VIEW = false
; Mail notification
diff --git a/states/roles/maintain/nginx-proxy/auth.conf b/states/roles/maintain/nginx-proxy/auth.conf
index a7b7171..53286e5 100644
--- a/states/roles/maintain/nginx-proxy/auth.conf
+++ b/states/roles/maintain/nginx-proxy/auth.conf
@@ -17,7 +17,7 @@
proxy_set_header Host $http_host;
proxy_set_header Content-Length "";
- proxy_pass https://authelia.actcur.com/verify;
+ proxy_pass https://authelia.actcur.com/api/verify;
}
{% elif location == "2" %}
diff --git a/states/roles/maintain/nginx-proxy/portal.conf b/states/roles/maintain/nginx-proxy/portal.conf
index 6f8a6b4..ca6fb54 100644
--- a/states/roles/maintain/nginx-proxy/portal.conf
+++ b/states/roles/maintain/nginx-proxy/portal.conf
@@ -24,7 +24,7 @@ server {
proxy_set_header Host $http_host;
proxy_set_header Content-Length "";
- proxy_pass https://authelia.actcur.com/verify;
+ proxy_pass https://authelia.actcur.com/api/verify;
}
location /unauthenticated.php {