From 88f233134d1193ac0bccc21439b12465c73c8968 Mon Sep 17 00:00:00 2001 From: Beth Parker Date: Fri, 5 Jan 2018 23:58:08 -0600 Subject: [PATCH] Added windscribe support for deluge and updated nginx authelia config --- .../maintain/deluge/firewalld-direct.xml | 7 ++ states/roles/maintain/deluge/init.sls | 39 ++++++++++ .../maintain/deluge/windscribe-denmark.conf | 77 +++++++++++++++++++ states/roles/maintain/gogs/app.ini | 2 +- states/roles/maintain/nginx-proxy/auth.conf | 2 +- states/roles/maintain/nginx-proxy/portal.conf | 2 +- 6 files changed, 126 insertions(+), 3 deletions(-) create mode 100644 states/roles/maintain/deluge/firewalld-direct.xml create mode 100644 states/roles/maintain/deluge/windscribe-denmark.conf diff --git a/states/roles/maintain/deluge/firewalld-direct.xml b/states/roles/maintain/deluge/firewalld-direct.xml new file mode 100644 index 0000000..6536cb5 --- /dev/null +++ b/states/roles/maintain/deluge/firewalld-direct.xml @@ -0,0 +1,7 @@ + + + -m owner --gid-owner deluge -o lo -j ACCEPT + -m owner --uid-owner deluge -p tcp --dport 53 -j ACCEPT + -m owner --uid-owner deluge -p udp --dport 53 -j ACCEPT + -m owner --gid-owner deluge '!' -o tun0 -j REJECT + diff --git a/states/roles/maintain/deluge/init.sls b/states/roles/maintain/deluge/init.sls index 8f8b97a..90f7964 100644 --- a/states/roles/maintain/deluge/init.sls +++ b/states/roles/maintain/deluge/init.sls @@ -5,6 +5,9 @@ deluge: python2-mako: pkg.installed +deluge-vpn-pkg: + pkg.installed: + - name: openvpn #This should be handled by backup and restore states #{% if not salt['file.directory_exists']('/srv/deluge/.config/deluge') %} @@ -24,3 +27,39 @@ deluged: deluge-web: service.running: - enable: true + +/etc/firewalld/direct.xml: + file.managed: + - source: salt://roles/maintain/deluge/firewalld-direct.xml + - user: root + - group: root + - mode: 644 + +/etc/openvpn/client/windscribe-denmark.conf: + file.managed: + - source: salt://roles/maintain/deluge/windscribe-denmark.conf + - user: root + - group: root + - mode: 644 + +/etc/openvpn/client/windscribe.login: + file.managed: + - source: salt://secure/files/windscribe.login + - user: root + - group: root + - mode: 644 + +openvpn-client@windscribe-denmark: + service.running: + - enable: true + - watch: + - file: /etc/openvpn/client/windscribe-denmark.conf + - file: /etc/openvpn/client/windscribe.login + + +deluge-firewall: + service.running: + - name: firewalld + - enable: true + - watch: + - file: /etc/firewalld/direct.xml diff --git a/states/roles/maintain/deluge/windscribe-denmark.conf b/states/roles/maintain/deluge/windscribe-denmark.conf new file mode 100644 index 0000000..56e9647 --- /dev/null +++ b/states/roles/maintain/deluge/windscribe-denmark.conf @@ -0,0 +1,77 @@ +client +dev tun +proto udp +remote dk.windscribe.com 1194 + +nobind +auth-user-pass windscribe.login + +resolv-retry infinite + +auth SHA512 +cipher AES-256-CBC +keysize 256 +comp-lzo +verb 2 +mute-replay-warnings +remote-cert-tls server +persist-key +persist-tun + +key-direction 1 + +-----BEGIN CERTIFICATE----- +MIIF3DCCA8SgAwIBAgIJAMsOivWTmu9fMA0GCSqGSIb3DQEBCwUAMHsxCzAJBgNV +BAYTAkNBMQswCQYDVQQIDAJPTjEQMA4GA1UEBwwHVG9yb250bzEbMBkGA1UECgwS +V2luZHNjcmliZSBMaW1pdGVkMRMwEQYDVQQLDApPcGVyYXRpb25zMRswGQYDVQQD +DBJXaW5kc2NyaWJlIE5vZGUgQ0EwHhcNMTYwMzA5MDMyNjIwWhcNNDAxMDI5MDMy +NjIwWjB7MQswCQYDVQQGEwJDQTELMAkGA1UECAwCT04xEDAOBgNVBAcMB1Rvcm9u +dG8xGzAZBgNVBAoMEldpbmRzY3JpYmUgTGltaXRlZDETMBEGA1UECwwKT3BlcmF0 +aW9uczEbMBkGA1UEAwwSV2luZHNjcmliZSBOb2RlIENBMIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEAruBtLR1Vufd71LeQEqChgHS4AQJ0fSRner0gmZPE +r2TL5uWboOEWXFFoEUTthF+P/N8yy3xRZ8HhG/zKlmJ1xw+7KZRbTADD6shJPj3/ +uvTIO80sU+9LmsyKSWuPhQ1NkgNA7rrMTfz9eHJ2MVDs4XCpYWyX9iuAQrHSY6aP +q+4TpCbUgprkM3Gwjh9RSt9IoDoc4CF2bWSaVepUcL9yz/SXLPzFx2OT9rFrDhL3 +ryHRzJQ/tA+VD8A7lo8bhOcDqiXgEFmVOZNMLw+r167Qq1Ck7X86yr2mnW/6HK2g +JOvY0/SPKukfGJAiYZKdG+fe4ekyYcAVhDfPJg7rF9wUqPwUzejJyAs1K18JwX94 +Y8fnD6vQobjpC3qfHtwQP7Uj2AcI6QC8ytWDegV6UIkHXAMXBQSX5suSQoE11deG +32cy7nyp5vhgy31rTyNoopqlcCAhPm6k0jVVQbvXhLcpTSL8iCCoMdrP28i/xsfv +ktBAkl5giHMdK6hxqWgPI+Bx9uPIhRp3fJ2z8AgFm8g1ARB2ZzQ+OZZ2RUIkJuUK +hi2kUhgKSAQ+eF89aoqDjp/J1miZqGRzt4DovSZfQOeL01RkKHEibAPYCfgHG2ZS +woLoeaxE2vNZiX4dpXiOQYTOIXOwEPZzPvfTQf9T4Kxvx3jzQnt3PzjlMCqKk3Ai +pm8CAwEAAaNjMGEwHQYDVR0OBBYEFEH2v9F2z938Ebngsj9RkVSSgs45MB8GA1Ud +IwQYMBaAFEH2v9F2z938Ebngsj9RkVSSgs45MA8GA1UdEwEB/wQFMAMBAf8wDgYD +VR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQAgI6NgYkVo5rB6yKStgHjj +ZsINsgEvoMuHwkM0YaV22XtKNiHdsiOmY/PGCRemFobTEHk5XHcvcOTWv/D1qVf8 +fI21WAoNQVH7h8KEsr4uMGKCB6Lu8l6xALXRMjo1xb6JKBWXwIAzUu691rUD2exT +1E+A5t+xw+gzqV8rWTMIoUaH7O1EKjN6ryGW71Khiik8/ETrP3YT32ZbS2P902iM +Kw9rpmuS0wWhnO5k/iO/6YNA1ZMV5JG5oZvZQYEDk7enLD9HvqazofMuy/Sz/n62 +ZCDdQsnabzxl04wwv5Y3JZbV/6bOM520GgdJEoDxviY05ax2Mz05otyBzrAVjFw9 +RZt/Ls8ATifu9BusZ2ootvscdIuE3x+ZCl5lvANcFEnvgGw0qpCeASLpsfxwq1dR +gIn7BOiTauFv4eoeFAQvCD+l+EKGWKu3M2y19DgYX94N2+Xs2bwChroaO5e4iFem +MLMuWKZvYgnqS9OAtRSYWbNX/wliiPz7u13yj+qSWgMfu8WPYNQlMZJXuGWUvKLE +XCUExlu7/o8D4HpsVs30E0pUdaqN0vExB1KegxPWWrmLcYnPG3knXpkC3ZBZ5P/e +l/2eyhZRy9ydiITF8gM3L08E8aeqvzZMw2FDSmousydIzlXgeS5VuEf+lUFA2h8o +ZYGQgrLt+ot8MbLhJlkp4Q== +-----END CERTIFICATE----- + + +-----BEGIN OpenVPN Static key V1----- +5801926a57ac2ce27e3dfd1dd6ef8204 +2d82bd4f3f0021296f57734f6f1ea714 +a6623845541c4b0c3dea0a050fe6746c +b66dfab14cda27e5ae09d7c155aa554f +399fa4a863f0e8c1af787e5c602a801d +3a2ec41e395a978d56729457fe6102d7 +d9e9119aa83643210b33c678f9d4109e +3154ac9c759e490cb309b319cf708cae +83ddadc3060a7a26564d1a24411cd552 +fe6620ea16b755697a4fc5e6e9d0cfc0 +c5c4a1874685429046a424c026db672e +4c2c492898052ba59128d46200b40f88 +0027a8b6610a4d559bdc9346d33a0a6b +08e75c7fd43192b162bfd0aef0c716b3 +1584827693f676f9a5047123466f0654 +eade34972586b31c6ce7e395f4b478cb +-----END OpenVPN Static key V1----- + diff --git a/states/roles/maintain/gogs/app.ini b/states/roles/maintain/gogs/app.ini index fa4734a..4bd0d28 100644 --- a/states/roles/maintain/gogs/app.ini +++ b/states/roles/maintain/gogs/app.ini @@ -199,7 +199,7 @@ RESET_PASSWD_CODE_LIVE_MINUTES = 180 ; User need to confirm e-mail for registration REGISTER_EMAIL_CONFIRM = false ; Does not allow register and admin create account only -DISABLE_REGISTRATION = false +DISABLE_REGISTRATION = true ; User must sign in to view anything. REQUIRE_SIGNIN_VIEW = false ; Mail notification diff --git a/states/roles/maintain/nginx-proxy/auth.conf b/states/roles/maintain/nginx-proxy/auth.conf index a7b7171..53286e5 100644 --- a/states/roles/maintain/nginx-proxy/auth.conf +++ b/states/roles/maintain/nginx-proxy/auth.conf @@ -17,7 +17,7 @@ proxy_set_header Host $http_host; proxy_set_header Content-Length ""; - proxy_pass https://authelia.actcur.com/verify; + proxy_pass https://authelia.actcur.com/api/verify; } {% elif location == "2" %} diff --git a/states/roles/maintain/nginx-proxy/portal.conf b/states/roles/maintain/nginx-proxy/portal.conf index 6f8a6b4..ca6fb54 100644 --- a/states/roles/maintain/nginx-proxy/portal.conf +++ b/states/roles/maintain/nginx-proxy/portal.conf @@ -24,7 +24,7 @@ server { proxy_set_header Host $http_host; proxy_set_header Content-Length ""; - proxy_pass https://authelia.actcur.com/verify; + proxy_pass https://authelia.actcur.com/api/verify; } location /unauthenticated.php {