Added windscribe support for deluge and updated nginx authelia config

states/roles/maintain/deluge/firewalld-direct.xml

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<direct>
+  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-m owner --gid-owner deluge -o lo -j ACCEPT</rule>
+  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-m owner --uid-owner deluge -p tcp --dport 53 -j ACCEPT</rule>
+  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-m owner --uid-owner deluge -p udp --dport 53 -j ACCEPT</rule>
+  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-m owner --gid-owner deluge '!' -o tun0 -j REJECT</rule>
+</direct>

states/roles/maintain/deluge/init.sls

@@ -5,6 +5,9 @@ deluge:
 python2-mako:
   pkg.installed
 
+deluge-vpn-pkg:
+  pkg.installed:
+    - name: openvpn
 
 #This should be handled by backup and restore states
 #{% if not salt['file.directory_exists']('/srv/deluge/.config/deluge') %}
@@ -24,3 +27,39 @@ deluged:
 deluge-web:
   service.running:
     - enable: true
+
+/etc/firewalld/direct.xml:
+  file.managed:
+    - source: salt://roles/maintain/deluge/firewalld-direct.xml
+    - user: root
+    - group: root
+    - mode: 644
+
+/etc/openvpn/client/windscribe-denmark.conf:
+  file.managed:
+    - source: salt://roles/maintain/deluge/windscribe-denmark.conf
+    - user: root
+    - group: root
+    - mode: 644
+
+/etc/openvpn/client/windscribe.login:
+  file.managed:
+    - source: salt://secure/files/windscribe.login
+    - user: root
+    - group: root
+    - mode: 644
+
+openvpn-client@windscribe-denmark:
+  service.running:
+    - enable: true
+    - watch:
+      - file: /etc/openvpn/client/windscribe-denmark.conf
+      - file: /etc/openvpn/client/windscribe.login
+
+
+deluge-firewall:
+  service.running:
+    - name: firewalld
+    - enable: true
+    - watch:
+      - file: /etc/firewalld/direct.xml

states/roles/maintain/deluge/windscribe-denmark.conf

@@ -0,0 +1,77 @@
+client
+dev tun
+proto udp
+remote dk.windscribe.com 1194
+
+nobind
+auth-user-pass windscribe.login
+
+resolv-retry infinite
+
+auth SHA512
+cipher AES-256-CBC
+keysize 256
+comp-lzo
+verb 2
+mute-replay-warnings
+remote-cert-tls server
+persist-key
+persist-tun
+
+key-direction 1
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIF3DCCA8SgAwIBAgIJAMsOivWTmu9fMA0GCSqGSIb3DQEBCwUAMHsxCzAJBgNV
+BAYTAkNBMQswCQYDVQQIDAJPTjEQMA4GA1UEBwwHVG9yb250bzEbMBkGA1UECgwS
+V2luZHNjcmliZSBMaW1pdGVkMRMwEQYDVQQLDApPcGVyYXRpb25zMRswGQYDVQQD
+DBJXaW5kc2NyaWJlIE5vZGUgQ0EwHhcNMTYwMzA5MDMyNjIwWhcNNDAxMDI5MDMy
+NjIwWjB7MQswCQYDVQQGEwJDQTELMAkGA1UECAwCT04xEDAOBgNVBAcMB1Rvcm9u
+dG8xGzAZBgNVBAoMEldpbmRzY3JpYmUgTGltaXRlZDETMBEGA1UECwwKT3BlcmF0
+aW9uczEbMBkGA1UEAwwSV2luZHNjcmliZSBOb2RlIENBMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEAruBtLR1Vufd71LeQEqChgHS4AQJ0fSRner0gmZPE
+r2TL5uWboOEWXFFoEUTthF+P/N8yy3xRZ8HhG/zKlmJ1xw+7KZRbTADD6shJPj3/
+uvTIO80sU+9LmsyKSWuPhQ1NkgNA7rrMTfz9eHJ2MVDs4XCpYWyX9iuAQrHSY6aP
+q+4TpCbUgprkM3Gwjh9RSt9IoDoc4CF2bWSaVepUcL9yz/SXLPzFx2OT9rFrDhL3
+ryHRzJQ/tA+VD8A7lo8bhOcDqiXgEFmVOZNMLw+r167Qq1Ck7X86yr2mnW/6HK2g
+JOvY0/SPKukfGJAiYZKdG+fe4ekyYcAVhDfPJg7rF9wUqPwUzejJyAs1K18JwX94
+Y8fnD6vQobjpC3qfHtwQP7Uj2AcI6QC8ytWDegV6UIkHXAMXBQSX5suSQoE11deG
+32cy7nyp5vhgy31rTyNoopqlcCAhPm6k0jVVQbvXhLcpTSL8iCCoMdrP28i/xsfv
+ktBAkl5giHMdK6hxqWgPI+Bx9uPIhRp3fJ2z8AgFm8g1ARB2ZzQ+OZZ2RUIkJuUK
+hi2kUhgKSAQ+eF89aoqDjp/J1miZqGRzt4DovSZfQOeL01RkKHEibAPYCfgHG2ZS
+woLoeaxE2vNZiX4dpXiOQYTOIXOwEPZzPvfTQf9T4Kxvx3jzQnt3PzjlMCqKk3Ai
+pm8CAwEAAaNjMGEwHQYDVR0OBBYEFEH2v9F2z938Ebngsj9RkVSSgs45MB8GA1Ud
+IwQYMBaAFEH2v9F2z938Ebngsj9RkVSSgs45MA8GA1UdEwEB/wQFMAMBAf8wDgYD
+VR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQAgI6NgYkVo5rB6yKStgHjj
+ZsINsgEvoMuHwkM0YaV22XtKNiHdsiOmY/PGCRemFobTEHk5XHcvcOTWv/D1qVf8
+fI21WAoNQVH7h8KEsr4uMGKCB6Lu8l6xALXRMjo1xb6JKBWXwIAzUu691rUD2exT
+1E+A5t+xw+gzqV8rWTMIoUaH7O1EKjN6ryGW71Khiik8/ETrP3YT32ZbS2P902iM
+Kw9rpmuS0wWhnO5k/iO/6YNA1ZMV5JG5oZvZQYEDk7enLD9HvqazofMuy/Sz/n62
+ZCDdQsnabzxl04wwv5Y3JZbV/6bOM520GgdJEoDxviY05ax2Mz05otyBzrAVjFw9
+RZt/Ls8ATifu9BusZ2ootvscdIuE3x+ZCl5lvANcFEnvgGw0qpCeASLpsfxwq1dR
+gIn7BOiTauFv4eoeFAQvCD+l+EKGWKu3M2y19DgYX94N2+Xs2bwChroaO5e4iFem
+MLMuWKZvYgnqS9OAtRSYWbNX/wliiPz7u13yj+qSWgMfu8WPYNQlMZJXuGWUvKLE
+XCUExlu7/o8D4HpsVs30E0pUdaqN0vExB1KegxPWWrmLcYnPG3knXpkC3ZBZ5P/e
+l/2eyhZRy9ydiITF8gM3L08E8aeqvzZMw2FDSmousydIzlXgeS5VuEf+lUFA2h8o
+ZYGQgrLt+ot8MbLhJlkp4Q==
+-----END CERTIFICATE-----
+</ca>
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+5801926a57ac2ce27e3dfd1dd6ef8204
+2d82bd4f3f0021296f57734f6f1ea714
+a6623845541c4b0c3dea0a050fe6746c
+b66dfab14cda27e5ae09d7c155aa554f
+399fa4a863f0e8c1af787e5c602a801d
+3a2ec41e395a978d56729457fe6102d7
+d9e9119aa83643210b33c678f9d4109e
+3154ac9c759e490cb309b319cf708cae
+83ddadc3060a7a26564d1a24411cd552
+fe6620ea16b755697a4fc5e6e9d0cfc0
+c5c4a1874685429046a424c026db672e
+4c2c492898052ba59128d46200b40f88
+0027a8b6610a4d559bdc9346d33a0a6b
+08e75c7fd43192b162bfd0aef0c716b3
+1584827693f676f9a5047123466f0654
+eade34972586b31c6ce7e395f4b478cb
+-----END OpenVPN Static key V1-----
+</tls-auth>

states/roles/maintain/gogs/app.ini

@@ -199,7 +199,7 @@ RESET_PASSWD_CODE_LIVE_MINUTES         = 180
 ; User need to confirm e-mail for registration
 REGISTER_EMAIL_CONFIRM                 = false
 ; Does not allow register and admin create account only
-DISABLE_REGISTRATION                   = false
+DISABLE_REGISTRATION                   = true
 ; User must sign in to view anything.
 REQUIRE_SIGNIN_VIEW                    = false
 ; Mail notification

states/roles/maintain/nginx-proxy/auth.conf

@@ -17,7 +17,7 @@
     proxy_set_header  Host $http_host;
     proxy_set_header  Content-Length "";
 
-    proxy_pass        https://authelia.actcur.com/verify;
+    proxy_pass        https://authelia.actcur.com/api/verify;
   }
 
   {% elif location == "2" %}

states/roles/maintain/nginx-proxy/portal.conf

@@ -24,7 +24,7 @@ server {
     proxy_set_header  Host $http_host;
     proxy_set_header  Content-Length "";
 
-    proxy_pass        https://authelia.actcur.com/verify;
+    proxy_pass        https://authelia.actcur.com/api/verify;
   }
 
   location /unauthenticated.php {