initial simple demo provider

23 files changed, 294 insertions, 43 deletions

diff --git a/.ansible_vault_pw.gpg b/.ansible_vault_pw.gpg
new file mode 100644
index 0000000..528c805
--- /dev/null
+++ b/.ansible_vault_pw.gpg
@@ -0,0 +1,30 @@
+-----BEGIN PGP MESSAGE-----
+
+hF4DpfWzu9aeW0ISAQdA9oEXYzY16y3F7Y7cjv+dMJ0bD+4k1onc86S7rncaEngw
+8xyTlHpFfSeQHK78LlsLY6KBf6NpZHXNyFCZy6NidINSxe3vUq/E4TwHvyYkRrYF
+hQIMA4yO+U9cs73UAQ/8DT0KLuZ2bhyJyzSGcb/s5O6qyqQypozeLvRvtbResnyL
+YWhG7/yMjmzhGCHW1daj9W4gcTQFYq0Mh+x5SAcDFKzJ8XeN4hQGR+AXhucxpyJn
+e4T0RHNyzztGcEWvFNazq5uBv2OsoeZtnwOOd1C3gZvKkfD2E5eJa0DaLSbwUBw7
+/4fTlDwiJTP5suk2D1W2m65cY+gze2uMokfEgeP7YquSnBQZKWgv/IZ9fnvar6Pm
++YCGMmuFtIBu1kyGKR3akef372JspJJrMHlG9Z9zvQRgLHvXuQ+jzDXjB2iWP0xX
+wmF3WBzGReqIYABmmpzx78+U+azTR25ZcaAtzKwxUmH27vQSeUx4xKozyZ611TSk
+T0WwT7CJEDB2M9m8js6oxbQjFIp8XJQ9h/5qXfJoZzRhmwviH05YZ9RpPFWkPfgS
+vj6tadJdFZPtJ2wC3fv+VIydRbKxk0pIGE5v3ZVqC5HwDYLj4tyekosa71FK+N+w
+U7NNpz+j8UBZ5cTogkJCOGGkEp10o1obpOs6qe71M9eIVxOjx+NO1pJK/4l1j5vA
+ha770oK+9jJB/V0r/g4qZ2MhecbhrUgngp7V9QueqMoBGVFSR0NApY1X1oAvRwA5
+B/W3h2kFDED6TPCy3uWds3PNGKK1nwvftONtcAQreWYzBlhmk3GRlj54oVL77JCF
+AgwDKS9PgWe1HjoBD/0WMlgM9ix7E/GiKjzP8pu7QaTr8fQ9BkmODwGsH6AjlW6o
+sNsE+68+uc/Yl0GWkdWf0qGuk8Nh8/B5sFdmFknsCidpvSorwonin7rLUunNypmu
+qpOQwuBiZIGJ6YV545Mv9pNw4BEL/tFWc2AKslCiogUiMcjRlBTZgWMQ7Rf3LhFW
+HcEa6h/o7m5kfbSk4dIeb+MT/VG5HCOnabADSLRUqULMU9AHJNB5IktoTQLrHgCs
+V3SdaqF3zz3iAu+3SX4qey7+BKQQ4EdeZCaJ81/y7Onm2/Zj09CADd4qKpQW7+lq
+QkA0C55Vpiyid/BNgcQwIS1FQsS/F/fWTzdPLXbda7/dB6ZEf+YkDE0s8DMpJayp
+myMGfh9CWp/S9nmo+6BSLDEqJ0aKJNggYlRGX3/5uay07SAI2oFSU7kFEv0s9ND2
+Vf2rGxs8CqnYyTAB2W98bP2LO1W9dIQCV8UdnZc6Id5ufXgYI2UANkZgruLrN8Oo
+5kBVAQvmS5qXdjchyAuq+jSVGL//mqOmNvnOjBj6uLqwzNWBPUuAMb/wBc5uI2+7
+RnkzVAIEsVjEwk2waUKyPeK2Adm4GWqUcd2+Z7T52Z2xIbjTgQUn9TK/Mj83n/F2
+iTaOGob/WFEe50FbVtXgMTa6jTCtGqrAMTdmZvYF0uI/647X6U5vGXZwM0dhINJV
+AbfA4AACXW3xjF4CyIXX7TCaRW7cp3pAgaMbIVafQQvYnRz9/TOi70OJIgXyoLKv
+Hq6NMlwAuXj7dv7XFMtoeEPJm/yA/RkVU7d4aSxqnkIEP+dLyg==
+=lLtL
+-----END PGP MESSAGE-----
diff --git a/config/roles/kresd/templates/kresd.conf.j2.bk b/config/roles/kresd/templates/kresd.conf.j2.bk
new file mode 100644
index 0000000..bf9a141
--- /dev/null
+++ b/config/roles/kresd/templates/kresd.conf.j2.bk
@@ -0,0 +1,17 @@
+net.listen('10.41.0.1', 53, { kind = 'dns' })
+net.listen('10.42.0.1', 53, { kind = 'dns' })
+{% if openvpn_udp_network6 is defined and openvpn_udp_network6|length %}
+net.listen('::1', 53, { kind = 'dns' })
+{% endif %}
+net.listen('{{ansible_vpn0.ipv4.address}}', 8453, { kind = 'webmgmt' }) #}
+{# net.listen('{{ansible_vpn0.ipv4}}', 8453, { kind = 'webmgmt' }) #}
+
+-- Load Useful modules
+modules = {
+	'stats',    -- Track internal statistics
+	'http',
+}
+
+cache.size = 400 * MB
+
+http.config({ geoip = '/var/lib/GeoIP/GeoLite2-Country.mmdb', })
diff --git a/config/roles/openvpn/tasks/credentials.yml b/config/roles/openvpn/tasks/credentials.yml
index b7e5dec..153b972 100644
--- a/config/roles/openvpn/tasks/credentials.yml
+++ b/config/roles/openvpn/tasks/credentials.yml
@@ -40,7 +40,7 @@
 
 - name: Install client certificate generating and API endpoint CA bundle
   copy:
-    content: "{{ lookup('file', '{{ credentials_dir }}/common/old_client_ca.crt') }}\n{{lookup('file', '{{ credentials_dir }}/common/api_ca.crt') }}\n{{ lookup('file', '{{ credentials_dir }}/common/client_ca.crt') }}\n"
+    content: "{{ lookup('file', '{{ credentials_dir }}/common/api_ca.crt') }}\n{{ lookup('file', '{{ credentials_dir }}/common/client_ca.crt') }}\n"
     dest: /etc/leap/ca/leap_ca_bundle.crt
     mode: 0444
   notify:
diff --git a/credentials/common/api_ca.crt b/credentials/common/api_ca.crt
new file mode 100644
index 0000000..129f23c
--- /dev/null
+++ b/credentials/common/api_ca.crt
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBYzCCAQigAwIBAgIBATAKBggqhkjOPQQDAjAXMRUwEwYDVQQDEwxMRUFQIFJv
+b3QgQ0EwHhcNMjIxMDEzMDc0NTQ1WhcNMjcxMDEzMDc1MDQ1WjAXMRUwEwYDVQQD
+EwxMRUFQIFJvb3QgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASyXDmsyb59
+20V/xA5S0jpeWin9GA4/wx6+95+UDvfUrcvdp8Jl2MgZ4bjGxukxwid9Hpg1Sl4B
+7qXJ4aiIFnc9o0UwQzAOBgNVHQ8BAf8EBAMCAqQwEgYDVR0TAQH/BAgwBgEB/wIB
+ATAdBgNVHQ4EFgQUmQw7Vs00S3n1i4xT26OM8AvXcVQwCgYIKoZIzj0EAwIDSQAw
+RgIhAOQYVy5F2jD7LIiHIJNOderYPJrTWxHVZY5QOibu1xZGAiEAp9Ud1q2fEQNd
+RxUXi+oOJHrogXMJ13XI7ng4Z8aKtEA=
+-----END CERTIFICATE-----
diff --git a/credentials/common/api_ca.key b/credentials/common/api_ca.key
new file mode 100644
index 0000000..3454ebf
--- /dev/null
+++ b/credentials/common/api_ca.key
@@ -0,0 +1,17 @@
+$ANSIBLE_VAULT;1.1;AES256
+35643461613861323338663861653766333232663034383636613532666535663931333762613639
+3139356634343565613963633965656535643731633139390a323234613264633630663133366435
+37373464656331653630616331646439633339326166313533396666346337343064373637373839
+6434333264613732640a613235336464636132366339383632663065623434653965663930363261
+30653463646130333037313861653961343839393135336262373637353131393932353762386562
+31656333393062306538396531623734333162353134376664383732643061303930336137656562
+63643862333737356665616139643336633665393264313137643265376531303862623166326230
+35303261336531646161353337353639323036336663346264653933656566383364623237356337
+35623466363538336235643066633031613238653061653030346462353034653332633565373739
+39343530353862356163323836633139653531653861383237393265623035313836373933373735
+37306665303535383264376336353437653434353761356435366539343666336137623633346665
+32653034633964366337643032393833646264323930353838323439333030373934343030353131
+30316166623162643032386461373130646163393039313439623732613166383563666130666539
+64376466333861363563633362383934376662333636346430343865636237613435313962333261
+62363130363139636264316666393833326339396634646266643066663662386662306437346435
+63663732303032316336
diff --git a/credentials/common/client_ca.crt b/credentials/common/client_ca.crt
new file mode 100644
index 0000000..cdfc1ab
--- /dev/null
+++ b/credentials/common/client_ca.crt
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBmTCCAUCgAwIBAgIBATAKBggqhkjOPQQDAjAzMTEwLwYDVQQDDChMRUFQIFJv
+b3QgQ0EgKGNsaWVudCBjZXJ0aWZpY2F0ZXMgb25seSEpMB4XDTIyMTAxMzA3NDU0
+NFoXDTI3MTAxMzA3NTA0NFowMzExMC8GA1UEAwwoTEVBUCBSb290IENBIChjbGll
+bnQgY2VydGlmaWNhdGVzIG9ubHkhKTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
+BEd37Qs5xn9yvpFs88+8b4fneBbJ5x5xQBiHjpzCpFTA4knxrsvnDEk2Nd8kmUvt
+bAepDtwA5X0C8/6Mo484OmSjRTBDMA4GA1UdDwEB/wQEAwICpDASBgNVHRMBAf8E
+CDAGAQH/AgEBMB0GA1UdDgQWBBQ6x1braM6bjH/HwjUgFxpmmd9fOTAKBggqhkjO
+PQQDAgNHADBEAiA3qpW+dHpB4XR+Z+QZ4KokJ7+UdHvFrpo0I7NT5cAxcwIgeK76
+1cBhWAhtFlNHdF/4MDLj4h5eROpvZHoWGq2wwcY=
+-----END CERTIFICATE-----
diff --git a/credentials/common/client_ca.key b/credentials/common/client_ca.key
new file mode 100644
index 0000000..aa6940d
--- /dev/null
+++ b/credentials/common/client_ca.key
@@ -0,0 +1,17 @@
+$ANSIBLE_VAULT;1.1;AES256
+36346530626238626261666434663330393239323032376563666364383033633237376365313233
+3936363264616331356135363561633030666265656464370a666566626332356163343066393537
+64343731653130623032336564616534333031303033363734623832383232306637626162383336
+3939663932346164630a616534656265363766623139643165383461656338666665653934633237
+37383139363533326161633133333937643330376530336333356163623731653234383862383632
+38613236656139613330306230656462653435393130396531373230616432616163663430623161
+38313639396235383339343563636562656238353239663830623937623436336362316633313730
+38623966356362306130333735393631336130353365373962656466363230326233306139643635
+61343864633937316165643761656630646238396438616164333263323930373435386665373232
+39336135383139656330366631316136633162313434663766303630316531336630633534343566
+61373236653132336630386434623662636434633535623265363463346232323763383566653565
+61616666626234326533316333626133353237373931653161613164633933356562373236633637
+39326138326664643532343065646330333236343437373932326338326635393637333561376665
+62646131646130356661343361656563353635653331303665633237393437323463366533353764
+34633230333664326336353539633431633165303732383831303130333762633136393239383765
+65313263316430623436
diff --git a/credentials/secrets.yml b/credentials/secrets.yml
new file mode 100644
index 0000000..79e719e
--- /dev/null
+++ b/credentials/secrets.yml
@@ -0,0 +1,46 @@
+$ANSIBLE_VAULT;1.1;AES256
+36366435343065336330643334656161363133383338343137326136353432633165653337336333
+3731383663666238393664316534306131323037306237300a333237306563353361643463383639
+31353935393065336262313230616263333535646334386462663366623630353735306565373734
+3333363439356531630a336563396539336638373966313264343731353439326362643162366230
+33373863633532316664643062316239376634616630663161333439653965356432393433366333
+34323965666235653664393863643365313639646638323532316434646363363633616438386532
+37303962386564666234363935383334313431326161333164366433373663643438386163386537
+30393537336364643437326131376434616662366536353233353765626535356363366439316665
+63373931303632393533366332313937663336663235663638323739653531333530383233633031
+33643335393830323333313033363762333331393935643861303439636434373830393336613734
+63623563396530316332373132393136656138646635393938613662613638323031373961663663
+64646135366231306265383864636362633761393035313136303663343339386432353362616665
+30633535386430656134336538316430633033323030613439323939623835333436386162316234
+62616137623365313433396538653636343336653063343831636131376166643432633533616265
+65646232306165626162646534666130373939373134646134356563353434616435303033666436
+31303932363965646237363434653738356263633462393535663464346566336363626565336230
+39313330656339643033346335373663313835313430363663373863316564613162356463356463
+34336430643236366135643738363162663463633730623862363364626339306666623566333438
+31616435386133623933386362393637323530356239343635343861313739623364333865656538
+36613939346634376332373935393461646366656439316638663738636335386331326136643736
+36613563373933646139353334373136653336326635616533656537323564343761653563613137
+62306466613565623437633665376136383532613036346563303236326636633130383231323161
+32396466383732366636346131363761363732643961393636303331316533646133633338396330
+64323633633632633864616135353830633032653338636332643863376665623663376435373933
+62613832396337326639393361323733353564613038356439656132653232303363623936353930
+30623065626135333437663130383637393035366134643331396461363433323963303164316566
+39666133336533313161396535656665383830323365616639333437636132313465356131373932
+34626633376462663637333736666135396165663835386431666434663731383565363837373130
+35386439633533626238373463616339653364636138643939653663343163323131643966646563
+65313636633337393738646433623533323437313566353066663962353934356264363663323235
+30623164363831333636396165323038313265663835376132323537663463316463396636306136
+30343864643632613233356364323739366163666161323735636235386637366361373034383330
+63323235323066613461653632383463373363613438633664653334333232383664346437343832
+31323735393233366432376630626637623961656637643134666636306632376130666536613132
+35646662343066373766326538333730343565633464363435303236636239346364613065363266
+33353530616331613764343562656634346236623766343164346233623035306533303237356238
+31643463376538633363643832363337356465386635616662613861306439613836643039376263
+37356163623132613561633930616532303238363239393263313935373336373033646330323862
+65613032366534623966626533666335353635333337636364383639616566633137326564373835
+31636161323433373237386336623736663032363464333835333437666134626331623735363432
+66386133333932656638633932626565336161666432343936346162336363396330646261616237
+64663537646564643664383863653662646563643434623761636430313934386232383234306461
+63616466323965343838383530323430613434336665373438373461333533333133636434353835
+39393138663862663965383766353162653336663139343130626263316531376534643036653063
+63373633326464383864373533313735326334393334633039346638373865356263
diff --git a/credentials/shapeshifter/obfs4_bridgeline.txt b/credentials/shapeshifter/obfs4_bridgeline.txt
new file mode 100644
index 0000000..057c1cc
--- /dev/null
+++ b/credentials/shapeshifter/obfs4_bridgeline.txt
@@ -0,0 +1 @@
+Bridge obfs4 <IP ADDRESS>:<PORT> <FINGERPRINT> cert=akSHu9L0n4dQysz1mxPMdEEP7eNQIJNpYLkMZQOtxyCWLR+CIoftP87MLpoR4P7bpW/5Cw== iatMode=0
\ No newline at end of file
diff --git a/credentials/shapeshifter/obfs4_cert.txt b/credentials/shapeshifter/obfs4_cert.txt
new file mode 100644
index 0000000..5d6ca1e
--- /dev/null
+++ b/credentials/shapeshifter/obfs4_cert.txt
@@ -0,0 +1 @@
+akSHu9L0n4dQysz1mxPMdEEP7eNQIJNpYLkMZQOtxyCWLR+CIoftP87MLpoR4P7bpW/5Cw
\ No newline at end of file
diff --git a/credentials/shapeshifter/obfs4_state.json b/credentials/shapeshifter/obfs4_state.json
new file mode 100644
index 0000000..638d149
--- /dev/null
+++ b/credentials/shapeshifter/obfs4_state.json
@@ -0,0 +1,20 @@
+$ANSIBLE_VAULT;1.1;AES256
+63633035666565323030623266626462363865643561356564323731373665373462613830333563
+3364626637376239616433636437336465346430653737320a373264393566653135333732336237
+39306663313466333139333566663765373830653737353164663566323332616234633937636534
+6531356166396466390a633635626234653436303236393135343762326535396566653964323965
+33373631323465666435323565633834643536663238326433646466633661333166613063316633
+37613161383166366534366465653634663535643864663363646332343434613734383465313263
+62353031386664663562343963336236653333653864333030356261383663363465643965383662
+35356361646233323662623663623639666433386534333032303230663531623666386333306233
+30363937663534376532373436316339393137653565346232656435353936366561326663623561
+32393864616239663737323630313339363433346631613531363465313736326534313730303865
+62376163363137303034663735646635326636626239373561373362656531346532323939323833
+39663130653438303330393530653736383334366365633761396234383932643732363935313735
+34303665316334356463636666663466623238303739643231643636623635383830376138626330
+33343836373361326436333934313136643939363137323631396533306563323338663735323764
+32666531616639333363666134333334343938313837376230636362616139633363306336613566
+30393334313034323736316266383339366135663662366333633763663937346130343935623665
+61393364376636613638323234623566386162636138303665366664663532353537353439313937
+39356638653166336530396361313230636564663939613165626663323434393166343730623561
+623361666639333431646662333065383830
diff --git a/credentials/ssh/key b/credentials/ssh/key
new file mode 100644
index 0000000..d749e32
--- /dev/null
+++ b/credentials/ssh/key
@@ -0,0 +1,25 @@
+$ANSIBLE_VAULT;1.1;AES256
+64633232343931353562326462613034633330313537363134653436666532303931643265366332
+3732653133616238343431383566396665346234613332610a643138336262323261313735626364
+39616361306530656335633134343566303934323633376461616631316435383162316235396333
+3763343066323338630a623663636230346665393432663936353035383537616461356239306239
+61333431353031383435623631343761326162663734373137393732653835383839643931356264
+32303337616664636663613334653233306464636132373433623338353736353530636339636337
+32356362613231316638373663646166326634333432376534623566373832396134663965653637
+30653138666631643739353839636433663964323466366236343930303434663836643834616163
+31353732623631336432346339383162613666643938653038346665643036343331636262623533
+38313164313937343834636565303034313563323931306663313737616538396639623966396433
+62323863386331386532323964353534356563616337396433386666373739616530343239376331
+35333439323164326264326230626139356231623766646362666530663363333438656236663565
+32346237396138363937396266666565616338613839373430373532373638656562323231376365
+65353735363963383831616263316430323634343364376532643263623166353364373735313539
+36353735386633663334366664336466316365386334366635653333343433386462626336346434
+64323230613534643066646532303539356161396463353039653632313631656463396662363063
+62613664653731343530376437616436363562636463326166653436396534356139323734626532
+34303965636639623664653636393963373436323762643461646538646235353731626231626230
+35313361336239353138373635336639343335333365343137373165316166666534366435343061
+39643934323466633136353935323731663837346637383236333234666334363562353766306465
+31626534663565393163326361396339643264373461303830613931393931363336633862373066
+39313436346265383633633766636635353236326135613636313534316237386564656631303538
+33656134343965343434383664323534616633663462363535613739376637363662613035313937
+32663266386562336665
diff --git a/credentials/ssh/key.pub b/credentials/ssh/key.pub
new file mode 100644
index 0000000..8567070
--- /dev/null
+++ b/credentials/ssh/key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILxyRXHorPp0fzuucay5TvfLS1SSTHuj9OQ9682C4NXO ca
diff --git a/credentials/sso/public.key b/credentials/sso/public.key
new file mode 100644
index 0000000..520df08
--- /dev/null
+++ b/credentials/sso/public.key
@@ -0,0 +1 @@
+^^ˆLB
BtÂ,Ò	¡MßžÉ÷œ¯Š¤€eã3A
\ No newline at end of file
diff --git a/credentials/sso/secret.key b/credentials/sso/secret.key
new file mode 100644
index 0000000..655cdad
--- /dev/null
+++ b/credentials/sso/secret.key
@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+36636631323030663832613939313837363466656231376335633161343931313764326530353930
+3734656464386430623939373761323664613232306538620a376161633238626539303439353863
+63353634316437663833646662383039396364623037376535633161666363636136653366383833
+3532633937386663610a333764643231646562643966656339313864363430383433616138393032
+39616666376137633835636265613039393537636239643031303432653566623236623433623264
+37393836353063633635633666316366303130363963613536396335313265626337636335613361
+33363938363136323435653432626462323239303731643537363537373433376334663266333533
+63656533343066343534
diff --git a/credentials/x509/ca.pem b/credentials/x509/ca.pem
new file mode 100644
index 0000000..73cac34
--- /dev/null
+++ b/credentials/x509/ca.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBXjCCAQSgAwIBAgIBATAKBggqhkjOPQQDAjAVMRMwEQYDVQQDEwpTZXJ2aWNl
+IENBMB4XDTIyMTAxMzA3NDYwNloXDTI3MTAxMzA3NTEwNlowFTETMBEGA1UEAxMK
+U2VydmljZSBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJ+FQ/L7u/+KoDpK
+kT5TbuKgrGEFGp6j+hj4LeTDwcD03GlqY+/4e5epMAOYvOLtATShELU7UMh9b2+R
+7anWlA6jRTBDMA4GA1UdDwEB/wQEAwICpDASBgNVHRMBAf8ECDAGAQH/AgEBMB0G
+A1UdDgQWBBQYINJv1nly3l/6KzvybVdgqaN0VDAKBggqhkjOPQQDAgNIADBFAiBm
+n/pZUNIGFKuxWJRpBzdU5hzn29wb0LMywFxUy+EnuwIhAOGa7bgzH2qm0GNb65j6
+OgpHAK040uHaMF6BEKKwOYHM
+-----END CERTIFICATE-----
diff --git a/credentials/x509/ca_private_key.pem b/credentials/x509/ca_private_key.pem
new file mode 100644
index 0000000..410011f
--- /dev/null
+++ b/credentials/x509/ca_private_key.pem
@@ -0,0 +1,17 @@
+$ANSIBLE_VAULT;1.1;AES256
+37633430636639663837306163376461623665303963633532306330666164643934643736663761
+6133363965323239396133303834383265323435653636360a343635373831396437663561613566
+36383565653632663139353538323832393966333065383631626534643938633236656163333234
+3134393735373265320a383037653934323064636632383530363336666535343436623236323534
+35653762373862353666376333656630323432663134663736313861663864633032663733326531
+63363165663733336662356163383438386236636662383865386661343136336564623663376237
+61643936666537373366653164643035306166653335313833643266643437633832373632326631
+62316664373937323662663363323533326134646162613065366233663537636362303036336135
+36353436623365363337373866636237613435336430376466323732353730326335343138346432
+36626561623834663464343137613637323939376536363037613235333461633066366536326362
+30303337386336613962303231386539663032636433613864393361353230396636366434333961
+34633933396233656564663935643733333431393563346336636538643566336437343665336666
+62343937663162646433366231643335363264313531663737656137333733356338313833303365
+32393837303661393734326565323762373836656539353665616365393138316631313461303637
+66373630303763636663323265353065346438313333346165383262373739323030326162643037
+30346664643961383330
diff --git a/credentials/x509/dhparam b/credentials/x509/dhparam
new file mode 100644
index 0000000..7ddcad5
--- /dev/null
+++ b/credentials/x509/dhparam
@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAgvk9tlIXF7nEBp/lKXtBcQOlBryBDca63MJAbpIF4s3QarPUVB3U
+cocCQZvlVlxw29XhjifUMDc214FFvwzlVbMjhVahCpZYurfHI4L1xLMmcSx0zfvj
+HV8yhCKn0HMCjU2bVXd6OqZbjnpLI+XlWvZETxU93bhDpV2Bn41TSbUlTN+GxcAZ
++v8bKIP5Eok6NMAY2IHEfRgAgeFrHx7wxxd4pboEqhAU4RH9M0BN8CS1z41yVWOS
+EmLXujZHWuVT41mXkf89XBONMU0l9sxJde0zJV79AdJgWXemXvX2PAF8WHQQaHaK
+dDxxxNkUQ4RVyOf+p1D51b3FQyetWyFyWwIBAg==
+-----END DH PARAMETERS-----
diff --git a/group_vars/all/config.yml b/group_vars/all/config.yml
index c615004..2864b22 100644
--- a/group_vars/all/config.yml
+++ b/group_vars/all/config.yml
@@ -3,28 +3,28 @@ float_debian_dist: bullseye
 float_limit_bind_to_known_interfaces: true
 domain: infra.bitmask.net
 domain_public:
-  - float.bitmask.net
+  - demo.bitmask.net
 net_overlays:
   - name: vpn0
     network: 172.16.1.0/24
 enable_ssh: true
 enable_osquery: false
-alert_email: root@bitmask.net
+alert_email: bitmask-demo@kwadronaut@leap.se
 alertmanager_smtp_from: float@bitmask.net
 alertmanager_smtp_smarthost: smtp.bitmask.net:25
 alertmanager_smtp_require_tls: true
 alertmanager_smtp_auth_username: float
 alertmanager_smtp_auth_password: somepassword
 alertmanager_smtp_hello: float.bitmask.net
-geoip_account_id: 1234
-geoip_license_key: Welcome123
+geoip_account_id: 255595
+geoip_license_key: Pufl3DucM3R4LkqF
 # optional: 'custom_vpn_web_domains' can be a list of additional domains
 # that vpnweb should respond to, eg. custom_vpn_web_domains: [api.foo.net]
 
 admins:
-  - name: admin
-    email: "admin@bitmask.net"
-    password: "$s$16384$8$1$c479e8eb722f1b071efea7826ccf9c20$96d63ebed0c64afb746026f56f71b2a1f8796c73141d2d6b1958d4ea26c60a0b"
+  - name: leap
+    email: "demo.bitmask@chocovax.net"
+    password:  "$a2$3$32768$4$3e0b56ee9961aa6c6d9c3f000d399d66$dad8085fc9d155e4c4e4a841b8292925be22faa4c02c0dd929776e0992055d8e"
     ssh_keys:
       - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICF6TDr56rmY8TMRCG5KSde0yajXktsUV3Q+7vRRN25D"
       - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBYvrtfHSy+W4CQCkmlm2/rV1J5xpzpRVqB8SfHFtnG5"
diff --git a/group_vars/all/gateway_locations.yml b/group_vars/all/gateway_locations.yml
index 1f75391..68d2ff0 100644
--- a/group_vars/all/gateway_locations.yml
+++ b/group_vars/all/gateway_locations.yml
@@ -10,4 +10,8 @@ locations:
     'country_code': 'NL'
     'hemisphere': 'N'
     'timezone': '+2'
-
+  'Miami':
+    'name': 'Miami'
+    'country_code': 'US'
+    'hemisphere': 'N'
+    'timezone': '-4'
diff --git a/group_vars/all/provider_config.yml b/group_vars/all/provider_config.yml
index 289d454..6fe16fa 100644
--- a/group_vars/all/provider_config.yml
+++ b/group_vars/all/provider_config.yml
@@ -1,5 +1,5 @@
 ---
 provider_config:
   name: "demo provider"
-  description: "this is a demo provider"
-  domain: 'float.bitmask.net'
+  description: "Thanks for beta testing. Give feedback, don't abuse♥⚑"
+  domain: 'demo.bitmask.net'
diff --git a/group_vars/all/secrets.yml b/group_vars/all/secrets.yml
new file mode 120000
index 0000000..1f340cf
--- /dev/null
+++ b/group_vars/all/secrets.yml
@@ -0,0 +1 @@
+../../credentials/secrets.yml
\ No newline at end of file
diff --git a/hosts.yml b/hosts.yml
index 067a9de..319a107 100644
--- a/hosts.yml
+++ b/hosts.yml
@@ -1,53 +1,58 @@
 # NOTE: This is an example hosts.yml, you will need to edit to fit your needs
 hosts:
-  floatapp1:
-    ansible_host: floatapp1.float.bitmask.net
+  donkey:
+    # donkey floatapp1
+    ansible_host: 37.218.241.207
     groups: [backend]
     ips:
-      - 37.218.241.84
+      - 37.218.241.207
     # The 'ip_vpn0' is for the internal network overlay only. Assign an unique
     # value for each host
     ip_vpn0: 172.16.1.1
-  floatrp1:
-    ansible_host: floatrp1.float.bitmask.net
+  koala:  
+    # koala reverse proxy
+    ansible_host: 37.218.241.31
     groups: [frontend]
     ips:
-      - 37.218.241.85
+      - 37.218.241.31
     # The 'ip_vpn0' is for the internal network overlay only. Assign an unique
     # value for each host
     ip_vpn0: 172.16.1.2
-  gateway1:
-    ansible_host: gateway1.float.bitmask.net
+  mullet:
+    ansible_host: 37.218.241.208
     groups: [openvpn]
     ips:
-      - 37.218.242.191
+      - 37.218.241.208
     # The 'ip_vpn0' is for the internal network overlay only. Assign an unique
     # value for each host
-    ip_vpn0: 172.16.1.3
-    # Set the egress source address for ipv4. This address should be distinct
-    # from the 'ip' value above to prevent traffic leaks.
-    egress_ip: 37.218.242.216
-    location: Amsterdam
-  gateway2:
-    ansible_host: gateway2.float.bitmask.net
-    groups: [openvpn]
-    ip_vpn0: 172.16.1.4
-    ips:
-      - 204.13.164.252
-    # If the gateway has ipv6, assign it an address here. This address will be
-    # used as the incoming ipv6 address for the gateway.
-      - 2620:13:4000:4000:8080::252
+    #    ip_vpn0: 172.16.1.3
     # Set the egress source address for ipv4. This address should be distinct
     # from the 'ip' value above to prevent traffic leaks.
-    egress_ip: 204.13.164.84
-    # For each gateway that has ipv6, you should allocate two ipv6 netblocks for
-    # each gateway, one for TCP and one for UDP connections. These ipv6
-    # netblocks should be in a different network than the ip6 address that you
-    # configured above. These are used by Openvpn to allocate client IPs, and
-    # they will be used for egress source addresses.
-    openvpn_tcp_network6: "2620:13:4000:eeee:eeee:eeee:eeee:0000/116"
-    openvpn_udp_network6: "2620:13:4000:ffff:ffff:ffff:ffff:0000/116"
-    location: Seattle
+    egress_ip: 37.218.241.141
+    location: Miami
+    ansible_vpn0: 172.16.1.3
+    ip_vpn0: 172.16.1.3
+       
+#  gateway2:
+#    ansible_host: gateway2.float.bitmask.net
+#    groups: [openvpn]
+#    ip_vpn0: 172.16.1.4
+#    ips:
+#      - 204.13.164.252
+#    # If the gateway has ipv6, assign it an address here. This address will be
+#    # used as the incoming ipv6 address for the gateway.
+#      - 2620:13:4000:4000:8080::252
+#    # Set the egress source address for ipv4. This address should be distinct
+#    # from the 'ip' value above to prevent traffic leaks.
+#    egress_ip: 204.13.164.84
+#    # For each gateway that has ipv6, you should allocate two ipv6 netblocks for
+#    # each gateway, one for TCP and one for UDP connections. These ipv6
+#    # netblocks should be in a different network than the ip6 address that you
+#    # configured above. These are used by Openvpn to allocate client IPs, and
+#    # they will be used for egress source addresses.
+#    openvpn_tcp_network6: "2620:13:4000:eeee:eeee:eeee:eeee:0000/116"
+#    openvpn_udp_network6: "2620:13:4000:ffff:ffff:ffff:ffff:0000/116"
+#    location: Seattle
 group_vars:
   all:
     ansible_user: root