docs: prepare repo for public release

roles/hosts.yml.example

@@ -0,0 +1,13 @@
+---
+all:
+  children:
+    cloud:
+      hosts:
+        vm_my_srv:
+          ansible_host: "EU_VPS_IP"   # Replace with your EU VPS IP
+          ansible_port: 22
+      vars:
+        ansible_user: deploy
+        ansible_python_interpreter: /usr/bin/python3
+        ansible_ssh_private_key_file: ~/.ssh/id_ed25519
+        ansible_ssh_host_key_checking: false

roles/nginx_frontend/defaults/main.yml

@@ -1,13 +1,13 @@
 ---
-# nginx_frontend role — TLS frontend for EU server (media.zirgate.com)
+# nginx_frontend role — TLS frontend for EU VPS
 #
 # Responsibilities:
 #   - Install nginx + certbot
 #   - Obtain Let's Encrypt certificate for nginx_frontend_domain
 #   - Proxy Xray XHTTP (nginx_frontend_xhttp_path) → 127.0.0.1:nginx_frontend_xhttp_port
 
 # ── Domain ────────────────────────────────────────────────────────────────────
-nginx_frontend_domain: "media.zirgate.com"
+nginx_frontend_domain: "media.example.com"  # Set to your EU VPS domain
 
 # ── Certbot ───────────────────────────────────────────────────────────────────
 nginx_frontend_certbot_email: ""   # Set in secrets.yml
@@ -27,6 +27,6 @@ nginx_frontend_xhttp_path: "/api/v3/data-sync"   # Must match xray_xhttp.xhttpSe
 
 # ── TCP stream relay for Xray VLESS Reality ───────────────────────────────────
 # Stream proxy: nginx_frontend_reality_port → 127.0.0.1:443 (Xray)
-# Allows clients to reach Reality via media.zirgate.com instead of direct EU IP.
+# Allows clients to reach Reality via media.example.com instead of direct EU IP.
 nginx_frontend_reality_stream_enabled: true
 nginx_frontend_reality_port: 8445   # External TCP port for Reality stream

roles/raven_subscribe/defaults/secrets.yml.example

@@ -7,7 +7,7 @@
 raven_subscribe_admin_token: ""
 
 # Public URL used in subscription links — must be the relay domain
-raven_subscribe_base_url: "https://my.zirgate.com"
+raven_subscribe_base_url: "https://my.example.com"
 
 # EU VPS public IP or domain (used in generated client outbound addresses)
 raven_subscribe_server_host: ""

roles/relay/defaults/main.yml

@@ -1,14 +1,14 @@
 ---
 # Relay role — nginx reverse proxy on RU VPS
-# Domain: zirgate.com
-#   zirgate.com        A → RU VPS IP  (static stub site)
-#   my.zirgate.com     A → RU VPS IP  (relay → Raven subscriptions + API)
+# Domain layout example:
+#   example.com        A → RU VPS IP  (static stub site)
+#   my.example.com     A → RU VPS IP  (relay → Raven subscriptions + API)
 #
 # EU server (managed by nginx_frontend role, not this role):
-#   media.zirgate.com  A → EU VPS IP  (nginx_frontend → Xray XHTTP)
+#   media.example.com  A → EU VPS IP  (nginx_frontend → Xray XHTTP)
 
 # ── Domain ───────────────────────────────────────────────────────────────────
-relay_domain: "zirgate.com"
+relay_domain: "example.com"           # Set to your RU VPS domain
 relay_sub_my: "my.{{ relay_domain }}" # Raven-subscribe relay (RU VPS)
 
 # ── Upstream EU server ────────────────────────────────────────────────────────
@@ -21,7 +21,7 @@ relay_upstream_raven_port: 8443
 
 # ── TCP stream relay (VLESS Reality) ─────────────────────────────────────────
 # Proxies raw TCP on relay_stream_port → EU server:relay_upstream_xray_port
-# Clients connect to zirgate.com:relay_stream_port instead of EU IP directly.
+# Clients connect to example.com:relay_stream_port instead of EU IP directly.
 relay_stream_enabled: true
 relay_stream_port: 8444                # Listening port on RU server (must be free)
 relay_upstream_xray_port: 8445         # nginx_frontend Reality stream port on EU server
@@ -31,7 +31,7 @@ relay_nginx_user: "www-data"
 relay_webroot: "/var/www/{{ relay_domain }}"
 
 # ── Certbot ───────────────────────────────────────────────────────────────────
-relay_certbot_email: "" # Set in secrets.yml: relay_certbot_email: "admin@zirgate.com"
+relay_certbot_email: "" # Set in secrets.yml: relay_certbot_email: "admin@example.com"
 
 # ── Stub site ─────────────────────────────────────────────────────────────────
 relay_stub_title: "Welcome"

roles/relay/inventory.ini

@@ -1,2 +1,2 @@
 [relay]
-zirgate ansible_host=RU_VPS_IP ansible_user=deploy
+relay ansible_host=RU_VPS_IP ansible_user=deploy

roles/relay/templates/nginx/https.conf.j2

@@ -8,7 +8,7 @@ server {
     return 301 https://$host$request_uri;
 }
 
-# ── zirgate.com — stub site ──────────────────────────────────────────────────
+# ── {{ relay_domain }} — stub site ──────────────────────────────────────────────────
 server {
     listen 443 ssl;
     http2 on;
@@ -27,7 +27,7 @@ server {
     }
 }
 
-# ── my.zirgate.com — Raven-subscribe relay ───────────────────────────────────
+# ── {{ relay_sub_my }} — Raven-subscribe relay ───────────────────────────────────
 server {
     listen 443 ssl;
     http2 on;

roles/role_nginx_frontend.yml

@@ -1,5 +1,5 @@
 ---
-# nginx frontend playbook — EU server (media.zirgate.com)
+# nginx frontend playbook — EU VPS
 # Usage:
 #   ansible-playbook roles/role_nginx_frontend.yml -i roles/nginx_frontend/inventory.ini \
 #     --vault-password-file vault_password.txt
@@ -9,9 +9,10 @@
 #   nginx_frontend_nginx    — deploy HTTP config
 #   nginx_frontend_certbot  — obtain TLS certificate
 #   nginx_frontend_ssl      — deploy HTTPS config with proxy_pass
+#   nginx_frontend_stream   — deploy TCP stream relay for VLESS Reality
 
-- name: Configure nginx frontend (vpn.zirgate.com)
-  hosts: vm_my_srv
+- name: Configure nginx frontend
+  hosts: eu
   become: true
 
   vars_files:

roles/role_relay.yml

@@ -1,5 +1,5 @@
 ---
-# Relay playbook — RU VPS (zirgate.com)
+# Relay playbook — RU VPS
 # Usage:
 #   ansible-playbook roles/role_relay.yml -i roles/relay/inventory.ini \
 #     --vault-password-file vault_password.txt
@@ -10,9 +10,10 @@
 #   relay_nginx     — deploy HTTP nginx config
 #   relay_certbot   — obtain TLS certificates
 #   relay_nginx_ssl — deploy HTTPS nginx config with proxy_pass
+#   relay_stream    — deploy TCP stream relay for VLESS Reality
 
-- name: Configure relay server (zirgate.com)
-  hosts: vm_my_ru
+- name: Configure relay server
+  hosts: relay
   become: true
 
   vars_files:

roles/xray/defaults/raven_subscribe_secrets.yml.example

@@ -7,7 +7,7 @@
 raven_subscribe_admin_token: ""
 
 # Public URL used in subscription links — must be the relay domain
-raven_subscribe_base_url: "https://my.zirgate.com"
+raven_subscribe_base_url: "https://my.example.com"
 
 # EU VPS public IP or domain (used in generated client outbound addresses)
-raven_subscribe_server_host: "64.226.79.239"
+raven_subscribe_server_host: "media.example.com"