Archives
/
algo
mirror of https://github.com/trailofbits/algo
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,150 Commits
5 Branches
2 Tags
11 MiB
master
dependabot/pip/ansible-9.4.0
dependabot/github_actions/actions/setup-python-5.1.0
fix/14704
dependabot/pip/jinja2-approx-eq-3.1.3
v1.1
v1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Commit Graph

140 Commits (master)

Author SHA1 Message Date
David Myers f3519425c4 Note that WireGuard configs cannot be shared (#1238) 6 years ago
TC1977 4eeaadcfb3 Add info about modifying blacklists (#1236) 
# Algo will use the following lists to block ads. You can add new block lists 
# after deployment by modifying the line starting "BLOCKLIST_URLS=" at:
# /usr/local/sbin/adblock.sh 
# If you load very large blocklists, you may also have to modify resource limits:
# /etc/systemd/system/dnsmasq.service.d/100-CustomLimitations.conf
 6 years ago
Jack Ivanov a66d8f0069 on-build python venvs (#1199) 6 years ago
Jack Ivanov 3468d27e61 Lightsail back (#1157) 6 years ago
David Myers d90ba3d11a Allow more flexible DNSCrypt configuration (#1120) 
* Allow more flexible DNSCrypt configuration

* Correct permissions on files changed in #1120

I'm not sure why using BBEdit over SMB makes every file executable.

* Put the public resolvers cache file in /tmp.
 6 years ago
Jack Ivanov 6c0753e3b8 GCE: Static external ip (optional) (#1125) 6 years ago
Jack Ivanov 4a42fbea35 Move to the ARM deployment schema (#1107) 6 years ago
TC1977 76a8fe35db Document AWS disk encryption flag in config.cfg (#1102) 
This is to better document the "encryption" flag for those who are interested in full disk encryption on AWS. Recently on running the script, I also found the minimum permissions documented at https://github.com/trailofbits/algo/blob/master/docs/deploy-from-ansible.md weren't enough; "ec2:CopyImage" is also required. Not sure if you'd rather have this documented in the AWS docs instead, and not sure if you want "ec2:CopyImage" added to the default minimum required permissions. I can do either if you'd prefer.
 6 years ago
TC1977 4c70b71df5 Fix spacing in congrats message (#1104) 
The spacing of several lines in the congrats message has been off. Here's the congrats output with this fix:
```
ok: [54.85.244.8] => {
    "msg": [
        [
            "\"#                          Congratulations!                            #\"", 
            "\"#                     Your Algo server is running.                     #\"", 
            "\"#    Config files and certificates are in the ./configs/ directory.    #\"", 
            "\"#              Go to https://whoer.net/ after connecting               #\"", 
            "\"#        and ensure that all your traffic passes through the VPN.      #\"", 
            "\"#                     Local DNS resolver 172.16.0.1                    #\"", 
            ""
        ], 
        "    \"#        The p12 and SSH keys password for new users is CR2qzRcA       #\"\n", 
        "    \"#        The CA key password is ed0fd57e7d355af08d12ccdbfd3f5931       #\"\n", 
        "    \"#     Shell access: ssh -i configs/algo.pem ubuntu@54.85.244.8        #\"\n"
    ]
}
```
 6 years ago
David Myers d95df710a5 Add an unattended reboot option (#1082) 6 years ago
Jack Ivanov e8947f318b Large refactor to support Ansible 2.5 (#976) 
* Refactoring, booleans declaration and update users fix

* Make server_name more FQDN compatible

* Rename variables

* Define the default value for store_cakey

* Skip a prompt about the SSH user if deploying to localhost

* Disable reboot for non-cloud deployments

* Enable EC2 volume encryption by default

* Add default server value (localhost) for the local installation

Delete empty files

* Add default region to aws_region_facts

* Update docs

* EC2 credentials fix

* Warnings fix

* Update deploy-from-ansible.md

* Fix a typo

* Remove lightsail from the docs

* Disable EC2 encryption by default

* rename droplet to server

* Disable dependencies

* Disable tls_cipher_suite

* Convert wifi-exclude to a string. Update-users fix

* SSH access congrats fix

* 16.04 > 18.04

* Dont ask for the credentials if specified in the environment vars

* GCE server name fix
 6 years ago
Jack Ivanov 07a6bbe652
Move max_mss to config.cfg (#1015) 
* Move max_mss to config.cfg

* Add docs about max_mss

* Update troubleshooting.md
 6 years ago
Jack Ivanov 3488e660ad Add WireGuard support for Android (#910) 
* WireGuard Implementation

* Update client-android.md

* Update README.md

* WireGuard unattended upgrades

* Update README.md

* reload-module-on-update and syntax fix

* SaveConfig to true

* Azure firewall. Fixes #962

* Update README.md

* Update client-android.md
 6 years ago
Jack Ivanov d27b849f24 Ubuntu1804 (#925) 
- Fixes #897 #944 #956

Work in progress. Lightsail is not ready for Ubuntu 18.04 yet

- [x] DigitalOcean
~~- [ ] Amazon Lightsail~~
- [x] Amazon EC2
- [x] Microsoft Azure
- [x] Google Compute Engine
- [x] Scaleway
- [x] OpenStack (DreamCompute optimised)
 6 years ago
TC1977 e905220f61 Update config.cfg (#936) 
Fix typos - this puzzled me when I was attempting to install algo with dnscrypt last week.
 6 years ago
Jack Ivanov c82bd8c5ff DNS-over-HTTPS (#875) 6 years ago
Jack Ivanov 02427910de Ansible 2.4, Lightsail, Scaleway, DreamCompute (OpenStack) integration (#804) 
* Move to ansible-2.4.3

* Add Lightsail support #623

* Fixing the EC2 deployment

* Scaleway integration #623

* OpenStack cloud provider (DreamCompute optimised) #623

* Remove the security role

* Enable unattended-upgrades for clouds

* New requirements to make Azure and GCE work
 6 years ago
Jack Ivanov 4da752b603 Ubuntu 17.10 support (#811) 6 years ago
Dan Ackerson d8f0393dd8 minimum DigitalOcean $5 type now 's-1vcpu-1gb' (#785) 
https://www.digitalocean.com/pricing/
 6 years ago
Dan Guido 6572c2fb34 Closes #699 7 years ago
Julie Bernosky dc4dff040e Add StrongSwan log level config option to ipsec.conf template (#700) 7 years ago
Jack Ivanov 26c202ded5 Generate p12 each deployment. Generate ps1 scripts if windows supported. Define `become` for all the section. (#580) 7 years ago
Jack Ivanov 4165eca407 Azure supports 17.04 #449 7 years ago
Rod Vagg 75d64ac018 Make DNS blocklist URLs configurable (#548) 7 years ago
Jack Ivanov bd348af9c2 Implementing blocks and additional fail hints #487 (#497) 
change the troubleshooting url
 7 years ago
Jack Ivanov 2782df8cfd Move back to 16.04. Forgot to change after testing 7 years ago
Jack Ivanov c3fcfe5d0d Let users choose the distro version #449 (#466) 
Make dpdaction great again

add 1704 to travis

Make EC2 image name more convenient

modify apparmor profile
 7 years ago
Jack Ivanov a7b06058cb remove the proxy role #440 (#457) 
* remove the proxy role #440

* Separate facts. Make roles more independent from each other

move openssl to local tasks

move unneeded tasks
 7 years ago
Jack Ivanov 16329fe088 Instance size (#404) 
* Escaping Special Characters #388

* Make instance sizes more flexible to edit #355
 7 years ago
Dan Guido 1af2010f44 Update config.cfg 7 years ago
Jack Ivanov 3df33c0eba Add a comment about escaping usernames 7 years ago
brad2014 09e5d87c7b Minor name and documentation edits (#327) 7 years ago
Jack Ivanov f7da2e3888 EC2 dynamic enventory. Fixes #73 7 years ago
Jack Ivanov 5cbf125202 Some refactoring. Disable unneeded variables. 7 years ago
Jack Ivanov 6cc3598cc6 rewrite congrats 7 years ago
Jack Ivanov 8d21923b70 Additional info in the congrats 7 years ago
Jack Ivanov 88518240fc Fix for the local installation 7 years ago
kennwhite b266f37f1c Formatting fixes 8 years ago
kennwhite eb81b0d4c4 Remove hardcoded ssh key & username in congrats text 8 years ago
kennwhite 0ef1b5d8da UI hints to ssh keys and message clean up 
Though the algo ssh key names are in the config file at the bottom, they don't seem to be displayed, and are easy to miss for new users.
 8 years ago
Jack Ivanov 1d07200c74 generating ssh-keys #152 #151 #112 8 years ago
Jack Ivanov efb78e27d4 disable the proxy and client-to-client options 8 years ago
Jack Ivanov abf94989fc the password for the CA private key #75 8 years ago
Jack Ivanov ecb6b498b9 unnecessarry to use such way Fixed #162 8 years ago
Jack Ivanov f1715c4e0b random password for the p12 certificates #135 8 years ago
Jack Ivanov 50e9dbfce0 draft EC2 #150 #157 8 years ago
Jack Ivanov 0269cafff7 DNS fix 8 years ago
Jack Ivanov 3d53dde6ca Fixed. #137 8 years ago
Jack Ivanov 2cb98b4516 Windows RSA support #9 8 years ago
Nima Fatemi 7cb2197d16 Avoid using + for email address 
using + in email add (eg email+auditd@domain.tld) would cause auditd fail to start
see #117
 8 years ago
Jack Ivanov 76ea7f67ae extra vars added to use local DNS #110 8 years ago
Dan Guido 8ae80788ad better user instructions 8 years ago
Dan Guido c52350030d Merge branch 'master' into docs 8 years ago
Jack Ivanov d93b7c200f EC2 | Add VPC group #98 and counts #59 8 years ago
Jack Ivanov 062426e0ec client configuration templates #43 8 years ago
Dan Guido bff7c414b2 Initial commit of reorg'd docs 8 years ago
Jack Ivanov 4db428a86e Disable unneeded plugins in StrongSwan #84 8 years ago
Jack Ivanov 97a00699b7 new tags 8 years ago
Dan Guido dbb7fd0815 Make config.cfg a little more user-friendly 8 years ago
Jack Ivanov 19797bc020 CPU and memory limitations of the services #63 8 years ago
Evgeniy Ivanov 09c39627d9 Memory limits #63 8 years ago
Evgeniy Ivanov d41561b4e3 fixes 8 years ago
Evgeniy Ivanov ba50abce8a make local ip changeable #67 8 years ago
Evgeniy Ivanov 1a6e3775d1 ULA IPv6 8 years ago
Evgeniy Ivanov a9b10baf1d Some fixes 8 years ago
jack 4d7d8c747a client cert password #45 8 years ago
jack f0366562aa google and azure 8 years ago
jack 2b9dde6016 mod_pagespeed #5 8 years ago
jack b4c843c800 ipv6 bug #8 8 years ago
jack 2454b7a82b Configure IPv6 on the VPN #8 8 years ago
jack 26ab5ff9c1 some fixes 8 years ago
jack ca47bb136c moved to use an IP instead of a domain 8 years ago
jack e30eb9bf87 change IP ranges #37 8 years ago
jack 24ee07cec4 Add lightweight ad-blocking to the proxy #14 8 years ago
jack 2648ccdc18 Add lightweight ad-blocking to the proxy #14 8 years ago
Dan Guido d58a7b484d miscelllaneous cleanups 8 years ago
jack fa3f92c1f9 config.cfg fixes 8 years ago
jack 5e113fc7bd Hardcoded info #25 8 years ago
jack 10fd24cbc9 Hardcoded info #25 8 years ago
Dan Guido 5fbb821848 Initial commit 8 years ago
Evgeniy Ivanov 4bd2cd2eea auditd 8 years ago
Evgeniy Ivanov 5dcb73f7c1 ECDSA fixed 8 years ago
Evgeniy Ivanov bce63c209c ECDSA fixed 8 years ago
Evgeniy Ivanov 2efaf97e58 some fixes 8 years ago
Evgeniy Ivanov 371b20a2ce mobileconfig implemented 8 years ago
Evgeniy Ivanov 68945f69d7 apparmom; split up some functions 8 years ago
Evgeniy Ivanov 63e67cb3a6 export p12 added 8 years ago
Evgeniy Ivanov ec90d2acc7 SAN fixed 8 years ago
Evgeniy Ivanov 993e388abb SAN fixed 8 years ago
Evgeniy Ivanov db297aa6da Cert auth 8 years ago