Archives/algo
2
0
Fork 0
mirror of https://github.com/trailofbits/algo synced 2024-11-18 09:25:38 +00:00
Code Issues Projects Releases Wiki Activity
1,027 Commits 5 Branches 2 Tags 10 MiB
02fe2f7dd5
Commit Graph

1027 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Saravanan Palanisamy
02fe2f7dd5
use ca_password from variable(--extra-vars) - non-interactive installation using ansible playbook (#1774) 
* use ca_password from variable

* add tests to cover the changes

* update tests - PR #1774
 2020-04-25 19:32:16 +03:00
Jack Ivanov
27de76048c
ipv6 nat fix (#1775) 2020-04-25 19:31:47 +03:00
aleks
4f1b9270be
relax CA constraints for client (the client equivalent of PR #1675) (#1768) 
* relax CA constraints for client (the client equivalent of PR #1675)

* fixing incorrectly hard-coded output file path
 2020-04-18 17:03:29 +03:00
dependabot[bot]
c231cd42d6
Bump ansible from 2.8.3 to 2.8.8 (#1736) 
Bumps [ansible](https://github.com/ansible/ansible) from 2.8.3 to 2.8.8.
- [Release notes](https://github.com/ansible/ansible/releases)
- [Commits](https://github.com/ansible/ansible/compare/v2.8.3...v2.8.8)

Signed-off-by: dependabot[bot] <support@github.com>
 2020-02-28 10:07:18 +01:00
David Myers
3f3138f555
Fix IPsec DNS when WireGuard uses port 53 (#1719) 
* Fix IPsec DNS when WireGuard uses port 53

* Change ACCEPT to RETURN
 2020-02-25 07:43:25 +01:00
Jack Ivanov
28d95eace2
Update main.yml (#1727) 2020-02-18 16:20:27 +01:00
Jack Ivanov
1e8a9c5cf1
Generate mobileconfigs for WireGuard (#1698) 
* Generate mobileconfigs for WireGuard

* add xmllint to wireguard profiles

* Enable onDemand prompts for WireGuard

* linting
 2020-02-12 08:31:44 +01:00
Dan Hughes
512b5660e1
Use user-defined hostname for SSH hostname (#1715) 
* Use user-defined hostname for SSH hostname

* Update readme to use hostname in ssh commands
 2020-02-12 08:14:13 +01:00
Dan Hughes
5c09d6dd02
Use absolute path for identityfile in ssh config (#1718) 
* Use absolute path for identityfile in ssh config

* Update readme with ssh config include
 2020-02-12 07:58:20 +01:00
Jack Ivanov
dcfed41ae8 Apply netplan for digitalocean only (#1723) 2020-02-10 11:01:20 +01:00
Austin Dworaczyk Wiltshire
027b1b8497
Update dnscrypt-proxy cache settings for improved performance and privacy. (#1714) 
These values match those recommended by the author of DNSCrypt-proxy

See:
https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Caching#dns-cache
https://00f.net/2019/11/03/stop-using-low-dns-ttls/
 2020-02-04 07:08:11 +01:00
Jack Ivanov
3720c5eb1f
Update CHANGELOG.md 2020-01-31 11:26:44 +01:00
Jack Ivanov
2abbf22196
Alternative Ingress IP (#1605) 
* Separate ingress IP draft

* task name fix

* placeholder
 2020-01-31 11:24:29 +01:00
David Myers
78cc708435 Clarify SSH port changed for cloud only (#1706) 2020-01-28 21:21:27 +01:00
Jack Ivanov
0efa4eaf91 Ca certificate name constraints (#1675) 
* X.509 Name Constraints

* nameConstraints to a random generated uuid

* Second level domain

* nameConstraints fixes

* critical in nameConstraints lost after last refactoring
 2020-01-25 20:08:55 +07:00
Jack Ivanov
0e57da8237
Move to Ubuntu 19.10 (#1702) 
* 19.04 is dead, long live 19.10

* Remove 19.04 from tests

* Update docs

* Set proper Azure name
 2020-01-23 17:24:41 +01:00
David Myers
6ac2e2d1a4 Document using Google Cloud Shell (#1699) 2020-01-22 11:39:36 +01:00
David Myers
df57e21194 DO documentation update (#1696) 2020-01-21 12:09:43 +01:00
David Myers
2d94bbd278 Documentation updates (#1694) 2020-01-21 12:09:09 +01:00
Jack Ivanov
62d00901e6
Update main.yml 2020-01-16 13:37:37 +01:00
Jack Ivanov
d8c48ec505
Update pre-deploy.sh 2020-01-16 13:24:23 +01:00
Jack Ivanov
98f43c5cbd
Github Actions fix for PRs (#1687) 2020-01-16 13:06:11 +01:00
Jack Ivanov
24574a3205
apt locking fixes (#1685) 2020-01-15 21:27:29 +01:00
Jack Ivanov
0629aa5ca5
Update badge 2020-01-13 17:26:05 +01:00
Jack Ivanov
cc72728c6d
Update badge 2020-01-13 17:23:42 +01:00
Jack Ivanov
53dfc570eb
Github Actions (#1681) 2020-01-13 17:20:40 +01:00
Jack Ivanov
eb40ade096
scaleway region fix (#1678) 2020-01-08 11:11:41 +01:00
Jack Ivanov
625f634163
Update CHANGELOG.md 2020-01-07 14:33:46 +01:00
Jack Ivanov
d635c76b50
Change default SSH port and introduce cloud-init support (#1636) 
* Change default SSH port

* Iptables to ansible_ssh_port

* Add Scaleway

* permissions and groups fixes

* update firewall docs

* SSH fixes

* add missing cloudinit to cloud-azure

* remove ansible_ssh_user from the tests

* congrats message fix
 2020-01-07 14:28:19 +01:00
Jack Ivanov
b66c9f59aa
Update CHANGELOG.md 2019-12-13 10:35:44 +01:00
TC1977
45aa0065cd Documentation updates (#1607) 
* update variable name to store_pki

* Document BetweenClients_DROP

* Update README.md

* Update faq.md

* VPN On Demand is for Apple IPSEC clients only

* How to update users from cloud-init

* How to monitor user activity

* Fix typo

* Update FAQ about WireGuard, fix typos

* Correct locations of install log and user configs

* Update-users from cloud-init

* Update features list

* More "IPsec" and "WireGuard" changes

* fixed broken link/absent link in FAQ

* Python version README fix for #1622

* road warrior instructions

* Update index.md

* Reorganize config.cfg

As per @davidemyers suggestions

* Further config changes

As per feedback, also better explanation of keys_clean_all

* Add road warrior instructions to FAQ

* Remove specific ports from RW instructions
 2019-12-10 19:23:18 +01:00
David Myers
221568cd25 Remove some commas from input.yml (#1652) 
* Remove some commas from input.yml

* Update input.yml
 2019-12-08 13:16:48 +01:00
David Myers
d18de4b679 Add deploy-from-macos.md (#1649) 2019-12-08 13:12:24 +01:00
David Myers
d72f3b5ba3 Update Windows documentation (#1640) 
* Update Windows documentation

* Revise instructions
 2019-11-27 07:48:36 +01:00
David Myers
9f27c25adc Update the Ubuntu WireGuard documentation (#1645) 2019-11-27 07:45:27 +01:00
Julien Bachmann
43aafdfce1 fixed code to work with python3.7 (#1608) 
* fixed code to work with python3.7

* removed trailing whitespaces and re-run ansible-linter
 2019-11-06 08:25:35 +01:00
David Myers
b65e6b1351 Support Ubuntu 19.10 (#1630) 
Add Travis tests
 2019-11-04 11:46:13 +01:00
Jack Ivanov
dfd979eb68
Windows SSH key permissions workaround (#1584) 
* Windows SSH key permissions workaround

* Ensure Ansible is not being run in a world writable directory

* linting
 2019-11-01 09:57:20 +01:00
David Myers
5737317dae Allow WireGuard to listen on port 53 (#1594) 
* Allow WireGuard to listen on port 53

* Use a variable for the port to avoid

* Add comment to config.cfg
 2019-10-30 08:38:39 +01:00
Jack Ivanov
88eaf30e65
Update README.md (#1602) 
* Update README.md

As noted in #1599 we don't have any instructions for CentOS 7. Closes #1599

* Update README.md

Co-Authored-By: David Myers <dem@myersnet.net>
 2019-10-09 08:34:06 +02:00
Jack Ivanov
d0ce162559
Update PULL_REQUEST_TEMPLATE.md 2019-10-07 13:11:33 +02:00
Jon Stewart
792e991442 Troubleshooting docs addition for CA certificate failure with MacPorts (#1595) 
* Added troubleshooting entry related to lack of a CA certificate in MacPorts.

* Try to fix the link

* Try to fix the link

* Try to fix the link

* line-breaking of error message

* update error message and text
 2019-10-05 19:31:30 +02:00
Nil Admirari
0b4ec243a7 Fix for interactive Docker deployments (#1589) 2019-10-02 12:03:10 +02:00
Jack Ivanov
8bdd99c05d Refactor to support Ansible 2.8 (#1549) 
* bump ansible to 2.8.3

* DigitalOcean: move to the latest modules

* Add Hetzner Cloud

* Scaleway and Lightsail fixes

* lint missing roles

* Update roles/cloud-hetzner/tasks/main.yml

Add api_token

Co-Authored-By: phaer <phaer@phaer.org>

* Update roles/cloud-hetzner/tasks/main.yml

Add api_token

Co-Authored-By: phaer <phaer@phaer.org>

* Try to run apt until succeeded

* Scaleway modules upgrade

* GCP: Refactoring, remove deprecated modules

* Doc updates (#1552)

* Update README.md

Adding links and mentions of Exoscale aka CloudStack and Hetzner Cloud.

* Update index.md

Add the Hetzner Cloud to the docs index

* Remove link to Win 10 IPsec instructions

* Delete client-windows.md

Unnecessary since the deprecation of IPsec for Win10.

* Update deploy-from-ansible.md

Added sections and required variables for CloudStack and Hetzner Cloud.

* Update deploy-from-ansible.md

Added sections for CloudStack and Hetzner, added req variables and examples, mentioned environment variables, and added links to the provider role section.

* Update deploy-from-ansible.md

Cosmetic changes to links, fix typo.

* Update GCE variables

* Update deploy-from-script-or-cloud-init-to-localhost.md

Fix a finer point, and make variables list more readable.

* update azure requirements

* Python3 draft

* set LANG=c to the p12 password generation task

* Update README

* Install cloud requirements to the existing venv

* FreeBSD fix

* env->.env fixes

* lightsail_region_facts fix

* yaml syntax fix

* Update README for Python 3 (#1564)

* Update README for Python 3

* Remove tabs and tweak instructions

* Remove cosmetic command indentation

* Update README.md

* Update README for Python 3 (#1565)

* DO fix for "found unpermitted parameters: id"

* Verify Python version

* Remove ubuntu 16.04 from readme

* Revert back DigitalOcean module

* Update deploy-from-script-or-cloud-init-to-localhost.md

* env to .env
 2019-09-28 08:10:20 +08:00
Jack Ivanov
61729ac9b5
Update client.conf.j2 (#1580) 2019-09-12 12:52:10 +02:00
Nil Admirari
0c3aada66f Support for scripted Docker deployments (#1582) 2019-09-12 12:51:40 +02:00
Nil Admirari
fc27b439b5 Do not copy existing env to Docker image (#1581) 2019-09-12 12:13:38 +02:00
Nian Wang
71e49eb2c8 Add spacing, list format for readability. (#1560) 2019-09-06 10:56:24 +02:00
Squirrel
1ca8ee5554 Generates a password by native module (#1576) 
* use password module to generate password

* fix variable reference

* reduce character set to meet origin design

*  CA and p12 password chanes

- Move the CA_password generation task to the native lookup plugin
- Get rid of unneeded tasks
 2019-09-06 10:55:57 +02:00
Jack Ivanov
c6f45ead69
Allow OnDemand to be toggled later (#1557) 2019-09-06 09:33:36 +02:00