<!--- Provide a general summary of your changes in the Title above -->
## Description
Apparmor profile for dnscrypt-proxy didn't work at all
## Motivation and Context
Fixes#1155
## How Has This Been Tested?
Deployed to DigitalOcean, checked that the dnscrypt-proxy binary is in enforce mode
## Types of changes
<!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
- [x] Bug fix (non-breaking change which fixes an issue)
## Checklist:
<!--- Go over all the following points, and put an `x` in all the boxes that apply. -->
<!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! -->
- [x] I have read the **CONTRIBUTING** document.
- [x] My code follows the code style of this project.
- [x] All new and existing tests passed.
Adds "Algo VPN" to the organization in the "Profiles" menu of "General Settings". (The type still shows up as "Unknown" in the "VPN" menu, because that seems to be governed by the "VPNSubType" string, which must be empty according to the [developer reference](https://developer.apple.com/enterprise/documentation/Configuration-Profile-Reference.pdf) Maybe this can help clear the way for #1101.
* Allow more flexible DNSCrypt configuration
* Correct permissions on files changed in #1120
I'm not sure why using BBEdit over SMB makes every file executable.
* Put the public resolvers cache file in /tmp.
* Refactoring, booleans declaration and update users fix
* Make server_name more FQDN compatible
* Rename variables
* Define the default value for store_cakey
* Skip a prompt about the SSH user if deploying to localhost
* Disable reboot for non-cloud deployments
* Enable EC2 volume encryption by default
* Add default server value (localhost) for the local installation
Delete empty files
* Add default region to aws_region_facts
* Update docs
* EC2 credentials fix
* Warnings fix
* Update deploy-from-ansible.md
* Fix a typo
* Remove lightsail from the docs
* Disable EC2 encryption by default
* rename droplet to server
* Disable dependencies
* Disable tls_cipher_suite
* Convert wifi-exclude to a string. Update-users fix
* SSH access congrats fix
* 16.04 > 18.04
* Dont ask for the credentials if specified in the environment vars
* GCE server name fix
* Run dnsmasq as the dnsmasq user
There is a task that checks whether the dnsmasq user exists.
However, dnsmasq is configured to run as user "nobody" instead.
This change lets dnsmasq run as user "dnsmasq".
* remove dnsmasq user task
Warning in yaml file:
` [WARNING]: While constructing a mapping from /root/algo/roles/cloud-scaleway/tasks/main.yml, line 73, column 11, found a duplicate dict key (enable_ipv6). Using last defined value only.`
- Adds an extra line after the if statement. Jinja2 trims such blocks by default in Ansible. Fixes#965
- More appropriate way to configure DNS servers
- Removes `DNS` option from the wireguard server config
- Fixes dnscrypt-proxy restart
- Obviate need to copy separate script and certificate files
- Allow execution from any directory, not just the script's parent
directory (no assumption of any particular working directory)
- Fix docs that neglected to mention copying cacert.pem
- Fix docs that incorrectly referred to the user cert store
As part of this work, rewrite the windows_client.ps1.j2 deployment
script template
- Add comment-based help
- Require admin privileges
- Use a Param() block
- Use parameter sets with -Add and -Remove switches
- Add the -GetInstalledCerts switch, to list any Algo certificates
installed the machine's cert store
- Add the -SaveCerts switch, to save the embedded certificates to files
- Put Jinja2 variables inside Powershell variables,
- Use native Powershell cmdlets rather than shell out to certutil.exe
- Add a playbook to regenerate the windows_USER.ps1 scripts
* Move to ansible-2.4.3
* Add Lightsail support #623
* Fixing the EC2 deployment
* Scaleway integration #623
* OpenStack cloud provider (DreamCompute optimised) #623
* Remove the security role
* Enable unattended-upgrades for clouds
* New requirements to make Azure and GCE work
* Windows 10 -PfsGroup None --> -PfsGroup ECP256
Fixes broken tunnel when rekey (CREATE_CHILD_SA request [ N(REKEY_SA) SA No TSi TSr KE ]) occurs (on my Windows 10 1703 build 15063.138 Creator's Update system this is ~every 57 minutes)
* Update Windows Client PfsGroup Commandline
Chrome and Android both request a known URL that generates HTTP 204 No Content responses to determine if they have internet connectivity. In Apple profiles, we can use the same URL to determine whether the VPN needs to connect. Using this feature will help save battery life for lots of users.
* Update Azure Region List
Included several additional regions in the Azure list.
In a future version we may want to ask users to choose a continent, then present region options since this list is getting long.
* Add VM size selection
Added prompt for user to choose VM size. Useful because the default size is not available in all regions, and there are cheaper sizes.
* Handle vm_size choice in "Create an Instance" step
Use the variable passed in that the user chose for vm_size.
* Differentiate Basic A0 and Standard A0
* Remove vm_size D1 since it's being deprecated
* Fix syntax issue - missing semicolons
* Remove note to self comment
* Remove changes to let user select VM size
Removing my previous additions that let the user select their Azure VM size.
* Hard code VM size to cheapest size
Remove my usage of a variable for VM size. Update to use the Basic_A0, which is the cheapest size of VM.
The previous address ranges were actually routable addresses, which caused some concern for some people because it looked suspicious in tracert. The new CIDR blocks are non-routable addresses, which resolves this concern.