Archives
/
algo
mirror of https://github.com/trailofbits/algo
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
915 Commits
5 Branches
2 Tags
10 MiB
fix/14704
master
dependabot/pip/ansible-9.4.0
dependabot/github_actions/actions/setup-python-5.1.0
dependabot/pip/jinja2-approx-eq-3.1.3
v1.1
v1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '25513cf925'
${ noResults }
Commit Graph

915 Commits (25513cf9259646fc2207869fe853c74b7355e4a3)
 

Author SHA1 Message Date
Jack Ivanov 4a42fbea35 Move to the ARM deployment schema (#1107) 6 years ago
Jack Ivanov 4e5103986c
Create PULL_REQUEST_TEMPLATE.md 6 years ago
Jack Ivanov 5e7f134005
Update issue templates (#1114) 
* Update issue templates

* Delete ISSUE_TEMPLATE.md
 6 years ago
TC1977 df4b3f6202 Update Win10 client docs for non-admin accounts (#1093) 
* Update client-windows.md

Allows non-admin accounts to use the VPN as per #983 and #994. Fix was also documented here https://www.bountysource.com/issues/49259904-windows-10-powershell-and-priv-nonpriv-account-issues

* Update client-windows.md
 6 years ago
ctrlaltreboot 57fb2ec347 Update client-windows.md (#1099) 
Correct command would be ```powershell -ExecutionPolicy ByPass -File C:\path\to\windows_USER.ps1 Add```
 6 years ago
David Myers 65b0239625 Display the invocation environment to aid debugging (#1108) 6 years ago
TC1977 76a8fe35db Document AWS disk encryption flag in config.cfg (#1102) 
This is to better document the "encryption" flag for those who are interested in full disk encryption on AWS. Recently on running the script, I also found the minimum permissions documented at https://github.com/trailofbits/algo/blob/master/docs/deploy-from-ansible.md weren't enough; "ec2:CopyImage" is also required. Not sure if you'd rather have this documented in the AWS docs instead, and not sure if you want "ec2:CopyImage" added to the default minimum required permissions. I can do either if you'd prefer.
 6 years ago
TC1977 4c70b71df5 Fix spacing in congrats message (#1104) 
The spacing of several lines in the congrats message has been off. Here's the congrats output with this fix:
```
ok: [54.85.244.8] => {
    "msg": [
        [
            "\"#                          Congratulations!                            #\"", 
            "\"#                     Your Algo server is running.                     #\"", 
            "\"#    Config files and certificates are in the ./configs/ directory.    #\"", 
            "\"#              Go to https://whoer.net/ after connecting               #\"", 
            "\"#        and ensure that all your traffic passes through the VPN.      #\"", 
            "\"#                     Local DNS resolver 172.16.0.1                    #\"", 
            ""
        ], 
        "    \"#        The p12 and SSH keys password for new users is CR2qzRcA       #\"\n", 
        "    \"#        The CA key password is ed0fd57e7d355af08d12ccdbfd3f5931       #\"\n", 
        "    \"#     Shell access: ssh -i configs/algo.pem ubuntu@54.85.244.8        #\"\n"
    ]
}
```
 6 years ago
David Myers d95df710a5 Add an unattended reboot option (#1082) 6 years ago
in-in 244a698531 improve readability (#1085) 6 years ago
Jack Ivanov cbe57991db Update docs (#1089) 6 years ago
Jack Ivanov 91a9dfd983 invoke dns encryption from main playbook instead of meta-dependencies (#1097) 6 years ago
Mike Myers d9634eca8a Update screenshot of AWS EC2 minimum permissions with ec2:DescribeRegions (#1095) 6 years ago
Jack Ivanov 002c4ef198
Update ISSUE_TEMPLATE.md 6 years ago
Jack Ivanov 0188b2ff64
Update deploy-to-ubuntu.md 6 years ago
Jack Ivanov 687bab9e54
Update troubleshooting.md 
Fixes #744
 6 years ago
Jack Ivanov fb1c0f6a5e
Create a symlink if deploying to localhost (#1078) 6 years ago
Jack Ivanov e860b78d80
Scaleway authentication fix (#1088) 6 years ago
David Myers ee3cb979f7 Document how to use WireGuard on Ubuntu clients (#1071) 6 years ago
Jack Ivanov f63bc1ef97
Update CHANGELOG.md 6 years ago
TC1977 3144458ac7 Update cloud-amazon-ec2.md (#1081) 6 years ago
TC1977 6d3bb1cf2b Update minimum required IAM changes for deployment (#1080) 
Ansible2.5 allows Algo to directly ask AWS for the region list, rather than have it hardcoded and updated manually. Updated the documented minimum required permissions to include "DescribeRegions".
 6 years ago
Jack Ivanov 635e7ff1af
Update README.md 6 years ago
Jack Ivanov 5f9a3d5eb5
Update CHANGELOG.md 6 years ago
Jack Ivanov 511086db8e
Update CHANGELOG.md 6 years ago
Jack Ivanov 701995ebb7
Update CHANGELOG.md 6 years ago
Jack Ivanov 36c871c4f1
Update CHANGELOG.md 6 years ago
Jack Ivanov e8947f318b Large refactor to support Ansible 2.5 (#976) 
* Refactoring, booleans declaration and update users fix

* Make server_name more FQDN compatible

* Rename variables

* Define the default value for store_cakey

* Skip a prompt about the SSH user if deploying to localhost

* Disable reboot for non-cloud deployments

* Enable EC2 volume encryption by default

* Add default server value (localhost) for the local installation

Delete empty files

* Add default region to aws_region_facts

* Update docs

* EC2 credentials fix

* Warnings fix

* Update deploy-from-ansible.md

* Fix a typo

* Remove lightsail from the docs

* Disable EC2 encryption by default

* rename droplet to server

* Disable dependencies

* Disable tls_cipher_suite

* Convert wifi-exclude to a string. Update-users fix

* SSH access congrats fix

* 16.04 > 18.04

* Dont ask for the credentials if specified in the environment vars

* GCE server name fix
 6 years ago
Josh Dimarsky a57a0adf5e Fixed broken link; clarified example docker command (#1064) 6 years ago
Jack Ivanov 53d1113881 Split up unattended upgrades (#1041) 6 years ago
David Myers b86ebe20d7 Prevent DNS rebinding (#1049) 6 years ago
Quentin Moss e0c317a958 Update documentation link (#1043) 6 years ago
Fabian Foerg 3ddd0ac30f Run dnsmasq as the dnsmasq user (#1029) 
* Run dnsmasq as the dnsmasq user

There is a task that checks whether the dnsmasq user exists.
However, dnsmasq is configured to run as user "nobody" instead.
This change lets dnsmasq run as user "dnsmasq".

* remove dnsmasq user task
 6 years ago
Quentin Moss b88f697b28 Update troubleshooting docs to include iOS reconnection loop (#1042) 
* Update troubleshooting docs to include iOS reconnection loop

* nits
 6 years ago
bghost 60a99faaf8 Update PPA for dnscrypt-proxy to 'bionic' (#1039) 6 years ago
Mike Myers c65961a1f3 Amazon ec2 documentation (#1035) 
* Add link to documentation on Amazon EC2 setup

* Add images to document the AWS EC2 account setup

* Create AWS EC2 setup instructions

* remove line breaks

* remove line breaks

* Add images documenting AWS EC2 policy creation

* Update image showing advised minimum AWS policy

* Add instructions for minimum AWS permission policy

* Delete aws-ec2-attach-policy.png

* Updated image to reflect new AWS policy guidance

* Delete aws-ec2-new-user-confirm.png

* Updated image to reflect new AWS policy guidance
 6 years ago
Jack Ivanov ca59eeb5c3 Explicitly allow traffic between clients if enabled (#1028) 6 years ago
Jack Ivanov 952e759af4
Revert "Update dnscrypt-proxy.toml.j2 (#1022)" (#1030) 
This reverts commit e6281bc7df.
 6 years ago
adamluk e6281bc7df Update dnscrypt-proxy.toml.j2 (#1022) 6 years ago
TC1977 facd55c635 Update deploy-to-ubuntu.md (#1019) 
* Update deploy-to-ubuntu.md

rewrite of #813

* Update deploy-to-ubuntu.md
 6 years ago
Jack Ivanov 07a6bbe652
Move max_mss to config.cfg (#1015) 
* Move max_mss to config.cfg

* Add docs about max_mss

* Update troubleshooting.md
 6 years ago
Jack Ivanov d1c58f0d28
apt_repository fix (#1017) 6 years ago
Jack Ivanov 4ca8c03e3c New default cipher suite (#991) 
* New ciphers enabled

* Update CHANGELOG.md

* Switch ecparam to secp384r1

* Change CertificateType to ECDSA384
 6 years ago
Jack Ivanov b061df6631
Move DNSCrypt proxy fallback_resolver to systemd resolved (#1011) 6 years ago
Mikael Forsgren 2931227db4 New Google Cloud Region (#1013) 
Added the new Google Cloud Region Finland (europe-north1) with 3 zones
 6 years ago
Emir Beganović 2f142f6dcc Remove duplicate dict key (enable_ipv6) (#999) 
Warning in yaml file:
` [WARNING]: While constructing a mapping from /root/algo/roles/cloud-scaleway/tasks/main.yml, line 73, column 11, found a duplicate dict key (enable_ipv6). Using last defined value only.`
 6 years ago
TC1977 6faac307af Update troubleshooting.md (#992) 
Many times people are reaching VPC limits not because they're running other VPCs on AWS, but because they've already deployed several times (AWS allows five VPCs per region). This lets people know they can simply delete their old VPCs instead of contacting AWS support.
 6 years ago
Jack Ivanov 030cb9a830 Test fixes 6 years ago
Jack Ivanov ffb5a1f737 WireGuard: disable SaveConfig, update-users fix (#985) 
- Disables SaveConfig. SaveConfig totally breaks the idea of configuration management and it breaks update-users
- WireGuard update-users fix. Mentioned in https://github.com/trailofbits/algo/issues/980#issuecomment-393720561
 6 years ago
Jack Ivanov d7bce68738 TravisCI fixes 6 years ago