Archives
/
algo
mirror of https://github.com/trailofbits/algo
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,126 Commits
5 Branches
2 Tags
11 MiB
master
dependabot/pip/ansible-9.4.0
dependabot/github_actions/actions/setup-python-5.1.0
fix/14704
dependabot/pip/jinja2-approx-eq-3.1.3
v1.1
v1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '45fe0f595d'
${ noResults }
Commit Graph

1126 Commits (45fe0f595d972c18ed4d18215d2b639665137a83)
 

Author SHA1 Message Date
Jack Ivanov 27de76048c
ipv6 nat fix (#1775) 4 years ago
aleks 4f1b9270be
relax CA constraints for client (the client equivalent of PR #1675) (#1768) 
* relax CA constraints for client (the client equivalent of PR #1675)

* fixing incorrectly hard-coded output file path
 4 years ago
dependabot[bot] c231cd42d6
Bump ansible from 2.8.3 to 2.8.8 (#1736) 
Bumps [ansible](https://github.com/ansible/ansible) from 2.8.3 to 2.8.8.
- [Release notes](https://github.com/ansible/ansible/releases)
- [Commits](https://github.com/ansible/ansible/compare/v2.8.3...v2.8.8)

Signed-off-by: dependabot[bot] <support@github.com>
 4 years ago
David Myers 3f3138f555
Fix IPsec DNS when WireGuard uses port 53 (#1719) 
* Fix IPsec DNS when WireGuard uses port 53

* Change ACCEPT to RETURN
 4 years ago
Jack Ivanov 28d95eace2
Update main.yml (#1727) 4 years ago
Jack Ivanov 1e8a9c5cf1
Generate mobileconfigs for WireGuard (#1698) 
* Generate mobileconfigs for WireGuard

* add xmllint to wireguard profiles

* Enable onDemand prompts for WireGuard

* linting
 4 years ago
Dan Hughes 512b5660e1
Use user-defined hostname for SSH hostname (#1715) 
* Use user-defined hostname for SSH hostname

* Update readme to use hostname in ssh commands
 4 years ago
Dan Hughes 5c09d6dd02
Use absolute path for identityfile in ssh config (#1718) 
* Use absolute path for identityfile in ssh config

* Update readme with ssh config include
 4 years ago
Jack Ivanov dcfed41ae8 Apply netplan for digitalocean only (#1723) 4 years ago
Austin Dworaczyk Wiltshire 027b1b8497
Update dnscrypt-proxy cache settings for improved performance and privacy. (#1714) 
These values match those recommended by the author of DNSCrypt-proxy

See:
https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Caching#dns-cache
https://00f.net/2019/11/03/stop-using-low-dns-ttls/
 4 years ago
Jack Ivanov 3720c5eb1f
Update CHANGELOG.md 4 years ago
Jack Ivanov 2abbf22196
Alternative Ingress IP (#1605) 
* Separate ingress IP draft

* task name fix

* placeholder
 4 years ago
David Myers 78cc708435 Clarify SSH port changed for cloud only (#1706) 4 years ago
Jack Ivanov 0efa4eaf91 Ca certificate name constraints (#1675) 
* X.509 Name Constraints

* nameConstraints to a random generated uuid

* Second level domain

* nameConstraints fixes

* critical in nameConstraints lost after last refactoring
 4 years ago
Jack Ivanov 0e57da8237
Move to Ubuntu 19.10 (#1702) 
* 19.04 is dead, long live 19.10

* Remove 19.04 from tests

* Update docs

* Set proper Azure name
 4 years ago
David Myers 6ac2e2d1a4 Document using Google Cloud Shell (#1699) 4 years ago
David Myers df57e21194 DO documentation update (#1696) 4 years ago
David Myers 2d94bbd278 Documentation updates (#1694) 4 years ago
Jack Ivanov 62d00901e6
Update main.yml 4 years ago
Jack Ivanov d8c48ec505
Update pre-deploy.sh 4 years ago
Jack Ivanov 98f43c5cbd
Github Actions fix for PRs (#1687) 4 years ago
Jack Ivanov 24574a3205
apt locking fixes (#1685) 4 years ago
Jack Ivanov 0629aa5ca5
Update badge 4 years ago
Jack Ivanov cc72728c6d
Update badge 4 years ago
Jack Ivanov 53dfc570eb
Github Actions (#1681) 4 years ago
Jack Ivanov eb40ade096
scaleway region fix (#1678) 4 years ago
Jack Ivanov 625f634163
Update CHANGELOG.md 4 years ago
Jack Ivanov d635c76b50
Change default SSH port and introduce cloud-init support (#1636) 
* Change default SSH port

* Iptables to ansible_ssh_port

* Add Scaleway

* permissions and groups fixes

* update firewall docs

* SSH fixes

* add missing cloudinit to cloud-azure

* remove ansible_ssh_user from the tests

* congrats message fix
 4 years ago
Jack Ivanov b66c9f59aa
Update CHANGELOG.md 5 years ago
TC1977 45aa0065cd Documentation updates (#1607) 
* update variable name to store_pki

* Document BetweenClients_DROP

* Update README.md

* Update faq.md

* VPN On Demand is for Apple IPSEC clients only

* How to update users from cloud-init

* How to monitor user activity

* Fix typo

* Update FAQ about WireGuard, fix typos

* Correct locations of install log and user configs

* Update-users from cloud-init

* Update features list

* More "IPsec" and "WireGuard" changes

* fixed broken link/absent link in FAQ

* Python version README fix for #1622

* road warrior instructions

* Update index.md

* Reorganize config.cfg

As per @davidemyers suggestions

* Further config changes

As per feedback, also better explanation of keys_clean_all

* Add road warrior instructions to FAQ

* Remove specific ports from RW instructions
 5 years ago
David Myers 221568cd25 Remove some commas from input.yml (#1652) 
* Remove some commas from input.yml

* Update input.yml
 5 years ago
David Myers d18de4b679 Add deploy-from-macos.md (#1649) 5 years ago
David Myers d72f3b5ba3 Update Windows documentation (#1640) 
* Update Windows documentation

* Revise instructions
 5 years ago
David Myers 9f27c25adc Update the Ubuntu WireGuard documentation (#1645) 5 years ago
Julien Bachmann 43aafdfce1 fixed code to work with python3.7 (#1608) 
* fixed code to work with python3.7

* removed trailing whitespaces and re-run ansible-linter
 5 years ago
David Myers b65e6b1351 Support Ubuntu 19.10 (#1630) 
Add Travis tests
 5 years ago
Jack Ivanov dfd979eb68
Windows SSH key permissions workaround (#1584) 
* Windows SSH key permissions workaround

* Ensure Ansible is not being run in a world writable directory

* linting
 5 years ago
David Myers 5737317dae Allow WireGuard to listen on port 53 (#1594) 
* Allow WireGuard to listen on port 53

* Use a variable for the port to avoid

* Add comment to config.cfg
 5 years ago
Jack Ivanov 88eaf30e65
Update README.md (#1602) 
* Update README.md

As noted in #1599 we don't have any instructions for CentOS 7. Closes #1599

* Update README.md

Co-Authored-By: David Myers <dem@myersnet.net>
 5 years ago
Jack Ivanov d0ce162559
Update PULL_REQUEST_TEMPLATE.md 5 years ago
Jon Stewart 792e991442 Troubleshooting docs addition for CA certificate failure with MacPorts (#1595) 
* Added troubleshooting entry related to lack of a CA certificate in MacPorts.

* Try to fix the link

* Try to fix the link

* Try to fix the link

* line-breaking of error message

* update error message and text
 5 years ago
Nil Admirari 0b4ec243a7 Fix for interactive Docker deployments (#1589) 5 years ago
Jack Ivanov 8bdd99c05d Refactor to support Ansible 2.8 (#1549) 
* bump ansible to 2.8.3

* DigitalOcean: move to the latest modules

* Add Hetzner Cloud

* Scaleway and Lightsail fixes

* lint missing roles

* Update roles/cloud-hetzner/tasks/main.yml

Add api_token

Co-Authored-By: phaer <phaer@phaer.org>

* Update roles/cloud-hetzner/tasks/main.yml

Add api_token

Co-Authored-By: phaer <phaer@phaer.org>

* Try to run apt until succeeded

* Scaleway modules upgrade

* GCP: Refactoring, remove deprecated modules

* Doc updates (#1552)

* Update README.md

Adding links and mentions of Exoscale aka CloudStack and Hetzner Cloud.

* Update index.md

Add the Hetzner Cloud to the docs index

* Remove link to Win 10 IPsec instructions

* Delete client-windows.md

Unnecessary since the deprecation of IPsec for Win10.

* Update deploy-from-ansible.md

Added sections and required variables for CloudStack and Hetzner Cloud.

* Update deploy-from-ansible.md

Added sections for CloudStack and Hetzner, added req variables and examples, mentioned environment variables, and added links to the provider role section.

* Update deploy-from-ansible.md

Cosmetic changes to links, fix typo.

* Update GCE variables

* Update deploy-from-script-or-cloud-init-to-localhost.md

Fix a finer point, and make variables list more readable.

* update azure requirements

* Python3 draft

* set LANG=c to the p12 password generation task

* Update README

* Install cloud requirements to the existing venv

* FreeBSD fix

* env->.env fixes

* lightsail_region_facts fix

* yaml syntax fix

* Update README for Python 3 (#1564)

* Update README for Python 3

* Remove tabs and tweak instructions

* Remove cosmetic command indentation

* Update README.md

* Update README for Python 3 (#1565)

* DO fix for "found unpermitted parameters: id"

* Verify Python version

* Remove ubuntu 16.04 from readme

* Revert back DigitalOcean module

* Update deploy-from-script-or-cloud-init-to-localhost.md

* env to .env
 5 years ago
Jack Ivanov 61729ac9b5
Update client.conf.j2 (#1580) 5 years ago
Nil Admirari 0c3aada66f Support for scripted Docker deployments (#1582) 5 years ago
Nil Admirari fc27b439b5 Do not copy existing env to Docker image (#1581) 5 years ago
Nian Wang 71e49eb2c8 Add spacing, list format for readability. (#1560) 5 years ago
Squirrel 1ca8ee5554 Generates a password by native module (#1576) 
* use password module to generate password

* fix variable reference

* reduce character set to meet origin design

*  CA and p12 password chanes

- Move the CA_password generation task to the native lookup plugin
- Get rid of unneeded tasks
 5 years ago
Jack Ivanov c6f45ead69
Allow OnDemand to be toggled later (#1557) 5 years ago
Jack Ivanov 95eddccfb7
EC2: Enable EBS single step encryption by default (#1556) 
* EC2: EBS single step encryption by default

* return back the encryption variable
 5 years ago