Archives
/
algo
mirror of https://github.com/trailofbits/algo
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
810 Commits
5 Branches
2 Tags
10 MiB
fix/14704
dependabot/pip/ansible-9.4.0
master
dependabot/github_actions/actions/setup-python-5.1.0
dependabot/pip/jinja2-approx-eq-3.1.3
v1.1
v1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '65b0239625'
${ noResults }
Commit Graph

290 Commits (65b02396253d0eadd48af570f9e9086cc4637a62)

Author SHA1 Message Date
David Myers d95df710a5 Add an unattended reboot option (#1082) 6 years ago
Jack Ivanov 91a9dfd983 invoke dns encryption from main playbook instead of meta-dependencies (#1097) 6 years ago
Jack Ivanov e860b78d80
Scaleway authentication fix (#1088) 6 years ago
Jack Ivanov e8947f318b Large refactor to support Ansible 2.5 (#976) 
* Refactoring, booleans declaration and update users fix

* Make server_name more FQDN compatible

* Rename variables

* Define the default value for store_cakey

* Skip a prompt about the SSH user if deploying to localhost

* Disable reboot for non-cloud deployments

* Enable EC2 volume encryption by default

* Add default server value (localhost) for the local installation

Delete empty files

* Add default region to aws_region_facts

* Update docs

* EC2 credentials fix

* Warnings fix

* Update deploy-from-ansible.md

* Fix a typo

* Remove lightsail from the docs

* Disable EC2 encryption by default

* rename droplet to server

* Disable dependencies

* Disable tls_cipher_suite

* Convert wifi-exclude to a string. Update-users fix

* SSH access congrats fix

* 16.04 > 18.04

* Dont ask for the credentials if specified in the environment vars

* GCE server name fix
 6 years ago
Jack Ivanov 53d1113881 Split up unattended upgrades (#1041) 6 years ago
David Myers b86ebe20d7 Prevent DNS rebinding (#1049) 6 years ago
Fabian Foerg 3ddd0ac30f Run dnsmasq as the dnsmasq user (#1029) 
* Run dnsmasq as the dnsmasq user

There is a task that checks whether the dnsmasq user exists.
However, dnsmasq is configured to run as user "nobody" instead.
This change lets dnsmasq run as user "dnsmasq".

* remove dnsmasq user task
 6 years ago
bghost 60a99faaf8 Update PPA for dnscrypt-proxy to 'bionic' (#1039) 6 years ago
Jack Ivanov ca59eeb5c3 Explicitly allow traffic between clients if enabled (#1028) 6 years ago
Jack Ivanov 952e759af4
Revert "Update dnscrypt-proxy.toml.j2 (#1022)" (#1030) 
This reverts commit e6281bc7df.
 6 years ago
adamluk e6281bc7df Update dnscrypt-proxy.toml.j2 (#1022) 6 years ago
Jack Ivanov 07a6bbe652
Move max_mss to config.cfg (#1015) 
* Move max_mss to config.cfg

* Add docs about max_mss

* Update troubleshooting.md
 6 years ago
Jack Ivanov d1c58f0d28
apt_repository fix (#1017) 6 years ago
Jack Ivanov 4ca8c03e3c New default cipher suite (#991) 
* New ciphers enabled

* Update CHANGELOG.md

* Switch ecparam to secp384r1

* Change CertificateType to ECDSA384
 6 years ago
Jack Ivanov b061df6631
Move DNSCrypt proxy fallback_resolver to systemd resolved (#1011) 6 years ago
Emir Beganović 2f142f6dcc Remove duplicate dict key (enable_ipv6) (#999) 
Warning in yaml file:
` [WARNING]: While constructing a mapping from /root/algo/roles/cloud-scaleway/tasks/main.yml, line 73, column 11, found a duplicate dict key (enable_ipv6). Using last defined value only.`
 6 years ago
Jack Ivanov ffb5a1f737 WireGuard: disable SaveConfig, update-users fix (#985) 
- Disables SaveConfig. SaveConfig totally breaks the idea of configuration management and it breaks update-users
- WireGuard update-users fix. Mentioned in https://github.com/trailofbits/algo/issues/980#issuecomment-393720561
 6 years ago
Jack Ivanov aee043977f explicit installation of linux headers (#975) 6 years ago
Jack Ivanov 2d9a36d13a Scaleway: enable ipv6 and switch to local boot (#974) 
- Enables IPv6 on Scaleway
- Adds local boot on scaleway
- Fixes #966
 6 years ago
Jack Ivanov d56f50180b Extra line and better DNS configuration for WireGuard (#968) 
- Adds an extra line after the if statement. Jinja2 trims such blocks by default in Ansible. Fixes #965
- More appropriate way to configure DNS servers
- Removes `DNS` option from the wireguard server config
- Fixes dnscrypt-proxy restart
 6 years ago
Jack Ivanov 3488e660ad Add WireGuard support for Android (#910) 
* WireGuard Implementation

* Update client-android.md

* Update README.md

* WireGuard unattended upgrades

* Update README.md

* reload-module-on-update and syntax fix

* SaveConfig to true

* Azure firewall. Fixes #962

* Update README.md

* Update client-android.md
 6 years ago
Jack Ivanov d27b849f24 Ubuntu1804 (#925) 
- Fixes #897 #944 #956

Work in progress. Lightsail is not ready for Ubuntu 18.04 yet

- [x] DigitalOcean
~~- [ ] Amazon Lightsail~~
- [x] Amazon EC2
- [x] Microsoft Azure
- [x] Google Compute Engine
- [x] Scaleway
- [x] OpenStack (DreamCompute optimised)
 6 years ago
Evgeny Aleksandrov d9dc68164f Remove algo_params (#961) 6 years ago
Evgeny Aleksandrov 87836e0358 Fix typo (#960) 6 years ago
Jack Ivanov 35e526a5a3 IPv6 fixes (#930) 6 years ago
Brian Hulette e01e82b1c3 Don't download minisig dnscrypt release (#905) 7 years ago
adamluk 3d9fa7f8c8 Update dnscrypt-proxy.toml.j2 (#899) 
Updated dnscrypt-proxy.tml with new options: cache_neg_min_ttl and cache_neg_max_ttl
 7 years ago
Dan Guido c276f971b7
monkey patch problematic dnscrypt-proxy cgroup limits (#894) 7 years ago
Jack Ivanov c82bd8c5ff DNS-over-HTTPS (#875) 7 years ago
Jack Ivanov ed6e2d998d Add ipv6 address to subjectAltName if supported (#881) 
CHANGELOG

Some changes

Some changes
 7 years ago
Micah R Ledbetter e944ee993a Embed certs into Windows deployment scripts (#840) 
- Obviate need to copy separate script and certificate files
- Allow execution from any directory, not just the script's parent
  directory (no assumption of any particular working directory)
- Fix docs that neglected to mention copying cacert.pem
- Fix docs that incorrectly referred to the user cert store

As part of this work, rewrite the windows_client.ps1.j2 deployment
script template

- Add comment-based help
- Require admin privileges
- Use a Param() block
- Use parameter sets with -Add and -Remove switches
- Add the -GetInstalledCerts switch, to list any Algo certificates
  installed the machine's cert store
- Add the -SaveCerts switch, to save the embedded certificates to files
- Put Jinja2 variables inside Powershell variables,
- Use native Powershell cmdlets rather than shell out to certutil.exe
- Add a playbook to regenerate the windows_USER.ps1 scripts
 7 years ago
Micah R Ledbetter 4b0aea8f5a Document iptables rules (#854) 
* Remove firewall rule related to the old proxy role

* Remove proxy conditionals from mobileconfig template

* Add comments explaining firewall rules
 7 years ago
Jack Ivanov 78830d96aa Android: add the CA and set the ciphers explicitly (#837) 7 years ago
Jack Ivanov 4e4440a318 Exclude CA from P12 (#835) 7 years ago
Jack Ivanov 3b19f13082 Enable no-resolv (#816) 7 years ago
adamluk b30f6db079 Update rules.v6.j2 (#818) 
Updated to use -m conntrack for consistency as per the other IPv6 rules.
 7 years ago
Jack Ivanov 7e07c35474 proper cloudformation template (#815) 7 years ago
Jack Ivanov 02427910de Ansible 2.4, Lightsail, Scaleway, DreamCompute (OpenStack) integration (#804) 
* Move to ansible-2.4.3

* Add Lightsail support #623

* Fixing the EC2 deployment

* Scaleway integration #623

* OpenStack cloud provider (DreamCompute optimised) #623

* Remove the security role

* Enable unattended-upgrades for clouds

* New requirements to make Azure and GCE work
 7 years ago
Jack Ivanov 4da752b603 Ubuntu 17.10 support (#811) 7 years ago
Micah R Ledbetter 5eed1bbba4 Use dns_servers in dnsmasq.conf (#794) 7 years ago
Douglas Gastonguay-Goddard 7eb4fc5f22 DigitalOcean - Add cleanup step for SSH key (#784) 
* Add cleanup step for SSH key.

* Two space tabs are hard to see.
 7 years ago
Jack Ivanov a844870b7a Sendmail should not be installed (#738) 7 years ago
Marcelo Elizeche Landó 07a1c70bf4 Update adblock.sh for systemd to fix issue #735 (#736) 
* Update script to restart the dnsmasq service using systemctl(systemd) command instead of service(Upstart)

* Use  instead of legacy  REF: https://github.com/koalaman/shellcheck/wiki/SC2006

* Replace non-standard egrep(deprecated) for grep -E. REF: https://github.com/koalaman/shellcheck/wiki/SC2196
 7 years ago
Jack Ivanov f18c1a0d67 Certificate revocation fix (#719) 7 years ago
Jack Ivanov b64f682bae remove the dead code. Fixes #671 7 years ago
Jurgen Verhasselt 185c0f51d7 correct configs_prefix vars in client tasks (#712) 7 years ago
Julie Bernosky dc4dff040e Add StrongSwan log level config option to ipsec.conf template (#700) 7 years ago
Jack Ivanov 3c55cd15a4 GCE. replace underscores (#698) 7 years ago
Jack Ivanov ee7264f26e Ask users to enter the p12 password manually (#697) 7 years ago
Jack Ivanov 6b803e069f LibreSSL fix #625 (#685) 7 years ago