Archives
/
algo
mirror of https://github.com/trailofbits/algo
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
788 Commits
5 Branches
2 Tags
10 MiB
fix/14704
master
dependabot/pip/ansible-9.4.0
dependabot/github_actions/actions/setup-python-5.1.0
dependabot/pip/jinja2-approx-eq-3.1.3
v1.1
v1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e8947f318b'
${ noResults }
Commit Graph

45 Commits (e8947f318b197cc8e7c3dfeb7a1289f2593f3b6c)

Author SHA1 Message Date
Jack Ivanov e8947f318b Large refactor to support Ansible 2.5 (#976) 
* Refactoring, booleans declaration and update users fix

* Make server_name more FQDN compatible

* Rename variables

* Define the default value for store_cakey

* Skip a prompt about the SSH user if deploying to localhost

* Disable reboot for non-cloud deployments

* Enable EC2 volume encryption by default

* Add default server value (localhost) for the local installation

Delete empty files

* Add default region to aws_region_facts

* Update docs

* EC2 credentials fix

* Warnings fix

* Update deploy-from-ansible.md

* Fix a typo

* Remove lightsail from the docs

* Disable EC2 encryption by default

* rename droplet to server

* Disable dependencies

* Disable tls_cipher_suite

* Convert wifi-exclude to a string. Update-users fix

* SSH access congrats fix

* 16.04 > 18.04

* Dont ask for the credentials if specified in the environment vars

* GCE server name fix
 6 years ago
Jack Ivanov 53d1113881 Split up unattended upgrades (#1041) 6 years ago
Jack Ivanov b061df6631
Move DNSCrypt proxy fallback_resolver to systemd resolved (#1011) 6 years ago
Jack Ivanov aee043977f explicit installation of linux headers (#975) 6 years ago
Jack Ivanov d56f50180b Extra line and better DNS configuration for WireGuard (#968) 
- Adds an extra line after the if statement. Jinja2 trims such blocks by default in Ansible. Fixes #965
- More appropriate way to configure DNS servers
- Removes `DNS` option from the wireguard server config
- Fixes dnscrypt-proxy restart
 6 years ago
Jack Ivanov 3488e660ad Add WireGuard support for Android (#910) 
* WireGuard Implementation

* Update client-android.md

* Update README.md

* WireGuard unattended upgrades

* Update README.md

* reload-module-on-update and syntax fix

* SaveConfig to true

* Azure firewall. Fixes #962

* Update README.md

* Update client-android.md
 6 years ago
Jack Ivanov d27b849f24 Ubuntu1804 (#925) 
- Fixes #897 #944 #956

Work in progress. Lightsail is not ready for Ubuntu 18.04 yet

- [x] DigitalOcean
~~- [ ] Amazon Lightsail~~
- [x] Amazon EC2
- [x] Microsoft Azure
- [x] Google Compute Engine
- [x] Scaleway
- [x] OpenStack (DreamCompute optimised)
 6 years ago
Jack Ivanov c82bd8c5ff DNS-over-HTTPS (#875) 6 years ago
Jack Ivanov 02427910de Ansible 2.4, Lightsail, Scaleway, DreamCompute (OpenStack) integration (#804) 
* Move to ansible-2.4.3

* Add Lightsail support #623

* Fixing the EC2 deployment

* Scaleway integration #623

* OpenStack cloud provider (DreamCompute optimised) #623

* Remove the security role

* Enable unattended-upgrades for clouds

* New requirements to make Azure and GCE work
 6 years ago
Jack Ivanov 4da752b603 Ubuntu 17.10 support (#811) 6 years ago
Jack Ivanov a844870b7a Sendmail should not be installed (#738) 7 years ago
Jack Ivanov bd348af9c2 Implementing blocks and additional fail hints #487 (#497) 
change the troubleshooting url
 7 years ago
Jack Ivanov 6e61a51aca rewrite the sysctl task 7 years ago
Jack Ivanov c0f4b5fa41 Enable default values if the role is skipped #313 7 years ago
Jack Ivanov 6facb6cb4f FreeBSD / HardenedBSD (#262) 
* FreeBSD draft

ifconfig fix

Pre-tasks fixes

fix hardcoded IP

some refactoring

disable system-based tags

disable freebsd tags

FreeBSD vpn role

add defaults

ssh role freebsd

default fix

dns_adblocking freebsd

ubuntu dict fix

* HardenedBSD

update-users BSD

* Rebuild the kernel

docs changing
 7 years ago
Jack Ivanov 2798f84d3f ensure that apparmor is supported by the kernel #215 8 years ago
Jack Ivanov a50a396b94 addtiional fixes 8 years ago
Jack Ivanov 03c805cb87 reorganize the wait_for functions #159 8 years ago
Kevin Cernekee 433389c0ab Use /var/run/reboot-required to determine if a restart is needed 
The current check only looks to see if a new kernel was installed.
 8 years ago
Kevin Cernekee 09bbc4058c Add missing tags in common playbook 
If the common playbook is invoked with the "cloud" tag, non-cloud
tasks will be skipped.  On GCE this causes "Install tools" to be skipped,
apparmor-utils is not installed, and then the "Enforcing ipsec with
apparmor" step fails.
 8 years ago
Jack Ivanov d052cb8e77 skip-tags added. Fixed #121 8 years ago
Jack Ivanov ddcee8db18 logging fixes 8 years ago
Jack Ivanov 05df4f0c04 unattended-upgrades moved to the security role 8 years ago
Jack Ivanov 00e4bcc1ec security role and SSH fixes #77 8 years ago
Jack Ivanov c19908c9b1 ssh fixes 8 years ago
Dan Guido 27421070b9 linting 8 years ago
Dan Guido 2fcc3600fd Disable features in the Match block vs main config 8 years ago
Jack Ivanov 1dcfe18055 SSH tunneling role #77 8 years ago
Evgeniy Ivanov 09c39627d9 Memory limits #63 8 years ago
Evgeniy Ivanov ba50abce8a make local ip changeable #67 8 years ago
Evgeniy Ivanov e6090b8245 forwarding #61 8 years ago
Evgeniy Ivanov b593986b0c SFTP fixed 8 years ago
Evgeniy Ivanov 3fa75a081d new iptabes deployment #61 8 years ago
Evgeniy Ivanov 4a6602e877 RSAAuthentication no; Turn off SFTP; Turn off X11 forwarding; #51 8 years ago
Evgeniy Ivanov 16627783f5 Minor updates to the sshd_config #51 8 years ago
Evgeniy Ivanov a1bf2ad5ef flush handlers after loopback configured 8 years ago
Evgeniy Ivanov 4f46cc221a Split the features role in two #49 8 years ago
Evgeniy Ivanov 95c43e2211 Split the features role in two #49 8 years ago
Dan Guido 2a8c1adb76 Update main.yml 8 years ago
Dan Guido f538ffe4e8 linting 8 years ago
jack 7a8d58783f Roles and Google cloud 8 years ago
jack fff70293f1 Roles enabled 8 years ago
Dan Guido e10b1b669f no reason to have roles yet 8 years ago
Dan Guido 041c6da9b0 fix what was here, script runs now 8 years ago
Dan Guido e8993b06dd initial commit 8 years ago