wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-06-05 06:33:56 +02:00
Code Issues Projects Releases Wiki Activity

skip pre tasks in update-users (#1921)

Browse source
This commit is contained in:
Jack Ivanov 2020-12-08 10:23:24 +00:00 committed by GitHub
parent ebec20ed36
commit 8c560719a5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 13 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config.cfg
View file

@ -132,6 +132,8 @@ wireguard_network_ipv6: 2001:db8:a160::/48
local_service_ip: "{{ '172.16.0.1' | ipmath(1048573 | random(seed=algo_server_name + ansible_fqdn)) }}" local_service_ip: "{{ '172.16.0.1' | ipmath(1048573 | random(seed=algo_server_name + ansible_fqdn)) }}"
local_service_ipv6: "{{ 'fd00::1' | ipmath(1048573 | random(seed=algo_server_name + ansible_fqdn)) }}" local_service_ipv6: "{{ 'fd00::1' | ipmath(1048573 | random(seed=algo_server_name + ansible_fqdn)) }}"
# Hide sensetive data
no_log: true
congrats: congrats:
common: | common: |

4
playbooks/cloud-pre.yml
View file

@ -18,9 +18,9 @@
- name: Install the requirements - name: Install the requirements
pip: pip:
state: latest state: present
name: name:
- pyOpenSSL - pyOpenSSL>=0.15
- jinja2==2.8 - jinja2==2.8
- segno - segno
tags: tags:

4
roles/ssh_tunneling/tasks/main.yml
View file

@ -66,7 +66,7 @@
passphrase: "{{ p12_export_password }}" passphrase: "{{ p12_export_password }}"
cipher: aes256 cipher: aes256
force: false force: false
no_log: true no_log: "{{ no_log|bool }}"
when: not item.stat.exists when: not item.stat.exists
with_items: "{{ privatekey.results }}" with_items: "{{ privatekey.results }}"
register: openssl_privatekey register: openssl_privatekey
@ -78,7 +78,7 @@
privatekey_passphrase: "{{ p12_export_password }}" privatekey_passphrase: "{{ p12_export_password }}"
format: OpenSSH format: OpenSSH
force: true force: true
no_log: true no_log: "{{ no_log|bool }}"
when: item.changed when: item.changed
with_items: "{{ openssl_privatekey.results }}" with_items: "{{ openssl_privatekey.results }}"

2
roles/strongswan/tasks/client_configs.yml
View file

@ -23,7 +23,7 @@
with_together: with_together:
- "{{ users }}" - "{{ users }}"
- "{{ PayloadContent.results }}" - "{{ PayloadContent.results }}"
no_log: True no_log: "{{ no_log|bool }}"
- name: Build the client ipsec config file - name: Build the client ipsec config file
template: template:

6
roles/wireguard/tasks/keys.yml
View file

@ -23,7 +23,7 @@
dest: "{{ wireguard_pki_path }}/private/{{ item['item'] }}" dest: "{{ wireguard_pki_path }}/private/{{ item['item'] }}"
content: "{{ item['stdout'] }}" content: "{{ item['stdout'] }}"
mode: "0600" mode: "0600"
no_log: true no_log: "{{ no_log|bool }}"
when: item.changed when: item.changed
with_items: "{{ wg_genkey['results'] }}" with_items: "{{ wg_genkey['results'] }}"
delegate_to: localhost delegate_to: localhost
@ -62,7 +62,7 @@
dest: "{{ wireguard_pki_path }}/preshared/{{ item['item'] }}" dest: "{{ wireguard_pki_path }}/preshared/{{ item['item'] }}"
content: "{{ item['stdout'] }}" content: "{{ item['stdout'] }}"
mode: "0600" mode: "0600"
no_log: true no_log: "{{ no_log|bool }}"
when: item.changed when: item.changed
with_items: "{{ wg_genpsk['results'] }}" with_items: "{{ wg_genpsk['results'] }}"
delegate_to: localhost delegate_to: localhost
@ -95,7 +95,7 @@
dest: "{{ wireguard_pki_path }}/public/{{ item['item'] }}" dest: "{{ wireguard_pki_path }}/public/{{ item['item'] }}"
content: "{{ item['stdout'] }}" content: "{{ item['stdout'] }}"
mode: "0600" mode: "0600"
no_log: true no_log: "{{ no_log|bool }}"
with_items: "{{ wg_pubkey['results'] }}" with_items: "{{ wg_pubkey['results'] }}"
delegate_to: localhost delegate_to: localhost
become: false become: false

2
tests/ca-password-fix.sh
View file

@ -4,7 +4,7 @@
set -ex set -ex
DEPLOY_ARGS="provider=local server=10.0.8.100 ssh_user=ubuntu endpoint=10.0.8.100 ondemand_cellular=true ondemand_wifi=true ondemand_wifi_exclude=test dns_adblocking=true ssh_tunneling=true store_pki=true install_headers=false tests=true local_service_ip=172.16.0.1" DEPLOY_ARGS="provider=local server=10.0.8.100 ssh_user=ubuntu endpoint=10.0.8.100 ondemand_cellular=true ondemand_wifi=true ondemand_wifi_exclude=test dns_adblocking=true ssh_tunneling=true store_pki=true install_headers=false tests=true local_service_ip=172.16.0.1 no_log=false"
CA_PASSWORD="test123" CA_PASSWORD="test123"

2
tests/local-deploy.sh
View file

@ -2,7 +2,7 @@
set -ex set -ex
DEPLOY_ARGS="provider=local server=10.0.8.100 ssh_user=ubuntu endpoint=10.0.8.100 ondemand_cellular=true ondemand_wifi=true ondemand_wifi_exclude=test dns_adblocking=true ssh_tunneling=true store_pki=true install_headers=false tests=true local_service_ip=172.16.0.1" DEPLOY_ARGS="provider=local server=10.0.8.100 ssh_user=ubuntu endpoint=10.0.8.100 ondemand_cellular=true ondemand_wifi=true ondemand_wifi_exclude=test dns_adblocking=true ssh_tunneling=true store_pki=true install_headers=false tests=true local_service_ip=172.16.0.1 no_log=false"
if [ "${DEPLOY}" == "docker" ] if [ "${DEPLOY}" == "docker" ]
then then

2
tests/update-users.sh
View file

@ -2,7 +2,7 @@
set -ex set -ex
USER_ARGS="{ 'server': '10.0.8.100', 'users': ['desktop', 'user1', 'user2'], 'local_service_ip': '172.16.0.1' }" USER_ARGS="{ 'server': '10.0.8.100', 'users': ['desktop', 'user1', 'user2'], 'local_service_ip': '172.16.0.1', 'no_log': false }"
if [ "${DEPLOY}" == "docker" ] if [ "${DEPLOY}" == "docker" ]
then then