wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-06-07 15:43:54 +02:00
Code Issues Projects Releases Wiki Activity

Let users choose the distro version #449 (#466)

Browse source 
Make dpdaction great again

add 1704 to travis

Make EC2 image name more convenient

modify apparmor profile
This commit is contained in:
Jack Ivanov 2017-04-22 23:06:10 +02:00 committed by Dan Guido
parent cbb8237a4c
commit c3fcfe5d0d
10 changed files with 30 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.travis.yml
View file

@ -31,6 +31,7 @@ before_cache:
env: env:
- LXC_NAME=ubuntu1604 LXC_DISTRO=ubuntu LXC_RELEASE=xenial - LXC_NAME=ubuntu1604 LXC_DISTRO=ubuntu LXC_RELEASE=xenial
- LXC_NAME=ubuntu1704 LXC_DISTRO=ubuntu LXC_RELEASE=zesty
install: install:
- sudo tar xf $HOME/lxc/cache.tar -C / || echo "Didn't extract cache." - sudo tar xf $HOME/lxc/cache.tar -C / || echo "Didn't extract cache."

10
config.cfg
View file

@ -61,10 +61,20 @@ SSH_keys:
cloud_providers: cloud_providers:
azure: azure:
size: Basic_A0 size: Basic_A0
image:
offer: UbuntuServer
publisher: Canonical
sku: '16.04-LTS' # 16.04-LTS
version: latest
digitalocean: digitalocean:
size: 512mb size: 512mb
image: "ubuntu-16-04-x64" # ubuntu-16-04-x64 / ubuntu-17-04-x64
ec2: ec2:
size: t2.micro size: t2.micro
image:
name: "ubuntu-zesty-17.04" # ubuntu-xenial-16.04 / ubuntu-zesty-17.04
owner: "099720109477"
gce: gce:
size: f1-micro size: f1-micro
image: ubuntu-1604 # ubuntu-1604 / ubuntu-1704
local: local:

6
roles/cloud-azure/tasks/main.yml
View file

@ -89,11 +89,7 @@
Environment: Algo Environment: Algo
ssh_public_keys: ssh_public_keys:
- { path: "/home/ubuntu/.ssh/authorized_keys", key_data: "{{ lookup('file', '{{ SSH_keys.public }}') }}" } - { path: "/home/ubuntu/.ssh/authorized_keys", key_data: "{{ lookup('file', '{{ SSH_keys.public }}') }}" }
image: image: "{{ cloud_providers.azure.image }}"
offer: UbuntuServer
publisher: Canonical
sku: '16.04-LTS'
version: latest
register: azure_rm_virtualmachine register: azure_rm_virtualmachine
# To-do: Add error handling - if vm_size requested is not available, can we fall back to another, ideally with a prompt? # To-do: Add error handling - if vm_size requested is not available, can we fall back to another, ideally with a prompt?

2
roles/cloud-digitalocean/tasks/main.yml
View file

@ -46,7 +46,7 @@
name: "{{ do_server_name }}" name: "{{ do_server_name }}"
region_id: "{{ do_region }}" region_id: "{{ do_region }}"
size_id: "{{ cloud_providers.digitalocean.size }}" size_id: "{{ cloud_providers.digitalocean.size }}"
image_id: "ubuntu-16-04-x64" image_id: "{{ cloud_providers.digitalocean.image }}"
ssh_key_ids: "{{ do_ssh_key.ssh_key.id }}" ssh_key_ids: "{{ do_ssh_key.ssh_key.id }}"
unique_name: yes unique_name: yes
api_token: "{{ do_token }}" api_token: "{{ do_token }}"

6
roles/cloud-ec2/tasks/main.yml
View file

@ -3,12 +3,12 @@
secret_key: "{{ aws_secret_key | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true) }}" secret_key: "{{ aws_secret_key | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true) }}"
stack_name: "{{ aws_server_name | replace('.', '-') }}" stack_name: "{{ aws_server_name | replace('.', '-') }}"
- name: Locate official Ubuntu 16.04 AMI for region - name: Locate official AMI for region
ec2_ami_find: ec2_ami_find:
aws_access_key: "{{ access_key }}" aws_access_key: "{{ access_key }}"
aws_secret_key: "{{ secret_key }}" aws_secret_key: "{{ secret_key }}"
name: "ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*" name: "ubuntu/images/hvm-ssd/{{ cloud_providers.ec2.image.name }}-amd64-server-*"
owner: 099720109477 owner: "{{ cloud_providers.ec2.image.owner }}"
sort: creationDate sort: creationDate
sort_order: descending sort_order: descending
sort_end: 1 sort_end: 1

2
roles/cloud-gce/tasks/main.yml
View file

@ -14,7 +14,7 @@
instance_names: "{{ server_name }}" instance_names: "{{ server_name }}"
zone: "{{ zone }}" zone: "{{ zone }}"
machine_type: "{{ cloud_providers.gce.size }}" machine_type: "{{ cloud_providers.gce.size }}"
image: ubuntu-1604 image: "{{ cloud_providers.gce.image }}"
service_account_email: "{{ service_account_email }}" service_account_email: "{{ service_account_email }}"
credentials_file: "{{ credentials_file_path }}" credentials_file: "{{ credentials_file_path }}"
project_id: "{{ project_id }}" project_id: "{{ project_id }}"

4
roles/dns_adblocking/tasks/main.yml
View file

@ -15,8 +15,6 @@
- include: freebsd.yml - include: freebsd.yml
when: ansible_distribution == 'FreeBSD' when: ansible_distribution == 'FreeBSD'
- meta: flush_handlers
- name: Dnsmasq configured - name: Dnsmasq configured
template: src=dnsmasq.conf.j2 dest="{{ config_prefix|default('/') }}etc/dnsmasq.conf" template: src=dnsmasq.conf.j2 dest="{{ config_prefix|default('/') }}etc/dnsmasq.conf"
notify: notify:
@ -37,5 +35,7 @@
shell: > shell: >
sudo -u dnsmasq "/usr/local/sbin/adblock.sh" sudo -u dnsmasq "/usr/local/sbin/adblock.sh"
- meta: flush_handlers
- name: Dnsmasq enabled and started - name: Dnsmasq enabled and started
service: name=dnsmasq state=started enabled=yes service: name=dnsmasq state=started enabled=yes

2
roles/dns_adblocking/templates/usr.sbin.dnsmasq.j2
View file

@ -15,6 +15,8 @@
/etc/dnsmasq.d/* r, /etc/dnsmasq.d/* r,
/var/lib/dnsmasq/ r, /var/lib/dnsmasq/ r,
/var/lib/dnsmasq/block.hosts r, /var/lib/dnsmasq/block.hosts r,
/etc/dnsmasq.d-available/ r,
/etc/dnsmasq.d-available/* r,
/usr/sbin/dnsmasq mr, /usr/sbin/dnsmasq mr,

5
roles/vpn/tasks/main.yml
View file

@ -15,6 +15,11 @@
- name: Install strongSwan - name: Install strongSwan
package: name=strongswan state=present package: name=strongswan state=present
- name: Get StrongSwan versions
shell: >
ipsec --versioncode | grep -oE "^U([0-9]*|\.)*" | sed "s/^U\|\.//g"
register: strongswan_version
- include: ipec_configuration.yml - include: ipec_configuration.yml
- include: openssl.yml - include: openssl.yml
- include: distribute_keys.yml - include: distribute_keys.yml

4
roles/vpn/templates/ipsec.conf.j2
View file

@ -5,7 +5,11 @@ config setup
conn %default conn %default
fragmentation=yes fragmentation=yes
rekey=no rekey=no
{% if strongswan_version.stdout is defined and strongswan_version.stdout > '550' %}
dpdaction=clear
{% else %}
dpdaction=none dpdaction=none
{% endif %}
keyexchange=ikev2 keyexchange=ikev2
compress=yes compress=yes
dpddelay=35s dpddelay=35s