wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-08-02 19:03:04 +02:00
Code Issues Projects Releases Wiki Activity

Reorganize config.cfg

Browse source 
As per @davidemyers suggestions
This commit is contained in:
TC1977 2019-10-27 13:43:35 -04:00 committed by GitHub
parent 6253e944d3
commit d1fff030ab
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 42 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

80
config.cfg
View file

@ -9,39 +9,14 @@ users:
- laptop - laptop
- desktop - desktop
### Advanced users only below this line ### ### Review these options BEFORE you run Algo, as they are very difficult/impossible to change after the server is deployed.
# Store the PKI in a ram disk. Enabled only if store_pki (retain the PKI) is set to false
# Supports on MacOS and Linux only (including Windows Subsystem for Linux)
pki_in_tmpfs: true
# If True re-init all existing certificates. Boolean
keys_clean_all: False
# Deploy StrongSwan to enable IPsec support # Deploy StrongSwan to enable IPsec support
ipsec_enabled: true ipsec_enabled: true
# StrongSwan log level
# https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration
strongswan_log_level: 2
# rightsourceip for ipsec
# ipv4
strongswan_network: 10.19.48.0/24
# ipv6
strongswan_network_ipv6: 'fd9d:bc11:4020::/48'
# Deploy WireGuard # Deploy WireGuard
wireguard_enabled: true wireguard_enabled: true
wireguard_port: 51820 wireguard_port: 51820
# If you're behind NAT or a firewall and you want to receive incoming connections long after network traffic has gone silent.
# This option will keep the "connection" open in the eyes of NAT.
# See: https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence
wireguard_PersistentKeepalive: 0
# WireGuard network configuration
wireguard_network_ipv4: 10.19.49.0/24
wireguard_network_ipv6: fd9d:bc11:4021::/48
# Reduce the MTU of the VPN tunnel # Reduce the MTU of the VPN tunnel
# Some cloud and internet providers use a smaller MTU (Maximum Transmission # Some cloud and internet providers use a smaller MTU (Maximum Transmission
@ -66,6 +41,46 @@ adblock_lists:
# DNS encryption can not be disabled if DNS adblocking is enabled # DNS encryption can not be disabled if DNS adblocking is enabled
dns_encryption: true dns_encryption: true
# Block traffic between connected clients. Change this to false to enable
# connected clients to reach each other, as well as other computers on the
# same LAN as your Algo server (i.e. the "road warrior" setup). In this
# case, you may also want to enable SMB/CIFS and NETBIOS traffic below.
BetweenClients_DROP: true
# Block SMB/CIFS traffic
block_smb: true
# Block NETBIOS traffic
block_netbios: true
### Advanced users only below this line ###
# Store the PKI in a ram disk. Enabled only if store_pki (retain the PKI) is set to false
# Supports on MacOS and Linux only (including Windows Subsystem for Linux)
pki_in_tmpfs: true
# If True re-init all existing certificates. Boolean
keys_clean_all: False
# StrongSwan log level
# https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration
strongswan_log_level: 2
# rightsourceip for ipsec
# ipv4
strongswan_network: 10.19.48.0/24
# ipv6
strongswan_network_ipv6: 'fd9d:bc11:4020::/48'
# If you're behind NAT or a firewall and you want to receive incoming connections long after network traffic has gone silent.
# This option will keep the "connection" open in the eyes of NAT.
# See: https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence
wireguard_PersistentKeepalive: 0
# WireGuard network configuration
wireguard_network_ipv4: 10.19.49.0/24
wireguard_network_ipv6: fd9d:bc11:4021::/48
# DNS servers which will be used if 'dns_encryption' is 'true'. Multiple # DNS servers which will be used if 'dns_encryption' is 'true'. Multiple
# providers may be specified, but avoid mixing providers that filter results # providers may be specified, but avoid mixing providers that filter results
# (like Cisco) with those that don't (like Cloudflare) or you could get # (like Cisco) with those that don't (like Cloudflare) or you could get
@ -102,17 +117,6 @@ unattended_reboot:
enabled: false enabled: false
time: 06:00 time: 06:00
# Block traffic between connected clients. Change this to false to enable
# connected clients to reach each other, as well as other computers on the
# same LAN as your Algo server (i.e. the "road warrior" setup). In this
# case, you may also want to enable SMB/CIFS and NETBIOS traffic below.
BetweenClients_DROP: true
# Block SMB/CIFS traffic
block_smb: true
# Block NETBIOS traffic
block_netbios: true
congrats: congrats:
common: | common: |
@ -142,7 +146,7 @@ cloud_providers:
size: s-1vcpu-1gb size: s-1vcpu-1gb
image: "ubuntu-19-04-x64" image: "ubuntu-19-04-x64"
ec2: ec2:
# Change the encrypted flag to "true" to enable AWS volume encryption, for encryption of data at rest. # Change the encrypted flag to "false" to disable AWS volume encryption.
encrypted: true encrypted: true
# Set use_existing_eip to "true" if you want to use a pre-allocated Elastic IP # Set use_existing_eip to "true" if you want to use a pre-allocated Elastic IP
# Additional prompt will be raised to determine which IP to use # Additional prompt will be raised to determine which IP to use