mirror of
https://github.com/trailofbits/algo.git
synced 2025-08-02 19:03:04 +02:00
Reorganize config.cfg
As per @davidemyers suggestions
This commit is contained in:
TC1977
GitHub
parent
6253e944d3
commit
d1fff030ab
1 changed files with 42 additions and 38 deletions
80
config.cfg
80
config.cfg
|
|
@ -9,39 +9,14 @@ users:
|
|||
- laptop
|
||||
- desktop
|
||||
|
||||
### Advanced users only below this line ###
|
||||
|
||||
# Store the PKI in a ram disk. Enabled only if store_pki (retain the PKI) is set to false
|
||||
# Supports on MacOS and Linux only (including Windows Subsystem for Linux)
|
||||
pki_in_tmpfs: true
|
||||
|
||||
# If True re-init all existing certificates. Boolean
|
||||
keys_clean_all: False
|
||||
### Review these options BEFORE you run Algo, as they are very difficult/impossible to change after the server is deployed.
|
||||
|
||||
# Deploy StrongSwan to enable IPsec support
|
||||
ipsec_enabled: true
|
||||
|
||||
# StrongSwan log level
|
||||
# https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration
|
||||
strongswan_log_level: 2
|
||||
|
||||
# rightsourceip for ipsec
|
||||
# ipv4
|
||||
strongswan_network: 10.19.48.0/24
|
||||
# ipv6
|
||||
strongswan_network_ipv6: 'fd9d:bc11:4020::/48'
|
||||
|
||||
# Deploy WireGuard
|
||||
wireguard_enabled: true
|
||||
wireguard_port: 51820
|
||||
# If you're behind NAT or a firewall and you want to receive incoming connections long after network traffic has gone silent.
|
||||
# This option will keep the "connection" open in the eyes of NAT.
|
||||
# See: https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence
|
||||
wireguard_PersistentKeepalive: 0
|
||||
|
||||
# WireGuard network configuration
|
||||
wireguard_network_ipv4: 10.19.49.0/24
|
||||
wireguard_network_ipv6: fd9d:bc11:4021::/48
|
||||
|
||||
# Reduce the MTU of the VPN tunnel
|
||||
# Some cloud and internet providers use a smaller MTU (Maximum Transmission
|
||||
|
|
@ -66,6 +41,46 @@ adblock_lists:
|
|||
# DNS encryption can not be disabled if DNS adblocking is enabled
|
||||
dns_encryption: true
|
||||
|
||||
# Block traffic between connected clients. Change this to false to enable
|
||||
# connected clients to reach each other, as well as other computers on the
|
||||
# same LAN as your Algo server (i.e. the "road warrior" setup). In this
|
||||
# case, you may also want to enable SMB/CIFS and NETBIOS traffic below.
|
||||
BetweenClients_DROP: true
|
||||
|
||||
# Block SMB/CIFS traffic
|
||||
block_smb: true
|
||||
|
||||
# Block NETBIOS traffic
|
||||
block_netbios: true
|
||||
|
||||
### Advanced users only below this line ###
|
||||
|
||||
# Store the PKI in a ram disk. Enabled only if store_pki (retain the PKI) is set to false
|
||||
# Supports on MacOS and Linux only (including Windows Subsystem for Linux)
|
||||
pki_in_tmpfs: true
|
||||
|
||||
# If True re-init all existing certificates. Boolean
|
||||
keys_clean_all: False
|
||||
|
||||
# StrongSwan log level
|
||||
# https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration
|
||||
strongswan_log_level: 2
|
||||
|
||||
# rightsourceip for ipsec
|
||||
# ipv4
|
||||
strongswan_network: 10.19.48.0/24
|
||||
# ipv6
|
||||
strongswan_network_ipv6: 'fd9d:bc11:4020::/48'
|
||||
|
||||
# If you're behind NAT or a firewall and you want to receive incoming connections long after network traffic has gone silent.
|
||||
# This option will keep the "connection" open in the eyes of NAT.
|
||||
# See: https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence
|
||||
wireguard_PersistentKeepalive: 0
|
||||
|
||||
# WireGuard network configuration
|
||||
wireguard_network_ipv4: 10.19.49.0/24
|
||||
wireguard_network_ipv6: fd9d:bc11:4021::/48
|
||||
|
||||
# DNS servers which will be used if 'dns_encryption' is 'true'. Multiple
|
||||
# providers may be specified, but avoid mixing providers that filter results
|
||||
# (like Cisco) with those that don't (like Cloudflare) or you could get
|
||||
|
|
@ -102,17 +117,6 @@ unattended_reboot:
|
|||
enabled: false
|
||||
time: 06:00
|
||||
|
||||
# Block traffic between connected clients. Change this to false to enable
|
||||
# connected clients to reach each other, as well as other computers on the
|
||||
# same LAN as your Algo server (i.e. the "road warrior" setup). In this
|
||||
# case, you may also want to enable SMB/CIFS and NETBIOS traffic below.
|
||||
BetweenClients_DROP: true
|
||||
|
||||
# Block SMB/CIFS traffic
|
||||
block_smb: true
|
||||
|
||||
# Block NETBIOS traffic
|
||||
block_netbios: true
|
||||
|
||||
congrats:
|
||||
common: |
|
||||
|
|
@ -142,7 +146,7 @@ cloud_providers:
|
|||
size: s-1vcpu-1gb
|
||||
image: "ubuntu-19-04-x64"
|
||||
ec2:
|
||||
# Change the encrypted flag to "true" to enable AWS volume encryption, for encryption of data at rest.
|
||||
# Change the encrypted flag to "false" to disable AWS volume encryption.
|
||||
encrypted: true
|
||||
# Set use_existing_eip to "true" if you want to use a pre-allocated Elastic IP
|
||||
# Additional prompt will be raised to determine which IP to use
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue