wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-08-14 08:43:01 +02:00
Code Issues Projects Releases Wiki Activity
878 commits 4 branches 2 tags 12 MiB
Commit graph

878 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jack Ivanov
b537d60277 Revert "Update dnscrypt-proxy.toml.j2 (#1022)" (#1030) 
This reverts commit e6281bc7df.
 2018-07-20 09:48:59 +03:00
adamluk
260168bf47 Update dnscrypt-proxy.toml.j2 (#1022) 2018-07-12 17:03:36 +03:00
TC1977
7d51a6c8a2 Update deploy-to-ubuntu.md (#1019) 
* Update deploy-to-ubuntu.md

rewrite of #813

* Update deploy-to-ubuntu.md
 2018-07-03 10:02:54 -04:00
Jack Ivanov
e797432424 Move max_mss to config.cfg (#1015) 
* Move max_mss to config.cfg

* Add docs about max_mss

* Update troubleshooting.md
 2018-07-03 09:06:45 +03:00
Jack Ivanov
481cef4e65 apt_repository fix (#1017) 2018-07-02 16:33:31 +03:00
Jack Ivanov
6f93cdf278 New default cipher suite (#991) 
* New ciphers enabled

* Update CHANGELOG.md

* Switch ecparam to secp384r1

* Change CertificateType to ECDSA384
 2018-06-27 11:22:45 -04:00
Jack Ivanov
43be479f55 Move DNSCrypt proxy fallback_resolver to systemd resolved (#1011) 2018-06-26 13:11:09 +03:00
Mikael Forsgren
9676e0e38f New Google Cloud Region (#1013) 
Added the new Google Cloud Region Finland (europe-north1) with 3 zones
 2018-06-26 13:01:45 +03:00
Emir Beganović
2b84bd3ee6 Remove duplicate dict key (enable_ipv6) (#999) 
Warning in yaml file:
` [WARNING]: While constructing a mapping from /root/algo/roles/cloud-scaleway/tasks/main.yml, line 73, column 11, found a duplicate dict key (enable_ipv6). Using last defined value only.`
 2018-06-25 13:40:51 +03:00
TC1977
12d5c7ce0f Update troubleshooting.md (#992) 
Many times people are reaching VPC limits not because they're running other VPCs on AWS, but because they've already deployed several times (AWS allows five VPCs per region). This lets people know they can simply delete their old VPCs instead of contacting AWS support.
 2018-06-04 11:09:01 -04:00
Jack Ivanov
d50073e73b Test fixes 2018-06-01 17:41:30 +03:00
Jack Ivanov
4ba3d55172 WireGuard: disable SaveConfig, update-users fix (#985) 
- Disables SaveConfig. SaveConfig totally breaks the idea of configuration management and it breaks update-users
- WireGuard update-users fix. Mentioned in https://github.com/trailofbits/algo/issues/980#issuecomment-393720561
 2018-06-01 10:06:03 -04:00
Jack Ivanov
cefbd22b45 TravisCI fixes 2018-05-31 23:08:32 +03:00
Jack Ivanov
e8dcd01513 Update CHANGELOG.md 2018-05-30 17:17:08 +03:00
Jack Ivanov
5c577d86ae Update references to 18.04 2018-05-30 17:11:32 +03:00
Jack Ivanov
5f1a733dcc explicit installation of linux headers (#975) 2018-05-29 21:43:06 -07:00
Jack Ivanov
9a43a089fd Scaleway: enable ipv6 and switch to local boot (#974) 
- Enables IPv6 on Scaleway
- Adds local boot on scaleway
- Fixes #966
 2018-05-28 12:16:06 -07:00
Jack Ivanov
433874924c Extra line and better DNS configuration for WireGuard (#968) 
- Adds an extra line after the if statement. Jinja2 trims such blocks by default in Ansible. Fixes #965
- More appropriate way to configure DNS servers
- Removes `DNS` option from the wireguard server config
- Fixes dnscrypt-proxy restart
 2018-05-25 10:37:13 -07:00
Paul Kehrer
042d6525c5 fix faq entry about cryptography build failure (#967) 2018-05-25 06:02:16 -07:00
Jack Ivanov
d4a50c687e Add WireGuard support for Android (#910) 
* WireGuard Implementation

* Update client-android.md

* Update README.md

* WireGuard unattended upgrades

* Update README.md

* reload-module-on-update and syntax fix

* SaveConfig to true

* Azure firewall. Fixes #962

* Update README.md

* Update client-android.md
 2018-05-24 08:15:27 -07:00
Jack Ivanov
9959eab0db Ubuntu1804 (#925) 
- Fixes #897 #944 #956

Work in progress. Lightsail is not ready for Ubuntu 18.04 yet

- [x] DigitalOcean
~~- [ ] Amazon Lightsail~~
- [x] Amazon EC2
- [x] Microsoft Azure
- [x] Google Compute Engine
- [x] Scaleway
- [x] OpenStack (DreamCompute optimised)
 2018-05-24 07:08:14 -07:00
Evgeny Aleksandrov
0df4314a4f Remove algo_params (#961) 2018-05-24 09:01:26 +03:00
Evgeny Aleksandrov
7ad53dbb13 Fix typo (#960) 2018-05-24 09:00:38 +03:00
Stijn Balk
9cb796ac95 Update GCP regions (#957) 
* Update GCP regions according to https://cloud.google.com/compute/docs/regions-zones/

* Update GCP regions according to https://cloud.google.com/compute/docs/regions-zones/

* set default back to belgium B
 2018-05-23 09:17:10 -07:00
Alexey Bogomolov
93c98d85d4 fix requirements.txt SecretStorage version (#914) 
Related to issue #877. Latest SecretStorage build requires Python '>=3.5' but Algo is running on Python 2
 2018-05-18 12:35:56 +03:00
Jack Ivanov
5c276a77f2 Move to LXD (#935) 2018-05-10 09:03:05 +03:00
TC1977
42e4fe0ff3 Update config.cfg (#936) 
Fix typos - this puzzled me when I was attempting to install algo with dnscrypt last week.
 2018-05-09 13:14:31 -07:00
pguizeline
0244cb3150 Fix line spacing to improve readability (#932) 
Keeping the organized spacing
 2018-05-09 11:25:14 -07:00
pguizeline
f8bd91141a Update README.md (#931) 
- Adds missing providers to the documentation with links.
- Mentions that your own server install needs to be an Ubuntu 16.04 LTS distro
- Emphasize that the p12 certificate password will only be available once
 2018-05-08 13:57:21 -07:00
Jack Ivanov
13e73757c0 IPv6 fixes (#930) 2018-05-08 13:55:17 -07:00
pguizeline
65c3b9bbaa Add new Azure locations (#929) 
Reorganized and added new locations.
https://azure.microsoft.com/en-us/global-infrastructure/locations/
https://azure.microsoft.com/en-us/global-infrastructure/services/
 2018-05-08 13:07:27 -07:00
pguizeline
e10b377b6a Add new EC2 regions (#928) 
Adds new EC2 regions according to:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions
 2018-05-08 13:07:06 -07:00
Jack Ivanov
e32dde1924 Increase SSH retries (#909) 2018-05-03 16:04:39 +03:00
Jack Ivanov
5060b53a23 Typo 2018-04-30 09:29:43 +03:00
Brian Hulette
4685f17651 Don't download minisig dnscrypt release (#905) 2018-04-29 10:32:10 -07:00
adamluk
9a6b43e8b8 Update dnscrypt-proxy.toml.j2 (#899) 
Updated dnscrypt-proxy.tml with new options: cache_neg_min_ttl and cache_neg_max_ttl
 2018-04-27 07:29:29 -07:00
Jack Ivanov
a2fac7409a DNS-crypt changelog 2018-04-27 10:06:51 +03:00
Dan Guido
12d0365b0a monkey patch problematic dnscrypt-proxy cgroup limits (#894) 2018-04-25 15:32:50 -07:00
Jack Ivanov
36f0e30930 DNS-over-HTTPS (#875) 2018-04-25 12:27:58 -07:00
Steven Crossan
3a46aab494 Update DO doc link in README.md (#890) 2018-04-24 19:42:23 -07:00
Jack Ivanov
cc4319e3e7 Add ipv6 address to subjectAltName if supported (#881) 
CHANGELOG

Some changes

Some changes
 2018-04-23 16:06:34 -07:00
Matt Behrens
a8b64af7f9 skip virtualenv check if already activated (#863) 
This allows the user to choose their virtualenv method, e.g.
[Pipenv](https://docs.pipenv.org/).
 2018-04-23 16:03:24 -07:00
Cat Jones
1a5837023c adds DigitalOcean documentation (#869) 2018-04-23 15:58:40 -07:00
iliyan jeliazkov
fdca5a6d9a Updating the language of the instructions (#880) 2018-04-18 22:10:03 -04:00
Anton T Johansson
12e917ed3a Fixed path in Network Manager section (#860) 
"configs" directory missing in paths.
 2018-03-29 17:33:18 -04:00
Micah R Ledbetter
a0a2346077 Add a workaround for disabling DNS filtering to the FAQ (#852) 
* Add a workaround for disabling DNS filtering to the FAQ

* Update faq.md
 2018-03-28 11:24:20 -07:00
Micah R Ledbetter
0e1cfa301f Embed certs into Windows deployment scripts (#840) 
- Obviate need to copy separate script and certificate files
- Allow execution from any directory, not just the script's parent
  directory (no assumption of any particular working directory)
- Fix docs that neglected to mention copying cacert.pem
- Fix docs that incorrectly referred to the user cert store

As part of this work, rewrite the windows_client.ps1.j2 deployment
script template

- Add comment-based help
- Require admin privileges
- Use a Param() block
- Use parameter sets with -Add and -Remove switches
- Add the -GetInstalledCerts switch, to list any Algo certificates
  installed the machine's cert store
- Add the -SaveCerts switch, to save the embedded certificates to files
- Put Jinja2 variables inside Powershell variables,
- Use native Powershell cmdlets rather than shell out to certutil.exe
- Add a playbook to regenerate the windows_USER.ps1 scripts
 2018-03-28 11:20:43 -07:00
Micah R Ledbetter
f7be150f3b Add FAQ entry regarding IPSEC backdoor (#460) (#853) 2018-03-28 11:20:17 -07:00
Micah R Ledbetter
a34401525a Document iptables rules (#854) 
* Remove firewall rule related to the old proxy role

* Remove proxy conditionals from mobileconfig template

* Add comments explaining firewall rules
 2018-03-28 11:17:56 -07:00
Arun John Kuruvilla
88b419e12b Removed ssh_public_key variable for AWS. Issue #773 (#817) 2018-03-27 21:53:13 +03:00