wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-06-10 09:03:58 +02:00
Code Issues Projects Releases Wiki Activity
872 commits 5 branches 2 tags 10 MiB
Commit graph

44 commits

Author SHA1 Message Date
Luvpreet Singh
6233642c66 fix(update-users): changed generate p12 password task (#1289) 
Changed task's module to generic python format for python2 and python3.
 2019-01-25 16:36:44 -05:00
Jack Ivanov
7a6daff1ff IPv6 fix (#1302) 2019-01-18 23:39:08 -05:00
David Myers
5981bb9cad Replace 'max_mss' with 'reduce_mtu' (#1253) 2018-12-20 09:21:04 -05:00
Jack Ivanov
955a986c21
IPv6 forwarding fixes (#1256) 2018-12-18 13:59:25 +01:00
Federico G. Schwindt
a4f2c97fd2 Fix ipv4 address missing on reboot (#1245) 2018-12-10 06:57:15 +01:00
Jack Ivanov
45b00ee994
BSD StrongSwan fixes (#1207) 2018-11-20 19:20:24 +01:00
Jack Ivanov
dbd68aa97d WireGuard BSD (#1083) 
* WireGuard BSD

* Remove unneeded config option

* Enable PersistentKeepalive for NAT and Firewall Traversal Persistence

* Install dnscrypt-proxy from repositories
 2018-09-27 04:18:12 -04:00
Jack Ivanov
eb2224cde1
install generic linux headers (#1124) 2018-09-21 20:05:11 +03:00
David Myers
d95df710a5 Add an unattended reboot option (#1082) 2018-09-02 15:26:06 -04:00
Jack Ivanov
e8947f318b Large refactor to support Ansible 2.5 (#976) 
* Refactoring, booleans declaration and update users fix

* Make server_name more FQDN compatible

* Rename variables

* Define the default value for store_cakey

* Skip a prompt about the SSH user if deploying to localhost

* Disable reboot for non-cloud deployments

* Enable EC2 volume encryption by default

* Add default server value (localhost) for the local installation

Delete empty files

* Add default region to aws_region_facts

* Update docs

* EC2 credentials fix

* Warnings fix

* Update deploy-from-ansible.md

* Fix a typo

* Remove lightsail from the docs

* Disable EC2 encryption by default

* rename droplet to server

* Disable dependencies

* Disable tls_cipher_suite

* Convert wifi-exclude to a string. Update-users fix

* SSH access congrats fix

* 16.04 > 18.04

* Dont ask for the credentials if specified in the environment vars

* GCE server name fix
 2018-08-27 10:05:45 -04:00
Jack Ivanov
b061df6631
Move DNSCrypt proxy fallback_resolver to systemd resolved (#1011) 2018-06-26 13:11:09 +03:00
Jack Ivanov
aee043977f explicit installation of linux headers (#975) 2018-05-29 21:43:06 -07:00
Jack Ivanov
d56f50180b Extra line and better DNS configuration for WireGuard (#968) 
- Adds an extra line after the if statement. Jinja2 trims such blocks by default in Ansible. Fixes #965
- More appropriate way to configure DNS servers
- Removes `DNS` option from the wireguard server config
- Fixes dnscrypt-proxy restart
 2018-05-25 10:37:13 -07:00
Jack Ivanov
3488e660ad Add WireGuard support for Android (#910) 
* WireGuard Implementation

* Update client-android.md

* Update README.md

* WireGuard unattended upgrades

* Update README.md

* reload-module-on-update and syntax fix

* SaveConfig to true

* Azure firewall. Fixes #962

* Update README.md

* Update client-android.md
 2018-05-24 08:15:27 -07:00
Jack Ivanov
d27b849f24 Ubuntu1804 (#925) 
- Fixes #897 #944 #956

Work in progress. Lightsail is not ready for Ubuntu 18.04 yet

- [x] DigitalOcean
~~- [ ] Amazon Lightsail~~
- [x] Amazon EC2
- [x] Microsoft Azure
- [x] Google Compute Engine
- [x] Scaleway
- [x] OpenStack (DreamCompute optimised)
 2018-05-24 07:08:14 -07:00
Jack Ivanov
c82bd8c5ff DNS-over-HTTPS (#875) 2018-04-25 12:27:58 -07:00
Jack Ivanov
02427910de Ansible 2.4, Lightsail, Scaleway, DreamCompute (OpenStack) integration (#804) 
* Move to ansible-2.4.3

* Add Lightsail support #623

* Fixing the EC2 deployment

* Scaleway integration #623

* OpenStack cloud provider (DreamCompute optimised) #623

* Remove the security role

* Enable unattended-upgrades for clouds

* New requirements to make Azure and GCE work
 2018-03-02 07:55:54 -05:00
Jack Ivanov
4da752b603 Ubuntu 17.10 support (#811) 2018-02-24 14:17:34 +01:00
Jack Ivanov
a844870b7a Sendmail should not be installed (#738) 2017-11-22 09:15:43 -05:00
Jack Ivanov
bd348af9c2 Implementing blocks and additional fail hints #487 (#497) 
change the troubleshooting url
 2017-04-29 10:48:25 -04:00
Jack Ivanov
6e61a51aca rewrite the sysctl task 2017-04-04 17:02:11 +02:00
Jack Ivanov
c0f4b5fa41 Enable default values if the role is skipped #313 2017-04-04 16:57:39 +02:00
Jack Ivanov
6facb6cb4f FreeBSD / HardenedBSD (#262) 
* FreeBSD draft

ifconfig fix

Pre-tasks fixes

fix hardcoded IP

some refactoring

disable system-based tags

disable freebsd tags

FreeBSD vpn role

add defaults

ssh role freebsd

default fix

dns_adblocking freebsd

ubuntu dict fix

* HardenedBSD

update-users BSD

* Rebuild the kernel

docs changing
 2017-03-18 12:22:07 +03:00
Jack Ivanov
2798f84d3f ensure that apparmor is supported by the kernel #215 2017-01-16 00:19:57 +03:00
Jack Ivanov
a50a396b94 addtiional fixes 2017-01-11 20:55:44 +03:00
Jack Ivanov
03c805cb87 reorganize the wait_for functions #159 2016-12-13 21:58:45 +03:00
Kevin Cernekee
433389c0ab Use /var/run/reboot-required to determine if a restart is needed 
The current check only looks to see if a new kernel was installed.
 2016-11-06 09:45:39 -08:00
Kevin Cernekee
09bbc4058c Add missing tags in common playbook 
If the common playbook is invoked with the "cloud" tag, non-cloud
tasks will be skipped.  On GCE this causes "Install tools" to be skipped,
apparmor-utils is not installed, and then the "Enforcing ipsec with
apparmor" step fails.
 2016-11-06 09:45:34 -08:00
Jack Ivanov
d052cb8e77 skip-tags added. Fixed #121 2016-10-28 21:00:11 +03:00
Jack Ivanov
ddcee8db18 logging fixes 2016-08-28 23:07:45 +03:00
Jack Ivanov
05df4f0c04 unattended-upgrades moved to the security role 2016-08-28 22:11:39 +03:00
Jack Ivanov
00e4bcc1ec security role and SSH fixes #77 2016-08-26 00:35:07 +03:00
Dan Guido
27421070b9 linting 2016-08-24 09:22:04 +02:00
Evgeniy Ivanov
09c39627d9 Memory limits #63 2016-08-22 23:01:43 +03:00
Evgeniy Ivanov
e6090b8245 forwarding #61 2016-08-21 12:51:58 +03:00
Evgeniy Ivanov
16627783f5 Minor updates to the sshd_config #51 2016-08-18 21:35:47 +03:00
Evgeniy Ivanov
a1bf2ad5ef flush handlers after loopback configured 2016-08-18 11:22:06 +03:00
Evgeniy Ivanov
95c43e2211 Split the features role in two #49 2016-08-17 23:26:17 +03:00
Dan Guido
2a8c1adb76 Update main.yml 2016-08-16 23:31:20 -04:00
Dan Guido
f538ffe4e8 linting 2016-08-15 23:32:44 -04:00
jack
fff70293f1 Roles enabled 2016-08-11 11:54:34 +03:00
Dan Guido
e10b1b669f no reason to have roles yet 2016-05-15 11:06:03 -04:00
Dan Guido
041c6da9b0 fix what was here, script runs now 2016-05-15 11:02:13 -04:00
Dan Guido
e8993b06dd initial commit 2016-05-14 23:43:37 -04:00