wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-08-14 00:33:02 +02:00
Code Issues Projects Releases Wiki Activity
892 commits 4 branches 2 tags 12 MiB
Commit graph

892 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jack Ivanov
c8041d7ddd Update CHANGELOG.md 2018-08-27 19:01:59 +03:00
Jack Ivanov
d78312dfd6 Update CHANGELOG.md 2018-08-27 19:00:32 +03:00
Jack Ivanov
a6c5738c4d Update CHANGELOG.md 2018-08-27 17:29:16 +03:00
Jack Ivanov
344d3147d6 Update CHANGELOG.md 2018-08-27 17:28:02 +03:00
Jack Ivanov
1646676ddb Large refactor to support Ansible 2.5 (#976) 
* Refactoring, booleans declaration and update users fix

* Make server_name more FQDN compatible

* Rename variables

* Define the default value for store_cakey

* Skip a prompt about the SSH user if deploying to localhost

* Disable reboot for non-cloud deployments

* Enable EC2 volume encryption by default

* Add default server value (localhost) for the local installation

Delete empty files

* Add default region to aws_region_facts

* Update docs

* EC2 credentials fix

* Warnings fix

* Update deploy-from-ansible.md

* Fix a typo

* Remove lightsail from the docs

* Disable EC2 encryption by default

* rename droplet to server

* Disable dependencies

* Disable tls_cipher_suite

* Convert wifi-exclude to a string. Update-users fix

* SSH access congrats fix

* 16.04 > 18.04

* Dont ask for the credentials if specified in the environment vars

* GCE server name fix
 2018-08-27 10:05:45 -04:00
Josh Dimarsky
e3304c8339 Fixed broken link; clarified example docker command (#1064) 2018-08-24 11:42:59 +03:00
Jack Ivanov
c661c76e54 Split up unattended upgrades (#1041) 2018-08-08 00:25:59 -04:00
David Myers
15b24f79f8 Prevent DNS rebinding (#1049) 2018-08-08 00:25:33 -04:00
Quentin Moss
f6cf0e6c01 Update documentation link (#1043) 2018-07-30 10:28:14 -04:00
Fabian Foerg
4307d4298e Run dnsmasq as the dnsmasq user (#1029) 
* Run dnsmasq as the dnsmasq user

There is a task that checks whether the dnsmasq user exists.
However, dnsmasq is configured to run as user "nobody" instead.
This change lets dnsmasq run as user "dnsmasq".

* remove dnsmasq user task
 2018-07-30 09:01:49 -04:00
Quentin Moss
609594ab85 Update troubleshooting docs to include iOS reconnection loop (#1042) 
* Update troubleshooting docs to include iOS reconnection loop

* nits
 2018-07-30 09:01:03 -04:00
bghost
5df6943e62 Update PPA for dnscrypt-proxy to 'bionic' (#1039) 2018-07-30 08:56:01 +03:00
Mike Myers
9ff16336ee Amazon ec2 documentation (#1035) 
* Add link to documentation on Amazon EC2 setup

* Add images to document the AWS EC2 account setup

* Create AWS EC2 setup instructions

* remove line breaks

* remove line breaks

* Add images documenting AWS EC2 policy creation

* Update image showing advised minimum AWS policy

* Add instructions for minimum AWS permission policy

* Delete aws-ec2-attach-policy.png

* Updated image to reflect new AWS policy guidance

* Delete aws-ec2-new-user-confirm.png

* Updated image to reflect new AWS policy guidance
 2018-07-22 17:58:09 -04:00
Jack Ivanov
e1d34daa9b Explicitly allow traffic between clients if enabled (#1028) 2018-07-20 10:31:27 -04:00
Jack Ivanov
b537d60277 Revert "Update dnscrypt-proxy.toml.j2 (#1022)" (#1030) 
This reverts commit e6281bc7df.
 2018-07-20 09:48:59 +03:00
adamluk
260168bf47 Update dnscrypt-proxy.toml.j2 (#1022) 2018-07-12 17:03:36 +03:00
TC1977
7d51a6c8a2 Update deploy-to-ubuntu.md (#1019) 
* Update deploy-to-ubuntu.md

rewrite of #813

* Update deploy-to-ubuntu.md
 2018-07-03 10:02:54 -04:00
Jack Ivanov
e797432424 Move max_mss to config.cfg (#1015) 
* Move max_mss to config.cfg

* Add docs about max_mss

* Update troubleshooting.md
 2018-07-03 09:06:45 +03:00
Jack Ivanov
481cef4e65 apt_repository fix (#1017) 2018-07-02 16:33:31 +03:00
Jack Ivanov
6f93cdf278 New default cipher suite (#991) 
* New ciphers enabled

* Update CHANGELOG.md

* Switch ecparam to secp384r1

* Change CertificateType to ECDSA384
 2018-06-27 11:22:45 -04:00
Jack Ivanov
43be479f55 Move DNSCrypt proxy fallback_resolver to systemd resolved (#1011) 2018-06-26 13:11:09 +03:00
Mikael Forsgren
9676e0e38f New Google Cloud Region (#1013) 
Added the new Google Cloud Region Finland (europe-north1) with 3 zones
 2018-06-26 13:01:45 +03:00
Emir Beganović
2b84bd3ee6 Remove duplicate dict key (enable_ipv6) (#999) 
Warning in yaml file:
` [WARNING]: While constructing a mapping from /root/algo/roles/cloud-scaleway/tasks/main.yml, line 73, column 11, found a duplicate dict key (enable_ipv6). Using last defined value only.`
 2018-06-25 13:40:51 +03:00
TC1977
12d5c7ce0f Update troubleshooting.md (#992) 
Many times people are reaching VPC limits not because they're running other VPCs on AWS, but because they've already deployed several times (AWS allows five VPCs per region). This lets people know they can simply delete their old VPCs instead of contacting AWS support.
 2018-06-04 11:09:01 -04:00
Jack Ivanov
d50073e73b Test fixes 2018-06-01 17:41:30 +03:00
Jack Ivanov
4ba3d55172 WireGuard: disable SaveConfig, update-users fix (#985) 
- Disables SaveConfig. SaveConfig totally breaks the idea of configuration management and it breaks update-users
- WireGuard update-users fix. Mentioned in https://github.com/trailofbits/algo/issues/980#issuecomment-393720561
 2018-06-01 10:06:03 -04:00
Jack Ivanov
cefbd22b45 TravisCI fixes 2018-05-31 23:08:32 +03:00
Jack Ivanov
e8dcd01513 Update CHANGELOG.md 2018-05-30 17:17:08 +03:00
Jack Ivanov
5c577d86ae Update references to 18.04 2018-05-30 17:11:32 +03:00
Jack Ivanov
5f1a733dcc explicit installation of linux headers (#975) 2018-05-29 21:43:06 -07:00
Jack Ivanov
9a43a089fd Scaleway: enable ipv6 and switch to local boot (#974) 
- Enables IPv6 on Scaleway
- Adds local boot on scaleway
- Fixes #966
 2018-05-28 12:16:06 -07:00
Jack Ivanov
433874924c Extra line and better DNS configuration for WireGuard (#968) 
- Adds an extra line after the if statement. Jinja2 trims such blocks by default in Ansible. Fixes #965
- More appropriate way to configure DNS servers
- Removes `DNS` option from the wireguard server config
- Fixes dnscrypt-proxy restart
 2018-05-25 10:37:13 -07:00
Paul Kehrer
042d6525c5 fix faq entry about cryptography build failure (#967) 2018-05-25 06:02:16 -07:00
Jack Ivanov
d4a50c687e Add WireGuard support for Android (#910) 
* WireGuard Implementation

* Update client-android.md

* Update README.md

* WireGuard unattended upgrades

* Update README.md

* reload-module-on-update and syntax fix

* SaveConfig to true

* Azure firewall. Fixes #962

* Update README.md

* Update client-android.md
 2018-05-24 08:15:27 -07:00
Jack Ivanov
9959eab0db Ubuntu1804 (#925) 
- Fixes #897 #944 #956

Work in progress. Lightsail is not ready for Ubuntu 18.04 yet

- [x] DigitalOcean
~~- [ ] Amazon Lightsail~~
- [x] Amazon EC2
- [x] Microsoft Azure
- [x] Google Compute Engine
- [x] Scaleway
- [x] OpenStack (DreamCompute optimised)
 2018-05-24 07:08:14 -07:00
Evgeny Aleksandrov
0df4314a4f Remove algo_params (#961) 2018-05-24 09:01:26 +03:00
Evgeny Aleksandrov
7ad53dbb13 Fix typo (#960) 2018-05-24 09:00:38 +03:00
Stijn Balk
9cb796ac95 Update GCP regions (#957) 
* Update GCP regions according to https://cloud.google.com/compute/docs/regions-zones/

* Update GCP regions according to https://cloud.google.com/compute/docs/regions-zones/

* set default back to belgium B
 2018-05-23 09:17:10 -07:00
Alexey Bogomolov
93c98d85d4 fix requirements.txt SecretStorage version (#914) 
Related to issue #877. Latest SecretStorage build requires Python '>=3.5' but Algo is running on Python 2
 2018-05-18 12:35:56 +03:00
Jack Ivanov
5c276a77f2 Move to LXD (#935) 2018-05-10 09:03:05 +03:00
TC1977
42e4fe0ff3 Update config.cfg (#936) 
Fix typos - this puzzled me when I was attempting to install algo with dnscrypt last week.
 2018-05-09 13:14:31 -07:00
pguizeline
0244cb3150 Fix line spacing to improve readability (#932) 
Keeping the organized spacing
 2018-05-09 11:25:14 -07:00
pguizeline
f8bd91141a Update README.md (#931) 
- Adds missing providers to the documentation with links.
- Mentions that your own server install needs to be an Ubuntu 16.04 LTS distro
- Emphasize that the p12 certificate password will only be available once
 2018-05-08 13:57:21 -07:00
Jack Ivanov
13e73757c0 IPv6 fixes (#930) 2018-05-08 13:55:17 -07:00
pguizeline
65c3b9bbaa Add new Azure locations (#929) 
Reorganized and added new locations.
https://azure.microsoft.com/en-us/global-infrastructure/locations/
https://azure.microsoft.com/en-us/global-infrastructure/services/
 2018-05-08 13:07:27 -07:00
pguizeline
e10b377b6a Add new EC2 regions (#928) 
Adds new EC2 regions according to:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions
 2018-05-08 13:07:06 -07:00
Jack Ivanov
e32dde1924 Increase SSH retries (#909) 2018-05-03 16:04:39 +03:00
Jack Ivanov
5060b53a23 Typo 2018-04-30 09:29:43 +03:00
Brian Hulette
4685f17651 Don't download minisig dnscrypt release (#905) 2018-04-29 10:32:10 -07:00
adamluk
9a6b43e8b8 Update dnscrypt-proxy.toml.j2 (#899) 
Updated dnscrypt-proxy.tml with new options: cache_neg_min_ttl and cache_neg_max_ttl
 2018-04-27 07:29:29 -07:00