This is to better document the "encryption" flag for those who are interested in full disk encryption on AWS. Recently on running the script, I also found the minimum permissions documented at https://github.com/trailofbits/algo/blob/master/docs/deploy-from-ansible.md weren't enough; "ec2:CopyImage" is also required. Not sure if you'd rather have this documented in the AWS docs instead, and not sure if you want "ec2:CopyImage" added to the default minimum required permissions. I can do either if you'd prefer.
The spacing of several lines in the congrats message has been off. Here's the congrats output with this fix:
```
ok: [54.85.244.8] => {
"msg": [
[
"\"# Congratulations! #\"",
"\"# Your Algo server is running. #\"",
"\"# Config files and certificates are in the ./configs/ directory. #\"",
"\"# Go to https://whoer.net/ after connecting #\"",
"\"# and ensure that all your traffic passes through the VPN. #\"",
"\"# Local DNS resolver 172.16.0.1 #\"",
""
],
" \"# The p12 and SSH keys password for new users is CR2qzRcA #\"\n",
" \"# The CA key password is ed0fd57e7d355af08d12ccdbfd3f5931 #\"\n",
" \"# Shell access: ssh -i configs/algo.pem ubuntu@54.85.244.8 #\"\n"
]
}
```
Ansible2.5 allows Algo to directly ask AWS for the region list, rather than have it hardcoded and updated manually. Updated the documented minimum required permissions to include "DescribeRegions".
* Refactoring, booleans declaration and update users fix
* Make server_name more FQDN compatible
* Rename variables
* Define the default value for store_cakey
* Skip a prompt about the SSH user if deploying to localhost
* Disable reboot for non-cloud deployments
* Enable EC2 volume encryption by default
* Add default server value (localhost) for the local installation
Delete empty files
* Add default region to aws_region_facts
* Update docs
* EC2 credentials fix
* Warnings fix
* Update deploy-from-ansible.md
* Fix a typo
* Remove lightsail from the docs
* Disable EC2 encryption by default
* rename droplet to server
* Disable dependencies
* Disable tls_cipher_suite
* Convert wifi-exclude to a string. Update-users fix
* SSH access congrats fix
* 16.04 > 18.04
* Dont ask for the credentials if specified in the environment vars
* GCE server name fix
* Run dnsmasq as the dnsmasq user
There is a task that checks whether the dnsmasq user exists.
However, dnsmasq is configured to run as user "nobody" instead.
This change lets dnsmasq run as user "dnsmasq".
* remove dnsmasq user task
Warning in yaml file:
` [WARNING]: While constructing a mapping from /root/algo/roles/cloud-scaleway/tasks/main.yml, line 73, column 11, found a duplicate dict key (enable_ipv6). Using last defined value only.`
