diff options
author | Jesse Luehrs <doy@tozt.net> | 2024-02-21 04:03:58 -0500 |
---|---|---|
committer | Jesse Luehrs <doy@tozt.net> | 2024-02-21 04:03:58 -0500 |
commit | a6a24c9dd286280e99bbaf283c94567b9bf58ac2 (patch) | |
tree | 95ca3306b5a1977dd2a215288e34a5ca47ff7b5d /bin/helpers | |
parent | ee0d27afc5dd9ed3b02cdf6b36e2904c0f46ff7f (diff) | |
download | puppet-tozt-a6a24c9dd286280e99bbaf283c94567b9bf58ac2.tar.gz puppet-tozt-a6a24c9dd286280e99bbaf283c94567b9bf58ac2.zip |
remove algo
Diffstat (limited to 'bin/helpers')
-rw-r--r-- | bin/helpers/algo-config.diff | 70 | ||||
-rwxr-xr-x | bin/helpers/algo-virtualenv | 10 | ||||
-rwxr-xr-x | bin/helpers/launch-algo | 50 |
3 files changed, 0 insertions, 130 deletions
diff --git a/bin/helpers/algo-config.diff b/bin/helpers/algo-config.diff deleted file mode 100644 index edc046f..0000000 --- a/bin/helpers/algo-config.diff +++ /dev/null @@ -1,70 +0,0 @@ -diff --git i/config.cfg w/config.cfg -index a6b8952..3c78520 100644 ---- i/config.cfg -+++ w/config.cfg -@@ -6,9 +6,11 @@ - # User names with leading 0's or containing only numbers should be escaped in double quotes, e.g. "000dan" or "123". - # Email addresses are not allowed. - users: -+ - hornet -+ - mail -+ - partofme - - phone -- - laptop -- - desktop -+ - tozt - - ### Review these options BEFORE you run Algo, as they are very difficult/impossible to change after the server is deployed. - -@@ -17,7 +19,7 @@ users: - ssh_port: 4160 - - # Deploy StrongSwan to enable IPsec support --ipsec_enabled: true -+ipsec_enabled: false - - # Deploy WireGuard - # WireGuard will listen on 51820/UDP. You might need to change to another port -@@ -40,7 +42,7 @@ alternative_ingress_ip: false - # automatically based on your server, but if connections hang you might need to - # adjust this yourself. - # See: https://github.com/trailofbits/algo/blob/master/docs/troubleshooting.md#various-websites-appear-to-be-offline-through-the-vpn --reduce_mtu: 0 -+reduce_mtu: 184 - - # Algo will use the following lists to block ads. You can add new block lists - # after deployment by modifying the line starting "BLOCKLIST_URLS=" at: -@@ -53,13 +55,13 @@ adblock_lists: - # Enable DNS encryption. - # If 'false', 'dns_servers' should be specified below. - # DNS encryption can not be disabled if DNS adblocking is enabled --dns_encryption: true -+dns_encryption: false - - # Block traffic between connected clients. Change this to false to enable - # connected clients to reach each other, as well as other computers on the - # same LAN as your Algo server (i.e. the "road warrior" setup). In this - # case, you may also want to enable SMB/CIFS and NETBIOS traffic below. --BetweenClients_DROP: true -+BetweenClients_DROP: false - - # Block SMB/CIFS traffic - block_smb: true -@@ -73,7 +75,7 @@ block_netbios: true - # which case a reboot will take place if necessary at the time specified (as - # HH:MM) in the time zone of your Algo server. The default time zone is UTC. - unattended_reboot: -- enabled: false -+ enabled: true - time: 06:00 - - ### Advanced users only below this line ### -@@ -122,7 +124,7 @@ strongswan_network_ipv6: '2001:db8:4160::/48' - # If you're behind NAT or a firewall and you want to receive incoming connections long after network traffic has gone silent. - # This option will keep the "connection" open in the eyes of NAT. - # See: https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence --wireguard_PersistentKeepalive: 0 -+wireguard_PersistentKeepalive: 25 - - # WireGuard network configuration - wireguard_network_ipv4: 10.49.0.0/16 diff --git a/bin/helpers/algo-virtualenv b/bin/helpers/algo-virtualenv deleted file mode 100755 index 4e8d9f6..0000000 --- a/bin/helpers/algo-virtualenv +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/env bash -set -eu -set -o pipefail - -python -m virtualenv --python="$(command -v python)" .env -set +eu -# shellcheck disable=SC1091 -source .env/bin/activate -set -eu -python -m pip install -U pip virtualenv diff --git a/bin/helpers/launch-algo b/bin/helpers/launch-algo deleted file mode 100755 index 00cdafb..0000000 --- a/bin/helpers/launch-algo +++ /dev/null @@ -1,50 +0,0 @@ -#!/usr/bin/env bash -set -eu -set -o pipefail - -script_path="$(realpath "$(dirname "$0")")" -logfile="/mnt/algo/algo-log-$(date +%s).log" -latest_logfile=/mnt/algo/algo-log-latest.log -algodir="$(mktemp --tmpdir -d launch-algo.XXXXXXXXXX)" - -cleanup() { - if perl -e'exit 1 unless $ARGV[0] =~ m{^/tmp/launch-algo.*$}' "$algodir"; then - rm -rf "$algodir" - fi -} -trap cleanup EXIT - -touch "$logfile" -ln -sf "$(basename "$logfile")" "$latest_logfile" -echo "Logging to $latest_logfile" - -git clone git@github.com:trailofbits/algo "$algodir" -cd "$algodir" - -echo "Installing dependencies..." -# shellcheck disable=SC1090 -. "${script_path}/algo-virtualenv" >> "$logfile" -python -m pip install -r requirements.txt -echo "done." - -rm -f configs/.gitinit -rmdir configs -mkdir -p .venvs -rm -rf /mnt/algo/configs -mkdir -p /mnt/algo/configs -ln -sf /mnt/algo/configs configs -ln -sf "$algodir"/.venvs /mnt/algo/configs/.venvs - -git apply "${script_path}/algo-config.diff" - -echo "Running Ansible..." -do_token=$(cat /mnt/digitalocean) -ansible-playbook main.yml -e "provider=digitalocean server_name=algo.tozt.net region=nyc3 do_token=$do_token dns_adblocking=false ssh_tunneling=false ondemand_cellular=false ondemand_wifi=false" >> "$logfile" - -"${script_path}/../algo-config" - -# need to wait for the controlmaster process to exit -# XXX there should be a way to tell it to exit, but i don't know how to -# calculate the correct controlpath -sleep 60 -echo "Done" |