remove algo

7 files changed, 6 insertions, 198 deletions

diff --git a/bin/algo-config b/bin/algo-config
deleted file mode 100755
index f9297ab..0000000
--- a/bin/algo-config
+++ /dev/null
@@ -1,59 +0,0 @@
-#!/usr/bin/env bash
-set -eu
-set -o pipefail
-
-script_path="$(realpath "$(dirname "$0")")"
-secrets_bin="${script_path}/secrets"
-config_path="$(echo /mnt/algo/configs/*/wireguard)"
-
-"$secrets_bin" open
-trap '"$secrets_bin" close' EXIT
-
-if [ -z "${VIRTUAL_ENV:-}" ]; then
-    # shellcheck disable=SC1090
-    . "${script_path}/helpers/algo-virtualenv"
-    python -m pip install segno
-fi
-
-fixup_configs() {
-    name=$1
-    shift
-
-    sed -i 's/^\(Address.*\) *,.*/\1/' "$config_path"/"${name}".conf
-    sed -i '/^DNS/d' "$config_path"/"${name}".conf
-    cp "$config_path"/"${name}".conf "$config_path"/"${name}"-not-captive.conf
-    sed -i 's|^AllowedIPs.*|AllowedIPs = 0.0.0.0/0|' "$config_path"/"${name}".conf
-    sed -i 's|^AllowedIPs.*|AllowedIPs = 10.49.0.0/24|' "$config_path"/"${name}"-not-captive.conf
-}
-
-# hornet
-fixup_configs hornet
-sudo cp "$config_path"/hornet.conf /etc/wireguard/algo-captive.conf
-sudo cp "$config_path"/hornet-not-captive.conf /etc/wireguard/algo.conf
-
-# tozt
-fixup_configs tozt
-scp "$config_path"/tozt-not-captive.conf root@tozt.net:/etc/wireguard/algo.conf
-cp "$config_path"/tozt-not-captive.conf /mnt/puppet/tozt/wireguard
-$secrets_bin sync tozt
-
-# partofme
-fixup_configs partofme
-scp "$config_path"/partofme-not-captive.conf root@partofme:/etc/wireguard/algo.conf
-cp "$config_path"/partofme-not-captive.conf /mnt/puppet/partofme/wireguard
-$secrets_bin sync partofme
-
-# mail
-fixup_configs mail
-scp "$config_path"/mail-not-captive.conf root@mail.tozt.net:/etc/wireguard/algo.conf
-cp "$config_path"/mail-not-captive.conf /mnt/puppet/mail/wireguard
-$secrets_bin sync mail
-
-# phone
-fixup_configs phone
-echo "algo-captive"
-segno --scale=5 --output="$config_path"/phone.png "$(cat "$config_path"/phone.conf)"
-sxiv "$config_path/phone.png"
-echo "algo"
-segno --scale=5 --output="$config_path"/phone-not-captive.png "$(cat "$config_path"/phone-not-captive.conf)"
-sxiv "$config_path/phone-not-captive.png"
diff --git a/bin/helpers/algo-config.diff b/bin/helpers/algo-config.diff
deleted file mode 100644
index edc046f..0000000
--- a/bin/helpers/algo-config.diff
+++ /dev/null
@@ -1,70 +0,0 @@
-diff --git i/config.cfg w/config.cfg
-index a6b8952..3c78520 100644
---- i/config.cfg
-+++ w/config.cfg
-@@ -6,9 +6,11 @@
- # User names with leading 0's or containing only numbers should be escaped in double quotes, e.g. "000dan" or "123".
- # Email addresses are not allowed.
- users:
-+  - hornet
-+  - mail
-+  - partofme
-   - phone
--  - laptop
--  - desktop
-+  - tozt
- 
- ### Review these options BEFORE you run Algo, as they are very difficult/impossible to change after the server is deployed.
- 
-@@ -17,7 +19,7 @@ users:
- ssh_port: 4160
- 
- # Deploy StrongSwan to enable IPsec support
--ipsec_enabled: true
-+ipsec_enabled: false
- 
- # Deploy WireGuard
- # WireGuard will listen on 51820/UDP. You might need to change to another port
-@@ -40,7 +42,7 @@ alternative_ingress_ip: false
- # automatically based on your server, but if connections hang you might need to
- # adjust this yourself.
- # See: https://github.com/trailofbits/algo/blob/master/docs/troubleshooting.md#various-websites-appear-to-be-offline-through-the-vpn
--reduce_mtu: 0
-+reduce_mtu: 184
- 
- # Algo will use the following lists to block ads. You can add new block lists
- # after deployment by modifying the line starting "BLOCKLIST_URLS=" at:
-@@ -53,13 +55,13 @@ adblock_lists:
- # Enable DNS encryption.
- # If 'false', 'dns_servers' should be specified below.
- # DNS encryption can not be disabled if DNS adblocking is enabled
--dns_encryption: true
-+dns_encryption: false
- 
- # Block traffic between connected clients. Change this to false to enable
- # connected clients to reach each other, as well as other computers on the
- # same LAN as your Algo server (i.e. the "road warrior" setup). In this
- # case, you may also want to enable SMB/CIFS and NETBIOS traffic below.
--BetweenClients_DROP: true
-+BetweenClients_DROP: false
- 
- # Block SMB/CIFS traffic
- block_smb: true
-@@ -73,7 +75,7 @@ block_netbios: true
- # which case a reboot will take place if necessary at the time specified (as
- # HH:MM) in the time zone of your Algo server. The default time zone is UTC.
- unattended_reboot:
--  enabled: false
-+  enabled: true
-   time: 06:00
- 
- ### Advanced users only below this line ###
-@@ -122,7 +124,7 @@ strongswan_network_ipv6: '2001:db8:4160::/48'
- # If you're behind NAT or a firewall and you want to receive incoming connections long after network traffic has gone silent.
- # This option will keep the "connection" open in the eyes of NAT.
- # See: https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence
--wireguard_PersistentKeepalive: 0
-+wireguard_PersistentKeepalive: 25
- 
- # WireGuard network configuration
- wireguard_network_ipv4: 10.49.0.0/16
diff --git a/bin/helpers/algo-virtualenv b/bin/helpers/algo-virtualenv
deleted file mode 100755
index 4e8d9f6..0000000
--- a/bin/helpers/algo-virtualenv
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/usr/bin/env bash
-set -eu
-set -o pipefail
-
-python -m virtualenv --python="$(command -v python)" .env
-set +eu
-# shellcheck disable=SC1091
-source .env/bin/activate
-set -eu
-python -m pip install -U pip virtualenv
diff --git a/bin/helpers/launch-algo b/bin/helpers/launch-algo
deleted file mode 100755
index 00cdafb..0000000
--- a/bin/helpers/launch-algo
+++ /dev/null
@@ -1,50 +0,0 @@
-#!/usr/bin/env bash
-set -eu
-set -o pipefail
-
-script_path="$(realpath "$(dirname "$0")")"
-logfile="/mnt/algo/algo-log-$(date +%s).log"
-latest_logfile=/mnt/algo/algo-log-latest.log
-algodir="$(mktemp --tmpdir -d launch-algo.XXXXXXXXXX)"
-
-cleanup() {
-    if perl -e'exit 1 unless $ARGV[0] =~ m{^/tmp/launch-algo.*$}' "$algodir"; then
-        rm -rf "$algodir"
-    fi
-}
-trap cleanup EXIT
-
-touch "$logfile"
-ln -sf "$(basename "$logfile")" "$latest_logfile"
-echo "Logging to $latest_logfile"
-
-git clone git@github.com:trailofbits/algo "$algodir"
-cd "$algodir"
-
-echo "Installing dependencies..."
-# shellcheck disable=SC1090
-. "${script_path}/algo-virtualenv" >> "$logfile"
-python -m pip install -r requirements.txt
-echo "done."
-
-rm -f configs/.gitinit
-rmdir configs
-mkdir -p .venvs
-rm -rf /mnt/algo/configs
-mkdir -p /mnt/algo/configs
-ln -sf /mnt/algo/configs configs
-ln -sf "$algodir"/.venvs /mnt/algo/configs/.venvs
-
-git apply "${script_path}/algo-config.diff"
-
-echo "Running Ansible..."
-do_token=$(cat /mnt/digitalocean)
-ansible-playbook main.yml -e "provider=digitalocean server_name=algo.tozt.net region=nyc3 do_token=$do_token dns_adblocking=false ssh_tunneling=false ondemand_cellular=false ondemand_wifi=false" >> "$logfile"
-
-"${script_path}/../algo-config"
-
-# need to wait for the controlmaster process to exit
-# XXX there should be a way to tell it to exit, but i don't know how to
-# calculate the correct controlpath
-sleep 60
-echo "Done"
diff --git a/bin/launch b/bin/launch
index d24acf5..571b70d 100755
--- a/bin/launch
+++ b/bin/launch
@@ -6,7 +6,7 @@ script_path="$(realpath "$(dirname "$0")")"
 secrets_bin="${script_path}/secrets"
 
 case "$1" in
-base | algo | mail | partofme)
+base | mail | partofme)
     "$secrets_bin" open
     trap '"$secrets_bin" close' EXIT
     "$(dirname "$0")/helpers/launch-$1"
diff --git a/bin/secrets b/bin/secrets
index f29a5b2..721bd3a 100755
--- a/bin/secrets
+++ b/bin/secrets
@@ -30,14 +30,14 @@ cmd_close() {
 }
 
 cmd_sync() {
-    if [ "${2:-}" = "--algo" ]; then
+    if [ "${2:-}" = "--ts" ]; then
         host="${3:-tozt}"
         if [ "${host}" = "tozt" ]; then
-            hostname=tozt.algo
+            hostname=tozt
         elif [ "${host}" = "mail" ]; then
-            hostname=mail.algo
+            hostname=mail
         elif [ "${host}" = "partofme" ]; then
-            hostname=partofme.algo
+            hostname=partofme
         else
             echo "unknown host ${host}" >&2
             exit 1
diff --git a/bin/terminate b/bin/terminate
index e760c09..9ff1941 100755
--- a/bin/terminate
+++ b/bin/terminate
@@ -6,13 +6,10 @@ script_path="$(realpath "$(dirname "$0")")"
 secrets_bin="${script_path}/secrets"
 
 case "$1" in
-algo | mail | mail2)
+mail)
     "$secrets_bin" open
     trap '"$secrets_bin" close' EXIT
     case "$1" in
-    algo)
-        hostname=algo.tozt.net
-        ;;
     mail)
         hostname=mail.tozt.net
         ;;