update algo config diff

1 files changed, 28 insertions, 24 deletions

diff --git a/bin/helpers/algo-config.diff b/bin/helpers/algo-config.diff
index 0d054ab..e8181a4 100644
--- a/bin/helpers/algo-config.diff
+++ b/bin/helpers/algo-config.diff
@@ -1,10 +1,10 @@
 diff --git i/config.cfg w/config.cfg
-index bf65e45..1dedb60 100644
+index 6446398..671062a 100644
 --- i/config.cfg
 +++ w/config.cfg
-@@ -5,9 +5,11 @@
- # You can generate up to 250 users at one time.
+@@ -6,9 +6,11 @@
  # Usernames with leading 0's or containing only numbers should be escaped in double quotes, e.g. "000dan" or "123".
+ # Emails are not allowed
  users:
 +  - hush
 +  - partofme
@@ -14,27 +14,18 @@ index bf65e45..1dedb60 100644
 +  - tozt
 +  - mail
  
- ### Advanced users only below this line ###
+ ### Review these options BEFORE you run Algo, as they are very difficult/impossible to change after the server is deployed.
  
-@@ -22,7 +24,7 @@ keys_clean_all: False
- clean_environment: false
+@@ -17,7 +19,7 @@ users:
+ ssh_port: 4160
  
  # Deploy StrongSwan to enable IPsec support
 -ipsec_enabled: true
 +ipsec_enabled: false
  
- # StrongSwan log level
- # https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration
-@@ -40,7 +42,7 @@ wireguard_port: 51820
- # If you're behind NAT or a firewall and you want to receive incoming connections long after network traffic has gone silent.
- # This option will keep the "connection" open in the eyes of NAT.
- # See: https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence
--wireguard_PersistentKeepalive: 0
-+wireguard_PersistentKeepalive: 25
- 
- # WireGuard network configuration
- wireguard_network_ipv4: 10.19.49.0/24
-@@ -53,7 +55,7 @@ wireguard_network_ipv6: fd9d:bc11:4021::/48
+ # Deploy WireGuard
+ # WireGuard will listen on 51820/UDP. You might need to change to another port
+@@ -40,7 +42,7 @@ alternative_ingress_ip: false
  # automatically based on your server, but if connections hang you might need to
  # adjust this yourself.
  # See: https://github.com/trailofbits/algo/blob/master/docs/troubleshooting.md#various-websites-appear-to-be-offline-through-the-vpn
@@ -43,7 +34,16 @@ index bf65e45..1dedb60 100644
  
  # Algo will use the following lists to block ads. You can add new block lists
  # after deployment by modifying the line starting "BLOCKLIST_URLS=" at:
-@@ -102,11 +104,11 @@ local_service_ipv6: "{{ 'fd00::1' | ipmath(1048573 | random(seed=algo_server_nam
+@@ -60,7 +62,7 @@ dns_encryption: true
+ # connected clients to reach each other, as well as other computers on the
+ # same LAN as your Algo server (i.e. the "road warrior" setup). In this
+ # case, you may also want to enable SMB/CIFS and NETBIOS traffic below.
+-BetweenClients_DROP: true
++BetweenClients_DROP: false
+ 
+ # Block SMB/CIFS traffic
+ block_smb: true
+@@ -74,7 +76,7 @@ block_netbios: true
  # which case a reboot will take place if necessary at the time specified (as
  # HH:MM) in the time zone of your Algo server. The default time zone is UTC.
  unattended_reboot:
@@ -51,9 +51,13 @@ index bf65e45..1dedb60 100644
 +  enabled: true
    time: 06:00
  
- # Block traffic between connected clients
--BetweenClients_DROP: true
-+BetweenClients_DROP: false
+ ### Advanced users only below this line ###
+@@ -122,7 +124,7 @@ strongswan_network_ipv6: 'fd9d:bc11:4020::/48'
+ # If you're behind NAT or a firewall and you want to receive incoming connections long after network traffic has gone silent.
+ # This option will keep the "connection" open in the eyes of NAT.
+ # See: https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence
+-wireguard_PersistentKeepalive: 0
++wireguard_PersistentKeepalive: 25
  
- congrats:
-   common: |
+ # WireGuard network configuration
+ wireguard_network_ipv4: 10.19.49.0/24