summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-01-30rekey more credentialslive-demodemo-24-febkwadronaut
2023-01-30rekey sso secretkwadronaut
2023-01-29rekey obfs4kwadronaut
2023-01-28new credentials, update maxkwadronaut
2022-10-27vault crypt, ssh max and 2nd hostkwadronaut
2022-10-26add 2nd vpn hostkwadronaut
2022-10-20initial simple demo providerkwadronaut
2022-10-13Merge branch 'update-float' into 'main'kwadronaut
git subrepo commit (merge) float See merge request leap/container-platform/lilypad!58
2022-10-11Update README quickstartkwadronaut
closes !56 !55
2022-10-10fix testskwadronaut
2022-08-14git subrepo commit (merge) floatMaxb
subrepo: subdir: "float" merged: "1d127174" upstream: origin: "https://git.autistici.org/ai3/float.git" branch: "master" commit: "c2c4ad89" git-subrepo: version: "0.4.3" origin: "git@github.com:ingydotnet/git-subrepo" commit: "2f68596"
2022-07-21git subrepo pull (merge) floatMicah Anderson
subrepo: subdir: "float" merged: "aa47bbbf" upstream: origin: "https://git.autistici.org/ai3/float.git" branch: "master" commit: "4251afa4" git-subrepo: version: "0.4.1" origin: "https://github.com/ingydotnet/git-subrepo" commit: "a04d8c2"
2022-07-06Merge branch 'unpriv-kernel' into 'main'micah
Dont deactivate non-existing kernel module Closes #53 See merge request leap/container-platform/lilypad!54
2022-07-05Dont deactivate non-existing kernel modulekwadronaut
kernel.unprivileged_userns_clone doesn't exist in some cloud providers or non-debian kernels. I'm not entirely sure if it's best to add it this way, testing if /proc/sys/kernel/unprivileged_userns_clone exists could be another way.
2022-07-02re-order roles to account for potential ordering failuresMicah Anderson
2022-07-02update openvpn grafana dashboardMicah Anderson
2022-06-14openvpn: set the local option to bind to the ingress ipMicah Anderson
2022-06-14openvpn: migrate deprecated 'cipher' and add fall-back to old cipherMicah Anderson
2022-06-14Remove unnecessary extra spaces in templateMicah Anderson
2022-06-14Use the bullseye container for openvpnMicah Anderson
2022-06-14Make sure openvpn is restarted when the gw certificate changes.Micah Anderson
2022-06-14Move menshen to be authenticated by the API CA.Micah Anderson
2022-06-10Abstract out simplevpn into its own role.Micah Anderson
It was possible for the `provider` service to not get an updated provider.json when it is generated if it is scheduled on a different backend than `vpnweb`, because it didn't have its own role to apply that template. This fixes that missing piece for the `provider` service. However, because the provider role and the vpnweb both need to be able to reference the templates that are rendered by simplevpn, this abstracts that into its own role so both can use it.
2022-06-09Remove unused local configuration directory creation taskMicah Anderson
2022-06-08Update openvpn configuration to allow the UNLIMITED 'name-prefix'.Micah Anderson
If clients connect with, for example, 'CN=UNLIMITED4rlkwpr0kitv5umpy34m933ko' they should be allowed to verify the same as if they connect with 'CN=UNLIMITED'.
2022-05-24Fix custom_vpn_web_domains to work when it is not set.Micah Anderson
If it is not set, it should default to the 'api' endpoint. Note, this requires https://git.autistici.org/ai3/float/-/merge_requests/266
2022-05-10Remove unnecessary imports of playbooks.Micah Anderson
These rae already defined in site.yml, no sense in importing them again.
2022-05-10Enable an optional custom vpnweb domain.Micah Anderson
For transition from the old platform, it can be useful to have the vpnweb respond to another domain. For example, calyx responds now on api.calyx.net, however the vpnweb with lilypad will appear on api.vpn.calyx.net. With this change it is possible to configure `custom_vpn_web_domains: [api.calyx.net]` to have it available there as well.
2022-04-04Merge branch 'readme_go_deps_tweak' into 'main'micah
Fix Go dependency install instructions in README See merge request leap/container-platform/lilypad!53
2022-03-01Remove pre-generated secrets, these are replaced on init-credentialsMicah Anderson
2022-03-01Update README to fix encryption of ansible vault password.Micah Anderson
The instructions did not work, and rather than giving people multiple ways to do things, just show how to do it the best way.
2022-02-25Fix Go dependency install instructions in READMESam Whited
Prior to Go 1.17 the "go get" command was overloaded to install library dependencies and applications. As of Go 1.17 installing applications with it results in a warning, and as of Go 1.18 it will no longer be used to install applications. This patch updates the readme to use "go install" instead. TL;DR — "go get" updates module dependencies, "go install" builds binaries and sticks them in $GOBIN. Signed-off-by: Sam Whited <sam@samwhited.com>
2022-02-15Merge branch 'fix_menshen_api' into 'main'micah
MENSHEN_API now needs explicit https:// prefix See merge request leap/container-platform/lilypad!52
2022-02-15MENSHEN_API now needs explicit https:// prefixGui Iribarren
this is required as of https://0xacab.org/leap/menshen/-/commit/fa1e4442d7f32c82521b2a3e7266ab77e8669a4e
2022-02-14Merge branch 'main' into 'main'micah
Add note to README.md about the location names See merge request leap/container-platform/lilypad!51
2022-02-14Merge branch 'ips' into 'main'micah
VPN: use first ipv4 and ipv6 found in host['ips'] to determine ingress IPs put in eip-service.json See merge request leap/container-platform/lilypad!50
2022-02-13VPN: use first ipv4 and ipv6 found in host['ips'] to determine ingress IPs ↵elijah
put in eip-service.json
2022-02-13Merge branch 'fix_tests'Micah Anderson
2022-02-13git subrepo pull floatMicah Anderson
subrepo: subdir: "float" merged: "c75bee81" upstream: origin: "https://git.autistici.org/ai3/float.git" branch: "master" commit: "c75bee81" git-subrepo: version: "0.4.1" origin: "https://github.com/ingydotnet/git-subrepo" commit: "a04d8c2"
2022-02-13Adjustments to get tests to workMicah Anderson
. test env ansible needs to have the action plugins available . specify default variable for when vpnweb_auth is empty . remove example openvpn_tcp_network6 . don't run leap-prometheus role . ensure roles are added to hosts in test environment . set a specific MENSHEN_API for CI builds . allow for an insecure http API call for internal tests Update .gitlab-ci.yml for fixing test builds: . Replace the copy with built-in --additional-config flags . Set the vpn gateway Location in the inventory automatically . Bring in a pre-fabricated site.yml that will work for CI . Remove the backend group from the vpn host3
2022-02-08Add not to README.md about the location nameselijah
2022-02-08Switch Vagrantfile to use bullseye imageMicah Anderson
2022-02-02git subrepo pull floatMicah Anderson
subrepo: subdir: "float" merged: "f1ee5fa4" upstream: origin: "https://git.autistici.org/ai3/float.git" branch: "master" commit: "f1ee5fa4" git-subrepo: version: "0.4.1" origin: "https://github.com/ingydotnet/git-subrepo" commit: "a04d8c2"
2022-01-18Change the ordering of which role is applied first.Micah Anderson
If the openvpn role is applied before the kresd role, then the requisite bind mounted /etc/knot-resolver directory, that is required for the openvpn container to start, will not exist when the role attempts to do the systemd restart, causing a failure.
2022-01-18Switch to using 'ips', which is required by upstream floatMicah Anderson
2021-12-14openvpn: fix for v6 kresd listening and control socket driftMicah Anderson
2021-12-14Fix for incorrectly indented ansibleMicah Anderson
2021-12-14Stabilize the socket related to kresd.Micah Anderson
2021-12-14Set MENSHEN_API environment variable.Micah Anderson
This is required as of https://0xacab.org/leap/menshen/-/commit/8acd8591a8be49c1303560526d280c6810702a6e
2021-12-14Remove deprecated openvpn config.Micah Anderson
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 07:23:26 +0000