ansible-collection-hardening VS algo

An ansible collection for hardening Linux systems I mostly wrote: https://github.com/dev-sec/ansible-collection-hardening

Another ansible collection to manage Icinga: https://github.com/T-Systems-MMS/ansible-collection-icinga-d...

And the yunohost app for invoice ninja: https://github.com/YunoHost-Apps/invoiceninja5_ynh

i have some packer builds where itll install ansible, run playbooks locally, then uninstall ansible. such as the the devsec os hardening role: https://github.com/dev-sec/ansible-collection-hardening

This collection is also interesting https://github.com/dev-sec/ansible-collection-hardening/

Second you want to ensure the os is secure and up to date. Take a look at os hardening best practices, for example this ansible playbook for linux: https://github.com/dev-sec/ansible-collection-hardening

To ensure SSH and other security related things are configured correctly, you can take a look at DevSec which helps you to apply proven security configuration principles. Also there is guides like "Secure Secure Shell" which can help you to better understand what you can do to increase the security of your servers (this one is from 2015 but many aspects are still relevant).

I learned a lot by using and reading through the source code of these ansible roles: https://github.com/dev-sec/ansible-collection-hardening

Have a look at https://github.com/dev-sec/ansible-collection-hardening

You can do much more https://github.com/dev-sec/ansible-collection-hardening/tree/master/roles/ssh_hardening

Since we're already presuming you have a functional PFSense box with Wireguard installed and a VPS stood up, now you need to get Algo installed on the VPS. I'm not going to write this part out in detail, but basically you need to follow the procedures here to get Algo installed. However, *before* running ./algo you probably want to edit some of the config.cfg settings. I disabled IPSec (which saves a bunch of package installs and prevents a bunch of failures I saw on some of my VPSs), set my reduce_mtu setting to 80 just to prevent any MTU issues down the line, turned off DNS encryption, and renamed my users to the servers in question (for example: pfsense, vps_server, etc)

Check out the command line args for Auto1111, it talks about a gradio setup that can be accessed remotely. There's a time limit on gradio links though, I think. You could also set up a vpn that will allow you to access your PC remotely, then run A1111 with the --listen command and access it that way. I've done this with an Algo VPN on Azure and a Wireguard client for Windows for Android, but any VPN that lets you access your PC remotely would work.

One way you could try to get around is building your own VPN service, like this: https://github.com/trailofbits/algo/blob/master/README.md

Things I have tried so far: Clear network cache and reset adapters - IDK it fix aprevious problem I had https://github.com/trailofbits/algo/discussions/14504

(I can simply install Algo and get the Wireguard tunnel working, easy peasy... But from there, I can never get Plex port 32400 open... so I'm just trying from scratch now...)

Maybe try running algo vpn (following the road-warrior setup) in a VM instead? It has very light requirements. https://github.com/trailofbits/algo/blob/master/docs/deploy-to-ubuntu.md