diff --git a/doc/Makefile b/doc/Makefile index bf06f78e8..d29a2f800 100644 --- a/doc/Makefile +++ b/doc/Makefile @@ -61,5 +61,3 @@ fetch: .PHONY: clean clean: rm -f $(OUTPUTS) - - diff --git a/doc/freedombox-manual.xml b/doc/freedombox-manual.xml new file mode 100644 index 000000000..2965a57d8 --- /dev/null +++ b/doc/freedombox-manual.xml @@ -0,0 +1,4417 @@ + + +
+ + FreedomBox Manual + + +
+ Quick Start + + + If you have not already done so, download and install a FreedomBox image by following the instructions on the Download page. + + + Plug one end of your ethernet cord into your FreedomBox's ethernet port, and plug the other end into your router. + + + On the Dreamplug, the eth0 port (the one toward the middle of the box) should be connected to your router. + + + + + (Dreamplug only) Plug your computer into the eth1 port (the one toward the end of the box) on the FreedomBox. + + + Power on your your FreedomBox. + + + On first boot, the FreedomBox will perform initial setup and then reboot. This may take several minutes. + + + After the FreedomBox has rebooted, you can access Plinth through your web browser. + + + If your computer is connected directly to the FreedomBox through a second ethernet port, you can browse to: or . + + + If your computer supports mDNS, you can browse to: . + + + If neither of these methods are available, then you will need to figure out the IP address of your FreedomBox. You can use the "nmap" program to find its IP address: + nmap -p 80 --open -sV 192.168.0.0/24 + + + + + When you first access Plinth, you will see a welcome page that asks you to provide some basic information for setting up your FreedomBox. + + + After completing the form, you will be logged in to Plinth and able to access apps and configuration through the interface. + + + If your computer is connected directly to the FreedomBox, your FreedomBox can act as a router, allowing you to access the Internet. + + + Now, you can try any of the Apps that are available on FreedomBox. +
+
+ Getting Help + + + + This document is intended to give you all the information you need to get started with your FreedomBox. However, if you have any questions after reading this document, you can get help by: + + + Emailing freedombox-discuss@lists.alioth.debian.org. You can also sign up to receive copies of every discussion that happens on the mailing list and read the archives. + + + Chatting at #freedombox@irc.oftc.net. + + + Reading the wiki. + + + Reading the FreedomBox Foundation's website. + + + Reading the FreedomBox Project Page. + + +
+
+ Release Notes + The following are the release notes for each FreedomBox version. +
+ Version 0.5 (2015-08-07) +
+ Notable Features + + + New targets: CubieTruck, i386, amd64 + + + New apps in Plinth: Transmission, Dynamic DNS, Mumble, ikiwiki, Deluge, Roundcube, Privoxy + + + NetworkManager handles network configuration and can be manipulated through Plinth. + + + Software Upgrades (unattended-upgrades) module can upgrade the system, and enable automatic upgrades. + + + Plinth is now capable of installing ejabberd, jwchat, and privoxy, so they are not included in image but can be installed when needed. + + + User authentication through LDAP for SSH, XMPP (ejabberd), and ikiwiki. + + + Unit test suite is automatically run on Plinth upstream. This helps us catch at least some code errors before they are discovered by users! + + + New, simpler look for Plinth. + + + Performance improvements for Plinth. + + +
+ freedom-maker + + + Add ability to set build and image mirrors separately + + + Updated installation instructions + + + Ability to set specific components based on targets + + + Add support for CubieTruck + + + Fix build failure during date change boundary + + + Disable btrfs for Raspberry Pi + + + Add support for building i386/amd64 images + + + Update documentation about the new targets + + + Corrected the git url for freedom-maker build + + + Use vmdebootstrap-0.8 + + + Remove unneeded DHCP config option to vmdebootstrap + + +
+
+ freedombox-setup + + + Setup uap0 interface on dreamplug, using hostapd to configure wifi AP. + + + Set HOME in first-run initscript so etckeeper can find the git config. + + + Beaglebone: Don't need to copy u-boot files to boot partition. freedom-maker will install it in front of boot partition. + + + Add initial support for cubietruck. + + + Remove pagekite recommendation as Plinth now takes care of its installation and setup + + + Redirect to Plinth from home page instead of showing jwchat + + + Migrate to dh_python3 from python-support + + + Use nmcli to setup network connections + + + Remove jwchat/ejabber setup as it is handle by Plinth + + + Remove LDAP root password and create ou=groups + + + Remove renaming of network interfaces as it does not work. Start using systemd's new predictable naming. Don't alter /etc/network/interface anymore. + + + Use network manager for configuring DNS and DHCP servers + + + Fix hang issue when building Raspberry Pi images + + + Remove privoxy setup as it happens in Plinth now + + + Configure PAM for LDAP user logins + + +
+
+ Plinth 0.4.5 + + + New app modules: + + + BitTorrent (Transmission) + + + Dynamic DNS + + + Voice Chat (Mumble) + + + Wiki & Blog (ikiwiki) + + + + + New system modules: + + + Networks + + + Software Upgrades + + + + + Add unit tests with coverage report and Travis-CI integration + + + Add systemd service file for Plinth + + + Use augeas to configure Pagekite + + + Use domainname as ejabberd host + + + Bugfixes for ownCloud and packagekit + + + Fixes for user dropdown menu when javascript is disabled + + + Simpler look + + +
+
+ Plinth 0.5 + + + New app modules: + + + BitTorrent (Deluge) + + + Email Client (Roundcube) + + + Web Proxy (Privoxy) + + + + + Use libnm for Networks module + + + Add support for testing Django-dependent modules + + + Plinth can now setup ejabberd and jwchat + + + Setup firewall zones for network-manager connections + + + Manage LDAP users and groups with ldapscripts package + + + LDAP user authentication is now used for XMPP, ikiwiki, and SSH + + + Fixes to cherrypy autoreload and remove unneeded extra server. Plinth now uses much less CPU. + + + Use django-stronghold for authentication handling + + + Bundle tests with applications; add Travis-CI status image to README + + + Move to using python3-augeas for Pagekite + + + Extend and use action utilities for enabling/disabling services and Apache confs + + + Fixed timezone list issue + + + Bind a Network connection to an interface + + + Many small cleanups + + +
+
+
+
+ Version 0.3 (2015-01-20) +
+ Notable Features + + + Tor Bridges: All boxes now act as non-exit Tor bridges, routing traffic for the Tor network. + + + Firewall: firewall is on by default and is automatically managed. + + + Add BeagleBone support. We now have images for BeagleBone, RaspberryPi, VirtualBox i386/amd64, and DreamPlug. + + + Ability to enable and use Tor Hidden Services. Works with Ejabberd/JWChat and ownCloud services. + + + Enable Tor obfsproxy with scramblesuit. + + + Drop well-known root password (an account with sudo capabilities still exists for now but will be removed soon). + + + Switch to unstable as suite of choice for easier development. + + + Newer images are built with systemd by default (due to Debian change). + + + Install and operate firewall automatically (uses firewalld). + + + Major restructuring of Plinth UI using Python3, Django web development framework and Bootstrap3. Code quality is much better and UI is more polished. + + + Introduced packaging framework in Plinth UI for on-demand application installation. + + +
+ freedom-maker + + + Newer images use systemd by default + + + VirtualBox images for amd64 architecture also + + + Default to btrfs filesytem where supported + + + Images for BeagleBone + + + Use Grub for virtualbox images + + + Use eatmydata to speed up build process + + + Switch to Debian Unstable as suite of choice + + + Drop well-known root password (an account with sudo capabilities still exists for now) + + +
+
+ freedombox-setup + + + Add BeagleBone support + + + Enable scramblesuite for obfsproxy + + + Enable obfsproxy + + + Updates to testsuite + + + Pull documentation from Wiki and build it + + + Enable Tor transparent proxy + + + Update tests in testsuite + + +
+
+ Plinth 0.4.1 + + + Ability to enable and see status of Tor Hidden Services. + + + Fully migrated to Django and removed all code that was re-inventing web frameworks. + + + Migrated to Python 3. + + + Ability to write and distribute Plinth modules outside of Plinth repository: FreedomBox Apps. + + + Improved security using Django authentication and forms. + + + Reorganized source code to look more like a Python application. + + + Use Python setup.py instead of custom Makefiles. + + + Setting up Plinth for development is easier. + + + Removed dependency on withsqlite package with help from Django models. + + + Removed duplicated code in Twitter bootstrap JS/CSS by depending on proper Debian packages. + + + Removed stubs and TODOish messages in UI in preparation of proper public (developer) release. + + + Code quality clean-ups. + + + Updated documentation on setting up and using Plinth from source. + + +
+
+ Plinth 0.4.4 + + + Update to Bootstrap3 and improve styling in general + + + Fix issue with Apache configuration + + + Improvements to working behind a proxy server + + + Introduce package management framework + + + Show progress bar while installing ownCloud + + + Tested JWChat/ownCloud on .onion addresses + + + Test coverage measurement + + + Rewamped first boot wizard + + + Proper user management with editing and setting passwords + + + Remove expert mode + + + Seperate out domain name vs. hostname configuration + + + Fix issues with ejabberd configuration update on hostname change + + + Fix issue with hostname changes + + + Debian packaging related fixes + + + Many bug fixes and code cleanups + + +
+
+ Firewall + Firewall is a network security system that controls the incoming and outgoing network traffic. Keeping a firewall enabled and properly configured reduces risk of security threat from the Internet. + The operation of the firewall is automatic. When you enable a service it is automatically permitted in the firewall and you disable a service is automatically disabled in the firewall. + Automatic management of firewall in FreedomBox is handled by Plinth web user interface using FirewallD. +
+
+
+
+ Version 0.2 (2014-03-16) +
+ New Architectures + In addition to the DreamPlug, Raspberry Pi and VirtualBox (x86) images are now provided. +
+
+ New Services + These services are new as of this release: + + + Configuration Management UI + + + Instant Messaging + + + OwnCloud + + + dnsmasq + + + Low-Level Configuration Management + + + Service Announcement + + + LDAP Server + + + LXC Support + + + Source Packages + + + See the user documentation for instruction on how to use them. +
+ Configuration Management UI + The FreedomBox now has an administrative interface, Plinth. + To use it: + + + Start your FreedomBox. + + + After Plinth is configured, log in. + + + To configure it: + + + Start your FreedomBox. + + + Plug your Ethernet cable in to your computer and eth1 on your DreamPlug. + + + Connect to Plinth. + + + Set up the user name and password you'll use to log into Plinth. + + +
+
+ Instant Messaging + The FreedomBox now supports instant messaging via XMPP, using JWChat. + To use it: + + + Start your FreedomBox. + + + Register a new Jabber account. + + + Log in to your Jabber account. + + +
+
+ OwnCloud + + + (with 4GB images) + + + (What is this? What is it for? How do we use it?) +
+
+ dnsmasq + (What is this? What is it for? How do we use it?) +
+
+ Low-Level Configuration Management + Etckeeper is now used for configuration management: after every major system operation, the system automatically takes a configuration snapshot so configuration changes can be reversed, as necessary. +
+
+ Service Announcement + Avahi Service Announcement and mDNS Name Resolution. + (What is this? What is it for? How do we use it?) +
+
+ LDAP server + (What is this? What is it for? How do we use it?) +
+
+ LXC support + (What is this? What is it for? How do we use it?) +
+
+ Source Packages + Source Packages for each installed package are now stored in the /usr/src/packages/ directory. +
+
+
+ Changes since 0.1 release + + + The privoxy setup is now the default from Debian. + + +
+
+
+ Version 0.1 (2013-02-26) + I am pleased to announce our first FreedomBox software release. The FreedomBox 0.1 image is available here (.torrent) (sha512sum: 867f5bf462102daef82a34165017b9e67ed8e09116fe46edd67730541bbfb731083850ab5e28ee40bdbc5054cb64e4d0e46a201797f27e0b8f0d2881ef083b40). + This 0.1 version is primarily a developer release, which means that it focuses on architecture and infrastructure rather than finish work. The exception to this is privoxy-freedombox, the web proxy discussed in previous updates, which people can begin using right now to make their web browsing more secure and private and which will very soon be available on non-FreedomBox systems. More information on that tool at the end of this post. + + + What have we accomplished? + + + This first release completes a number of important milestones for the project. + + + Full hardware support in Debian + + + A big part of the vision for the FreedomBox project revolves around the "Boxs", tiny plug servers that are capable of running full size computing loads cheaply and with little use of electricity. In many respects these are wireless routers given the brains of a smart phone. If you want to change the software on a router or smart phone today you normally need to worry about bootloader images, custom roms, and a whole collection of specialized build and install tools. We wanted to the FreedomBox to move beyond this fragmented environment and, with the help of some embedded device experts, we have managed to make our development hardware into a fully supported Debian platform. That means that anyone with a device can install Debian on it just like a laptop or desktop computer. This support is very important for ensuring that the work we do on the FreedomBox is as portable and reusable as possible. + + + + + + + Basic software tools selected + + + There is a lot of great free software out there to choose from and we put a lot of thought into which elements would be included in our basic tool kit. This includes the user interface system + "plinth" that I outlined in a recent kickstarter update as well as basic cryptography tools like gpg and a one named "monkeysphere" that leverages gpg as an authentication tool. All of these are now bundled together and installed on the release image. This common working environment will simplify development going forward. + + + + + Box-to-box communication design + + + Some goals of the FreedomBox can be accomplished with one user and one FreedomBox but many, like helping someone route around repressive government firewalls, will require groups of people and groups of boxes working together. One of our greatest architectural challenges has been finding a way for boxes to communicate securely without so slowing down or breaking network access as to make the system unpleasant to use. We have now outlined and built the first version of our proposed solution: Freedom-buddy. Freedom-buddy uses the world class TOR network so that boxes can find each other regardless of location or restrictive firewall and then allows the boxes to negotiate secure direct connections to each other for actually sending large or time sensitive data. We believe this blended approach will be most effective at improving the security and usability of personal-server communications and all the services we plan to build into those servers. + + + + + Web cleaning + + + Our first service, a piece of software you can use today to start making your web browsing more secure and private, is called "privoxy-freedombox". This software combines the functionality of + the Adblock Plus ad blocker, the Easy Privacy filtering list, and the (HTTPS Everywhere) website redirection plugin into a single piece of software to run on your FreedomBox. Combining these different plugins into software for your FreedomBox means that you can use them with almost any browser or mobile device using a standard web proxy connection. Because of our focus on building the FreedomBox as part of Debian this software will soon be available to anyone running a Debian system regardless of whether you are using our target DreamPlug hardware, a laptop, or a large rack server somewhere. + As you read this packages should already be available in the Raspbian repositories, which is the optimized version of Debian used on the Raspberry Pi hardware. Hopefully we will get that onto the main Debian mirrors over the next month; if you are interested in building it for yourself in the meantime, the source is available from gitorious. As we build additional components for the FreedomBox we will continue to work on making them widely available. + + + + + + + What is next? + + + As you may have seen, our Project Lead, Bdale Garbee, is about to begin a well earned early retirement from his long time role as Open Source & Linux Chief Technologist at Hewlett-Packard. Over the coming month Bdale and the rest of the Foundation team will be putting together plans for the next stage of FreedomBox development and the road to a 1.0 release. News and updates will follow at freedomboxfoundation.org (rss). + + + + +
+
+
+ Apps +
+ Anonymity Network (Tor) +
+ Using Tor to browse anonymously + Tor Browser is the recommended way to browse the web using Tor. You can download the Tor Browser from and follow the instructions on that site to install and run it. +
+
+ Using Tor Hidden Service to access your FreedomBox + Tor Hidden Service provides a way to access your FreedomBox, even if it's behind a router or firewall. + To enable Tor Hidden Service, first navigate to the Anonymity Network (Tor) page. (If you don't see it, click on the FreedomBox logo at the top-left of the page, to go to the main Apps page.) On the Anonymity Network (Tor) page, under Configuration, check "Enable Tor Hidden Service", then press the Update setup button. Tor will be reconfigured and restarted. + After a while, the page will refresh and under Status, you will see a table listing the Hidden Service .onion address. Copy the entire address (ending in .onion) and paste it into the Tor Browser's address field, and you should be able to access your FreedomBox. (You may see a certificate warning because FreedomBox has a self-signed certificate.) + Currently only HTTP (port 80) and HTTPS (port 443) are accessible through the Tor Hidden Service configured on the FreedomBox. +
+
+ Using Tor SOCKS port (advanced) + FreedomBox provides a Tor SOCKS port that other applications can connect to, in order to route their traffic over the Tor network. This port is accessible on any interfaces configured in the internal firewall zone. To configure the application, set SOCKS Host to the internal network connection's IP address, and set the SOCKS Port to 9050. +
+
+
+ Dynamic DNS + In order reach a server on the Internet, the server needs to have permanent address also know as the static IP address. Many Internet service providers don't provide home users with a static IP address or they charge more providing a static IP address. Instead they provide the home user with an IP address that changes every time the user connects to the Internet. Clients wishing to contact the server will have difficulty reaching the server. + Dynamic DNS service providers assist in working around a problem. First they provide you with a domain name, such as 'myhost.example.org'. Then they associate your IP address, whenever it changes, with this domain name. Then anyone intending to reach the server will be to contact the server using the domain name 'myhost.example.org' which always points to the latest IP address of the server. + For this to work, every time you connect to the Internet, you will have to tell your Dynamic DNS provider what your current IP address is. Hence you need special software on your server to perform this operation. The Dynamic DNS function in FreedomBox will allow users without a static public IP address to push the current public IP address to a Dynamic DNS Server. This allows you to expose services on FreedomBox, such as ownCloud, to the Internet. +
+ GnuDIP vs. Update URL + There are two main mechanism to notify the Dynamic DNS server of your new IP address; using the GnuDIP protocol and using the Update URL mechanism. + If a service provided using update URL is not properly secured using HTTPS, your credentials may be visible to an adversary. Once an adversary gains your credentials, they will be able to replay your request your server and hijack your domain. + On the other hand, the GnuDIP protocol will only transport a salted MD5 value of your password, in a way that is secure against replay attacks. +
+
+ Using the GnuDIP protocol + + + Register an account with any Dynamic DNS service provider. A free service provided by the FreedomBox community is available at . + + + In FreedomBox UI, enable the Dynamic DNS Service. + + + Select GnuDIP as Service type, enter your Dynamic DNS service provider address (for example, gnudip.datasystems24.net) into GnuDIP Server Address field. + + + Fill Domain Name, Username, Password information given by your provider into the corresponding fields. + + +
+
+ Using an Update URL + This feature is implemented because the most popular Dynamic DNS providers are using Update URLs mechanism. + + + Register an account with a Dynamic DNS service provider providing their service using Update URL mechanism. Some example providers are listed in the configuration page itself. + + + In FreedomBox UI, enable the Dynamic DNS service. + + + Select other Update URL as Service type, enter the update URL given by your provider into Update URL field. + + + If you browse the update URL with your Internet browser and a warning message about untrusted certificate appears, then enable accept all SSL certificates. WARNING: your credentials may be readable here because man-in-the-middle attacks are possible! Consider choosing a better service provider instead. + + + If you browse the update URL with your Internet browser and the username/password box appears, enable use HTTP basic authentication checkbox and provide the Username and Password. + + + If the update URL contains your current IP address, replace the IP address with the string <Ip>. + + +
+
+ Checking If It Works + + + Make sure that external services you have enabled such as /jwchat, /roundcube and /ikiwiki are available on your domain address. + + + Go to the Status page, make sure that the NAT type is detected correctly. If your FreedomBox is behind a NAT device, this should be detected over there (Text: Behind NAT). If your FreedomBox has a public IP address assigned, the text should be "Direct connection to the Internet". + + + Check that the last update status is not failed. + + +
+
+
+ PageKite + PageKite is free Software solution for tunneling HTTP, HTTPS and SSH servers through firewalls and NAT. + See PageKite website. +
+
+ Secure Shell + FreedomBox runs openssh-server server by default allowing remote logins from all interfaces. If your hardware device is connected to a monitor and a keyboard, you may login directly as well. Regular operation of FreedomBox does not require you to use the shell. However, some tasks or identifying a problem may require you to login to a shell. +
+ Default User Account + FreedomBox is bundled with a preset user account. This user also has superuser privileges via sudo. The default credentials are: + + + + + + + + + Username + + + + + Password + + + + + + fbx + + + frdm + + + + + + + + Change the password + + Soon after you get your FreedomBox working, you must change the default password for the fbx user. If you fail to do this, since the password is public knowledge, anyone will be able to take control of your device. + +
+
+ Logging In + To login via SSH, to your FreedomBox: + $ ssh fbx@freedombox + Replace fbx with the name of the user you wish to login as. freedombox should be replaced with the hostname or IP address of you FreedomBox device as found in the Quick Start process. + fbx is the default user present on FreedomBox with superuser privileges. Any other user created using Plinth and belonging to the group admin will be able to login. The root account has no password set and will not be able to login. Access will be denied to all other users. + fbx and users in admin group will also be able to login on the terminal directly. Other users will be denied access. + If you repeatedly try to login as a user and fail, you will be blocked from logging in for some time. This is due to libpam-abl package that FreedomBox installs by default. To control this behavior consult libpam-abl documentation. +
+
+ Becoming Superuser + After logging in, if you want to become the superuser for performing administrative activities: + $ sudo su + Make a habit of logging in as root only when you need to. If you aren't logged in as root, you can't accidentally break everything. + + + +
+
+ Changing Password + To change the password of a user managed by Plinth, use the change password page. However, the fbx default user is not managed by Plinth and its password cannot be changed in the web interface. + To change password on the terminal, log in to your FreedomBox as the user whose password you want to change. Then, run the following command: + $ passwd + This will ask you for your current password before giving you the opportunity to set a new one. +
+
+
+ Wiki & Blog (Ikiwiki) +
+ Creating a wiki or blog + You can create a wiki or blog to be hosted on your FreedomBox through the Wiki & Blog (Ikiwiki) page in Plinth. The first time you visit this page, it will ask to install packages required by Ikiwiki. + After the package install has completed, select the Create tab. You can select the type to be Wiki or Blog. Also type in a name for the wiki or blog, and the username and password for the wiki's/blog's admin account. Then click Update setup and you will see the wiki/blog added to your list. Note that each wiki/blog has its own admin account. +
+
+ Accessing your wiki or blog + From the Wiki & Blog (Ikiwiki) page, select the Manage tab and you will see a list of your wikis and blogs. Click a name to navigate to that wiki or blog. + From here, if you click Edit or Preferences, you will be taken to a login page. To log in with the admin account that you created before, select the Other tab, enter the username and password, and click Login. +
+
+ User login through SSO + Besides the wiki/blog admin, other FreedomBox users can be given access to login and edit wikis and blogs. However, they will not have all the same permissions as the wiki admin. They can add or edit pages, but cannot change the wiki's configuration. + To add a wiki user, go to the Users and Groups page in Plinth (under System configuration, the gear icon at the top right corner of the page). Create or modify a user, and add them to the wiki group. (Users in the admin group will also have wiki access.) + To login as a FreedomBox user, go to the wiki/blog's login page and select the Other tab. Then click the "Login with HTTP auth" button. The browser will show a popup dialog where you can enter the username and password of the FreedomBox user. +
+
+
+
+ System +
+ Networks + This section describes how networking is setup by default in FreedomBox and how you can customize it. See also the Firewall section for more information on how firewall works. +
+ Default setup + In a fresh image of FreedomBox, network is not configured at all. When the image is written to an SD card and the device boots, configuration is done. During first boot, FreedomBox setup package detects the networks interfaces and tries to automatically configure them so that FreedomBox is available for further configuration via the web interface from another machine without the need to connect a monitor. Automatic configuration also tries to make FreedomBox useful, out of the box, for the most important scenarios FreedomBox is used for. + There are two scenarios it handles: when is a single ethernet interface and when there are multiple ethernet interfaces. +
+ Single ethernet interface + When there is only single ethernet interface available on the hardware device, there is not much scope for it to play the role of a router. In this case, the device is assumed to be just another machine in the network. Accordingly, the only available interface is configured to be an internal interface in automatic configuration mode. This means that it connects to the Internet using the configuration provided by a router in the network and also makes all (internal and external) of its services available to all the clients on this network. +
+
+ Multiple ethernet interface + When there are multiple ethernet interfaces available on the hardware device, the device can act as a router. The interfaces are then configured to perform this function. + The first network interface is configured to be an WAN or external interface in automatic configuration mode. This means that it connects to the Internet using network configuration provided by the Internet Service Provider (ISP). Only services that are meant to be provided across the entire Internet (external services) will be exposed on this interface. You must plug your Internet connection into the port of this ethernet interface. If you wish to continue to have your existing router manage the Internet connection for you, then plug a connection from your router to the port on this interface. + The remaining network interfaces are configured for the clients of a router. They are configured as LAN or internal interfaces in shared configuration mode. This means that all the services (both external and internal) services are provided to who ever connects on this interface. Further, the shared mode means that clients will be able to receive details of automatic network connection on this interface. Specifically, DHCP configuration and DNS servers are provided on this interface. The Internet connection available to the device using the first network interface will be shared with clients using this interface. This all means that you can connect your computers to this network interface and they will get automatically configured and will be able to access the Internet via the FreedomBox. + Currently, it is not very clear which interface will be come the WAN interface (and the remaining being LAN interfaces) although the assignment process is deterministic. So, it take a bit of trail and error to figure out which one is which. In future, for each device, this will be well documented. +
+
+ Wi-Fi configuration + All Wi-Fi interfaces are configured to be LAN or internal interfaces in shared configuration mode. They are also configured to become Wi-Fi access points with following details. + + + Name of the access point will be FreedomBox plus the name of the interface (to handle the case where there are multiple of them). + + + Password for connecting to the interface will be freedombox123. + + +
+
+
+ Internet Connection Sharing + Although the primary duty of FreedomBox is to provide decentralized services, it can't also act like a home router. Hence, in most cases, FreedomBox connects to the Internet and provides other machines in the network the ability to use that Internet connection. FreedomBox can do this in two ways: using a shared mode connection or using an internal connection. + When an interface is set in shared mode, you may connect your machine directly to it. This is either by plugging in an ethernet cable from this interface to your machine or by connecting to a Wi-Fi access point. This case is the simplest to use, as FreedomBox automatically provides your machine with the necessary network configuration. Your machine will automatically connect to FreedomBox provided network and will be able to connect to the Internet given that FreedomBox can itself connect to the Internet. + Sometimes the above setup may not be possible because the hardware device may have only one network interface or for other reasons. Even in this case, your machine can still connect to the Internet via FreedomBox. For this to work, make sure that the network interface that your machine is connecting to is in internal mode. Then, connect your machine to network in which FreedomBox is present. After this, in your machine's network configuration, set FreedomBox's IP address as the gateway. FreedomBox will then accept your network traffic from your machine and send it over to the Internet. This works because network interfaces in internal mode are configured to masquerade packets from local machines to the Internet and receive packets from Internet and forward them back to local machines. +
+
+ Customization + The above default configuration may not be fit for your setup. You can customize the configuration to suit your needs from the Networks area in the 'setup' section of the FreedomBox web interface. +
+ PPPoE connections + If your ISP does not provide automatic network configuration via DHCP and requires you to connection via PPPoE. To configure PPPoE, remove any network connection existing on an interface and add a PPPoE connection. Here, optionally, provide the account username and password given by your ISP and activate the connection. +
+
+ Connect to Internet via Wi-Fi + By default Wi-Fi devices attached during first boot will be configured as access points. They can be configured as regular Wi-Fi devices instead to connection to a local network or an existing Wi-Fi router. To do this, click on the Wi-Fi connection to edit it. Change the mode to Infrastructure instead of Access Point mode and IPv4 Addressing Method to Automatic (DHCP) instead of Shared mode. Then the SSID provided will mean the Wi-Fi network name you wish to connect to and passphrase will be the used to while making the connection. +
+
+ Adding a new network device + When a new network device is added, network manager will automatically configure it. In most cases this will not work to your liking. Delete the automatic configuration created on the interface and create a new network connection. Select your newly added network interface in the add connection page. + + + Then set firewall zone to internal and external appropriately. + + + You can configure the interface to connect to a network or provide network configuration to whatever machine connects to it. + + + Similarly, if it is a Wi-Fi interface, you can configure it to become a Wi-FI access point or to connect to an existing access points in the network. + + +
+
+
+ Manual Network Operation + FreedomBox automatically configures networks by default and provides a simplified interface to customize the configuration to specific needs. In most cases, manual operation is not necessary. The following steps describe how to manually operate network configuration in the event that a user finds FreedomBox interface to insufficient for task at hand or to diagnose a problem that FreedomBox does not identify. + On the command line interface: + To see the list of available network devices: + nmcli device + To see the list of configured connections: + nmcli connection + To see the current status of a connection: + nmcli connection show '<conneciton_name>' + To see the current firewall zone assigned to a network interface: + nmcli connection show '<conneciton_name>' | grep zone + or + firewall-cmd --zone=internal --list=all +firewall-cmd --zone=external --list=all + To create a new network connection: + nmcli con add con-name "<connection_name>" ifname "<interface>" type ethernet +nmcli con modify "<connection_name>" connection.autoconnect TRUE +nmcli con modify "<connection_name>" connection.zone internal + To change the firewall zone for a connection: + nmcli con modify "<connection_name>" connection.zone "<internal|external>" + For more information on how to use nmcli command, see its man page. Also for a full list of configuration settings and type of connections accepted by Network Manager see: + + + + To see the current status of the firewall and manually operate it, see the Firewall section. +
+
+
+ Upgrades + FreedomBox can automatically install security upgrades. On the Upgrades page of the Settings section in Plinth you can turn on automatic upgrades. For FreedomBox versions above 0.5, this feature is enabled by default and there is no manual action necessary. It is strongly recommended that you have this option enabled to keep your FreedomBox secure. + Upgrades are performed every day at night. If you wish to shutdown FreedomBox every day after use, keep it running at night once a week or so to let the automatic upgrades happen. Alternatively, you can perform manual upgrades as described below. +
+ Manual Upgrades + In the Plinth web interface, you can initiate a manual upgrade process from Upgrades page of the Settings section. Note that once the upgrades start, it may take a long time to complete and Plinth may seem to wait for the page to load. + Under some circumstances, automatic upgrades may fail and require you perform a manual upgrade action. Even upgrades initiated from Plinth may not finish properly. This may be because the upgrade process requires you to make a decision. In these cases, manual upgrade on the terminal may be the only option. + To perform manual upgrades on the terminal, login into FreedomBox on a terminal or using a remote secure shell (see Secure Shell section). Then run the following commands: + $ sudo su - +Password: +# apt-get update +# apt-get dist-upgrade + This will ask you if it is alright to install/upgrade (or remove) some packages and use (or release) some disk space. Say yes after review. In some cases, during the upgrades process you will be asked questions about modified configuration files, answering with a default Keep current configuration is usually safe. +
+
+
+ Firewall + Firewall is a network security system that controls the incoming and outgoing network traffic. Keeping a firewall enabled and properly configured reduces risk of security threat from the Internet. + The operation of the firewall in Plinth web interface of FreedomBox is automatic. When you enable a service it is automatically permitted in the firewall and when you disable a service it is automatically disabled in the firewall. For services which are enabled by default on FreedomBox, firewall ports are also enabled by default during the first run process. + Firewall management in FreedomBox is done using FirewallD. +
+ Interfaces + Each interface is needs to be assigned to one (and only one) zone. Whatever rules are in effect for a zone, those rules start to apply for that interface. For example, if HTTP traffic is allowed in a particular zone, then web requests will be accepted on all the addresses configured for all the interfaces assigned to that zone. + There are primarily two firewall zones used. The internal zone is meant for services that are provided to all machines on the local network. This may include services such as streaming media and simple file sharing. The external zone is meant for services that are provided publicly on the Internet. This may include services such as blog, website, email web client etc. + For details on how network interfaces are configured by default, see the Networks section. +
+
+ Ports/Services + The following table attempts to document the ports, services and their default statuses in FreedomBox. If you find this page outdated, see the Plinth source for lib/freedombox/first-run.d/90_firewall and Firewall status page in Plinth UI. + + + + + + + + + + + + + Service + + + + + Port + + + + + External + + + + + Enabled by default + + + + + Status shown in Plinth + + + + + Managed by Plinth + + + + + + SSH + + + 22/tcp + + + + + + + + + {*} + + + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + + + + + {X} + + + + + + + + JWChat + + + 80/tcp + + + + + + + + + {*} + + + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + + + + + {X} + + + + + + + + JWChat + + + 443/tcp + + + + + + + + + {*} + + + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + + + + + {X} + + + + + + + + OwnCloud + + + 80/tcp + + + + + + + + + {*} + + + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + OwnCloud + + + 443/tcp + + + + + + + + + {*} + + + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + Plinth + + + 443/tcp + + + + + + + + + {*} + + + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + + + + + {X} + + + + + + + + Tor (Socks) + + + 9050/tcp + + + + + + + + + {o} + + + + + + + + + + + + (./) + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + NTP + + + 123/udp + + + + + + + + + {o} + + + + + + + + + + + + (./) + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + DNS + + + 53/tcp + + + + + + + + + {o} + + + + + + + + + + + + (./) + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + DNS + + + 53/tdp + + + + + + + + + {o} + + + + + + + + + + + + (./) + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + mDNS + + + 5353/udp + + + + + + + + + {o} + + + + + + + + + + + + (./) + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + DHCP + + + 67/udp + + + + + + + + + {o} + + + + + + + + + + + + (./) + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + Bootp + + + 67/tcp + + + + + + + + + {o} + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + Bootp + + + 67/udp + + + + + + + + + {o} + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + Bootp + + + 68/tcp + + + + + + + + + {o} + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + Bootp + + + 68/udp + + + + + + + + + {o} + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + LDAP + + + 389/tcp + + + + + + + + + {o} + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + LDAPS + + + 636/tcp + + + + + + + + + {o} + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + OpenVPN + + + 1194/udp + + + + + + + + + {*} + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + Privoxy + + + 8118/tcp + + + + + + + + + {o} + + + + + + + + + + + + (./) + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + XMPP Server + + + 5269/tcp + + + + + + + + + {*} + + + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + + + + + {X} + + + + + + + + XMPP Client + + + 5222/tcp + + + + + + + + + {*} + + + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + + + + + {X} + + + + + + + + XMPP Bosh + + + 5280/tcp + + + + + + + + + {*} + + + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + + + + + {X} + + + + + + + + Obfsproxy + + + <random>/tcp + + + + + + + + + {*} + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + + + + + {X} + + + + + + + + +
+
+ Manual operation + See FirewallD documentation for more information on the basic concepts and comprehensive documentation. +
+ Enable/disable firewall + To disable firewall + service firewalld stop + or with systemd + systemctl stop firewalld + To re-enable firewall + service firewalld start + or with systemd + systemctl start firewalld +
+
+ Modifying services/ports + You can manually add or remove a service from a zone. + To see list of services enabled: + firewall-cmd --zone=<zone> --list-services + Example: + firewall-cmd --zone=internal --list-services + To see list of ports enabled: + firewall-cmd --zone=<zone> --list-ports + Example: + firewall-cmd --zone=internal --list-ports + To remove a service from a zone: + firewall-cmd --zone=<zone> --remove-service=<service> +firewall-cmd --permanent --zone=<zone> --remove-service=<interface> + Example: + firewall-cmd --zone=internal --remove-service=xmpp-bosh +firewall-cmd --permanent --zone=internal --remove-service=xmpp-bosh + To remove a port from a zone: + firewall-cmd --zone=internal --remove-port=<port>/<protocol> +firewall-cmd --permanent --zone=internal --remove-port=<port>/<protocol> + Example: + firewall-cmd --zone=internal --remove-service=5353/udp +firewall-cmd --permanent --zone=internal --remove-port=5353/udp + To add a port to a zone: + firewall-cmd --zone=<zone> --add-service=<service> +firewall-cmd --permanent --zone=<zone> --add-service=<interface> + Example: + firewall-cmd --zone=internal --add-service=xmpp-bosh +firewall-cmd --permanent --zone=internal --add-service=xmpp-bosh + To add a port to a zone: + firewall-cmd --zone=internal --add-port=<port>/<protocol> +firewall-cmd --permanent --zone=internal --add-port=<port>/<protocol> + Example: + firewall-cmd --zone=internal --add-service=5353/udp +firewall-cmd --permanent --zone=internal --add-port=5353/udp +
+
+ Modifying the zone of interfaces + You can manually change the assignment of zones of each interfaces after they have been autuomatically assigned by the first boot process. + To see current assignment of interfaces to zones: + firewall-cmd --list-all-zones + To remove an interface from a zone: + firewall-cmd --zone=<zone> --remove-interface=<interface> +firewall-cmd --permanent --zone=<zone> --remove-interface=<interface> + Example: + firewall-cmd --zone=external --remove-interface=eth0 +firewall-cmd --permanent --zone=external --remove-interface=eth0 + To add an interface to a zone: + firewall-cmd --zone=<zone> --add-interface=<interface> +firewall-cmd --permanent --zone=<zone> --remove-interface=<interface> + Example: + firewall-cmd --zone=internal --add-interface=eth0 +firewall-cmd --permanent --zone=internal --remove-interface=eth0 +
+
+
+
+
+ Hardware + FreedomBox is aimed as a consumer electronics device that is easy to setup, maintain and use. The project does not aim to create a custom hardware device. Instead we plan to support/customize exiting hardware. + In addition to supporting various single board computers and other devices, FreedomBox also supports being installed in a virtual machine. Also, any Debian machine can be turned into a FreedomBox by installing the freedombox-setup package. See usage instructions for more details. +
+ Supported Hardware +
+ Recommended Hardware + + + + + + + + + + + + + + + FreedomBox Danube Edition + + + + + + FreedomBox - Danube Edition + + (based on Cubietruck) + + + + + + + + + + BeagleBone Black + + + + + + BeagleBone Black + + + + + + + + + + + + + Debian + + + + + + Debian + + + + + + + + + + + VirtualBox + + + + + + VirtualBox + + + + + + +
+
+ Also Working Hardware + This hardware works but is not recommended due to freedom, performance-per-cost, or other concerns: + + + + + + + + + + + + + + + + DreamPlug + + + + + + DreamPlug + + + + + + + + + + + Raspberry Pi + + + + + + Raspberry Pi + + + + + + + + + + + Raspberry Pi 2 + + + + + + Raspberry Pi 2 + + + + + + + Note: As FreedomBox is in development state, Supported Hardware means that FreedomBox images are built for the said hardware and at least one developers has reported the basic functions to be working. +
+
+
+ Targeted Hardware + Although the project may focus on supporting specific devices, we are looking to support as wider a variety of hardware as possible that is suitable for FreedomBox needs. Take a look at the list of hardware targeted for support. If you are a developer, consider adding hardware support for your device by modifying Freedom Maker and FreedomBox Setup. +
+
+ Cubietruck +
+ FreedomBox Danube Edition + + + + + + + FreedomBox Danube Edition + + + + FreedomBox Danube Edition is a custom casing around Cubietruck coupled with an SSD. +
+
+ Cubietruck / Cubieboard3 + Cubietruck (Cubieboard3) is a single board computer with better performance than many other such boards. FreedomBox images are being built for it. For using this board as FreedomBox, a separate USB WiFi device that does not require non-free firmware is recommended. +
+
+ Download + FreedomBox SD card images for this hardware are being built. + An alternative to downloading these images is to install Debian on Cubietruck and then install FreedomBox on it. +
+
+ Build Image + FreedomBox images for this hardware can be built using Freedom Maker once the support for it is added. +
+
+ Availability + FreedomBox Danue Edition + + + A limited number of units are planned to be shipped along with the release of FreedomBox 1.0. If you wish to get one, express your interest. + + + Cubietruck / Cubieboard3 + + + Price: 89 USD + + + + List of suppliers + + + +
+
+ Hardware + + + Open Hardware: No + + + CPU: Allwinner A20, ARM Cortex-A7 @ 1GHz dual-core + + + RAM: 2 GiB DDR3 @ 480 MHz + + + Storage: 8 GB NAND flash built-in, 1x microSD slot + + + Architecture: armhf + + + Ethernet: 10/100/1000, RJ45 + + + WiFi: Broadcom BCM4329/BCM40181 (no free WiFi drivers + firmware available) + + + SATA: 1x 2.0 port + + +
+
+ Non-Free Status + + + Non-free blobs required: ? + + + WiFi: no free WiFi drivers + firmware available + + + Works with stock Debian kernel: yes + + +
+
+ Known Issues + + + WiFi does not work with free software. A separate USB WiFi device is recommended. + + +
+
+
+ Beagle Bone Black + + + + + + + Beagle Bone Black + + + + Beagle Bone Black (Revision C.1) is an open hardware single board computer. FreedomBox images are built and tested for it. For using this board as FreedomBox, a USB WiFi device that does not require non-free firmware is recommended. +
+ Download + FreedomBox SD card images for this hardware are available. Follow the instructions on the download page to create a FreedomBox SD card and boot into FreedomBox. + An alternative to downloading these images is to install Debian on BeagleBone and then install FreedomBox on it. +
+
+ Build Image + FreedomBox images for this hardware can be built using Freedom Maker. +
+
+ Availability + + + Price: ~ 59 USD (50 EUR) + + + + Mouser Electronics + + + + + Full list of suppliers + + + +
+
+ Hardware + + + Open Hardware: Yes + + + CPU: AM335x 1GHz ARM Cortex-A8 + + + RAM: 512MB DDR3L 800 Mhz + + + Storage: Onboard 4GB, 8bit Embedded MMC and microSD + + + Architecture: armhf + + + Ethernet: 10/100, RJ45 + + + WiFi: None, use a USB WiFi device + + + SATA: None + + +
+
+ Non-Free Status + + + Non-free blobs required: No + + + WiFi: Not available + + + Works with stock Debian kernel: Yes + + +
+
+ Known Issues + None +
+
+
+ VirtualBox + + + + + + + VirtualBox + + + + This page will help you get started with using FreedomBox on a virtual machine using VirtualBox. While VirtualBox images are primarily used for testing and development, they can also be used for regular use if you have spare resources on one of your machines. This setup is useful if: + + + You don't own one of the supported hardware devices. + + + You don't use Debian GNU/Linux as your operating system. + + + You don't want to disturb your Debian installation to try out FreedomBox. + + +
+ Download + FreedomBox SD card images for this VirtualBox are available. Follow the instructions on the download page to download and verify VirtualBox images. + An alternative to downloading these images is to install Debian on VirtualBox and then install FreedomBox on it. +
+
+ Creating a Virtual Machine + + + Decompress the downloaded VDI image. + + + Create a new VirtualBox VM. + + + When asked for a "Virtual Hard Disk" select the .vdi file you just extracted in step 1. + + + After a virtual machine is created, go to settings -> [Network] -> [Interface] and set on the following options. + + +
+
+ Network Configuration + VirtualBox provides many types of networking options. Each has its advantages and disadvantages. For more information about how various networking types work in VirtualBox, see VirtualBox's networking documentation. + For a simple setup, it is recommended that you use a single network interface in your guest machine. This will make the first boot script automatically configure that interface as an internal network with automatic network configuration. Inside the guest machine, the networking is configured automatically and all the services are made available on this network interface. For more information on how networks are configured by default in FreedomBox, see Networks section. + What remains is to make those services available to the host machine or to other machines in the network. You must then choose one of the following types of networking for the network interface on your guest machine. To set a particular type of network for the guest's network adapter, go to the guest VM's settings then the network options and then select the adapter you wish to configure. There, set the network type from the available list of networks. + + + First and the recommended option is to use the Bridge type of network. This option exposes the guest machine to the same network that host network is connected to. The guest obtains network configuration information from a router or DHCP server on the network. The guest will appear as just another machine in the network. A major advantage of this of setup is that the host and all other machines in the network will be able to access the services provided by guest without requiring any further setup. The only drawback of this approach is that if the host is not connected to any network, the guest's network will remain unconfigured making it inaccessible even from the host. + + + Second method is Host only type of networking. With a guest's network interface configured in this manner, it will only be accessible from the host machine. The guest will not able access any other machine but the host. It, however, does not require that the host machine be connected to a network. All services all accessible from the host machine without any special configuration such as port forwarding. + + + The final option is to use the NAT type of network. This the networking type that VirtualBox assigns to a freshly created virtual machine. This option works even when host is not connected to any network. The guest is automatically configured and is able to access the Internet and local networks that host is able to connect to. However, the services provided by the guest require port forwarding configuration setup to be available outside. + To configure this go to VM settings -> [Network] -> [Adapter] -> [Port Forwarding]. Map a port such as 2222 from host to guest port 22 and you will be able to ssh into FreedomBox from host machine as follows: + + + ssh -p 4443 fbx@localhost + + + Map 4443 on host to 443 on the guest. This make FreedomBox HTTPS service available on host using the URL You will need to add a mapping for each such services from host to guest. + + + Summary of various network types: + + + + + + + + + + + - + + + + Guest accessible from other machines + + + + + Guest accessible from host + + + + + Works without port forwarding + + + + + Works without host connected to network + + + + + + + Bridged Adapter + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + + + + + {X} + + + + + + + + + Host only + + + + + + + + + + {X} + + + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + + NAT + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + + + + + {X} + + + + + + + + + + + + (./) + + + + + + + + +
+
+ Using + You can log in as the following user: + + + Username: fbx + Password: frdm + + + After logging in, you can become root with the command sudo su. See the FreedomBox usage page for more details. +
+
+ Build Image + If you wish to build your own images instead of downloading available images, it can be done using Freedom Maker. +
+
+ Tips & Troubleshooting +
+ Networking Problems with macchanger + The package macchanger can cause network problems with VirtualBox. If you have a valid IP address on your guest's host network adapter (like 192.168.56.101) but are not able to ping or access the host (like 192.168.56.1), try uninstalling macchanger: + $ dpkg --ignore-depends=freedombox-setup --remove macchanger + You might have to manually remove the script /etc/network/if-prep-up/macchanger. If Debian complains about unmet dependencies when you use a package manager (apt-get, aptitude, dpkg), try to remove 'macchanger' from the dependencies of 'freedombox-setup' in the file /var/lib/dpkg/status. +
+
+ Mounting Images Locally + If you want to mount images locally, use the following to copy built images off the VirtualBox: + $ mkdir /tmp/vbox-img1 /tmp/vbox-root1 +$ vdfuse -f freedombox-unstable_2013.0519_virtualbox-i386-hdd.vdi /tmp/vbox-img1/ +$ sudo mount -o loop /tmp/vbox-img1/Partition1 /tmp/vbox-root1 +$ cp /tmp/vbox-root1/home/fbx/freedom-maker/build/freedom*vdi ~/ +$ sudo umount /tmp/vbox-root1 +# $ sudo umount /tmp/vbox-img1 # corruption here. +
+
+
+
+ Debian + + + + + + + Debian + + + + FreedomBox is a pure blend of Debian. This means that all the work on FreedomBox is available in Debian as packages. It also means that any machine running Debian can be turned into a FreedomBox. + This page describes the process of installing FreedomBox on a Debian system. Currently, FreedomBox currently runs Debian Unstable (Sid) and Debian Testing (Strech). + + + Use a fresh Debian installation + + Installing FreedomBox changes your Debian system in many important ways. This includes installing a firewall and regenerating server certificates. It is hence recommended that you install FreedomBox on a fresh Debian installation instead of an existing setup. + +
+ Installing on Debian + + + Install Debian Unstable (Sid) on your hardware. + + + If you choose to create an initial user account, use "fbx" as the login name. (Once the FreedomBox setup program completes, all user accounts except for the "fbx" account will be locked out via pam_access. This also affects sudo access.) + + + + + Update your package list. + $ sudo apt-get update + + + Install freedombox-setup package. + $ sudo apt-get install freedombox-setup + + + Run FreedomBox setup program. This installs further packages and sets up basic configuration. + $ sudo /usr/lib/freedombox/setup | tee freedombox-setup.log + + + Reboot the system. This is necessary to trigger the first-run script. + $ sudo reboot + + + After the system boots up, wait for it to reboot again. The first-run scripts sets up a few things and initiates a reboot. + + + After the second reboot you can start using FreedomBox. + + +
+
+ Troubleshooting + + + There is a bug in policykit-1 package that causes errors and hangs during installation of freedombox-setup package. A workaround is to first install policykit-1 package and then reboot. After that, follow the above procedure setup procedure. + $ sudo apt-get update +$ sudo apt-get install policykit-1 +$ sudo reboot + + + Freedombox does not support network device configuration via /etc/network/interfaces, and it may misbehave if any non-loopback interfaces are mentioned there. (See bug #797614.) Future versions of freedombox-setup will clear this file automatically; for now, edit it manually and ensure that it contains only the following: + auto lo +iface lo inet loopback + + +
+
+
+ DreamPlug + + + + + + + DreamPlug + + + + DreamPlug is the hardware for which FreedomBox has been originally targeted. FreedomBox images are built and tested for it. For using this device as FreedomBox, a USB WiFi device that does not require non-free firmware is recommended. + You can find more support and discussion for DreamPlug on the official forum. +
+ Download + FreedomBox SD card images for this hardware are available. Follow the instructions on the download page to create a FreedomBox SD card and boot into FreedomBox. See also instructions for using an internal micro-SD with DreamPlug. + An alternative to downloading these images is to install Debian on DreamPlug and then install FreedomBox on it. +
+
+ Firmware + Note that the factory firmware configurations may vary between revisions of the hardware, and render some images incompatible. See the DreamPlug firmware page for information on what images are compatible and how to update your DreamPlug firmware. +
+
+ Build Image + FreedomBox images for this hardware can be built using Freedom Maker. +
+
+ Testing + Instructions on how to test this hardware are available. +
+
+ Availability + + + Price: 159 USD + + + + DreamPlug manufacturer + + + + Reseller Spinifex in Australia + + +
+
+ Hardware + + + Open Hardware: No + + + CPU: Marvell Kirkwood 88F6281 @ 1.2GHz + + + RAM: 512MB 16bit DDR2-800 MHz + + + Storage: 4 GB on board micro-SD + + + Architecture: armel + + + Ethernet: 2x 10/100/1000, RJ45 + + + WiFi: SD8787, 802.11 b/g/n + + + SATA: eSATA 2.0 port + + +
+
+ Non-Free Status + + + Non-free blobs required: built-in WiFi + + + WiFi: no free WiFi drivers + firmware available + + + Works with stock Debian kernel: yes + + +
+
+ Known Issues + + + WiFi does not work with free software. A separate USB WiFi device is recommended. + + +
+
+
+ Raspberry Pi Model B+ + + + + + + + Raspberry Pi (Model B+) + + + + Raspberry Pi (Model B+) is a popular single board computer developed with the intention of promoting teaching of basic computer science in schools. FreedomBox images are built and tested for it. For using this board as FreedomBox, a USB WiFi device that does not require non-free firmware is recommended. + Note: The Debian architecture used for this device is armel. This means floating point computations are done in software and most operations are slower than what Raspberry Pi is capable of. +
+ Download + FreedomBox SD card images for this hardware are available. Follow the instructions on the download page to create a FreedomBox SD card and boot into FreedomBox. +
+
+ Build Image + FreedomBox images for this hardware can be built using Freedom Maker. +
+
+ Availability + + + Price: 35 USD + + + + List of official distributors + + + +
+
+ Hardware + + + Open Hardware: No + + + CPU: ARM1176JZF-S (ARMv6k) 700 MHz + + + RAM: 512 MB + + + Storage: MicroSD card slot + + + Architecture: armel + + + Ethernet: 10/100, RJ45 + + + WiFi: None, use a USB WiFi device + + + SATA: None + + +
+
+ Non-Free Status + + + Non-free blobs required: boot firmware + + + WiFi: Not available + + + Works with stock Debian kernel: No + + +
+
+ Known Issues + + + The Debian architecture used for this device is armel. This means floating point computations are done in software and generally most operations are slower than what Raspberry Pi is capable of. + + +
+
+
+ Raspberry Pi 2 Model B + + + + + + + Raspberry Pi 2 + + + + Raspberry Pi 2 (Model B ) is a popular single board computer developed with the intention of promoting teaching of basic computer science in schools. It is a successor to Raspberry Pi Model B+ with much faster processor and more RAM. FreedomBox images are built and tested for it. For using this board as FreedomBox, a USB WiFi device that does not require non-free firmware is recommended. + Note: For FreedomBox release 0.5, the Debian architecture used for this device is armel. This means floating point computations are done in software and most operations are slower than what Raspberry Pi 2 is capable of. Starting with FreedomBox release 0.6 separate armhf images with full hardware floating point support will be available. +
+ Download + FreedomBox SD card images for this hardware are available. Follow the instructions on the download page to create a FreedomBox SD card and boot into FreedomBox. +
+
+ Build Image + FreedomBox images for this hardware can be built using Freedom Maker. +
+
+ Availability + + + Price: 35 USD + + + + List of official distributors + + + +
+
+ Hardware + + + Open Hardware: No + + + CPU: 900 MHz quad-core ARM Cortex-A7 + + + RAM: 1 GB + + + Storage: MicroSD card slot + + + Architecture: armhf + + + Ethernet: 10/100, RJ45 + + + WiFi: None, use a USB WiFi device + + + SATA: None + + +
+
+ Non-Free Status + + + Non-free blobs required: boot firmware + + + WiFi: Not available + + + Works with stock Debian kernel: No + + +
+
+ Known Issues + + + The Debian architecture used for this device is armel. This means floating point computations are done in software and generally most operations are slower than what Raspberry Pi 2 is capable of. However, starting with FreedomBox 0.6 separate images for Raspberry Pi 2 with armhf architecture will be built. + + +
+
+
+ USB Wi-Fi + FreedomBox works on many single board computers. However, many of these boards do not have built-in Wi-Fi capabilities. Even when Wi-Fi capability is available, non-free proprietary firmware is required to make them work. + A solution to the problem is to plug-in a USB Wi-Fi device into one of the available USB ports. There are many such devices available which do not require non-free firmware to work. The following is a list of such devices that work with FreedomBox devices. Some devices based on these chips have tested to work well with FreedomBox including functions such as access point mode. + + + + Devices with Atheros AR7010 chip + + + + + Devices with Atheros AR9271 chip + + + +
+ Resources + + + + Debian Wiki on WiFi drivers + + + + + Wikipedia: Comparison of open-source Linux wireless network drivers + + + + + WikiDevi: database of computer hardware + + + +
+
+
+ Advanced Topics + + + +
+ Adding Additional Features + There are a number of incomplete projects that you might find useful, for setting up a wiki, an IM server, and so forth. To check these out, download the repository: + $ hg clone https://bitbucket.org/nickdaly/plugserver ~/plugserver + Then, read the README. It's pretty detailed. Also, if you can, it may be best to wait until these tools are fully integrated into the FreedomBox image. Otherwise, migrating from these custom tools to the officially supported FreedomBox tools may be difficult. Ultimately, that decision is up to you. +
+
+
+
+ Contributing +
+ Code + If you are a developer, you can contribute code to one of the sub-projects of FreedomBox. Step-by-step process of contributing code to FreedomBox is available. + + + FreedomBox Setup: a Debian package for setting up the FreedomBox. + + + Plinth: a web interface to administer the functions of FreedomBox. + + + Freedom Maker: a script to build FreedomBox disk images for use on various hardware devices or virtual machines. + + + You can pickup a task from one of the TODO lists. The individual page project pages contain information availabily of the code, how to build and TODO lists. +
+
+ Add an Application + If you are a developer and wish to see an application available in FreedomBox, you can contribute by adding the application to FreedomBox. See the FreedomBox Developer Manual. +
+
+ Donate + The FreedomBox Foundation is a Delaware non-profit corporation in the process of applying for 501(c)(3) federal nonprofit recognition from the IRS. FreedomBox project is run by volunteers. You can help the project financially by donating via PayPal, Bitcoin or by mailing a check. Please see the donation page for details on how to donate. +
+
+ Document: User Manual, Website and Wiki + FreedomBox needs better documentation for users and contributors. FreedomBox manual is prepared by aggregating various pages on the wiki and exporting to various formats. The manual is then used in Plinth and elsewhere. + If you wish to contribute to the FreedomBox wiki (and consequently the FreedomBox manual), you can create a wiki account and start editing. + For contributing to the website please start a discussion on the FreedomBox mailing list. +
+
+ Quality Assurance + + + FreedomBox already runs on many platforms and it is not possible for developers to test all possible platforms. If you have one of the supported hardware you can help with testing FreedomBox on the platform. + + + When an application is made available on FreedomBox, not all of its functionality is tested in the real world by developer doing the work. Deploying the application and testing it will help ensure high quality applications in FreedomBox. + + + See the quality assurance page for a basic list of test cases to check for and information on reporting bugs. +
+
+ Translate + All text visible to users of FreedomBox needs to be localized to various languages. This includes: + + + Plinth web interface for FreedomBox + + + FreedomBox documentation + + + FreedomBox website and wiki + + + Individual applications that FreedomBox exposes to users such as ownCloud, JWChat etc. + + + If you wish to see FreedomBox available for one of your languages, please start a discussion on the FreedomBox discuss mailing list. +
+
+ Design +
+ User Experience Design + If you are a user experience designer, you can help FreedomBox with the following items: + + + UI experience for the Plinth web interface + + + Web design for freedomboxfoundation.org and FreedomBox wiki pages + + + Logo and branding (we currently have an identity manual and logos) + + + Possible designs for custom FreedomBox cases on single board computers + + + + User experience design + + + +
+
+ Technical Design + FreedomBox is still under development any many components are yet to be worked on. You can contribute to the discussion on various technical design and implementation aspects of FreedomBox. See: + + + + Design portal + + + +
+
+
+ Spread the Word + Speak to your family, friends, local community or at global conferences about the importance of FreedomBox. To be a successful project we need many more participants, be it users or contributors. Write about your efforts at the talks page and on the wiki. +
+
+
+ Developer Guide + This manual is meant for developers intending to develop applications for FreedomBox. It provides a step by step tutorial and an API reference. +
+ Writing Applications - Tutorial + This tutorial covers writing an application for FreedomBox. FreedomBox is a pure blend of Debian with a web interface, known as Plinth, that configures its applications. We shall discuss various aspects of building an application for FreedomBox, by creating an example application. + There are two parts to writing a FreedomBox application. First is to make sure that the application is available as a Debian package uploaded to the repositories. This is the majority of the work involved. However, if an application is already available in Debian repositories, it is trivial to build a FreedomBox UI for it. The second part of writing an application for FreedomBox is to provide a thin web interface layer for configuring the application. This is done by extending Plinth's user interface to provide visibility to the application and to let the user control its operations in a highly simplified way. This layer is referred to as 'Plinth application'. + Plinth applications can either be distributed as part of Plinth source code by submitting the applications to the Plinth project or they can distributed independently. This tutorial covers writing an application that is meant to be distributed as part of Plinth. However, writing independent Plinth applications is also very similar and most of this tutorial is applicable. + + + Note + + The term application, in this tutorial, is used to mean multiple concepts. FreedomBox application is a combination of Debian package and a web interface layer. The web interface layer is also called a Plinth application which is very similar to and built upon a Django application. + +
+ Before we begin + Plinth is a web interface built using Python3 and Django. FreedomBox applications are simply Django applications within the Plinth project. Hence, for the most part, writing a FreedomBox application is all about writing a Django application. + You should start by reading the Django tutorial. All the concepts described there are applicable for how plinth and its applications are be built. +
+
+ Picking an application + We must first, of course, pick an application to add to FreedomBox. For the purpose of this tutorial, let us pick Tiny Tiny RSS. The project description reads as, Tiny Tiny RSS is an open source web-based news feed (RSS/Atom) reader and aggregator, designed to allow you to read news from any location, while feeling as close to a real desktop application as possible. + + + Choosing an application + + When choosing an application we must make sure that the application respects users' freedom and privacy. By choosing to use FreedomBox, users have explicitly made a choice to keep the data with themselves, to not provide privacy compromising data to centralized entities and to use Free Software that respects their Software Freedom. These are not properties of some of the applications in FreedomBox but all applications must adhere to these principles. Applications should not even ask the users questions to this effect, because users have already made a choice. + +
+
+ Packaging the application + Majority of the effort in creating an application for FreedomBox is to package it for Debian and get it uploaded to Debian repositories. Going through the process of packaging itself is outside the scope of this tutorial. It is, however, well documented elsewhere. You should start here. + Debian packaging might seem like an unnecessary process that takes time with its adherence to standards, review process, legal checks, etc. However, upon close examination, one will find that without these steps the goals of the FreedomBox project cannot be met without such a process. Some of the advantages of Debian packaging are listed below: + + + Legal check ensures that proprietary licensed code or code with bad licenses does not inadvertently creep in. + + + Libraries have to be packaged separately easing security handling. When a security vulnerability is identified in a library, just the library will have to be updated and not all the applications that depend on it. + + + Upgrades become smoother. The dependency handling of the packaging system, configuration handling tools, tools to deal with various types of well known files help with ensuring a proper upgrade. + + + Collaborative maintenance teams ensure that the package is well cared for even if you get busy with other work and can't spend time on your package. Following standards and using common infrastructure is critical to enable this development methodology. + + +
+
+ Creating the project structure + Create a directory structure as follows with empty files. We will fill them up in a step-by-step manner. + +- <plinth_root>/ + | + +- plinth/ + | | + | +- modules/ + | | + | +- ttrss/ + | | + | +- __init__.py + | | + | +- forms.py + | | + | +- views.py + | | + | +- views.py + | | + | +- templates/ + | | | + | | +- ttrss.html + | | + | +- tests + | | + | +- __init__.py + | + +- actions/ + | | + | +- ttrss + | + +- data/ + | + +- etc/ + | + +- plinth/ + | + +- modules-enabled/ + | + +- ttrss + The __init__.py indicates that the directory in which it is present is a Python module. For now, it is an empty file. + Plinth's setup script setup.py will automatically install the plinth/modules/ttrss directory (along with other files described later) to an appropriate location. If you are creating an application that stays independent and outside of Plinth source tree, then your setup.py script will need to install it a proper location on the system. The plinth/modules/ directory is a Python3 namespace package. So, you can install it with the plinth/modules/ directory structure into any Python path and still be discovered as plinth.modules.*. +
+
+ Tell Plinth that we exist + The first thing to do is tell Plinth that our application exists. This is done by writing a small file with the Python import path to our application and placing it in data/etc/plinth/modules-enabled/. Let us create this file ttrss: + plinth.modules.ttrss + This file is automatically installed to /etc/plinth/modules-enabled/ by Plinth's installation script setup.py. If we are writing a module that resides independently outside the Plinth's source code, the setup script will need to copy it to the target location. Further, it is not necessary for the application to be part of the plinth.modules namespace. It can, for example, be plinth_ttrss. +
+
+ Writing the URLs + For a user to visit our application in Plinth, we need to provide a URL. When the user visits this URL, a view is executed and a page is displayed. In urls.py write the following: + from django.conf.urls import patterns, url + +urlpatterns = patterns( + 'plinth.modules.ttrss.views', + url(r'^apps/ttrss/$', 'index', name='index'), + ) + This routes the /apps/ttrss/ URL to a view called index defined in plinth/modules/ttrss/views.py. This is no different than how routing URLs are written in Django. See Django URL dispatcher for more information. +
+
+ Adding a menu item + We have added a URL to be handled by our application but this does not yet show up to be a link in Plinth web interface. Let us add a link in the applications list. In __init__.py add the following: + from plinth import cfg + +def init(): + """Intialize the module.""" + menu = cfg.main_menu.get('apps:index') + menu.add_urlname('News Feed Reader (Tiny Tiny RSS)', 'glyphicon-bullhorn', + 'ttrss:index', 850) + As soon as Plinth starts, it will load all the enabled modules into memory. After this, it gives a chance to each of the modules to initialize itself by calling the init() method if there is such a method available as <app>.init(). Here we have implemented this method and added our menu item to the applications menu as part of the initialization process. + We wish to add our menu item to the list of applications which is why we have retrieved the applications menu which is available under the main menu. After this we add our own menu item to this menu. There are several parameters during this process that are important: + + + In the first parameter we are providing the display name to use for our application when showing the menu item. + + + In the second parameter we are providing the icon to show for this menu item. This is an icon from the Twitter Bootstrap library. See + the Twitter Bootstrap library documentation for a list of available icons. We can pick an icon from the available list of icons and just mention its glyphicon class as name here. + + + The third parameter is the name of the URL we have created for our application. Note that when including this application's URLs, Plinth will automatically set the name of the module as the Django + URL namespace. Hence it is ttrss:index and not just index. + + + The final parameter specifies where in the menu this application shows up. This is weightage number with which Plinth sorts the menu items. Higher the weightage, the lower the menu item appears (as it sinks). Since Plinth menu items are alphabetically sorted, for our + application we wish for it to appear between Public Visibility and Voice Chat. Their weights are 800 and 900 respectively. So we selected 850. + + + We have used the application menu item to insert our own menu item as a child. To be able to use the application menu item, we need to make sure that the module providing the application menu is loaded before our application is loaded. We will do that in the next step. +
+
+ Specifying module dependencies + Specifying a simple list of applications to be loaded before our application provided to Plinth is sufficient. Add this in __init__.py. + depends = ['plinth.modules.apps'] + Plinth will now make sure that the apps module is loaded before our module is loaded. Application initialization is also ensured to happen in this order. We can safely use any features of this module knowing that they have been initialized. + + + Circular dependencies + + Circular dependencies are not possible among Plinth applications. Attempting to add them will result in error during startup. + +
+
+ Writing the enable/disable form + We wish to provide a user interface to the user to enable and disable the application. Complex modules may require more options but this is sufficient for our application. Add the following forms.py. + from django import forms + +class TtrssForm(forms.Form): + """Tiny Tiny RSS configuration form.""" + enabled = forms.BooleanField( + label='Enable Tiny Tiny RSS', + required=False) + This creates a Django form that shows a single option to enable/disable the application. It also shows its current state. This is how a regular Django form is built. See Django Forms documentation for more information. + + + Too many options + + Resist the temptation to create a lot of configuration options. Although this will put more control in the hands of the users, it will make FreedomBox less usable. FreedomBox is a consumer product. Our target users are not technically savvy and we have make most of the decisions on behalf of the user to make the interface as simple and easy to use as possible. + +
+
+ Writing a view + In views.py, let us add a view that can handle the URL we have provided above. + from .forms import TtrssForm + +def index(request): + """Serve configuration page.""" + status = get_status() + + form = None + + if request.method == 'POST': + form = TtrssForm(request.POST, prefix='ttrss') + if form.is_valid(): + _apply_changes(request, status, form.cleaned_data) + status = get_status() + form = TtrssForm(initial=status, prefix='ttrss') + else: + form = TtrssForm(initial=status, prefix='ttrss') + + return TemplateResponse(request, 'ttrss.html', + {'title': 'News Feed Reader (Tiny Tiny RSS)', + 'status': status, + 'form': form}) + This view works with the form we created in the previous step. It shows the current status of the service in form. This status is retrieved with the help of get_status() helper method. When the form is posted, again this view is called and it verifies whether the form's input values are correct. If so, it will apply the actions necessary for changed form values using the _apply_changes() method. +
+
+ Getting the current status of the application + The view in the previous setup requires the status of the application to be retrieved using the get_status() method. Let us implement that method in views.py. + from plinth.modules import ttrss + +def get_status(): + """Get the current status.""" + return {'enabled': ttrss.is_enabled()} + This method retrieves the various statuses of the application for display in the view. Currently, we only need to show whether the application is enabled or disabled. So, we retrieve that using a helper method defined in __init__.py. + from plinth import action_utils + +def is_enabled(): + """Return whether the module is enabled.""" + return action_utils.webserver_is_enabled('50-tt-rss') + This method uses one of the several action utilities provided by Plinth. This method checks whether a webserver configuration named 50-tt-rss is enabled. +
+
+ Displaying the application page + The view that we have written above requires a template file known as ttrss.html to work. This template file controls how the web page for our application is displayed. Let us create this template file in templates/ttrss.html. + {% extends "base.html" %} + +{% load bootstrap %} + +{% block content %} + +<h2>News Feed Reader (Tiny Tiny RSS)</h2> + +<p>Tiny Tiny RSS is a news feed (RSS/Atom) reader and aggregator, + designed to allow you to read news from any location, while feeling + as close to a real desktop application as possible.</p> + +<h3>Configuration</h3> + +<form class="form" method="post"> + {% csrf_token %} + + {{ form|bootstrap }} + + <input type="submit" class="btn btn-primary" value="Update setup"/> +</form> + +{% endblock %} + This template extends an existing template known as base.html. This template is available in Plinth core to provide all the basic layout, styling, menus, JavaScript and CSS libraries. We will override the content area of the base template and keep the rest. + Yet again, there is nothing special about the way this template is written. This is a regular Django template. See Django Template documentation. + For styling and UI components, Plinth uses the Twitter Bootstrap project. See Bootstrap documentation for reference. +
+
+ Applying the changes from the form + The view we have created displays the form and processes the form after the user submits it. It used a helper method called _apply_changes() to actually get the work done. Let us implement that method in views.py. + from django.contrib import messages + +from plinth import actions + +def _apply_changes(request, old_status, new_status): + """Apply the changes.""" + modified = False + + if old_status['enabled'] != new_status['enabled']: + sub_command = 'enable' if new_status['enabled'] else 'disable' + actions.superuser_run('ttrss', [sub_command]) + modified = True + + if modified: + messages.success(request, _('Configuration updated')) + else: + messages.info(request, _('Setting unchanged')) + We check to make sure that we don't try to disable the application when it is already disabled or try to enable the application when it is already enabled. Although Plinth's operations are idempotent, meaning that running them twice will not be problematic, we still wish avoid unnecessary operations for the sake of speed. + We are actually perform the operation using Plinth actions. We will implement the action to be performed a bit later. + After we perform the operation, we will show a message on the response page showing that the action was successful or that nothing happened. We use the Django messaging framework to accomplish this. See Django messaging framework for more information. +
+
+ Installing packages required for the application + Plinth takes care of installing all the Debian packages required for our application to work. All we need to do is specify the list of the Debian packages required using a decorator on our view as follows: + from plinth import package + +@package.required(['tt-rss']) +def index(request): + """Serve configuration page.""" + ... + The first time this application's view is accessed, Plinth shows a package installation page and allows the user to install the required packages. After the package installation is completed, the user is shown the application's configuration page. + If there are configuration tasks to be performed immediately before or after the package installation, Plinth provides hooks for it. The before_install= and on_install= parameters to the @package.required decorator take a callback methods that are called before installation of packages and after installation of packages respectively. See the reference section of this manual or the plinth.package module for details. Other modules in Plinth that use this feature provided example usage. +
+
+ Writing actions + The actual work of performing the configuration change is carried out by a Plinth action. Actions are independent scripts that run with higher privileges required to perform a task. They are placed in a separate directory and invoked as scripts via sudo. For our application we need to write an action that can enable and disable the web configuration. We will do this by creating a file actions/ttrss. + import argparse + +from plinth import action_utils + + +def parse_arguments(): + """Return parsed command line arguments as dictionary.""" + parser = argparse.ArgumentParser() + subparsers = parser.add_subparsers(dest='subcommand', help='Sub command') + + subparsers.add_parser('enable', help='Enable Tiny Tiny RSS') + subparsers.add_parser('disable', help='Disable Tiny Tiny RSS') + + return parser.parse_args() + + +def subcommand_enable(_): + """Enable web configuration and reload.""" + action_utils.webserver_enable('50-tt-rss') + + +def subcommand_disable(_): + """Disable web configuration and reload.""" + action_utils.webserver_disable('50-tt-rss') + + +def main(): + """Parse arguments and perform all duties.""" + arguments = parse_arguments() + + subcommand = arguments.subcommand.replace('-', '_') + subcommand_method = globals()['subcommand_' + subcommand] + subcommand_method(arguments) + + +if __name__ == '__main__': + main() + This is a simple Python3 program that parses command line arguments. While Python3 is preferred, it can be written in other languages also. It uses a helper utility provided by Plinth to actually enable and disable Apache2 web server configuration. + This script is automatically installed to /usr/share/plinth/actions by Plinth's installation script setup.py. Only from here will there is a possibility of running the script under sudo. If you are writing an application that resides indenpendently of Plinth's source code, your setup.py script will need to take care of copying the file to the target location. +
+
+ Creating diagnostics + Plinth provides a simple API for showing diagnostics results. The application has to implement a method for actually running the diagnostics and return the results as a list. Plinth then takes care of calling the diagnostics method and displaying the list in a formatted manner. + To implement the diagnostics method, method called diagnose() has to be available as <app>.diagnose(). It must return a list in which each item is the result of a test performed. The item itself is a two-tuple containing the display name of the test followed by the result as passed, failed or error. + def diagnose(): + """Run diagnostics and return the results.""" + results = [] + + results.extend(action_utils.diagnose_url_on_all( + 'https://{host}/ttrss', extra_options=['--no-check-certificate'])) + + return results + There are several helpers available to implement some of the common diagnostic tests. For our application we wish to implement a test to check whether the /ttrss URL is accessible. Since this is a commonly performed test, there is a helper method available and we have used it in the above code. The {host} tag replaced with various IP addresses, hostnames and domain names by the helper to produce different kinds of URLs and they are all tested. Results for all tests are returned which we then pass on to Plinth. + The user can trigger the diagnostics test by going to System -> Diagnostics page. This runs diagnostics for all the applications. If we want users to be able to run diagnostics specifically for this application, we can include a button for it in our template immediately after the application description. + {% include "diagnostics_button.html" with module="ttrss" %} +
+
+ Logging + Sometimes we may feel the need to write some debug messages to the console and Plinth log file. Doing this in Plinth is just like doing this any other Python application. + import logging + +logger = logging.getLogger(__name__) + +def example_method(): + logger.debug('A debug level message') + + logger.info('Showing application page - %s', request.method) + + try: + something() + except Exception as exception: + # Print stack trace + logger.exception('Encountered an exception - %s', exception) + For more information see Python logging framework documentation. +
+
+ Adding a License + Plinth is licensed under the GNU Affero General Public License Version 3 or later. FreedomBox UI applications, which run as modules under Plinth, also need to be under the same license or under a compatible license. The license of our application needs to clear for our application to be accepted by users and other developers. Let us add license headers to our application. + # +# This file is part of Plinth. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + The above header needs to be present in every file of the application. It is suitable for Python files. However, in template files, we need to modify it slightly. + {% extends "base.html" %} +{% comment %} +# +# This file is part of Plinth. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# +{% endcomment %} + +... +
+
+ Internationalization + Every string message that is visible to the user must localized to user's native language. For this to happen, our application needs to be internationalized. This requires marking the user visible messages for translation. Plinth applications use the gettext library to make that happen. + from gettext import gettext as _ + +def init(): + """Intialize the module.""" + menu = cfg.main_menu.get('apps:index') + menu.add_urlname(_('News Feed Reader (Tiny Tiny RSS)'), 'glyphicon-envelope', + 'ttrss:index', 600) + Notice that the menu item's display name is wrapped in the _() method call. Let us do that for the title of the application page too. + from gettext import gettext as _ + +def index(request): + ... + return TemplateResponse(request, 'ttrss.html', + {'title': _('News Feed Reader (Tiny Tiny RSS)'), + 'status': status, + 'form': form}) +
+
+ Coding standards + For readability and easy collaboration it is important to follow common coding standards. Plinth uses the Python coding standards and uses the pylint and flake8 tools to check if the there are any violations. Run these tools on our application and fix any errors and warnings. Better yet, integrate these tools into your favorite IDE for on-the-fly checking. + For the most part, the code we have written so far, is already compliant with the coding standards. This includes variable/method naming, indentation, document strings, comments, etc. One thing we have to add are the module documentation strings. Let us add those. In __init__.py add the top: + """ +Plinth module to configure Tiny Tiny RSS. +""" +
+
+
+ Reference Guide + This section describes Plinth API that is most frequently used by application. Note that since Plinth is under development and has not yet reached 1.0, this API is subject to change. This is not usually a problem because all the Plinth applications currently reside in Plinth source repository itself and are updated when the API is updated. +
+ Applications + These methods are optionally provided by the application and Plinth calls/uses them if they are present. +
+ <application>.init() + Optional. This method is called by Plinth soon after all the applications are loaded. The init() call order guarantees that other applications that this application depends on will be initialized before this application is initialized. +
+
+ <application>.diagnose() + Optional. Called when the user invokes system-wide diagnostics by visiting System -> Diagnositcs. This method must return an array of diagnostic results. Each diagnostic result must be a two-tuple with first element as a string that is shown to the user as name of the test and second element is the result of the test. It must be one of passed, failed, error. Example return value: + [('Check http://localhost/app is reachable', 'passed'), + ('Check configuration is sane', 'passed')] +
+
+ <appliation>.depends + Optional. This module property must contain a list of all applications that this application depends on. The application is specified as string containing the full module load path. For example, plinth.modules.apps. +
+
+ plinth.package.required(package_list, before_install=None, on_install=on_install) + Make sure that a set of Debian packages are installed before a view can be accessed. If the packages are not currently installed on the system, a special installation view is displayed showing the list of packages to be installed. If the user chooses to proceed, package installation will start and an installation progress screen will be shown. After completion of the installation process, the original view is shown. + The package_list must be an iterable containing the Debian package names as strings. If provided, the before_install callable is called just before the installation process starts. Similarly, on_install callable is called just after the package installation completes. +
+
+
+ Actions + Plinth's web front does not directly change any aspect of the underlying operating system. Instead, it calls upon Actions, as shell commands. Actions live in /usr/share/plinth/actions directory. They require no interaction beyond passing command line arguments or taking sensitive arguments via stdin. They change the operation of the services and applications of the FreedomBox and nothing else. These actions are also directly usable by a skilled administrator. + The following methods are provided by Plinth to run actions and to implement them easily by reusing code for common tasks. +
+ plinth.actions.run(action, options=None, input=None, async=False) + Run an action command present under the actions/ directory. This runs subprocess.Popen() after some checks. The action must be present in the actions/ directory. + options are a list of additional arguments to pass to the command. If input is given it must be bytearray containing the input to pass on to the executed action. If async is set to True, the method will return without waiting for the command to finish. +
+
+ plinth.actions.superuser_run(action, options=None, input=None, async=False) + This is same as plinth.actions.run() except the command is run with superuser privelages. +
+
+ plinth.action_utils + Several utlities to help with the implementation of actions and diagnotic tests are implemented in this module. Refer to the module source code for a list of these methods and their documentation. +
+
+
+ Menus +
+ plinth.cfg.main_menu + This is a reference to the global main menu. All menu entries in Plinth are decendents of this menu item. See Menu.add_item() and Menu.add_urlname() for adding items to this menu or its children. +
+
+ plinth.menu.Menu.get(self, urlname, url_args=None, url_kwargs=None) + Return a child of this menu item. urlname must be the name of a URL as configured in Django. django.core.urlresolvers.reverse() is called before the lookup for child menu item is performed. url_args and url_kwargs are passed on to reverse(). +
+
+ plinth.menu.Menu.add_item(self, label, icon, url, order=50) + Add a menu item as a child to the current menu item. label is the user visible string shown for the menu item. icon must be a glyphicon class from the Twitter Bootstrap library. url is the relative URL to which this menu item will take the user to. +
+
+ plinth.menu.Menu.add_urlname(self, label, icon, urlname, order=50, url_args=None, url_kwargs=None) + Same as plinth.menu.Menu.add_item() but instead of URL as input it is the name of a URL as configured in Django. django.core.urlresolvers.reverse() is called before it is added to the parent menu item. url_args and url_kwargs are passed on to reverse(). +
+
+
+ Services +
+ plinth.service.Service.__init__(self, service_id, name, ports=None, is_external=False, enabled=True) + Create a new Service object to notify all applications about the existence and status of a given application. service_id is a unique identifier for this application. name is a display name of this application that is shown by other applications such as on the firewall status page. ports is a list of names recognized by firewalld when enabling or disabling firewalld services. If is_external is true, the ports for this service are accessible from external interfaces, that is, from the Internet. Otherwise, the service is only available for client connected via LAN. enabled is the current state of the application. +
+
+ plinth.service.Service.is_enabled(self) + Return whether the service is currently enabled. +
+
+ plinth.service.Service.notify_enabled(self, sender, enabled) + Notify other applications about the change of status of this application. sender object should identify which application made the change. enabled is a boolean that signifies whether the application is enabled (= True) or disabled (= False). + This is typically caught by the firewall application to enable or disable the ports corresponding to an application. +
+
+
+
+
+ Hacking + FreedomBox consists of three main projects: + + + Plinth, the web interface + + + FreedomBox Setup, the Debian package to perform initial setup and + + + Freedom Maker, a script to build disk images for various hardware + + +
+ Plinth + Plinth is a web interface to administer the functions of the FreedomBox. + Plinth is Free Software under GNU Affero General Public License version 3 or (at your option) a later version. +
+ Using + + + Plinth comes installed with all FreedomBox images. You can download FreedomBox images and run on any of the supported hardware. Then, you can access Plinth by visiting the URL . + + + If you are on a Debian box, you may install Plinth from Debian package archive. Currently, only Sid (unstable) is supported. To install Plinth run: + + + $ sudo apt-get install plinth + + + You can also get Plinth from its Git repository and install from source. + + +
+
+ Screenshots + + + + + + + + About Page + + + + + + + + + + Enabling Tor Hidden Services + + + + + + + + + + Setting up ownCloud + + + + + + + + + + Automatic Firewall Operation + + + + +
+
+ Support + You may ask for support on + + + + The mailing list + + + + + #freedombox IRC channel + + + +
+
+ Contributing + We are looking for help to improve Plinth. You can contribute to Plinth by not just by coding but also by translating, documenting, designing, packaging and providing support. + + + Instructions on how to contribute code are available. + + + The primary Git repository is hosted at FreedomBox GitHub Page. + + + Instructions for installing from source and hacking the source are available. + + + List of bugs, TODO items and feature requests are available on the issue tracker. + + + Before contributing to Plinth code, you need understand Python and Django on top which it is built. + + + You can request for development assistance on the mailing list or the #freedombox IRC channel. + + +
+ Debian Package + + + Plinth is packaged for Debian. + + + Packaging project is on Alioth along with sources. + + + Issues related to packaging are listed on Debian BTS. + + +
+
+
+
+ FreedomBox Setup + FreedomBox Setup is a Debian package for setting up the FreedomBox. If you download and use pre-built images you don't have to worry about this package. + FreedomBox Setup is responsible for setting up basic networking, web server, user accounts, installing essential packages etc. It performs first part of the setup during the image build process. Later, when the image is booted for the first time on actual hardware (or on a virtual machine), it does the remaining setup and then reboots the machine. It also comes with a diagnostic script to check if the FreedomBox Setup is running as expected. + FreedomBox Setup is Free Software licensed under GNU General Public License version 3 or (at your option) a later version. +
+ Using + + + FreedomBox Setup comes installed with all FreedomBox images. You can download FreedomBox images and run on any of the supported hardware. + + + If you are on a Debian box, you may install FreedomBox Setup from Debian package archive. This essentially turns your Debian installation into a FreedomBox! Currently, only Sid (unstable) is supported. To install FreedomBox Setup, see instructions on setting up FreedomBox on a Debian machine. + + + You can also get FreedomBox Setup from its Git repository and build Debian package from source. + + +
+
+ Support + You may ask for support on + + + + The mailing list + + + + + #freedombox IRC channel + + + +
+
+ Contributing + We are looking for help to improve FreedomBox Setup. + + + Instructions on how to contribute code are available. + + + FreedomBox Setup is hosted on FreedomBox Alioth Portal. The primary Git repository is hosted there. + + + Instructions to build Debian package from source are available. + + + List of bugs, TODO items, packages issues and feature requests are available on the issue tracker. + + + You can request for development assistance on the mailing list or the #freedombox IRC channel. + + + See Debian tracker for information on Debian package. FreedomBox Setup is a Debian native package meaning it is primarily built for Debian and comes with Debian packaging scripts in its repository. + + +
+
+
+ Freedom Maker + Freedom Maker is a script to build FreedomBox disk images for use on various hardware devices or virtual machines. + Freedom Maker can currently build FreedomBox disk images for the following: + + + + DreamPlug + + + + + Raspberry Pi + + + + + BeagleBone + + + + Cubietruck (work in progress) + + + + VirtualBox + + + + Other virtual machines (using raw disk images) + + + It relies on the vmdebootstrap project actually create images. If a hardware platform is capable of running Debian, it should not be too much effort adopt Freedom Maker to create FreedomBox images for the platform. + Freedom Maker is Free Software licensed under GNU General Public License version 3 or (at your option) a later version. +
+ Building FreedomBox Images + + + You can get Freedom Maker from its Git repository and follow the instructions in the README to build a FreedomBox image. + + +
+
+ Support + You may ask for support on + + + + The mailing list + + + + + #freedombox IRC channel + + + +
+
+ Contributing + We are looking for help to improve Freedom Maker. + + + Instructions on how to contribute code are available. + + + Freedom Maker is hosted on FreedomBox Alioth Portal. The primary Git repository is hosted there. + + + Freedom Maker is also hosted on FreedomBox GitHub Page. Pull requests are accepted there. + + + You can contribute to FreedomBox by adding support for more hardware platforms. Freedom Maker can be easily adopted to newer platforms if they already support running Debian. + + + You can create and test images with Freedom Maker regularly to test for new features and check for regressions. + + + List of bugs, TODO items and feature requests are available on the issue tracker. + + + You can request for development assistance on the mailing list or the #freedombox IRC channel. + + +
+
+
+
diff --git a/doc/images/about.png b/doc/images/about.png new file mode 100644 index 000000000..da90ea340 Binary files /dev/null and b/doc/images/about.png differ diff --git a/doc/images/beagleboard.jpg b/doc/images/beagleboard.jpg new file mode 100644 index 000000000..1975a73c5 Binary files /dev/null and b/doc/images/beagleboard.jpg differ diff --git a/doc/images/beagleboard_thumb.jpg b/doc/images/beagleboard_thumb.jpg new file mode 100644 index 000000000..cbaee9ff0 Binary files /dev/null and b/doc/images/beagleboard_thumb.jpg differ diff --git a/doc/images/checkmark.png b/doc/images/checkmark.png new file mode 100644 index 000000000..2fd38192c Binary files /dev/null and b/doc/images/checkmark.png differ diff --git a/doc/images/danube_thumb.png b/doc/images/danube_thumb.png new file mode 100644 index 000000000..097ff26a0 Binary files /dev/null and b/doc/images/danube_thumb.png differ diff --git a/doc/images/debian.png b/doc/images/debian.png new file mode 100644 index 000000000..6945675f0 Binary files /dev/null and b/doc/images/debian.png differ diff --git a/doc/images/debian_thumb.png b/doc/images/debian_thumb.png new file mode 100644 index 000000000..c021e8be0 Binary files /dev/null and b/doc/images/debian_thumb.png differ diff --git a/doc/images/dreamplug.jpg b/doc/images/dreamplug.jpg new file mode 100644 index 000000000..f24f7d78a Binary files /dev/null and b/doc/images/dreamplug.jpg differ diff --git a/doc/images/dreamplug_thumb.jpg b/doc/images/dreamplug_thumb.jpg new file mode 100644 index 000000000..5c81fbd47 Binary files /dev/null and b/doc/images/dreamplug_thumb.jpg differ diff --git a/doc/images/firewall.png b/doc/images/firewall.png new file mode 100644 index 000000000..583fd6298 Binary files /dev/null and b/doc/images/firewall.png differ diff --git a/doc/images/freedombox-danube.jpg b/doc/images/freedombox-danube.jpg new file mode 100644 index 000000000..02ca534f8 Binary files /dev/null and b/doc/images/freedombox-danube.jpg differ diff --git a/doc/images/icon-error.png b/doc/images/icon-error.png new file mode 100644 index 000000000..ab6808fba Binary files /dev/null and b/doc/images/icon-error.png differ diff --git a/doc/images/owncloud.png b/doc/images/owncloud.png new file mode 100644 index 000000000..9c18cf663 Binary files /dev/null and b/doc/images/owncloud.png differ diff --git a/doc/images/raspberry2_thumb.jpg b/doc/images/raspberry2_thumb.jpg new file mode 100644 index 000000000..d3f4fa68a Binary files /dev/null and b/doc/images/raspberry2_thumb.jpg differ diff --git a/doc/images/raspberry_thumb.jpg b/doc/images/raspberry_thumb.jpg new file mode 100644 index 000000000..376c21550 Binary files /dev/null and b/doc/images/raspberry_thumb.jpg differ diff --git a/doc/images/raspberrypi.jpg b/doc/images/raspberrypi.jpg new file mode 100644 index 000000000..7aeff254d Binary files /dev/null and b/doc/images/raspberrypi.jpg differ diff --git a/doc/images/raspberrypi2.jpg b/doc/images/raspberrypi2.jpg new file mode 100644 index 000000000..3cf8a890b Binary files /dev/null and b/doc/images/raspberrypi2.jpg differ diff --git a/doc/images/star_off.png b/doc/images/star_off.png new file mode 100644 index 000000000..2f99caea5 Binary files /dev/null and b/doc/images/star_off.png differ diff --git a/doc/images/star_on.png b/doc/images/star_on.png new file mode 100644 index 000000000..6a64f936c Binary files /dev/null and b/doc/images/star_on.png differ diff --git a/doc/images/tor.png b/doc/images/tor.png new file mode 100644 index 000000000..bd78b058a Binary files /dev/null and b/doc/images/tor.png differ diff --git a/doc/images/virtualbox.png b/doc/images/virtualbox.png new file mode 100644 index 000000000..0eb98ece4 Binary files /dev/null and b/doc/images/virtualbox.png differ diff --git a/doc/images/virtualbox_thumb.png b/doc/images/virtualbox_thumb.png new file mode 100644 index 000000000..184517180 Binary files /dev/null and b/doc/images/virtualbox_thumb.png differ