nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-05-13 10:30:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Release v20.14 to unstable

Browse Source 
-----BEGIN PGP SIGNATURE-----
 
 iQJKBAABCgA0FiEEfWrbdQ+RCFWJSEvmd8DHXntlCAgFAl9hPQIWHGp2YWxsZXJv
 eUBtYWlsYm94Lm9yZwAKCRB3wMdee2UICPI8EACqN/EzxDlY8s6IhZDAJIkHG7XO
 1tbfpbCsv382m+28KXvrBm+BsmX6dAhYUSn3CrD680oUF9fP/AScP/vRD7mxLPWI
 QP9JPlk8oSpcBCMsK4tWJPgy2Ef99F7LSKj1fjNUui3HyNV4W5Bu3x85xHdleqRS
 3Krg2sRb8+CCc3Y2ZHo0HZURfuZcLB5Vtu1u9PAZFsLBMygg9h5giOT4heAZU7m+
 Kw7cL6OX73z4yS/xPd9VuEICyTNgIlbAkcQAhnXHj+xdAiUXyct1eUOaiUrRK9f7
 q/D8pgQoTDd+3dFEGugEeF6RcqdVjlls28J9euRitD8LXpNo8kLh/qcYf0VWXCDk
 cXg/yT6vGMsiYEdPXCIlJHiXLmA0g+obgQ+gVdbUuImd0Ge0km8/B1u/2lDFNUI+
 +Jd63f9R9rP1DDZBnvv1DoQiPVGSmxk5MwUtu1JuTOWgJ3NXDMSrxeXii2vWIYQT
 zqriWtweZW6+AGSzu/WhP00XNQNFly/NgvBtpxWhphMpSg1G+QCvV0RT9qifW6ej
 JDagz4IQWgtQ5MKOf4b7DgtrkU+PWC3qWh19JLqLi+t90UfPSrC/jT+ChfzyHitd
 TRYnELaw1CpJPX03NgKq5znTaTgDzXSfk3HrHTSkLhJnsGbnV6cxlb0TozEur8kl
 yJUyiiKX6mYYqqVLaA==
 =du9S
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQJKBAABCgA0FiEEfWrbdQ+RCFWJSEvmd8DHXntlCAgFAl9k90oWHGp2YWxsZXJv
 eUBtYWlsYm94Lm9yZwAKCRB3wMdee2UICAggD/97L/knH2soQWrSj8o5td1gal8e
 2JnB98ck96vrufifk8Np4EZimz/DaMhecV8Ty4E0J4gj9FebiQcrVxGO9wqKBBrR
 38gzu5Rcsh4p0X4NEkSEZ7r83nPNVGsx16+FWstc9wVZ07mpfM6f6mWMoPIj1qzt
 Vn+Fzrftq+vD++3H9wMF2bSUsO+KeMzhE+t2sxiQ1U9DfUgiZIYLI8j3ZAV4a7fO
 viI3lxm1qdO8UblcEd1JSCxcur5kFg3OPr3HQmrv67eto4mQn85cAURDzPi2fL0d
 0TY4Fk4iTWFlK/ovcSKFkcY5NYp4t0u0YFb6VE5DP7CcEWGzm1GAo+j6obhyPYF+
 qllry0oD8npAKP063P0At+Png6gjUHuCSSYdelIlrMa6Djk3gMbpvPBpOUaskbl7
 B12NYDZ0Wta2AHXT57B16AcQvU9J5H6ZvovuwoUzO84Ilgrogfbme4pVGeHLat30
 LsCz2xuw5Jaoi1GWGB9H/Olmsu/2/PC2YrfYlnM2EuLIAjBpEyzXc7Wom79FUOef
 LckdPzqazvIfd+fhu2mbuG9oDMERS32zGL/rK4ddeCVA0NJKyQT7SqQieLikBFWf
 xXIq9gMPCXHd0IX5dN6LAwNtDZKRnDTv9mxJS8eYmTmUZL0p1Top5ImvPiVfanbx
 pMQuHlSXZyjst3EBWw==
 =bl9j
 -----END PGP SIGNATURE-----

Merge tag 'v20.14' into debian/buster-backports

Release v20.14 to unstable
This commit is contained in:
James Valleroy 2020-09-18 14:06:41 -04:00
commit 6290d564a4
663 changed files with 46400 additions and 48977 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.ci/Dockerfile.gitlabci
View File

@ -19,5 +19,4 @@ RUN apt-get build-dep -y . # Dependencies of the freedombox Debian package
RUN apt-get install -y build-essential # Build dependencies
RUN apt-get install -y sshpass parted # Test dependencies
RUN apt-get install -y sudo
RUN apt-mark hold fuse fuse3 # not installable in CI environment
RUN apt-get install -y $(./run --list-dependencies) # Module dependencies

1
.gitignore vendored
View File

@ -4,7 +4,6 @@
doc/manual/*/*.pdf
doc/manual/*/*.html
doc/manual/*/*.xml
!doc/manual/*/*.raw.xml
doc/plinth.1
doc/dev/_build
\#*

1
.gitlab-ci.yml
View File

@ -5,7 +5,6 @@ before_script:
- export DEBIAN_FRONTEND=noninteractive
- apt-get update
- apt-get build-dep -y . # Dependencies of the plinth Debian package
- apt-mark hold fuse fuse3 # not installable in CI environment
- apt-get install -y $(./run --list-dependencies) # Module dependencies
stages:

38
HACKING.md
View File

@ -4,24 +4,32 @@
FreedomBox is built as part of Debian GNU/Linux. However, you don't need to
install Debian to do development for FreedomBox. FreedomBox development is
typically done on a container or a Virtual Machine. For running a container, you
need systemd containers, Git and Python. This approach is recommended. For
running a VM, you can work on any operating system that can install latest
typically done on a container or a Virtual Machine.
* For running a container, you need systemd containers, Git, Python and a
sudo-enabled user. This approach is recommended.
* For running a VM, you can work on any operating system that can install latest
versions of Git, Vagrant and VirtualBox.
## Using Containers
The ./container script shipped with FreedomBox source code can manage the
The `./container` script shipped with FreedomBox source code can manage the
development environment inside a systemd-nspawn container.
1. Checkout FreedomBox Service (Plinth) source code using Git.
1. Checkout FreedomBox Service (Plinth) source code using Git:
```bash
host$ git clone https://salsa.debian.org/freedombox-team/freedombox.git
host$ cd freedombox
```
2. To download, setup, run, and configure a container for FreedomBox
2. Work in a specific branch:
```bash
host$ git branch YOUR-FEATURE-BRANCH
host$ git checkout YOUR-FEATURE-BRANCH
```
3. To download, setup, run, and configure a container for FreedomBox
development, simply execute in your FreedomBox Service (Plinth) development
folder:
@ -29,7 +37,7 @@ development environment inside a systemd-nspawn container.
host$ ./container up
```
3. SSH into the running container with the following command:
4. SSH into the running container with the following command:
```bash
host$ ./container ssh
@ -37,7 +45,7 @@ development environment inside a systemd-nspawn container.
### Using after Setup
After logging into the container, the source code is available in /freedombox
After logging into the container, the source code is available in `/freedombox`
directory:
```bash
@ -63,10 +71,18 @@ guest$ sudo ./setup.py install
Note: This development container has automatic upgrades disabled by default.
### Troubleshooting
* Sometimes `host$ ./container destroy && ./container up` doesn't work. In such
cases, try to delete the hidden `.container` folder and then `host$
./container up`.
* Not all kinds of changes are automatically updated. Try `guest$ sudo mount -o
remount /freedombox`.
## Using Vagrant
Use VirtualBox and Vagrant if for some reason, the container option is not
suitable such as when you are running non-GNU/Linux machine or a non-systemd
Use VirtualBox and Vagrant if for some reason the container option is not
suitable, such as when you are running non-GNU/Linux machine or a non-systemd
machine.
### For Debian GNU/Linux and Derivatives
@ -264,7 +280,7 @@ executed (red).
Inside the container run
```bash
guest$ cd /freedombox ; sudo functional_tests/install.sh
guest$ cd /freedombox ; sudo plinth/tests/functional/install.sh
```
#### For running tests inside the VM

3
actions/apache
View File

@ -117,6 +117,9 @@ def subcommand_setup(arguments):
webserver.enable('rewrite', kind='module')
webserver.enable('macro', kind='module')
# Disable /server-status page to avoid leaking private info.
webserver.disable('status', kind='module')
# switch to mod_ssl from mod_gnutls
webserver.disable('gnutls', kind='module')
webserver.enable('ssl', kind='module')

219
actions/bepasty Executable file
View File

@ -0,0 +1,219 @@
#!/usr/bin/python3
# SPDX-License-Identifier: AGPL-3.0-or-later
"""
Configuration helper for bepasty.
"""
import argparse
import collections
import grp
import json
import os
import pathlib
import pwd
import secrets
import shutil
import string
import subprocess
import sys
import augeas
from plinth import action_utils
from plinth.modules import bepasty
DATA_DIR = '/var/lib/bepasty'
PASSWORD_LENGTH = 20
CONF_FILE = pathlib.Path('/etc/bepasty-freedombox.conf')
def parse_arguments():
"""Return parsed command line arguments as dictionary."""
parser = argparse.ArgumentParser()
subparsers = parser.add_subparsers(dest='subcommand', help='Sub command')
setup = subparsers.add_parser(
'setup', help='Perform post-installation operations for bepasty')
setup.add_argument('--domain-name', required=True,
help='The domain name that will be used by bepasty')
subparsers.add_parser('get-configuration', help='Get all configuration')
add_password = subparsers.add_parser(
'add-password', help='Generate a password with given permissions')
add_password.add_argument(
'--permissions', nargs='+',
help='Any number of permissions from the set: {}'.format(', '.join(
bepasty.PERMISSIONS.keys())))
add_password.add_argument(
'--comment', required=False,
help='A comment for the password and its permissions')
subparsers.add_parser('remove-password',
help='Remove a password and its permissions')
set_default = subparsers.add_parser('set-default',
help='Set default permissions')
set_default.add_argument(
'--permissions', nargs='*',
help='Any number of permissions from the set: {}'.format(', '.join(
bepasty.PERMISSIONS.keys())))
subparsers.required = True
return parser.parse_args()
def _augeas_load():
"""Initialize Augeas."""
aug = augeas.Augeas(flags=augeas.Augeas.NO_LOAD +
augeas.Augeas.NO_MODL_AUTOLOAD)
aug.set('/augeas/load/Simplevars/lens', 'Simplevars.lns')
aug.set('/augeas/load/Simplevars/incl[last() + 1]', str(CONF_FILE))
aug.load()
return aug
def _key_path(key):
"""Return the augeas path for the key."""
return '/files' + str(CONF_FILE) + '/' + key
def conf_file_read():
"""Read and return the configuration."""
aug = _augeas_load()
conf = collections.OrderedDict()
for path in aug.match(_key_path('*')):
key = path.rsplit('/', 1)[-1]
if key[0] != '#':
conf[key] = json.loads(aug.get(path))
return conf
def conf_file_write(conf):
"""Write configuration to the file."""
aug = _augeas_load()
for key, value in conf.items():
if not key.startswith('#'):
value = json.dumps(value)
aug.set(_key_path(key), value)
aug.save()
def subcommand_setup(arguments):
"""Post installation actions for bepasty."""
# Create bepasty group if needed.
try:
grp.getgrnam('bepasty')
except KeyError:
subprocess.run(['addgroup', '--system', 'bepasty'], check=True)
# Create bepasty user if needed.
try:
pwd.getpwnam('bepasty')
except KeyError:
subprocess.run([
'adduser', '--system', '--ingroup', 'bepasty', '--home',
'/var/lib/bepasty', '--gecos', 'bepasty file sharing', 'bepasty'
], check=True)
# Create data directory if needed.
if not os.path.exists(DATA_DIR):
os.makedirs(DATA_DIR, mode=0o750)
shutil.chown(DATA_DIR, user='bepasty', group='bepasty')
# Create configuration file if needed.
if not CONF_FILE.is_file():
passwords = [_generate_password() for _ in range(3)]
conf = {
'#comment':
'This file is managed by FreedomBox. Only a small subset of '
'the original configuration format is supported. Each line '
'should be in KEY = VALUE format. VALUE must be a JSON '
'encoded string.',
'SITENAME': arguments.domain_name,
'STORAGE_FILESYSTEM_DIRECTORY': '/var/lib/bepasty',
'SECRET_KEY': secrets.token_hex(64),
'PERMISSIONS': {
passwords[0]: 'admin,list,create,read,delete',
passwords[1]: 'list,create,read,delete',
passwords[2]: 'list,read',
},
'PERMISSION_COMMENTS': {
passwords[0]: 'admin',
passwords[1]: 'editor',
passwords[2]: 'viewer',
},
'DEFAULT_PERMISSIONS': '',
}
conf_file_write(conf)
CONF_FILE.chmod(0o640)
shutil.chown(CONF_FILE, user='bepasty', group='bepasty')
def subcommand_get_configuration(_):
"""Get default permissions, passwords, permissions and comments."""
conf = conf_file_read()
print(json.dumps(conf))
def subcommand_add_password(arguments):
"""Generate a password with given permissions."""
conf = conf_file_read()
permissions = _format_permissions(arguments.permissions)
password = _generate_password()
conf['PERMISSIONS'][password] = permissions
if arguments.comment:
conf['PERMISSION_COMMENTS'][password] = arguments.comment
conf_file_write(conf)
action_utils.service_try_restart('uwsgi')
def subcommand_remove_password(_arguments):
"""Remove a password and its permissions."""
conf = conf_file_read()
password = ''.join(sys.stdin)
if password in conf['PERMISSIONS']:
del conf['PERMISSIONS'][password]
if password in conf['PERMISSION_COMMENTS']:
del conf['PERMISSION_COMMENTS'][password]
conf_file_write(conf)
action_utils.service_try_restart('uwsgi')
def subcommand_set_default(arguments):
"""Set default permissions."""
conf = {'DEFAULT_PERMISSIONS': _format_permissions(arguments.permissions)}
conf_file_write(conf)
action_utils.service_try_restart('uwsgi')
def _format_permissions(permissions=None):
"""Format permissions as comma-separated."""
return ','.join(set(bepasty.PERMISSIONS.keys()).intersection(
permissions)) if permissions else ''
def _generate_password():
"""Generate a random password."""
alphabet = string.ascii_letters + string.digits
return ''.join(secrets.choice(alphabet) for _ in range(PASSWORD_LENGTH))
def main():
"""Parse arguments and perform all duties."""
arguments = parse_arguments()
subcommand = arguments.subcommand.replace('-', '_')
subcommand_method = globals()['subcommand_' + subcommand]
subcommand_method(arguments)
if __name__ == '__main__':
main()

109
actions/coquelicot
View File

@ -1,109 +0,0 @@
#!/usr/bin/python3
# -*- mode: python -*-
# SPDX-License-Identifier: AGPL-3.0-or-later
"""
Configuration helper for coquelicot.
"""
import argparse
import hashlib
import os
import sys
import yaml
from plinth import action_utils
SETTINGS_FILE = '/etc/coquelicot/settings.yml'
def parse_arguments():
"""Return parsed command line arguments as dictionary."""
parser = argparse.ArgumentParser()
subparsers = parser.add_subparsers(dest='subcommand', help='Sub command')
subparsers.add_parser('setup',
help='Post-installation operations for coquelicot')
subparsers.add_parser(
'set-upload-password',
help='Set a new global, pre-shared password for uploading files')
max_file_size = subparsers.add_parser(
'set-max-file-size',
help='Change the maximum size of the files that can be uploaded to '
'Coquelicot')
max_file_size.add_argument('size', type=int, help='upload file size in MB')
subparsers.add_parser(
'get-max-file-size',
help='Print the maximum size of the files that can be uploaded to '
'Coquelicot')
subparsers.required = True
return parser.parse_args()
def subcommand_setup(_):
"""Perform post-installation operations for coquelicot."""
settings = read_settings()
settings['path'] = "/coquelicot"
settings['max_file_size'] = mebibytes(1024)
write_settings(settings)
action_utils.service_restart('coquelicot')
def subcommand_set_upload_password(arguments):
"""Set a new upload password for Coquelicot."""
upload_password = ''.join(sys.stdin)
settings = read_settings()
hashed_pw = hashlib.sha1(upload_password.encode()).hexdigest()
settings['authentication_method']['upload_password'] = hashed_pw
write_settings(settings)
action_utils.service_try_restart('coquelicot')
def subcommand_set_max_file_size(arguments):
"""Set a new maximum file size for Coquelicot."""
size_in_bytes = mebibytes(arguments.size)
settings = read_settings()
settings['max_file_size'] = size_in_bytes
write_settings(settings)
action_utils.service_try_restart('coquelicot')
def subcommand_get_max_file_size(_):
"""Print the maximum file size to stdout."""
if os.path.exists(SETTINGS_FILE):
settings = read_settings()
print(int(settings['max_file_size'] / (1024 * 1024)))
else:
print(-1)
def read_settings():
with open(SETTINGS_FILE, 'rb') as settings_file:
return yaml.load(settings_file)
def write_settings(settings):
with open(SETTINGS_FILE, 'w') as settings_file:
yaml.dump(settings, settings_file)
def main():
"""Parse arguments and perform all duties."""
arguments = parse_arguments()
subcommand = arguments.subcommand.replace('-', '_')
subcommand_method = globals()['subcommand_' + subcommand]
subcommand_method(arguments)
def mebibytes(size):
"""Return the given size of mebibytes in bytes."""
return size * 1024 * 1024
if __name__ == '__main__':
main()

35
actions/ejabberd
View File

@ -13,7 +13,7 @@ import socket
import subprocess
from distutils.version import LooseVersion as LV
import ruamel.yaml
from ruamel.yaml import YAML, scalarstring
from plinth import action_utils
@ -24,6 +24,10 @@ EJABBERD_ORIG_CERT = '/etc/ejabberd/ejabberd.pem'
IQDISC_DEPRECATED_VERSION = LV('18.03')
MOD_IRC_DEPRECATED_VERSION = LV('18.06')
yaml = YAML()
yaml.allow_duplicate_keys = True
yaml.preserve_quotes = True
def parse_arguments():
"""Return parsed command line arguments as dictionary"""
@ -79,7 +83,7 @@ def parse_arguments():
def subcommand_get_configuration(_):
"""Return the current configuration, specifically domains configured."""
with open(EJABBERD_CONFIG, 'r') as file_handle:
conf = ruamel.yaml.round_trip_load(file_handle, preserve_quotes=True)
conf = yaml.load(file_handle)
print(json.dumps({'domains': conf['hosts']}))
@ -98,21 +102,19 @@ def subcommand_pre_install(arguments):
def subcommand_setup(arguments):
"""Enabled LDAP authentication"""
with open(EJABBERD_CONFIG, 'r') as file_handle:
conf = ruamel.yaml.round_trip_load(file_handle, preserve_quotes=True)
conf = yaml.load(file_handle)
for listen_port in conf['listen']:
if 'tls' in listen_port:
listen_port['tls'] = False
conf['auth_method'] = 'ldap'
conf['ldap_servers'] = [
ruamel.yaml.scalarstring.DoubleQuotedScalarString('localhost')
]
conf['ldap_base'] = ruamel.yaml.scalarstring.DoubleQuotedScalarString(
conf['ldap_servers'] = [scalarstring.DoubleQuotedScalarString('localhost')]
conf['ldap_base'] = scalarstring.DoubleQuotedScalarString(
'ou=users,dc=thisbox')
with open(EJABBERD_CONFIG, 'w') as file_handle:
ruamel.yaml.round_trip_dump(conf, file_handle)
yaml.dump(conf, file_handle)
upgrade_config(arguments.domainname)
@ -129,7 +131,7 @@ def upgrade_config(domain):
print('Warning: Unable to get ejabberd version.')
with open(EJABBERD_CONFIG, 'r') as file_handle:
conf = ruamel.yaml.round_trip_load(file_handle, preserve_quotes=True)
conf = yaml.load(file_handle)
# Check if `iqdisc` is present and remove it
if 'mod_mam' in conf['modules'] and \
@ -154,7 +156,7 @@ def upgrade_config(domain):
cert_dir = pathlib.Path('/etc/ejabberd/letsencrypt') / domain
cert_file = str(cert_dir / 'ejabberd.pem')
cert_file = ruamel.yaml.scalarstring.DoubleQuotedScalarString(cert_file)
cert_file = scalarstring.DoubleQuotedScalarString(cert_file)
conf['s2s_certfile'] = cert_file
for listen_port in conf['listen']:
if 'certfile' in listen_port:
@ -162,7 +164,7 @@ def upgrade_config(domain):
# Write changes back to the file
with open(EJABBERD_CONFIG, 'w') as file_handle:
ruamel.yaml.round_trip_dump(conf, file_handle)
yaml.dump(conf, file_handle)
def subcommand_pre_change_hostname(arguments):
@ -225,22 +227,21 @@ def subcommand_add_domain(arguments):
# Add updated domainname to ejabberd hosts list.
with open(EJABBERD_CONFIG, 'r') as file_handle:
conf = ruamel.yaml.round_trip_load(file_handle, preserve_quotes=True)
conf = yaml.load(file_handle)
conf['hosts'].append(
ruamel.yaml.scalarstring.DoubleQuotedScalarString(domainname))
conf['hosts'].append(scalarstring.DoubleQuotedScalarString(domainname))
conf['hosts'] = list(set(conf['hosts']))
with open(EJABBERD_CONFIG, 'w') as file_handle:
ruamel.yaml.round_trip_dump(conf, file_handle)
yaml.dump(conf, file_handle)
def subcommand_mam(argument):
"""Enable, disable, or get status of Message Archive Management (MAM)."""
with open(EJABBERD_CONFIG, 'r') as file_handle:
conf = ruamel.yaml.round_trip_load(file_handle, preserve_quotes=True)
conf = yaml.load(file_handle)
if 'modules' not in conf:
print('Found no "modules" entry in ejabberd configuration file.')
@ -278,7 +279,7 @@ def subcommand_mam(argument):
return
with open(EJABBERD_CONFIG, 'w') as file_handle:
ruamel.yaml.round_trip_dump(conf, file_handle)
yaml.dump(conf, file_handle)
if action_utils.service_is_running('ejabberd'):
subprocess.call(['ejabberdctl', 'reload_config'])

70
actions/gitweb
View File

@ -12,6 +12,7 @@ import os
import re
import shutil
import subprocess
import sys
import time
from plinth import action_utils
@ -23,6 +24,7 @@ logger = logging.getLogger(__name__)
class ValidateRepoName(argparse.Action):
"""Validate a repository name and add .git extension if necessary."""
def __call__(self, parser, namespace, values, option_string=None):
RepositoryValidator()(values)
if not values.endswith('.git'):
@ -32,6 +34,7 @@ class ValidateRepoName(argparse.Action):
class ValidateRepoUrl(argparse.Action):
"""Validate a repository URL."""
def __call__(self, parser, namespace, values, option_string=None):
RepositoryValidator(input_should_be='url')(values)
setattr(namespace, self.dest, values)
@ -86,6 +89,18 @@ def parse_arguments():
subparser.add_argument('--newname', required=True, action=ValidateRepoName,
help='New name of the repository')
subparser = subparsers.add_parser(
'set-default-branch', help='Set default branch of the repository')
subparser.add_argument('--name', required=True, action=ValidateRepoName,
help='Name of the repository')
subparser.add_argument('--branch', required=True,
help='Name of the branch')
subparser = subparsers.add_parser(
'get-branches', help='Get all the branches of the repository')
subparser.add_argument('--name', required=True, action=ValidateRepoName,
help='Name of the repository')
subparser = subparsers.add_parser('set-repo-description',
help='Set description of the repository')
subparser.add_argument('--name', required=True, action=ValidateRepoName,
@ -245,7 +260,7 @@ def _create_repo(arguments):
"""Create an empty repository."""
repo = arguments.name
try:
subprocess.check_call(['git', 'init', '--bare', repo],
subprocess.check_call(['git', 'init', '-q', '--bare', repo],
cwd=GIT_REPO_PATH)
if not arguments.keep_ownership:
subprocess.check_call(['chown', '-R', 'www-data:www-data', repo],
@ -261,6 +276,15 @@ def _create_repo(arguments):
raise
def _get_default_branch(repo):
"""Get default branch of the repository."""
repo_path = os.path.join(GIT_REPO_PATH, repo)
return subprocess.check_output(
['git', '-C', repo_path, 'symbolic-ref', '--short',
'HEAD']).decode().strip()
def _get_repo_description(repo):
"""Set description of the repository."""
description_file = os.path.join(GIT_REPO_PATH, repo, 'description')
@ -325,6 +349,25 @@ def _set_access_status(repo, status):
os.remove(private_file)
def _get_branches(repo):
"""Return list of the branches in the repository."""
output = subprocess.check_output(
['git', '-C', repo, 'branch', '--format=%(refname:short)'],
cwd=GIT_REPO_PATH)
return output.decode().strip().split()
def subcommand_get_branches(arguments):
"""Check whether a branch exists in the repository."""
repo = arguments.name
print(
json.dumps(
dict(default_branch=_get_default_branch(repo),
branches=_get_branches(repo))))
def subcommand_rename_repo(arguments):
"""Rename a repository."""
oldpath = os.path.join(GIT_REPO_PATH, arguments.oldname)
@ -332,6 +375,20 @@ def subcommand_rename_repo(arguments):
os.rename(oldpath, newpath)
def subcommand_set_default_branch(arguments):
"""Set description of the repository."""
repo = arguments.name
branch = arguments.branch
if branch not in _get_branches(repo):
sys.exit('No such branch.')
subprocess.check_call([
'git', '-C', repo, 'symbolic-ref', 'HEAD',
"refs/heads/{}".format(branch)
], cwd=GIT_REPO_PATH)
def subcommand_set_repo_description(arguments):
"""Set description of the repository."""
_set_repo_description(arguments.name, arguments.description)
@ -355,10 +412,13 @@ def subcommand_repo_info(arguments):
print(
json.dumps(
dict(name=arguments.name[:-4],
description=_get_repo_description(arguments.name),
owner=_get_repo_owner(arguments.name),
access=_get_access_status(arguments.name))))
dict(
name=arguments.name[:-4],
description=_get_repo_description(arguments.name),
owner=_get_repo_owner(arguments.name),
access=_get_access_status(arguments.name),
default_branch=_get_default_branch(arguments.name),
)))
def subcommand_create_repo(arguments):

10
actions/ikiwiki
View File

@ -46,6 +46,11 @@ def parse_arguments():
return parser.parse_args()
def _is_safe_path(basedir, path):
"""Return whether a path is safe."""
return os.path.realpath(path).startswith(basedir)
def subcommand_setup(_):
"""Perform first time setup operations."""
setup()
@ -106,6 +111,11 @@ def subcommand_delete(arguments):
html_folder = os.path.join(SITE_PATH, arguments.name)
wiki_folder = os.path.join(WIKI_PATH, arguments.name)
if not (_is_safe_path(SITE_PATH, html_folder)
and _is_safe_path(WIKI_PATH, wiki_folder)):
print('Error: {0} is not a correct name.'.format(arguments.name))
exit(1)
try:
shutil.rmtree(html_folder)
shutil.rmtree(wiki_folder)

2
actions/infinoted
View File

@ -144,7 +144,7 @@ def subcommand_setup(_):
except KeyError:
subprocess.run(['addgroup', '--system', 'infinoted'], check=True)
# Create infinoted user is needed.
# Create infinoted user if needed.
try:
pwd.getpwnam('infinoted')
except KeyError:

85
actions/matrixsynapse
View File

@ -5,11 +5,33 @@ Configuration helper for Matrix-Synapse server.
"""
import argparse
import pathlib
import yaml
from plinth import action_utils
from plinth.modules.matrixsynapse import CONFIG_FILE_PATH
from plinth.modules.matrixsynapse import (LISTENERS_CONF_PATH, ORIG_CONF_PATH,
REGISTRATION_CONF_PATH,
STATIC_CONF_PATH)
STATIC_CONFIG = {
'max_upload_size':
'100M',
'password_providers': [{
'module': 'ldap_auth_provider.LdapAuthProvider',
'config': {
'enabled': True,
'uri': 'ldap://localhost:389',
'start_tls': False,
'base': 'ou=users,dc=thisbox',
'attributes': {
'uid': 'uid',
'name': 'uid',
'mail': '',
},
},
}, ],
}
def parse_arguments():
@ -27,41 +49,31 @@ def parse_arguments():
'--domain-name',
help='The domain name that will be used by Matrix Synapse')
subparsers.add_parser(
'move-old-conf',
help='Move old configuration file to backup before reinstall')
subparsers.required = True
return parser.parse_args()
def subcommand_post_install(_):
"""Perform post installation configuration."""
with open(CONFIG_FILE_PATH) as config_file:
config = yaml.load(config_file)
with open(STATIC_CONF_PATH, 'w') as static_conf_file:
yaml.dump(STATIC_CONFIG, static_conf_file)
config['max_upload_size'] = '100M'
# start with listener config from original homeserver.yaml
with open(ORIG_CONF_PATH) as orig_conf_file:
orig_config = yaml.load(orig_conf_file)
for listener in config['listeners']:
listeners = orig_config['listeners']
for listener in listeners:
if listener['port'] == 8448:
listener['bind_addresses'] = ['::', '0.0.0.0']
listener.pop('bind_address', None)
# Setup ldap parameters
config['password_providers'] = [{}]
config['password_providers'][0][
'module'] = 'ldap_auth_provider.LdapAuthProvider'
ldap_config = {
'enabled': True,
'uri': 'ldap://localhost:389',
'start_tls': False,
'base': 'ou=users,dc=thisbox',
'attributes': {
'uid': 'uid',
'name': 'uid',
'mail': ''
}
}
config['password_providers'][0]['config'] = ldap_config
with open(CONFIG_FILE_PATH, 'w') as config_file:
yaml.dump(config, config_file)
with open(LISTENERS_CONF_PATH, 'w') as listeners_conf_file:
yaml.dump({'listeners': listeners}, listeners_conf_file)
def subcommand_setup(arguments):
@ -73,8 +85,17 @@ def subcommand_setup(arguments):
def subcommand_public_registration(argument):
"""Enable/Disable/Status public user registration."""
with open(CONFIG_FILE_PATH) as config_file:
config = yaml.load(config_file)
try:
with open(REGISTRATION_CONF_PATH) as reg_conf_file:
config = yaml.load(reg_conf_file)
except FileNotFoundError:
# Check if its set in original conffile.
with open(ORIG_CONF_PATH) as orig_conf_file:
orig_config = yaml.load(orig_conf_file)
config = {
'enable_registration':
orig_config.get('enable_registration', False)
}
if argument.command == 'status':
if config['enable_registration']:
@ -88,13 +109,21 @@ def subcommand_public_registration(argument):
elif argument.command == 'disable':
config['enable_registration'] = False
with open(CONFIG_FILE_PATH, 'w') as config_file:
yaml.dump(config, config_file)
with open(REGISTRATION_CONF_PATH, 'w') as reg_conf_file:
yaml.dump(config, reg_conf_file)
if action_utils.service_is_running('matrix-synapse'):
action_utils.service_restart('matrix-synapse')
def subcommand_move_old_conf(_arguments):
"""Move old configuration to backup so it can be restored by reinstall."""
conf_file = pathlib.Path(ORIG_CONF_PATH)
if conf_file.exists():
backup_file = conf_file.with_suffix(conf_file.suffix + '.fbx-bak')
conf_file.replace(backup_file)
def main():
arguments = parse_arguments()
sub_command = arguments.subcommand.replace('-', '_')

12
actions/packages
View File

@ -40,6 +40,12 @@ def parse_arguments():
subparser.add_argument(
'--force-configuration', choices=['new', 'old'],
help='force old/new configuration files during install')
subparser.add_argument(
'--reinstall', action='store_true',
help='force re-installation of package even if it is current')
subparser.add_argument(
'--force-missing-configuration', action='store_true',
help='force installation of missing configuration files')
subparser.add_argument(
'module', help='name of module for which package is being installed')
subparser.add_argument('packages', nargs='+',
@ -94,6 +100,12 @@ def subcommand_install(arguments):
elif arguments.force_configuration == 'new':
extra_arguments += ['-o', 'Dpkg::Options::=--force-confnew']
if arguments.reinstall:
extra_arguments.append('--reinstall')
if arguments.force_missing_configuration:
extra_arguments += ['-o', 'Dpkg::Options::=--force-confmiss']
subprocess.run(['dpkg', '--configure', '-a'])
with _apt_hold():
run_apt_command(['--fix-broken', 'install'])

87
actions/radicale
View File

@ -6,21 +6,13 @@ Configuration helper for Radicale.
import argparse
import os
import shutil
import subprocess
import tempfile
import augeas
from plinth import action_utils
from plinth.modules import radicale
COLLECTIONS_PATH = '/var/lib/radicale/collections'
LOG_PATH = '/var/log/radicale'
CONFIG_FILE = '/etc/radicale/config'
DEFAULT_FILE = '/etc/default/radicale'
LOG_PATH = '/var/log/radicale'
def parse_arguments():
@ -28,89 +20,32 @@ def parse_arguments():
parser = argparse.ArgumentParser()
subparsers = parser.add_subparsers(dest='subcommand', help='Sub command')
subparsers.add_parser('setup', help='Setup Radicale configuration')
subparsers.add_parser('migrate', help='Migrate config to radicale 2.x')
subparsers.add_parser('fix-collections',
help='Ensure collections path exists')
configure = subparsers.add_parser('configure',
help='Configure various options')
configure.add_argument('--rights_type',
help='Set the rights type for radicale')
subparsers.add_parser('fix-paths', help='Ensure paths exists')
subparsers.required = True
return parser.parse_args()
def subcommand_setup(_):
"""Setup Radicale configuration."""
current_version = radicale.get_package_version()
if not current_version:
print('Warning: Unable to get radicale version.')
aug = load_augeas()
if current_version and current_version < radicale.VERSION_2:
aug.set('/files' + DEFAULT_FILE + '/ENABLE_RADICALE', 'yes')
aug.set('/files' + CONFIG_FILE + '/server/hosts',
'127.0.0.1:5232, [::1]:5232')
aug.set('/files' + CONFIG_FILE + '/server/base_prefix', '/radicale/')
aug.set('/files' + CONFIG_FILE + '/well-known/caldav',
'/radicale/%(user)s/caldav/')
aug.set('/files' + CONFIG_FILE + '/well-known/carddav',
'/radicale/%(user)s/carddav/')
aug.set('/files' + CONFIG_FILE + '/auth/type', 'remote_user')
aug.set('/files' + CONFIG_FILE + '/rights/type', 'owner_only')
aug.save()
def subcommand_migrate(_):
"""Migrate from radicale 1.x to 2.x."""
current_version = radicale.get_package_version()
# Migrate data from radicale 1.x to radicale 2.x format.
if current_version and current_version < radicale.VERSION_2:
with tempfile.TemporaryDirectory() as temp_directory:
export_location = os.path.join(temp_directory, 'radicale-export')
subprocess.run(['radicale', '--export-storage', export_location],
check=True)
collection_root = os.path.join(export_location, 'collection-root')
shutil.copytree(collection_root,
os.path.join(COLLECTIONS_PATH, 'collection-root'))
subprocess.run(
['chown', '-R', 'radicale:radicale', COLLECTIONS_PATH],
check=True)
action_utils.webserver_disable('radicale-plinth')
def subcommand_configure(arguments):
"""Sets the radicale rights type to a particular value"""
current_version = radicale.get_package_version()
if not current_version:
print('Warning: Unable to get radicale version.')
if current_version and current_version >= radicale.VERSION_2:
if arguments.rights_type == 'owner_only':
# Radicale 2.x default rights file is equivalent to owner_only.
arguments.rights_type = 'from_file'
if arguments.rights_type == 'owner_only':
# Default rights file is equivalent to owner_only.
arguments.rights_type = 'from_file'
aug = load_augeas()
aug.set('/files' + CONFIG_FILE + '/rights/type', arguments.rights_type)
aug.save()
if current_version and current_version >= radicale.VERSION_2:
action_utils.service_try_restart('uwsgi')
else:
action_utils.service_try_restart('radicale')
action_utils.service_try_restart('uwsgi')
def subcommand_fix_collections(_):
"""Fix collections path to work around a bug."""
# Workaround for bug in radicale's uwsgi script (#919339)
if not os.path.exists(COLLECTIONS_PATH):
os.makedirs(COLLECTIONS_PATH)
def subcommand_fix_paths(_):
"""Fix log path to work around a bug."""
# Workaround for bug in radicale's uwsgi script (#931201)
if not os.path.exists(LOG_PATH):
os.makedirs(LOG_PATH)
@ -120,10 +55,6 @@ def load_augeas():
aug = augeas.Augeas(flags=augeas.Augeas.NO_LOAD +
augeas.Augeas.NO_MODL_AUTOLOAD)
# shell-script config file lens
aug.set('/augeas/load/Shellvars/lens', 'Shellvars.lns')
aug.set('/augeas/load/Shellvars/incl[last() + 1]', DEFAULT_FILE)
# INI file lens
aug.set('/augeas/load/Puppet/lens', 'Puppet.lns')
aug.set('/augeas/load/Puppet/incl[last() + 1]', CONFIG_FILE)

14
actions/ssh
View File

@ -26,12 +26,12 @@ def parse_arguments():
get_keys = subparsers.add_parser('get-keys',
help='Get SSH authorized keys')
get_keys.add_argument('--username')
get_keys.add_argument('--username', required=True, type=_managed_user)
set_keys = subparsers.add_parser('set-keys',
help='Set SSH authorized keys')
set_keys.add_argument('--username')
set_keys.add_argument('--keys')
set_keys.add_argument('--username', required=True, type=_managed_user)
set_keys.add_argument('--keys', required=True)
subparsers.add_parser('get-password-config',
help='Get SSH password auth configuration')
@ -44,6 +44,14 @@ def parse_arguments():
return parser.parse_args()
def _managed_user(username):
"""Raise an error if the user is root."""
if pwd.getpwnam(username).pw_gid == 0:
msg = 'User {} is not managed by FreedomBox'.format(username)
raise argparse.ArgumentTypeError(msg)
return username
def subcommand_setup(arguments):
"""Setup Open SSH server.

21
actions/storage
View File

@ -76,10 +76,31 @@ def subcommand_expand_partition(arguments):
file=sys.stderr)
sys.exit(4)
if requested_partition['table_type'] == 'gpt':
_move_gpt_second_header(device)
_resize_partition(device, requested_partition, free_space)
_resize_file_system(device, requested_partition, free_space)
def _move_gpt_second_header(device):
"""Move second header to the end of the disk.
GPT scheme has two mostly identical partition table headers. One at the
beginning of the disk and one at the end. When an image is written to
larger disk, the second header is not at the end of the disk. Fix that by
moving second partition to end of the disk before attempting partition
resize.
"""
command = ['sgdisk', '--move-second-header', device]
try:
subprocess.run(command, check=True)
except subprocess.CalledProcessError:
print('Error moving GPT second header to the end')
sys.exit(6)
def _resize_partition(device, requested_partition, free_space):
"""Resize the partition table entry."""
command = [

2
actions/syncthing
View File

@ -33,7 +33,7 @@ def subcommand_setup(_):
except KeyError:
subprocess.run(['addgroup', '--system', 'syncthing'], check=True)
# Create syncthing user is needed.
# Create syncthing user if needed.
try:
pwd.getpwnam('syncthing')
except KeyError:

91
actions/upgrades
View File

@ -13,22 +13,26 @@ import sys
from plinth.action_utils import run_apt_command
from plinth.modules.apache.components import check_url
from plinth.modules.upgrades import (get_current_release, is_backports_current,
SOURCES_LIST)
AUTO_CONF_FILE = '/etc/apt/apt.conf.d/20auto-upgrades'
LOG_FILE = '/var/log/unattended-upgrades/unattended-upgrades.log'
DPKG_LOG_FILE = '/var/log/unattended-upgrades/unattended-upgrades-dpkg.log'
BUSTER_BACKPORTS_RELEASE_FILE_URL = \
'https://deb.debian.org/debian/dists/buster-backports/Release'
BACKPORTS_RELEASE_FILE_URL = \
'https://deb.debian.org/debian/dists/{}-backports/Release'
APT_PREFERENCES_FREEDOMBOX = '''Explanation: This file is managed by FreedomBox, do not edit.
Explanation: Allow carefully selected updates to 'freedombox' from backports.
Package: freedombox
Pin: release a={}-backports
Pin-Priority: 500
'''
# Whenever these preferences needs to change, increment the version number
# upgrades app. This ensures that setup is run again and the new contents are
# overwritten on the old file.
APT_PREFERENCES = '''Explanation: This file is managed by FreedomBox, do not edit.
Explanation: Allow carefully selected updates to 'freedombox' from backports.
Package: freedombox
Pin: release a=buster-backports
Pin-Priority: 500
APT_PREFERENCES_APPS = '''Explanation: This file is managed by FreedomBox, do not edit.
Explanation: matrix-synapse 0.99.5 introduces room version 4. Older version
Explanation: 0.99.2 in buster won't be able join newly created rooms.
Package: matrix-synapse
@ -59,6 +63,16 @@ Explanation: python3-twisted requires matching version of python3-twisted-bin
Package: python3-twisted-bin
Pin: release a=buster-backports
Pin-Priority: 500
Explanation: matrix-synapse >= 1.16 requires python3-attr >= 19.1.0~
Package: python3-attr
Pin: release a=buster-backports
Pin-Priority: 500
Explanation: matrix-synapse >= 1.19 requires python3-canonicaljson >= 1.2.0
Package: python3-canonicaljson
Pin: release a=buster-backports
Pin-Priority: 500
'''
@ -75,8 +89,12 @@ def parse_arguments():
subparsers.add_parser('get-log', help='Print the automatic upgrades log')
subparsers.add_parser('setup', help='Setup apt preferences')
subparsers.add_parser('setup-repositories',
help='Setup software repositories for FreedomBox')
setup_repositories = subparsers.add_parser(
'setup-repositories',
help='Setup software repositories for FreedomBox')
setup_repositories.add_argument('--develop', required=False, default=False,
action='store_true',
help='Development mode')
subparsers.required = True
return parser.parse_args()
@ -162,37 +180,37 @@ def _get_protocol():
return 'http'
def _is_release_file_available(protocol):
def _is_release_file_available(protocol, dist):
"""Return whether the release for backports is available."""
wrapper = None
if protocol == 'tor+http':
wrapper = 'torsocks'
result = check_url(BUSTER_BACKPORTS_RELEASE_FILE_URL, wrapper=wrapper)
result = check_url(BACKPORTS_RELEASE_FILE_URL.format(dist),
wrapper=wrapper)
return result == 'passed'
def _add_buster_backports_sources(sources_list, protocol):
"""Add buster backports sources to freedombox repositories list."""
def _add_backports_sources(sources_list, protocol, dist):
"""Add backports sources to freedombox repositories list."""
sources = '''# This file is managed by FreedomBox, do not edit.
# Allow carefully selected updates to 'freedombox' from backports.
deb {protocol}://deb.debian.org/debian buster-backports main
deb-src {protocol}://deb.debian.org/debian buster-backports main
deb {protocol}://deb.debian.org/debian {dist}-backports main
deb-src {protocol}://deb.debian.org/debian {dist}-backports main
'''
sources = sources.format(protocol=protocol)
sources = sources.format(protocol=protocol, dist=dist)
with open(sources_list, 'w') as file_handle:
file_handle.write(sources)
def _check_and_backports_sources():
"""Add buster backports sources after checking if it is available."""
def _check_and_backports_sources(develop=False):
"""Add backports sources after checking if it is available."""
old_sources_list = '/etc/apt/sources.list.d/freedombox.list'
if os.path.exists(old_sources_list):
os.remove(old_sources_list)
sources_list = '/etc/apt/sources.list.d/freedombox2.list'
if os.path.exists(sources_list):
if is_backports_current():
print('Repositories list up-to-date. Skipping update.')
return
@ -211,9 +229,8 @@ def _check_and_backports_sources():
'backports.')
return
release = subprocess.check_output(['lsb_release', '--release',
'--short']).decode().strip()
if release in ['testing', 'unstable']:
release, dist = get_current_release()
if release == 'unstable' or (release == 'testing' and not develop):
print(f'System release is {release}. Skip enabling backports.')
return
@ -221,12 +238,14 @@ def _check_and_backports_sources():
if protocol == 'tor+http':
print('Package download over Tor is enabled.')
if not _is_release_file_available(protocol):
print('Release file for Buster backports is not available yet.')
if not _is_release_file_available(protocol, dist):
print(f'Release file for {dist}-backports is not available yet.')
return
print('Buster backports is now available. Adding to sources.')
_add_buster_backports_sources(sources_list, protocol)
print(f'{dist}-backports is now available. Adding to sources.')
_add_backports_sources(SOURCES_LIST, protocol, dist)
# In case of dist upgrade, rewrite the preferences file.
_add_apt_preferences()
def _add_apt_preferences():
@ -240,8 +259,16 @@ def _add_apt_preferences():
# Don't try to remove 50freedombox3.pref as this file is shipped with the
# Debian package and is removed using maintainer scripts.
with open(base_path / '50freedombox4.pref', 'w') as file_handle:
file_handle.write(APT_PREFERENCES)
_, dist = get_current_release()
if dist == 'sid':
print(f'System distribution is {dist}. Skip setting apt preferences '
'for backports.')
else:
print(f'Setting apt preferences for {dist}-backports.')
with open(base_path / '50freedombox4.pref', 'w') as file_handle:
file_handle.write(APT_PREFERENCES_FREEDOMBOX.format(dist))
with open(base_path / '51freedombox-apps.pref', 'w') as file_handle:
file_handle.write(APT_PREFERENCES_APPS)
def subcommand_setup(_):
@ -249,14 +276,14 @@ def subcommand_setup(_):
_add_apt_preferences()
def subcommand_setup_repositories(_):
def subcommand_setup_repositories(arguments):
"""Setup software repositories needed for FreedomBox.
Repositories list for now only contains the backports. If the file exists,
assume that it contains backports.
"""
_check_and_backports_sources()
_check_and_backports_sources(arguments.develop)
def main():

84
container
View File

@ -112,23 +112,29 @@ in /run/systemd/nspawn. All machinectl commands should work.
"""
import argparse
import datetime
import ipaddress
import itertools
import json
import logging
import os
import pathlib
import re
import subprocess
import sys
import tempfile
import time
import urllib.parse
from urllib.request import urlopen
URLS = {
'stable': 'https://ftp.freedombox.org/pub/freedombox/hardware/'
'amd64/stable/freedombox-stable-free_buster_all-amd64.img.xz',
'testing': 'https://ftp.freedombox.org/pub/freedombox/hardware/'
'amd64/testing/freedombox-testing-free_latest_all-amd64.img.xz',
'amd64/testing/freedombox-testing-free_dev_all-amd64.img.xz',
'unstable': 'https://ftp.freedombox.org/pub/freedombox/hardware/'
'amd64/nightly/freedombox-unstable-free_dev_all-amd64.img.xz',
}
TRUSTED_KEYS = ['013D86D8BA32EAB4A6691BF85D4153D6FE188FC8']
@ -172,33 +178,42 @@ def parse_arguments():
parser = argparse.ArgumentParser()
subparsers = parser.add_subparsers(dest='subcommand', help='Sub command')
distributions = list(URLS.keys())
# Up
subparser = subparsers.add_parser('up', help='Bring up the container')
subparser.add_argument(
'--distribution', choices=['stable', 'testing'], default='testing',
'--distribution', choices=distributions, default='testing',
help='Distribution of the image to download and setup')
subparser.add_argument('--image-size', default='8G',
help='Disk image size to resize to after download')
# ssh
subparser = subparsers.add_parser('ssh', help='SSH into the container')
subparser.add_argument('--distribution', choices=['stable', 'testing'],
subparser.add_argument('--distribution', choices=distributions,
default='testing',
help='Distribution of the container to SSH into')
# Stop
subparser = subparsers.add_parser('stop', help='Stop the container')
subparser.add_argument('--distribution', choices=['stable', 'testing'],
subparser.add_argument('--distribution', choices=distributions,
default='testing',
help='Distribution of the container to stop')
# Destroy
subparser = subparsers.add_parser('destroy',
help='Destroy the container image')
subparser.add_argument('--distribution', choices=['stable', 'testing'],
subparser.add_argument('--distribution', choices=distributions,
default='testing',
help='Distribution of the image to delete')
# Update
subparser = subparsers.add_parser(
'update', help='Update the container image to the latest version')
subparser.add_argument('--distribution', choices=distributions,
default='testing',
help='Distribution of the image to update')
return parser.parse_args()
@ -269,11 +284,14 @@ def _get_systemd_nspawn_version():
systemd_version = float(process.stdout.decode().split()[1])
def _download_file(url, target_file):
def _download_file(url, target_file, force=False):
"""Download a file from remote URL."""
if target_file.exists():
if target_file.exists() and not force:
return
if force:
os.remove(target_file)
partial_file = target_file.with_suffix(target_file.suffix + '.partial')
logger.info('Downloading %s', target_file)
@ -362,17 +380,17 @@ def _get_overlay_folder(distribution):
return folder.resolve()
def _download_disk_image(distribution):
def _download_disk_image(distribution, force=False):
"""Download and unpack FreedomBox disk image."""
work_directory.mkdir(exist_ok=True)
url = URLS[distribution]
target_file = _get_compressed_image_path(distribution)
_download_file(url, target_file)
_download_file(url, target_file, force=force)
signature_file = target_file.with_suffix(target_file.suffix + '.sig')
_download_file(url + '.sig', signature_file)
_download_file(url + '.sig', signature_file, force=force)
_verify_signature(target_file, signature_file)
@ -401,6 +419,8 @@ def _resize_disk_image(image_file, new_size):
['sudo', 'kpartx', '-avs', str(image_file)], stdout=subprocess.PIPE,
check=True)
partition = '/dev/mapper/' + process.stdout.decode().split()[2]
subprocess.run(['sudo', 'btrfstune', '-uf', partition], check=True)
with tempfile.TemporaryDirectory(
dir=work_directory.resolve()) as mount_point:
subprocess.run(['sudo', 'mount', partition, mount_point], check=True)
@ -432,6 +452,18 @@ def _runc(image_file, command, **kwargs):
**kwargs)
def _get_interface_name(distribution):
"""Return the name of the interface."""
interface = f've-fbx-{distribution}'
process = subprocess.run(['systemd-nspawn', '--version'],
stdout=subprocess.PIPE, check=True)
version = process.stdout.decode().splitlines()[0].split()[1]
if int(float(version)) < 245:
return interface[:14]
return interface
def _setup_nm_connection(distribution):
"""Create a network manager conn. on host for DHCP/DNS with container."""
connection_name = f'fbx-{distribution}-shared'
@ -446,7 +478,7 @@ def _setup_nm_connection(distribution):
properties = {
'connection.id': connection_name,
'connection.type': '802-3-ethernet',
'connection.interface-name': f've-fbx-{distribution}',
'connection.interface-name': _get_interface_name(distribution),
'connection.autoconnect': 'yes',
'ipv4.method': 'shared',
}
@ -738,7 +770,7 @@ def _get_ssh_command(ip_address, distribution):
"""Exec an SSH command."""
public_key = work_directory / 'ssh' / 'id_ed25519'
if ipaddress.ip_address(ip_address).is_link_local:
ip_address = f'{ip_address}%ve-fbx-{distribution}'
ip_address = f'{ip_address}%' + _get_interface_name(distribution)
return [
'ssh', '-i',
@ -761,6 +793,25 @@ def _wait_for(method):
sys.exit(1)
def _get_latest_image_timestamp(distribution):
"""Get the timestamp of the latest available image."""
url = URLS[distribution]
response = urlopen(url[0:url.rindex('/')])
page_contents = response.read().decode()
str_time = re.findall(r'\d{2}-[A-Z][a-z]{2}-\d{4} \d{2}:\d{2}',
page_contents)[0]
return datetime.datetime.strptime(str_time, '%d-%b-%Y %H:%M').timestamp()
def _is_update_required(distribution):
"""Compare local image timestamp against the latest image timestamp."""
filename = URLS[distribution].split('/')[-1]
local_image_timestamp = os.path.getmtime(work_directory / filename)
one_day = datetime.timedelta(days=1).total_seconds()
latest_image_timestamp = _get_latest_image_timestamp(distribution)
return latest_image_timestamp - local_image_timestamp > one_day
def subcommand_up(arguments):
"""Download, setup and bring up the container."""
machine_name = f'fbx-{arguments.distribution}'
@ -797,6 +848,15 @@ def subcommand_destroy(arguments):
_destroy(arguments.distribution)
def subcommand_update(arguments):
"""Update the disk image."""
if _is_update_required(arguments.distribution):
logger.info("Updating...")
_download_disk_image(arguments.distribution, force=True)
else:
logger.info("Already using the latest image")
def main():
"""Parse arguments and perform operations."""
logging.basicConfig(level='INFO', format='> %(message)s')

261
debian/changelog vendored
View File

@ -1,3 +1,264 @@
plinth (20.14) unstable; urgency=high
[ Fioddor Superconcentrado ]
* Translated using Weblate (Spanish)
* Translated using Weblate (Spanish)
* sudo user needed for container
* Branch-out
* Specify machine
* Fix typo
* post-processor: Solve 1908 fixing the wiki links fix
* Translated using Weblate (Spanish)
* Translated using Weblate (Spanish)
* jsxc, sharing: Add 'Learn more...' link for help pages
* wireguard: Add 'Learn more...' link for help page
* doc: wikiparser: Resolve URLs for locally available pages
* HACKING.md: Instructions for container-related troubleshooting
* i18n: Mark strings missed for translation
* snapshots: Clarify description for disabling yearly snapshots
[ Doma Gergő ]
* Translated using Weblate (Hungarian)
* Translated using Weblate (Hungarian)
[ Sunil Mohan Adapa ]
* upgrades: Minor isort fix
* upgrades: Remove unused context variable
* security: Don't show report button as part of backports notice
* upgrades: security: Don't with the technical term 'backports' in UI
* matrixsynapse: Allow upgrade to version 1.17
* backups: Make app available by default
* samba: cosmetic: Minor yapf fixes
* container: unstable: Handle interface naming for systemd < 245
* storage: Fix expanding partitions on GPT partition tables
* matrixsynapse: Rename Riot to Element
* ejabberd, mumble, wireguard: Update Apple app links
* menu: Update documentation to clarify that icons can be files
* frontpage: Fix documentation related to renamed parameter
* bepasty: Make description a private variable
* bepasty: Expand app description
* bepasty: Tighten permissions on the uwsgi socket
* infinoted, syncthing: Fix minor typo in a comment
* bepasty: Add diagnostics tests on app URL
* bepasty: Minor fixes
* bepasty: tests: functional: Add a password before removing all
* bepasty: Resize SVG to 512x512 for consistency with other icons
* bepasty: Add "Snippet" in category/short description
* bepasty: Update UI strings for permissions
* bepasty: Require at least one permission on a password
* bepasty: Simplify configuration file handling
* js: Don't show running status on buttons pulled to right
* diagnostics: Prevent showing running status on diagnostics menu item
* help, networks: Clarify i18n different contexts for "Manual"
* radicale: Stop service during backup and restore
* radicale: tests: functional: Add test for backup/restore
* doc: Recompile when parser script changes
* doc: wikiparser: Handle processing instructions
* doc: wikiparser: Fix attachment URLs in regular links
* doc: wikiparser: When processing single pages, ignore header/footer
* doc: wikiparser: Generate colspec for tables
* doc: wikiparser: Handle table of contents macro without parenthesis
* doc: wikiparser: Handle more paragraph breakers
* doc: wikiparser: Parse content inside a comment
* doc: wikiparser: Allow empty lines between list items
* doc: wikiparser: Fix parsing URLs, simplify plain text parsing
* doc: wikiparser: Resolve relative URLs
* doc: wikiparser: Preserve spaces during parsing and generation
* doc: wikiparser: Handle existing # in links, don't append again
* doc: wikiparser: Assign text to URLs that don't provide them
* doc: wikiparser: Handle wiki links starting with a /
* doc: wikiparser: Allow lists to started with just spaces
* doc: wikiparser: Strip spaces from attachment's text
* doc: wikiparser: Place anchors inside paragraphs
* doc: wikiparser: Sort imagedata properties
* doc: wikiparser: Retain the text for icons
* doc: wikiparser: Set icon dimensions to old values (temporarily)
* doc: wikiparser: Handle empty table cells
* doc: wikiparser: Fix some flake8 warnings
* doc: wikiparser: Improve links relative to included files
* doc: wikiparser: Fix issue with parsing inline code blocks
* doc: wikiparser: Handle markup inside italic/bold markup
* doc: wikiparser: Format text inside admonitions properly
* doc: Drop post processor as it is not needed anymore
* doc: wikiparser: Incorporate post processing fixes
* doc: Simplify make file by eliminating targets for intermediates
* doc: wikiparser: Add note about some incorrect links
* doc: Update the test script for wikiparser
* manual: Fetch latest images
* doc: Fetch latest manual
* firewall: Use service files for showing port forwarding info
* firewall: Show port forwarding info in tabular format
* kvstore: Allow module to be imported before Django init
* networks: Expose API to get/set network meta info
* firewall: Show port forwarding info contextually
* doc: wikiparser: Fix a minor flake8 issue
* doc: wikiparser: Fix issue with some URL containing dup. lang part
* doc: wikiparser: Make it easier to run with a #! at the top
* doc: wikiparser: Reduce build verbosity
* upgrades: Fix issue with checking if backports is current
* upgrades: Separate concepts for backports enabled vs. requested
* upgrades, security: Use consistent terminology 'activate'
* backports: When upgrading from older version, assumed requested
* package: Add ability to reinstall a package
* matrixsynapse: Perform a one time conversion to new config format
* doc: manual: Fetch latest manual, remove non-existent images/pages
* doc: wikiparser: Use icons from the icons directory
* doc: wikiparser: Show icons with full size
* doc: manual: Replace manual icons to drop CC 2.5 license
* deluge: Use older icon to drop CC 2.0 license
[ Joseph Nuthalapati ]
* searx: Add functional test for app availability
* container: Add unstable distribution
* functional-tests: Fix instructions for running functional tests
* functional-tests: Use latest version of splinter
* framework: Remove module init() functions
* wireguard: Remove hardcoded Windows client version
* functional-tests: splinter 0.14.0 is in PyPI
* apps: Remove Coquelicot
* matrix-synapse: Upgrade to 1.19
* container: Use builds with build-deps included
[ James Valleroy ]
* ci: Allow fuse to be installed
* tests: functional: Strip trailing / from FREEDOMBOX_URL
* ejabberd: Use new ruamel.yaml API and allow duplicate keys
* locale: Update translation strings
* doc: Fetch latest manual
* debian: Add gbp dch config
* debian: Fix use of wildcard path in copyright
* debian: Split copyright paragraph to avoid lintian error
* radicale: Remove code to handle 1.x
* doc: Fetch latest manual
* bepasty: New app for file upload and sharing
* bepasty: Add public access config form
* bepasty: Fetch manual page
* locale: Update translation strings
* doc: Add moinmoin wiki parser
* wikiparser: Fix spaces, multi-line, languages, icons
* doc: Use Makefile to fetch raw wiki files
* doc: Add icons used in manual
* manual: Add raw wiki files of included pages
* manual: Remove checked-in xml files
* wikiparser: Don't render Admonition with style comment
* test-wikiparser: Remove fixes.xslt step
* debian: Add unit tests to autopkgtest
* apache: Disable mod_status (CVE-2020-25073)
* debian: Don't show first wizard secret on command line
* debian: Remove unused vars from postinst
* matrixsynapse: Use conf.d snippets
* upgrades: Change backports activation message wording
* upgrades: Display correct backports info for unstable
* upgrades: Add first boot step to configure backports
* upgrades: Use kvstore and then file to determine if backports are enabled
* debian: Temporarily revert source package rename
* locale: Update translation strings
* doc: Fetch latest manual
[ Veiko Aasa ]
* samba: Hide common system partitions
* ikiwiki: Validate a path when deleting wiki or blog
* ssh: Disallow managing keys for the root user
* debian: Add newline to end of /var/lib/plinth/firstboot-wizard-secret
* functional-tests: snapshot: Skip if filesystem doesn't support snapshots
* container: Randomize btrfs partition UUID
* gitweb: Fix enable auth webserver component on app init
* gitweb: Add ability to change default branch
[ Павел Протасов ]
* Translated using Weblate (Russian)
[ Michael Breidenbach ]
* Translated using Weblate (German)
* Translated using Weblate (Swedish)
* Translated using Weblate (German)
* Translated using Weblate (Swedish)
* Translated using Weblate (German)
* Translated using Weblate (Swedish)
[ ikmaak ]
* Translated using Weblate (Dutch)
* Translated using Weblate (Dutch)
[ Burak Yavuz ]
* Translated using Weblate (Turkish)
* Translated using Weblate (Turkish)
* Translated using Weblate (Turkish)
* Translated using Weblate (Turkish)
[ Xosé M ]
* Translated using Weblate (Galician)
[ Jens Molgaard ]
* Translated using Weblate (Danish)
[ Nikita Epifanov ]
* Translated using Weblate (Russian)
* Translated using Weblate (Russian)
[ Dietmar ]
* Translated using Weblate (German)
[ Johannes Keyser ]
* Translated using Weblate (German)
[ Diego Roversi ]
* Translated using Weblate (Italian)
[ Artem ]
* Translated using Weblate (Russian)
[ Ralf Barkow ]
* Translated using Weblate (German)
[ Reg Me ]
* Translated using Weblate (Dutch)
* Translated using Weblate (Dutch)
[ Q.-A. Nick ]
* upgrades, security: Update the messages describing backports
-- James Valleroy <jvalleroy@mailbox.org> Tue, 15 Sep 2020 17:03:43 -0400
freedombox (20.13) unstable; urgency=medium
[ Sunil Mohan Adapa ]
* Rename source package from plinth to freedombox.
[ Veiko Aasa ]
* minidlna: Do not expose statistics over public web
[ Benjamin Ortiz ]
* backups: Allow remote repository usernames to start with numbers
[ James Valleroy ]
* upgrades: Update apt cache before manual update
* upgrades: Parameterize backports dist name
* upgrades: Use current release codename when enabling backports
* upgrades: Use codename to pin freedombox from backports
* security: Move backports notice to security page
* upgrades: Add button to activate backports
* upgrades: Use only sources file to determine if backports enabled
* upgrades: Check that backports is for current release
* upgrades: Rewrite apt prefs file when activating backports
* upgrades: Enable backports for testing only in development mode
* upgrades: Show dist of backports to be activated
* upgrades: Split apt preferences into 2 files
* upgrades: Refactor use of lsb_release
* locale: Update translation strings
* doc: Fetch latest manual
[ Allan Nordhøy ]
* Translated using Weblate (Norwegian Bokmål)
[ Tang Zongxun ]
* Translated using Weblate (Chinese (Simplified))
[ Doma Gergő ]
* Translated using Weblate (Hungarian)
-- Federico Ceratto <federico@debian.org> Sat, 18 Jul 2020 12:14:08 +0100
plinth (20.12.1~bpo10+1) buster-backports; urgency=high
* Rebuild for buster-backports.

2
debian/control vendored
View File

@ -72,6 +72,8 @@ Depends:
e2fsprogs,
fonts-fork-awesome,
fonts-lato,
# sgdisk is used in storage app to expand GPT disks
gdisk,
gettext,
gir1.2-glib-2.0,
gir1.2-nm-1.0,

298
debian/copyright vendored
View File

@ -2,8 +2,10 @@ Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Source: https://salsa.debian.org/freedombox-team/freedombox
Files: *
static/themes/default/icons/coquelicot.svg
static/themes/default/icons/jsxc.png
Copyright: 2011-2020 FreedomBox Authors
License: AGPL-3+
Files: static/themes/default/icons/jsxc.png
static/themes/default/icons/jsxc.svg
static/themes/default/icons/mldonkey.svg
Copyright: 2011-2019 FreedomBox Authors
@ -36,6 +38,11 @@ Copyright: Marie Van den Broeck (https://thenounproject.com/marie49/)
Comment: https://thenounproject.com/icon/162372/
License: CC-BY-SA-3.0
Files: static/themes/default/icons/bepasty.svg
Copyright: (c) 2014 by the Bepasty Team, see the AUTHORS file.
Comment: https://github.com/bepasty/bepasty-server/blob/master/src/bepasty/static/app/bepasty.svg
License: BSD-2-clause
Files: static/themes/default/icons/cockpit.svg
Copyright: Cockpit Authors (https://github.com/cockpit-project/cockpit/blob/master/AUTHORS)
Comment: https://github.com/cockpit-project/cockpit/blob/master/src/branding/default/logo.svg
@ -48,15 +55,11 @@ Comment: Video Call by Kmg Design from the Noun Project https://thenounproject.c
License: CC-BY-3.0-US
Files: static/themes/default/icons/deluge.png
static/themes/default/icons/deluge.svg
Copyright: 2007 Andrew Wedderburn
Comment: https://upload.wikimedia.org/wikipedia/commons/thumb/8/85//Deluge-Logo.svg/2000px-Deluge-Logo.svg.png
Comment: https://commons.wikimedia.org/wiki/File:Deluge-Logo.svg
License: GPL-2+
Files: static/themes/default/icons/deluge.svg
Copyright: Jakub Steiner, Tuomas Kuosmanen
Comment: https://git.deluge-torrent.org/deluge/tree/deluge/ui/data/icons/hicolor/scalable/apps/deluge.svg
License: CC-BY-SA-2.0
Files: static/themes/default/icons/diaspora.png
static/themes/default/icons/diaspora.svg
static/themes/default/icons/ejabberd.png
@ -66,7 +69,12 @@ Files: static/themes/default/icons/diaspora.png
static/themes/default/icons/privoxy.png
static/themes/default/icons/privoxy.svg
static/themes/default/icons/radicale.svg
static/themes/default/img/network-*
static/themes/default/img/network-connection.svg
static/themes/default/img/network-connection-vertical.svg
static/themes/default/img/network-ethernet.svg
static/themes/default/img/network-internet.svg
static/themes/default/img/network-spacing.svg
static/themes/default/img/network-wireless.svg
Copyright: None
Comment: Placed into public domain by authors (or)
Do not meet the threshold of originality
@ -77,6 +85,11 @@ Comment: Placed into public domain by authors (or)
https://github.com/resiprocate/resiprocate/blob/master/resip/stack/doc/reSIProcate-logo.svg
License: public-domain
Files: doc/manual/en/images/icons/*
Copyright: 2020 Adwaita Icon Theme Authors, GNOME Project
Comment: https://github.com/GNOME/adwaita-icon-theme/ http://www.gnome.org
License: LGPL-3 or CC-BY-SA-3.0-US
Files: static/themes/default/icons/f-droid.png
static/themes/default/icons/f-droid.svg
Copyright: 2012 William Theaker
@ -971,6 +984,27 @@ License: Apache-2.0
On Debian systems, the full text of the Apache Software License version 2 can
be found in the file `/usr/share/common-licenses/Apache-2.0'.
License: BSD-2-clause
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
.
1. Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
License: BSD-3-clause
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
@ -1889,16 +1923,8 @@ License: CC-BY-3.0-US
.
Creative Commons may be contacted at https://creativecommons.org/.
License: CC-BY-SA-2.0
Creative Commons Attribution-ShareAlike 2.0
.
CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL
SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN ATTORNEY-CLIENT
RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS.
CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE INFORMATION PROVIDED, AND
DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM ITS USE.
.
License
License: CC-BY-SA-3.0-US
Creative Commons Attribution-ShareAlike 3.0 United States
.
THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE
COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY
@ -1906,20 +1932,30 @@ License: CC-BY-SA-2.0
AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED.
.
BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE TO BE
BOUND BY THE TERMS OF THIS LICENSE. THE LICENSOR GRANTS YOU THE RIGHTS
CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND
CONDITIONS.
BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS LICENSE MAY BE
CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU THE RIGHTS CONTAINED HERE
IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND CONDITIONS.
.
1. Definitions
.
a. "Collective Work" means a work, such as a periodical issue, anthology or
encyclopedia, in which the Work in its entirety in unmodified form, along with
a number of other contributions, constituting separate and independent works in
one or more other contributions, constituting separate and independent works in
themselves, are assembled into a collective whole. A work that constitutes a
Collective Work will not be considered a Derivative Work (as defined below) for
the purposes of this License.
.
b. "Derivative Work" means a work based upon the Work or upon the Work and
b. "Creative Commons Compatible License" means a license that is listed at
https://creativecommons.org/compatiblelicenses that has been approved by
Creative Commons as being essentially equivalent to this License, including, at
a minimum, because that license: (i) contains terms that have the same purpose,
meaning and effect as the License Elements of this License; and, (ii)
explicitly permits the relicensing of derivatives of works made available under
that license under this License or either a Creative Commons unported license
or a Creative Commons jurisdiction license with the same License Elements as
this License.
.
c. "Derivative Work" means a work based upon the Work or upon the Work and
other pre-existing works, such as a translation, musical arrangement,
dramatization, fictionalization, motion picture version, sound recording, art
reproduction, abridgment, condensation, or any other form in which the Work may
@ -1930,23 +1966,24 @@ License: CC-BY-SA-2.0
timed-relation with a moving image ("synching") will be considered a Derivative
Work for the purpose of this License.
.
c. "Licensor" means the individual or entity that offers the Work under the
terms of this License.
d. "License Elements" means the following high-level license attributes as
selected by Licensor and indicated in the title of this License: Attribution,
ShareAlike.
.
d. "Original Author" means the individual or entity who created the Work.
e. "Licensor" means the individual, individuals, entity or entities that offers
the Work under the terms of this License.
.
e. "Work" means the copyrightable work of authorship offered under the terms of
f. "Original Author" means the individual, individuals, entity or entities who
created the Work.
.
g. "Work" means the copyrightable work of authorship offered under the terms of
this License.
.
f. "You" means an individual or entity exercising rights under this License who
h. "You" means an individual or entity exercising rights under this License who
has not previously violated the terms of this License with respect to the Work,
or who has received express permission from the Licensor to exercise rights
under this License despite a previous violation.
.
g. "License Elements" means the following high-level license attributes as
selected by Licensor and indicated in the title of this License: Attribution,
ShareAlike.
.
2. Fair Use Rights. Nothing in this license is intended to reduce, limit, or
restrict any rights arising from fair use, first sale or other limitations on
the exclusive rights of the copyright owner under copyright law or other
@ -1960,7 +1997,12 @@ License: CC-BY-SA-2.0
a. to reproduce the Work, to incorporate the Work into one or more Collective
Works, and to reproduce the Work as incorporated in the Collective Works;
.
b. to create and reproduce Derivative Works;
b. to create and reproduce Derivative Works provided that any such Derivative
Work, including any translation in any medium, takes reasonable steps to
clearly label, demarcate or otherwise identify that changes were made to the
original Work. For example, a translation could be marked "The original work
was translated from English to Spanish," or a modification could indicate "The
original work has been modified.";
.
c. to distribute copies or phonorecords of, display publicly, perform publicly,
and perform publicly by means of a digital audio transmission the Work
@ -1969,15 +2011,16 @@ License: CC-BY-SA-2.0
d. to distribute copies or phonorecords of, display publicly, perform publicly,
and perform publicly by means of a digital audio transmission Derivative Works.
.
e. For the avoidance of doubt, where the work is a musical composition:
e. For the avoidance of doubt, where the Work is a musical composition:
.
i. Performance Royalties Under Blanket Licenses. Licensor waives the exclusive
right to collect, whether individually or via a performance rights society
(e.g. ASCAP, BMI, SESAC), royalties for the public performance or public
digital performance (e.g. webcast) of the Work.
right to collect, whether individually or, in the event that Licensor is a
member of a performance rights society (e.g. ASCAP, BMI, SESAC), via that
society, royalties for the public performance or public digital performance
(e.g. webcast) of the Work.
.
ii. Mechanical Rights and Statutory Royalties. Licensor waives the exclusive
right to collect, whether individually or via a music rights society or
right to collect, whether individually or via a music rights agency or
designated agent (e.g. Harry Fox Agency), royalties for any phonorecord You
create from the Work ("cover version") and distribute, subject to the
compulsory license created by 17 USC Section 115 of the US Copyright Act (or
@ -1996,7 +2039,7 @@ License: CC-BY-SA-2.0
media and formats. All rights not expressly granted by Licensor are hereby
reserved.
.
4. Restrictions.The license granted in Section 3 above is expressly made
4. Restrictions. The license granted in Section 3 above is expressly made
subject to and limited by the following restrictions:
.
a. You may distribute, publicly display, publicly perform, or publicly
@ -2004,68 +2047,93 @@ License: CC-BY-SA-2.0
include a copy of, or the Uniform Resource Identifier for, this License with
every copy or phonorecord of the Work You distribute, publicly display,
publicly perform, or publicly digitally perform. You may not offer or impose
any terms on the Work that alter or restrict the terms of this License or the
recipients' exercise of the rights granted hereunder. You may not sublicense
the Work. You must keep intact all notices that refer to this License and to
the disclaimer of warranties. You may not distribute, publicly display,
publicly perform, or publicly digitally perform the Work with any technological
measures that control access or use of the Work in a manner inconsistent with
the terms of this License Agreement. The above applies to the Work as
incorporated in a Collective Work, but this does not require the Collective
Work apart from the Work itself to be made subject to the terms of this
License. If You create a Collective Work, upon notice from any Licensor You
must, to the extent practicable, remove from the Collective Work any reference
to such Licensor or the Original Author, as requested. If You create a
Derivative Work, upon notice from any Licensor You must, to the extent
practicable, remove from the Derivative Work any reference to such Licensor or
the Original Author, as requested.
any terms on the Work that restrict the terms of this License or the ability of
a recipient of the Work to exercise of the rights granted to that recipient
under the terms of the License. You may not sublicense the Work. You must keep
intact all notices that refer to this License and to the disclaimer of
warranties. When You distribute, publicly display, publicly perform, or
publicly digitally perform the Work, You may not impose any technological
measures on the Work that restrict the ability of a recipient of the Work from
You to exercise of the rights granted to that recipient under the terms of the
License. This Section 4(a) applies to the Work as incorporated in a Collective
Work, but this does not require the Collective Work apart from the Work itself
to be made subject to the terms of this License. If You create a Collective
Work, upon notice from any Licensor You must, to the extent practicable, remove
from the Collective Work any credit as required by Section 4(c), as requested.
If You create a Derivative Work, upon notice from any Licensor You must, to the
extent practicable, remove from the Derivative Work any credit as required by
Section 4(c), as requested.
.
b. You may distribute, publicly display, publicly perform, or publicly
digitally perform a Derivative Work only under the terms of this License, a
later version of this License with the same License Elements as this License,
or a Creative Commons iCommons license that contains the same License Elements
as this License (e.g. Attribution-ShareAlike 2.0 Japan). You must include a
copy of, or the Uniform Resource Identifier for, this License or other license
specified in the previous sentence with every copy or phonorecord of each
Derivative Work You distribute, publicly display, publicly perform, or publicly
digitally perform. You may not offer or impose any terms on the Derivative
Works that alter or restrict the terms of this License or the recipients'
exercise of the rights granted hereunder, and You must keep intact all notices
that refer to this License and to the disclaimer of warranties. You may not
distribute, publicly display, publicly perform, or publicly digitally perform
the Derivative Work with any technological measures that control access or use
of the Work in a manner inconsistent with the terms of this License Agreement.
The above applies to the Derivative Work as incorporated in a Collective Work,
but this does not require the Collective Work apart from the Derivative Work
itself to be made subject to the terms of this License.
digitally perform a Derivative Work only under: (i) the terms of this License;
(ii) a later version of this License with the same License Elements as this
License; (iii) either the Creative Commons (Unported) license or a Creative
Commons jurisdiction license (either this or a later license version) that
contains the same License Elements as this License (e.g. Attribution-ShareAlike
3.0 (Unported)); (iv) a Creative Commons Compatible License. If you license the
Derivative Work under one of the licenses mentioned in (iv), you must comply
with the terms of that license. If you license the Derivative Work under the
terms of any of the licenses mentioned in (i), (ii) or (iii) (the "Applicable
License"), you must comply with the terms of the Applicable License generally
and with the following provisions: (I) You must include a copy of, or the
Uniform Resource Identifier for, the Applicable License with every copy or
phonorecord of each Derivative Work You distribute, publicly display, publicly
perform, or publicly digitally perform; (II) You may not offer or impose any
terms on the Derivative Works that restrict the terms of the Applicable License
or the ability of a recipient of the Work to exercise the rights granted to
that recipient under the terms of the Applicable License; (III) You must keep
intact all notices that refer to the Applicable License and to the disclaimer
of warranties; and, (IV) when You distribute, publicly display, publicly
perform, or publicly digitally perform the Work, You may not impose any
technological measures on the Derivative Work that restrict the ability of a
recipient of the Derivative Work from You to exercise the rights granted to
that recipient under the terms of the Applicable License. This Section 4(b)
applies to the Derivative Work as incorporated in a Collective Work, but this
does not require the Collective Work apart from the Derivative Work itself to
be made subject to the terms of the Applicable License.
.
c. If you distribute, publicly display, publicly perform, or publicly digitally
perform the Work or any Derivative Works or Collective Works, You must keep
intact all copyright notices for the Work and give the Original Author credit
reasonable to the medium or means You are utilizing by conveying the name (or
pseudonym if applicable) of the Original Author if supplied; the title of the
Work if supplied; to the extent reasonably practicable, the Uniform Resource
Identifier, if any, that Licensor specifies to be associated with the Work,
unless such URI does not refer to the copyright notice or licensing information
for the Work; and in the case of a Derivative Work, a credit identifying the
use of the Work in the Derivative Work (e.g., "French translation of the Work
by Original Author," or "Screenplay based on original Work by Original
Author"). Such credit may be implemented in any reasonable manner; provided,
however, that in the case of a Derivative Work or Collective Work, at a minimum
such credit will appear where any other comparable authorship credit appears
and in a manner at least as prominent as such other comparable authorship
credit.
c. If You distribute, publicly display, publicly perform, or publicly digitally
perform the Work (as defined in Section 1 above) or any Derivative Works (as
defined in Section 1 above) or Collective Works (as defined in Section 1
above), You must, unless a request has been made pursuant to Section 4(a), keep
intact all copyright notices for the Work and provide, reasonable to the medium
or means You are utilizing: (i) the name of the Original Author (or pseudonym,
if applicable) if supplied, and/or (ii) if the Original Author and/or Licensor
designate another party or parties (e.g. a sponsor institute, publishing
entity, journal) for attribution ("Attribution Parties") in Licensor's
copyright notice, terms of service or by other reasonable means, the name of
such party or parties; the title of the Work if supplied; to the extent
reasonably practicable, the Uniform Resource Identifier, if any, that Licensor
specifies to be associated with the Work, unless such URI does not refer to the
copyright notice or licensing information for the Work; and, consistent with
Section 3(b) in the case of a Derivative Work, a credit identifying the use of
the Work in the Derivative Work (e.g., "French translation of the Work by
Original Author," or "Screenplay based on original Work by Original Author").
The credit required by this Section 4(c) may be implemented in any reasonable
manner; provided, however, that in the case of a Derivative Work or Collective
Work, at a minimum such credit will appear, if a credit for all contributing
authors of the Derivative Work or Collective Work appears, then as part of
these credits and in a manner at least as prominent as the credits for the
other contributing authors. For the avoidance of doubt, You may only use the
credit required by this Section for the purpose of attribution in the manner
set out above and, by exercising Your rights under this License, You may not
implicitly or explicitly assert or imply any connection with, sponsorship or
endorsement by the Original Author, Licensor and/or Attribution Parties, as
appropriate, of You or Your use of the Work, without the separate, express
prior written permission of the Original Author, Licensor and/or Attribution
Parties.
.
5. Representations, Warranties and Disclaimer
.
UNLESS OTHERWISE AGREED TO BY THE PARTIES IN WRITING, LICENSOR OFFERS THE WORK
AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE
MATERIALS, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT
LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, FITNESS FOR A PARTICULAR
PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY,
OR THE PRESENCE OF ABSENCE OF ERRORS, WHETHER OR NOT DISCOVERABLE. SOME
JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO SUCH
EXCLUSION MAY NOT APPLY TO YOU.
UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR OFFERS
THE WORK AS-IS AND ONLY TO THE EXTENT OF ANY RIGHTS HELD IN THE LICENSED WORK
BY THE LICENSOR. THE LICENSOR MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY
KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING,
WITHOUT LIMITATION, WARRANTIES OF TITLE, MARKETABILITY, MERCHANTIBILITY,
FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF LATENT OR
OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, WHETHER OR NOT
DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED
WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU.
.
6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN
NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL,
@ -2093,9 +2161,10 @@ License: CC-BY-SA-2.0
.
8. Miscellaneous
.
a. Each time You distribute or publicly digitally perform the Work or a
Collective Work, the Licensor offers to the recipient a license to the Work on
the same terms and conditions as the license granted to You under this License.
a. Each time You distribute or publicly digitally perform the Work (as defined
in Section 1 above) or a Collective Work (as defined in Section 1 above), the
Licensor offers to the recipient a license to the Work on the same terms and
conditions as the license granted to You under this License.
.
b. Each time You distribute or publicly digitally perform a Derivative Work,
Licensor offers to the recipient a license to the original Work on the same
@ -2118,6 +2187,8 @@ License: CC-BY-SA-2.0
You. This License may not be modified without the mutual written agreement of
the Licensor and You.
.
Creative Commons Notice
.
Creative Commons is not a party to this License, and makes no warranty
whatsoever in connection with the Work. Creative Commons will not be liable to
You or any party on any legal theory for any damages whatsoever, including
@ -2127,12 +2198,13 @@ License: CC-BY-SA-2.0
hereunder, it shall have all rights and obligations of Licensor.
.
Except for the limited purpose of indicating to the public that the Work is
licensed under the CCPL, neither party will use the trademark "Creative
Commons" or any related trademark or logo of Creative Commons without the prior
written consent of Creative Commons. Any permitted use will be in compliance
with Creative Commons' then-current trademark usage guidelines, as may be
published on its website or otherwise made available upon request from time to
time.
licensed under the CCPL, Creative Commons does not authorize the use by either
party of the trademark "Creative Commons" or any related trademark or logo of
Creative Commons without the prior written consent of Creative Commons. Any
permitted use will be in compliance with Creative Commons' then-current
trademark usage guidelines, as may be published on its website or otherwise
made available upon request from time to time. For the avoidance of doubt, this
trademark restriction does not form part of this License.
.
Creative Commons may be contacted at https://creativecommons.org/.
@ -2616,6 +2688,22 @@ License: LGPL-2.1+
On Debian systems, the complete text of the Lesser GNU General
Public License version 2.1 can be found in "/usr/share/common-licenses/LGPL-2.1".
License: LGPL-3
This package is free software; you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as published
by the Free Software Foundation; version 3.
.
This package is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>
.
On Debian systems, the complete text of the Lesser GNU General
Public License version 3 can be found in "/usr/share/common-licenses/LGPL-3".
License: LGPL-3+
This package is free software; you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as published

1
debian/freedombox.maintscript vendored
View File

@ -12,3 +12,4 @@ rm_conffile /etc/plinth/modules-enabled/repro 20.1~
rm_conffile /etc/apt/preferences.d/50freedombox3.pref 20.5~
rm_conffile /etc/plinth/plinth.config 20.12~
rm_conffile /etc/plinth/custom-shortcuts.json 20.12~
rm_conffile /etc/plinth/modules-enabled/coquelicot 20.14~

5
debian/freedombox.postinst vendored
View File

@ -5,9 +5,6 @@ set -e
# Source debconf library.
. /usr/share/debconf/confmodule
daemonuser=plinth
daemongroup=plinth
# Due to a change in sudo, now it runs PAM modules even on password-less
# invocations. This leads to plinth not being able to run root privileges. This
# is because of our own restrictions in /etc/security/access.conf. Since Plinth
@ -29,7 +26,7 @@ case "$1" in
if [ ! -e '/var/lib/freedombox/is-freedombox-disk-image' ]; then
umask 377
cat /dev/urandom | base64 | head -c16 > /var/lib/plinth/firstboot-wizard-secret
base64 < /dev/urandom | head -c 16 | sed -e 's+$+\n+' > /var/lib/plinth/firstboot-wizard-secret
chown plinth:plinth /var/lib/plinth/firstboot-wizard-secret
db_subst plinth/firstboot_wizard_secret secret $(cat /var/lib/plinth/firstboot-wizard-secret)
db_input high plinth/firstboot_wizard_secret || true

3
debian/gbp.conf vendored Normal file
View File

@ -0,0 +1,3 @@
[dch]
git-log = --no-merges
multimaint-merge = True

1
debian/source/lintian-overrides vendored
View File

@ -1 +0,0 @@
plinth source: source-contains-unsafe-symlink static/themes/default/lato/Lato-Regular.ttf

6
debian/tests/control vendored
View File

@ -9,3 +9,9 @@
#
Test-Command: plinth --list-modules 2> /dev/null
Restrictions: needs-root
#
# Run unit and integration tests on installed files.
#
Test-Command: PYTHONPATH='/usr/lib/python3/dist-packages/plinth/' py.test-3 -p no:cacheprovider
Depends: git, python3-pytest, python3-pytest-django, @

49
doc/Makefile
View File

@ -7,7 +7,7 @@ MANUAL_LANGUAGES=en es
MANUAL_URL="https://wiki.debian.org/{lang-fragment}FreedomBox/Manual?action=show&mimetype=text%2Fdocbook"
MANUAL_URL_RAW="https://wiki.debian.org/{lang-fragment}FreedomBox/Manual?action=raw"
MANUAL_PAGE_URL="https://wiki.debian.org/{lang-fragment}FreedomBox/Manual/{page}?action=show&mimetype=text%2Fdocbook"
MANUAL_PAGE_URL_RAW="https://wiki.debian.org/{page}?action=raw"
DESTDIR=
INSTALL_DIR=$(DESTDIR)/usr/share/freedombox
@ -67,34 +67,36 @@ fetch: $(fetch-main-list) $(fetch-pages-list)
fetch-main-%: lang = $*
fetch-main-%: lang-fragment = $(subst en/,,$*/)
$(fetch-main-list): fetch-main-%:
MANUAL_URL_RAW_LANG=$(subst {lang-fragment},$(lang-fragment),$(MANUAL_URL_RAW)) ; \
wget --quiet --user-agent=Firefox \
-O manual/$(lang)/freedombox-manual.raw.wiki $${MANUAL_URL_RAW_LANG}
MANUAL_URL_LANG=$(subst {lang-fragment},$(lang-fragment),$(MANUAL_URL)) ; \
wget --quiet -O - $${MANUAL_URL_LANG} | \
wget --quiet --user-agent=Firefox -O - $${MANUAL_URL_LANG} | \
xmllint --format --output manual/$(lang)/freedombox-manual.raw.xml -
mkdir -p manual/$(lang)/images/
xsltproc $(SCRIPTS_DIR)/fetch-images.xslt manual/$(lang)/freedombox-manual.raw.xml | \
sort -u | \
awk 'NF {print "wget --quiet -O manual/$(lang)/images/" $$1 " " $$2}' | \
sh
rm manual/$(lang)/freedombox-manual.raw.xml
fetch-pages-%: lang = $*
fetch-pages-%: lang-fragment = $(subst en/,,$*/)
$(fetch-pages-list): fetch-pages-%:
MANUAL_URL_LANG=$(subst {lang-fragment},$(lang-fragment),$(MANUAL_URL_RAW)) ; \
MANUAL_PAGE_URL_LANG=$(subst {lang-fragment},$(lang-fragment),$(MANUAL_PAGE_URL)) ; \
PAGES=$$(wget --quiet -U Firefox -O - $${MANUAL_URL_LANG} | \
sed -n -e "s|.*FreedomBox/Manual/\([a-zA-Z0-9_-]*\).*|\1|p" | sort -u | \
grep -v -e GettingHelp -e Developer -e QuickStart) ; \
PAGES=$$(wget --quiet --user-agent=Firefox -O - $${MANUAL_URL_LANG} | \
sed -n -e "s|.*<<Include(\([a-zA-Z0-9_/+-]*\),.*|\1|p" | sort -u) ; \
for PAGE in $${PAGES} ; do \
FILE="manual/$(lang)/$${PAGE}.raw.xml" ; \
URL=$$(echo $${MANUAL_PAGE_URL_LANG} | sed "s/{page}/$${PAGE}/") ; \
PAGE_NAME=$$(basename $${PAGE}) ; \
echo "Downloading $(lang) $${PAGE}" ; \
wget --quiet --user-agent=Firefox -O $${FILE} $${URL} ; \
RAW_FILE="manual/$(lang)/$${PAGE_NAME}.raw.wiki" ; \
RAW_URL=$$(echo $(MANUAL_PAGE_URL_RAW) | sed "s|{page}|$${PAGE}|") ; \
wget --quiet --user-agent=Firefox -O $${RAW_FILE} $${RAW_URL} ; \
done
manual-pages-raw:=$(foreach lang,$(MANUAL_LANGUAGES),$(filter-out manual/%/freedombox-manual.raw.xml,$(wildcard manual/$(lang)/*.raw.xml)))
manual-pages-part-html:=$(patsubst %.raw.xml, %.part.html, $(manual-pages-raw)) $(foreach lang,$(MANUAL_LANGUAGES),manual/$(lang)/freedombox-manual.part.html)
manual-pages-html:=$(patsubst %.part.html, %.html, $(manual-pages-part-html))
manual-pages-xml:=$(patsubst %.raw.xml, %.xml, $(manual-pages-raw))
manual-pages-raw-wiki:=$(foreach lang,$(MANUAL_LANGUAGES),$(filter-out manual/%/freedombox-manual.raw.wiki,$(wildcard manual/$(lang)/*.raw.wiki)))
manual-pages-part-html:=$(patsubst %.raw.wiki, %.part.html, $(manual-pages-raw-wiki)) $(foreach lang,$(MANUAL_LANGUAGES),manual/$(lang)/freedombox-manual.part.html)
manual-pages-xml:=$(patsubst %.raw.wiki, %.xml, $(manual-pages-raw-wiki))
.PHONY: manual-pages
manual-pages: $(manual-pages-part-html)
@ -102,25 +104,18 @@ manual-pages: $(manual-pages-part-html)
$(manual-pdfs): %.pdf: %.xml
xmlto $(XMLTO_DEBUG_FLAGS) --with-dblatex pdf -o $(dir $@) $<
$(manual-pages-part-html): %.part.html: %.html
perl -pe 'BEGIN {undef $$/} s/.*<body[^>]*>(.*)<\/body\s*>.*/$$1/si' $< > $@
$(manual-pages-part-html): %.part.html: %.xml
xsltproc /usr/share/xml/docbook/stylesheet/docbook-xsl/xhtml5/docbook.xsl $< | \
perl -pe 'BEGIN {undef $$/} s/.*<body[^>]*>(.*)<\/body\s*>.*/$$1/si' > $@
@rm -f $(dir $@)docbook.css
$(manual-xmls): %.xml: %.raw.xml $(SCRIPTS_DIR)/fixes.xslt
xsltproc --output $@ $(SCRIPTS_DIR)/fixes.xslt $<
$(manual-pages-xml): %.xml: %.raw.xml $(SCRIPTS_DIR)/manual-page-fixes.xslt
xsltproc --output $@ $(SCRIPTS_DIR)/manual-page-fixes.xslt $<
$(SCRIPTS_DIR)/post-processor remove-footer $@
$(SCRIPTS_DIR)/post-processor fix-wiki-urls $@
$(manual-pages-html): %.html: %.xml
xsltproc --output $@ /usr/share/xml/docbook/stylesheet/docbook-xsl/xhtml5/docbook.xsl $<
rm -f $(dir $@)docbook.css
$(manual-xmls) $(manual-pages-xml): %.xml: %.raw.wiki $(SCRIPTS_DIR)/wikiparser.py
$(SCRIPTS_DIR)/wikiparser.py $< | xmllint --format - > $@
%.1: %.xml
xmlto man $<
.PHONY: clean
clean:
rm -f $(manual-pages-html) $(manual-pages-part-html) $(manual-pages-xml) $(manual-xmls)
rm -f $(manual-pages-part-html) $(manual-pages-xml) $(manual-xmls)
rm -f $(OUTPUTS)

76
doc/manual/en/A20-OLinuXino-Lime2.raw.wiki Normal file
View File

@ -0,0 +1,76 @@
== A20 OLinuXino Lime2 ==
{{attachment:a20-olinuxino-lime2.jpg|A20 OLinuXino Lime2|width=640,height=432}}
Olimex's [[https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXIno-LIME2/open-source-hardware|A20 OLinuXino Lime2]] is a fully Open Source Hardware (OSHW) single board computer. This means that the designer is actively helping people using the platform for their own designs, and supports them in adding hardware functionality and production advice. This is a part of freedom that is often overlooked, but very much aligned with the !FreedomBox goals. It uses the Allwinner A20 Dual Core ARM processor.
'''Important:''' Read [[FreedomBox/Hardware|general advice]] about hardware before building a !FreedomBox with this single board computer.
=== Similar Hardware ===
The following similar hardware will also work well with !FreedomBox.
* Olimex's [[https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXIno-LIME2-4GB/open-source-hardware|A20 OLinuXino Lime2 4GB]]. This hardware merely has extra 4GB NAND storage that is not used by !FreedomBox.
=== Download ===
!FreedomBox SD card [[FreedomBox/Download|images]] are available for this device. Follow the instructions on the [[FreedomBox/Download|download]] page to create a !FreedomBox SD card and boot the device. These SD card images are meant for use with the on-board SD card slot and won't work when used with a separate SD card reader connected via USB.
An alternative to downloading these images is to [[InstallingDebianOn/Allwinner|install Debian]] on the device and then [[FreedomBox/Hardware/Debian|install FreedomBox]] on it.
=== Availability ===
* Price: 45 EUR (A20 OLinuXino Lime2)
* Price: 55 EUR (A20 OLinuXino Lime2 4GB)
* [[https://www.olimex.com/Products/OLinuXino/A20/open-source-hardware|Olimex Store]]
=== Hardware ===
* Open Source Hardware (OSHW): [[https://github.com/OLIMEX/OLINUXINO/tree/master/HARDWARE|Yes]]
* CPU: Allwinner A20, ARM Cortex-A7 @ 1GHz dual-core
* RAM: 1 GiB DDR3
* Storage: 4 GB NAND flash built-in (only on 4GB model), 1x microSD slot
* Architecture: armhf
* Ethernet: 10/100/1000, RJ45
* !WiFi: None, use a [[FreedomBox/Hardware/USBWiFi|USB WiFi device]]
* SATA: 1x port
=== Non-Free Status ===
* Non-free blobs required: No
* !WiFi: Not available
* Boot Firmware: [[https://linux-sunxi.org/BROM|BROM]] (GPLV2+)
=== Known Issues ===
* Revision C hardware has [[DebianBug:845128|poor performance when receiving Ethernet data in Gigabit mode]]. To workaround the problem, you can switch to 100 Mbps mode instead of Gigabit mode. Login to your !FreedomBox as root (or plugin the SD card into another computer) and create the file /etc/NetworkManager/dispatcher.d/20-fix-ethernet-problem with the following contents:
{{{
#!/bin/bash
set -e # Exit with code on error
IFACE="$1"
ACTION="$2"
if [[ "$IFACE" != "eth0" ]]; then
exit 0
fi
case ${ACTION} in
up)
logger "Setting up $IFACE in 100Mbps mode"
mii-tool eth0 -A 100BaseTx-FD
;;
*)
;;
esac
}}}
* Revision G2 hardware has [[DebianBug:927397|poor performance when transmitting Ethernet data in Gigabit mode]]. Download and use the [[https://ftp.freedombox.org/pub/freedombox/pioneer/|Pioneer Edition image]] to fix the issue. It contains a slightly [[https://salsa.debian.org/freedombox-team/u-boot/commit/2cb18893ef|modified u-boot]]. The above workaround to put the Ethernet into 100 Mbps mode also fixes this issue.
* Revision K hardware is [[https://salsa.debian.org/freedombox-team/freedom-maker/issues/148|not working properly]].
## END_INCLUDE
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

54
doc/manual/en/A20-OLinuXino-MICRO.raw.wiki Normal file
View File

@ -0,0 +1,54 @@
== A20 OLinuXino MICRO ==
{{attachment:a20-olinuxino-micro.jpg|A20 OLinuXino MICRO|width=640,height=359}}
Olimex's [[https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXIno-MICRO/open-source-hardware|A20 OLinuXino MICRO]] is a fully Open Source Hardware (OSHW) single board computer. This means that the designer is actively helping people using the platform for their own designs, and supports them in adding hardware functionality and production advice. This is a part of freedom that is often overlooked, but very much aligned with the !FreedomBox goals. It uses the Allwinner A20 Dual Core ARM processor.
'''Important:''' Read [[FreedomBox/Hardware|general advice]] about hardware before building a !FreedomBox with this single board computer.
=== Similar Hardware ===
The following similar hardware will also work well with !FreedomBox.
* Olimex's [[https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXIno-MICRO-4GB/open-source-hardware|A20 OLinuXino MICRO 4GB]]. This hardware merely has extra 4GB NAND storage that is not used by !FreedomBox.
=== Download ===
!FreedomBox MicroSD card [[FreedomBox/Download|images]] are available for this device. Follow the instructions on the [[FreedomBox/Download|download]] page to create a !FreedomBox MicroSD card and boot the device. These MicroSD card images are meant for use with the on-board MicroSD card slot and won't work on the SD card slot or when using a separate MicroSD card reader connected via USB.
An alternative to downloading these images is to [[InstallingDebianOn/Allwinner|install Debian]] on the device and then [[FreedomBox/Hardware/Debian|install FreedomBox]] on it.
=== Availability ===
* Price: 50 EUR (A20 OLinuXino MICRO)
* Price: 63 EUR (A20 OLinuXino MICRO 4GB)
* [[https://www.olimex.com/Products/OLinuXino/A20/open-source-hardware|Olimex Store]]
=== Hardware ===
* Open Source Hardware (OSHW): [[https://github.com/OLIMEX/OLINUXINO/tree/master/HARDWARE|Yes]]
* CPU: Allwinner A20, ARM Cortex-A7 @ 1GHz dual-core
* RAM: 1 GiB DDR3
* Storage: 4 GB NAND flash built-in (only on 4GB model), 1x microSD slot
* Architecture: armhf
* Ethernet: 10/100, RJ45
* !WiFi: None, use a [[FreedomBox/Hardware/USBWiFi|USB WiFi device]]
* SATA: 1x port
=== Non-Free Status ===
* Non-free blobs required: No
* !WiFi: Not available
* Boot Firmware: [[https://linux-sunxi.org/BROM|BROM]] (GPLV2+)
=== Known Issues ===
* Not visible on local network
* When booting the 'stable' image (made on 2017-06-18) the board does not automatically get an IP address from the router's DHCP server over ethernet. Booting the 'testing' image (2018-06) the board does get an IP address. Tested on MICRO hardware revision J. see also: [[https://www.olimex.com/forum/index.php?topic=5839.msg24167#msg24167]]
## END_INCLUDE
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

75
doc/manual/en/APU.raw.wiki Normal file
View File

@ -0,0 +1,75 @@
== APU ==
{{attachment:apu1d.jpg|PC Engines APU 1D|width=632,height=319}}
[[http://www.pcengines.ch/apu1d.htm|PC Engines APU 1D]] is a single board computer with 3 Gigabit ethernet ports, a powerful AMD APU and Coreboot firmware. !FreedomBox images built for AMD64 machines are tested to work well for it.
'''Important:''' Read [[FreedomBox/Hardware|general advice]] about hardware before building a !FreedomBox with this single board computer.
=== Similar Hardware ===
Although untested, the following similar hardware is also likely to work well with !FreedomBox.
* Using amd64 image:
* [[http://www.pcengines.ch/apu1c.htm|apu1c]]
* [[http://www.pcengines.ch/apu1c4.htm|apu1c4]]
* [[http://www.pcengines.ch/apu1d4.htm|apu1d4]]
* [[http://www.pcengines.ch/apu2b2.htm|apu2b2]]
* [[http://www.pcengines.ch/apu2b4.htm|apu2b4]]
* [[http://www.pcengines.ch/apu2c0.htm|apu2c0]]
* [[http://www.pcengines.ch/apu2c2.htm|apu2c2]]
* [[http://www.pcengines.ch/apu2c4.htm|apu2c4]]
* [[http://www.pcengines.ch/apu3a2.htm|apu3a2]]
* [[http://www.pcengines.ch/apu3a4.htm|apu3a4]]
* [[http://www.pcengines.ch/apu3b2.htm|apu3b2]]
* [[http://www.pcengines.ch/apu3b4.htm|apu3b4]]
* Using i386 image:
* [[http://www.pcengines.ch/alix1d.htm|alix1d]]
* [[http://www.pcengines.ch/alix1e.htm|alix1e]]
* [[http://www.pcengines.ch/alix2d2.htm|alix2d2]]
* [[http://www.pcengines.ch/alix2d3.htm|alix2d3]]
* [[http://www.pcengines.ch/alix2d13.htm|alix2d13]]
* [[http://www.pcengines.ch/alix3d2.htm|alix3d2]]
* [[http://www.pcengines.ch/alix3d3.htm|alix3d3]]
* [[http://www.pcengines.ch/alix6f2.htm|alix6f2]]
=== Download ===
!FreedomBox disk [[FreedomBox/Download|images]] for this hardware are available. Follow the instructions on the [[FreedomBox/Download|download]] page to create a !FreedomBox SD card, USB disk, SSD or hard drive and boot into !FreedomBox. Pick the image meant for all amd64 machines.
An alternative to downloading these images is to [[InstallingDebianOn/Alix3d2|install Debian]] on the APU and then [[FreedomBox/Hardware/Debian|install FreedomBox]] on it.
=== Networking ===
The first network port, the left most one in the above picture, is configured by !FreedomBox to be an upstream Internet link and the remaining 2 ports are configured for local computers to connect to.
=== Availability ===
* Price: 110 - 170 USD (depending on the board and supplier)
* [[http://www.pcengines.ch/order.htm|PC Engines]]
* [[http://www.pcengines.ch/order.htm|Full list of suppliers]]
=== Hardware ===
* Open Hardware: No
* CPU: [[http://www.amd.com/en-gb/products/embedded/processors/g-series|AMD G series T40E]]
* RAM: 2 GB DDR3-1066 DRAM
* Storage: SD card, External USB
* Architecture: amd64
* Ethernet: 3 Gigabit Ethernet ports
* !WiFi: None, use a [[FreedomBox/Hardware/USBWiFi|USB WiFi device]]
* SATA: 1 m-SATA and 1 SATA
=== Non-Free Status ===
* Non-free blobs required: No
* !WiFi: Not available
* Boot firmware: [[http://www.pcengines.ch/apu1d.htm|Coreboot]]
## END_INCLUDE
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

48
doc/manual/en/Apache_userdir.raw.wiki Normal file
View File

@ -0,0 +1,48 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/Apache_userdir|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== User Websites ==
=== What is User websites? ===
User websites is a module of the Apache webserver enabled to allow users defined in the !FreedomBox system to expose a set of static files on the !FreedomBox filesystem as a website to the local network and/or the internet according to the network and firewall setup.
||||<tablestyle="border:1px solid black;width: 80%">'''Application basics'''||
||Category|| File sharing ||
||Available since version || 0.9.4||
||Upstream project website || https://httpd.apache.org/docs/2.4/mod/mod_userdir.html||
||Upstream end user documentation || https://httpd.apache.org/docs/2.4/howto/public_html.html||
=== Screenshot ===
/* Add when/if an interface is made for FreedomBox */
=== Using User websites ===
The module is always enabled and offers no configuration from the !FreedomBox web interface. There is no configuration or status page shown for this module in the !FreedomBox web interface.
To serve documents, place the files in the designated directory in a !FreedomBox user's home directory in the filesystem.
This directory is: '''public_html'''
Thus the absolute path for the directory of a user named fbx with home directory in /home/fbx will be '''/home/fbx/public_html'''.
User websites will serve documents placed in this directory when requests for documents with the URI path "~fbx" are received. For the the example.org domain thus a request for the document example.org/~fbx/index.html will transfer the file in /home/fbx/public_html/index.html.
=== Using SFTP to create public_html and upload documents ===
/* To be written */
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

1
doc/manual/en/Apache_userdir.raw.xml
View File

File diff suppressed because one or more lines are too long

100
doc/manual/en/Backups.raw.wiki Normal file
View File

@ -0,0 +1,100 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/Backups|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== Backups ==
!FreedomBox includes the ability to backup and restore data, preferences, configuration and secrets from most of the applications. The Backups feature is built using Borg backup software. Borg is a deduplicating and compressing backup program. It is designed for efficient and secure backups. This backups feature can be used to selectively backup and restore data on an app-by-app basis. Backed up data can be stored on the !FreedomBox machine itself or on a remote server. Any remote server providing SSH access can be used as a backup storage repository for !FreedomBox backups. Data stored remotely may be encrypted and in such cases remote server cannot access your decrypted data.
=== Status of Backups Feature ===
|| '''App/Feature''' || '''Support in Version''' || '''Notes''' ||
|| Avahi || - || no backup needed ||
|| Backups || - || no backup needed ||
|| Bind || 0.41 || ||
|| Cockpit || - || no backup needed ||
|| Datetime || 0.41 || ||
|| Deluge || 0.41 || does not include downloaded/seeding files ||
|| Diagnostics || - || no backup needed ||
|| Dynamic DNS || 0.39 || ||
|| ejabberd || 0.39 || includes all data and configuration ||
|| Firewall || - || no backup needed ||
|| ikiwiki || 0.39 || includes all wikis/blogs and their content ||
|| infinoted || 0.39 || includes all data and keys ||
|| JSXC || - || no backup needed ||
|| Let's Encrypt || 0.42 || ||
|| Matrix Synapse || 0.39 || includes media and uploads ||
|| !MediaWiki || 0.39 || includes wiki pages and uploaded files ||
|| Minetest || 0.39 || ||
|| MLDonkey || 19.0 || ||
|| Monkeysphere || 0.42 || ||
|| Mumble || 0.40 || ||
|| Names || - || no backup needed ||
|| Networks || No || No plans currently to implement backup ||
|| OpenVPN || 0.48 || includes all user and server keys ||
|| Pagekite || 0.40 || ||
|| Power || - || no backup needed ||
|| Privoxy || - || no backup needed ||
|| Quassel || 0.40 || includes users and logs ||
|| Radicale || 0.39 || includes calendar and cards data for all users ||
|| Roundcube || - || no backup needed ||
|| SearX || - || no backup needed ||
|| Secure Shell (SSH) Server || 0.41 || includes host keys ||
|| Security || 0.41 || ||
|| Shadowsocks || 0.40 || only secrets ||
|| Sharing || 0.40 || does not include the data in the shared folders ||
|| Snapshot || 0.41 || only configuration, does not include snapshot data ||
|| Storage || - || no backup needed ||
|| Syncthing || 0.48 || does not include data in the shared folders ||
|| Tahoe-LAFS || 0.42 || includes all data and configuration ||
|| Tiny Tiny RSS || 19.2 || includes database containing feeds, stories, etc. ||
|| Tor || 0.42 || includes configuration and secrets such as onion service keys ||
|| Transmission || 0.40 || does not include downloaded/seeding files ||
|| Upgrades || 0.42 || ||
|| Users || No || No plans currently to implement backup ||
=== How to install and use Backups ===
'''Step 1'''
{{attachment:Backups_Step1_v49.png|Backups: Step 1|width=800}}
'''Step 2'''
{{attachment:Backups_Step2_v49.png|Backups: Step 2|width=800}}
'''Step 3'''
{{attachment:Backups_Step3_v49.png|Backups: Step 3|width=800}}
'''Step 4'''
{{attachment:Backups_Step4_v49.png|Backups: Step 4|width=800}}
'''Step 5'''
{{attachment:Backups_Step5_v49.png|Backups: Step 5|width=800}}
'''Step 6'''
{{attachment:Backups_Step6_v49.png|Backups: Step 6|width=800}}
'''Step 7'''
{{attachment:Backups_Step7_v49.png|Backups: Step 7|width=800}}
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

1
doc/manual/en/Backups.raw.xml
View File

File diff suppressed because one or more lines are too long

37
doc/manual/en/BananaPro.raw.wiki Normal file
View File

@ -0,0 +1,37 @@
== Banana Pro ==
{{attachment:banana-pro.jpg|Banana Pro|width=640}}
[[http://www.lemaker.org|LeMaker]] Banana Pro is an updated version of its predecessor Banana Pi.
'''Important:''' Read [[FreedomBox/Hardware|general advice]] about hardware before building a !FreedomBox with this single board computer.
=== Download ===
!FreedomBox SD card [[FreedomBox/Download|images]] for this hardware are available. Follow the instructions on the [[FreedomBox/Download|download]] page to create a !FreedomBox SD card and boot into !FreedomBox. Pick the image meant for Banana Pro.
An alternative to downloading these images is to [[InstallingDebianOn/Allwinner|install Debian]] on the device and then [[FreedomBox/Hardware/Debian|install FreedomBox]] on it.
=== Hardware ===
* Open Source Hardware (OSHW): No
* CPU: Allwinner A20, Dual-core ARM Cortex A7 processor
* RAM: 3 variants - 1 GB
* Storage: SD card
* Architecture: armhf
* Ethernet: 10/100/1000 Mbps
* Battery: No
* !WiFi: WiFi 802.11 b/g/n 2.4GHz (not tested with !FreedomBox)
* SATA: SATA 2.0 (2.5 inch SSD or HDD recommended)
=== Non-Free Status ===
* Non-free blobs required: No
* !WiFi: Unknown
## END_INCLUDE
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

46
doc/manual/en/BeagleBone.raw.wiki Normal file
View File

@ -0,0 +1,46 @@
== Beagle Bone Black ==
{{attachment:beagleboard.jpg|Beagle Bone Black|width=632,height=421}}
[[https://beagleboard.org/black|Beagle Bone Black]] (Revision C.1) is an Open Source Hardware (OSHW) single board computer. This means that the designer is actively helping people using the platform for their own designs, and supports them in adding hardware functionality and production advice. This is a part of freedom that is often overlooked, but very much aligned with the !FreedomBox goals. !FreedomBox images are built and tested for this device.
'''Important:''' Read [[FreedomBox/Hardware|general advice]] about hardware before building a !FreedomBox with this single board computer.
=== Download ===
!FreedomBox SD card [[FreedomBox/Download|images]] are available for this device. Follow the instructions on the [[FreedomBox/Download|download]] page to create a !FreedomBox SD card and boot the device.
Note: This image is for !BeagleBone Black (Revision C.1) only. It will not work on the !BeagleBone Green, and also not on the Revisions A&B. If you have such a device and would like to help getting !FreedomBox to run on it, contact us!
An alternative to downloading these images is to [[InstallingDebianOn/TI/BeagleBone|install Debian]] on the !BeagleBone and then [[FreedomBox/Hardware/Debian|install FreedomBox]] on it.
=== Availability ===
* Price: ~ 59 USD (50 EUR)
* [[http://dk.mouser.com/access/?pn=595-BB-BBLK-000|Mouser Electronics]]
* [[https://beagleboard.org/black|Full list of suppliers]]
=== Hardware ===
* Open Source Hardware (OSHW): [[http://elinux.org/Beagleboard:BeagleBoneBlack|Yes]]
* CPU: [[http://www.ti.com/product/am3358|AM335x 1GHz ARM Cortex-A8]]
* RAM: 512MB DDR3L 800 Mhz
* Storage: Onboard 4GB, 8bit Embedded MMC and microSD
* Architecture: armhf
* Ethernet: 10/100, RJ45
* !WiFi: None, use a [[FreedomBox/Hardware/USBWiFi|USB WiFi device]]
* SATA: None
=== Non-Free Status ===
* Non-free blobs required: No
* !WiFi: Not available
## END_INCLUDE
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox
Beagle Bone Black image is licensed under a Creative Commons Attribution-!ShareAlike 3.0 Unported License by [[http://elinux.org/File:REV_A5A.jpg|Circuitco]].

23
doc/manual/en/Bind.raw.wiki Normal file
View File

@ -0,0 +1,23 @@
~-[[DebianWiki/EditorGuide#translation|Translation(s)]]: - English - [[es/FreedomBox/Manual/Bind|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== BIND (Domain Name Server) ==
BIND enables you to publish your Domain Name System (DNS) information on the Internet, and to resolve DNS queries for your user devices on your network.
Currently, on !FreedomBox, BIND is only used to resolve DNS queries for other machines on local network. It is also incompatible with sharing Internet connection from !FreedomBox.
Note: This service is available only on networks configured as "internal" zone. It is not available when connected via OpenVPN.
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

1
doc/manual/en/Bind.raw.xml
View File

File diff suppressed because one or more lines are too long

130
doc/manual/en/Cockpit.raw.wiki Normal file
View File

@ -0,0 +1,130 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[FreedomBox/Manual/Cockpit|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== Cockpit (Server Administration) ==
Cockpit is a server manager that makes it easy to administer GNU/Linux servers via a web browser. On a !FreedomBox, controls are available for many advanced functions that are not usually required. A web based terminal for console operations is also available.
It can be accessed by any user on your !FreedomBox belonging to the admin group. Cockpit is only usable when you have proper domain name setup for your !FreedomBox and you use that domain name to access Cockpit. See the Troubleshooting section for more information.
{{{#!wiki caution
Use cockpit only if you are an administrator of GNU/Linux systems with advanced skills. !FreedomBox tries to coexist with changes to system by system administrators and system administration tools like Cockpit. However, improper changes to the system might causes failures in !FreedomBox functions.
}}}
=== Using Cockpit ===
Install Cockpit like any other application on !FreedomBox. Make sure that Cockpit is enabled after that.
{{attachment:cockpit-enable.png}}
Ensure that the user account on !FreedomBox that will used for Cockpit is part of the administrators group.
{{attachment:cockpit-admin-user.png}}
Launch the Cockpit web interface. Login using the configured user account.
{{attachment:cockpit-login.png}}
Start using cockpit.
{{attachment:cockpit-system.png}}
Cockpit is usable on mobile interfaces too.
{{attachment:cockpit-mobile.png}}
=== Features ===
The following features of Cockpit may be useful for advanced !FreedomBox users.
==== System Dashboard ====
Cockpit has a system dashboard that
* Shows detailed hardware information
* Shows basic performance metrics of a system
* Allows changing system time and timezone
* Allows changing hostname. Please use !FreedomBox UI to do this
* Shows SSH server fingerprints
{{attachment:cockpit-system.png}}
==== Viewing System Logs ====
Cockpit allows querying system logs and examining them in full detail.
{{attachment:cockpit-logs.png}}
==== Managing Storage ====
Cockpit allows following advanced storage functions:
* View full disk information
* Editing disk partitions
* RAID management
{{attachment:cockpit-storage1.png}}
{{attachment:cockpit-storage2.png}}
==== Networking ====
Cockpit and !FreedomBox both rely on !NetworkManager to configure the network. However, Cockpit offers some advanced configuration not available on !FreedomBox:
* Route configuration
* Configure Bonds, Bridges, VLANs
{{attachment:cockpit-network1.png}}
{{attachment:cockpit-network2.png}}
{{attachment:cockpit-network3.png}}
==== Services ====
Cockpit allows management of services and periodic jobs (similar to cron).
{{attachment:cockpit-services1.png}}
{{attachment:cockpit-services2.png}}
==== Web Terminal ====
Cockpit offers a web based terminal that can be used perform manual system administration tasks.
{{attachment:cockpit-terminal.png}}
=== Troubleshooting ===
Cockpit requires a domain name to be properly setup on your !FreedomBox and will only work when you access it using a URL with that domain name. Cockpit will not work when using IP address in the URL. Using ''freedombox.local'' as the domain name also does not work. For example, the following URLs will not work:
{{{
https://192.168.0.10/_cockpit/
https://freedombox.local/_cockpit/
}}}
Starting with !FreedomBox version 19.15, using ''.local'' domain works. You can access Cockpit using the URL https://freedombox.local/_cockpit/. The ''.local'' domain is based on your hostname. If your hostname is ''mybox'', your ''.local'' domain name will be ''mybox.local'' and the Cockpit URL will be https://mybox.local/_cockpit/.
To properly access Cockpit, use the domain name [[FreedomBox/Manual/Configure|configured]] for your !FreedomBox.Cockpit will also work well when using a [[FreedomBox/Manual/Tor|Tor Onion Service]]. The following URLs will work:
{{{
https://mybox.freedombox.rocks/_cockpit/
https://exampletorhs.onion/_cockpit/
}}}
The reason for this behaviour is that Cockpit uses !WebSockets to connect to the backend server. Cross site requests for !WebSockets must be prevented for security reasons. To implement this, Cockpit maintains a list of all domains from which requests are allowed. !FreedomBox automatically configures this list whenever you add or remove a domain. However, since we can't rely on IP addresses, they are not added by !FreedomBox to this domain list. You can see the current list of allowed domains, as managed by !FreedomBox, in ''/etc/cockpit/cockpit.conf''. You may edit this, but do so only if you understand web security consequences of this.
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

3
doc/manual/en/Cockpit.raw.xml
View File

File diff suppressed because one or more lines are too long

39
doc/manual/en/Configure.raw.wiki Normal file
View File

@ -0,0 +1,39 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/Configure|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== Configure ==
Configure has some general configuration options:
=== Hostname ===
. Hostname is the local name by which other devices on the local network can reach your !FreedomBox. The default hostname is ''freedombox''.
=== Domain Name ===
. Domain name is the global name by which other devices on the Internet can reach your !FreedomBox. The value set here is used by the [[FreedomBox/Manual/ejabberd|Chat Server (XMPP)]], [[FreedomBox/Manual/MatrixSynapse|Matrix Synapse]], [[FreedomBox/Manual/LetsEncrypt|Certificates (Let's Encrypt)]], and [[FreedomBox/Manual/Monkeysphere|Monkeysphere]].
=== Webserver Home Page ===
. This is an advanced option that allows you to set something other than !FreedomBox Service as the home page to be served on the domain name of the !FreedomBox. For example, if your !FreedomBox's domain name is https://myfreedombox.rocks and you set !MediaWiki as the home page, visiting https://myfreedombox.rocks will take you to https://myfreedombox.rocks/mediawiki/ instead of the usual https://myfreedombox.rocks/plinth/. You can set any web application, Ikiwiki wikis and blogs or Apache's default index.html page as the web server home page.
{{{#!wiki caution
Once some other app is set as the home page, you can only navigate to the !FreedomBox Service by typing https://myfreedombox.rocks/plinth/ into the browser. <<BR>>
''/freedombox'' can also be used as an alias to ''/plinth''
}}}
. ''Tip:'' Bookmark the URL of !FreedomBox Service before setting the home page to some other app.
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

1
doc/manual/en/Configure.raw.xml
View File

File diff suppressed because one or more lines are too long

112
doc/manual/en/Contribute.raw.wiki Normal file
View File

@ -0,0 +1,112 @@
# language en
~-[[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Contribute|Español]] -~
----
<<TableOfContents>>
## BEGIN_INCLUDE
= Get Involved =
From code, design and translation to spreading the word and donation, here are a number of ways to contribute to !FreedomBox.
== Quick Links ==
[[https://docs.freedombox.org/|FreedomBox Developer Manual]] <<BR>>
[[FreedomBox/ProgressCalls|Progress calls]] <<BR>>
[[FreedomBox/TODO|TODO page]] <<BR>>
[[https://www.freedomboxfoundation.org/donate/|Donation page]] <<BR>>
== Welcome to newcomers ==
As a new contributor, you are more than welcome to introduce yourself to others on the !FreedomBox [[https://discuss.freedombox.org/c/development|discussion forum]], [[http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss|mailing list]] or on the [[irc://irc.debian.org/freedombox|#freedombox IRC]] channel. In addition to make useful contacts, you can start reporting bugs and translate (see below) the wiki website and the !FreedomBox web interface.
== Development priorities ==
Upcoming priorities are discussed on an regular basis. You find the progress of the !FreedomBox Service with its priorities here: [[https://salsa.debian.org/groups/freedombox-team/-/boards|issues board]] and [[https://salsa.debian.org/groups/freedombox-team/-/milestones|milestones]].
Please check next [[FreedomBox/ProgressCalls|progress calls]] to keep yourself on track and meet members of the release team. A [[FreedomBox/TODO|TODO page]] aggregates the complete list of the items to work on for !FreedomBox.
== Contributions needed ==
=== Add an Application ===
If you are a developer and wish to see an application available in !FreedomBox, you can contribute by adding the application to !FreedomBox. See the [[https://docs.freedombox.org/|FreedomBox Developer Manual]].
=== Bugs ===
List of bugs, feature requests and improvements are tracked on the !FreedomBox [[https://salsa.debian.org/freedombox-team/freedombox/issues/|issue tracker]]. In addition to that, see [[FreedomBox/Contribute/Bugs|list of bugs]] to help out the Debian package we depend on. Also see the !FreedomBox [[https://qa.debian.org/developer.php?login=freedombox-pkg-team%40lists.alioth.debian.org&comaint=yes|packaging team's dashboard]] for status of various packages that we use.
=== Code ===
If you are a developer, you can contribute code to one of the sub-projects of !FreedomBox. Step-by-step process of [[/Code|contributing code]] to !FreedomBox is available.
* [[FreedomBox/Plinth|FreedomBox Service]]: a web interface to administer the functions of !FreedomBox.
* [[FreedomBox/Maker|Freedom Maker]]: a script to build !FreedomBox disk images for use on various hardware devices or virtual machines.
You can pickup a task from one of the [[FreedomBox/TODO|TODO]] lists. The individual page project pages contain information availabily of the code, how to build and TODO lists.
=== Design ===
==== User Experience Design ====
If you are a user experience designer, you can help !FreedomBox with the following items:
* UI experience for the !FreedomBox Service web interface
* Web design for [[https://freedombox.org|freedombox.org]], [[https://freedomboxfoundation.org|freedomboxfoundation.org]] and the [[FreedomBox|wiki]] pages
* Logo and branding (we currently have [[https://salsa.debian.org/freedombox-team/freedombox/tree/master/static/themes/default|an identity manual and logos]])
* Possible designs for custom !FreedomBox cases on single board computers
* [[../Design|User experience design]]
==== Technical Design ====
!FreedomBox needs your technical expertise to devise implementation plans for upcoming features. You can contribute to the discussion on various technical design and implementation aspects of !FreedomBox. See !FreedomBox discussion forum's [[https://discuss.freedombox.org/c/development|development category]].
=== Donate ===
The [[https://freedomboxfoundation.org|FreedomBox Foundation]] is a 501(c)(3) federal nonprofit corporation with recognition from the IRS. !FreedomBox project is run by volunteers. You can help the project financially by donating via !PayPal, Bitcoin or by mailing a check. Please see the [[https://www.freedomboxfoundation.org/donate/|donation page]] for details on how to donate.
=== Document: User Manual, Website and Wiki ===
!FreedomBox needs better documentation for users and contributors. !FreedomBox manual is prepared by aggregating various pages on the wiki and exporting to various formats. The manual is then used in !FreedomBox Service and elsewhere.
If you wish to contribute to the !FreedomBox [[FreedomBox|wiki]] (and consequently the !FreedomBox manual), you can create a wiki account and start editing.
For contributing to the website please start a discussion on the !FreedomBox discussion forum's [[https://discuss.freedombox.org/c/development|development category]].
=== Quality Assurance ===
* !FreedomBox already runs on many platforms and it is not possible for developers to test all possible platforms. If you have one of the supported hardware you can help with testing !FreedomBox on the platform.
* When an application is made available on !FreedomBox, not all of its functionality is tested in the real world by developer doing the work. Deploying the application and testing it will help ensure high quality applications in !FreedomBox.
See the [[FreedomBox/QualityAssurance|quality assurance]] page for a basic list of test cases to check for and information on reporting bugs.
=== Localization ===
All text visible to users of !FreedomBox needs to be localized to various languages. This translation work includes:
* [[FreedomBox/Plinth|Web Interface]] for !FreedomBox
* !FreedomBox documentation
* !FreedomBox [[FreedomBox|wiki]], [[https://freedombox.org|website]] and [[https://freedomboxfoundation.org|foundation website]].
* [[https://docs.djangoproject.com/en/dev/internals/contributing/localizing/|Django web framework]] that !FreedomBox uses.
* Individual applications that !FreedomBox exposes to users.
You can contribute to the localization effort using the web-based tool at [[https://hosted.weblate.org/projects/freedombox/|Weblate]] or directly to the source tree via [[https://salsa.debian.org/freedombox-team/freedombox/tree/master/plinth/locale|Salsa]].
If you wish to see !FreedomBox available for one of your languages, please start a discussion on the !FreedomBox discussion forum's [[https://discuss.freedombox.org/c/development|development category]] to work with others translating for that language.
For more information, please visit the !FreedomBox [[FreedomBox/Translate|translators]] page.
=== Spread the Word ===
Speak to your family, friends, local community or at global conferences about
the importance of !FreedomBox. To be a successful project we need many more
participants, be it users or contributors. Write about your efforts at the [[https://www.freedomboxfoundation.org/appearances/index.en.html|talks page]] and on the [[FreedomBox/TalksAndPresentations|wiki]].
## END_INCLUDE
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

1
doc/manual/en/Coquelicot.raw.xml
View File

File diff suppressed because one or more lines are too long

67
doc/manual/en/Coturn.raw.wiki Normal file
View File

@ -0,0 +1,67 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/Coturn|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== Coturn (VoIP Helper) ==
||<tablestyle="float: right;"> {{attachment:Coturn-icon_en_V01.png|Coturn icon}} ||
'''Available since''': version 20.8
Coturn is a server to facilitate audio/video calls and conferences by providing an implementation of TURN and STUN protocols. WebRTC, SIP and other communication servers can use it to establish a call between parties who are otherwise unable connect to each other.
It is not meant to be used directly by users. Servers such as Matrix Synapse need to be configured with the details provided on the Coturn app page. Apart from Matrix Synapse, Jitsi, Ejabberd, Nextcloud Talk, etc. can use Coturn server for audio/video calls and conferences. There is no need for the servers to be running on the same machine as !FreedomBox and external servers can use Coturn running on !FreedomBox.
Coturn is configured in !FreedomBox as an advanced app. This means that you need to check "Show advanced apps and features" in "General Configuration" to see Coturn icon in the "Apps" section.
=== How it works ===
When making an audio/video call, it is best to route the media streams between two peers directly. This will give the best possible latency (better signal quality) and avoid depending on a centralized server (privacy). It scales well because a simple chat server can host thousands of calls without involving the server in any way other than to setup the call. However, this approach does not work most of the time to due to how networks are configured. Most peers on the network do not have a unique IP address allocated to them. They work hidden behind a network device that performs "Network Address Translation" (NAT) for them. This means that the two peers have no way of reaching each other.
To address this problem, a simple technique known as STUN was introduced. With the help of a third party STUN server, the peers can trick the NAT devices, to carry the traffic between the two peers. Unfortunately, this trick only works about 80% of the time. So, if STUN fails, peers have no choice but to route their traffic through an intermediary server called TURN server. All the mechanism of trying out STUN first and then falling back to TURN is described in a protocol known as ICE.
On !FreedomBox, Coturn provides both STUN and TURN servers. Both services are provided over TCP as well as UDP. They are provided on unencrypted as well as encrypted channels (with have a higher chance of success). Since STUN servers are very inexpensive and don't consume a lot of server resources, there is no authentication needed to use them. TURN servers on the other hand need authentication. This authentication is highly simplified and does not require maintaining a database of users. A server such as matrix-synapse which is about to setup an audio/video call between two peers will generate a username and password using a shared secret. When the peers use the TURN server, they will be validated using these credentials because the TURN server also knows the same secret.
In summary, a communication server needs to know the URLs of the STUN/TURN servers along with a shared authentication secret for TURN. After that, during audio/video call setup, they will correctly guide the peers to use STUN/TURN servers. Coturn app in !FreedomBox provides exactly this information. This information can be used to configure a communication server irrespective of whether it is running on the same !FreedomBox or on another server.
=== Configuring Matrix Synapse ===
Matrix Synapse server in !FreedomBox can be configured to use Coturn TURN/STUN server. In future, when you install Matrix Synapse, !FreedomBox will automatically install Coturn and configure its parameters into Matrix Synapse. To configure Matrix Synapse, edit the file ''/etc/matrix-synapse/homeserver.yaml'' with the following lines:
{{{
turn_uris: [ "stun:myfreedombox.example.org:3478?transport=udp", "stun:myfreedombox.example.org:3478?transport=tcp", "turn:myfreedombox.example.org:3478?transport=udp", "turn:myfreedombox.example.org:3478?transport=tcp" ]
turn_shared_secret: "my-freedombox-provided-secret"
turn_user_lifetime: 86400000
turn_allow_guests: True
}}}
The value for the `turn_shared_secret` is provided as `static-auth-secret` in `/etc/coturn/freedombox.conf` file.
And then restart matrix-synapse server by disabling and re-enabling the matrix-synapse app.
=== Port Forwarding ===
If your !FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports for Coturn:
* UDP 3478
* TCP 3478
* UDP 3479
* TCP 3479
* UDP 5349
* TCP 5349
* UDP 5350
* TCP 5350
* UDP 49152-50175
* TCP 49152-50175
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

4
doc/manual/en/Coturn.raw.xml
View File

File diff suppressed because one or more lines are too long

40
doc/manual/en/Cubieboard2.raw.wiki Normal file
View File

@ -0,0 +1,40 @@
== Cubieboard 2 ==
{{attachment:cubieboard2.jpg|Cubieboard 2|width=640,height=426}}
The Cubieboard 2 is a single board computer based on the Allwinner A20 processor. It doesn't require any non-free firmware to run !FreedomBox, and Wifi capability can be added via a USB adaptor if needed. This board is available in two versions, one with on-board flash and a microSD slot, and a version with two microSD card slots.
'''Important:''' Read [[FreedomBox/Hardware|general advice]] about hardware before building a !FreedomBox with this single board computer.
=== Download ===
!FreedomBox SD card [[FreedomBox/Download|images]] are available for this device. Follow the instructions on the [[FreedomBox/Download|download]] page to create a !FreedomBox SD card and boot the device.
=== Availability ===
* [[http://cubieboard.org/buy|Full list of suppliers]]
=== Hardware ===
* CPU: ARM Cortex A7 Dual-Core
* RAM: 1GB DDR3 @960M
* Storage: 4GB internal NAND flash, up to 64GB on uSD slot
* Architecture: armhf
* Ethernet: 10/100, RJ45
* !WiFi: None, use a [[FreedomBox/Hardware/USBWiFi|USB WiFi device]]
* SATA: Yes
=== Non-Free Status ===
* Non-free blobs required: No
* !WiFi: Not available
## END_INCLUDE
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox
Cubieboard 2 image is licensed under a Creative Commons Attribution-!ShareAlike 2.0 Generic License by [[https://www.flickr.com/photos/120586634@N05/14673300334/in/photolist-pMbdDm-omCuYN-o5kVMu-dy9jTD-dy99Kz|Flickr]].

56
doc/manual/en/Cubietruck.raw.wiki Normal file
View File

@ -0,0 +1,56 @@
== Cubietruck ==
=== FreedomBox Danube Edition ===
{{attachment:freedombox-danube.jpg|FreedomBox Danube Edition|width=640,height=561}}
[[http://projectdanube.org|FreedomBox Danube Edition]] is a custom casing around Cubietruck and an SSD-hard drive.
=== Cubietruck / Cubieboard3 ===
[[http://cubieboard.org/model/|Cubietruck]] (Cubieboard3) is a single board computer with very good performance compared to many other boards. !FreedomBox images are built for this device.
'''Important:''' Read [[FreedomBox/Hardware|general advice]] about hardware before building a !FreedomBox with this single board computer.
=== Download ===
!FreedomBox SD card [[FreedomBox/Download|images]] are provided for this hardware. These SD card images are meant for use with the on-board SD card slot and do not work when used with a separate SD card reader connected via USB.
An alternative to downloading these images is to [[InstallingDebianOn/Allwinner|install Debian]] on the Cubietruck and then [[FreedomBox/Hardware/Debian|install FreedomBox]] on it.
=== Availability ===
Cubietruck / Cubieboard3
* Price: 89 USD
* [[http://cubieboard.org/buy/|List of suppliers]]
=== Hardware ===
* Open Hardware: No
* CPU: Allwinner A20, ARM Cortex-A7 @ 1GHz dual-core
* RAM: 2 GiB DDR3 @ 480 MHz
* Storage: 8 GB NAND flash built-in, 1x microSD slot
* Architecture: armhf
* Ethernet: 10/100/1000, RJ45
* !WiFi: Broadcom BCM4329/BCM40181 (no free !WiFi drivers + firmware available)
* SATA: 1x 2.0 port
=== Non-Free Status ===
* Non-free blobs required: ?
* !WiFi: no free !WiFi drivers + firmware available
=== Known Issues ===
* The on-board !WiFi does not work with free software. A separate [[FreedomBox/Hardware/USBWiFi|USB WiFi device]] is recommended.
## END_INCLUDE
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox
[[http://projectdanube.org/|FreedomBox Danube Edition]] image is copyright Markus Sabadello, used here with permission.

26
doc/manual/en/DateTime.raw.wiki Normal file
View File

@ -0,0 +1,26 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/DateTime|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== Date & Time ==
This network time server is a program that maintains the system time in synchronization with servers on the Internet.
You can select your time zone by picking a big city nearby (they are sorted by ''Continent/City'') or select directly the zone with respect to GMT (Greenwich Mean Time).
{{attachment:DateTime.png}}
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

1
doc/manual/en/DateTime.raw.xml
View File

File diff suppressed because one or more lines are too long

87
doc/manual/en/Debian.raw.wiki Normal file
View File

@ -0,0 +1,87 @@
#language en
#pragma section-numbers 2
~-[[DebianWiki/EditorGuide#translation|Translation(s)]]: [[de/FreedomBox/Hardware/Debian|Deutsch]] - English - [[es/FreedomBox/Hardware/Debian|Español]]-~
## BEGIN_INCLUDE
== Debian ==
##{{attachment:debian.png|Debian|width=425,height=546}}
!FreedomBox is a [[DebianPureBlends|pure blend]] of Debian. This means that all the work on !FreedomBox is available in Debian as packages. It also means that any machine running Debian can be turned into a !FreedomBox.
This page describes the process of installing !FreedomBox on a Debian system. Currently, !FreedomBox works in Debian Stable (Buster), Testing (Bullseye), and Unstable (Sid).
'''Important:''' Read [[FreedomBox/Hardware|general advice]] about hardware before building a !FreedomBox with this approach.
{{{#!wiki caution
'''Use a fresh Debian installation'''
Installing !FreedomBox changes your Debian system in many important ways. This includes installing a firewall and regenerating server certificates. It is hence recommended that you install !FreedomBox on a fresh Debian installation instead of an existing setup.
}}}
{{{#!wiki caution
'''Console/GUI logins for non-admin users will be disabled'''
After !FreedomBox is fully setup, your system will no longer allow users not belonging to the ''admin'' group to log in to the system via console, secure shell (SSH) or graphical login. This behaviour can be disabled from the [[FreedomBox/Manual/Security|Security]] page. Use the administrator account created during !FreedomBox first boot for console logins and add further user accounts to ''admin'' group, if necessary.
}}}
=== Installing on Debian 10.0 (Buster) or newer ===
Check the Troubleshooting section below, for any tips or workarounds that might help during the install.
1. [[InstallingDebianOn|Install Debian]] 10.0 (Buster), or Unstable (Sid) on your hardware.
1. Update your package list.
{{{
$ sudo apt-get update
}}}
1. Install `freedombox` package.
{{{
$ sudo DEBIAN_FRONTEND=noninteractive apt-get install freedombox
}}}
* The "DEBIAN_FRONTEND=noninteractive" will avoid several configuration prompts that would otherwise appear during the install.
1. During the installation, you will be provided a secret key that needs to be entered during the initial configuration process. Note this down. The secret can also be read at a later time from the file `/var/lib/plinth/firstboot-wizard-secret`.
1. You can start [[FreedomBox/Manual/QuickStart|using]] !FreedomBox. During initial wizard, you will need to enter the secret noted above.
=== Tips and Troubleshooting ===
1. !FreedomBox uses !NetworkManager to manage network configuration. If you have configured your network interfaces using Debian installer or by editing `/etc/network/interfaces`, !FreedomBox will not manage those interfaces. (See [[https://bugs.debian.org/797614|bug #797614]].) To let !FreedomBox/NetworkManager manage your network interfaces, edit the `/etc/network/interfaces` manually and ensure that it contains only the following:
{{{
auto lo
iface lo inet loopback
}}}
If you have already completed the setup process without doing this step, you will need to clear out the `/etc/network/interfaces` file keeping only the above lines. Then perform a reboot. On Debian 9 (Stretch), after this network connections configured by the `setup` step above will configure your network. Network interfaces will then be in the `internal` or `external` firewall zone. This is essential for the !FreedomBox's web interface to be reachable from other machines in the network. You can tweak network manager connections with the `nmtui` command if you wish.
1. !FreedomBox will use an automatically configured IP address by default. You can assign a static IP address if necessary. Network configuration changes can be done using !FreedomBox web interface or by using the `nmtui` or `nmcli` commands. `nmcli` can be used as follows:
{{{
nmcli con mod "Ethernet connection 1" \
ipv4.addresses A.A.A.A/X \
ipv4.gateway G.G.G.G \
ipv4.dns N.N.N.N \
ipv4.dns-search somedomain.com \
ipv4.method "manual" \
ipv4.ignore-auto-dns yes \
ipv6.method ignore
}}}
...with the block capitals and somedomain.com replaced with your actual address, mask description, gateway and dns server details.
## END_INCLUDE
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox
See the [[https://www.debian.org/logos/|Debian logo]] page for information on its copyright.

49
doc/manual/en/Deluge.raw.wiki Normal file
View File

@ -0,0 +1,49 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/Deluge|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== Deluge (BitTorrent Web Client) ==
||<tablestyle="float: right;"> {{attachment:Deluge-icon_en_V01.png|Deluge icon}} ||
'''Available since''': version 0.5
=== What is Deluge? ===
!BitTorrent is a communications protocol using peer-to-peer (P2P) file sharing. It is not anonymous; you should assume that others can see what files you are sharing. There are two !BitTorrent web clients available in !FreedomBox: [[FreedomBox/Manual/Transmission|Transmission]] and Deluge. They have similar features, but you may prefer one over the other.
Deluge is a lightweight !BitTorrent client that is highly configurable. Additional functionality can be added by installing plugins.
=== Screenshot ===
{{attachment:deluge.png|Deluge Web UI|width=800}}
=== Initial Setup ===
After installing Deluge, it can be accessed by pointing your browser to {{{https://<your freedombox>/deluge}}}. You will need to enter a password to login:
{{attachment:deluge_login.png|Deluge Login}}
The initial password is "deluge". The first time that you login, Deluge will ask if you wish to change the password. You should change it to something that is harder to guess.
Next you will be shown the connection manager. Click on the first entry (Offline - 127.0.0.1:58846). Then click "Start Daemon" to start the Deluge service that will run in the background.
{{attachment:deluge_connection_manager.png|Deluge Connection Manager (Offline)}}
Now it should say "Online". Click "Connect" to complete the setup.
{{attachment:deluge_connection_manager_2.png|Deluge Connection Manager (Online)}}
At this point, you are ready to begin using Deluge. You can make further changes in the Preferences, or add a torrent file or URL.
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

1
doc/manual/en/Deluge.raw.xml
View File

File diff suppressed because one or more lines are too long

13
doc/manual/en/Developer.raw.wiki Normal file
View File

@ -0,0 +1,13 @@
## BEGIN_INCLUDE
The !FreedomBox Developer Manual provides a step by step tutorial for writing apps for !FreedomBox and an API reference. It is available from [[https://docs.freedombox.org|docs.freedombox.org]].
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

23
doc/manual/en/Diagnostics.raw.wiki Normal file
View File

@ -0,0 +1,23 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/Diagnostics|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== Diagnostics ==
The system diagnostic test will run a number of checks on your system to confirm that applications and services are working as expected.
Just click ''Run Diagnostics''. This may take some minutes.
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

1
doc/manual/en/Diagnostics.raw.xml
View File

File diff suppressed because one or more lines are too long

261
doc/manual/en/Download.raw.wiki Normal file
View File

@ -0,0 +1,261 @@
# language en
~-[[DebianWiki/EditorGuide#translation|Translation(s)]]: [[de/FreedomBox/Download|Deutsch]] - English - [[es/FreedomBox/Download|Español]] - [[fr/FreedomBox/Telecharger|Français]] -~
----
<<TableOfContents()>>
## BEGIN_INCLUDE
= Download and Install =
Welcome to the !FreedomBox download page.
'''Note''': If you purchased a !FreedomBox kit, this section is not meant for you, so you can just skip it entirely. (Unless you specifically want to build an alternative software image).
You may either install !FreedomBox on one of the supported inexpensive [[FreedomBox/Hardware|hardware]] devices, on any [[FreedomBox/Hardware/Debian|Debian]] operating system, or deploy it on a virtual machine.
Installing on a machine running a Debian system is easy because !FreedomBox is available as a package. We do recommend to install !FreedomBox on a supported single board computer (SBC). The board will be dedicated for !FreedomBox use from home, this will prevent a lot of risks, such as accidental misconfiguration by the user. In case of trouble deciding which hardware is best for you or during the installation, please use the [[FreedomBox/Support|support page]] or read the [[FreedomBox/QuestionsAndAnswers|Questions and Answers]] page based on posts on the [[https://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss|Freedombox-discuss]] mailing list archives.
== Downloading on Debian ==
If you are installing on an existing Debian installation, you don't need to download these images. Instead, read the [[FreedomBox/Hardware/Debian|instructions]] on setting up !FreedomBox on Debian.
== Downloading for SBC or Virtual Machine ==
=== Prepare your device ===
Read the hardware specific instructions on how to prepare your device at the [[FreedomBox/Hardware|Hardware]] section. On the web, there is a lot of documentation about setting your device up and flashing USB or SD Cards to boot your hardware.
=== Downloading Images ===
Recent images for supported targets are available here:
* Official Images: https://freedombox.org/download/
* Official Images: https://ftp.freedombox.org/pub/freedombox/
=== Verifying the Downloaded Images ===
It is important to verify the images you have downloaded to ensure that the file has not been corrupted during the transmission and that it is indeed the image built by !FreedomBox developers.
'''Note:''' Testing and nightly images are automatically signed by the !FreedomBox CI server.
* First open a terminal and import the public keys of the !FreedomBox developers who built the images:
{{{
$ gpg --recv-keys BCBEBD57A11F70B23782BC5736C361440C9BC971
$ gpg --recv-keys 7D6ADB750F91085589484BE677C0C75E7B650808
# This is the FreedomBox CI server's key
$ gpg --recv-keys 013D86D8BA32EAB4A6691BF85D4153D6FE188FC8
}}}
If this command shows an error such as ''new key but contains no user ID - skipped'', then use a different keyserver to download the keys:
{{{
$ gpg --keyserver keys.gnupg.net --recv-keys BCBEBD57A11F70B23782BC5736C361440C9BC971
$ gpg --keyserver keys.gnupg.net --recv-keys 7D6ADB750F91085589484BE677C0C75E7B650808
$ gpg --keyserver keys.gnupg.net --recv-keys 013D86D8BA32EAB4A6691BF85D4153D6FE188FC8
}}}
Or
{{{
$ gpg --keyserver keyserver.ubuntu.com --recv-keys BCBEBD57A11F70B23782BC5736C361440C9BC971
$ gpg --keyserver keyserver.ubuntu.com --recv-keys 7D6ADB750F91085589484BE677C0C75E7B650808
$ gpg --keyserver keyserver.ubuntu.com --recv-keys 013D86D8BA32EAB4A6691BF85D4153D6FE188FC8
}}}
* Next, verify the fingerprint of the public keys:
{{{
$ gpg --fingerprint BCBEBD57A11F70B23782BC5736C361440C9BC971
pub 4096R/0C9BC971 2011-11-12
Key fingerprint = BCBE BD57 A11F 70B2 3782 BC57 36C3 6144 0C9B C971
uid Sunil Mohan Adapa <sunil@medhas.org>
sub 4096R/4C1D4B57 2011-11-12
$ gpg --fingerprint 7D6ADB750F91085589484BE677C0C75E7B650808
pub 4096R/7B650808 2015-06-07 [expires: 2020-06-05]
Key fingerprint = 7D6A DB75 0F91 0855 8948 4BE6 77C0 C75E 7B65 0808
uid James Valleroy <jvalleroy@mailbox.org>
uid James Valleroy <jvalleroy@freedombox.org>
sub 4096R/25D22BF4 2015-06-07 [expires: 2020-06-05]
sub 4096R/DDA11207 2015-07-03 [expires: 2020-07-01]
sub 2048R/2A624357 2015-12-22
$ gpg --fingerprint 013D86D8BA32EAB4A6691BF85D4153D6FE188FC8
pub rsa4096 2018-06-06 [SC]
013D 86D8 BA32 EAB4 A669 1BF8 5D41 53D6 FE18 8FC8
uid [ unknown] FreedomBox CI (Continuous Integration server) <admin@freedombox.org>
sub rsa4096 2018-06-06 [E]
}}}
* Finally, verify your downloaded image with its signature file `.sig`. For example:
{{{
$ gpg --verify freedombox-stable-free_buster_cubietruck-armhf.img.xz.sig
gpg: assuming signed data in 'freedombox-stable-free_buster_cubietruck-armhf.img.xz'
gpg: Signature made Sat 09 May 2020 11:54:01 AM EDT
gpg: using RSA key 013D86D8BA32EAB4A6691BF85D4153D6FE188FC8
gpg: Good signature from "FreedomBox CI (Continuous Integration server) <admin@freedombox.org>" [undefined]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 013D 86D8 BA32 EAB4 A669 1BF8 5D41 53D6 FE18 8FC8
}}}
=== Installation ===
After the download you can use the image to boot your chosen [[FreedomBox/Hardware|hardware]] (including virtual machines). You'll need to copy the image to the memory card or USB stick as follows:
1. Figure out which device your card actually is.
1. Unplug your card.
1. Run `dmesg -w` to show and follow the kernel messages.
1. Plug your card in. You will see messages such as following:
{{{
[33299.023096] usb 4-6: new high-speed USB device number 12 using ehci-pci
[33299.157160] usb 4-6: New USB device found, idVendor=058f, idProduct=6361
[33299.157162] usb 4-6: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[33299.157164] usb 4-6: Product: Mass Storage Device
[33299.157165] usb 4-6: Manufacturer: Generic
[33299.157167] usb 4-6: SerialNumber: XXXXXXXXXXXX
[33299.157452] usb-storage 4-6:1.0: USB Mass Storage device detected
[33299.157683] scsi host13: usb-storage 4-6:1.0
[33300.155626] scsi 13:0:0:0: Direct-Access Generic- Compact Flash 1.01 PQ: 0 ANSI: 0
[33300.156223] scsi 13:0:0:1: Direct-Access Multiple Flash Reader 1.05 PQ: 0 ANSI: 0
[33300.157059] sd 13:0:0:0: Attached scsi generic sg4 type 0
[33300.157462] sd 13:0:0:1: Attached scsi generic sg5 type 0
[33300.462115] sd 13:0:0:1: [sdg] 30367744 512-byte logical blocks: (15.5 GB/14.4 GiB)
[33300.464144] sd 13:0:0:1: [sdg] Write Protect is off
[33300.464159] sd 13:0:0:1: [sdg] Mode Sense: 03 00 00 00
[33300.465896] sd 13:0:0:1: [sdg] No Caching mode page found
[33300.465912] sd 13:0:0:1: [sdg] Assuming drive cache: write through
[33300.470489] sd 13:0:0:0: [sdf] Attached SCSI removable disk
[33300.479493] sdg: sdg1
[33300.483566] sd 13:0:0:1: [sdg] Attached SCSI removable disk
}}}
1. In the above case, the disk that is newly inserted is available as ''/dev/sdg''. Very carefully note this and use it in the copying step below.
1. Decompress the downloaded image using tar:
{{{
$ xz -d freedombox-stable-free_buster_cubietruck-armhf.img.xz
}}}
The above command is an example for the ''cubietruck'' stable image. Your downloaded file name will be different.
1. Copy the image to your card. Double check to make sure you don't
write to your computer's main storage (such as /dev/sda). Also
make sure that you don't run this step as root to avoid potentially
overriding data on your hard drive due to a mistake in identifying the device or errors while typing the command. USB disks and SD cards inserted into the system should typically be write accessible to normal users. If you don't have permission to write to your SD card as a user, you may need to run this command as root. In this case triple check everything before you run the command. Another safety precaution is to unplug all external disks except the SD card before running the command.
For example, if your SD card is ''/dev/sdg'' as noted in the first step
above, then to copy the image, run:
{{{
$ dd bs=1M if=freedombox-stable-free_buster_cubietruck-armhf.img of=/dev/sdg conv=fdatasync status=progress
}}}
An alternative to copy to SD card command
{{{
$ cat freedombox-stable-free_buster_cubietruck-armhf.img > /dev/sdg ; sync
}}}
On MS Windows you will need a tool like ''etcher''.
On MacOS (OSX) you can use programs like ''balenaetcher'' and ''rosaimagewriter''.
The above command is an example for the ''cubietruck'' stable image. Your image file name will be different.
When picking a device, use the drive-letter destination, like ''/dev/sdg'', not a numbered destination, like ''/dev/sdg1''. The device
without a number refers to the entire device, while the device with
a number refers to a specific partition. We want to use the whole
device. Downloaded images contain complete information about how many partitions there should be, their sizes and types. You don't have to format your SD card or create partitions. All the data on the SD card will be wiped off during the write process.
1. Use the image by inserting the SD card or USB disk into the target device and booting from it. Your device should also be prepared (see the [[FreedomBox/Hardware|Hardware]] section).
1. Read (the rest of) the [[FreedomBox/Manual|Manual]] for instructions on how to use applications in !FreedomBox.
=== Troubleshooting ===
* Can't boot off your MicroSD card (and/or disk utilities like GPartEd report a missing/corrupt partition table).
You likely forgot or failed to extract the .img file with `xz -d` before writing it to your device (e.g. ''/dev/sdg'').
== Obtaining Source Code ==
!FreedomBox is fully [[https://www.gnu.org/philosophy/free-sw.html|free software]] and you can obtain the source code to study, modify and distribute improvements.
=== From within FreedomBox ===
!FreedomBox is made up of several software programs and you can obtain the source code to any of them. These instructions are similar to obtaining and [[https://www.debian.org/doc/manuals/maint-guide/build.en.html|building]] [[https://www.debian.org/doc/manuals/apt-howto/ch-sourcehandling.en.html|source code]] [[https://wiki.debian.org/BuildingTutorial|for Debian]] since !FreedomBox is a pure blend of Debian. Using this process you can obtain the source code to the exact version of the package you are currently using in !FreedomBox.
1. To see the list of software packages installed on your !FreedomBox, run the following in a terminal:
{{{
dpkg -l
}}}
1. To obtain the source code for any of those programs, then run:
{{{
apt source <package_name>
}}}
This requires that the [[SourcesList|apt sources list]] contains information about the source code repositories. These are present by default on all !FreedomBox images. If you have installed !FreedomBox using a package from Debian, you need to ensure that source repositories are added in the file.
1. To build the package from source code, first install its dependencies
{{{
apt build-dep <package_name>
}}}
Switch to the source directory created by the ''apt source'' command:
{{{
cd <source_directory>
}}}
Then build the package
{{{
dpkg-buildpackage -rfakeroot -uc
}}}
1. Install the package:
{{{
dpkg -i ../<built_package>.deb
}}}
=== Other Ways to Obtain Source Code ===
1. Source code for any of the packages can be browsed and searched using the web interface at [[https://sources.debian.org/|sources.debian.org]]. For example, see the [[https://sources.debian.org/src/plinth/|plinth]] package.
1. Source code and pre-built binary package for any version of a package including historic versions can be obtained from [[https://snapshot.debian.org/|snapshot.debian.org]]. For example, see the [[https://snapshot.debian.org/package/plinth/|plinth]] package.
1. You can also obtain the links to upstream project homepage, upstream version control, Debian's version control, changelog, etc. from the Debian tracker page for a project at [[https://tracker.debian.org/|tracker.debian.org]]. For example, see the tracker page for [[https://tracker.debian.org/pkg/plinth|plinth]] package.
1. You can build and install a package from its Debian's version control repository. For example,
{{{
git clone https://salsa.debian.org/freedombox-team/freedombox.git
cd freedombox
apt build-dep .
dpkg-buildpackage -rfakeroot -uc
dpkg -i ../freedombox*.deb
}}}
=== Building Disk Images ===
You can also build !FreedomBox disk images for various hardware platforms using the freedom-maker tool. This is also available as a Debian package and source code for it may be obtained using the above methods. [[https://salsa.debian.org/freedombox-team/freedom-maker/blob/master/README.md|Build instructions]] for creating disk images are available as part of the source code for freedom-maker package.
!FreedomBox disk images are built and uploaded to official servers using automated Continuous Integration infrastructure. This infrastructure is available as [[https://salsa.debian.org/freedombox-team/infrastructure|source code]] too and provides accurate information on how !FreedomBox images are built.
==== U-boot on Pioneer Edition Images ====
There is one minor exception to the u-boot package present on the hardware sold as !FreedomBox Home Server Kits Pioneer Edition. It contains a small but important fix that is not part of Debian sources. The fork of the Debian u-boot source repository along with the minor change done by the !FreedomBox is available as a [[https://salsa.debian.org/freedombox-team/u-boot|separate repository]]. We expect this change to be available in upstream u-boot eventually and this repository will not be needed. This package can be built on a Debian armhf machine as follows (cross compiling is also possible, simply follow instructions for cross compiling Debian packages):
{{{
apt install git git-buildpackage
git clone https://salsa.debian.org/freedombox-team/u-boot.git
cd u-boot
pbuilder create --distribution=buster
gbp buildpackage --git-pbuilder
}}}
The u-boot Debian package will be available in ''u-boot-sunxi*.deb''. This package will contain
{{{
mkdir temp
dpkg -x u-boot-suxi*.deb temp
unxz <lime2_image_built_with_freedom_maker>
dd if=temp/usr/lib/u-boot/A20-OLinuXino-Lime2/u-boot-sunxi-with-spl.bin of=<lime2.img> seek=8 bs=1k conv=notrunc
}}}
The resulting image will have the modified u-boot in it.
## END_INCLUDE
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

89
doc/manual/en/DynamicDNS.raw.wiki Normal file
View File

@ -0,0 +1,89 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/DynamicDNS|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== Dynamic DNS Client ==
=== What is Dynamic DNS? ===
In order to reach a server on the Internet, the server needs to have permanent address also known as the static IP address. Many Internet service providers don't provide home users with a static IP address or they charge more providing a static IP address. Instead they provide the home user with an IP address that changes every time the user connects to the Internet. Clients wishing to contact the server will have difficulty reaching the server.
Dynamic DNS service providers assist in working around a problem. First they provide you with a domain name, such as 'myhost.example.org'. Then they associate your IP address, whenever it changes, with this domain name. Then anyone intending to reach the server will be to contact the server using the domain name 'myhost.example.org' which always points to the latest IP address of the server.
For this to work, every time you connect to the Internet, you will have to tell your Dynamic DNS provider what your current IP address is. Hence you need special software on your server to perform this operation. The Dynamic DNS function in !FreedomBox will allow users without a static public IP address to push the current public IP address to a Dynamic DNS Server. This allows you to expose services on !FreedomBox, such as ownCloud, to the Internet.
=== GnuDIP vs. Update URL ===
There are two main mechanism to notify the Dynamic DNS server of your new IP address; using the ''GnuDIP'' protocol and using the ''Update URL'' mechanism.
If a service provided using update URL is not properly secured using HTTPS, your credentials may be visible to an adversary. Once an adversary gains your credentials, they will be able to replay your request your server and hijack your domain.
On the other hand, the GnuDIP protocol will only transport a salted MD5 value of your password, in a way that is secure against replay attacks.
=== Using the GnuDIP protocol ===
1. Register an account with any Dynamic DNS service provider. A free service provided by the !FreedomBox community is available at https://gnudip.datasystems24.net .
1. In !FreedomBox UI, enable the Dynamic DNS Service.
1. Select ''GnuDIP'' as ''Service type'', enter your Dynamic DNS service provider address (for example, gnudip.datasystems24.net) into ''GnuDIP Server Address'' field.
{{attachment:DynamicDNS-Settings.png|Dynamic DNS Settings|width=800}}
1. Fill ''Domain Name'', ''Username'', ''Password'' information given by your provider into the corresponding fields.
=== Using an Update URL ===
This feature is implemented because the most popular Dynamic DNS providers are using Update URLs mechanism.
1. Register an account with a Dynamic DNS service provider providing their service using Update URL mechanism. Some example providers are listed in the configuration page itself.
1. In !FreedomBox UI, enable the Dynamic DNS service.
1. Select ''other Update URL'' as ''Service type'', enter the update URL given by your provider into ''Update URL'' field.
1. If you browse the update URL with your Internet browser and a warning message about untrusted certificate appears, then enable ''accept all SSL certificates''. WARNING: your credentials may be readable here because man-in-the-middle attacks are possible! Consider choosing a better service provider instead.
1. If you browse the update URL with your Internet browser and the username/password box appears, enable ''use HTTP basic authentication'' checkbox and provide the ''Username'' and ''Password''.
1. If the update URL contains your current IP address, replace the IP address with the string ''<Ip>''.
=== Checking If It Works ===
1. Make sure that external services you have enabled such as /jwchat, /roundcube and /ikiwiki are available on your domain address.
1. Go to the ''Status'' page, make sure that the NAT type is detected correctly. If your !FreedomBox is behind a NAT device, this should be detected over there (Text: ''Behind NAT''). If your !FreedomBox has a public IP address assigned, the text should be "Direct connection to the Internet".
1. Check that the last update status is not ''failed''.
=== Recap: How to create a DNS name with GnuDIP ===
/* to delete or to replace the old text */
1. Access to [[https://gnudip.datasystems24.net|GnuIP login page]] (answer Yes to all pop ups)
1. Click on "Self Register"
1. Fill the registration form (Username and domain will form the public IP address [username.domain])
1. Take note of the username/hostname and password that will be used on the !FreedomBox app.
1. Save and return to the GnuDIP login page to verify your username, domain and password (enter the datas, click login).
1. Login output should display your new domain name along with your current public IP address (this is a unique address provided by your router for all your local devices).
1. Leave the GnuDIP interface and open the Dynamic DNS Client app page in your !FreedomBox.
1. Click on "Set Up" in the top menu.
1. Activate Dynamic DNS
1. Choose GnuDIP service.
1. Add server address (gnudip.datasystems24.net)
1. Add your fresh domain name (username.domain, ie [username].freedombox.rocks)
1. Add your fresh username (the one used in your new IP address) and password
1. Add your GnuDIP password
1. Fill the option with http://myip.datasystems24.de (try this url in your browser, you will figure out immediately)
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

1
doc/manual/en/DynamicDNS.raw.xml
View File

File diff suppressed because one or more lines are too long

209
doc/manual/en/Firewall.raw.wiki Normal file
View File

@ -0,0 +1,209 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/Firewall|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== Firewall ==
Firewall is a network security system that controls the incoming and outgoing network traffic. Keeping a firewall enabled and properly configured reduces risk of security threat from the Internet.
The operation of the firewall in !FreedomBox web interface is automatic. When you enable a service it is automatically permitted in the firewall and when you disable a service it is automatically disabled in the firewall. For services which are enabled by default on !FreedomBox, firewall ports are also enabled by default during the first run process.
{{attachment:Firewall.png|Firewall|width=800}}
Firewall management in !FreedomBox is done using [[https://fedoraproject.org/wiki/FirewallD|FirewallD]].
=== Interfaces ===
Each interface is needs to be assigned to one (and only one) zone. If an interface is not assigned any zone, it is automatically assigned `external` zone. Whatever rules are in effect for a zone, those rules start to apply for that interface. For example, if HTTP traffic is allowed in a particular zone, then web requests will be accepted on all the addresses configured for all the interfaces assigned to that zone.
There are primarily two firewall zones used. The `internal` zone is meant for services that are provided to all machines on the local network. This may include services such as streaming media and simple file sharing. The `external` zone is meant for services that are provided publicly on the Internet. This may include services such as blog, website, email web client etc.
For details on how network interfaces are configured by default, see the [[FreedomBox/Manual/Networks|Networks]] section.
=== Opening Custom Ports ===
Cockpit app provides advanced management of firewall. Both !FreedomBox and Cockpit operate over firewalld and are hence compatible with each other. In particular, Cockpit can be used to open custom services or ports on !FreedomBox. This is useful if you are manually running your own services in addition to the services provided by !FreedomBox on the same machine.
{{attachment:firewalld-cockpit.png}}
=== FreedomBox Ports/Services ===
The following table attempts to document the ports, services and their default statuses in !FreedomBox. If you find this page outdated, see the Firewall status page in !FreedomBox interface.
||'''Service'''||'''Port''' ||'''External'''||'''Enabled by default'''||'''Status shown in !FreedomBox'''||'''Managed by !FreedomBox'''||
|| Minetest || 30000/udp || {*} || {X} || (./) || (./) ||
|| XMPP Client || 5222/tcp || {*} || {X} || (./) || (./) ||
|| XMPP Server || 5269/tcp || {*} || {X} || (./) || (./) ||
|| XMPP Bosh || 5280/tcp || {*} || {X} || (./) || (./) ||
|| NTP || 123/udp || {o} || (./) || (./) || (./) ||
|| !FreedomBox Web Interface (Plinth) || 443/tcp || {*} || (./) || (./) || {X} ||
|| Quassel || 4242/tcp || {*} || {X} || (./) || (./) ||
|| SIP || 5060/tcp || {*} || {X} || (./) || (./) ||
|| SIP || 5060/udp || {*} || {X} || (./) || (./) ||
|| SIP-TLS || 5061/tcp || {*} || {X} || (./) || (./) ||
|| SIP-TLS || 5061/udp || {*} || {X} || (./) || (./) ||
|| RTP || 1024-65535/udp || {*} || {X} || (./) || (./) ||
|| SSH || 22/tcp || {*} || (./) || (./) || {X} ||
|| mDNS || 5353/udp || {o} || (./) || (./) || (./) ||
|| Tor (Socks) || 9050/tcp || {o} || {X} || (./) || (./) ||
|| Obfsproxy || <random>/tcp || {*} || {X} || (./) || (./) ||
|| OpenVPN || 1194/udp || {*} || {X} || (./) || (./) ||
|| Mumble || 64378/tcp || {*} || {X} || (./) || (./) ||
|| Mumble || 64378/udp || {*} || {X} || (./) || (./) ||
|| Privoxy || 8118/tcp || {o} || {X} || (./) || (./) ||
|| JSXC || 80/tcp || {*} || {X} || {X} || {X} ||
|| JSXC || 443/tcp || {*} || {X} || {X} || {X} ||
|| DNS || 53/tcp || {o} || {X} || {X} || {X} ||
|| DNS || 53/udp || {o} || {X} || {X} || {X} ||
|| DHCP || 67/udp || {o} || (./) || {X} || {X} ||
|| Bootp || 67/tcp || {o} || {X} || {X} || {X} ||
|| Bootp || 67/udp || {o} || {X} || {X} || {X} ||
|| Bootp || 68/tcp || {o} || {X} || {X} || {X} ||
|| Bootp || 68/udp || {o} || {X} || {X} || {X} ||
|| LDAP || 389/tcp || {o} || {X} || {X} || {X} ||
|| LDAPS || 636/tcp || {o} || {X} || {X} || {X} ||
=== Manual operation ===
See [[https://fedoraproject.org/wiki/FirewallD|FirewallD]] documentation for more information on the basic concepts and comprehensive documentation.
==== Enable/disable firewall ====
To disable firewall
{{{
service firewalld stop
}}}
or with systemd
{{{
systemctl stop firewalld
}}}
To re-enable firewall
{{{
service firewalld start
}}}
or with systemd
{{{
systemctl start firewalld
}}}
==== Modifying services/ports ====
You can manually add or remove a service from a zone.
To see list of services enabled:
{{{
firewall-cmd --zone=<zone> --list-services
}}}
Example:
{{{
firewall-cmd --zone=internal --list-services
}}}
To see list of ports enabled:
{{{
firewall-cmd --zone=<zone> --list-ports
}}}
Example:
{{{
firewall-cmd --zone=internal --list-ports
}}}
To remove a service from a zone:
{{{
firewall-cmd --zone=<zone> --remove-service=<service>
firewall-cmd --permanent --zone=<zone> --remove-service=<interface>
}}}
Example:
{{{
firewall-cmd --zone=internal --remove-service=xmpp-bosh
firewall-cmd --permanent --zone=internal --remove-service=xmpp-bosh
}}}
To remove a port from a zone:
{{{
firewall-cmd --zone=internal --remove-port=<port>/<protocol>
firewall-cmd --permanent --zone=internal --remove-port=<port>/<protocol>
}}}
Example:
{{{
firewall-cmd --zone=internal --remove-port=5353/udp
firewall-cmd --permanent --zone=internal --remove-port=5353/udp
}}}
To add a service to a zone:
{{{
firewall-cmd --zone=<zone> --add-service=<service>
firewall-cmd --permanent --zone=<zone> --add-service=<interface>
}}}
Example:
{{{
firewall-cmd --zone=internal --add-service=xmpp-bosh
firewall-cmd --permanent --zone=internal --add-service=xmpp-bosh
}}}
To add a port to a zone:
{{{
firewall-cmd --zone=internal --add-port=<port>/<protocol>
firewall-cmd --permanent --zone=internal --add-port=<port>/<protocol>
}}}
Example:
{{{
firewall-cmd --zone=internal --add-port=5353/udp
firewall-cmd --permanent --zone=internal --add-port=5353/udp
}}}
==== Modifying the zone of interfaces ====
You can manually change the assignment of zones of each interfaces after they have been autuomatically assigned by the first boot process.
To see current assignment of interfaces to zones:
{{{
firewall-cmd --list-all-zones
}}}
To remove an interface from a zone:
{{{
firewall-cmd --zone=<zone> --remove-interface=<interface>
firewall-cmd --permanent --zone=<zone> --remove-interface=<interface>
}}}
Example:
{{{
firewall-cmd --zone=external --remove-interface=eth0
firewall-cmd --permanent --zone=external --remove-interface=eth0
}}}
To add an interface to a zone:
{{{
firewall-cmd --zone=<zone> --add-interface=<interface>
firewall-cmd --permanent --zone=<zone> --add-interface=<interface>
}}}
Example:
{{{
firewall-cmd --zone=internal --add-interface=eth0
firewall-cmd --permanent --zone=internal --add-interface=eth0
}}}
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

13
doc/manual/en/Firewall.raw.xml
View File

File diff suppressed because one or more lines are too long

43
doc/manual/en/GettingHelp.raw.wiki Normal file
View File

@ -0,0 +1,43 @@
~-[[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/GettingHelp|Español]] - [[fr/FreedomBox/Manuel/ObtenirAide|Français]]-~
## BEGIN_INCLUDE
= Getting Help =
<<Anchor(gettinghelp)>>
The !FreedomBox community provides live help via forum, chat and email. Feel free to join and ask anything you like. If you receive help, please consider to report your solution to the [[FreedomBox/QuestionsAndAnswers|Questions and Answers]] page, so others can benefit in the future.
== Discussion Forum ==
The easiest way to get support is by using the [[https://discuss.freedombox.org|discussion forum]]. You can browse solutions to known problems or request help from community contributors by asking a question. This is also the best way to provide community contributors with feedback about your !FreedomBox experience.
To post new content, you will need to register for an account with name and email address (but you can provide pseudonym and non-primary email address). By watching topics and categories or by enabling 'mailing list mode' in your account preferences, you can interact with the forum by just sending and receiving emails similar to a mailing list.
== IRC #freedombox ==
Providing you are familiar with [[http://www.irchelp.org/|Internet Relay Chat]] (IRC) and [[http://www.irchelp.org/irchelp/clients/|IRC client]], you can get an instant online help from the community on '''irc.debian.org''', channel '''#freedombox'''. Potentially it takes some time before some member is answering you, be patient, a reaction will come later.
== Matrix ==
You can join our Matrix room '''#freedombox:matrix.org'''. The room is federated with the IRC channel and remembers the chat history.
If you do not yet have a client installed, you can [[https://riot.im/app/#/room/#freedombox:matrix.org|use your web browser to join]].
For more options, see this [[https://matrix.to/#/#freedombox:matrix.org|matrix client overview page]].
== Email ==
!FreedomBox users and contributors can be reached by email via a discussion list. In order to ask a question and get an answer from the community, please register from the [[https://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss|mailing list page]] providing your email adress and creating a password. You can also read [[http://lists.alioth.debian.org/pipermail/freedombox-discuss/|discussions archives]]. This list gathers about 700 readers.
== Help Back ==
Once you've got your solution, don't forget to add it to the [[FreedomBox/QuestionsAndAnswers|Questions and Answers]] page and tell which features do you use from the box on [[FreedomBox/UserExperience|Use Cases]] page. It could help others to use !FreedomBox in a way they would have not imagined.
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

54
doc/manual/en/GitWeb.raw.wiki Normal file
View File

@ -0,0 +1,54 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/GitWeb|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== GitWeb (Simple Git Hosting) ==
||<tablestyle="float: right;"> {{attachment:Gitweb-icon_en_V01.png|Gitweb icon}} ||
'''Available since''': version 19.19
Git is a distributed version-control system for tracking changes in source code during software development. !GitWeb provides a web interface to Git repositories. You can browse history and content of source code, use search to find relevant commits and code. You can also clone repositories and upload code changes with a command-line Git client or with multiple available graphical clients. And you can share your code with people around the world.
To learn more on how to use Git visit [[https://git-scm.com/docs/gittutorial|Git tutorial]].
=== Managing the repositories ===
After installation of !GitWeb, a new repository can be created. It can be marked as ''private'' to limit access.
=== Access ===
!GitWeb can be accessed after installation e.g. by the web client through {{{https://<my_freedombox_name>/gitweb}}}.
=== HTTP basic auth ===
!GitWeb on !FreedomBox currently supports HTTP remotes only. To avoid
having to enter the password each time you pull/push to the repository, you can
edit your remote to include the credentials.
''Example:'' https://username:password@my.freedombox.rocks/gitweb/myrepo
Your username and password will be encrypted. Someone monitoring the network traffic will notice the domain name only.<<BR>>
'''Note:''' If using this method, your password will be stored in plain text in the local repository's {{{.git/config}}} file. For this reason, you should create a !FreedomBox user who has only access to the gitweb and never use an admin account.
=== Mirroring ===
Though your repositories are primarily hosted on your own !FreedomBox, you can
configure a repository on another Git hosting system like GitLab as a mirror.
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

1
doc/manual/en/GitWeb.raw.xml
View File

File diff suppressed because one or more lines are too long

170
doc/manual/en/Hardware.raw.wiki Normal file
View File

@ -0,0 +1,170 @@
<<TableOfContents()>>
## BEGIN_INCLUDE
!FreedomBox is designed to be the software for a consumer electronics device that is easy to setup, maintain and use. The project does not aim to create a custom hardware device ourselves, but instead we intend to partner with hardware vendors to build !FreedomBox devices and also support existing hardware. Typically, it is run on single board computers because of their small form factor, low power consumption and favourable price. Some users also run it on old/refurbished desktop or laptop computers or even on virtual machines running on their primary computers.
In addition to supporting various single board computers and other devices, any Debian machine can be turned into a !FreedomBox by installing the `freedombox` package. Debian, the universal operating system, supports a much wider range on hardware. After [[InstallingDebianOn|installing Debian]], see the [[FreedomBox/Hardware/Debian|manual page]] for installing !FreedomBox on Debian.
== Recommended Hardware ==
On April 22nd, 2019, the !FreedomBox Foundation announced the [[https://freedomboxfoundation.org/buy/|sales]] of the Pioneer Edition !FreedomBox Home Server Kits. This is the recommended pre-installed hardware for all users who don't wish to build their own !FreedomBox by choosing the right components, downloading the image and preparing an SD card with !FreedomBox.
The kit includes all the hardware needed for launching a !FreedomBox home server on an Olimex A20-OLinuXino-LIME2 board. This product provides the perfect combination of open source hardware and free and open source software. By purchasing this product, you also support the !FreedomBox Foundation's efforts to create and promote its free and open source server software.
||<style="text-align: center;"> [[FreedomBox/Hardware/PioneerEdition|{{attachment:pioneer-edition_thumb.jpg|Pioneer Edition FreedomBox Home Server Kits|width=320,height=257}}]]<<BR>> [[FreedomBox/Hardware/PioneerEdition|Pioneer Edition FreedomBox Home Server Kits]] ||
== Supported Hardware ==
Use these hardware if you are able to download !FreedomBox images and prepare an SD card by following the manual. If you wish for simper setup process, please buy the !FreedomBox kits from recommended hardware instead. Look at the list of known issues with a hardware before buying it.
||<style="text-align: center;"> [[FreedomBox/Hardware/A20-OLinuXino-Lime2|{{attachment:a20-olinuxino-lime2_thumb.jpg|A20 OLinuXino Lime2|width=235,height=159}}]]<<BR>> [[FreedomBox/Hardware/A20-OLinuXino-Lime2|A20 OLinuXino Lime2]] ||<style="text-align: center;"> [[FreedomBox/Hardware/A20-OLinuXino-MICRO|{{attachment:a20-olinuxino-micro_thumb.jpg|A20 OLinuXino MICRO|width=235,height=132}}]]<<BR>> [[FreedomBox/Hardware/A20-OLinuXino-MICRO|A20 OLinuXino MICRO]] ||<style="text-align: center;"> [[FreedomBox/Hardware/APU|{{attachment:apu1d_thumb.jpg|PC Engines APU|width=235,height=157}}]]<<BR>> [[FreedomBox/Hardware/APU|PC Engines APU]] ||
||<style="text-align: center;"> [[FreedomBox/Hardware/Cubietruck|{{attachment:danube_thumb.png|Cubietruck|width=235,height=206}}]] <<BR>> [[FreedomBox/Hardware/Cubietruck|Cubietruck]] <<BR>> ||<style="text-align: center;"> [[FreedomBox/Hardware/Cubieboard2|{{attachment:cubieboard2_thumb.jpg|Cubieboard 2|width=235,height=156}}]]<<BR>> [[FreedomBox/Hardware/Cubieboard2|Cubieboard2]] ||<style="text-align: center;"> [[FreedomBox/Hardware/BeagleBone|{{attachment:beagleboard_thumb.jpg|BeagleBone Black|width=235,height=157}}]]<<BR>> [[FreedomBox/Hardware/BeagleBone|BeagleBone Black]] ||
||<style="text-align: center;"> [[FreedomBox/Hardware/pcDuino3|{{attachment:pcduino3s_thumb.jpg|pcDuino3|width=235,height=107}}]] <<BR>> [[FreedomBox/Hardware/pcDuino3|pcDuino3]]||<style="text-align: center;"> [[FreedomBox/Hardware/Debian|{{attachment:debian_thumb.png|Debian|width=156,height=201}}]] <<BR>> [[FreedomBox/Hardware/Debian|Debian]]||<style="text-align: center;"> [[FreedomBox/Hardware/VirtualBox|{{attachment:virtualbox_thumb.png|VirtualBox|width=235,height=154}}]] <<BR>> [[FreedomBox/Hardware/VirtualBox|VirtualBox]]||
||<style="text-align: center;"> [[FreedomBox/Hardware/PineA64+|{{attachment:pine64-plus_thumb.jpg|Pine A64+|width=235,height=213}}]] <<BR>> [[FreedomBox/Hardware/PineA64+|Pine A64+]] ||<style="text-align: center;"> [[FreedomBox/Hardware/BananaPro|{{attachment:banana-pro_thumb.jpg|Banana Pro|width=235}}]] <<BR>> [[FreedomBox/Hardware/BananaPro|Banana Pro]]||<style="text-align: center;"> [[FreedomBox/Hardware/OrangePiZero|{{attachment:orange-pi-zero_thumb.jpg|Orange Pi Zero|width=235}}]] <<BR>> [[FreedomBox/Hardware/OrangePiZero|Orange Pi Zero]] ||
||<style="text-align: center;"> [[FreedomBox/Hardware/RockPro64|{{attachment:rockpro64_thumb.jpg|RockPro64|width=235,height=142}}]] <<BR>> [[FreedomBox/Hardware/RockPro64|RockPro64]] ||<style="text-align: center;"> [[FreedomBox/Hardware/Rock64|{{attachment:rock64_thumb.jpg|Rock64|width=235,height=154}}]] <<BR>> [[FreedomBox/Hardware/Rock64|Rock64]]||||
=== Hardware Comparison ===
||'''Name'''||'''Speed (GHz)'''||'''Debian arch'''||'''Ram (GB)'''||'''disk (GB)'''||'''battery'''||'''SATA'''||'''Ethernet speed'''||'''[[OpenSourceHardware|OSHW]]'''||
||APU.1D ||1x2 ||amd64 ||2||-|| - || (./) ||1000x3|| {X} ||
||APU.1D4 ||1x2 ||amd64 ||4||-|| - || (./) ||1000x3|| {X} ||
||!BeagleBone Black C ||1 ||armhf/omap ||½||4|| - || - ||100 || (./) ||
||Cubieboard2 ||1x2 ||armhf/sunxi ||1||4|| (./) || (./) ||100 || {X} ||
||Cubieboard2-Dual ||1x2 ||armhf/sunxi ||1||-|| (./) || (./) ||100 || {X} ||
||Cubieboard3/Cubietruck ||1x2 ||armhf/sunxi ||2||8|| (./) || (./) ||1000 || {X} ||
||OLinuXino A20 LIME ||1x2 ||armhf/sunxi ||½||-|| (./) || (./) ||100 || (./) ||
||OLinuXino A20 LIME2 ||1x2 ||armhf/sunxi ||1||-|| (./) || (./) ||1000 || (./) ||
||OLinuXino A20 MICRO ||1x2 ||armhf/sunxi ||1||-|| (./) || (./) ||100 || (./) ||
||pcDunino3 ||1x2 ||armhf/sunxi ||1||4|| (./) || (./) ||100 || {X} ||
||Pine A64+ ||1.2x4||arm64/sunxi ||½,1,2||-||- || - ||1000 || {X} ||
||Banana Pro ||1.2x2||armhf/sunxi ||1||-||- || (./) ||1000 || {X} ||
||Orange Pi Zero ||?x4 ||armhf/sunxi ||¼,½||-||- || - ||100 || {X} ||
||!RockPro64 ||1.4x4+1.8x2||arm64 ||2,4||16,32,64,128|| - || (./) ||1000 || {X} ||
||Rock64 ||1.5x4||arm64 ||1,2,4||16,32,64,128|| - || (./) ||1000 || {X} ||
== Additional Hardware ==
=== Also Working Hardware ===
This hardware works but is not recommended because the hardware can't run entirely on [[https://www.gnu.org/philosophy/free-sw.en.html|free software]]:
||<style="text-align: center;"> [[FreedomBox/Hardware/RaspberryPi2|{{attachment:raspberry2_thumb.jpg|Raspberry Pi 2|width=235,height=157}}]] <<BR>> [[FreedomBox/Hardware/RaspberryPi2|Raspberry Pi 2]] ||<style="text-align: center;"> [[FreedomBox/Hardware/RaspberryPi3B|{{attachment:raspberrypi3b_thumb.jpg|Raspberry Pi 3 Model B|width=235,height=155}}]] <<BR>> [[FreedomBox/Hardware/RaspberryPi3B|Raspberry Pi 3 Model B]] ||<style="text-align: center;"> [[FreedomBox/Hardware/RaspberryPi3B+|{{attachment:raspberrypi3bplus_thumb.jpg|Raspberry Pi 3 Model B+|width=235,height=153}}]] <<BR>> [[FreedomBox/Hardware/RaspberryPi3B+|Raspberry Pi 3 Model B+]]||
||<style="text-align: center;"> [[FreedomBox/Hardware/RaspberryPi4B|{{attachment:raspberrypi4b_thumb.jpg|Raspberry Pi 4 B|width=235,height=156}}]] <<BR>> [[FreedomBox/Hardware/RaspberryPi4B|Raspberry Pi 4 B]] || || ||
=== Hardware Supported with Generic Images ===
If you already have hardware that you wish turn into a !FreedomBox, don't let the limited list of supported hardware discourage you. If you are using AMD or Intel architecture machines, you can download the generic images of that specific architecture that image will work on any machine of that architecture. For ARM 32-bit or ARM 64-bit architectures, we have a similar solution.
Starting with August 2020, we started building generic images that would work for all single board computers based on a solution involving UEFI standards and u-boot firmware. In this approach, a small board specific firmware resides on an SPI flash or an SD card. It is responsible for loading a generic !FreedomBox image that is placed in an SD card, a USB drive, a SATA drive or an NVMe drive. So, for your hardware, find and get a u-boot based firmware from your board manufacturer and place it on an SPI flash or an SD card. Next, ensure that that kernel in !FreedomBox has support for your board and place it on any of the other storage disks. This approach should work well for a lot of boards that are not listed as specifically supported. See firmware section for more details.
We continue to build images specific to some hardware as we used to earlier. These images have the slight advantage that they are easier to setup because of less step involved. We intend, however, to phase out these images because they can't be booted from all the storage devices and involve development overhead limiting the number of boards we support.
=== Adding Hardware Support ===
If your hardware is not listed above but you were able to get it working using the above described method of using a generic image, drop us a line and we will list it as supported. Further, take a look at the list of [[CheapServerBoxHardware|targeted hardware]] for boards to support.
=== Deprecated Hardware ===
This hardware was supported earlier but is no longer supported. If you downloaded an earlier image and are running !FreedomBox on one of these hardware, you will keep getting software updates. However, no new images will be provided for these hardware. It is recommended that you migrate to newer, supported hardware using backup and restore.
* !DreamPlug
* Raspberry Pi
''Note'': ''Supported Hardware'' means that !FreedomBox images are built for said hardware and at least one developer has reported the basic functions to be working.
== Common Hardware Information ==
The following sections document common advice related to hardware and peripherals when using them with !FreedomBox.
=== Wi-Fi ===
!FreedomBox can use Wi-Fi hardware for two separate purposes. It can be used to provide internet connectivity or it can be used to share internet connectivity already available to !FreedomBox (via Ethernet, 3G/4G or another Wi-Fi interface) with devices on the network. See the [[FreedomBox/Manual/Networks|Networks]] manual page for instructions on how to configure !FreedomBox for these two cases.
Unfortunately, most built-in Wi-Fi adapters and add-on Wi-Fi adapters require firmware that is not free software. So, !FreedomBox recommends attaching a [[FreedomBox/Hardware/USBWiFi|USB Wi-Fi device]] that does not require non-free firmware. Supported devices automatically show up in the network interface list when configuring networks.
If you have a Wi-Fi device, either built-in or as an add-on, that requires non-free firmware and you are willing to install non-free firmware to get it working, see the Debian [[WiFi|wiki page]]. Once the firmware is installed and the device shows up, it can be configured and used by !FreedomBox.
=== Power Supply ===
On single board computers, one can easily encounter situations where the board and its peripherals are not provided sufficient power and malfunction in unpredictable ways. To avoid this, use a power adapter that can supply the minimum current recommended by the hardware manufacturer. When additional peripherals such as USB drives, Wi-Fi devices, SATA drives or NVMe drives are attached, the power requirements increase. A power supply that can provide higher current than needed is preferable but voltage should match the manufacturer recommendation exactly. Keep in mind that some cheap power supplies don't supply the current they promise to.
=== Firmware ===
Desktops, laptops and virtual machines have software that runs during machine start-up called UEFI/BIOS. This software, sometimes called firmware, can load and hand over control to the operating system (in our case !FreedomBox), when it is present on any of the storage devices. This is not the case with most single board computers.
Single board computers ship with very small amount of software that is typically limited to booting OS from SD cards or eMMCs. They usually can't boot from USB disks, SATA disks or NVMe disks. To remedy this situation, hardware manufacturers started adding a special storage device called SPI flash which is only a few MiB in size. A special software, which we call firmware here, typically based on free and open source boot loader called u-boot is placed in this SPI flash. When the computer starts up, it starts the boot-loader from SPI flash which will in turn load the operating system. Since the firmware is much more powerful, it has the ability to load the OS from any of the storage media. Examples of single board computers with SPI flash include A20-OLinuXino-Lime2 and !RockPro64.
This firmware approach can be used even when SPI flash is not available. Say, one wants to boot from a USB drive and the board does not support booting from it. Firmware can be installed on an SD card (a very tiny one is sufficient) and inserted into the board. Then USB disk will contain !FreedomBox as we wish it. When the board starts, it boots the firmware from SD card which in turn boots the operating system from USB drive or any other storage.
This firmware approach also allows us to use generic download images that work for a large number of hardware boards. While increasing the effort for the user a bit more, it has the advantage of allowing us to support a lot more hardware and allow the OS to be present on any storage media.
When special firmware is needed for a single board computer, !FreedomBox manual for the board discusses how to to obtain and install the firmware before proceeding with installation of !FreedomBox.
=== Storage ===
!FreedomBox can run from various storage media supported by your computer. Choosing the storage is about balancing reliability, capacity and speed against cost. A minimum storage capacity of 8GB is recommended for running !FreedomBox.
==== Secure Digital (SD) Card ====
SD cards are common on single board computers. Most single board computers can boot directly from an SD card without any additional tweaks.
SD cards are typically slowest among the available storage media. Expect your !FreedomBox to perform certain operations slower on these disks. Not all SD cards perform similarly and some perform much better than others. When buying an SD card, pick a card with a speed class of at least 10 (written on the card as a circle around the number 10) or UHS speed class 1 (written on the card as a number 1 inside a bucket). UHS speed class 3 (written on the card as number 3 inside a bucket) or application speed class 1 or above (written as A1 and A2) will perform much better. Finally, users of !FreedomBox have reported cases where SD cards have failed. So, other storage media should be preferred for higher reliability.
==== Embedded MultiMediaCard (eMMC) ====
Many recently released single board computers support eMMC cards. Most single board computers can boot directly from an eMMC without any additional tweaks.
eMMC is sometimes soldered onto the board and you will need to choose the size of eMMC when buying the board. An example of this is the Olimex's A20-OLinuXino-Lime2 board. Other times, a manufacturer will provide eMMC as pluggable peripheral. With this approach, you can add eMMC after you buy the board or upgrade existing one with higher capacity. Do not detach and reattach such pluggable eMMCs too often. They have a very limited number of wear cycles (< 100).
eMMC are much faster than SD cards and spinning disk HDDs but are significantly slower than SSDs. They have much better random write speeds which are needed for many !FreedomBox operations. In general, they should be preferred over SD cards.
!FreedomBox image can be setup on an eMMC in two ways. For a detachable eMMC, there are eMMC to USB converters available. Detach the eMMC from the board, attach it to the USB converter and plug it into your machine and proceed with writing !FreedomBox on it as one would for an SD card. In case the eMMC is not detachable, boot the computer with a media other than the eMMC such as an SD card or USB disk. It could be any operating system. After booting, the eMMC will show up as an additional disk. [[FreedomBox/Download|Download]] and write !FreedomBox image onto it as one would for an SD card.
==== USB Disk Drive ====
Most computers and single board computers have USB ports. These ports accept storage media such as USB flash drives, SSDs or HDDs.
A USB flash drive can also serve as a storage medium for running !FreedomBox. USB 2.0 flash drives are much slower and comparable to SD cards in their performance. USB 3.0 flash drives yield much better performance. Both USB flash drives and SD cards use similar technology so the read/write cycles and hence the reliability as similarly limited.
Apart from USB flash drives, solid state drives (SSDs) and hard disk drives (HDDs) can be inserted into USB ports. This is possible either by buying drives with USB interface or by using convertors such as USB to SATA or USB to M.2 interface. Both SSDs and HDDs have much higher reliability compared to SD cards, eMMC or USB flash drives. These should be preferred whenever possible. In addition, SSDs provide excellent performance when connected via USB 3.0 interface.
When connecting SSDs and HDDs to USB ports on single board computers, care should be taken about the power supply to the drive. If the drive has an extra power supply there is nothing to worry about. Otherwise, ensure that the single board computer is able to power the drive by checking the power requirements of the drive and what the board supports. For the board, always use a power adapter that can supply the minimum current recommended by the hardware manufacturer. Power supply that can provide higher current than needed is preferable but the voltage supplied should match the manufacturer recommendation exactly. Keep in mind that some cheap power supplies don't supply the current they promise to.
Setting up a !FreedomBox image on a USB (flash, SSD or HDD) drive can be straight forward as most computers have USB ports. Plug-in the USB drive to your computer, [[FreedomBox/Download|download]] and write the !FreedomBox image to the USB drive. While laptops, desktops and virtual machines can boot from a USB drive without intervention, many single board computers can't boot from USB drives. To address this, a separate firmware is needed. See firmware section for setting this up.
==== SATA disk drive ====
Some desktops, laptops and single board computers support a SATA interface to connect a solid state drive (SSD) or a hard disk drive (HDD). An example of a single board computer supporting SATA interface is the Olimex's A20-OLinuXino-Lime2. SATA protocol is also used for mSATA ports or M.2 slots (with a B-Key or an M-key). Both SSDs and HDDs have much higher reliability compared to SD cards, eMMC or USB flash drives. SATA interface provides very good data transfer rates (but not as good as NVMe drives based on PCIe). These should be preferred over SD cards, eMMCs or USB flash drives whenever possible.
When connecting SSDs and HDDs to SATA ports on single board computers, care should be taken about the power supply to the drive. If the drive has an extra power supply there is nothing to worry about. Otherwise, ensure that the single board computer is able to power the drive by checking the power requirements of the drive and what the board supports. Always use a power adapter that can supply the minimum current recommended by the hardware manufacturer. Power supply that can provide higher current than needed is preferable but voltage should match the recommendation exactly. Keep in mind that some cheap power supplies don't supply the current they promise to.
To setup !FreedomBox image on a SATA disk drive, boot the computer with a media other than the SATA disk such as an SD card. It could be any operating system. After booting, the SATA disk will show up as an additional disk. [[FreedomBox/Download|Download]] and write !FreedomBox image onto it as one would for an SD card. While laptops, desktops and virtual machines can boot from a SATA drives without additional intervention, many single board computers can't boot from SATA drives. To address this, a separate firmware disk is needed. See firmware section for setting this up.
==== NVMe disk drive ====
Most desktops, laptops and some single board computers support an NVMe interface to connect a solid state drive (SSD). This support is provided either with an M.2 slot (with a B-key or an M-key) or by providing a PCIe expansion slot. If a PCIe expansion slot is provided, a PCIe to M.2 convertor can be used to accommodate an NVMe drive. An example of a single board computer supporting an M.2 slot is the Radxa's Rock Pi 4 board. An example of single board computer providing PCIe slot is the Pine64's !RockPro64 board. NVMe based SSD have much higher reliability compared to SD cards, eMMC or USB flash drives. NVMe drives provide the fastest data transfer rates. These should be preferred over all other types of drives whenever possible.
When connecting NVMe drives to single board computers, care should be taken about the power supply to the drive. Ensure that the single board computer is able to power the drive by checking the power requirements of the drive and what the board supports. Always use a power adapter that can supply the minimum current recommended by the hardware manufacturer. Power supply that can provide higher current than needed is preferable but voltage should match the manufacturer recommendation exactly. Keep in mind that some cheap power supplies don't supply the current they promise to.
To setup !FreedomBox image on an NVMe disk drive, boot the computer with a media other than the NVMe disk such as an SD card. It could be any operating system. After booting NVMe disk will show up as an additional disk. [[FreedomBox/Download|Download]] and write !FreedomBox image onto it as one would for an SD card. While laptops, desktops and virtual machines can boot from NVMe drives without intervention, many single board computers can't boot from NVMe drives. To address this a separate firmware disk is needed. See firmware section for setting this up.
== Building Your Own Images ==
All !FreedomBox disk images for different hardware is built by the project using a tool known as [[FreedomBox/Maker|Freedom Maker]]. If for some reason, you wish to build your own images instead of downloading the provided images, use this tool. The README file in the project provides information about the list of hardware build targets available and how to build images.
=== Status of Software Used ===
* All the software present in !FreedomBox images is from Debian repositories. There are some minor tweaks done by the [[FreedomBox/Maker|Freedom Maker]] script.
* All software present in the images is DFSG compliant free software except in case of Raspberry Pi images where the firmware package is non-free software.
* All images use the Linux kernel from Debian which is in turn based on the mainline Linux kernel.
## END_INCLUDE
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox
Images are licensed under various creative commons licenses. See individual linked pages for attribution information.

38
doc/manual/en/I2P.raw.wiki Normal file
View File

@ -0,0 +1,38 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/I2P|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== I2P (Anonymity Network) ==
||<tablestyle="float: right;"> {{attachment:I2P-icon_en_V01.png|I2P icon}} ||
=== About I2P ===
The Invisible Internet Project is an anonymous network layer intended to protect communication from censorship and surveillance. I2P provides anonymity by sending encrypted traffic through a volunteer-run network distributed around the world.
Find more information about I2P on their project [[https://geti2p.net|homepage]].
=== Services Offered ===
The following services are offered via I2P in !FreedomBox by default. Additional services may be available when enabled from I2P router console that can be launched from !FreedomBox web interface.
* '''Anonymous Internet browsing''': I2P can be used to browse Internet anonymously. For this, configure your browser (preferable a Tor Browser) to connect to I2P proxy. This can be done by setting HTTP proxy and HTTPS proxy to ''freedombox.local'' (or your !FreedomBox's local IP address) and ports to ''4444'' and ''4445'' respectively. This service is available only when you are reaching !FreedomBox using local network (networks in internal zone) and not available when connecting to !FreedomBox from the Internet. One exception to this is when you connect to !FreedomBox's VPN service from Internet you can still use this service.
* '''Reaching eepsites''': I2P network can host websites that can remain anonymous. These are called eepsites and end with .i2p in their domain name. For example, http://i2p-projekt.i2p/ is the website for I2P project in the I2P network. eepsites are not reachable using a regular browser via regular Internet connection. To browse eepsites, your browser needs to be configured to use HTTP, HTTPS proxies as described above. This service is available only when you are reaching !FreedomBox using local network (networks in internal zone) and not available when connecting to !FreedomBox from the Internet. One exception to this is when you connect to !FreedomBox's VPN service from Internet you can still use this service.
* '''Anonymous torrent downloads''': I2PSnark, an application for anonymously downloading and sharing files over the !BitTorrent network is available in I2P and enabled by default in !FreedomBox. This application is controlled via a web interface that can be launched from 'Anonymous torrents' section of I2P app in !FreedomBox web interface or from the I2P router console interface. Only logged-in users belonging to 'Manage I2P application' group can use this service.
* '''IRC network''': I2P network contains an IRC network called Irc2P. This network hosts the I2P project's official IRC channel among other channels. This service is enabled by default in !FreedomBox. To use it, open your favourite IRC client. Then configure it to connect to host ''freedombox.local'' (or your !FreedomBox's local IP address) with port number ''6668''. This service is available only when you are reaching !FreedomBox using local network (networks in internal zone) and not available when connecting to !FreedomBox from the Internet. One exception to this is when you connect to !FreedomBox's VPN service from Internet you can still use this service.
* '''I2P router console''': This is the central management interface for I2P. It shows the current status of I2P, bandwidth statistics and allows modifying various configuration settings. You can tune your participation in the I2P network and use/edit a list of your favourite I2P sites (eepsites). Only logged-in users belonging to 'Manage I2P application' group can use this service.
=== Port Forwarding ===
If your !FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports for I2P:
* TCP 4444
* TCP 4445
* TCP 6668
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>

1
doc/manual/en/I2P.raw.xml
View File

File diff suppressed because one or more lines are too long

63
doc/manual/en/Ikiwiki.raw.wiki Normal file
View File

@ -0,0 +1,63 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/Ikiwiki|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== Ikiwiki (Wiki and Blog) ==
||<tablestyle="float: right;"> {{attachment:Ikiwiki-icon_en_V01.png|Ikiwiki icon}} ||
'''Avaiable since''': version 0.5
=== What is Ikiwiki? ===
Ikiwiki converts wiki pages into HTML pages suitable for publishing on a website. It provides particularly blogging, podcasting, calendars and a large selection of plugins.
=== Quick Start ===
After the app installation on your box administration interface:
* Go to "Create" section and create a wiki or a blog
* Go back to "Configure" section and click on /ikiwiki link
* Click on your new wiki or blog name under "Parent directory"
* Enjoy your new publication page.
=== Creating a wiki or blog ===
You can create a wiki or blog to be hosted on your !FreedomBox through the Wiki & Blog (Ikiwiki) page in !FreedomBox. The first time you visit this page, it will ask to install packages required by Ikiwiki.
After the package install has completed, select the Create tab. You can select the type to be Wiki or Blog. Also type in a name for the wiki or blog, and the username and password for the wiki's/blog's admin account. Then click Update setup and you will see the wiki/blog added to your list. Note that each wiki/blog has its own admin account.
{{attachment:ikiwiki_create.png|ikiwiki: Create|width=800}}
=== Accessing your wiki or blog ===
From the Wiki & Blog (Ikiwiki) page, select the Manage tab and you will see a list of your wikis and blogs. Click a name to navigate to that wiki or blog.
{{attachment:ikiwiki_manage.png|ikiwiki: Manage|width=800}}
From here, if you click Edit or Preferences, you will be taken to a login page. To log in with the admin account that you created before, select the Other tab, enter the username and password, and click Login.
=== User login through SSO ===
Besides the wiki/blog admin, other !FreedomBox users can be given access to login and edit wikis and blogs. However, they will not have all the same permissions as the wiki admin. They can add or edit pages, but cannot change the wiki's configuration.
To add a wiki user, go to the Users and Groups page in !FreedomBox (under System configuration, the gear icon at the top right corner of the page). Create or modify a user, and add them to the wiki group. (Users in the admin group will also have wiki access.)
To login as a !FreedomBox user, go to the wiki/blog's login page and select the Other tab. Then click the "Login with HTTP auth" button. The browser will show a popup dialog where you can enter the username and password of the !FreedomBox user.
=== Adding FreedomBox users as wiki admins ===
1. Login to the wiki, using the admin account that was specified when the wiki was created.
2. Click "Preferences", then "Setup".
3. Under "main", in the "users who are wiki admins", add the name of a user on the !FreedomBox.
4. (Optional) Under "auth plugin: passwordauth", uncheck the "enable passwordauth?" option. (Note: This will disable the old admin account login. Only SSO login using HTTP auth will be possible.)
5. Click "Save Setup".
6. Click "Preferences", then "Logout".
7. Login as the new admin user using "Login with HTTP auth".
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

1
doc/manual/en/Ikiwiki.raw.xml
View File

File diff suppressed because one or more lines are too long

30
doc/manual/en/Infinoted.raw.wiki Normal file
View File

@ -0,0 +1,30 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/Infinoted|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== Infinoted (Gobby Server) ==
||<tablestyle="float: right;"> {{attachment:Infinoted-icon_en_V01.png|Infinoted icon}} ||
'''Available since''': version 0.5
infinoted is a server for Gobby, a collaborative text editor.
To use it, [[https://gobby.github.io/|download Gobby]], desktop client and install it. Then start Gobby and select "Connect to Server" and enter your !FreedomBox's domain name.
=== Port Forwarding ===
If your !FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports for infinoted:
* TCP 6523
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

1
doc/manual/en/Infinoted.raw.xml
View File

File diff suppressed because one or more lines are too long

76
doc/manual/en/Introduction.raw.wiki Normal file
View File

@ -0,0 +1,76 @@
~-[[DebianWiki/EditorGuide#translation|Translation(s)]]: [[de/FreedomBox/Einführung|Deutsch]]- English - [[es/FreedomBox/Introduction|Español]] - [[fr/FreedomBox/Introduction|Français]]-~
## BEGIN_INCLUDE
= FreedomBox: take your online privacy back =
!FreedomBox is a ready made personal server, designed with privacy and data ownership in mind. It is a subset of the [[https://www.debian.org/|Debian universal operating system]] and includes free software only. You can run it on a small, inexpensive and power-efficient computer box in your home that is dedicated for that use. It can also be installed on any computer running Debian or in a virtual machine.<<BR>>
In order to replace third-party communication services that are data mining your entire life, you will be able to host services yourself and use them at home or over the Internet through a browser or specialized apps. These services include chat and voice calls, webmail, file sharing and calendar, address book and news feed synchronization. For example, to start using a private chat service, activate the service from the administration interface and add your friends as authorized users of the service. They will be able to connect to the service hosted on your !FreedomBox, using XMPP chat clients such as Conversations on Android, Pidgin on Windows and Linux, or Messages on Mac OS, for encrypted communications.<<BR>>
!FreedomBox is a product you can just [[https://freedomboxfoundation.org/buy/|buy]], set up and use. Once installed the interface is easy to use, similar to a smart phone.
User documentation:
* List of [[FreedomBox/Features|applications]] offered by !FreedomBox.
* [[FreedomBox/Manual|Manual]]
* [[FreedomBox/Support|Live Help from the community]]
!FreedomBox can also host a Wi-Fi access point, ad blocking proxy and a virtual private network (VPN). More advanced users can replace their router with a !FreedomBox.
Setting up !FreedomBox on a specific hardware or on your computer running Debian may require a bit of technical expertise or help from the community.
Related technical documentation:
* [[FreedomBox/Hardware|Machines that support FreedomBox]]
* [[FreedomBox/Download|Download and Install]]
* [[https://docs.freedombox.org|FreedomBox Developer Manual]]
== Typical usage: Private Cloud ==
!FreedomBox provides services to the computers and mobile devices in your home, and to your friends. This includes secure instant messaging and low-bandwidth, high-quality voice conference calling. !FreedomBox lets you publish your content in a blog and wiki to collaborate with the rest of the world. On the roadmap are a personal email server and federated social networking, to provide privacy-respecting alternatives to Gmail and Facebook.
== Typical usage: Network-Attached Storage (NAS) ==
The storage space available to !FreedomBox can be expanded by attaching an external disk drive. This allows !FreedomBox to become a media library for your photos, music, and videos. The folders are shared to laptops and mobile phones on the local network, and the media can be streamed to local devices including smart TVs.
== Advanced usage: Smart Home Router ==
!FreedomBox runs in a physical computer and can route your traffic. It can sit between various devices at home such as mobiles, laptops and TVs and the Internet, replacing a home wireless router. By routing traffic, !FreedomBox can remove tracking advertisements and malicious web bugs before they ever reach your devices. !FreedomBox can cloak your location and protect your anonymity by "onion routing" your traffic over Tor. !FreedomBox provides a VPN server that you can use while you are away from home to keep your traffic secret on untrusted public wireless networks and to securely access various devices at home.
It can also be carried along with your laptop and set up to offer its services on public networks at work, school or office. In the future, !FreedomBox intends to deliver support for alternative ways of connecting to the Internet such as Mesh networking.
== Advanced usage: For Communities ==
The primary design goal of !FreedomBox is to be used as a personal server at home for use by a single family and their friends. However, at the core, it is a server software that can aid a non-technical user to setup services and maintain them with ease. Security is automatically managed and many of the technical choices in system administration are taken care by the software automatically thereby reducing complexity for a non-technical user. This nature of !FreedomBox makes it well-suited for hosting services for small communities like villages or small firms. Communities can host their own services using !FreedomBox with minimal effort. They can setup Wi-Fi networks that span the entire area of the community and draw Internet connections from long distances. Community members can enjoy previously unavailable Internet connectivity, ubiquitous Wi-Fi coverage, free VOIP services, offline education and entertainment content, etc. This will also boost privacy for individuals in the community, reduce dependence on centralized services provided by large companies and make them resistant to censorship.
The free e-book [[https://en.wikibooks.org/wiki/FreedomBox_for_Communities|FreedomBox for Communities]] describes the motivation and provides detailed instructions to setup !FreedomBox for this use case. Members of the !FreedomBox project are involved in setting up Wi-Fi networks with free Internet connectivity in rural India. This e-book documents their knowledge and experiences.
== FreedomBox Interface ==
=== Screenshot ===
{{attachment:freedombox-frontpage-2019-03-02.png|FreedomBox front page|width=1000}}
{{{#!wiki comment
This video is much too old to be useful here.
=== Screencast introduction ===
[[attachment:Plinth_Introduction.webm]]
(36 MB, 13 Min.)
}}}
=== Video resources ===
Eben Moglen's talk, [[https://www.youtube.com/watch?v=QOEMv0S8AcA|Eben Moglen - Freedom in the cloud]], delivered before the !FreedomBox project was started gives insights into the philosophy behind !FreedomBox.
[[http://moglen.law.columbia.edu/sflc2015/04_freedombox.webm|First demonstration of FreedomBox at SFLC, University of Columbia]] by Sunil Mohan Adapa.
## END_INCLUDE
See the features page for a [[FreedomBox/Features|full list of applications]] offered by !FreedomBox and [[https://freedomboxfoundation.org/buy/|buy]] or [[FreedomBox/Download|download]] yours!
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

52
doc/manual/en/JSXC.raw.wiki Normal file
View File

@ -0,0 +1,52 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/JSXC|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== JSXC (Web Chat Client) ==
||<tablestyle="float: right;"> {{attachment:JSXC-icon_en_V01.png|JSXC icon}} ||
'''Available since''': version 0.11.0
JSXC is a web chat client. It can be used to join compatible chat servers.
!FreedomBox offers both parties, a server ([[FreedomBox/Manual/ejabberd|ejabberd]]) and a web client (JSXC), from its web interface.
=== Technical Specifications ===
JSXC features the XMPP over [[https://en.wikipedia.org/wiki/BOSH_(protocol)|BOSH]] protocol and is implemented in HTML5.
XMPP is a federated server-client protocol for Instant Messaging. This means that users who have accounts on one server, can talk to users that are on another server.
XMPP can also be used for voice and video calls, if supported by the clients.
=== Installation ===
You can install JSXC through its icon in the Apps section of !FreedomBox web interface. The ejabberd (XMPP server) icon also offers to launch the web client (and installs JSXC if not yet installed).
=== Usage ===
After the JSXC module install completes, the JSXC can be accessed through its icon in the Apps section of !FreedomBox web interface. The ejabberd (XMPP server) icon also offers to launch the web client. Both will redirect you to {{{https://<your freedombox>/plinth/apps/xmpp/jsxc/}}}.
To use it, you need to input the domain name of the server to connect to. It will automatically check the BOSH server connection to the given domain name as you type it.
||{{attachment:JSXC-KO_en_V01.png|JSXC not connecting|height=250}} || {{attachment:JSXC-ok_en_V01.png|JSXC connecting|height=250}} ||
Check https://www.jsxc.org for further details.
Videoconferencing and file transfer features are offered by JSXC but don't seem to work in !FreedomBox yet.
=== Port Forwarding ===
If your !FreedomBox is behind a router and you want to connect to other servers, you will need to set up port forwarding on your router. You should forward the following ports for XMPP:
* TCP 5222 (client-to-server)
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

58
doc/manual/en/LetsEncrypt.raw.wiki Normal file
View File

@ -0,0 +1,58 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/LetsEncrypt|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== Let's Encrypt (Certificates) ==
A digital certificate allows users of a web service to verify the identity of the service and to securely communicate with it. !FreedomBox can automatically obtain and setup digital certificates for each available domain. It does so by proving itself to be the owner of a domain to Let's Encrypt, a certificate authority (CA).
Let's Encrypt is a free, automated, and open certificate authority, run for the public's benefit by the Internet Security Research Group (ISRG). Please read and agree with the Let's Encrypt Subscriber Agreement before using this service.
=== Why using Certificates ===
The communication with your !FreedomBox can be secured so that it is not possible to intercept the content of the web pages viewed and about the content exchanged.
=== How to setup ===
1. If your !FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports:
* TCP 80 (http)
* TCP 443 (https)
1. Make the domain name known:
* In [[../Configure|Configure]] insert your ''domain name'', e.g. ''`MyWebName.com`''
{{attachment:LetsEncrypt-Configure.png|Let's Encrypt|width=800}}
1. Verify the domain name was accepted
* Check that it is enabled in [[../NameServices|Name Services]]
{{attachment:LetsEncrypt-NameServices.png|Let's Encrypt Name Services|width=800}}
1. Go to the Certificates (Let's Encrypt) page, and complete the module install if needed. Then click the "Obtain" button for your domain name.
* After some minutes a valid certificate is available
{{attachment:LetsEncrypt.png|Let's Encrypt|width=800}}
1. Verify in your browser by checking ''`https://MyWebName.com`''
{{attachment:LetsEncrypt-Certificate.png|Let's Encrypt Certificate|width=800}}
'''Screencast''': [[attachment:Let's Encrypt.webm|Let's Encrypt|&do=get]]
=== Using ===
The certificate is valid for 3 months. It is renewed automatically and can also be re-obtained or revoked manually.
With running ''diagnostics'' the certificate can also be verified.
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

1
doc/manual/en/LetsEncrypt.raw.xml
View File

File diff suppressed because one or more lines are too long

52
doc/manual/en/MLDonkey.raw.wiki Normal file
View File

@ -0,0 +1,52 @@
## page was renamed from FreedomBox/Manual/MLdonkey
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/MLDonkey|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== MLDonkey (Peer-to-peer File Sharing) ==
||<tablestyle="float: right;"> {{attachment:MLDonkey-icon_en_V01.png|MLDonkey icon}} ||
'''Available since:''' version 0.48.0
=== What is MLDonkey? ===
MLDonkey is an open-source, multi-protocol, peer-to-peer file sharing application that runs as a back-end server application on many platforms. It can be controlled through a user interface provided by one of many separate front-ends, including a Web interface, telnet interface and over a dozen native client programs.
Originally a Linux client for the eDonkey protocol, it now runs on many flavors of Unix-like, OS X, Microsoft Windows and MorphOS and supports numerous peer-to-peer protocols including ED2K (and Kademlia and Overnet), !BitTorrent, DC++ and more.
Read more about MLDonkey at [[http://mldonkey.sourceforge.net/Main_Page|the MLDonkey Project Wiki]]
=== Screenshot ===
{{attachment:mldonkey.jpg|MLDonkey Web Interface|width=800}}
=== Using MLDonkey Web Interface ===
After installing MLDonkey, its web interface can be accessed from !FreedomBox at {{{https://<your freedombox>/mldonkey}}}. Users belonging to the ''ed2k'' and ''admin'' groups can access this web interface.
=== Using Desktop/Mobile Interface ===
Many [[http://mldonkey.sourceforge.net/Gui|desktop and mobile applications]] can be used to control MLDonkey. MLDonkey server will always be running on !FreedomBox. It will download files (or upload them) and store them on !FreedomBox even when your local machine is not running or connected to MLDonkey on !FreedomBox. Only users of ''admin'' group can access MLDonkey on !FreedomBox using desktop or mobile clients. This is due to restrictions on which group of users have SSH access into !FreedomBox.
1. Create an admin user or use an existing admin user.
1. On your desktop machine, open a terminal and run the following command. It is recommended that you configure and use SSH keys instead of passwords for the this step.
{{{
$ ssh -L 4001:localhost:4001 -N exampleuser@example.freedombox.rocks
}}}
1. Start the GUI application and then connect it to MLDonkey as if MLDonkey is running on the local desktop machine. After you are done, terminate the SSH command by pressing Control-C.
See MLDonkey documentation for [[http://mldonkey.sourceforge.net/SshTunnel|SSH Tunnel]] for more information.
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

1
doc/manual/en/MLDonkey.raw.xml
View File

File diff suppressed because one or more lines are too long

62
doc/manual/en/Maker.raw.wiki Normal file
View File

@ -0,0 +1,62 @@
== Freedom Maker ==
Freedom Maker is a script to build !FreedomBox disk images for use on various hardware devices or virtual machines.
Freedom Maker can currently build !FreedomBox disk images for the following:
* [[https://en.wikipedia.org/wiki/OLinuXino#A20-OlinuXino-LIME|A20-OlinuXino-LIME]]
* [[https://en.wikipedia.org/wiki/OLinuXino#A20-OlinuXino-LIME2|A20-OlinuXino-LIME2]]
* [[https://en.wikipedia.org/wiki/OLinuXino#A20-OLinuXino-MICRO|A20-OLinuXino-MICRO]]
* [[https://en.wikipedia.org/wiki/Banana_Pro|Banana Pro]]
* [[https://en.wikipedia.org/wiki/BeagleBoard#BeagleBone|BeagleBone]]
* [[https://en.wikipedia.org/wiki/Cubieboard#Cubieboard2|Cubieboard2]]
* [[https://en.wikipedia.org/wiki/Cubieboard#Cubietruck_.28Cubieboard3.29|Cubietruck]]
* [[http://www.linksprite.com/linksprite-pcduino3/|pcDuino3]]
* [[https://en.wikipedia.org/wiki/Raspberry_Pi|Raspberry Pi 2]]
* [[https://en.wikipedia.org/wiki/Raspberry_Pi|Raspberry Pi 3 Model B]]
* [[https://en.wikipedia.org/wiki/Raspberry_Pi|Raspberry Pi 3 Model B+]]
* [[https://en.wikipedia.org/wiki/VirtualBox|VirtualBox]]
* [[https://en.wikipedia.org/wiki/QEMU|QEMU]]
* [[https://en.wikipedia.org/wiki/X86-64#AMD64|AMD64 (x86-64) Machines]], [[https://en.wikipedia.org/wiki/X86|X86 Machines]] and other virtual machines (using raw disk images)
If a hardware platform is capable of running Debian, it should not be too much effort adopt Freedom Maker to create !FreedomBox images for the platform.
Freedom Maker is [[https://www.gnu.org/philosophy/|Free Software]] licensed under [[https://www.gnu.org/licenses/gpl.html|GNU General Public License]] version 3 or (at your option) a later version.
=== Building FreedomBox Images ===
* You can get Freedom Maker from its [[https://salsa.debian.org/freedombox-team/freedom-maker.git|Git repository]] and follow the instructions in the README to [[https://salsa.debian.org/freedombox-team/freedom-maker/blob/master/README.md|build a FreedomBox image]].
=== Support ===
You may ask for support on
* [[https://discuss.freedombox.org/|The discussion forum]]
* [[http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss|The mailing list]]
* [[irc://irc.debian.org/freedombox|#freedombox IRC channel]]
* [[https://matrix.to/#/#freedombox:matrix.org|FreedomBox Matrix channel]]
=== Contributing ===
We are looking for help to improve Freedom Maker.
* Instructions on how to [[FreedomBox/Contribute/Code|contribute code]] are available.
* Freedom Maker is hosted at [[https://salsa.debian.org/freedombox-team/freedom-maker|FreedomBox Salsa Project]]. The primary Git repository is hosted [[https://salsa.debian.org/freedombox-team/freedom-maker.git|there]].
* You can contribute to !FreedomBox by adding support for more hardware platforms. Freedom Maker can be easily adopted to newer platforms if they already support running Debian.
* You can create and test images with Freedom Maker regularly to test for new features and check for regressions.
* List of bugs, TODO items and feature requests are available on the [[https://salsa.debian.org/freedombox-team/freedom-maker/issues|issue tracker]].
* You can request for development assistance on [[https://discuss.freedombox.org/|the discussion forum]], [[http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss|the mailing list]] or the [[irc://irc.debian.org/freedombox|#freedombox IRC channel]].
## END_INCLUDE
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

72
doc/manual/en/MatrixSynapse.raw.wiki Normal file
View File

@ -0,0 +1,72 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/MatrixSynapse|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== Matrix Synapse (Chat Server) ==
||<tablestyle="float: right;"> {{attachment:Matrix-icon_en_V01.png|Matrix Synapse icon}} ||
'''Available since''': version 0.14.0
=== What is Matrix? ===
[[https://matrix.org/|Matrix]] is an open standard for interoperable, decentralized, real-time communication over IP. Synapse is the reference implementation of a Matrix server. It can be used to setup instant messaging on !FreedomBox to host large chat rooms, end-to-end encrypted communication and audio/video calls.
Matrix Synapse is a federated application where chat rooms can exist on any server and users from any server in the federated network can join them. [[https://matrix.org/docs/guides/faq.html|Learn more]] about Matrix.
=== How to access your Matrix Synapse server? ===
We recommend the [[https://element.io/|Element]] client to access the Matrix Synapse server. You can [[https://element.io/get-started|download]] Element for desktops. Mobile applications for Android and iOS are available from their respective app stores.
=== Port Forwarding ===
If your !FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports for Matrix:
* TCP 8448
=== Setting up Matrix Synapse on your FreedomBox ===
To enable Matrix, first navigate to the Chat Server (Matrix Synapse) page and install it. Matrix needs a valid domain name to be configured. After installation, you will be asked to configure it. You will be able to select a domain from a drop down menu of available domains. Domains are configured using System -> Configure page. After configuring a domain, you will see that the service is running. The service will be accessible on the configured !FreedomBox domain. Currently, you will not be able to change the domain once is it configured.
Your router has to be configured to forward port 8448.
All the registered users of your !FreedomBox will have their Matrix IDs as `@username:domain`. If public registration is enabled, also your chosen client can be used to register a user account.
=== Federating with other Matrix instances ===
You will be able to interact with any other person running another Matrix instance. This is done by simply starting a conversation with them using their matrix ID which is of the format `@their-username:their-domain`. You can also join rooms which are in another server and have audio/video calls with contacts on other server.
=== Memory usage ===
The Synapse reference server implemented in Python is known to be quite RAM hungry, especially when loading large rooms with thousands of members like #matrix:matrix.org. It is recommended to avoid joining such rooms if your !FreedomBox device only has 1 GiB RAM or less. Rooms with up to a hundred members should be safe to join. The Matrix team is working on a new implementation of the Matrix server written in Go called Dendrite which might perform better in low-memory environments.
Some large public rooms in the Matrix network are also available as IRC channels (e.g. #freedombox:matrix.org is also available as #freedombox on irc.debian.org). It is better to use IRC instead of Matrix for such large rooms. You can join the IRC channels using [[FreedomBox/Manual/Quassel|Quassel]].
=== Advanced usage ===
1. If you wish to create a large number of users on your Matrix Synapse server, use the following commands on a remote shell as root user:
{{{
cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1 | sed "s+^+registration_shared_secret: +" > /etc/matrix-synapse/conf.d/registration_shared_secret.yaml
chmod 600 /etc/matrix-synapse/conf.d/registration_shared_secret.yaml
chown matrix-synapse:nogroup /etc/matrix-synapse/conf.d/registration_shared_secret.yaml
systemctl restart matrix-synapse
register_new_matrix_user -c /etc/matrix-synapse/conf.d/registration_shared_secret.yaml
}}}
1. If you wish to see the list of users registered in Matrix Synapse, the following as root user:
{{{
apt install sqlite3
echo 'select name from users' | sqlite3 /var/lib/matrix-synapse/homeserver.db
}}}
1. If you wish to create a community in Matrix Synapse, a Matrix user with server admin privileges is needed. In order to grant such privileges to `username` run the following commands as root user:
{{{
sudo apt install sqlite3
echo "UPDATE users SET admin=1 WHERE name='@username:domainname'" | sudo sqlite3 /var/lib/matrix-synapse/homeserver.db
}}}
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

7
doc/manual/en/MatrixSynapse.raw.xml
View File

File diff suppressed because one or more lines are too long

86
doc/manual/en/MediaWiki.raw.wiki Normal file
View File

@ -0,0 +1,86 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/MediaWiki|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== MediaWiki (Wiki) ==
||<tablestyle="float: right;"> {{attachment:MediaWiki-icon_en_V01.png|MediaWiki icon}} ||
'''Available since:''' version 0.20.0
=== About MediaWiki ===
MediaWiki is the software that powers the Wikimedia suite of wikis.
Read more about !MediaWiki on [[https://en.wikipedia.org/wiki/MediaWiki|Wikipedia]]
=== MediaWiki on FreedomBox ===
!MediaWiki on !FreedomBox is configured to be publicly readable and privately editable. Only logged in users can make edits to the wiki. This configuration prevents spam and vandalism on the wiki.
==== User management ====
Users can be created by the !MediaWiki administrator (user "admin") only. The "admin" user can also be used to reset passwords of !MediaWiki users. The administrator password, if forgotten can be reset anytime from the !MediaWiki app page in web interface.
==== Use cases ====
!MediaWiki is quite versatile and can be put to many creative uses. It also comes with a lot of plugins and themes and is highly customizable.
===== Personal Knowledge Repository =====
!MediaWiki on !FreedomBox can be your own personal knowledge repository. Since !MediaWiki has good multimedia support, you can write notes, store images, create checklists, store references and bookmarks etc. in an organized manner. You can store the knowledge of a lifetime in your !MediaWiki instance.
===== Community Wiki =====
A community of users can use !MediaWiki as their common repository of knowledge and reference material. It can used as a college notice board, documentation server for a small company, common notebook for study groups or as a fan wiki like wikia.
===== Personal Wiki-based Website =====
[[https://www.mediawiki.org/wiki/Sites_using_MediaWiki/en|Several websites]] on the internet are simply !MediaWiki instances. !MediaWiki on !FreedomBox is read-only to visitors. Hence, it can be adapted to serve as your personal website and/or blog. !MediaWiki content is easy to export and can be later moved to use another blog engine.
==== Editing Wiki Content ====
The !MediaWiki installation on !FreedomBox ships with a basic editor with a toolbar for common options like Bold, Italics etc. Click on the Advanced section for more options like Headings, bullet lists etc.
{{attachment:mediawiki-toolbar.png}}
===== Visual Editor =====
!MediaWiki's new Visual Editor gives a WYSIWYG user interface to creating wiki pages. This is still a Beta feature and is not provided by default with !MediaWiki. A workaround is to use write your content using the Visual Editor in [[https://en.wikipedia.org/wiki/Wikipedia:Sandbox|Wikipedia's Sandbox]], switching to source editing mode and copying the content into your wiki.
===== Other Formats =====
You don't have to necessarily learn the !MediaWiki formatting language. You can write in your favorite format (Markdown, Org-mode, LaTeX etc.) and convert it to the !MediaWiki format using [[https://pandoc.org/try/|Pandoc]].
===== Image Uploads =====
Image uploads have been enabled since !FreedomBox version 0.36.0. You can also directly use images from Wikimedia Commons using a feature called [[https://www.mediawiki.org/wiki/InstantCommons|Instant Commons]].
==== Customization ====
===== Skins =====
!MediaWiki's default skin is usually Vector. The default skin set by
!FreedomBox is Timeless.
Vector is a skin best-suited for viewing on desktop
browsers. It is not suitable for mobile screen sizes. Wikimedia sites host
a separate mobile site. It is not worth hosting a separate mobile site for
small !MediaWiki installations like those on !FreedomBox. Using a mobile-friendly skin like Timeless is a cheaper way of solving the problem.
Administrators can choose a default skin from the app configuration. Users of the site also have the choice of viewing it with a different skin.
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

1
doc/manual/en/MediaWiki.raw.xml
View File

File diff suppressed because one or more lines are too long

29
doc/manual/en/Minetest.raw.wiki Normal file
View File

@ -0,0 +1,29 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/Minetest|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== Minetest (Block Sandbox) ==
||<tablestyle="float: right;"> {{attachment:Minetest-icon_en_V01.png|Minetest icon}} ||
'''Available since''': version 0.9
Minetest is a multiplayer infinite-world block sandbox. This module enables the Minetest server to be run on this !FreedomBox, on the default port (30000). To connect to the server, a [[https://www.minetest.net/downloads/|Minetest client]] is needed.
=== Port Forwarding ===
If your !FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports for Minetest:
* UDP 30000
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

1
doc/manual/en/Minetest.raw.xml
View File

File diff suppressed because one or more lines are too long

87
doc/manual/en/MiniDLNA.raw.wiki Normal file
View File

@ -0,0 +1,87 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/MiniDLNA|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== MiniDLNA (Simple Media Server) ==
||<tablestyle="float: right;"> {{attachment:MiniDLNA-icon_en_V01.png|MiniDLNA icon}} ||
'''Available since''': version 19.23
MiniDLNA is a media server with the aim to be compliant with DLNA/UPnP clients.
Note: This service is available only on networks configured as "internal" zone. It is not available when connected via [[FreedomBox/Manual/OpenVPN|OpenVPN]].
=== What is UPnP/DLNA? ===
Universal plug & play is a set of networking protocols that allow devices within
a network such as PCs, TVs, printers etc. to seamlessly discover each other and
establish communication for data sharing. It is zero configuration protocol and
requires only a media server and a media player that are compliant with the
protocol.
DLNA is derived from UPnP as a form of standardizing media interoperability. It
forms a standard/certification which many consumer electronics conform to.
=== Setting up MiniDLNA on your FreedomBox ===
To install/enable the media server you need to navigate at MiniDLNA page and
enable it. The application is intended to be available in the internal (home) network and
therefore it requires a network interface configured for internal traffic.
After installation a web page becomes available on https://<your-freedombox>/_minidlna.
It includes information for how many files the server is detecting, how many connections
exist etc. This is very useful if plugging external disks with media to check
if the new media files are detected properly. If that is not happening, disabling and
enabling the server will fix it.
=== Using MiniDLNA to play media on your devices ===
Any DLNA compliant device or media player should be able to automatically detect, browse and play media from MiniDLNA on !FreedomBox. The following devices and media players have been tested:
* '''GNOME Videos''': Videos is the default media player on the popular GNU/Linux desktop environment GNOME. Open Videos, switch to 'Channels'. You should see a channel named 'freedombox: minidlna'. You will be able to browse and play media from it.
* '''VLC media player''': VLC is a very popular media player for GNU/Linux, Android, Windows and macOS. Open VLC and click on 'View -> Playlist'. In the playlist sidebar that appears, select 'Universal Plug'n'Play'. You should see an item named 'freedombox: minidlna'. You should be able to browse and play media from it.
* '''Kodi''': Kodi is a popular media centre software with user interface designed for Televisions. Open Kodi, goto 'System -> Service settings -> UPnP/DLNA' and 'Enable UPnP support'. Then visit 'Home -> Videos -> Files -> Add videos... -> Browse -> UPnP devices'. You should see 'freedombox: minidlna'. Select it and choose 'OK'. Then choose 'OK in the 'Add video source' dialog. From now on, you should see 'freedombox: minidlna' in 'Videos -> Files' section. You should be able to browse and play media from it. See [[https://kodi.wiki/view/Settings/Services/UPnP_DLNA|Kodi documentation]] for more information.
* '''Roku''': Roku is an appliance connected to a TV for playing Internet streaming services. Many TVs also have Roku built into them. In Roku interface, find a channel called 'Roku Media Player' and open it. You should see an item called 'freedombox: minidlna'. You should be able to browse and play media from it.
* '''Rhythmbox''': Rhythmbox is the default audio player on the popular GNU/Linux desktop environment GNOME. Open Rhythmbox and ensure that the side pane is open by clicking on 'Application menu -> View -> Side Pane'. In the side pane you should see 'freedombox:minidlna' under the 'Shared' section. You should be able to browse and play audio files from it. Video files will not show up.
=== Supported media formats ===
MiniDLNA supports a wide variety of video and audio file formats.
* '''Video''': Files ending with .avi, .mp4, .mkv, .mpg, .mpeg, .wmv, .m4v, .flv, .mov, .3gp, etc.
* '''Audio''': Files ending with .mp3, .ogg, .flac, .wav, .pcm, .wma, .fla, .aac, etc.
* '''Image''': Files ending with .jpg, .jpeg
* '''Playlist''': Files ending with .m3u, .pls
* '''Captions''': Files ending with .srt, .smi
Notably, it does '''not''' support the following file extensions. Renaming the file to a known extension seems to work in most cases.
* '''Video''': Files ending with .webm
In addition to file format support from MiniDLNA, your media player or device needs to support the audio/video codecs with which the media has been encoded. MiniDLNA does not have the ability to translate files into a codec understood by the player. If you face problems with media playback, use the VLC player to find the codecs used in the media and the check your device or media player documentation on whether the codecs are supported.
=== File systems for external drives ===
If using an external drive that is used also from a Windows system the
preferred filesystem should be NTFS. NTFS will keep Linux file permissions and
UTF8 encoding for file names. This is useful if file names are in
your language.
=== External links ===
http://minidlna.sourceforge.net/
https://en.wikipedia.org/wiki/Digital_Living_Network_Alliance
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

1
doc/manual/en/MiniDLNA.raw.xml
View File

File diff suppressed because one or more lines are too long

24
doc/manual/en/Monkeysphere.raw.wiki Normal file
View File

@ -0,0 +1,24 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/Monkeysphere|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== Monkeysphere ==
With Monkeysphere, an OpenPGP key can be generated for each configured domain serving SSH. The OpenPGP public key can then be uploaded to the OpenPGP keyservers. Users connecting to this machine through SSH can verify that they are connecting to the correct host. For users to trust the key, at least one person (usually the machine owner) must sign the key using the regular OpenPGP key signing process. See the [[http://web.monkeysphere.info/getting-started-ssh/|Monkeysphere SSH documentation]] for more details.
Monkeysphere can also generate an OpenPGP key for each Secure Web Server (HTTPS) certificate installed on this machine. The OpenPGP public key can then be uploaded to the OpenPGP keyservers. Users accessing the web server through HTTPS can verify that they are connecting to the correct host. To validate the certificate, the user will need to install some software that is available on the [[https://web.monkeysphere.info/download/|Monkeysphere website]].
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

1
doc/manual/en/Monkeysphere.raw.xml
View File

File diff suppressed because one or more lines are too long

55
doc/manual/en/Mumble.raw.wiki Normal file
View File

@ -0,0 +1,55 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/Mumble|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== Mumble (Voice Chat) Server ==
||<tablestyle="float: right;"> {{attachment:Mumble-icon_en_V01.png|Mumble icon}} ||
'''Available since''': version 0.5
=== What is Mumble? ===
Mumble is a voice chat software. Primarily intended for use while gaming, it is suitable for simple talking with high audio quality, noise suppression, encrypted communication, public/private-key authentication by default, and "wizards" to configure your microphone for instance. A user can be marked as a "priority speaker" within a channel.
=== Using Mumble ===
!FreedomBox includes the Mumble server. [[https://wiki.mumble.info/wiki/Main_Page|Clients]] are available for desktop and mobile platforms. Users can download one of these clients and connect to the server.
=== Port Forwarding ===
If your !FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports for Mumble:
* TCP 64738
* UDP 64738
=== Managing Permissions ===
A super user in Mumble has the ability to create administrator accounts who can in turn manage groups and channel permissions. This can be done after logging in with the username "!SuperUser" using the super user password. See [[https://wiki.mumble.info/wiki/Murmurguide|Mumble Guide]] for information on how to do this.. !FreedomBox currently does not offer a UI to get or set the super user password for Mumble. A super user password is automatically generated during Mumble setup. To get the password, login to the terminal as admin user using [[FreedomBox/Manual/Cockpit|Cockpit]] , [[FreedomBox/Manual/SecureShell|Secure Shell]] or the console. Then, to read the super user password that was automatically generated during Mumble installation run the following command:
{{{
sudo grep SuperUser /var/log/mumble-server/mumble-server.log
}}}
You should see output such as:
{{{
<W>2019-11-06 02:47:41.313 1 => Password for 'SuperUser' set to 'noo8Dahwiesh'
}}}
Alternatively, you can set a new password as follows:
{{{
sudo su -
echo "newpassword" | su mumble-server -s /bin/sh -c "/usr/sbin/murmurd -ini /etc/mumble-server.ini --readsupw"
}}}
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

2
doc/manual/en/Mumble.raw.xml
View File

File diff suppressed because one or more lines are too long

21
doc/manual/en/NameServices.raw.wiki Normal file
View File

@ -0,0 +1,21 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/NameServices|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== Name Services ==
Name Services provides an overview of ways the box can be reached from the public Internet: domain name, Tor Onion Service, and Pagekite. For each type of name, it is shown whether the HTTP, HTTPS, and SSH services are enabled or disabled for incoming connections through the given name.
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

1
doc/manual/en/NameServices.raw.xml
View File

File diff suppressed because one or more lines are too long

292
doc/manual/en/Networks.raw.wiki Normal file
View File

@ -0,0 +1,292 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/Networks|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== Networks ==
This section describes how networking is setup by default in
!FreedomBox and how you can customize it. See also the [[FreedomBox/Manual/Firewall|Firewall]]
section for more information on how firewall works.
=== Default setup ===
In a fresh image of !FreedomBox, network is not configured at all.
When the image is written to an SD card and the device boots,
configuration is done. During first boot, !FreedomBox setup package
detects the networks interfaces and tries to automatically configure
them so that !FreedomBox is available for further configuration via
the web interface from another machine without the need to connect a
monitor. Automatic configuration also tries to make !FreedomBox
useful, out of the box, for the most important scenarios !FreedomBox
is used for.
There are two scenarios it handles: when is a single ethernet
interface and when there are multiple ethernet interfaces.
==== Single ethernet interface ====
When there is only single ethernet interface available on the hardware
device, there is not much scope for it to play the role of a router.
In this case, the device is assumed to be just another machine in the
network. Accordingly, the only available interface is configured to
be an `internal` interface in `automatic` configuration mode. This
means that it connects to the Internet using the configuration
provided by a router in the network and also makes all (internal and
external) of its services available to all the clients on this
network.
{{attachment:network_single.png}}
==== Multiple ethernet interface ====
When there are multiple ethernet interfaces available on the hardware
device, the device can act as a router. The interfaces are then
configured to perform this function.
The first network interface is configured to be an WAN or `external`
interface in automatic configuration mode. This means that it
connects to the Internet using network configuration provided by the
Internet Service Provider (ISP). Only services that are meant to be
provided across the entire Internet (external services) will be
exposed on this interface. You must plug your Internet connection
into the port of this ethernet interface. If you wish to continue to
have your existing router manage the Internet connection for you, then
plug a connection from your router to the port on this interface.
The remaining network interfaces are configured for the clients of a
router. They are configured as LAN or `internal` interfaces in
`shared` configuration mode. This means that all the services (both
external and internal) services are provided to who ever connects on
this interface. Further, the `shared` mode means that clients will be
able to receive details of automatic network connection on this
interface. Specifically, DHCP configuration and DNS servers are
provided on this interface. The Internet connection available to the
device using the first network interface will be `shared` with clients
using this interface. This all means that you can connect your
computers to this network interface and they will get automatically
configured and will be able to access the Internet via the
!FreedomBox.
Currently, it is not very clear which interface will be come the WAN
interface (and the remaining being LAN interfaces) although the
assignment process is deterministic. So, it take a bit of trail and
error to figure out which one is which. In future, for each device,
this will be well documented.
==== Wi-Fi configuration ====
All Wi-Fi interfaces are configured to be LAN or `internal` interfaces
in `shared` configuration mode. They are also configured to become
Wi-Fi access points with following details.
* Name of the access point will be `FreedomBox` plus the name of the
interface (to handle the case where there are multiple of them).
* Password for connecting to the interface will be `freedombox123`.
=== Internet Connection Sharing ===
Although the primary duty of !FreedomBox is to provide decentralized services, it can also act like a home router. Hence, in most cases, !FreedomBox connects to the Internet and provides other machines in the network the ability to use that Internet connection. !FreedomBox can do this in two ways: using a `shared` mode connection or using an `internal` connection.
When an interface is set in `shared` mode, you may connect your machine directly to it. This is either by plugging in an ethernet cable from this interface to your machine or by connecting to a Wi-Fi access point. This case is the simplest to use, as !FreedomBox automatically provides your machine with the necessary network configuration. Your machine will automatically connect to !FreedomBox provided network and will be able to connect to the Internet given that !FreedomBox can itself connect to the Internet.
Sometimes the above setup may not be possible because the hardware device may have only one network interface or for other reasons. Even in this case, your machine can still connect to the Internet via !FreedomBox. For this to work, make sure that the network interface that your machine is connecting to is in `internal` mode. Then, connect your machine to network in which !FreedomBox is present. After this, in your machine's network configuration, set !FreedomBox's IP address as the gateway. !FreedomBox will then accept your network traffic from your machine and send it over to the Internet. This works because network interfaces in `internal` mode are configured to `masquerade` packets from local machines to the Internet and receive packets from Internet and forward them back to local machines.
=== Customization ===
The above default configuration may not be fit for your setup. You
can customize the configuration to suit your needs from the `Networks`
area in the 'setup' section of the !FreedomBox web interface.
==== PPPoE connections ====
If your ISP does not provide automatic network configuration via DHCP
and requires you to connection via PPPoE. To configure PPPoE, remove
any network connection existing on an interface and add a PPPoE
connection. Here, optionally, provide the account username and
password given by your ISP and activate the connection.
==== Connect to Internet via Wi-Fi ====
By default Wi-Fi devices attached during first boot will be configured
as access points. They can be configured as regular Wi-Fi devices
instead to connection to a local network or an existing Wi-Fi router.
To do this, click on the Wi-Fi connection to edit it. Change the mode
to `Infrastructure` instead of `Access Point` mode and `IPv4 Addressing Method`
to `Automatic (DHCP)` instead of `Shared` mode.
Then the SSID provided will mean the Wi-Fi network name you wish to
connect to and passphrase will be the used to while making the
connection.
===== Problems with Privacy Feature =====
!NetworkManager used by !FreedomBox to connect to the Wi-Fi networks has a privacy feature that uses a different identity when scanning for networks and when actually connecting to the Wi-Fi access point. Unfortunately, this causes [[https://askubuntu.com/questions/910185/rosewill-rnx-n600ube-connectivity-issue-on-ubuntu-17-04|problems]] with some routers that reject connections from such devices. Your connection won't successfully activate and disconnect after trying to activate. If you have control over the router's behaviour, you could also turn off the feature causing problem. Otherwise, the solution is to connect with a remote shell using [[FreedomBox/Manual/SecureShell|SSH]] or [[FreedomBox/Manual/Cockpit|Cockpit]], editing a file `/etc/NetworkManager/NetworkManager.conf` and adding the line `wifi.scan-rand-mac-address=no` in the `[device]` section. This turns off the privacy feature.
Edit a file:
{{{
$ sudo nano /etc/NetworkManager/NetworkManager.conf
}}}
Add the following:
{{{
[device]
wifi.scan-rand-mac-address=no
}}}
Then reboot the machine.
==== Adding a new network device ====
When a new network device is added, network manager will automatically
configure it. In most cases this will not work to your liking.
Delete the automatic configuration created on the interface and create
a new network connection. Select your newly added network interface
in the add connection page.
* Then set firewall zone to `internal` and `external` appropriately.
* You can configure the interface to connect to a network or provide
network configuration to whatever machine connects to it.
* Similarly, if it is a Wi-Fi interface, you can configure it to
become a Wi-FI access point or to connect to an existing access
points in the network.
==== Configuring a mesh network ====
!FreedomBox has rudimentary support for participating in BATMAN-Adv based mesh networks. It is possible to either join an existing network in your area or create a new mesh network and share your Internet connection with the rest of the nodes that join the network. Currently, two connections have to be created and activated manually to join or create a mesh network.
===== Joining a mesh network =====
To join an existing mesh network in your area, first consult the organizers and get information about the mesh network.
1. Create a new connection, then select the connection type as ''Wi-Fi''. In the following dialog, provide the following values:
||'''Field Name'''||'''Example Value'''||'''Explanation'''||
|| ''Connection Name'' || Mesh Join - BATMAN || The name must end with 'BATMAN' (uppercase) ||
|| ''Physical Interface'' || wlan0 || The Wi-Fi device you wish to use for joining the mesh network ||
|| ''Firewall Zone'' || External || Since you don't wish that participants in mesh network to use internal services of !FreedomBox ||
|| ''SSID'' || ch1.freifunk.net || As provided to you by the operators of the mesh network. You should see this as a network in ''Nearby Wi-Fi Networks'' ||
|| ''Mode'' || Ad-hoc || Because this is a peer-to-peer network ||
|| ''Frequency Band'' || 2.4Ghz || As provided to you by the operators of the mesh network ||
|| ''Channel'' || 1 || As provided to you by the operators of the mesh network ||
|| ''BSSID'' || 12:CA:FF:EE:BA:BE || As provided to you by the operators of the mesh network ||
|| ''Authentication'' || Open || Leave this as open, unless you know your mesh network needs it be otherwise ||
|| ''Passphrase'' || || Leave empty unless you know your mesh network requires one ||
|| ''IPv4 Addressing Method'' || Disabled || We don't want to request IP configuration information yet ||
Save the connection. Join the mesh network by activating this newly created connection.
1. Create a second new connection, then select the connection type as ''Generic''. In the following dialog, provide this following values:
||'''Field Name'''||'''Example Value'''||'''Explanation'''||
|| ''Connection Name'' || Mesh Connect || Any name to identify this connection ||
|| ''Physical Interface'' || bat0 || This interface will only show up after you successfully activate the connection in first step ||
|| ''Firewall Zone'' || External || Since you don't wish that participants in mesh network to use internal services of !FreedomBox ||
|| ''IPv4 Addressing Method'' || Auto || Mesh networks usually have a DHCP server somewhere that provide your machine with IP configuration. If not, consult the operator and configure IP address setting accordingly with ''Manual'' method ||
Save the connection. Configure your machine for participation in the network by activating this connection. Currently, this connection has to be manually activated every time you need to join the network. In future, !FreedomBox will do this automatically.
You will now be able reach other nodes in the network. You will also be able to connect to the Internet via the mesh network if there is an Internet connection point somewhere in mesh as setup by the operators.
===== Creating a mesh network =====
To create your own mesh network and share your Internet connection with the rest of the nodes in the network:
1. Follow the instructions as provided above in step 1 of ''Joining a mesh network'' but choose and fix upon your own valid values for ''SSID'' (a name for you mesh network), ''Frequency Band'' (usually 2.4Ghz), ''Channel'' (1 to 11 in 2.4Ghz band) and ''BSSID'' (a hex value like 12:CA:DE:AD:BE:EF). Create this connection and activate it.
2. Follow the instructions as provided above in step 2 of ''Joining a mesh network'' but select ''IPv4 Addressing Method'' as ''Shared''. This will provide automatic IP configuration to other nodes in the network as well as share the Internet connection on your machine (achieved using a second Wi-Fi interface, using Ethernet, etc.) with other nodes in the mesh network.
Spread the word about your mesh network to your neighbors and let them know the parameters you have provided when creating the network. When other nodes connect to this mesh network, they have to follow steps in ''Joining a mesh network'' but use the values for ''SSID'', ''Frequency Band'' and ''Channel'' that you have chosen when you created the mesh network.
=== Advanced Network Operations ===
Cockpit provides many advanced networking features over those offered by !FreedomBox. Both !FreedomBox and Cockpit operate over Network Manager and are hence compatible with each other. Some of the functions provided by Cockpit include:
* Set the maximum transmission unit (MTU) for a network connection
* Change the hardware address (MAC address) of a network interface
* Add more DNS servers and configure routing of a network connection
* Creating bonded devices for highly available network interfaces
* Creating bridge devices to join network interfaces for aggregating separate networks
* Manage VLAN for creating virtual partitions in the physical network
{{attachment:networks-cockpit.png}}
=== Manual Network Operation ===
!FreedomBox automatically configures networks by default and provides
a simplified interface to customize the configuration to specific
needs. In most cases, manual operation is not necessary. The
following steps describe how to manually operate network configuration
in the event that a user finds !FreedomBox interface to insufficient
for task at hand or to diagnose a problem that !FreedomBox does not
identify.
On the command line interface:
For text based user interface for configuring network connections:
{{{
nmtui
}}}
To see the list of available network devices:
{{{
nmcli device
}}}
To see the list of configured connections:
{{{
nmcli connection
}}}
To see the current status of a connection:
{{{
nmcli connection show '<connection_name>'
}}}
To see the current firewall zone assigned to a network interface:
{{{
nmcli connection show '<connection_name>' | grep zone
}}}
or
{{{
firewall-cmd --zone=internal --list-all
firewall-cmd --zone=external --list-all
}}}
To create a new network connection:
{{{
nmcli con add con-name "<connection_name>" ifname "<interface>" type ethernet
nmcli con modify "<connection_name>" connection.autoconnect TRUE
nmcli con modify "<connection_name>" connection.zone internal
}}}
To change the firewall zone for a connection:
{{{
nmcli con modify "<connection_name>" connection.zone "<internal|external>"
}}}
For more information on how to use `nmcli` command, see its man page.
Also for a full list of configuration settings and type of connections
accepted by Network Manager see:
https://developer.gnome.org/NetworkManager/stable/ref-settings.html
To see the current status of the firewall and manually operate it, see
the [[FreedomBox/Manual/Firewall|Firewall]] section.
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

5
doc/manual/en/Networks.raw.xml
View File

File diff suppressed because one or more lines are too long

133
doc/manual/en/OpenVPN.raw.wiki Normal file
View File

@ -0,0 +1,133 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/OpenVPN|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== OpenVPN (Virtual Private Network) ==
||<tablestyle="float: right;"> {{attachment:OpenVPN-icon_en_V01.png|OpenVPN icon}} ||
'''Available since''': version 0.7
=== What is OpenVPN? ===
OpenVPN provides to your !FreedomBox a virtual private network service. You can use this software for remote access, site-to-site VPNs and Wi-Fi security. OpenVPN includes support for dynamic IP addresses and NAT.
=== Port Forwarding ===
If your !FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports for OpenVPN:
* UDP 1194
=== Setting up ===
1. In !FreedomBox apps menu, select ''Virtual Private Network (OpenVPN)'' and click Install.
1. After the module is installed, there is an additional setup step that may take a long time to complete. Click "Start setup" to begin.
{{attachment:plinth_openvpn.png|OpenVPN service page|width=800}}
1. Wait for the setup to finish. This could take a while.
1. Once the setup of the OpenVPN server is complete, you can download your profile. This will download a file called <USER>.ovpn, where <USER> is the name of a !FreedomBox user. Each !FreedomBox user will be able to download a different profile. Users who are not administrators can download the profile from home page after login.
1. The ovpn file contains all the information a vpn client needs to connect to the server.
1. The downloaded profile contains the domain name of the !FreedomBox that the client should connect to. This is picked up from the domain configured in 'Config' section of 'System' page. In case your domain is not configured properly, you may need to change this value after downloading the profile. If your OpenVPN client allows it, you can do this after importing the OpenVPN profile. Otherwise, you can edit the .ovpn profile file in a text editor and change the 'remote' line to contain the WAN IP address or hostname of your !FreedomBox as follows.
{{{
client
remote mybox.sds-ip.de 1194
proto udp
}}}
=== Browsing Internet after connecting to VPN ===
After connecting to the VPN, the client device will be able to browse the Internet without any further configuration. However, a pre-condition for this to work is that you need to have at least one Internet connected network interface which is part of the 'External' firewall zone. Use the networks configuration page to edit the firewall zone for the device's network interfaces.
=== Usage ===
==== On Android/LineageOS ====
1. Visit !FreedomBox home page. Login with your user account. From home page, download the OpenVPN profile. The file will be named ''username''.ovpn.
{{attachment:openvpn_download_profile.png|OpenVPN Download Profile|width=324}}
1. Download an OpenVPN client such as ''OpenVPN for Android''. F-Droid repository is recommended. In the app, select import profile.
{{attachment:openvpn_install_app.png|OpenVPN App|width=324}}
1. In the select profile dialog, choose the ''username''.opvn file you have just downloaded. Provide a name for the connection and save the profile.
{{attachment:openvpn_import_profile.png|OpenVPN import profile|width=324}}
1. Newly created profile will show up. If necessary, edit the profile and set the domain name of your !FreedomBox as the server address.
{{attachment:openvpn_profile_created.png|OpenVPN profile created|width=324}}
{{attachment:openvpn_edit_domain_name.png|OpenVPN edit domain name|width=324}}
1. Connect by tapping on the profile.
{{attachment:openvpn_connect.png|OpenVPN connect|width=324}}
{{attachment:openvpn_connected.png|OpenVPN connected|width=324}}
1. When done, disconnect by tapping on the profile.
{{attachment:openvpn_disconnect.png|OpenVPN disconnect|width=324}}
==== On Debian ====
Install an OpenVPN client for your system
{{{
$ sudo apt install openvpn
}}}
Open the ovpn file with the OpenVPN client.
{{{
$ sudo openvpn --config /path/to/<USER>.ovpn
}}}
If you use Network Manager, you can create a new connection by importing the file:
{{{
$ sudo apt install network-manager-openvpn-gnome
$ sudo nmcli connection import type openvpn file /path/to/<USER>.ovpn
}}}
If you get an error such as `configuration error: invalid 1th argument to “proto” (line 5)` then edit the .ovpn file and remove the line `proto udp6`.
=== Checking if you are connected ===
==== On Debian ====
1. Try to ping the !FreedomBox or other devices on the local network.
1. Running the command `ip addr` should show a `tun0` connection.
1. The command `traceroute freedombox.org` should show you the ip address of the VPN server as the first hop.
=== Accessing internal services ===
After connecting to OpenVPN, you will be able to access !FreedomBox services that are only meant to be accessed on internal networks. This is in addition to being able to access external services. This can be done by using the IP address 10.91.0.1 as the host name for these services.
The following services are known to '''work''':
* [[FreedomBox/Manual/Privoxy|Privoxy]],
* [[FreedomBox/Manual/Tor|Tor Socks]],
* [[FreedomBox/Manual/Shadowsocks|Shadowsocks]],
* [[FreedomBox/Manual/I2P|I2P Proxy]] and
* [[FreedomBox/Manual/Samba|Samba]].
Some services are known '''not''' to work at this time:
* Avahi,
* [[FreedomBox/Manual/Bind|bind]] and
* [[FreedomBox/Manual/MiniDLNA|MiniDLNA]].
=== External Links ===
https://community.openvpn.net/openvpn
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

4
doc/manual/en/OpenVPN.raw.xml
View File

File diff suppressed because one or more lines are too long

39
doc/manual/en/OrangePiZero.raw.wiki Normal file
View File

@ -0,0 +1,39 @@
== Orange Pi Zero ==
{{attachment:orange-pi-zero.jpg|Orange Pi Zero|width=649,height=537}}
[[http://www.orangepi.org/orangepizero/|Orange Pi Zero]] is a single board computer available at very low price. It uses the Allwinner H2 SoC, and has 256MB/512MB DDR3 SDRAM. It doesn't require any non-free firmware to run !FreedomBox. However, the onboard Wi-Fi module needs proprietary firmware to work. The board is available in two versions: with 256MB RAM and 512MB RAM. The version with 512 MB RAM is recommended for !FreedomBox. Even then, !FreedomBox is expected to gracefully run only a small number of services.
'''Important:''' Read [[FreedomBox/Hardware|general advice]] about hardware before building a !FreedomBox with this single board computer.
=== Download ===
!FreedomBox SD card [[FreedomBox/Download|images]] are available for this device. Follow the instructions on the [[FreedomBox/Download|download]] page to create a !FreedomBox SD card and boot the device.
=== Availability ===
* [[https://www.aliexpress.com/store/group/H2/1553371_511831299.html|AliExpress]]
=== Hardware ===
* CPU: ARM Cortex-A7 Quad-Core (Allwinner H2)
* RAM: 256MB/512MB DDR3 SDRAM
* Storage: Up to 32GB on uSD slot, 2MB SPI Flash
* Architecture: armhf
* Ethernet: 10/100, RJ45
* !WiFi: Onboard 802.11 b/g/n, use a [[FreedomBox/Hardware/USBWiFi|USB WiFi device]]
=== Non-Free Status ===
* Non-free blobs required: No (without Wi-Fi)
* Wi-Fi: no free Wi-Fi drivers + firmware available
## END_INCLUDE
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox
Orange Pi Zero image is licensed under a Creative Commons Attribution 3.0 Unported License by [[https://linux-sunxi.org/File:OPi_Zero_Top.jpg|Linux Sunxi]].

34
doc/manual/en/PageKite.raw.wiki Normal file
View File

@ -0,0 +1,34 @@
#language en
~- [[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[es/FreedomBox/Manual/PageKite|Español]] -~
<<TableOfContents()>>
## BEGIN_INCLUDE
== PageKite (Public Visibility) ==
=== What is PageKite? ===
!PageKite makes local websites and services publicly accessible immediately without creating yourself a public IP address. It does this by tunneling protocols such as HTTPS or SSH through firewalls and NAT. Using !PageKite requires an account on a !PageKite relay service. One such service is https://pagekite.net.
A !PageKite relay service will allow you to create kites. Kites are similar to domain names, but with different advantages and drawbacks. A kite can have a number of configured services. !PageKite is known to work with HTTP, HTTPS, and SSH, and may work with some other services, but not all.
=== Using PageKite ===
1. Create an account on a !PageKite relay service.
1. Add a kite to your account. Note your kite name and kite secret.
1. In !FreedomBox, go to the "Configure !PageKite" tab on the Public Visibility (!PageKite) page.
1. Check the "Enable !PageKite" box, then enter your kite name and kite secret. Click "Save settings".
1. On the "Standard Services" tab, you can enable HTTP and HTTPS (recommended) and SSH (optional).
* HTTP is needed to obtain the Let's Encrypt certificate. You can disable it later.
1. On the [[FreedomBox/Manual/LetsEncrypt|Certificates (Let's Encrypt)]] page, you can obtain a Let's Encrypt certificate for your kite name.
## END_INCLUDE
Back to [[FreedomBox/Features|Features introduction]] or [[FreedomBox/Manual|manual]] pages.
<<Include(FreedomBox/Portal)>>
----
CategoryFreedomBox

1
doc/manual/en/PageKite.raw.xml
View File

File diff suppressed because one or more lines are too long

Some files were not shown because too many files have changed in this diff Show More