- Don't use title casing, instead use simple capitalization.
- Add some tags.
- Drop outdated tags like 'VoIP', 'IM' while emphasizing 'Audio chat', 'Video
chat', 'Encrypted messaging' instead.
- Try to clarify server vs. web client with tags.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Add tags to Info component of apps. Use only English tags for all operations.
Localized tags are used for presentation to the user only. Add tags to all the
apps. Conventions (English):
1. Tags describing use cases should be in kebab case.
2. Protocols in tag names should be in their canonical format.
3. Tags needn't be 100% technically correct. This can get in the way of
comparing apps using a tag. Words that describe use cases that users can
easily understand should be preferred over being pedantic.
4. Tags should be short, ideally not more than 2 words. Avoid conjunctions
like "and", "or" in tags.
5. Avoid redundant words like "server", or "web-clients". Most apps on
FreedomBox are either servers or web clients.
6. Keep your nouns singular in tags.
- Use query
params to filter the Apps page by tags. When all tags are removed, redirect to /apps.
- Add UI elements to add and remove tag filters in the Apps page. Make the UI
similar to GitLab issue tags. Since there are 40 apps, there will be at least 40
tags. Selecting a tag from a dropdown will be difficult on mobile devices. A
fuzzy search is useful to find tags to add to the filter. Allow user to find the
best match for the search term and highlight it visually. The user can then
press Enter to select the highlighted tag. Make tag search case-insensitive.
Make the dropdown menu scrollable with a fixed size. User input is debounced by
300 ms during search.
- tests: Add missing mock in test_module_loader.py
- Add functional tests
[sunil]
- 'list' can be used instead of 'List' for typing in recent Python versions.
- Reserve tripe-quoted strings for docstrings.
- Undo some changes in module initialization, use module_name for logging
errors.
- isort and yapf changes.
- Encode parameters before adding them to the URL.
Tests:
- Tested the functionality of filtering by tag with one tag and two tags.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Configuring just php-fpm is easier compared to configuring Apache + mod_php.
There is no need to configure trusted proxies as the requests are made using the
FastCGI protocol.
- There is no need for a full web server as we already run Apache.
- Place nextcloud data in /var/lib/container so that non-PHP files can be served
directly without php-fpm involved. This location is more suitable for switching
to nextcloud based on a .deb file (if ever). This is done by configuring the
volume to serve a bind mounted directory of our choice.
- Update Apache configuration to proxy to php-fpm instead of another web server.
Include the changes needed for Apache configuration to serve non-php files
directly.
- Managed the volume using quadlet podman systemd generator.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Before we can enable this added protection, we need to address a couple of
issues:
- Redis password is restored after a restore. This means that if nextcloud's
backup is restored on a machine where redis server already has a password set,
then the password won't match with the password configured for other apps that
are using redis.
- When email server is already installed before this patch and then nextcloud
is installed. rspamd will fail to connect to redis server. This even with the
changes intended on the email server as the setup version in those changes has
not been incremented.
- Restart redis-server only when needed. This avoids major disruption caused due
un-persisted cache and locks removed.
- Don't use Redis for caching of server-local data as this APCu seems to be
preferred by upstream containers.
- Don't set filelocking.enabled=true as this is already the default.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Reduce nesting necessary nesting.
- Add some type annotations.
- Simplify writing command output to a file by passing file handle to
subprocess.run().
- Create a path for volume to eliminate some duplication.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
[sunil: Simplify method signature and name for setting maint. mode]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Nextcloud has long been a desired app for FreedomBox, however, due to
difficulties around Debian packaging, it hasn't yet been implemented. This
branch creates an app for Nextcloud with the help of Podman. Podman is a
containarization technology, like Docker, but with some extra features
that make its integration into FreedomBox convenient. If the podman
approach turns out to be favorable, we should consider writing a podman
specific module.
How does this work?
The app installs the podman and default-mysql-server Debian packages.
In other apps, such as MediaWiki, FreedomBox chooses SQLite
which eases maintenance and backup/restore. However, this
would bring a significant performance degrade for Nextcloud, hence the
choice of Mysql. Other apps, like Wordpress already use Mysql, so it is
installed on the host as opposed to installing it in a sepatate
container. A firewalld rich rule is created, so the Nextcloud container
can communicate with the db and OpenLDAP.
The podman package comes with a systemd service and timer for
automatically upgrading containers that are labeled as
"io.containers.autoupdate=registry". podman-auto-update.timer is managed
by FreedomBox. We might add a drop-in file for the timer to make it
more consistent with unattended-upgrades.
Podman natively supports creating systemd services for individual
containers. The generated systemd service is then managed by FreedomBox.
The current container image is based on Debian and runs apache inside the container.
To avoid running apache redundantly (both on the host and inside the
container) it would be preferable to use the nextcloud:stable-fpm image
instead, which seems to require creating a new virtual host.
Configure /.well-known URIs to redirect to /nextcloud. There is a conflict with
Radicale if both apps are running.
Put the podman1 interface into the trusted firewalld zone. This results in the
container gaining Internet access which is necessary to downloading Nextcloud
applications and federating with other Nextcloud instances. After applying the
patches, I opened my instance to the Internet to make sure this configuration
doesn't accidentally expose services. I scanned TCP ports 3306 and 6379 (after
installing and binding redis-server to the bridge interface). After that, I
installed the Tor app and put the default WAN interface to the external zone to
confirm that port 9050/TCP does not get exposed through the bridge interface.
To-do:
* test the fpm image
* test running the container in rootless mode for better security
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
[sunil: Add missing docstrings]
[sunil: Make some methods private to module]
[sunil: Run yapf for formatting]
[sunil: Remove a comment to hide form when app is disabled]
[sunil: Update form labels]
[sunil: I18N for client names]
[sunil: Reduce number success messages in form for easy i18n and consistency]
[sunil: Reorganize patch series, squash fixes]
[sunil: Tweak auto update daemon component's ID]
[sunil: Add blank lines for formatting]
[sunil: Minor refactoring for _run_occ method]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
