All users can login. Only admin users can see logs and make changes.
LIMITATION: Only certain functions such as service management is possible.
Functions such as networking and user management is read-only. This problem does
not occur for user belonging to the 'sudo' group.
- Move to system section from applications section.
- Rename action script to cockpit instead of cockpit.
- Deal with .socket/.service correctly.
- Implement hooks on domain name changes and update configuration correctly.
- Host the application under /_cockpit instead of /cockpit because it is
reserved.
- Update description.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Apply the patch present in Debian packaging:
James Valleroy: When testing new image builds, I found users created through
plinth could not login through console or SSH. The reason is that slapd and
nslcd services were not enabled and not running. I don't know what is causing
this situation, so this is just a workaround.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This does not effect the first install but is necessary when upgrading to newer
Plinth module version.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Also wrote unit tests in users/tests/test_actions
Signed-off-by: Joseph Nuthalpati <njoseph@thoughtworks.com>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
API access is required to use tt-rss from the official Android app
Closes#1060
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Only add a connection for a device if a connection with that name is not already
associated with that device.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Signed-off-by: Joseph Nuthalpati <njoseph@thoughtworks.com>
When network-manager restarts, it leaves the existing connections intact. When
it start again, it somehow restores that active connection. So, restarting
network-manager is not a solution to activate all newly created connections.
Explicitly activate all connections and don't restart network-manager. Do
connection activation in background so that failed activation does not lead to
failed setup of remaining connections.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Signed-off-by: Joseph Nuthalpati <njoseph@thoughtworks.com>
The changes made for system login will not be effective until a restart. This
includes SSH login, console login, getent answers, etc.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Closes#928
- Adds shell and python APIs adding/removing LDAP groups
Signed-off-by: Rahul De <rahul080327@gmail.com>
Reviewed-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
This does not change the order of any of the current devices. Only device
supported currently that has multiple interfaces is APU.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
- For a user who installed using FreedomBox disk image, when Plinth upgrades to
a release containing this change, don't run network setup. This is ensured by
not incrementing the version number of the networks module.
- For a user who installed using freedombox-setup Debian package, when Plinth
upgrades to a release containing this change, don't run network setup. This is
ensured by not incrementing the version number of the networks module.
- For a user who installed using freedombox-setup Debian package, when Plinth is
run for the first time, don't run network setup. This is ensured by checking
for the file /var/lib/freedombox/is-freedombox-disk-image which will not
exist.
- For a user who installed using FreedomBox disk image, when Plinth runs for the
first time, setup process executes and triggers the script due networks module
being an essential module.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
* Fixing wrong function calls leading to error 500.
* Merging enable/disabling/status into single action, to improve
handling in cli, and reduce code duplication.
* Fixing order of restart and enabling of public registration option.
* Minor, cosmetic fixes of code and user-facing strings.
* Overall code design now almost identical to Ejabberd service page.
Signed-off-by: Johannes Keyser <johanneskeyser@posteo.de>
There is no need to restart firewalld after the setup steps run.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- using latest version of lib-apache2-mod-authpubtkt
- upgraded keys to 4096-bit RSA
- upgraded hashing algorithm to sha512
Plinth needs dependency on libapache2-mod-auth-pubtkt >= 0.11
Signed-off-by: Joseph Nuthalpati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- This avoids an issue where it would try to enable the apache conf
possibly before it is generated.
- Added an explicit enable statement since it was missing.
Reviewed-by: Joseph Nuthalpati <njoseph@thoughtworks.com>
Run sudo-required action via actions.superuser_run
Actions related to services those require `sudo` permissions need to
be executed via actions.superuser_run.
NOTE:
If plinth service is started via `sudo ./run --debug` (in dev mode)
all actions will be executed silently. But plinth in user machines
won't be executed with sudo permissions.
- add action commands for managing and running hooks
- adding template, view and url for managing and running hooks
- disable Plinth hook management on domain change
- Created basic plinth app which starts an introducer and a storage
node on the FreedomBox.
- Prompt user to set a domain name before creating Tahoe-LAFS nodes.
- Support adding and removing of introducers to the storage node.
- Serve Tahoe-LAFS from a different port.
- Start all nodes and introducers at system startup.
- Add utility class YAMLFile with test cases.
- Install mod_auth_pubtkt and generate public/private key-pair.
- Redirect user to login page if no cookie is presented.
- Add check for authenticated user for login page.
- Temporarily switched to DSA because of a bug in mod_auth_pubtkt
which causes it to accept only DSA and not RSA. Also had to use SHA1
instead of SHA256.
- Enabled SSO for Syncthing, Repro and TT-RSS.
- Using tokens to authorize by user groups.
- Generate keys during first boot.
