- Authentication using client certificates. Extra password based
authentication for later.
- Auto setup of CA, server and client certificates.
- Provides a .ovpn profile for each user for easy setup.
- Use 4096 bit Diffie-Hellman parameters for better security. If this
takes to much time, reduce it to 2048 or 1024, at least during
debugging.
- When the current configuration does not contain a port and we try to
set the port for the frontend server, it fails. This patch fixes
that.
- Minor styling and spelling fixes.
- Make sure that if port is not set for frontend, it will be set on
saving the form.
- PEP8 fixes.
- Don't need to disable .socket and .service. Disabling .service will
take care of disabling both.
- Update the introduction message.
- Add prefix to form so that it can potentially be mixed with other
forms.
- When Deb822 formatted source files are present, error out and don't
show as enabled.
- When /etc/apt/sources.list.d/*.sources files are present, error out
and don't show as enabled.
- Handle files /etc/apt/sources.list.d/*.list.
- Workaround Augeas lens not understanding '[options]' in sources.list.
- Enable/disable ntpd from this module. Since ntpd has implications on
anonymity.
- Implement NTP diagonstics from freedombox-setup.
- Eventually provide ability to set date & time of the system.
- Eventually move timezone configuration to this module.
- Move diagnostics into main module instead of action script.
- Ability run diagnostics as non-root user (because it runs in Plinth
instead of action).
- Diagnose whether LDAP server is listening.
- Diagnose directory entities created during setup.
- Run diagnostics on each module separately.
- Run diagnostics in a separate thread.
- Show progressive update while running diagnostics.
- Store and show old diagnostics.
- Prevent CSRF on the expensive operation of running diagnostics.
- It does not work on all the modules available.
- It does not reload Plinth after changes.
- As of now, there is not strong case for disabling modules in Plinth
making it unnecessary UI complication.
- Split into multiple small Debian packages is not yet implemented for
Plinth. The module expects to work on the Debian modules. When
smaller Debian packages are available perhaps we should consider using
packages.py library instead.
- Merge all ldap actions into one action.
- Setup ldapscripts using augeas.
- Use the default mechanisms used by ldapscripts.
- Remove adding admin users to 'sudo' group. Mixing LDAP groups and
local groups is not a good practice. 'admin' LDAP group will be added
to sudoers in another patch to freedombox-setup.
- Make all users posixAccount and all groups posixGroup for simplicity.
Shell access can be restricted in other ways.
- Work around ldapscripts not able to set password using SASL auth.
- Work around ldapscripts having issues with current locale.
- Use webserver action utilites.
- Move status getting to module __init__.py so that it can be turned
into an API in future for further simplificaiton.
- Apply this to other modules too in future commits.
- To check whether a service is running does not require root
privileges. This can directly be done from a module without any
action.
- Since actions are allowed to be run using sudo, introducing
unnecessary sub-commands increases attack surface.
- Simple functions calls are unnecessarily being converted to command
line invocations and involve parsing response.
- There is a lot of repeated code because of this that can be
eliminated.
- To generalize this, we need to make all non-root system operations
directly from module instead of delegating to action commands.
- Merge actions/pagekite_util.py into plinth/modules/pagekite/util.py.
- Rename plinth/modules/pagekite/util.py to utils.py.
- Add python-augeus as dependency.
- Move actions/util.py to plinth/action_utils.py and update services
that use it.
- Rename _run() method to run() as it is being used publicly.
- Import the utils in a more conventional manner.
- Move all python2 bits to python3.
