It is already available separately and now printed nicely. In cases where the
exception is caused outside of the action method, continue to print stderr.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
current_results['apps'] was not being used anywhere.
Make are_results_available() check more specific, and to align with what is
stored in the database.
Tests:
- Run full diagnostics and check the results.
- Restart plinth, and check that the diagnostic results are loaded from the
database.
Helps: #2410
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Previously, when dist-upgrading from bullseye to bookworm, there was an issue
where unattended-upgrade gets stuck. See #2266. However, it does not get stuck
when dist-upgrading from bookworm to trixie.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Setting ttrss/purge to 'true' in debconf is not retrained after the package
has been install. So, set it again just before package removal.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Don't dump all the databases on the server. Instead dump only the ttrss
database and its role.
- Use database configuration instead of hardcoded database name 'ttrss'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This checks backup/restore step more accurately with new database user vs. old
database user.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This will ensure that dbconfig is every triggered and regenerates the
configuration/setup, everything is consistent.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This will ensure that dbconfig is every triggered and regenerates the
configuration/setup, everything is consistent.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Similar check was removed in 6646512a0adab6943503ec47372502fb28805911 when it
was that it was not needed.
Tests:
- Run functional tests for zoph.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Configure caching for Nextcloud with Redis running on the host, create static
php file under
/var/lib/containers/storage/volumes/nextcloud-volume-fbx/_data/config. Nextcloud
communicates with Redis via the bridge adapter, which isn't a loopback device.
For this reason, setting a redis password is required. In addition, configure
the email app to accomodate the changes.
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This setting is necessarry to pass the setup warning under
/nextcloud/settings/admin/overview
Note: during testing the field only becomes visible once
the freedombox-develop command is restarted
https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#default-phone-region
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
[sunil: Add missing docstring]
[sunil: Update form label for consistency]
[sunil: Reduce number of success form messages]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
[sunil: Simplify method signature and name for setting maint. mode]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Nextcloud has long been a desired app for FreedomBox, however, due to
difficulties around Debian packaging, it hasn't yet been implemented. This
branch creates an app for Nextcloud with the help of Podman. Podman is a
containarization technology, like Docker, but with some extra features
that make its integration into FreedomBox convenient. If the podman
approach turns out to be favorable, we should consider writing a podman
specific module.
How does this work?
The app installs the podman and default-mysql-server Debian packages.
In other apps, such as MediaWiki, FreedomBox chooses SQLite
which eases maintenance and backup/restore. However, this
would bring a significant performance degrade for Nextcloud, hence the
choice of Mysql. Other apps, like Wordpress already use Mysql, so it is
installed on the host as opposed to installing it in a sepatate
container. A firewalld rich rule is created, so the Nextcloud container
can communicate with the db and OpenLDAP.
The podman package comes with a systemd service and timer for
automatically upgrading containers that are labeled as
"io.containers.autoupdate=registry". podman-auto-update.timer is managed
by FreedomBox. We might add a drop-in file for the timer to make it
more consistent with unattended-upgrades.
Podman natively supports creating systemd services for individual
containers. The generated systemd service is then managed by FreedomBox.
The current container image is based on Debian and runs apache inside the container.
To avoid running apache redundantly (both on the host and inside the
container) it would be preferable to use the nextcloud:stable-fpm image
instead, which seems to require creating a new virtual host.
Configure /.well-known URIs to redirect to /nextcloud. There is a conflict with
Radicale if both apps are running.
Put the podman1 interface into the trusted firewalld zone. This results in the
container gaining Internet access which is necessary to downloading Nextcloud
applications and federating with other Nextcloud instances. After applying the
patches, I opened my instance to the Internet to make sure this configuration
doesn't accidentally expose services. I scanned TCP ports 3306 and 6379 (after
installing and binding redis-server to the bridge interface). After that, I
installed the Tor app and put the default WAN interface to the external zone to
confirm that port 9050/TCP does not get exposed through the bridge interface.
To-do:
* test the fpm image
* test running the container in rootless mode for better security
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
[sunil: Add missing docstrings]
[sunil: Make some methods private to module]
[sunil: Run yapf for formatting]
[sunil: Remove a comment to hide form when app is disabled]
[sunil: Update form labels]
[sunil: I18N for client names]
[sunil: Reduce number success messages in form for easy i18n and consistency]
[sunil: Reorganize patch series, squash fixes]
[sunil: Tweak auto update daemon component's ID]
[sunil: Add blank lines for formatting]
[sunil: Minor refactoring for _run_occ method]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Don't list the bridge interface in the Networks page as it is not meant to be
modified by users and would only create confusion.
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
Skip all the other git clone progress log lines. Fixes
occasional `'total_progress' not defined` error.
Tested in the testing container that cloning exisiting repository
works.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Fixes: #2381.
When app is being uninstalled, it is disabled. Use that to not show the setup
page.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2376.
Fixes: #2317.
When an app is removed, its packages are purged. However, there is another
installed app that needs these packages, we should keep those packages. We have
already implemented checking the packages against other apps' packages. However,
we are not checking if we are removing dependencies of other apps' packages.
This will still result in removal apps' packages.
To solve this problem, get list of packages of all the apps, then iterate over
their dependencies recursively and compile a comprehensive list of packages to
keep. Use this to reduce the set of packages to remove.
Tests:
- Without the patch, install bepasty and janus. Uninstall janus app and notice
that bepasty package is removed. With the patch, the problem is not observed.
- Printing the comprehensive list of packages to keep shows an extensive set
computed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
NetBIOS was used with now deprecated SMB1 protocol.
Tests performed:
- Windows 10 can access shares when the nmbd service is disabled.
- In stable and testing containers, all the samba module tests pass.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Also:
- Remove addressses [fc00::]/7 and [fe80::] from `allow hosts`, as
those had no effect as described in #2334.
- Remove unknown parameter `access control = yes` from Samba
configuration.
Tests performed in a stable container:
- After Samba app upgrade was performed, enabled Samba Home share.
- Using the `testparm` command, checked that the share is accessible
from ::1 IPv6 address:
```
> sudo testparm -s /etc/samba/smb-freedombox.conf host-ip ::1
Allow connection from host-ip (::1) to disk_home
> sudo testparm -s /etc/samba/smb-freedombox.conf host-ip ::2
Denied connection from host-ip (::2)
Deny connection from host-ip (::2) to disk_home
```
- Checked that when `ping localhost` returns ::1 in the container,
all the Samba tests pass.
Closes#2334.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Simplify success message for easy localization.
Tests:
- Update configuration notice the success message is shown properly.
- Insert errors in set_config() privileged method and notice that HTML error is
shown properly.
- Insert errors in privileged.delete() method, print 'Config is in use.' message
on stderr and notice that HTML error is shown properly.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Reduce the number of specialized messages to ease localization and clear way
for generalized configuration change handler.
Tests:
- Update the one or two configuration setting at the same time and notice that a
single message is shown.
- When no setting is changed and form is submitted, 'settings unchanged' message
is shown.
- Raise error when enabling/disable auto updates and notice a proper HTML error
shown. When other setting is also updated, then one error and one success
message is shown.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- In a VM, mount a loopback disk. Insert an error in ejected code and notice
that HTML message is shown properly during eject operation.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This allows the certbot command output to be shown accurately in the HTML
error message.
Tests:
- Edit the code to show all the action buttons in the UI. Set domain to
mydomain.example. Run all four actions. Notice that HTML error message are shown
and certbot output is shown properly in stdout/stderr sections.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Edit auto-mounting to try mounting an already mounted device. In a VM, during
service startup, notice the warning about failure to auto-mount as device is
already mounted.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- The privileged call already prints the log message with full error details.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- We have new way to show extra details with exceptions in HTML.
- This handling of error details in PackageException is mostly unused and
unnecessary complexity.
Tests:
- Introduce exception into package.install() and package.uninstall() methods.
Test that exceptions are being shown properly in Django error messages.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Insert an exception in privileged setup() and uninstall() method and try to
install/uninstall app and notice that error messages are shown in a simple
format and extra details are provided, collapsed by default.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
