Tests:
- Without patch, disable bind. Incrementing the app's version number results in
bind getting started.
- With patch, disable bind. Incrementing the app's version number does not
result in bind getting started.
- Without patch, disable bind. Update forwarders. Bind is running again.
- With patch, disable bind. Update forwarders. Bind is not running again.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Before this change, when bind is disabled, dns port is removed from firewall
causing all 'shared' connection to not be able to resolve domains. This was
because no other application was declaring a need for 'dns' port to be kept
open. Declare a firewall component in the networks app needing 'dns' and 'dhcp'
services on the internal networks.
Tests:
- Without the patch, install and disable bind. 'dns' port is removed from
'internal' zone of the firewall.
- Install and disable bind. 'dns' port is not removed from 'internal' zone of
the firewall.
- On a fresh Debian machine. Install the freedombox package. 'http', 'https',
'dns' and 'dhcp' port are opened on the firewall as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests:
- Without the patch, start the service and dismiss the privacy notification.
With the patch, the restart the service. Privacy app is updated and privacy
notification is shown again. Incrementing the version number of the privacy app
does not result in showing of the notification again.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Using public DNS servers leads to user's domain queries being known to the
servers, violating privacy. However, it is necessary to address many corner
cases when DNS servers are not known to systemd-resolved but internet
connectivity is working. Allow users to disable fallback DNS servers.
Tests:
- After upgrade to latest version of FreedomBox, the setting is on by default.
- Disabling removes the /etc configuration file and resolvectl shows no fallback
DNS entries.
- Enabling add the /etc configuration file and resolvectl shows fallback
entries. After removing existing DNS servers using resolvectl, one can still
query using fallback servers.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- This avoids using fallback DNS servers in systemd-resolved soon after
systemd-resolved takes over /etc/resolv.conf and if network-manager knows some
DNS servers from the connections it has established.
- Version for the names app has already been incremented in this patch series.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Disable mDNS resolution. While we can migrate our DNS-SD service definition
files to systemd-resolved and switch from using avahi to systemd-resolved, many
programs still solely depend on avahi-daemon. Examples include cups and GNOME.
It is not clear if they will work any mDNS daemon or if they interact with
avahi-daemon in other ways that the mDNS protocol. So, for now, disable mDNS in
systemd-resolved and continue to use avahi-daemon for it. This is also Fedora's
default.
- Re-introduce Fallback DNS servers with the value same as the upstream systemd
project. Debian removes the default fallback DNS servers likely because they
could be considered a privacy violation. However, when systemd-resolved package
is first installed, the post install script recommends a reboot instead of
feeding the currently configured nameservers from /etc/resolve.conf into
systemd-resolved. Immediately, this causes the system not be able to connect to
any external servers. While this may be acceptable solution for interactive
systems and pre-built images, FreedomBox has to a) be available for remote
access b) perform upgrades without user intervention (and without reboot until a
day). To mitigate privacy concerns, an option to disable these fallback servers
will be provided in the UI.
- systemd-resolved's stub resolver runs on 127.0.0.53%lo:53 and 127.0.0.54. This
does not conflict either with shared connections which listen on 10.42.x.1 or
with bind which listens on 127.0.0.1 (and other IP addresses). This MR does not
address the existing conflict between bind and shared network connections.
However, it does not cause any further conflicts.
Tests:
* mDNS
- Avahi diagnostics works. daemon is running. mdns port is exposed in the
firewall.
- systemd-resolved does not listen on mDNS ports.
- Running avahi-browse shows freedombox on local network.
- Running avahi-browse shows the services ssh, sftp-ssh, http and ejabberd.
- Machine can be discovered in Gnome Files.
* NetworkManager shared connections
- After install/upgrade to systemd-resolved, 'shared' connections can be
created.
- With a 'shared' connection configured and active, it is possible to upgrade to
using systemd-resolved.
- Resolving domains from a machine on shared network goes via systemd-resolved
on FreedomBox.
* Bind
- Installing, running tests on bind works.
- Programs connecting from outside network can connect to bind as expected.
- Programs connecting from local machine can connect to bind as expected.
* Upgrading works
- Upgrading to new FreedomBox package works
- systemd-resolved is installed and running. 'resolvectl' shows a proper name
server (or fallback nameserver like 1.1.1.1).
- libnss-resolve is installed and configured in /etc/nsswitch.conf
- /etc/resolv.conf has proper link to /run/systemd/resolve/stub-resolv.conf.
- Programs using /etc/resolv.conf directly work. Install python3-pycares.
python3 -m pycares freedombox.org.
- NetworkManager has passed on proper DNS entries. In logs dns=systemd-resolved,
rc-manager=unmanaged, plugin=systemd-resolved
- DNS resolution works after first setup. Installing packages works.
- 'resolvectl query' resolution works.
- Programs using glibc API resolution such as 'ping' work.
* Fresh image
- Building an image with new freedombox package works without error.
- Booting from fresh images works.
- systemd-resolved is installed and running. 'resolvectl' show proper name
server.
- libnss-resolve is installed and configured in /etc/nsswitch.conf
- /etc/resolv.conf has proper link to /run/systemd/resolve/stub-resolv.conf
- Programs using /etc/resolv.conf directly work. Install python3-pycares.
python3 -m pycares wikipedia.org
- NetworkManager has passed on proper DNS entries. In logs dns=systemd-resolved,
rc-manager=unmanaged, plugin=systemd-resolved
- DNS resolution works after first setup. Installing packages works.
* Installing package on Debian
- Installing new freedombox package in Debian machine works.
- systemd-resolved is installed and running.
- libnss-resolve is installed and configured.
- /etc/resolv.conf has proper link to /run
- NetworkManager has passed on proper DNS entries to systemd-resolved using
'nmcli reload dns-rc'.
- Resolution works with fallback DNS servers when network interfaces are
configured with /etc/network/interfaces
* OpenVPNs works
- As a server, we don't push DNS servers to the client. So, a client continues
to use its old DNS servers. With systemd-resolved running on server, the client
is able to connect to OpenVPN server, route traffic to the internet, and resolve
DNS queries.
* WireGuard works
- As a server, we can't push DNS servers to the client. So, a client continues
to use its old DNS servers. With systemd-resolved running on server, the client
is able to connect to WireGuard server, route traffic to the internet, and
resolve DNS queries.
- As a client, server does not push DNS servers to the client. So, a client
continues to use its old DNS servers. With systemd-resolved running on the
client, the client is able to connect to WireGuard server, route traffic to the
internet, and resolve DNS queries.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
On systems where the grub-pc package is not available (e.g. ARM),
dpkg-query will have an exit status of 1. Handle the error that is
raised in this case.
Tests:
- Added unit tests for storage._diagnose_grub_configured.
- Tested on Raspberry Pi 4.
Closes: #2441
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Add a new diagnostic check result for skipped tests.
Tests:
- Put a hold on a package. The diagnostic is failed.
- Remove the hold from the package. The diagnostic is passed.
- Start installing an app, then immediately run the upgrades
diagnostics. The diagnostic is skipped.
Helps: #2347
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Allow i18n for new state 'skipped']
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Create new policy that allows forwarding between zones.
See: https://bugzilla.redhat.com/show_bug.cgi?id=2016864#c8
- Increment version to perform setup on upgrade.
Closes: #2355
Tests:
- Build freedombox package, and install on top of Bookworm VM The
firewall setup is performed. firewall-cmd lists the fbx_int_to_ext_fwd
policy, masquerade on external zone, and forward on internal zone.
Not tested:
- I did not test forwarding traffic from external to internal zone.
However, several users have reported following these instructions on
the forum, and that it solved the issue for them.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Minor refactors for readability]
[sunil: Ensure that operation is idempotent]
[sunil: Reload instead of restarting firewalld]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
If the GRUB install device has not been selected, then grub package
configuration will fail during upgrades.
Tests:
- Install freedombox package with this change in a VM. Check that the
diagnostic is passed.
- Re-install the grub-pc package with DEBIAN_FRONTEND set to
noninteractive, so that it fails to be configured. Check that the
diagnostic is failed.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Run affected privileged actions through UI and notice that secret strings are
not logged (except initializing init/info a new SSH repository).
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Run affected privileged actions through UI and notice that secret strings are
not logged (except deleting the last admin user).
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Run affected privileged actions through UI and notice that secret strings are
not logged.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Run affected privileged actions through UI and notice that secret strings are
not logged.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Run affected privileged actions through UI and notice that secret strings are
not logged.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Run affected privileged actions through UI and notice that secret strings are
not logged.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2435
Tests:
- Run affected privileged actions through UI and notice that secret strings are
not logged.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Run affected privileged actions through UI and notice that secret strings are
not logged.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Run affected privileged actions through UI and notice that secret strings are
not logged.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Run affected privileged actions through UI and notice that secret strings are
not logged.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Run affected privileged actions through UI and notice that secret strings are
not logged.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Perform effected actions and ensure that secrets are not logged on the
console.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
TiddlyWiki uses almost the same Apache configuration as Feather Wiki,
with one difference - disabling gzip for the `HEAD` request.
The FreedomBox app for TiddlyWiki is identical to Feather Wiki in
every other aspect.
- Proxy download through freedombox.org. This serves two purposes:
1. Upstream's website cannot track the IP addresses of FreedomBox users.
2. We can update the versions of the empty quine files without making
code changes in FreedomBox.
[sunil]
- Update description to correct the list of users who can access the app.
- Update logo to adhere to the logo guidelines.
- Minor styling fix.
- Update the copyright on the logo based on information from upstream git
repository.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This serves two purposes:
1. Upstream's website cannot track the IP addresses of FreedomBox users.
2. We can update the versions of the empty quine files without making
code changes in FreedomBox.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Update description to reflect the change in upstream URL]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.or>g
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Uninstall deletes wikis & extensions
- Use Skylark (v1.8.0)
- Add option to upload existing wiki
- Open wiki links in new tab. Since Feather Wiki modifies browser history, it
takes several clicks to go back and reach the FreedomBox app for Feather Wiki if
the user wants to switch to another wiki file. Opening in a new tab also makes
it easy for the user to move text between wikis (i.e. the Refile use case).
- Improve HTML file path handling. Extract only the HTML file name from the URL.
Return a 404 status if the file cannot be found
- Place featherwiki_nest.cgi file in /usr/lib/cgi-bin. The file is installed as
part of the FreedomBox package, rather than a step in the installation of
Feather Wiki.
[sunil]
- Reorganized description to complete the introduction before talking about
FreedomBox implementation.
- Update description to say that only users of 'wiki' group can access.
- Update description to talk about where the wiki is downloaded from how to
upgrade it.
- Update short description to 'Personal Notebooks'.
- Add UsersAndGroups component and to reuse 'wiki' group properly.
- Reorder component to resemble other apps (could prove useful in future).
- Restrict frontpage shortcut to 'wiki' group users.
- Minor styling updates. Run isort.
- Use pathlib.Path object where possible instead of os.path.
- Perform sanitization in privileged methods instead of callers. This leads
better security if the service is compromised.
- Perform duplicate checking in privileged methods instead of callers.
- Check in privileged action that uploaded file originates from temporary
directory. Otherwise, arbitrary files can moved into DAV directory.
- Switch storage path to /var/lib/ which is an application data folder from
/var/www which is a user data folder.
- Add extra security to the DAV folder by explicitly rejecting .htaccess
directives, forcing mime type and removing all options.
- Update SVG/PNG logo icons to adhere to our guidelines.
- Minor template updates. Add required attributes. Improve i18n. Avoid <p>
inside <p>.
- Refactor tests for more code reuse and fewer globals.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- DAV can simplify hosting the Feather Wiki app.
- It can also potentially be used to share folders over HTTP to clients such a
GNOME/KDE file mangers.
- Enabling the modules by default should have few disadvantages other than
slight increase in memory. It needs to be enabled with 'DAV on' directive on the
specific directories.
Tests:
- Running the service after patch run apache setup and the modules are enabled.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Without the changes, typing https://<domain>/nextcloud does not work. With the
changes it redirects to https://<domain>/nextcloud/.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- /etc/gitweb-freedombox.conf is a drop-in configuration file. It is provide in
/usr and linked into /etc/. It is overwritten when freedombox package is
upgraded. So, it is incorrect to backup/restore the file.
Tests:
- Run functional tests that include backup/restore.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests:
- Run functional tests on miniflux app.
- Run backup and restore on ttrss app manually and notice that data is restored
and there are no errors.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- When the password is changed during the reset-password test, running other
tests in a different test run fails the tests.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Check the exitstatus and signalstatus as seen from the ptyprocess module.
- Avoid accessing 'log' before is it initialized.
- When creating admin user, don't expect JSON message for all other types of
errors. They are simple strings.
Tests:
- Try to modify the password of a non-existent account. Notice the error message
is shown. Modify the password of an existing account and it succeeds.
- Create an account with username that already exists. Notice that error is
shown. Otherwise, it succeeds.
- Allow the UI to enter short passwords and notice that error is shown properly
during user creation and reset password.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
Tests:
- Reset the password of an account successfully. No error is shown.
- Reset the password of a non-existent account. Error is shown.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
Both postgres and postgres-contrib package seem to pull the postgres-16 package
ultimately.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil's changes]
- Add copyright information the logo.
- Deluge: undo an unintended change.
- Drop wrapper calls over privileged methods. The new privileged method
decorators make is easy to avoid these.
- Styling updates: docstrings, single quotes for strings, casing for UI strings.
- Drop "DO NOT EDIT" comment for files located in /usr as they are not expected
to be editable by the user.
- Fix 'miniflux' to 'Miniflux' in web client name.
- Overwrite FreedomBox settings onto the existing configuration file when setup
is re-run. This is to ensure that FreedomBox settings take priority.
- Use return value of the miniflux command to raise errors.
- Use pathlib module where possible.
- Move message parsing into the privileged module from views module.
- Resize SVG and PNG logo files for consistency with icon styling.
- Use hypens instead of underscores in URLs and Django URL names.
- Rename miniflux_configure.html to miniflux.html.
- Use base method for minor simplification in backup functional test. Ensure
that the test can be run independently when other tests are not run.
- Update tests to reflect code changes.
- Avoid concatenating internationalized strings so that they can be translated
properly.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Not enabled by default currently. This can be changed after further
testing.
- Re-use existing operation from diagnostics run. However, this requires
changing the app_id of the operation for each app.
Tests:
- Enable automatic repair, and run diagnostics. See that repairs are
run.
- Enable automatic repair, and wait for daily diagnostics run. See that
repairs are run.
Closes: #2399.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Rename 'domain' to 'override domain'. See below.
- If override domain is not set and trusted domains list is properly maintained,
then Nextcloud can be accessed using a domain from list of trusted domains. This
is ideal as accessing from .onion domain and a regular domain will
simultaneously without forcing a single domain. However, non-localhost IP
addresses will not work with this approach and 'override domain' will be needed.
- When override domain is set to an IP address or a domain, then that domain
will forced. Also hostname are accepted on a request but after the first page
load, access will be forcefully redirected to the configured override domain.
Multiple domains, even trusted domains, will thus not work. This option should
be used as a last resort.
- All un-setting the override domain to an empty value so that trusted domains
can be used again.
- Update diagnostic checks to ensure that above logic is used with checking
domains.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Enable the redis drop-in configurations before redis-server is started so that
the configuration is effective.
- When app is disabled and re-running setup, disable it after running setup
because setup() enables it.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
