This is now the preferred location in Debian. See:
https://lintian.debian.org/tags/systemd-service-in-odd-locationhttps://bugs.debian.org/992465https://bugs.debian.org/987989d70caa69c6https://lists.debian.org/debian-devel/2021/08/msg00275.html
Tests:
- Lintian no longer shows errors:
E: freedombox: systemd-service-in-odd-location lib/.../calibre-server-freedombox.service
- Comparing the old .deb and newly generated .deb with these changes. All the
systemd files show that they are moved from /lib to /usr/lib/systemd.
- After upgrading the deb from older version to a version these changes,
services installed by the package are available (tested after restart with
wordpress and claibre). Services tweaked by the package have the changed
configuration reflected as shown by systemctl show
{service-name}.service (tested after restart with quassel).
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
From freedombox-setup all the setup mechanisms and first-run mechanisms have
been removed. This script no longer does anything and is not needed. Ensuring
that the directories have proper permissions is now the duty of Plinth Debian
packaging.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Signed-off-by: Joseph Nuthalpati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
There is no need to restart firewalld after the setup steps run.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Essential modules enable their own services properly. There is no need to do
them as part of common setup.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Instead run all of the setup process during the first boot. This enables us to
someday remove the reboot step entirely.
Tests: After building a new image with the changes, call the modules have shown
to be properly setup. Running the setup wizard, creating admin user and logging
works as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Created basic plinth app which starts an introducer and a storage
node on the FreedomBox.
- Prompt user to set a domain name before creating Tahoe-LAFS nodes.
- Support adding and removing of introducers to the storage node.
- Serve Tahoe-LAFS from a different port.
- Start all nodes and introducers at system startup.
- Add utility class YAMLFile with test cases.
It is believed that ownCloud is unlikely to return to Debian in near future.
Removing module to ease maintenance.
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Change the configuration minimally and more reliably.
- Rename the Apache configuration and add comments.
- Rename firewalld description file.
- Enable the matrixsynapse module by default.
- Improve category, description texts and warnings.
- Remove unused variable.
- Add missing docstrings.
- Minor styling updates.
- Fix i18n in templates.
- Fix showing description in main service view.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
LDAP admin and basic structure setup requires running slapd. Move this
to first-run so we don't have to start slapd during setup. This should
avoid issues when running setup in a chroot.
- RTP ports used for voice and video communication can span a wide range
of ports. Some servers seem to restrict the range. However, repro
does not seem to do that. So, open up the full range.
- Since SIP is a generic protocol implemented by various servers, the
firewall service must describe the protocol instead of the
application. This is similar to the way firewalld handles
http/https. This also make the service descriptions more acceptable
by upstream.
- Split unencrypted and encrypted services so that one can enabled
without the other (a possibility with SIP).
- Add 5061/UDP for SIP over DTLS and DCCP.
Set the default firewall zone. When network connections are configured
outside of FreedomBox/Plinth, they will not be able to serve the Plinth
web interface. This is because all such interfaces will fall in the
default firewall zone and that is, by default, 'public'. On 'public'
zone we don't allow Plinth web interface as this zone is not managed.
Configuration of network connections happen outside for
FreedomBox/Plinth for various reasons:
- Existing network connections before installation of freedombox-setup
- Connections configured in /etc/network/interfaces
- Connections manually configured using nmtui
- Connections created using GUI environments such as GNOME
Rather then clearing out /etc/network/interfaces during setup and
expecting the connections not to be created outside of Plinth, setting
the default firewall zone is a better approach. This default zone
selection fits with the main purpose of FreedomBox to be a router which
is also reflected by the fact that only 'external'
This is now properly handled by freedombox-setup network scripts. There
is no need to set it up here. Also there is chance they might by
configured wrong.
- Introduce Apache configuration for plinth.
- Remove Transmission service file for firewalld.
- Enable transmission on install.
- Enable/disable Apache configuration on Transmission on enable/disable.
- Remove IP address whilelisting as 127.0.0.1 is the default setting and
is sufficient for Apache to reverse proxy.
- Update UI URL.
- Don't hijack the entire SSL site for sake of Plinth.
- Serve both HTTP and HTTPS sites with default configuration.
- plinth-ssl configuration only make SSL compulsory.
- Document modules required for configuration to work properly.
- Don't disable default site during FreedomBox setup run. This is no
longer required.
The package license (AGPL3+) implicitly indicates the license of each
file. However, it is desirable to have license headers in each file.
This is the case for many prominent projects like GNU project, Mozilla
etc.
