- Use php-fpm instead of using mod-php.
- Create database and setup permissions manually. Tables and initial data are
created during the initial setup process done by WordPress. Database upgrades
are handled by WordPress. Minor versions are upgraded automatically and major
version need user intervention.
- Backup/restore functionality including database.
- Install recommended extensions for performance.
- Setup and run cron jobs to ensure that scheduled publications are
completed (among other things). Service has systemd security features. Timer is
set to run every 10 minutes.
- Functional tests for adding/removing posts and backup/restore.
- Increase file upload size limit to 128MiB.
- A private mode (default) for keeping the setup process secure. Should be
disabled after first setup is completed. This uses a new approach using
file-based flag for different Apache configurations.
TODO:
- Find a nice way to allow WordPress to upload plugins/themes. Currently this
operation files and users are expected to manually scp the files to
/var/lib/wordpress/wp-content/{plugins,themes} directory.
Tests:
- Functional tests.
- Schedule publishing of a post. Notice that post got published.
- Test uploading a file larger than 2MiB.
- Test enabling permalinks. This leads to nicer looking URLs.
- Test adding images to posts/pages.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2100.
- wireless-tools package is being orphaned. https://bugs.debian.org/963896 .
- We use Network Manager to manage network and don't use iw* tools from
wireless-tools package. Network Manager itself does not need wireless-tools
package to configure and manage Wi-Fi connections. This is seen on typical
desktops.
- FreedomBox service uses NM D-Bus API to scan for available networks.
- Code does not refer to the tools iwconfig, iwevent, iwgetid, iwlist, iwpriv or
iwspy. These are the binaries provided by the wireless-tools package.
Tests:
- After removal of the wireless-tools package, wireless scan functionality does
not result in an error.
- Not tested: Attaching actual Wi-Fi hardware and seeing the list of available
Wi-Fi networks.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Better error handling
- You may retroactively diagnose and fix problems
- Shows the most important issues first
audit.models.Diagnosis
- Added JSON serialization (needed for IPC)
- Replaced ambiguous vocabulary
- Provided a sorting key
audit, diagnosis
- Support title translation
Closes: #2091.
To avoid current issues with keys.gnupg.net.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
If the domain part was not provided, $myhostname will be used.
In case $myhostname is not in $mydestinations, the email will be relayed.
In case $myhostname is invalid, the email will be bounced.
The next hop should always be LMTP (local: transport)
and hence the `@localhost`
- View: security.html -> email_security.html
- Setup: will not install Redis
- Setup: put clamav packages on hold
- Crash recovery: opening firewall ports becomes the last post action
- Crash recovery: group postconf.set_many into small transactions
- Crash recovery: safer postconf.set_master_cf_options
- Make extensive use of the milter protocol
- Milter: add X-Fbx- headers to emails
- All submitted mails go to smtp:localhost:10025 for filtering
- Header privacy for submitted mails
- Rspamd: be able to inject and replace FreedomBox-managed config
- Reserve special addresses for future use
Known issue: internal emails do not go through spam filtering
- Move render_tabs into plinth.views
- Move admin_tabs and user_tabs into the class
- New interproc module contains inter-process functions
- New helper methods in TabMixin
email_server:
- `-i` option passes all remaining arguments to action
- delete unused "touch file" option
Views:
- delete broken links
- add tabs to every page
- separate admin tabs from user tabs
- Separate alias database from system
- Block mail to system users, without backscatter
- Alias management UI for non-admin users
- Enabling/Disabling aliases (mails to /dev/null)
Misc. changes
- Daemon management
- Backup information
- Postconf diagnostics interface
- New class: `MainCfDiagnosis`
- "Advise and repair" mechanism reduces the number of postconf calls
- File locking: lock acquisition moved into audit module
- Enables finer-grained control
- Rewrote action script to eliminate stdin communication
- Changed return type of audit.*.get()
- An audit can return multiple lines of diagnostics
- Move recommended endpoint URLs into function docstrings
