- Don't ship /etc/mediawiki/FreedomBoxSettings.php anymore. Create the file on
first setup. Keep old file on update.
- Simplify and unify how the configuration settings are read and written.
Tests:
- Run unit and functional tests.
- All the drop-in config files in /etc/ are symlinks.
- Shipped configuration is effective.
- Upgrade from older version keeps old configuration.
- Config files are all symlinks in /etc/
- When upgrading from older version FreedomBoxSettings.php does not change.
FreedomBoxStaticSettings.php becomes a symlink.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- Login to Matrix using app.element.io works.
- Fail2ban rules work
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- Unable to test renewal hook
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- Web interface is accessible
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- Creating blog and wiki works
- Wiki is accessible
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Could not test as the app is uninstallable
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Could not test as the app is not installable.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks /etc/
- Configuration file is effective
- Web interface works
- Web interface authentication works
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #729.
Tests:
- Install Shadowsocks Server. Install Shadowsocks Client, and set the
server to localhost, and set the same password as the server. Use
curl to connect to local SOCKS proxy on port 1080 and fetch a
website.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Update some docstring comments for shadowsocks clients]
[sunil: Use the term Censorship instead of network filters]
[sunil: Prevent enabling both apps when setup is re-run]
[sunil: Update typehint for a privileged method to be minimal]
[sunil: Accept connections from external IPs too]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- This will leave /etc/{plinth,freedombox} empty by default making service more
robust to run across various environments and situations. See systemd's
explanation for more details.
- Use Debian maintainer scripts remove all the existing files in
/etc/plinth/modules-enabled.
- Read from /usr/share/freedombox/modules-enabled then from
/etc/plinth/modules-enabled and finally from /etc/freedombox/modules-enabled.
Later read ones override previously read files. Any file pointing to /dev/null
will mean the module must be ignored.
Tests:
- Clean up /etc/plinth, /etc/freedombox and
/usr/share/freedombox/modules-enabled. Run service and notice that files are
getting loaded from development folder using a debug message.
- Run setup.py and notice that files get installed in
/usr/share/freedombox/modules-enabled/ and in the next run they get loaded from
there.
- Create a override file in /etc/plinth/modules-enabled/transmission and notice
that overriden file gets priority over the one in
/usr/share/freedombox/modules-enabled.
- Link the file /etc/plinth/modules-enabled/transmission to /dev/null and notice
that is not loaded.
- Create another file in /etc/freedombox/modules-enabled/transmission and notice
that it overrides the previous two files.
- All affected modules are loaded.
- Build a new Debian package and ensure that upgrading 23.8 to new version
removes are all configuration files.
- Build developer documentation and test that Tutorial -> Full Code and Tutorial
-> Skeleton sections have been updated with references to
-.../modules-enabled/... paths.
- Install quassel and notice that certificates were copied to /var/lib/quassel
directory. Change domain to another domain and notice that certificates were
copied again to that directory.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This improves modularity. Each app brings its own icons in its directory
instead of a centralized directory.
Tests:
- Install an app and notice that the installation notification has the icon.
- Visit an app's page in Apps and System (cockpit) section and ensure that the
app's icon is being shown.
- Visit the Apps and System section and notice that apps' icons are being shown.
- Visit the home page and notice that shortcuts' icons are being shown.
- Visit the URL /plinth/api/0/shortcuts and notice that the URLs for icons are
accessible and lead to proper icon files.
- Build developer documentation and notice that Tutorial -> View and Reference >
Menu pages show the expected updates.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Add doc/*.wiki to the section covered by CC-BY-SA-4.0.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2276.
Functionality all over the system keeps failing due this approach. The latest is
changing hostname in ejabberd Mnesia database fails (#2276). Further, users
connecting FreedomBox to a monitor can't use a GUI.
Tests:
- Without patches, enable restricted access. Apply patches and setup.py install.
Security app is updated. Restricted access is disabled and
/etc/security/access.d/{50freedombox.conf, 10freedombox-security.conf,
10freedombox-performance.conf} are removed. It is possible to login into
non-admin account via SSH.
- On a fresh install, the configuration files are not found.
- Security page does not show 'restrict console logins' option.
- Updating security app setting works. Message 'Configuration updated.' is
shown.
- First boot succeeds. Restrict console login is not enabled.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Name of the jail has to be less than 29 characters for an iptables/nft chain
to be created.
- Make the regular expressions more specific to avoid matching incorrect fields
for <HOST>.
- Added journalmatch to improve performance by matching the regular expressions
against only specific journal entries.
Tests:
- Run setup.py, remove the old jail and filter files. Restart fail2ban and make
10 incorrect login attempts. The IP address gets banned for 10 minutes.
- Not run: Build new freedombox package and upgrade from older version to see
that old configuration files have been removed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Currently, tahoe-plinth.conf and mldonkey-freedombox.conf are left over
in FreedomBox systems that were installed on plain Debian. This commit
makes sure these files are removed.
Test:
1. I installed FreedomBox on Debian and checked if the obselete files are indeed present.
2. I built my own package with the modifications and updated FreedomBox with the
local deb file.
Signed-off-by: nbenedek <contact@nbenedek.me>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Some VPS providers preconfigure ufw which can break the
FreedomBox installation process on plain Debian. To
prevent this, make the freedombox package remove ufw.
Tests I made:
1. Enabled ufw on a Debian system
2. Built a custom package with the modification in the
control file
3. Installed the custom packge.
Result: ufw gets removed before the execution of
`update-initramfs: Generating /boot/initrd.img-5.10.0-17-amd64`
Signed-off-by: nbenedek <contact@nbenedek.me>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
