Avahi daemon is being managed in Plinth, so it makes sense for Plinth to be
providing the service files. Service files can be managed so that when service
is not available, it is not advertised using Avahi.
Install service files.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Signed-off-by: Prachi Srivastava <prachi@swecha.net>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
There is no need to restart firewalld after the setup steps run.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Essential modules enable their own services properly. There is no need to do
them as part of common setup.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
If pubtkt module is not enabled (rare) and if repro is enabled, Apache fails to
start. Make sure this effects only repro module. The single-sign-on
configuration already ensures that access is denied if pubtkt module is not
enabled, preventing unauthorized access.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Instead run all of the setup process during the first boot. This enables us to
someday remove the reboot step entirely.
Tests: After building a new image with the changes, call the modules have shown
to be properly setup. Running the setup wizard, creating admin user and logging
works as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- using latest version of lib-apache2-mod-authpubtkt
- upgraded keys to 4096-bit RSA
- upgraded hashing algorithm to sha512
Plinth needs dependency on libapache2-mod-auth-pubtkt >= 0.11
Signed-off-by: Joseph Nuthalpati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Solves bug #890
- Since Apache might be started before Plinth setup is ever run, we
have to handle the case where the auth_pubtkt module may not be available.
- Created basic plinth app which starts an introducer and a storage
node on the FreedomBox.
- Prompt user to set a domain name before creating Tahoe-LAFS nodes.
- Support adding and removing of introducers to the storage node.
- Serve Tahoe-LAFS from a different port.
- Start all nodes and introducers at system startup.
- Add utility class YAMLFile with test cases.
- Install mod_auth_pubtkt and generate public/private key-pair.
- Redirect user to login page if no cookie is presented.
- Add check for authenticated user for login page.
- Temporarily switched to DSA because of a bug in mod_auth_pubtkt
which causes it to accept only DSA and not RSA. Also had to use SHA1
instead of SHA256.
- Enabled SSO for Syncthing, Repro and TT-RSS.
- Using tokens to authorize by user groups.
- Generate keys during first boot.
- Remove apps and system modules and merge their views into main views.
- Move main_menu from cfg into menu.py.
- Remove dependencies of other modules on apps and system modules.
- Update tests.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
It is believed that ownCloud is unlikely to return to Debian in near future.
Removing module to ease maintenance.
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Change the configuration minimally and more reliably.
- Rename the Apache configuration and add comments.
- Rename firewalld description file.
- Enable the matrixsynapse module by default.
- Improve category, description texts and warnings.
- Remove unused variable.
- Add missing docstrings.
- Minor styling updates.
- Fix i18n in templates.
- Fix showing description in main service view.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Redirect /syncthing to /syncthing/ as the daemon does not work
without a slash at the end.
- Create a separate include file for LDAP authentication
configuration that can be included on other app configurations.
LDAP admin and basic structure setup requires running slapd. Move this
to first-run so we don't have to start slapd during setup. This should
avoid issues when running setup in a chroot.
- Remove extra newlines added to torrc.
- Remove comments added in random places to torrc.
- Enable tor instance during setup.
- Fix restarts to use tor instance.
- Revert change to augeas lens to attempt handling +.
- Add support for hyphens in values to augeas lens.
- Increment module version so setup can run again.
- RTP ports used for voice and video communication can span a wide range
of ports. Some servers seem to restrict the range. However, repro
does not seem to do that. So, open up the full range.
- Update action to not configure jwchat anymore.
- Update action to not disable jwchat apache configuration. Since the
package is no longer installed, this could cause failures.
- Update action to no refer to jwchat in comments.
- Update jwchat-plinth Apache configuration to not include jwchat
anymore. Keep this file name for now instead of renaming it to
jsxc-plinth as this would introduce additional complexity with little
benefit.
- Install package libjs-jsxc instead of jwchat during xmpp setup.
- Create jsxc front page shortcut instead of for jwchat.
- Perform diagnostics on /http-bind/ URL needed for jwchat instead of
/jwchat.
- Update links that launch XMPP web client.
Allow Plinth to manage network connections even when running as 'plinth'
user and not root user. This is done by adding polkit rules that
Network Manager checks
- Add new style Javascript based rules file for newer versions of
polkit (>105). This is not fuly tested.
- Add old style .pkla file for older versions of polkit (<=105).
- Create and list filesystem snapshots. Hide "current" snapshot.
- Allow deleting snapshots, except for default subvolume.
- Allow rollback to a snapshot.
Add a dispatcher script to NetworkManager to configure
B.A.T.M.A.N. Advanced interfaces. This quite a bit hacky at it is
triggered for network connections that have the keyword "BATMAN" in
them. The proper way to implement this is as a core change in
NetworkManager itself (as it lacks plugins). It is done is the hope
that it will garner some more interest in FreedomBox for mesh networks.
Currently, it is possible to create a BATMAN mesh network and shared
existing internet connections on it. Other boxes can then join this
mesh network and use that internet connection.
Known issues:
- Very unintuitive setup process. First create a connection with device
a Wi-Fi device, mode as ad-hoc, with a known frequency and BSSID. The
name of the connection should have contain BATMAN in it. It should
also have IPv4 method as disabled. Second connection should be
created for 'bat0' interface after the first on is successful. It can
be with method 'shared' for sharing internet connection and doing DHCP
requests or 'auto' for aqcuiring IP address from another node in the
mesh network.
- Untested for joining existing mesh networks.
- Requires configuring two network connections and the second one needs
to be manually enabled after the first one is successfully activated.
- Show free space of currently mounted partitions. Should help with
people running out of free space and ending up with non-working
system. In future, this module could emit more visible messages.
- Show and allow expanding root partition to help people who have
written FreedomBox images to higher capacity SD cards. Very selective
and restrictive checks to minimize problems.
- Automated tests to ensure expansion works in non-trivial senarious.
