ExitPolicy is only used when relaying is enabled as per torrc manual page.
Tests:
- None
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tor app does have a running daemon.
Tests:
- Functional tests pass.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Any change to the remaining form fields now certainly requires restart of the
Tor daemon.
Tests:
- When no changes are done to the form, tor daemon is not restarted.
- When changes are done to the form, tor daemon is restarted. But only when app
is enabled.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Describing the SOCKS service provided by this instance of FreedomBox and
providing a convenient link to Manual.
Tests:
- The short cut shows as expected. Clicking on the shortcut shows description,
manual page link and configuration link.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Tor proxy template loads fine showing the app page.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Includes SocksPort and "Download software packages over Tor" feature,
as well as setting upstream bridges.
- "Download software packages over Tor" option is enabled by default.
- When upgrading, if Tor app was enabled and "Download software
packages over Tor" was enabled, then Tor Proxy will be installed.
- The default tor instance is now called tor@default. The "tor" service
is an multi-instance master that has Wants relation all instances.
Tests:
- Tests for Tor and Tor Proxy passed.
- Enable Tor, and run the tests for Tor Proxy. Afterwards, Tor is still
enabled and running.
- Enable Tor Proxy, and run the tests for Tor. Afterwards, Tor Proxy is
still enabled and running.
- Test setting upstream bridges for Tor and Tor Proxy.
- Install FreedomBox 23.11 in a VM and install Tor with default
settings. Install new FreedomBox version with Tor Proxy. After
install, both Tor and Tor Proxy apps are installed and running.
/etc/tor/instances/{plinth,fbxproxy}/torrc both have expected content.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Check that there are at least 12 direct passthroughs.
Tests:
- The diagnostic is passed.
- Manually remove a direct passthrough. The diagnostic is failed.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Change the backend to iptables, and restart firewalld. The diagnostic
is failed.
- Change the backend back to nftables, and restart firewalld. The
diagnostic is passed.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Use augeas transform operation]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Change the firewalld default zone to public, and restart firewalld.
The diagnostic is failed.
- Change the default zone back to external, and restart firewalld. The
diagnostic is passed.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Change the values of uri, base, and sasl_mech in /etc/nslcd.conf.
Confirm that the diagnostics are failing.
- Change the values back to the original. Confirm that the diagnostics
are passed.
- Remove the uri, base, and sasl_mech lines from /etc/nslcd.conf.
Confirm that the diagnostics are failing.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Use augeas Nslcd lens]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2356.
This is needed for upgrade from bullseye to bookworm.
Tests:
- Install mediawiki without the patch. Apply the patch and restart the service.
Notice that mediawiki setup has run and mediawiki..update() privileged method is
called.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2357
Thanks to Znoteer for reporting the issue and suggesting a fix.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Uninstall shaarli and notice that /var/lib/shaarli directory has been removed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Purging mediawiki package removes /etc/mediawiki. There is no need to
explicitly remove our two configuration files from /etc/mediawiki.
Tests:
- Setup mediawiki, change public registrations setting and uninstall. Reinstall
and observe that public registrations setting is reset.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Uninstall samba. Notice that /etc/default/samba and
/etc/samba/smb-freedombox.conf are removed.
- Reinstall samba and notice that the two files are restored to their expected
content.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
When gitweb is installed and not enabled without any public repos, the
post_inst() method tries to enable gitweb-freedombox-auth.conf apache2
configuration. Due to new approach of symlinking configuration files only when
needed, the file is not found and startup of freedombox service fails.
Fix it by making sure that gitweb auth configuration is only enabled when app
itself is enabled.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- During application update, if the last_updated_version is not provided for the
WebServer component, app's update to next version fails.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- jsxc is able to connect to jabber server
- When ssh is enabled avahi-browse -a shows SSH and SFTP services. The avahi
service files are created in /etc/avahi/services/. When service is disabled,
files are removed and avahi-browse -a does not show the services.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- Web interface is available
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- calibre web interface is available
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- bepasty uwsgi service is running
- bepasty web interface is available
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- ttrss app's web interface works
- Incorrect password attempts in LDAP login with /tt-rss-app/ get registered by
fail2ban
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- Web interface works
- Adding a plugin using auto-download works
- fail2ban-client status shows wordpress-freedombox
- fail2ban catches invalid login attempts
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- LDAP auth works for /tt-rss-app/
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- Running 'apt update' sends a DBus signal to freedombox service
- unattended-upgrade works
- Many service were restart when unattended-upgrade was run
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- Web interface works
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- Web interface works
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- Web interface works
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- Single-sing-on for searx works
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- fail2ban-client show shows sshd in jail list
- When ssh is enabled avahi-browse -a shows SSH and SFTP services. The avahi
service files are created in /etc/avahi/services/. When service is disabled,
files are removed and avahi-browse -a does not show the services.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- Sharing folders works
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- 'fail2ban-client get logtarget' shows sysout
- fail2ban logs to journald
- fail2ban identifies failures logged by apache in journald
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- Web interface works
- Web interface authentication works
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- Web interface works
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- Web interface works
- fail2ban jail is enabled
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- Web interface works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
See Debian bug #961984. This patch is available in Debian since version
1.5.2.200531-1. It is present in bullseye and bookworm. So it can be dropped
from FreedomBox.
Tests:
- Untested, as the exact configuration exists in
/etc/pagekite.d/90_debian_certs.rc
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- Network manager does run the dispatcher script due to write permission for
group. This issue is unrelated to the patch, however.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- /_minidlna/ works and shows a 404 generated by miniDLNA
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Don't ship /etc/mediawiki/FreedomBoxSettings.php anymore. Create the file on
first setup. Keep old file on update.
- Simplify and unify how the configuration settings are read and written.
Tests:
- Run unit and functional tests.
- All the drop-in config files in /etc/ are symlinks.
- Shipped configuration is effective.
- Upgrade from older version keeps old configuration.
- Config files are all symlinks in /etc/
- When upgrading from older version FreedomBoxSettings.php does not change.
FreedomBoxStaticSettings.php becomes a symlink.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- Login to Matrix using app.element.io works.
- Fail2ban rules work
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- Unable to test renewal hook
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- Web interface is accessible
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks in /etc/
- Creating blog and wiki works
- Wiki is accessible
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
