Tests:
- Config app description is as expected.
- Config form does not show domain name field anymore.
- Submitting the form with changes works.
- Names app has correct link for configuring static domain name. Clicking it
takes to page for setting domain name.
- On startup, static domian name signal is sent properly if set. Otherwise no
signal is send.
- Change domain name form shows correct value for current domain name.
- Change domain name form sets the value for domain name properly.
- Page title is correct.
- Validations works.
- Add/remove domain name signals are sent properly.
- Success message as shown expected
- /etc/hosts is updated as expected.
- Unit tests work.
- Functional tests on ejabberd, letsencrypt, matrix, email, jsxc, openvpn
- After freshly starting the service. Visiting names app shows correct list of
domains.
- ejabberd:
- Installs works as expected. Currently set domain_name is setup properly.
Copy certificate happens on proper domain.
- Changing the domain sets the domain properly in ejabberd configuration.
- Ejabberd app page shows link to name services instead of config app.
Clicking works as expected.
- letsencrypt:
- When no domains are configured, the link to 'Configure domains' is to the
names app.
- matrix-synapse:
- Domain name is properly shown in the status.
- email:
- Primary domain name is shows properly in the app page.
- Setting new primary domain works.
- When installing, domain set as static domain name is prioritized as primary
domain.
- jsxc:
- Show the current static domain name in the domain field. BOSH server is
available.
- openvpn:
- Show the current static domain in profile is set otherwise show the current
hostname.
- If domain name is not set, downloaded OpenVPN profile shows hostname.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests:
- Config app description is as expected.
- Config form does not show hostname anymore.
- Submitting the form with changes works.
- Names app has correct link for configuring Local Domain Name. Clicking it
takes to page for setting hostname.
- Avahi shows the current .local domain correctly in Names app.
- Change hostname form shows correct value for current hostname.
- Change hostname form sets the value for hostname properly.
- Page title is correct.
- Validations works.
- Pre/post hostname change signals are sent properly
- Success message as shown expected
- hostnamectl shows the set domain
- If domain name is not set, downloaded OpenVPN profile shows hostname.
- Unit tests work.
- Functional tests on names/config/avahi apps work.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Closes: #2161.
- Sections are ordered by importance on which administrator must act after
setting up the system.
- Consistent order across all the languages.
- Update the styling for the section hearers.
- For system section, make them compact.
- Make them look like a header text (with underline) rather than a
divider (like in a menu).
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- This is so that the methods will be checked by mypy. This should help identify
any incorrect initialization of components.
- Remove unused self.repos in GitwebApp.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2313.
systemd-journald does not (never did) accept size values given in percent of
file system size. Only the defaults work with percent values. Hence our addition
of RuntimeMaxUse= as percent value in configuration file did not work.
systemd-journald outputs a warning to dmesg and ignores the value.
We could change the value to fixed size. We would have to choose a value that
works for systems with less memory (such as 1GiB) and that value would serve
poorly for systems with more memory. Instead, leaving the default value of 10%
for RuntimeMaxUse= might be better. Additional configuration of MaxFileSec=6h
and MaxRetentionSec=2day would also ease the burden in most cases for the low
memory devices. Considering that people did not report issues with status
quo (where the value we have set did not work and default size was used) also
suggests that default value will work. Further, /run filesystem itself seems to
be allocated only 10% of available memory.
Tests:
- Without the patch, start a vagrant machine. Notice that dmesg shows the error
mentioned in the issue #2313. Apply patch and restart the service. Setup is run
for config app. The file /etc/systemd/journald.conf.d/50-freedombox.conf will no
longer have the RuntimeMaxUse= directive.
- After reboot, dmesg will no longer show the error. systemctl status
systemd-journald shows that 10% of the size of /run is the max for journal file.
- In config app page, setting various values of log persistence works.
- On a fresh container with the patch, initial setup succeeds and
journald.conf.d file is setup without the RuntimeMaxUse= directive.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2314.
Tests:
- On a fresh testing container, verify that the file
/etc/apache2/conf-available/freedombox-apache-homepage.conf is not present.
Visit the config app and notice that home page shows as 'Apache Default'.
- Apply the patch and refresh the page. The page now shows 'FreedomBox
Service (Plinth)' as the home page.
- Functional tests work.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Initial implementation of home page setting used the file
/etc/apache2/conf-available/freedombox.conf and edited the file. Since this file
is shipped by the freedombox package, it lead to package getting stuck with
conf-file prompt. FreedomBox v19.10 first fix this by carefully undoing the
edits in this file and making them elsewhere.
- This fix is present in Debian present old stable (with backports) and current
stable, the migration is not needed in almost all the of cases.
Tests:
- First setup of FreedomBox works.
- Setting home page works are expected.
- Functional tests for config module works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- DONE: Unit tests work
- DONE: Transmission
- DONE: Enabling/disabling an app with a daemon works: transmission
- DONE: Showing the status of whether the app is enabled with daemon
is-enabled works.
- DONE: A message is shown if app is enabled and service is not running
- DONE: Service is stopped and re-started during backup
- DONE: Adding user to share group during initial setup restarts the service
- Not tested: Enabling/disabling a service with alias works (no such apps)
- DONE: Restarting/try-restarting a service works
- DONE: Masking/unmasking works
- DONE: rsyslog is masked after initial setup
- DONE: systemd-journald is try-restarted during initial setup
- DONE: Avahi, email, security initial setup works
- DONE: Fail2ban is unmasked and enabled
- DONE: Enabling/disabling fail2ban is security app works
- DONE: Enabling/disabling password authentication in SSH works
- ?? Let's encrypt
- Services are try-restarted during certificate setup, obtain, renew
- Not tested: upgrade pagekite from version 1
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Initial setup succeeds
- (not tested, functionality removed later) During initial setup, if
/etc/apache2/conf-available/freedombox.conf has home page other than /plinth,
it will be changed to /plinth.
- Setting the home page to Apache default, plinth, or an app works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
module.app property usage is greatly reduced because setup() and force_upgrade()
method are now part of App class instead of at the module level. Remove the
remaining minor cases of usage and drop the property altogether.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Primary purpose is to complete the App API and allow for multiple apps to be
present in a module without a single clashing setup() method. Secondary
objective is to get rid of SetupHelper instance simple use App instance instead.
- This brings us closer to not needing to implement setup() method for some of
the typical apps.
- Remove default value None for old_version parameter.
- A valid integer value is always passed to this call.
- The value of None is undefined.
- Simplifies the App API slightly.
- Drop setting 'pre', 'post' values to indicate the stage of setup for the App.
- Simplifies the setup methods significantly. Eliminates a class of
bugs (some of them seen earlier).
- The UI can show a simple 'installing...' or progress spinner instead of
individual stages.
- There are currently many inconsistencies where many operations are not
wrapped in helper.call() calls.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This reduces the number of writes to the disk improving disk longevity and IO
performance. Note that systemd-journald is already very reasonable with how
often it writes to the disk. It's flush interval is 5 minutes.
Most users of FreedomBox are not expected to see logs. Those that see the logs
do so for debugging purposes. Debugging can still be done if reboot does not
occur. Users can change the logging mode to 'persistent' before debugging issues
that require reboot. This makes debugging harder for non-reproducible bugs, but
is, at present, considered an acceptable compromise.
Tests:
- On a fresh container, with the patch applied, config page shows 'volatile' as
the logging mode.
- On an container with changes not applied, start freedombox service. Then apply
the patch and restart service. config app setup will be run. Config page shows
'volatile' as the logging mode.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- For zoph, drop dependency on php7.4 as it will cause issues for future
versions of php. The dependency was a hack and not needed for Bullseye and
higher.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2151.
Tests:
- Before this patch, --list-dependencies does not list zram-tools. After this
patch, --list-dependencies lists zram-tools.
- After this patch, --list-dependencies exactly matches the output from
freedombox release without Packages component changes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- After startup, the configured domain name shows up in names module.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- ugettext functions will be removed in Django 4.0. Each use emits a warning
when running with Django 3.2. Since we have warnings enabled in developer mode,
we see quite a few messages because of this.
- ugettext is already a simple alias of gettext. So, no regressions are
expected.
Tests:
- Accessing an affected app in UI with Django 3.2 and Django 2.2 works fine.
- Using Django 3.2 there are no warnings related to removal of ugettext
functions.
- Ran regular unit tests.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: Debian #805108.
Primary motivation is to provide swap for FreedomBox machines. On all FreedomBox
images, currently there is no swap configured. Swap on disk may not be good for
SBCs most of which use SD card for storage. We wish for processes to not get
killed when hard memory limit is reached.
Zram seems like a good solution to the problem suitable not only for SBCs but
also for desktops and bigger machines. Fedora is currently using Zram as its
default swap solution configured by the installer. Zram creates a block device
with a configured size. Writing blocks into the device compresses them and
stores them in RAM. This block device can be configured as swap among other
things. See:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/admin-guide/blockdev/zram.rst
Set the size of the swap to be 50% of RAM. Expected compression is about 1:2.
That means, in an average case, 25% of RAM is consumed to provide the swap
device. This results in the system being able to consume about 125% of RAM
capacity to run processes. This value is inspired by Fedora.
https://fedoraproject.org/wiki/Changes/SwapOnZRAM .
Zram based swap takes priority over disk based swap (due the priority being set
to 100). This reduces IO and improves latency on machines that already have a
swap device.
On containers, zramswap.service fails to start as it will not be possible to
insert the 'zram' kernel module from within the container. This should not cause
any further problems.
Since 'config' app is an essential app, zram-tools now becomes a hard dependency
of freedombox package.
For FreedomBox images, zram-tools will be pre-installed and pre-configured. So,
it will work on first boot. For users installing FreedomBox via apt or those
upgrading from an older version, zram-tools will be newly installed but
configuration will not be picked up until the next reboot. Restarting
zramswap.service is not done because it may not be a safe/successful operation.
systemd-zram-generator is a project that essentially does what zram-tools. It
appears to be a better implementation and we may migrate to it when it becomes
available in Debian. Migration expected to be straight forward.
Tests performed:
- Running `sudo -u plinth ./run --list-dependencies` shows zram-tools as a
dependency.
- On a container, `systemctl status zramswap.service` shows as failed.
- On a virtual machine, confirm that configuration is installed properly. Run
`./setup.py install; systemctl daemon-reload; systemctl show zramswap.service |
grep Environment`.
- On a virtual machine, ensure that you have more than 512MiB or RAM. Then
restart zramswap.service. This should create a swap space of 50% of RAM
capacity. Confirm with `free` and `zramswap status`.
- Restarting the VM retains the swap that has been setup.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Helps: #664.
Currently, logs are written to disk twice, once by journald and once by rsyslog.
rsyslog may log to multiple locations depending on the type of the log. To
reduce disk I/O, disable rsyslog and rely solely on systemd journal.
Place the code in config module as there is no better place for it currently
without creating a new module. Can be sorted later.
The following files under /var/log/ are no longer populated on FreedomBox. They
will be rotated away over a few days. Use journalctl instead to view the
messages:
- syslog
- messages*
- auth.log*
- debug*
- daemon.log
- kern.log
- lpr.log
- mail.log
- mail.info
- mail.warn
- mail.err
- user.log
Tests performed:
- On a machine with rsyslog running, run ./setup.py install and start FreedomBox
service. This triggers the config app's setup. rsyslog is disabled and masked.
systemd-journald is restarted.
- Even when rsyslog is unmaked and enabled manually, systemd journald does not
forward message to syslog anymore.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Closes: #1981
Closes also most of threads in !1952.
Signed-off-by: Fioddor Superconcentrado <fioddor@gmail.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Introduce new API to mark an app that it can't be disabled.
- Mark jsxc, storage, config, upgrade and firewall apps as can't be disabled.
- Fixed functional tests
- Replaced AppForm with forms.Form in all modules' forms.py.
- Remove app.template.js.
- Remove unused styles.
- Remove app status checks in form_valid of Deluge, Diaspora, Matrix, Ejabberd,
MediaWiki, Storage, Transmission, Quassel
- Purge unused is_enabled context variables (Ikiwiki)
- ejabberd: Minor cleanup in template
- jsxc: Cleanup unneeded overrides
- tahoe: Cleanup unnecessary overrides
Tests performed:
- For all apps affected, test enable/disable button works and submitting
configuration form works: with changes updates message and without changes
'settings unchanged' message.
- avahi
- bind
- cockpit
- SKIP: coquelicot
- datetime
- deluge
- SKIP: diaspora
- ejabberd
- gitweb
- i2p
- infinoted
- ikiwiki
- matrixsynapse
- mediawiki
- minetest
- minidlna
- mldonkey
- mumble
- pagekite
- privoxy
- quassel
- radicale
- roundcube
- SKIP: samba
- searx
- SKIP: shaarli
- shadowsocks
- ssh
- tahoe
- transmission
- FAIL: tt-rss (not installable)
- wireguard
- Deluge test that configuration changes when app is disabled work
- Quassel test that setting the domain works when app is diabled
- Transmission test that setting the domain works when app is diabled
- Ikiwiki create form works properly
- Enable/disable button appears as expected when enabled and when disabled
- Enable/disable button works without Javascript
- Functional tests work for affected apps, Tor and OpenVPN
- AppForm is removed from developer documentation
- Forms reference
- Customizing tutorial
- Test all apps using directory select form
- Transmission
- Deluge
- Visit each template that overrides block configuration and ensure that it is
loaded properly and the display is as expected.
- All apps that use AppView that are not tested above should not have an
enable/disable button. That is JSXC, update, config, firewall, storage, users.
Signed-off-by: Alice Kile <buoyantair@protonmail.com>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Remove the need to pass all the individual information elements to the AppView
separately. This eliminates many issues with elements that were mistakenly not
sent to AppView. Also reduces a lot of code duplication.
- Create App classes for power and sso for consistency.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- remove unwanted spaces and line breaks
- use just an image instead of using figure and figure caption to
display the icon in installation page
- eliminate unnecessary code duplication due to if condition
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Follow common code so that extending becomes easier.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Turn frontpage shortcut into an App component. Add tests and full
documentation.
- Overridden implementations for tahoe, diaspora, mediawiki shortcuts to handle
special cases. Special handling for ikiwiki.
- Extend App API for removing and retrieving a component.
- Add clients information into shortcuts to avoid hacks when presenting
shortcuts to Mobile devices via API.
- Fixed unnecessary stripping and adding of '/' when setting home page redirect
URLs. This fixes problem with setting Cockpit as home page.
- Replaced the use of term 'app' in favor of 'shortcut' as the term when setting
frontpage shortcuts as home page.
- JSXC shortcut does not require login.
- Don't show shadowsocks for anonymous users.
- Simplify showing selected shortcut details.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Introduce base class for all apps that will contain components. With
unittests.
- Introduce base classes for components. With unittests.
- Turn Menu class into an app component.
- Further cleanup Menu class.
- Update tests.
- Maintain a global list of menu items and look them up easily. Generalize
such that subsubmenus can later be merged into Menu class.
- Cleanup scope of main menu initialization.
- Use None instead of empty strings for various values. Ensure that
printing short_description does not show 'None' in output.
- Use enable/disable instead of promote/demote.
- Use menu component in all apps.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Due to security risk that a compromised Plinth process will give adversary the
ability to write to any file on the system.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
While moving the home page configuration to a new file, also reset the home page
path in freedombox.conf to its default setting of /plinth.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This supports the use case of hosting a website on FreedomBox at Apache's web
root. This makes the assumption that index.html is a file in the website.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- When a user selects their Ikiwiki wiki or blog as the default app, the UI
doesn't reflect that. It still shows Plinth as the default app. This commit
fixes the bug.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
