- This allows disabling syslog daemons.
- Fall back to using file based monitoring for Apache.
Tests performed:
- Before and after the patch, connecting via SSH and typing in incorrect
password leads to a entry in fail2ban.log. 10 incorrect attempts result in a 10
minute ban.
- Before and after the patch, typing in incorrect password for radicale leads to
a entry in fail2ban.log. 10 incorrect attempts result in a 10 minute ban.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Add the debian-deluged user to the freedombox-share group *before* running
app setup. The app setup process restarts the deluged daemon
after which the process has correct group ownerships.
Tests done in Debian stable and testing dev containers:
- After installing the deluge app, checked from /proc/--process-id--/status that
the deluged daemon process has the freedombox-share group.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Add nslcd.service as a dependency to the services that depend on users
and groups defined in LDAP. deluged, mldonkey-server, syncthing@syncthing
and transmission-daemon services depend on freedombox-share LDAP group.
Closes#2061
Tests done with apps deluge, mldonkey, syncthing and transmission,
in both debian stable and testing dev containers, after applying changes:
- After installing an app and after reboot, the daemon user is a member
of the freedombox-share group.
- Checked with the `systemctl show` command that nslcd.service is added to
After=... dependencies.
- All the functional tests pass (in Debian stable, closed manually
the syncthing usage reporting form - #2059).
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Sunil:
- Minor update to the TURN server message.
- Drop updating the FAQ link since there may not be much time for translators to
translate the changed message due to our current release schedule. The old link
still works.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Matrix Synapse will automatically pick up the locally installed coturn server
during its installation. This handles only the case where coturn is installed
and configured with a valid TLS domain name before matrix-synapse is installed.
- Allow overriding STUN/TURN config. Matrix Synapse uses the local coturn
server's configuration by default. However, an administrator can override the
STUN/TURN configuration from FreedomBox web interface. Allow administrator's
overrides to co-exist with FreedomBox's managed STUN/TURN configuration.
Administrator's configuration, if it exists, always overrides FreedomBox's
managed configuration. Any updates to FreedomBox's managed configuration will
have no impact on the administrator's configuration since the latter takes
precedence.
Sunil:
- Collapse multiple turn actions into a single one for simplicity. Sending empty
configuration means removal of the configuration.
- Ensure that when removing configuration file is idempotent.
- Manage TURN configuration even when app setup is not yet completed. This fixes
issue with TURN configuration not getting setup on app installation and setup.
- Fix issue with TURN configuration getting updated on form submission even when
the field is not changed. This is due to mismatch between the browser submitted
\r\n with the internal \n.
- Simplify JavaScript for the form and attach handlers only after DOM is ready.
- Drop the no-JS message since the loss of functionality is trivial and to
reduce translation burden.
- Fix issue with URIs and secret parameters not getting updated unless the
managed checkbox changes.
- Drop specialized success messages for TURN configuration update to reduce
translation burden.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Sunil:
- Join the string in the template instead of the view.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Sunil:
- Add TurnConfiguration to reference documentation. Add more details in
docstrings.
- Rename the component to TurnConsumer since 'Component' in the name is
redundant and unconventional. Also, hopefully, the component will retain the
API over multiple TURN servers.
- Log when notifying other components about configuration change.
- Use TurnConfiguration class more widely.
- Refactor for simplicity.
- Additional tests.
- Move URI generation code into TurnConfiguration.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2050.
Current implementation of Zoph does not work with version 0.9.9 in Buster. As an
easy hack to make the app only available in Bullseye, php7.4 dependency has been
added. After making the last release for Buster, this can be removed to allow
compatibility with newer versions of PHP that become available.
An incomplete list of problems with current implementation with Buster:
- zoph --get-config is unavailable. Can be circumvented by querying the DB
directly.
- zoph --dump-config is unavailable. Can be circumvented by querying the DB
directly.
- interface.user.remote and authentication based on REMOTE_USER are unavailable.
The Apache configuration shipped by Debian package does not include FreedomBox
related LDAP configuration.
- interface.user.cli defaults to "0" instead of "1". This cases running zoph
from command line. This can be circumvented by setting this configuration value
to "1" via DB interaction.
Tests:
- On stable container, zoph is not available for installation.
- On testing container, zoph can be installed, setup and used.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Remove the percentage check, which was incorrectly checking used
percent, not free percent.
Closes: #2046.
Tests:
- Fill up disk space so that 4.5G is free. Dist upgrade does not start
due to not enough free space.
- Fill up disk space so that 5.5G is free. Dist upgrade can be
started.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Identify Freedbombox admin who installed the app to be zoph admin.
- Implement backup and restore.
- Photos directory should remain at /var/lib/zoph, for proper operation of
backups.
- There remains an issue that the App is enabled before it is configured but
will not work correctly until configuration.
- OpenStreetMap mapping is enabled. These should be configurable before
installation.
- Add initial forms.py and views.py to Zoph app, however these are currently
unused as urls.py does not invoke the view. When the view is not invoked the
Zoph App installs, with single signon, currently as the first LDAP user, rather
than the plinth user.
- The first user's preferences are not set, and need to be manually set to avoid
other errors.
* Sunil's changes
- Squash commits and re-split them.
- Drop documentation as it will be auto populated from wiki later.
- Remove outdated validation code from manifest.
- Drop some dead code.
- Don't send MySQL password over command line for improved security. Instead
rely on Unix authentication of root user similar to backup/restore process.
- Use JSON for exchanging configuration dump to avoid encoding errors.
- Add username validation to avoid a potential SQL injection.
- Update description for neural tone and brevity. Add information about how user
accounts work in FreedomBox
- Fix functional tests.
- Drop all code related to changing photos path until it is ready.
- Update URL from /zoph to /zoph/ to avoid another redirect.
- Fix disabling the app.
- Use icon that Zoph uses for favicon as logo. Update copyright file.
- Fix spelling unzip.
- Minor refactors. Run yapf and isort.
- Use subprocess.run() instead of os.popen() everywhere for better security with
argument parsing.
- Enable OpenStreetMap by default. User have a choice to disable it before using
the app. Add label to explain privacy concerns.
- Fix dropping database by using --force argument.
- Cleanup enabling the app to not enable the app when updating configuration.
- Use AppView's default template instead of overriding.
- Update functional tests to just check if the app is enabled/disabled as
expected. Checking that Zoph site is available will require reliable handling of
admin user.
Signed-off-by: John Lines <john@paladyn.org>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Add running spinner before every app installation step text, this
makes the fact that installation is in progress visually more noticeable.
Tested when installing the mediawiki app, the running spinner is shown
on every installation step.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
[sunil: Horizontally align the text and spinner by the spinner inline]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
