- firewalld is always on an active. Running setup is not a problem.
- Installing new configuration and applying changes on top is more reliable.
Changes to be done are not configuration settings but FreedomBox defaults.
Fixes: #1367.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This allows the tests to pass even if logins are restricted by
security module.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Due to security risk that a compromised Plinth process will give adversary the
ability to write to any file on the system.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
While moving the home page configuration to a new file, also reset the home page
path in freedombox.conf to its default setting of /plinth.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Pass the `mail` attribute as an empty string instead of None (null in yaml)
Fixes#1484
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This includes list of packages for which conffile prompts will be shown. For
each package current version of the package, new version of the package and list
of configuration files that were modified.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
To trigger setting up all the necessary modules again.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
To avoid Apache restart during installation (although sso is an essential app
and this is not an issue).
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Use backup hooks to dump and restore database.
- Add functional test for backup and restore.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Currently, nscd comes as a recommended package of nslcd, which is a dependency
of Plinth. Plinth needs nscd to work. An installation with the --no-recommends
option will cause errors in Plinth.
Users is an essential package in plinth. nscd is now a managed package of users.
Fixes#1213
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Simply keep the old configuration as the configuration format for bind is
unlikely to change due to its stability. Future versions may consider checking
for version of package being upgraded to.
- Don't start service if not already running.
- Don't perform firewall changes.
- No need to rerun setup as old configuration is being kept.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This supports the use case of hosting a website on FreedomBox at Apache's web
root. This makes the assumption that index.html is a file in the website.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- When a user selects their Ikiwiki wiki or blog as the default app, the UI
doesn't reflect that. It still shows Plinth as the default app. This commit
fixes the bug.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
When run on empty directory FileNotFoundError is raised. Include it in the list
of expected errors.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
When ORPort is set to 'auto', Tor automatically allocates a port for it. During
it's first run, we able to extract the port number and open the firewall port.
However, unlike for pluggable transports, Tor does not seem to store this port
for future reuse in the state file. It hence opens a new port every time it is
started. This leads to a new port being assigned on next Tor startup and leads
to relay functionality not being reachable from outside.
According to the documentation, only possible values for ORPort are a fixed
number or 0 (disable) or auto (current behavior). Choose 9001 as this is the
commonly used port number for ORPort. The recommended port number of 443 is not
possible in FreedomBox due it is use for other purposes.
Closes: #1495.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Use the function get_domainname() in config module everywhere
- Delete duplicate implementations in ejabberd and jsxc
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
If a valid certificate is available but not yet setup, the earlier code assumes
there is a valid certificate.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Matrix requires valid certificates for federation with other servers from
version 1.0 onward. If the FreedomBox server already has LE cert and private
key, copy them into /etc/matrix-synapse
- Add certificate renewal hooks for Matrix Synapse. Reusing the certificate
renewal mechanism built for ejabberd with matrix-synapse as well. One notable
difference is that Matrix Synapse doesn't support switching the domain name or
dropping the Let's Encrypt certificate.
- Use self-signed certificate if there is no LE certificate. Matrix Synapse
server startup fails if the files homeserver.tls.crt and homeserver.tls.key
are missing.
- Copy Apache's snakeoil certificates to /etc/matrix-synapse when LE
certificates are not available. Prefer LE certificates if available.
- Display warning if no valid LE certificate is found.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Avoid raising errors which could cause endless loop of setup process
failing.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Previously, we switched from ntp to chrony. However, since chrony
conflicts with ntp, this change in dependency causes
unattended-upgrades to skip upgrading freedombox.
Switch to systemd-timesyncd, which does not conflict with either
package. We can switch back to chrony after all users have upgraded to
the most recent release.
Closes#1486
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Make it conditional such that when the disk space information is not available
due to errors, we don't display the warning.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Like most other pages in the interface, use 'Cancel' buttons instead of 'Abort'
buttons.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
