The default favorites might change and we might have to update the list but for
now they were extracted from a clean router.config saved by the i2p daemon.
1528 - augeas for router.config
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
It's cleaner and less hacky, however we still overwrite the default favs because
they aren't written to the file by i2p until a change is made manually in the
frontend.
We still need to recreate the list of default and add them manually.
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Add interface to get port types and numbers for a service.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Fetch disk information for all disks using udisks
- Call df as superuser so that all disks are listed (udisks doesn't need sudo)
- Improved implementation to check if device is removable
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Remove unneeded actions: start, stop, restart, is-running and is-enabled.
- Remove short form parameter passing for add-favorite action. Mostly for
consistency and avoid confusion. Actions are not expected to be used by
regular users.
- Rename Apache configuration from: i2p-plinth.conf to i2p-freedombox.conf
- Fix issue with adding favorites when none already present. This eliminates
failure during first time installation for I2P.
- Fix issue with incorrect new lines while editing favorites.
- Minor fixes in Apache configuration.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Enable by default so that app installation (algo during backup restore) does not
cause apache to restart and show error pages.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
3 search engines and a torrent tracker added to the favorites
freedombox-team/plinth#1428 Request: I2P support
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- installs i2p from apt
- accessible under /i2p/
- needed to modify diagnostics url to include numbers
TODO:
- fix CSS at /i2p/ : firefox NS_ERROR_INVALID_CONTENT_ENCODING ???
- all green diagnostics
- functional tests
- autoconfiguration in setup form
- configuration of SOCKS5 proxy for network interfaces
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Instead of using a wildcard tun+ interface, use a fixed number of tun
interfaces and hope OpenVPN will use one of them.
Fixes: #1438.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Set permissions properly as if they are created newly.
- Ensure that configuration file is rewritten so that new certificate paths are
used.
- Run easyrsa init-pki to ensure that configuration file is present.
- Create necessary empty directories as per new structure.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Change file and directory structure from easy-rsa 2's flat format to easy-rsa
3's format.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Due to security risk that a compromised Plinth process will give adversary the
ability to write to any file on the system.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
While moving the home page configuration to a new file, also reset the home page
path in freedombox.conf to its default setting of /plinth.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Pass the `mail` attribute as an empty string instead of None (null in yaml)
Fixes#1484
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This includes list of packages for which conffile prompts will be shown. For
each package current version of the package, new version of the package and list
of configuration files that were modified.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Trying to enable cgi module results in cgid being enabled. Checking for cgi
being enabled always results in failure.
Your MPM seems to be threaded. Selecting cgid instead of cgi.
Module cgid already enabled
No module matches cgi (disabled by site administrator)
This is the reason why installing ikiwiki was causing Apache restart even though
the modules required by ikiwiki are already enabled.
Closes: #1448.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
To avoid Apache restart during installation (although sso is an essential app
and this is not an issue).
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
To avoid restart during installation (although since letsencrypt is an essential
app and this is not an issue).
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Use backup hooks to dump and restore database.
- Add functional test for backup and restore.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Given a list of packages, check with among those will result in showing a
configuration file prompt.
Irrespective of whether apt shows a conffile prompt, this logic mimics what
unattended-upgrades perceives as package needing a conffile prompt. This is
because when unattended-upgrades gives up, that is when this logic need to take
over.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
When ORPort is set to 'auto', Tor automatically allocates a port for it. During
it's first run, we able to extract the port number and open the firewall port.
However, unlike for pluggable transports, Tor does not seem to store this port
for future reuse in the state file. It hence opens a new port every time it is
started. This leads to a new port being assigned on next Tor startup and leads
to relay functionality not being reachable from outside.
According to the documentation, only possible values for ORPort are a fixed
number or 0 (disable) or auto (current behavior). Choose 9001 as this is the
commonly used port number for ORPort. The recommended port number of 443 is not
possible in FreedomBox due it is use for other purposes.
Closes: #1495.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Whatever function is passed in post_exit can simply be called by the caller
itself as the next statement.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
If a valid certificate is available but not yet setup, the earlier code assumes
there is a valid certificate.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Immediately after the installation, a self-signed certificate is used because
domain name is not available. However, after domain name becomes available,
setup a Let's Encrypt certificate.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Setting permissions after copying the file will lead to momentary exposure of
the private key to other users on the system. Use umask instead.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Don't match the hook's domain against domain set in configuration. We already
check if the domain matches the Matrix Synapse configured domain.
- Fix un-checking letsencrypt option for matrixsynapse. Keep the old certificate
but don't throw error. This means future certificates are not renewed.
- Use utility get_configured_domain_name()
- Style function names without uppercase.
- Style multi-line docstrings correctly.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Matrix requires valid certificates for federation with other servers from
version 1.0 onward. If the FreedomBox server already has LE cert and private
key, copy them into /etc/matrix-synapse
- Add certificate renewal hooks for Matrix Synapse. Reusing the certificate
renewal mechanism built for ejabberd with matrix-synapse as well. One notable
difference is that Matrix Synapse doesn't support switching the domain name or
dropping the Let's Encrypt certificate.
- Use self-signed certificate if there is no LE certificate. Matrix Synapse
server startup fails if the files homeserver.tls.crt and homeserver.tls.key
are missing.
- Copy Apache's snakeoil certificates to /etc/matrix-synapse when LE
certificates are not available. Prefer LE certificates if available.
- Display warning if no valid LE certificate is found.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
This is optional and does not affect normal installations. However, when
performing configuration migration in FreedomBox (due to unattended-upgrades
refusing it), it is useful as a part of strategy to read configuration, force
install new configuration files and apply configuration again. This option can
be used on such cases.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
It is incorrect to check for backports availability, FreedomBox systems got
added buster-backports sources prematurely. This will lead to apt update
failures resulting in FreedomBox becoming unable to install new apps.
Fix this by removing old sources and adding new sources only after
performing (this time correct) backports URL check.
Closes: #1496.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
If we release version 50 into testing and version 49 into buster-backports and
assuming version 45 is in stable, then for stable users, version 49 is selected
properly and upgraded due non-availability of 50 for them and high
prioritization of buster-backports over buster/stable. This is as expected.
For the case of testing user, this does not work as expected, however.
buster-backports will be given 800 priority, testing will be given 500
priority (default) and version 49 will be picked instead of the expected 50.
Setting priority to 500 fixes the problem. It will equate the buster-backports
to all other repositories and will let the system pick the highest version
available.
Closes: #1498.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
