Add bind9, minetest-server, minidlna.
This matches the set of apps that implement force_upgrade.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2134.
Tests:
1. In testing container, install Minetest and change the
configuration.
2. Manually downgrade minetest-server and minetest-data to a slightly
older version (5.5.0+dfsg+~1.9.0mt4+dfsg-1).
3. In /var/lib/dpkg/status, change the hash for
/etc/minetest/minetest.conf.
4. Run "apt update".
- minetest-server package is upgraded.
- Configuration changes are kept.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Originally there was a separate module for udiskie, which later got
merged into storage module. Since storage is an essential module,
skip_recommends has no effect. (Recommends are never installed for
essential modules.)
Closes: #2203.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2295.
_assert_managed_path() expects pathlib.Path. Due to a typo, a string is being
sent instead.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
These modifications are copied after the wordpress
public access configurator.
Signed-off-by: nbenedek <contact@nbenedek.me>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Skip running unattended-upgrade due to it getting stuck in endless
loop. See #2266.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Fixes: #2294.
Tests:
- In stable container, when frequent feature updates option is
enabled, /etc/apt/sources.list.d/freedombox2.list exists as expected.
- Matrix Synapse can be installed.
- Shaarli can be installed.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- This changes sets the default dpkg vendor as FreedomBox. 'Debian' is still the
parent of the vendor.
- This results in popcon setting the Vendor as FreedomBox. This allows measuring
the popular of FreedomBox distribution itself as against other Debian
derivatives in the section 'Statistics per distributions reporting to Debian' of
https://popcon.debian.org
Tests:
- Run `sudo ./setup.py install` and freedombox service. Privacy app will be
setup for the first time. In /etc/dpkg/origins/ the file default is a symlink
pointing to /etc/dpkg/origins/fredombox. Running 'sudo sh +x
/etc/cron.daily/popularity' runs successfully. Remove files
/var/lib/popularity-contest/lastsub /var/log/popularity-contest* if necessary.
The file /etc/log/popularity-contest shows VENDOR:FreedomBox in the first line.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Keep the description about app generic
- Remove enable/disable option
- Create a booleanfield to turn on/off popcon
- Don't re-enable popcon during an update
Tests:
- When enabling/disabling the option, the `"PARTICIPATE"` value in
`/etc/popularity-contest.conf` is changed to yes/no as expected. For reference
see `/var/lib/dpkg/info/popularity-contest.templates`
- When popcon option is enabled, running sudo sh -x
/etc/cron.daily/popularity-context shows that execution was successful and data
was submitted. Remove files /var/log/popularity-contest* and
/var/lib/popularity-contest/lastsub if necessary. Gpg is used and encrypted data
is what was submitted.
- When popcon option is disabled, running sudo sh -x
/etc/cron.daily/popularity-context shows that execution stopped because the
option is disabled.
Signed-off-by: nbenedek <contact@nbenedek.me>
[sunil: Add a notification to tell users about privacy app]
[sunil: Correct the URL to /sys]
[sunil: Minor code styling changes and updates to description, icon]
[sunil: Ensure that popcon works with encryption]
[sunil: Write configuration to a separate file]
[sunil: Use Shellvars lens instead of Php lns]
[sunil: Add functional tests]
[sunil: Backup/restore the configuration file]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Test:
- Setup Matrix on a VPS with a FQDN and a valid LE certificate, then add these
configs to fail2ban.
- On a production server apply the changes of MR !2296
- Setup the fail2ban filter and jail, then restart fail2ban
- Trying to log in unsuccessfully from FluffyChat leads to a 10 min ban
Result:
`sudo fail2ban-client status matrix-synapse-auth-freedombox` returns the
following output, but the server actually remains accessible in every way.
```
Status for the jail: matrix-synapse-auth-freedombox
|- Filter
| |- Currently failed: 1
| |- Total failed: 11
| `- Journal matches:
`- Actions
|- Currently banned: 1
|- Total banned: 1
`- Banned IP list: MY IP
```
Signed-off-by: nbenedek <contact@nbenedek.me>
- Recommendation to use 'sysout' as log target in order to log to systemd
journal comes from the fail2ban.service file.
Tests:
- Install the changes and restart fail2ban. Notice that journalctl shows new
log lines.
- Logged to /var/log/fail2ban.log has stopped.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Name of the jail has to be less than 29 characters for an iptables/nft chain
to be created.
- Make the regular expressions more specific to avoid matching incorrect fields
for <HOST>.
- Added journalmatch to improve performance by matching the regular expressions
against only specific journal entries.
Tests:
- Run setup.py, remove the old jail and filter files. Restart fail2ban and make
10 incorrect login attempts. The IP address gets banned for 10 minutes.
- Not run: Build new freedombox package and upgrade from older version to see
that old configuration files have been removed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
