current_results['apps'] was not being used anywhere.
Make are_results_available() check more specific, and to align with what is
stored in the database.
Tests:
- Run full diagnostics and check the results.
- Restart plinth, and check that the diagnostic results are loaded from the
database.
Helps: #2410
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Previously, when dist-upgrading from bullseye to bookworm, there was an issue
where unattended-upgrade gets stuck. See #2266. However, it does not get stuck
when dist-upgrading from bookworm to trixie.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Setting ttrss/purge to 'true' in debconf is not retrained after the package
has been install. So, set it again just before package removal.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Don't dump all the databases on the server. Instead dump only the ttrss
database and its role.
- Use database configuration instead of hardcoded database name 'ttrss'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This checks backup/restore step more accurately with new database user vs. old
database user.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This will ensure that dbconfig is every triggered and regenerates the
configuration/setup, everything is consistent.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This will ensure that dbconfig is every triggered and regenerates the
configuration/setup, everything is consistent.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Similar check was removed in 6646512a0adab6943503ec47372502fb28805911 when it
was that it was not needed.
Tests:
- Run functional tests for zoph.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Configure caching for Nextcloud with Redis running on the host, create static
php file under
/var/lib/containers/storage/volumes/nextcloud-volume-fbx/_data/config. Nextcloud
communicates with Redis via the bridge adapter, which isn't a loopback device.
For this reason, setting a redis password is required. In addition, configure
the email app to accomodate the changes.
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This setting is necessarry to pass the setup warning under
/nextcloud/settings/admin/overview
Note: during testing the field only becomes visible once
the freedombox-develop command is restarted
https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#default-phone-region
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
[sunil: Add missing docstring]
[sunil: Update form label for consistency]
[sunil: Reduce number of success form messages]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
[sunil: Simplify method signature and name for setting maint. mode]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Nextcloud has long been a desired app for FreedomBox, however, due to
difficulties around Debian packaging, it hasn't yet been implemented. This
branch creates an app for Nextcloud with the help of Podman. Podman is a
containarization technology, like Docker, but with some extra features
that make its integration into FreedomBox convenient. If the podman
approach turns out to be favorable, we should consider writing a podman
specific module.
How does this work?
The app installs the podman and default-mysql-server Debian packages.
In other apps, such as MediaWiki, FreedomBox chooses SQLite
which eases maintenance and backup/restore. However, this
would bring a significant performance degrade for Nextcloud, hence the
choice of Mysql. Other apps, like Wordpress already use Mysql, so it is
installed on the host as opposed to installing it in a sepatate
container. A firewalld rich rule is created, so the Nextcloud container
can communicate with the db and OpenLDAP.
The podman package comes with a systemd service and timer for
automatically upgrading containers that are labeled as
"io.containers.autoupdate=registry". podman-auto-update.timer is managed
by FreedomBox. We might add a drop-in file for the timer to make it
more consistent with unattended-upgrades.
Podman natively supports creating systemd services for individual
containers. The generated systemd service is then managed by FreedomBox.
The current container image is based on Debian and runs apache inside the container.
To avoid running apache redundantly (both on the host and inside the
container) it would be preferable to use the nextcloud:stable-fpm image
instead, which seems to require creating a new virtual host.
Configure /.well-known URIs to redirect to /nextcloud. There is a conflict with
Radicale if both apps are running.
Put the podman1 interface into the trusted firewalld zone. This results in the
container gaining Internet access which is necessary to downloading Nextcloud
applications and federating with other Nextcloud instances. After applying the
patches, I opened my instance to the Internet to make sure this configuration
doesn't accidentally expose services. I scanned TCP ports 3306 and 6379 (after
installing and binding redis-server to the bridge interface). After that, I
installed the Tor app and put the default WAN interface to the external zone to
confirm that port 9050/TCP does not get exposed through the bridge interface.
To-do:
* test the fpm image
* test running the container in rootless mode for better security
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
[sunil: Add missing docstrings]
[sunil: Make some methods private to module]
[sunil: Run yapf for formatting]
[sunil: Remove a comment to hide form when app is disabled]
[sunil: Update form labels]
[sunil: I18N for client names]
[sunil: Reduce number success messages in form for easy i18n and consistency]
[sunil: Reorganize patch series, squash fixes]
[sunil: Tweak auto update daemon component's ID]
[sunil: Add blank lines for formatting]
[sunil: Minor refactoring for _run_occ method]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Skip all the other git clone progress log lines. Fixes
occasional `'total_progress' not defined` error.
Tested in the testing container that cloning exisiting repository
works.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Fixes: #2381.
When app is being uninstalled, it is disabled. Use that to not show the setup
page.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
NetBIOS was used with now deprecated SMB1 protocol.
Tests performed:
- Windows 10 can access shares when the nmbd service is disabled.
- In stable and testing containers, all the samba module tests pass.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Also:
- Remove addressses [fc00::]/7 and [fe80::] from `allow hosts`, as
those had no effect as described in #2334.
- Remove unknown parameter `access control = yes` from Samba
configuration.
Tests performed in a stable container:
- After Samba app upgrade was performed, enabled Samba Home share.
- Using the `testparm` command, checked that the share is accessible
from ::1 IPv6 address:
```
> sudo testparm -s /etc/samba/smb-freedombox.conf host-ip ::1
Allow connection from host-ip (::1) to disk_home
> sudo testparm -s /etc/samba/smb-freedombox.conf host-ip ::2
Denied connection from host-ip (::2)
Deny connection from host-ip (::2) to disk_home
```
- Checked that when `ping localhost` returns ::1 in the container,
all the Samba tests pass.
Closes#2334.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Simplify success message for easy localization.
Tests:
- Update configuration notice the success message is shown properly.
- Insert errors in set_config() privileged method and notice that HTML error is
shown properly.
- Insert errors in privileged.delete() method, print 'Config is in use.' message
on stderr and notice that HTML error is shown properly.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Reduce the number of specialized messages to ease localization and clear way
for generalized configuration change handler.
Tests:
- Update the one or two configuration setting at the same time and notice that a
single message is shown.
- When no setting is changed and form is submitted, 'settings unchanged' message
is shown.
- Raise error when enabling/disable auto updates and notice a proper HTML error
shown. When other setting is also updated, then one error and one success
message is shown.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- In a VM, mount a loopback disk. Insert an error in ejected code and notice
that HTML message is shown properly during eject operation.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This allows the certbot command output to be shown accurately in the HTML
error message.
Tests:
- Edit the code to show all the action buttons in the UI. Set domain to
mydomain.example. Run all four actions. Notice that HTML error message are shown
and certbot output is shown properly in stdout/stderr sections.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Edit auto-mounting to try mounting an already mounted device. In a VM, during
service startup, notice the warning about failure to auto-mount as device is
already mounted.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- The privileged call already prints the log message with full error details.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2161.
- Sections are ordered by importance on which administrator must act after
setting up the system.
- Consistent order across all the languages.
- Update the styling for the section hearers.
- For system section, make them compact.
- Make them look like a header text (with underline) rather than a
divider (like in a menu).
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Mostly because administrators won't discover the email address field for the
user later on.
- This field is important to be able to run 'reset password' operation.
Tests:
- In stable and testing containers, run first boot wizard. Enter the email
address during the first boot and see that it was saved as part of user account.
Leave the email address blank and it is possible to proceed. User account show
blank email address.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Overlooked in !2454.
Tests:
- Take a backup of wordpress app and disable it. Restore from the backup
succeeds after that.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Fixes an issue with zoph not being setup after uninstall+install setup and
makes a test pass.
- Some failures exist but don't seem related to this change.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2346.
Tests:
- Without the patch, install zoph, take a backup. Note the db password in
/etc/zoph.ini. Uninstall zoph. Install it. Note that db password changed.
Restore from previous backup. Note that password has been restored to old value
and zoph is unable to connect to database.
- With the patch, repeat the test and notice zoph works after restore.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
When mysql server is not running, app installation fails. Similarly the setup
process will fail when app is being upgrade and database upgrade needs to be
performed. So, ensure that database server is running before attempting
install/upgrade of app.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- When app is disabled, it can't be setup as it requires database server and
connecting to the database.
- If app is disabled, we don't show configuration any more, so redirection to
setup page is also not needed. This results in neither setup nor configuration
being shown when app is disabled.
- During uninstall process, app is disable for first. So, the workaround
implemented in is_configured() is no longer needed.
Tests:
- Install zoph. Setup page is shown. Disable the app by disabling the apache
configuration for it and restart service. Setup is no longer shown.
- Uninstall zoph. During the uninstall setup, when page is refreshing, setup
page is not shown.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- MySQL server may be disabled when zoph is disabled. Trying to retrieve
configuration or trying to set the configuration at the time will result in
failures. So, disable the configuration form so that get/set of configuration
does not happen.
Tests:
- Disable zoph. Configuration form will disappear. Re-enable zoph, configuration
form will reappear.
- Functional tests for zoph pass.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Install zoph and disable it. This will install mysql and disable it. Then
install wordpress. Installation should succeed.
- Disable wordpress and re-run setup. Setup should succeed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Install wordpress and disable it. This will install mysql and disable it. Then
install zoph installation should succeed.
- Disable zoph and re-run setup. Setup should succeed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes error 500 when trying to open Samba app page when at least
one of the users in freedombox-share group doesn't exist.
Tests performed in both stable and testing containers:
- Installed Samba app.
- Installed Deluge app (Plinth install/setup fails but the Debian
package itself was installed).
- Did `apt remove --purge deluged` from command line.
- Checked that the debian-deluged user doesn't exist (`getent passwd`)
and the user is in the freedombox-share group (`getent group`).
- Checked that the Samba app page opens without errors.
- Checked that all the Samba tests pass.
Fixes#2411.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Helps: #2410.
- Ensure that diagnostics methods and parameters are type checked so that we can
catch any potential issues.
- Move plinth/modules/diagnostics/check.py to plinth/diagnostic_check.py to
avoid many circular dependencies created. This is due to
plinth.modules.diagnostics automatically imported when
plinth.modules.diagnostics.check is imported. Also app.py is already (type)
dependent on diagnostic_check due to diagnose() method. To make the Check
classes independent of diagnostic module is okay.
Tests:
- Run make check-type.
- Run full diagnostics with following apps installed: torproxy, tor.
- Test to netcat to 9051 in tor works.
- Test 'port available for internal/external networks' in firewall works.
- Test 'Package is latest' works.
- Test 'Access url with proxy' in privoxy works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
[jvalleroy: Also move tests for diagnostic_check]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
- This is so that the methods will be checked by mypy. This should help identify
any incorrect initialization of components.
- Remove unused self.repos in GitwebApp.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes an issue where the LDAP user 'tester' was removed after testing
test_views.py. It happened when there were two admin users present.
Tested with both stable and testing containers that all the users
module tests pass and a user 'tester' is not removed when
two admin users exists.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Fixes: #2409.
When creating a user if one or more groups is selected, creation fails. This
is because the fields contains group choices as (name, label) tuples instead
of (group_id, label) tuples as expected by the many-to-many field mapping
mechanism in ModelField class. Fix this by using the same mechanism used in
UserUpdateForm, which is to reuse the base class form field (but adjust some
properties).
Tests:
- During first boot
- Django groups are fully created when form is accessed with blank database
- In user creation/modify form:
- Label appears are 'Permissions'
- Choices appear fully and as 'Description (Group name)'
- Help text is correct.
- Choices are sorted on group name.
- Django groups are fully created when form is accessed when a new group is
added to code.
- User can have no groups
- Widget is multiple checkbox widget. Multiple groups can be selected.
- User is added to proper ldap groups after submission
- In user modify form:
- If the user is last admin user, admin checkbox is checked and disabled.
- Current list of groups is accurate shown when form is displayed.
- Add remove of groups works as expected
- Functional tests for gitweb and users apps pass
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Display and log an error, including contents of current_results.
Clear the contents of current_results.
Tests:
- View the diagnostics results as normal.
- Introduce a TypeError before the results are copied. See the error message
shown in the interface. (The error details are cleared when the page is
refreshed.)
Helps: #2410
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Fix a mypy error]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Fixes#2408.
- When app is disabled, continue to update the app shortcut's login required
property. Otherwise, the value is current after the app is re-enabled.
- When public access is enabled, the gitweb-freedombox-auth.conf configuration
must be disabled. This can be done even if the configuration is already disabled
or does not exist. So, continue doing this.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
[sunil: Perform enable public access even if app is disabled]
[sunil: Perform shortcut update in all cases even if app is disabled]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
