mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-01-21 07:55:00 +00:00
0817e7af45
- Disable mDNS resolution. While we can migrate our DNS-SD service definition files to systemd-resolved and switch from using avahi to systemd-resolved, many programs still solely depend on avahi-daemon. Examples include cups and GNOME. It is not clear if they will work any mDNS daemon or if they interact with avahi-daemon in other ways that the mDNS protocol. So, for now, disable mDNS in systemd-resolved and continue to use avahi-daemon for it. This is also Fedora's default. - Re-introduce Fallback DNS servers with the value same as the upstream systemd project. Debian removes the default fallback DNS servers likely because they could be considered a privacy violation. However, when systemd-resolved package is first installed, the post install script recommends a reboot instead of feeding the currently configured nameservers from /etc/resolve.conf into systemd-resolved. Immediately, this causes the system not be able to connect to any external servers. While this may be acceptable solution for interactive systems and pre-built images, FreedomBox has to a) be available for remote access b) perform upgrades without user intervention (and without reboot until a day). To mitigate privacy concerns, an option to disable these fallback servers will be provided in the UI. - systemd-resolved's stub resolver runs on 127.0.0.53%lo:53 and 127.0.0.54. This does not conflict either with shared connections which listen on 10.42.x.1 or with bind which listens on 127.0.0.1 (and other IP addresses). This MR does not address the existing conflict between bind and shared network connections. However, it does not cause any further conflicts. Tests: * mDNS - Avahi diagnostics works. daemon is running. mdns port is exposed in the firewall. - systemd-resolved does not listen on mDNS ports. - Running avahi-browse shows freedombox on local network. - Running avahi-browse shows the services ssh, sftp-ssh, http and ejabberd. - Machine can be discovered in Gnome Files. * NetworkManager shared connections - After install/upgrade to systemd-resolved, 'shared' connections can be created. - With a 'shared' connection configured and active, it is possible to upgrade to using systemd-resolved. - Resolving domains from a machine on shared network goes via systemd-resolved on FreedomBox. * Bind - Installing, running tests on bind works. - Programs connecting from outside network can connect to bind as expected. - Programs connecting from local machine can connect to bind as expected. * Upgrading works - Upgrading to new FreedomBox package works - systemd-resolved is installed and running. 'resolvectl' shows a proper name server (or fallback nameserver like 1.1.1.1). - libnss-resolve is installed and configured in /etc/nsswitch.conf - /etc/resolv.conf has proper link to /run/systemd/resolve/stub-resolv.conf. - Programs using /etc/resolv.conf directly work. Install python3-pycares. python3 -m pycares freedombox.org. - NetworkManager has passed on proper DNS entries. In logs dns=systemd-resolved, rc-manager=unmanaged, plugin=systemd-resolved - DNS resolution works after first setup. Installing packages works. - 'resolvectl query' resolution works. - Programs using glibc API resolution such as 'ping' work. * Fresh image - Building an image with new freedombox package works without error. - Booting from fresh images works. - systemd-resolved is installed and running. 'resolvectl' show proper name server. - libnss-resolve is installed and configured in /etc/nsswitch.conf - /etc/resolv.conf has proper link to /run/systemd/resolve/stub-resolv.conf - Programs using /etc/resolv.conf directly work. Install python3-pycares. python3 -m pycares wikipedia.org - NetworkManager has passed on proper DNS entries. In logs dns=systemd-resolved, rc-manager=unmanaged, plugin=systemd-resolved - DNS resolution works after first setup. Installing packages works. * Installing package on Debian - Installing new freedombox package in Debian machine works. - systemd-resolved is installed and running. - libnss-resolve is installed and configured. - /etc/resolv.conf has proper link to /run - NetworkManager has passed on proper DNS entries to systemd-resolved using 'nmcli reload dns-rc'. - Resolution works with fallback DNS servers when network interfaces are configured with /etc/network/interfaces * OpenVPNs works - As a server, we don't push DNS servers to the client. So, a client continues to use its old DNS servers. With systemd-resolved running on server, the client is able to connect to OpenVPN server, route traffic to the internet, and resolve DNS queries. * WireGuard works - As a server, we can't push DNS servers to the client. So, a client continues to use its old DNS servers. With systemd-resolved running on server, the client is able to connect to WireGuard server, route traffic to the internet, and resolve DNS queries. - As a client, server does not push DNS servers to the client. So, a client continues to use its old DNS servers. With systemd-resolved running on the client, the client is able to connect to WireGuard server, route traffic to the internet, and resolve DNS queries. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: Veiko Aasa <veiko17@disroot.org>
230 lines
6.1 KiB
Plaintext
230 lines
6.1 KiB
Plaintext
Source: freedombox
|
|
Section: web
|
|
Priority: optional
|
|
Maintainer: FreedomBox packaging team <freedombox-pkg-team@lists.alioth.debian.org>
|
|
Uploaders:
|
|
Tzafrir Cohen <tzafrir@debian.org>,
|
|
Piotr Ożarowski <piotr@debian.org>,
|
|
Petter Reinholdtsen <pere@debian.org>,
|
|
Sunil Mohan Adapa <sunil@medhas.org>,
|
|
Nick Daly <Nick.M.Daly@gmail.com>,
|
|
Federico Ceratto <federico@debian.org>,
|
|
James Valleroy <jvalleroy@mailbox.org>,
|
|
Build-Depends:
|
|
debhelper-compat (= 13),
|
|
dblatex,
|
|
dh-python,
|
|
docbook-xsl,
|
|
e2fsprogs,
|
|
gir1.2-nm-1.0,
|
|
libjs-bootstrap4,
|
|
pybuild-plugin-pyproject,
|
|
python3-all:any,
|
|
python3-apt,
|
|
python3-augeas,
|
|
python3-bootstrapform,
|
|
python3-build,
|
|
python3-cherrypy3,
|
|
python3-configobj,
|
|
python3-dbus,
|
|
python3-django (>= 1.11),
|
|
python3-django-axes (>= 5.0.0),
|
|
python3-django-captcha,
|
|
# Explictly depend on ipware as it is optional dependecy for future versions
|
|
# of django-axes.
|
|
python3-django-ipware (>= 3),
|
|
python3-django-stronghold (>= 0.3.0),
|
|
python3-flake8,
|
|
python3-gi,
|
|
python3-markupsafe,
|
|
python3-mypy,
|
|
python3-openssl,
|
|
python3-pampy,
|
|
python3-paramiko,
|
|
python3-pexpect,
|
|
python3-pip,
|
|
python3-psutil,
|
|
python3-pytest,
|
|
python3-pytest-cov,
|
|
python3-pytest-django,
|
|
python3-pytest-runner,
|
|
python3-requests,
|
|
python3-ruamel.yaml,
|
|
python3-setuptools,
|
|
python3-setuptools-git,
|
|
# python3-tomli is not available in Bullseye
|
|
python3-tomli | python3-coverage (<< 6.0),
|
|
python3-typeshed,
|
|
python3-yaml,
|
|
sshpass,
|
|
xmlto,
|
|
xsltproc
|
|
Standards-Version: 4.6.2
|
|
Homepage: https://salsa.debian.org/freedombox-team/freedombox
|
|
Vcs-Git: https://salsa.debian.org/freedombox-team/freedombox.git
|
|
Vcs-Browser: https://salsa.debian.org/freedombox-team/freedombox
|
|
Rules-Requires-Root: no
|
|
|
|
Package: freedombox
|
|
Breaks:
|
|
freedombox-setup (<< 0.13~),
|
|
plinth (<< 0.46.0~),
|
|
# Ensure fuse gets replaced by fuse3 on upgrades from buster s.t. sshfs can be installed.
|
|
fuse (<< 3),
|
|
# If ufw is installed, remove it. See issue 2247.
|
|
ufw,
|
|
Replaces:
|
|
freedombox-setup (<< 0.13~),
|
|
plinth (<< 0.46.0~),
|
|
Architecture: all
|
|
Provides: plinth
|
|
Depends:
|
|
${python3:Depends},
|
|
${misc:Depends},
|
|
${freedombox:Depends},
|
|
adduser,
|
|
augeas-tools,
|
|
curl,
|
|
debconf,
|
|
dnsutils,
|
|
e2fsprogs,
|
|
fonts-fork-awesome,
|
|
fonts-lato,
|
|
# sgdisk is used in storage app to expand GPT disks
|
|
gdisk,
|
|
gettext,
|
|
gir1.2-glib-2.0,
|
|
gir1.2-nm-1.0,
|
|
javascript-common,
|
|
ldapscripts,
|
|
# For gdbus used to call hooks into service
|
|
libglib2.0-bin,
|
|
libjs-bootstrap4,
|
|
libjs-jquery,
|
|
lsof,
|
|
netcat-openbsd,
|
|
network-manager,
|
|
# Ensure that nscd is installed rather than unscd.
|
|
nscd (>= 2),
|
|
ppp,
|
|
pppoe,
|
|
python3-apt,
|
|
python3-argon2,
|
|
python3-augeas,
|
|
python3-bootstrapform,
|
|
python3-cherrypy3,
|
|
python3-configobj,
|
|
python3-dbus,
|
|
python3-django (>= 1.11),
|
|
python3-django-axes (>= 5.0.0),
|
|
python3-django-captcha,
|
|
# Explictly depend on ipware as it is optional dependecy for future versions
|
|
# of django-axes.
|
|
python3-django-ipware (>= 3),
|
|
python3-django-stronghold,
|
|
python3-gi,
|
|
python3-markupsafe,
|
|
python3-pampy,
|
|
python3-paramiko,
|
|
python3-pexpect,
|
|
python3-psutil,
|
|
python3-requests,
|
|
python3-ruamel.yaml,
|
|
python3-systemd,
|
|
python3-yaml,
|
|
sudo,
|
|
wget,
|
|
# Ensure fuse gets replaced by fuse3 on upgrades from buster s.t. sshfs can be installed.
|
|
fuse3 (>= 3),
|
|
Recommends:
|
|
# Priority: standard
|
|
bzip2,
|
|
# Provides brctl for controlling bridges
|
|
bridge-utils,
|
|
# Read, write to char devices
|
|
devio,
|
|
# Create, repair DOS filesystems
|
|
dosfstools,
|
|
# Priority: standard
|
|
file,
|
|
# Wifi firmware
|
|
firmware-ath9k-htc,
|
|
# FreedomBox documentation
|
|
freedombox-doc-en,
|
|
freedombox-doc-es,
|
|
# Monitor system resources
|
|
htop,
|
|
# Monitor network traffic statistics
|
|
iftop,
|
|
# Basic network utitlity ping
|
|
iputils-ping,
|
|
# Manage wireless devices
|
|
iw,
|
|
# Resolve .local address using mDNS
|
|
libnss-mdns,
|
|
# Resolve current hostname without /etc/hosts
|
|
libnss-myhostname,
|
|
# Block repeated failed PAM login attempts
|
|
libpam-abl,
|
|
# Priority: standard
|
|
locales,
|
|
# Precompiled data for all locales
|
|
locales-all,
|
|
# Priority: standard
|
|
openssh-client,
|
|
# Priority: standard
|
|
pciutils,
|
|
# Used by unattended-upgrades to check if running on AC power
|
|
powermgmt-base,
|
|
# fuser, pstree and other utilities
|
|
psmisc,
|
|
# Tool to kill WLAN, Bluetooth and moble broadband
|
|
rfkill,
|
|
# Monitor network traffic
|
|
tcpdump,
|
|
# Basic editor, VIM style
|
|
vim-tiny,
|
|
# Priority: standard
|
|
whois,
|
|
# Basic editor, Emacs style
|
|
zile,
|
|
Description: easy to manage, privacy oriented home server
|
|
FreedomBox is designed to be your own inexpensive server at home. It runs free
|
|
software and offers an increasing number of services ranging from a calendar or
|
|
jabber server to a wiki or VPN. A web interface allows you to easily install
|
|
and configure your apps.
|
|
.
|
|
This package provides the FreedomBox Service (Plinth) which installs,
|
|
configures and manages all functions of FreedomBox. The service is managed
|
|
using a web interface available at https://localhost/.
|
|
|
|
Package: freedombox-doc-en
|
|
Architecture: all
|
|
Multi-Arch: foreign
|
|
Section: doc
|
|
Depends: ${misc:Depends}
|
|
Description: easy to manage, privacy oriented home server - user manual (English)
|
|
FreedomBox is designed to be your own inexpensive server at home. It runs free
|
|
software and offers an increasing number of services ranging from a calendar or
|
|
jabber server to a wiki or VPN. A web interface allows you to easily install
|
|
and configure your apps.
|
|
.
|
|
This package contains the English user manual in HTML and PDF formats. It
|
|
describes how to setup and use each application in FreedomBox and FreedomBox
|
|
itself. It is accessible from Help menu in the FreedomBox web interface.
|
|
|
|
Package: freedombox-doc-es
|
|
Architecture: all
|
|
Multi-Arch: foreign
|
|
Section: doc
|
|
Depends: ${misc:Depends}
|
|
Description: easy to manage, privacy oriented home server - user manual (Spanish)
|
|
FreedomBox is designed to be your own inexpensive server at home. It runs free
|
|
software and offers an increasing number of services ranging from a calendar or
|
|
jabber server to a wiki or VPN. A web interface allows you to easily install
|
|
and configure your apps.
|
|
.
|
|
This package contains the Spanish user manual in HTML and PDF formats. It
|
|
describes how to setup and use each application in FreedomBox and FreedomBox
|
|
itself. It is accessible from Help menu in the FreedomBox web interface.
|