nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-02-04 08:13:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
FreedomBox/doc/freedombox-manual.xml
James Valleroy 34b691cb7c
Fetch latest manual from wiki
2017-01-22 14:22:11 -05:00

7725 lines
403 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN" "http://www.docbook.org/xml/4.4/docbookx.dtd">
<article>
<articleinfo>
<title>FreedomBox Manual</title>
</articleinfo>
<section>
<title>FreedomBox: take your online privacy back</title>
<para>FreedomBox is a ready made personal server, designed with privacy and data ownership in mind. It is a subset of the <ulink url="https://www.debian.org/">Debian universal operating system</ulink> and includes free software only. You can run it on a small, inexpensive and power-efficient computer box in your home that is dedicated for that use. It can also be installed on any computer running Debian or in a virtual machine.</para>
<para>In order to replace third-party communication services that are data mining your entire life, you will be able to host services yourself and use them at home or over the Internet through a browser or specialized apps. These services include chat and voice calls, webmail, file sharing and calendar, address book and news feed synchronization. For example, to start using a private chat service, activate the service from the administration interface and add your friends as authorized users of the service. They will be able to connect to the service hosted on your FreedomBox, using XMPP chat clients such as Conversations on Android, Pidgin on Windows and Linux, or Messages on Mac OS, for encrypted communications.</para>
<para>FreedomBox can also host a Wi-Fi access point, ad blocking proxy and VPN. More advanced users can replace their router with a FreedomBox. </para>
<para>To set up FreedomBox at home on a specific hardware or on your computer running Debian may require a bit of technical expertise or help from the community. Once installed the interface is easy to use, similar to a smart phone. </para>
<para>Related documentation: </para>
<itemizedlist>
<listitem>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Features#">FreedomBox applications</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Hardware#">Machines that support FreedomBox</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Download#">Download and Install</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Manual#">Manual</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Support#">Live Help from the community</ulink>
</para>
</listitem>
</itemizedlist>
<section>
<title>Typical usage: Private Cloud</title>
<para>FreedomBox provides services to the computers and mobile devices in your home, and to your friends. This includes secure instant messaging and low-bandwidth, high-quality voice conference calling. FreedomBox lets you publish your content in a blog and wiki to collaborate with the rest of the world. On the roadmap are a personal email server and federated social networking using GNU Social and Diaspora, to provide privacy-respecting alternatives to Gmail and Facebook. </para>
</section>
<section>
<title>Advanced usage: Smart Home Router</title>
<para>FreedomBox runs in a physical computer and can route your traffic. It can sit between various devices at home such as mobiles, laptops and TVs and the Internet, replacing a home wireless router. By routing traffic, FreedomBox can remove tracking advertisements and malicious web bugs before they ever reach your devices. FreedomBox can cloak your location and protect your anonymity by "onion routing" your traffic over Tor. FreedomBox provides a VPN server that you can use while you are away from home to keep your traffic secret on untrusted public wireless networks and to securely access various devices at home. </para>
<para>It can also be carried along with your laptop and used to connect to public networks at work, school or office to avail its services. </para>
<para>It could be used in a village to make available digital communications throughout the village. In the future, FreedomBox intends to deliver support for alternative ways of connecting to the Internet such as Mesh networking. </para>
</section>
<section>
<title>FreedomBox Interface</title>
<section>
<title>Screenshot</title>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/plinth_frontpage.png"/>
</imageobject>
<textobject>
<phrase>plinth_frontpage.png</phrase>
</textobject>
</inlinemediaobject>
</para>
</section>
<section>
<title>Screencast introduction</title>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Introduction?action=AttachFile&amp;do=get&amp;target=Plinth_Introduction.webm">Plinth_Introduction.webm</ulink>
</para>
<para>(36 MB, 13 Min.) </para>
</section>
</section>
</section>
<section>
<title>Quick Start</title>
<section>
<title>What you need to get started</title>
<itemizedlist>
<listitem>
<para>A supported <ulink url="https://wiki.debian.org/FreedomBox/Hardware#">device</ulink> (including any device that can run Debian). We will call that the FreedomBox in the rest of this manual. </para>
</listitem>
<listitem>
<para>A power cable for your device. </para>
</listitem>
<listitem>
<para>An ethernet cable. </para>
</listitem>
<listitem>
<para>A microSD card (or equivalent storage media for your device), prepared according to the instructions on the <ulink url="https://wiki.debian.org/FreedomBox/Download#">Download</ulink> page. </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>How to get started</title>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>Plug one end of your ethernet cord into your FreedomBox's ethernet port, and plug the other end into your router. </para>
</listitem>
<listitem>
<para>Power on the FreedomBox. </para>
</listitem>
<listitem>
<para>On first boot, the FreedomBox will perform it's initial setup and then reboot. This may take several minutes. </para>
</listitem>
<listitem>
<para>After the FreedomBox has rebooted, you can access its web interface (called Plinth) through your web browser. </para>
<itemizedlist>
<listitem>
<para>If your computer is connected directly to the FreedomBox through a second (LAN) ethernet port, you can browse to: <ulink url="http://freedombox/"/> or <ulink url="http://10.42.0.1/"/>. </para>
</listitem>
<listitem>
<para>If your computer supports mDNS (GNU/Linux, Mac OSX or Windows with mDNS software installed), you can browse to: <ulink url="http://freedombox.local/"/> (or <ulink url="http://the-hostname-you-entered-during-install.local/"/>) </para>
</listitem>
<listitem>
<para>If you know your way around the router's web interface, you can look up the IP adress of the FreedomBox there, and browse to that address. </para>
</listitem>
<listitem>
<para>If none of these methods are available, then you will need to figure out the IP address of your FreedomBox. You can use the "nmap" program from your computer to find its IP address: </para>
<screen format="linespecific"> nmap -p 80 --open -sV 192.168.0.0/24 (replace the ip/netmask with the one the router uses)</screen>
<para>In most cases you can look at your current ip adress, and change the last digits with zero to find your home network, like so: XXX.XXX.XXX.0/24 </para>
<para>Your FreedomBox will show up as an IP address with an open tcp port 80 using Apache httpd service on Debian, such as the example below which would make it accessible at <ulink url="http://192.168.0.165"/>: </para>
<screen format="linespecific"> Nmap scan report for 192.168.0.165
Host is up (0.00088s latency).
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.17 ((Debian))</screen>
<para>If nmap does not find anything with the above command, you can try replacing 192.168.0.0/24 with 10.42.0.255/24. </para>
<screen format="linespecific"> nmap -n -sP 10.42.0.255/24</screen>
<para>The scan report will show something similar to the following: </para>
<screen format="linespecific"> Nmap scan report for 10.42.0.1
Host is up (0.00027s latency).
Nmap scan report for 10.42.0.50
Host is up (0.00044s latency).</screen>
<para>In this example, the <ulink url="https://wiki.debian.org/FreedomBox#">FreedomBox</ulink> is accessible at <ulink url="http://10.42.0.50"/>. (10.42.0.1 is my laptop.) </para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>On accessing Plinth your browser will warn you that it communicates securely but that it regards the security certificate for doing so as invalid. This is a fact you need to accept because the certificate is auto generated on the box and therefore "self-signed" (the browser might also use words such as "untrusted", "not private", "privacy error" or "unknown issuer/authority"). Telling your browser that you are aware of this might involve pressing buttons such as "I understand the Risks", "proceed to ... (unsafe)" or "Add exception". After installation this certificate can be changed to a normal one using the Let's Encrypt option. </para>
<itemizedlist>
<listitem override="none">
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/plinth_insecure_connection.png" width="300pt"/>
</imageobject>
<textobject>
<phrase>Self-signed certificate warning</phrase>
</textobject>
</inlinemediaobject>
</para>
</listitem>
<listitem override="none">
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/add_security_exception.png" width="200pt"/>
</imageobject>
<textobject>
<phrase>Add Security Exception</phrase>
</textobject>
</inlinemediaobject>
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>The first time you access the FreedomBox web interface, you will see a welcome page. Click the "Start Setup" button to continue. </para>
<itemizedlist>
<listitem override="none">
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/plinth_firstboot_welcome.png" width="250pt"/>
</imageobject>
<textobject>
<phrase>Welcome</phrase>
</textobject>
</inlinemediaobject>
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>The next page asks you to provide a user name and password. Fill in the form, and then click "Create Account." </para>
<itemizedlist>
<listitem>
<para>Note: The user that you create here has Admin privileges and can also <ulink url="https://wiki.debian.org/FreedomBox/Manual/SecureShell#">log in using ssh</ulink>. You might not want to use the user account you will want to use in daily usage, to prevent security issues. You can later add more users. </para>
</listitem>
<listitem override="none">
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/plinth_firstboot_account.png" width="250pt"/>
</imageobject>
<textobject>
<phrase>Account</phrase>
</textobject>
</inlinemediaobject>
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>After completing the form, you will be logged in to Plinth and able to access apps and configuration through the interface. </para>
<itemizedlist>
<listitem override="none">
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/plinth_firstboot_complete.png" width="250pt"/>
</imageobject>
<textobject>
<phrase>Complete</phrase>
</textobject>
</inlinemediaobject>
</para>
</listitem>
</itemizedlist>
</listitem>
</orderedlist>
<para>Now you can try <ulink url="https://wiki.debian.org/FreedomBox/Features#">any of the Apps</ulink> that are available on FreedomBox. </para>
</section>
<section>
<title>Finding your way around</title>
<section>
<title>Front page</title>
<para>The front page is the page that you will see when accessing the web root of your FreedomBox. You can also access it by clicking the FreedomBox logo in the top-left corner of the Plinth web interface. </para>
<para>The front page includes shortcuts to apps that have been installed and are enabled. For web apps, clicking the shortcut will take you directly to the app's web page. For other services, clicking the shortcut will show more information about the service. </para>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/frontpage.png" width="300pt"/>
</imageobject>
<textobject>
<phrase>Front page</phrase>
</textobject>
</inlinemediaobject>
</para>
</section>
<section>
<title>Apps menu</title>
<para>The Apps menu can be accessed by clicking the grid icon, next to the FreedomBox logo. This page lists all of the apps that are available for installing on FreedomBox. Click the name of an app to visit its page, where you can install and configure it. </para>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/apps.png" width="300pt"/>
</imageobject>
<textobject>
<phrase>Apps</phrase>
</textobject>
</inlinemediaobject>
</para>
</section>
<section>
<title>Help menu</title>
<para>The Help menu can be accessed by clicking the question mark icon in the top-right corner. It includes helpful links and the FreedomBox manual. </para>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/help.png" width="300pt"/>
</imageobject>
<textobject>
<phrase>Help</phrase>
</textobject>
</inlinemediaobject>
</para>
</section>
<section>
<title>System menu</title>
<para>The System menu can be accessed by clicking the gear icon in the top-right corner. It includes a number of pages related to system configuration. </para>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/system.png" width="300pt"/>
</imageobject>
<textobject>
<phrase>System</phrase>
</textobject>
</inlinemediaobject>
</para>
</section>
<section>
<title>User menu</title>
<para>In the top-right corner, the name of the currently logged-in user is shown. A drop-down menu includes options for editing the current user or logging out of the user interface. </para>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/user.png" width="300pt"/>
</imageobject>
<textobject>
<phrase>User</phrase>
</textobject>
</inlinemediaobject>
</para>
</section>
</section>
</section>
<section>
<title>Getting Help</title>
<para>
<anchor id="gettinghelp"/>
</para>
<para>This document is intended to give you the information you need to get started with your FreedomBox. However, if you have any questions after reading this document, you can get help by: </para>
<itemizedlist>
<listitem>
<para>Emailing to our mailinglist at <ulink url="mailto:freedombox-discuss@lists.alioth.debian.org">freedombox-discuss@lists.alioth.debian.org</ulink>. You can also <ulink url="http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss">sign up</ulink> to receive copies of every discussion that happens on the mailing list or <ulink url="http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss">read the archives</ulink>. </para>
</listitem>
<listitem>
<para>Chatting at <ulink url="irc://irc.oftc.net:6667/%23freedombox">#freedombox@irc.oftc.net</ulink>. </para>
</listitem>
<listitem>
<para>Reading the <ulink url="http://wiki.debian.org/FreedomBox">wiki</ulink>. </para>
</listitem>
<listitem>
<para>Reading the <ulink url="https://freedomboxfoundation.org/">FreedomBox Foundation's website</ulink>. </para>
</listitem>
<listitem>
<para>Reading the <ulink url="https://alioth.debian.org/projects/freedombox">FreedomBox Project Page</ulink>. </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Download and Install</title>
<para>Welcome to the FreedomBox download page. You may either install FreedomBox on one of the supported inexpensive <ulink url="https://wiki.debian.org/FreedomBox/Hardware#">hardware</ulink> devices, on any Linux <ulink url="https://wiki.debian.org/FreedomBox/Hardware/Debian#">Debian</ulink> operating system, or deploy it on a virtual machine. </para>
<para>Installing on a machine running a Debian system is easy because FreedomBox is available as a package. We do recommend to install FreedomBox on a supported single board computer (SBC). The board will be dedicated for FreedomBox use from home, this will prevent a lot of risks, such as accidental misconfiguration by the user. In case of trouble deciding which hardware is best for you or during the installation, please use the <ulink url="https://wiki.debian.org/FreedomBox/Support#">support page</ulink> or read the <ulink url="https://wiki.debian.org/FreedomBox/QuestionsAndAnswers#">Questions and Answers</ulink> page based on posts on the <ulink url="https://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss">Freedombox-discuss</ulink> mailing list archives. </para>
<section>
<title>Downloading on Debian</title>
<para>If you are installing on an existing Debian installation, you don't need to download these images. Instead read the <ulink url="https://wiki.debian.org/FreedomBox/Hardware/Debian#">instructions</ulink> on setting up FreedomBox on Debian. </para>
</section>
<section>
<title>Downloading for SBC or Virtual Machine</title>
<section>
<title>Prepare your device</title>
<para>Read the hardware specific instructions on how to prepare your device at the <ulink url="https://wiki.debian.org/FreedomBox/Hardware#">Hardware</ulink> section. On the web is a lot of documentation about setting your device up and flashing USB or SD Cards to boot your hardware. </para>
</section>
<section>
<title>Downloading Images</title>
<para>Recent images for supported targets are available here: </para>
<itemizedlist>
<listitem>
<para>Official Images: <ulink url="http://ftp.freedombox.org/pub/freedombox/"/> </para>
</listitem>
<listitem>
<para>Official Images: <ulink url="http://ftp.skolelinux.org/pub/freedombox/"/> </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Verifying the Downloaded Images</title>
<para>It is important to verify the images you have downloaded to ensure that the file has not be corrupted during the transmission and that it is indeed the image built by FreedomBox developers. </para>
<itemizedlist>
<listitem>
<para>First open a terminal and import the public key of the FreedomBox developer who built the images: </para>
<screen format="linespecific">$ gpg --keyserver x-hkp://pool.sks-keyservers.net --recv-keys BCBEBD57A11F70B23782BC5736C361440C9BC971</screen>
</listitem>
<listitem>
<para>Next, verify the fingerprint of the public key: </para>
<screen format="linespecific">$ gpg --fingerprint BCBEBD57A11F70B23782BC5736C361440C9BC971
pub 4096R/0C9BC971 2011-11-12
Key fingerprint = BCBE BD57 A11F 70B2 3782 BC57 36C3 6144 0C9B C971
uid Sunil Mohan Adapa &lt;sunil@medhas.org&gt;
sub 4096R/4C1D4B57 2011-11-12</screen>
</listitem>
<listitem>
<para>Finally, verify your downloaded image with its signature file <code>.sig</code>. For example: </para>
<screen format="linespecific">$ gpg --verify freedombox-unstable-free_2015-12-13_cubietruck-armhf.img.xz.sig freedombox-unstable-free_2015-12-13_cubietruck-armhf.img.xz
gpg: Signature made Thursday 15 January 2015 09:27:50 AM IST using RSA key ID 0C9BC971
gpg: Good signature from "Sunil Mohan Adapa &lt;sunil@medhas.org&gt;"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: BCBE BD57 A11F 70B2 3782 BC57 36C3 6144 0C9B C971</screen>
</listitem>
<listitem>
<para>For version 0.9, some of the images are signed using the following key instead of the regular key: </para>
<screen format="linespecific">$ gpg --fingerprint 7D6ADB750F91085589484BE677C0C75E7B650808
pub 4096R/7B650808 2015-06-07 [expires: 2020-06-05]
Key fingerprint = 7D6A DB75 0F91 0855 8948 4BE6 77C0 C75E 7B65 0808
uid James Valleroy &lt;jvalleroy@mailbox.org&gt;
uid James Valleroy &lt;jvalleroy@freedombox.org&gt;
sub 4096R/25D22BF4 2015-06-07 [expires: 2020-06-05]
sub 4096R/DDA11207 2015-07-03 [expires: 2020-07-01]
sub 2048R/2A624357 2015-12-22</screen>
</listitem>
</itemizedlist>
</section>
<section>
<title>Installation</title>
<para>After the download you can use the image to boot your chosen <ulink url="https://wiki.debian.org/FreedomBox/Hardware#">hardware</ulink> (including virtual machines). You'll need to copy the image to the memory card or USB stick as follows: </para>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>Figure out which device your card actually is. </para>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>Unplug your card. </para>
</listitem>
<listitem>
<para>Run <code>dmesg -w</code> to show and follow the kernel messages. </para>
</listitem>
<listitem>
<para>Plug your card in. You will see messages such as following: </para>
<screen format="linespecific">[33299.023096] usb 4-6: new high-speed USB device number 12 using ehci-pci
[33299.157160] usb 4-6: New USB device found, idVendor=058f, idProduct=6361
[33299.157162] usb 4-6: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[33299.157164] usb 4-6: Product: Mass Storage Device
[33299.157165] usb 4-6: Manufacturer: Generic
[33299.157167] usb 4-6: SerialNumber: XXXXXXXXXXXX
[33299.157452] usb-storage 4-6:1.0: USB Mass Storage device detected
[33299.157683] scsi host13: usb-storage 4-6:1.0
[33300.155626] scsi 13:0:0:0: Direct-Access Generic- Compact Flash 1.01 PQ: 0 ANSI: 0
[33300.156223] scsi 13:0:0:1: Direct-Access Multiple Flash Reader 1.05 PQ: 0 ANSI: 0
[33300.157059] sd 13:0:0:0: Attached scsi generic sg4 type 0
[33300.157462] sd 13:0:0:1: Attached scsi generic sg5 type 0
[33300.462115] sd 13:0:0:1: [sdg] 30367744 512-byte logical blocks: (15.5 GB/14.4 GiB)
[33300.464144] sd 13:0:0:1: [sdg] Write Protect is off
[33300.464159] sd 13:0:0:1: [sdg] Mode Sense: 03 00 00 00
[33300.465896] sd 13:0:0:1: [sdg] No Caching mode page found
[33300.465912] sd 13:0:0:1: [sdg] Assuming drive cache: write through
[33300.470489] sd 13:0:0:0: [sdf] Attached SCSI removable disk
[33300.479493] sdg: sdg1
[33300.483566] sd 13:0:0:1: [sdg] Attached SCSI removable disk</screen>
</listitem>
<listitem>
<para>In the above case, the disk that is newly inserted is available as <emphasis>/dev/sdg</emphasis>. Very carefully note this and use it in the copying step below. </para>
</listitem>
</orderedlist>
</listitem>
<listitem>
<para>Decompress the downloaded image using tar: </para>
<screen format="linespecific">$ xz -d freedombox-unstable-free_2015-12-13_cubietruck-armhf.img.xz</screen>
<para>The above command is an example for the <emphasis>cubietruck</emphasis> image built on 2015-12-13. Your downloaded file name will be different. </para>
</listitem>
<listitem>
<para>Copy the image to your card. Double check to make sure you don't write to your computer's main storage (such as /dev/sda). Also make sure that you don't run this step as root to avoid potentially overriding data on your hard drive due to a mistake in identifying the device or errors while typing the command. USB disks and SD cards inserted into the system should typically be write accessible to normal users. If you don't have permission to write to your SD card as a user, you may need to run this command as root. In this case triple check everything before you run the command. Another safety precaution is to unplug all external disks except the SD card before running the command. </para>
<para>For example, if your SD card is <emphasis>/dev/sdg</emphasis> as noted in the first step above, then to copy the image, run: </para>
<screen format="linespecific">$ dd bs=1M if=freedombox-unstable-free_2015-12-13_cubietruck-armhf.img of=/dev/sdg conv=fdatasync</screen>
<para>The above command is an example for the <emphasis>cubietruck</emphasis> image built on 2015-12-13. Your image file name will be different. </para>
<para>When picking a device, use the drive-letter destination, like <emphasis>/dev/sdg</emphasis>, not a numbered destination, like <emphasis>/dev/sdg1</emphasis>. The device without a number refers to the entire device, while the device with a number refers to a specific partition. We want to use the whole device. Downloaded images contain complete information about how many partitions there should be, their sizes and types. You don't have to format your SD card or create partitions. All the data on the SD card will be wiped off during the write process. </para>
</listitem>
<listitem>
<para>Use the image by inserting the SD card or USB disk into the target device and booting from it. Your device should also be prepared (see the <ulink url="https://wiki.debian.org/FreedomBox/Hardware#">Hardware</ulink> section). </para>
</listitem>
<listitem>
<para>Read (the rest of) the <ulink url="https://wiki.debian.org/FreedomBox/Manual#">Manual</ulink> for instructions on how to use applications in FreedomBox. </para>
</listitem>
</orderedlist>
</section>
</section>
</section>
<section>
<title>Apps</title>
<section>
<title>Anonymity Network (Tor)</title>
<section>
<title>What is Tor?</title>
<para>Tor is a network of servers operated by volunteers. It allows users of these servers to improve their privacy and security while surfing on the Internet. You and your friends are able to access to your FreedomBox via Tor network without revealing its IP address. Activating Tor application on your FreedomBox, you will be able to offer remote services (chat, wiki, file sharing, etc...) without showing your location. This application will give you a better protection than a public web server because you will be less exposed to intrusive people on the web. </para>
</section>
<section>
<title>Using Tor to browse anonymously</title>
<para>Tor Browser is the recommended way to browse the web using Tor. You can download the Tor Browser from <ulink url="https://www.torproject.org/projects/torbrowser.html"/> and follow the instructions on that site to install and run it. </para>
</section>
<section>
<title>Using Tor Hidden Service to access your FreedomBox</title>
<para>Tor Hidden Service provides a way to access your FreedomBox, even if it's behind a router or firewall. </para>
<para>To enable Tor Hidden Service, first navigate to the Anonymity Network (Tor) page. (If you don't see it, click on the FreedomBox logo at the top-left of the page, to go to the main Apps page.) On the Anonymity Network (Tor) page, under Configuration, check "Enable Tor Hidden Service", then press the Update setup button. Tor will be reconfigured and restarted. </para>
<para>After a while, the page will refresh and under Status, you will see a table listing the Hidden Service .onion address. Copy the entire address (ending in .onion) and paste it into the Tor Browser's address field, and you should be able to access your FreedomBox. (You may see a certificate warning because FreedomBox has a self-signed certificate.) </para>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/tor_browser_plinth.png" width="400pt"/>
</imageobject>
<textobject>
<phrase>Tor Browser - Plinth</phrase>
</textobject>
</inlinemediaobject>
</para>
<para>Currently only HTTP (port 80), HTTPS (port 443), and SSH (port 22) are accessible through the Tor Hidden Service configured on the FreedomBox. </para>
</section>
<section>
<title>Running a Tor relay</title>
<para>When Tor is installed, it is configured by default to run as a bridge relay. The relay or bridge option can be disabled through the Tor configuration page in Plinth. </para>
<para>At the bottom of the Tor page in Plinth, there is a list of ports used by the Tor relay. If your FreedomBox is behind a router, you will need to configure port forwarding on your router so that these ports can be reached from the public Internet. </para>
</section>
<section>
<title>Using Tor SOCKS port (advanced)</title>
<para>FreedomBox provides a Tor SOCKS port that other applications can connect to, in order to route their traffic over the Tor network. This port is accessible on any interfaces configured in the internal firewall zone. To configure the application, set SOCKS Host to the internal network connection's IP address, and set the SOCKS Port to 9050. </para>
</section>
</section>
<section>
<title>BitTorrent (Transmission)</title>
<section>
<title>What is Transmission ?</title>
<para>BitTorrent is a communications protocol using peer-to-peer (P2P) file sharing. It is not anonymous; you should assume that others can see what files you are sharing. There are two BitTorrent web clients available in FreedomBox: Transmission and <ulink url="https://wiki.debian.org/FreedomBox/Manual/Deluge#">Deluge</ulink>. They have similar features, but you may prefer one over the other. </para>
<para>Transmission is a lightweight BitTorrent client that is well known for its simplicity and a default configuration that "Just Works". </para>
</section>
<section>
<title>Screenshot</title>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/transmission.png" width="400pt"/>
</imageobject>
<textobject>
<phrase>Transmission Web Interface</phrase>
</textobject>
</inlinemediaobject>
</para>
</section>
<section>
<title>Using Transmission</title>
<para>After installing Transmission, it can be accessed at <code>https://&lt;your freedombox&gt;/transmission</code>. When you try to access this page, you will be required to login with a username and password. The default for both is "transmission". You can change the username and password using the configuration form in Plinth. </para>
</section>
<section>
<title>Known Issues</title>
<itemizedlist>
<listitem>
<para>The initial password is shown in the Plinth configuration form in a hashed format. This prevents it from being read or copied. However, after the password is changed, it is shown directly, without hashing. </para>
</listitem>
</itemizedlist>
</section>
</section>
<section>
<title>BitTorrent (Deluge)</title>
<section>
<title>What is Deluge?</title>
<para>BitTorrent is a communications protocol using peer-to-peer (P2P) file sharing. It is not anonymous; you should assume that others can see what files you are sharing. There are two BitTorrent web clients available in FreedomBox: <ulink url="https://wiki.debian.org/FreedomBox/Manual/Transmission#">Transmission</ulink> and Deluge. They have similar features, but you may prefer one over the other. </para>
<para>Deluge is a lightweight BitTorrent client that is highly configurable. Additional functionality can be added by installing plugins. </para>
</section>
<section>
<title>Screenshot</title>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/deluge.png" width="400pt"/>
</imageobject>
<textobject>
<phrase>Deluge Web UI</phrase>
</textobject>
</inlinemediaobject>
</para>
</section>
<section>
<title>Initial Setup</title>
<para>After installing Deluge, it can be accessed by pointing your browser to <code>https://&lt;your freedombox&gt;/deluge</code>. You will need to enter a password to login: </para>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/deluge_login.png"/>
</imageobject>
<textobject>
<phrase>Deluge Login</phrase>
</textobject>
</inlinemediaobject>
</para>
<para>The initial password is "deluge". The first time that you login, Deluge will ask if you wish to change the password. You should change it to something that is harder to guess. </para>
<para>Next you will be shown the connection manager. Click on the first entry (Offline - 127.0.0.1:58846). Then click "Start Daemon" to start the Deluge service that will run in the background. </para>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/deluge_connection_manager.png"/>
</imageobject>
<textobject>
<phrase>Deluge Connection Manager (Offline)</phrase>
</textobject>
</inlinemediaobject>
</para>
<para>Now it should say "Online". Click "Connect" to complete the setup. </para>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/deluge_connection_manager_2.png"/>
</imageobject>
<textobject>
<phrase>Deluge Connection Manager (Online)</phrase>
</textobject>
</inlinemediaobject>
</para>
<para>At this point, you are ready to begin using Deluge. You can make further changes in the Preferences, or add a torrent file or URL. </para>
</section>
</section>
<section>
<title>Block Sandbox (Minetest)</title>
<para>Minetest is a multiplayer infinite-world block sandbox. This module enables the Minetest server to be run on this FreedomBox, on the default port (30000). To connect to the server, a <ulink url="http://www.minetest.net/downloads/">Minetest client</ulink> is needed. </para>
<section>
<title>Port Forwarding</title>
<para>If your FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports for Minetest: </para>
<itemizedlist>
<listitem>
<para>UDP 30000 </para>
</listitem>
</itemizedlist>
</section>
</section>
<section>
<title>Calendar and Addressbook (Radicale)</title>
<para>With Radicale, you can synchronize your personal calendars, ToDo lists, and addressbooks with your various computers, tablets, and smartphones, and share them with friends, without letting third parties know your personal schedule or contacts. </para>
<section>
<title>Why should I run Radicale?</title>
<para>Using Radicale, you can get rid of centralized services like Google Calendar or Apple Calendar (iCloud) data mining your events and social connections. </para>
</section>
<section>
<title>How to setup Radicale?</title>
<para>First, the Radicale server needs to be activated on your box. </para>
<itemizedlist>
<listitem>
<para>Within Plinth </para>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>select <emphasis>Applications</emphasis> </para>
</listitem>
<listitem>
<para>go to <emphasis>Calendar and Addressbook (Radicale)</emphasis> and </para>
</listitem>
<listitem>
<para>install the application. After the installation is complete, make sure the application is marked "enabled" in the FreedomBox interface. Enabling the application launches the Radicale CalDAV/CardDAV server. </para>
</listitem>
<listitem>
<para>define the access rights: </para>
<itemizedlist>
<listitem>
<para>Only the owner of a calendar/addressbook can view or make changes </para>
</listitem>
<listitem>
<para>Any user can view any calendar/addressbook, but only the owner can make changes </para>
</listitem>
<listitem>
<para>Any user can view or make changes to any calendar/addressbook </para>
</listitem>
</itemizedlist>
</listitem>
</orderedlist>
</listitem>
</itemizedlist>
<para>Note, that only users with a FreedomBox login can access Radicale. </para>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/Radicale-Plinth.png"/>
</imageobject>
<textobject>
<phrase>Radicale-Plinth.png</phrase>
</textobject>
</inlinemediaobject>
</para>
<para>If you want to share a calendar with only some users, the simplest approach is to create an additional user-name for these users and to share that user-name and password with them. </para>
<para>Radicale does not have a user interface. An external <ulink url="http://radicale.org/user_documentation/#idcaldav-and-carddav-clients">supported client application</ulink> is needed. </para>
<para>Now open your client application to create new calendar and address books that will use your FreedomBox and Radicale server. The Radicale website provides <ulink url="http://radicale.org/user_documentation/#idstarting-the-client">tutorials to setup</ulink> a large selection of clients. Below are the steps for two examples: </para>
<itemizedlist>
<listitem>
<para>Example of setup with Evolution client: </para>
<itemizedlist>
<listitem>
<para>Calendar </para>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>Create a new calendar </para>
</listitem>
<listitem>
<para>For "Type," select "CalDAV" </para>
</listitem>
<listitem>
<para>When "CalDAV" is selected, additional options will appear in the dialogue window. </para>
</listitem>
<listitem>
<para>URL: <code>https://IP</code> <emphasis>address or domain for your server</emphasis>/radicale/<emphasis>user</emphasis>/<emphasis>contact file name</emphasis>.ics/. Items in <emphasis>italics</emphasis> need to be changed to match your settings. </para>
<itemizedlist>
<listitem>
<para>note the trailing <code>/</code> in the path, it is important. </para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Select/check "Use a secure connection." </para>
</listitem>
<listitem>
<para>Name the calendar </para>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/Radicale-Evolution-Docu.png"/>
</imageobject>
<textobject>
<phrase>Radicale-Evolution-Docu.png</phrase>
</textobject>
</inlinemediaobject>
</para>
</listitem>
</orderedlist>
</listitem>
<listitem>
<para>TODO/Tasks list: Adding a TODO/Tasks list is basically the same as a calendar. </para>
</listitem>
<listitem>
<para>Contacts </para>
<itemizedlist>
<listitem>
<para>Follow the same steps described above and replace CalDAV with WebDAV. The extension of the address book will be .vcf. </para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Android </para>
<itemizedlist>
<listitem>
<para>There are various Apps that allow the integration of the *radicale* server. This example uses DAVdroid, which is available e.g. on <ulink url="https://f-droid.org/repository/browse/?fdid=at.bitfire.davdroid">F-Droid</ulink>. </para>
</listitem>
<listitem>
<para>If you intend to use ToDo-Lists as well, the compatible app <ulink url="https://f-droid.org/repository/browse/?fdid=org.dmfs.tasks">OpenTasks</ulink> has to be installed first. </para>
</listitem>
<listitem>
<para>Install DAVdroid </para>
</listitem>
<listitem>
<para>Create an account in DAVdroid with the same settings as described for Evolution </para>
</listitem>
<listitem>
<para>Click the newly created account and synchronize. </para>
</listitem>
<listitem>
<para>The settings, such as periodicity of synchronization, can be adjusted. </para>
</listitem>
<listitem>
<para>A contact or calendar file, that was created before appears. </para>
</listitem>
<listitem>
<para>Enable it. </para>
</listitem>
<listitem>
<para>It may take some minutes before e.g. the calendar is visible in your calendar app. </para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</section>
<section>
<title>Advanced Users</title>
<section>
<title>Sharing resources</title>
<para>Above was shown an easy way to create a resource for a group of people by creating a dedicated account for all. Here will be described an alternative method where two users <code>User1</code> and <code>User2</code> are granted access to a calendar. This requires SSH-access to the FreedomBox. </para>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>create a file <code>/etc/radicale/rights</code> </para>
<itemizedlist>
<listitem override="none">
<screen format="linespecific">[friends_calendar]
user: ^(User1|User2)$
collection: ^.*/calendar_of_my_friends.ics$
permission: rw
# Give write access to owners
[owner-write]
user: .+
collection: ^%(login)s/.+$
permission: rw</screen>
</listitem>
<listitem>
<para><code>[friends_calendar]</code> is just an identifier, can be any name. </para>
</listitem>
<listitem>
<para>The <code>[owner-write]</code> section makes sure that owners have access to their own files </para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>edit file <code>/etc/radicale/config</code> and make the following changes in section <code>[rights)</code> </para>
<itemizedlist>
<listitem override="none">
<screen format="linespecific">[rights]
type = from_file
file = /etc/radicale/rights</screen>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Restart the radicale server or the FreedbomBox </para>
</listitem>
</orderedlist>
</section>
<section>
<title>Importing files</title>
<para>If you are using a contacts file exported from another service or application, it should be copied to: /var/lib/radicale/collections/<emphasis>user</emphasis>/<emphasis>contact file name</emphasis>.vcf. </para>
</section>
</section>
</section>
<section>
<title>Chat Server (XMPP)</title>
<section>
<title>What is XMPP?</title>
<para>XMPP is a federated protocol for Instant Messaging. This means that users who have accounts on one server, can talk to users that are on another server. XMPP can also be used for voice and video calls, if supported by the clients. </para>
<para>With XMPP, there are two ways that conversations can be secured: </para>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>TLS: This secures the connection between the client and server, or between two servers. This should be supported by all clients and is highly recommended. </para>
</listitem>
<listitem>
<para>End-to-end: This secures the messages sent from one client to another, so that even the server cannot see the contents. The latest and most convenient protocol is called OMEMO, but it is only supported by a few clients. There is another protocol called OTR that may be supported by some clients that lack OMEMO support. Both clients must support the same protocol for it to work. </para>
</listitem>
</orderedlist>
</section>
<section>
<title>Setting the Domain Name</title>
<para>For XMPP to work, your FreedomBox needs to have a Domain Name that can be accessed over the public Internet. You can read more about obtaining a Domain Name in the <ulink url="https://wiki.debian.org/FreedomBox/Manual/DynamicDNS#">Dynamic DNS section of this manual</ulink>. </para>
<para>Once you have a Domain Name, you can tell your FreedomBox to use it by setting the Domain Name in the System <ulink url="https://wiki.debian.org/FreedomBox/Manual/Configure#">Configuration</ulink>. </para>
<itemizedlist>
<listitem>
<para>Note: After changing your Domain Name, the Chat Server (XMPP) page may show that the service is not running. After a minute or so, it should be up and running again. </para>
</listitem>
</itemizedlist>
<para>Please note that <ulink url="https://wiki.debian.org/Pagekite#">Pagekite</ulink> does not support the XMPP protocol at this time. </para>
</section>
<section>
<title>Registering XMPP users through SSO</title>
<para>Currently, all users created through Plinth will be able to login to the XMPP server. You can add new users through the System Users and Groups module. It does not matter which Groups are selected for the new user. </para>
</section>
<section>
<title>Using the web client</title>
<para>After the XMPP module install completes, the JSXC web client for XMPP can be accessed at <code>https://&lt;your freedombox&gt;/plinth/apps/xmpp/jsxc/</code>. It will automatically check the BOSH server connection to the configured domain name. </para>
</section>
<section>
<title>Using a desktop or mobile client</title>
<para><ulink url="https://xmpp.org/software/clients.html">XMPP clients</ulink> are available for various desktop and mobile platforms. </para>
</section>
<section>
<title>Port Forwarding</title>
<para>If your FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports for XMPP: </para>
<itemizedlist>
<listitem>
<para>TCP 5222 (client-to-server) </para>
</listitem>
<listitem>
<para>TCP 5269 (server-to-server) </para>
</listitem>
</itemizedlist>
</section>
</section>
<section>
<title>Email Client (Roundcube)</title>
<section>
<title>What is Roundcube?</title>
<para>Roundcube is a browser-based multilingual email client with an application-like user interface. Roundcube is using the Internet Message Access Protocol (IMAP) to access e-mail on a remote mail server. It supports MIME to send files, and provides particularly address book, folder management, message searching and spell checking. </para>
</section>
<section>
<title>Using Roundcube</title>
<para>After Roundcube is installed, it can be accessed at <code>https://&lt;your freedombox&gt;/roundcube</code>. </para>
</section>
</section>
<section>
<title>IRC Client (Quassel)</title>
<para><emphasis>Quassel</emphasis> is an IRC application that is split into two parts, a "core" and a "client". This allows the core to remain connected to IRC servers, and to continue receiving messages, even when the client is disconnected. FreedomBox can run the Quassel core service keeping you always online and one or more Quassel clients from a desktop or a mobile device can be used to connect and disconnect from it. </para>
<section>
<title>Why running Quassel?</title>
<para>Many discussions about FreedomBox are being done on the IRC-Channel <code>irc://irc.debian.org/freedombox</code>. If your FreedomBox is running <emphasis>Quassel</emphasis>, it will collect all discussions while you are away, such as responses to your questions. Remember, the FreedomBox project is a worldwide project with people from nearly every time zone. You use your <emphasis>client</emphasis> to connect to the <emphasis>Quassel</emphasis> core to read and respond whenever you have time and are available. </para>
</section>
<section>
<title>How to setup Quassel?</title>
<itemizedlist>
<listitem>
<para>Within Plinth </para>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>select <emphasis>Applications</emphasis> </para>
</listitem>
<listitem>
<para>go to <emphasis>IRC Client (Quassel)</emphasis> and </para>
</listitem>
<listitem>
<para>install the application and make sure it is enabled </para>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/Quassel_Installation.png"/>
</imageobject>
<textobject>
<phrase>Quassel_Installation.png</phrase>
</textobject>
</inlinemediaobject>
</para>
</listitem>
<listitem>
<para>now your Quassel core is running </para>
</listitem>
</orderedlist>
</listitem>
<listitem>
<para>Configure in your router port forwarding for port <code>4242</code> </para>
<itemizedlist>
<listitem>
<para>on my device, this setting can be found in the section <emphasis>Network &gt; NAT &amp; Port rules &gt; Port Forwarding</emphasis> </para>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/Quassel_PortForwarding.png"/>
</imageobject>
<textobject>
<phrase>Quassel_PortForwarding.png</phrase>
</textobject>
</inlinemediaobject>
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</section>
<section>
<title>Clients</title>
<para>Clients to connect to Quassel from your <ulink url="http://quassel-irc.org/downloads">desktop</ulink> and <ulink url="http://quasseldroid.iskrembilen.com/">mobile</ulink> devices are available. </para>
<para>In a Debian system, you can e.g. use <ulink url="https://packages.debian.org/search?keywords=quassel-client">quassel-client</ulink> </para>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>With the first start you create a user-ID you want to use in your IRC channel </para>
</listitem>
<listitem>
<para>Configure the network connection, e.g. server <code>irc.debian.org/freedombox</code> </para>
</listitem>
<listitem>
<para>Communication takes place in a channel, e.g. <code>freedombox</code> </para>
</listitem>
<listitem>
<para>Add a core </para>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>Chose an account name </para>
</listitem>
<listitem>
<para>Computer name is the DNS name to access your FreedomBox </para>
</listitem>
<listitem>
<para>Port: 4242 </para>
</listitem>
<listitem>
<para>User and password </para>
</listitem>
</orderedlist>
</listitem>
</orderedlist>
<para>For Android devices you may use e.g. <emphasis>Quasseldroid</emphasis> from <ulink url="https://f-droid.org/repository/browse/?fdfilter=quassel&amp;fdid=com.iskrembilen.quasseldroid">F-Droid</ulink> </para>
<itemizedlist>
<listitem>
<para>enter core, username etc. as above </para>
<itemizedlist>
<listitem override="none">
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/Quasseldroid.png"/>
</imageobject>
<textobject>
<phrase>Quasseldroid.png</phrase>
</textobject>
</inlinemediaobject>
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
<para>By the way, the German verb <emphasis>quasseln</emphasis> means <emphasis>talking a lot</emphasis>, to <emphasis>jabber</emphasis>. </para>
</section>
</section>
<section>
<title>News Feed Reader (Tiny Tiny RSS)</title>
<para>Tiny Tiny RSS is a news feed (RSS/Atom) reader and aggregator, designed to allow reading news from any location, while feeling as close to a real desktop application as possible. </para>
<para>When enabled, Tiny Tiny RSS will be available from <emphasis>/tt-rss</emphasis> path on the web server. Any user created through Plinth will be able to login and use this app. </para>
<section>
<title>Screenshot</title>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/ttrss.png" width="400pt"/>
</imageobject>
<textobject>
<phrase>Tiny Tiny RSS</phrase>
</textobject>
</inlinemediaobject>
</para>
</section>
</section>
<section>
<title>SIP Server (repro)</title>
<para>repro is a server for SIP, a standard that enables Voice-over-IP calls. A desktop or mobile SIP client is required to use repro. </para>
<section>
<title>How to set up the SIP server</title>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>Configure the domain at /repro/domains.html on the FreedomBox. </para>
<itemizedlist>
<listitem override="none">
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/repro_domains.png" width="400pt"/>
</imageobject>
<textobject>
<phrase>Repro Domains</phrase>
</textobject>
</inlinemediaobject>
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Add users at /repro/addUser.html. </para>
<itemizedlist>
<listitem override="none">
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/repro_users.png" width="400pt"/>
</imageobject>
<textobject>
<phrase>Repro Users</phrase>
</textobject>
</inlinemediaobject>
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Disable and re-enable the repro application in Plinth. </para>
</listitem>
</orderedlist>
</section>
<section>
<title>Port Forwarding</title>
<para>If your FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports for repro: </para>
<itemizedlist>
<listitem>
<para>TCP 5060 </para>
</listitem>
<listitem>
<para>TCP 5061 </para>
</listitem>
<listitem>
<para>UDP 5060 </para>
</listitem>
<listitem>
<para>UDP 5061 </para>
</listitem>
</itemizedlist>
</section>
</section>
<section>
<title>Virtual Private Network (OpenVPN)</title>
<section>
<title>What is OpenVPN?</title>
<para>OpenVPN provides to your FreedomBox a virtual private network service. You can use this software for remote access, site-to-site VPNs and Wi-Fi security. OpenVPN includes support for dynamic IP addresses and NAT. </para>
</section>
<section>
<title>Setting up</title>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>In Plinth apps menu, select <emphasis>Virtual Private Network (OpenVPN)</emphasis> and click Install. </para>
</listitem>
<listitem>
<para>After the module is installed, there is an additional setup step that may take a long time to complete. Click "Start setup" to begin. </para>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/plinth_openvpn.png"/>
</imageobject>
<textobject>
<phrase>plinth_openvpn.png</phrase>
</textobject>
</inlinemediaobject>
</para>
</listitem>
<listitem>
<para>Wait for the setup to finish. This could take a while. </para>
</listitem>
<listitem>
<para>Once the setup of the OpenVPN server is complete, you can download your profile. This will download a file called &lt;USER&gt;.ovpn, where &lt;USER&gt; is the name of a FreedomBox user. Each FreedomBox user will be able to download a different profile. </para>
</listitem>
<listitem>
<para>The ovpn file contains all the information a vpn client needs to connect to the server. </para>
</listitem>
<listitem>
<para>If you are behind a modem, you may have to change the ip address (if not, you can skip this step). Open the ovpn file in any text editor. The second line shows the IP address or hostname the client will try to connect to. This should be your WAN IP address or your hostname. This line also contains the port number, 1194 being the default. You may have to open this port on your modem and enable port forwarding. </para>
</listitem>
</orderedlist>
<screen format="linespecific">client
remote mybox.sds-ip.de 1194
proto udp</screen>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>Install an OpenVPN client for your system </para>
</listitem>
<listitem>
<para>Open the ovpn file with the OpenVPN client. </para>
</listitem>
<listitem>
<para>Try to ping the FreedomBox or other devices on the local network. </para>
</listitem>
</orderedlist>
</section>
<section>
<title>External Links</title>
<para>
<ulink url="https://openvpn.net/index.php/open-source/overview.html"/>
</para>
</section>
</section>
<section>
<title>Voice Chat (Mumble)</title>
<section>
<title>What is Mumble?</title>
<para>Mumble is a voice chat software. Primarily intended for use while gaming, it is suitable for simple talking with high audio quality, noise suppression, encrypted communication, public/private-key authentication by default, and "wizards" to configure your microphone for instance. A user can be marked as a "priority speaker" within a channel. </para>
</section>
<section>
<title>Using Mumble</title>
<para>FreedomBox includes the Mumble server. <ulink url="https://wiki.mumble.info/wiki/Main_Page">Clients</ulink> are available for desktop and mobile platforms. Users can download one of these clients and connect to the server. </para>
</section>
<section>
<title>Port Forwarding</title>
<para>If your FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports for Mumble: </para>
<itemizedlist>
<listitem>
<para>TCP 64738 </para>
</listitem>
<listitem>
<para>UDP 64738 </para>
</listitem>
</itemizedlist>
</section>
</section>
<section>
<title>Web Proxy (Privoxy)</title>
<para>A web proxy acts as a filter for incoming and outgoing internet traffic. Thus, you can instruct any computer in your network to pass internet traffic through the proxy to remove unwanted ads and tracking mechanisms. </para>
<para>Privoxy is a software for security, privacy, and accurate control over the web. It provides a much more powerful web proxy (and anonymity on the web) than what your browser can offer. Privoxy "is a proxy that is primarily focused on privacy enhancement, ad and junk elimination and freeing the user from restrictions placed on his activities" (source: <ulink url="http://www.privoxy.org/faq/index.html">Privoxy FAQ</ulink>). </para>
<section>
<title>Screencast</title>
<para>Watch the <ulink url="https://wiki.debian.org/FreedomBox/Manual/Privoxy?action=AttachFile&amp;do=get&amp;target=Privoxy_Installation.webm">screencast</ulink> on how to setup and use Privoxy in FreedomBox. </para>
</section>
<section>
<title>Setting up</title>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>In Plinth install <emphasis>Web Proxy (Privoxy)</emphasis> </para>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/Privoxy-Installation.png"/>
</imageobject>
<textobject>
<phrase>Privoxy-Installation.png</phrase>
</textobject>
</inlinemediaobject>
</para>
</listitem>
<listitem>
<para>Adapt your browser proxy settings to your FreedomBox hostname (or IP address) with port 8118. Please note that Privoxy can only proxy HTTP and HTTPS traffic. It will not work with FTP or other protocols. </para>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/Privoxy-BrowserSettings.png"/>
</imageobject>
<textobject>
<phrase>Privoxy-BrowserSettings.png</phrase>
</textobject>
</inlinemediaobject>
</para>
</listitem>
<listitem>
<para>Go to page <ulink url="http://config.privoxy.org/"/> or <ulink url="http://p.p"/>. If Privoxy is installed properly, you will be able to configure it in detail; if not you will see an error message. </para>
</listitem>
<listitem>
<para>If you are using a laptop that occasionally has to connect through other routers than yours with the FreedomBox and Privoxy, you may want to install a proxy switch add-on that allows you to easily turn the proxy on or off. </para>
</listitem>
</orderedlist>
</section>
<section>
<title>Advanced Users</title>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>The default installation should provide a reasonable starting point for most. There will undoubtedly be occasions where you will want to adjust the configuration, that can be dealt with as the need arises. </para>
</listitem>
<listitem>
<para>While using Privoxy, you can see its configuration details and documentation at <ulink url="http://config.privoxy.org/"/> or <ulink url="http://p.p"/>. </para>
</listitem>
<listitem>
<para>To enable changing these configurations, you first have to change the value of <code>enable-edit-actions</code> in <code>/etc/privoxy/config</code> to <code>1</code>. Before doing so, read carefully the manual, especially: </para>
<itemizedlist>
<listitem override="none">
<para>
<emphasis>Access to the editor can not be controlled separately by "ACLs" or HTTP authentication, so that everybody who can access Privoxy can modify its configuration for all users. This option is not recommended for environments with untrusted users. Note that malicious client side code (e.g Java) is also capable of using the actions editor and you shouldn't enable this options unless you understand the consequences and are sure your browser is configured correctly.</emphasis>
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Now you find an <code>EDIT</code> button on the configuration screen in <code>http://config.privoxy.org/</code>. </para>
</listitem>
<listitem>
<para>The <ulink url="http://www.privoxy.org/user-manual/quickstart.html">Quickstart</ulink> is a good starting point to read on how to define own blocking and filtering rules. </para>
</listitem>
</orderedlist>
</section>
</section>
<section>
<title>Wiki and Blog (Ikiwiki)</title>
<section>
<title>What is Ikiwiki?</title>
<para>Ikiwiki converts wiki pages into HTML pages suitable for publishing on a website. It provides particularly blogging, podcasting, calendars and a large selection of plugins. </para>
</section>
<section>
<title>Quick Start</title>
<para>After the app installation on your box administration interface: </para>
<itemizedlist>
<listitem>
<para>Go to "Create" section and create a wiki or a blog </para>
</listitem>
<listitem>
<para>Go back to "Configure" section and click on /ikiwiki link </para>
</listitem>
<listitem>
<para>Click on your new wiki or blog name under "Parent directory" </para>
</listitem>
<listitem>
<para>Enjoy your new publication page. </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Creating a wiki or blog</title>
<para>You can create a wiki or blog to be hosted on your FreedomBox through the Wiki &amp; Blog (Ikiwiki) page in Plinth. The first time you visit this page, it will ask to install packages required by Ikiwiki. </para>
<para>After the package install has completed, select the Create tab. You can select the type to be Wiki or Blog. Also type in a name for the wiki or blog, and the username and password for the wiki's/blog's admin account. Then click Update setup and you will see the wiki/blog added to your list. Note that each wiki/blog has its own admin account. </para>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/ikiwiki_create.png" width="400pt"/>
</imageobject>
<textobject>
<phrase>ikiwiki: Create</phrase>
</textobject>
</inlinemediaobject>
</para>
</section>
<section>
<title>Accessing your wiki or blog</title>
<para>From the Wiki &amp; Blog (Ikiwiki) page, select the Manage tab and you will see a list of your wikis and blogs. Click a name to navigate to that wiki or blog. </para>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/ikiwiki_manage.png" width="400pt"/>
</imageobject>
<textobject>
<phrase>ikiwiki: Manage</phrase>
</textobject>
</inlinemediaobject>
</para>
<para>From here, if you click Edit or Preferences, you will be taken to a login page. To log in with the admin account that you created before, select the Other tab, enter the username and password, and click Login. </para>
</section>
<section>
<title>User login through SSO</title>
<para>Besides the wiki/blog admin, other FreedomBox users can be given access to login and edit wikis and blogs. However, they will not have all the same permissions as the wiki admin. They can add or edit pages, but cannot change the wiki's configuration. </para>
<para>To add a wiki user, go to the Users and Groups page in Plinth (under System configuration, the gear icon at the top right corner of the page). Create or modify a user, and add them to the wiki group. (Users in the admin group will also have wiki access.) </para>
<para>To login as a FreedomBox user, go to the wiki/blog's login page and select the Other tab. Then click the "Login with HTTP auth" button. The browser will show a popup dialog where you can enter the username and password of the FreedomBox user. </para>
</section>
<section>
<title>Adding FreedomBox users as wiki admins</title>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>Login to the wiki, using the admin account that was specified when the wiki was created. </para>
</listitem>
<listitem>
<para>Click "Preferences", then "Setup". </para>
</listitem>
<listitem>
<para>Under "main", in the "users who are wiki admins", add the name of a user on the FreedomBox. </para>
</listitem>
<listitem>
<para>(Optional) Under "auth plugin: passwordauth", uncheck the "enable passwordauth?" option. (Note: This will disable the old admin account login. Only SSO login using HTTP auth will be possible.) </para>
</listitem>
<listitem>
<para>Click "Save Setup". </para>
</listitem>
<listitem>
<para>Click "Preferences", then "Logout". </para>
</listitem>
<listitem>
<para>Login as the new admin user using "Login with HTTP auth". </para>
</listitem>
</orderedlist>
</section>
</section>
</section>
<section>
<title>System</title>
<section>
<title>Configure</title>
<para>Configure covers a couple of general topics: </para>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>Hostname </para>
<itemizedlist>
<listitem override="none">
<para>Hostname is the local name by which other devices on the local network can reach your FreedomBox. Default is <emphasis>freedombox</emphasis>. </para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Domain Name </para>
<itemizedlist>
<listitem override="none">
<para>Domain name is the global name by which other devices on the Internet can reach your FreedomBox. The value set here is used by the <ulink url="https://wiki.debian.org/FreedomBox/Manual/XMPP#">Chat Server (XMPP)</ulink>, <ulink url="https://wiki.debian.org/FreedomBox/Manual/LetsEncrypt#">Certificates (Let's Encrypt)</ulink>, and <ulink url="https://wiki.debian.org/FreedomBox/Manual/Monkeysphere#">Monkeysphere</ulink>. </para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Language </para>
<itemizedlist>
<listitem override="none">
<para>Language for the web administration interface Plinth </para>
</listitem>
</itemizedlist>
</listitem>
</orderedlist>
</section>
<section>
<title>Date &amp; Time</title>
<para>This network time server is a program that maintains the system time in synchronization with servers on the Internet. </para>
<para>You can select your time zone by picking a big city nearby (they are sorted by <emphasis>Continent/City</emphasis>) or select directly the zone with respect to GMT (Greenwich Mean Time). </para>
</section>
<section>
<title>Diagnostics</title>
<para>The system diagnostic test will run a number of checks on your system to confirm that applications and services are working as expected. </para>
<para>Just click <emphasis>Run Diagnostics</emphasis>. This may take some minutes. </para>
</section>
<section>
<title>Disks</title>
<para><emphasis>Disks</emphasis> shows free space of mounted partitions. </para>
<para>If there is some free space left after the root partition, the option to expand the root partition is also available. </para>
<para>In this example, a 32 GB micro-SD card is being used and the entire space is already allocated. </para>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/Disks.png"/>
</imageobject>
<textobject>
<phrase>Disks.png</phrase>
</textobject>
</inlinemediaobject>
</para>
</section>
<section>
<title>Dynamic DNS Client</title>
<section>
<title>What is Dynamic DNS?</title>
<para>In order to reach a server on the Internet, the server needs to have permanent address also know as the static IP address. Many Internet service providers don't provide home users with a static IP address or they charge more providing a static IP address. Instead they provide the home user with an IP address that changes every time the user connects to the Internet. Clients wishing to contact the server will have difficulty reaching the server. </para>
<para>Dynamic DNS service providers assist in working around a problem. First they provide you with a domain name, such as 'myhost.example.org'. Then they associate your IP address, whenever it changes, with this domain name. Then anyone intending to reach the server will be to contact the server using the domain name 'myhost.example.org' which always points to the latest IP address of the server. </para>
<para>For this to work, every time you connect to the Internet, you will have to tell your Dynamic DNS provider what your current IP address is. Hence you need special software on your server to perform this operation. The Dynamic DNS function in FreedomBox will allow users without a static public IP address to push the current public IP address to a Dynamic DNS Server. This allows you to expose services on FreedomBox, such as ownCloud, to the Internet. </para>
</section>
<section>
<title>GnuDIP vs. Update URL</title>
<para>There are two main mechanism to notify the Dynamic DNS server of your new IP address; using the <emphasis>GnuDIP</emphasis> protocol and using the <emphasis>Update URL</emphasis> mechanism. </para>
<para>If a service provided using update URL is not properly secured using HTTPS, your credentials may be visible to an adversary. Once an adversary gains your credentials, they will be able to replay your request your server and hijack your domain. </para>
<para>On the other hand, the GnuDIP protocol will only transport a salted MD5 value of your password, in a way that is secure against replay attacks. </para>
</section>
<section>
<title>Using the GnuDIP protocol</title>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>Register an account with any Dynamic DNS service provider. A free service provided by the FreedomBox community is available at <ulink url="https://gnudip.datasystems24.net"/> . </para>
</listitem>
<listitem>
<para>In FreedomBox UI, enable the Dynamic DNS Service. </para>
</listitem>
<listitem>
<para>Select <emphasis>GnuDIP</emphasis> as <emphasis>Service type</emphasis>, enter your Dynamic DNS service provider address (for example, gnudip.datasystems24.net) into <emphasis>GnuDIP Server Address</emphasis> field. </para>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/DynamicDNS-Settings.png"/>
</imageobject>
<textobject>
<phrase>DynamicDNS-Settings.png</phrase>
</textobject>
</inlinemediaobject>
</para>
</listitem>
<listitem>
<para>Fill <emphasis>Domain Name</emphasis>, <emphasis>Username</emphasis>, <emphasis>Password</emphasis> information given by your provider into the corresponding fields. </para>
</listitem>
</orderedlist>
</section>
<section>
<title>Using an Update URL</title>
<para>This feature is implemented because the most popular Dynamic DNS providers are using Update URLs mechanism. </para>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>Register an account with a Dynamic DNS service provider providing their service using Update URL mechanism. Some example providers are listed in the configuration page itself. </para>
</listitem>
<listitem>
<para>In FreedomBox UI, enable the Dynamic DNS service. </para>
</listitem>
<listitem>
<para>Select <emphasis>other Update URL</emphasis> as <emphasis>Service type</emphasis>, enter the update URL given by your provider into <emphasis>Update URL</emphasis> field. </para>
</listitem>
<listitem>
<para>If you browse the update URL with your Internet browser and a warning message about untrusted certificate appears, then enable <emphasis>accept all SSL certificates</emphasis>. WARNING: your credentials may be readable here because man-in-the-middle attacks are possible! Consider choosing a better service provider instead. </para>
</listitem>
<listitem>
<para>If you browse the update URL with your Internet browser and the username/password box appears, enable <emphasis>use HTTP basic authentication</emphasis> checkbox and provide the <emphasis>Username</emphasis> and <emphasis>Password</emphasis>. </para>
</listitem>
<listitem>
<para>If the update URL contains your current IP address, replace the IP address with the string <emphasis>&lt;Ip&gt;</emphasis>. </para>
</listitem>
</orderedlist>
</section>
<section>
<title>Checking If It Works</title>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>Make sure that external services you have enabled such as /jwchat, /roundcube and /ikiwiki are available on your domain address. </para>
</listitem>
<listitem>
<para>Go to the <emphasis>Status</emphasis> page, make sure that the NAT type is detected correctly. If your FreedomBox is behind a NAT device, this should be detected over there (Text: <emphasis>Behind NAT</emphasis>). If your FreedomBox has a public IP address assigned, the text should be "Direct connection to the Internet". </para>
</listitem>
<listitem>
<para>Check that the last update status is not <emphasis>failed</emphasis>. </para>
</listitem>
</orderedlist>
</section>
<section>
<title>Recap: How to create a DNS name with GnuDIP</title>
<para>
<remark>to delete or to replace the old text</remark>
</para>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>Access to <ulink url="https://gnudip.datasystems24.net">GnuIP login page</ulink> (answer Yes to all pop ups) </para>
</listitem>
<listitem>
<para>Click on "Self Register" </para>
</listitem>
<listitem>
<para>Fill the registration form (Username and domain will form the public IP address [username.domain]) </para>
</listitem>
<listitem>
<para>Take note of the username/hostname and password that will be used on the FreedomBox app. </para>
</listitem>
<listitem>
<para>Save and return to the GnuDIP login page to verify your username, domain and password (enter the datas, click login). </para>
</listitem>
<listitem>
<para>Login output should display your new domain name along with your current public IP address (this is a unique address provided by your router for all your local devices). </para>
</listitem>
<listitem>
<para>Leave the GnuDIP interface and open the Dynamic DNS Client app page in your FreedomBox. </para>
</listitem>
<listitem>
<para>Click on "Set Up" in the top menu. </para>
</listitem>
<listitem>
<para>Activate Dynamic DNS </para>
</listitem>
<listitem>
<para>Choose GnuDIP service. </para>
</listitem>
<listitem>
<para>Add server address (gnudip.datasystems24.net) </para>
</listitem>
<listitem>
<para>Add your fresh domain name (username.domain, ie [username].freedombox.rocks) </para>
</listitem>
<listitem>
<para>Add your fresh username (the one used in your new IP address) and password </para>
</listitem>
<listitem>
<para>Add your GnuDIP password </para>
</listitem>
<listitem>
<para>Fill the option with <ulink url="http://myip.datasystems24.de"/> (try this url in your browser, you will figure out immediatly) </para>
</listitem>
</orderedlist>
</section>
</section>
<section>
<title>Firewall</title>
<para>Firewall is a network security system that controls the incoming and outgoing network traffic. Keeping a firewall enabled and properly configured reduces risk of security threat from the Internet. </para>
<para>The operation of the firewall in Plinth web interface of FreedomBox is automatic. When you enable a service it is automatically permitted in the firewall and when you disable a service it is automatically disabled in the firewall. For services which are enabled by default on FreedomBox, firewall ports are also enabled by default during the first run process. </para>
<para>Firewall management in FreedomBox is done using <ulink url="https://fedoraproject.org/wiki/FirewallD">FirewallD</ulink>. </para>
<section>
<title>Interfaces</title>
<para>Each interface is needs to be assigned to one (and only one) zone. Whatever rules are in effect for a zone, those rules start to apply for that interface. For example, if HTTP traffic is allowed in a particular zone, then web requests will be accepted on all the addresses configured for all the interfaces assigned to that zone. </para>
<para>There are primarily two firewall zones used. The <code>internal</code> zone is meant for services that are provided to all machines on the local network. This may include services such as streaming media and simple file sharing. The <code>external</code> zone is meant for services that are provided publicly on the Internet. This may include services such as blog, website, email web client etc. </para>
<para>For details on how network interfaces are configured by default, see the <ulink url="https://wiki.debian.org/FreedomBox/Manual/Networks#">Networks</ulink> section. </para>
</section>
<section>
<title>Ports/Services</title>
<para>The following table attempts to document the ports, services and their default statuses in FreedomBox. If you find this page outdated, see the Plinth source for <ulink url="http://sources.debian.net/src/plinth/latest/data/usr/lib/freedombox/first-run.d/90_firewall">lib/freedombox/first-run.d/90_firewall</ulink> and Firewall status page in Plinth UI. </para>
<informaltable>
<tgroup cols="6">
<colspec colname="col_0"/>
<colspec colname="col_1"/>
<colspec colname="col_2"/>
<colspec colname="col_3"/>
<colspec colname="col_4"/>
<colspec colname="col_5"/>
<tbody>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">Service</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">Port</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">External</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">Enabled by default</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">Status shown in Plinth</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">Managed by Plinth</emphasis>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> Minetest </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 30000/udp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_on.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{*}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> XMPP Client </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 5222/tcp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_on.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{*}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> XMPP Server </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 5269/tcp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_on.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{*}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> XMPP Bosh </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 5280/tcp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_on.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{*}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> NTP </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 123/udp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_off.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{o}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> Plinth </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 443/tcp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_on.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{*}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> Quassel </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 4242/tcp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_on.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{*}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> SIP </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 5060/tcp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_on.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{*}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> SIP </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 5060/udp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_on.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{*}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> SIP-TLS </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 5061/tcp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_on.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{*}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> SIP-TLS </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 5061/udp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_on.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{*}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> RTP </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 1024-65535/udp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_on.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{*}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> SSH </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 22/tcp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_on.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{*}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> mDNS </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 5353/udp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_off.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{o}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> Tor (Socks) </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 9050/tcp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_off.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{o}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> Obfsproxy </para>
</entry>
<entry colsep="1" rowsep="1">
<para> &lt;random&gt;/tcp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_on.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{*}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> OpenVPN </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 1194/udp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_on.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{*}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> Mumble </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 64378/tcp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_on.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{*}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> Mumble </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 64378/udp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_on.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{*}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> Privoxy </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 8118/tcp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_off.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{o}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> JSXC </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 80/tcp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_on.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{*}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> JSXC </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 443/tcp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_on.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{*}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> DNS </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 53/tcp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_off.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{o}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> DNS </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 53/tdp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_off.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{o}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> DHCP </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 67/udp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_off.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{o}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> Bootp </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 67/tcp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_off.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{o}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> Bootp </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 67/udp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_off.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{o}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> Bootp </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 68/tcp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_off.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{o}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> Bootp </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 68/udp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_off.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{o}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> LDAP </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 389/tcp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_off.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{o}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> LDAPS </para>
</entry>
<entry colsep="1" rowsep="1">
<para> 636/tcp </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/star_off.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{o}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
</tbody>
</tgroup>
</informaltable>
</section>
<section>
<title>Manual operation</title>
<para>See <ulink url="https://fedoraproject.org/wiki/FirewallD">FirewallD</ulink> documentation for more information on the basic concepts and comprehensive documentation. </para>
<section>
<title>Enable/disable firewall</title>
<para>To disable firewall </para>
<screen format="linespecific">service firewalld stop</screen>
<para>or with systemd </para>
<screen format="linespecific">systemctl stop firewalld</screen>
<para>To re-enable firewall </para>
<screen format="linespecific">service firewalld start</screen>
<para>or with systemd </para>
<screen format="linespecific">systemctl start firewalld</screen>
</section>
<section>
<title>Modifying services/ports</title>
<para>You can manually add or remove a service from a zone. </para>
<para>To see list of services enabled: </para>
<screen format="linespecific">firewall-cmd --zone=&lt;zone&gt; --list-services</screen>
<para>Example: </para>
<screen format="linespecific">firewall-cmd --zone=internal --list-services</screen>
<para>To see list of ports enabled: </para>
<screen format="linespecific">firewall-cmd --zone=&lt;zone&gt; --list-ports</screen>
<para>Example: </para>
<screen format="linespecific">firewall-cmd --zone=internal --list-ports</screen>
<para>To remove a service from a zone: </para>
<screen format="linespecific">firewall-cmd --zone=&lt;zone&gt; --remove-service=&lt;service&gt;
firewall-cmd --permanent --zone=&lt;zone&gt; --remove-service=&lt;interface&gt;</screen>
<para>Example: </para>
<screen format="linespecific">firewall-cmd --zone=internal --remove-service=xmpp-bosh
firewall-cmd --permanent --zone=internal --remove-service=xmpp-bosh</screen>
<para>To remove a port from a zone: </para>
<screen format="linespecific">firewall-cmd --zone=internal --remove-port=&lt;port&gt;/&lt;protocol&gt;
firewall-cmd --permanent --zone=internal --remove-port=&lt;port&gt;/&lt;protocol&gt;</screen>
<para>Example: </para>
<screen format="linespecific">firewall-cmd --zone=internal --remove-port=5353/udp
firewall-cmd --permanent --zone=internal --remove-port=5353/udp</screen>
<para>To add a service to a zone: </para>
<screen format="linespecific">firewall-cmd --zone=&lt;zone&gt; --add-service=&lt;service&gt;
firewall-cmd --permanent --zone=&lt;zone&gt; --add-service=&lt;interface&gt;</screen>
<para>Example: </para>
<screen format="linespecific">firewall-cmd --zone=internal --add-service=xmpp-bosh
firewall-cmd --permanent --zone=internal --add-service=xmpp-bosh</screen>
<para>To add a port to a zone: </para>
<screen format="linespecific">firewall-cmd --zone=internal --add-port=&lt;port&gt;/&lt;protocol&gt;
firewall-cmd --permanent --zone=internal --add-port=&lt;port&gt;/&lt;protocol&gt;</screen>
<para>Example: </para>
<screen format="linespecific">firewall-cmd --zone=internal --add-port=5353/udp
firewall-cmd --permanent --zone=internal --add-port=5353/udp</screen>
</section>
<section>
<title>Modifying the zone of interfaces</title>
<para>You can manually change the assignment of zones of each interfaces after they have been autuomatically assigned by the first boot process. </para>
<para>To see current assignment of interfaces to zones: </para>
<screen format="linespecific">firewall-cmd --list-all-zones</screen>
<para>To remove an interface from a zone: </para>
<screen format="linespecific">firewall-cmd --zone=&lt;zone&gt; --remove-interface=&lt;interface&gt;
firewall-cmd --permanent --zone=&lt;zone&gt; --remove-interface=&lt;interface&gt;</screen>
<para>Example: </para>
<screen format="linespecific">firewall-cmd --zone=external --remove-interface=eth0
firewall-cmd --permanent --zone=external --remove-interface=eth0</screen>
<para>To add an interface to a zone: </para>
<screen format="linespecific">firewall-cmd --zone=&lt;zone&gt; --add-interface=&lt;interface&gt;
firewall-cmd --permanent --zone=&lt;zone&gt; --add-interface=&lt;interface&gt;</screen>
<para>Example: </para>
<screen format="linespecific">firewall-cmd --zone=internal --add-interface=eth0
firewall-cmd --permanent --zone=internal --add-interface=eth0</screen>
</section>
</section>
</section>
<section>
<title>Certificates (Let's Encrypt)</title>
<para>A digital certficate allows users of a web service to verify the identity of the service and to securely communicate with it. FreedomBox can automatically obtain and setup digital certificates for each available domain. It does so by proving itself to be the owner of a domain to Let's Encrypt, a certificate authority (CA). </para>
<para>Let's Encrypt is a free, automated, and open certificate authority, run for the public's benefit by the Internet Security Research Group (ISRG). Please read and agree with the Let's Encrypt Subscriber Agreement before using this service. </para>
<section>
<title>Why using Certificates</title>
<para>The communication with your FreedomBox can be secured so that it is not possible to intercept the content of the web pages viewed and about the content exchanged. </para>
</section>
<section>
<title>How to setup</title>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>If your FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports: </para>
<itemizedlist>
<listitem>
<para>TCP 80 (http) </para>
</listitem>
<listitem>
<para>TCP 443 (https) </para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Make the domain name known: </para>
<itemizedlist>
<listitem>
<para>In <ulink url="https://wiki.debian.org/FreedomBox/Manual/Configure#">Configure</ulink> insert your <emphasis>domain name</emphasis>, e.g. <emphasis><code>MyWebName.com</code></emphasis> <inlinemediaobject><imageobject><imagedata fileref="images/LetsEncrypt-Configure.png"/></imageobject><textobject><phrase>LetsEncrypt-Configure.png</phrase></textobject></inlinemediaobject> </para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Verify the domain name was accepted </para>
<itemizedlist>
<listitem>
<para>Check that it is enabled in <ulink url="https://wiki.debian.org/FreedomBox/Manual/NameServices#">Name Services</ulink> <inlinemediaobject><imageobject><imagedata fileref="images/LetsEncrypt-NameServices.png"/></imageobject><textobject><phrase>LetsEncrypt-NameServices.png</phrase></textobject></inlinemediaobject> </para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Go to the Certificates (Let's Encrypt) page, and complete the module install if needed. Then click the "Obtain" button for your domain name. </para>
<itemizedlist>
<listitem>
<para>After some minutes a valid certificate is available </para>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/LetsEncrypt.png"/>
</imageobject>
<textobject>
<phrase>LetsEncrypt.png</phrase>
</textobject>
</inlinemediaobject>
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Verify in your browser by checking <emphasis><code>https://MyWebName.com</code></emphasis> </para>
<itemizedlist>
<listitem override="none">
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/LetsEncrypt-Certificate.png"/>
</imageobject>
<textobject>
<phrase>LetsEncrypt-Certificate.png</phrase>
</textobject>
</inlinemediaobject>
</para>
</listitem>
</itemizedlist>
</listitem>
</orderedlist>
<para>Screencast: <ulink url="https://wiki.debian.org/FreedomBox/Manual/LetsEncrypt?action=AttachFile&amp;do=get&amp;target=Let%27s+Encrypt.webm">Let's Encrypt.webm</ulink> </para>
</section>
<section>
<title>Using</title>
<para>The certificate is valid for 3 months. It is renewed automatically and can also be re-obtained or revoked manually. </para>
<para>With running <emphasis>diagnostics</emphasis> the certificate can also be verified. </para>
</section>
</section>
<section>
<title>Monkeysphere</title>
<para>With Monkeysphere, an OpenPGP key can be generated for each configured domain serving SSH. The OpenPGP public key can then be uploaded to the OpenPGP keyservers. Users connecting to this machine through SSH can verify that they are connecting to the correct host. For users to trust the key, at least one person (usually the machine owner) must sign the key using the regular OpenPGP key signing process. See the <ulink url="http://web.monkeysphere.info/getting-started-ssh/">Monkeysphere SSH documentation</ulink> for more details. </para>
<para>Monkeysphere can also generate an OpenPGP key for each Secure Web Server (HTTPS) certificate installed on this machine. The OpenPGP public key can then be uploaded to the OpenPGP keyservers. Users accessing the web server through HTTPS can verify that they are connecting to the correct host. To validate the certificate, the user will need to install some software that is available on the <ulink url="https://web.monkeysphere.info/download/">Monkeysphere website</ulink>. </para>
</section>
<section>
<title>Name Services</title>
<para>Name Services provides an overview of ways the box can be reached from the public Internet: domain name, Tor hidden service, and Pagekite. For each type of name, it is shown whether the HTTP, HTTPS, and SSH services are enabled or disabled for incoming connections through the given name. </para>
</section>
<section>
<title>Networks</title>
<para>This section describes how networking is setup by default in FreedomBox and how you can customize it. See also the <ulink url="https://wiki.debian.org/FreedomBox/Manual/Firewall#">Firewall</ulink> section for more information on how firewall works. </para>
<section>
<title>Default setup</title>
<para>In a fresh image of FreedomBox, network is not configured at all. When the image is written to an SD card and the device boots, configuration is done. During first boot, FreedomBox setup package detects the networks interfaces and tries to automatically configure them so that FreedomBox is available for further configuration via the web interface from another machine without the need to connect a monitor. Automatic configuration also tries to make FreedomBox useful, out of the box, for the most important scenarios FreedomBox is used for. </para>
<para>There are two scenarios it handles: when is a single ethernet interface and when there are multiple ethernet interfaces. </para>
<section>
<title>Single ethernet interface</title>
<para>When there is only single ethernet interface available on the hardware device, there is not much scope for it to play the role of a router. In this case, the device is assumed to be just another machine in the network. Accordingly, the only available interface is configured to be an <code>internal</code> interface in <code>automatic</code> configuration mode. This means that it connects to the Internet using the configuration provided by a router in the network and also makes all (internal and external) of its services available to all the clients on this network. </para>
</section>
<section>
<title>Multiple ethernet interface</title>
<para>When there are multiple ethernet interfaces available on the hardware device, the device can act as a router. The interfaces are then configured to perform this function. </para>
<para>The first network interface is configured to be an WAN or <code>external</code> interface in automatic configuration mode. This means that it connects to the Internet using network configuration provided by the Internet Service Provider (ISP). Only services that are meant to be provided across the entire Internet (external services) will be exposed on this interface. You must plug your Internet connection into the port of this ethernet interface. If you wish to continue to have your existing router manage the Internet connection for you, then plug a connection from your router to the port on this interface. </para>
<para>The remaining network interfaces are configured for the clients of a router. They are configured as LAN or <code>internal</code> interfaces in <code>shared</code> configuration mode. This means that all the services (both external and internal) services are provided to who ever connects on this interface. Further, the <code>shared</code> mode means that clients will be able to receive details of automatic network connection on this interface. Specifically, DHCP configuration and DNS servers are provided on this interface. The Internet connection available to the device using the first network interface will be <code>shared</code> with clients using this interface. This all means that you can connect your computers to this network interface and they will get automatically configured and will be able to access the Internet via the FreedomBox. </para>
<para>Currently, it is not very clear which interface will be come the WAN interface (and the remaining being LAN interfaces) although the assignment process is deterministic. So, it take a bit of trail and error to figure out which one is which. In future, for each device, this will be well documented. </para>
</section>
<section>
<title>Wi-Fi configuration</title>
<para>All Wi-Fi interfaces are configured to be LAN or <code>internal</code> interfaces in <code>shared</code> configuration mode. They are also configured to become Wi-Fi access points with following details. </para>
<itemizedlist>
<listitem>
<para>Name of the access point will be <code>FreedomBox</code> plus the name of the interface (to handle the case where there are multiple of them). </para>
</listitem>
<listitem>
<para>Password for connecting to the interface will be <code>freedombox123</code>. </para>
</listitem>
</itemizedlist>
</section>
</section>
<section>
<title>Internet Connection Sharing</title>
<para>Although the primary duty of FreedomBox is to provide decentralized services, it can also act like a home router. Hence, in most cases, FreedomBox connects to the Internet and provides other machines in the network the ability to use that Internet connection. FreedomBox can do this in two ways: using a <code>shared</code> mode connection or using an <code>internal</code> connection. </para>
<para>When an interface is set in <code>shared</code> mode, you may connect your machine directly to it. This is either by plugging in an ethernet cable from this interface to your machine or by connecting to a Wi-Fi access point. This case is the simplest to use, as FreedomBox automatically provides your machine with the necessary network configuration. Your machine will automatically connect to FreedomBox provided network and will be able to connect to the Internet given that FreedomBox can itself connect to the Internet. </para>
<para>Sometimes the above setup may not be possible because the hardware device may have only one network interface or for other reasons. Even in this case, your machine can still connect to the Internet via FreedomBox. For this to work, make sure that the network interface that your machine is connecting to is in <code>internal</code> mode. Then, connect your machine to network in which FreedomBox is present. After this, in your machine's network configuration, set FreedomBox's IP address as the gateway. FreedomBox will then accept your network traffic from your machine and send it over to the Internet. This works because network interfaces in <code>internal</code> mode are configured to <code>masquerade</code> packets from local machines to the Internet and receive packets from Internet and forward them back to local machines. </para>
</section>
<section>
<title>Customization</title>
<para>The above default configuration may not be fit for your setup. You can customize the configuration to suit your needs from the <code>Networks</code> area in the 'setup' section of the FreedomBox web interface. </para>
<section>
<title>PPPoE connections</title>
<para>If your ISP does not provide automatic network configuration via DHCP and requires you to connection via PPPoE. To configure PPPoE, remove any network connection existing on an interface and add a PPPoE connection. Here, optionally, provide the account username and password given by your ISP and activate the connection. </para>
</section>
<section>
<title>Connect to Internet via Wi-Fi</title>
<para>By default Wi-Fi devices attached during first boot will be configured as access points. They can be configured as regular Wi-Fi devices instead to connection to a local network or an existing Wi-Fi router. To do this, click on the Wi-Fi connection to edit it. Change the mode to <code>Infrastructure</code> instead of <code>Access Point</code> mode and <code>IPv4 Addressing Method</code> to <code>Automatic (DHCP)</code> instead of <code>Shared</code> mode. Then the SSID provided will mean the Wi-Fi network name you wish to connect to and passphrase will be the used to while making the connection. </para>
</section>
<section>
<title>Adding a new network device</title>
<para>When a new network device is added, network manager will automatically configure it. In most cases this will not work to your liking. Delete the automatic configuration created on the interface and create a new network connection. Select your newly added network interface in the add connection page. </para>
<itemizedlist>
<listitem>
<para>Then set firewall zone to <code>internal</code> and <code>external</code> appropriately. </para>
</listitem>
<listitem>
<para>You can configure the interface to connect to a network or provide network configuration to whatever machine connects to it. </para>
</listitem>
<listitem>
<para>Similarly, if it is a Wi-Fi interface, you can configure it to become a Wi-FI access point or to connect to an existing access points in the network. </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Configuring a mesh network</title>
<para>FreedomBox has rudimentary support for participating in BATMAN-Adv based mesh networks. It is possible to either join an existing network in your area or create a new mesh network and share your Internet connection with the rest of the nodes that join the network. Currently, two connections have to be created and activated manually to join or create a mesh network. </para>
<section>
<title>Joining a mesh network</title>
<para>To join an existing mesh network in your area, first consult the organizers and get information about the mesh network. </para>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>Create a new connection, then select the connection type as <emphasis>Wi-Fi</emphasis>. In the following dialog, provide the following values: </para>
<informaltable>
<tgroup cols="3">
<colspec colname="col_0"/>
<colspec colname="col_1"/>
<colspec colname="col_2"/>
<tbody>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">Field Name</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">Example Value</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">Explanation</emphasis>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>
<emphasis>Connection Name</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para> Mesh Join - BATMAN </para>
</entry>
<entry colsep="1" rowsep="1">
<para> The name must end with 'BATMAN' (uppercase) </para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>
<emphasis>Physical Interface</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para> wlan0 </para>
</entry>
<entry colsep="1" rowsep="1">
<para> The Wi-Fi device you wish to use for joining the mesh network </para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>
<emphasis>Firewall Zone</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para> External </para>
</entry>
<entry colsep="1" rowsep="1">
<para> Since you don't wish that participants in mesh network to use internal services of FreedomBox </para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>
<emphasis>SSID</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para> ch1.freifunk.net </para>
</entry>
<entry colsep="1" rowsep="1">
<para> As provided to you by the operators of the mesh network. You should see this as a network in <emphasis>Nearby Wi-Fi Networks</emphasis> </para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>
<emphasis>Mode</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para> Ad-hoc </para>
</entry>
<entry colsep="1" rowsep="1">
<para> Because this is a peer-to-peer network </para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>
<emphasis>Frequency Band</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para> 2.4Ghz </para>
</entry>
<entry colsep="1" rowsep="1">
<para> As provided to you by the operators of the mesh network </para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>
<emphasis>Channel</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para> 1 </para>
</entry>
<entry colsep="1" rowsep="1">
<para> As provided to you by the operators of the mesh network </para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>
<emphasis>BSSID</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para> 12:CA:FF:EE:BA:BE </para>
</entry>
<entry colsep="1" rowsep="1">
<para> As provided to you by the operators of the mesh network </para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>
<emphasis>Authentication</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para> Open </para>
</entry>
<entry colsep="1" rowsep="1">
<para> Leave this as open, unless you know your mesh network needs it be otherwise </para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>
<emphasis>Passphrase</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1"/>
<entry colsep="1" rowsep="1">
<para> Leave empty unless you know your mesh network requires one </para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>
<emphasis>IPv4 Addressing Method</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para> Disabled </para>
</entry>
<entry colsep="1" rowsep="1">
<para> We don't want to request IP configuration information yet </para>
</entry>
</row>
</tbody>
</tgroup>
</informaltable>
<para>Save the connection. Join the mesh network by activating this newly created connection. </para>
</listitem>
<listitem>
<para>Create a second new connection, then select the connection type as <emphasis>Generic</emphasis>. In the following dialog, provide this following values: </para>
<informaltable>
<tgroup cols="3">
<colspec colname="col_0"/>
<colspec colname="col_1"/>
<colspec colname="col_2"/>
<tbody>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">Field Name</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">Example Value</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">Explanation</emphasis>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>
<emphasis>Connection Name</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para> Mesh Connect </para>
</entry>
<entry colsep="1" rowsep="1">
<para> Any name to identify this connection </para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>
<emphasis>Physical Interface</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para> bat0 </para>
</entry>
<entry colsep="1" rowsep="1">
<para> This interface will only show up after you successfully activate the connection in first step </para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>
<emphasis>Firewall Zone</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para> External </para>
</entry>
<entry colsep="1" rowsep="1">
<para> Since you don't wish that participants in mesh network to use internal services of FreedomBox </para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>
<emphasis>IPv4 Addressing Method</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para> Auto </para>
</entry>
<entry colsep="1" rowsep="1">
<para> Mesh networks usually have a DHCP server somewhere that provide your machine with IP configuration. If not, consult the operator and configure IP address setting accordingly with <emphasis>Manual</emphasis> method </para>
</entry>
</row>
</tbody>
</tgroup>
</informaltable>
<para>Save the connection. Configure your machine for participation in the network by activating this connection. Currently, this connection has to be manually activated every time you need to join the network. In future, FreedomBox will do this automatically. You will now be able reach other nodes in the network. You will also be able to connect to the Internet via the mesh network if there is an Internet connection point somewhere in mesh as setup by the operators. </para>
</listitem>
</orderedlist>
</section>
<section>
<title>Creating a mesh network</title>
<para>To create your own mesh network and share your Internet connection with the rest of the nodes in the network: </para>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>Follow the instructions as provided above in step 1 of <emphasis>Joining a mesh network</emphasis> but choose and fix upon your own valid values for <emphasis>SSID</emphasis> (a name for you mesh network), <emphasis>Frequency Band</emphasis> (usually 2.4Ghz), <emphasis>Channel</emphasis> (1 to 11 in 2.4Ghz band) and <emphasis>BSSID</emphasis> (a hex value like 12:CA:DE:AD:BE:EF). Create this connection and activate it. </para>
</listitem>
<listitem>
<para>Follow the instructions as provided above in step 2 of <emphasis>Joining a mesh network</emphasis> but select <emphasis>IPv4 Addressing Method</emphasis> as <emphasis>Shared</emphasis>. This will provide automatic IP configuration to other nodes in the network as well as share the Internet connection on your machine (achieved using a second Wi-Fi interface, using Ethernet, etc.) with other nodes in the mesh network. </para>
</listitem>
</orderedlist>
<para>Spread the word about your mesh network to your neighbors and let them know the parameters you have provided when creating the network. When other nodes connect to this mesh network, they have to follow steps in <emphasis>Joining a mesh network</emphasis> but use the values for <emphasis>SSID</emphasis>, <emphasis>Frequency Band</emphasis> and <emphasis>Channel</emphasis> that you have chosen when you created the mesh network. </para>
</section>
</section>
</section>
<section>
<title>Manual Network Operation</title>
<para>FreedomBox automatically configures networks by default and provides a simplified interface to customize the configuration to specific needs. In most cases, manual operation is not necessary. The following steps describe how to manually operate network configuration in the event that a user finds FreedomBox interface to insufficient for task at hand or to diagnose a problem that FreedomBox does not identify. </para>
<para>On the command line interface: </para>
<para>For text based user interface for configuring network connections: </para>
<screen format="linespecific">nmtui</screen>
<para>To see the list of available network devices: </para>
<screen format="linespecific">nmcli device</screen>
<para>To see the list of configured connections: </para>
<screen format="linespecific">nmcli connection</screen>
<para>To see the current status of a connection: </para>
<screen format="linespecific">nmcli connection show '&lt;conneciton_name&gt;'</screen>
<para>To see the current firewall zone assigned to a network interface: </para>
<screen format="linespecific">nmcli connection show '&lt;conneciton_name&gt;' | grep zone</screen>
<para>or </para>
<screen format="linespecific">firewall-cmd --zone=internal --list=all
firewall-cmd --zone=external --list=all</screen>
<para>To create a new network connection: </para>
<screen format="linespecific">nmcli con add con-name "&lt;connection_name&gt;" ifname "&lt;interface&gt;" type ethernet
nmcli con modify "&lt;connection_name&gt;" connection.autoconnect TRUE
nmcli con modify "&lt;connection_name&gt;" connection.zone internal</screen>
<para>To change the firewall zone for a connection: </para>
<screen format="linespecific">nmcli con modify "&lt;connection_name&gt;" connection.zone "&lt;internal|external&gt;"</screen>
<para>For more information on how to use <code>nmcli</code> command, see its man page. Also for a full list of configuration settings and type of connections accepted by Network Manager see: </para>
<para>
<ulink url="https://developer.gnome.org/NetworkManager/stable/ref-settings.html"/>
</para>
<para>To see the current status of the firewall and manually operate it, see the <ulink url="https://wiki.debian.org/FreedomBox/Manual/Firewall#">Firewall</ulink> section. </para>
</section>
</section>
<section>
<title>Power</title>
<para>Power provides an easy way to restart or shut down FreedomBox. After you select "Restart" or "Shut Down", you will be asked to confirm. </para>
</section>
<section>
<title>Public Visibility (PageKite)</title>
<section>
<title>What is PageKite?</title>
<para>PageKite makes local websites and services publicly accessible immediately without creating yourself a public IP address. It does this by tunneling protocols such as HTTPS or SSH through firewalls and NAT. Using PageKite requires an account on a PageKite relay service. One such service is <ulink url="https://pagekite.net"/>. </para>
<para>A PageKite relay service will allow you to create kites. Kites are similar to domain names, but with different advantages and drawbacks. A kite can have a number of configured services. PageKite is known to work with HTTP, HTTPS, and SSH, and may work with some other services, but not all. </para>
</section>
<section>
<title>Using PageKite</title>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>Create an account on a PageKite relay service. </para>
</listitem>
<listitem>
<para>Add a kite to your account. Note your kite name and kite secret. </para>
</listitem>
<listitem>
<para>In Plinth, go to the "Configure PageKite" tab on the Public Visibility (PageKite) page. </para>
</listitem>
<listitem>
<para>Check the "Enable PageKite" box, then enter your kite name and kite secret. Click "Save settings". </para>
</listitem>
<listitem>
<para>On the "Standard Services" tab, you can enable HTTP and HTTPS (recommended) and SSH (optional). </para>
<itemizedlist>
<listitem>
<para>HTTP is needed to obtain the Let's Encrypt certificate. You can disable it later. </para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>On the <ulink url="https://wiki.debian.org/FreedomBox/Manual/LetsEncrypt#">Certificates (Let's Encrypt)</ulink> page, you can obtain a Let's Encrypt certificate for your kite name. </para>
</listitem>
</orderedlist>
</section>
</section>
<section>
<title>Secure Shell</title>
<section>
<title>What is Secure Shell?</title>
<para>FreedomBox runs <code>openssh-server</code> server by default allowing remote logins from all interfaces. If your hardware device is connected to a monitor and a keyboard, you may login directly as well. Regular operation of FreedomBox does not require you to use the shell. However, some tasks or identifying a problem may require you to login to a shell. </para>
</section>
<section>
<title>Setting Up A User Account</title>
<section>
<title>Plinth First Log In: Admin Account</title>
<para>When creating an account in Plinth for the first time, this user will automatically have administrator capabilities. <code>Admin</code> users are able to log in using ssh (see Logging In below) and have superuser privileges via sudo. </para>
</section>
<section>
<title>Default User Account</title>
<para>The pre-built FreedomBox images have a default user account called "fbx". However the password is not set for this account, so it will not be possible to log in with this account by default. </para>
<para>There is a script included in the freedom-maker program, that will allow you to set the password for this account, if it is needed. To set a password for the "fbx" user: </para>
<para>1. Decompress the image file. </para>
<para>2. Get a copy of freedom-maker from <ulink url="https://github.com/freedombox/freedom-maker"/>. </para>
<para>3. Run <code>sudo ./bin/passwd-in-image &lt;image-file&gt; fbx</code>. </para>
<para>4. Copy the image file to SD card and boot device as normal. </para>
<para>The "fbx" user also has superuser privileges via sudo. </para>
</section>
</section>
<section>
<title>Logging In</title>
<section>
<title>Local</title>
<para>To login via SSH, to your FreedomBox: </para>
<screen format="linespecific">$ ssh fbx@freedombox</screen>
<para>Replace <code>fbx</code> with the name of the user you wish to login as. <code>freedombox</code> should be replaced with the hostname or IP address of you FreedomBox device as found in the <ulink url="https://wiki.debian.org/FreedomBox/Manual/QuickStart#">Quick Start</ulink> process. </para>
<para><code>fbx</code> is the default user present on FreedomBox with superuser privileges. Any other user created using Plinth and belonging to the group <code>admin</code> will be able to login. The <code>root</code> account has no password set and will not be able to login. Access will be denied to all other users. </para>
<para><code>fbx</code> and users in <code>admin</code> group will also be able to login on the terminal directly. Other users will be denied access. </para>
<para>If you repeatedly try to login as a user and fail, you will be blocked from logging in for some time. This is due to <code>libpam-abl</code> package that FreedomBox installs by default. To control this behavior consult <code>libpam-abl</code> documentation. </para>
</section>
<section>
<title>SSH over Tor</title>
<para>If in Plinth you have enabled hidden services via Tor, you can access your <ulink url="https://wiki.debian.org/FreedomBox#">FreedomBox</ulink> using ssh over Tor. On a GNU/Linux computer, install netcat-openbsd. </para>
<screen format="linespecific">$ sudo apt-get install netcat-openbsd</screen>
<para>Edit ~/.ssh/config to enable connections over Tor. </para>
<screen format="linespecific">$ nano ~/.ssh/config</screen>
<para>Add the following: </para>
<screen format="linespecific">Host *.onion
user USERNAME
port 22
ProxyCommand nc -X 5 -x 127.0.0.1:9050 %h %p</screen>
<para>Replace USERNAME with, e.g., an <code>admin</code> username (see above). </para>
<para>Note that in some cases you may need to replace 9050 with 9150. </para>
<para>Now to connect to the <ulink url="https://wiki.debian.org/FreedomBox#">FreedomBox</ulink>, open a terminal and type: </para>
<screen format="linespecific">$ ssh USERNAME@ADDRESS.onion</screen>
<para>Replace USERNAME with, e.g., an <code>admin</code> username, and ADDRESS with the hidden service address for your <ulink url="https://wiki.debian.org/FreedomBox#">FreedomBox</ulink>. </para>
</section>
</section>
<section>
<title>Becoming Superuser</title>
<para>After logging in, if you want to become the superuser for performing administrative activities: </para>
<screen format="linespecific">$ sudo su</screen>
<para>Make a habit of logging in as root <emphasis>only when you need to</emphasis>. If you aren't logged in as root, you can't accidentally break everything. </para>
<para>
<anchor id="changingpassword"/>
</para>
</section>
<section>
<title>Changing Password</title>
<para>To change the password of a user managed by Plinth, use the change password page. However, the <code>fbx</code> default user is not managed by Plinth and its password cannot be changed in the web interface. </para>
<para>To change password on the terminal, log in to your FreedomBox as the user whose password you want to change. Then, run the following command: </para>
<screen format="linespecific">$ passwd</screen>
<para>This will ask you for your current password before giving you the opportunity to set a new one. </para>
</section>
</section>
<section>
<title>Security</title>
<para>When this option is enabled, only users in the "admin" group will be able to log in to console or via SSH. Console users may be able to access some services without further authorization. </para>
<para>You can define the group of the users in the <ulink url="https://wiki.debian.org/FreedomBox/Manual/Users#">Users</ulink> section. </para>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/Security.png"/>
</imageobject>
<textobject>
<phrase>Security.png</phrase>
</textobject>
</inlinemediaobject>
</para>
</section>
<section>
<title>Service Discovery</title>
<para>Service discovery allows other devices on the network to discover your FreedomBox and services running on it. If a client on the local network supports mDNS, it can find your FreedomBox at &lt;hostname&gt;.local (for example: freedombox.local). </para>
<para>It also allows FreedomBox to discover other devices and services running on your local network. </para>
<para>Service discovery is not essential and works only on internal networks. It may be disabled to improve security especially when connecting to a hostile local network. </para>
</section>
<section>
<title>Software Upgrades</title>
<para>FreedomBox can automatically install security upgrades. On the <emphasis>Upgrades</emphasis> page of the <emphasis>Settings</emphasis> section in Plinth you can turn on automatic upgrades. For FreedomBox versions above 0.5, this feature is enabled by default and there is no manual action necessary. It is strongly recommended that you have this option enabled to keep your FreedomBox secure. </para>
<para>Upgrades are performed every day at night. If you wish to shutdown FreedomBox every day after use, keep it running at night once a week or so to let the automatic upgrades happen. Alternatively, you can perform manual upgrades as described below. </para>
<section>
<title>Manual Upgrades</title>
<para>In the Plinth web interface, you can initiate a manual upgrade process from <emphasis>Upgrades</emphasis> page of the <emphasis>Settings</emphasis> section. Note that once the upgrades start, it may take a long time to complete and Plinth may seem to wait for the page to load. </para>
<para>Under some circumstances, automatic upgrades may fail and require you perform a manual upgrade action. Even upgrades initiated from Plinth may not finish properly. This may be because the upgrade process requires you to make a decision. In these cases, manual upgrade on the terminal may be the only option. </para>
<para>In addition, while the upgrade task is running any application installations will wait until the upgrade task is finished. Depending on the hardware, the upgrade task may take a little time, therefore, giving the impression that the application installation stalled. </para>
<para>To perform manual upgrades on the terminal, login into FreedomBox on a terminal or using a remote secure shell (see <ulink url="https://wiki.debian.org/FreedomBox/Manual/SecureShell#">Secure Shell</ulink> section). Then run the following commands: </para>
<screen format="linespecific">$ sudo su -
Password:
# apt-get update
# apt-get dist-upgrade</screen>
<para>This will ask you if it is alright to install/upgrade (or remove) some packages and use (or release) some disk space. Say <emphasis>yes</emphasis> after review. In some cases, during the upgrades process you will be asked questions about modified configuration files, answering with a default <emphasis>Keep current configuration</emphasis> is usually safe. </para>
</section>
</section>
<section>
<title>Users and Groups</title>
<para>You can grant access to your FreedomBox for other users. Provide the Username with a password and assign a group to it. Currently the groups </para>
<itemizedlist>
<listitem>
<para>admin </para>
</listitem>
<listitem>
<para>wiki </para>
</listitem>
</itemizedlist>
<para>are supported. </para>
<para>The user will be able to log in to services that support single sign-on through LDAP, if they are in the appropriate group. </para>
<para>Users in the admin group will be able to log in to all services. They can also log in to the system through SSH and have administrative privileges (sudo). </para>
<para>These characteristics can also be changed later-on. </para>
<para>It is also possible to set an SSH public key which will allow this user to securely log in to the system without using a password. You may enter multiple keys, one on each line. Blank lines and lines starting with # will be ignored. </para>
<para>A user's account can be deactivated, which will temporarily disable the account. </para>
<section>
<title>Known Issues</title>
<itemizedlist>
<listitem>
<para>Currently, Plinth does not distinguish between users and administrators. Every user added through Plinth will have full access to the Plinth interface. </para>
</listitem>
</itemizedlist>
</section>
</section>
</section>
<section>
<title>Hardware</title>
<para>FreedomBox is designed to be the software for a consumer electronics device that is easy to setup, maintain and use. The project does not aim to create a custom hardware device ourselves, but instead we plan to support/customize exiting hardware. </para>
<para>In addition to supporting various single board computers and other devices, FreedomBox also supports being installed in a virtual machine. Also, any Debian machine can be turned into a FreedomBox by installing the <code>freedombox-setup</code> package. See the <ulink url="https://wiki.debian.org/FreedomBox/Manual#">manual</ulink> for more details. </para>
<section>
<title>Supported Hardware</title>
<section>
<title>Recommended Hardware</title>
<informaltable>
<tgroup cols="3">
<colspec colname="col_0"/>
<colspec colname="col_1"/>
<colspec colname="col_2"/>
<tbody>
<row rowsep="1">
<entry align="center" colsep="1" rowsep="1">
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Hardware/Cubietruck#">
<inlinemediaobject>
<imageobject>
<imagedata depth="103pt" fileref="images/danube_thumb.png" width="117.5pt"/>
</imageobject>
<textobject>
<phrase>FreedomBox Danube Edition</phrase>
</textobject>
</inlinemediaobject>
</ulink>
</para>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Hardware/Cubietruck#">FreedomBox - Danube Edition</ulink>
</para>
<para> (based on Cubietruck) </para>
</entry>
<entry align="center" colsep="1" rowsep="1">
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Hardware/Cubieboard2#">
<inlinemediaobject>
<imageobject>
<imagedata depth="78pt" fileref="images/cubieboard2_thumb.jpg" width="117.5pt"/>
</imageobject>
<textobject>
<phrase>Cubieboard 2</phrase>
</textobject>
</inlinemediaobject>
</ulink>
</para>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Hardware/Cubieboard2#">Cubieboard2</ulink>
</para>
</entry>
<entry align="center" colsep="1" rowsep="1">
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Hardware/BeagleBone#">
<inlinemediaobject>
<imageobject>
<imagedata depth="78.5pt" fileref="images/beagleboard_thumb.jpg" width="117.5pt"/>
</imageobject>
<textobject>
<phrase>BeagleBone Black</phrase>
</textobject>
</inlinemediaobject>
</ulink>
</para>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Hardware/BeagleBone#">BeagleBone Black</ulink>
</para>
</entry>
</row>
<row rowsep="1">
<entry align="center" colsep="1" rowsep="1">
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Hardware/A20-OLinuXino-Lime2#">
<inlinemediaobject>
<imageobject>
<imagedata depth="79.5pt" fileref="images/a20-olinuxino-lime2_thumb.jpg" width="117.5pt"/>
</imageobject>
<textobject>
<phrase>A20 OLinuXino Lime2</phrase>
</textobject>
</inlinemediaobject>
</ulink>
</para>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Hardware/A20-OLinuXino-Lime2#">A20 OLinuXino Lime2</ulink>
</para>
</entry>
<entry align="center" colsep="1" rowsep="1">
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Hardware/A20-OLinuXino-MICRO#">
<inlinemediaobject>
<imageobject>
<imagedata depth="66pt" fileref="images/a20-olinuxino-micro_thumb.jpg" width="117.5pt"/>
</imageobject>
<textobject>
<phrase>A20 OLinuXino MICRO</phrase>
</textobject>
</inlinemediaobject>
</ulink>
</para>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Hardware/A20-OLinuXino-MICRO#">A20 OLinuXino MICRO</ulink>
</para>
</entry>
<entry align="center" colsep="1" rowsep="1">
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Hardware/APU#">
<inlinemediaobject>
<imageobject>
<imagedata depth="78.5pt" fileref="images/apu1d_thumb.jpg" width="117.5pt"/>
</imageobject>
<textobject>
<phrase>PC Engines APU</phrase>
</textobject>
</inlinemediaobject>
</ulink>
</para>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Hardware/APU#">PC Engines APU</ulink>
</para>
</entry>
</row>
<row rowsep="1">
<entry align="center" colsep="1" rowsep="1">
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Hardware/Debian#">
<inlinemediaobject>
<imageobject>
<imagedata depth="100.5pt" fileref="images/debian_thumb.png" width="78pt"/>
</imageobject>
<textobject>
<phrase>Debian</phrase>
</textobject>
</inlinemediaobject>
</ulink>
</para>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Hardware/Debian#">Debian</ulink>
</para>
</entry>
<entry align="center" colsep="1" rowsep="1">
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Hardware/VirtualBox#">
<inlinemediaobject>
<imageobject>
<imagedata depth="77pt" fileref="images/virtualbox_thumb.png" width="117.5pt"/>
</imageobject>
<textobject>
<phrase>VirtualBox</phrase>
</textobject>
</inlinemediaobject>
</ulink>
</para>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Hardware/VirtualBox#">VirtualBox</ulink>
</para>
</entry>
<entry colsep="1" rowsep="1"/>
</row>
</tbody>
</tgroup>
</informaltable>
<section>
<title>Recommended Hardware chart</title>
<informaltable>
<tgroup cols="9">
<colspec colname="col_0"/>
<colspec colname="col_1"/>
<colspec colname="col_2"/>
<colspec colname="col_3"/>
<colspec colname="col_4"/>
<colspec colname="col_5"/>
<colspec colname="col_6"/>
<colspec colname="col_7"/>
<colspec colname="col_8"/>
<tbody>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">Name</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">Speed (GHz)</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">Debian arch</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">Ram (GB)</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">disk (GB)</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">battery</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">SATA</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">Ethernet speed</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">
<ulink url="https://wiki.debian.org/OpenSourceHardware#">OSHW</ulink>
</emphasis>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>APU.1D </para>
</entry>
<entry colsep="1" rowsep="1">
<para>1x2</para>
</entry>
<entry colsep="1" rowsep="1">
<para>amd64 </para>
</entry>
<entry colsep="1" rowsep="1">
<para>2</para>
</entry>
<entry colsep="1" rowsep="1">
<para>-</para>
</entry>
<entry colsep="1" rowsep="1">
<para> - </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>1000x3</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>APU.1D4 </para>
</entry>
<entry colsep="1" rowsep="1">
<para>1x2</para>
</entry>
<entry colsep="1" rowsep="1">
<para>amd64 </para>
</entry>
<entry colsep="1" rowsep="1">
<para>4</para>
</entry>
<entry colsep="1" rowsep="1">
<para>-</para>
</entry>
<entry colsep="1" rowsep="1">
<para> - </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>1000x3</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>BeagleBone Black C </para>
</entry>
<entry colsep="1" rowsep="1">
<para>1 </para>
</entry>
<entry colsep="1" rowsep="1">
<para>armhf/omap </para>
</entry>
<entry colsep="1" rowsep="1">
<para>½</para>
</entry>
<entry colsep="1" rowsep="1">
<para>4</para>
</entry>
<entry colsep="1" rowsep="1">
<para> - </para>
</entry>
<entry colsep="1" rowsep="1">
<para> - </para>
</entry>
<entry colsep="1" rowsep="1">
<para>100 </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>Cubieboard2 </para>
</entry>
<entry colsep="1" rowsep="1">
<para>1x2</para>
</entry>
<entry colsep="1" rowsep="1">
<para>armhf/sunxi </para>
</entry>
<entry colsep="1" rowsep="1">
<para>1</para>
</entry>
<entry colsep="1" rowsep="1">
<para>4</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>100 </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>Cubieboard2-Dual </para>
</entry>
<entry colsep="1" rowsep="1">
<para>1x2</para>
</entry>
<entry colsep="1" rowsep="1">
<para>armhf/sunxi </para>
</entry>
<entry colsep="1" rowsep="1">
<para>1</para>
</entry>
<entry colsep="1" rowsep="1">
<para>-</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>100 </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>Cubieboard3/Cubietruck </para>
</entry>
<entry colsep="1" rowsep="1">
<para>1x2</para>
</entry>
<entry colsep="1" rowsep="1">
<para>armhf/sunxi </para>
</entry>
<entry colsep="1" rowsep="1">
<para>2</para>
</entry>
<entry colsep="1" rowsep="1">
<para>8</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>1000 </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>OLinuXino A20 LIME </para>
</entry>
<entry colsep="1" rowsep="1">
<para>1x2</para>
</entry>
<entry colsep="1" rowsep="1">
<para>armhf/sunxi </para>
</entry>
<entry colsep="1" rowsep="1">
<para>½</para>
</entry>
<entry colsep="1" rowsep="1">
<para>-</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>100 </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>OLinuXino A20 LIME2 </para>
</entry>
<entry colsep="1" rowsep="1">
<para>1x2</para>
</entry>
<entry colsep="1" rowsep="1">
<para>armhf/sunxi </para>
</entry>
<entry colsep="1" rowsep="1">
<para>1</para>
</entry>
<entry colsep="1" rowsep="1">
<para>-</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>1000 </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>OLinuXino A20 MICRO </para>
</entry>
<entry colsep="1" rowsep="1">
<para>1x2</para>
</entry>
<entry colsep="1" rowsep="1">
<para>armhf/sunxi </para>
</entry>
<entry colsep="1" rowsep="1">
<para>1</para>
</entry>
<entry colsep="1" rowsep="1">
<para>-</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>100 </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
</tbody>
</tgroup>
</informaltable>
</section>
</section>
<section>
<title>Also Working Hardware</title>
<para>This hardware works but is not recommended due to freedom, performance-per-cost, or other concerns: </para>
<informaltable>
<tgroup cols="3">
<colspec colname="col_0"/>
<colspec colname="col_1"/>
<colspec colname="col_2"/>
<tbody>
<row rowsep="1">
<entry align="center" colsep="1" rowsep="1">
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Hardware/DreamPlug#">
<inlinemediaobject>
<imageobject>
<imagedata depth="78pt" fileref="images/dreamplug_thumb.jpg" width="117.5pt"/>
</imageobject>
<textobject>
<phrase>DreamPlug</phrase>
</textobject>
</inlinemediaobject>
</ulink>
</para>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Hardware/DreamPlug#">DreamPlug</ulink>
</para>
</entry>
<entry align="center" colsep="1" rowsep="1">
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Hardware/RaspberryPi#">
<inlinemediaobject>
<imageobject>
<imagedata depth="79pt" fileref="images/raspberry_thumb.jpg" width="117.5pt"/>
</imageobject>
<textobject>
<phrase>Raspberry Pi</phrase>
</textobject>
</inlinemediaobject>
</ulink>
</para>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Hardware/RaspberryPi#">Raspberry Pi</ulink>
</para>
</entry>
<entry align="center" colsep="1" rowsep="1">
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Hardware/RaspberryPi2#">
<inlinemediaobject>
<imageobject>
<imagedata depth="78.5pt" fileref="images/raspberry2_thumb.jpg" width="117.5pt"/>
</imageobject>
<textobject>
<phrase>Raspberry Pi 2</phrase>
</textobject>
</inlinemediaobject>
</ulink>
</para>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Hardware/RaspberryPi2#">Raspberry Pi 2</ulink>
</para>
</entry>
</row>
<row rowsep="1">
<entry align="center" colsep="1" rowsep="1">
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Hardware/RaspberryPi3#">
<inlinemediaobject>
<imageobject>
<imagedata depth="77.5pt" fileref="images/raspberrypi3_thumb.jpg" width="117.5pt"/>
</imageobject>
<textobject>
<phrase>Raspberry Pi 3</phrase>
</textobject>
</inlinemediaobject>
</ulink>
</para>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Hardware/RaspberryPi3#">Raspberry Pi 3</ulink>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>.</para>
</entry>
<entry colsep="1" rowsep="1">
<para>.</para>
</entry>
</row>
</tbody>
</tgroup>
</informaltable>
<para><emphasis>Note</emphasis>: As FreedomBox is currently in the development stage, <emphasis>Supported Hardware</emphasis> means that FreedomBox images are built for said hardware and at least one developer has reported the basic functions to be working. </para>
</section>
</section>
<section>
<title>Targeted Hardware</title>
<section>
<title>List of Targeted Hardware</title>
<para>Although the project may focus on supporting specific devices, we are looking to support as much hardware as possible given that it is suitable for FreedomBox's needs. Take a look at the list of <ulink url="https://wiki.debian.org/FreedomBox/TargetedHardware#">targeted hardware</ulink> for more information. </para>
</section>
<section>
<title>Adding Hardware Support</title>
<para>If you are a developer, consider adding hardware support for your device by modifying <ulink url="https://wiki.debian.org/FreedomBox/Maker#">Freedom Maker</ulink> and <ulink url="https://wiki.debian.org/FreedomBox/Setup#">FreedomBox Setup</ulink>. If you have access to one of these <ulink url="https://wiki.debian.org/FreedomBox/TargetedHardware#">targeted hardware</ulink> devices and would like to work with us to make it run FreedomBox, please contact us! </para>
</section>
</section>
<section>
<title>Cubietruck</title>
<section>
<title>FreedomBox Danube Edition</title>
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="280.5pt" fileref="images/freedombox-danube.jpg" width="320pt"/>
</imageobject>
<textobject>
<phrase>FreedomBox Danube Edition</phrase>
</textobject>
</inlinemediaobject>
</para>
<para><ulink url="http://projectdanube.org">FreedomBox Danube Edition</ulink> is a custom casing around Cubietruck and an SSD-hard drive. </para>
</section>
<section>
<title>Cubietruck / Cubieboard3</title>
<para><ulink url="http://cubieboard.org/model/">Cubietruck</ulink> (Cubieboard3) is a single board computer with very good performance compared to many other boards. FreedomBox images are built for this device. To use this board as FreedomBox, a separate <ulink url="https://wiki.debian.org/FreedomBox/Hardware/USBWiFi#">USB WiFi device</ulink> that does not require non-free firmware is recommended. </para>
</section>
<section>
<title>Download</title>
<para>FreedomBox SD card <ulink url="https://wiki.debian.org/FreedomBox/Download#">images</ulink> are provided for this hardware. These SD card images are meant for use with the on-board SD card slot and do not work when used with a separate SD card reader connected via USB. </para>
<para>An alternative to downloading these images is to <ulink url="https://wiki.debian.org/InstallingDebianOn/Allwinner#">install Debian</ulink> on the Cubietruck and then <ulink url="https://wiki.debian.org/FreedomBox/Hardware/Debian#">install FreedomBox</ulink> on it. </para>
</section>
<section>
<title>Build Image</title>
<para>FreedomBox images for this hardware can be built using <ulink url="https://wiki.debian.org/FreedomBox/Maker#">Freedom Maker</ulink>. </para>
</section>
<section>
<title>Availability</title>
<para>FreedomBox Danube Edition </para>
<itemizedlist>
<listitem>
<para>A limited number of units are planned to be shipped along with the release of FreedomBox 1.0. If you wish to get one, <ulink url="http://projectdanube.org">express your interest</ulink>. </para>
</listitem>
</itemizedlist>
<para>Cubietruck / Cubieboard3 </para>
<itemizedlist>
<listitem>
<para>Price: 89 USD </para>
</listitem>
<listitem>
<para>
<ulink url="http://cubieboard.org/buy/">List of suppliers</ulink>
</para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Hardware</title>
<itemizedlist>
<listitem>
<para>Open Hardware: No </para>
</listitem>
<listitem>
<para>CPU: Allwinner A20, ARM Cortex-A7 @ 1GHz dual-core </para>
</listitem>
<listitem>
<para>RAM: 2 GiB DDR3 @ 480 MHz </para>
</listitem>
<listitem>
<para>Storage: 8 GB NAND flash built-in, 1x microSD slot </para>
</listitem>
<listitem>
<para>Architecture: armhf </para>
</listitem>
<listitem>
<para>Ethernet: 10/100/1000, RJ45 </para>
</listitem>
<listitem>
<para>WiFi: Broadcom BCM4329/BCM40181 (no free WiFi drivers + firmware available) </para>
</listitem>
<listitem>
<para>SATA: 1x 2.0 port </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Non-Free Status</title>
<itemizedlist>
<listitem>
<para>Non-free blobs required: ? </para>
</listitem>
<listitem>
<para>WiFi: no free WiFi drivers + firmware available </para>
</listitem>
<listitem>
<para>Works with stock Debian kernel: yes </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Known Issues</title>
<itemizedlist>
<listitem>
<para>The on-board WiFi does not work with free software. A separate <ulink url="https://wiki.debian.org/FreedomBox/Hardware/USBWiFi#">USB WiFi device</ulink> is recommended. </para>
</listitem>
</itemizedlist>
</section>
</section>
<section>
<title>Beagle Bone Black</title>
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="210.5pt" fileref="images/beagleboard.jpg" width="316pt"/>
</imageobject>
<textobject>
<phrase>Beagle Bone Black</phrase>
</textobject>
</inlinemediaobject>
</para>
<para><ulink url="http://beagleboard.org/black">Beagle Bone Black</ulink> (Revision C.1) is an Open Source Hardware (OSHW) single board computer. This means that the designer is actively helping people using the platform for their own designs, and supports them in adding hardware functionality and production advice. This is a part of freedom that is often overlooked, but very much aligned with the FreedomBox goals. FreedomBox images are built and tested for this device. To use this device as a FreedomBox, a separate USB <ulink url="https://wiki.debian.org/WiFi#">WiFi</ulink> device that does not require non-free firmware is recommended. </para>
<section>
<title>Download</title>
<para>FreedomBox SD card <ulink url="https://wiki.debian.org/FreedomBox/Download#">images</ulink> are available for this device. Follow the instructions on the <ulink url="https://wiki.debian.org/FreedomBox/Download#">download</ulink> page to create a FreedomBox SD card and boot the device. </para>
<para>Note: This image is for BeagleBone Black (Revision C.1) only. It will not work on the BeagleBone Green, and also not on the Revisions A&amp;B. If you have such a device and would like to help getting FreedomBox to run on it, contact us! </para>
<para>An alternative to downloading these images is to <ulink url="https://wiki.debian.org/InstallingDebianOn/TI/BeagleBone#">install Debian</ulink> on the BeagleBone and then <ulink url="https://wiki.debian.org/FreedomBox/Hardware/Debian#">install FreedomBox</ulink> on it. </para>
</section>
<section>
<title>Build Image</title>
<para>FreedomBox images for this hardware can be built using <ulink url="https://wiki.debian.org/FreedomBox/Maker#">Freedom Maker</ulink>. </para>
</section>
<section>
<title>Availability</title>
<itemizedlist>
<listitem>
<para>Price: ~ 59 USD (50 EUR) </para>
</listitem>
<listitem>
<para>
<ulink url="http://dk.mouser.com/access/?pn=595-BB-BBLK-000">Mouser Electronics</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="http://beagleboard.org/black">Full list of suppliers</ulink>
</para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Hardware</title>
<itemizedlist>
<listitem>
<para>Open Source Hardware (OSHW): <ulink url="http://elinux.org/Beagleboard:BeagleBoneBlack">Yes</ulink> </para>
</listitem>
<listitem>
<para>CPU: <ulink url="http://www.ti.com/product/am3358">AM335x 1GHz ARM Cortex-A8</ulink> </para>
</listitem>
<listitem>
<para>RAM: 512MB DDR3L 800 Mhz </para>
</listitem>
<listitem>
<para>Storage: Onboard 4GB, 8bit Embedded MMC and microSD </para>
</listitem>
<listitem>
<para>Architecture: armhf </para>
</listitem>
<listitem>
<para>Ethernet: 10/100, RJ45 </para>
</listitem>
<listitem>
<para>WiFi: None, use a <ulink url="https://wiki.debian.org/FreedomBox/Hardware/USBWiFi#">USB WiFi device</ulink> </para>
</listitem>
<listitem>
<para>SATA: None </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Non-Free Status</title>
<itemizedlist>
<listitem>
<para>Non-free blobs required: No </para>
</listitem>
<listitem>
<para>WiFi: Not available </para>
</listitem>
<listitem>
<para>Works with stock Debian kernel: Yes </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Known Issues</title>
<para>None </para>
</section>
</section>
<section>
<title>A20 OLinuXino Lime2</title>
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="216pt" fileref="images/a20-olinuxino-lime2.jpg" width="320pt"/>
</imageobject>
<textobject>
<phrase>A20 OLinuXino Lime2</phrase>
</textobject>
</inlinemediaobject>
</para>
<para>Olimex's <ulink url="https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXIno-LIME2/open-source-hardware">A20 OLinuXino Lime2</ulink> is a fully Open Source Hardware (OSHW) single board computer. This means that the designer is actively helping people using the platform for their own designs, and supports them in adding hardware functionality and production advice. This is a part of freedom that is often overlooked, but very much aligned with the FreedomBox goals. It uses the Allwinner A20 Dual Core ARM processor. FreedomBox images are built and tested for this device starting with version 0.7. To use this device as a FreedomBox, a separate USB <ulink url="https://wiki.debian.org/WiFi#">WiFi</ulink> device that does not require non-free firmware is recommended. </para>
<section>
<title>Similar Hardware</title>
<para>The following similar hardware will also work well with FreedomBox. </para>
<itemizedlist>
<listitem>
<para>Olimex's <ulink url="https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXIno-LIME2-4GB/open-source-hardware">A20 OLinuXino Lime2 4GB</ulink>. This hardware merely has extra 4GB NAND storage that is not used by FreedomBox. </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Download</title>
<para>FreedomBox SD card <ulink url="https://wiki.debian.org/FreedomBox/Download#">images</ulink> are available for this device. Follow the instructions on the <ulink url="https://wiki.debian.org/FreedomBox/Download#">download</ulink> page to create a FreedomBox SD card and boot the device. These SD card images are meant for use with the on-board SD card slot and won't work when used with a separate SD card reader connected via USB. </para>
<para>An alternative to downloading these images is to <ulink url="https://wiki.debian.org/InstallingDebianOn/Allwinner#">install Debian</ulink> on the device and then <ulink url="https://wiki.debian.org/FreedomBox/Hardware/Debian#">install FreedomBox</ulink> on it. </para>
</section>
<section>
<title>Build Image</title>
<para>FreedomBox images for this hardware can be built using <ulink url="https://wiki.debian.org/FreedomBox/Maker#">Freedom Maker</ulink>. </para>
</section>
<section>
<title>Availability</title>
<itemizedlist>
<listitem>
<para>Price: 45 EUR (A20 OLinuXino Lime2) </para>
</listitem>
<listitem>
<para>Price: 55 EUR (A20 OLinuXino Lime2 4GB) </para>
</listitem>
<listitem>
<para>
<ulink url="https://www.olimex.com/Products/OLinuXino/A20/open-source-hardware">Olimex Store</ulink>
</para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Hardware</title>
<itemizedlist>
<listitem>
<para>Open Source Hardware (OSHW): <ulink url="https://github.com/OLIMEX/OLINUXINO/tree/master/HARDWARE">Yes</ulink> </para>
</listitem>
<listitem>
<para>CPU: Allwinner A20, ARM Cortex-A7 @ 1GHz dual-core </para>
</listitem>
<listitem>
<para>RAM: 1 GiB DDR3 </para>
</listitem>
<listitem>
<para>Storage: 4 GB NAND flash built-in (only on 4GB model), 1x microSD slot </para>
</listitem>
<listitem>
<para>Architecture: armhf </para>
</listitem>
<listitem>
<para>Ethernet: 10/100/1000, RJ45 </para>
</listitem>
<listitem>
<para>WiFi: None, use a <ulink url="https://wiki.debian.org/FreedomBox/Hardware/USBWiFi#">USB WiFi device</ulink> </para>
</listitem>
<listitem>
<para>SATA: 1x port </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Non-Free Status</title>
<itemizedlist>
<listitem>
<para>Non-free blobs required: No </para>
</listitem>
<listitem>
<para>WiFi: Not available </para>
</listitem>
<listitem>
<para>Works with stock Debian kernel: Yes </para>
</listitem>
<listitem>
<para>Boot Firmware: <ulink url="https://linux-sunxi.org/BROM">BROM</ulink> (GPLV2+) </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Known Issues</title>
<itemizedlist>
<listitem>
<para>None </para>
</listitem>
</itemizedlist>
</section>
</section>
<section>
<title>A20 OLinuXino MICRO</title>
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="179.5pt" fileref="images/a20-olinuxino-micro.jpg" width="320pt"/>
</imageobject>
<textobject>
<phrase>A20 OLinuXino MICRO</phrase>
</textobject>
</inlinemediaobject>
</para>
<para>Olimex's <ulink url="https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXIno-MICRO/open-source-hardware">A20 OLinuXino MICRO</ulink> is a fully Open Source Hardware (OSHW) single board computer. This means that the designer is actively helping people using the platform for their own designs, and supports them in adding hardware functionality and production advice. This is a part of freedom that is often overlooked, but very much aligned with the FreedomBox goals. It uses the Allwinner A20 Dual Core ARM processor. FreedomBox images are built and tested for this device starting with version 0.7. To use this device as a FreedomBox, a separate USB <ulink url="https://wiki.debian.org/WiFi#">WiFi</ulink> device that does not require non-free firmware is recommended. </para>
<section>
<title>Similar Hardware</title>
<para>The following similar hardware will also work well with FreedomBox. </para>
<itemizedlist>
<listitem>
<para>Olimex's <ulink url="https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXIno-MICRO-4GB/open-source-hardware">A20 OLinuXino MICRO 4GB</ulink>. This hardware merely has extra 4GB NAND storage that is not used by FreedomBox. </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Download</title>
<para>FreedomBox SD card <ulink url="https://wiki.debian.org/FreedomBox/Download#">images</ulink> are available for this device. Follow the instructions on the <ulink url="https://wiki.debian.org/FreedomBox/Download#">download</ulink> page to create a FreedomBox SD card and boot the device. These SD card images are meant for use with the on-board SD card slot and won't work when used with a separate SD card reader connected via USB. </para>
<para>An alternative to downloading these images is to <ulink url="https://wiki.debian.org/InstallingDebianOn/Allwinner#">install Debian</ulink> on the device and then <ulink url="https://wiki.debian.org/FreedomBox/Hardware/Debian#">install FreedomBox</ulink> on it. </para>
</section>
<section>
<title>Build Image</title>
<para>FreedomBox images for this hardware can be built using <ulink url="https://wiki.debian.org/FreedomBox/Maker#">Freedom Maker</ulink>. </para>
</section>
<section>
<title>Availability</title>
<itemizedlist>
<listitem>
<para>Price: 55 EUR (A20 OLinuXino MICRO) </para>
</listitem>
<listitem>
<para>Price: 65 EUR (A20 OLinuXino MICRO 4GB) </para>
</listitem>
<listitem>
<para>
<ulink url="https://www.olimex.com/Products/OLinuXino/A20/open-source-hardware">Olimex Store</ulink>
</para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Hardware</title>
<itemizedlist>
<listitem>
<para>Open Source Hardware (OSHW): <ulink url="https://github.com/OLIMEX/OLINUXINO/tree/master/HARDWARE">Yes</ulink> </para>
</listitem>
<listitem>
<para>CPU: Allwinner A20, ARM Cortex-A7 @ 1GHz dual-core </para>
</listitem>
<listitem>
<para>RAM: 1 GiB DDR3 </para>
</listitem>
<listitem>
<para>Storage: 4 GB NAND flash built-in (only on 4GB model), 1x microSD slot </para>
</listitem>
<listitem>
<para>Architecture: armhf </para>
</listitem>
<listitem>
<para>Ethernet: 10/100, RJ45 </para>
</listitem>
<listitem>
<para>WiFi: None, use a <ulink url="https://wiki.debian.org/FreedomBox/Hardware/USBWiFi#">USB WiFi device</ulink> </para>
</listitem>
<listitem>
<para>SATA: 1x port </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Non-Free Status</title>
<itemizedlist>
<listitem>
<para>Non-free blobs required: No </para>
</listitem>
<listitem>
<para>WiFi: Not available </para>
</listitem>
<listitem>
<para>Works with stock Debian kernel: Yes </para>
</listitem>
<listitem>
<para>Boot Firmware: <ulink url="https://linux-sunxi.org/BROM">BROM</ulink> (GPLV2+) </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Known Issues</title>
<itemizedlist>
<listitem>
<para>None </para>
</listitem>
</itemizedlist>
</section>
</section>
<section>
<title>APU</title>
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="159.5pt" fileref="images/apu1d.jpg" width="316pt"/>
</imageobject>
<textobject>
<phrase>PC Engines APU 1D</phrase>
</textobject>
</inlinemediaobject>
</para>
<para><ulink url="http://www.pcengines.ch/apu1d.htm">PC Engines APU 1D</ulink> is a single board computer with 3 Gigabit ethernet ports, a powerful AMD APU and Coreboot firmware. FreedomBox images built for AMD64 machines are tested to work well for it. For using this board as FreedomBox, a <ulink url="https://wiki.debian.org/FreedomBox/Hardware/USBWiFi#">USB WiFi device</ulink> that does not require non-free firmware is recommended. </para>
<section>
<title>Similar Hardware</title>
<para>Although untested, the following similar hardware is also likely to work well with FreedomBox. </para>
<itemizedlist>
<listitem>
<para>Using amd64 image: </para>
<itemizedlist>
<listitem>
<para>
<ulink url="http://www.pcengines.ch/apu1c.htm">apu1c</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="http://www.pcengines.ch/apu1c4.htm">apu1c4</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="http://www.pcengines.ch/apu1d4.htm">apu1d4</ulink>
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Using i386 image: </para>
<itemizedlist>
<listitem>
<para>
<ulink url="http://www.pcengines.ch/alix1d.htm">alix1d</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="http://www.pcengines.ch/alix1e.htm">alix1e</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="http://www.pcengines.ch/alix2d2.htm">alix2d2</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="http://www.pcengines.ch/alix2d3.htm">alix2d3</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="http://www.pcengines.ch/alix2d13.htm">alix2d13</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="http://www.pcengines.ch/alix3d2.htm">alix3d2</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="http://www.pcengines.ch/alix3d3.htm">alix3d3</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="http://www.pcengines.ch/alix6f2.htm">alix6f2</ulink>
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</section>
<section>
<title>Download</title>
<para>FreedomBox disk <ulink url="https://wiki.debian.org/FreedomBox/Download#">images</ulink> for this hardware are available. Follow the instructions on the <ulink url="https://wiki.debian.org/FreedomBox/Download#">download</ulink> page to create a FreedomBox SD card, USB disk, SSD or hard drive and boot into FreedomBox. Pick the image meant for all amd64 machines. </para>
<para>An alternative to downloading these images is to <ulink url="https://wiki.debian.org/InstallingDebianOn/Alix3d2#">install Debian</ulink> on the APU and then <ulink url="https://wiki.debian.org/FreedomBox/Hardware/Debian#">install FreedomBox</ulink> on it. </para>
</section>
<section>
<title>Networking</title>
<para>The first network port, the left most one in the above picture, is configured by FreedomBox to be an upstream Internet link and the remaining 2 ports are configured for local computers to connect to. </para>
</section>
<section>
<title>Build Image</title>
<para>FreedomBox images for this hardware, which is for all amd64 machines, can be built using <ulink url="https://wiki.debian.org/FreedomBox/Maker#">Freedom Maker</ulink>. </para>
</section>
<section>
<title>Availability</title>
<itemizedlist>
<listitem>
<para>Price: 110 - 170 USD (depending on the board and supplier) </para>
</listitem>
<listitem>
<para>
<ulink url="http://www.pcengines.ch/order1.php">PC Engines</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="http://www.pcengines.ch/order.php">Full list of suppliers</ulink>
</para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Hardware</title>
<itemizedlist>
<listitem>
<para>Open Hardware: No </para>
</listitem>
<listitem>
<para>CPU: <ulink url="http://www.amd.com/en-gb/products/embedded/processors/g-series">AMD G series T40E</ulink> </para>
</listitem>
<listitem>
<para>RAM: 2 GB DDR3-1066 DRAM </para>
</listitem>
<listitem>
<para>Storage: SD card, External USB </para>
</listitem>
<listitem>
<para>Architecture: amd64 </para>
</listitem>
<listitem>
<para>Ethernet: 3 Gigabit Ethernet ports </para>
</listitem>
<listitem>
<para>WiFi: None, use a <ulink url="https://wiki.debian.org/FreedomBox/Hardware/USBWiFi#">USB WiFi device</ulink> </para>
</listitem>
<listitem>
<para>SATA: 1 m-SATA and 1 SATA </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Non-Free Status</title>
<itemizedlist>
<listitem>
<para>Non-free blobs required: No </para>
</listitem>
<listitem>
<para>WiFi: Not available </para>
</listitem>
<listitem>
<para>Works with stock Debian kernel: Yes </para>
</listitem>
<listitem>
<para>Boot firmware: <ulink url="http://www.pcengines.ch/apu1d.htm">Coreboot</ulink> </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Known Issues</title>
<para>None </para>
</section>
</section>
<section>
<title>VirtualBox</title>
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="237.5pt" fileref="images/virtualbox.png" width="363pt"/>
</imageobject>
<textobject>
<phrase>VirtualBox</phrase>
</textobject>
</inlinemediaobject>
</para>
<para>This page will help you get started with using FreedomBox on a <ulink url="https://en.wikipedia.org/wiki/Virtual_machine">virtual machine</ulink> using <ulink url="https://wiki.debian.org/VirtualBox#">VirtualBox</ulink>. While VirtualBox images are primarily used for testing and development, they can also be used for regular use if you have spare resources on one of your machines. This setup is useful if: </para>
<itemizedlist>
<listitem>
<para>You don't own one of the <ulink url="https://wiki.debian.org/FreedomBox/Hardware#">supported hardware</ulink> devices. </para>
</listitem>
<listitem>
<para>You don't use Debian GNU/Linux as your operating system. </para>
</listitem>
<listitem>
<para>You don't want to disturb your Debian installation to try out FreedomBox. </para>
</listitem>
</itemizedlist>
<para>Prebuilt FreedomBox images for VirtualBox are routinely made available in <ulink url="https://wiki.debian.org/VirtualBox#">VirtualBox</ulink>'s own <ulink url="https://www.virtualbox.org/manual/ch05.html#vdidetails">VDI image file format</ulink>. They contain a Debian GNU/Linux operating system and an installation of FreedomBox with all dependencies ready to run on any OS supported by VirtualBox (Windows, Linux, Macintosh, and Solaris). </para>
<para>A more adventurous alternative to downloading one of these images is to <ulink url="https://wiki.debian.org/InstallingDebianOn#">install Debian</ulink> on VirtualBox and then <ulink url="https://wiki.debian.org/FreedomBox/Hardware/Debian#">install FreedomBox</ulink> on it. </para>
<para><ulink url="https://wiki.debian.org/VirtualBox#">VirtualBox</ulink> itself is available from <ulink url="https://www.virtualbox.org/"/> (or your distribution's package manager). </para>
<section>
<title>Download</title>
<para>Follow the instructions on the <ulink url="https://wiki.debian.org/FreedomBox/Download#">download</ulink> page to download and verify a VirtualBox image. As pr. 2016-03-26 the latest images are <ulink url="http://ftp.skolelinux.org/pub/freedombox/0.7/freedombox-unstable-free_2015-12-13_all-amd64.vdi.xz">v0.7-amd64</ulink> and <ulink url="http://ftp.skolelinux.org/pub/freedombox/0.7/freedombox-unstable-free_2015-12-13_all-i386.vdi.xz">v0.7-i386</ulink>. </para>
</section>
<section>
<title>Creating a Virtual Machine</title>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>Decompress the downloaded VDI image (tool for <ulink url="http://www.7-zip.org/">Windows</ulink>, <ulink url="http://unarchiver.c3.cx/unarchiver">Mac</ulink>). </para>
</listitem>
<listitem>
<para>Create a new VM in the VirtualBox UI with OS type <emphasis>Linux</emphasis> and Version <emphasis>Debian</emphasis> (32/64-bit according to the downloaded image). </para>
</listitem>
</orderedlist>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/virtualbox_os_type.png"/>
</imageobject>
<textobject>
<phrase>VirtualBox Name and OS dialog</phrase>
</textobject>
</inlinemediaobject>
</para>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>In the <emphasis>Hard disk</emphasis> dialog choose <emphasis>Use an existing virtual hard disk file</emphasis> and select the .vdi file you extracted in step 1. </para>
</listitem>
</orderedlist>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/virtualbox_harddisk_file.png"/>
</imageobject>
<textobject>
<phrase>VirtualBox Hard disk dialog</phrase>
</textobject>
</inlinemediaobject>
</para>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>When created, go to the virtual machine's Settings -&gt; [Network] -&gt; [Adapter 1]-&gt;[Attached to:] and choose the network type your want the machine to use according to the explanation in Network Configuration below. The recommended type is the <emphasis>Bridged adapter</emphasis> option, but be aware that this exposes the FreedomBox's services to your entire local network. </para>
</listitem>
</orderedlist>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/virtualbox_network_type.png"/>
</imageobject>
<textobject>
<phrase>VirtualBox recommended network setting</phrase>
</textobject>
</inlinemediaobject>
</para>
</section>
<section>
<title>First Boot</title>
<para>When satisfied with the VM settings click the start button in the VirtualBox UI and your new FreedomBox will boot. </para>
<para>The console of the VM will show the textual screen below when finished booting, from here most interaction with FreedomBox will be through the web interface (aka. <ulink url="https://wiki.debian.org/FreedomBox/Plinth#">Plinth</ulink>) in a browser. </para>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/virtualbox_console_after_boot.png"/>
</imageobject>
<textobject>
<phrase>FreedomBox console after booting successfully</phrase>
</textobject>
</inlinemediaobject>
</para>
<para>To access the web interface you need to find out your FreedomBox's IP address as described in section: Finding out the IP address of the virtual machine. Then access this IP from a web browser which is on the same network as the VM (f.ex. the host). If all is well, you are now presented with a welcome message and invited to complete the <emphasis>first boot</emphasis> process. </para>
<para>
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/plinth_first_boot.png"/>
</imageobject>
<textobject>
<phrase>FreedomBox welcomes you to the first boot</phrase>
</textobject>
</inlinemediaobject>
</para>
<para>This mainly consist of creating an administrative user for the system. </para>
</section>
<section>
<title>Using</title>
<para>See the FreedomBox <ulink url="https://wiki.debian.org/FreedomBox/Use#">usage</ulink> page for more details. </para>
<para>You can log in to the Debian GNU/Linux system as the user created during Plinth first boot on the VirtualBox console or remotely via ssh. </para>
<para>After logging in, you can become root with the command <code>sudo su</code>. </para>
</section>
<section>
<title>Build Image</title>
<para>If you wish to build your own images instead of downloading available images, it can be done using <ulink url="https://wiki.debian.org/FreedomBox/Maker#">Freedom Maker</ulink>. </para>
</section>
<section>
<title>Tips &amp; Troubleshooting</title>
<section>
<title>Network Configuration</title>
<para>VirtualBox provides many types of networking options. Each has its advantages and disadvantages. For more information about how various networking types work in VirtualBox, see VirtualBox's networking documentation. <ulink url="https://www.virtualbox.org/manual/ch06.html"/> </para>
<para>For a simple setup, it is recommended that you use a single network interface in your guest machine. This will make the first boot script automatically configure that interface as an <code>internal</code> network with <code>automatic</code> network configuration. Inside the guest machine, the networking is configured automatically and all the services are made available on this network interface. For more information on how networks are configured by default in FreedomBox, see <ulink url="https://wiki.debian.org/FreedomBox/Manual/Networks#">Networks</ulink> section. </para>
<para>What remains is to make those services available to the host machine or to other machines in the network. You must then choose one of the following types of networking for the network interface on your guest machine. To set a particular type of network for the guest's network adapter, go to the guest VM's settings then the network options and then select the adapter you wish to configure. There, set the network type from the available list of networks. </para>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>First and the recommended option is to use the <emphasis>Bridged</emphasis> type of network. This option exposes the guest machine to the same network that host network is connected to. The guest obtains network configuration information from a router or DHCP server on the network. The guest will appear as just another machine in the network. A major advantage of this of setup is that the host and all other machines in the network will be able to access the services provided by guest without requiring any further setup. The only drawback of this approach is that if the host is not connected to any network, the guest's network will remain unconfigured making it inaccessible even from the host. </para>
</listitem>
<listitem>
<para>Second method is <emphasis>Host only</emphasis> type of networking. With a guest's network interface configured in this manner, it will only be accessible from the host machine. The guest will not able access any other machine but the host, so you do not have internet access on the guest. All services on the guest are available to the host machine without any configuration such as port forwarding. </para>
</listitem>
<listitem>
<para>The third option is to use the <emphasis>NAT</emphasis> type of network. This the networking type that VirtualBox assigns to a freshly created virtual machine. This option works even when host is not connected to any network. The guest is automatically configured and is able to access the internet and local networks that host is able to connect to. However, the services provided by the guest require port forwarding configuration setup to be available outside. </para>
<para>To configure this go to VM settings -&gt; [Network] -&gt; [Adapter] -&gt; [Port Forwarding]. Map a port such as 2222 from host to guest port 22 and you will be able to ssh into FreedomBox from host machine as follows: </para>
<screen format="linespecific"> ssh -p 2222 fbx@localhost</screen>
<para>Map 4443 on host to 443 on the guest. This make FreedomBox HTTPS service available on host using the URL <ulink url="https://localhost:4443/"/> You will need to add a mapping for each such services from host to guest. </para>
</listitem>
<listitem>
<para>The final option is to create two network interfaces, one <emphasis>host only</emphasis> and one <emphasis>NAT</emphasis> type. This way you can access the guest without any additional configuration, and you have internet access on the guest. The guest will be invisible to any other machines on the network. </para>
</listitem>
</orderedlist>
<para>Summary of various network types: </para>
<informaltable>
<tgroup cols="6">
<colspec colname="col_0"/>
<colspec colname="col_1"/>
<colspec colname="col_2"/>
<colspec colname="col_3"/>
<colspec colname="col_4"/>
<colspec colname="col_5"/>
<tbody>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para> - </para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">Guest accessible from other machines</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">Guest accessible from host</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">Works without port forwarding</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">Works without host connected to network</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">Guest has internet access</emphasis>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">Bridged</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">Host only</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">NAT</emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
<row rowsep="1">
<entry colsep="1" rowsep="1">
<para>
<emphasis role="strong">NAT and Host </emphasis>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/icon-error.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>{X}</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
<entry colsep="1" rowsep="1">
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="8pt" fileref="images/checkmark.png" width="8pt"/>
</imageobject>
<textobject>
<phrase>(./)</phrase>
</textobject>
</inlinemediaobject>
</para>
</entry>
</row>
</tbody>
</tgroup>
</informaltable>
</section>
<section>
<title>Finding out the IP address of the virtual machine</title>
<para>This depends on the network configuration you chose. With a <emphasis>bridged adapter</emphasis>, your virtual machine gets its IP address from the DHCP server of your network, most likely of your Router. You can try the first couple of IP addresses or check your router web interface for a list of connected devices. </para>
<para>If you chose <emphasis>host-only adapter</emphasis>, the IP address is assigned by the DHCP server of your VirtualBox network. In the VirtualBox Manager, go to File -&gt; Preferences -&gt; Network -&gt; Host-only Networks. You can see and edit the DHCP address range there, typically you get assigned addresses close to the <emphasis>Lower Address Bound</emphasis>. </para>
<para>Another possibility of finding the IP address is to login via the Virtualbox Manager (or similar software). The FreedomBox images do not have any default user accounts, so you need to set an initial user and password using the <ulink url="https://github.com/freedombox/freedom-maker/blob/master/bin/passwd-in-image">passwd-in-image script</ulink>. </para>
<para>See also <ulink url="https://wiki.debian.org/FreedomBox/Manual/QuickStart#">QuickStart</ulink> for instructions on how to scan your network to discover the IP of the VM. </para>
</section>
<section>
<title>Networking Problems with macchanger</title>
<para>The package <code>macchanger</code> can cause network problems with VirtualBox. If you have a valid IP address on your guest's host network adapter (like 192.168.56.101) but are not able to ping or access the host (like 192.168.56.1), try uninstalling <code>macchanger</code>: </para>
<screen format="linespecific">$ dpkg --ignore-depends=freedombox-setup --remove macchanger </screen>
<para>You might have to manually remove the script <code>/etc/network/if-prep-up/macchanger</code>. If Debian complains about unmet dependencies when you use a package manager (apt-get, aptitude, dpkg), try to remove 'macchanger' from the dependencies of 'freedombox-setup' in the file <code>/var/lib/dpkg/status</code>. </para>
</section>
<section>
<title>Mounting Images Locally</title>
<para>If you want to mount images locally, use the following to copy built images off the VirtualBox: </para>
<screen format="linespecific">$ mkdir /tmp/vbox-img1 /tmp/vbox-root1
$ vdfuse -f freedombox-unstable_2013.0519_virtualbox-i386-hdd.vdi /tmp/vbox-img1/
$ sudo mount -o loop /tmp/vbox-img1/Partition1 /tmp/vbox-root1
$ cp /tmp/vbox-root1/home/fbx/freedom-maker/build/freedom*vdi ~/
$ sudo umount /tmp/vbox-root1
# $ sudo umount /tmp/vbox-img1 # corruption here.</screen>
</section>
<section>
<title>Fixing the time after suspend and resume</title>
<para>The virtual machine loses the correct time/date after suspending and resuming. One way to fix this is to create a cron-job that restarts the time service <code>ntp</code>. You can add a crontab entry as root to restart ntp every 15 minutes by typing <code>'crontab -e'</code> and adding this line: </para>
<screen format="linespecific">*/15 * * * * /etc/init.d/ntp restart</screen>
<para>Do not restart this service too often as this increases the load of publicly and freely available NTP servers. </para>
</section>
</section>
</section>
<section>
<title>Debian</title>
<para>FreedomBox is a <ulink url="https://wiki.debian.org/DebianPureBlends#">pure blend</ulink> of Debian. This means that all the work on FreedomBox is available in Debian as packages. It also means that any machine running Debian can be turned into a FreedomBox. </para>
<para>This page describes the process of installing FreedomBox on a Debian system. Currently, FreedomBox works in Debian Testing (Stretch) and Unstable (Sid). </para>
<caution>
<para>
<emphasis role="strong">Use a fresh Debian installation</emphasis>
</para>
<para>Installing FreedomBox changes your Debian system in many important ways. This includes installing a firewall and regenerating server certificates. It is hence recommended that you install FreedomBox on a fresh Debian installation instead of an existing setup. </para>
</caution>
<section>
<title>Installing on Debian</title>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>Check the Troubleshooting section below, for any tips or work-arounds that might help during the install. </para>
</listitem>
<listitem>
<para><ulink url="https://wiki.debian.org/InstallingDebianOn#">Install Debian</ulink> Testing (Stretch) or Unstable (Sid) on your hardware. </para>
</listitem>
<listitem>
<para>Update your package list. </para>
<screen format="linespecific">$ sudo apt-get update</screen>
</listitem>
<listitem>
<para>Install <code>freedombox-setup</code> package. </para>
<screen format="linespecific">$ sudo DEBIAN_FRONTEND=noninteractive apt-get install freedombox-setup</screen>
<itemizedlist>
<listitem>
<para>The "DEBIAN_FRONTEND=noninteractive" will avoid several configuration prompts that would otherwise appear during the install. </para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Run FreedomBox setup program. This installs further packages and sets up basic configuration. </para>
<screen format="linespecific">$ sudo /usr/lib/freedombox/setup | tee freedombox-setup.log</screen>
<para>You may have to clear your existing network configuration. See Troubleshooting note #2 below. </para>
</listitem>
<listitem>
<para>Reboot the system. This is necessary to trigger the first-run script. </para>
<screen format="linespecific">$ sudo reboot</screen>
</listitem>
<listitem>
<para>After the system boots up, wait for it to reboot again. The first-run scripts sets up a few things and initiates a reboot. </para>
</listitem>
<listitem>
<para>After the second reboot you can start <ulink url="https://wiki.debian.org/FreedomBox/Use#">using</ulink> FreedomBox. </para>
</listitem>
</orderedlist>
</section>
<section>
<title>Troubleshooting</title>
<orderedlist numeration="arabic" inheritnum="ignore" continuation="restarts">
<listitem>
<para>There is a <ulink url="https://bugs.debian.org/797368">bug</ulink> in policykit-1 package that causes errors and hangs during installation of freedombox-setup package. A workaround is to first install policykit-1 package and then reboot. After that, follow the above procedure setup procedure. </para>
<screen format="linespecific">$ sudo apt-get update
$ sudo apt-get install policykit-1
$ sudo reboot</screen>
</listitem>
<listitem>
<para>Freedombox does not support network device configuration via <code>/etc/network/interfaces</code>, and it will not manage any non-loopback interfaces mentioned there. (See <ulink url="https://bugs.debian.org/797614">bug #797614</ulink>.) Future versions of freedombox-setup will clear this file automatically; for now, edit it manually and ensure that it contains only the following: </para>
<screen format="linespecific">auto lo
iface lo inet loopback</screen>
<para>If you have already completed the setup process without doing this step, you will need to clear out the <code>/etc/network/interfaces</code> file keeping only the above lines. Then perform a reboot. After this network connections configured by the <code>setup</code> step above will configure your network. Network interfaces will then be in the <code>internal</code> or <code>external</code> firewall zone. This is essential for the FreedomBox's web interface to be reachable from other machines in the network. You can tweak network manager connections with the <code>nmtui</code> command if you wish. </para>
</listitem>
</orderedlist>
</section>
</section>
<section>
<title>DreamPlug</title>
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="212.5pt" fileref="images/dreamplug.jpg" width="320pt"/>
</imageobject>
<textobject>
<phrase>DreamPlug</phrase>
</textobject>
</inlinemediaobject>
</para>
<para><ulink url="https://www.globalscaletechnologies.com/t-dreamplugdetails.aspx">DreamPlug</ulink> is the hardware for which FreedomBox has been originally targeted. FreedomBox images are built and tested for it. For using this device as FreedomBox, a <ulink url="https://wiki.debian.org/FreedomBox/Hardware/USBWiFi#">USB WiFi device</ulink> that does not require non-free firmware is recommended. </para>
<para>You can find more support and discussion for DreamPlug on the <ulink url="http://www.plugcomputer.org/plugforum/">official forum</ulink>. </para>
<section>
<title>Download</title>
<para>FreedomBox SD card <ulink url="https://wiki.debian.org/FreedomBox/Download#">images</ulink> for this hardware are available. Follow the instructions on the <ulink url="https://wiki.debian.org/FreedomBox/Download#">download</ulink> page to create a FreedomBox SD card and boot into FreedomBox. See also instructions for using an <ulink url="https://wiki.debian.org/FreedomBox/Hardware/DreamPlug/InternalMicroSD#">internal micro-SD</ulink> with DreamPlug. </para>
<para>An alternative to downloading these images is to <ulink url="https://wiki.debian.org/InstallingDebianOn/DreamPlug#">install Debian</ulink> on DreamPlug and then <ulink url="https://wiki.debian.org/FreedomBox/Hardware/Debian#">install FreedomBox</ulink> on it. </para>
</section>
<section>
<title>Networking</title>
<para>The network port towards the middle of the box, is configured by FreedomBox to be an upstream Internet link. The remaining port is configured for a local computer to connect to. </para>
</section>
<section>
<title>Firmware</title>
<para>Note that the factory firmware configurations may vary between revisions of the hardware, and render some images incompatible. See the DreamPlug <ulink url="https://wiki.debian.org/InstallingDebianOn/DreamPlug/U-bootUpgradeFromUSB#">firmware</ulink> page for information on what images are compatible and how to update your DreamPlug firmware. </para>
</section>
<section>
<title>Build Image</title>
<para>FreedomBox images for this hardware can be built using <ulink url="https://wiki.debian.org/FreedomBox/Maker#">Freedom Maker</ulink>. </para>
</section>
<section>
<title>Testing</title>
<para>Instructions on how to <ulink url="https://wiki.debian.org/FreedomBox/Hardware/DreamPlug/Testing#">test</ulink> this hardware are available. </para>
</section>
<section>
<title>Availability</title>
<itemizedlist>
<listitem>
<para>Price: 159 USD </para>
</listitem>
<listitem>
<para>
<ulink url="http://www.globalscaletechnologies.com/p-54-dreamplug-devkit.aspx">DreamPlug manufacturer</ulink>
</para>
</listitem>
<listitem>
<para>Reseller <ulink url="http://www.spinifex.com.au/shop/">Spinifex</ulink> in Australia </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Hardware</title>
<itemizedlist>
<listitem>
<para>Open Hardware: No </para>
</listitem>
<listitem>
<para>CPU: Marvell Kirkwood 88F6281 @ 1.2GHz </para>
</listitem>
<listitem>
<para>RAM: 512MB 16bit DDR2-800 MHz </para>
</listitem>
<listitem>
<para>Storage: 4 GB on board micro-SD </para>
</listitem>
<listitem>
<para>Architecture: armel </para>
</listitem>
<listitem>
<para>Ethernet: 2x 10/100/1000, RJ45 </para>
</listitem>
<listitem>
<para>WiFi: <ulink url="https://origin-www.marvell.com/wireless/assets/8787.pdf">SD8787</ulink>, 802.11 b/g/n </para>
</listitem>
<listitem>
<para>SATA: eSATA 2.0 port </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Non-Free Status</title>
<itemizedlist>
<listitem>
<para>Non-free blobs required: built-in WiFi </para>
</listitem>
<listitem>
<para>WiFi: no free WiFi drivers + firmware available </para>
</listitem>
<listitem>
<para>Works with stock Debian kernel: yes </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Known Issues</title>
<itemizedlist>
<listitem>
<para>WiFi does not work with free software. A separate <ulink url="https://wiki.debian.org/FreedomBox/Hardware/USBWiFi#">USB WiFi device</ulink> is recommended. </para>
</listitem>
</itemizedlist>
</section>
</section>
<section>
<title>Raspberry Pi Model B+</title>
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="214.5pt" fileref="images/raspberrypi.jpg" width="320pt"/>
</imageobject>
<textobject>
<phrase>Raspberry Pi (Model B+)</phrase>
</textobject>
</inlinemediaobject>
</para>
<para><ulink url="http://www.raspberrypi.org/products/model-b-plus/">Raspberry Pi</ulink> (Model B+) is a popular single board computer developed with the intention of promoting teaching of basic computer science in schools. FreedomBox images are built and tested for it. For using this board as FreedomBox, a <ulink url="https://wiki.debian.org/FreedomBox/Hardware/USBWiFi#">USB WiFi device</ulink> that does not require non-free firmware is recommended. </para>
<para><emphasis>Note:</emphasis> The Debian architecture used for this device is <code>armel</code>. This means floating point computations are done in software and most operations are slower than what Raspberry Pi is capable of. </para>
<section>
<title>Download</title>
<para>FreedomBox SD card <ulink url="https://wiki.debian.org/FreedomBox/Download#">images</ulink> for this hardware are available. Follow the instructions on the <ulink url="https://wiki.debian.org/FreedomBox/Download#">download</ulink> page to create a FreedomBox SD card and boot into FreedomBox. </para>
</section>
<section>
<title>Build Image</title>
<para>FreedomBox images for this hardware can be built using <ulink url="https://wiki.debian.org/FreedomBox/Maker#">Freedom Maker</ulink>. </para>
</section>
<section>
<title>Availability</title>
<itemizedlist>
<listitem>
<para>Price: 35 USD </para>
</listitem>
<listitem>
<para>
<ulink url="http://www.raspberrypi.org/products/model-b-plus/">List of official distributors</ulink>
</para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Hardware</title>
<itemizedlist>
<listitem>
<para>Open Hardware: No </para>
</listitem>
<listitem>
<para>CPU: ARM1176JZF-S (ARMv6k) 700 MHz </para>
</listitem>
<listitem>
<para>RAM: 512 MB </para>
</listitem>
<listitem>
<para>Storage: MicroSD card slot </para>
</listitem>
<listitem>
<para>Architecture: armel </para>
</listitem>
<listitem>
<para>Ethernet: 10/100, RJ45 </para>
</listitem>
<listitem>
<para>WiFi: None, use a <ulink url="https://wiki.debian.org/FreedomBox/Hardware/USBWiFi#">USB WiFi device</ulink> </para>
</listitem>
<listitem>
<para>SATA: None </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Non-Free Status</title>
<itemizedlist>
<listitem>
<para>Non-free blobs required: boot firmware </para>
</listitem>
<listitem>
<para>WiFi: Not available </para>
</listitem>
<listitem>
<para>Works with stock Debian kernel: No </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Known Issues</title>
<itemizedlist>
<listitem>
<para>The Debian architecture used for this device is <code>armel</code>. This means floating point computations are done in software and generally most operations are slower than what Raspberry Pi is capable of. </para>
</listitem>
</itemizedlist>
</section>
</section>
<section>
<title>Raspberry Pi 2 Model B</title>
<para>
<inlinemediaobject>
<imageobject>
<imagedata depth="214pt" fileref="images/raspberrypi2.jpg" width="320pt"/>
</imageobject>
<textobject>
<phrase>Raspberry Pi 2</phrase>
</textobject>
</inlinemediaobject>
</para>
<para><ulink url="https://www.raspberrypi.org/products/raspberry-pi-2-model-b/">Raspberry Pi 2</ulink> (Model B ) is a popular single board computer developed with the intention of promoting teaching of basic computer science in schools. It is a successor to Raspberry Pi Model B+ with much faster processor and more RAM. FreedomBox images are built and tested for it. For using this board as FreedomBox, a <ulink url="https://wiki.debian.org/FreedomBox/Hardware/USBWiFi#">USB WiFi device</ulink> that does not require non-free firmware is recommended. </para>
<para><emphasis>Note:</emphasis> For FreedomBox release 0.5, the Debian architecture used for this device is <code>armel</code>. This means floating point computations are done in software and most operations are slower than what Raspberry Pi 2 is capable of. Starting with FreedomBox release 0.6 separate <code>armhf</code> images with full hardware floating point support are available. </para>
<section>
<title>Download</title>
<para>FreedomBox SD card <ulink url="https://wiki.debian.org/FreedomBox/Download#">images</ulink> for this hardware are available. Follow the instructions on the <ulink url="https://wiki.debian.org/FreedomBox/Download#">download</ulink> page to create a FreedomBox SD card and boot into FreedomBox. </para>
</section>
<section>
<title>Build Image</title>
<para>FreedomBox images for this hardware can be built using <ulink url="https://wiki.debian.org/FreedomBox/Maker#">Freedom Maker</ulink>. </para>
</section>
<section>
<title>Availability</title>
<itemizedlist>
<listitem>
<para>Price: 35 USD </para>
</listitem>
<listitem>
<para>
<ulink url="https://www.raspberrypi.org/products/raspberry-pi-2-model-b/">List of official distributors</ulink>
</para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Hardware</title>
<itemizedlist>
<listitem>
<para>Open Hardware: No </para>
</listitem>
<listitem>
<para>CPU: 900 MHz quad-core ARM Cortex-A7 </para>
</listitem>
<listitem>
<para>RAM: 1 GB </para>
</listitem>
<listitem>
<para>Storage: MicroSD card slot </para>
</listitem>
<listitem>
<para>Architecture: armhf </para>
</listitem>
<listitem>
<para>Ethernet: 10/100, RJ45 </para>
</listitem>
<listitem>
<para>WiFi: None, use a <ulink url="https://wiki.debian.org/FreedomBox/Hardware/USBWiFi#">USB WiFi device</ulink> </para>
</listitem>
<listitem>
<para>SATA: None </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Non-Free Status</title>
<itemizedlist>
<listitem>
<para>Non-free blobs required: boot firmware </para>
</listitem>
<listitem>
<para>WiFi: Not available </para>
</listitem>
<listitem>
<para>Works with stock Debian kernel: No </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Known Issues</title>
<itemizedlist>
<listitem>
<para>The Debian architecture used for this device is <code>armel</code>. This means floating point computations are done in software and generally most operations are slower than what Raspberry Pi 2 is capable of. However, starting with FreedomBox 0.6 separate images for Raspberry Pi 2 with <code>armhf</code> architecture will be built. </para>
</listitem>
</itemizedlist>
</section>
</section>
<section>
<title>USB Wi-Fi</title>
<para>FreedomBox works on many single board computers. However, many of these boards do not have built-in Wi-Fi capabilities. Even when Wi-Fi capability is available, non-free proprietary firmware is required to make them work. </para>
<para>A solution to the problem is to plug-in a USB Wi-Fi device into one of the available USB ports. There are many such devices available which do not require non-free firmware to work. The following is a list of such devices that work with FreedomBox devices. Some devices based on these chips have tested to work well with FreedomBox including functions such as access point mode. </para>
<itemizedlist>
<listitem>
<para>
<ulink url="https://wikidevi.com/wiki/AR7010">Devices with Atheros AR7010 chip</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="https://wikidevi.com/wiki/AR9271">Devices with Atheros AR9271 chip</ulink>
</para>
</listitem>
</itemizedlist>
<section>
<title>Firmware Installation</title>
<para>The free firmware for these devices is not packaged in Debian yet. You can manually download and install the firmware as follows: </para>
<screen format="linespecific">sudo su [enter password]
cd /lib/firmware
wget https://www.thinkpenguin.com/files/ath9k-htc/version-1.4-beta/htc_9271.fw
wget https://www.thinkpenguin.com/files/ath9k_firmware_free-version/htc_7010.fw</screen>
</section>
<section>
<title>Resources</title>
<itemizedlist>
<listitem>
<para>
<ulink url="https://wiki.debian.org/WiFi#USB_Devices">Debian Wiki on WiFi drivers</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="https://en.wikipedia.org/wiki/Comparison_of_open-source_wireless_drivers#Linux_drivers_for_802.11_.22wireless.22">Wikipedia: Comparison of open-source Linux wireless network drivers</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="https://wikidevi.com/wiki/Main_Page">WikiDevi: database of computer hardware</ulink>
</para>
</listitem>
</itemizedlist>
</section>
</section>
<section>
<title>Release Notes</title>
<para>The following are the release notes for each FreedomBox version. </para>
<section>
<title>Plinth v0.13.1 (2017-01-22)</title>
<itemizedlist>
<listitem>
<para>Two new apps were added: </para>
<itemizedlist>
<listitem>
<para>Gobby Server (infinoted) for collaborative editing of text documents </para>
</listitem>
<listitem>
<para>Domain Name Server (BIND), in system menu </para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Added JavaScript license web labels to provide partial support for LibreJS. </para>
</listitem>
<listitem>
<para>Added basic configuration form for Minetest server. </para>
</listitem>
<listitem>
<para>Added indicator to Help-&gt;About page if new Plinth version is available. </para>
</listitem>
<listitem>
<para>Show app logos on front page instead of generic icons. </para>
</listitem>
<listitem>
<para>Prevent anonymous users from accessing setup pages. </para>
</listitem>
<listitem>
<para>Split Chat Server (XMPP) app into Chat Server (ejabberd) and Chat Client (jsxc). </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Plinth v0.12.0 (2016-12-08)</title>
<itemizedlist>
<listitem>
<para>Open up RTP ports in the firewall for repro (SIP server). </para>
</listitem>
<listitem>
<para>Front page shortcuts for services show a Configure button in the details box for logged-in users. </para>
</listitem>
<listitem>
<para>Add mods packages to be installed with Minetest server. </para>
</listitem>
<listitem>
<para>Fix issue with reading Dynamic DNS status as non-root user. </para>
</listitem>
<listitem>
<para>After the hostname is changed, ensure the domain name is still set correctly. </para>
</listitem>
<listitem>
<para>Allow the domain name to be cleared, and properly set the configuration in this case. </para>
</listitem>
<listitem>
<para>On the Certificates (Let's Encrypt) page, show a more informative message when no domains are configured. </para>
</listitem>
<listitem>
<para>On the Chat Server (XMPP) page, show more clearly if domain is not set. </para>
</listitem>
<listitem>
<para>Apps that require login will not be shown on the front page, unless the user is logged in. </para>
</listitem>
<listitem>
<para>Show status block for News Feed Reader (Tiny Tiny RSS). </para>
</listitem>
<listitem>
<para>Change appearance of front page with larger icons and repositioned text. </para>
</listitem>
<listitem>
<para>Firewall page only lists services that have been setup. The port lists are collapsible under each service. </para>
</listitem>
<listitem>
<para>Support configuring IPv6 networks. </para>
</listitem>
<listitem>
<para>Make it less likely to accidentally delete the only Plinth user. </para>
</listitem>
<listitem>
<para>Updated to work with JSXC 3.0.0 (XMPP web client). </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Plinth v0.11.0 (2016-09-29)</title>
<itemizedlist>
<listitem>
<para>Added loading icon for additional busy operations. </para>
</listitem>
<listitem>
<para>Added basic front page with shortcuts to web apps, and information about enabled services. </para>
</listitem>
<listitem>
<para>networks: Add batctl as dependency, required for batman-adv mesh networking. </para>
</listitem>
<listitem>
<para>users: </para>
<itemizedlist>
<listitem>
<para>Fixed checking restricted usernames. </para>
</listitem>
<listitem>
<para>Display error message if unable to set SSH keys. </para>
</listitem>
<listitem>
<para>Flush nscd cache after user operations to avoid some types of errors. </para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>monkeysphere: </para>
<itemizedlist>
<listitem>
<para>Adopted to using SHA256 fingerprints. </para>
</listitem>
<listitem>
<para>Sort items for consistent display. </para>
</listitem>
<listitem>
<para>Handle new uid format of gpg2. </para>
</listitem>
<listitem>
<para>Fixed handling of unavailable imported domains. </para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>minetest: Fixed showing status block and diagnostics. </para>
</listitem>
<listitem>
<para>Fixed stretched favicon. </para>
</listitem>
<listitem>
<para>Switched base template from container-fluid to container. This will narrow the content area for larger displays. </para>
</listitem>
<listitem>
<para>Plinth is now able to run as "plinth" user instead of root user. </para>
</listitem>
<listitem>
<para>xmpp: Replaced jwchat with jsxc. </para>
</listitem>
<listitem>
<para>ikiwiki: Allow only alphanumerics in wiki/blog name to avoid invalid paths. </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Plinth v0.10.0 (2016-08-21)</title>
<itemizedlist>
<listitem>
<para>Updated Plinth to support Django 1.10. </para>
</listitem>
<listitem>
<para>Added a page to display recent status log from Plinth. It is accessible from the 500 error page. </para>
</listitem>
<listitem>
<para>Tor: Added options to toggle relay and bridge relay modes. </para>
</listitem>
<listitem>
<para>Radicale: Added access rights control. </para>
</listitem>
<listitem>
<para>Ikiwiki: Updated suggested packages. </para>
</listitem>
<listitem>
<para>Users and Groups: Fixed editing users without SSH keys. </para>
</listitem>
<listitem>
<para>Networks: Added basic support for configuring batman-adv mesh networking. </para>
</listitem>
<listitem>
<para>Networks: Fixed incorrect access for retrieving DNS entries. </para>
</listitem>
<listitem>
<para>New languages: </para>
<itemizedlist>
<listitem>
<para>Persian (50% translated) </para>
</listitem>
<listitem>
<para>Indonesian (not started, contributions needed) </para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>New modules added to Plinth: </para>
<itemizedlist>
<listitem>
<para>Disks: Shows free space of mounted partitions, and allows expanding the root partition. </para>
</listitem>
<listitem>
<para>Security: Controls login restrictions. </para>
</listitem>
<listitem>
<para>Snapshots: Manages Btrfs snapshots. </para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</section>
<section>
<title>Version 0.9.4 (2016-06-24)</title>
<itemizedlist>
<listitem>
<para>Added Polish translation. </para>
</listitem>
<listitem>
<para>Fixed issue preventing access to Plinth on a non-standard port. </para>
</listitem>
<listitem>
<para>Dealt with ownCloud removal from Debian. The ownCloud page in Plinth will be hidden if it has not been setup. Otherwise, a warning is shown. </para>
</listitem>
<listitem>
<para>Fixed issue in Privoxy configuration. Two overlapping listen-addresses were configured, which prevented privoxy service from starting. </para>
</listitem>
<listitem>
<para>Fixed issue that could allow someone to start a module setup process without being logged in to Plinth. </para>
</listitem>
<listitem>
<para>Fixed issues with some diagnostic tests that would show false positive results. </para>
</listitem>
<listitem>
<para>Added check to Diagnostics to skip tests for modules that have not been setup. </para>
</listitem>
<listitem>
<para>Fixed some username checks that could cause errors when editing the user. </para>
</listitem>
<listitem>
<para>Added sorting of menu items per locale. </para>
</listitem>
<listitem>
<para>Moved Dynamic DNS and Pagekite from Applications to System Configuration. </para>
</listitem>
<listitem>
<para>Allowed setting IP for shared network connections. </para>
</listitem>
<listitem>
<para>Switched Dreamplug image from "non-free" to "free". This means that we no longer include the non-free firmware for the built-in wifi on Dreamplug. </para>
</listitem>
<listitem>
<para>Added the "userdir" module for the Apache web server. This allows users in the "admin" group to create a folder called "public_html" under their home folder, and to publicly share files placed in this folder. </para>
</listitem>
<listitem>
<para>New wiki and manual content licence: <emphasis><ulink url="https://creativecommons.org/licenses/by-sa/4.0/">Creative Commons Attribution-ShareAlike 4.0 International</ulink></emphasis> (from June 13rd 2016). </para>
</listitem>
<listitem>
<para>Switched to using apt-get for module setup in Plinth. This fixes several issues that were seen during package installs. </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Version 0.9 (2016-04-24)</title>
<itemizedlist>
<listitem>
<para>Fixed Wi-Fi AP setup. </para>
</listitem>
<listitem>
<para>Prevent lockout of users in 'sudo' group after setup is complete. </para>
</listitem>
<listitem>
<para>Improved setup mechanism for Plinth modules. Allows users to see what a module is useful for, before doing the setup and package install. Also allows essential modules to be setup by default during FreedomBox install. </para>
</listitem>
<listitem>
<para>Added HTTPS certificates to Monkeysphere page. Reorganized so that multiple domains can be added to a key. </para>
</listitem>
<listitem>
<para>Added Radicale, a CalDAV and CardDAV server. </para>
</listitem>
<listitem>
<para>Added Minetest Server, a multiplayer infinite-world block sandbox. </para>
</listitem>
<listitem>
<para>Added Tiny Tiny RSS, a news feed reader. </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Version 0.8 (2016-02-20)</title>
<itemizedlist>
<listitem>
<para>Added Quassel, an IRC client that stays connected to IRC networks and can synchronize multiple frontends. </para>
</listitem>
<listitem>
<para>Improved first boot user interface. </para>
</listitem>
<listitem>
<para>Fixed Transmission RPC whitelist issue. </para>
</listitem>
<listitem>
<para>Added translations for Turkish, Chinese, and Russian. Fixed and updated translations in other languages. </para>
</listitem>
<listitem>
<para>Added Monkeysphere, which uses PGP web of trust for SSH host key verification. </para>
</listitem>
<listitem>
<para>Added Let's Encrypt, to obtain certificates for domains, so that browser certificate warnings can be avoided. </para>
</listitem>
<listitem>
<para>Added repro, a SIP server for audio and video calls. </para>
</listitem>
<listitem>
<para>Allow users to set their SSH public keys, so they can login over SSH without a password. </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Version 0.7 (2015-12-13)</title>
<itemizedlist>
<listitem>
<para>Translations! Full translations of the interface in Danish, Dutch, French, German and Norwegian Bokmål, and partial Telugu. </para>
</listitem>
<listitem>
<para>Support for OLinuXino A20 MICRO and LIME2 </para>
</listitem>
<listitem>
<para>New Plinth applications: OpenVPN, reStore </para>
</listitem>
<listitem>
<para>Improved first-boot experience </para>
</listitem>
<listitem>
<para>Many bugfixes and cleanups </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Version 0.6 (2015-10-31)</title>
<itemizedlist>
<listitem>
<para>New supported hardware target: Raspberry Pi 2 </para>
</listitem>
<listitem>
<para>New modules in Plinth: </para>
<itemizedlist>
<listitem>
<para>Shaarli: Web application to manage and share bookmarks </para>
</listitem>
<listitem>
<para>Date &amp; Time: Configure time zone and NTP service </para>
</listitem>
<listitem>
<para>Service Discovery: Configure Avahi service </para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Documentation revamp including new user manual and developer guide </para>
</listitem>
<listitem>
<para>Improved diagnostic tests, available in Plinth </para>
</listitem>
<listitem>
<para>Avoid unnecessary changes when installing on existing Debian system </para>
</listitem>
<listitem>
<para>Network configuration supports PPPoE connections </para>
</listitem>
<listitem>
<para>Debian packages can be download over Tor </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Version 0.5 (2015-08-07)</title>
<itemizedlist>
<listitem>
<para>New targets: CubieTruck, i386, amd64 </para>
</listitem>
<listitem>
<para>New apps in Plinth: Transmission, Dynamic DNS, Mumble, ikiwiki, Deluge, Roundcube, Privoxy </para>
</listitem>
<listitem>
<para>NetworkManager handles network configuration and can be manipulated through Plinth. </para>
</listitem>
<listitem>
<para>Software Upgrades (unattended-upgrades) module can upgrade the system, and enable automatic upgrades. </para>
</listitem>
<listitem>
<para>Plinth is now capable of installing ejabberd, jwchat, and privoxy, so they are not included in image but can be installed when needed. </para>
</listitem>
<listitem>
<para>User authentication through LDAP for SSH, XMPP (ejabberd), and ikiwiki. </para>
</listitem>
<listitem>
<para>Unit test suite is automatically run on Plinth upstream. This helps us catch at least some code errors before they are discovered by users! </para>
</listitem>
<listitem>
<para>New, simpler look for Plinth. </para>
</listitem>
<listitem>
<para>Performance improvements for Plinth. </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Version 0.3 (2015-01-20)</title>
<itemizedlist>
<listitem>
<para>Tor Bridges: All boxes now act as non-exit Tor bridges, routing traffic for the Tor network. </para>
</listitem>
<listitem>
<para><ulink url="https://wiki.debian.org/FreedomBox/Manual/Firewall#">Firewall</ulink>: firewall is on by default and is automatically managed. </para>
</listitem>
<listitem>
<para>Add BeagleBone support. We now have images for BeagleBone, RaspberryPi, VirtualBox i386/amd64, and DreamPlug. </para>
</listitem>
<listitem>
<para>Ability to enable and use Tor Hidden Services. Works with Ejabberd/JWChat and ownCloud services. </para>
</listitem>
<listitem>
<para>Enable Tor obfsproxy with scramblesuit. </para>
</listitem>
<listitem>
<para>Drop well-known root password (an account with sudo capabilities still exists for now but will be removed soon). </para>
</listitem>
<listitem>
<para>Switch to unstable as suite of choice for easier development. </para>
</listitem>
<listitem>
<para>Newer images are built with systemd by default (due to Debian change). </para>
</listitem>
<listitem>
<para>Install and operate firewall automatically (uses firewalld). </para>
</listitem>
<listitem>
<para>Major restructuring of Plinth UI using Python3, Django web development framework and Bootstrap3. Code quality is much better and UI is more polished. </para>
</listitem>
<listitem>
<para>Introduced packaging framework in Plinth UI for on-demand application installation. </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Version 0.2 (2014-03-16)</title>
<itemizedlist>
<listitem>
<para>Support for Raspberry Pi and VirtualBox (x86) in addition to the <ulink url="https://wiki.debian.org/FreedomBox/ReleaseNotes/FreedomBox/Hardware/DreamPlug#">DreamPlug</ulink>. </para>
</listitem>
<listitem>
<para>New Services: </para>
<itemizedlist>
<listitem>
<para>Configuration Management UI. </para>
</listitem>
<listitem>
<para>Instant Messaging. </para>
</listitem>
<listitem>
<para>OwnCloud. </para>
</listitem>
<listitem>
<para>dnsmasq. </para>
</listitem>
<listitem>
<para>Low-Level Configuration Management. </para>
</listitem>
<listitem>
<para>Service Announcement. </para>
</listitem>
<listitem>
<para>LDAP Server. </para>
</listitem>
<listitem>
<para>LXC Support. </para>
</listitem>
<listitem>
<para>Source Packages. </para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>The privoxy setup is now the default from Debian. </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Version 0.1 (2013-02-26)</title>
<itemizedlist>
<listitem>
<para>First FreedomBox software release (0.1 image, developer release). </para>
</listitem>
<listitem>
<para>Full hardware support in Debian </para>
</listitem>
<listitem>
<para>Support for <ulink url="https://wiki.debian.org/FreedomBox/Hardware/DreamPlug#">DreamPlug</ulink>. </para>
</listitem>
<listitem>
<para>Basic software tools selected as common working environment: </para>
<itemizedlist>
<listitem>
<para>User interface system "plinth" </para>
</listitem>
<listitem>
<para>Cryptography tools: gpg or "monkeysphere" </para>
</listitem>
<listitem>
<para>Box-to-box communication design: Freedom-buddy (uses <ulink url="https://en.wikipedia.org/wiki/Tor_%28anonymity_network%29">TOR network</ulink>) </para>
</listitem>
<listitem>
<para>Web cleaning: "privoxy-freedombox". </para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</section>
</section>
</section>
<section>
<title>Contributing</title>
<para>From code, design and translation to spreading the world and donation, here is a list of possible contributions to develop FreedomBox. </para>
<section>
<title>Quick Links</title>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/ProgressCalls#">Progess calls</ulink>
</para>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/TODO#">TODO page</ulink>
</para>
<para>
<ulink url="https://www.freedomboxfoundation.org/donate/">Donation page</ulink>
</para>
</section>
<section>
<title>Welcome to newcomers</title>
<para>As a newcomer, you are more than welcome to introduce yourself to all users and doers on the "FreedomBox-discuss" <ulink url="http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss">mailing list</ulink> or on the <ulink url="irc://irc.debian.org/freedombox">#freedombox IRC</ulink> channel. In addition to make useful contacts, you can start reporting bugs and translate (see below) the wiki website and the <ulink url="https://wiki.debian.org/FreedomBox#">FreedomBox</ulink> web interface. </para>
</section>
<section>
<title>Development priorities</title>
<para>Upcoming priorities are discussed on an regular basis. You find the progress of the webinterface Plinth with it's priorities here:<ulink url="https://github.com/freedombox/Plinth/projects/1">Project Progess</ulink>. We want to enjoy soon a version 1.0.</para>
<para>Please check next <ulink url="https://wiki.debian.org/FreedomBox/ProgressCalls#">progess calls</ulink> to keep yourself on track and meet members of the release team. A <ulink url="https://wiki.debian.org/FreedomBox/TODO#">TODO page</ulink> aggregates the complete list of the items to work on for <ulink url="https://wiki.debian.org/FreedomBox#">FreedomBox</ulink>. </para>
</section>
<section>
<title>Contributions needed</title>
<section>
<title>Add an Application</title>
<para>If you are a developer and wish to see an application available in FreedomBox, you can contribute by adding the application to FreedomBox. See the <ulink url="https://wiki.debian.org/FreedomBox/Manual/Developer#">FreedomBox Developer Manual</ulink>. </para>
</section>
<section>
<title>Bugs</title>
<para><ulink url="https://wiki.debian.org/FreedomBox/Contribute/Bugs#">List of bugs</ulink> listed on Debian universal system. Also see the <ulink url="https://qa.debian.org/developer.php?login=freedombox-pkg-team%40lists.alioth.debian.org&amp;comaint=yes">Packages overview for FreedomBox packaging team</ulink> for status of various packages that we use. </para>
</section>
<section>
<title>Code</title>
<para>If you are a developer, you can contribute code to one of the sub-projects of FreedomBox. Step-by-step process of <ulink url="https://wiki.debian.org/FreedomBox/Contribute/Code#">contributing code</ulink> to FreedomBox is available. </para>
<itemizedlist>
<listitem>
<para><ulink url="https://wiki.debian.org/FreedomBox/Setup#">FreedomBox Setup</ulink>: a Debian package for setting up the FreedomBox. </para>
</listitem>
<listitem>
<para><ulink url="https://wiki.debian.org/FreedomBox/Plinth#">Plinth</ulink>: a web interface to administer the functions of FreedomBox. </para>
</listitem>
<listitem>
<para><ulink url="https://wiki.debian.org/FreedomBox/Maker#">Freedom Maker</ulink>: a script to build FreedomBox disk images for use on various hardware devices or virtual machines. </para>
</listitem>
</itemizedlist>
<para>You can pickup a task from one of the <ulink url="https://wiki.debian.org/FreedomBox/TODO#">TODO</ulink> lists. The individual page project pages contain information availabily of the code, how to build and TODO lists. </para>
</section>
<section>
<title>Design</title>
<section>
<title>User Experience Design</title>
<para>If you are a user experience designer, you can help FreedomBox with the following items: </para>
<itemizedlist>
<listitem>
<para>UI experience for the Plinth web interface </para>
</listitem>
<listitem>
<para>Web design for <ulink url="https://freedomboxfoundation.org">freedomboxfoundation.org</ulink> and FreedomBox <ulink url="https://wiki.debian.org/FreedomBox#">wiki</ulink> pages </para>
</listitem>
<listitem>
<para>Logo and branding (we currently have <ulink url="https://github.com/freedombox/Plinth/tree/master/static/themes/default/">an identity manual and logos</ulink>) </para>
</listitem>
<listitem>
<para>Possible designs for custom FreedomBox cases on single board computers </para>
</listitem>
<listitem>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Design#">User experience design</ulink>
</para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Technical Design</title>
<para>FreedomBox is still under development any many components are yet to be worked on. You can contribute to the discussion on various technical design and implementation aspects of FreedomBox. See: </para>
<itemizedlist>
<listitem>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Design#">Design portal</ulink>
</para>
</listitem>
</itemizedlist>
</section>
</section>
<section>
<title>Donate</title>
<para>The <ulink url="https://freedomboxfoundation.org">FreedomBox Foundation</ulink> is a Delaware non-profit corporation in the process of applying for 501(c)(3) federal nonprofit recognition from the IRS. FreedomBox project is run by volunteers. You can help the project financially by donating via PayPal, Bitcoin or by mailing a check. Please see the <ulink url="https://www.freedomboxfoundation.org/donate/">donation page</ulink> for details on how to donate. </para>
</section>
<section>
<title>Document: User Manual, Website and Wiki</title>
<para>FreedomBox needs better documentation for users and contributors. FreedomBox manual is prepared by aggregating various pages on the wiki and exporting to various formats. The manual is then used in Plinth and elsewhere. </para>
<para>If you wish to contribute to the FreedomBox <ulink url="https://wiki.debian.org/FreedomBox#">wiki</ulink> (and consequently the FreedomBox manual), you can create a wiki account and start editing. </para>
<para>For contributing to the website please start a discussion on the FreedomBox <ulink url="http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss">mailing list</ulink>. </para>
</section>
<section>
<title>Quality Assurance</title>
<itemizedlist>
<listitem>
<para>FreedomBox already runs on many platforms and it is not possible for developers to test all possible platforms. If you have one of the supported hardware you can help with testing FreedomBox on the platform. </para>
</listitem>
<listitem>
<para>When an application is made available on FreedomBox, not all of its functionality is tested in the real world by developer doing the work. Deploying the application and testing it will help ensure high quality applications in FreedomBox. </para>
</listitem>
</itemizedlist>
<para>See the <ulink url="https://wiki.debian.org/FreedomBox/QualityAssurance#">quality assurance</ulink> page for a basic list of test cases to check for and information on reporting bugs. </para>
</section>
<section>
<title>Localization</title>
<para>All text visible to users of FreedomBox needs to be localized to various languages. This translation work includes: </para>
<itemizedlist>
<listitem>
<para><ulink url="https://wiki.debian.org/FreedomBox/Plinth#">Plinth</ulink> web interface for FreedomBox </para>
</listitem>
<listitem>
<para>FreedomBox documentation </para>
</listitem>
<listitem>
<para>FreedomBox <ulink url="https://freedomboxfoundation.org">website</ulink> and <ulink url="https://wiki.debian.org/FreedomBox#">wiki</ulink> </para>
</listitem>
<listitem>
<para>Individual applications that FreedomBox exposes to users. </para>
</listitem>
</itemizedlist>
<para>The primary user interface (Plinth) was internationalized in the <ulink url="https://wiki.debian.org/FreedomBox/ReleaseNotes/ReleaseNotesDev#Version_0.7_.282015-12-13.29">0.7 release</ulink>. You can contribute to the localization effort using the web-based tool at <ulink url="https://hosted.weblate.org/projects/freedombox/">Weblate</ulink> or directly to the source tree via <ulink url="https://github.com/freedombox/Plinth/tree/master/plinth/locale">GitHub</ulink>. </para>
<para>If you wish to see FreedomBox available for one of your languages, please start a discussion on the FreedomBox discuss <ulink url="http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss">mailing list</ulink> or on the <ulink url="irc://irc.debian.org/freedombox">#freedombox IRC</ulink> channel to avoid double translations. </para>
<para>For more information, please visit the FreedomBox <ulink url="https://wiki.debian.org/FreedomBox/Translate#">translation landing page</ulink>. </para>
</section>
<section>
<title>Spread the Word</title>
<para>Speak to your family, friends, local community or at global conferences about the importance of FreedomBox. To be a successful project we need many more participants, be it users or contributors. Write about your efforts at the <ulink url="https://www.freedomboxfoundation.org/appearances/index.en.html">talks page</ulink> and on the <ulink url="https://wiki.debian.org/FreedomBox/TalksAndPresentations#">wiki</ulink>. </para>
</section>
</section>
</section>
<section>
<title>Developer Guide</title>
<para>This manual is meant for developers intending to develop applications for FreedomBox. It provides a step by step tutorial and an API reference. </para>
<section>
<title>Writing Applications - Tutorial</title>
<para>This tutorial covers writing an application for FreedomBox. FreedomBox is a pure blend of Debian with a web interface, known as Plinth, that configures its applications. We shall discuss various aspects of building an application for FreedomBox, by creating an example application. </para>
<para>There are two parts to writing a FreedomBox application. First is to make sure that the application is available as a Debian package uploaded to the repositories. This is the majority of the work involved. However, if an application is already available in Debian repositories, it is trivial to build a FreedomBox UI for it. The second part of writing an application for FreedomBox is to provide a thin web interface layer for configuring the application. This is done by extending Plinth's user interface to provide visibility to the application and to let the user control its operations in a highly simplified way. This layer is referred to as 'Plinth application'. </para>
<para>Plinth applications can either be distributed as part of Plinth source code by submitting the applications to the Plinth project or they can distributed independently. This tutorial covers writing an application that is meant to be distributed as part of Plinth. However, writing independent Plinth applications is also very similar and most of this tutorial is applicable. </para>
<note>
<para>
<emphasis role="strong">Note</emphasis>
</para>
<para>The term application, in this tutorial, is used to mean multiple concepts. FreedomBox application is a combination of Debian package and a web interface layer. The web interface layer is also called a Plinth application which is very similar to and built upon a Django application. </para>
</note>
<section>
<title>Before we begin</title>
<para>Plinth is a web interface built using Python3 and Django. FreedomBox applications are simply Django applications within the Plinth project. Hence, for the most part, writing a FreedomBox application is all about writing a Django application. </para>
<para>You should start by reading the <ulink url="https://docs.djangoproject.com/en/stable/intro/tutorial01/">Django tutorial</ulink>. All the concepts described there are applicable for how plinth and its applications are be built. </para>
</section>
<section>
<title>Picking an application</title>
<para>We must first, of course, pick an application to add to FreedomBox. For the purpose of this tutorial, let us pick Tiny Tiny RSS. The project description reads as, <emphasis>Tiny Tiny RSS is an open source web-based news feed (RSS/Atom) reader and aggregator, designed to allow you to read news from any location, while feeling as close to a real desktop application as possible</emphasis>. </para>
<important>
<para>
<emphasis role="strong">Choosing an application</emphasis>
</para>
<para>When choosing an application we must make sure that the application respects users' freedom and privacy. By choosing to use FreedomBox, users have explicitly made a choice to keep the data with themselves, to not provide privacy compromising data to centralized entities and to use Free Software that respects their Software Freedom. These are not properties of <emphasis>some</emphasis> of the applications in FreedomBox but all applications <emphasis>must</emphasis> adhere to these principles. Applications should not even ask the users questions to this effect, because users have already made a choice. </para>
</important>
</section>
<section>
<title>Packaging the application</title>
<para>Majority of the effort in creating an application for FreedomBox is to package it for Debian and get it uploaded to Debian repositories. Going through the process of packaging itself is outside the scope of this tutorial. It is, however, well documented elsewhere. You should start <ulink url="https://wiki.debian.org/Packaging">here</ulink>. </para>
<para>Debian packaging might seem like an unnecessary process that takes time with its adherence to standards, review process, legal checks, etc. However, upon close examination, one will find that without these steps the goals of the FreedomBox project cannot be met. Some of the advantages of Debian packaging are listed below: </para>
<itemizedlist>
<listitem>
<para>Legal check ensures that proprietary licensed code or code with bad licenses does not inadvertently creep in. </para>
</listitem>
<listitem>
<para>Libraries have to be packaged separately easing security handling. When a security vulnerability is identified in a library, just the library will have to be updated and not all the applications that depend on it. </para>
</listitem>
<listitem>
<para>Upgrades become smoother. The dependency handling of the packaging system, configuration handling tools, tools to deal with various types of well known files help with ensuring a proper upgrade. </para>
</listitem>
<listitem>
<para>Collaborative maintenance teams ensure that the package is well cared for even if you get busy with other work and can't spend time on your package. Following standards and using common infrastructure is critical to enable this development methodology. </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Creating the project structure</title>
<para>Create a directory structure as follows with empty files. We will fill them up in a step-by-step manner. </para>
<screen format="linespecific">+- &lt;plinth_root&gt;/
|
+- plinth/
| |
| +- modules/
| |
| +- ttrss/
| |
| +- __init__.py
| |
| +- forms.py
| |
| +- urls.py
| |
| +- views.py
| |
| +- templates/
| | |
| | +- ttrss.html
| |
| +- tests
| |
| +- __init__.py
|
+- actions/
| |
| +- ttrss
|
+- data/
|
+- etc/
|
+- plinth/
|
+- modules-enabled/
|
+- ttrss</screen>
<para>The <code>__init__.py</code> indicates that the directory in which it is present is a Python module. For now, it is an empty file. </para>
<para>Plinth's setup script <code>setup.py</code> will automatically install the <code>plinth/modules/ttrss</code> directory (along with other files described later) to an appropriate location. If you are creating an application that stays independent and outside of Plinth source tree, then your <code>setup.py</code> script will need to install it a proper location on the system. The <code>plinth/modules/</code> directory is a Python3 <ulink url="https://www.python.org/dev/peps/pep-0420/">namespace package</ulink>. So, you can install it with the <code>plinth/modules/</code> directory structure into any Python path and still be discovered as <code>plinth.modules.*</code>. </para>
</section>
<section>
<title>Tell Plinth that we exist</title>
<para>The first thing to do is tell Plinth that our application exists. This is done by writing a small file with the Python import path to our application and placing it in <code>data/etc/plinth/modules-enabled/</code>. Let us create this file <code>ttrss</code>: </para>
<screen format="linespecific">plinth.modules.ttrss</screen>
<para>This file is automatically installed to <code>/etc/plinth/modules-enabled/</code> by Plinth's installation script <code>setup.py</code>. If we are writing a module that resides independently outside the Plinth's source code, the setup script will need to copy it to the target location. Further, it is not necessary for the application to be part of the <code>plinth.modules</code> namespace. It can, for example, be <code>plinth_ttrss</code>. </para>
</section>
<section>
<title>Writing the URLs</title>
<para>For a user to visit our application in Plinth, we need to provide a URL. When the user visits this URL, a view is executed and a page is displayed. In <code>urls.py</code> write the following: </para>
<screen format="linespecific">from django.conf.urls import url
from . import views
urlpatterns = [
url(r'^apps/ttrss/$', views.index, name='index'),
]</screen>
<para>This routes the <code>/apps/ttrss/</code> URL to a view called <code>index</code> defined in <code>plinth/modules/ttrss/views.py</code>. This is no different than how routing URLs are written in Django. See <ulink url="https://docs.djangoproject.com/en/stable/topics/http/urls/">Django URL dispatcher</ulink> for more information. </para>
</section>
<section>
<title>Adding a menu item</title>
<para>We have added a URL to be handled by our application but this does not yet show up to be a link in Plinth web interface. Let us add a link in the applications list. In <code>__init__.py</code> add the following: </para>
<screen format="linespecific">from plinth import cfg
def init():
"""Intialize the module."""
menu = cfg.main_menu.get('apps:index')
menu.add_urlname('News Feed Reader (Tiny Tiny RSS)', 'glyphicon-bullhorn',
'ttrss:index', 850)</screen>
<para>As soon as Plinth starts, it will load all the enabled modules into memory. After this, it gives a chance to each of the modules to initialize itself by calling the <code>init()</code> method if there is such a method available as <code>&lt;app&gt;.init()</code>. Here we have implemented this method and added our menu item to the applications menu as part of the initialization process. </para>
<para>We wish to add our menu item to the list of applications which is why we have retrieved the applications menu which is available under the main menu. After this we add our own menu item to this menu. There are several parameters during this process that are important: </para>
<itemizedlist>
<listitem>
<para>In the first parameter we are providing the display name to use for our application when showing the menu item. </para>
</listitem>
<listitem>
<para>In the second parameter we are providing the icon to show for this menu item. This is an icon from the Twitter Bootstrap library. See </para>
<para>the Twitter Bootstrap library documentation for a list of <ulink url="http://getbootstrap.com/components/#glyphicons">available icons</ulink>. We can pick an icon from the available list of icons and just mention its glyphicon class as name here. </para>
</listitem>
<listitem>
<para>The third parameter is the name of the URL we have created for our application. Note that when including this application's URLs, Plinth will automatically set the name of the module as the Django </para>
<para>URL namespace. Hence it is <code>ttrss:index</code> and not just <code>index</code>. </para>
</listitem>
<listitem>
<para>The final parameter specifies where in the menu this application shows up. This is weightage number with which Plinth sorts the menu items. Higher the weightage, the lower the menu item appears (as it sinks). Since Plinth menu items are alphabetically sorted, for our </para>
<para>application we wish for it to appear between <emphasis>Public Visibility</emphasis> and <emphasis>Voice Chat</emphasis>. Their weights are 800 and 900 respectively. So we selected 850. </para>
</listitem>
</itemizedlist>
<para>We have used the application menu item to insert our own menu item as a child. To be able to use the application menu item, we need to make sure that the module providing the application menu is loaded before our application is loaded. We will do that in the next step. </para>
</section>
<section>
<title>Specifying module dependencies</title>
<para>Specifying a simple list of applications to be loaded before our application provided to Plinth is sufficient. Add this in <code>__init__.py</code>. </para>
<screen format="linespecific">depends = ['plinth.modules.apps']</screen>
<para>Plinth will now make sure that the <code>apps</code> module is loaded before our module is loaded. Application initialization is also ensured to happen in this order. We can safely use any features of this module knowing that they have been initialized. </para>
<note>
<para>
<emphasis role="strong">Circular dependencies</emphasis>
</para>
<para>Circular dependencies are not possible among Plinth applications. Attempting to add them will result in error during startup. </para>
</note>
</section>
<section>
<title>Writing the enable/disable form</title>
<para>We wish to provide a user interface to the user to enable and disable the application. Complex modules may require more options but this is sufficient for our application. Add the following <code>forms.py</code>. </para>
<screen format="linespecific">from django import forms
class TtrssForm(forms.Form):
"""Tiny Tiny RSS configuration form."""
enabled = forms.BooleanField(
label='Enable Tiny Tiny RSS',
required=False)</screen>
<para>This creates a Django form that shows a single option to enable/disable the application. It also shows its current state. This is how a regular Django form is built. See <ulink url="https://docs.djangoproject.com/en/stable/topics/forms/">Django Forms documentation</ulink> for more information. </para>
<tip>
<para>
<emphasis role="strong">Too many options</emphasis>
</para>
<para>Resist the temptation to create a lot of configuration options. Although this will put more control in the hands of the users, it will make FreedomBox less usable. FreedomBox is a consumer product. Our target users are not technically savvy and we have make most of the decisions on behalf of the user to make the interface as simple and easy to use as possible. </para>
</tip>
</section>
<section>
<title>Writing a view</title>
<para>In <code>views.py</code>, let us add a view that can handle the URL we have provided above. </para>
<screen format="linespecific">from .forms import TtrssForm
def index(request):
"""Serve configuration page."""
status = get_status()
form = None
if request.method == 'POST':
form = TtrssForm(request.POST, prefix='ttrss')
if form.is_valid():
_apply_changes(request, status, form.cleaned_data)
status = get_status()
form = TtrssForm(initial=status, prefix='ttrss')
else:
form = TtrssForm(initial=status, prefix='ttrss')
return TemplateResponse(request, 'ttrss.html',
{'title': 'News Feed Reader (Tiny Tiny RSS)',
'status': status,
'form': form})</screen>
<para>This view works with the form we created in the previous step. It shows the current status of the service in form. This status is retrieved with the help of <code>get_status()</code> helper method. When the form is posted, again this view is called and it verifies whether the form's input values are correct. If so, it will apply the actions necessary for changed form values using the <code>_apply_changes()</code> method. </para>
</section>
<section>
<title>Getting the current status of the application</title>
<para>The view in the previous setup requires the status of the application to be retrieved using the <code>get_status()</code> method. Let us implement that method in <code>views.py</code>. </para>
<screen format="linespecific">from plinth.modules import ttrss
def get_status():
"""Get the current status."""
return {'enabled': ttrss.is_enabled()}</screen>
<para>This method retrieves the various statuses of the application for display in the view. Currently, we only need to show whether the application is enabled or disabled. So, we retrieve that using a helper method defined in <code>__init__.py</code>. </para>
<screen format="linespecific">from plinth import action_utils
def is_enabled():
"""Return whether the module is enabled."""
return action_utils.webserver_is_enabled('50-tt-rss')</screen>
<para>This method uses one of the several action utilities provided by Plinth. This method checks whether a webserver configuration named <code>50-tt-rss</code> is enabled. </para>
</section>
<section>
<title>Displaying the application page</title>
<para>The view that we have written above requires a template file known as <code>ttrss.html</code> to work. This template file controls how the web page for our application is displayed. Let us create this template file in <code>templates/ttrss.html</code>. </para>
<screen format="linespecific">{% extends "base.html" %}
{% load bootstrap %}
{% block content %}
&lt;h2&gt;News Feed Reader (Tiny Tiny RSS)&lt;/h2&gt;
&lt;p&gt;Tiny Tiny RSS is a news feed (RSS/Atom) reader and aggregator,
designed to allow you to read news from any location, while feeling
as close to a real desktop application as possible.&lt;/p&gt;
&lt;h3&gt;Configuration&lt;/h3&gt;
&lt;form class="form" method="post"&gt;
{% csrf_token %}
{{ form|bootstrap }}
&lt;input type="submit" class="btn btn-primary" value="Update setup"/&gt;
&lt;/form&gt;
{% endblock %}</screen>
<para>This template extends an existing template known as <code>base.html</code>. This template is available in Plinth core to provide all the basic layout, styling, menus, JavaScript and CSS libraries. We will override the content area of the base template and keep the rest. </para>
<para>Yet again, there is nothing special about the way this template is written. This is a regular Django template. See <ulink url="https://docs.djangoproject.com/en/stable/topics/templates/">Django Template documentation</ulink>. </para>
<para>For styling and UI components, Plinth uses the Twitter Bootstrap project. See <ulink url="http://getbootstrap.com/css/">Bootstrap documentation</ulink> for reference. </para>
</section>
<section>
<title>Applying the changes from the form</title>
<para>The view we have created displays the form and processes the form after the user submits it. It used a helper method called <code>_apply_changes()</code> to actually get the work done. Let us implement that method in <code>views.py</code>. </para>
<screen format="linespecific">from django.contrib import messages
from plinth import actions
def _apply_changes(request, old_status, new_status):
"""Apply the changes."""
modified = False
if old_status['enabled'] != new_status['enabled']:
sub_command = 'enable' if new_status['enabled'] else 'disable'
actions.superuser_run('ttrss', [sub_command])
modified = True
if modified:
messages.success(request, 'Configuration updated')
else:
messages.info(request, 'Setting unchanged')</screen>
<para>We check to make sure that we don't try to disable the application when it is already disabled or try to enable the application when it is already enabled. Although Plinth's operations are idempotent, meaning that running them twice will not be problematic, we still wish avoid unnecessary operations for the sake of speed. </para>
<para>We are actually perform the operation using Plinth actions. We will implement the action to be performed a bit later. </para>
<para>After we perform the operation, we will show a message on the response page showing that the action was successful or that nothing happened. We use the Django messaging framework to accomplish this. See <ulink url="https://docs.djangoproject.com/en/stable/ref/contrib/messages/">Django messaging framework</ulink> for more information. </para>
</section>
<section>
<title>Installing packages required for the application</title>
<para>Plinth takes care of installing all the Debian packages required for our application to work. All we need to do is specify the list of the Debian packages required using a decorator on our view as follows: </para>
<screen format="linespecific">from plinth import package
@package.required(['tt-rss'])
def index(request):
"""Serve configuration page."""
...</screen>
<para>The first time this application's view is accessed, Plinth shows a package installation page and allows the user to install the required packages. After the package installation is completed, the user is shown the application's configuration page. </para>
<para>If there are configuration tasks to be performed immediately before or after the package installation, Plinth provides hooks for it. The <code>before_install=</code> and <code>on_install=</code> parameters to the <code>@package.required</code> decorator take a callback methods that are called before installation of packages and after installation of packages respectively. See the reference section of this manual or the <code>plinth.package</code> module for details. Other modules in Plinth that use this feature provided example usage. </para>
</section>
<section>
<title>Writing actions</title>
<para>The actual work of performing the configuration change is carried out by a Plinth action. Actions are independent scripts that run with higher privileges required to perform a task. They are placed in a separate directory and invoked as scripts via sudo. For our application we need to write an action that can enable and disable the web configuration. We will do this by creating a file <code>actions/ttrss</code>. </para>
<screen format="linespecific">import argparse
from plinth import action_utils
def parse_arguments():
"""Return parsed command line arguments as dictionary."""
parser = argparse.ArgumentParser()
subparsers = parser.add_subparsers(dest='subcommand', help='Sub command')
subparsers.add_parser('enable', help='Enable Tiny Tiny RSS')
subparsers.add_parser('disable', help='Disable Tiny Tiny RSS')
return parser.parse_args()
def subcommand_enable(_):
"""Enable web configuration and reload."""
action_utils.webserver_enable('50-tt-rss')
def subcommand_disable(_):
"""Disable web configuration and reload."""
action_utils.webserver_disable('50-tt-rss')
def main():
"""Parse arguments and perform all duties."""
arguments = parse_arguments()
subcommand = arguments.subcommand.replace('-', '_')
subcommand_method = globals()['subcommand_' + subcommand]
subcommand_method(arguments)
if __name__ == '__main__':
main()</screen>
<para>This is a simple Python3 program that parses command line arguments. While Python3 is preferred, it can be written in other languages also. It uses a helper utility provided by Plinth to actually enable and disable Apache2 web server configuration. </para>
<para>This script is automatically installed to <code>/usr/share/plinth/actions</code> by Plinth's installation script <code>setup.py</code>. Only from here will there is a possibility of running the script under <code>sudo</code>. If you are writing an application that resides indenpendently of Plinth's source code, your <code>setup.py</code> script will need to take care of copying the file to the target location. </para>
</section>
<section>
<title>Creating diagnostics</title>
<para>Plinth provides a simple API for showing diagnostics results. The application has to implement a method for actually running the diagnostics and return the results as a list. Plinth then takes care of calling the diagnostics method and displaying the list in a formatted manner. </para>
<para>To implement the diagnostics method, method called <code>diagnose()</code> has to be available as <code>&lt;app&gt;.diagnose()</code>. It must return a list in which each item is the result of a test performed. The item itself is a two-tuple containing the display name of the test followed by the result as <code>passed</code>, <code>failed</code> or <code>error</code>. </para>
<screen format="linespecific">def diagnose():
"""Run diagnostics and return the results."""
results = []
results.extend(action_utils.diagnose_url_on_all(
'https://{host}/ttrss', extra_options=['--no-check-certificate']))
return results</screen>
<para>There are several helpers available to implement some of the common diagnostic tests. For our application we wish to implement a test to check whether the <code>/ttrss</code> URL is accessible. Since this is a commonly performed test, there is a helper method available and we have used it in the above code. The <code>{host}</code> tag replaced with various IP addresses, hostnames and domain names by the helper to produce different kinds of URLs and they are all tested. Results for all tests are returned which we then pass on to Plinth. </para>
<para>The user can trigger the diagnostics test by going to <code>System -&gt; Diagnostics</code> page. This runs diagnostics for all the applications. If we want users to be able to run diagnostics specifically for this application, we can include a button for it in our template immediately after the application description. </para>
<screen format="linespecific">{% include "diagnostics_button.html" with module="ttrss" %}</screen>
</section>
<section>
<title>Logging</title>
<para>Sometimes we may feel the need to write some debug messages to the console and Plinth log file. Doing this in Plinth is just like doing this any other Python application. </para>
<screen format="linespecific">import logging
logger = logging.getLogger(__name__)
def example_method():
logger.debug('A debug level message')
logger.info('Showing application page - %s', request.method)
try:
something()
except Exception as exception:
# Print stack trace
logger.exception('Encountered an exception - %s', exception)</screen>
<para>For more information see Python <ulink url="https://docs.python.org/3.4/library/logging.html">logging framework</ulink> documentation. </para>
</section>
<section>
<title>Adding a License</title>
<para>Plinth is licensed under the GNU Affero General Public License Version 3 or later. FreedomBox UI applications, which run as modules under Plinth, also need to be under the same license or under a compatible license. The license of our application needs to clear for our application to be accepted by users and other developers. Let us add license headers to our application. </para>
<screen format="linespecific">#
# This file is part of Plinth.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see &lt;http://www.gnu.org/licenses/&gt;.
#</screen>
<para>The above header needs to be present in every file of the application. It is suitable for Python files. However, in template files, we need to modify it slightly. </para>
<screen format="linespecific">{% extends "base.html" %}
{% comment %}
#
# This file is part of Plinth.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see &lt;http://www.gnu.org/licenses/&gt;.
#
{% endcomment %}
...</screen>
</section>
<section>
<title>Internationalization</title>
<para>Every string message that is visible to the user must be localized to user's native language. For this to happen, our application needs to be internationalized. This requires marking the user visible messages for translation. Plinth applications use the Django's localization methods to make that happen. </para>
<screen format="linespecific">from django.utils.translation import ugettext as _
def index(request):
...
return TemplateResponse(request, 'ttrss.html',
{'title': _('News Feed Reader (Tiny Tiny RSS)'),
'status': status,
'form': form})</screen>
<para>Notice that the page's title is wrapped in the <code>_()</code> method call. Let us do that for the menu item of the application too. </para>
<screen format="linespecific">from django.utils.translation import ugettext_lazy as _
def init():
"""Intialize the module."""
menu = cfg.main_menu.get('apps:index')
menu.add_urlname(_('News Feed Reader (Tiny Tiny RSS)'), 'glyphicon-envelope',
'ttrss:index', 600)</screen>
<para>Notice that in this case, we have used the <code>ugettext_lazy</code> and in the first case we have used the regular <code>ugettext</code>. This is because in the second case the <code>gettext</code> lookup is made once and reused for every user looking at the interface. These users may each have a different language set for their interface. Lookup made for one language should not be used for other users. The <code>_lazy</code> method provided by Django makes sure that the return value is an object that will actually be converted to string at the final moment when the string is being displayed. In the first case, the looked is made and string is returned immediately. </para>
<para>All of this is the usual way internationalization is done in Django. See <ulink url="https://docs.djangoproject.com/en/stable/topics/i18n/">Django internationalization and localization</ulink> documentation for more information. </para>
</section>
<section>
<title>Coding standards</title>
<para>For readability and easy collaboration it is important to follow common coding standards. Plinth uses the Python coding standards and uses the <code>pylint</code> and <code>flake8</code> tools to check if the there are any violations. Run these tools on our application and fix any errors and warnings. Better yet, integrate these tools into your favorite IDE for on-the-fly checking. </para>
<para>For the most part, the code we have written so far, is already compliant with the coding standards. This includes variable/method naming, indentation, document strings, comments, etc. One thing we have to add are the module documentation strings. Let us add those. In <code>__init__.py</code> add the top: </para>
<screen format="linespecific">"""
Plinth module to configure Tiny Tiny RSS.
"""</screen>
</section>
</section>
<section>
<title>Reference Guide</title>
<para>This section describes Plinth API that is most frequently used by application. Note that since Plinth is under development and has not yet reached 1.0, this API is subject to change. This is not usually a problem because all the Plinth applications currently reside in Plinth source repository itself and are updated when the API is updated. </para>
<section>
<title>Applications</title>
<para>These methods are optionally provided by the application and Plinth calls/uses them if they are present. </para>
<section>
<title>&lt;application&gt;.init()</title>
<para>Optional. This method is called by Plinth soon after all the applications are loaded. The <code>init()</code> call order guarantees that other applications that this application depends on will be initialized before this application is initialized. </para>
</section>
<section>
<title>&lt;application&gt;.diagnose()</title>
<para>Optional. Called when the user invokes system-wide diagnostics by visiting <code>System -&gt; Diagnositcs</code>. This method must return an array of diagnostic results. Each diagnostic result must be a two-tuple with first element as a string that is shown to the user as name of the test and second element is the result of the test. It must be one of <code>passed</code>, <code>failed</code>, <code>error</code>. Example return value: </para>
<screen format="linespecific">[('Check http://localhost/app is reachable', 'passed'),
('Check configuration is sane', 'passed')]</screen>
</section>
<section>
<title>&lt;appliation&gt;.depends</title>
<para>Optional. This module property must contain a list of all applications that this application depends on. The application is specified as string containing the full module load path. For example, <code>plinth.modules.apps</code>. </para>
</section>
<section>
<title>plinth.package.required(package_list, before_install=None, on_install=on_install)</title>
<para>Make sure that a set of Debian packages are installed before a view can be accessed. If the packages are not currently installed on the system, a special installation view is displayed showing the list of packages to be installed. If the user chooses to proceed, package installation will start and an installation progress screen will be shown. After completion of the installation process, the original view is shown. </para>
<para>The <code>package_list</code> must be an iterable containing the Debian package names as strings. If provided, the <code>before_install</code> callable is called just before the installation process starts. Similarly, <code>on_install</code> callable is called just after the package installation completes. </para>
</section>
</section>
<section>
<title>Actions</title>
<para>Plinth's web front does not directly change any aspect of the underlying operating system. Instead, it calls upon <emphasis>Actions</emphasis>, as shell commands. Actions live in <code>/usr/share/plinth/actions</code> directory. They require no interaction beyond passing command line arguments or taking sensitive arguments via stdin. They change the operation of the services and applications of the FreedomBox and nothing else. These actions are also directly usable by a skilled administrator. </para>
<para>The following methods are provided by Plinth to run actions and to implement them easily by reusing code for common tasks. </para>
<section>
<title>plinth.actions.run(action, options=None, input=None, async=False)</title>
<para>Run an action command present under the <code>actions/</code> directory. This runs <code>subprocess.Popen()</code> after some checks. The action must be present in the actions/ directory. </para>
<para><code>options</code> are a list of additional arguments to pass to the command. If <code>input</code> is given it must be bytearray containing the input to pass on to the executed action. If <code>async</code> is set to True, the method will return without waiting for the command to finish. </para>
</section>
<section>
<title>plinth.actions.superuser_run(action, options=None, input=None, async=False)</title>
<para>This is same as <code>plinth.actions.run()</code> except the command is run with superuser privelages. </para>
</section>
<section>
<title>plinth.action_utils</title>
<para>Several utlities to help with the implementation of actions and diagnotic tests are implemented in this module. Refer to the module source code for a list of these methods and their documentation. </para>
</section>
</section>
<section>
<title>Menus</title>
<section>
<title>plinth.cfg.main_menu</title>
<para>This is a reference to the global main menu. All menu entries in Plinth are decendents of this menu item. See <code>Menu.add_item()</code> and <code>Menu.add_urlname()</code> for adding items to this menu or its children. </para>
</section>
<section>
<title>plinth.menu.Menu.get(self, urlname, url_args=None, url_kwargs=None)</title>
<para>Return a child of this menu item. <code>urlname</code> must be the name of a URL as configured in Django. <code>django.core.urlresolvers.reverse()</code> is called before the lookup for child menu item is performed. <code>url_args</code> and <code>url_kwargs</code> are passed on to <code>reverse()</code>. </para>
</section>
<section>
<title>plinth.menu.Menu.add_item(self, label, icon, url, order=50)</title>
<para>Add a menu item as a child to the current menu item. <code>label</code> is the user visible string shown for the menu item. <code>icon</code> must be a glyphicon class from the Twitter Bootstrap library. <code>url</code> is the relative URL to which this menu item will take the user to. </para>
</section>
<section>
<title>plinth.menu.Menu.add_urlname(self, label, icon, urlname, order=50, url_args=None, url_kwargs=None)</title>
<para>Same as <code>plinth.menu.Menu.add_item()</code> but instead of URL as input it is the name of a URL as configured in Django. <code>django.core.urlresolvers.reverse()</code> is called before it is added to the parent menu item. <code>url_args</code> and <code>url_kwargs</code> are passed on to <code>reverse()</code>. </para>
</section>
</section>
<section>
<title>Services</title>
<section>
<title>plinth.service.Service.__init__(self, service_id, name, ports=None, is_external=False, enabled=True)</title>
<para>Create a new Service object to notify all applications about the existence and status of a given application. <code>service_id</code> is a unique identifier for this application. <code>name</code> is a display name of this application that is shown by other applications such as on the firewall status page. <code>ports</code> is a list of names recognized by firewalld when enabling or disabling firewalld services. If <code>is_external</code> is true, the ports for this service are accessible from external interfaces, that is, from the Internet. Otherwise, the service is only available for client connected via LAN. <code>enabled</code> is the current state of the application. </para>
</section>
<section>
<title>plinth.service.Service.is_enabled(self)</title>
<para>Return whether the service is currently enabled. </para>
</section>
<section>
<title>plinth.service.Service.notify_enabled(self, sender, enabled)</title>
<para>Notify other applications about the change of status of this application. <code>sender</code> object should identify which application made the change. <code>enabled</code> is a boolean that signifies whether the application is enabled (= True) or disabled (= False). </para>
<para>This is typically caught by the firewall application to enable or disable the ports corresponding to an application. </para>
</section>
</section>
</section>
</section>
<section>
<title>Hacking</title>
<para>FreedomBox consists of three main projects: </para>
<itemizedlist>
<listitem>
<para>Plinth, the web interface </para>
</listitem>
<listitem>
<para>FreedomBox Setup, the Debian package to perform initial setup and </para>
</listitem>
<listitem>
<para>Freedom Maker, a script to build disk images for various hardware </para>
</listitem>
</itemizedlist>
<section>
<title>Plinth</title>
<para>Plinth is a web interface to administer the functions of the FreedomBox. </para>
<para>Plinth is <ulink url="https://www.gnu.org/philosophy/">Free Software</ulink> under <ulink url="https://www.gnu.org/licenses/agpl.html">GNU Affero General Public License</ulink> version 3 or (at your option) a later version. </para>
<section>
<title>Using</title>
<itemizedlist>
<listitem>
<para>Plinth comes installed with all FreedomBox images. You can <ulink url="https://wiki.debian.org/FreedomBox/Download#">download</ulink> FreedomBox images and run on any of the supported hardware. Then, you can access Plinth by visiting the URL <ulink url="http://freedombox/plinth"/>. </para>
</listitem>
<listitem>
<para>If you are on a Debian box, you may install Plinth from Debian package archive. Currently, only Stretch (testing) and Sid (unstable) are supported. To install Plinth run: </para>
</listitem>
</itemizedlist>
<screen format="linespecific">$ sudo apt-get install plinth</screen>
<itemizedlist>
<listitem>
<para>You can also get Plinth from its <ulink url="https://github.com/freedombox/Plinth">Git repository</ulink> and <ulink url="https://github.com/freedombox/Plinth/blob/master/INSTALL">install from source</ulink>. </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Screenshots</title>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Plinth?action=AttachFile&amp;do=get&amp;target=about.png">
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/about.png" width="150pt"/>
</imageobject>
<textobject>
<phrase>About Page</phrase>
</textobject>
</inlinemediaobject>
</ulink>
<ulink url="https://wiki.debian.org/FreedomBox/Plinth?action=AttachFile&amp;do=get&amp;target=tor.png">
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/tor.png" width="150pt"/>
</imageobject>
<textobject>
<phrase>Enabling Tor Hidden Services</phrase>
</textobject>
</inlinemediaobject>
</ulink>
<ulink url="https://wiki.debian.org/FreedomBox/Plinth?action=AttachFile&amp;do=get&amp;target=emailclient.png">
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/emailclient.png" width="150pt"/>
</imageobject>
<textobject>
<phrase>Setting up Email Client</phrase>
</textobject>
</inlinemediaobject>
</ulink>
<ulink url="https://wiki.debian.org/FreedomBox/Plinth?action=AttachFile&amp;do=get&amp;target=newsfeed.png">
<inlinemediaobject>
<imageobject>
<imagedata fileref="images/newsfeed.png" width="150pt"/>
</imageobject>
<textobject>
<phrase>Newsfeed from anywhere</phrase>
</textobject>
</inlinemediaobject>
</ulink>
</para>
</section>
<section>
<title>Support</title>
<para>You may ask for support on </para>
<itemizedlist>
<listitem>
<para>
<ulink url="https://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss#">The mailing list</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="irc://irc.debian.org/freedombox">#freedombox IRC channel</ulink>
</para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Contributing</title>
<para>We are looking for help to improve Plinth. You can contribute to Plinth by not just by coding but also by translating, documenting, designing, packaging and providing support. </para>
<itemizedlist>
<listitem>
<para>Instructions on how to <ulink url="https://wiki.debian.org/FreedomBox/Contribute/Code#">contribute code</ulink> are available. </para>
</listitem>
<listitem>
<para>The primary Git repository is hosted at <ulink url="https://github.com/freedombox/Plinth">FreedomBox GitHub Page</ulink>. </para>
</listitem>
<listitem>
<para>Instructions for <ulink url="https://github.com/freedombox/Plinth/blob/master/INSTALL">installing from source</ulink> and <ulink url="https://github.com/freedombox/Plinth/blob/master/HACKING">hacking the source</ulink> are available. </para>
</listitem>
<listitem>
<para>List of bugs, TODO items and feature requests are available on the <ulink url="https://github.com/freedombox/Plinth/issues">issue tracker</ulink>. </para>
</listitem>
<listitem>
<para>Before contributing to Plinth code, you need understand <ulink url="https://www.python.org/">Python</ulink> and <ulink url="https://www.djangoproject.com/">Django</ulink> on top which it is built. </para>
</listitem>
<listitem>
<para>You can request for development assistance on <ulink url="https://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss#">the mailing list</ulink> or the <ulink url="irc://irc.debian.org/freedombox">#freedombox IRC channel</ulink>. </para>
</listitem>
</itemizedlist>
<section>
<title>Debian Package</title>
<itemizedlist>
<listitem>
<para>Plinth is <ulink url="https://packages.debian.org/plinth#">packaged</ulink> for Debian. </para>
</listitem>
<listitem>
<para>Packaging project is on <ulink url="https://alioth.debian.org/projects/freedombox#">Alioth</ulink> along with <ulink url="https://anonscm.debian.org/cgit/freedombox/plinth.git#">sources</ulink>. </para>
</listitem>
<listitem>
<para>Issues related to packaging are listed on <ulink url="https://bugs.debian.org/plinth#">Debian BTS</ulink>. </para>
</listitem>
</itemizedlist>
</section>
</section>
</section>
<section>
<title>FreedomBox Setup</title>
<para>FreedomBox Setup is a Debian package for setting up the FreedomBox. If you <ulink url="https://wiki.debian.org/FreedomBox/Download#">download and use pre-built images</ulink> you don't have to worry about this package. </para>
<para>FreedomBox Setup is responsible for setting up basic networking, web server, user accounts, installing essential packages etc. It performs first part of the setup during the image build process. Later, when the image is booted for the first time on actual hardware (or on a virtual machine), it does the remaining setup and then reboots the machine. It also comes with a diagnostic script to check if the FreedomBox Setup is running as expected. </para>
<para>FreedomBox Setup is <ulink url="https://www.gnu.org/philosophy/">Free Software</ulink> licensed under <ulink url="https://www.gnu.org/licenses/gpl.html">GNU General Public License</ulink> version 3 or (at your option) a later version. </para>
<section>
<title>Using</title>
<itemizedlist>
<listitem>
<para>FreedomBox Setup comes installed with all FreedomBox images. You can <ulink url="https://wiki.debian.org/FreedomBox/Download#">download</ulink> FreedomBox images and run on any of the supported hardware. </para>
</listitem>
<listitem>
<para>If you are on a Debian box, you may install FreedomBox Setup from Debian package archive. This essentially turns your Debian installation into a FreedomBox! Currently, only Sid (unstable) is supported. To install FreedomBox Setup, see <ulink url="https://wiki.debian.org/FreedomBox/Hardware/Debian#">instructions</ulink> on setting up FreedomBox on a Debian machine. </para>
</listitem>
<listitem>
<para>You can also get FreedomBox Setup from its <ulink url="https://anonscm.debian.org/cgit/freedombox/freedombox-setup.git">Git repository</ulink> and <ulink url="https://anonscm.debian.org/cgit/freedombox/freedombox-setup.git/tree/README">build Debian package from source</ulink>. </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Support</title>
<para>You may ask for support on </para>
<itemizedlist>
<listitem>
<para>
<ulink url="http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss">The mailing list</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="irc://irc.debian.org/freedombox">#freedombox IRC channel</ulink>
</para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Contributing</title>
<para>We are looking for help to improve FreedomBox Setup. </para>
<itemizedlist>
<listitem>
<para>Instructions on how to <ulink url="https://wiki.debian.org/FreedomBox/Contribute/Code#">contribute code</ulink> are available. </para>
</listitem>
<listitem>
<para>FreedomBox Setup is part of the <ulink url="https://alioth.debian.org/projects/freedombox/">FreedomBox Alioth Project</ulink>. </para>
</listitem>
<listitem>
<para>List of bugs, TODO items, packages issues and feature requests are available on the <ulink url="https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=freedombox-setup">issue tracker</ulink>. </para>
</listitem>
<listitem>
<para>You can request for development assistance on <ulink url="http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss">the mailing list</ulink> or the <ulink url="irc://irc.debian.org/freedombox">#freedombox IRC channel</ulink>. </para>
</listitem>
<listitem>
<para>See <ulink url="https://tracker.debian.org/pkg/freedombox-setup">Debian tracker</ulink> for information on Debian package. FreedomBox Setup is a Debian native package meaning it is primarily built for Debian and comes with Debian packaging scripts in its repository. </para>
</listitem>
</itemizedlist>
</section>
</section>
<section>
<title>Freedom Maker</title>
<para>Freedom Maker is a script to build FreedomBox disk images for use on various hardware devices or virtual machines. </para>
<para>Freedom Maker can currently build FreedomBox disk images for the following: </para>
<itemizedlist>
<listitem>
<para>
<ulink url="https://en.wikipedia.org/wiki/OLinuXino#A20-OlinuXino-LIME">A20-OlinuXino-LIME</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="https://en.wikipedia.org/wiki/OLinuXino#A20-OlinuXino-LIME2">A20-OlinuXino-LIME2</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="https://en.wikipedia.org/wiki/OLinuXino#A20-OLinuXino-MICRO">A20-OLinuXino-MICRO</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="https://en.wikipedia.org/wiki/BeagleBoard#BeagleBone">BeagleBone</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="https://en.wikipedia.org/wiki/Cubieboard#Cubietruck_.28Cubieboard3.29">Cubietruck</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="https://en.wikipedia.org/wiki/Cubieboard#Cubieboard2">Cubieboard2</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="https://en.wikipedia.org/wiki/DreamPlug">DreamPlug</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="https://en.wikipedia.org/wiki/Raspberry_Pi">Raspberry Pi</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="https://en.wikipedia.org/wiki/Raspberry_Pi">Raspberry Pi 2 (also works on 3)</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="https://en.wikipedia.org/wiki/VirtualBox">VirtualBox</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="https://en.wikipedia.org/wiki/QEMU">QEMU</ulink>
</para>
</listitem>
<listitem>
<para>Other virtual machines (using raw disk images) </para>
</listitem>
</itemizedlist>
<para>It relies on the <ulink url="http://liw.fi/vmdebootstrap/">vmdebootstrap</ulink> project actually create images. If a hardware platform is capable of running Debian, it should not be too much effort adopt Freedom Maker to create <ulink url="https://wiki.debian.org/FreedomBox#">FreedomBox</ulink> images for the platform. </para>
<para>Freedom Maker is <ulink url="https://www.gnu.org/philosophy/">Free Software</ulink> licensed under <ulink url="https://www.gnu.org/licenses/gpl.html">GNU General Public License</ulink> version 3 or (at your option) a later version. </para>
<section>
<title>Building FreedomBox Images</title>
<itemizedlist>
<listitem>
<para>You can get Freedom Maker from its <ulink url="https://alioth.debian.org/anonscm/git/freedombox/freedom-maker.git">Git repository</ulink> and follow the instructions in the README to <ulink url="https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=freedombox/freedom-maker.git;a=blob;f=README">build a FreedomBox image</ulink>. </para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Support</title>
<para>You may ask for support on </para>
<itemizedlist>
<listitem>
<para>
<ulink url="http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss">The mailing list</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="irc://irc.debian.org/freedombox">#freedombox IRC channel</ulink>
</para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Contributing</title>
<para>We are looking for help to improve Freedom Maker. </para>
<itemizedlist>
<listitem>
<para>Instructions on how to <ulink url="https://wiki.debian.org/FreedomBox/Contribute/Code#">contribute code</ulink> are available. </para>
</listitem>
<listitem>
<para>Freedom Maker is hosted on <ulink url="https://alioth.debian.org/projects/freedombox/">FreedomBox Alioth Portal</ulink>. The primary Git repository is hosted <ulink url="https://alioth.debian.org/anonscm/git/freedombox/freedom-maker.git">there</ulink>. </para>
</listitem>
<listitem>
<para>Freedom Maker is also hosted on <ulink url="https://github.com/freedombox/freedom-maker">FreedomBox GitHub Page</ulink>. Pull requests are accepted there. </para>
</listitem>
<listitem>
<para>You can contribute to FreedomBox by adding support for more hardware platforms. Freedom Maker can be easily adopted to newer platforms if they already support running Debian. </para>
</listitem>
<listitem>
<para>You can create and test images with Freedom Maker regularly to test for new features and check for regressions. </para>
</listitem>
<listitem>
<para>List of bugs, TODO items and feature requests are available on the <ulink url="https://github.com/freedombox/freedom-maker/issues">issue tracker</ulink>. </para>
</listitem>
<listitem>
<para>You can request for development assistance on <ulink url="http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss">the mailing list</ulink> or the <ulink url="irc://irc.debian.org/freedombox">#freedombox IRC channel</ulink>. </para>
</listitem>
</itemizedlist>
</section>
</section>
</section>
<section>
<title>Tell people around you</title>
<itemizedlist>
<listitem>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Press#">FreedomBox in the Press</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/Conferences#">Conferences</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="https://wiki.debian.org/FreedomBox/TalksAndPresentations#">Talks and presentations</ulink>
</para>
<itemizedlist>
<listitem>
<para><ulink url="https://wiki.debian.org/FreedomBox/TalksAndPresentations/AvailableMaterial#">Available Material</ulink> Slides and other raw material </para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
<ulink url="http://www.facebook.com/freedomboxfoundation">Facebook</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="http://twitter.com/#!/FreedomBoxFndn">Twitter</ulink>
</para>
</listitem>
<listitem>
<para>
<ulink url="http://meetings-archive.debian.net/pub/debian-meetings/2011/debconf11/low/">Debconf11 Videos</ulink>
</para>
</listitem>
</itemizedlist>
</section>
</article>
Reference in New Issue View Git Blame Copy Permalink