Categories
Debian FreedomBox

What’s New for FreedomBox in Debian 13 “trixie”

FreedomBox is a Debian blend that makes it easier to run your own server. Approximately every two years, there is a new stable release of Debian. This year’s release will be called Debian 13 "trixie".

This post will provide an overview of changes between FreedomBox 23.6 (the version that shipped in Debian 12 "bookworm") and 25.5 (the latest release). Note: Debian 13 "trixie" is not yet released, so things may still change, be added or removed, before the official release.

General

  • A number of translations were updated, including Albanian, Arabic, Belarusian, Bulgarian, Chinese (Simplified Han script), Chinese (Traditional Han script), Czech, Dutch, French, German, Hindi, Japanese, Norwegian BokmÃ¥l, Polish, Portuguese, Russian, Spanish, Swedish, Telugu, Turkish, and Ukrainian.
  • Fix cases where a package or service is used by multiple apps, so that disabling or uninstalling one app does not affect the other app.
  • When uninstalling an app, purge the packages, to remove all data and configuration.
  • For configuration files that need to be placed into folders owned by other packages, we now install these files under /usr/share/freedombox/etc/, and create a symbolic link to the other package’s configuration folder. This prevents the files being lost when other packages are purged.
  • Add an action to re-run the setup process for an app. This can fix many of the possible issues that occur.
  • Various improvements related to the "force upgrade" feature, which handles upgrading packages with conffile prompts.
  • Fix install/uninstall issues for apps that use MySQL database (WordPress, Zoph).
  • Improve handling of file uploads (Backups, Feather Wiki, Kiwix).
  • Switch to Bootstrap 5 front-end framework.
  • Removed I2P app, since the i2p package was removed from Debian.
  • Various user interface changes, including:
    • Add tags for apps, replacing short descriptions. When a tag is clicked, search and filter for one or multiple tags.
    • Organize the System page into sections.
    • Add breadcrumbs for page hierarchy navigation.
    • Add next steps page after initial FreedomBox setup.

Diagnostics

  • Add diagnostic checks to detect common errors.
  • Add diagnostics daily run, with notifications about failures.
  • Add Repair action for failed diagnostics, and option for automatic repairs.

Name Services

  • Move hostname and domain name configuration to Names page.
  • Support multiple static and/or dynamic domains.
  • Use systemd-resolved for DNS resolution.
  • Add options for setting global DNS-over-TLS and DNSSEC preferences.

Networks

  • Add more options for IPv6 configuration method.
  • Overhaul Wi-Fi networks scan page.

Privacy

  • Add option to disable fallback DNS servers.
  • Add option to set the lookup URL to get the public IP address of the FreedomBox.

Users and Groups

  • Delete or move home folder when user is deleted or renamed.
  • When a user is inactivated, also inactivate the user in LDAP.

Deluge

  • This BitTorrent client app should be available once again in Debian 13 "trixie".

Ejabberd

  • Turn on Message Archive Management setting by default, to help various XMPP clients use it.

Feather Wiki

  • Add new app for note taking.
  • This app lives in a single HTML file, which is downloaded from the FreedomBox website.

GitWeb

  • Disable snapshot feature, due to high resource use.
  • Various fixes for repository operations.

GNOME

  • Add new app to provide a graphical desktop environment.
  • Requires a monitor, keyboard, and mouse to be physically connected to the FreedomBox.
  • Not suitable for low-end hardware.

ikiwiki

  • Disable discussion pages by default for new wiki/blog, to avoid spam.

Kiwix

  • Add new app for offline reader of Wikipedia and other sites.

Matrix Synapse

  • Add an option for token-based registration verification, so that users signing up for new accounts will need to provide a token during account registration.

MediaWiki

  • Allow setting the site language code.
  • Increase PHP maximum execution time to 100 seconds.

MiniDLNA

  • Add media directory selection form.

Miniflux

  • Add new app for reading news from RSS/ATOM feeds.

Nextcloud

  • Add new app for file sync and collaboration.
  • Uses a Docker container maintained by the Nextcloud community. The container is downloaded from FreedomBox container registry.

OpenVPN

  • Renew server/client certificates, and set expiry to 10 years.

Postfix/Dovecot

  • Fix DKIM signing.
  • Show DNS entries for all domains.

Shadowsocks Server

  • Add new app for censorship resistance, separate from Shadowsocks Client app.

SOGo

  • Add new app for groupware (webmail, calendar, tasks, and contacts).
  • Works with Postfix/Dovecot email server app.

TiddlyWiki

  • Add new app for note taking.
  • This app lives in a single HTML file, which is downloaded from the FreedomBox website.

Tor Proxy

  • Add new app for Tor SOCKS proxy, separate from Tor app.

Transmission

  • Allow remote user interfaces to connect.

Conclusion

Over the past two years, FreedomBox has been increasing the number of features and applications available to its users. We have also focused on improving the reliability of the system, detecting unexpected situations, and providing means to return to a known good state. With these improvements, FreedomBox has become a good solution for people with limited time or energy to set up and start running a personal server, at home or in the cloud.

Looking forward, we would like to focus on making more powerful hardware available with FreedomBox pre-installed and ready to be used. This hardware would also support larger storage devices, making it suitable as a NAS or media server. We are also very interested in exploring new features such as atomic updates, which will further enhance the reliability of the system.

Categories
Debian

snac2: a minimalist ActivityPub server in Debian

snac2, currently available in Debian testing and unstable, is described by its upstream as “A simple, minimalistic ActivityPub instance written in portable C.” It provides an ActivityPub server with a bare-bones web interface. It does not use JavaScript or require a database.

Basic forms for creating a new post, or following someone

ActivityPub is the protocol for federated social networks that is implemented by Mastodon, Pleroma, and other similar server software. Federated social networks are most often used for “micro-blogging”, or making many small posts. You can decide to follow another user (or bot) to see their posts, even if they happen to be on a different server (as long as the server software is compatible with the ActivityPub standard).

The timeline shows posts from accounts that you follow

In addition, snac2 has preliminary support for the Mastodon Client API. This allows basic support for mobile apps that support Mastodon, but you should expect that many features are not available yet.

If you are interested in running a minimalist ActivityPub server on Debian, please try out snac2, and report any bugs that you find.

Categories
FreedomBox

FreedomBox backport automatic update issue

When run on Debian stable, FreedomBox has an optional feature called “Frequent Feature Updates”. If this feature is enabled, it has 2 effects:

  1. The stable-backports repository is added to the system.
  2. Apt pinning is configured so that FreedomBox itself, and a small number of other carefully selected packages, will be kept updated to the latest version available in the backports repository.

However for bookworm-backports, there was a small change in the repository for bookworm-backports, which meant that our approach to apt pinning was no longer correct. The change is a difference between the repository’s “Suite” and “Codename”. For bullseye-backports, these were the same, but for bookworm-backports, they are now different (stable-backports vs bookworm-backports). The issue is described in [1].

The result is that a FreedomBox on the current Debian stable release, bookworm, will not automatically upgrade to new versions in bookworm-backports, even if the “Frequent Feature Updates” option is selected. The fix for a issue is a very small change to two configuration files (for apt and unattended-upgrades), so that they refer to the Codename instead of the Suite. (See [2] for details.)

So far, the fixed version of the freedombox package, 23.14~bpo12+1, is available in bookworm-backports. For FreedomBox users who would like to get the newer versions right away, you can get the latest package installed by running the following command through SSH or Cockpit’s terminal:

$ sudo apt install -t bookworm-backports freedombox

We are also planning to update the version of FreedomBox in bookworm to have the fix. Once this update is available, then running the above command won’t be necessary to receive FreedomBox feature updates.

[1] https://salsa.debian.org/freedombox-team/freedombox/-/issues/2368

[2] https://salsa.debian.org/freedombox-team/freedombox/-/merge_requests/2409

Categories
FreedomBox

A look back at FreedomBox project in 2022

This post is very late, but better late than never! I want to take a look back at the work that was done on FreedomBox during 2022.

Several apps were added to FreedomBox in 2022. The email server app (that was developed by a Google Summer of Code student back in 2021) was finally made available to the general audience of FreedomBox users. You will find it under the name “Postfix/Dovecot”, which are the main services configured by this app.

Another app that was added is Janus, which has the description “video room”. It is called “video room” instead of “video conference” because the room itself is persistent. People can join the room or leave, but there isn’t a concept of “calling” or “ending the call”. Actually, Janus is a lightweight WebRTC server that can be used as a backend for many different types of applications. But as implemented currently, there is just the simple video room app. In the future, more advanced apps such as Jangouts may be packaged in Debian and made available to FreedomBox.

RSS-Bridge is an app that generates RSS feeds for websites that don’t provide their own (for example, YouTube). It can be used together with any RSS news feed reader application, such as TT-RSS which is also available in FreedomBox.

There is now a “Privacy” page in the System menu, which allows enabling or disabling the Debian “popularity-contest” tool. If enabled, it reports the Debian packages that are installed on the system. The results can be seen at https://popcon.debian.org, which currently shows over 400 FreedomBoxes are reporting data.

A major feature added to FreedomBox in 2022 is the ability to uninstall apps. This feature is still considered experimental (it won’t work for every app), but many issues have been fixed already. There is an option to take a backup of the app’s data before uninstalling. There is also now an “operations queue” in case the user starts multiple install or uninstall operations concurrently.

XEP-0363 (HTTP File Upload) has been enabled for Ejabberd Chat Server. This allows files to be transferred between XMPP clients that support this feature.

There were a number of security improvements to FreedomBox, such as adding fail2ban jails for Dovecot, Matrix Synapse, and WordPress. Firewall rules were added to ensure that authentication and authorization for services proxied through Apache web server cannot be bypassed by programs running locally on the system. Also, we are no longer using libpam-tmpdir to provide temporary folder isolation, because it causes issues for several packages. Instead we use systemd’s sandboxing features, which provide even better isolation for services.

Some things were removed in 2022. The ez-ipupdate package is no longer used for Dynamic DNS, since it is replaced by a Python implementation of GnuDIP. An option to restrict who can log in to the system was removed, due to various issues that arose from it. Instead there is an option to restrict who can login through SSH. The DNSSEC diagnostic test was removed, because it caused confusion for many users (although use of DNSSEC is still recommended).

Finally, some statistics. There were 31 releases in 2022 (including
point releases). There were 68 unique contributors to the git
repository; this includes code contributions and translations (but not
contributions to the manual pages). In total, there were 980 commits to the git repository.

Categories
Debian FreedomBox

File sharing with bepasty

One of the apps running on my FreedomBox that I use frequently is bepasty. bepasty is essentially a self-hosted, free software pastebin. It allows you to paste text, or upload any type of file. You can also set an expiration date for when the file or text will automatically be deleted. If you are uploading multiple related files, you can organize them into a list.

bepasty does not have user accounts. Instead, it has shared passwords, where each password is linked to a set of permissions. There are five permissions: Read, List, Create, Delete, and Admin. (The meanings are mostly straightforward, except for Admin, which means the ability to lock and unlock files.) This allows very fine-grained control. For example, if you want someone to be able to upload files to your bepasty, but not view or download anything, than you can generate a password with only the “Create” permission, and give this password to the person who will be uploading files.

To simplify the initial setup in FreedomBox, we generate three passwords by default: one for viewers (List and Read), one for editors (List, Read, Create, and Delete), and one for admins (all permissions). In addition, when no password has been provided, the Read (but not List) permission is provided by default. This allows files to be easily shared by sending just their URLs (and no password required). The URLs contain some random characters, so it is not easy to guess.

I mostly use bepasty for moving files between systems, whether its a physical machine or VPS, or a VM or container that I will use only briefly. Especially in the latter case, it’s nice that I don’t need to do any extra setup (such as copying SSH keys) before I copy my files over.

The bepasty package is available in Debian stable (with a newer version in stable-backports and testing). The many use-cases that it provides, and the well-maintained Debian packaging, made it a compelling choice for integration into FreedomBox, which has included bepasty for one-click installation since version 20.14.

Categories
Debian FreedomBox

FreedomBox Packages in Debian

FreedomBox is a Debian pure blend that reduces the effort needed to run and maintain a small personal server. Being a “pure blend” means that all of the software packages which are used in FreedomBox are included in Debian. Most of these packages are not specific to FreedomBox: they are common things such as Apache web server, firewalld, slapd (LDAP server), etc. But there are a few packages which are specific to FreedomBox: they are named freedombox, freedombox-doc-en, freedombox-doc-es, freedom-maker, fbx-all and fbx-tasks.

freedombox is the core package. You could say, if freedombox is installed, then your system is a FreedomBox (or a derivative). It has dependencies on all of the packages that are needed to get a FreedomBox up and running, such as the previously mentioned Apache, firewalld, and slapd. It also provides a web interface for the initial setup, configuration, and installing apps. (The web interface service is called “Plinth” and is written in Python using Django framework.) The source package of freedombox also builds freedombox-doc-en and freedombox-doc-es. These packages install the FreedomBox manuals for English and Spanish, respectively.

freedom-maker is a tool that is used to build FreedomBox disk images. An image can be copied to a storage device such as a Solid State Disk (SSD), eMMC (internal flash memory chip), or a microSD card. Each image is meant for a particular hardware device (or target device), or a set of devices. In some cases, one image can be used across a wide range of devices. For example, the amd64 image is for all 64-bit x86 architecture machines (including virtual machines). The arm64 image is for all 64-bit ARM machines that support booting a generic image using UEFI.

fbx-all and fbx-tasks are special metapackages, both built from a single source package named debian-fbx. They are related to tasksel, a program that displays a curated list of packages that can be installed, organized by interest area. Debian blends typically provide task files to list their relevant applications in tasksel. fbx-tasks only installs the tasks for FreedomBox (without actually installing FreedomBox). fbx-all goes one step further and also installs freedombox itself. In general, FreedomBox users won’t need to interact with these two packages.

Links: