* Use Mail-in-a-Box driver
We're using the user's own credentials to authenticate themselves.
There are some issues if we release as-is:
* Only usable if the user in question is an admin
* Cannot be used if the user has 2FA enabled
* daemon: Add selective gatekeeper
* Allows us to give access to features for logged in, non-admin users
* Allow non-admins to change their own password
* Begin password management self service, frontend
* Allow all users to enable 2FA
* Password change front-end form
* Self password change front-end functionality
* Force logout after successful password change
* Clear fields after successful password change, also fix error modal
A previous commit (0a970f4bb2) broke nsd restarting. This fixes that change by reverting it.
Josh added: Use nsd-control with reconfig and reload if they succeed and only fall back to restarting nsd if they fail
Co-authored-by: Joshua Tauberer <jt@occams.info>
I am not sure if this was the problem but nsd didn't serve updated zonefiles on my box and 'service nsd restart' must have been used, so maybe it doesn't reload zones.
* Vagrantfile: Add Ubuntu 22.04 image
* Recognize Ubuntu 22.04 as supported
* Bump nextcloud to v24.0.0
* Bump Roundcube to 1.6-beta
Still waiting for the final release to come out
* Fix version checking functions
* NextCloud fixes
* Update Roundcube config
* Bump roundcube to 1.6-rc
* FIx nextcloud installation step
* rcm: Update CardDAV plugin to v4.4.0 (Guzzle v7)
* Fix STORAGE_ROOT permissions
* Update RC CardDAV plugin to v4.4.1
* Unpin b2sdk for Ubuntu 22.04
* Comment fix
* Drop support for Debian 10 from this point forward
* Software Updates
* Nextcloud: 24.0.2
* Nextcloud Calendar: 3.4.2
* Roundcube CardDAV: 4.4.2
* Update Roundcube to v1.6.0
* Update Nextcloud to v24.0.3
* Contacts to v4.2.0
* Upgrade Nextcloud to v24.0.4
* Calendar to v3.5.0
Webmail:
* CardDAV to v4.4.3
* Add the PHP PPA.
* Specify the version when invoking the php CLI.
* Specify the version in package names.
* Update paths to 8.0 (using a variable in the setup scripts).
* Update z-push's php-xsl dependency to php8.0-xml.
* php-json is now built-into PHP.
Although PHP 8.1 is the stock version in Ubuntu 22.04, it's not supported by Nextcloud yet, and it likely will never be supported by the the version of Nextcloud that succeeds the last version of Nextcloud that supports PHP 7.2, and we have to install the next version so that an upgrade is permitted, so skipping to PHP 8.1 may not be easily possible.
* certbot's PPA is no longer needed because a recent version is now included in the Ubuntu respository.
* Un-pin b2sdk (reverts 69d8fdef99 and d829d74048).
* Revert boto+s3 workaround for duplicity (partial revert of 99474b348f).
* Revert old "fix boto 2 conflict on Google Compute Engine instances" (cf33be4596) which is probably no longer needed.
The resolve method disables resolving relative names by default. This change probably makes a7710e90 unnecessary. @JoshData added some additional changes from query to resolve.
We were using duplicity 0.8.21-ppa202111091602~ubuntu1 from the duplicity PPA probably until June 5, which is when my box automatically updated to 0.8.23-ppa202205151528~ubuntu18.04.1. Starting with that version, two changes broke backups:
* The default s3 backend was changed to boto3. But boto3 depends on the AWS SDK which does not support Ubuntu 18.04, so we can't install it. Instead, we map s3: backup target URLs to the boto+s3 scheme which tells duplicity to use legacy boto. This should be reverted when we can switch to boto3.
* Contrary to the documentation, the s3 target no longer accepts a S3 hostname in the URL. It now reads the bucket from the hostname part of the URL. So we now drop the hostname from our target URL before passing it to duplicity and we pass the endpoint URL in a separate command-line argument. (The boto backend was dropped from duplicity's "uses_netloc" in 74d4cf44b1 (f5a07610d36bd242c3e5b98f8348879a468b866a_37_34), but other changes may be related.)
The change of target URL (due to both changes) seems to also cause duplicity to store cached data in a different directory within $STORAGE_ROOT/backup/cache, so on the next backup it will re-download cached manifest/signature files. Since the cache directory will still hold the prior data which is no longer needed, it might be a good idea to clear out the cache directory to save space. A system status checks message is added about that.
Fixes#2123
It is not strictly required for us to have sshd installed,
for example on baremetal machines where shell access
is physical-only.
Instead we'll skip certain tasks that depend on sshd if
it is not installed.
When building the part of the report about the current DS records founded, they are added in the same order as they were received when calling query_dns(), which can differ from run to run. This was making the difflib.SequenceMatcher() method to find the same line removed and added one line later, and sending an Status Checks Change Notice email with the same line added and removed when there was actually no real changes.
