def set_restricted_access(enabled):
"""Enable or disable restricted access"""
action = 'disable-restricted-access'
if enabled:
action = 'enable-restricted-access'
actions.superuser_run('security', [action])
def _apply_changes(request, old_status, new_status):
"""Apply the changes"""
modified = False
if old_status['enabled'] != new_status['enabled']:
sub_command = 'enable' if new_status['enabled'] else 'disable'
actions.superuser_run('transmission', [sub_command])
transmission.service.notify_enabled(None, new_status['enabled'])
modified = True
if old_status['download_dir'] != new_status['download_dir'] or \
old_status['rpc_username'] != new_status['rpc_username'] or \
old_status['rpc_password'] != new_status['rpc_password']:
new_configuration = {
'download-dir': new_status['download_dir'],
'rpc-username': new_status['rpc_username'],
'rpc-password': new_status['rpc_password'],
}
actions.superuser_run('transmission', ['merge-configuration'],
input=json.dumps(new_configuration).encode())
modified = True
if modified:
messages.success(request, _('Configuration updated'))
else:
messages.info(request, _('Setting unchanged'))
def save(self, commit=True):
"""Save the user model and create LDAP user if required."""
user = super(CreateUserForm, self).save(commit)
if commit:
try:
actions.superuser_run(
'ldap',
['create-user', user.get_username()],
input=self.cleaned_data['password1'].encode())
except ActionError:
messages.error(self.request,
_('Creating LDAP user failed.'))
for group in self.cleaned_data['groups']:
try:
actions.superuser_run(
'ldap',
['add-user-to-group', user.get_username(), group])
except ActionError:
messages.error(
self.request,
_('Failed to add new user to %s group.') % group)
group_object, created = Group.objects.get_or_create(name=group)
group_object.user_set.add(user)
return user
def save(self, commit=True):
"""Set hostname, create and login the user"""
config.set_hostname(self.cleaned_data['hostname'])
user = super(State0Form, self).save(commit=False)
user.set_password(self.cleaned_data['password'])
if commit:
user.save()
try:
actions.superuser_run(
'ldap',
['create-user', user.get_username()],
input=self.cleaned_data['password'].encode())
except ActionError:
messages.error(self.request,
_('Creating LDAP user failed.'))
try:
actions.superuser_run(
'ldap',
['add-user-to-group', user.get_username(), 'admin'])
except ActionError:
messages.error(self.request,
_('Failed to add new user to admin group.'))
# Create initial Django groups
for group_choice in GROUP_CHOICES:
auth.models.Group.objects.get_or_create(name=group_choice[0])
admin_group = auth.models.Group.objects.get(name='admin')
admin_group.user_set.add(user)
self.login_user()
return user
def _apply_changes(request, old_status, new_status):
"""Apply the form changes."""
if old_status['auto_upgrades_enabled'] \
== new_status['auto_upgrades_enabled']:
messages.info(request, _('Setting unchanged'))
return
if new_status['auto_upgrades_enabled']:
option = 'enable-auto'
else:
option = 'disable-auto'
try:
actions.superuser_run('upgrades', [option])
except ActionError as exception:
error = exception.args[2]
messages.error(
request, _('Error when configuring unattended-upgrades: %s') %
error)
return
if option == 'enable-auto':
messages.success(request, _('Automatic upgrades enabled'))
else:
messages.success(request, _('Automatic upgrades disabled'))
def on_install():
"""Setup Tor configuration as soon as it is installed."""
actions.superuser_run('tor', ['setup'])
actions.superuser_run('tor',
['configure', '--apt-transport-tor', 'enable'])
tor.socks_service.notify_enabled(None, True)
tor.bridge_service.notify_enabled(None, True)
def on_install():
"""Enable transmission as soon as it is installed."""
new_configuration = {"rpc-whitelist-enabled": False}
actions.superuser_run("transmission", ["merge-configuration"], input=json.dumps(new_configuration).encode())
actions.superuser_run("transmission", ["enable"])
transmission.service.notify_enabled(None, True)
def set_domainname(domainname):
"""Sets machine domain name to domainname"""
old_domainname = get_domainname()
# Domain name should be ASCII. If it's unicode, convert to ASCII.
domainname = str(domainname)
LOGGER.info('Changing domain name to - %s', domainname)
actions.superuser_run('domainname-change', [domainname])
domainname_change.send_robust(sender='config',
old_domainname=old_domainname,
new_domainname=domainname)
# Update domain registered with Name Services module.
domain_removed.send_robust(sender='config', domain_type='domainname')
if domainname:
try:
domainname_services = firewall.get_enabled_services(
zone='external')
except actions.ActionError:
# This happens when firewalld is not installed.
# TODO: Are these services actually enabled?
domainname_services = [service[0] for service in SERVICES]
domain_added.send_robust(sender='config', domain_type='domainname',
name=domainname, description=_('Domain Name'),
services=domainname_services)
def _apply_changes(request, old_status, new_status):
"""Apply the form changes"""
if old_status['hostname'] != new_status['hostname']:
try:
set_hostname(new_status['hostname'])
except Exception as exception:
messages.error(request, _('Error setting hostname: %s') %
exception)
else:
messages.success(request, _('Hostname set'))
else:
messages.info(request, _('Hostname is unchanged'))
if old_status['domainname'] != new_status['domainname']:
try:
set_domainname(new_status['domainname'])
except Exception as exception:
messages.error(request, _('Error setting domain name: %s') %
exception)
else:
messages.success(request, _('Domain name set'))
else:
messages.info(request, _('Domain name is unchanged'))
if old_status['time_zone'] != new_status['time_zone'] and \
new_status['time_zone'] != 'none':
try:
actions.superuser_run('timezone-change', [new_status['time_zone']])
except Exception as exception:
messages.error(request, _('Error setting time zone: %s') %
exception)
else:
messages.success(request, _('Time zone set'))
else:
messages.info(request, _('Time zone is unchanged'))
def toggle_hooks(request, domain):
"""Toggle pointing of certbot's hooks to Plinth, for the current domain."""
manage_hooks_status = letsencrypt.get_manage_hooks_status()
subcommand = 'disable' if 'enabled' in manage_hooks_status else 'enable'
try:
if subcommand == 'disable':
enabled_modules = [module for module in
letsencrypt.MODULES_WITH_HOOKS
if module in manage_hooks_status]
for module in enabled_modules:
actions.superuser_run(module, ['letsencrypt', 'drop'],
async=True)
actions.superuser_run('letsencrypt', ['manage_hooks', subcommand])
if subcommand == 'enable':
msg = _('Certificate renewal management enabled for {domain}.')\
.format(domain=domain)
else:
msg = _('Certificate renewal management disabled for {domain}.')\
.format(domain=domain)
messages.success(request, msg)
except ActionError as exception:
messages.error(
request,
_('Failed to switch certificate renewal management for {domain}: '
'{error}').format(domain=domain, error=exception.args[2]))
return redirect(reverse_lazy('letsencrypt:index'))
def is_package_manager_busy():
"""Return whether a package manager is running."""
try:
actions.superuser_run('packages', ['is-package-manager-busy'])
return True
except actions.ActionError:
return False
def toggle_module(request, domain, module):
"""Toggle usage of LE cert for a module name, for the current domain."""
manage_hooks_status = letsencrypt.get_manage_hooks_status()
enabled_modules = [module for module in letsencrypt.MODULES_WITH_HOOKS
if module in manage_hooks_status]
if module in enabled_modules:
mod_le_arg = 'drop'
enabled_modules.remove(module)
else:
mod_le_arg = 'add'
enabled_modules.append(module)
module_args = ['letsencrypt', mod_le_arg]
le_arguments = ['manage_hooks', 'enable']
if not enabled_modules == []:
le_arguments.extend(['--modules', ' '.join(enabled_modules)])
try:
actions.superuser_run(module, module_args)
actions.superuser_run('letsencrypt', le_arguments)
messages.success(
request, _('Switched use of certificate for app {module}')
.format(module=module))
except ActionError as exception:
messages.error(
request,
_('Failed to switch certificate use for app {module}: {error}')
.format(module=module, error=exception.args[2]))
return redirect(reverse_lazy('letsencrypt:index'))
def apply_changes(self, old_status, new_status):
"""Apply the changes."""
modified = False
if old_status['enabled'] != new_status['enabled']:
sub_command = 'enable' if new_status['enabled'] else 'disable'
modified = True
actions.superuser_run('datetime', [sub_command])
datetime.service.notify_enabled(None, new_status['enabled'])
messages.success(self.request, _('Configuration updated'))
if old_status['time_zone'] != new_status['time_zone'] and \
new_status['time_zone'] != 'none':
modified = True
try:
actions.superuser_run(
'timezone-change', [new_status['time_zone']])
except Exception as exception:
messages.error(
self.request, _('Error setting time zone: {exception}')
.format(exception=exception))
else:
messages.success(self.request, _('Time zone set'))
return modified
def _apply_changes(request, old_status, new_status):
"""Apply the changes"""
modified = False
if old_status["enabled"] != new_status["enabled"]:
sub_command = "enable" if new_status["enabled"] else "disable"
actions.superuser_run("transmission", [sub_command])
transmission.service.notify_enabled(None, new_status["enabled"])
modified = True
if (
old_status["download_dir"] != new_status["download_dir"]
or old_status["rpc_username"] != new_status["rpc_username"]
or old_status["rpc_password"] != new_status["rpc_password"]
):
new_configuration = {
"download-dir": new_status["download_dir"],
"rpc-username": new_status["rpc_username"],
"rpc-password": new_status["rpc_password"],
}
actions.superuser_run("transmission", ["merge-configuration"], input=json.dumps(new_configuration).encode())
modified = True
if modified:
messages.success(request, _("Configuration updated"))
else:
messages.info(request, _("Setting unchanged"))
def get_status():
"""Return the current status"""
is_running = actions.superuser_run('tor', ['is-running']).strip() == 'yes'
output = actions.superuser_run('tor-get-ports')
port_info = output.split('\n')
ports = {}
for line in port_info:
try:
(key, val) = line.split()
ports[key] = val
except ValueError:
continue
output = actions.superuser_run('tor', ['get-hs'])
output = output.strip()
if output == '':
hs_enabled = False
hs_hostname = 'Not Configured'
hs_ports = ''
elif output == 'error':
hs_enabled = False
hs_hostname = 'Not available (Run Tor at least once)'
hs_ports = ''
else:
hs_enabled = True
hs_info = output.split()
hs_hostname = hs_info[0]
hs_ports = hs_info[1]
return {'is_running': is_running,
'ports': ports,
'hs_enabled': hs_enabled,
'hs_hostname': hs_hostname,
'hs_ports': hs_ports}
def form_valid(self, form):
"""Handle valid form submission."""
domain_name = form.cleaned_data['domain_name']
actions.superuser_run('matrixsynapse',
['setup', '--domain-name', domain_name])
return super().form_valid(form)
def form_valid(self, form):
"""Handle valid form submission."""
old_config = self.get_initial()
new_config = form.cleaned_data
app_same = old_config['is_enabled'] == new_config['is_enabled']
pubreg_same = old_config['enable_public_registration'] == \
new_config['enable_public_registration']
if app_same and pubreg_same:
# TODO: find a more reliable/official way to check whether the
# request has messages attached.
if not self.request._messages._queued_messages:
messages.info(self.request, _('Setting unchanged'))
elif not app_same:
if new_config['is_enabled']:
self.service.enable()
messages.success(self.request, _('Application enabled'))
else:
self.service.disable()
messages.success(self.request, _('Application disabled'))
if not pubreg_same:
# note action public_registration restarts, if running now
if new_config['enable_public_registration']:
actions.superuser_run('matrixsynapse',
['public_registration', 'enable'])
messages.success(self.request,
_('Public registration enabled'))
else:
actions.superuser_run('matrixsynapse',
['public_registration', 'disable'])
messages.success(self.request,
_('Public registration disabled'))
return super(ServiceView, self).form_valid(form)
def enable(should_enable):
"""Enable/disable the module."""
option = 'enable' if should_enable else 'noenable'
actions.superuser_run('owncloud-setup', [option])
# Send a signal to other modules that the service is
# enabled/disabled
service.notify_enabled(None, should_enable)
def on_domainname_change(sender, old_domainname, new_domainname, **kwargs):
"""
Update ejabberd and jwchat config after domain name is changed.
"""
del sender # Unused
del old_domainname # Unused
del kwargs # Unused
actions.superuser_run("xmpp", ["change-domainname", "--domainname", new_domainname], async=True)
def _create_blog(request, name, admin_name, admin_password):
"""Create blog."""
try:
actions.superuser_run(
"ikiwiki", ["create-blog", "--blog_name", name, "--admin_name", admin_name], input=admin_password.encode()
)
messages.success(request, _("Created blog %s.") % name)
except actions.ActionError as err:
messages.error(request, _("Could not create blog: %s") % err)
def on_domainname_change(sender, old_domainname, new_domainname, **kwargs):
"""Update ejabberd config after domain name change."""
del sender # Unused
del old_domainname # Unused
del kwargs # Unused
actions.superuser_run('xmpp',
['change-domainname',
'--domainname', new_domainname],
async=True)
def on_post_hostname_change(sender, old_hostname, new_hostname, **kwargs):
"""
Update ejabberd and jwchat config after hostname is changed.
"""
del sender # Unused
del kwargs # Unused
actions.superuser_run(
"xmpp", ["change-hostname", "--old-hostname", old_hostname, "--new-hostname", new_hostname], async=True
)
def form_valid(self, form):
"""Apply the changes submitted in the form."""
form_data = form.cleaned_data
if form_data['password']:
actions.superuser_run('mediawiki', ['change-password'],
input=form_data['password'].encode())
messages.success(self.request, _('Password updated'))
return super().form_valid(form)
def form_valid(self, form):
"""Change the access control of Radicale service."""
data = form.cleaned_data
if get_rights_value() != data['access_rights']:
actions.superuser_run(
'radicale',
['configure', '--rights_type', data['access_rights']])
messages.success(self.request,
_('Access rights configuration updated'))
return super().form_valid(form)
def save(self, commit=True):
"""Save the user model and change POSIX password as well."""
user = super(UserChangePasswordForm, self).save(commit)
if commit:
try:
actions.superuser_run("change-user-password", [user.get_username(), self.cleaned_data["new_password1"]])
except ActionError:
messages.error(self.request, _("Changing POSIX system user password failed."))
return user
def on_post_hostname_change(sender, old_hostname, new_hostname, **kwargs):
"""Update ejabberd config after hostname change."""
del sender # Unused
del kwargs # Unused
actions.superuser_run('xmpp',
['change-hostname',
'--old-hostname', old_hostname,
'--new-hostname', new_hostname],
async=True)
def cancel(request):
"""Cancel ongoing process."""
global publish_process
if publish_process:
actions.superuser_run(
'monkeysphere', ['host-cancel-publish', str(publish_process.pid)])
publish_process = None
messages.info(request, _('Cancelled key publishing.'))
return redirect(reverse_lazy('monkeysphere:index'))
def _create_blog(request, name, admin_name, admin_password):
"""Create blog."""
try:
actions.superuser_run(
'ikiwiki',
['create-blog', '--blog_name', name,
'--admin_name', admin_name, '--admin_password', admin_password])
messages.success(request, _('Created blog %s.') % name)
except actions.ActionError as err:
messages.error(request, _('Could not create blog: %s') % err)
def setup_domain_name(domain_name):
actions.superuser_run('diaspora', ['setup', '--domain-name', domain_name])
global service
if service is None:
service = service_module.Service(managed_services[0], name, ports=[
'http', 'https'
], is_external=True, is_enabled=is_enabled, enable=enable,
disable=disable)
service.notify_enabled(None, True)
add_shortcut()
def save(self, commit=True):
"""Save the user model and create POSIX user if required."""
user = super(CreateUserForm, self).save(commit)
if commit and self.cleaned_data["add_posix_user"]:
try:
actions.superuser_run("create-user", [user.get_username(), self.cleaned_data["password1"]])
except ActionError:
messages.error(self.request, _("Creating POSIX system user failed."))
return user
def is_timeline_snapshots_enabled():
"""Return whether timeline snapshots are enabled."""
output = actions.superuser_run('snapshot', ['get-config'])
output = json.loads(output)
return output['TIMELINE_CREATE'] == 'yes'
def ecc(_):
"""Migrate from RSA to ECC."""
if openvpn.is_setup():
actions.superuser_run('openvpn', ['setup'], run_in_background=True)
return redirect('openvpn:index')
def enable():
"""Enable the module."""
actions.superuser_run('upgrades', ['enable-auto'])
def get_configuration():
"""Return full configuration of Zoph."""
configuration = actions.superuser_run('zoph', ['get-configuration'])
return json.loads(configuration)
def disable():
"""Enable the module."""
actions.superuser_run('transmission', ['disable'])
frontpage.remove_shortcut('transmission')
def enable():
"""Enable the module."""
actions.superuser_run('shaarli', ['enable'])
add_shortcut()
def disable():
"""Enable the module."""
actions.superuser_run('shaarli', ['disable'])
frontpage.remove_shortcut('shaarli')
def _rename_repo(oldname, newname):
"""Rename a repository."""
args = ['rename-repo', '--oldname', oldname, '--newname', newname]
actions.superuser_run('gitweb', args)
def _set_repo_owner(repo, owner):
"""Set repository's owner name."""
args = ['set-repo-owner', '--name', repo, '--owner', owner]
actions.superuser_run('gitweb', args)
def _set_repo_access(repo, access):
"""Set repository's owner name."""
args = ['set-repo-access', '--name', repo, '--access', access]
actions.superuser_run('gitweb', args)
def repair():
actions.superuser_run('email_server', ['-i', 'spam', 'set_filter'])
def __apply_changes(request, old_status, new_status):
"""Apply the changes."""
global config_process
if config_process:
# Already running a configuration task
return
needs_restart = False
arguments = []
if old_status['relay_enabled'] != new_status['relay_enabled']:
arg_value = 'enable' if new_status['relay_enabled'] else 'disable'
arguments.extend(['--relay', arg_value])
needs_restart = True
if old_status['bridge_relay_enabled'] != \
new_status['bridge_relay_enabled']:
arg_value = 'enable'
if not new_status['bridge_relay_enabled']:
arg_value = 'disable'
arguments.extend(['--bridge-relay', arg_value])
needs_restart = True
if old_status['hs_enabled'] != new_status['hs_enabled']:
arg_value = 'enable' if new_status['hs_enabled'] else 'disable'
arguments.extend(['--hidden-service', arg_value])
needs_restart = True
if old_status['apt_transport_tor_enabled'] != \
new_status['apt_transport_tor_enabled']:
arg_value = 'disable'
if new_status['enabled'] and new_status['apt_transport_tor_enabled']:
arg_value = 'enable'
arguments.extend(['--apt-transport-tor', arg_value])
if old_status['use_upstream_bridges'] != \
new_status['use_upstream_bridges']:
arg_value = 'disable'
if new_status['enabled'] and new_status['use_upstream_bridges']:
arg_value = 'enable'
arguments.extend(['--use-upstream-bridges', arg_value])
needs_restart = True
if old_status['upstream_bridges'] != new_status['upstream_bridges']:
arguments.extend(['--upstream-bridges',
new_status['upstream_bridges']])
needs_restart = True
if old_status['enabled'] != new_status['enabled']:
arg_value = 'enable' if new_status['enabled'] else 'disable'
arguments.extend(['--service', arg_value])
config_process = actions.superuser_run(
'tor', ['configure'] + arguments, async=True)
return
if arguments:
actions.superuser_run('tor', ['configure'] + arguments)
if not needs_restart:
messages.success(request, _('Configuration updated.'))
if needs_restart and new_status['enabled']:
config_process = actions.superuser_run('tor', ['restart'], async=True)
if not arguments:
messages.info(request, _('Setting unchanged'))
def disable(self):
"""Disable the Apache configuration."""
actions.superuser_run(
'apache',
['disable', '--name', self.web_name, '--kind', self.kind])
def delete_repo(repo):
"""Delete a repository."""
actions.superuser_run('gitweb', ['delete-repo', '--name', repo])
def disable(self):
"""Disable the uWSGI configuration."""
actions.superuser_run('apache',
['uwsgi-disable', '--name', self.uwsgi_name])
def is_configured():
"""Return whether the Zoph app is configured."""
output = actions.superuser_run('zoph', ['is-configured'])
return output.strip() == 'true'
def enable():
"""Enable the module."""
actions.superuser_run('ikiwiki', ['enable'])
add_shortcuts()
def disable():
"""Disable the module."""
actions.superuser_run('upgrades', ['disable-auto'])
def on_install():
"""Setup Tor configuration as soon as it is installed."""
actions.superuser_run('tor', ['setup'])
actions.superuser_run('tor', ['enable-apt-transport-tor'])
def backup_pre(self, packet):
"""Save database contents."""
actions.superuser_run('zoph', ['dump-database'])
def __apply_changes(request, old_status, new_status):
"""Apply the changes."""
if old_status['enabled'] == new_status['enabled'] and \
old_status['hs_enabled'] == new_status['hs_enabled'] and \
old_status['apt_transport_tor_enabled'] == \
new_status['apt_transport_tor_enabled']:
messages.info(request, _('Setting unchanged'))
return
if old_status['enabled'] != new_status['enabled']:
if new_status['enabled']:
actions.superuser_run('tor', ['enable'])
messages.success(request, _('Tor enabled'))
else:
actions.superuser_run('tor', ['disable'])
messages.success(request, _('Tor disabled'))
if old_status['hs_enabled'] != new_status['hs_enabled']:
if new_status['hs_enabled']:
actions.superuser_run('tor', ['enable-hs'])
messages.success(request, _('Tor hidden service enabled'))
else:
actions.superuser_run('tor', ['disable-hs'])
messages.success(request, _('Tor hidden service disabled'))
# Update hidden service name registered with Name Services module.
domain_removed.send_robust(
sender='tor', domain_type='hiddenservice')
enabled = action_utils.service_is_enabled('tor')
is_running = action_utils.service_is_running('tor')
(hs_enabled, hs_hostname, hs_ports) = get_hs()
if enabled and is_running and hs_enabled and hs_hostname:
hs_services = []
for service in SERVICES:
if str(service[2]) in hs_ports:
hs_services.append(service[0])
domain_added.send_robust(
sender='tor', domain_type='hiddenservice',
name=hs_hostname, description=_('Tor Hidden Service'),
services=hs_services)
if old_status['apt_transport_tor_enabled'] != \
new_status['apt_transport_tor_enabled']:
if new_status['apt_transport_tor_enabled']:
actions.superuser_run('tor', ['enable-apt-transport-tor'])
messages.success(request, _('Enabled package download over Tor'))
else:
actions.superuser_run('tor', ['disable-apt-transport-tor'])
messages.success(request, _('Disabled package download over Tor'))
def enable():
"""Enable the module."""
actions.superuser_run('transmission', ['enable'])
add_shortcut()