current version:
- fix gateway-check (get tunnel_dns_servers)
- check default openvpn service '[email protected]' is dead
- prevent usage of self created communities
- add the default nvram.conf as a sample to `/etc/nvram_sample.conf`
- new `/etc/nvram.conf` config option:
- allow user to change the repo url
`freifunk_repo=https://github.com/Freifunk-Dresden/ffdd-server`
- add nvram edit
- init-server.sh:
- change check for autoupdate (do not overwrite user config)
- add a check for CUSTOM REPO and REV
- add check for nvram option "ssh_pwauth"
- www status.cgi - add alt text for status images
- update bash_aliases and print output
- add `init_server` alias (OS and Firmware Update)
- bind9
- some optimations for different DNS states: "default gw" / "master" and "slave" Server
- enable dnssec
- add stats to ffdd status page
- bmxd
- update to version 0.5-freifunk-dresden
- remove trailing spaces from scripts
- fix '__FUNCTION__' in gcc extension, use '__func__' now.
- fastd
- change repo url to github
- change to master rev
- nvram
- get current version branch by git
- fix get: get only first entry when the user has duplicated option entries
- change ffdd-server version output
- apache2/php
- move ffdd-server webpage states to ddmesh.serverpage directory/state
- some optimations for php installation
- letsencrypt: move ffdd apache part to ddmesh.startpage_ssl
- openvpn/wireguard: check service is stopped and disable then no config file available
- monitorix
- update config options remove some issues
- disable proc and fail2ban graph
- vnstat: change git source to a stable rev/commit
- init_server.sh
- add salt repo for debian 9 and ubuntu 16
- a bit makeup for the script
- add a small ping check
- add check to install ffdd-server on host
- check salt_call is possible
- generally changes and optimizations
- update README
- remove temp parts
- optimize some scripts and salt states
- fixes in freifunk-gatewaycheck when we have a vpn network interface and ok='false'
- fix freifunk-register-local-node.sh - get nodeid
- check we can set sysctl tcp_syncookies
- add an sysctl.d/ipv6.conf template to deactivate ipv6
- make a shorter bash_alias help output
- add /etc/freifunk-server-initdate
- add /usr/local/bin/freifunk-manuell_update.sh
- add `pb` (pastebin tool for 0x0 on https://envs.sh)
Notice: This update is not carried out automatically and must be done manually be performed.
Please reboot the Server after upgrade.
- turn autoupdate off. the next release needs a reboot after update.
here it is better if the admin carries out the update manually and then restarts the server.
( after the update, the auto-update becomes active again if it is enabled in nvram.conf. )
- update README
- do not install resolvconf per default
- remove old fail2ban rules from ipset-conf
- letsencrypt/ssl: extend fqdn-check and ensure ssl-site is absent then deactivated
- change gateway-check ip's
- fix kernel-headers package check
- fix wireguard gen-config predown
- fail2ban changes:
- add ignored private IP's
- remove jail: apache-fakegooglebot , apache-botsearch
- fix bind9 db.root check
- fix init.d S52batmand and S53backbone-fastd2
- fix ffdd-autoupdate
- add/reanable cleanup_old_env
- add a faster speedtest to .bash_alias
- small readme and comments changes
- add CHANGELOG.md
- update fastd2 source
- update nvram.conf
- add 'ssh_pwauth' option to enable/disable password-authentification
- some more small improvements
- some improvements
- update/fix vnstat and vnstat-dashboard
- fix fastd2 service
- fix nvram autosetup
- fix bind9
- fix f2b cleanup
- fix nvram
- fix nvram autosetup
- fix salt-minion packages on debian stretch
- enable ssh X11 forwarding
- update README.md
- update init_server.sh for dev-installtions
- add mosh support
- add routing rule for DNS servers that are only accessable via tunnel
- add Debian 10 (buster) support
- update Debian Security Repo and Information
- small Bugfixes
- bind root.hints
- vnstat dir perms
- remove Debian 8 (jessie) support
- update init_server: extend OS-Check
- update helper packages
- update aliases
- update apt autoupdate
- optimze
- enable package refresh
- timezone state
- locales state
- nvram get version
- nvram autosetup
- add freifunk_repo to config file and update letsencrypt NAT'd check
- add systemtools and linux-firmware
- add bash_aliases: htop/psa, conntrack notice
- f2b: remove old hopglass server from ignore list
- apt: provide default sources.list for debian
- fastd2/bmxd: update docs url
- fastd: add support to restrict any new connection to a server. should be used when server has too much connections and is overloaded. in this case we must change backbones in clients
- fix Service requirements and watches
- fix salt and script code
- fix sysctl options
- fix bind9
- fix locales
- fix S42firewall6
- Required-Start
- Wait for the xtables lock
- add root bash_user_aliases for user definded aliases
- update sysctl and kernel managment
- update ntp server to public "de" pool (de.pool.ntp.org)
- update letsencrypt
- optimize install process
- change ssl dhparm to 2048bit
- update sysinfo.json to version 15
- fix cpuinfo
- add cpucount info
- update openvpn and wireguard init
- update crontabs disable send mails
- update freifunk-server autoupdate
- update freifunk-server-version info
- update freifunk-gateway-status.sh
- update bash aliases
- fix salt code comments
- fix fastd2 service watch src
- fix bind requirements
- fix f2b-ipset clear once per week
- fix www_Freifunk
- force symlink creation
- make sure that only files that are set up by salt
- fix monitorix owner for images
- add Wireguard VPN Support
- add default resolv.conf with dynamic resolvconf
- add check for tun device in 'init_server.sh'
- add fail2ban apache-auth jail
- add ipset for f2b-blacklist
- add Code Comments
- update Server Page
- update freifunk-gateway-check.sh
- update Configurations
- ntp
- rsyslog
- monitorix
- vnstat
- small Bugfixes
- apache2 service requierement
- fastd2/bmxd service requirements
- sysinfo.json: check gps coordinates are set
- ssh/fail2ban installation check
- letsencrypt email validation
- fix/update vnstat Traffic Dashboard
- other changes
- pkg for ping
- bashrc and aliases
- letsencrypt (ssl): increase dhparm and rsa-key to 4096 bit
- bind: rename openvpn.forwarder vpn.forwarder to generalize
- clear old HNA
- add vnstat Traffic Statistik Dashboard
- update README.md
- update clear_oldenv
- small Bugfixes
- ff-www: change encoding to utf-8
- fix letsencrypt service and add hostname - fqdn check
- add Support for Ubuntu 18.04 LTS
- add Connection Test to freifunk-autoupdate
- update README.md
- update sysinfo.json to version 14
- update Server Webpage
- update openvpn service for vpn1
- update openvpn gen-config for vpn1
- cleanup old code
- Bugfixes and Optimation
- add branch and tag git-system
- add Autosetup for new Servers (without _/etc/nvram.conf_)
- _nvram/etc/nvram.conf_
> add config option for 'install_dir' , 'autoupdate' and 'release'
- _nvram/usr/local/bin/nvram_
> add function 'set', 'unset' and 'version'
- add _/etc/freifunk-server-version_
- add _/usr/local/src/bmxd_revision_
- add _/etc/firewall.users_
> for user defined firewall rules - includes in _/etc/init.d/S41firewall_
- add letsencrypt https support
- add fail2ban as IPS
- Readme.md corrections
- cleanup old code
- bugfixes and optimation
* Bugfixes and Optimizing
- fix bmxd revison_version
- add release version
- add branch and tag system
* Bugfixes and Optimizing
- fix nvram autosetup
- fix apache2 _001-freifunk.conf_
- fix fastd _S53backbone-fastd_ add_connect
- fix bmxd revison_version
- add crontab variant minute
* Bugfixes and Optimizing
- fix jinja syntax
- add config.jinja
- change configs header
- add monitorix name and interface variable
* Bugfixes and Optimizing
- small changes in cron.d
- small fixes in letsencrypt (+ ENABLED)
- fix monitorix restrictions
* Bugfixes and Optimizing
- fix sysinfo.json version number
- fix crontabs
* (#add letsencrypt for https support)
* Optimizing and Cleanup
- clear old icvpn stuff
- remove pkg: php
- remove ddmesh - _freifunk-services.sh_
* Bugfix
- fix: add fail2ban ignore rule for 10.200.0.1
* Bugfixes and Optimizing
- bmxd path fixing in _apache2/var/www_freifunk/index.cgi_
* init_server.sh
- add check for 'install_dir'
- fix ensure _/usr/local/bin/nvram_ is present
- fix old file list
- add new alias ('freifunk-call') for '_salt-call state.highstate --local_'
* Bugfixes and Optimizing</br>
- change binaray path to _/usr/local/bin/_
- change source path to _/usr/local/src/_
- change server path to _/srv/ffdd-server/_
- _nvram/etc/nvram.conf_
> add config option for 'install_dir' and 'autoupdate'
- _nvram/usr/local/bin/nvram_
> add function 'set', 'unset' and 'version'
- _fastd/compiled-tools/fastd/build.sh_
> correct needed lib 'libjson0-dev' to 'libjson-c-dev'
- _bmxd/init.sls_ - compile_bmxd
> change cp bmxd to /usr/local/bin/
- _network/etc/init.d/S40network_
> add check if param. hashsize available to set
- _apache2/var/www_freifunk/sysinfo.json_
> add stats for autoupdate, firmware, hostinfo's
- check old files and cleanup
* add _/etc/freifunk-server-version_
* add _/etc/firewall.users
- for user defined firewall rules - includes in _/etc/init.d/S41firewall_
* add Autosetup for new Servers (without configured nvram.conf
- salt check if not 'ddmesh_registerkey' set in _/etc/nvram.conf_ and run: _nvram/usr/.../freifunk-nvram_autosetup.sh_