Merge pull request #2 from YunoHost-Apps/master

systemd

conf/systemd.service

@@ -3,8 +3,8 @@ Description=Cjdns: Encrypted IPv6 network
 After=network.target cjdns.service
 
 [Service]
-User=__APP__
-Group=__APP__
+User=root
+Group=root
 WorkingDirectory=__INSTALL_DIR__/
 ExecStart=/bin/bash -c '__INSTALL_DIR__/cjdroute < __INSTALL_DIR__/cjdroute.conf'
 KillMode=process
@@ -16,12 +16,9 @@ Restart=no
 # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
 NoNewPrivileges=yes
 PrivateTmp=yes
-PrivateDevices=yes
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
 RestrictNamespaces=yes
 RestrictRealtime=yes
-DevicePolicy=closed
-ProtectClock=yes
 ProtectHostname=yes
 ProtectProc=invisible
 ProtectSystem=full
@@ -30,7 +27,6 @@ ProtectKernelModules=yes
 ProtectKernelTunables=yes
 LockPersonality=yes
 SystemCallArchitectures=native
-SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
 
 # Denying access to capabilities that should not be relevant for webapps
 # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
@@ -41,7 +37,7 @@ CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
 CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
 CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
 CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
-CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_NET_RAW
 CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
 
 [Install]

doc/Admin.md

@@ -1,14 +1,11 @@
 # Setup your website on cjdns network
 
-1. Install YunoHost by following the detailed instructions provided [here](link-to-instructions).
-2. Once the installation is complete, log in as an administrator at `yunohost.local`. Perform a system update, which may take some time.
-3. Return to `yunohost.local` after the update and navigate to the Applications menu. Click on Install, search for "wordpress," select it, and proceed with the installation.
-4. In the Applications menu, search for "cjdns" and install it. If it does not appear due to not being published yet. You can sideload it by pasting the following URL: `https://github.com/dkoukoul/cjdns_ynh` into the "Install custom app" section.
-5. Obtain your cjdns IPv6 address by navigating to Tools -> Logs -> Click on "Install the 'cjdns' app." Your IPv6 address should be displayed in the log.
-6. Reboot your YunoHost server to make the tun device available. Navigate to Tools->Shutdown and click Reboot.
-7. Navigate to Tools -> Yunohost Settings -> Security, and under NGINX, disable "Force HTTPS." Click Save to apply the changes.
-8. Edit `/etc/nginx/conf.d/[your-domain].conf`, add your cjdns-ipv6 to the list of `server_name`. 
-9. Finally, to allow public access for cjdns requests to your new wordpress site you can do the following:
+1. In the Applications menu, search for "cjdns" and install it. 
+2. Obtain your cjdns IPv6 address by navigating to Tools -> Logs -> Click on "Install the 'cjdns' app." Your IPv6 address should be displayed in the log.
+3. Reboot your YunoHost server to make the tun device available. Navigate to Tools->Shutdown and click Reboot.
+4. Navigate to Tools -> Yunohost Settings -> Security, and under NGINX, disable "Force HTTPS." Click Save to apply the changes.
+5. Edit `/etc/nginx/conf.d/[your-domain].conf`, add your cjdns-ipv6 to the list of `server_name`. 
+6. Finally, to allow public access for cjdns requests to your new wordpress site you can do the following:
    1.  SSH into your yunoHost server
    2.  Copy current sso configuration file to persistent: `cp /etc/ssowat/conf.json /etc/ssowat/conf.json.persistent`
    3.  Then edit the persistent file: `nano /etc/ssowat/conf.json.persistent`