enh: ipv6 only global setting

share/config_global.toml

@@ -160,3 +160,9 @@ name = "Other"
         [misc.backup.backup_compress_tar_archives]
         type = "boolean"
         default = false
+
+    [misc.network]
+    name = "Network"
+        [misc.network.network_ipv6_only]
+        type = "boolean"
+        default = false

src/diagnosers/10-ip.py

@@ -28,6 +28,7 @@ from moulinette.utils.filesystem import read_file
 
 from yunohost.diagnosis import Diagnoser
 from yunohost.utils.network import get_network_interfaces
+from yunohost.settings import settings_get
 
 logger = log.getActionLogger("yunohost.diagnosis")
 
@@ -121,7 +122,7 @@ class MyDiagnoser(Diagnoser):
         yield dict(
             meta={"test": "ipv4"},
             data={"global": ipv4, "local": get_local_ip("ipv4")},
-            status="SUCCESS" if ipv4 else "ERROR",
+            status="SUCCESS" if ipv4 else "WARNING" if settings_get("network_ipv6_only") else "ERROR",
             summary="diagnosis_ip_connected_ipv4" if ipv4 else "diagnosis_ip_no_ipv4",
             details=["diagnosis_ip_global", "diagnosis_ip_local"] if ipv4 else None,
         )
@@ -129,7 +130,7 @@ class MyDiagnoser(Diagnoser):
         yield dict(
             meta={"test": "ipv6"},
             data={"global": ipv6, "local": get_local_ip("ipv6")},
-            status="SUCCESS" if ipv6 else "WARNING",
+            status="SUCCESS" if ipv6 else "ERROR" if settings_get("network_ipv6_only") else "WARNING",
             summary="diagnosis_ip_connected_ipv6" if ipv6 else "diagnosis_ip_no_ipv6",
             details=["diagnosis_ip_global", "diagnosis_ip_local"]
             if ipv6

src/diagnosers/14-ports.py

@@ -21,6 +21,7 @@ from typing import List
 
 from yunohost.diagnosis import Diagnoser
 from yunohost.service import _get_services
+from yunohost.settings import settings_get
 
 
 class MyDiagnoser(Diagnoser):
@@ -46,7 +47,7 @@ class MyDiagnoser(Diagnoser):
 
         ipversions = []
         ipv4 = Diagnoser.get_cached_report("ip", item={"test": "ipv4"}) or {}
-        if ipv4.get("status") == "SUCCESS":
+        if ipv4.get("status") == "SUCCESS" and not settings_get("network_ipv6_only"):
             ipversions.append(4)
 
         # To be discussed: we could also make this check dependent on the
@@ -120,7 +121,7 @@ class MyDiagnoser(Diagnoser):
                         for record in dnsrecords.get("items", [])
                     )
 
-                if failed == 4 or ipv6_is_important():
+                if failed == 4 and not settings_get("network_ipv6_only") or ipv6_is_important():
                     yield dict(
                         meta={"port": port},
                         data={

src/diagnosers/21-web.py

@@ -26,6 +26,7 @@ from moulinette.utils.filesystem import read_file, mkdir, rm
 from yunohost.diagnosis import Diagnoser
 from yunohost.domain import domain_list
 from yunohost.utils.dns import is_special_use_tld
+from yunohost.settings import settings_get
 
 DIAGNOSIS_SERVER = "diagnosis.yunohost.org"
 
@@ -76,7 +77,7 @@ class MyDiagnoser(Diagnoser):
 
         ipversions = []
         ipv4 = Diagnoser.get_cached_report("ip", item={"test": "ipv4"}) or {}
-        if ipv4.get("status") == "SUCCESS":
+        if ipv4.get("status") == "SUCCESS" and not settings_get("network_ipv6_only"):
             ipversions.append(4)
 
         # To be discussed: we could also make this check dependent on the
@@ -96,7 +97,7 @@ class MyDiagnoser(Diagnoser):
         # "curl --head the.global.ip" will simply timeout...
         if self.do_hairpinning_test:
             global_ipv4 = ipv4.get("data", {}).get("global", None)
-            if global_ipv4:
+            if global_ipv4 and not settings_get("network_ipv6_only"):
                 try:
                     requests.head("http://" + global_ipv4, timeout=5)
                 except requests.exceptions.Timeout:
@@ -147,7 +148,7 @@ class MyDiagnoser(Diagnoser):
             if all(
                 results[ipversion][domain]["status"] == "ok" for ipversion in ipversions
             ):
-                if 4 in ipversions:
+                if 4 in ipversions and not settings_get("network_ipv6_only"):
                     self.do_hairpinning_test = True
                 yield dict(
                     meta={"domain": domain},
@@ -185,7 +186,7 @@ class MyDiagnoser(Diagnoser):
                     )
                     AAAA_status = dnsrecords.get("data", {}).get("AAAA:@")
 
-                    return AAAA_status in ["OK", "WRONG"]
+                    return AAAA_status in ["OK", "WRONG"] or settings_get("network_ipv6_only")
 
                 if failed == 4 or ipv6_is_important_for_this_domain():
                     yield dict(

src/diagnosers/24-mail.py

@@ -31,6 +31,7 @@ from yunohost.diagnosis import Diagnoser
 from yunohost.domain import _get_maindomain, domain_list
 from yunohost.settings import settings_get
 from yunohost.utils.dns import dig
+from yunohost.settings import settings_get
 
 DEFAULT_DNS_BLACKLIST = "/usr/share/yunohost/dnsbl_list.yml"
 
@@ -301,13 +302,13 @@ class MyDiagnoser(Diagnoser):
         outgoing_ipversions = []
         outgoing_ips = []
         ipv4 = Diagnoser.get_cached_report("ip", {"test": "ipv4"}) or {}
-        if ipv4.get("status") == "SUCCESS":
+        if ipv4.get("status") == "SUCCESS" and not settings_get("network_ipv6_only"):
             outgoing_ipversions.append(4)
             global_ipv4 = ipv4.get("data", {}).get("global", {})
             if global_ipv4:
                 outgoing_ips.append(global_ipv4)
 
-        if settings_get("email.smtp.smtp_allow_ipv6"):
+        if settings_get("email.smtp.smtp_allow_ipv6") or settings_get("network_ipv6_only"):
             ipv6 = Diagnoser.get_cached_report("ip", {"test": "ipv6"}) or {}
             if ipv6.get("status") == "SUCCESS":
                 outgoing_ipversions.append(6)

src/dns.py

@@ -38,6 +38,7 @@ from yunohost.domain import (
 from yunohost.utils.dns import dig, is_yunohost_dyndns_domain, is_special_use_tld
 from yunohost.utils.error import YunohostValidationError, YunohostError
 from yunohost.utils.network import get_public_ip
+from yunohost.settings import settings_get
 from yunohost.log import is_unit_operation
 from yunohost.hook import hook_callback
 
@@ -185,7 +186,7 @@ def _build_dns_conf(base_domain, include_empty_AAAA_if_no_ipv6=False):
         ###########################
         # Basic ipv4/ipv6 records #
         ###########################
-        if ipv4:
+        if ipv4 and not settings_get("network_ipv6_only"):
             basic.append([basename, ttl, "A", ipv4])
 
         if ipv6:
@@ -240,7 +241,7 @@ def _build_dns_conf(base_domain, include_empty_AAAA_if_no_ipv6=False):
 
         # Only recommend wildcard and CAA for the top level
         if domain == base_domain:
-            if ipv4:
+            if ipv4 and not settings_get("network_ipv6_only"):
                 extra.append([f"*{suffix}", ttl, "A", ipv4])
 
             if ipv6:

src/settings.py

@@ -310,6 +310,7 @@ def regen_ssowatconf(setting_name, old_value, new_value):
 @post_change_hook("nginx_compatibility")
 @post_change_hook("webadmin_allowlist_enabled")
 @post_change_hook("webadmin_allowlist")
+@post_change_hook("network_ipv6_only")
 def reconfigure_nginx(setting_name, old_value, new_value):
     if old_value != new_value:
         regen_conf(names=["nginx"])
@@ -341,6 +342,7 @@ def reconfigure_ssh_and_fail2ban(setting_name, old_value, new_value):
 @post_change_hook("smtp_relay_user")
 @post_change_hook("smtp_relay_password")
 @post_change_hook("postfix_compatibility")
+@post_change_hook("network_ipv6_only")
 def reconfigure_postfix(setting_name, old_value, new_value):
     if old_value != new_value:
         regen_conf(names=["postfix"])