diff --git a/conf/ssh/sshd_config b/conf/ssh/sshd_config index b6d4111ee..eaa0c7380 100644 --- a/conf/ssh/sshd_config +++ b/conf/ssh/sshd_config @@ -3,7 +3,7 @@ Protocol 2 # PLEASE: if you wish to change the ssh port properly in YunoHost, use this command: -# yunohost settings set security.ssh.port -v +# yunohost settings set security.ssh.ssh_port -v Port {{ port }} {% if ipv6_enabled == "true" %}ListenAddress ::{% endif %} @@ -56,7 +56,7 @@ ChallengeResponseAuthentication no UsePAM yes # PLEASE: if you wish to force everybody to authenticate using ssh keys, run this command: -# yunohost settings set security.ssh.password_authentication -v no +# yunohost settings set security.ssh.ssh_password_authentication -v no {% if password_authentication == "False" %} PasswordAuthentication no {% else %} diff --git a/hooks/conf_regen/03-ssh b/hooks/conf_regen/03-ssh index 9a7f5ce4d..eb548d4f4 100755 --- a/hooks/conf_regen/03-ssh +++ b/hooks/conf_regen/03-ssh @@ -15,14 +15,14 @@ do_pre_regen() { ssh_keys=$(ls /etc/ssh/ssh_host_{ed25519,rsa,ecdsa}_key 2>/dev/null || true) # Support legacy setting (this setting might be disabled by a user during a migration) - if [[ "$(yunohost settings get 'service.ssh.allow_deprecated_dsa_hostkey')" == "True" ]]; then + if [[ "$(yunohost settings get 'security.ssh.ssh_allow_deprecated_dsa_hostkey')" == "True" ]]; then ssh_keys="$ssh_keys $(ls /etc/ssh/ssh_host_dsa_key 2>/dev/null || true)" fi # Support different strategy for security configurations - export compatibility="$(yunohost settings get 'security.ssh.compatibility')" - export port="$(yunohost settings get 'security.ssh.port')" - export password_authentication="$(yunohost settings get 'security.ssh.password_authentication')" + export compatibility="$(yunohost settings get 'security.ssh.ssh_compatibility')" + export port="$(yunohost settings get 'security.ssh.ssh_port')" + export password_authentication="$(yunohost settings get 'security.ssh.ssh_password_authentication')" export ssh_keys export ipv6_enabled ynh_render_template "sshd_config" "${pending_dir}/etc/ssh/sshd_config" diff --git a/hooks/conf_regen/15-nginx b/hooks/conf_regen/15-nginx index c1d943681..482784d8d 100755 --- a/hooks/conf_regen/15-nginx +++ b/hooks/conf_regen/15-nginx @@ -56,7 +56,7 @@ do_pre_regen() { # install / update plain conf files cp plain/* "$nginx_conf_dir" # remove the panel overlay if this is specified in settings - panel_overlay=$(yunohost settings get 'ssowat.panel_overlay.enabled') + panel_overlay=$(yunohost settings get 'misc.ssowat.ssowat_panel_overlay_enabled') if [ "$panel_overlay" == "false" ] || [ "$panel_overlay" == "False" ]; then echo "#" >"${nginx_conf_dir}/yunohost_panel.conf.inc" fi @@ -65,9 +65,9 @@ do_pre_regen() { main_domain=$(cat /etc/yunohost/current_host) # Support different strategy for security configurations - export redirect_to_https="$(yunohost settings get 'security.nginx.redirect_to_https')" - export compatibility="$(yunohost settings get 'security.nginx.compatibility')" - export experimental="$(yunohost settings get 'security.experimental.enabled')" + export redirect_to_https="$(yunohost settings get 'security.nginx.nginx_redirect_to_https')" + export compatibility="$(yunohost settings get 'security.nginx.nginx_compatibility')" + export experimental="$(yunohost settings get 'security.experimental.security_experimental_enabled')" ynh_render_template "security.conf.inc" "${nginx_conf_dir}/security.conf.inc" cert_status=$(yunohost domain cert status --json) @@ -92,9 +92,9 @@ do_pre_regen() { done - export webadmin_allowlist_enabled=$(yunohost settings get security.webadmin.allowlist.enabled) + export webadmin_allowlist_enabled=$(yunohost settings get security.webadmin.webadmin_allowlist_enabled) if [ "$webadmin_allowlist_enabled" == "True" ]; then - export webadmin_allowlist=$(yunohost settings get security.webadmin.allowlist) + export webadmin_allowlist=$(yunohost settings get security.webadmin.webadmin_allowlist) fi ynh_render_template "yunohost_admin.conf.inc" "${nginx_conf_dir}/yunohost_admin.conf.inc" ynh_render_template "yunohost_api.conf.inc" "${nginx_conf_dir}/yunohost_api.conf.inc" diff --git a/hooks/conf_regen/25-dovecot b/hooks/conf_regen/25-dovecot index 37c73b6d8..da7e0fa75 100755 --- a/hooks/conf_regen/25-dovecot +++ b/hooks/conf_regen/25-dovecot @@ -16,7 +16,7 @@ do_pre_regen() { cp dovecot-ldap.conf "${dovecot_dir}/dovecot-ldap.conf" cp dovecot.sieve "${dovecot_dir}/global_script/dovecot.sieve" - export pop3_enabled="$(yunohost settings get 'pop3.enabled')" + export pop3_enabled="$(yunohost settings get 'email.pop3.pop3_enabled')" export main_domain=$(cat /etc/yunohost/current_host) export domain_list="$YNH_DOMAINS" diff --git a/hooks/conf_regen/52-fail2ban b/hooks/conf_regen/52-fail2ban index 8129e977d..8ef20f979 100755 --- a/hooks/conf_regen/52-fail2ban +++ b/hooks/conf_regen/52-fail2ban @@ -16,7 +16,7 @@ do_pre_regen() { cp yunohost.conf "${fail2ban_dir}/filter.d/yunohost.conf" cp jail.conf "${fail2ban_dir}/jail.conf" - export ssh_port="$(yunohost settings get 'security.ssh.port')" + export ssh_port="$(yunohost settings get 'security.ssh.ssh_port')" ynh_render_template "yunohost-jails.conf" "${fail2ban_dir}/jail.d/yunohost-jails.conf" } diff --git a/maintenance/missing_i18n_keys.py b/maintenance/missing_i18n_keys.py index 3dbca8027..817c73c61 100644 --- a/maintenance/missing_i18n_keys.py +++ b/maintenance/missing_i18n_keys.py @@ -100,7 +100,7 @@ def find_expected_string_keys(): yield m # Global settings descriptions - # Will be on a line like : ("service.ssh.allow_deprecated_dsa_hostkey", {"type": "bool", ... + # Will be on a line like : ("security.ssh.ssh_allow_deprecated_dsa_hostkey", {"type": "bool", ... p5 = re.compile(r" \(\n*\s*[\"\'](\w[\w\.]+)[\"\'],") content = open(ROOT + "src/settings.py").read() for m in ( diff --git a/src/backup.py b/src/backup.py index bba60b895..10b876244 100644 --- a/src/backup.py +++ b/src/backup.py @@ -1928,7 +1928,7 @@ class TarBackupMethod(BackupMethod): def _archive_file(self): if isinstance(self.manager, BackupManager) and settings_get( - "backup.compress_tar_archives" + "misc.backup.backup_compress_tar_archives" ): return os.path.join(self.repo, self.name + ".tar.gz") diff --git a/src/diagnosers/24-mail.py b/src/diagnosers/24-mail.py index 7fe7a08db..4b370a2b4 100644 --- a/src/diagnosers/24-mail.py +++ b/src/diagnosers/24-mail.py @@ -291,7 +291,7 @@ class MyDiagnoser(Diagnoser): if global_ipv4: outgoing_ips.append(global_ipv4) - if settings_get("smtp.allow_ipv6"): + if settings_get("email.smtp.smtp_allow_ipv6"): ipv6 = Diagnoser.get_cached_report("ip", {"test": "ipv6"}) or {} if ipv6.get("status") == "SUCCESS": outgoing_ipversions.append(6) diff --git a/src/diagnosers/70-regenconf.py b/src/diagnosers/70-regenconf.py index 591f883a4..787fb257d 100644 --- a/src/diagnosers/70-regenconf.py +++ b/src/diagnosers/70-regenconf.py @@ -53,7 +53,7 @@ class MyDiagnoser(Diagnoser): ) # Check consistency between actual ssh port in sshd_config vs. setting - ssh_port_setting = settings_get("security.ssh.port") + ssh_port_setting = settings_get("security.ssh.ssh_port") ssh_port_line = re.findall( r"\bPort *([0-9]{2,5})\b", read_file("/etc/ssh/sshd_config") )