YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Search and replace old settings, first pass

Browse source
This commit is contained in:
Tagadda 2022-02-14 11:37:13 +00:00
parent 1d782b3a66
commit eb747cc15e
9 changed files with 18 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
conf/ssh/sshd_config
View file

@ -3,7 +3,7 @@
Protocol 2 Protocol 2
# PLEASE: if you wish to change the ssh port properly in YunoHost, use this command: # PLEASE: if you wish to change the ssh port properly in YunoHost, use this command:
# yunohost settings set security.ssh.port -v <port> # yunohost settings set security.ssh.ssh_port -v <port>
Port {{ port }} Port {{ port }}
{% if ipv6_enabled == "true" %}ListenAddress ::{% endif %} {% if ipv6_enabled == "true" %}ListenAddress ::{% endif %}
@ -56,7 +56,7 @@ ChallengeResponseAuthentication no
UsePAM yes UsePAM yes
# PLEASE: if you wish to force everybody to authenticate using ssh keys, run this command: # PLEASE: if you wish to force everybody to authenticate using ssh keys, run this command:
# yunohost settings set security.ssh.password_authentication -v no # yunohost settings set security.ssh.ssh_password_authentication -v no
{% if password_authentication == "False" %} {% if password_authentication == "False" %}
PasswordAuthentication no PasswordAuthentication no
{% else %} {% else %}

8
hooks/conf_regen/03-ssh
View file

@ -15,14 +15,14 @@ do_pre_regen() {
ssh_keys=$(ls /etc/ssh/ssh_host_{ed25519,rsa,ecdsa}_key 2>/dev/null || true) ssh_keys=$(ls /etc/ssh/ssh_host_{ed25519,rsa,ecdsa}_key 2>/dev/null || true)
# Support legacy setting (this setting might be disabled by a user during a migration) # Support legacy setting (this setting might be disabled by a user during a migration)
if [[ "$(yunohost settings get 'service.ssh.allow_deprecated_dsa_hostkey')" == "True" ]]; then if [[ "$(yunohost settings get 'security.ssh.ssh_allow_deprecated_dsa_hostkey')" == "True" ]]; then
ssh_keys="$ssh_keys $(ls /etc/ssh/ssh_host_dsa_key 2>/dev/null || true)" ssh_keys="$ssh_keys $(ls /etc/ssh/ssh_host_dsa_key 2>/dev/null || true)"
fi fi
# Support different strategy for security configurations # Support different strategy for security configurations
export compatibility="$(yunohost settings get 'security.ssh.compatibility')" export compatibility="$(yunohost settings get 'security.ssh.ssh_compatibility')"
export port="$(yunohost settings get 'security.ssh.port')" export port="$(yunohost settings get 'security.ssh.ssh_port')"
export password_authentication="$(yunohost settings get 'security.ssh.password_authentication')" export password_authentication="$(yunohost settings get 'security.ssh.ssh_password_authentication')"
export ssh_keys export ssh_keys
export ipv6_enabled export ipv6_enabled
ynh_render_template "sshd_config" "${pending_dir}/etc/ssh/sshd_config" ynh_render_template "sshd_config" "${pending_dir}/etc/ssh/sshd_config"

12
hooks/conf_regen/15-nginx
View file

@ -56,7 +56,7 @@ do_pre_regen() {
# install / update plain conf files # install / update plain conf files
cp plain/* "$nginx_conf_dir" cp plain/* "$nginx_conf_dir"
# remove the panel overlay if this is specified in settings # remove the panel overlay if this is specified in settings
panel_overlay=$(yunohost settings get 'ssowat.panel_overlay.enabled') panel_overlay=$(yunohost settings get 'misc.ssowat.ssowat_panel_overlay_enabled')
if [ "$panel_overlay" == "false" ] || [ "$panel_overlay" == "False" ]; then if [ "$panel_overlay" == "false" ] || [ "$panel_overlay" == "False" ]; then
echo "#" >"${nginx_conf_dir}/yunohost_panel.conf.inc" echo "#" >"${nginx_conf_dir}/yunohost_panel.conf.inc"
fi fi
@ -65,9 +65,9 @@ do_pre_regen() {
main_domain=$(cat /etc/yunohost/current_host) main_domain=$(cat /etc/yunohost/current_host)
# Support different strategy for security configurations # Support different strategy for security configurations
export redirect_to_https="$(yunohost settings get 'security.nginx.redirect_to_https')" export redirect_to_https="$(yunohost settings get 'security.nginx.nginx_redirect_to_https')"
export compatibility="$(yunohost settings get 'security.nginx.compatibility')" export compatibility="$(yunohost settings get 'security.nginx.nginx_compatibility')"
export experimental="$(yunohost settings get 'security.experimental.enabled')" export experimental="$(yunohost settings get 'security.experimental.security_experimental_enabled')"
ynh_render_template "security.conf.inc" "${nginx_conf_dir}/security.conf.inc" ynh_render_template "security.conf.inc" "${nginx_conf_dir}/security.conf.inc"
cert_status=$(yunohost domain cert status --json) cert_status=$(yunohost domain cert status --json)
@ -92,9 +92,9 @@ do_pre_regen() {
done done
export webadmin_allowlist_enabled=$(yunohost settings get security.webadmin.allowlist.enabled) export webadmin_allowlist_enabled=$(yunohost settings get security.webadmin.webadmin_allowlist_enabled)
if [ "$webadmin_allowlist_enabled" == "True" ]; then if [ "$webadmin_allowlist_enabled" == "True" ]; then
export webadmin_allowlist=$(yunohost settings get security.webadmin.allowlist) export webadmin_allowlist=$(yunohost settings get security.webadmin.webadmin_allowlist)
fi fi
ynh_render_template "yunohost_admin.conf.inc" "${nginx_conf_dir}/yunohost_admin.conf.inc" ynh_render_template "yunohost_admin.conf.inc" "${nginx_conf_dir}/yunohost_admin.conf.inc"
ynh_render_template "yunohost_api.conf.inc" "${nginx_conf_dir}/yunohost_api.conf.inc" ynh_render_template "yunohost_api.conf.inc" "${nginx_conf_dir}/yunohost_api.conf.inc"

2
hooks/conf_regen/25-dovecot
View file

@ -16,7 +16,7 @@ do_pre_regen() {
cp dovecot-ldap.conf "${dovecot_dir}/dovecot-ldap.conf" cp dovecot-ldap.conf "${dovecot_dir}/dovecot-ldap.conf"
cp dovecot.sieve "${dovecot_dir}/global_script/dovecot.sieve" cp dovecot.sieve "${dovecot_dir}/global_script/dovecot.sieve"
export pop3_enabled="$(yunohost settings get 'pop3.enabled')" export pop3_enabled="$(yunohost settings get 'email.pop3.pop3_enabled')"
export main_domain=$(cat /etc/yunohost/current_host) export main_domain=$(cat /etc/yunohost/current_host)
export domain_list="$YNH_DOMAINS" export domain_list="$YNH_DOMAINS"

2
hooks/conf_regen/52-fail2ban
View file

@ -16,7 +16,7 @@ do_pre_regen() {
cp yunohost.conf "${fail2ban_dir}/filter.d/yunohost.conf" cp yunohost.conf "${fail2ban_dir}/filter.d/yunohost.conf"
cp jail.conf "${fail2ban_dir}/jail.conf" cp jail.conf "${fail2ban_dir}/jail.conf"
export ssh_port="$(yunohost settings get 'security.ssh.port')" export ssh_port="$(yunohost settings get 'security.ssh.ssh_port')"
ynh_render_template "yunohost-jails.conf" "${fail2ban_dir}/jail.d/yunohost-jails.conf" ynh_render_template "yunohost-jails.conf" "${fail2ban_dir}/jail.d/yunohost-jails.conf"
} }

2
maintenance/missing_i18n_keys.py
View file

@ -100,7 +100,7 @@ def find_expected_string_keys():
yield m yield m
# Global settings descriptions # Global settings descriptions
# Will be on a line like : ("service.ssh.allow_deprecated_dsa_hostkey", {"type": "bool", ... # Will be on a line like : ("security.ssh.ssh_allow_deprecated_dsa_hostkey", {"type": "bool", ...
p5 = re.compile(r" \(\n*\s*[\"\'](\w[\w\.]+)[\"\'],") p5 = re.compile(r" \(\n*\s*[\"\'](\w[\w\.]+)[\"\'],")
content = open(ROOT + "src/settings.py").read() content = open(ROOT + "src/settings.py").read()
for m in ( for m in (

2
src/backup.py
View file

@ -1928,7 +1928,7 @@ class TarBackupMethod(BackupMethod):
def _archive_file(self): def _archive_file(self):
if isinstance(self.manager, BackupManager) and settings_get( if isinstance(self.manager, BackupManager) and settings_get(
"backup.compress_tar_archives" "misc.backup.backup_compress_tar_archives"
): ):
return os.path.join(self.repo, self.name + ".tar.gz") return os.path.join(self.repo, self.name + ".tar.gz")

2
src/diagnosers/24-mail.py
View file

@ -291,7 +291,7 @@ class MyDiagnoser(Diagnoser):
if global_ipv4: if global_ipv4:
outgoing_ips.append(global_ipv4) outgoing_ips.append(global_ipv4)
if settings_get("smtp.allow_ipv6"): if settings_get("email.smtp.smtp_allow_ipv6"):
ipv6 = Diagnoser.get_cached_report("ip", {"test": "ipv6"}) or {} ipv6 = Diagnoser.get_cached_report("ip", {"test": "ipv6"}) or {}
if ipv6.get("status") == "SUCCESS": if ipv6.get("status") == "SUCCESS":
outgoing_ipversions.append(6) outgoing_ipversions.append(6)

2
src/diagnosers/70-regenconf.py
View file

@ -53,7 +53,7 @@ class MyDiagnoser(Diagnoser):
) )
# Check consistency between actual ssh port in sshd_config vs. setting # Check consistency between actual ssh port in sshd_config vs. setting
ssh_port_setting = settings_get("security.ssh.port") ssh_port_setting = settings_get("security.ssh.ssh_port")
ssh_port_line = re.findall( ssh_port_line = re.findall(
r"\bPort *([0-9]{2,5})\b", read_file("/etc/ssh/sshd_config") r"\bPort *([0-9]{2,5})\b", read_file("/etc/ssh/sshd_config")
) )