Contents
-
Applications
- Avahi
- Backups
- BIND
- Cockpit
- Coquelicot
- Datetime
- Deluge
- Diagnostics
- Dynamic DNS
- ejabberd
- Firewall
- ikiwiki
- infinoted
- JSXC
- Let's Encrypt
- matrix-synapse
- mediawiki
- Minetest
- Monkeysphere
- Mumble
- Names
- Networks
- OpenVPN
- Pagekite
- Power
- Privoxy
- Quassel
- radicale
- repro
- Roundcube
- SearX
- Secure Shell (SSH) Server
- Security
- Shadowsocks
- Sharing
- Snapshot
- Storage
- Syncthing
- Tahoe-LAFS
- Tiny Tiny RSS
- Tor
- Transmission
- Upgrades
- Manual Backup and Restore
This page is for gathering information about how user data is stored on FreedomBox. The goal is to list any information needed to backup/restore data for each application available on FreedomBox.
Applications
Avahi
Data: None
Configuration: None
Services that intend to make themselves discoverable will drop files into /etc/avahi/services. This is not customizable in FreedomBox and fresh installation will have this automatically setup properly.
Secrets: None
Backups
Data: None
Configuration: None
- Backups application does not have any configuration right now. It is expected to have settings such as schedule, default backup location and secrets for connecting to remote locations.
Secrets: None
BIND
Data: None
Configuration: /etc/bind/named.conf.options
Ownership: root:bind
Permissions: 644
Secrets: None
Cockpit
Data: None
Configuration: None
- Only change in /etc/cockpit/cockpit.conf is the key for allowed domain names. This is automatically set to the proper value on application installation.
Secrets: None
Coquelicot
Data: /var/lib/coquelicot
Ownership: coquelicot:coquelicot
Permissions: 644 for files, 755 for directories
Configuration: Has secrets, see secrets
Secrets: /etc/coquelicot/settings.yml
Ownership: root:root
Permissions: 644
Datetime
Data: None
Configuration: /etc/timezone
Ownership: root:root
Permissions: 644
Secrets: None
Deluge
Data: Has secrets, see secrets
Downloaded Data: /var/lib/deluged/Downloads (default, may be changed)
- Actual downloaded files are in various locations depending on the path set during download.
Ownership: debian-deluged:debian-deluged
Permissions: 644
Configuration: Configuration stored in data directory
Secrets: /var/lib/deluged/.config/, /var/lib/deluged/config/
Ownership: debian-deluged:debian-deluged
Permissions: 700 /var/lib/deluged/.config/, /var/lib/deluged/.config/deluged/ and /var/lib/deluged/.config/deluged/ssl, 750 for /var/lib/deluged and /var/lib/deluged/config, 600 for /var/lib/deluged/.config/deluged/auth, 644 for remaining files, 755 for remaining directories
Diagnostics
Data: None
Configuration: None
Secrets: None
Dynamic DNS
Data: None
Configuration: /etc/ez-ipupdate/
These files are automatically created with correct values by FreedomBox if the exact old configuration is provided in the interface.
Secrets: /etc/ez-ipupdate
These files are automatically created with correct values by FreedomBox if the exact old configuration is provided in the interface.
ejabberd
Data: /var/lib/ejabberd/
Format: Mnesia database.
See information on how to backup/restore database.
Configuration: /etc/ejabberd/ejabberd.yml
Format: YAML
Ownership: ejabberd:ejabberd
Permissions: 600
Contains configured domain names and options. Automatically configured properly by FreedomBox if same domain name and options are set.
Secrets: /etc/ejabberd/ejabberd.pem
Ownership: root:ejabberd
Permissions: 640
- TLS Certificate used for secure communication
- Needed only if you wish that certificate should not change on restored machine.
Firewall
Data: None
Configuration: None
- Currently, there is no customization possible in firewall. If a user customizes firewalld on the command line, they need to backup/restore various files in /etc/firewalld/.
Secrets: None
ikiwiki
Data: /var/lib/ikiwiki/ /var/www/ikiwiki/
Format: Setup files, static assets and git repositories for each wiki/blog
Ownership: root:root
Permissions: 644 for files, 755 for directories, 6755 for all ikiwiki.cgi files in /var/www/ikiwiki, drwxrwsr-x for all .git directories and their children.
Configuration: None
- /var/lib/ikiwiki/*.setup which is already part of data location.
Secrets: None
Static files can be regenerated by running the following command
$ ikiwiki --rebuild <blogname> /var/www/ikiwiki/
infinoted
Data: /var/lib/infinoted
Ownership: infinoted:infinoted for everything except sync folder which has ownership root:root
Permissions: 755 for directories, 644 for files
Configuration: None
Secrets: /etc/infinoted/infinoted-cert.pem /etc/infinoted/infinoted-key.pem
Ownership: infinoted:infinoted
Permissions: 640 for files
- TLS Certificate used for secure communication
- Needed only if you wish that certificate should not change on restored machine.
JSXC
Data: None
Configuration: None
Secrets: None
Let's Encrypt
Data: None
Configuration: /etc/letsencrypt/csr /etc/letsencrypt/renewal /etc/letsencrypt/renewal-hooks
Ownership: root:root
Permissions: 755 for directories, 644 for files
Secrets: /etc/letsencrypt/accounts /etc/letsencrypt/archive /etc/letsencrypt/keys /etc/letsencrypt/live
Ownership: root:root
Permissions: varies
matrix-synapse
Data: /var/lib/matrix-synapse/homeserver.db /var/lib/matrix-synapse/media /var/lib/matrix-synapse/uploads
Format: sqlite3 database, uploaded files
Ownership: matrix-synapse:nogroup
Permissions: 755 for directories, 644 for files
Configuration: /etc/matrix-synapse/homeserver.yaml /etc/matrix-synapse/conf.d /etc/matrix-synapse/log.yaml
Ownership: root:root
Permissions: 755 for directories, 644 for files
Secrets: /etc/matrix-synapse/homeserver.signing.key /etc/matrix-synapse/homeserver.tls.crt /etc/matrix-synapse/homeserver.tls.dh /etc/matrix-synapse/homeserver.tls.key
- TLS Certificate used for secure communication
- Needed only if you wish that certificate should not change on restored machine.
mediawiki
Data: /var/lib/mediawiki-db
Format: sqlite3 database
Ownership: www-data:www-data
Permissions: 640 for .sqlite files
Minetest
Data: /var/games/minetest-server/
Ownership: Debian-minetest:games
Permissions: 755 for directories, 644 for files
Configuration: /etc/minetest/minetest.conf
Ownership: root:root
Permissions: 755 for directories, 644 for files
These files are automatically created with correct values by FreedomBox if the exact old configuration is provided in the interface.
Secrets: None
Monkeysphere
Data: None
Configuration: /var/lib/monkeysphere/host_keys.pub.pgp
Secrets: /var/lib/monkeysphere/authentication /var/lib/monkeysphere/host
Mumble
Data: /var/lib/mumble-server
Ownership: mumble-server:mumble-server
Permissions: 750 for /var/lib/mumble-server, 770 for /var/lib/mumble-server/.config, 640 for /var/lib/mumble-server/mumble-server.sqlite, 660 for /var/lib/mumble-server/.config/Trolltech.conf
Configuration: None
Secrets: None
Names
Data: None
Configuration: None
Secrets: None
Networks
Data: None
Configuration: May contain secrets, see secrets.
Secrets: /etc/NetworkManager/system-connections/*
Ownership: root:root
Permissions: 600
OpenVPN
Data: None
Configuration: /etc/openvpn/server/freedombox.conf
Ownership: root:root
Permissions: 644
No changes needed after default installation. Let FreedomBox create the file on new machine.
Secrets: /etc/openvpn/freedombox-keys/
Ownership: root:root
Permissions: 600 for *.key, .rnd, 644 for certificates and other public files.
Pagekite
Data: None
Configuration: /etc/pagekite.d/
Ownership: root:root
Permissions: 755 for /etc/pagekite.d and 644 for files other than 10_account.rc
Secrets: /etc/pagekite.d/10_account.rc
Ownership: root:root
Permissions: 600
Power
Data: None
Configuration: None
Secrets: None
Privoxy
Data: None
Configuration: None
Secrets: None
Quassel
Data: /var/lib/quassel
Ownership: quasselcore:quassel
Permissions: 755 for directory, 600 for files inside
Configuration: None
Secrets: Part of data folder
radicale
Data: /var/lib/radicale/
Format: Collections per user
Ownership: radicale:radicale
Permissions: 755 for directories, 644 for files
Configuration: /etc/radicale/
Ownership: root:root
Permissions: 755 for directories, 644 for files
No changes needed after default installation. Let FreedomBox create the files on new machine.
Secrets: None
repro
Data: /var/lib/repro
Ownership: repro:repro
Permissions: 700 for directories, 640 for files
Configuration: /etc/repro/repro.config /etc/repro/users.txt
Ownership: root:root
Permissions: 644
Secrets: /etc/repro/dh2048.pem /etc/repro/ssl
Ownership: root:repro for dh2048.pem, root:root for ssll
Permissions: 640 for dh2048.pem, 755 /etc/repro/ssl
Let FreedomBox generate new one on new machine.
Roundcube
Data: None
Configuration: None
Secrets: None
SearX
Data: None
Configuration: None
Secrets: None
Secure Shell (SSH) Server
Data: None
Configuration: None
Secrets: /etc/ssh/ssh_host_*
Ownership: root:root
Permissions: 600 for ssh_host_*_key and 644 for ssh_host_*_key.pub
Security
Data: None
Configuration: /etc/security/access.conf
Ownership: root:root
Permissions: 644
Secrets: None
Shadowsocks
Data: None
Configuration: Has secrets, see secrets
Secrets: /etc/shadosocks-libev/freedombox.json
Ownership: root:root
Permissions: 640
Sharing
Data: /etc/apache2/conf-available/sharing-freedombox.conf
Ownership: root:root
Permissions: 644
Configuration: None
Secrets: None
Snapshot
Data: /.snapshots
Configuration: /etc/snapper/configs/root /etc/default/snapper
Ownership: root:root
Secrets: None
Storage
Data: None
Configuration: None
Secrets: None
Syncthing
Data: /var/lib/syncthing/Sync
Configuration: /var/lib/syncthing/.config/syncthing/config.xml
Ownership: syncthing:syncthing
Secrets: /var/lib/syncthing/.config/syncthing
Ownership: syncthing:syncthing
Tahoe-LAFS
Data: (TBD) /var/lib/tahoe-lafs/storage_node/storage/
Configuration:
- /var/lib/tahoe-lafs/domain_name
- In /var/lib/tahoe-lafs/introducer: my_nodeid, tahoe.cfg
- In /var/lib/tahoe-lafs/storage_node: my_nodeid, node.pubkey, tahoe.cfg
Secrets: /var/lib/tahoe-lafs/introducer/private/ /var/lib/tahoe-lafs/storage_node/private/
Ownership: tahoe-lafs:tahoe-lafs
Tiny Tiny RSS
Data: postgresql database
Dump data: PGPASSWORD=<password> pg_dump -h localhost -U ttrss ttrss >ttrss_dump.sql
Get the <password> from /etc/tt-rss/database.php.
Configuration: /etc/tt-rss/config.php
Let FreedomBox generate new one on new machine.
Secrets: /etc/tt-rss/database.php
Ownership: root:www-data
Permissions: 640
Tor
Data: Has secrets such as private key for .onion address, see secrets.
Configuration: /etc/tor/
Ownership: root:root
Permissions: 644 for files, 755 for directories
This includes all instances of Tor. In FreedomBox, /etc/tor/instances/plinth/torrc represents the configuration for FreedomBox configured Tor. Other instances are in /etc/tor/instances/*. Default instance configuration is in /etc/tor/torrc.
Secrets: /var/lib/tor, /var/lib/tor-instances/
Ownership: debian-tor:debian-tor for /var/lib/tor, _tor-<instance>:_tor-<instance> for each instance (example: _tor-plinth:_tor-plinth for /var/lib/tor-instances/plinth)
Permissions: 600 for files, 2700 on directories
Transmission
Data: /var/lib/transmission-daemon/.config
Ownership: debian-transmission:debian-transmission (root:root for .config)
Permissions: 4755 for .config/transmission-daemon, 755 for directories, 600 on files
Downloaded Data: /var/lib/transmission-daemon/downloads (default, may be changed)
- Actual downloaded files are in various locations depending on the path set during download.
Ownership: debian-transmission:debian-transmission
Permissions: 4755 for parent directory, 755 for directories, 644 for files
Configuration: Has secrets, see secrets
Secrets: /etc/transmission-daemon/settings.json
Ownership: debian-transmission:debian-transmission
Permissions: 600
Upgrades
Data: None
Configuration: /etc/apt/apt.conf.d/20auto-upgrades
Ownership: root:root
Permissions: 644
Secrets: None
Manual Backup and Restore
While FreedomBox does not have a mechanism yet for automatic backup and restore of data, one can manually perform a backup and restore of application using the above data.
Taking Backup
If the old FreedomBox is running:
Stop the application you wish to take a backup of using FreedomBox interface. This can also be done by running systemctl stop daemon-name.
Login to the FreedomBox machine using SSH using an admin user.
Gain root access using sudo su -.
If the old FreedomBox is not running:
Plug in the SD card or disk of the old FreedomBox to a GNU/Linux machine and mount it.
- Create a tarball of the data, configuration and secrets directories. For example, for radicale:
- cd /var/lib; tar -cvzf ~/radicale-data.tar.gz radicale/
- cd /etc; tar -cvzf ~/radicale-conf.tar.gz /etc/radicale
- Repeat the process for each application you wish to restore.
- Copy the created files to your work machine. This can be done using the scp command or using SSH file copying GUI tools.
Restore Backup
Setup your new FreedomBox.
- Install all applications you wish to restore.
Configure them like you did in your old FreedomBox.
- Disable them all so they are stopped and ready for restoring.
Copy the file from your work machine to new FreedomBox using scp command or using SSH file copying GUI tools.
Login to the FreedomBox machine using SSH using an admin user.
- Extract the files. For example, for radicale:
- tar -xf radicale-data.tar.gz
This will create radicale directory with correct file permissions and ownership.
- Take the restored data to the correct directory:
- mv /var/lib/radicale /var/lib/radicale.old
- mv radicale /var/lib/radicale
- Verify that the permissions and ownership of the files is as expected.
- ls -laR /var/lib/radicale
- Enable the application and test that everything is okay.