Differences between revisions 36 and 38 (spanning 2 versions)
Revision 36 as of 2016-05-27 17:24:54
Size: 4333
Comment: add repro page
Revision 38 as of 2016-08-21 09:30:28
Size: 4456
Editor: Drahtseil
Comment: added Power
Deletions are marked like this. Additions are marked like this.
Line 19: Line 19:
<<Include(FreedomBox/Manual/Quassel, , to="## END_INCLUDE")>>
Line 39: Line 40:
<<Include(FreedomBox/Manual/Powe, , to="## END_INCLUDE")>>


  1. FreedomBox: take your online privacy back
    1. Typical usage: Private Cloud
    2. Typical usage: Network-Attached Storage (NAS)
    3. Advanced usage: Smart Home Router
    4. Advanced usage: For Communities
    5. FreedomBox Interface
  2. Quick Start
    1. What you need to get started
    2. How to get started
    3. Finding your way around
  3. Getting Help
    1. Discussion Forum
    2. Matrix
    3. IRC #freedombox
    4. Email
    5. Help Back
    6. FreedomBox 23.21 (2023-11-20)
    7. FreedomBox 23.20 (2023-11-06)
    8. FreedomBox 23.19 (2023-10-23)
    9. FreedomBox 23.18 (2023-09-25)
    10. FreedomBox 23.17 (2023-09-11)
    11. FreedomBox 23.16 (2023-08-28)
    12. FreedomBox 23.15 (2023-08-14)
    13. FreedomBox 23.14 (2023-07-31)
    14. FreedomBox 23.13 (2023-07-17)
    15. FreedomBox 23.12 (2023-06-19)
    16. FreedomBox 23.11 (2023-06-05)
    17. FreedomBox 23.10 (2023-05-22)
    18. FreedomBox 23.9 (2023-05-08)
    19. FreedomBox 23.6.2 (2023-05-01)
    20. FreedomBox 23.8 (2023-04-24)
    21. FreedomBox 23.6.1 (2023-04-10)
    22. FreedomBox 23.7 (2023-03-27)
    23. FreedomBox 23.6 (2023-03-13)
    24. FreedomBox 23.5 (2023-02-27)
    25. FreedomBox 23.4 (2023-02-13)
    26. FreedomBox 23.3 (2023-01-30)
    27. FreedomBox 23.2 (2023-01-16)
    28. FreedomBox 23.1 (2023-01-03)
    29. FreedomBox 22.27 (2022-12-19)
    30. FreedomBox 22.26 (2022-12-05)
    31. FreedomBox 22.25 (2022-11-21)
    32. FreedomBox 22.24 (2022-11-07)
    33. FreedomBox 22.23 (2022-10-24)
    34. FreedomBox 22.22.1 (2022-10-16)
    35. FreedomBox 22.22 (2022-10-10)
    36. FreedomBox 22.21.1 (2022-10-01)
    37. FreedomBox 22.21 (2022-09-26)
    38. FreedomBox 22.20 (2022-09-12)
    39. FreedomBox 22.19 (2022-08-29)
    40. FreedomBox 22.18 (2022-08-15)
    41. FreedomBox 22.17 (2022-08-01)
    42. FreedomBox 22.16 (2022-07-18)
    43. FreedomBox 22.15 (2022-07-04)
    44. FreedomBox 22.14.1 (2022-06-27)
    45. FreedomBox 22.14 (2022-06-20)
    46. FreedomBox 22.13 (2022-06-06)
    47. FreedomBox 22.12 (2022-05-23)
    48. FreedomBox 22.11 (2022-05-09)
    49. FreedomBox 22.10 (2022-04-25)
    50. FreedomBox 22.9 (2022-04-11)
    51. FreedomBox 22.8 (2022-03-28)
    52. FreedomBox 22.7 (2022-03-14)
    53. FreedomBox 22.6.1 (2022-03-06)
    54. FreedomBox 22.6 (2022-03-02)
    55. FreedomBox 22.5 (2022-02-14)
    56. FreedomBox 22.4 (2022-01-31)
    57. FreedomBox 22.3 (2022-01-17)
    58. FreedomBox 22.2 (2022-01-11)
    59. FreedomBox 22.1 (2022-01-03)
    60. FreedomBox 21.16 (2021-12-20)
    61. FreedomBox 21.15 (2021-12-06)
    62. FreedomBox 21.14.1 (2021-11-24)
    63. FreedomBox 21.14 (2021-11-22)
    64. FreedomBox 21.13 (2021-11-08)
    65. FreedomBox 21.12 (2021-10-25)
    66. FreedomBox 21.11 (2021-10-11)
    67. FreedomBox 21.10 (2021-09-27)
    68. FreedomBox 21.9 (2021-09-18)
    69. FreedomBox 21.8 (2021-08-30)
    70. FreedomBox 21.7 (2021-08-16)
    71. FreedomBox 21.6 (2021-05-31)
    72. FreedomBox 21.5 (2021-04-19)
    73. FreedomBox 21.4.2 (2021-03-28)
    74. FreedomBox 21.4.1 (2021-03-13)
    75. FreedomBox 21.4 (2021-02-28)
    76. FreedomBox 21.3 (2021-02-11)
    77. FreedomBox 21.2 (2021-02-05)
    78. FreedomBox 21.1 (2021-01-25)
    79. FreedomBox 21.0 (2021-01-11)
    80. FreedomBox 20.21 (2020-12-28)
    81. FreedomBox 20.20.1 (2020-12-19)
    82. FreedomBox 20.20 (2020-12-14)
    83. FreedomBox 20.19 (2020-11-30)
    84. FreedomBox 20.18.1 (2020-11-23)
    85. FreedomBox 20.18 (2020-11-16)
    86. FreedomBox 20.17.1 (2020-11-07)
    87. FreedomBox 20.17 (2020-11-02)
    88. FreedomBox 20.16 (2020-10-19)
    89. FreedomBox 20.15 (2020-10-05)
    90. FreedomBox 20.14.1 (2020-09-23)
    91. FreedomBox 20.14 (2020-09-15)
    92. FreedomBox 20.13 (2020-07-18)
    93. FreedomBox 20.12.1 (2020-07-05)
    94. FreedomBox 20.12 (2020-06-29)
    95. FreedomBox 20.11 (2020-06-15)
    96. FreedomBox 20.10 (2020-06-01)
    97. FreedomBox 20.9 (2020-05-18)
    98. FreedomBox 20.8 (2020-05-04)
    99. FreedomBox 20.7 (2020-04-20)
    100. FreedomBox 20.6.1 (2020-04-11)
    101. FreedomBox 20.6 (2020-04-06)
    102. FreedomBox 20.5.1 (2020-03-26)
    103. FreedomBox 20.5 (2020-03-23)
    104. FreedomBox 20.4 (2020-03-09)
    105. FreedomBox 20.3 (2020-02-24)
    106. FreedomBox 20.2 (2020-02-10)
    107. FreedomBox 20.1 (2020-01-27)
    108. FreedomBox 20.0 (2020-01-13)
    109. FreedomBox 19.24 (2019-12-30)
    110. FreedomBox 19.23 (2019-12-16)
    111. FreedomBox 19.22 (2019-12-02)
    112. FreedomBox 19.21 (2019-11-18)
    113. FreedomBox 19.20 (2019-11-04)
    114. FreedomBox 19.19 (2019-10-21)
    115. FreedomBox 19.18 (2019-10-07)
    116. FreedomBox 19.17 (2019-09-23)
    117. FreedomBox 19.16 (2019-09-09)
    118. FreedomBox 19.15 (2019-08-26)
    119. FreedomBox 19.14 (2019-08-12)
    120. FreedomBox 19.13 (2019-07-29)
    121. FreedomBox 19.12 (2019-07-22)
    122. FreedomBox 19.2.2 (2019-07-17)
    123. FreedomBox 19.2.1 (2019-07-09)
    124. FreedomBox 19.11 (2019-07-08)
    125. FreedomBox 19.10 (2019-06-24)
    126. FreedomBox 19.9 (2019-06-10)
    127. FreedomBox 19.8 (2019-05-27)
    128. FreedomBox 19.7 (2019-05-13)
    129. FreedomBox 19.6 (2019-04-29)
    130. FreedomBox 19.5 (2019-04-15)
    131. FreedomBox 19.4 (2019-04-01)
    132. FreedomBox 19.3 (2019-03-18)
    133. FreedomBox 19.2 (2019-03-02)
    134. FreedomBox 19.1 (2019-02-14)
    135. FreedomBox 19.0 (2019-02-09)
    136. Version 0.49.1 (2019-02-07)
    137. Version 0.49.0 (2019-02-05)
    138. Version 0.48.0 (2019-01-28)
    139. Version 0.47.0 (2019-01-14)
    140. Version 0.46.0 (2018-12-31)
    141. Version 0.45.0 (2018-12-17)
    142. Version 0.44.0 (2018-12-03)
    143. Version 0.43.0 (2018-11-19)
    144. Version 0.42.0 (2018-11-05)
    145. Version 0.41.0 (2018-10-22)
    146. Version 0.40.0 (2018-10-08)
    147. Version 0.39.0 (2018-09-24)
    148. Version 0.38.0 (2018-09-10)
    149. Version 0.37.0 (2018-08-27)
    150. Version 0.36.0 (2018-08-13)
    151. Version 0.35.0 (2018-07-30)
    152. Version 0.34.0 (2018-07-16)
    153. Version 0.33.1 (2018-07-04)
    154. Version 0.33.0 (2018-07-02)
    155. Version 0.32.0 (2018-06-18)
    156. Version 0.31.0 (2018-06-04)
    157. Version 0.30.0 (2018-05-21)
    158. Version 0.29.1 (2018-05-08)
    159. Version 0.29.0 (2018-05-07)
    160. Version 0.28.0 (2018-04-23)
    161. Version 0.27.0 (2018-04-09)
    162. Version 0.26.0 (2018-03-26)
    163. Version 0.25.0 (2018-03-12)
    164. Plinth v0.24.0 (2018-02-26)
    165. Plinth v0.23.0 (2018-02-12)
    166. Plinth v0.22.0 (2018-01-30)
    167. Plinth v0.21.0 (2018-01-15)
    168. Plinth v0.20.0 (2018-01-01)
    169. Plinth v0.19.0 (2017-12-18)
    170. Plinth v0.18.0 (2017-12-04)
    171. Plinth v0.17.0 (2017-11-20)
    172. Plinth v0.16.0 (2017-11-06)
    173. Plinth v0.15.3 (2017-10-20)
    174. Plinth v0.15.2 (2017-09-24)
    175. Plinth v0.15.0 (2017-07-01)
    176. Plinth v0.14.0 (2017-04)
    177. Plinth v0.13.1 (2017-01-22)
    178. Plinth v0.12.0 (2016-12-08)
    179. Plinth v0.11.0 (2016-09-29)
    180. Plinth v0.10.0 (2016-08-21)
    181. Version 0.9.4 (2016-06-24)
    182. Version 0.9 (2016-04-24)
    183. Version 0.8 (2016-02-20)
    184. Version 0.7 (2015-12-13)
    185. Version 0.6 (2015-10-31)
    186. Version 0.5 (2015-08-07)
    187. Version 0.3 (2015-01-20)
    188. Version 0.2 (2014-03-16)
    189. Version 0.1 (2013-02-26)
  4. Download and Install
    1. Downloading on Debian
    2. Downloading for SBC or Virtual Machine
    3. Obtaining Source Code
  5. Apps
    1. Tor (Anonymity Network)
    2. Deluge (Distributed File Sharing via BitTorrent)
    3. Transmission (Distributed File Sharing via BitTorrent)
    4. Shaarli (Bookmarks)
    5. Dynamic DNS Client
    6. Roundcube (Email Client)
    7. Quassel (Text Chat Client via IRC)
    8. ownCloud
    9. PageKite (Public Visibility)
    10. Secure Shell (SSH) Server
    11. Mumble (Voice Chat) Server
    12. Privoxy (Web Proxy)
    13. Ikiwiki (Wiki and Blog)
    14. Unhosted Storage
    15. OpenVPN (Virtual Private Network)
    16. GnuSocial
    17. Radicale (Calendar and Addressbook)
    18. Repro (SIP Server)
  6. System
    1. Configure
    2. Users and Groups
    3. Networks
    4. Software Updates
    5. Diagnostics
    6. Firewall
    7. Date & Time
  7. Hardware
    1. Recommended Hardware
    2. Supported Hardware
    3. Additional Hardware
    4. Common Hardware Information
    5. Building Your Own Images
    6. Cubietruck
    7. Beagle Bone Black
    8. A20 OLinuXino Lime2
    9. A20 OLinuXino MICRO
    10. APU
    11. VirtualBox
    12. Debian
    13. Raspberry Pi 2 Model B
    14. USB Wi-Fi
  8. Contributing
  9. Get Involved
    1. Quick Links
    2. Welcome to newcomers
  10. Contributions needed
    1. Donate
    2. Spread the Word
    3. Feed Us Back (Comment)
    4. Request applications
    5. Translate
    6. Document: User Manual, Website and Wiki, HowTo/demo videos
    7. Assure Quality (Test and Check)
    8. Code
    9. Design
    10. Package Applications
  11. Developer Guide
  12. Hacking
    1. FreedomBox Service (Plinth)
    2. FreedomBox Setup
    3. Freedom Maker
  13. Other Resources: Manual Older Versions
  14. Tell people around you

FreedomBox: take your online privacy back

FreedomBox is a ready made personal server, designed with privacy and data ownership in mind. It is a subset of the Debian universal operating system and includes free software only. You can run it on a small, inexpensive and power-efficient computer box in your home that is dedicated for that use. It can also be installed on any computer running Debian or in a virtual machine.

In order to replace third-party communication services that are data mining your entire life, you will be able to host services yourself and use them at home or over the Internet through a browser or specialized apps. These services include chat and voice calls, webmail, file sharing and calendar, address book and news feed synchronization. For example, to start using a private chat service, activate the service from the administration interface and add your friends as authorized users of the service. They will be able to connect to the service hosted on your FreedomBox, using XMPP chat clients such as Conversations on Android, Pidgin on Windows and Linux, or Messages on Mac OS, for encrypted communications.

FreedomBox is a product you can just buy, set up and use. Once installed the interface is easy to use, similar to a smart phone.

User documentation:

FreedomBox can also host a Wi-Fi access point, ad blocking proxy and a virtual private network (VPN). More advanced users can replace their router with a FreedomBox.

Setting up FreedomBox on a specific hardware or on your computer running Debian may require a bit of technical expertise or help from the community.

Related technical documentation:

1. Typical usage: Private Cloud

FreedomBox provides services to the computers and mobile devices in your home, and to your friends. This includes secure instant messaging and low-bandwidth, high-quality voice conference calling. FreedomBox lets you publish your content in a blog and wiki to collaborate with the rest of the world. On the roadmap are a personal email server and federated social networking, to provide privacy-respecting alternatives to Gmail and Facebook.

2. Typical usage: Network-Attached Storage (NAS)

The storage space available to FreedomBox can be expanded by attaching an external disk drive. This allows FreedomBox to become a media library for your photos, music, and videos. The folders are shared to laptops and mobile phones on the local network, and the media can be streamed to local devices including smart TVs.

3. Advanced usage: Smart Home Router

FreedomBox runs in a physical computer and can route your traffic. It can sit between various devices at home such as mobiles, laptops and TVs and the Internet, replacing a home wireless router. By routing traffic, FreedomBox can remove tracking advertisements and malicious web bugs before they ever reach your devices. FreedomBox can cloak your location and protect your anonymity by "onion routing" your traffic over Tor. FreedomBox provides a VPN server that you can use while you are away from home to keep your traffic secret on untrusted public wireless networks and to securely access various devices at home.

It can also be carried along with your laptop and set up to offer its services on public networks at work, school or office. In the future, FreedomBox intends to deliver support for alternative ways of connecting to the Internet such as Mesh networking.

4. Advanced usage: For Communities

The primary design goal of FreedomBox is to be used as a personal server at home for use by a single family and their friends. However, at the core, it is a server software that can aid a non-technical user to setup services and maintain them with ease. Security is automatically managed and many of the technical choices in system administration are taken care by the software automatically thereby reducing complexity for a non-technical user. This nature of FreedomBox makes it well-suited for hosting services for small communities like villages or small firms. Communities can host their own services using FreedomBox with minimal effort. They can setup Wi-Fi networks that span the entire area of the community and draw Internet connections from long distances. Community members can enjoy previously unavailable Internet connectivity, ubiquitous Wi-Fi coverage, free VOIP services, offline education and entertainment content, etc. This will also boost privacy for individuals in the community, reduce dependence on centralized services provided by large companies and make them resistant to censorship.

The free e-book FreedomBox for Communities describes the motivation and provides detailed instructions to setup FreedomBox for this use case. Members of the FreedomBox project are involved in setting up Wi-Fi networks with free Internet connectivity in rural India. This e-book documents their knowledge and experiences.

5. FreedomBox Interface

5.1. Screenshot

FreedomBox front page

5.3. Video resources

Eben Moglen's talk, Eben Moglen - Freedom in the cloud, delivered before the FreedomBox project was started gives insights into the philosophy behind FreedomBox.

First demonstration of FreedomBox at SFLC, University of Columbia by Sunil Mohan Adapa.

Quick Start

1. What you need to get started

The easy way is to buy a FreedomBox kit.

Alternatively you may choose to build it yourself, by gathering all the components:

  • A supported device (including any device that can run Debian). We will call that the FreedomBox in the rest of this manual.

  • A power cable for your device.
  • An ethernet cable.
  • A microSD card (or equivalent storage media for your device), prepared according to the instructions on the Download page.

2. How to get started

  1. Plug one end of your ethernet cord into your FreedomBox's ethernet port, and plug the other end into your router.

  2. Power on the FreedomBox.

    • Note: On most single board computers, don't expect any output on a monitor connected via HDMI as the support may not exist in the kernel. See below to access and control your FreedomBox via network.

  3. On first boot, FreedomBox will perform its initial setup (older versions of FreedomBox reboot after this step). This process may take several minutes on some machines. After giving it about 10 minutes, proceed to the next step.

  4. After the FreedomBox has finished its initial setup, you can access its web interface through your web browser.

    • If your computer is connected directly to the FreedomBox through a second (LAN) ethernet port, you can browse to: http://freedombox/ or

    • If your computer supports mDNS (GNU/Linux, Mac OSX or Windows with mDNS software installed), you can browse to: http://freedombox.local/ (or http://the-hostname-you-entered-during-install.local/)

    • If you know your way around the router's web interface, you can look up the IP address of the FreedomBox there, and browse to that address.

    • If none of these methods are available, then you will need to figure out the IP address of your FreedomBox. You can use the "nmap" program from your computer to find its IP address:

           nmap -p 80 --open -sV (replace the ip/netmask with the one the router uses)
      In most cases you can look at your current IP address, and change the last digits with zero to find your home network, like so: XXX.XXX.XXX.0/24

      Your FreedomBox will show up as an IP address with an open tcp port 80 using Apache httpd service on Debian, such as the example below which would make it accessible at

           Nmap scan report for
           Host is up (0.00088s latency).
           80/tcp open  http    Apache httpd 2.4.17 ((Debian))
      If nmap does not find anything with the above command, you can try replacing with
           nmap -n -sP
      The scan report will show something similar to the following:
           Nmap scan report for
           Host is up (0.00027s latency).
           Nmap scan report for
           Host is up (0.00044s latency).

      In this example, the FreedomBox is accessible at ( is my laptop.)

  5. On accessing FreedomBox's web interface your browser will warn you that it communicates securely but that it regards the security certificate for doing so as invalid. This is a fact you need to accept because the certificate is auto generated on the box and therefore "self-signed" (the browser might also use words such as "untrusted", "not private", "privacy error" or "unknown issuer/authority"). Telling your browser that you are aware of this might involve pressing buttons such as "I understand the Risks", "proceed to ... (unsafe)" or "Add exception". After installation this certificate can be changed to a normal one using the Let's Encrypt option.

    • Self-signed certificate warning

    • Add Security Exception

    • If the domain name you are using already has a valid certificate from a recognised Certificate Authority, such as from Let's Encrypt, you may not be able to access the web interface. This means that the option to continue will not be offered. This might occur, for example, if you are reinstalling your FreedomBox or are otherwise reusing a domain name that has an associated certificate. This is normal, because your browser has a record of having visited the site and knows about the valid official certificate. The browser will not subsequently accept a self-signed certificate and you will be blocked. There are two ways to get beyond this hurdle.

      The first method is to access your FreedomBox by its IP address instead of by its domain name. So, instead of using something https://example.com, you would use something like (substitute your own IP address).

      The second method is to create a fresh profile for your browser and access your FreedomBox from the new profile. The new profile will have no memory of having visited the site nor memory of an official certificate. Once your FreedomBox has a new Let's Encrypt certificate, you can go back to using the old browser profile.

  6. The first time you access the FreedomBox web interface, you will see a welcome page. Click the "Start Setup" button to continue.

    • Welcome

      If you have installed FreedomBox using a Debian package, you will be asked for a secret key. This secret was generated during the installation of the Debian package. It can be read from the file /var/lib/plinth/firstboot-wizard-secret.

  7. The next page asks you to provide a user name and password. Fill in the form, and then click "Create Account."
    • Note: The user that you create here has Admin privileges and can also log in using ssh. For additional security, you may want to use a separate account for administrative tasks and for your normal, daily use. You can add more users later.

    • Account

  8. After completing the form, you will be logged in to FreedomBox's web interface and able to access apps and configuration through the interface.

    • Complete

Now you can try any of the Apps that are available on FreedomBox.

3. Finding your way around

3.1. Front page

The front page is the page that you will see when accessing the web root of your FreedomBox. You can also access it by clicking the FreedomBox logo in the top-left corner of the FreedomBox's web interface.

The front page includes shortcuts to apps that have been installed and are enabled. For web apps, clicking the shortcut will take you directly to the app's web page. For other services, clicking the shortcut will show more information about the service.

Front page

Front page

3.2. Apps menu

The Apps menu can be accessed by clicking the grid icon, next to the FreedomBox logo. This page lists all of the apps that are available for installing on FreedomBox. Click the name of an app to visit its page, where you can install and configure it.


3.3. Help menu

The Help menu can be accessed by clicking the question mark icon in the top-right corner. It includes helpful links and the FreedomBox manual.


3.4. System menu

The System menu can be accessed by clicking the gear icon in the top-left corner. It includes a number of pages related to system configuration.


3.5. User menu

In the top-right corner, the name of the currently logged-in user is shown. A drop-down menu includes options for editing the current user or logging out of the user interface.


3.6. Burger menu

FreedomBox's web interface is responsive. When the display or browser window is very narrow, menu options may be hidden.


That is because the top menu options are collapsed into the burger icon shown at the top right corner of the window. Click on it to display a drop-down menu.


Getting Help

The FreedomBox community provides live help via forum, chat and email. Feel free to join and ask anything you like. If you receive help, please consider to report your solution to the Questions and Answers page, so others can benefit in the future.

1. Discussion Forum

The easiest way to get support is by using the discussion forum. You can browse solutions to known problems or request help from community contributors by asking a question. This is also the best way to provide community contributors with feedback about your FreedomBox experience.

To post new content, you will need to register for an account with name and email address (but you can provide pseudonym and non-primary email address). By watching topics and categories or by enabling 'mailing list mode' in your account preferences, you can interact with the forum by just sending and receiving emails similar to a mailing list.

2. Matrix

You can join our Matrix room #freedombox:matrix.org. The room is federated with the IRC channel and remembers the chat history. If you do not yet have a client installed, you can use your web browser to join. For more options, see this matrix client overview page.

3. IRC #freedombox

Providing you are familiar with Internet Relay Chat (IRC) and IRC client, you can get an instant online help from the community on irc.debian.org, channel #freedombox. Potentially it takes some time before some member is answering you, be patient, a reaction will come later.

4. Email

FreedomBox users and contributors can be reached by email via a discussion list. In order to ask a question and get an answer from the community, please register from the mailing list page providing your email adress and creating a password. You can also read discussions archives. This list gathers about 700 readers.

5. Help Back

Once you've got your solution, don't forget to add it to the Questions and Answers page and tell which features do you use from the box on Use Cases page. It could help others to use FreedomBox in a way they would have not imagined.

The following are the release notes for each FreedomBox version.

FreedomBox 23.21 (2023-11-20)

  • locale: Update translations for Chinese (Simplified), Czech, Spanish, Swedish, Turkish, Ukrainian

FreedomBox 23.20 (2023-11-06)

1. Highlights

  • backups: Don't leave services stopped if backup fails
  • coturn: Fix incorrectly passing transport argument to STUN URIs

2. Other Changes

  • apache: tests: Update to use DiagnosticCheck class

  • app: Update diagnose() docstring
  • datetime: Fix diagnostic test for checking NTP server sync
  • diagnostics: Add shortcut to re-run setup for app
  • ejabberd: Update old STUN URIs to remove 'transport' parameter
  • email: Increase the size of the message to 100MiB
  • locale: Update translations for Albanian, German, Spanish, Turkish, Ukrainian
  • matrixsynapse: Update old STUN URIs to remove 'transport' parameter
  • operation: Fix issue with re-running setup when it fails first time
  • tests: functional: Run tests on two app servers

FreedomBox 23.19 (2023-10-23)

1. Highlights

  • backup: Fix bug in adding existing unencrypted backup location
  • diagnostics: Run daily check and notify on failures
  • email: Fix issue with install caused by missing drop-in config file
  • kiwix: Add app for Kiwix offline Wikipedia reader
  • upgrades: Allow matrix-synapse to be installed from bookworm

2. Other Changes

  • db: Serialize most of the database queries using locks
  • diagnostics: Add DiagnosticCheck dataclass

  • diagnostics: Refactor background diagnostics task
  • diagnostics: Refactor check IDs, tests and background checks
  • glib: Add a jitter to the interval by default when scheduling tasks
  • glib: Refactor schedule debugging in a central place
  • kiwix: Do not require login to access the app
  • kiwix: Drop unnecessary file in /etc/plinth/modules-enabled
  • kiwix: Fix various issues after review
  • locale: Update translations for Arabic, Czech, Dutch, German, Hindi, Spanish, Swedish, Telugu, Turkish, Ukrainian
  • matrix-synapse: Update warning on how to change domain name
  • operation: Add unique ID for each operation

FreedomBox 23.18 (2023-09-25)

  • *: Fix all typing hint related errors
  • development: Make passing mypy checks mandatory
  • development: Perform backports tests on bookworm instead of bullseye
  • ikiwiki: Disable discussion pages by default for new wiki/blog
  • locale: Update translations for Bulgarian
  • middleware: Add new middleware to handle common errors like DB busy
  • upgrades: Fix detecting apt over tor during upgrade
  • wordpress: Use absolute path in service file

FreedomBox 23.17 (2023-09-11)

  • locale: Update translations for Czech, Dutch, Spanish, Swedish, Turkish, Ukrainian

FreedomBox 23.16 (2023-08-28)

1. Highlights

  • openvpn: Renew server/client certificates
  • openvpn: Correctly set expiry of server/client certs to 10 years

2. Other Changes

  • backups: Remove use of length_is template function
  • django: Remove use of X-XSS-Protection header
  • locale: Update translations for Czech, Norwegian Bokmål, Swedish
  • networks, samba: Fix tests setting firewall zone
  • openvpn: Ensure that re-running setup works as expected
  • openvpn: Fix app not installing on Debian testing
  • openvpn: Minor refactoring in setting up easy-rsa
  • openvpn: Use config file instead of env vars for easy-rsa
  • sso: Switch to django-axes >= 5.0

  • sso: Use POST method for logout
  • users, networks: Use the autofocus HTML attribute sparingly

FreedomBox 23.15 (2023-08-14)

  • debian: Add Swedish translation for debconf
  • locale: Update translations for Dutch, German, Spanish, Turkish, Ukrainian

FreedomBox 23.14 (2023-07-31)

1. Highlights

  • app: Implement advanced option to rerun app setup
  • torproxy: Add separate app for Tor Proxy
  • upgrades: Use codename in apt preferences

2. Other Changes

  • HACKING: Add instructions for container on Raspberry Pi
  • bepasty: Don't enable app when setup is rerun
  • bind: Don't enable app when setup is rerun
  • ci: Add mypy static type check
  • container: Add support for retrieving GPG keys using wget
  • container: Update for bookworm images
  • deluge: Don't enable app when setup is rerun
  • ejabberd: Don't enable app when setup is rerun
  • firewall: Add diagnostic check for backend
  • firewall: Add diagnostic check for passthroughs
  • firewall: Add diagnostic for default zone
  • gitweb: Don't enable app when setup is rerun
  • ikiwiki: Don't enable app when setup is rerun
  • infinoted: Don't enable app when setup is rerun
  • janus: Don't enable app when setup is rerun
  • jsxc: Don't enable app when setup is rerun
  • kvstore: Optionally, don't throw exception when deleting key
  • locale: Update translations for Dutch
  • mediawiki: Don't enable app when setup is rerun
  • minetest: Don't enable app when setup is rerun
  • openvpn: Don't enable app when setup is rerun
  • performance: Don't enable app when setup is rerun
  • privoxy: Don't enable app when setup is rerun
  • quassel: Don't enable app when setup is rerun
  • radicale: Don't enable app when setup is rerun
  • rssbridge: Don't enable app when setup is rerun
  • shaarli: Don't enable app when setup is rerun
  • sharing: Don't enable app when setup is rerun
  • tor, torproxy: Export settings from old to new app
  • tor, torproxy: Update description for info on services provided
  • tor: tests: Make functional test check for running service
  • ttrss: Don't enable app when setup is rerun
  • upgrades: Use codename for unattended-upgrades origin pattern
  • users: Add diagnostic checks for nsswitch config
  • users: Add diagnostics check for nslcd config
  • wireguard: Don't enable app when setup is rerun
  • zoph: Don't enable app when setup is rerun

FreedomBox 23.13 (2023-07-17)

  • container: Add support for ARM64 containers
  • HACKING: Instructions for macOS on Apple Silicon
  • locale: Update translations for German, Spanish, Turkish, Ukrainian

FreedomBox 23.12 (2023-06-19)

1. Highlights

  • packages: Purge packages on uninstall
  • gitweb: Fix issue with service startup when gitweb is not enabled
  • mediawiki: Increment version to run update.php automatically

2. Other Changes

  • deluge: Utilize purging of packages and don't remove explicitly
  • locale: Update translations for Czech, Dutch, Spanish, Turkish, Ukrainian
  • mediawiki: Utilize purging of packages and don't remove explicitly
  • roundcube: Clarify description for local mail only option
  • samba: Remove additional configuration files on uninstall
  • searx: Fix typo in method name
  • shaarli: Utilize purging of packages and don't remove explicitly
  • uninstall: Remove experimental warning

FreedomBox 23.11 (2023-06-05)

1. Highlights

  • *: Fix icons not present in the generated .deb
  • shadowsocksserver: Add separate app for Shadowsocks server

2. Other Changes

  • apache: Fix failure during app update
  • apache: Use drop-in config component for /etc files
  • bepasty: Use drop-in config component for /etc files
  • calibre: Use drop-in config component for /etc files
  • cockpit: Use drop-in config component for /etc files
  • config: Add new component for managing drop-in /etc/ config files
  • debian/install: Add new place in /usr to keep drop-in config files
  • deluge: Use drop-in config comonents for /etc files
  • ejabberd: Use drop-in config component for /etc files
  • email: Use drop-in config component for /etc files
  • gitweb: Use drop-in config component for /etc files
  • i2p: Use drop-in config component for /etc files
  • ikiwiki: Use drop-in config component for /etc files
  • janus: Use drop-in config component for /etc files
  • letsencrypt: Use drop-in config component for /etc files
  • matrixsynapse: Use drop-in config component for /etc files
  • mediawiki: Use drop-in config component for /etc files
  • minidlna: Use drop-in config component for /etc files
  • networks: Use drop-in config component for /etc files
  • pagekite: Drop the config file for forcing use of Debian certs
  • privacy: Use drop-in config component for /etc files
  • radicale: Use drop-in config component for /etc files
  • roundcube: Use drop-in config component for /etc files
  • rssbridge: Use drop-in config component for /etc files
  • searx: Use drop-in config component for /etc files
  • security: Use drop-in config component for /etc files
  • sharing: Use drop-in config component for /etc files
  • ssh: Use drop-in config component for /etc files
  • sso: Use drop-in config component for /etc files
  • syncthing: Use drop-in config component for /etc files
  • transmission: Use drop-in config component for /etc files
  • ttrss: Use drop-in config component for /etc files
  • upgrades: Use drop-in config component for /etc files
  • users: Use drop-in config component for /etc files
  • wordpress: Use drop-in config component for /etc files

FreedomBox 23.10 (2023-05-22)

  • *: Move modules-enabled files to /usr/share
  • locale: Update translations for Dutch, Portuguese, Spanish, Turkish, Ukrainian
  • doc/dev: Set language code explicitly in Sphinx configuration
  • gitweb: Disable gpg signing in tests

FreedomBox 23.9 (2023-05-08)

1. Highlights

  • transmission: Allow remote UIs to connect
  • ttrss: Allow apps to use /tt-rss URL instead of separate one

2. Other Changes

  • apache: Reload apache using component if config changes
  • debian: Follows policy v4.6.2
  • debian: Update copyright years
  • doc/dev: Update copyright year
  • help: Add information on obtaining source code
  • locale: Update translations for Japanese
  • mediawiki: Make a utility method public
  • mediawiki: Make retrieving list of supported languages robust
  • mediawiki: Simplify retrieving the default language
  • minidlna: Resize icon and export to PNG also
  • service: Remove reference to managed_services in a message
  • storage: Handle mount error properly
  • theme: Move icons to app folders
  • tor: Check if Hidden service is version 3
  • tor: Only diagnose relay ports if feature enabled
  • tor: Rename Hidden service to Onion service
  • transmission: Add Tremotesf to list of client apps
  • ttrss: Don't show app in enabled list of apps if install fails
  • ttrss: Update list of clients
  • ttrss: Use the apache component to restart apache on config change
  • uninstall: Fix issue with uninstall of apps that have no backup
  • zoph: Don't fail at showing app view during uninstall

FreedomBox 23.6.2 (2023-05-01)

  • upgrades: Check apt result during dist-upgrade
  • locale: Update translations for Bulgarian, Ukrainian

FreedomBox 23.8 (2023-04-24)

1. Highlights

  • coturn: Prevent package removal when roundcube is uninstalled
  • datetime: Re-implement backup/restore for timezone
  • gitweb: Disable snapshot feature

2. Other Changes

  • HACKING: Force pip to install packages to system environment
  • bepasty: When uninstalling, remove all data and configuration
  • calibre: Remove libraries during uninstallation
  • ci: Force pip install for functional tests
  • coturn: When uninstalling, remove all data and configuration
  • datetime: Use unique component ID for related daemon
  • deluge: When uninstalling, remove all data and configuration
  • gitweb: When uninstalling, remove all data and configuration, remove repositories
  • gitweb: Make globally configured features overridable per-repository
  • gitweb: Simplify handling shortcut for front page
  • ikiwiki: When uninstalling, remove all data and configuration
  • infinoted: When uninstalling, remove all data and configuration
  • locale: Update translations for Bulgarian, French, Ukrainian
  • matrixsynapse: When uninstalling, remove all data and configuration
  • mediawiki: When uninstalling, remove all data and configuration
  • mediawiki: Fix broken view on Bullseye due to language selection
  • openvpn: When uninstalling, remove all data and configuration
  • roundcube: When uninstalling, remove all data and configuration
  • rssbridge: When uninstalling, remove all data and configuration
  • samba: When uninstalling, remove all data and configuration
  • searx: When uninstalling, remove all data and configuration
  • searx: Simplify handling shortcut for front page
  • shaarli: When uninstalling, remove all data and configuration
  • shadowsocks: When uninstalling, remove all data and configuration
  • sharing: When uninstalling, remove all data and configuration
  • syncthing: When uninstalling, remove all data and configuration
  • syncthing: Remove unused pathlib import so job code-quality can pass
  • tests: Don't error during collection if selenium is not installed
  • tests: functional: Make install script work for Bullseye
  • tests: functional: Remove handling for custom enable/disable buttons
  • tests: functional: Update detecting page changes
  • tor: When uninstalling, remove all data and configuration
  • ttrss: When uninstalling, remove all data and configuration
  • upgrades: Check apt result during dist-upgrade
  • wordpress: When uninstalling, remove all data and configuration

FreedomBox 23.6.1 (2023-04-10)

  • coturn: Prevent package removal when roundcube is uninstalled
  • datetime: Re-implement backup/restore for timezone
  • gitweb: Disable snapshot feature
  • gitweb: Make globally configured features overridable per-repository
  • locale: Update translations for Bulgarian, French

FreedomBox 23.7 (2023-03-27)

1. Highlights

  • matrixsynapse: Add token based registration verification
  • mediawiki: Allow setting site language code

2. Other Changes

  • container: Fix resizing disk image containing multiple partitions
  • container: Force pip to install packages to system environment
  • container: Increase wait time to accommodate slower architectures
  • locale: Update translations for Bulgarian
  • tests: functional: Fix setting first ethernet connection as internal

FreedomBox 23.6 (2023-03-13)

  • /etc/issue: Update message to reflect that all users can login
  • ci: Force pip to install packages to system environment
  • datetime: Use timedatectl to read current timezone
  • samba: Make sure shares are not accessible from the internet
  • ttrss: Fix failing backup

FreedomBox 23.5 (2023-02-27)

  • mediawiki: Fix app view error
  • locale: Update translations for Albanian, Bulgarian, Czech, Dutch, German, Spanish, Swedish, Turkish, Ukrainian
  • samba: tests: Fix enable share view test

FreedomBox 23.4 (2023-02-13)

1. Highlights

  • ejabberd: Fix making call connections when using TURN
  • matrixsynapse: Disable verification to fix public registrations
  • snapshot: Fix issue with snapshot rollbacks

2. Other Changes

  • app: Add backup and restore menu items to toolbar menu
  • backups: Allow selecting a single app from URL when creating backup
  • config: Drop RuntimeMaxUse=5% for journal logging

  • dynamicdns: Skip uninstall test
  • ejabberd: Add Monal and Siskin for iOS and remove ChatSecure

  • email: Redirect to the app page if roundcube isn't installed
  • ikiwiki: Re-run setup for each site after restore
  • locale: Update translations for Bulgarian, Spanish
  • matrixsynapse: Minor refactor in getting/setting public registrations
  • matrixsynapse: Add python3-psycopg2 to packages
  • matrixsynapse: Use yaml.safe_load
  • searx: Add libjs-bootstrap to packages
  • snapshot: Fix mounting /.snapshots subvolume and use automounting
  • templates: Show better title for 404 page
  • uninstall: Fix spelling in warning message
  • vagrant: Drop unnecessary script that deletes sqlite file
  • vagrant: Hide the vagrant-script directory
  • vagrant: Mount source in /freedombox instead of /vagrant
  • vagrant: Switch to /freedombox before running service with alias

FreedomBox 23.3 (2023-01-30)

  • config: Fix showing the value of the default home page
  • email: Revert workaround for error on finishing uninstall
  • firewalld: Allow upgrade to version 2*
  • gitweb: tests: Skip tests using git when git is not installed
  • locale: Update translations for Bulgarian
  • tests: functional: Fix submitting forms with notifications present
  • tor: Also use Aptsources822 augeas lens
  • tor: Remove workaround for old Augeas bug
  • upgrades: Add augeas lens for Deb822 apt sources
  • views: Use dedicated view when showing an app with operations

FreedomBox 23.2 (2023-01-16)

  • locale: Update translations for Albanian, Bulgarian
  • ssh: Add sudo to allowed groups
  • upgrades: Stop quassel during dist upgrade

FreedomBox 23.1 (2023-01-03)

1. Highlights

  • package: Don't uninstall packages that are in use by other apps
  • tor: Add onion location to apache

2. Other Changes

  • email: Workaround an issue with error on finishing uninstall
  • gitweb: Run git commands as a web user
  • janus: Allow upgrade to 1.1
  • locale: Update translations for Galician, Spanish
  • operation: tests: Fix warning when test helpers start with 'Test'
  • zoph: Add explicit dependency on default-mysql-server

FreedomBox 22.27 (2022-12-19)

1. Highlights

  • minidlna: Fix incorrect marking for firewall local protection
  • zoph, wordpress: Add conflicts on libpam-tmpdir

2. Other Changes

  • container: Drop free tag from image URLs
  • d/control: Don't recommend libpam-tmpdir
  • locale: Update translations for Bulgarian, Chinese (Simplified), Czech, Dutch, German, Turkish, Ukrainian
  • package, email: Move conflicting package removal to framework
  • snapshot: Fix showing unsupported message on non-btrfs filesystems
  • tests: functional: Set timeout to 3 hours
  • upgrades: dist-upgrade: Don't change apt security line
  • users: tests: Fix privileged tests
  • wordpress: Redirect Webfinger queries

FreedomBox 22.26 (2022-12-05)

1. Highlights

  • ejabberd: Enable mod_http_upload
  • security: Remove restricted access setting and configuration
  • ssh: Restrict logins to groups root, admin and freedombox-ssh

2. Other Changes

  • calibre: Add protection to local service using firewall
  • deluge: Add protection to local service using firewall
  • email: Add protection to local service using firewall
  • firewall: Create a mechanism for protecting local services
  • firewall: Introduce component for local service protection
  • i2p: Add protection to local service using firewall
  • i2p: Remove donation URL that is no longer available
  • minidlna: Add protection to local service using firewall
  • searx: Ensure that socket is only reachable by Apache and root
  • ssh: Add checkbox to remove login group restrictions
  • syncthing: Add protection to local service using firewall
  • transmission: Add protection to local service using firewall

FreedomBox 22.25 (2022-11-21)

  • email: Add fail2ban jail for dovecot
  • email: Fix creation of aliases for security@ and usenet@

FreedomBox 22.24 (2022-11-07)

1. Highlights

  • locale: Update translations for Bulgarian, French, German, Norwegian Bokmål

2. Other Changes

  • debian/lintian-overrides: Fix mismatch patterns and new messages
  • minetest: Handle upgrade from 5.3.0 to 5.6.1
  • storage: Drop skip_recommends
  • upgrades: Add documentation link to upgrades service file
  • upgrades: Update list of holds during dist upgrade

FreedomBox 22.23 (2022-10-24)

1. Highlights

  • letsencrypt: Fix regression with comparing certificate
  • rssbridge: Add option to allow public access

2. Other Changes

  • locale: Update translations for Bulgarian, Hungarian, Swedish
  • storage: Handle file systems on non-physical devices
  • upgrades: Allow FreedomBox vendor when adding backports

  • upgrades: Skip unattended-upgrade in dist-upgrade

FreedomBox 22.22.1 (2022-10-16)

  • debian: tests: Fix PYTHONPATH
  • locale: Update translations for Bulgarian, Chinese (Simplified), Czech, Dutch, Turkish, Ukrainian
  • privacy: Remove unused import, fix pipeline

FreedomBox 22.22 (2022-10-10)

1. Highlights

  • privacy: Add new system app for popularity-contest
  • matrix: Add fail2ban jail

2. Other Changes

  • *: Use privileged decorator for actions
  • action_utils: Drop support for non-systemd environments
  • action_utils: Drop unused progress requests from apt-get
  • actions: Allow actions to be called by other users
  • actions: Allow nested and top-level actions
  • actions: Drop unused superuser_run and related methods
  • actions: Implement getting raw output from the process
  • actions: Use separate IPC for communicating results
  • apache: Fix logs still going into /var/log files
  • bind: Drop enabling DNSSEC (deprecated) as it is always enabled
  • config: Drop ability to set hostname on systems without systemd
  • config: Drop legacy migration of Apache homepage settings
  • fail2ban: Make fail2ban log to journald
  • firewall: Drop showing running status
  • locale: Update translations for Albanian, Czech, Norwegian Bokmål, Russian, Swedish, Ukrainian
  • minidlna: Use the exposed URL for diagnostic test
  • openvpn: Drop RSA to ECC migration code and two-step setup
  • privacy: Set vendor as FreedomBox for dpkg and popularity-contest

  • searx: Show status of public access irrespective of enabled state
  • templates: Update HTML meta tags for better description and app-name
  • tests: Add fixture to help in testing privileged actions
  • wordpress: Update fail2ban filter

FreedomBox 22.21.1 (2022-10-01)

  • locale: Update translations for Bulgarian, Ukrainian
  • notification: Don't fail when formatting message strings

FreedomBox 22.21 (2022-09-26)

  • janus: Enable systemd sandboxing
  • locale: Update translations for Albanian, Bulgarian, Czech, Danish, Dutch, French, German, Greek, Hungarian, Indonesian, Italian, Latvian, Lithuanian, Norwegian Bokmål, Persian, Polish, Portuguese, Russian, Serbian, Slovenian, Spanish, Swedish, Turkish, Ukrainian
  • mediawiki: Add powered by freedombox logo
  • wordpress: Add fail2ban filter and jail
  • wordpress: Disable readme.html, xmlrpc.php, wp-cron.php

FreedomBox 22.20 (2022-09-12)

1. Highlights

  • matrixsynapse: Allow matrix-synapse >= 1.65 to install successfully

2. Other Changes

  • backups: Use generic form template for create and schedule views
  • backups: tests: functional: Find forms more accurately
  • bepasty: Use generic form template for add password view
  • bepasty: tests: functional: Minor refactor for form submission
  • calibre: tests: functional: Find forms more specifically
  • d/maintscript: remove tahoe and mldonkey apache conf files
  • debian: Add Italian debconf translation
  • ejabberd: tests: functional: Ensure jsxc is installed
  • firewall: Allow upgrade from any version to 1.2.*
  • first_boot: tests: functional: Find form more specifically
  • gitweb: Fix issue with page not refreshing during uninstall
  • gitweb: Use generic form template for create/edit repository
  • gitweb: tests: functional: Find forms more accurately
  • ikiwiki: tests: functional: Find forms more accurately
  • locale: Update translations for Chinese (Simplified), Czech, French, Italian, Turkish
  • samba: Ignore mounted files when listing mounts
  • samba: Update client apps information
  • shaarli: tests: functional: Specify setup form submission button
  • sharing: tests: functional: Find forms more accurately
  • snapshot: tests: functional: Minor refactoring for form submission
  • sso: tests: functional: Find forms more accurately
  • templates: form: Specify a form class for use with functional tests
  • tests: functional: Assert app is not installed after uninstallation
  • tests: functional: Force specifying form to submit more accurately
  • tests: functional: Wait for installation to complete fully
  • users: tests: functional: Find forms more accurately
  • version: Compare Debian package version numbers
  • wordpress: tests: functional: Find forms more specifically
  • zoph: tests: functional: Simplify finding the form to submit

FreedomBox 22.19 (2022-08-29)

1. Highlights

  • jsxc: Allow disabling the app
  • app: Add a menu item to trigger uninstallation

2. Other Changes

  • app: Add API to uninstall an app
  • avahi: Don't disable after tests
  • backups: Use AppView for the main app page

  • container: Display help message when no args are passed
  • container: Show default values in command help
  • d/control: Break ufw as we use firewalld
  • debian: Update Spanish translation template
  • diagnostics: Use AppView for app page

  • ejabberd: Set hostname for test that relies on it
  • forms: Implement form for uninstallation
  • janus: Convert action to privileged
  • janus: Handle upgrades to 1.0.*
  • letsencrypt: Use AppView for app page

  • locale: Update translations for Bulgarian, Chinese (Simplified), Czech, French, German, Spanish, Turkish, Ukrainian
  • names: Use AppView for app page

  • networks: Use AppView for app page

  • operation: Factor out template code into a separate file
  • operation: Show operations on app page in addition to setup page
  • package: Implement low-level methods for uninstalling
  • package: Implement uninstall in Package component
  • power: Use AppView for app page

  • security: Use AppView for app page

  • setup: Drop check for already running operation
  • setup: Implement operation to uninstall an app
  • snapshot: Use AppView for app page

  • tests: Make functional.is_available check faster
  • tests: functional: Add install/uninstall test for all apps
  • tor: Use AppView and Operation for app page

  • ttrss: Add donation url
  • upgrades: Add button to test dist-upgrade in development mode
  • upgrades: Hold janus during dist-upgrade
  • views: Implement a view to uninstall an app

FreedomBox 22.18 (2022-08-15)

1. Highlights

  • networks: Remove DNSSEC diagnostics
  • setup: Allow starting installation when package manager is busy
  • setup: Fix issue with immediate refresh after installation

2. Other Changes

  • *: Add setup method on all apps that don't have it
  • *: Drop module level app property
  • *: Make force upgrading part of app rather than a module
  • *: Make setup method part of App class for all apps
  • app: Drop optimization that skips setup process
  • backups: tests: Mark need for Django database during API tests
  • container: Add IdentitiesOnly option to SSH

  • container: Ignore flake8 error 'line too long' in bash script text
  • coturn: Fix link to ejabberd in description
  • doc: dev: Document previously undocumented components
  • ejabberd: Fix showing the status messages
  • locale: Update translations for Bulgarian, Czech, Dutch, French, German, Turkish, Ukrainian
  • matrixsynapse: Fix showing the status messages
  • notification: Pass full context when rendering body template
  • operation: Add module to manage threaded operations
  • package: Run installation operation using app_id instead of module
  • setup: Drop setup_helper and use the new Operation API
  • sharing: Add installing and enable/disable like other apps
  • sharing: tests: functional: Fix a flaky test by waiting
  • ssh: tests: functional: Keep service enabled after tests
  • storage: Fix enumerating partitions without mount points

FreedomBox 22.17 (2022-08-01)

1. Highlights

  • help: Add "How can I help?" section to Contribute page

2. Other Changes

  • locale: Update translations for Chinese (Simplified), Dutch, French, German, Turkish
  • wordpress: Don't install php-ssh2

FreedomBox 22.16 (2022-07-18)

1. Highlights

  • cockpit: Reconfigure to allow any origin
  • rssbridge: New app to generate RSS feeds for websites

2. Other Changes

  • apache: Also configure to serve on /freedombox
  • apache: Merge old configuration files into a better location
  • apache: Redirect all logs to systemd journal
  • cockpit: Depend on apache and setup after it
  • cockpit: Use decorator for privileged actions
  • config: Add option to set logging mode: none/volatile/persistent
  • config: Set volatile logging by default
  • debian: Follows policy version 4.6.1
  • debian: Update copyright year
  • gitweb: Switch default branch name to main for new repositories
  • janus: Change short description to "Video Room"
  • locale: Update translations for Bulgarian, Chinese (Simplified), French, Russian, Ukrainian
  • privoxy: Restrict to private IPs, prevent access over the internet
  • privoxy: Use privileged decorator for actions
  • roundcube: Add fail2ban jail
  • roundcube: Configure to log to journald
  • roundcube: Use privileged to simplify actions
  • rssbridge: Add functional tests
  • rssbridge: Fix flake8 errors
  • rssbridge: Whitelist all bridges by default

FreedomBox 22.15 (2022-07-04)

1. Highlights

  • backups: Add options to keep sshfs shares responsive
  • backups: Unmount repositories before and after backup
  • users: create home directories for newly created users

2. Other Changes

  • *: pylint: Avoid calling super() with arguments
  • *: pylint: Don't inherit from 'object'
  • *: pylint: Drop unnecessary 'pass' statements
  • *: pylint: Explicitly specify encoding when open a file
  • *: pylint: Suppress unused argument warnings
  • ci: Use compatible versions of Selenium and Splinter
  • locale: Update translations for Bulgarian, Russian, Ukrainian
  • mediawiki: Add regex validator to the domain field
  • mediawiki: Remove Buster specific code not needed in Bullseye
  • mediawiki: Remove wgLogo as it is not needed in Bullseye
  • pyproject.toml: Ignore some refactoring messages with pylint
  • static: js: css: Make multiple select fields work with Django 4.0
  • tests: functional: Simplify GitLabCI configuration
  • upgrades: Hold packages one at a time
  • upgrades: Re-add workaround for grub
  • views: Add a comment about change in Django 4.0

FreedomBox 22.14.1 (2022-06-27)

1. Highlights

  • matrixsynapse: Allow new dependency to be installed from backports

2. Other Changes

  • locale: Update translations for Bulgarian, Chinese (Simplified), Czech, Dutch, German, Turkish
  • actions: Note that privileged actions can't output to stdout
  • mumble: Backup/restore the configuration file
  • mumble: Don't set the root channel name unless it is changed
  • mumble: Use privileged decorator for superuser actions
  • mumble: tests: Add functional tests for setting the passwords

FreedomBox 22.14 (2022-06-20)

1. Highlights

  • ejabberd: Allow domains to be added or removed
  • mumble: Allow setting a password that is required to join the server
  • mediawiki: Add option to change the site name

2. Other Changes

  • actions: Add a decorator for marking superuser actions
  • doc: dev: Use and recommend new privileged actions
  • ejabberd: Automatically use coturn
  • janus: Improve description about coturn
  • locale: Update translations for Bulgarian, Chinese (Simplified), Czech, Dutch, French, German, Russian, Turkish
  • tests: Add a dummy parameter for middlewares for Django 4.0
  • translation: Don't use session for storing lang pref in Django 4.0
  • transmission: Simplify actions using the privileged decorator
  • users: Fix deleting user LDAP entry with Django 4.0

FreedomBox 22.13 (2022-06-06)

1. Highlights

  • email: Make app available for all users (even without advanced flag)
  • janus: Add new app for lightweight WebRTC server
  • wordpress: Allow installing/updating plugins and themes

2. Other Changes

  • email: Add description about ISP and domain limitations
  • locale: Added Latvian translation
  • locale: Update translation for Bulgarian, Chinese (Simplified), Czech, Dutch, German, Russian, Swedish, Turkish
  • mumble: Allow changing root channel name
  • tests: functional: Add jobs for bullseye-backports
  • tests: functional: Integrate into Salsa CI
  • transmission: Add redirects to avoid 409 conflict
  • wordpress: tests: Continue past language selection screen
  • wordpress: tests: Fix writing title for new post in newer versions

FreedomBox 22.12 (2022-05-23)

1. Highlights

  • *: Show Learn More... links in frontpage with description
  • mediawiki: Serve hidden service over http for .onion domains

2. Other Changes

  • apache: Allow URL diagnostics to work with redirects
  • firewall: Show service name in port forwarding info table
  • frontpage: Allow showing links to manual pages
  • frontpage: Reuse app header template for showing app description
  • locale: Update translations for Bulgarian, Chinese (Simplified), Czech, Dutch, French, German, Norwegian Bokmål, Turkish
  • mediawiki: Add stricter sandbox rules for jobrunner service
  • mediawiki: Fix URL diagnostics with redirects involved
  • ssh, bind: Show 'Learn More...' links
  • tor: Show port forwarding information in consistent way
  • tt-rss: Fix description about user access

FreedomBox 22.11 (2022-05-09)

1. Highlights

  • email: Fix userdb lookups with LDAP
  • matrixsynapse: Allow new dependencies to be installed from backports

2. Other Changes

  • HACKING: Improve documentation on how to run tests
  • container: Show executed commands when setting up/running tests
  • locale: Update translations for Bulgarian, Danish, French, Hungarian, Norwegian Bokmål, Polish, Russian, Ukrainian
  • mediawiki: Check if admin password is at least 10 characters long
  • mediawiki: Handle password rejection from MediaWiki

  • samba: Fix functional tests when user is not logged in at start
  • tests: functional: Get rid of dependency on xvfb
  • transmission: Improve description

FreedomBox 22.10 (2022-04-25)

  • locale: Update translations for Bulgarian, Czech, Dutch, German, Greek, Russian, Swedish, Turkish
  • sharing: Allow spaces in path strings

FreedomBox 22.9 (2022-04-11)

1. Highlights

  • minetest: Allow alternate name for 3d armor mod
  • upgrades: Use python3-typing-extensions from bullseye-backports

2. Other Changes

  • calibre: Fix description of allowable library names
  • locale: Add new Arabic translation
  • locale: Update translations for Arabic, Bulgarian, Czech, Dutch, French, German, Hungarian, Turkish
  • plinth: Add forum link to footer

FreedomBox 22.8 (2022-03-28)

1. Highlights

  • network: Fix showing wifi connection

2. Other Changes

  • calibre: explain correct name format for new library
  • ikiwiki: add packages that are necessary
  • locale: Updated translations for Chinese (Simplified), French, Russian
  • upgrades: Allow backports from src:freedombox

FreedomBox 22.7 (2022-03-14)

  • locale: Update translations for French, Hungarian, Spanish

FreedomBox 22.6.1 (2022-03-06)

  • locale: Update translations for Bulgarian, Chinese (Simplified), Czech, Dutch, German, Turkish

FreedomBox 22.6 (2022-03-02)

1. Highlights

  • email: Enable as an advanced app

2. Other Changes

  • dynamicdns: Fix adding null domain into configuration
  • email: Add backup/restore component
  • email: Add basic functional tests
  • email: Add front page shortcut, update name and description
  • email: Add more special-use IMAP folders, set autoexpunge to 60days
  • email: Add shortcut for non-admin users to manage their aliases
  • email: Add various documentation links for future readability
  • email: Allow re-running setup
  • email: Backup/restore aliases and mailboxes
  • email: Depend on and run redis server
  • email: Implement adding common aliases for first admin user
  • email: List all listening ports of the daemons
  • email: Narrowly match just rspamd's spam header
  • email: Open firewall port for managesieve protocol
  • email: Revert to LDAP auth as pam does not allow non-admin users
  • email: Set an icon from Tango project
  • email: Setup rspamd configuration to include FreedomBox config

  • email: Tweak client auto-configuration file
  • email: Update donation URL to rspamd donation URL
  • email: aliases: Drop ability to enable/disable aliases
  • email: clients: Make Thunderbird URLs language independent
  • email: dkim: Implement setting up DKIM signing keys
  • email: dns: Show table for desired DNS entries
  • email: postfix: Fix priority for authentication directives
  • email: postfix: use inline map for TLS SNI maps
  • email: rspamd: Log to journald via syslog
  • email: rspamd: Simplify installing configuration
  • locale: Update translations for Bulgarian, Chinese (Simplified), Czech, Dutch, German, Hungarian, Russian, Swedish, Telugu, Turkish, Ukrainian
  • minidlna: add iOS VLC client
  • samba: add iOS VLC client

FreedomBox 22.5 (2022-02-14)

1. Highlights

  • dynamicdns: Replace ez-ipupdate
    • Drop NAT detection as it is no longer used
    • Drop about page and merge into description
    • Drop tabs and use single page
    • Rewrite configuration handling and update using URL

2. Other Changes

  • app: Add component to store enabled state of an app in kvstore
  • backups: Implement backup/restore of key/value settings
  • locale: Update translations for Albanian, Bulgarian, Chinese (Simplified), Czech, Dutch, German, Hungarian, Russian, Spanish, Swedish, Turkish, Ukrainian
  • minetest: Reduce the number of configuration update messages
  • tests: functional: Add plugin for HTML reports
  • tt-rss: Restrict access to feed-reader group in "/tt-rss-app"

  • users: Fix typo in description

FreedomBox 22.4 (2022-01-31)

1. Highlights

  • coturn: Use wildcard listening address to fix startup issues
  • sso, users: Redirect to home page after logout

2. Other Changes

  • apache: Don't redirect to HTTPS for .onion domains
  • apache: Don't set HSTS for .onion domain
  • cockpit: Explicitly redirect to HTTPS as needed for WebSockets

  • doc: Fail when downloading images from Debian wiki fails
  • email_server: Drop showing diagnostics/repair and roundcube config
  • email_server: Drop some unused code
  • locale: Update translations for Bulgarian, Dutch, French, German, Hungarian, Russian, Swedish, Ukrainian
  • matrixsynapse: Add FluffyChat to client list

  • mldonkey: Drop app not available in Debian Bullseye and Bookworm
  • power: Add a link to power app in the system menu
  • roundcube: Add setting for local connection only
  • shaarli: Add android app to description
  • shaarli: Add backup component
  • shaarli: Add functional tests
  • snapshots: Clarify that snapshots are take during updates too
  • tests: functional: Implement a workaround for issue with screenshots
  • users: Clarify help message for authorization password
  • wireguard: tests: Add functional tests

FreedomBox 22.3 (2022-01-17)

1. Highlights

  • upgrades: Allow matrix's new dependency to be installed
  • sso: Adjust URL to CAPTCHA page needed by Django security fix

2. Other Changes

  • container: Avoid a warning that interactive mode is intended
  • help: tests: Fix functional test to check for status logs
  • locale: Update translations for Chinese (Simplified), Czech, Dutch, German, Hungarian, Turkish
  • sso: Add missing captcha/rate limiting on SSO login
  • tests: functional: Fix setting domain name with active notifications
  • tt-rss: Allow published articles to be publicly available

FreedomBox 22.2 (2022-01-11)

1. Highlights

  • debian, setup.py: Add dependency on python3-tomli
  • help: Fix failing setup when manual directory is not available

2. Other Changes

  • backups: Correct spelling of encryption protocols
  • i2p: Fix grammar in description
  • ikiwiki: Initialize shortcuts during post-init setup
  • locale: Update translations for Chinese (Simplified), Czech, Dutch, German, Hungarian, Italian, Swedish, Turkish
  • mumble: Change description to include iOS client app
  • networks: Fix reference to an option
  • openvpn: Add link to IOS app
  • radicale: Update Thunderbird URLs
  • transmission: Fix capitalization
  • wireguard: Fix spelling

FreedomBox 22.1 (2022-01-03)

1. Highlights

  • package: Add diagnostic to check if a package is the latest version

2. Other Changes

  • backups: Capitalize 'SSH' in template
  • config, upgrades: Specify submit button for tests
  • datetime: Explicitly list systemd-timesyncd as a dependency
  • locale: Update translations for Chinese (Traditional), Czech, Dutch, Hungarian, Norwegian Bokmål, Spanish, Swedish
  • storage: Skip tests if not enough disk space is available
  • upgrades: Relabel from 'Update' to 'Software Update'

FreedomBox 21.16 (2021-12-20)

1. Highlights

  • datetime: Fix checking when timesyncd will run on a system

2. Other Changes

  • cockpit, ejabberd: Make 'name' optional in Signal handlers
  • diaspora: Drop app that was never finished
  • email_server:
    • Adjust TLS configuration parameters
    • Fix issue with handling domain removal
    • Include postfix package in packages list
    • Re-implement TLS configuration
    • Rename dovecot TLS configuration file for consistency
  • letsencrypt: Handle cert setup when an app wants all domains
  • locale: Update translations for Chinese (Simplified), Chinese (Traditional), Czech, French, German, Swedish, Turkish
  • monkeysphere, tahoe-lafs: Drop unused apps
  • roundcube: Allow upgrades by avoiding configuration file change
  • tests: Fix app name in pytest.skip statement
  • tests: functional: Skip MLDonkey app
  • upgrades: Cleanup dist upgrade steps specific to bullseye release
  • upgrades: Refactor dist upgrade process

FreedomBox 21.15 (2021-12-06)

1. Highlights

  • dynamicdns: Update URLs to the new dynamic DNS server
  • firewall: Allow configuration upgrade to version 1.0.x
  • shaarli: Enable app (only available in testing and unstable)

2. Other Changes

  • *: Drop module level depends declaration
  • *: Drop module level package_conflicts and use component API
  • *: Drop unused manual_page at module level
  • *: Drop use of managed_packages and rely on Packages component
  • *: Drop use of managed_services, rely on Daemon component
  • *: Drop use of module level is_essential flag
  • *: Drop use of module level version
  • *: Drop use of unnecessary managed_paths
  • *: Use the App's state management API
  • actions/letsencrypt: Drop use of managed_paths and use LE component
  • actions/service: Drop unused list action
  • actions/service: Drop use of managed_services for Daemon component
  • actions: Get list of packages from Packages components
  • app: Introduce API for managing setup state of the app
  • app: Introduce API to setup an app
  • bind: Drop alias handling unnecessary in >= Bullseye

  • daemon: Add new component to hold information about related daemons
  • doc/dev: Drop discussion on managed_paths
  • doc/dev: Drop reference to module level depends declaration
  • doc/dev: Remove mention of managed_services
  • doc/dev: Remove outdated reference to init() at module level
  • doc/dev: Update documentation to not refer to managed_packages
  • email_server: Merge domain configuration with app view
  • email_server: Simplify domain configuration form
  • first_boot: Drop use of loaded_modules and use App.list
  • forms: Fix regression with TLS domain form in quassel and tt-rss
  • letsencrypt: On domain removal, don't revoke certificate, keep it
  • locale: Update translations for Czech, German, Norwegian Bokmål
  • main: List apps instead of modules
  • middleware, views: Reduce use of setup_helper
  • module_loader, app: Move app init to app module
  • package: Add parameter to specify skipping package recommendations
  • package: Implement installing packages in the component
  • package: Introduce component API for package conflicts
  • packages: Move checking for unavailable packages to component
  • security: Drop use of loaded_modules and use App.list
  • security: Drop use of managed_services in security report
  • security: Get the list of packages from Packages component
  • setup: Drop unused API for app's state management
  • setup: List dependencies for apps instead of modules
  • setup: Run setup on apps instead of modules
  • setup: Use apps instead of modules to determine running first setup
  • setup: Work on apps instead of modules for force upgrade
  • tests: Add 'domain' mark for apps that add/remove domains
  • web_server: Drop use of loaded_modules and use App.list

FreedomBox 21.14.1 (2021-11-24)

  • config: Add packages component to a re-add zram-tools dependency

FreedomBox 21.14 (2021-11-22)

1. Highlights

  • tt-rss: Allow selection of a domain name

2. Other Changes

  • *: Split app initialization from app construction
  • app: Introduce separate method for post initialization operations
  • datetime: Avoid error when systemctl is not available
  • debian: Fail build if no module dependencies found
  • locale: Update translations for Swedish, Turkish, Ukrainian
  • main: Drop initializing Django when listing dependencies

FreedomBox 21.13 (2021-11-08)

1. Highlights

  • avahi, samba: Use systemd sandboxing
  • components: Introduce new component - Packages
  • security: Properly handle sandbox analysis of timer units

2. Other Changes

  • email_server (not enabled yet):
    • Add buttons for managing aliases, domains, spam
    • Authenticate using PAM instead of LDAP
    • Delivery mail to /var/mail instead of home directory
    • Don't use user IDs when performing lookups
    • Drop hash DB and use sqlite3 directly
    • Use Django forms and views
  • locale: Update translations for German, Swedish, Turkish, Ukrainian
  • tests: Use BaseAppTests for functional tests of most apps

  • utils: Fix ruamel.yaml deprecation warnings

FreedomBox 21.12 (2021-10-25)

  • locale: Update translations for Bulgarian, Czech, French, German, Turkish, Ukrainian
  • middleware: Don't show setup view to non-admin users
  • performance: Add backup support (no data)
  • storage: Pass optional mount point to partition expansion
  • storage: tests: Fix tests for expanding disk partitions
  • tests: Add BaseAppTests class for common functional tests

FreedomBox 21.11 (2021-10-11)

1. Highlights

  • ttrss: Fix daemon not running sometimes on startup

2. Other Changes

  • *: Always pass check= argument to subprocess.run()
  • *: Convert all functional tests to python format
  • *: Move all systemd service files from /lib to /usr
  • calibre: Run service only if when installed
  • d/control: Allow building with python interpreter of any arch
  • d/rules: Don't install and enable other systemd service files
  • d/rules: Don't use setup.py to invoke tests, invoke directly instead
  • email: Manage known installation conflicts
  • locale: Update translation for Bulgarian, Ukrainian
  • package: Add functions for removing packages
  • performance: Cleanup code meant for cockpit version < 235

  • pyproject.toml: Merge contents of .converagerc
  • pyproject.toml: Merge contents of pytest.ini
  • settings: Choose password hashing complexity suitable for SBCs
  • setup: Show and remove conflicts before installation
  • sso, translation: Help set language cookie when user logins in
  • storage: tests: functional: Fix tests always getting skipped
  • tests: Add some missed marks for functional tests
  • tests: Add tests for action utilities
  • tests: Improve handling of tests skipped by default
  • tests: help: Add help view tests
  • translation: Always set language cookie when switching language
  • ttrss: Add systemd security hardening to daemon
  • ttrss: tests: functional: Make subscription faster
  • user: Accommodate Django 3.1 change for model choice iteration
  • users: Help set language cookie when user profile is edited
  • wordpress: Run service only if when installed and configured

FreedomBox 21.10 (2021-09-27)

1. Highlights

  • locale: Update translations for German, Italian, Swedish, Turkish, Ukrainian

2. Other Changes

  • Use Django gettext functions instead of ugettext
  • Use allow/denylist instead white/blacklist in comments
  • Use django.urls.re_path() instead of its alias url()
  • Various isort fixes
  • pyproject: Make isort consistent across execution environments
  • settings: Set Django auto field type explicitly
  • signals: Drop provider args when creating Signal object
  • sso: Update usage of OpenSSL crypt signing API
  • tests: Convert functional tests to python format
  • tests: Introduce fixtures to make it easy to test actions
  • tests: Show warning when app not available
  • tests: Use common fixtures for testing actions module
  • tests: Use newer splinter API for finding links
  • views: Update utility for checking URL safety

FreedomBox 21.9 (2021-09-18)

1. Highlights

  • mediawiki: Backup and restore uploaded files
  • mediawiki: Enable a subset of default extensions

2. Other Changes

  • apache: Update security settings
    • Drop support for GnuTLS
    • Drop support for SSLv3, TLSv1 and TLSv1.1
    • Enable and prioritize HTTP/2 protocol
    • Setup Mozilla recommended configuration
  • locale: Update translations for Bulgarian, Chinese (Simplified), Dutch, Persian, Russian, Swedish, Turkish, Ukrainian
  • mediawiki: Handle upgrade for 1.35
  • mediawiki: Switch to MediaWiki 2020 logo

  • plinth: remove diagnose command
  • Add workaround for Django 3.2 with captcha 0.5.6

FreedomBox 21.8 (2021-08-30)

1. Highlights

  • wordpress: New app to manage a WordPress site/blog

2. Other Changes

  • d/control: Drop wireless-tools as recommends
  • email: Basic app to manage an email server
    • - Email server app is currently disabled by default, so it is not yet visible in the interface.
  • locale: Update translations for Norwegian Bokmål, Ukrainian
  • security: Remove display of past vulnerabilities

FreedomBox 21.7 (2021-08-16)

1. Highlights

  • ttrss: Allow upgrade to version 21

2. Other Changes

  • locale: Update translations for Albanian, Bengali, Chinese (Simplified), German, Indonesian, Norwegian Bokmål, Ukrainian, Vietnamese
  • action_utils: Use flag to indicate freedombox package has been held
  • debian: Ensure fuse gets replaced by fuse3

FreedomBox 21.6 (2021-05-31)

1. Highlights

  • locale: Add Sinhala language
  • locale: Add Vietnamese language
  • backups: Change submit button to fix translation issues

2. Other Changes

  • locale: Update translations for Chinese (Simplified), Chinese (Traditional), Dutch, French, German, Hungarian, Indonesian, Japanese, Portuguese, Sinhala, Swedish, Telugu, Turkish, Vietnamese

FreedomBox 21.5 (2021-04-19)

1. Highlights

  • ejabberd: Add STUN/TURN configuration
  • locale: Add Albanian language

2. Other Changes

  • Update copyright year
  • action_utils: Introduce utility for masking services
  • ci: Merge with Salsa CI pipeline
  • config, dynamicdns, pagekite: Remove incorrect use of str
  • config: Convert entered domain name to lower case
  • config: Disable rsyslog and syslog forwarding
  • config: Fix tests related to user home directory
  • config: Install and configure zram for swap
  • container script: Must convert env. var. string to a Path object
  • container: Work in the absence of systemd in PATH
  • container: distribution as environment variable
  • coturn: Mention ejabberd in app description
  • coturn: Validate TURN URIs if provided in form
  • debian: Add coverage to autopkgtest
  • deluge, mldonkey, syncthing, transmission: Depend on nslcd.service
  • deluge: Fix daemon user not in freedombox-share group after installation
  • diagnostics: Use lock to protect results
  • docs: Add filename to code snippets in tutorial
  • docs: Add missing imports in tutorial
  • docs: Add some troubleshooting information
  • docs: Generate developer documentation
  • docs: Improve Developer Documentation index page
  • docs: Set the version attribute as required instead of optional

  • dynamicdns: Convert entered domain name to lower case
  • dynamicdns: Wait after changing domain name in tests
  • first_boot: Use session to verify first boot welcome step
  • letsencrypt: Always return a diagnostics result
  • locale: Update translations for Albanian, Chinese (Simplified), Dutch, German, Greek, Indonesian, Polish, Spanish, Swedish, Turkish
  • pagekite: Convert entered kite name to lower case
  • security: Clarify vulnerability count and provide link to more info
  • security: Ensure that fail2ban is not re-enabled on version increment
  • security: Increment app version to reload fail2ban
  • security: Move fail2ban default configuration to this app
  • ssh, apache: Make fail2ban use systemd journald backend by default
  • users: Fix unit test failures when LDAP is empty

FreedomBox 21.4.2 (2021-03-28)

1. Highlights

  • firstboot: Use session to verify first boot welcome step

2. Other Changes

  • locale: Update translations for German, Greek, Indonesian, Turkish
  • manual: Update Contributing and Matrix Synapse pages

FreedomBox 21.4.1 (2021-03-13)

1. Highlights

  • deluge, mldonkey, syncthing, transmission: Ensure nslcd is running before the service is started
  • deluge: Fix daemon user not in freedombox-share group after installation

2. Other Changes

  • config: Fix tests related to user home directory
  • locale: Update translations for Dutch, German, Greek, Polish, Spanish, Swedish, Turkish

FreedomBox 21.4 (2021-02-28)

1. Highlights

  • matrix-synapse: Auto configure STUN/TURN using coturn server

2. Other Changes

  • coturn: Add new component for usage of coturn by other apps
  • coturn: Minor refactor view to use utility to generate URIs
  • coturn: Remove advanced flag, make app visible to all
  • locale: Update translations for Dutch, French, German, Hungarian, Italian, Lithuanian, Norwegian Bokmål, Swedish, Turkish
  • matrix-synapse: Update description to talk about TURN configuration
  • plinth: Disable start rate limiting for service
  • ui: Fix buttons jumping on click in snapshots page
  • upgrades: Disable searx during dist-upgrade

FreedomBox 21.3 (2021-02-11)

1. Highlights

  • zoph: Add new app to organize photos
    • Only available in Debian testing (bullseye) due to issues in buster.

2. Other Changes

  • locale: Update translations for Dutch, Greek, Spanish, Swedish, Turkish
  • sharing: Improve shares group access description
  • upgrades: Add 10 minute delay before apt update
  • upgrades: Disable apt snapshots during dist upgrade
  • upgrades: Only check free space bytes before dist upgrade

FreedomBox 21.2 (2021-02-05)

1. Highlights

  • calibre: Fix freedombox.local inaccessible after enabling app
  • matrix-synapse: Install python3-psycopg2 from backports

2. Other Changes

  • backups: schedule: tests: Fix failures due to long test run
  • jsxc: Fix issues with jQuery >= 3.5.0

  • locale: Update translations for Bengali, Dutch, French, German, Hungarian, Italian, Polish, Russian, Spanish, Swedish, Turkish
  • mediawiki: Fix app installation process doesn't display status information
  • mediawiki: Set default logo to mediawiki.png
  • minidlna: Implement force upgrading from older version
  • minidlna: Minor refactor of media directory handling
  • plinth: Show running spinner when app installation is in progress
  • radicale: Allow older 2.x release to upgrade to 3.x
  • roundcube: Allow upgrade to 1.4.*
  • tests: Update functional tests default config
  • upgrades: Add notifications for dist upgrade
  • upgrades: Increment version for MatrixSynapse 1.26

FreedomBox 21.1 (2021-01-25)

1. Highlights

  • backups: Add scheduled backups for each location

2. Other Changes

  • container script: Various improvements
  • locale: Update translations for Bulgarian, Chinese (Simplified), Chinese (Traditional), Czech, Danish, Dutch, French, Galician, German, Greek, Gujarati, Hindi, Hungarian, Italian, Lithuanian, Norwegian Bokmål, Persian, Polish, Portuguese, Russian, Serbian, Slovenian, Spanish, Swedish, Turkish, Ukrainian
  • networks: Change connection type to a radio button
  • networks: Hide deactivate/remove buttons for primary connections
  • networks: Prevent unintended changes to primary connection.
  • networks: Separate the delete button and color it differently
  • networks: Use radio buttons for network modes
  • performance: Fix web client link to Cockpit
  • plinth: Fix disable daemon when service alias is provided
  • setup: Enable essential apps that use firewall
  • syncthing: Create LDAP group name different from system group
  • syncthing: Hide unnecessary security warning
  • tahoe: Disable app
  • ui: New style for select all checkbox
  • upgrades: Require at least 5 GB free space for dist upgrade

FreedomBox 21.0 (2021-01-11)

1. Highlights

  • apache2: Allow downloads in openvpn and backups with latest browsers

2. Other Changes

  • locale: Update translations for Dutch, French, German, Hungarian, Polish, Spanish, Swedish, Turkish
  • app: Add locked flag
  • app: component: Add app_id and app properties
  • app: info: Move client validation to info component
  • backups: Add new component for backup and restore
  • backups: Don't open a new window for downloading backups
  • dev-container: 'up' command: Show banner also when container is already running
  • dev-container: Add command to print container IP address
  • dev-container: Add subcommand to run tests
  • doc: dev: Update the tutorial to reflect latest API/code
  • ejabberd: functional tests: Wait until the jsxc buddy list is loaded
  • functional tests: Make tests compatible with pytest-bdd v4.0
  • functional-tests: Fix installation errors in install.sh script
  • gitweb: Add functional tests for git-access group
  • gitweb: tests: functional: Fix test failures in localized environment
  • mumble: Updated mumla and removed plumble from clients list
  • openvpn: Don't show running status on download profile button
  • plinth: Fix daemon is enabled check when service alias is provided
  • radicale: Fix backup and restore of configuration
  • tests: functional: Improve creating users in tests
  • transmission: Show port forwarding information
  • transmission: Update description
  • upgrades: Add service for dist upgrade
  • upgrades: Ensure freedombox package is upgraded during dist upgrade
  • upgrades: Hold tt-rss during dist upgrade, if available
  • upgrades: Install python3-systemd for unattended-upgrades
  • upgrades: Restart FreedomBox service at end of dist-upgrade

  • upgrades: Use full path to searx action script
  • users: Skip action script tests if LDAP is not set up

FreedomBox 20.21 (2020-12-28)

1. Highlights

  • apache: Create snake oil certificate if not exists
    • Fixes an issue when installing FreedomBox on Hetzner Cloud's Debian image

  • calibre: Fix link to manual page

2. Other Changes

  • deluge: Require user to be in bit-torrent group to access
  • locale: Update translations for German, Hungarian, Polish, Russian, Spanish, Swedish
  • security: Fix access denied for user daemon from cron
  • upgrades: Allow grub-pc upgrade without reinstalling grub
  • upgrades: Update searx search engines during dist upgrade
  • users: Remove timeout when creating Samba user

FreedomBox 20.20.1 (2020-12-19)

1. Highlights

  • config: Skip homepage test on buildd
  • ui: Migrate from bootstrap 3 to bootstrap 4

2. Other Changes

  • apache: Disallow all inline styling in sandbox settings
  • gitweb: Make functional tests compatible with pytest-bdd v4.0
  • javascript: Fix disabled submit buttons when navigating back to a page
  • locale: Update translations for Dutch, German, Turkish
  • ui: Adopt a consistent and new table style

FreedomBox 20.20 (2020-12-14)

1. Highlights

  • config: Add user websites as choices for homepage config
  • templates: Make toggle button responsive

2. Other Changes

  • apache: Add app name for diagnostics
  • diagnostics: Improve exception handling in app diagnostics
  • diagnostics: Show app name and fallback to app id if not exist
  • locale: Update translations for Dutch, French, German, Portuguese, Spanish, Swedish, Turkish
  • mumble: Implement force upgrade for 1.3.*
  • snapshot: Check that / is a btrfs subvolume before setup
  • upgrades: Hold mumble-server during dist upgrade

FreedomBox 20.19 (2020-11-30)

1. Highlights

  • openvpn: Create user group "vpn"
  • upgrades: Add first boot step to run initial update

2. Other Changes

  • bepasty: Apply translation to autogenerated comments
  • locale: Update translations for Bengali, Dutch, German, Spanish
  • networks: Apply translation to a tooltip
  • samba: Show toggle buttons and share names
  • snapshots: Translate snapshot types (field description)
  • upgrades: Fix sources list for dist upgrade from buster
  • upgrades: Hold freedombox package during dist upgrade

FreedomBox 20.18.1 (2020-11-23)

  • locale: Update translations for Dutch, French, German, Italian, Norwegian Bokmål, Spanish, Swedish, Turkish
  • sso: Fix regression in auth-pubtkt configuration

FreedomBox 20.18 (2020-11-16)

1. Highlights

  • openvpn: Support Elliptic Curve Cryptography (ECC)
    • If you are already using OpenVPN, you can migrate to ECC to improve speed and security. Visit the OpenVPN page in the FreedomBox interface to perform the one-time migration, and to re-download the client profiles.

2. Other Changes

  • dynamicdns: Handle IPv6
  • locale: Update translations for Dutch, French, German, Italian, Spanish
  • openvpn: Cleanup easyrsa 2 to 3 upgrade code
  • openvpn: Remove explicit setup step

FreedomBox 20.17.1 (2020-11-07)

  • ci: Fix flake8 errors
  • debian: Rename source package to freedombox
  • locale: Update translations for German, Italian, Turkish
  • pubtkt: Fix Python format language errors

FreedomBox 20.17 (2020-11-02)

1. Highlights

  • locale: Add Chinese (Traditional) translation
  • mediawiki: Add action to set domain name
  • upgrades: Add a setting to enable dist upgrade

2. Other Changes

  • apache: setup uwsgi by default
  • backups: i18n: Mark form success messages for translation
  • locale: Update translations for Danish, French, German, Italian, Norwegian Bokmål, Polish, Russian, Spanish, Swedish, Telugu, Turkish
  • mediawiki: Ensure password file is not empty
  • networks: css: Make button wider in network list
  • networks: i18n: Mark string for translation on delete page
  • networks: i18n: Mark various strings for translation
  • notifications: i18n: Mark app names and extra data for translation
  • package: i18n: Mark progress status strings for translation
  • upgrades: Disable the option when not able to dist upgrade

FreedomBox 20.16 (2020-10-19)

1. Highlights

  • app: Add donation buttons on app pages
  • updates: Eliminate delay and better status for manual upgrade

2. Other Changes

  • calibre: Update group description to reflect 'using' app
  • diagnostics: Lazy format all diagnostic test strings properly
  • diagnostics: Show low system memory notifications
  • help: Link to updates page when new version is available
  • locale: Update translations for Chinese (Simplified), French, Greek, Norwegian Bokmål, Russian, Slovenian, Spanish, Swedish, Turkish
  • notifications: Show severity level on every notification
  • upgrades: Add status section showing version and upgrade status

FreedomBox 20.15 (2020-10-05)

1. Highlights

  • calibre: Add new e-book library app
  • mumble: configure letsencrypt component
  • upgrades: Detect and upgrade to next stable release

2. Other Changes

  • bepasty: Change default permissions to 'read'
  • container: Assign virtual network interface to trusted firewall zone
  • container: Handle edge cases with container update
  • coturn: Don't handle certificates if not installed
  • debian/control: Add sshpass as build dependency
  • doc: Before fetching, drop all old to cleanup deleted pages/images
  • doc: dev: Link to list of potential apps from tutorial
  • dynamicdns: Drop unnecessary code to set app as enabled
  • locale: Update translations for French, Norwegian Bokmål, Portuguese, Spanish, Swedish, Turkish
  • module_loader, web_framework: Update console log messages
  • mumble: Store and use a single domain for TLS certificate setup
  • pagekite: Don't announce unconfigured kite as a valid domain
  • pagekite: Don't update names module if not installed
  • quassel: Don't handle certificates if not installed
  • ssh: action script: Require user credentials when editing ssh keys
  • tests: functional: Simplify calling the login helper
  • tor: Don't check if enabled when not installed
  • upgrades: Check free space before dist-upgrade
  • upgrades: Extend function to check for normal dist availability
  • upgrades: Set a flag so interrupted dist-upgrade can be continued
  • users: Deal with admin user already existing during first boot
  • users: Require admin credentials when creating or editing a user

FreedomBox 20.14.1 (2020-09-23)

  • cockpit: Don't show home page icon to non-admin users
  • locale: Update translations for French, German, Norwegian Bokmål, Russian, Turkish
  • minidlna: Fix typo DNLA -> DLNA

  • module_loader: Load/process all essential modules before others

FreedomBox 20.14 (2020-09-15)

1. Highlights

  • apache: Disable mod_status (CVE-2020-25073)
  • bepasty: New app for file upload and sharing
  • matrixsynapse: Allow upgrade to version 1.19

2. Other Changes

  • apps: Remove Coquelicot
  • backups: Make app available by default
  • debian: Add newline to end of /var/lib/plinth/firstboot-wizard-secret
  • debian: Don't show first wizard secret on command line
  • debian: Temporarily revert source package rename
  • diagnostics: Prevent showing running status on diagnostics menu item
  • doc: Add moinmoin wiki parser
  • doc: Fix wiki links in manual
  • ejabberd, mumble, wireguard: Update Apple app links
  • ejabberd: Use new ruamel.yaml API and allow duplicate keys
  • firewall: Show port forwarding info contextually
  • firewall: Show port forwarding info in tabular format
  • gitweb: Add ability to change default branch
  • gitweb: Fix enable auth webserver component on app init
  • help, networks: Clarify i18n different contexts for "Manual"
  • i18n: Mark strings missed for translation
  • ikiwiki: Validate a path when deleting wiki or blog
  • js: Don't show running status on buttons pulled to right
  • jsxc, sharing, wireguard: Add 'Learn more...' link for help pages
  • locale: Update translations for Danish, Dutch, Galician, German, Hungarian, Italian, Spanish, Swedish, Russian, Turkish
  • matrixsynapse: Perform a one time conversion to new config format
  • matrixsynapse: Rename Riot to Element
  • matrixsynapse: Use conf.d snippets
  • radicale: Remove code to handle 1.x
  • radicale: Stop service during backup and restore
  • samba: Hide common system partitions
  • snapshots: Clarify description for disabling yearly snapshots
  • ssh: Disallow managing keys for the root user
  • storage: Fix expanding partitions on GPT partition tables
  • upgrades, security: Update the messages describing backports
  • upgrades: Add first boot step to configure backports
  • upgrades: Change backports activation message wording
  • upgrades: Display correct backports info for unstable
  • upgrades: security: Don't use technical term 'backports' in UI
  • wireguard: Remove hardcoded Windows client version

FreedomBox 20.13 (2020-07-18)

1. Highlights

  • upgrades: Update apt cache before manual update
  • minidlna: Do not expose statistics over public web

2. Other Changes

  • backups: Allow remote repository usernames to start with numbers
  • locale: Update translations for Chinese (Simplified), Hungarian, Kannada, Norwegian Bokmål, Spanish, Swedish
  • security: Move backports notice to security page
  • upgrades: Add button to activate backports if needed for current release
  • debian: Rename source package from plinth to freedombox

FreedomBox 20.12.1 (2020-07-05)

  • cfg, frontpage: Ignore errors while reading config and shortcuts
  • locale: Update translations for French, German, and Norwegian Bokmål

FreedomBox 20.12 (2020-06-29)

1. Highlights

  • apt: Recover from errors before installing apps or updating system
  • apache: Add strict content security policy, sandbox and other security headers
  • storage: Allow ejecting SATA disks
  • configuration: Allow changes using .d drop-in files

2. Other Changes

  • configuration: Move default configuration into source code
  • configuration: Read from multiple locations in /etc/ and /usr/share/
  • debian: Add ssl-cert and nscd as proper dependencies
  • frontpage: Allow adding shotcuts using .d drop-in files
  • frontpage: Read shortcuts from multiple locations in /etc/, /usr/share and /var/lib
  • locale: Update translations for Czech, Danish, French, German, Russian, Spanish, Swedish, Telugu, Turkish
  • storage: Automount system disks without partition table but ignore all loopback devices
  • storage: Allow ejecting SATA disks
  • storage: Show only physical disks and not all mount points
  • upgrades: Skip enabling backports on testing and unstable
  • upgrades: Show more logs
  • ui: Show a spinner and disable button on form submit

FreedomBox 20.11 (2020-06-15)

1. Top Highlight

  • locale: Add new translation for Arabic (Saudi Arabia)

2. Other Changes

  • javascript: Remove use of Turbolinks library
  • locale: Update translations for French, Norwegian Bokmål, German, Swedish, Polish, and Spanish
  • matrixsynapse: Handle upgrade to versions 1.15.x
  • upgrades: Avoid manual update interruption when upgrading freedombox package
  • upgrades: Don't enable backports on Debian derivatives

FreedomBox 20.10 (2020-06-01)

1. Top Highlights

  • pagekite: Fix expired certificates causing connection failures
  • tor: Fix problems with running a relay

2. Other Changes

  • backups: Add optional field - Name
  • cockpit: Promote for advanced storage/firewalld/networking ops
  • firewall: Don't show tun interface in internal zone warning
  • firewall: Mention that internal services are available over VPN
  • ikiwiki: Enable 'attachment' plugin by default
  • locale: Update translations for Spanish, French, Russian, Norwegian Bokmål, Czech, Hungarian, and Greek
  • minidlna: Add link to manual page
  • minidlna: Fix internationalization for name of the app
  • mldonkey: Add app to freedombox-share group
  • openvpn: Use app toggle button and common app view
  • radicale: Fix link in description to clients
  • samba: Add clients information
  • templates: Fix setup state check
  • users: Avoid error when user's groups cannot be parsed

FreedomBox 20.9 (2020-05-18)

1. Top Highlights

  • performance: Add app for system monitoring
  • upgrades: Restart services and system when needed after upgrades
    • System restart will happen at 02:00 local time

2. Other Changes

  • bind: Add service alias for bind9 -> named

  • firewall: Reload firewalld so it works with newly installed services
  • first_setup: Fix regression with logo not showing
  • locale: Update translations for Norwegian Bokmål, German, Swedish, Spanish, and Russian
  • mediawiki: Stop jobrunner during backup/restore
  • minidlna: Stop service during backup/restore
  • mumble: Stop service during backup/restore
  • package: Fix error log when checking if package manager is busy
  • performance: Launch the Cockpit graphs directly if possible
  • quassel: Fix stopping service during backup/restore
  • quassel: Use systemd sandboxing features
  • samba: Change description to Network File Storage
  • snapshot: Fix issues with restore and delete
  • snapshot: Set as essential module
  • storage: Auto-mount disks, notify of failing disks
  • tor: Fix stopping service during backup/restore

FreedomBox 20.8 (2020-05-04)

  • syncthing: Add service to freedombox-share group
  • users: When adding service to sharing group, only restart if already running
  • datetime: Ignore time synchronization service in containers and virtual machines
  • minidlna: Make app installable inside unprivileged container
  • web_server: Suppress warnings that static directories don't exist
  • debian: Remove unused timer
  • static: Use SVG logo during first wizard welcome step
  • static: Reduce the size of the background noise image
  • setup.py: Don't install/ship .po files
  • static: Don't ship visual design file and unused images
  • all: Update links to repository and project page
  • coturn: Add app to manage Coturn TURN/STUN server
  • mediawiki: Partial fix for installing on testing
  • datetime: Disable diagnostics when no tests are available
  • data: Print hostname and IP addresses before console login
  • snapshot: Fix message when not available
  • snapshot: Fix title
  • mumble: Add Mumla to the list of clients
  • locale: Update translations for Spanish, Telugu, Russian, German, French, and Swedish

FreedomBox 20.7 (2020-04-20)

  • matrixsynapse: Fix initial installation and upgrade from backports
  • gitweb: Improve error handling when creating repository
  • locale: Update translations for French, Serbian, and Telugu

FreedomBox 20.6.1 (2020-04-11)

  • users: Restore line of help text that was accidentally dropped
  • debian: Add firmware-ath9k-htc to Recommends
  • gitweb: Use proper ellipsis char when showing clone progress
  • locale: Update translations for Norwegian Bokmål, German, French, Portuguese, Italian, Russian, and Serbian

FreedomBox 20.6 (2020-04-06)

  • app: Ensure toggle buttons work independently of configuration form
  • networks, monkeysphere: Make styling more specific to avoid interference
  • syncthing: Update description to mention 'syncthing' group
  • radicale: Support upgrade up to any 2.x version
  • packages: Hold freedombox package during package installs
  • users: Add component for managing users and groups
  • app: Fix grammar in developer documentation string
  • ikiwiki: Disable public edits of blog pages
  • ikiwiki: Add moderation of blog comments
  • firewalld: Support upgrade up to any 0.8.x version
  • infinoted: Fix permissions of sync directory
  • locale: Added Serbian translation
  • locale: Update translations for Russian, French, German, Czech, Italian, Hindi, Telugu, and Spanish

FreedomBox 20.5.1 (2020-03-26)

  • networks: Update label wording in topology form
  • jsxc: Fix issue with serving static files
  • debian: Separate binary packages for each language manual
  • locale: Update translations for Norwegian Bokmål and German

FreedomBox 20.5 (2020-03-23)

  • app: Fix description block in app header
  • pagekite: Don't signal new domain on init if app is disabled
  • pagekite: Don't attempt to notify about domain if app is disabled
  • pagekite: Remove app enabled checking from getting configuration
  • pagekite: On enable/disable, add/remove domain from names module
  • pagekite: Fix an error message in custom services form
  • matrixsynapse: Handle release of matrix-synapse 1.11
  • setup: Fix regression to force-upgrade caused by Info changes
  • pagekite: Don't allow non-unique custom services
  • index: Reintroduce clients button in front page
  • upgrades: Don't ship apt backport preferences file
  • upgrades: Use internal scheduler instead of systemd timer
  • shadowsocks: Change default configuration
  • shadowsocks: Fix incorrect setting of state directory
  • shadowsocks: When editing configuration, don't re-enable
  • mediawiki: Don't allow anonymous edits
  • names: Fix Local Network Domain is not shown
  • shadowshocks: Fix setting configuration on Buster
  • locale: Update translations for Swedish, Spanish, and French

FreedomBox 20.4 (2020-03-09)

  • apache: Handle transition to php 7.4
  • app: Fix showing app name in port forwarding information
  • apps: Do not show status block if service is running
  • i2p: New style app page layout
  • locale: Update translations for French, Telugu, Spanish, and Swedish
  • networks: Add first boot step for network topology wizard
  • networks: Add form for network topology
  • networks: Don't show router wizard if not behind a router
  • networks, firewall: Support newer version of policykit
  • networks: Fixes for networks wizards access and user experience
  • networks: If topology wizard is skipped, skip router wizard too
  • networks: Show router wizard before Internet connection type wizard
  • plinth: Increase sqlite busy timeout from default 5s to 30s
  • quassel: Fix unable to disable application without choosing a domain name
  • shadowsocks: Move user settings to state directory
  • storage: Directory selection form improvements
  • transmission: Allow to submit download directory if it is creatable
  • upgrades: Clean apt cache every week
  • views: Improve template security

FreedomBox 20.3 (2020-02-24)

  • apps: Update style for toggle button
  • apps: Drop border shadow for app icon in mobile view
  • apps: Show short description as secondary title
  • apps: Remove css filters and glow from app icons
  • cards: Remove the transition delay on hover effect
  • system: Implement new style for cards
  • framework: Generate secret key (existing sessions will get logged out)
  • framework: Cleanup expired sessions every week
  • networks: Add setting for internet connection type
  • networks: Ask about internet connection type during setup
  • shadowsocks: Fix shadowsocks not able to start
  • jsxc: Bypass issue with stronghold to get the app working again
  • monkeysphere: Fix regression with reading Apache configuration
  • help: Fix attribute on download manual button
  • firewall: Improve speed of some operations using DBus API
  • css: Add missing license identifier on some CSS files
  • deluge: Use safer method for editing configuration
  • deluge: More reliable initial configuration setup
  • samba: Add link to manual page
  • searx: Update search engines for 0.16.0
  • openvpn: Fix spelling for Tunnelblick
  • bind: Show served domains
  • Update translations for German, Swedish, Italian, Spanish, Norwegian Bokmål, Hungarian, Polish, and French

FreedomBox 20.2 (2020-02-10)

  • networks: Support virtual Ethernet (veth) devices
  • diagnostics: Show firewall service status
  • storage: Show disks if FreedomBox is running in an unprivileged container

  • service: Stop service not before but after disabling it
  • users: Use more precise username validation
  • sso, users: Turn off autocapitalization on the username field
  • help: Fix anchor hidden under navbar
  • searx: Fix installation issue for 0.16.0
  • firewall: Show Run Diagnostics button in app
  • glib: Introduce method to schedule an operation at regular intervals
  • notification: Show a drop down from main navbar for notifications
  • storage: Show low disk space warning using notifications API
  • upgrades: Show notification when FreedomBox is updated

  • security: Add Sandbox Coverage to report page
  • matrixsynapse: Enable systemd sandboxing
  • locale: Update translations for Telugu, French, Norwegian Bokmål, German, Spanish, and Swedish

FreedomBox 20.1 (2020-01-27)

  • deluge: Allow to set a download directory
  • deluge: Fix installation failure on slow machine
  • storage: Make external disk mounts accessible to other users
  • gitweb: Add link to the manual page
  • style: Fix incorrect margins for containers in mobile view
  • style: Fix responsiveness for app header
  • network: Fix activating connections that don't have real devices
  • wireguard: Add WireGuard VPN app

  • networks: Add router configuration page
  • networks: Add first boot step for router config helper
  • bind: Enable sandboxing for bind service
  • locale: Updated translations for Dutch, Norwegian Bokmål, German, Spanish, Swedish, French, and Greek

FreedomBox 20.0 (2020-01-13)

  • samba: Improve speed of actions
  • deluge: Manage deluged service and connect automatically from web interface
  • openvpn: Enable support for communication among all clients
  • storage: Ignore errors resizing partition during initial setup
  • storage: Make partition resizing work with parted 3.3
  • debian: Add powermgmt-base as recommended package
  • openvpn: Enable IPv6 for server and client outside the tunnel
  • networks: Fix crashing when accessing network manager D-Bus API
  • mediawiki: Use a mobile-friendly skin by default
  • mediawiki: Allow admin to set default skin
  • matrixsynapse: Allow upgrade to 1.8.*
  • security: Add explanation of sandboxing
  • Update translations for Greek, German, Swedish, Hungarian, Norwegian Bokmål, and French

FreedomBox 19.24 (2019-12-30)

  • app: Fix JavaScript doesn't run on first visit

  • samba: Add private shares
  • firewall: Support upgrading firewalld to 0.8
  • deluge: Add systemd sandboxing features
  • infinoted: Add systemd sandboxing features
  • storage: Add systemd sandboxing features to udiskie service
  • upgrades: Add systemd sandboxing features to repository setup service
  • security: List whether each app is sandboxed
  • mediawiki: Avoid delay in update script
  • diagnostics: Use new component based API for all diagnostic tests
  • minidlna: Fix showing clients information
  • mediawiki: Fix problem with session cache failing logins
  • locale: Update translations for French, German, Swedish, Greek, Hungarian, Norwegian Bokmål, and Dutch

FreedomBox 19.23 (2019-12-16)

  • minidlna: New app for MiniDLNA (Simple Media Server)
  • apps: Show app icons in app pages
  • apps: Implement responsive layout for app pages
  • samba: Recursively set open share directory permissions
  • transmission: Add directory selection form
  • mumble: Add option to set SuperUser password

  • cockpit: Extend apps description with access info
  • cockpit: Add list of valid urls to access the app
  • Update translations for French, German, Spanish, Portuguese, and Swedish

FreedomBox 19.22 (2019-12-02)

  • samba: Add new app for Samba file sharing
  • pagekite: Remove tabs in the configuration page
  • openvpn: Fix text with manual link
  • pagekite: Show existing services only if there are any
  • pagekite: Move Custom Services under Configuration
  • pagekite: Use the new app toggle button
  • openvpn: Add client apps
  • backups: Fix title not appearing
  • diagnostics: Don't run on disabled modules
  • apps: Remove link to webapps in app descriptions
  • interface: Fix error with app toggle input
  • templates: Add toolbar for apps
  • toolbar: Move diagnostics button into dropdown menu
  • ssh: Fix Avahi SFTP service file
  • diagnostics: Fix IPv6 failures
  • matrix-synapse: Fix installation of 1.5 from buster-backports
  • app: Fix javascript constant redeclaration error
  • ikiwiki: Move the create button to manage section
  • gitweb: Move create button into manage section
  • networks: Move actions button into connection section
  • users: Move create button into users section
  • locale: Update translations for French, German, and Swedish

FreedomBox 19.21 (2019-11-18)

  • gitweb: Allow to import from a remote repository
  • interface: Disable turbolinks on links that don't point to /plinth/...
  • backups: Show proper error when SSH server is not reachable
  • tor: Rename "Hidden Service" to "Onion Service"
  • ejabberd: Handle case where domain name is not set
  • tahoe: Mark Tahoe-LAFS as an advanced app
  • searx: Set safe_search to Moderate by default
  • backups: Make verify ssh host page string translatable
  • backups: Simplify SSH fingerprint verification command
  • doc: Fix unavailability of manual images
  • tor: Fix port diagnostics by correcting port data type
  • tor: Expect obfs service to be also available on IPv6
  • tor: Listen on IPv6 for OrPort

  • clients: implement launch button feature
  • apps: Implement toggle button in apps pages
  • Update translations for German, Hungarian, Swedish, Norwegian Bokmål, French, Polish

FreedomBox 19.20 (2019-11-04)

  • doc: Add Spanish manual
  • ssh: Add option to disable password authentication
  • sharing: Fix wrong links on Apache2 directory index page
  • gitweb: Set correct access rights after enabling application
  • gitweb: Fix links leading to blank page
  • gitweb: Set proper access after restoration of a backup
  • snapshot: Sort snapshot list from newest to oldest
  • infinoted: Add missing manual page link
  • backups: Fix typo
  • Update translations for German, Spanish, Swedish, Czech, French, Norwegian Bokmål, Hungarian

FreedomBox 19.19 (2019-10-21)

  • gitweb: New app for simple git hosting
  • ikiwiki: Allow full Unicode text in wiki/blog title names
  • users: reload Apache2 to flush LDAP cache after user operations
  • ssh: Show server fingerprints in SSH page
  • frontpage: Show public shortcuts to all users regardless of group
  • ikiwiki: Remove extra create button when no wiki/blog is present
  • quassel: Add Let's Encrypt component for certificates
  • Update translations for Czech, French, Bulgarian, Dutch, German, and Norwegian Bokmål

FreedomBox 19.18 (2019-10-07)

  • diagnostics: Ensure that exceptions are reported as failures
  • users: Rearrange UI to match with other apps
  • upgrades, ikiwiki, networks, backups: Replace page tabs with buttons
  • dynamicdns, i2p, pagekite, snapshot: Cleanup page templates
  • deluge: Support deluge 2 by starting it properly
  • minetest: Remove mod-torches no longer available in testing/unstable
  • security: Add past vulnerabilities count, move report to new page
  • Update translations for Spanish, Norwegian Bokmål, German

FreedomBox 19.17 (2019-09-23)

  • firstboot: Add new help menu to firstboot navbar
  • firstboot: Hide left menu during first boot as intended
  • Update translations for Chinese (Simplified) and Czech
  • Fix tests for letsencrypt and tor

FreedomBox 19.16 (2019-09-09)

  • backups: Allow adding backup repositories on multiple disks
  • help: Add buttons for contribute, support, and feedback
  • action_utils: Workaround problem with setting debconf answers
  • views: Fix failure in redirecting from language selection page
  • manual: Move PDF download link to HTML manual page
  • help: Convert help icon in the navbar to dropdown
  • ejabberd: Fix listen port configuration for ejabberd 19.x
  • cockpit, ejabberd: Prevent restart on freedombox startup
  • ejabberd: Perform host/domain name operations only when installed
  • logging: Improve formatting and reduce noise
  • translations: Update Hungarian, German, Italian, French, and Norwegian Bokmål

FreedomBox 19.15 (2019-08-26)

  • security: Hide vulnerability table by default
  • names: Perform better layout of domain names table on small screens
  • cockpit: Apply domain name changes immediately
  • ejabberd: Prevent processing empty domain name
  • config: Send hostname change signal only after fully processing it
  • letsencrypt: Don't try to obtain certificates for .local domains
  • avahi: Expose .local domain as a proper domain
  • cockpit: Make essential and install by default
  • tt-rss: Force upgrade to 18.12-1.1 and beyond
  • updates: Allow matrix-synapse 1.3 to be installed for buster users
  • javascript: Don't resubmit when refreshing the page
  • storage: Fix regression with restoring backups with storage
  • matrix-synapse: Use recommended reverse proxy configuration
  • Update translations for German, Hungarian, and Norwegian Bokmål

FreedomBox 19.14 (2019-08-12)

  • storage: Handle all device paths during eject
  • storage: Fix incorrect internationalization when throwing an error
  • upgrades: Use collapsible-button style for logs
  • firewall: Allow automatic upgrade to 0.7.x
  • upgrades: Handle release info change
  • frontpage: Fix regression with loading custom shortcuts
  • names: Add dynamic domain name
  • names: Add button to configure each type of name
  • names: Update page layout for clearer presentation
  • names: Introduce new API for domain name handling
  • api: Fix regression with listing only enabled apps in mobile app
  • Update translations for Czech, Hungarian, French, Chinese (Simplified), Turkish, Polish, and Norwegian Bokmål

FreedomBox 19.13 (2019-07-29)

  • backups: Make UI more consistent with other apps
  • backups: Make backup location tables collapsible
  • Updated translations for Chinese (Simplified), German, and Norwegian Bokmål
  • help: Show security notice when backports are in use
  • security: Show vulnerability counts

FreedomBox 19.12 (2019-07-22)

  • sharing: Allow directories to be publicly shared
  • backups: Add option to select/deselect all apps for backup or restore
  • dbus: Allow plinth user to own FreedomBox DBus service

  • letsencrypt: Simplify renewal hooks implementation
  • cockpit: Don't handle domains if app is not installed
  • dynamicdns: Send domain added signal properly during init
  • ejabberd: Backup and restore TLS certificates
  • Started new Galician translation on Weblate
  • Updated translations for Czech, Norwegian Bokmål, Hungarian, Spanish, Telugu, Chinese (Simplified), German, Turkish, and Russian

FreedomBox 19.2.2 (2019-07-17)

This release does not contain any functional changes, but fixes test failures when building the package.

FreedomBox 19.2.1 (2019-07-09)

This is a bugfix release for 19.2.

  • dbus: Allow plinth user to own FreedomBox DBus service

FreedomBox 19.11 (2019-07-08)

  • backups: Fixes to issues while adding SSH remotes:
    • Improve UX of adding ssh remote
    • Avoid creating duplicate SSH remotes
    • Fix issue with repository not being initialized
    • Verify SSH hostkey before mounting
    • Allow SSH directory paths with : in them
    • Require passphrase for encryption in add repository form
    • Don't send passphrase on the command line
    • Un-mount SSH repositories before deleting them
  • matrixsynapse: Fix missing translation mark
  • Started new Greek translation on Weblate
  • Updated translations for Chinese (Simplified), Hungarian, Spanish, and Russian

FreedomBox 19.10 (2019-06-24)

  • syncthing: Open firewall ports for listening and discovery
  • radicale: Workaround issue with creating log directory
  • Update translations for Turkish, German, Czech, Norwegian Bokmål, and Portuguese
  • Introduce components for firewall, webserver, uwsgi, and daemons

FreedomBox 19.9 (2019-06-10)

  • config: Add option to show advanced apps, which are hidden by default
  • monkeysphere: Hide by default
  • searx: Add option to allow public access to the application
  • Introduce component architecture for apps, with components for menus and shortcuts
  • Start new translation for Bulgarian
  • Update translations for Turkish and Norwegian Bokmål

FreedomBox 19.8 (2019-05-27)

  • Switch to using SVG icons for all apps.
  • Updated translations for Czech, Norwegian Bokmål, Hungarian, German, Turkish, and Spanish.

FreedomBox 19.7 (2019-05-13)

  • i2p: Include default favorites.
  • Separate enabled and disabled apps.
  • Display port forwarding info for apps.
  • Added Slovenian translation.
  • Updated translations for Dutch, German, Hungarian, Norwegian Bokmål, Polish, Portuguese, Telugu.

FreedomBox 19.6 (2019-04-29)

  • i2p: Enable new application for I2P Anonymity Network.
  • Updated translations for Czech, German, Norwegian Bokmål, and Turkish.
  • letsencrypt: Provide link to configure domain if not configured.
  • firewall: Show port numbers and types.

FreedomBox 19.5 (2019-04-15)

  • storage: Use more reliable method to list disks and disk space usage.
  • Updated translations for Russian and German.

FreedomBox 19.4 (2019-04-01)

  • clients: Open web app in a new browser tab
  • matrix-synapse: Change client diagnostics url
  • minetest: Fix duplicate domain names being displayed in UI
  • storage: Do not show an eject button on /boot partitions
  • letsencrypt: Call letsencrypt manage_hooks with correct arguments
  • dynamicdns: Install module by default
  • storage: Don't check type of the disk for / and /boot
  • storage: Don't log error when checking if partition is expandable
  • Updated translations for Norwegian Bokmål, Czech, German, Hungarian, Spanish, German, and Russian.

FreedomBox 19.3 (2019-03-18)

  • UI: Move tabs below descriptions.
  • firewall: Style heading
  • names: Add description
  • pagekite: Change heading text
  • ikiwiki: Consistent styling for delete warning page
  • main: Show service version in logs
  • setup: Organize data files into various apps
  • Updated translations for Czech, Hungarian, Norwegian Bokmål, Spanish, German, French, Italian, and Turkish.

FreedomBox 19.2 (2019-03-02)

  • config: Fix Ikiwiki entries not showing up as default apps
  • config: Migrate default app configuration to new conf file
  • config: Rename Default App to Webserver Home Page
  • config: Add option to use Apache's default home page as home page
  • config: Fix error when setting JSXC as the home page
  • Disable Coquelicot for Buster release
  • matrix-synapse: Fix LDAP login issue
  • config: Revert changes in freedombox.conf to avoid conffile prompt
  • openvpn: Migration from easy-rsa 2 to 3 for existing installations
  • tor: Use fixed 9001 port for relaying
  • package: Implement identifying packages that need conffile prompts
  • setup: Trigger force upgrade for app that implement it
  • bind: Handle conffile prompt during upgrade
  • apache: Pre-enable necessary apache modules
  • apache: Use cgid module instead of cgi
  • openvpn: Make frontpage shortcut appear after an upgrade
  • openvpn: Work around firewalld bug 919517
  • firewalld: Implement upgrading from 0.4.x to 0.6.x
  • ttrss: Implement upgrade from 17.4 to 18.12
  • radicale: Add description of web interface
  • ttrss: Add backup support
  • security: Migrate access config to new file
  • Updated translations for Czech, Hungarian, Norwegian Bokmål, Spanish, German, Telugu.

FreedomBox 19.1 (2019-02-14)

  • radicale: Increment module version to trigger upgrade handling
  • radicale: Remove obsolete diagnostics
  • radicale: Fix server URLs in client info
  • Updated translations for Czech, Norwegian Bokmål, and Spanish.
  • setup: Add option to handle configuration prompts during install
  • radicale: Simplify upgrading to newer packages
  • matrixsynapse: Use Let's Encrypt certificates

FreedomBox 19.0 (2019-02-09)

  • mldonkey: Add some more clients to the module page
  • mldonkey: Add to the description the three available front-ends
  • monkeysphere: Fix handling of multiple domains and keys
  • monkeysphere: Fix regression with reading new apache domain config
  • apache: Switch to mod_ssl from mod_gnutls
  • mldonkey: Enable app
  • upgrades: Fix priority for buster-backports version
  • upgrades: Fix premature adding of buster-backports sources
  • Updated translations for Czech, German, and Spanish
  • Switched to a new version number scheme: YY.N
    • YY is the year of release.
    • N is the release number within that year.

Version 0.49.1 (2019-02-07)

  • ui: Fix regression with configure button in home page.
  • backups: Rename 'Abort' buttons to 'Cancel'.
  • backups: Use icon for add repository button.
  • backups: Move subsubmenu below description.
  • backups: Add title and description to other pages.
  • backups: Add link to manual page.
  • backups: Fix styling for upload size warning.
  • backups: Increase timeout for SSH operations to 30 seconds.
  • letsencrypt: UI: Fix checkbox disabling.
  • datetime: Switch from chrony to systemd-timesyncd.
  • Updated translations for Czech, Norwegian Bokmål, and Spanish.

Version 0.49.0 (2019-02-05)

  • security: Update javascript for Content Security Policy.
  • help: Use correct package to determine available version.
  • repro: Disable app due to issues with Debian package.
  • ui: Fix regression with card icon style in front page.
  • js: Support full librejs compatibility.
  • js: Remove javascript license link from footer.
  • backups: Remove incorrectly set buffer size during download.
  • backups: Fix incomplete download archives.
  • backups: Improve performance of backup download.
  • radicale: Handle migration from 1.x to 2.x.
  • datetime: Switch from ntp to chrony.
  • backports: Add buster-backports to apt sources list.
  • Updated translations for Czech, Norwegian Bokmål, and Hungarian.

Version 0.48.0 (2019-01-28)

  • Updated translations for Czech, Hungarian, German, and Norwegian Bokmål.
  • UI improvements:
    • Fix top margin for content containers.
    • Fix setting width of card-list at various page sizes.
    • Show help nav item text when navbar is collapsed.
    • Hide restart/shutdown items when navbar is collapsed.
    • Compact pages on extra small screen sizes.
  • Backups improvements:
    • Add backup/restore support for syncthing and openvpn.
    • Upgrade apps before restoring them
    • Fix showing not-installed apps in create backup page
    • Automatically install required apps before restore.
    • Add a loader to the restore button to indicate progress.
  • Serve default favicon for apps that don't provide one.
  • radicale: Fix issue with configuration changes not applying.
  • storage: Fix false error message in log when visiting home page.
  • infinoted: Handle timeout issue when stopping daemon during setup.
  • matrix-synapse: Fix startup error caused by bind_address setting.
  • radicale: Avoid changes to conffile for radicale 2.x.
  • help: Fix showing status logs when an error occurs.
  • fail2ban: Enable bans for apache auth failures.
  • mldonkey: Initial work on new module for the eDonkey network.
    • Not available yet, due to bug in package.

Version 0.47.0 (2019-01-14)

  • Show Gujarati in the list of languages.
  • Replace glyphicons with forkawesome icons.
  • Snapshots:
    • Change configuration to avoid filling up disk.
    • Handle "Config in use" error.
    • Update descriptions and configuration options.
  • Firewall: Fix issue with transition from iptables.
  • Security: Switch to Argon2 password hash.
  • Cockpit: Add link to manual page and update description.
  • Radicale: Add initial support for radicale 2.x.
  • Setup:
    • Handle showing setup page after app completes installation.
    • Optimize installation in-progress checks and refresh time.

Version 0.46.0 (2018-12-31)

  • Updated translations for Czech, German, Spanish, Ukrainian, and Norwegian Bokmål.
  • Use systemd journal for logging.
  • Rename plinth binary package to "freedombox", and merge freedombox-setup package into it.

Version 0.45.0 (2018-12-17)

  • Storage: Merge list of removable media into existing table.
  • Backups: Allow remote backups to SSH servers using sshfs.
  • Backups: Removed asking for backup archive name.
  • Automatically handle future versions of PHP.
  • Updated translations for Hungarian, Czech, Spanish, Chinese (Simplified), Italian, Norwegian Bokmål, French, and German.

Version 0.44.0 (2018-12-03)

  • UI: Add card style and gray noise background to apps pages.
  • UI: Fix distortion of the client apps buttons.
  • ejabberd: Handle BOSH port change from TCP 5280 to 5443.
  • Minetest: Update mods list to available Debian packages.
  • Firewall: Use nftables instead of iptables.
  • Snapshots: Fix default snapshot listing.
  • Snapshots: Show description above either tab.
  • Snapshots: Allow snapshots to be selected for deletion.
  • Translations: Updated Czech, Norwegian Bokmål, Spanish, German, and Portuguese.

Version 0.43.0 (2018-11-19)

  • Backups improvements:
    • Allow backups to be downloaded directly, without export step.
    • Restore directly from uploaded backup.
    • Avoid error for apps with no data to backup.
    • Show free disk space on upload and restore page.
    • Do not limit maximum upload size.
  • openvpn: Migrate to easy-rsa 3 and fix setup issues.
  • Make single sign-on tickets valid for 12 hours.
  • Use consistent terminology for updates.
  • Updated translations for Czech and Portuguese.

Version 0.42.0 (2018-11-05)

  • Fix wrong color in mobile menu
  • snapshot: Fix broken snapshot management after snapper update
  • Enable backup/restore for tor, upgrades, monkeysphere, letsencrypt, tahoe
  • monkeysphere: Handle importing new OpenSSH format keys
  • udiskie: unmount drive as superuser
  • Updated translations for Telugu, Indonesian, and Italian

Version 0.41.0 (2018-10-22)

  • Enable backup/restore for datetime, deluge, avahi, backups, bind, security, snapshot, ssh, firewall, diagnostics, names, power, and storage.
  • snapshot: Fix issue with setting configuration.
  • backups: Fix backup archives ownership issue.
  • backups: Fix issue with showing exports from disks without labels.
  • backups: Don't rely on disk labels during export/restore.
  • backups: Fix downloading extracted archive files.
  • Updated translations for Norwegian Bokmål, French, Russian, and Spanish.

Version 0.40.0 (2018-10-08)

  • Backups
    • Enable backup/restore for mumble, privoxy, roundcube, searx, jsxc, coquelicot, transmission, quassel, shadowsocks, sharing, pagekite, and cockpit.
    • Allow backup archives to be downloaded/uploaded through browser.
    • mediawiki: Backup/restore settings as well as data.
  • User Interface
    • Change card text style and position.
    • Change maximum cards per row.
    • Add tint effect on card icons under "Apps".
  • mediawiki: Run update script for 1.31 upgrade.
  • customization: Show custom shortcuts on frontpage.
  • Updated translations for Norwegian Bokmål, Portuguese, Spanish, Czech, German, French, and Italian.

Version 0.39.0 (2018-09-24)

  • Updated translations for Hungarian and Norwegian Bokmål.
  • Merge Removable Media (udiskie) into Storage module.
  • Add Backups module for backing up apps data.

Version 0.38.0 (2018-09-10)

  • mediawiki: Enable SVG support for MediaWiki

  • upgrades: Clean up old kernel packages during automatic upgrades
  • Make the progress bar at the top of the page more visible.
  • Updated translations for Norwegian Bokmål, Czech, Russian, German, Hungarian, and Spanish.

Version 0.37.0 (2018-08-27)

  • Updated translations for Czech, Norwegian Bokmål, Russian, Spanish, Hungarian, and Dutch.
  • install: Use Post/Response/Get pattern for reloads.

Version 0.36.0 (2018-08-13)

  • Updated translations for Hindi, Spanish, Russian, Telugu, German, Hungarian, Czech, and French
  • ejabberd: Remove deprecated settings from already existing config files
  • mediawiki: Fix issue with re-installation
  • mediawiki: Enable Instant Commons
  • mediawiki: Fix images throwing 403s
  • turbolinks: Reload page using JavaScript

  • Add Lato woff2 fonts
  • Disable launch button for web client when not installed

Version 0.35.0 (2018-07-30)

  • configuration: Add an option to set a default app for FreedomBox. The root URL path (https://domainname/) will redirect to the selected app.

  • ejabberd: Remove deprecated iqdisc setting. To apply this fix, disable and then re-enable the Message Archive Management setting.

  • ejabberd: Replace logo with original version.
  • mediawiki: Enable short URLs, which look like https://domainname/mediawiki/ArticleName.

  • radicale: Clarify description for shared calendar/addressbook.
  • storage: Handle mount points with spaces.
  • udiskie: Add button to eject drives.
  • udiskie: Also show read-only filesystems.
  • udiskie: Remove internal networks warning.
  • udiskie: Show special message when no storage device available.
  • Add turbolinks library for smoother navigation.
  • Removed extra text from icons for mediawiki, radicale, and tahoe-lafs.
  • Updated translations for Russian, Spanish, Dutch, Hungarian, Hindi, Italian, Telugu, German, and Norwegian Bokmål.

Version 0.34.0 (2018-07-16)

  • Prompt for secret during firstboot welcome
    • (Does not apply to downloadable FreedomBox images, but only when installed using freedombox-setup package.)

  • Updated translations for Italian, Dutch, Hindi, Hungarian

Version 0.33.1 (2018-07-04)

  • Fix issue where editing a user would remove them from admin group
  • Updated translations for Hungarian, Czech, Spanish, Russian, Hindi

Version 0.33.0 (2018-07-02)

  • Updated translations for Hungarian, Norwegian Bokmål, Spanish, Russian, Czech, Hindi, Dutch, Italian
  • firewall: Display information that a service is internal only
  • users: Don't show Create User link to non-admin users
  • users: Redirect to users list on successful user creation
  • packages: Show button to refresh package lists when a package is not available for install
  • Only show front page shortcuts that a user is allowed to access
  • Restrict removal of last admin user
  • Use logos instead of icons in the apps page
  • udiskie: New module for automatic mounting of removable media

Version 0.32.0 (2018-06-18)

  • Apply new card based design
  • Fix client info table size and flickering
  • first-setup: Automatically expand root partition
  • mediawiki: Enable image uploads
  • mediawiki: Make private mode and public registrations mutually exclusive
  • mediawiki: Hide frontpage shortcut when private mode is enabled
  • Updated translations for Norwegian Bokmål, Czech, Spanish, Russian, Hindi, Telugu, Italian, Dutch, German, and Hungarian

Version 0.31.0 (2018-06-04)

  • Updated translations for Czech, Spanish, Russian, German, Italian, Hindi, Telugu, and Norwegian Bokmål
  • mediawiki: Added private mode option
  • users: Fix user permissions not being saved
  • users: internationalize a string
  • mediawiki: Run update script for 1.30 upgrade
  • shortcuts: Fix urls for ikiwiki shortcuts

Version 0.30.0 (2018-05-21)

  • Updated translations for Russian, Italian, Norwegian Bokmål, Hungarian, and Hindi
  • setup: Remove unavailable as a state in setup_helper

Version 0.29.1 (2018-05-08)

  • security: Fix issue with Plinth locked out from sudo
  • Updated translations for Czech and Spanish

Version 0.29.0 (2018-05-07)

  • security: Allow console login access to user plinth
  • Add an option to enable/disable public registrations in mediawiki
  • tt-rss: Skip the check for SELF_URL_PATH
  • searx: Fix issue with uwsgi crashing
  • Updated translations for Czech, Spanish, German, Norwegian Bokmål, and Italian

Version 0.28.0 (2018-04-23)

  • setup: disable install button for currently unavailable apps
  • Add locale for Lithuanian (lt)
  • Translation updates for Italian, Czech, Russian, Spanish, German, Norwegian Bokmål, Telugu, and Dutch

Version 0.27.0 (2018-04-09)

  • middleware: Skip 'installed' message for essential apps
  • users: Fix admin group appearing twice in permissions
  • apps: Fix app names and short descriptions not being translated
  • snapshots: Move manual page link to the index page
  • UI: Fix progress bar not appearing
  • snapshots: Fix for permissions issue when updating configuration
  • snapshots: Add option to enable/disable software installation snapshots
  • Translation updates for Italian, Czech, Russian, Spanish, Dutch, German, Norwegian Bokmål, and Ukrainian

Version 0.26.0 (2018-03-26)

  • snapshots: Update description
  • searx: Rewrite url from /searx to /searx/
  • manual: Link to manual from each service
  • Workaround security issues in django-axes
  • apache: Only regenerate snake oil cert when needed
  • apache: Explicitly enable the latest version of PHP module
  • apache: Increase module version number to fix php7.2
  • Update translations for Chinese (Simplified), Russian, Czech, German, Norwegian Bokmål, Hungarian, Spanish, and Italian

Version 0.25.0 (2018-03-12)

  • sharing: Add app for sharing disk folders.
  • ttrss: Update list of client apps.
  • infinoted: Allow setup to recover after timeout issue.
  • snapshots: Add configuration tab with settings for time-based snapshots.

Plinth v0.24.0 (2018-02-26)

  • Add file-sharing application Coquelicot.
  • Add metasearch engine application Searx.
  • Add locale for Hungarian (hu).
  • mediawiki: Allow shortcut to be publicly visible on front page.
  • clients: Add and correct Client Apps.
  • locale: Preferred language can be set in each user's profile.
  • locale: Anonymous users can select preferred language.
  • config: Remove language selection from config page.
  • matrixsynapse: Fix mail attribute for ldap login.

Plinth v0.23.0 (2018-02-12)

  • snapshots: Modify configurations to reduce disk usage.
  • snapshots: Skip currently active snapshot when deleting all snapshots.
  • jsxc: Use consistent url format.
  • sso: Increase timeout to 60 minutes.
  • theme: Change font from Helvetica to Lato.
  • Translation updates for Czech, German, Gujarati, and Telugu.

Plinth v0.22.0 (2018-01-30)

  • matrix-synapse: Make sure configuration file does not get corrupted.
  • tor: Show enabled status properly.
  • first_setup: Fix not showing admin user creation step.
  • Migrate from GitHub to Salsa

  • Migrate from CirceCI to GitLab CI on Salsa.

  • Translation updates for Czech, Dutch, Gujarati, Hindi, Russian and Telugu.
  • Started new translation for Ukrainian.

Plinth v0.21.0 (2018-01-15)

  • navigation bar: Change label from 'Configuration' to 'System'.
  • storage: Removed beta warning for expanding partition.
  • groups: Consistently show available user groups, even before applications are installed.
  • syncthing: Restrict administration to users in "syncthing" group.
  • help: Show menu on smaller screens also.
  • diagnostics: Enable the "Run Diagnostics" button when applications are enabled but not running.

Plinth v0.20.0 (2018-01-01)

  • bind: Don't use forwarders by default
  • ejabberd: Remove redundant button Client Apps
  • mediawiki: Add wiki application
  • users: Make sure first run actually works
  • bind: Add information about current utility

Plinth v0.19.0 (2017-12-18)

  • ejabberd: Use dynamic reload instead of restart when changing configuration.
  • manual: Make manual available as a PDF download.
  • minetest: Show domain information for users to connect to minetest.
  • snapshots: Add button to delete all snapshots.
  • snapshots: Add option to enable/disable automatic timeline snapshots.
  • users: Add groups for bit-torrent and feed-reader, available when these applications are installed.

Plinth v0.18.0 (2017-12-04)

  • Add Shadowsocks client with socks5 proxy.
  • Fix SSO regressions and conflict with captcha.
  • transmission: Fix sso not being enabled on upgrade.
  • avahi: Add service for FreedomBox discovery.

  • Add client information for modules.

Plinth v0.17.0 (2017-11-20)

  • transmission: Enable Single Sign On.
  • cockpit: Add short description to frontpage shortcut.
  • fail2ban: Fix spelling and sentence structure.

Plinth v0.16.0 (2017-11-06)

1. Added

  • Add mobile, web and desktop client info for modules.
  • Enable django SecurityMiddleware to improve security ratings.

  • cockpit: New module for server administration and web terminal.

2. Fixed

  • letsencrypt: Fix internal server error when obtaining a certificate.
  • ejabberd: Fix LDAP server entry in config file during setup.
  • jsxc: Fix outdated URLs for connecting to local ejabberd server.

Plinth v0.15.3 (2017-10-20)

1. Changed

  • Rename Disks to Storage.
  • Rename Snapshot to Storage Snapshots.
  • tt-rss: Enable API access by default.
  • Allow access to Plinth from outside the LAN.
  • matrix-synapse: Disable public registration by default.
  • power: Merge actions into the user dropdown.

2. Added

  • Add locales for Kannada (kn) and for Bengali (bn).
  • ejabberd: Use Let's Encrypt certificate, also across renewals.
  • matrix-synapse: Add enable/disable public registrations.
  • Add captcha validation on 3 failed attempts.
  • matrix-synapse: Enable LDAP integration.
  • letsencrypt: Automatically obtain and revoke SSL certificates.

3. Fixed

  • Fix front page label names.
  • Fix vertical alignment of shortcut icons.
  • storage: Fix issue with locales that use other decimal separators.
  • Make tt-rss api accessible using Apache basic auth.
  • letsencrypt: Handle case where current domain is empty.
  • Handle both admin and non-admin user names in update user template.

Plinth v0.15.2 (2017-09-24)

1. Added

  • letsencrypt: Show more info on cert validity status.
  • letsencrypt: Add option to delete certificates.
  • letsencrypt: Add option to let Plinth manage certbot's renewal hooks.
  • power: Warn if a package manager is running before shutdown/restart.
  • security: Install and manage fail2ban.
  • names: Include domain and services from dynamicdns.
  • disks: Add low disk space warning to system and disks page.
  • ssh: New application to manage SSH server.
  • Add api module to get enabled services and access info.
  • Add Django password validators.
  • ejabberd, ikiwiki, ttrss: Add user login descriptions.

2. Removed

  • diaspora: Disable for this release due to issues affecting package.
  • Remove help from navbar before firstboot complete.

3. Fixed

  • i18n: Don't use backslash-newline for wrapping long lines.
  • radicale: Update link to documentation.
  • sso: Upgrade crypto to 4096-bit RSA and SHA-512.
  • Users: Allow non-admin users to log out.

4. Changed

  • letsencrypt: Make Let's Encrypt an essential module.
  • UI: Make apps and configure pages responsive on small screens.
  • Make help accessible for logged-in non-admin users.

Plinth v0.15.0 (2017-07-01)

  • Added Tahoe-LAFS module for distributed file storage.
  • Added Diaspora* module for federated social networking.
    • Currently only available in "contrib" repository.
  • New Locales for Czech (cs) and Tamil (ta).
  • Added SSO using auth_pubtkt for Syncthing, TT-RSS, and the Repro admin panel.
    • If you are logged in to Plinth, you will be automatically logged in to these web apps.
  • ejabberd: Added option to enable/disable Message Archive Management.
  • help: Added Debian release name to about page.
  • firstboot: De-bloat first welcome screen.
  • Pinned footer to the bottom of the viewport.
  • disks: Restrict precision of reported available space on root partition.
  • diagnostics: Disable button if app/service is not running.
  • help: Only show help pages if user is logged in.
  • navbar: Moved logout to user drop-down and added a new power drop-down.
  • disks: Show disabled partition resize option if no space is available.
  • Added line break to titles to fix frontpage layout.
  • syncthing: Fixed typos and clarity in description.
  • firewall: Fix 500 error when firewalld is not running.
  • setup: Disable install/upgrade when dpkg/apt is running.
  • disks: Use information from lsblk for more accuracy.
  • datetime: Show timezone properly when it not in expected list.

Plinth v0.14.0 (2017-04)

  • tor: Added option to use upstream bridges.
  • openvpn: Added shortcut to front page, shown only when logged-in.
  • openvpn: Non-admin users can download their own profiles.
  • Added new locales for Hindi (hi) and Gujarati (gu).
  • Added Syncthing module for file synchronization.
  • Added Matrix Synapse as chat server with groups, audio and video.
  • Require admin access for all system configuration pages.
  • Changed appearance of topbar and footer.
  • openvpn: Regenerate user key or certificate if empty.
  • disks: Workaround issue in parted during resize.

Plinth v0.13.1 (2017-01-22)

  • Two new apps were added:
    • Gobby Server (infinoted) for collaborative editing of text documents
    • Domain Name Server (BIND), in system menu
  • Added JavaScript license web labels to provide partial support for LibreJS.

  • Added basic configuration form for Minetest server.
  • Added indicator to Help->About page if new Plinth version is available.

  • Show app logos on front page instead of generic icons.
  • Prevent anonymous users from accessing setup pages.
  • Split Chat Server (XMPP) app into Chat Server (ejabberd) and Chat Client (jsxc).

Plinth v0.12.0 (2016-12-08)

  • Open up RTP ports in the firewall for repro (SIP server).
  • Front page shortcuts for services show a Configure button in the details box for logged-in users.
  • Add mods packages to be installed with Minetest server.
  • Fix issue with reading Dynamic DNS status as non-root user.
  • After the hostname is changed, ensure the domain name is still set correctly.
  • Allow the domain name to be cleared, and properly set the configuration in this case.
  • On the Certificates (Let's Encrypt) page, show a more informative message when no domains are configured.
  • On the Chat Server (XMPP) page, show more clearly if domain is not set.
  • Apps that require login will not be shown on the front page, unless the user is logged in.
  • Show status block for News Feed Reader (Tiny Tiny RSS).
  • Change appearance of front page with larger icons and repositioned text.
  • Firewall page only lists services that have been setup. The port lists are collapsible under each service.
  • Support configuring IPv6 networks.
  • Make it less likely to accidentally delete the only Plinth user.
  • Updated to work with JSXC 3.0.0 (XMPP web client).

Plinth v0.11.0 (2016-09-29)

  • Added loading icon for additional busy operations.
  • Added basic front page with shortcuts to web apps, and information about enabled services.
  • networks: Add batctl as dependency, required for batman-adv mesh networking.
  • users:
    • Fixed checking restricted usernames.
    • Display error message if unable to set SSH keys.
    • Flush nscd cache after user operations to avoid some types of errors.
  • monkeysphere:
    • Adopted to using SHA256 fingerprints.
    • Sort items for consistent display.
    • Handle new uid format of gpg2.
    • Fixed handling of unavailable imported domains.
  • minetest: Fixed showing status block and diagnostics.
  • Fixed stretched favicon.
  • Switched base template from container-fluid to container. This will narrow the content area for larger displays.
  • Plinth is now able to run as "plinth" user instead of root user.
  • xmpp: Replaced jwchat with jsxc.
  • ikiwiki: Allow only alphanumerics in wiki/blog name to avoid invalid paths.

Plinth v0.10.0 (2016-08-21)

  • Updated Plinth to support Django 1.10.
  • Added a page to display recent status log from Plinth. It is accessible from the 500 error page.
  • Tor: Added options to toggle relay and bridge relay modes.
  • Radicale: Added access rights control.
  • Ikiwiki: Updated suggested packages.
  • Users and Groups: Fixed editing users without SSH keys.
  • Networks: Added basic support for configuring batman-adv mesh networking.
  • Networks: Fixed incorrect access for retrieving DNS entries.
  • New languages:
    • Persian (50% translated)
    • Indonesian (not started, contributions needed)
  • New modules added to Plinth:
    • Disks: Shows free space of mounted partitions, and allows expanding the root partition.
    • Security: Controls login restrictions.
    • Snapshots: Manages Btrfs snapshots.

Version 0.9.4 (2016-06-24)

  • Added Polish translation.
  • Fixed issue preventing access to Plinth on a non-standard port.
  • Dealt with ownCloud removal from Debian. The ownCloud page in Plinth will be hidden if it has not been setup. Otherwise, a warning is shown.
  • Fixed issue in Privoxy configuration. Two overlapping listen-addresses were configured, which prevented privoxy service from starting.
  • Fixed issue that could allow someone to start a module setup process without being logged in to Plinth.
  • Fixed issues with some diagnostic tests that would show false positive results.
  • Added check to Diagnostics to skip tests for modules that have not been setup.
  • Fixed some username checks that could cause errors when editing the user.
  • Added sorting of menu items per locale.
  • Moved Dynamic DNS and Pagekite from Applications to System Configuration.
  • Allowed setting IP for shared network connections.
  • Switched Dreamplug image from "non-free" to "free". This means that we no longer include the non-free firmware for the built-in wifi on Dreamplug.
  • Added the "userdir" module for the Apache web server. This allows users in the "admin" group to create a folder called "public_html" under their home folder, and to publicly share files placed in this folder.
  • New wiki and manual content licence: Creative Commons Attribution-ShareAlike 4.0 International (from June 13rd 2016).

  • Switched to using apt-get for module setup in Plinth. This fixes several issues that were seen during package installs.

Version 0.9 (2016-04-24)

  • Fixed Wi-Fi AP setup.
  • Prevent lockout of users in 'sudo' group after setup is complete.
  • Improved setup mechanism for Plinth modules. Allows users to see what a module is useful for, before doing the setup and package install. Also allows essential modules to be setup by default during FreedomBox install.

  • Added HTTPS certificates to Monkeysphere page. Reorganized so that multiple domains can be added to a key.
  • Added Radicale, a CalDAV and CardDAV server.
  • Added Minetest Server, a multiplayer infinite-world block sandbox.
  • Added Tiny Tiny RSS, a news feed reader.

Version 0.8 (2016-02-20)

  • Added Quassel, an IRC client that stays connected to IRC networks and can synchronize multiple frontends.
  • Improved first boot user interface.
  • Fixed Transmission RPC whitelist issue.
  • Added translations for Turkish, Chinese, and Russian. Fixed and updated translations in other languages.
  • Added Monkeysphere, which uses PGP web of trust for SSH host key verification.
  • Added Let's Encrypt, to obtain certificates for domains, so that browser certificate warnings can be avoided.
  • Added repro, a SIP server for audio and video calls.
  • Allow users to set their SSH public keys, so they can login over SSH without a password.

Version 0.7 (2015-12-13)

  • Translations! Full translations of the interface in Danish, Dutch, French, German and Norwegian Bokmål, and partial Telugu.
  • Support for OLinuXino A20 MICRO and LIME2
  • New Plinth applications: OpenVPN, reStore
  • Improved first-boot experience
  • Many bugfixes and cleanups

Version 0.6 (2015-10-31)

  • New supported hardware target: Raspberry Pi 2
  • New modules in Plinth:
    • Shaarli: Web application to manage and share bookmarks
    • Date & Time: Configure time zone and NTP service

    • Service Discovery: Configure Avahi service
  • Documentation revamp including new user manual and developer guide
  • Improved diagnostic tests, available in Plinth
  • Avoid unnecessary changes when installing on existing Debian system
  • Network configuration supports PPPoE connections
  • Debian packages can be download over Tor

Version 0.5 (2015-08-07)

  • New targets: CubieTruck, i386, amd64

  • New apps in Plinth: Transmission, Dynamic DNS, Mumble, ikiwiki, Deluge, Roundcube, Privoxy
  • NetworkManager handles network configuration and can be manipulated through Plinth.

  • Software Upgrades (unattended-upgrades) module can upgrade the system, and enable automatic upgrades.
  • Plinth is now capable of installing ejabberd, jwchat, and privoxy, so they are not included in image but can be installed when needed.
  • User authentication through LDAP for SSH, XMPP (ejabberd), and ikiwiki.
  • Unit test suite is automatically run on Plinth upstream. This helps us catch at least some code errors before they are discovered by users!
  • New, simpler look for Plinth.
  • Performance improvements for Plinth.

Version 0.3 (2015-01-20)

  • Tor Bridges: All boxes now act as non-exit Tor bridges, routing traffic for the Tor network.
  • Firewall: firewall is on by default and is automatically managed.

  • Add BeagleBone support. We now have images for BeagleBone, RaspberryPi, VirtualBox i386/amd64, and DreamPlug.

  • Ability to enable and use Tor Hidden Services. Works with Ejabberd/JWChat and ownCloud services.
  • Enable Tor obfsproxy with scramblesuit.
  • Drop well-known root password (an account with sudo capabilities still exists for now but will be removed soon).
  • Switch to unstable as suite of choice for easier development.
  • Newer images are built with systemd by default (due to Debian change).
  • Install and operate firewall automatically (uses firewalld).
  • Major restructuring of Plinth UI using Python3, Django web development framework and Bootstrap3. Code quality is much better and UI is more polished.
  • Introduced packaging framework in Plinth UI for on-demand application installation.

Version 0.2 (2014-03-16)

  • Support for Raspberry Pi and VirtualBox (x86) in addition to the DreamPlug.

  • New Services:
    • Configuration Management UI.
    • Instant Messaging.
    • OwnCloud.

    • dnsmasq.
    • Low-Level Configuration Management.
    • Service Announcement.
    • LDAP Server.
    • LXC Support.
    • Source Packages.
  • The privoxy setup is now the default from Debian.

Version 0.1 (2013-02-26)

  • First FreedomBox software release (0.1 image, developer release).

  • Full hardware support in Debian
  • Support for DreamPlug.

  • Basic software tools selected as common working environment:
    • User interface system "plinth"
    • Cryptography tools: gpg or "monkeysphere"
    • Box-to-box communication design: Freedom-buddy (uses TOR network)

    • Web cleaning: "privoxy-freedombox".

Download and Install

Welcome to the FreedomBox download page.

  • Note: If you purchased a FreedomBox kit, this section is not meant for you, so you can just skip it entirely. (Unless you specifically want to build an alternative software image).

You may either install FreedomBox on one of the supported inexpensive hardware devices, on any Debian operating system, or deploy it on a virtual machine.

Installing on a machine running a Debian system is easy because FreedomBox is available as a package. We do recommend to install FreedomBox on a supported single board computer (SBC). The board will be dedicated for FreedomBox use from home, this will prevent a lot of risks, such as accidental misconfiguration by the user. In case of trouble deciding which hardware is best for you or during the installation, please use the support page or read the Questions and Answers page based on posts on the Freedombox-discuss mailing list archives.

1. Downloading on Debian

If you are installing on an existing Debian installation, you don't need to download these images. Instead, read the instructions on setting up FreedomBox on Debian.

2. Downloading for SBC or Virtual Machine

2.1. Prepare your device

Read the hardware specific instructions on how to prepare your device at the Hardware section. On the web, there is a lot of documentation about setting your device up and flashing USB or SD Cards to boot your hardware.

2.2. Downloading Images

Recent images for supported targets are available here:

2.3. Verifying the Downloaded Images

It is important to verify the images you have downloaded to ensure that the file has not been corrupted during the transmission and that it is indeed the image built by FreedomBox developers.

Note: Testing and nightly images are automatically signed by the FreedomBox CI server.

  • First open a terminal and import the public keys of the FreedomBox developers who built the images:

    $ gpg --keyserver keyserver.ubuntu.com --recv-keys BCBEBD57A11F70B23782BC5736C361440C9BC971
    $ gpg --keyserver keyserver.ubuntu.com --recv-keys 7D6ADB750F91085589484BE677C0C75E7B650808
    # This is the FreedomBox CI server's key
    $ gpg --keyserver keyserver.ubuntu.com --recv-keys 013D86D8BA32EAB4A6691BF85D4153D6FE188FC8
    # This is the new FreedomBox CI server's key
    $ gpg --keyserver keyserver.ubuntu.com --recv-keys D4B069124FCF43AA1FCD7FBC2ACFC1E15AF82D8C
  • Next, verify the fingerprint of the public keys:
    $ gpg --fingerprint BCBEBD57A11F70B23782BC5736C361440C9BC971
    pub   4096R/0C9BC971 2011-11-12
          Key fingerprint = BCBE BD57 A11F 70B2 3782  BC57 36C3 6144 0C9B C971
    uid                  Sunil Mohan Adapa <sunil@medhas.org>
    sub   4096R/4C1D4B57 2011-11-12
    $ gpg --fingerprint 7D6ADB750F91085589484BE677C0C75E7B650808
    pub   4096R/7B650808 2015-06-07 [expires: 2020-06-05]
          Key fingerprint = 7D6A DB75 0F91 0855 8948  4BE6 77C0 C75E 7B65 0808
    uid                  James Valleroy <jvalleroy@mailbox.org>
    uid                  James Valleroy <jvalleroy@freedombox.org>
    sub   4096R/25D22BF4 2015-06-07 [expires: 2020-06-05]
    sub   4096R/DDA11207 2015-07-03 [expires: 2020-07-01]
    sub   2048R/2A624357 2015-12-22
    $ gpg --fingerprint 013D86D8BA32EAB4A6691BF85D4153D6FE188FC8
    pub   rsa4096 2018-06-06 [SC]
          013D 86D8 BA32 EAB4 A669  1BF8 5D41 53D6 FE18 8FC8
    uid           [ unknown] FreedomBox CI (Continuous Integration server) <admin@freedombox.org>
    sub   rsa4096 2018-06-06 [E]
    $ gpg --fingerprint D4B069124FCF43AA1FCD7FBC2ACFC1E15AF82D8C
    pub   rsa4096 2022-03-09 [SC]
          D4B0 6912 4FCF 43AA 1FCD  7FBC 2ACF C1E1 5AF8 2D8C
    uid           [ unknown] FreedomBox CI (Continuous Integration server) <admin@freedombox.org>
    sub   rsa4096 2022-03-09 [E]
  • Finally, verify your downloaded image with its signature file .sig. For example:

    $ $ gpg --verify freedombox-bookworm_all-amd64.img.xz.sig
    gpg: assuming signed data in 'freedombox-bookworm_all-amd64.img.xz'
    gpg: Signature made Wed 14 Jun 2023 03:22:04 PM PDT
    gpg:                using RSA key D4B069124FCF43AA1FCD7FBC2ACFC1E15AF82D8C
    gpg: Good signature from "FreedomBox CI (Continuous Integration server) <admin@freedombox.org>" [unknown]
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the owner.
    Primary key fingerprint: D4B0 6912 4FCF 43AA 1FCD  7FBC 2ACF C1E1 5AF8 2D8C

2.4. Installation

After the download you can use the image to boot your chosen hardware (including virtual machines). You'll need to copy the image to the memory card or USB stick as follows:

  1. Figure out which device your card actually is.
    1. Unplug your card.
    2. Run dmesg -w to show and follow the kernel messages.

    3. Plug your card in. You will see messages such as following:
      [33299.023096] usb 4-6: new high-speed USB device number 12 using ehci-pci
      [33299.157160] usb 4-6: New USB device found, idVendor=058f, idProduct=6361
      [33299.157162] usb 4-6: New USB device strings: Mfr=1, Product=2, SerialNumber=3
      [33299.157164] usb 4-6: Product: Mass Storage Device
      [33299.157165] usb 4-6: Manufacturer: Generic
      [33299.157167] usb 4-6: SerialNumber: XXXXXXXXXXXX
      [33299.157452] usb-storage 4-6:1.0: USB Mass Storage device detected
      [33299.157683] scsi host13: usb-storage 4-6:1.0
      [33300.155626] scsi 13:0:0:0: Direct-Access     Generic- Compact Flash    1.01 PQ: 0 ANSI: 0
      [33300.156223] scsi 13:0:0:1: Direct-Access     Multiple Flash Reader     1.05 PQ: 0 ANSI: 0
      [33300.157059] sd 13:0:0:0: Attached scsi generic sg4 type 0
      [33300.157462] sd 13:0:0:1: Attached scsi generic sg5 type 0
      [33300.462115] sd 13:0:0:1: [sdg] 30367744 512-byte logical blocks: (15.5 GB/14.4 GiB)
      [33300.464144] sd 13:0:0:1: [sdg] Write Protect is off
      [33300.464159] sd 13:0:0:1: [sdg] Mode Sense: 03 00 00 00
      [33300.465896] sd 13:0:0:1: [sdg] No Caching mode page found
      [33300.465912] sd 13:0:0:1: [sdg] Assuming drive cache: write through
      [33300.470489] sd 13:0:0:0: [sdf] Attached SCSI removable disk
      [33300.479493]  sdg: sdg1
      [33300.483566] sd 13:0:0:1: [sdg] Attached SCSI removable disk
    4. In the above case, the disk that is newly inserted is available as /dev/sdg. Very carefully note this and use it in the copying step below.

  2. Decompress the downloaded image using tar:
    $ xz -d freedombox-stable-free_buster_cubietruck-armhf.img.xz

    The above command is an example for the cubietruck stable image. Your downloaded file name will be different.

  3. Copy the image to your card. Double check to make sure you don't write to your computer's main storage (such as /dev/sda). Also make sure that you don't run this step as root to avoid potentially overriding data on your hard drive due to a mistake in identifying the device or errors while typing the command. USB disks and SD cards inserted into the system should typically be write accessible to normal users. If you don't have permission to write to your SD card as a user, you may need to run this command as root. In this case triple check everything before you run the command. Another safety precaution is to unplug all external disks except the SD card before running the command.

    For example, if your SD card is /dev/sdg as noted in the first step above, then to copy the image, run:

    $ dd bs=1M if=freedombox-stable-free_buster_cubietruck-armhf.img of=/dev/sdg conv=fdatasync status=progress

An alternative to copy to SD card command

  • $ cat freedombox-stable-free_buster_cubietruck-armhf.img > /dev/sdg ; sync

On MS Windows you will need a tool like etcher. On MacOS (OSX) you can use programs like balenaetcher and rosaimagewriter.

  • The above command is an example for the cubietruck stable image. Your image file name will be different.

    When picking a device, use the drive-letter destination, like /dev/sdg, not a numbered destination, like /dev/sdg1. The device without a number refers to the entire device, while the device with a number refers to a specific partition. We want to use the whole device. Downloaded images contain complete information about how many partitions there should be, their sizes and types. You don't have to format your SD card or create partitions. All the data on the SD card will be wiped off during the write process.

  • Use the image by inserting the SD card or USB disk into the target device and booting from it. Your device should also be prepared (see the Hardware section).

  • Read (the rest of) the Manual for instructions on how to use applications in FreedomBox.

2.5. Troubleshooting

  • Can't boot off your MicroSD card (and/or disk utilities like GPartEd report a missing/corrupt partition table).
    • You likely forgot or failed to extract the .img file with xz -d before writing it to your device (e.g. /dev/sdg).

3. Obtaining Source Code

FreedomBox is fully free software and you can obtain the source code to study, modify and distribute improvements.

3.1. From within FreedomBox

FreedomBox is made up of several software programs and you can obtain the source code to any of them. These instructions are similar to obtaining and building source code for Debian since FreedomBox is a pure blend of Debian. Using this process you can obtain the source code to the exact version of the package you are currently using in FreedomBox.

  1. To see the list of software packages installed on your FreedomBox, run the following in a terminal:

    dpkg -l
  2. To obtain the source code for any of those programs, then run:
    apt source <package_name>

    This requires that the apt sources list contains information about the source code repositories. These are present by default on all FreedomBox images. If you have installed FreedomBox using a package from Debian, you need to ensure that source repositories are added in the file.

  3. To build the package from source code, first install its dependencies
    apt build-dep <package_name>

    Switch to the source directory created by the apt source command:

    cd <source_directory>
    Then build the package
     dpkg-buildpackage -rfakeroot -uc
  4. Install the package:
     dpkg -i ../<built_package>.deb

3.2. Other Ways to Obtain Source Code

  1. Source code for any of the packages can be browsed and searched using the web interface at sources.debian.org. For example, see the plinth package.

  2. Source code and pre-built binary package for any version of a package including historic versions can be obtained from snapshot.debian.org. For example, see the plinth package.

  3. You can also obtain the links to upstream project homepage, upstream version control, Debian's version control, changelog, etc. from the Debian tracker page for a project at tracker.debian.org. For example, see the tracker page for plinth package.

  4. You can build and install a package from its Debian's version control repository. For example,
     git clone https://salsa.debian.org/freedombox-team/freedombox.git
     cd freedombox
     apt build-dep .
     dpkg-buildpackage -rfakeroot -uc
     dpkg -i ../freedombox*.deb

3.3. Building Disk Images

You can also build FreedomBox disk images for various hardware platforms using the freedom-maker tool. This is also available as a Debian package and source code for it may be obtained using the above methods. Build instructions for creating disk images are available as part of the source code for freedom-maker package.

FreedomBox disk images are built and uploaded to official servers using automated Continuous Integration infrastructure. This infrastructure is available as source code too and provides accurate information on how FreedomBox images are built.

3.3.1. U-boot on Pioneer Edition Images

There is one minor exception to the u-boot package present on the hardware sold as FreedomBox Home Server Kits Pioneer Edition. It contains a small but important fix that is not part of Debian sources. The fork of the Debian u-boot source repository along with the minor change done by the FreedomBox is available as a separate repository. We expect this change to be available in upstream u-boot eventually and this repository will not be needed. This package can be built on a Debian armhf machine as follows (cross compiling is also possible, simply follow instructions for cross compiling Debian packages):

apt install git git-buildpackage
git clone https://salsa.debian.org/freedombox-team/u-boot.git
cd u-boot
pbuilder create --distribution=buster
gbp buildpackage --git-pbuilder

The u-boot Debian package will be available in u-boot-sunxi*.deb. This package will contain

mkdir temp
dpkg -x u-boot-suxi*.deb temp
unxz <lime2_image_built_with_freedom_maker>
dd if=temp/usr/lib/u-boot/A20-OLinuXino-Lime2/u-boot-sunxi-with-spl.bin of=<lime2.img> seek=8 bs=1k conv=notrunc

The resulting image will have the modified u-boot in it.


Deutsch - English - Español - (+)

1. Tor (Anonymity Network)

Tor icon

Available since: version 0.3

1.1. What is Tor?

Tor is a network of servers operated by volunteers. It allows users of these servers to improve their privacy and security while surfing on the Internet. You and your friends are able to access to your FreedomBox via Tor network without revealing its IP address. Activating Tor application on your FreedomBox, you will be able to offer remote services (chat, wiki, file sharing, etc...) without showing your location. This application will give you a better protection than a public web server because you will be less exposed to intrusive people on the web.

1.2. Using Tor to browse anonymously

Tor Browser is the recommended way to browse the web using Tor. You can download the Tor Browser from https://www.torproject.org/projects/torbrowser.html and follow the instructions on that site to install and run it.

1.3. Using Tor Onion Service to access your FreedomBox

Tor Onion Service provides a way to access your FreedomBox, even if it's behind a router, firewall, or carrier-grade NAT (i.e., your Internet Service Provider does not provide a public IPv4 address for your router).

To enable Tor Onion Service, first navigate to the Anonymity Network (Tor) page. (If you don't see it, click on the FreedomBox logo at the top-left of the page, to go to the main Apps page.) On the Anonymity Network (Tor) page, under Configuration, check "Enable Tor Onion Service", then press the Update setup button. Tor will be reconfigured and restarted.

After a while, the page will refresh and under Status, you will see a table listing the Onion Service .onion address. Copy the entire address (ending in .onion) and paste it into the Tor Browser's address field, and you should be able to access your FreedomBox. (You may see a certificate warning because FreedomBox has a self-signed certificate.)

Tor Configuration - FreedomBox

Currently only HTTP (port 80), HTTPS (port 443), and SSH (port 22) are accessible through the Tor Onion Service configured on the FreedomBox.

1.4. Apps accessible via Tor

The following apps can be accessed over Tor. Note that this list is not exhaustive.

1.5. Running a Tor relay

When Tor is installed, it is configured by default to run as a bridge relay. The relay or bridge option can be disabled through the Tor configuration page in FreedomBox.

At the bottom of the Tor page in FreedomBox, there is a list of ports used by the Tor relay. If your FreedomBox is behind a router, you will need to configure port forwarding on your router so that these ports can be reached from the public Internet.

The requirements to run a relay are listed in the Tor Relay Guide. In short, it is

  • recommended that a relay has at least 16 Mbit/s (Mbps) upload and download bandwidth available for Tor. More is better.
  • required that a Tor relay be allowed to use a minimum of 100 GByte of outbound and of incoming traffic per month.
  • recommended that a <40 Mbit/s non-exit relay should have at least 512 MB of RAM available; A relay faster than 40 Mbit/s should have at least 1 GB of RAM.

1.6. (Advanced) Usage as a SOCKS proxy

FreedomBox provides a Tor SOCKS port that other applications can connect to, in order to route their traffic over the Tor network. This port is accessible on any interfaces configured in the internal firewall zone. To configure the application, set SOCKS Host to the internal network connection's IP address, and set the SOCKS Port to 9050.

1.6.1. Example with Firefox

Your web browser can be configured to use the Tor network for all of your browsing activity. This allows for censorship circumvention and also hides your IP address from websites during regular browsing. For anonymity, using tor browser is recommended.

Configure your local FreedomBox IP address and port 9050 as a SOCKS v5 proxy in Firefox. There are extensions to allow for easily turning the proxy on and off.

Configuring Firefox with Tor SOCKS proxy

With the SOCKS proxy configured, you can now access any onion URL directly from Firefox. FreedomBox itself has an onion v3 address that you can connect to over the Tor network (bookmark this for use in emergency situations).

1.7. Circumventing Tor censorship

If your ISP is trying to block Tor traffic, you can use tor bridge relays to connect to the tor network.

1. Get the bridge configuration from the Tor BridgeDB

Tor BridgeDB

2. Add the lines to your FreedomBox Tor configuration as show below.

Tor Configuration Page

Deutsch - English - Español - Magyar - (+)

2. Deluge (Distributed File Sharing via BitTorrent)

Deluge icon

Available since: version 0.5

2.1. What is Deluge?

Deluge is a BitTorrent node (both, client and server at the same time).

BitTorrent is a communications protocol for peer-to-peer (P2P) file sharing.

  • It is not anonymous; you should assume that others can see what files you are sharing.

  • This technology works best for big, popular files.

There are two BitTorrent web nodes available in FreedomBox: Transmission and Deluge. They have similar features, but you may prefer one over the other.

Deluge is a lightweight BitTorrent client that is highly configurable. Additional functionality can be added by installing plugins.

2.2. Screenshot

Deluge Web UI

2.3. Initial Setup

After installing Deluge, it can be accessed by pointing your browser to https://<your freedombox>/deluge. You will need to enter a password to login:

Deluge Login

The initial password is "deluge". The first time that you login, Deluge will ask if you wish to change the password. You should change it to something that is harder to guess.

Next you will be shown the connection manager. Click on the first entry (Offline - Then click "Start Daemon" to start the Deluge service that will run in the background.

Deluge Connection Manager (Offline)

Now it should say "Online". Click "Connect" to complete the setup.

Deluge Connection Manager (Online)

At this point, you are ready to begin using Deluge. You can make further changes in the Preferences, or add a torrent file or URL.

English - Español - (+)

3. Transmission (Distributed File Sharing via BitTorrent)

Transmission icon

Available since: version 0.5

3.1. What is Transmission ?

Transmission is a BitTorrent node (both, client and server at the same time).

BitTorrent is a communications protocol for peer-to-peer (P2P) file sharing.

  • It is not anonymous; you should assume that others can see what files you are sharing.

  • This technology works best for big, popular files.

There are two BitTorrent web nodes available in FreedomBox: Transmission and Deluge. They have similar features, but you may prefer one over the other.

Transmission is a lightweight BitTorrent client that is well known for its simplicity and a default configuration that "Just Works".

3.2. Screenshot

Transmission Web Interface

3.3. Using Transmission

After installing Transmission, it can be accessed at https://<your freedombox>/transmission. Transmission uses single sign-on from FreedomBox, which means that if you are logged in on your FreedomBox, you can directly access Transmission without having to enter the credentials again. Otherwise, you will be prompted to login first and then redirected to the Transmission app.

3.4. Tips

3.4.1. Transferring Downloads from the FreedomBox

  1. Transmission's downloads directory can be added as a shared folder in the Sharing app. You can then access your downloads from this shared folder using a web browser.

  2. (Advanced) If you have the ssh access to your FreedomBox, you can use sftp or scp to browse the downloads directory using a suitable file manager or web browser:

3.5. Port Forwarding

If your FreedomBox is behind a router you optionally might want to set up port forwarding on your router in order to improve communication with other peers. You should forward the following ports for Transmission:

  • TCP 51413 (or your configured peer listening port)

3.6. Using Remote Apps

In addition to using the web interface to control Transmission on FreedomBox, desktop and mobile apps may also be used. List of tested clients and their platforms are listed on the app page in FreedomBox web interface. When configuring these clients the URL to connect must be /transmission-remote/rpc and the port must be 443.

English - Español - Українська - (+)

4. Shaarli (Bookmarks)

Shaarli icon

Available since: version 21.15

4.1. What is Shaarli?

Shaarli is personal (single-user) bookmarking application to install on your FreedomBox. It can also be used for micro-blogging, pastebin, online notepad and snippet archive. Shaarli is designed as a no-database delicious clone. As such, it provides very fast services, easy backup and import/export links as desktop or mobile browser bookmarks. Links stored can be public or private. Shaarli delivers ATOM and RSS feeds from its minimalist interface.

Shaarli screenshot

Translation(s): English - Español

5. Dynamic DNS Client

5.1. What is Dynamic DNS?

In order to reach a server on the Internet, the server needs to have permanent address also known as the static IP address. Many Internet service providers don't provide home users with a static IP address or they charge more providing a static IP address. Instead they provide the home user with an IP address that changes every time the user connects to the Internet. Clients wishing to contact the server will have difficulty reaching the server.

Dynamic DNS service providers assist in working around a problem. First they provide you with a domain name, such as 'myhost.example.org'. Then they associate your IP address, whenever it changes, with this domain name. Then anyone intending to reach the server will be to contact the server using the domain name 'myhost.example.org' which always points to the latest IP address of the server.

For this to work, every time you connect to the Internet, you will have to tell your Dynamic DNS provider what your current IP address is. Hence you need special software on your server to perform this operation. The Dynamic DNS function in FreedomBox will allow users without a static public IP address to push the current public IP address to a Dynamic DNS Server. This allows you to expose services on FreedomBox, such as ownCloud, to the Internet.

5.2. GnuDIP vs. Update URL

There are two main mechanism to notify the Dynamic DNS server of your new IP address; using the GnuDIP protocol and using the Update URL mechanism.

If a service provided using update URL is not properly secured using HTTPS, your credentials may be visible to an adversary. Once an adversary gains your credentials, they will be able to replay your request your server and hijack your domain.

On the other hand, the GnuDIP protocol will only transport a salted MD5 value of your password, in a way that is secure against replay attacks.

5.3. Using the GnuDIP protocol

  1. Register an account with any Dynamic DNS service provider. A free service provided by the FreedomBox community is available at https://ddns.freedombox.org .

  2. In FreedomBox UI, enable the Dynamic DNS Service.

  3. Select GnuDIP as Service type, enter your Dynamic DNS service provider address (for example, ddns.freedombox.org) into GnuDIP Server Address field.

    Dynamic DNS Settings

  4. Fill Domain Name, Username, Password information given by your provider into the corresponding fields.

5.4. Using an Update URL

This feature is implemented because the most popular Dynamic DNS providers are using Update URLs mechanism.

  1. Register an account with a Dynamic DNS service provider providing their service using Update URL mechanism. Some example providers are listed in the configuration page itself.
  2. In FreedomBox UI, enable the Dynamic DNS service.

  3. Select other Update URL as Service type, enter the update URL given by your provider into Update URL field.

  4. If you browse the update URL with your Internet browser and a warning message about untrusted certificate appears, then enable accept all SSL certificates. WARNING: your credentials may be readable here because man-in-the-middle attacks are possible! Consider choosing a better service provider instead.

  5. If you browse the update URL with your Internet browser and the username/password box appears, enable use HTTP basic authentication checkbox and provide the Username and Password.

  6. If the update URL contains your current IP address, replace the IP address with the string <Ip>.

5.5. Checking If It Works

  1. Make sure that external services you have enabled such as /jwchat, /roundcube and /ikiwiki are available on your domain address.
  2. Go to the Status page, make sure that the NAT type is detected correctly. If your FreedomBox is behind a NAT device, this should be detected over there (Text: Behind NAT). If your FreedomBox has a public IP address assigned, the text should be "Direct connection to the Internet".

  3. Check that the last update status is not failed.

5.6. Recap: How to create a DNS name with GnuDIP

  1. Access to GnuIP login page (answer Yes to all pop ups)

  2. Click on "Self Register"
  3. Fill the registration form (Username and domain will form the public IP address [username.domain])
  4. Take note of the username/hostname and password that will be used on the FreedomBox app.

  5. Save and return to the GnuDIP login page to verify your username, domain and password (enter the datas, click login).
  6. Login output should display your new domain name along with your current public IP address (this is a unique address provided by your router for all your local devices).
  7. Leave the GnuDIP interface and open the Dynamic DNS Client app page in your FreedomBox.

  8. Click on "Set Up" in the top menu.
  9. Activate Dynamic DNS
  10. Choose GnuDIP service.
  11. Add server address (ddns.freedombox.org)
  12. Add your fresh domain name (username.domain, ie [username].freedombox.rocks)
  13. Add your fresh username (the one used in your new IP address) and password
  14. Add your GnuDIP password
  15. Fill the option with https://ddns.freedombox.org/ip/ (try this url in your browser, you will figure out immediately)

English - Español - Українська - (+)

6. Roundcube (Email Client)

Roundcube icon

Available since: version 0.5

6.1. What is Roundcube?

Roundcube is a browser-based multilingual email client with an application-like user interface. Roundcube is using the Internet Message Access Protocol (IMAP) to access e-mail on a remote mail server. It supports MIME to send files, and provides particularly address book, folder management, message searching, and spell checking.

Roundcube app can be used to read and send emails in one of the two ways: using an email account you have elsewhere (other than FreedomBox), like in Riseup or in Gmail, or an account on FreedomBox. The latter is possible if an email server app, such as Postfix/Dovecot/Rspamd, is setup and enabled on FreedomBox. At present, Roundcube can only be setup for one of these two ways. This is controlled by the Use only the local mail server option in Roundcube app configuration page.

6.2. Email privacy

In the first case, you only get privacy over your drafts. Once you send the email, a copy will reside in the external services (Riseup, Gmail, etc) unless you explicitly remove it. In any case, your traffic transits through them.

In the second (self-hosted) case, your mail copies reside on your FreedomBox server. But you only keep privacy as long as the recipient also uses a private system and doesn't disclose your content.

6.3. Using Roundcube

After Roundcube is installed, it can be accessed at https://<your freedombox>/roundcube. Enter your username and password. The username for many mail services will be the full email address such as exampleuser@example.org and not just the username like exampleuser. Enter the address of your email service's IMAP server address in the Server field. You can try providing your domain name here, such as example.org for email address exampleuser@example.org and if this does not work, consult your email provider's documentation for the address of the IMAP server. Using encrypted connection to your IMAP server is strongly recommended. To do this, prepend 'imaps://' at the beginning of your IMAP server address. For example, imaps://imap.example.org.

Logging into your IMAP server

6.4. Using Gmail with Roundcube

If you wish to use Roundcube with your Gmail account, you need to first enable support for password based login in your Google account preferences. This is because Gmail won't allow applications to login with a password by default. To do this, visit Google Account preferences and enable Less Secure Apps. After this, login to Roundcube by providing your Gmail address as Username, your password and in the server field use imaps://imap.gmail.com.

Logging into Gmail

English - Español - (+)

7. Quassel (Text Chat Client via IRC)

Quassel icon

Available since: version 0.8

Quassel is an IRC application that is split into two parts, a "core" and a "client". This allows the core to remain connected to IRC servers, and to continue receiving messages, even when the client is disconnected. FreedomBox can run the Quassel core service keeping you always online and one or more Quassel clients from a desktop or a mobile device can be used to connect and disconnect from it.

7.1. Why run Quassel?

Many discussions about FreedomBox are being done on the IRC-Channel irc://irc.debian.org/freedombox. If your FreedomBox is running Quassel, it will collect all discussions while you are away, such as responses to your questions. Remember, the FreedomBox project is a worldwide project with people from nearly every time zone. You use your client to connect to the Quassel core to read and respond whenever you have time and are available.

7.2. How to setup Quassel?

  • Within FreedomBox's web interface

    1. select Applications

    2. go to IRC Client (Quassel) and

    3. install the application and make sure it is enabled

      Quassel Installation

    4. now your Quassel core is running

7.3. Port Forwarding

If your FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports for Quassel:

  • TCP 4242
  • Example configuration in router:
    • Quassel_PortForwarding_en_v01.png

7.4. Clients

Clients to connect to Quassel from your desktop and mobile devices are available.

7.4.1. Desktop

In a Debian system, you can e.g. use quassel-client. The following steps describe how to connect Quassel Client with Quassel Core running on a FreedomBox. The first time you do this connection, Quassel Core will be initialized too.

  1. Launch Quassel Client. You will be greeted with a wizard to Connect to Core.

    • Connect to Core

  2. Click the Add button to launch Add Core Account dialog.

    • Add Core Account

  3. Fill any value in the Account Name field. Fill proper DNS hostname of your FreedomBox in Hostname filed. Port field must have the value 4242. Provide the username and password of the account you wish to create to connect to the Quassel Core in the User and Password fields. Choose Remember if don't wish to be prompted for a password every time you launch Quassel client.

  4. After pressing OK in the Add Core Account dialog, you should see the core account in the Connect to Core dialog.

    • Connect to Core

  5. Select the newly created core account and select OK to connect to it.

  6. If this is the first time you are connecting to this core. You will see an Untrusted Security Certificate warning and need to accept the server certificate.

    • Untrusted Security Certificate

  7. Select Continue. Then you will be asked if you wish to accept the certificate permanently. Select Forever.

    • Untrusted Security Certificate

  8. If this Quassel Core has not been connected to before, you will then see a Core Configuration Wizard. Select Next.

    • Core Configuration Wizard

  9. In the Create Admin User page, enter the username and password you have used earlier to create the core connection. Select Remember password to remember this password for future sessions. Click Next.

    • Create Admin User Page

  10. In the Select Storage Backend page, select SQLite and click Commit.

    • Select Storage Backend

  11. The core configuration is then complete and you will see a Quassel IRC wizard to configure your IRC connections. Click Next.

    • Welcome Wizard

  12. In Setup Identity page next, provide a name and multiple nicknames. This is how you present yourself to other users on IRC. It is not necessary to give your real world name. Multiple nicknames are useful as fallback nicknames when the first nickname can't be used for some reason. After providing the information click Next.

    • Setup Identity

  13. In Setup Network Connection page next, provide a network name of your choice. Next provide a list of servers to which Quassel Core should connect to in order to join this IRC network (such as irc.debian.org:6667).

    • Setup Network Connection

  14. Select the server in the servers list and click Edit. In the Server Info dialog, set the port 6697 (consult your network's documentation for actual list of servers and their secure ports) and click Use SSL. Click OK. This is to ensure that communication between your FreedomBox and the IRC network server is encrypted.

    • Server Info Server Info SSL

  15. Back in the Setup Network Connection dialog, provide a list of IRC channels (such as #freedombox) to join upon connecting to the network. Click Save & Connect.

    • Setup Network Connection

  16. You should connect to the network and see the list of channels you have joined on the All Chats pane on the left of the Quassel Client main window.

    • Quassel Main Window

  17. Select a channel and start seeing messages from others in the channel and send your own messages.

7.4.2. Android

For Android devices you may use e.g. Quasseldroid from F-Droid

  • enter core, username etc. as above
    • Quasseldroid.png

By the way, the German verb quasseln means talking a lot, to jabber.

8. ownCloud

ownCloud was removed from Debian

ownCloud was removed from Debian, so it is not available in the FreedomBox any more. Existing installations however are still working for time being. We are working on finding an adequate alternative.

Migrate to the official owncloud repository can be done in following this post

8.1. What is ownCloud?

ownCloud is a self-hosted file sync and share server. It provides access to your data through a platform to view, sync and share across devices. Calendars and Contacts feature will help you keeping google at a nice distance. ownCloud's functionalities are native or available via plugins (Collaborative Editing, Play Music, Watch Movies, Store Passwords, Dashboard, Mozilla Sync...) via https://apps.owncloud.com/

8.2. Installation

Clicking on the ownCloud application in Plinth will show an installation prompt. Proceed to install. After the installation, visit the /owncloud link provided in the ownCloud page. First time installation wizard will show up asking for administrator username and password to setup (no additional details such as database configuration are requested). After providing the details, you will be logged. You will be able to start using the ownCloud and create more users.

8.2.1. External Storage

ownCloud's external storage plugin allows you to expose the contents of a hard drive or those of an online storage account as a folder. Following are the steps required to setup such storage.

  1. Mount your hard drive or external storage to any fixed directory on the system.
  2. Install two packages needed via the 'apt-get' on the SSH command line shell (this step will not be needed in future):
    • $ sudo apt-get install php-google-api-php-client php-dropbox  
  3. Goto ownCloud Apps section and enable 'External Storage Support' plugin.
  4. Goto 'Admin' section and add your hard drive mount path in the external storage section. This folder will now show up in your folders list to access and sync across devices.

Translation(s): English - Español

9. PageKite (Public Visibility)

9.1. What is PageKite?

PageKite makes local websites and services publicly accessible immediately without creating yourself a public IP address. It does this by tunneling protocols such as HTTPS or SSH through firewalls and NAT. Using PageKite requires an account on a PageKite relay service. One such service is https://pagekite.net.

A PageKite relay service will allow you to create kites. Kites are similar to domain names, but with different advantages and drawbacks. A kite can have a number of configured services. PageKite is known to work with HTTP, HTTPS, and SSH, and may work with some other services, but not all.

9.2. Using PageKite

  1. Create an account on a PageKite relay service.

  2. Add a kite to your account. Note your kite name and kite secret.
  3. In FreedomBox, go to the "Configure PageKite" tab on the Public Visibility (PageKite) page.

  4. Check the "Enable PageKite" box, then enter your kite name and kite secret. Click "Save settings".

  5. On the "Standard Services" tab, you can enable HTTP and HTTPS (recommended) and SSH (optional).
    • HTTP is needed to obtain the Let's Encrypt certificate. You can disable it later.
  6. On the Certificates (Let's Encrypt) page, you can obtain a Let's Encrypt certificate for your kite name.

Translation(s): English - Español - Українська

10. Secure Shell (SSH) Server

10.1. What is Secure Shell?

FreedomBox runs openssh-server server by default allowing remote logins from all interfaces. If your hardware device is connected to a monitor and a keyboard, you may login directly as well. Regular operation of FreedomBox does not require you to use the shell. However, some tasks or identifying a problem may require you to login to a shell.

10.2. Setting Up A User Account

10.2.1. FreedomBox First Log In: Admin Account

When creating an account in FreedomBox's web interface for the first time, this user will automatically have administrator capabilities. Admin users are able to log in using ssh (see Logging In below) and have superuser privileges via sudo.

10.2.2. Default User Account

  • Note: If you can access FreedomBox's web interface, then you don't need to do this. You can use the user account created in FreedomBox's web interface to connect to SSH.

The pre-built FreedomBox images have a default user account called "fbx". However the password is not set for this account, so it will not be possible to log in with this account by default.

There is a script included in the freedom-maker program, that will allow you to set the password for this account, if it is needed. To set a password for the "fbx" user:

1. Decompress the image file.

2. Get a copy of freedom-maker from https://salsa.debian.org/freedombox-team/freedom-maker/.

3. Run sudo ./bin/passwd-in-image <image-file> fbx.

4. Copy the image file to SD card and boot device as normal.

The "fbx" user also has superuser privileges via sudo.

10.3. Logging In

10.3.1. Local

To login via SSH, to your FreedomBox:

$ ssh fbx@freedombox

Replace fbx with the name of the user you wish to login as. freedombox should be replaced with the hostname or IP address of you FreedomBox device as found in the Quick Start process.

fbx is the default user present on FreedomBox with superuser privileges. Any other user created using FreedomBox and belonging to the group admin will be able to login. The root account has no password set and will not be able to login. Access will be denied to all other users.

fbx and users in admin group will also be able to login on the terminal directly. Other users will be denied access.

If you repeatedly try to login as a user and fail, you will be blocked from logging in for some time. This is due to libpam-abl package that FreedomBox installs by default. To control this behavior consult libpam-abl documentation.

10.3.2. SSH over Tor

If in FreedomBox you have enabled onion services via Tor, you can access your FreedomBox using ssh over Tor. On a GNU/Linux computer, install netcat-openbsd.

$ sudo apt-get install netcat-openbsd

Edit ~/.ssh/config to enable connections over Tor.

$ nano ~/.ssh/config

Add the following:

Host *.onion
  port 22
  ProxyCommand nc -X 5 -x %h %p

Replace USERNAME with, e.g., an admin username (see above).

Note that in some cases you may need to replace 9050 with 9150.

Now to connect to the FreedomBox, open a terminal and type:


Replace USERNAME with, e.g., an admin username, and ADDRESS with the onion service address for your FreedomBox.

10.3.3. SSH Over Pagekite

If in FreedomBox you are using Pagekite to expose services to the Internet, you can access your FreedomBox using SSH over Pagekite. On a GNU/Linux computer install netcat-openbsd.

$ sudo apt-get install netcat-openbsd

Edit ~/.ssh/config to enable connections over Pagekite.

$ nano ~/.ssh/config

Add the following:

Host *.pagekite.me
  CheckHostIP no
  ProxyCommand /bin/nc -X connect -x %h:443 %h %p

Now to connect to FreedomBox, open a terminal and type:

$ ssh USERNAME@KITENAME.pagekite.me

Replace USERNAME with, e.g., an admin username, and KITENAME with your kite name provided by pagekite.net as configured in FreedomBox.

10.4. Becoming Superuser

After logging in, if you want to become the superuser for performing administrative activities:

$ sudo su

Make a habit of logging in as root only when you need to. If you aren't logged in as root, you can't accidentally break everything.

10.5. Changing Password

To change the password of a user managed by FreedomBox's web interface, use the change password page. However, the fbx default user is not managed by FreedomBox's web interface and its password cannot be changed through it.

To change password on the terminal, log in to your FreedomBox as the user whose password you want to change. Then, run the following command:

$ passwd

This will ask you for your current password before giving you the opportunity to set a new one.

Deutsch - English - Español - (+)

11. Mumble (Voice Chat) Server

Mumble icon

Available since: version 0.5

11.1. What is Mumble?

Mumble is a voice chat software. Primarily intended for use while gaming, it is suitable for simple talking with high audio quality, noise suppression, encrypted communication, public/private-key authentication by default, and "wizards" to configure your microphone for instance. A user can be marked as a "priority speaker" within a channel.

11.2. Using Mumble

FreedomBox includes the Mumble server. Clients are available for desktop and mobile platforms. Users can download one of these clients and connect to the server.

11.3. Port Forwarding

If your FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports for Mumble:

  • TCP 64738
  • UDP 64738

11.4. Managing Permissions

A super user in Mumble has the ability to create administrator accounts who can in turn manage groups and channel permissions. This can be done after logging in with the username "SuperUser" using the super user password. See Mumble Guide for information on how to do this. The SuperUser password can be set through the FreedomBox interface.

English - Español - (+)

12. Privoxy (Web Proxy)

Privoxy icon

Available since: version 0.1

A web proxy acts as a filter for incoming and outgoing web traffic. Thus, you can instruct any computer in your network to pass internet traffic through the proxy to remove unwanted ads and tracking mechanisms.

Privoxy is a software for security, privacy, and accurate control over the web. It provides a much more powerful web proxy (and anonymity on the web) than what your browser can offer. Privoxy "is a proxy that is primarily focused on privacy enhancement, ad and junk elimination and freeing the user from restrictions placed on his activities" (source: Privoxy FAQ).

12.1. Screencast

Watch the screencast on how to setup and use Privoxy in FreedomBox.

12.2. Setting up

  1. In FreedomBox, install Web Proxy (Privoxy)

    Privoxy Installation

  2. Adapt your browser proxy settings to your FreedomBox hostname (or IP address) with port 8118. Please note that Privoxy can only proxy HTTP and HTTPS traffic. It will not work with FTP or other protocols.

    Privoxy Browser Settings

  3. Go to page http://config.privoxy.org/ or http://p.p. If Privoxy is installed properly, you will be able to configure it in detail; if not you will see an error message.

  4. If you are using a laptop that occasionally has to connect through other routers than yours with the FreedomBox and Privoxy, you may want to install a proxy switch add-on that allows you to easily turn the proxy on or off.

12.3. Advanced Users

The default installation should provide a reasonable starting point for most. There will undoubtedly be occasions where you will want to adjust the configuration, that can be dealt with as the need arises.

  1. Plan first:
    • While using Privoxy, you can see its configuration details and documentation at http://config.privoxy.org/ or http://p.p.

    • The Quickstart is a good starting point to read on how to define own blocking and filtering rules.

    • Read carefully the manual, especially this security warning:

      • Access to the editor can not be controlled separately by "ACLs" or HTTP authentication, so that everybody who can access Privoxy can modify its configuration for all users. This option is not recommended for environments with untrusted users. Note that malicious client side code (e.g Java) is also capable of using the actions editor and you shouldn't enable this options unless you understand the consequences and are sure your browser is configured correctly.

  2. Only when you are ready, perform the changes:
    1. To enable changing these configurations, you first have to change the value of enable-edit-actions in /etc/privoxy/config to 1.

    2. Now you find an EDIT button on the configuration screen in http://config.privoxy.org/.

Deutsch - English - Español - Magyar - (+)

13. Ikiwiki (Wiki and Blog)

Ikiwiki icon

Avaiable since: version 0.5

13.1. What is Ikiwiki?

Ikiwiki converts wiki pages into HTML pages suitable for publishing on a website. It provides particularly blogging, podcasting, calendars and a large selection of plugins.

13.2. Creating a wiki or blog

You can create a wiki or blog to be hosted on your FreedomBox through the Wiki & Blog (Ikiwiki) page in FreedomBox. The first time you visit this page, it will ask to install packages required by Ikiwiki.

After the package install has completed, select the "Create Wiki or Blog" button. ikiwiki: Manage

You can select the type to be Wiki or Blog. Also type in a name for the wiki or blog, and the username and password for the wiki's/blog's admin account. Then click Update setup and you will see the wiki/blog added to your list. Note that each wiki/blog has its own admin account. ikiwiki: Manage

13.3. Accessing your wiki or blog

Your wikis and blogs are listed in the Ikiwiki app. Clicking on your site's name will bring you to its start page.

ikiwiki: Manage

From here, if you click Edit or Preferences, you will be taken to a login page. To log in with the admin account that you created before, select the Other tab, enter the username and password, and click Login.

13.4. User login through SSO

Besides the wiki/blog admin, other FreedomBox users can be given access to login and edit wikis and blogs. However, they will not have all the same permissions as the wiki admin. They can add or edit pages, but cannot change the wiki's configuration.

To add a wiki user, go to the Users and Groups page in FreedomBox (under System configuration, the gear icon at the top right corner of the page). Create or modify a user, and add them to the wiki group. (Users in the admin group will also have wiki access.)

To login as a FreedomBox user, go to the wiki/blog's login page and select the Other tab. Then click the "Login with HTTP auth" button. The browser will show a popup dialog where you can enter the username and password of the FreedomBox user.

13.5. Adding FreedomBox users as wiki admins

  1. Login to the site, using the admin account that was specified when the site was created.
  2. Click "Preferences", then "Setup".
  3. Under "main", in the "users who are wiki admins", add the name of a user on the FreedomBox.

  4. (Optional) Under "auth plugin: passwordauth", uncheck the "enable passwordauth?" option. (Note: This will disable the old admin account login. Only SSO login using HTTP auth will be possible.)
  5. At the bottom of the page click "Save Setup".
  6. Click "Preferences", then "Logout".
  7. Login as the new admin user using "Login with HTTP auth".

13.6. Avoiding Spam

By default, every wiki page also has a "Discussion" page, which can be edited anonymously, without logging in. To avoid spam, you may want to disable the Discussion feature all together, by unchecking the "enable Discussion pages?" option in the setup.

13.7. Theming

  1. Login to the site, using the admin account that was specified when the site was created.
  2. Click "Preferences", then "Setup".
  3. Under "web plugin: theme", check "enable theme?"
  4. Right under the checkbox, type in the name of the desired theme. You can choose from the following officially supported themes:
    • actiontabs - mobile friendly
    • blueview - non-mobile friendly
    • goldtype - non-mobile friendly
    • monochrome - mobile friendly
  5. At the bottom of the page click "Save Setup".

For your changes to become visible, you might have to delete your browser's cache or wait a few minutes and refresh your ikiwiki's page.

It is also possible to install user-contributed themes from ikiwiki's Theme Market. Please note, that this requires additional technical knowledge.

14. Unhosted Storage

14.1. What is Unhosted?

Unhosted is a way to uncouple web applications from data. No matter where a web application is served from, the data can be stored on an Unhosted storage server of user's choice. Unhosted web apps do not send your user data to their server and are hence known as "serverless", "client-side", or "static" web apps. Either you connect your own server at runtime, or your data stays within the browser. Your FreedomBox can become your Unhosted storage server using a remoteStorage server know as reStore.

This module is currently disabled in FreedomBox as the package required for reStore server is not available in Debian yet. The package is available for testing via http://debian-dev.freedombox.at/

14.2. Setup

Your FreedomBox contains a remoteStorage server called reStore, that can serve as your personal storage server for Unhosted web apps. To setup reStore, simply install and enable in FreedomBox web UI. After the setup, create an account by visiting the link provided on the Unhosted app page https://<yourdomain>/restore/.

User accounts are currently not integrated with Plinth user management, and public sign-up is enabled!

14.3. Try Unhosted apps

Once Unhosted is setup on FreedomBox and when FreedomBox is accessible by a domain name (such by using PageKite, Dynamic DNS or Tor Onion Service), try one of the following Unhosted web apps (more are listed at http://unhosted.org/apps):

To connect the Unhosted app to your FreedomBox's Unhosted storage, click on the remoteStorage icon and type your address <user>@<yourdomain>, e.g.:


If this doesn't work, make sure that

  • FreedomBox has a domain name using PageKite, Dynamic DNS or Tor Onion Service.

  • The reStore server is running.
  • You have created the account specified in the reStore server.
  • Your FreedomBox SSL certificate is trusted in your current browser session (important when using private browsing).

Finish the OAuth flow by authenticating with your password and authorizing access, then you should get redirected back to the Unhosted app, and be able to use it. All data of the Unhosted web app is now stored on your FreedomBox.

Deutsch - English - Español - (+)

15. OpenVPN (Virtual Private Network)

OpenVPN icon

Available since: version 0.7

15.1. What is OpenVPN?

OpenVPN provides to your FreedomBox a virtual private network service. You can use this software for remote access, site-to-site VPNs and Wi-Fi security. OpenVPN includes support for dynamic IP addresses and NAT.

15.2. Port Forwarding

If your FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports for OpenVPN:

  • UDP 1194

15.3. Setting up

  1. In FreedomBox apps menu, select Virtual Private Network (OpenVPN) and click Install.

  2. After the module is installed, there is an additional setup step that may take a long time to complete. Click "Start setup" to begin.

    OpenVPN service page

  3. Wait for the setup to finish. This could take a while.
  4. Once the setup of the OpenVPN server is complete, you can download your profile. This will download a file called <USER>.ovpn, where <USER> is the name of a FreedomBox user. Each FreedomBox user will be able to download a different profile. Users who are not administrators can download the profile from home page after login.

  5. The ovpn file contains all the information a vpn client needs to connect to the server.
  6. The downloaded profile contains the domain name of the FreedomBox that the client should connect to. This is picked up from the domain configured in 'Config' section of 'System' page. In case your domain is not configured properly, you may need to change this value after downloading the profile. If your OpenVPN client allows it, you can do this after importing the OpenVPN profile. Otherwise, you can edit the .ovpn profile file in a text editor and change the 'remote' line to contain the WAN IP address or hostname of your FreedomBox as follows.

    remote mybox.freedombox.rocks 1194
    proto udp

15.4. Troubleshooting

If your network doesn't support IPv6, you might have to remove the following line from your OpenVPN client configuration. This is especially in cases where your server supports IPv6 but client does not thus confusing the OpenVPN client on which protocol to use.

proto udp6

To connect via IPv4, ensure that the following line is present.

proto udp

15.5. Browsing Internet after connecting to VPN

After connecting to the VPN, the client device will be able to browse the Internet without any further configuration. However, a pre-condition for this to work is that you need to have at least one Internet connected network interface which is part of the 'External' firewall zone. Use the networks configuration page to edit the firewall zone for the device's network interfaces.

15.6. Usage

15.6.1. On Android/LineageOS

  1. Visit FreedomBox home page. Login with your user account. From home page, download the OpenVPN profile. The file will be named username.ovpn.

    • OpenVPN Download Profile

  2. Download an OpenVPN client such as OpenVPN for Android. F-Droid repository is recommended. In the app, select import profile.

    • OpenVPN App

  3. In the select profile dialog, choose the username.opvn file you have just downloaded. Provide a name for the connection and save the profile.

    • OpenVPN import profile

  4. Newly created profile will show up. If necessary, edit the profile and set the domain name of your FreedomBox as the server address.

    • OpenVPN profile created

      OpenVPN edit domain name

  5. Connect by tapping on the profile.
    • OpenVPN connect

      OpenVPN connected

  6. When done, disconnect by tapping on the profile.
    • OpenVPN disconnect

15.6.2. On Debian

Install an OpenVPN client for your system

$ sudo apt install openvpn

Open the ovpn file with the OpenVPN client.

$ sudo openvpn --config /path/to/<USER>.ovpn

If you use Network Manager, you can create a new connection by importing the file:

$ sudo apt install network-manager-openvpn-gnome
$ sudo nmcli connection import type openvpn file /path/to/<USER>.ovpn

If you get an error such as configuration error: invalid 1th argument to “proto” (line 5) then edit the .ovpn file and remove the line proto udp6.

15.7. Checking if you are connected

15.7.1. On Debian

  1. Try to ping the FreedomBox or other devices on the local network.

  2. Running the command ip addr should show a tun0 connection.

  3. The command traceroute freedombox.org should show you the ip address of the VPN server as the first hop.

15.8. Accessing internal services

After connecting to OpenVPN, you will be able to access FreedomBox services that are only meant to be accessed on internal networks. This is in addition to being able to access external services. This can be done by using the IP address as the host name for these services (for example, use smb:// instead of smb://freedombox.local to access Samba shares).

The following services are known to work:

Some services are known not to work at this time:

16. GnuSocial

GnuSocial is currently not available

GnuSocial is currently not available in the FreedomBox

16.1. What is GNU social?

GNU social is a continuation of the ?StatusNet project. It is social communication software for both public and private communications. It is widely supported and has a large userbase. It is already used by the Free Software Foundation, and Richard Stallman himself. Think of GNU Social as twitter and beyond.

16.2. Status of package

GNU Social is still getting packaged for debian and will be available soon for everyone to use. check the progress by tracking the bug #782812.

English - Español - (+)

17. Radicale (Calendar and Addressbook)

Radicale icon

Available since: version 0.9

With Radicale, you can synchronize your personal calendars, ToDo lists, and addressbooks with your various computers, tablets, and smartphones, and share them with friends, without letting third parties know your personal schedule or contacts.

17.1. Why should I run Radicale?

Using Radicale, you can get rid of centralized services like Google Calendar or Apple Calendar (iCloud) data mining your events and social connections.

17.2. How to setup Radicale?

First, the Radicale server needs to be activated on your box.

  • Within FreedomBox Service:

    1. select Apps

    2. go to Radicale (Calendar and Addressbook) and

    3. install the application. After the installation is complete, make sure the application is marked "enabled" in the FreedomBox interface. Enabling the application launches the Radicale CalDAV/CardDAV server.

    4. define the access rights:
      • Only the owner of a calendar/addressbook can view or make changes
      • Any user can view any calendar/addressbook, but only the owner can make changes
      • Any user can view or make changes to any calendar/addressbook

Note, that only users with a FreedomBox login can access Radicale.


If you want to share a calendar with only some users, the simplest approach is to create an additional user-name for these users and to share that user-name and password with them.

Radicale provides a basic web interface, which only supports creating new calendars and addressbooks. To add events or contacts, an external supported client application is needed.


  • Creating addressbook/calendar using the web interface
    • Visit https://IP-address-or-domain-for-your-server/radicale/

    • Log in with your FreedomBox account

    • Select "Create new addressbook or calendar"
    • Provide a title and select the type
    • Optionally, provide a description or select a color
    • Click "Create"
    • The page will show the URL for your newly created addressbook or calendar

Now open your client application to create new calendar and address books that will use your FreedomBox and Radicale server. The Radicale website provides an overview of supported clients, but do not use the URLs described there; FreedomBox uses another setup, follow this manual. Below are the steps for two examples:

  • Example of setup with Evolution client:
    • Calendar
      1. Create a new calendar
      2. For "Type," select "CalDAV"
      3. When "CalDAV" is selected, additional options will appear in the dialogue window.
      4. URL: https://IP-address-or-domain-for-your-server. Items in italics need to be changed to match your settings.

      5. Enable "Use a secure connection."
      6. User: USERNAME. Your Freedombox user-name.

      7. Click on "Find Calendars"
      8. Enter your password and select a calendar


    • TODO/Tasks list: Adding a TODO/Tasks list is basically the same as a calendar.
    • Contacts
      • Follow the same steps described above and replace CalDAV with WebDAV.

17.3. Synchronizing over Tor

In FreedomBox, setting up a calendar with Radicale over Tor is the same as over the clear net. Here is a short summary:

  1. When logged in to FreedomBox interface over Tor, click on Radicale, and at the prompt provide your FreedomBox user name and password.

  2. In the Radicale web interface, log in using your FreedomBox user name and password.

  3. Click on "Create new address book or calendar", provide a title, select a type, and click "Create".
  4. Save the URL, e.g., https://ONION-ADDRESS-FOR-YOUR-SERVER.onion/radicale/USERNAME/CALENDAR-CODE/. Items in italics need to be changed to match your settings.

These instructions are for Thunderbird/Lightning. Note that you will need to be connected to Tor with the Tor Browser Bundle.

  1. Open Thunderbird, install the Torbirdy add-on, and restart Thunderbird. (This may not be necessary.)
  2. In the Lightning interface, under Calendar/Home in the left panel right click with the mouse and select "New calendar".
  3. Select the location of your calendar as "On the Network".
  4. Select CalDAV and for the location copy the URL, e.g., https://ONION-ADDRESS-FOR-YOUR-SERVER.onion/radicale/USERNAME/CALENDAR-CODE/. Items in italics need to be changed to match your settings.

  5. Provide a name, etc. Click "Next". Your calendar is now syncing with your FreedomBox over Tor.

  6. If you have not generated a certificate for your FreedomBox with "Let's Encrypt", you may need to select "Confirm Security Exception" when prompted.

17.4. Synchronizing with your Android phone

There are various Apps that allow integration with the Radicale server. This example uses DAVx5, which is available e.g. on F-Droid. If you intend to use ToDo-Lists as well, the compatible app OpenTasks has to be installed first.

Follow these steps for setting up your account with the Radicale server running on your FreedomBox.

  1. Install DAVx5
  2. Create a new account on DAVx5 by clicking on the floating + button.
  3. Select the second option as shown in the first figure below and enter the base url as https://<your.freedombox.address>/radicale/username/ (don't miss the / at the end). DAVx5 will be able to discover both CalDAV and WebDAV accounts for the user.

  4. Follow this video from DAVx5 FAQ to learn how to migrate your existing contacts to Radicale.

Synchronizing contacts

  1. Click on the hamburger menus of CalDAV and CardDAV and select either "Refresh ..." in case of existing accounts or "Create ..." in case of new accounts (see the second screenshot below).
  2. Check the checkboxes for the address books and calendars you want to synchronize and click on the sync button in the header. (see the third screenshot below)

DAVx5 account setup DAVx5 refresh DAVx5 account sync

17.5. Advanced Users

17.5.1. Sharing resources

Above was shown an easy way to create a resource for a group of people by creating a dedicated account for all. Here will be described an alternative method where two users User1 and User2 are granted access to a calendar. This requires SSH-access to the FreedomBox.

  1. create a file /etc/radicale/rights

    • [friends_calendar]
      user: ^(User1|User2)$
      collection: ^.*/calendar_of_my_friends.ics$
      permission: rw
      # Give write access to owners
      user: .+
      collection: ^%(login)s/.+$
      permission: rw
    • [friends_calendar] is just an identifier, can be any name.

    • The [owner-write] section makes sure that owners have access to their own files

  2. edit file /etc/radicale/config and make the following changes in section [rights]

    • [rights]
      type = from_file
      file = /etc/radicale/rights
  3. Restart the radicale server or the FreedomBox

17.5.2. Importing files

If you are using a contacts file exported from another service or application, it should be copied to: /var/lib/radicale/collections/user/contact file name.vcf.

Translation(s): English - Español

18. Repro (SIP Server)

App removed

repro has been removed from Debian 10 (Buster), and therefore is no longer available in FreedomBox.


Translation(s): English - Español - Українська

1. Configure

Configure has some general configuration options:

1.1. Hostname

  • Hostname is the local name by which other devices on the local network can reach your FreedomBox. The default hostname is freedombox.

1.2. Domain Name

1.3. Webserver Home Page

Once some other app is set as the home page, you can only navigate to the FreedomBox Service by typing https://myfreedombox.rocks/plinth/ into the browser.
/freedombox can also be used as an alias to /plinth

  • You can set any web application, Ikiwiki wikis and blogs or Apache's default index.html page as the web server home page. Since release 20.20 you can also select a user's website among those users who have created their public_html directory.

  • Tip: Bookmark the URL of FreedomBox Service before setting the home page to some other app.

Translation(s): English - Español

2. Users and Groups

You can grant access to your FreedomBox for other users. Provide the Username with a password and assign a group to it. Currently the groups

  • admin
  • bit-torrent
  • calibre
  • ed2k
  • feed-reader
  • freedombox-share
  • git-access
  • i2p
  • minidlna
  • syncthing
  • web-search
  • wiki

are supported.

The user will be able to log in to services that support single sign-on through LDAP, if they are in the appropriate group.

Users in the admin group will be able to log in to all services. They can also log in to the system through SSH and have administrative privileges (sudo).

A user's groups can also be changed later.

It is also possible to set an SSH public key which will allow this user to securely log in to the system without using a password. You may enter multiple keys, one on each line. Blank lines and lines starting with # will be ignored.

The interface language can be set for each user individually. By default, the language preference set in the web browser will be used.

A user's account can be deactivated, which will temporarily disable the account.

Translation(s): English - Español

3. Networks

This section describes how networking is setup by default in FreedomBox and how you can customize it. See also the Firewall section for more information on how firewall works.

3.1. Default setup

In a fresh image of FreedomBox, network is not configured at all. When the image is written to an SD card and the device boots, configuration is done. During first boot, FreedomBox setup package detects the networks interfaces and tries to automatically configure them so that FreedomBox is available for further configuration via the web interface from another machine without the need to connect a monitor. Automatic configuration also tries to make FreedomBox useful, out of the box, for the most important scenarios FreedomBox is used for.

There are two scenarios it handles: when is a single ethernet interface and when there are multiple ethernet interfaces.

3.1.1. Single ethernet interface

When there is only single ethernet interface available on the hardware device, there is not much scope for it to play the role of a router. In this case, the device is assumed to be just another machine in the network. Accordingly, the only available interface is configured to be an internal interface in automatic configuration mode. This means that it connects to the Internet using the configuration provided by a router in the network and also makes all (internal and external) of its services available to all the clients on this network.


3.1.2. Multiple ethernet interface

When there are multiple ethernet interfaces available on the hardware device, the device can act as a router. The interfaces are then configured to perform this function.

The first network interface is configured to be an WAN or external interface in automatic configuration mode. This means that it connects to the Internet using network configuration provided by the Internet Service Provider (ISP). Only services that are meant to be provided across the entire Internet (external services) will be exposed on this interface. You must plug your Internet connection into the port of this ethernet interface. If you wish to continue to have your existing router manage the Internet connection for you, then plug a connection from your router to the port on this interface.

The remaining network interfaces are configured for the clients of a router. They are configured as LAN or internal interfaces in shared configuration mode. This means that all the services (both external and internal) services are provided to who ever connects on this interface. Further, the shared mode means that clients will be able to receive details of automatic network connection on this interface. Specifically, DHCP configuration and DNS servers are provided on this interface. The Internet connection available to the device using the first network interface will be shared with clients using this interface. This all means that you can connect your computers to this network interface and they will get automatically configured and will be able to access the Internet via the FreedomBox.

Currently, it is not very clear which interface will be come the WAN interface (and the remaining being LAN interfaces) although the assignment process is deterministic. So, it take a bit of trail and error to figure out which one is which. In future, for each device, this will be well documented.

3.1.3. Wi-Fi configuration

All Wi-Fi interfaces are configured to be LAN or internal interfaces in shared configuration mode. They are also configured to become Wi-Fi access points with following details.

  • Name of the access point will be FreedomBox plus the name of the interface (to handle the case where there are multiple of them).

  • Password for connecting to the interface will be freedombox123.

3.2. Internet Connection Sharing

Although the primary duty of FreedomBox is to provide decentralized services, it can also act like a home router. Hence, in most cases, FreedomBox connects to the Internet and provides other machines in the network the ability to use that Internet connection. FreedomBox can do this in two ways: using a shared mode connection or using an internal connection.

When an interface is set in shared mode, you may connect your machine directly to it. This is either by plugging in an ethernet cable from this interface to your machine or by connecting to a Wi-Fi access point. This case is the simplest to use, as FreedomBox automatically provides your machine with the necessary network configuration. Your machine will automatically connect to FreedomBox provided network and will be able to connect to the Internet given that FreedomBox can itself connect to the Internet.

Sometimes the above setup may not be possible because the hardware device may have only one network interface or for other reasons. Even in this case, your machine can still connect to the Internet via FreedomBox. For this to work, make sure that the network interface that your machine is connecting to is in internal mode. Then, connect your machine to network in which FreedomBox is present. After this, in your machine's network configuration, set FreedomBox's IP address as the gateway. FreedomBox will then accept your network traffic from your machine and send it over to the Internet. This works because network interfaces in internal mode are configured to masquerade packets from local machines to the Internet and receive packets from Internet and forward them back to local machines.

3.3. Customization

The above default configuration may not be fit for your setup. You can customize the configuration to suit your needs from the Networks area in the 'setup' section of the FreedomBox web interface.

3.3.1. PPPoE connections

If your ISP does not provide automatic network configuration via DHCP and requires you to connection via PPPoE. To configure PPPoE, remove any network connection existing on an interface and add a PPPoE connection. Here, optionally, provide the account username and password given by your ISP and activate the connection.

3.3.2. Connect to Internet via Wi-Fi

By default Wi-Fi devices attached during first boot will be configured as access points. They can be configured as regular Wi-Fi devices instead to connection to a local network or an existing Wi-Fi router. To do this, click on the Wi-Fi connection to edit it. Change the mode to Infrastructure instead of Access Point mode and IPv4 Addressing Method to Automatic (DHCP) instead of Shared mode. Then the SSID provided will mean the Wi-Fi network name you wish to connect to and passphrase will be the used to while making the connection. Problems with Privacy Feature

NetworkManager used by FreedomBox to connect to the Wi-Fi networks has a privacy feature that uses a different identity when scanning for networks and when actually connecting to the Wi-Fi access point. Unfortunately, this causes problems with some routers that reject connections from such devices. Your connection won't successfully activate and disconnect after trying to activate. If you have control over the router's behaviour, you could also turn off the feature causing problem. Otherwise, the solution is to connect with a remote shell using SSH or Cockpit, editing a file /etc/NetworkManager/NetworkManager.conf and adding the line wifi.scan-rand-mac-address=no in the [device] section. This turns off the privacy feature.

Edit a file:

$ sudo nano /etc/NetworkManager/NetworkManager.conf

Add the following:


Then reboot the machine.

3.3.3. Adding a new network device

When a new network device is added, network manager will automatically configure it. In most cases this will not work to your liking. Delete the automatic configuration created on the interface and create a new network connection. Select your newly added network interface in the add connection page.

  • Then set firewall zone to internal and external appropriately.

  • You can configure the interface to connect to a network or provide network configuration to whatever machine connects to it.
  • Similarly, if it is a Wi-Fi interface, you can configure it to become a Wi-FI access point or to connect to an existing access points in the network.

3.3.4. Configuring a mesh network

FreedomBox has rudimentary support for participating in BATMAN-Adv based mesh networks. It is possible to either join an existing network in your area or create a new mesh network and share your Internet connection with the rest of the nodes that join the network. Currently, two connections have to be created and activated manually to join or create a mesh network. Joining a mesh network

To join an existing mesh network in your area, first consult the organizers and get information about the mesh network.

  1. Create a new connection, then select the connection type as Wi-Fi. In the following dialog, provide the following values:

    Field Name

    Example Value


    Connection Name

    Mesh Join - BATMAN

    The name must end with 'BATMAN' (uppercase)

    Physical Interface


    The Wi-Fi device you wish to use for joining the mesh network

    Firewall Zone


    Since you don't wish that participants in mesh network to use internal services of FreedomBox



    As provided to you by the operators of the mesh network. You should see this as a network in Nearby Wi-Fi Networks



    Because this is a peer-to-peer network

    Frequency Band


    As provided to you by the operators of the mesh network



    As provided to you by the operators of the mesh network



    As provided to you by the operators of the mesh network



    Leave this as open, unless you know your mesh network needs it be otherwise


    Leave empty unless you know your mesh network requires one

    IPv4 Addressing Method


    We don't want to request IP configuration information yet

    Save the connection. Join the mesh network by activating this newly created connection.
  2. Create a second new connection, then select the connection type as Generic. In the following dialog, provide this following values:

    Field Name

    Example Value


    Connection Name

    Mesh Connect

    Any name to identify this connection

    Physical Interface


    This interface will only show up after you successfully activate the connection in first step

    Firewall Zone


    Since you don't wish that participants in mesh network to use internal services of FreedomBox

    IPv4 Addressing Method


    Mesh networks usually have a DHCP server somewhere that provide your machine with IP configuration. If not, consult the operator and configure IP address setting accordingly with Manual method

    Save the connection. Configure your machine for participation in the network by activating this connection. Currently, this connection has to be manually activated every time you need to join the network. In future, FreedomBox will do this automatically. You will now be able reach other nodes in the network. You will also be able to connect to the Internet via the mesh network if there is an Internet connection point somewhere in mesh as setup by the operators. Creating a mesh network

To create your own mesh network and share your Internet connection with the rest of the nodes in the network:

  1. Follow the instructions as provided above in step 1 of Joining a mesh network but choose and fix upon your own valid values for SSID (a name for you mesh network), Frequency Band (usually 2.4Ghz), Channel (1 to 11 in 2.4Ghz band) and BSSID (a hex value like 12:CA:DE:AD:BE:EF). Create this connection and activate it.

  2. Follow the instructions as provided above in step 2 of Joining a mesh network but select IPv4 Addressing Method as Shared. This will provide automatic IP configuration to other nodes in the network as well as share the Internet connection on your machine (achieved using a second Wi-Fi interface, using Ethernet, etc.) with other nodes in the mesh network.

Spread the word about your mesh network to your neighbors and let them know the parameters you have provided when creating the network. When other nodes connect to this mesh network, they have to follow steps in Joining a mesh network but use the values for SSID, Frequency Band and Channel that you have chosen when you created the mesh network.

3.4. Advanced Network Operations

Cockpit provides many advanced networking features over those offered by FreedomBox. Both FreedomBox and Cockpit operate over Network Manager and are hence compatible with each other. Some of the functions provided by Cockpit include:

  • Set the maximum transmission unit (MTU) for a network connection
  • Change the hardware address (MAC address) of a network interface
  • Add more DNS servers and configure routing of a network connection
  • Creating bonded devices for highly available network interfaces
  • Creating bridge devices to join network interfaces for aggregating separate networks
  • Manage VLAN for creating virtual partitions in the physical network


3.5. Manual Network Operation

FreedomBox automatically configures networks by default and provides a simplified interface to customize the configuration to specific needs. In most cases, manual operation is not necessary. The following steps describe how to manually operate network configuration in the event that a user finds FreedomBox interface to insufficient for task at hand or to diagnose a problem that FreedomBox does not identify.

On the command line interface:

For text based user interface for configuring network connections:


To see the list of available network devices:

nmcli device

To see the list of configured connections:

nmcli connection

To see the current status of a connection:

nmcli connection show '<connection_name>'

To see the current firewall zone assigned to a network interface:

nmcli connection show '<connection_name>' | grep zone


firewall-cmd --zone=internal --list-all
firewall-cmd --zone=external --list-all

To create a new network connection:

nmcli con add con-name "<connection_name>" ifname "<interface>" type ethernet
nmcli con modify "<connection_name>" connection.autoconnect TRUE
nmcli con modify "<connection_name>" connection.zone internal

To change the firewall zone for a connection:

nmcli con modify "<connection_name>" connection.zone "<internal|external>"

For more information on how to use nmcli command, see its man page. Also for a full list of configuration settings and type of connections accepted by Network Manager see:


To see the current status of the firewall and manually operate it, see the Firewall section.

Translation(s): English - Español

4. Software Updates

FreedomBox can automatically install security updates. On the Update page of the System section in FreedomBox web interface you can turn on automatic updates. This feature is enabled by default and there is no manual action necessary. It is strongly recommended that you have this option enabled to keep your FreedomBox secure.

Updates are performed every day at night according to you local time zone. You can set the time zone with Date & Time. If you wish to shutdown FreedomBox every day after use, keep it running at night once a week or so to let the automatic updates happen. Alternatively, you can perform manual updates as described below.

Note that once the updates start, it may take a long time to complete. During automatic update process that runs every night or during manual update process, you will not be able to install apps from FreedomBox web interface.


4.1. When Will I Get the Latest Features?

Although updates are done every day for security reasons, latest features of FreedomBox will not propagate to all the users. The following information should help you understand how new features become available to users.

Stable Users: This category of users include users who bought the FreedomBox Pioneer Edition, installed FreedomBox on a Debian stable distribution or users who downloaded the stable images from freedombox.org. As a general rule, only security updates to various packages are provided to these users. One exception to this rule is where FreedomBox service itself is updated when a release gains high confidence from developers. This means that latest FreedomBox features may become available to these users although not as quickly or frequently as testing users. If an app is available only in testing distribution but not in stable distribution, then that app will show up in the web interface but will not be installable by stable users. Some apps are also provided an exception to the rule of "security updates only" when the app is severely broken otherwise. Every two years, a major release of Debian stable happens with the latest versions of all the software packages and FreedomBox developers will attempt to upgrade these users to the new release without requiring manual intervention.

Testing Users: This category of users include users who installed FreedomBox on a Debian testing distribution or users who downloaded the testing images from freedombox.org. Users who use Debian testing are likely to face occasional disruption in the services and may even need manual intervention to fix the issue. As a general rule, these users receive all the latest features and security updates to all the installed packages. Every two weeks, a new version of FreedomBox is released with all the latest features and fixes. These releases will reach testing users approximately 2-3 days after the release.

Unstable Users: This category of users include users who installed FreedomBox on a Debian unstable distribution or users who downloaded the unstable images from freedombox.org. Users who use Debian unstable are likely to face occasional disruption in the services and may even need manual intervention to fix the issue. As a general rule, these users receive all the latest features to all the installed packages. Every two weeks, a new version of FreedomBox is released with all the latest features and fixes. Theses releases will reach unstable users on the day of the release. Only developers, testers and other contributors to the FreedomBox project should use the unstable distribution and end users and advised against using it.

4.2. Manual Updates from Web Interface

To get updates immediately and not wait until the end of the day, you may want to trigger updates manually. You can do this by pressing the Update now button in Manual update tab for Update page in System section. Note that this step is not necessary if you have enabled Auto-updates as every night this operation is performed automatically.

When installing apps you may receive an error message such as

Error installing packages: E: dpkg was interrupted, you must manually run 'dpkg --configure -a' to correct the problem

This is typically caused by shutting down FreedomBox while it is installing apps, while performing daily updates or during some other operations. This situation can be rectified immediately by running manual update.

4.3. Manual Updates from Terminal

Some software packages may require manual interaction for updating due to questions related to configuration. In such cases, FreedomBox updates itself and brings in new knowledge necessary to update the package by answering configuration questions. After updating itself, FreedomBox acts on behalf of the user and updates the packages by answering the questions. Until FreedomBox has a chance to update the package, such packages should not be be updated manually. The manual update triggered from the web interface is already mindful of such packages and does not update them.

In some rare situations, FreedomBox itself might fail to update or the update mechanism might fall into a situation that might need manual intervention from a terminal. To perform manual upgrades on the terminal, login into FreedomBox on a terminal (if you have monitor and keyboard connected), via a web terminal (using FreedomBox/Manual/Cockpit) or using a remote secure shell (see Secure Shell section). Then run the following commands:

$ sudo su -
Password: <enter user password here>
# dpkg --configure -a
# apt update
# apt -f install
# unattended-upgrade --debug
# apt install freedombox
# apt update

If apt update asks for a confirmation to change Codename or other release information, confirm yes. If during update of freedombox package, if a question about overwriting configuration files is asked, answer to install new configuration files from the latest version of the package. This process will upgrade only packages that don't require configuration file questions (except for freedombox package). After this, let FreedomBox handle the upgrade of remaining packages. Be patient while new releases of FreedomBox are made to handle packages that require manual intervention.

If you want to go beyond the recommendation to upgrade all the packages on your FreedomBox and if you are really sure about handling the configuration changes for packages yourself, run the following command:

$ apt full-upgrade

4.4. Auto-Update to Next Stable Release

FreedomBox can automatically update itself when there is a new stable release of Debian. This update feature is recommended, and enabled by default for stable systems. Note that it also requires "Enable auto-update" to be enabled, and that there is 5 GB free space on the root partition.

In some special cases, such as advanced customization made to the system, the automatic update could fail. If you wish, you can disable it on the System -> Update page, by clearing the “Enable auto-update to next stable release” checkbox.

If you decide to stay on an older release, you should check DebianReleases#Production_Releases to see how long it will be supported by Debian security team. Note that older releases will not have new versions of FreedomBox, even through backports.

4.5. Manual Update to Next Stable Release

Auto-update is recommended for most users. However if you want to do the update manually, here are some tips:

  • Take backups of your apps' data before performing the update.
  • Create a system snapshot before you begin.
  • General instructions for upgrading Debian distribution are available.

  • Some packages are known to have prompts during upgrade, due to modified conffiles. It is recommended not to upgrade these packages manually, but rather to allow FreedomBox to handle their upgrade automatically. This applies to the following packages:

    • bind9
    • firewalld
    • janus
    • minetest-server
    • minidlna
    • mumble-server
    • radicale
    • roundcube-core
    • tt-rss

Translation(s): English - Español


  1. Diagnostics

5. Diagnostics

The system diagnostic test will run a number of checks on your system to confirm that applications and services are working as expected.

Just click Run Diagnostics. This may take some minutes.

English - Español - Українська - (+)

6. Firewall

Firewall is a network security system that controls the incoming and outgoing network traffic. Keeping a firewall enabled and properly configured reduces risk of security threat from the Internet.

The operation of the firewall in FreedomBox web interface is automatic. When you enable a service it is automatically permitted in the firewall and when you disable a service it is automatically disabled in the firewall. For services which are enabled by default on FreedomBox, firewall ports are also enabled by default during the first run process.


Firewall management in FreedomBox is done using FirewallD.

6.1. Interfaces

Each interface is needs to be assigned to one (and only one) zone. If an interface is not assigned any zone, it is automatically assigned external zone. Whatever rules are in effect for a zone, those rules start to apply for that interface. For example, if HTTP traffic is allowed in a particular zone, then web requests will be accepted on all the addresses configured for all the interfaces assigned to that zone.

There are primarily two firewall zones used. The internal zone is meant for services that are provided to all machines on the local network. This may include services such as streaming media and simple file sharing. The external zone is meant for services that are provided publicly on the Internet. This may include services such as blog, website, email web client etc.

For details on how network interfaces are configured by default, see the Networks section.

6.2. Opening Custom Ports

Cockpit app provides advanced management of firewall. Both FreedomBox and Cockpit operate over firewalld and are hence compatible with each other. In particular, Cockpit can be used to open custom services or ports on FreedomBox. This is useful if you are manually running your own services in addition to the services provided by FreedomBox on the same machine.


6.3. FreedomBox Ports/Services

The following table attempts to document the ports, services and their default statuses in FreedomBox. If you find this page outdated, see the Firewall status page in FreedomBox interface.




Enabled by default

Status shown in FreedomBox

Managed by FreedomBox







XMPP Client






XMPP Server


















FreedomBox Web Interface (Plinth)






















































Tor (Socks)






































































































6.4. Manual operation

See FirewallD documentation for more information on the basic concepts and comprehensive documentation.

6.4.1. Enable/disable firewall

To disable firewall

service firewalld stop

or with systemd

systemctl stop firewalld

To re-enable firewall

service firewalld start

or with systemd

systemctl start firewalld

6.4.2. Modifying services/ports

You can manually add or remove a service from a zone.

To see list of services enabled:

firewall-cmd --zone=<zone> --list-services


firewall-cmd --zone=internal --list-services

To see list of ports enabled:

firewall-cmd --zone=<zone> --list-ports


firewall-cmd --zone=internal --list-ports

To remove a service from a zone:

firewall-cmd --zone=<zone> --remove-service=<service>
firewall-cmd --permanent --zone=<zone> --remove-service=<interface>


firewall-cmd --zone=internal --remove-service=xmpp-bosh
firewall-cmd --permanent --zone=internal --remove-service=xmpp-bosh

To remove a port from a zone:

firewall-cmd --zone=internal --remove-port=<port>/<protocol>
firewall-cmd --permanent --zone=internal --remove-port=<port>/<protocol>


firewall-cmd --zone=internal --remove-port=5353/udp
firewall-cmd --permanent --zone=internal --remove-port=5353/udp

To add a service to a zone:

firewall-cmd --zone=<zone> --add-service=<service>
firewall-cmd --permanent --zone=<zone> --add-service=<interface>


firewall-cmd --zone=internal --add-service=xmpp-bosh
firewall-cmd --permanent --zone=internal --add-service=xmpp-bosh

To add a port to a zone:

firewall-cmd --zone=internal --add-port=<port>/<protocol>
firewall-cmd --permanent --zone=internal --add-port=<port>/<protocol>


firewall-cmd --zone=internal --add-port=5353/udp
firewall-cmd --permanent --zone=internal --add-port=5353/udp

6.4.3. Modifying the zone of interfaces

You can manually change the assignment of zones of each interfaces after they have been autuomatically assigned by the first boot process.

To see current assignment of interfaces to zones:

firewall-cmd --list-all-zones

To remove an interface from a zone:

firewall-cmd --zone=<zone> --remove-interface=<interface>
firewall-cmd --permanent --zone=<zone> --remove-interface=<interface>


firewall-cmd --zone=external --remove-interface=eth0
firewall-cmd --permanent --zone=external --remove-interface=eth0

To add an interface to a zone:

firewall-cmd --zone=<zone> --add-interface=<interface>
firewall-cmd --permanent --zone=<zone> --add-interface=<interface>


firewall-cmd --zone=internal --add-interface=eth0
firewall-cmd --permanent --zone=internal --add-interface=eth0

Translation(s): English - Español


  1. Date & Time

7. Date & Time

This network time server is a program that maintains the system time in synchronization with servers on the Internet.

You can select your time zone by picking a big city nearby (they are sorted by Continent/City) or select directly the zone with respect to GMT (Greenwich Mean Time).



FreedomBox is designed to be the software for a consumer electronics device that is easy to setup, maintain and use. The project does not aim to create a custom hardware device ourselves, but instead we intend to partner with hardware vendors to build FreedomBox devices and also support existing hardware. Typically, it is run on single board computers because of their small form factor, low power consumption and favourable price. Some users also run it on old/refurbished desktop or laptop computers or even on virtual machines running on their primary computers.

In addition to supporting various single board computers and other devices, any Debian machine can be turned into a FreedomBox by installing the freedombox package. Debian, the universal operating system, supports a much wider range on hardware. After installing Debian, see the manual page for installing FreedomBox on Debian.

1. Recommended Hardware

On April 22nd, 2019, the FreedomBox Foundation announced the sales of the Pioneer Edition FreedomBox Home Server Kits. This is the recommended pre-installed hardware for all users who don't wish to build their own FreedomBox by choosing the right components, downloading the image and preparing an SD card with FreedomBox.

The kit includes all the hardware needed for launching a FreedomBox home server on an Olimex A20-OLinuXino-LIME2 board. This product provides the perfect combination of open source hardware and free and open source software. By purchasing this product, you also support the FreedomBox Foundation's efforts to create and promote its free and open source server software.

Pioneer Edition FreedomBox Home Server Kits
Pioneer Edition FreedomBox Home Server Kits

2. Supported Hardware

Use these hardware if you are able to download FreedomBox images and prepare an SD card by following the manual. If you wish for simper setup process, please buy the FreedomBox kits from recommended hardware instead. Look at the list of known issues with a hardware before buying it.

A20 OLinuXino Lime2
A20 OLinuXino Lime2

A20 OLinuXino MICRO
A20 OLinuXino MICRO

PC Engines APU
PC Engines APU


Cubieboard 2

BeagleBone Black
BeagleBone Black




Pine A64+
Pine A64+

Banana Pro
Banana Pro

Orange Pi Zero
Orange Pi Zero

Raspberry Pi 2
Raspberry Pi 2

Raspberry Pi 3 Model B
Raspberry Pi 3 Model B

Raspberry Pi 3 Model B+
Raspberry Pi 3 Model B+

Raspberry Pi 4 B
Raspberry Pi 4 B



2.1. Hardware Comparison


Speed (GHz)

Debian arch

Ram (GB)

disk (GB)



Ethernet speed




















BeagleBone Black C




































OLinuXino A20 LIME









OLinuXino A20 LIME2









OLinuXino A20 MICRO


















Pine A64+









Banana Pro









Orange Pi Zero















(USB3 or via PCIe card)












3. Additional Hardware

3.1. Hardware Supported with Generic Images

If you already have hardware that you wish turn into a FreedomBox, don't let the limited list of supported hardware discourage you. If you are using AMD or Intel architecture machines, you can download the generic images of that specific architecture that image will work on any machine of that architecture. For ARM 32-bit or ARM 64-bit architectures, we have a similar solution.

Starting with August 2020, we started building generic images that would work for all single board computers based on a solution involving UEFI standards and u-boot firmware. In this approach, a small board specific firmware resides on an SPI flash or an SD card. It is responsible for loading a generic FreedomBox image that is placed in an SD card, a USB drive, a SATA drive or an NVMe drive. So, for your hardware, find and get a u-boot based firmware from your board manufacturer and place it on an SPI flash or an SD card. Next, ensure that that kernel in FreedomBox has support for your board and place it on any of the other storage disks. This approach should work well for a lot of boards that are not listed as specifically supported. See firmware section for more details.

We continue to build images specific to some hardware as we used to earlier. These images have the slight advantage that they are easier to setup because of less step involved. We intend, however, to phase out these images because they can't be booted from all the storage devices and involve development overhead limiting the number of boards we support.

3.2. Adding Hardware Support

If your hardware is not listed above but you were able to get it working using the above described method of using a generic image, drop us a line and we will list it as supported. Further, take a look at the list of targeted hardware for boards to support.

3.3. Deprecated Hardware

This hardware was supported earlier but is no longer supported. If you downloaded an earlier image and are running FreedomBox on one of these hardware, you will keep getting software updates. However, no new images will be provided for these hardware. It is recommended that you migrate to newer, supported hardware using backup and restore.

  • DreamPlug

  • Raspberry Pi

Note: Supported Hardware means that FreedomBox images are built for said hardware and at least one developer has reported the basic functions to be working.

4. Common Hardware Information

The following sections document common advice related to hardware and peripherals when using them with FreedomBox.

4.1. Wi-Fi

FreedomBox can use Wi-Fi hardware for two separate purposes. It can be used to provide internet connectivity or it can be used to share internet connectivity already available to FreedomBox (via Ethernet, 3G/4G or another Wi-Fi interface) with devices on the network. See the Networks manual page for instructions on how to configure FreedomBox for these two cases.

Unfortunately, most built-in Wi-Fi adapters and add-on Wi-Fi adapters require firmware that is not free software. So, FreedomBox recommends attaching a USB Wi-Fi device that does not require non-free firmware. Supported devices automatically show up in the network interface list when configuring networks.

If you have a Wi-Fi device, either built-in or as an add-on, that requires non-free firmware and you are willing to install non-free firmware to get it working, see the Debian wiki page. Once the firmware is installed and the device shows up, it can be configured and used by FreedomBox.

4.2. Power Supply

On single board computers, one can easily encounter situations where the board and its peripherals are not provided sufficient power and malfunction in unpredictable ways. To avoid this, use a power adapter that can supply the minimum current recommended by the hardware manufacturer. When additional peripherals such as USB drives, Wi-Fi devices, SATA drives or NVMe drives are attached, the power requirements increase. A power supply that can provide higher current than needed is preferable but voltage should match the manufacturer recommendation exactly. Keep in mind that some cheap power supplies don't supply the current they promise to.

4.3. Firmware

Desktops, laptops and virtual machines have software that runs during machine start-up called UEFI/BIOS. This software, sometimes called firmware, can load and hand over control to the operating system (in our case FreedomBox), when it is present on any of the storage devices. This is not the case with most single board computers.

Single board computers ship with very small amount of software that is typically limited to booting OS from SD cards or eMMCs. They usually can't boot from USB disks, SATA disks or NVMe disks. To remedy this situation, hardware manufacturers started adding a special storage device called SPI flash which is only a few MiB in size. A special software, which we call firmware here, typically based on free and open source boot loader called u-boot is placed in this SPI flash. When the computer starts up, it starts the boot-loader from SPI flash which will in turn load the operating system. Since the firmware is much more powerful, it has the ability to load the OS from any of the storage media. Examples of single board computers with SPI flash include A20-OLinuXino-Lime2 and RockPro64.

This firmware approach can be used even when SPI flash is not available. Say, one wants to boot from a USB drive and the board does not support booting from it. Firmware can be installed on an SD card (a very tiny one is sufficient) and inserted into the board. Then USB disk will contain FreedomBox as we wish it. When the board starts, it boots the firmware from SD card which in turn boots the operating system from USB drive or any other storage.

This firmware approach also allows us to use generic download images that work for a large number of hardware boards. While increasing the effort for the user a bit more, it has the advantage of allowing us to support a lot more hardware and allow the OS to be present on any storage media.

When special firmware is needed for a single board computer, FreedomBox manual for the board discusses how to to obtain and install the firmware before proceeding with installation of FreedomBox.

4.4. Storage

FreedomBox can run from various storage media supported by your computer. Choosing the storage is about balancing reliability, capacity and speed against cost. A minimum storage capacity of 8GB is recommended for running FreedomBox.

4.4.1. Secure Digital (SD) Card

SD cards are common on single board computers. Most single board computers can boot directly from an SD card without any additional tweaks.

SD cards are typically slowest among the available storage media. Expect your FreedomBox to perform certain operations slower on these disks. Not all SD cards perform similarly and some perform much better than others. When buying an SD card, pick a card with a speed class of at least 10 (written on the card as a circle around the number 10) or UHS speed class 1 (written on the card as a number 1 inside a bucket). UHS speed class 3 (written on the card as number 3 inside a bucket) or application speed class 1 or above (written as A1 and A2) will perform much better. Finally, users of FreedomBox have reported cases where SD cards have failed. So, other storage media should be preferred for higher reliability.

4.4.2. Embedded MultiMediaCard (eMMC)

Many recently released single board computers support eMMC cards. Most single board computers can boot directly from an eMMC without any additional tweaks.

eMMC is sometimes soldered onto the board and you will need to choose the size of eMMC when buying the board. An example of this is the Olimex's A20-OLinuXino-Lime2 board. Other times, a manufacturer will provide eMMC as pluggable peripheral. With this approach, you can add eMMC after you buy the board or upgrade existing one with higher capacity. Do not detach and reattach such pluggable eMMCs too often. They have a very limited number of wear cycles (< 100).

eMMC are much faster than SD cards and spinning disk HDDs but are significantly slower than SSDs. They have much better random write speeds which are needed for many FreedomBox operations. In general, they should be preferred over SD cards.

FreedomBox image can be setup on an eMMC in two ways. For a detachable eMMC, there are eMMC to USB converters available. Detach the eMMC from the board, attach it to the USB converter and plug it into your machine and proceed with writing FreedomBox on it as one would for an SD card. In case the eMMC is not detachable, boot the computer with a media other than the eMMC such as an SD card or USB disk. It could be any operating system. After booting, the eMMC will show up as an additional disk. Download and write FreedomBox image onto it as one would for an SD card.

4.4.3. USB Disk Drive

Most computers and single board computers have USB ports. These ports accept storage media such as USB flash drives, SSDs or HDDs.

A USB flash drive can also serve as a storage medium for running FreedomBox. USB 2.0 flash drives are much slower and comparable to SD cards in their performance. USB 3.0 flash drives yield much better performance. Both USB flash drives and SD cards use similar technology so the read/write cycles and hence the reliability as similarly limited.

Apart from USB flash drives, solid state drives (SSDs) and hard disk drives (HDDs) can be inserted into USB ports. This is possible either by buying drives with USB interface or by using convertors such as USB to SATA or USB to M.2 interface. Both SSDs and HDDs have much higher reliability compared to SD cards, eMMC or USB flash drives. These should be preferred whenever possible. In addition, SSDs provide excellent performance when connected via USB 3.0 interface.

When connecting SSDs and HDDs to USB ports on single board computers, care should be taken about the power supply to the drive. If the drive has an extra power supply there is nothing to worry about. Otherwise, ensure that the single board computer is able to power the drive by checking the power requirements of the drive and what the board supports. For the board, always use a power adapter that can supply the minimum current recommended by the hardware manufacturer. Power supply that can provide higher current than needed is preferable but the voltage supplied should match the manufacturer recommendation exactly. Keep in mind that some cheap power supplies don't supply the current they promise to.

Setting up a FreedomBox image on a USB (flash, SSD or HDD) drive can be straight forward as most computers have USB ports. Plug-in the USB drive to your computer, download and write the FreedomBox image to the USB drive. While laptops, desktops and virtual machines can boot from a USB drive without intervention, many single board computers can't boot from USB drives. To address this, a separate firmware is needed. See firmware section for setting this up.

4.4.4. SATA disk drive

Some desktops, laptops and single board computers support a SATA interface to connect a solid state drive (SSD) or a hard disk drive (HDD). An example of a single board computer supporting SATA interface is the Olimex's A20-OLinuXino-Lime2. SATA protocol is also used for mSATA ports or M.2 slots (with a B-Key or an M-key). Both SSDs and HDDs have much higher reliability compared to SD cards, eMMC or USB flash drives. SATA interface provides very good data transfer rates (but not as good as NVMe drives based on PCIe). These should be preferred over SD cards, eMMCs or USB flash drives whenever possible.

When connecting SSDs and HDDs to SATA ports on single board computers, care should be taken about the power supply to the drive. If the drive has an extra power supply there is nothing to worry about. Otherwise, ensure that the single board computer is able to power the drive by checking the power requirements of the drive and what the board supports. Always use a power adapter that can supply the minimum current recommended by the hardware manufacturer. Power supply that can provide higher current than needed is preferable but voltage should match the recommendation exactly. Keep in mind that some cheap power supplies don't supply the current they promise to.

To setup FreedomBox image on a SATA disk drive, boot the computer with a media other than the SATA disk such as an SD card. It could be any operating system. After booting, the SATA disk will show up as an additional disk. Download and write FreedomBox image onto it as one would for an SD card. While laptops, desktops and virtual machines can boot from a SATA drives without additional intervention, many single board computers can't boot from SATA drives. To address this, a separate firmware disk is needed. See firmware section for setting this up.

4.4.5. NVMe disk drive

Most desktops, laptops and some single board computers support an NVMe interface to connect a solid state drive (SSD). This support is provided either with an M.2 slot (with a B-key or an M-key) or by providing a PCIe expansion slot. If a PCIe expansion slot is provided, a PCIe to M.2 convertor can be used to accommodate an NVMe drive. An example of a single board computer supporting an M.2 slot is the Radxa's Rock Pi 4 board. An example of single board computer providing PCIe slot is the Pine64's RockPro64 board. NVMe based SSD have much higher reliability compared to SD cards, eMMC or USB flash drives. NVMe drives provide the fastest data transfer rates. These should be preferred over all other types of drives whenever possible.

When connecting NVMe drives to single board computers, care should be taken about the power supply to the drive. Ensure that the single board computer is able to power the drive by checking the power requirements of the drive and what the board supports. Always use a power adapter that can supply the minimum current recommended by the hardware manufacturer. Power supply that can provide higher current than needed is preferable but voltage should match the manufacturer recommendation exactly. Keep in mind that some cheap power supplies don't supply the current they promise to.

To setup FreedomBox image on an NVMe disk drive, boot the computer with a media other than the NVMe disk such as an SD card. It could be any operating system. After booting NVMe disk will show up as an additional disk. Download and write FreedomBox image onto it as one would for an SD card. While laptops, desktops and virtual machines can boot from NVMe drives without intervention, many single board computers can't boot from NVMe drives. To address this a separate firmware disk is needed. See firmware section for setting this up.

5. Building Your Own Images

All FreedomBox disk images for different hardware is built by the project using a tool known as Freedom Maker. If for some reason, you wish to build your own images instead of downloading the provided images, use this tool. The README file in the project provides information about the list of hardware build targets available and how to build images.

5.1. Status of Software Used

  • All the software present in FreedomBox images is from Debian repositories. There are some minor tweaks done by the Freedom Maker script.

  • All images use the Linux kernel from Debian which is in turn based on the mainline Linux kernel.
  • A few images include non-free firmware from Debian's non-free-firmware component (see Firmware). Other than firmware, all software present in the images is DFSG compliant free software. The table below lists the components included in each image. (Note: this work is in progress, planned for images built after Debian 12 (bookworm) release.)


Includes main?

Includes non-free-firmware?

Non-free firmware included

32-bit ARM (armhf)


32-bit x86 (i386)



amd64-microcode, intel-microcode (see Microcode)

64-bit ARM (arm64)


64-bit x86 (amd64)



amd64-microcode, intel-microcode (see Microcode)

A20 OLinuXino Lime


A20 OLinuXino Lime 2


A20 OLinuXino MICRO


Beagle Bone Black


Cubieboard 2


Cubietruck (Cubieboard 3)


Lamobo R1


LeMaker Banana Pro


LinkSprite pcDuino3S


Orange Pi Zero


PC Engines APU 1D


Pine A64 LTS


Pine A64+


Pioneer Edition FreedomBox


QEMU/KVM amd64




Raspberry Pi 2




Raspberry Pi 3 Model B



raspi-firmware, firmware-brcm80211

Raspberry Pi 3 Model B+



raspi-firmware, firmware-brcm80211

Raspberry Pi 4 Model B



raspi-firmware, firmware-brcm80211





VirtualBox for amd64


VirtualBox for i386


6. Cubietruck

6.1. FreedomBox Danube Edition

FreedomBox Danube Edition

FreedomBox Danube Edition is a custom casing around Cubietruck and an SSD-hard drive.

6.2. Cubietruck / Cubieboard3

Cubietruck (Cubieboard3) is a single board computer with very good performance compared to many other boards. FreedomBox images are built for this device.

Important: Read general advice about hardware before building a FreedomBox with this single board computer.

6.3. Download

FreedomBox SD card images are provided for this hardware. These SD card images are meant for use with the on-board SD card slot and do not work when used with a separate SD card reader connected via USB.

An alternative to downloading these images is to install Debian on the Cubietruck and then install FreedomBox on it.

6.4. Availability

Cubietruck / Cubieboard3

6.5. Hardware

  • Open Hardware: No
  • CPU: Allwinner A20, ARM Cortex-A7 @ 1GHz dual-core
  • RAM: 2 GiB DDR3 @ 480 MHz
  • Storage: 8 GB NAND flash built-in, 1x microSD slot
  • Architecture: armhf
  • Ethernet: 10/100/1000, RJ45
  • WiFi: Broadcom BCM4329/BCM40181 (no free WiFi drivers + firmware available)

  • SATA: 1x 2.0 port

6.6. Non-Free Status

  • Non-free blobs required: ?
  • WiFi: no free WiFi drivers + firmware available

6.7. Known Issues

  • The on-board WiFi does not work with free software. A separate USB WiFi device is recommended.

7. Beagle Bone Black

Beagle Bone Black

Beagle Bone Black (Revision C.1) is an Open Source Hardware (OSHW) single board computer. This means that the designer is actively helping people using the platform for their own designs, and supports them in adding hardware functionality and production advice. This is a part of freedom that is often overlooked, but very much aligned with the FreedomBox goals. FreedomBox images are built and tested for this device.

Important: Read general advice about hardware before building a FreedomBox with this single board computer.

7.1. Download

FreedomBox SD card images are available for this device. Follow the instructions on the download page to create a FreedomBox SD card and boot the device.

Note: This image is for BeagleBone Black (Revision C.1) only. It will not work on the BeagleBone Green, and also not on the Revisions A & B.

An alternative to downloading these images is to install Debian on the BeagleBone and then install FreedomBox on it.

7.2. Availability

7.3. Hardware

  • Open Source Hardware (OSHW): Yes

  • CPU: AM335x 1GHz ARM Cortex-A8

  • RAM: 512MB DDR3L 800 Mhz
  • Storage: Onboard 4GB, 8bit Embedded MMC and microSD
  • Architecture: armhf
  • Ethernet: 10/100, RJ45
  • WiFi: None, use a USB WiFi device

  • SATA: None

7.4. Non-Free Status

  • Non-free blobs required: No
  • WiFi: Not available

8. A20 OLinuXino Lime2

A20 OLinuXino Lime2

Olimex's A20 OLinuXino Lime2 is a fully Open Source Hardware (OSHW) single board computer. This means that the designer is actively helping people using the platform for their own designs, and supports them in adding hardware functionality and production advice. This is a part of freedom that is often overlooked, but very much aligned with the FreedomBox goals. It uses the Allwinner A20 Dual Core ARM processor.

Important: Read general advice about hardware before building a FreedomBox with this single board computer.

8.1. Similar Hardware

The following similar hardware will also work well with FreedomBox.

8.2. Download

FreedomBox SD card images are available for this device. Follow the instructions on the download page to create a FreedomBox SD card and boot the device. These SD card images are meant for use with the on-board SD card slot and won't work when used with a separate SD card reader connected via USB.

An alternative to downloading these images is to install Debian on the device and then install FreedomBox on it.

8.3. Availability

  • Price: 45 EUR (A20 OLinuXino Lime2)
  • Price: 55 EUR (A20 OLinuXino Lime2 4GB)
  • Olimex Store

8.4. Hardware

  • Open Source Hardware (OSHW): Yes

  • CPU: Allwinner A20, ARM Cortex-A7 @ 1GHz dual-core
  • RAM: 1 GiB DDR3
  • Storage: 4 GB NAND flash built-in (only on 4GB model), 1x microSD slot
  • Architecture: armhf
  • Ethernet: 10/100/1000, RJ45
  • WiFi: None, use a USB WiFi device

  • SATA: 1x port

8.5. Non-Free Status

  • Non-free blobs required: No
  • WiFi: Not available

  • Boot Firmware: BROM (GPLV2+)

8.6. Known Issues

9. A20 OLinuXino MICRO

A20 OLinuXino MICRO

Olimex's A20 OLinuXino MICRO is a fully Open Source Hardware (OSHW) single board computer. This means that the designer is actively helping people using the platform for their own designs, and supports them in adding hardware functionality and production advice. This is a part of freedom that is often overlooked, but very much aligned with the FreedomBox goals. It uses the Allwinner A20 Dual Core ARM processor.

Important: Read general advice about hardware before building a FreedomBox with this single board computer.

9.1. Similar Hardware

The following similar hardware will also work well with FreedomBox.

9.2. Download

FreedomBox MicroSD card images are available for this device. Follow the instructions on the download page to create a FreedomBox MicroSD card and boot the device. These MicroSD card images are meant for use with the on-board MicroSD card slot and won't work on the SD card slot or when using a separate MicroSD card reader connected via USB.

An alternative to downloading these images is to install Debian on the device and then install FreedomBox on it.

9.3. Availability

  • Price: 50 EUR (A20 OLinuXino MICRO)
  • Price: 63 EUR (A20 OLinuXino MICRO 4GB)
  • Olimex Store

9.4. Hardware

  • Open Source Hardware (OSHW): Yes

  • CPU: Allwinner A20, ARM Cortex-A7 @ 1GHz dual-core
  • RAM: 1 GiB DDR3
  • Storage: 4 GB NAND flash built-in (only on 4GB model), 1x microSD slot
  • Architecture: armhf
  • Ethernet: 10/100, RJ45
  • WiFi: None, use a USB WiFi device

  • SATA: 1x port

9.5. Non-Free Status

  • Non-free blobs required: No
  • WiFi: Not available

  • Boot Firmware: BROM (GPLV2+)

9.6. Known Issues

  • Not visible on local network
  • When booting the 'stable' image (made on 2017-06-18) the board does not automatically get an IP address from the router's DHCP server over ethernet. Booting the 'testing' image (2018-06) the board does get an IP address. Tested on MICRO hardware revision J. see also: https://www.olimex.com/forum/index.php?topic=5839.msg24167#msg24167

10. APU

PC Engines APU 1D

PC Engines APU 1D is a single board computer with 3 Gigabit ethernet ports, a powerful AMD APU and Coreboot firmware. FreedomBox images built for AMD64 machines are tested to work well for it.

Important: Read general advice about hardware before building a FreedomBox with this single board computer.

10.1. Similar Hardware

Although untested, the following similar hardware is also likely to work well with FreedomBox.

10.2. Download

FreedomBox disk images for this hardware are available. Follow the instructions on the download page to create a FreedomBox SD card, USB disk, SSD or hard drive and boot into FreedomBox. Pick the image meant for all amd64 machines.

An alternative to downloading these images is to install Debian on the APU and then install FreedomBox on it.

10.3. Networking

The first network port, the left most one in the above picture, is configured by FreedomBox to be an upstream Internet link and the remaining 2 ports are configured for local computers to connect to.

10.4. Availability

10.5. Hardware

  • Open Hardware: No
  • CPU: AMD G series T40E

  • RAM: 2 GB DDR3-1066 DRAM
  • Storage: SD card, External USB
  • Architecture: amd64
  • Ethernet: 3 Gigabit Ethernet ports
  • WiFi: None, use a USB WiFi device

  • SATA: 1 m-SATA and 1 SATA

10.6. Non-Free Status

  • Non-free blobs required: No
  • WiFi: Not available

  • Boot firmware: Coreboot

11. VirtualBox


This page will help you get started with using FreedomBox on a virtual machine using VirtualBox. While VirtualBox images are primarily used for testing and development, they can also be used for regular use if you have spare resources on one of your machines. This setup is useful if:

  • You don't own one of the supported hardware devices.

  • You don't use Debian GNU/Linux as your operating system.
  • You don't want to disturb your Debian installation to try out FreedomBox.

Prebuilt FreedomBox images for VirtualBox are routinely made available in VirtualBox's own VDI image file format. They contain a Debian GNU/Linux operating system and an installation of FreedomBox with all dependencies ready to run on any OS supported by VirtualBox (Windows, Linux, Macintosh, and Solaris).

A more adventurous alternative to downloading one of these images is to install Debian on VirtualBox and then install FreedomBox on it.

VirtualBox itself is available from https://www.virtualbox.org/ (or your distribution's package manager).

11.1. Download

Follow the instructions on the download page to download and verify a VirtualBox image. The latest images are available on freedombox.org.

11.2. Creating a Virtual Machine

  1. Decompress the downloaded VDI image (tool for Windows, Mac).

  2. Create a new VM in the VirtualBox UI with OS type Linux and Version Debian (32/64-bit according to the downloaded image).

VirtualBox Name and OS dialog

  1. In the Hard disk dialog choose Use an existing virtual hard disk file and select the .vdi file you extracted in step 1.

VirtualBox Hard disk dialog

  1. When created, go to the virtual machine's Settings -> [Network] -> [Adapter 1]->[Attached to:] and choose the network type your want the machine to use according to the explanation in Network Configuration below. The recommended type is the Bridged adapter option, but be aware that this exposes the FreedomBox's services to your entire local network.

VirtualBox recommended network setting

Note: It is important to make sure that you have provided the correct network interface in the above step. For example, if the virtual machine is running on a laptop connected to a Wi-Fi network, then the wireless interface (starts with wlp) must be chosen as shown in the screenshot.

11.3. First Boot

When satisfied with the VM settings click the start button in the VirtualBox UI and your new FreedomBox will boot.

The console of the VM will show the textual screen below when finished booting, from here most interaction with FreedomBox will be through the web interface in a browser.

FreedomBox console after booting successfully

If everything went well so far, you should be able to access the web interface of FreedomBox by pointing a browser on the host machine to https://freedombox.local.

In case freedombox.local cannot be resolved, you need to find out your FreedomBox's IP address as described in Finding out the IP address of the virtual machine. Then access this IP from a web browser which is on the same network as the VM (for example, the host). If all is well, you are now presented with a welcome message and invited to complete the first boot process.

FreedomBox welcomes you to the first boot

This mainly consist of creating an administrative user for the system.

11.4. Using

See the FreedomBox usage page for more details.

You can log in to the Debian GNU/Linux system as the user created during FreedomBox first boot on the VirtualBox console or remotely via ssh.

After logging in, you can become root with the command sudo su.

11.5. Build Image

If you wish to build your own images instead of downloading available images, it can be done using Freedom Maker.

11.6. Tips & Troubleshooting

11.6.1. Network Configuration

VirtualBox provides many types of networking options. Each has its advantages and disadvantages. For more information about how various networking types work in VirtualBox, see VirtualBox's networking documentation. https://www.virtualbox.org/manual/ch06.html

For a simple setup, it is recommended that you use a single network interface in your guest machine. This will make the first boot script automatically configure that interface as an internal network with automatic network configuration. Inside the guest machine, the networking is configured automatically and all the services are made available on this network interface. For more information on how networks are configured by default in FreedomBox, see Networks section.

What remains is to make those services available to the host machine or to other machines in the network. You must then choose one of the following types of networking for the network interface on your guest machine. To set a particular type of network for the guest's network adapter, go to the guest VM's settings then the network options and then select the adapter you wish to configure. There, set the network type from the available list of networks.

  1. First and the recommended option is to use the Bridged type of network. This option exposes the guest machine to the same network that host network is connected to. The guest obtains network configuration information from a router or DHCP server on the network. The guest will appear as just another machine in the network. A major advantage of this of setup is that the host and all other machines in the network will be able to access the services provided by guest without requiring any further setup. The only drawback of this approach is that if the host is not connected to any network, the guest's network will remain unconfigured making it inaccessible even from the host.

  2. Second method is Host only type of networking. With a guest's network interface configured in this manner, it will only be accessible from the host machine. The guest will not able access any other machine but the host, so you do not have internet access on the guest. All services on the guest are available to the host machine without any configuration such as port forwarding.

  3. The third option is to use the NAT type of network. This the networking type that VirtualBox assigns to a freshly created virtual machine. This option works even when host is not connected to any network. The guest is automatically configured and is able to access the internet and local networks that host is able to connect to. However, the services provided by the guest require port forwarding configuration setup to be available outside.

    To configure this go to VM settings -> [Network] -> [Adapter] -> [Port Forwarding]. Map a port such as 2222 from host to guest port 22 and you will be able to ssh into FreedomBox from host machine as follows:

     ssh -p 2222 fbx@localhost

    Map 4443 on host to 443 on the guest. This make FreedomBox HTTPS service available on host using the URL https://localhost:4443/ You will need to add a mapping for each such services from host to guest.

  4. The final option is to create two network interfaces, one host only and one NAT type. This way you can access the guest without any additional configuration, and you have internet access on the guest. The guest will be invisible to any other machines on the network.

Summary of various network types:


Guest accessible from other machines

Guest accessible from host

Works without port forwarding

Works without host connected to network

Guest has internet access







Host only












NAT and Host






11.6.2. Finding out the IP address of the virtual machine

This depends on the network configuration you chose. With a bridged adapter, your virtual machine gets its IP address from the DHCP server of your network, most likely of your Router. You can try the first couple of IP addresses or check your router web interface for a list of connected devices.

If you chose host-only adapter, the IP address is assigned by the DHCP server of your VirtualBox network. In the VirtualBox Manager, go to File -> Preferences -> Network -> Host-only Networks. You can see and edit the DHCP address range there, typically you get assigned addresses close to the Lower Address Bound.

Another possibility of finding the IP address is to login via the VirtualBox Manager (or similar software). The FreedomBox images do not have any default user accounts, so you need to set an initial user and password using the passwd-in-image script.

See also QuickStart for instructions on how to scan your network to discover the IP of the VM.

11.6.3. Networking Problems with macchanger

The package macchanger can cause network problems with VirtualBox. If you have a valid IP address on your guest's host network adapter (like but are not able to ping or access the host (like, try uninstalling macchanger:

$ dpkg --ignore-depends=freedombox-setup --remove macchanger 

You might have to manually remove the script /etc/network/if-prep-up/macchanger. If Debian complains about unmet dependencies when you use a package manager (apt-get, aptitude, dpkg), try to remove 'macchanger' from the dependencies of 'freedombox-setup' in the file /var/lib/dpkg/status.

11.6.4. Mounting Images Locally

If you want to mount images locally, use the following to copy built images off the VirtualBox:

$ mkdir /tmp/vbox-img1 /tmp/vbox-root1
$ vdfuse -f freedombox-unstable_2013.0519_virtualbox-i386-hdd.vdi /tmp/vbox-img1/
$ sudo mount -o loop /tmp/vbox-img1/Partition1 /tmp/vbox-root1
$ cp /tmp/vbox-root1/home/fbx/freedom-maker/build/freedom*vdi ~/
$ sudo umount /tmp/vbox-root1
# $ sudo umount /tmp/vbox-img1 # corruption here.

11.6.5. Fixing the time after suspend and resume

The virtual machine loses the correct time/date after suspending and resuming. One way to fix this is to create a cron-job that restarts the time service ntp. You can add a crontab entry as root to restart ntp every 15 minutes by typing 'crontab -e' and adding this line:

*/15 * *   *   *     /etc/init.d/ntp restart

Do not restart this service too often as this increases the load of publicly and freely available NTP servers.

11.6.6. UUID collision in VB

Whenever this happens VirtualBox shows following error message: Cannot register the hard disk A with UUID ... because a hard disk B with UUID ... already exists in the media registry

Creating several VMs from the same image causes collisions due to ID's (hostname, IP, UUID, etc) that are expected to be universally unique. Most can be handeled operating the running VM. But VirtualBox complains before that (at the very creation of the VM) about the hard disk's UUID. This is usual stuff when you develop/test e.g. FreedomBox.

You can change a clone's UUID in the terminal as follows:

$ VBoxManage internalcommands sethduuid path/to/the/hd/vdi/file

12. Debian

FreedomBox is a pure blend of Debian. This means that all the work on FreedomBox is available in Debian as packages. It also means that any machine running Debian can be turned into a FreedomBox.

This page describes the process of installing FreedomBox on a Debian system. Currently, FreedomBox works in Debian Stable (Bullseye), Testing (Bookworm), and Unstable (Sid).

Important: Read general advice about hardware before building a FreedomBox with this approach.

Use a fresh Debian installation

Installing FreedomBox changes your Debian system in many important ways. This includes installing a firewall and regenerating server certificates. It is hence recommended that you install FreedomBox on a fresh Debian installation instead of an existing setup.

Console/GUI logins for non-admin users will be disabled

After FreedomBox is fully setup, your system will no longer allow users not belonging to the admin group to log in to the system via console, secure shell (SSH) or graphical login. This behaviour can be disabled from the Security page. Use the administrator account created during FreedomBox first boot for console logins and add further user accounts to admin group, if necessary.

12.1. Installing on Debian 11 (Bullseye) or newer

Check the Troubleshooting section below, for any tips or workarounds that might help during the install.

  1. Install Debian 11 (Bullseye), or Unstable (Sid) on your hardware.

  2. Update your package list.
    $ sudo apt-get update
  3. Install freedombox package.

    $ sudo DEBIAN_FRONTEND=noninteractive apt-get install freedombox
    • The "DEBIAN_FRONTEND=noninteractive" will avoid several configuration prompts that would otherwise appear during the install.
  4. During the installation, you will be provided a secret key that needs to be entered during the initial configuration process. Note this down. The secret can also be read at a later time from the file /var/lib/plinth/firstboot-wizard-secret.

  5. You can start using FreedomBox. During initial wizard, you will need to enter the secret noted above.

12.2. Tips and Troubleshooting

  1. FreedomBox uses NetworkManager to manage network configuration. If you have configured your network interfaces using Debian installer or by editing /etc/network/interfaces, FreedomBox will not manage those interfaces. (See bug #797614.) To let FreedomBox/NetworkManager manage your network interfaces, edit the /etc/network/interfaces manually and ensure that it contains only the following:

    auto lo
    iface lo inet loopback

    If you have already completed the setup process without doing this step, you will need to clear out the /etc/network/interfaces file keeping only the above lines. Then perform a reboot. Network interfaces will then be in the internal or external firewall zone. This is essential for the FreedomBox's web interface to be reachable from other machines in the network. You can tweak network manager connections with the nmtui command if you wish.

  2. FreedomBox will use an automatically configured IP address by default. You can assign a static IP address if necessary. Network configuration changes can be done using FreedomBox web interface or by using the nmtui or nmcli commands. nmcli can be used as follows:

      nmcli con mod "Ethernet connection 1"  \
      ipv4.addresses A.A.A.A/X  \
      ipv4.gateway G.G.G.G  \
      ipv4.dns N.N.N.N  \
      ipv4.dns-search somedomain.com  \
      ipv4.method "manual"  \
      ipv4.ignore-auto-dns yes  \
      ipv6.method ignore
  3. ..with the block capitals and somedomain.com replaced with your actual address, mask description, gateway and dns server details.

13. Raspberry Pi 2 Model B

Raspberry Pi 2

Raspberry Pi 2 (Model B ) is a popular single board computer developed with the intention of promoting teaching of basic computer science in schools. It is a successor to Raspberry Pi Model B+ with much faster processor and more RAM. FreedomBox images are built and tested for it.

Please do not expect any output on a monitor connected via HDMI to this device as it does not display anything beyond the message 'Starting kernel...'. See the Quick Start page to access and control your FreedomBox from network.

Important: Read general advice about hardware before building a FreedomBox with this single board computer.

13.1. Download

FreedomBox SD card images for this hardware are available. Follow the instructions on the download page to create a FreedomBox SD card and boot into FreedomBox.

13.2. Availability

13.3. Hardware

  • Open Hardware: No
  • CPU: 900 MHz quad-core ARM Cortex-A7
  • RAM: 1 GB
  • Storage: MicroSD card slot
  • Architecture: armhf
  • Ethernet: 10/100, RJ45
  • WiFi: None, use a USB WiFi device

  • SATA: None

13.4. Non-Free Status

  • Non-free blobs required: boot firmware
  • WiFi: Not available

14. USB Wi-Fi

FreedomBox works on many single board computers. However, many of these boards do not have built-in Wi-Fi capabilities. Even when Wi-Fi capability is available, non-free proprietary firmware is required to make them work.

A solution to the problem is to plug-in a USB Wi-Fi device into one of the available USB ports. There are many such devices available which do not require non-free firmware to work. The following is a list of such devices that work with FreedomBox devices. Some devices based on these chips have tested to work well with FreedomBox including functions such as access point mode.

14.1. Firmware Installation

The free firmware for these devices is not packaged in Debian yet. You can manually download and install the firmware as follows:

sudo su [enter password]
cd /lib/firmware
wget https://www.thinkpenguin.com/files/ath9k-htc/version-1.4-beta/htc_9271.fw
wget https://www.thinkpenguin.com/files/ath9k_firmware_free-version/htc_7010.fw

14.2. Resources


Get Involved

From code, design and translation to spreading the word and donation, here are a number of ways to contribute to FreedomBox.

2. Welcome to newcomers

As a new contributor, you are more than welcome to introduce yourself to others on the FreedomBox discussion forum, mailing list or on the #freedombox IRC channel. In addition to make useful contacts, you can start reporting bugs and translate (see below) the wiki website and the FreedomBox web interface.

Contributions needed

Sorted by ascending difficulty

1. Donate

Obviously, donating is the easiest way to contribute.

You can help the project financially by donating via PayPal, Bitcoin or by mailing a check. Please see the donation page for details on how to donate.

FreedomBox project is run by volunteers. The FreedomBox Foundation is a 501(c)(3) federal nonprofit corporation with recognition from the IRS.

2. Spread the Word

Spreading the word about FreedomBox only requires to know about the basic goals of the project and an overall description of the product.

Speak to your family, friends, local community or at global conferences about the importance of FreedomBox. To be a successful project we need much more awareness and many more participants, be it users or contributors. Write about your efforts on the wiki.

If you are into marketing, you can get in touch with the marketing team through the marketing section of our forum.

3. Feed Us Back (Comment)

After some time, we lose the fresh view of newcomers. Just providing your feedback helps us a lot.

Browse our websites and documentation and play with FreedomBox and comment your impressions on the feedback section of our forum.

4. Request applications

Check our applications wishlist and help us extend it by searching the web for other interesting free software to include in FreedomBox.

5. Translate

All text visible to users of FreedomBox needs to be localized to various languages. If you know english and speak another language you can contribute translating. Translating is a nice way to get familiar with the project while contributing.

This translation work includes:

The localization of FreedomBox web interface happens mainly on the web-based tool at Weblate.

If you wish to see FreedomBox available for one of your languages, please start a discussion on the FreedomBox discussion forum's development category to work with others translating for that language.

For more information, please visit the FreedomBox translators page.

6. Document: User Manual, Website and Wiki, HowTo/demo videos

FreedomBox needs better documentation for users and contributors. Sometimes, just rewording or presenting the information another way, already helps. Others, a certain knowledge is needed.

FreedomBox manual is prepared by aggregating various pages on the wiki and exporting to various formats. The manual is then used in FreedomBox Service and elsewhere.

If you wish to contribute to the FreedomBox wiki (and consequently the FreedomBox manual), you can create a wiki account and start editing.

For contributing to the website please start a discussion on the FreedomBox discussion forum's development category.

Another way of documenting FreedomBox is to record and publish screencasts showing how to use it, or videos on why to use it. Like these or these.

7. Assure Quality (Test and Check)

  • FreedomBox already runs on many platforms and it is not possible for developers to test all possible platforms. If you have one of the supported hardware you can help with testing FreedomBox on the platform.

  • When an application is made available on FreedomBox, not all of its functionality is tested in the real world by developer doing the work. Deploying the application and testing it will help ensure high quality applications in FreedomBox.

See the quality assurance page for a basic list of test cases to check for and information on reporting bugs.

8. Code

If you are a developer, you can contribute code to one of the sub-projects of FreedomBox. Step-by-step process of contributing code to FreedomBox is available.

  • FreedomBox Service: a web interface to administer the functions of FreedomBox.

  • Freedom Maker: a script to build FreedomBox disk images for use on various hardware devices or virtual machines.

You can pick up a task from one of the TODO lists. The individual page project pages contain information availabily of the code, how to build and TODO lists.

8.1. Fix Bugs

List of bugs, feature requests and improvements are tracked on the FreedomBox issue tracker. In addition to that, see list of bugs to help out the Debian package we depend on. Also see the FreedomBox packaging team's dashboard for status of various packages that we use.

8.2. Add an Application

If you are a developer and wish to see an application available in FreedomBox, you can contribute by adding the application to FreedomBox. See the FreedomBox Developer Manual. Many applications that can be added to FreedomBox have been identified on the leaving the cloud page.

8.3. Development priorities

Upcoming priorities are discussed on an regular basis. You find the progress of the FreedomBox Service with its priorities here: issues board and milestones.

Please check next progress calls to keep yourself on track and meet members of the release team. A TODO page aggregates the complete list of the items to work on for FreedomBox.

9. Design

9.1. User Experience Design

If you are a user experience designer, you can help FreedomBox with the following items:

9.2. Technical Design

FreedomBox needs your technical expertise to devise implementation plans for upcoming features. You can contribute to the discussion on various technical design and implementation aspects of FreedomBox. See FreedomBox discussion forum's development category.

10. Package Applications

FreedomBox is a Debian Pure Blend. In order to add applications to FreedomBox we need applications first to be Debian-packaged. Check our applications wishlist.

Developer Guide

The FreedomBox Developer Manual provides a step by step tutorial for writing apps for FreedomBox and an API reference. It is available from docs.freedombox.org.


FreedomBox consists of three main projects:

  • Plinth, the web interface
  • FreedomBox Setup, the Debian package to perform initial setup and

  • Freedom Maker, a script to build disk images for various hardware

1. FreedomBox Service (Plinth)

FreedomBox Service (Plinth) is a web interface to administer the functions of the FreedomBox.

FreedomBox Service is Free Software under GNU Affero General Public License version 3 or (at your option) a later version.

1.1. Using

  • FreedomBox Service comes installed with all FreedomBox images. You can download FreedomBox images and run on any of the supported hardware. Then, to access FreedomBox interface see quick start instructions.

  • If you are on a Debian box, you may install FreedomBox Service from Debian package archive. Currently, only bullseye (stable), bookworm (testing), and sid (unstable) are supported. To install FreedomBox Service run:

$ sudo apt-get install freedombox

1.2. Screenshots

Home Page Apps Page System Page

Enabling Tor Onion Services Newsfeed from anywhere Email Client

Manual Pages About Page

1.3. Support

You may ask for support on

1.4. Contributing

We are looking for help to improve FreedomBox Service. You can contribute to FreedomBox Service by not just by coding but also by translating, documenting, designing, packaging and providing support.

1.4.1. Debian Package

  • FreedomBox Service is packaged for Debian. FreedomBox Service is a native package and packaging source code is part of the main package source code.

  • Issues related to packaging are listed on Debian BTS.

2. FreedomBox Setup


FreedomBox Setup is obsolete. See FreedomBox Service (Plinth) instead.

FreedomBox Setup is a Debian package for setting up the FreedomBox. If you download and use pre-built images you don't have to worry about this package.

FreedomBox Setup is responsible for setting up basic networking, web server, user accounts, installing essential packages etc. It performs first part of the setup during the image build process. Later, when the image is booted for the first time on actual hardware (or on a virtual machine), it does the remaining setup and then reboots the machine. It also comes with a diagnostic script to check if the FreedomBox Setup is running as expected.

FreedomBox Setup is Free Software licensed under GNU General Public License version 3 or (at your option) a later version.

2.1. Using

  • FreedomBox Setup comes installed with all FreedomBox images. You can download FreedomBox images and run on any of the supported hardware.

  • If you are on a Debian box, you may install FreedomBox Setup from Debian package archive. This essentially turns your Debian installation into a FreedomBox! Currently, only Sid (unstable) is supported. To install FreedomBox Setup, see instructions on setting up FreedomBox on a Debian machine.

  • You can also get FreedomBox Setup from its Git repository and build Debian package from source.

2.2. Support

You may ask for support on

2.3. Contributing

We are looking for help to improve FreedomBox Setup.

3. Freedom Maker

Freedom Maker is a script to build FreedomBox disk images for use on various hardware devices or virtual machines.

Freedom Maker can currently build FreedomBox disk images for the following:

If a hardware platform is capable of running Debian, it should not be too much effort adopt Freedom Maker to create FreedomBox images for the platform.

Freedom Maker is Free Software licensed under GNU General Public License version 3 or (at your option) a later version.

3.1. Building FreedomBox Images

3.2. Support

You may ask for support on

3.3. Contributing

We are looking for help to improve Freedom Maker.

  • Instructions on how to contribute code are available.

  • Freedom Maker is hosted at FreedomBox Salsa Project. The primary Git repository is hosted there.

  • You can contribute to FreedomBox by adding support for more hardware platforms. Freedom Maker can be easily adopted to newer platforms if they already support running Debian.

  • You can create and test images with Freedom Maker regularly to test for new features and check for regressions.
  • List of bugs, TODO items and feature requests are available on the issue tracker.

  • You can request for development assistance on the discussion forum, the mailing list or the #freedombox IRC channel.

Other Resources: Manual Older Versions

  • ?0.3 Manual

  • ?0.2 Manual

  • ?Jessie Manual

Tell people around you