Hack call: 14:00 UTC
- Dist upgrade mistakenly started on testing system (James)
- lsb_release is used to determine the release
- switch to systemd command (hostnamectl status)
- doesn't indicate whether it is testing or not
- hostnamectl status --json pretty
- trixie/sid seems to indicate either testing or unstable
Hardware devices (x86) for FreedomBox
- Intel N100 processor (4 efficiency cores)
- Beelink Mini PC in $250 range with 2 NVMe disks in RAID
- 2 ethernet ports: 1 up, 1 down. No port-forwarding or DMZ required.
Internet -> FreedomBox -> Wi-Fi router
- captive portal on first setup
- Updates on DNS-over-TLS and DNSSEC (sunil)
- Switched to systemd-resolved instead of using /etc/resolv.conf
- resolvconf package removed
- if resolvconf is already installed, systemd-resolved doesn't read /etc/resolv.conf
- systemd-resolved can ask to refeed the DNS servers to it using an nmcli command, without requiring a reboot
- Some corner cases with reading networking related files under /etc
- Fallback servers supported - same as what systemd upstream uses - 1.1.1.1 (Cloudflare) or 8.8.8.8 (Google). Debian removed these, but we added them back. Only used when no DNS servers are configured. Can be turned off using a privacy setting.
- DNS servers can be manually configured by editing the network connection.
- DNS over TLS helps with censorship resistance. Uses a special port (853 instead of 53, UDP). Settings in Name Services and in network connections (DNSSEC).
- Document common DNS providers and what features they support.
- Some programs can be configured to not proceed if DNSSEC fails.
Ability to configure multiple domains for a FreedomBox. Also in DynamicDNS.
This enables auto-configuration of a domain name and certificate for a new FreedomBox.
We will get DNS over HTTPS (preferred, port 443) into FreedomBox once systemd supports it. Still in pull request.
- Switched to systemd-resolved instead of using /etc/resolv.conf
- BIND updates
- Resolved port conflict between BIND and shared network connections.
- Plan to run BIND on external zone, configured as NS server in DDNS.
- wildcard certificates
- Tags for apps (joseph)
- Define in the manifest file
- Tags provided by app developer
- User defined tags may be implemented later (or not)
- Filter list of apps based on selected tag(s)
- Bepasty issue with domain configuration (lifeform/sunil)