vpn/openvpn: Use tls-crypt and tls-auth aliases for generating the static key (#9810)
* vpn/openvpn: Even though openvpn --genkey secret generates the same static key for secret, tls-auth and tls-crypt, it is more explicit to use all modes verbatim. It's simpler to expand it in the future this way.
vpn/openvpn: Even though openvpn --genkey secret generates the same static key for secret, tls-auth and tls-crypt, it is more explicit to use all modes verbatim. It's simpler to expand it in the future this way.
dashboard: sync layout with configuration when adjusting column count
This prevents edge cases of widget deletion or additions in one layout mode
still showing up in others. This also handles privilege changes, where
users don't have access to specific widgets anymore, making sure
these persisted widget layouts are cleaned up when requested.
dashboard: store layout types based on column breakpoints
We currently define 3 breakpoints with 1, 3 and 12 columns respectively.
Previously, if a user loaded the dashboard on a phone or tablet
screen and subsequently saved the layout, this layout would be
ignored in order to prevent a hardcoded number of columns on
larger screens. With this commit, each breakpoint will have its
own associated layout and dynamically adjust the layout to one
of the available ones if the screen is resized and forced to reduce
the number of columns. Layouts on smaller screens are therefore
persisted as well.
Firewall: Schedule: Fix is_schedule_inuse so it works for legacy and new rules (#9807)
* Firewall: Schedule: Fix is_schedule_inuse so it works for legacy and new rules
* Use config_read_array instead
interfaces: multi-dhcp6c support and custom PD association #7647
This splits off rtsold and dhcp6c into separate processes
which frees us from the restrictions of faked iterative IDs
for PD associations. For NA we simply default to 0 now.
I'm not entirely sure why we settled for a single deamon of
dhcp6c back in the day, but there are certianly downsides to
it and I don't see something that wasn't fixed in the meantime
that makes this not work.
Fix typo (#9803)
The installation wizard has a typo wherein Unbound is referred to as "Unboud" (missing the 'n' character). This commit fixes this typo.
make: remove CORE_REPOSITORY
Looking at it again this was used for LibreSSL back in the day
but we do not need this and aux configuration is also hardcoded.
Services: Dnsmasq DNS & DHCP: add IP address validations for some of the DHCPv4 and DHCPv6 options (#9790)
---------
Co-authored-by: Ad Schellevis <AdSchellevis at users.noreply.github.com>
Co-authored-by: Franco Fichtner <1915288+fichtner at users.noreply.github.com>
Services: Captive Portal: Move template actions out of the ServiceController into its own TemplateController, so it can use the ApiMutableModelControllerBase methods
Services: Captive Portal: Move template actions out of the ServiceController into its own TemplateController, so it can use the ApiMutableModelControllerBase methods
backend: allow non-intrusive config_read_array(); closes #9786
When config keys are not found or are not arrays that should
be (especially for iterating with foreach) we do a trick here
by returning a detached empty array to avoid upper layer
errors, forcing empty arrays into $config yet reading and
removal still work fine. The default stays the "insert" mode,
which can be triggered explicitly just for symmetry. Bools
are not in the keys so this is perfectly fine.
The function itself was added in 4c179c23 in 2017 and hasn't
been modified since which is quite the achievement IMO. It's
had a clear purpose but now we make it just a little bit
better. :)
Look for more references at least in the legacy pages:
# git grep 'foreach.($config\[' src/www
