turnkey-domain-controller-18.0 (1) turnkey; urgency=low

  * Include some "getting started" docs on the landing page (tklweb-cp) -
    closes #1810.
    [Jeremy Davis <jeremy@turnkeylinux.org>]

  * Support Domain Controller with 'dc1' name, joining an existing domain -
    so long as it doesn't already exist (checked via DNS) - untracked bug.
    [Jeremy Davis <jeremy@turnkeylinux.org>]

  * Ensure hashfile includes URL to public key - closes #1864.

  * Include webmin-logviewer module by default - closes #1866.

  * Upgraded base distribution to Debian 12.x/Bookworm.

  * Configuration console (confconsole) - v2.1.6:
    - Support for DNS-01 Let's Encrypt challenges.
      [ Oleh Dmytrychenko <dmytrychenko.oleh@gmail.com> github: @NitrogenUA ]
    - Support for getting Let's Encrypt cert via IPv6 - closes #1785.
    - Refactor network interface code to ensure that it works as expected and
      supports more possible network config (e.g. hotplug interfaces & wifi).
    - Show error message rather than stacktrace when window resized to
      incompatable resolution - closes  #1609.
      [ Stefan Davis <stefan@turnkeylinux.org> ]
    - Bugfix exception when quitting configuration of mail relay.
      [ Oleh Dmytrychenko <dmytrychenko.oleh@gmail.com> github: @NitrogenUA ]
    - Improve code quality: implement typing, fstrings and make (mostly) PEP8
      compliant.
      [Stefan Davis <stefan@turnkeylinux.org> & Jeremy Davis
    - General dehydrated-wrapper code cleanup - now passes shellcheck.

  * Firstboot Initialization (inithooks):
    - Refactor start up (now hooks into getty process, rather than having it's
      own service).
      [ Stefan Davis <stefan@turnkeylinux.org> ]
    - Refactor firstboot.d/01ipconfig (and 09hostname) to ensure that hostname
      is included in dhcp info when set via inithooks.
    - Package turnkey-make-ssl-cert script (from common overlay - now packaged
      as turnkey-ssl). Refactor relevant scripts to leverage turnkey-ssl.
    - Refactor run script - use bashisms and general tidying.
    - Show blacklisted password characters more nicely.
    - Misc packaging changes/improvements.
    - Support returning output from MySQL - i.e. support 'SELECT'. (Only
      applies to apps that include MySQL/MariaDB).

  * Web management console (webmin):
    - Upgraded webmin to v2.105.
    - Replace webmin-shell with webmin-xterm module by default - closes #1904.
    - Include webmin-logviewer module by default - closes #1866.
    - Removed stunnel reverse proxy (Webmin hosted directly now).
    - Ensure that Webmin uses HTTPS with default cert
      (/etc/ssl/private/cert.pem).
    - Disabled Webmin Let's Encrypt (for now).

  * Web shell (shellinabox):
    - Completely removed in v18.0 (Webmin now has a proper interactive shell).

  * Backup (tklbam):
    - Ported dependencies to Debian Bookworm; otherwise unchanged.

  * Security hardening & improvements:
    - Generate and use new TurnKey Bookworm keys.
    - Automate (and require) default pinning for packages from Debian
      backports. Also support non-free backports.

  * IPv6 support:
    - Adminer (only on LAMP based apps) listen on IPv6.
    - Nginx/NodeJS (NodeJS based apps only) listen on IPv6.

  * Misc bugfixes & feature implementations:
    - Remove rsyslog package (systemd journal now all that's needed).
    - Include zstd compression support.
    - Enable new non-free-firmware apt repo by default.
    - Improve turnkey-artisan so that it works reliably in cron jobs (only
      Laravel based LAMP apps).

  * Reduce log noise by creating ntpsec log dir - closes #1952.

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Fri, 05 Jul 2024 11:19:03 +0000

turnkey-domain-controller-17.1 (1) turnkey; urgency=low

  * Updated all Debian packages to latest.
    [ autopatched by buildtasks ]

  * Patched bugfix release. Closes #1734.
    [ autopatched by buildtasks ]

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Thu, 30 Mar 2023 00:37:16 +0000

turnkey-domain-controller-17.0 (1) turnkey; urgency=low

  * Install Samba v4.17.3 from Bullseye backports - supports latest Win11
    joining domain. Samba pinned to backports for easier maintence.

  * Add support for setting admin username when joining domain - closes #1671.

  * Allow dash in realm - closes #1670.

  * Disable systemd-resolved.service in LXC builds - closes #1766.

  * Update inithook for libinithook refactoring in v17.x.

  * Note: Please refer to turnkey-core's 17.0 changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Mon, 20 Feb 2023 03:28:24 +0000

turnkey-domain-controller-16.2 (1) turnkey; urgency=low

  * Rebuild on latest Debian Buster.

  * Adjust service name that Webmin "Start/Stop/Restart Samba" buttons use.
    Closes #1618.

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Thu, 22 Jul 2021 14:15:47 +1000

turnkey-domain-controller-16.1 (1) turnkey; urgency=low

  * Refactor of Domain Controller specific inithook (domain-controller.py) to
    make 'join' functionality work.

  * Rebuild on latest Debian Buster.

  * Note: Please refer to turnkey-core's 16.1 changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Mon, 17 May 2021 15:58:41 +1000

turnkey-domain-controller-16.0 (1) turnkey; urgency=low

  * Update packages to latest Debian Buster versions; including Samba v4.9.5.

  * Major rewrite of python inithook amd removal of old bash inithook scripts.

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Fri, 16 Oct 2020 15:55:43 +1100

turnkey-domain-controller-15.0 (1) turnkey; urgency=low

  * Initialization (specific to domain-controller - via inithooks):

    - support joining existing AD domain (closes #790)
    - separate out commandline usage into bash scripts (commands were
      previously run direct from python)
    - don't acccept parentheses in Samba admin password (closes #861)

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Vlad Kuzmenko <vlad@turnkeylinux.org>  Tue, 26 Jun 2018 00:30:42 +0200

turnkey-domain-controller-14.2 (1) turnkey; urgency=low

  * Updated first boot inithooks to use updated Dialog password prompt

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Ken Robinson <ken@turnkeylinux.org>  Sun, 16 Jul 2017 12:08:19 -0400

turnkey-domain-controller-14.1 (1) turnkey; urgency=low

  * Add additional required ports to the firewall config [#573]

  * Fix LigHTTPd bug in 15regen-sllcert [#512].

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.i

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Thu, 18 Feb 2016 15:19:03 +1100

turnkey-domain-controller-14.0 (1) turnkey; urgency=low

  * Debian Jessie package version of Samba4.

  * Configured as Active Directory Domain Controller.

  * AjaXplorer/fileserver functionality removed.

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Jeremy Davis <jeremy@turnkeylinux.org> Thu, 10 Sept 2015 20:50:12 +1000

turnkey-domain-controller-13.0 (1) turnkey; urgency=low

  * Latest Debian Wheezy package version of Samba.

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Alon Swartz <alon@turnkeylinux.org>  Thu, 10 Oct 2013 17:44:56 +0300

turnkey-domain-controller-12.1 (1) turnkey; urgency=low

  * AjaXplorer related:

    - Upgraded to latest version
    - Removed smb-root-write-fix patch (included in new version).
    - Added USER_BASE_DRIVER to plugins multi-auth (required in new version).
    - Force SSL and set locale to en_US.UTF-8.

  * Upstream source component versions:

    ajaxplorer      4.2.3

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Alon Swartz <alon@turnkeylinux.org>  Sun, 07 Apr 2013 08:00:00 +0200

turnkey-domain-controller-12.0 (1) turnkey; urgency=low

  * Added web-based file manager (AjaXplorer)

    - Pre-configured multi-authentication (Local and Samba).
    - Pre-configured repositories (storage, user home directory).
    - Set local admin password on firstboot.

  * Printing via CUPS

    - Package name transition: cupsys -> cups
    - Added administrator user to lpadmin group (bugfix).
    - Pre-configured cups-pdf printer.

  * Configured automatic unix/smb user/group synchronization in Webmin.

  * Major component versions

    ajaxplorer      4.0.4 (upstream archive)
    samba           2:3.5.6~dfsg-3squeeze8
    cups            1.4.4-7+squeeze1
    cups-pdf        2.5.0-16
    lighttpd        1.4.28-2+squeeze1

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Alon Swartz <alon@turnkeylinux.org>  Wed, 01 Aug 2012 08:00:00 +0200

turnkey-domain-controller-11.3 (1) turnkey; urgency=low

  * Installed security updates.
  * Enabled etckeeper garbage collection by default.
  * Upgraded to latest inithooks version (adhoc re-initialization via turnkey-init)

 -- Alon Swartz <alon@turnkeylinux.org>  Mon, 05 Dec 2011 10:48:44 +0000

turnkey-domain-controller-11.2 (1) turnkey; urgency=low

  * Installed security updates.
  * Added HubDNS package and firstboot configuration.

 -- Alon Swartz <alon@turnkeylinux.org>  Fri, 15 Jul 2011 07:47:08 +0000

turnkey-domain-controller-11.1 (1) turnkey; urgency=low

  * Set domain and administrator password on firstboot (convenience, security).

  * Major component versions:

    samba           2:3.4.7~dfsg-1ubuntu3.2
    cupsys          1.4.3-1ubuntu1.3
    cups-pdf        2.5.0-12
    lighttpd        1.4.26-1.1ubuntu3

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Alon Swartz <alon@turnkeylinux.org>  Sun, 19 Dec 2010 15:01:05 +0200

turnkey-domain-controller-2009.10 (2) hardy; urgency=low

  * Installed all security updates (see manifest for package versions).

  * Install security updates on firstboot (except when running live).

  * Trick webmin into not checking for upgrades (managed by apt).

  * Included latest version of inithooks and updated scripts.

  * Included wget as per common request.

 -- Alon Swartz <alon@turnkeylinux.org>  Mon, 29 Mar 2010 09:02:11 +0200

turnkey-domain-controller-2009.10 (1) hardy; urgency=low

  * Initial public release of TurnKey Domain Controller

  * SSL support out of the box

  * Domain controller configurations:

    - Preconfigured domain: DOMAIN
    - Preconfigured netbios name: PDC
    - Includes custom samba-config script to change domain and set administrator
      password (included as part of installation).

    - Created administrator account and added to Domain Users and Domain Admins.
    - Granted Domain Admins full permissions on the domain.
    - Created smbgroups (smbusers, smbadmins, smbmachines).
    - Created group mapping for smbusers: Domain Users
    - Created group mapping for smbadmins: Domain Admins
    - Configured samba user accounts to synchronize with unix user accounts.

    - Configured netlogon service:

        - Limit domain login to Domain Users and Domain Admins.
        - Logon/home drive mapped to H:
        - Synchronize time at login with PDC.
        - Default permissions set owner full permissions, only.

    - Configured roaming profiles:

        - Public storage mapped to S:
        - Default permissions set owner full permissions, everyone read.

    - Configured printing support:

        - Setup Point-and-Print (PnP).
        - Installed PDF printer (drops printed docs to $HOME/PDF).
        - Configured cupsys web interface to bind to all interfaces and
          support SSL.
          
    - Bugfixed samba-docs (manpage and missing links).
    - Includes flip to convert text file endings between UNIX and DOS formats.

  * Includes Turnkey web control panel (convenience).

  * Regenerates all secrets during installation / firstboot (security).

  * Major component versions:

    samba           3.0.28a-1ubuntu4.8
    cupsys          1.3.7-1ubuntu3.5
    cups-pdf        2.4.6-4ubuntu2
    lighttpd        1.4.19-0ubuntu3.1

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Alon Swartz <alon@turnkeylinux.org>  Tue, 29 Sep 2009 15:39:41 +0200