turnkey-wireguard-18.0 (1) turnkey; urgency=low

  * Update Wireguard to Debian Bookworm version (currently v1.0.20210914).
    [Anton Pyrogovskyi <anton@turnkeylinux.org>]

  * Set timezone on firstboot.
    [Anton Pyrogovskyi <anton@turnkeylinux.org>]

  * Rename firstboot env var APP_IP -> APP_VIRTUAL_SUBNET - addresses #1646.
    [Anton Pyrogovskyi <anton@turnkeylinux.org>]

  * Explcitly install wireguard-tools package - closes #1824.
    [Anton Pyrogovskyi <anton@turnkeylinux.org>]

  * Confconsole: bugfix broken DNS-01 Let's Encrypt challenge- closes #1876 &
    #1895.
    [Jeremy Davis <jeremy@turnkeylinux.org>]

  * Ensure hashfile includes URL to public key - closes #1864.

  * Include webmin-logviewer module by default - closes #1866.

  * Upgraded base distribution to Debian 12.x/Bookworm.

  * Configuration console (confconsole):
    - Support for DNS-01 Let's Encrypt challenges.
      [ Oleh Dmytrychenko <dmytrychenko.oleh@gmail.com> github: @NitrogenUA ]
    - Support for getting Let's Encrypt cert via IPv6 - closes #1785.
    - Refactor network interface code to ensure that it works as expected and
      supports more possible network config (e.g. hotplug interfaces & wifi).
    - Show error message rather than stacktrace when window resized to
      incompatable resolution - closes  #1609.
      [ Stefan Davis <stefan@turnkeylinux.org> ]
    - Bugfix exception when quitting configuration of mail relay.
      [ Oleh Dmytrychenko <dmytrychenko.oleh@gmail.com> github: @NitrogenUA ]
    - Improve code quality: implement typing, fstrings and make (mostly) PEP8
      compliant.
      [Stefan Davis <stefan@turnkeylinux.org> & Jeremy Davis

  * Firstboot Initialization (inithooks):
    - Refactor start up (now hooks into getty process, rather than having it's
      own service).
      [ Stefan Davis <stefan@turnkeylinux.org> ]
    - Refactor firstboot.d/01ipconfig (and 09hostname) to ensure that hostname
      is included in dhcp info when set via inithooks.
    - Package turnkey-make-ssl-cert script (from common overlay - now packaged
      as turnkey-ssl). Refactor relevant scripts to leverage turnkey-ssl.
    - Refactor run script - use bashisms and general tidying.
    - Show blacklisted password characters more nicely.
    - Misc packaging changes/improvements.
    - Support returning output from MySQL - i.e. support 'SELECT'. (Only
      applies to apps that include MySQL/MariaDB).

  * Web management console (webmin):
    - Upgraded webmin to v2.105.
    - Replace webmin-shell with webmin-xterm module by default - closes #1904.
    - Removed stunnel reverse proxy (Webmin hosted directly now).
    - Ensure that Webmin uses HTTPS with default cert
      (/etc/ssl/private/cert.pem).
    - Disabled Webmin Let's Encrypt (for now).

  * Web shell (shellinabox):
    - Completely removed in v18.0 (Webmin now has a proper interactive shell).

  * Backup (tklbam):
    - Ported dependencies to Debian Bookworm; otherwise unchanged.

  * Security hardening & improvements:
    - Generate and use new TurnKey Bookworm keys.
    - Automate (and require) default pinning for packages from Debian
      backports. Also support non-free backports.

  * IPv6 support:
    - Adminer (only on LAMP based apps) listen on IPv6.
    - Nginx/NodeJS (NodeJS based apps only) listen on IPv6.

  * Misc bugfixes & feature implementations:
    - Remove rsyslog package (systemd journal now all that's needed).
    - Include zstd compression support.
    - Enable new non-free-firmware apt repo by default.
    - Improve turnkey-artisan so that it works reliably in cron jobs (only
      Laravel based LAMP apps).

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Wed, 13 Mar 2024 07:32:05 +0000

turnkey-wireguard-17.1 (1) turnkey; urgency=low

  * Updated all Debian packages to latest.
    [ autopatched by buildtasks ]

  * Patched bugfix release. Closes #1734.
    [ autopatched by buildtasks ]

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Wed, 22 Feb 2023 21:49:17 +0000

turnkey-wireguard-17.0 (1) turnkey; urgency=low

  * Update wireguard and its dependencies to tkldev v17.

  * Update dialog_wrapper to refactored version for tkldev v17.

  * Updating appliance to include refactored lighttpd code in common.

  * Numerous usability improvements:
    - improved QR codes
    - Improved profile URLs security
    - New client removal menu
    [ Oleh Dmytrychenko <dmytrychenko.oleh@gmail.com> ]

  * Note: Please refer to turnkey-core's 17.0 changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Mattie Darden <mattie@turnkeylinux.org>  Wed, 22 Feb 2023 15:00:18 +0000

turnkey-wireguard-16.2 (1) turnkey; urgency=low

  * Fix bugs

    - #1610 (wireguard interface not started on reboot)
    - #1613 (ip_forward not persisting after reboot)
    - #1546 (enable 'mod_setenv' in LigHTTPd config)

 -- Stefan Davis <stefan@turnkeylinux.org>  Wed, 04 Aug 2021 09:26:48 +1000

turnkey-wireguard-16.1 (1) turnkey; urgency=low

  * Rebuild on latest Debian Buster.

  * Note: Please refer to turnkey-core's 16.1 changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Stefan Davis <stefan@turnkeylinux.org>  Tue, 27 Apr 2021 19:33:16 +1000

turnkey-wireguard-16.0 (1) turnkey; urgency=low

  * Initial release of turnkey wireguard appliance.

  * Includes wireguard from debian backports

  * Includes wireguard-addclient and wireguard-removeclient
    utility scripts for easy adding and removing of clients

  * Includes a confconsole plugin for adding users and
    generating an auto expiring obfuscated profile download
    url with QR code for convenience.

  * Note: Please refer to turnkey-core's changelog for changes common to all
    appliances. Here we only describe changes specific to this appliance.

 -- Stefan Davis <stefan@turnkeylinux.org>  Mon, 09 Nov 2020 17:54:22 +1100