wizard: reimplement system setup, for #8352

plist

@@ -246,6 +246,7 @@
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Core/Api/HasyncController.php
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Core/Api/HasyncStatusController.php
+/usr/local/opnsense/mvc/app/controllers/OPNsense/Core/Api/InitialSetupController.php
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Core/Api/MenuController.php
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Core/Api/ServiceController.php
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Core/Api/SnapshotsController.php
@@ -258,6 +259,7 @@
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Core/HasyncController.php
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Core/HasyncStatusController.php
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Core/IndexController.php
+/usr/local/opnsense/mvc/app/controllers/OPNsense/Core/InitialSetupController.php
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Core/LicenseController.php
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Core/RebootController.php
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Core/ServiceController.php
@@ -266,6 +268,10 @@
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Core/forms/hasyncSettings.xml
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Core/forms/snapshot.xml
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Core/forms/tunable.xml
+/usr/local/opnsense/mvc/app/controllers/OPNsense/Core/forms/wizard_general_info.xml
+/usr/local/opnsense/mvc/app/controllers/OPNsense/Core/forms/wizard_network_lan.xml
+/usr/local/opnsense/mvc/app/controllers/OPNsense/Core/forms/wizard_network_wan.xml
+/usr/local/opnsense/mvc/app/controllers/OPNsense/Core/forms/wizard_root_password.xml
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Cron/Api/ServiceController.php
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Cron/Api/SettingsController.php
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Cron/IndexController.php
@@ -685,6 +691,8 @@
 /usr/local/opnsense/mvc/app/models/OPNsense/Core/Firmware.xml
 /usr/local/opnsense/mvc/app/models/OPNsense/Core/Hasync.php
 /usr/local/opnsense/mvc/app/models/OPNsense/Core/Hasync.xml
+/usr/local/opnsense/mvc/app/models/OPNsense/Core/InitialSetup.php
+/usr/local/opnsense/mvc/app/models/OPNsense/Core/InitialSetup.xml
 /usr/local/opnsense/mvc/app/models/OPNsense/Core/Menu/Menu.xml
 /usr/local/opnsense/mvc/app/models/OPNsense/Core/Migrations/M1_0_0.php
 /usr/local/opnsense/mvc/app/models/OPNsense/Core/Migrations/M1_0_1.php
@@ -901,6 +909,7 @@
 /usr/local/opnsense/mvc/app/views/OPNsense/Core/halt.volt
 /usr/local/opnsense/mvc/app/views/OPNsense/Core/hasync.volt
 /usr/local/opnsense/mvc/app/views/OPNsense/Core/hasync_status.volt
+/usr/local/opnsense/mvc/app/views/OPNsense/Core/initial_setup.volt
 /usr/local/opnsense/mvc/app/views/OPNsense/Core/license.volt
 /usr/local/opnsense/mvc/app/views/OPNsense/Core/not_found.volt
 /usr/local/opnsense/mvc/app/views/OPNsense/Core/reboot.volt
@@ -1306,6 +1315,7 @@
 /usr/local/opnsense/scripts/system/crl_fetch.py
 /usr/local/opnsense/scripts/system/flush_config_history
 /usr/local/opnsense/scripts/system/get_locales.php
+/usr/local/opnsense/scripts/system/get_timezones.php
 /usr/local/opnsense/scripts/system/ha_xmlrpc_exec.php
 /usr/local/opnsense/scripts/system/list_shells.py
 /usr/local/opnsense/scripts/system/nameservers.php
@@ -2404,7 +2414,6 @@
 /usr/local/share/man/man8/opnsense-log.8.gz
 /usr/local/share/man/man8/opnsense-shell.8.gz
 /usr/local/share/man/man8/opnsense-version.8.gz
-/usr/local/wizard/system.xml
 /usr/local/www/authgui.inc
 /usr/local/www/crash_reporter.php
 /usr/local/www/csrf.inc
@@ -2437,9 +2446,6 @@
 /usr/local/www/interfaces_wireless.php
 /usr/local/www/interfaces_wireless_edit.php
 /usr/local/www/javascript/opnsense_legacy.js
-/usr/local/www/javascript/wizard/autosuggest.js
-/usr/local/www/javascript/wizard/disablekeys.js
-/usr/local/www/javascript/wizard/suggestions.js
 /usr/local/www/reporting_settings.php
 /usr/local/www/services_dhcp.php
 /usr/local/www/services_dhcp_edit.php
@@ -2467,7 +2473,6 @@
 /usr/local/www/vpn_ipsec_phase2.php
 /usr/local/www/vpn_openvpn_client.php
 /usr/local/www/vpn_openvpn_server.php
-/usr/local/www/wizard.php
 /usr/local/www/xmlrpc.php
 @sample /usr/local/etc/bogons.sample
 @sample /usr/local/etc/bogonsv6.sample

src/etc/config.xml.sample

@@ -93,18 +93,19 @@
       <track6-prefix-id>0</track6-prefix-id>
     </lan>
   </interfaces>
-  <dhcpd>
-    <lan>
-      <enable/>
-      <range>
-        <from>192.168.1.100</from>
-        <to>192.168.1.199</to>
-      </range>
-    </lan>
-  </dhcpd>
   <unbound>
     <enable>1</enable>
   </unbound>
+  <dnsmasq>
+      <enable>1</enable>
+      <port>0</port>
+      <interface>lan</interface>
+      <dhcp_ranges>
+          <interface>lan</interface>
+          <start_addr>192.168.1.100</start_addr>
+          <end_addr>192.168.1.199</end_addr>
+      </dhcp_ranges>
+  </dnsmasq>
   <snmpd>
     <syslocation/>
     <syscontact/>

src/etc/inc/filter.lib.inc

@@ -310,13 +310,13 @@ function filter_core_rules_system($fw, $defaults)
             ['from' => "<bogons>", 'direction' => 'in', 'interface' => $intf, 'ipprotocol' => 'inet',
             'descr' => "Block bogon IPv4 networks from " . $intfinfo['descr'],
             '#ref' => "interfaces.php?if=" . $intf . "#blockbogons",
-            'disabled' => !isset($intfinfo['blockbogons'])],
+            'disabled' => empty($intfinfo['blockbogons'])],
             $bogontmpl
         );
         $fw->registerFilterRule(
             5,
             ['from' => "<bogonsv6>", 'direction' => 'in', 'interface' => $intf, 'ipprotocol' => 'inet6',
-            'disabled' => $ipv6_disabled || !isset($intfinfo['blockbogons']),
+            'disabled' => $ipv6_disabled || empty($intfinfo['blockbogons']),
             '#ref' => "interfaces.php?if=" . $intf . "#blockbogons",
             'descr' => "Block bogon IPv6 networks from " . $intfinfo['descr']],
             $bogontmpl
@@ -326,15 +326,15 @@ function filter_core_rules_system($fw, $defaults)
             ['direction' => 'in', 'interface' => $intf, 'ipprotocol' => 'inet',
             '#ref' => "interfaces.php?if=" . $intf . "#blockpriv",
             'descr' => "Block private networks from " . $intfinfo['descr'],
-            'disabled' => !isset($intfinfo['blockpriv'])],
+            'disabled' => empty($intfinfo['blockpriv'])],
             $privtmpl
         );
         $fw->registerFilterRule(
             5,
             ['direction' => 'in', 'interface' => $intf, 'ipprotocol' => 'inet6',
             '#ref' => "interfaces.php?if=" . $intf . "#blockpriv",
             'descr' => "Block private networks from " . $intfinfo['descr'], 'from' => 'fc00::/7',
-            'disabled' => $ipv6_disabled || !isset($intfinfo['blockpriv'])],
+            'disabled' => $ipv6_disabled || empty($intfinfo['blockpriv'])],
             $privtmpl
         );
     }

src/etc/inc/system.inc

@@ -328,7 +328,7 @@ function get_searchdomains()
         $master_list[] = $syscfg['dnssearchdomain'];
     }
 
-    if (isset($syscfg['dnsallowoverride'])) {
+    if (!empty($syscfg['dnsallowoverride'])) {
         /* return domains as required by configuration */
         $list = shell_safe('/usr/local/sbin/ifctl -sl');
         if (!empty($list)) {

src/opnsense/mvc/app/controllers/OPNsense/Core/Api/InitialSetupController.php

@@ -0,0 +1,55 @@
+<?php
+
+/*
+ * Copyright (c) 2025 Deciso B.V.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+namespace OPNsense\Core\Api;
+
+use OPNsense\Base\ApiMutableModelControllerBase;
+use OPNsense\Core\Backend;
+use OPNsense\Core\Config;
+
+/**
+ * Class InitialSetupController
+ * @package OPNsense\Core
+ */
+class InitialSetupController extends ApiMutableModelControllerBase
+{
+    protected static $internalModelName = 'wizard';
+    protected static $internalModelClass = 'OPNsense\Core\InitialSetup';
+
+    public function configureAction()
+    {
+        $result = parent::setAction();
+        if ($result['result'] == 'saved') {
+            $result = $this->getModel()->updateConfig();
+            (new Backend())->configdRun("service reload delay", true);
+            return $result;
+        } else {
+            return $result;
+        }
+    }
+}

src/opnsense/mvc/app/controllers/OPNsense/Core/InitialSetupController.php

@@ -0,0 +1,70 @@
+<?php
+
+/**
+ *    Copyright (C) 2025 Deciso B.V.
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\Core;
+
+class InitialSetupController extends \OPNsense\Base\IndexController
+{
+    public function indexAction()
+    {
+        $this->view->all_tabs = [
+            'step_0' => [
+                'title' => gettext('Welcome'),
+                'message' => gettext(
+                    'This wizard will guide you through the initial system configuration. '.
+                    'The wizard may be stopped at any time by clicking the logo image at the top of the screen.'
+                )
+            ],
+            'step_1' => [
+                'title' => gettext('General Information'),
+                'form' => $this->getForm('wizard_general_info')
+            ],
+            'step_2' => [
+                'title' => gettext('Network [WAN]'),
+                'form' => $this->getForm('wizard_network_wan')
+            ],
+            'step_3' => [
+                'title' => gettext('Network [LAN]'),
+                'form' => $this->getForm('wizard_network_lan')
+            ],
+            'step_4' => [
+                'title' => gettext('Set initial password'),
+                'form' => $this->getForm('wizard_root_password')
+            ],
+            'step_final' => [
+                'title' => gettext('Finish'),
+                'message' => gettext(
+                    'This is the last step in the wizard, click apply to reconfigure the firewall.'
+                )
+            ],
+        ];
+        $this->view->pick('OPNsense/Core/initial_setup');
+    }
+}

src/opnsense/mvc/app/controllers/OPNsense/Core/forms/wizard_general_info.xml

@@ -0,0 +1,68 @@
+<form>
+    <field>
+        <id>wizard.hostname</id>
+        <label>Hostname</label>
+        <type>text</type>
+    </field>
+    <field>
+        <id>wizard.domain</id>
+        <label>Domain</label>
+        <type>text</type>
+    </field>
+    <field>
+        <id>wizard.language</id>
+        <label>Language</label>
+        <type>dropdown</type>
+    </field>
+    <field>
+        <id>wizard.dns_servers</id>
+        <label>DNS Servers</label>
+        <type>select_multiple</type>
+        <style>tokenize</style>
+        <allownew>true</allownew>
+        <help>Set primary domain name server IPv4 or IPv6 address. Repeat this option to set secondary DNS server addresses.</help>
+    </field>
+    <field>
+        <id>wizard.dnsallowoverride</id>
+        <label>Override DNS</label>
+        <type>checkbox</type>
+        <help>Allow DNS servers to be overridden by DHCP/PPP on WAN</help>
+    </field>
+    <field>
+        <type>header</type>
+        <label>DNS [Unbound]</label>
+    </field>
+    <field>
+        <id>wizard.unbound.enabled</id>
+        <label>Enable Resolver</label>
+        <type>checkbox</type>
+    </field>
+    <field>
+        <id>wizard.unbound.dnssec</id>
+        <label>Enable DNSSEC Support</label>
+        <type>checkbox</type>
+    </field>
+    <field>
+        <id>wizard.unbound.dnssecstripped</id>
+        <label>Harden DNSSEC data</label>
+        <type>checkbox</type>
+        <help>DNSSEC data is required for trust-anchored zones. If such data is absent, the zone becomes bogus. If this is disabled and no DNSSEC data is received, then the zone is made insecure.</help>
+    </field>
+    <field>
+        <type>header</type>
+        <label><![CDATA[Time & Timezone]]></label>
+    </field>
+    <field>
+        <id>wizard.timeservers</id>
+        <label>Time Servers</label>
+        <type>select_multiple</type>
+        <style>tokenize</style>
+        <allownew>true</allownew>
+        <help>Hostnames of the timeservers to use to acquire time for this firewall.</help>
+    </field>
+    <field>
+        <id>wizard.timezone</id>
+        <label>Timezone</label>
+        <type>dropdown</type>
+    </field>
+</form>

src/opnsense/mvc/app/controllers/OPNsense/Core/forms/wizard_network_lan.xml

@@ -0,0 +1,20 @@
+<form>
+    <field>
+        <id>wizard.interfaces.lan.disable</id>
+        <label>Disable LAN</label>
+        <type>checkbox</type>
+        <help>Disable LAN, usually only relevant in "wan" only scenarios.</help>
+    </field>
+    <field>
+        <id>wizard.interfaces.lan.ipaddr</id>
+        <label>IP Address</label>
+        <type>text</type>
+        <help>Ip address and cidr to configure on this interface, e.g. 192.168.1.1/24.</help>
+    </field>
+    <field>
+        <id>wizard.interfaces.lan.configure_dhcp</id>
+        <label>Configure DHPC server</label>
+        <type>checkbox</type>
+        <help>Configure DHCP server for this network, when disabled dhcp services will not be available on this network after finishing the wizard.</help>
+    </field>
+</form>