iiab/roles/www_options/tasks/main.yml

# Role "www_base" runs earlier, likely in 3-BASE-SERVER.
# Role "www_options" runs here, probably in 4-SERVER-OPTIONS.


# HOMEPAGE

- name: Create dir {{ doc_root }}{{ iiab_home_url }} just in case variable iiab_home_url was customized.  (Standard path {{doc_root}}/home was created earlier.)
  file:
    state: directory
    path: "{{ doc_root }}{{ iiab_home_url }}"    # /library/www/html/home
    owner: "{{ apache_user }}"
    group: "{{ apache_user }}"
    mode: '0755'

# Used to be run by httpd/tasks/install.yml
- name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) if apache_install"
  include_tasks: roles/httpd/tasks/homepage.yml
  when: apache_installed is defined

# Used to be run by nginx/tasks/install.yml
- name: Enable IIAB pages via NGINX (e.g. on port 80) if nginx_install
  include_tasks: roles/nginx/tasks/homepage.yml
  when: nginx_installed is defined
  #when: nginx_install

- name: Make home page autostart on localhost (the server's console) if session manager is LXDE (rpi)
  stat:
    path: /etc/xdg/lxsession/LXDE-pi/autostart
  register: lxde_present

- name: Check for Chromium name change
  stat:
    path: /usr/bin/chromium
  register: chromium_present

- name: Add chromium-browser to /etc/xdg/lxsession/LXDE-pi/autostart if session manager is LXDE
  lineinfile:
    path: /etc/xdg/lxsession/LXDE-pi/autostart
    regexp: '^/usr/bin/chromium-browser'
    line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' 
  when: lxde_present.stat.exists and not chromium_present.stat.exists

- name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart if session manager is LXDE
  lineinfile:
    path: /etc/xdg/lxsession/LXDE-pi/autostart
    regexp: '^/usr/bin/chromium'
    line: '/usr/bin/chromium --disable-restore-session-state http://box/home' 
  when: lxde_present.stat.exists and chromium_present.stat.exists


- debug:
    msg: 'THE 5 ANSIBLE STANZAS BELOW ONLY RUN... when: moodle_install or nextcloud_install or pbx_install or wordpress_install'

- block:    # 5-STANZA BLOCK BEGINS

  # roles/nginx has installed pkg 'php{{ php_version }}-fpm' in 3-base-server

  - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)"
    lineinfile:
      path: /etc/php/{{ php_version }}/fpm/php.ini    # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini
      regexp: "{{ item.regexp }}"
      line: "{{ item.line }}"
    with_items:
      - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 100M    ; default is 2M' }
      - { regexp: '^post_max_size', line: 'post_max_size = 100M    ; default is 8M' }
      - { regexp: '^max_execution_time', line: 'max_execution_time = 100    ; default is 30' }
      - { regexp: '^max_input_time', line: 'max_input_time = 100    ; default is 60' }
      - { regexp: '^memory_limit', line: 'memory_limit = 128M    ; default is 128M / Nextcloud requests 512M' }
      - { regexp: '^max_input_vars', line: 'max_input_vars = 1000    ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' }
    when: not nginx_high_php_limits and not moodle_install    # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install

  - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)"
    lineinfile:
      path: /etc/php/{{ php_version }}/cli/php.ini    # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini
      regexp: "{{ item.regexp }}"
      line: "{{ item.line }}"
    with_items:
      - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 100M    ; default is 2M' }
      - { regexp: '^post_max_size', line: 'post_max_size = 100M    ; default is 8M' }
      - { regexp: '^max_execution_time', line: 'max_execution_time = 100    ; default is 30' }
      - { regexp: '^max_input_time', line: 'max_input_time = 100    ; default is 60' }
      - { regexp: '^memory_limit', line: 'memory_limit = 128M    ; default is 128M / Nextcloud requests 512M' }
      - { regexp: '^max_input_vars', line: 'max_input_vars = 1000    ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' }
    when: not nginx_high_php_limits and not moodle_install    # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install

  # WARNING: This might cause excess use of RAM/disk or other resources!
  # The first 5 values below were chosen by @ericnitschke and @kananigit on
  # 2018-09-19: https://github.com/iiab/iiab/issues/1147

  # 2020-03-08: IIAB DOES NOT SUPPORT UNINSTALLING APPS, so additional
  # clauses (to reset/restore PHP's defaults) are not necessary at this time.

  # 2021-06-28: WITH PHP 8, MOODLE'S CLI INSTALLER UNFORTUNATELY *REQUIRES*
  # editing /etc/php/{{ php_version }}/cli/php.ini (below) -- though during
  # regular operation it uses:     .../fpm/php.ini
  # And in the past it used:       .../apache2/php.ini

  - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)"
    lineinfile:
      path: /etc/php/{{ php_version }}/fpm/php.ini    # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini
      regexp: "{{ item.regexp }}"
      line: "{{ item.line }}"
    with_items:
      - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M    ; default is 2M' }
      - { regexp: '^post_max_size', line: 'post_max_size = 500M    ; default is 8M' }
      - { regexp: '^max_execution_time', line: 'max_execution_time = 300    ; default is 30' }
      - { regexp: '^max_input_time', line: 'max_input_time = 300    ; default is 60' }
      - { regexp: '^memory_limit', line: 'memory_limit = 512M    ; default is 128M / Nextcloud requests 512M' }
      - { regexp: '^max_input_vars', line: 'max_input_vars = 5000    ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' }
    when: nginx_high_php_limits or moodle_install    # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install

  - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)"
    lineinfile:
      path: /etc/php/{{ php_version }}/cli/php.ini    # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini
      regexp: "{{ item.regexp }}"
      line: "{{ item.line }}"
    with_items:
      - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M    ; default is 2M' }
      - { regexp: '^post_max_size', line: 'post_max_size = 500M    ; default is 8M' }
      - { regexp: '^max_execution_time', line: 'max_execution_time = 300    ; default is 30' }
      - { regexp: '^max_input_time', line: 'max_input_time = 300    ; default is 60' }
      - { regexp: '^memory_limit', line: 'memory_limit = 512M    ; default is 128M / Nextcloud requests 512M' }
      - { regexp: '^max_input_vars', line: 'max_input_vars = 5000    ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' }
    when: nginx_high_php_limits or moodle_install    # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install

  - name: Restart 'php{{ php_version }}-fpm' systemd service
    systemd:
      name: php{{ php_version }}-fpm
      state: restarted

  when: moodle_install or nextcloud_install or pbx_install or wordpress_install    # 5-STANZA BLOCK ENDS.  COMPARE apache_allow_sudo conditionals below.


# 'Is a "Rapid Power Off" button possible for low-electricity environments?'
# gives more details here: http://FAQ.IIAB.IO

# COMPARE nginx_high_php_limits further above.

# 2020-03-08: DOES THE FLAG BELOW (apache_allow_sudo) PRESUMABLY WORK
# WITH NGINX TOO ?  (The single-click poweroff button on IIAB's home
# page certainly does still work with NGINX.)

- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_apache_poweroff from template
  template:
    src: 020_apache_poweroff.j2
    dest: /etc/sudoers.d/020_apache_poweroff
    mode: '0440'
  when: apache_allow_sudo

- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff
  file:
    path: /etc/sudoers.d/020_apache_poweroff
    state: absent
  when: not apache_allow_sudo


# 2022-06-30: internet_available var removed
- name: 'Test for Internet access, using: {{ iiab_download_url }}/heart-beat.txt'
  get_url:
    url: "{{ iiab_download_url }}/heart-beat.txt"
    dest: /tmp/heart-beat.txt
    #timeout: "{{ download_timeout }}"
    # @jvonau recommends: 100sec is too much (keep 10sec default)
  ignore_errors: True
  #async: 10
  #poll: 2
  register: internet_access_test

- name: Remove downloaded Internet test file /tmp/heart-beat.txt
  file:
    path: /tmp/heart-beat.txt
    state: absent

- name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation.  (This script was installed in Stage 3 = roles/3-base-server/tasks/main.yml, which ran roles/www_base/tasks/main.yml)
  command: /usr/bin/iiab-refresh-wiki-docs
  when: not internet_access_test.failed and not nodocs


- name: (Re)Start '{{ apache_service }}' systemd service, if installed & enabled
  systemd:
    name: "{{ apache_service }}"    # apache2 on debuntu
    state: restarted
  when: apache_installed is defined and apache_enabled

- name: (Re)Start 'nginx' systemd service, if nginx_enabled
  systemd:
    name: nginx
    state: restarted
  when: nginx_enabled


# RECORD www_options AS INSTALLED

- name: "Set 'www_options_installed: True'"
  set_fact:
    www_options_installed: True

- name: "Add 'www_options_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^www_options_installed'
    line: 'www_options_installed: True'
www_back_end, www_front_end -> www_core, www_options 2020-03-08 19:26:05 +00:00			`# Role "www_base" runs earlier, likely in 3-BASE-SERVER.`
			`# Role "www_options" runs here, probably in 4-SERVER-OPTIONS.`
Try roles/www_back_end in Stage 3 & roles/www_front_end in Stage 4 2020-02-13 01:53:36 +00:00

			`# HOMEPAGE`

			`- name: Create dir {{ doc_root }}{{ iiab_home_url }} just in case variable iiab_home_url was customized. (Standard path {{doc_root}}/home was created earlier.)`
			`file:`
			`state: directory`
			`path: "{{ doc_root }}{{ iiab_home_url }}" # /library/www/html/home`
			`owner: "{{ apache_user }}"`
			`group: "{{ apache_user }}"`
			`mode: '0755'`

Restart web server(s) as www_front_end completes 2020-02-14 03:53:19 +00:00			`# Used to be run by httpd/tasks/install.yml`
Try roles/www_back_end in Stage 3 & roles/www_front_end in Stage 4 2020-02-13 01:53:36 +00:00			`- name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) if apache_install"`
			`include_tasks: roles/httpd/tasks/homepage.yml`
Reduce dependency on Apache in 9 playbooks 2020-05-17 02:48:52 +00:00			`when: apache_installed is defined`
Try roles/www_back_end in Stage 3 & roles/www_front_end in Stage 4 2020-02-13 01:53:36 +00:00
Restart web server(s) as www_front_end completes 2020-02-14 03:53:19 +00:00			`# Used to be run by nginx/tasks/install.yml`
Try roles/www_back_end in Stage 3 & roles/www_front_end in Stage 4 2020-02-13 01:53:36 +00:00			`- name: Enable IIAB pages via NGINX (e.g. on port 80) if nginx_install`
			`include_tasks: roles/nginx/tasks/homepage.yml`
Reduce dependency on Apache in 9 playbooks 2020-05-17 02:48:52 +00:00			`when: nginx_installed is defined`
Remove "\| bool" 1.5yrs later, as Ansible 2.10 changed conditional_bare_variables default 2020-10-16 20:46:19 +00:00			`#when: nginx_install`
Try roles/www_back_end in Stage 3 & roles/www_front_end in Stage 4 2020-02-13 01:53:36 +00:00
chromium-browse autostart for server console 2020-10-31 23:05:37 +00:00			`- name: Make home page autostart on localhost (the server's console) if session manager is LXDE (rpi)`
			`stat:`
Lint www_options/tasks/main.yml 2022-05-23 23:51:01 +00:00			`path: /etc/xdg/lxsession/LXDE-pi/autostart`
chromium-browse autostart for server console 2020-10-31 23:05:37 +00:00			`register: lxde_present`

accomodate chromium name change in 64 bit image 2020-11-03 04:14:18 +00:00			`- name: Check for Chromium name change`
			`stat:`
Lint www_options/tasks/main.yml 2022-05-23 23:51:01 +00:00			`path: /usr/bin/chromium`
accomodate chromium name change in 64 bit image 2020-11-03 04:14:18 +00:00			`register: chromium_present`

Lint / Explanations for release For final review by @georgejhunt if he can look this over. 2020-11-03 12:03:10 +00:00			`- name: Add chromium-browser to /etc/xdg/lxsession/LXDE-pi/autostart if session manager is LXDE`
chromium-browse autostart for server console 2020-10-31 23:05:37 +00:00			`lineinfile:`
Lint www_options/tasks/main.yml 2022-05-23 23:51:01 +00:00			`path: /etc/xdg/lxsession/LXDE-pi/autostart`
			`regexp: '^/usr/bin/chromium-browser'`
			`line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home'`
			`when: lxde_present.stat.exists and not chromium_present.stat.exists`
accomodate chromium name change in 64 bit image 2020-11-03 04:14:18 +00:00
Lint / Explanations for release For final review by @georgejhunt if he can look this over. 2020-11-03 12:03:10 +00:00			`- name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart if session manager is LXDE`
accomodate chromium name change in 64 bit image 2020-11-03 04:14:18 +00:00			`lineinfile:`
Lint www_options/tasks/main.yml 2022-05-23 23:51:01 +00:00			`path: /etc/xdg/lxsession/LXDE-pi/autostart`
			`regexp: '^/usr/bin/chromium'`
			`line: '/usr/bin/chromium --disable-restore-session-state http://box/home'`
			`when: lxde_present.stat.exists and chromium_present.stat.exists`
chromium-browse autostart for server console 2020-10-31 23:05:37 +00:00
fpm/php.ini + cli/php.ini + apache2/php.ini for Moodle 2021-06-28 21:59:28 +00:00
Clean/explain www_front_end/tasks/main.yml 2020-03-08 18:34:55 +00:00			`- debug:`
apache2/php.ini fixes for Moodle e.g. 'max_input_vars = 5000' 2021-06-28 17:29:58 +00:00			`msg: 'THE 5 ANSIBLE STANZAS BELOW ONLY RUN... when: moodle_install or nextcloud_install or pbx_install or wordpress_install'`
Try roles/www_back_end in Stage 3 & roles/www_front_end in Stage 4 2020-02-13 01:53:36 +00:00
apache2/php.ini fixes for Moodle e.g. 'max_input_vars = 5000' 2021-06-28 17:29:58 +00:00			`- block: # 5-STANZA BLOCK BEGINS`
Move php-fpm / high limits from www_back_end (3) to www_front_end (4) 2020-02-16 07:47:45 +00:00
Cleanup of PHP 7.x & 8.0 dependencies 2021-06-27 20:01:53 +00:00			`# roles/nginx has installed pkg 'php{{ php_version }}-fpm' in 3-base-server`
Move php-fpm / high limits from www_back_end (3) to www_front_end (4) 2020-02-16 07:47:45 +00:00
www_options/tasks/main.yml: Clarif 'nginx_high_php_limits: False' 2021-05-22 21:23:00 +00:00			`- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)"`
Establish IIAB defaults in fpm/php.ini (do WordPress & Moodle take advantage?) 2020-03-07 07:32:41 +00:00			`lineinfile:`
fpm/php.ini + cli/php.ini + apache2/php.ini for Moodle 2021-06-28 21:59:28 +00:00			`path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini`
			`regexp: "{{ item.regexp }}"`
			`line: "{{ item.line }}"`
			`with_items:`
			`- { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 100M ; default is 2M' }`
			`- { regexp: '^post_max_size', line: 'post_max_size = 100M ; default is 8M' }`
			`- { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' }`
			`- { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' }`
			`- { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' }`
			`- { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' }`
			`when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install`

			`- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)"`
			`lineinfile:`
			`path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini`
Establish IIAB defaults in fpm/php.ini (do WordPress & Moodle take advantage?) 2020-03-07 07:32:41 +00:00			`regexp: "{{ item.regexp }}"`
			`line: "{{ item.line }}"`
			`with_items:`
			`- { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 100M ; default is 2M' }`
			`- { regexp: '^post_max_size', line: 'post_max_size = 100M ; default is 8M' }`
Clean/explain www_front_end/tasks/main.yml 2020-03-08 18:34:55 +00:00			`- { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' }`
			`- { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' }`
Establish IIAB defaults in fpm/php.ini (do WordPress & Moodle take advantage?) 2020-03-07 07:32:41 +00:00			`- { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' }`
fpm/php.ini + cli/php.ini + apache2/php.ini for Moodle 2021-06-28 21:59:28 +00:00			`- { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' }`
apache2/php.ini fixes for Moodle e.g. 'max_input_vars = 5000' 2021-06-28 17:29:58 +00:00			`when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install`
Establish IIAB defaults in fpm/php.ini (do WordPress & Moodle take advantage?) 2020-03-07 07:32:41 +00:00
www_options/tasks/main.yml: Refine nginx_high_php_limits comments 2021-08-04 11:47:33 +00:00			`# WARNING: This might cause excess use of RAM/disk or other resources!`
			`# The first 5 values below were chosen by @ericnitschke and @kananigit on`
			`# 2018-09-19: https://github.com/iiab/iiab/issues/1147`

fpm/php.ini + cli/php.ini + apache2/php.ini for Moodle 2021-06-28 21:59:28 +00:00			`# 2020-03-08: IIAB DOES NOT SUPPORT UNINSTALLING APPS, so additional`
			`# clauses (to reset/restore PHP's defaults) are not necessary at this time.`
Clean/explain www_front_end/tasks/main.yml 2020-03-08 18:34:55 +00:00
fpm/php.ini + cli/php.ini + apache2/php.ini for Moodle 2021-06-28 21:59:28 +00:00			`# 2021-06-28: WITH PHP 8, MOODLE'S CLI INSTALLER UNFORTUNATELY REQUIRES`
www_options/tasks/main.yml: Clarify 3 php.ini files 2021-08-04 00:26:28 +00:00			`# editing /etc/php/{{ php_version }}/cli/php.ini (below) -- though during`
			`# regular operation it uses: .../fpm/php.ini`
			`# And in the past it used: .../apache2/php.ini`
Clean/explain www_front_end/tasks/main.yml 2020-03-08 18:34:55 +00:00
www_options/tasks/install.yml: Mandate nginx_high_php_limits if moodle_install 2021-05-22 20:42:25 +00:00			`- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)"`
Move php-fpm / high limits from www_back_end (3) to www_front_end (4) 2020-02-16 07:47:45 +00:00			`lineinfile:`
fpm/php.ini + cli/php.ini + apache2/php.ini for Moodle 2021-06-28 21:59:28 +00:00			`path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini`
Move php-fpm / high limits from www_back_end (3) to www_front_end (4) 2020-02-16 07:47:45 +00:00			`regexp: "{{ item.regexp }}"`
			`line: "{{ item.line }}"`
			`with_items:`
			`- { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' }`
			`- { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' }`
			`- { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' }`
			`- { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' }`
Clean/explain www_front_end/tasks/main.yml 2020-03-08 18:34:55 +00:00			`- { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' }`
fpm/php.ini + cli/php.ini + apache2/php.ini for Moodle 2021-06-28 21:59:28 +00:00			`- { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' }`
apache2/php.ini fixes for Moodle e.g. 'max_input_vars = 5000' 2021-06-28 17:29:58 +00:00			`when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install`
Move php-fpm / high limits from www_back_end (3) to www_front_end (4) 2020-02-16 07:47:45 +00:00
fpm/php.ini + cli/php.ini + apache2/php.ini for Moodle 2021-06-28 21:59:28 +00:00			`- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)"`
apache2/php.ini fixes for Moodle e.g. 'max_input_vars = 5000' 2021-06-28 17:29:58 +00:00			`lineinfile:`
fpm/php.ini + cli/php.ini + apache2/php.ini for Moodle 2021-06-28 21:59:28 +00:00			`path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini`
apache2/php.ini fixes for Moodle e.g. 'max_input_vars = 5000' 2021-06-28 17:29:58 +00:00			`regexp: "{{ item.regexp }}"`
			`line: "{{ item.line }}"`
			`with_items:`
			`- { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' }`
			`- { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' }`
			`- { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' }`
			`- { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' }`
			`- { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' }`
fpm/php.ini + cli/php.ini + apache2/php.ini for Moodle 2021-06-28 21:59:28 +00:00			`- { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' }`
			`when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install`
apache2/php.ini fixes for Moodle e.g. 'max_input_vars = 5000' 2021-06-28 17:29:58 +00:00
fpm/php.ini + cli/php.ini + apache2/php.ini for Moodle 2021-06-28 21:59:28 +00:00			`- name: Restart 'php{{ php_version }}-fpm' systemd service`
apache2/php.ini fixes for Moodle e.g. 'max_input_vars = 5000' 2021-06-28 17:29:58 +00:00			`systemd:`
fpm/php.ini + cli/php.ini + apache2/php.ini for Moodle 2021-06-28 21:59:28 +00:00			`name: php{{ php_version }}-fpm`
apache2/php.ini fixes for Moodle e.g. 'max_input_vars = 5000' 2021-06-28 17:29:58 +00:00			`state: restarted`

fpm/php.ini + cli/php.ini + apache2/php.ini for Moodle 2021-06-28 21:59:28 +00:00			`when: moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE apache_allow_sudo conditionals below.`
Move php-fpm / high limits from www_back_end (3) to www_front_end (4) 2020-02-16 07:47:45 +00:00

Try roles/www_back_end in Stage 3 & roles/www_front_end in Stage 4 2020-02-13 01:53:36 +00:00			`# 'Is a "Rapid Power Off" button possible for low-electricity environments?'`
			`# gives more details here: http://FAQ.IIAB.IO`

Move php-fpm / high limits from www_back_end (3) to www_front_end (4) 2020-02-16 07:47:45 +00:00			`# COMPARE nginx_high_php_limits further above.`

Clean/explain www_front_end/tasks/main.yml 2020-03-08 18:34:55 +00:00			`# 2020-03-08: DOES THE FLAG BELOW (apache_allow_sudo) PRESUMABLY WORK`
			`# WITH NGINX TOO ? (The single-click poweroff button on IIAB's home`
			`# page certainly does still work with NGINX.)`
Try roles/www_back_end in Stage 3 & roles/www_front_end in Stage 4 2020-02-13 01:53:36 +00:00
			`- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_apache_poweroff from template`
			`template:`
			`src: 020_apache_poweroff.j2`
			`dest: /etc/sudoers.d/020_apache_poweroff`
/etc/sudoers.d/* files should have permission 0440 @tim-moody: if possible make this same change for roles/js-menu/templates/021_apache_set_time.j2 2020-10-11 00:39:50 +00:00			`mode: '0440'`
Remove "\| bool" 1.5yrs later, as Ansible 2.10 changed conditional_bare_variables default 2020-10-16 20:46:19 +00:00			`when: apache_allow_sudo`
Try roles/www_back_end in Stage 3 & roles/www_front_end in Stage 4 2020-02-13 01:53:36 +00:00
			`- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff`
			`file:`
			`path: /etc/sudoers.d/020_apache_poweroff`
			`state: absent`
			`when: not apache_allow_sudo`


netplan.yml: Mint networkd-dispatcher issue? groovy & internet_available removed 2022-06-30 14:29:08 +00:00			`# 2022-06-30: internet_available var removed`
Speed up roles/0-init by moving 2 things to detected_network.yml 2022-06-29 22:37:13 +00:00			`- name: 'Test for Internet access, using: {{ iiab_download_url }}/heart-beat.txt'`
			`get_url:`
			`url: "{{ iiab_download_url }}/heart-beat.txt"`
			`dest: /tmp/heart-beat.txt`
			`#timeout: "{{ download_timeout }}"`
			`# @jvonau recommends: 100sec is too much (keep 10sec default)`
			`ignore_errors: True`
			`#async: 10`
			`#poll: 2`
			`register: internet_access_test`

			`- name: Remove downloaded Internet test file /tmp/heart-beat.txt`
			`file:`
			`path: /tmp/heart-beat.txt`
			`state: absent`

www_back_end, www_front_end -> www_core, www_options 2020-03-08 19:26:05 +00:00			`- name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script was installed in Stage 3 = roles/3-base-server/tasks/main.yml, which ran roles/www_base/tasks/main.yml)`
Try roles/www_back_end in Stage 3 & roles/www_front_end in Stage 4 2020-02-13 01:53:36 +00:00			`command: /usr/bin/iiab-refresh-wiki-docs`
Speed up roles/0-init by moving 2 things to detected_network.yml 2022-06-29 22:37:13 +00:00			`when: not internet_access_test.failed and not nodocs`
Try roles/www_back_end in Stage 3 & roles/www_front_end in Stage 4 2020-02-13 01:53:36 +00:00

Reduce dependency on Apache in 9 playbooks 2020-05-17 02:48:52 +00:00			`- name: (Re)Start '{{ apache_service }}' systemd service, if installed & enabled`
Restart web server(s) as www_front_end completes 2020-02-14 03:53:19 +00:00			`systemd:`
			`name: "{{ apache_service }}" # apache2 on debuntu`
			`state: restarted`
Reduce dependency on Apache in 9 playbooks 2020-05-17 02:48:52 +00:00			`when: apache_installed is defined and apache_enabled`
Restart web server(s) as www_front_end completes 2020-02-14 03:53:19 +00:00
			`- name: (Re)Start 'nginx' systemd service, if nginx_enabled`
			`systemd:`
			`name: nginx`
			`state: restarted`
Remove "\| bool" 1.5yrs later, as Ansible 2.10 changed conditional_bare_variables default 2020-10-16 20:46:19 +00:00			`when: nginx_enabled`
Restart web server(s) as www_front_end completes 2020-02-14 03:53:19 +00:00

www_back_end, www_front_end -> www_core, www_options 2020-03-08 19:26:05 +00:00			`# RECORD www_options AS INSTALLED`
Try roles/www_back_end in Stage 3 & roles/www_front_end in Stage 4 2020-02-13 01:53:36 +00:00
www_back_end, www_front_end -> www_core, www_options 2020-03-08 19:26:05 +00:00			`- name: "Set 'www_options_installed: True'"`
Try roles/www_back_end in Stage 3 & roles/www_front_end in Stage 4 2020-02-13 01:53:36 +00:00			`set_fact:`
www_back_end, www_front_end -> www_core, www_options 2020-03-08 19:26:05 +00:00			`www_options_installed: True`
Try roles/www_back_end in Stage 3 & roles/www_front_end in Stage 4 2020-02-13 01:53:36 +00:00
www_back_end, www_front_end -> www_core, www_options 2020-03-08 19:26:05 +00:00			`- name: "Add 'www_options_installed: True' to {{ iiab_state_file }}"`
Try roles/www_back_end in Stage 3 & roles/www_front_end in Stage 4 2020-02-13 01:53:36 +00:00			`lineinfile:`
			`path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml`
www_back_end, www_front_end -> www_core, www_options 2020-03-08 19:26:05 +00:00			`regexp: '^www_options_installed'`
			`line: 'www_options_installed: True'`