iiab/roles/network/defaults/main.yml

# IIAB Networking Doc: https://github.com/iiab/iiab/wiki/IIAB-Networking
# Ansible README: https://github.com/iiab/iiab/tree/master/roles/network
# http://FAQ.IIAB.IO -> click on "Any other networking tips?"

# Firewall (iptables) can be tuned in /etc/iiab/local_vars.yml with this var:
# ports_externally_visible: 3
# https://github.com/iiab/iiab/wiki/IIAB-Networking#firewall-iptables

# Ethernet - IF NECESSARY, CUSTOMIZE THESE 4+1 VARS IN /etc/iiab/local_vars.yml
# See "How do I set a static IP address?" for Ethernet, in http://FAQ.IIAB.IO
# wan_ip: dhcp       # wan_ip: 192.168.1.99
# wan_netmask:       # wan_netmask: 255.255.255.0
# wan_gateway:       # wan_gateway: 192.168.1.254
# wan_nameserver:    # wan_nameserver: 192.168.1.254
# wan_try_dhcp_before_static_ip: True   # Facilitate field updates w/ cablemodems
# Details @ roles/network/templates/network/dhcpcd.conf.j2 for /etc/dhcpcd.conf

# Wi-Fi - IF NECESSARY, CUSTOMIZE THESE 6 VARIABLES IN /etc/iiab/local_vars.yml
# host_country_code: US
# host_ssid: "Internet in a Box"
# host_wifi_mode: g
# host_channel: 6
# hostapd_secure: False
# hostapd_password: changeme
#
# hostapd_install: True    # 2020-01-21: do not rely on this var for now (might be implemented in future)
# hostapd_enabled: True
# Above is forcibly set to False (in roles/network/tasks/main.yml) if IIAB is
# being WiFi-installed (run "iiab-hotspot-on" AFTER ./iiab-install completes
# and content is downloaded, to enable the internal WiFi Access Point / AP!)
#
# reboot_to_AP: False
# For those installing IIAB over WiFi: "reboot_to_AP: True" overrides the above
# detection of WiFi-as-gateway, forcing "hostapd_enabled: True" regardless.
#
# Above 2 vars set in /opt/iiab/iiab/vars/default_vars.yml
#
hostapd_wait: 5
host_wireless_n: False
driver_name: nl80211

# DNS / name resolution
# dhcpd_install: False
# dhcpd_enabled: False
# named_install: False
# named_enabled: False
# dnsmasq_enabled: True
# dnsmasq_install: True
# dns_jail_enabled: False
# Above 7 vars set in /etc/iiab/local_vars.yml
#
# dhcp_service: ????                 # Set in individual OS's /opt/iiab/iiab/vars/<OS>.yml for use in roles/network/tasks/dhcpd.yml
# dhcp_service2: "dhcpd disabled"    # Moved to roles/network/tasks/computed_services.yml as community transitions from named/BIND to dnsmasq (PR #1202)

# Dynamically calculated later
# iiab_network_mode: "Gateway"

# Defaults for network detection
wireless_lan_present: False
strict_networking: False
iiab_demo_mode: False
gui_static_wan: False
wan_cidr:

# Set defaults for discovery process as strings
wifi1: "not found-1"
wifi2: "not found-2"
ap_device: "none"
device_gw: "none"
device_gw2: ""

iiab_wan_iface: "none"
iiab_lan_iface: "none"
discovered_lan_iface: "none"
discovered_wired_iface: "none"
discovered_wireless_iface: "none"

# Red Hat
#iiab_wired_lan_iface: "none"
#iiab_wireless_lan_iface: "none"
has_WAN: False
has_ifcfg_gw: "none"
has_wifi_gw: "none"

# Debian
dhcpcd_result: ""
wan_in_interfaces: False
network_manager_active: False
systemd_networkd_active: False

# The values here are default local variables
gui_wan_iface: "unset"
gui_static_wan_ip: "unset"
wondershaper_dspeed: "4096"
wondershaper_upspeed: "1024"

# Unused
# network_config_dir: /etc/network/interfaces.d

# Wi-Fi
host_ssid: IIAB
hostapd_wait: 1
host_wifi_mode: g
host_channel: 6
host_wireless_n: False
ap0_mac_addr: b8:27:99:12:34:56
# Below moved to /etc/iiab/local_vars.yml: (so implementer sets this)
#host_country_code: US
hostapd_secure: True
hostapd_password: "iiab2017"
driver_name: nl80211
hostapd_enabled: True
# Above is forcibly set to False (in roles/network/tasks/main.yml) if IIAB is
# being WiFi-installed (run "iiab-hotspot-on" AFTER ./iiab-install completes
# and content is downloaded, to enable the internal WiFi Access Point / AP!)
reboot_to_AP: False
# For those installing IIAB over WiFi: "reboot_to_AP: True" overrides the above
# detection of WiFi-as-gateway, forcing "hostapd_enabled: True" regardless.

network_config_dir: /etc/network/interfaces.d
#iiab_network_mode: "Gateway"
dns_jail_enabled: False
services_externally_visible: False

# DNS / name resolution
dhcpd_install: True
dhcpd_enabled: False
#dhcp_service: ????                 # Set in individual OS's /opt/iiab/iiab/vars/<OS>.yml for use in roles/network/tasks/dhcpd.yml
#dhcp_service2: "dhcpd disabled"    # Moved to roles/network/tasks/computed_services.yml as community transitions from named/BIND to dnsmasq (PR #1202)
named_install: True
named_enabled: False
dnsmasq_enabled: True
dnsmasq_install: True

# Originally for @tim-moody's Nodogsplash approach to Captive Portal
# Highly experimental as of June 2018: https://github.com/iiab/iiab/issues/608
#
# Newer: Python-based Captive Portal, that @m-anish & @jvonau experimented with
# in July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
# extensively refined in Sept 2018 (https://github.com/iiab/iiab/pull/1179)
# captive_portal_install: False
# captive_portal_enabled: False
# Above 2 vars set in /etc/iiab/local_vars.yml
# captive_portal_port: "9090"
# Above var set in /opt/iiab/iiab/vars/default_vars.yml
py_captive_portal_port: "9090"
py_captive_portal_username: "Admin"
py_captive_portal_password: "changeme"
# In a pinch, disable it by running: systemctl disable captive-portal
Doc Links @ top of roles/network/defaults/main.yml 2019-05-25 11:31:20 +00:00			`# IIAB Networking Doc: https://github.com/iiab/iiab/wiki/IIAB-Networking`
			`# Ansible README: https://github.com/iiab/iiab/tree/master/roles/network`
			`# http://FAQ.IIAB.IO -> click on "Any other networking tips?"`
Delineate vars already defined in local_vars & default_vars 2019-05-25 10:13:39 +00:00
Making network/defaults/main.yml approachable for others 2019-05-25 11:19:16 +00:00			`# Firewall (iptables) can be tuned in /etc/iiab/local_vars.yml with this var:`
			`# ports_externally_visible: 3`
			`# https://github.com/iiab/iiab/wiki/IIAB-Networking#firewall-iptables`

New var wan_try_dhcp_before_static_ip 2019-09-03 18:51:08 +00:00			`# Ethernet - IF NECESSARY, CUSTOMIZE THESE 4+1 VARS IN /etc/iiab/local_vars.yml`
Update main.yml 2019-09-03 22:09:23 +00:00			`# See "How do I set a static IP address?" for Ethernet, in http://FAQ.IIAB.IO`
wan_ipv4ll -> wan_link_local 2019-09-02 23:58:03 +00:00			`# wan_ip: dhcp # wan_ip: 192.168.1.99`
			`# wan_netmask: # wan_netmask: 255.255.255.0`
192.168.1.254 preferred over 192.168.1.1 in MX schools 2019-09-03 18:57:24 +00:00			`# wan_gateway: # wan_gateway: 192.168.1.254`
			`# wan_nameserver: # wan_nameserver: 192.168.1.254`
New var wan_try_dhcp_before_static_ip 2019-09-03 18:51:08 +00:00			`# wan_try_dhcp_before_static_ip: True # Facilitate field updates w/ cablemodems`
Update main.yml 2019-09-03 00:29:00 +00:00			`# Details @ roles/network/templates/network/dhcpcd.conf.j2 for /etc/dhcpcd.conf`
Update main.yml 2019-09-02 20:06:07 +00:00
Clarify Wi-Fi customization instructions 2019-05-25 11:58:19 +00:00			`# Wi-Fi - IF NECESSARY, CUSTOMIZE THESE 6 VARIABLES IN /etc/iiab/local_vars.yml`
Making network/defaults/main.yml approachable for others 2019-05-25 11:19:16 +00:00			`# host_country_code: US`
			`# host_ssid: "Internet in a Box"`
			`# host_wifi_mode: g`
			`# host_channel: 6`
			`# hostapd_secure: False`
			`# hostapd_password: changeme`
			`#`
Update network/defaults/main.yml 2020-01-21 17:03:54 +00:00			`# hostapd_install: True # 2020-01-21: do not rely on this var for now (might be implemented in future)`
Making network/defaults/main.yml approachable for others 2019-05-25 11:19:16 +00:00			`# hostapd_enabled: True`
			`# Above is forcibly set to False (in roles/network/tasks/main.yml) if IIAB is`
			`# being WiFi-installed (run "iiab-hotspot-on" AFTER ./iiab-install completes`
			`# and content is downloaded, to enable the internal WiFi Access Point / AP!)`
			`#`
			`# reboot_to_AP: False`
			`# For those installing IIAB over WiFi: "reboot_to_AP: True" overrides the above`
			`# detection of WiFi-as-gateway, forcing "hostapd_enabled: True" regardless.`
			`#`
			`# Above 2 vars set in /opt/iiab/iiab/vars/default_vars.yml`
			`#`
			`hostapd_wait: 5`
			`host_wireless_n: False`
			`driver_name: nl80211`

			`# DNS / name resolution`
			`# dhcpd_install: False`
			`# dhcpd_enabled: False`
			`# named_install: False`
			`# named_enabled: False`
			`# dnsmasq_enabled: True`
			`# dnsmasq_install: True`
			`# dns_jail_enabled: False`
			`# Above 7 vars set in /etc/iiab/local_vars.yml`
			`#`
			`# dhcp_service: ???? # Set in individual OS's /opt/iiab/iiab/vars/<OS>.yml for use in roles/network/tasks/dhcpd.yml`
			`# dhcp_service2: "dhcpd disabled" # Moved to roles/network/tasks/computed_services.yml as community transitions from named/BIND to dnsmasq (PR #1202)`

			`# Dynamically calculated later`
			`# iiab_network_mode: "Gateway"`

move network detection to network -- adjused for hostname 2017-09-23 07:03:58 +00:00			`# Defaults for network detection`
			`wireless_lan_present: False`
			`strict_networking: False`
			`iiab_demo_mode: False`
			`gui_static_wan: False`
get rid of the stall with 'dhcp' 2018-05-13 04:10:41 +00:00			`wan_cidr:`
move network detection to network -- adjused for hostname 2017-09-23 07:03:58 +00:00
			`# Set defaults for discovery process as strings`
			`wifi1: "not found-1"`
			`wifi2: "not found-2"`
running - double check after rebase 2017-11-01 12:45:55 +00:00			`ap_device: "none"`
			`device_gw: "none"`
			`device_gw2: ""`

			`iiab_wan_iface: "none"`
			`iiab_lan_iface: "none"`
wifi really is turned off by rfkill until wpa_supplicant has country= 2018-03-29 20:39:20 +00:00			`discovered_lan_iface: "none"`
running - double check after rebase 2017-11-01 12:45:55 +00:00			`discovered_wired_iface: "none"`
move network detection to network -- adjused for hostname 2017-09-23 07:03:58 +00:00			`discovered_wireless_iface: "none"`
running - double check after rebase 2017-11-01 12:45:55 +00:00
Understandability/Context for outsiders 2018-07-12 17:36:09 +00:00			`# Red Hat`
fix detection 2018-05-02 17:38:24 +00:00			`#iiab_wired_lan_iface: "none"`
			`#iiab_wireless_lan_iface: "none"`
move network detection to network -- adjused for hostname 2017-09-23 07:03:58 +00:00			`has_WAN: False`
			`has_ifcfg_gw: "none"`
			`has_wifi_gw: "none"`
running - double check after rebase 2017-11-01 12:45:55 +00:00
Understandability/Context for outsiders 2018-07-12 17:36:09 +00:00			`# Debian`
move network detection to network -- adjused for hostname 2017-09-23 07:03:58 +00:00			`dhcpcd_result: ""`
			`wan_in_interfaces: False`
use results to set_facts 2017-11-23 06:24:44 +00:00			`network_manager_active: False`
			`systemd_networkd_active: False`
move network detection to network -- adjused for hostname 2017-09-23 07:03:58 +00:00
Delineate vars already defined in local_vars & default_vars 2019-05-25 10:13:39 +00:00			`# The values here are default local variables`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`gui_wan_iface: "unset"`
			`gui_static_wan_ip: "unset"`
			`wondershaper_dspeed: "4096"`
			`wondershaper_upspeed: "1024"`
move network detection to network -- adjused for hostname 2017-09-23 07:03:58 +00:00
Delineate vars already defined in local_vars & default_vars 2019-05-25 10:13:39 +00:00			`# Unused`
			`# network_config_dir: /etc/network/interfaces.d`
port dnsmasq over from nginx-rebase-eth0 - rebased edits 2017-09-13 11:07:25 +00:00
softcode apo_mac_addr 2018-12-03 05:16:08 +00:00			`# Wi-Fi`
			`host_ssid: IIAB`
			`hostapd_wait: 1`
			`host_wifi_mode: g`
			`host_channel: 6`
			`host_wireless_n: False`
			`ap0_mac_addr: b8:27:99:12:34:56`
			`# Below moved to /etc/iiab/local_vars.yml: (so implementer sets this)`
			`#host_country_code: US`
			`hostapd_secure: True`
			`hostapd_password: "iiab2017"`
			`driver_name: nl80211`
			`hostapd_enabled: True`
			`# Above is forcibly set to False (in roles/network/tasks/main.yml) if IIAB is`
			`# being WiFi-installed (run "iiab-hotspot-on" AFTER ./iiab-install completes`
			`# and content is downloaded, to enable the internal WiFi Access Point / AP!)`
			`reboot_to_AP: False`
			`# For those installing IIAB over WiFi: "reboot_to_AP: True" overrides the above`
			`# detection of WiFi-as-gateway, forcing "hostapd_enabled: True" regardless.`

			`network_config_dir: /etc/network/interfaces.d`
			`#iiab_network_mode: "Gateway"`
			`dns_jail_enabled: False`
			`services_externally_visible: False`

			`# DNS / name resolution`
			`dhcpd_install: True`
			`dhcpd_enabled: False`
			`#dhcp_service: ???? # Set in individual OS's /opt/iiab/iiab/vars/<OS>.yml for use in roles/network/tasks/dhcpd.yml`
			`#dhcp_service2: "dhcpd disabled" # Moved to roles/network/tasks/computed_services.yml as community transitions from named/BIND to dnsmasq (PR #1202)`
			`named_install: True`
			`named_enabled: False`
			`dnsmasq_enabled: True`
			`dnsmasq_install: True`

Delineate vars already defined in local_vars & default_vars 2019-05-25 10:13:39 +00:00			`# Originally for @tim-moody's Nodogsplash approach to Captive Portal`
			`# Highly experimental as of June 2018: https://github.com/iiab/iiab/issues/608`
			`#`
Captive Portal doc evolution clarified 2019-05-25 11:36:25 +00:00			`# Newer: Python-based Captive Portal, that @m-anish & @jvonau experimented with`
			`# in July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt`
Update main.yml 2018-10-08 19:45:35 +00:00			`# extensively refined in Sept 2018 (https://github.com/iiab/iiab/pull/1179)`
Delineate vars already defined in local_vars & default_vars 2019-05-25 10:13:39 +00:00			`# captive_portal_install: False`
			`# captive_portal_enabled: False`
			`# Above 2 vars set in /etc/iiab/local_vars.yml`
			`# captive_portal_port: "9090"`
			`# Above var set in /opt/iiab/iiab/vars/default_vars.yml`
use py_ for new captive_portal variables 2018-07-05 17:24:20 +00:00			`py_captive_portal_port: "9090"`
			`py_captive_portal_username: "Admin"`
			`py_captive_portal_password: "changeme"`
Cap2 (#1300) * move captive portal to its own role * runrole still not working * make apache name consistent, define py_captive_portal_port * record android fixes * some progress -- windows8.1 works but detectportal.firefox active for both mac and windows * works all platforms * one captive_portal_install not changed to py_captive... * port into defaults * windows 7,8,10,mac,ios,android 5,7 * add # to dnsmasq.d/captive * guess what android 8 might need * move captive portal to its own role * runrole still not working * make apache name consistent, define py_captive_portal_port * record android fixes * some progress -- windows8.1 works but detectportal.firefox active for both mac and windows * works all platforms * one captive_portal_install not changed to py_captive... * port into defaults * windows 7,8,10,mac,ios,android 5,7 * add # to dnsmasq.d/captive * guess what android 8 might need * restart apache2 and dnsmasq in role * do not hard code apache name * cut out disfunctional experiments * variable py_captive_portal_port misspelled * add wildcard serveralias to box.lan vhost to fix default * add in STDOUT to log * remove the py_ * add in msn to urls to capture * missed a few py_ 2018-11-18 04:09:40 +00:00			`# In a pinch, disable it by running: systemctl disable captive-portal`