Merge pull request #2850 from holta/less-apache

WIP: Extricate IIAB from 2 web servers complexity
2025-03-09 15:40:17 +00:00 · 2021-08-08 12:05:00 -04:00 · 2021-08-08 12:05:00 -04:00 · 0b63f27e6c
commit 0b63f27e6c
parent 9a320699d5 15a42dcd7f
47 changed files with 135 additions and 317 deletions
--- a/roles/0-DEPRECATED-ROLES/elgg/README.rst
+++ b/roles/0-DEPRECATED-ROLES/elgg/README.rst
--- a/roles/0-DEPRECATED-ROLES/elgg/defaults/main.yml
+++ b/roles/0-DEPRECATED-ROLES/elgg/defaults/main.yml
--- a/roles/0-DEPRECATED-ROLES/elgg/tasks/apache.yml.unused
+++ b/roles/0-DEPRECATED-ROLES/elgg/tasks/apache.yml.unused
--- a/roles/0-DEPRECATED-ROLES/elgg/tasks/install.yml
+++ b/roles/0-DEPRECATED-ROLES/elgg/tasks/install.yml
@ -1,11 +1,12 @@
- name: "Set 'apache_install: True' and 'apache_enabled: True'"
+# - name: "Set 'apache_install: True' and 'apache_enabled: True'"
-  set_fact:
+#   set_fact:
-    apache_install: True
+#     apache_install: True
-    apache_enabled: True
+#     apache_enabled: True
 #
 # - name: APACHE - run 'httpd' role
 #   include_role:
 #     name: httpd
 - name: APACHE - run 'httpd' role
  include_role:
    name: httpd
 # 2020-06-15: roles/httpd/tasks/install.yml now takes care of this.
 # # 2020-05-21: Required now that mysql/tasks/install.yml installs
@ -32,7 +33,7 @@
  #  creates: "{{ downloads_dir }}/elgg-{{ elgg_version }}.zip"
  get_url:
    url: "{{ iiab_download_url }}/elgg-{{ elgg_version }}.zip"
-    dest: "{{ downloads_dir }}"
+    dest: "{{ downloads_dir }}"    # /opt/iiab/downloads
    timeout: "{{ download_timeout }}"
  when: internet_available
@ -41,7 +42,7 @@
    path: "/opt/elgg-{{ elgg_version }}/index.php"
  register: elgg
- name: Unpack (unarchive) .zip to /opt, if above index.php doesn't exist
+- name: Unpack (unarchive) .zip to /opt, if above index.php doesn't exist ({{ apache_user }}:{{ apache_user }})
  #shell: "/usr/bin/unzip -o {{ downloads_dir }}/elgg-{{ elgg_version }}.zip -d /opt"
  unarchive:
    #remote_src: yes
@ -52,7 +53,7 @@
    group: "{{ apache_user }}"
  when: elgg.stat.exists is defined and not elgg.stat.exists
- name: Create softlink from /opt/elgg to /opt/elgg-{{ elgg_version }}
+- name: Symlink /opt/elgg -> /opt/elgg-{{ elgg_version }}
  file:
    src: "./elgg-{{ elgg_version }}"
    path: /opt/elgg
@ -69,13 +70,13 @@
    group: "{{ apache_user }}"
 # The name of this file changed from 1.9 to 1.10.
- name: Copy default .htaccess into /opt/{{ elgg_xx }}, root of Elgg tree
+- name: Copy default .htaccess into /opt/{{ elgg_xx }}, root of Elgg tree (0644)
  copy:
    src: "/opt/{{ elgg_xx }}/vendor/elgg/elgg/install/config/htaccess.dist"
    dest: "/opt/{{ elgg_xx }}/.htaccess"
    owner: "{{ apache_user }}"
    group: "{{ apache_user }}"
-    mode: '0644'
+    mode: 0644
 #regexp='^#RewriteBase'
 - name: Change .htaccess to include RewriteBase for http://box{{ elgg_url }}    # http://box/elgg
@ -86,12 +87,12 @@
    insertafter: '^#RewriteBase'
    line: "RewriteBase {{ elgg_url }}/"
- name: Set /opt/elgg/engine directory permissions to 0755 so Apache can write there
+- name: Set /opt/elgg/engine directory permissions to 0755 (owner {{ apache_user }}) so Apache can write there
  file:
    state: directory
    path: /opt/elgg/engine/
    owner: "{{ apache_user }}"
-    mode: '0755'
+    mode: 0755
 - name: Change /opt/elgg-{{ elgg_version }} ownership to {{ apache_user }}:{{ apache_user }} (likely not nec, as unarchive & all do this above)
  file:
@ -103,14 +104,14 @@
 - name: Create upload directory {{ elgg_upload_path }} that Apache (and Elgg) can write to
  file:
-    path: "{{ elgg_upload_path }}"
+    path: "{{ elgg_upload_path }}"    # /library/elgg
    state: directory
    owner: "{{ apache_user }}"
- name: Install /etc/{{ apache_conf_dir }}/elgg.conf from template, for http://box{{ elgg_url }}    # http://box/elgg
+# - name: Install /etc/{{ apache_conf_dir }}/elgg.conf from template, for http://box{{ elgg_url }}    # http://box/elgg
-  template:
+#   template:
-    src: elgg.conf
+#     src: elgg.conf
-    dest: "/etc/{{ apache_conf_dir }}/elgg.conf"
+#     dest: "/etc/{{ apache_conf_dir }}/elgg.conf"
 - name: Set up Elgg's MySQL database
--- a/roles/0-DEPRECATED-ROLES/elgg/tasks/main.yml
+++ b/roles/0-DEPRECATED-ROLES/elgg/tasks/main.yml
@ -24,14 +24,13 @@
  when: elgg_installed is undefined
-#- name: Enable/Disable/Restart Apache if primary
+# #- name: Enable/Disable/Restart Apache if primary
- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
+# - name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
-  include_tasks: apache.yml
+#   include_tasks: apache.yml
-  #when: not nginx_enabled
+#   #when: not nginx_enabled
 - name: Enable/Disable/Restart NGINX if primary
  include_tasks: nginx.yml
  when: nginx_enabled
 - name: Add 'elgg' variable values to {{ iiab_ini_file }}
--- a/roles/0-DEPRECATED-ROLES/elgg/tasks/nginx.yml
+++ b/roles/0-DEPRECATED-ROLES/elgg/tasks/nginx.yml
--- a/roles/0-DEPRECATED-ROLES/elgg/tasks/setup.yml
+++ b/roles/0-DEPRECATED-ROLES/elgg/tasks/setup.yml
--- a/roles/0-DEPRECATED-ROLES/elgg/templates/elgg-nginx.conf.j2
+++ b/roles/0-DEPRECATED-ROLES/elgg/templates/elgg-nginx.conf.j2
--- a/roles/0-DEPRECATED-ROLES/elgg/templates/elgg.conf.unused
+++ b/roles/0-DEPRECATED-ROLES/elgg/templates/elgg.conf.unused
--- a/roles/0-DEPRECATED-ROLES/elgg/templates/elggdb.sql.j2
+++ b/roles/0-DEPRECATED-ROLES/elgg/templates/elggdb.sql.j2
--- a/roles/0-DEPRECATED-ROLES/elgg/templates/settings.php.j2
+++ b/roles/0-DEPRECATED-ROLES/elgg/templates/settings.php.j2
--- a/roles/0-DEPRECATED-ROLES/httpd/README.md
+++ b/roles/0-DEPRECATED-ROLES/httpd/README.md
--- a/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml
+++ b/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml
--- a/roles/0-DEPRECATED-ROLES/httpd/tasks/homepage.yml
+++ b/roles/0-DEPRECATED-ROLES/httpd/tasks/homepage.yml
--- a/roles/0-DEPRECATED-ROLES/httpd/tasks/install.yml
+++ b/roles/0-DEPRECATED-ROLES/httpd/tasks/install.yml
--- a/roles/0-DEPRECATED-ROLES/httpd/tasks/main.yml
+++ b/roles/0-DEPRECATED-ROLES/httpd/tasks/main.yml
--- a/roles/0-DEPRECATED-ROLES/httpd/templates/010-iiab.conf.j2
+++ b/roles/0-DEPRECATED-ROLES/httpd/templates/010-iiab.conf.j2
--- a/roles/0-DEPRECATED-ROLES/httpd/templates/iiab-homepage.conf
+++ b/roles/0-DEPRECATED-ROLES/httpd/templates/iiab-homepage.conf
--- a/roles/0-DEPRECATED-ROLES/httpd/templates/proxy_ajp.conf.j2
+++ b/roles/0-DEPRECATED-ROLES/httpd/templates/proxy_ajp.conf.j2
--- a/roles/0-init/tasks/validate_vars.yml
+++ b/roles/0-init/tasks/validate_vars.yml
@ -61,9 +61,9 @@
 # https://github.com/iiab/iiab/blob/master/tests/test.yml
 # https://github.com/iiab/iiab/blob/master/roles/0-init/tasks/validate_vars.yml
 #
-# 2020-11-04: Fix validation of 5 core dependencies, for ./runrole etc
+# 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc
- name: Set vars_checklist for 46 + 46 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked
+- name: Set vars_checklist for 44 + 44 + 40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked
  set_fact:
    vars_checklist:
      - hostapd
@ -76,7 +76,7 @@
      - openvpn
      - admin_console
      #- nginx              # MANDATORY
-      - apache              # Dependency - excluded from _installed check below
+      #- apache             # Unmaintained - former dependency
      #- mysql              # MANDATORY
      - squid
      - dansguardian
@ -90,7 +90,7 @@
      - azuracast
      #- dokuwiki           # Unmaintained
      #- ejabberd           # Unmaintained
-      - elgg
+      #- elgg               # Unmaintained
      - gitea
      - jupyterhub
      - lokole
@ -99,7 +99,6 @@
      - nodejs              # Dependency - excluded from _installed check below
      - nodered
      - nextcloud
      - pbx
      - wordpress
      - kalite
      - kolibri
@ -116,11 +115,12 @@
      - phpmyadmin
      - vnstat
      - yarn                # Dependency - excluded from _installed check below
      - internetarchive
      - captiveportal
      - internetarchive
      - minetest
      - calibre
      - calibreweb
      - calibre
      - pbx
 - name: Assert that {{ vars_checklist | length }} "XYZ_install" vars are all... defined
  assert:
@ -162,5 +162,5 @@
    that: "{{ item }}_install or {{ item }}_installed is undefined"
    fail_msg: "DISALLOWED: '{{ item }}_install: False' (e.g. in /etc/iiab/local_vars.yml) WHEN '{{ item }}_installed' is defined (e.g. in /etc/iiab/iiab_state.yml) -- IIAB DOES NOT SUPPORT UNINSTALLS -- please verify those 2 files especially, and other places variables are defined?"
    quiet: yes
-  when: item != 'apache' and item != 'nodejs' and item != 'postgresql' and item != 'mongodb' and item != 'yarn'    # Exclude auto-installed dependencies
+  when: item != 'nodejs' and item != 'postgresql' and item != 'mongodb' and item != 'yarn'    # Exclude auto-installed dependencies
  loop: "{{ vars_checklist }}"
--- a/roles/6-generic-apps/tasks/main.yml
+++ b/roles/6-generic-apps/tasks/main.yml
@ -3,7 +3,6 @@
 - name: ...IS BEGINNING ====================================
  meta: noop
 # UNMAINTAINED
 - name: AZURACAST
  include_role:
    name: azuracast
@ -21,10 +20,11 @@
    name: ejabberd
  when: ejabberd_install is defined and ejabberd_install
 # UNMAINTAINED
 - name: ELGG
  include_role:
    name: elgg
-  when: elgg_install
+  when: elgg_install is defined and elgg_install
 - name: GITEA
  include_role:
--- a/roles/calibre/tasks/install.yml
+++ b/roles/calibre/tasks/install.yml
@ -37,13 +37,13 @@
 # 2. SYSTEMD SERVICES
- name: Create /etc/systemd/system/calibre-serve.service and /etc/{{ apache_conf_dir }}/calibre.conf
+- name: 'Install from template: /etc/systemd/system/calibre-serve.service'
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  with_items:
    - { src: 'calibre-serve.service.j2', dest: '/etc/systemd/system/calibre-serve.service' }
-    - { src: 'calibre.conf', dest: '/etc/{{ apache_conf_dir }}' }    # apache2/sites-available (this doesn't work, see #529: let's try to create /etc/nginx/conf.d/calibre-nginx.conf in future!)
+    #- { src: 'calibre.conf', dest: '/etc/{{ apache_conf_dir }}' }    # apache2/sites-available (this doesn't work, see #529: let's try to create /etc/nginx/conf.d/calibre-nginx.conf in future!)
 - name: Stop service 'calibre-serve' (/usr/bin/calibre-server by Kovid Goyal)
  systemd:
--- a/roles/calibre/templates/calibre.conf.unused
+++ b/roles/calibre/templates/calibre.conf.unused
--- a/roles/internetarchive/tasks/apache.yml.unused
+++ b/roles/internetarchive/tasks/apache.yml.unused
--- a/roles/internetarchive/tasks/install.yml
+++ b/roles/internetarchive/tasks/install.yml
@ -62,12 +62,6 @@
    src: internetarchive.service.j2
    dest: /etc/systemd/system/internetarchive.service
 - name: "Install from template: /etc/{{ apache_conf_dir }}/internetarchive.conf"
  template:
    src: internetarchive.conf
    dest: "/etc/{{ apache_conf_dir }}/internetarchive.conf"    # apache2/sites-available
  when: apache_installed is defined
 # 4. RECORD Internet Archive AS INSTALLED
--- a/roles/internetarchive/tasks/main.yml
+++ b/roles/internetarchive/tasks/main.yml
@ -68,13 +68,13 @@
    state: stopped
  when: not internetarchive_enabled
- name: Enable/Disable/Restart Apache if primary
+# - name: Enable/Disable/Restart Apache if primary
-  include_tasks: apache.yml
+#   include_tasks: apache.yml
-  when: apache_installed is defined and not nginx_enabled
+#   when: apache_installed is defined and not nginx_enabled
 - name: Enable/Disable/Restart NGINX if primary
  include_tasks: nginx.yml
-  when: nginx_enabled
+  #when: nginx_enabled
 - name: Add 'internetarchive' variable values to {{ iiab_ini_file }}
--- a/roles/internetarchive/templates/internetarchive.conf.unused
+++ b/roles/internetarchive/templates/internetarchive.conf.unused
--- a/roles/kalite/tasks/install.yml
+++ b/roles/kalite/tasks/install.yml
@ -54,11 +54,11 @@
 # Useless stanza, for 2 reasons: (1) http://box/kalite was never made to work
 # (2) /etc/apache2/sites-available does not exist on many IIAB's w/o Apache
- name: "Install from template: /etc/{{ apache_conf_dir }}/kalite.conf (useless, as http://box/kalite was never made to work)"
+# - name: "Install from template: /etc/{{ apache_conf_dir }}/kalite.conf (useless, as http://box/kalite was never made to work)"
-  template:
+#   template:
-    src: kalite.conf
+#     src: kalite.conf
-    dest: "/etc/{{ apache_conf_dir }}"    # apache2/sites-available on debuntu
+#     dest: "/etc/{{ apache_conf_dir }}"    # apache2/sites-available on debuntu
-  when: apache_installed is defined
+#   when: apache_installed is defined
 - name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes, if Raspbian/Debian > 10 or Ubuntu > 19
  replace:
--- a/roles/nginx/README.md
+++ b/roles/nginx/README.md
@ -10,7 +10,7 @@
 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX.
-3. Current state of IIAB App/Service migrations as of 2021-07-24: *(SEE ALSO [#2762](https://github.com/iiab/iiab/issues/2762))*
+3. Current state of IIAB App/Service migrations as of 2021-08-08: *(SEE ALSO [#2762](https://github.com/iiab/iiab/issues/2762))*
   1. These support "Native" NGINX but ***NOT*** Apache
@ -37,11 +37,11 @@
   2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!)  Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service:<!--But if you want to attempt their "Shim" proxying legacy testing mode, try setting your *primary web server* to Apache using `apache_install: True` and `apache_enabled: True` (and `nginx_enabled: False` to disable NGINX) in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) before you install IIAB.  You may also need to run `cd /opt/iiab/iiab; ./runrole httpd` since this has been removed from [roles/3-base-server/tasks/main.yml](https://github.com/iiab/iiab/blob/master/roles/3-base-server/tasks/main.yml)-->
-      * NONE: Apache support is being fully removed starting 2021-07-06 ([PR #2850](https://github.com/iiab/iiab/pull/2850))
+      * **NONE: Apache support is now fully REMOVED as of 2021-08-08** ([PR #2850](https://github.com/iiab/iiab/pull/2850))
   3. These support Apache but ***NOT*** "Native" NGINX.  They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090.  See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of ~6 IIAB Apps/Services that auto-enable Apache.
-      * elgg [*, should be deprecated, or considered for a complete overhaul from ancient Elgg 2.x to 4.x?]
+      * elgg [deprecated -- consider assisting with a complete overhaul from Elgg 2.x to 4.x ?]
   4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations).  In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite)
@ -53,11 +53,11 @@
      * minetest
      * mosquitto
      * openvpn
-      * pbx [*, requires Apache for now, as in Section iii., [PR #2862](https://github.com/iiab/iiab/pull/2862)]
+      * pbx [*, recommends Apache for now, as in Section iii., [#2914](https://github.com/iiab/iiab/issues/2914)]
      * phpmyadmin [*, requires Apache for now, as in Section iii.]
-      * samba
+      * samba [*]
      * sshd
      * transmission
      * vnstat
-[*] The 4 above starred roles could use improvement, as of 2021-07-24.
+[*] The 4 above starred roles could use improvement, as of 2021-08-08.
--- a/roles/nginx/tasks/enable-or-disable.yml
+++ b/roles/nginx/tasks/enable-or-disable.yml
@ -1,29 +1,29 @@
- name: Ensure that Apache ({{ apache_service }}) is not running -- we may need port swap
+# - name: Ensure that Apache ({{ apache_service }}) is not running -- we may need port swap
-  systemd:
+#   systemd:
-    name: "{{ apache_service }}"    # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml
+#     name: "{{ apache_service }}"    # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml
-    state: stopped
+#     state: stopped
-  ignore_errors: yes
+#   ignore_errors: yes
-  # 'when: apache_installed is defined' might also work, as mysql's php no longer installs apache2 (but 'ignore_errors: yes' remains safer!)
+#   # 'when: apache_installed is defined' might also work, as mysql's php no longer installs apache2 (but 'ignore_errors: yes' remains safer!)
- name: Install /etc/{{ apache_service }}/ports.conf from template 1 of 2 (ports.conf.j2) if nginx_enabled, to enable Apache port {{ apache_port }} localhost only
+# - name: Install /etc/{{ apache_service }}/ports.conf from template 1 of 2 (ports.conf.j2) if nginx_enabled, to enable Apache port {{ apache_port }} localhost only
-  template:
+#   template:
-    src: ports.conf.j2
+#     src: ports.conf.j2
-    dest: "/etc/{{ apache_service }}/ports.conf"
+#     dest: "/etc/{{ apache_service }}/ports.conf"
-  when: nginx_enabled
+#   when: nginx_enabled
- name: Install /etc/{{ apache_service }}/ports.conf from template 2 of 2 (stock-apache-ports.conf) if not nginx_enabled, to disable Apache port {{ apache_port }} localhost only
+# - name: Install /etc/{{ apache_service }}/ports.conf from template 2 of 2 (stock-apache-ports.conf) if not nginx_enabled, to disable Apache port {{ apache_port }} localhost only
-  template:
+#   template:
-    src: stock-apache-ports.conf
+#     src: stock-apache-ports.conf
-    dest: "/etc/{{ apache_service }}/ports.conf"
+#     dest: "/etc/{{ apache_service }}/ports.conf"
-  when: not nginx_enabled
+#   when: not nginx_enabled
- name: Enable & Restart '{{ apache_service }}' if Apache is installed and enabled, since we stopped it
+# - name: Enable & Restart '{{ apache_service }}' if Apache is installed and enabled, since we stopped it
-  systemd:
+#   systemd:
-    name: "{{ apache_service }}"    # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml
+#     name: "{{ apache_service }}"    # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml
-    daemon_reload: yes
+#     daemon_reload: yes
-    state: restarted
+#     state: restarted
-    enabled: true
+#     enabled: true
-  when: apache_installed is defined and apache_enabled    # or not nginx_enabled
+#   when: apache_installed is defined and apache_enabled    # or not nginx_enabled
 - name: Enable & (Re)Start 'nginx' systemd service, if nginx_enabled
--- a/roles/nginx/tasks/install.yml
+++ b/roles/nginx/tasks/install.yml
@ -1,4 +1,4 @@
- name: Stop '{{ apache_service }}' systemd service
+- name: Stop '{{ apache_service }}' systemd service, in case it exists -- REGARDLESS /etc/{{ apache_service }}/ports.conf WILL BE OVERWRITTEN BELOW
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml
    state: stopped
@ -10,7 +10,7 @@
    name:
      - libnginx-mod-http-subs-filter
      - nginx-extras
-      - php{{ php_version }}-fpm    # Drags in [1] php{{ php_version }}-cli (superset of php{{ php_version }}-common) [2] libsodium23 (likewise installed in moodle/tasks/install.yml AND wordpress/tasks/install.yml) [3] php{{ php_version }}-json if PHP < 8.0 (NEEDED FOR nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml AND wordpress/tasks/install.yml)
+      - php{{ php_version }}-fpm    # INSTALLS [0] /etc/apache2/conf-available/php{{ php_version }}-fpm.conf AND DRAGS IN [1] php{{ php_version }}-cli (superset of php{{ php_version }}-common) [2] libsodium23 (likewise installed in moodle/tasks/install.yml AND wordpress/tasks/install.yml) [3] php{{ php_version }}-json if PHP < 8.0 (NEEDED FOR nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml AND wordpress/tasks/install.yml)
      - uwsgi                   # Admin Console & roles/captiveportal should really install
      - uwsgi-plugin-python3    # these 2 packages on demand (not every IIAB needs these).
    state: present
@ -42,7 +42,7 @@
    path: /etc/nginx/sites-enabled/default
    state: absent
- name: 'Install 3 (of 5) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/nginx/mime.types'
+- name: 'Install 4 (of 5) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/nginx/mime.types, /etc/{{ apache_service }}/ports.conf'
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
@ -50,7 +50,7 @@
    - { src: 'server.conf.j2', dest: '/etc/nginx/server.conf' }
    - { src: 'nginx.conf.j2', dest: '/etc/nginx/nginx.conf' }
    - { src: 'mime.types.j2', dest: '/etc/nginx/mime.types' }
-    # - { src: 'ports.conf.j2', dest: '/etc/{{ apache_service }}/ports.conf' }    # Moved to enable-or-disable.yml
+    - { src: 'apache-ports.conf', dest: '/etc/{{ apache_service }}/ports.conf' }    # 2021-08-08: Restored from enable-or-disable.yml
    # - { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" }    # Moved into homepage.yml, invoked later by roles/www_options/tasks/main.yml (see below!)
 - debug:
@ -61,7 +61,6 @@
  systemd:
    name: "php{{ php_version }}-fpm"
    state: restarted
  # when: nginx_enabled
 # RECORD NGINX AS INSTALLED
--- a/roles/nginx/templates/apache-ports.conf
+++ b/roles/nginx/templates/apache-ports.conf
@ -2,7 +2,11 @@
 # have to change the VirtualHost statement in
 # /etc/apache2/sites-enabled/000-default.conf
-Listen 127.0.0.1:{{ apache_port }}
+# Apache's stock default
 #Listen 80
 # IIAB NGINX proxying to legacy svcs (Dec 2019 - Aug 2021)
 #Listen 127.0.0.1:8090
 #<IfModule ssl_module>
 #	Listen 443
@ -13,3 +17,4 @@ Listen 127.0.0.1:{{ apache_port }}
 #</IfModule>
 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- a/roles/nginx/templates/stock-apache-ports.conf.unused
+++ b/roles/nginx/templates/stock-apache-ports.conf.unused
--- a/roles/phpmyadmin/tasks/enable-or-disable.yml
+++ b/roles/phpmyadmin/tasks/enable-or-disable.yml
@ -1,9 +1,9 @@
- name: Enable phpMyAdmin via Apache, if phpmyadmin_enabled
+# - name: Enable phpMyAdmin via Apache, if phpmyadmin_enabled
-  command: a2ensite phpmyadmin.conf
+#   command: a2ensite phpmyadmin.conf
-  when: phpmyadmin_enabled
+#   when: phpmyadmin_enabled
-  #when: apache_installed is defined and phpmyadmin_enabled
+#   #when: apache_installed is defined and phpmyadmin_enabled
- name: Disable phpMyAdmin via Apache, if not phpmyadmin_enabled
+# - name: Disable phpMyAdmin via Apache, if not phpmyadmin_enabled
-  command: a2dissite phpmyadmin.conf
+#   command: a2dissite phpmyadmin.conf
-  when: not phpmyadmin_enabled
+#   when: not phpmyadmin_enabled
-  #when: apache_installed is defined and not phpmyadmin_enabled
+#   #when: apache_installed is defined and not phpmyadmin_enabled
--- a/roles/phpmyadmin/tasks/install.yml
+++ b/roles/phpmyadmin/tasks/install.yml
@ -1,17 +1,17 @@
- name: "Set 'apache_install: True' and 'apache_enabled: True'"
+# - name: "Set 'apache_install: True' and 'apache_enabled: True'"
-  set_fact:
+#   set_fact:
-    apache_install: True
+#     apache_install: True
-    apache_enabled: True
+#     apache_enabled: True
-
+#
- name: APACHE - run 'httpd' role
+# - name: APACHE - run 'httpd' role
-  include_role:
+#   include_role:
-    name: httpd
+#     name: httpd
 - name: Unarchive {{ phpmyadmin_dl_url }} (7+ MB) to /opt (60+ MB)
  unarchive:
    remote_src: yes    # Overwrite even if "already exists on the target"
-    src: "{{ phpmyadmin_dl_url }}"    # e.g. https://files.phpmyadmin.net/phpMyAdmin/5.1.0/phpMyAdmin-5.1.0-all-languages.tar.xv
+    src: "{{ phpmyadmin_dl_url }}"    # e.g. https://files.phpmyadmin.net/phpMyAdmin/5.1.1/phpMyAdmin-5.1.1-all-languages.tar.xv
    dest: /opt
    owner: "{{ apache_user }}"    # www-data on debuntu
    group: "{{ apache_user }}"
@ -33,11 +33,11 @@
    owner: "{{ apache_user }}"
    group: "{{ apache_user }}"
- name: Install /etc/{{ apache_conf_dir }}/phpmyadmin.conf from template
+# - name: Install /etc/{{ apache_conf_dir }}/phpmyadmin.conf from template
-  template:
+#   template:
-    src: phpmyadmin.j2
+#     src: phpmyadmin.j2
-    dest: "/etc/{{ apache_conf_dir }}/phpmyadmin.conf"
+#     dest: "/etc/{{ apache_conf_dir }}/phpmyadmin.conf"
-  #when: apache_installed is defined
+#   #when: apache_installed is defined
 # RECORD phpMyAdmin AS INSTALLED
--- a/roles/phpmyadmin/tasks/main.yml
+++ b/roles/phpmyadmin/tasks/main.yml
@ -19,12 +19,13 @@
    quiet: yes
- name: Install phpMyAdmin if 'phpmyadmin_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
+- name: "INCOMPLETE WITHOUT APACHE AS OF 2021-07-06: Install phpMyAdmin if 'phpmyadmin_installed' not defined, e.g. in {{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
  include_tasks: install.yml
  when: phpmyadmin_installed is undefined
- include_tasks: enable-or-disable.yml
+- name: INCOMPLETE WITHOUT APACHE AS OF 2021-07-06
  include_tasks: enable-or-disable.yml
 - name: Add 'phpmyadmin' variable values to {{ iiab_ini_file }}
--- a/roles/phpmyadmin/templates/phpmyadmin.j2.unused
+++ b/roles/phpmyadmin/templates/phpmyadmin.j2.unused
--- a/roles/usb_lib/tasks/apache.yml.unused
+++ b/roles/usb_lib/tasks/apache.yml.unused
--- a/roles/usb_lib/tasks/install.yml
+++ b/roles/usb_lib/tasks/install.yml
@ -47,13 +47,13 @@
    state: present
  when: is_ubuntu
- name: Add dir {{ doc_root }}/local_content, where USB drive links can appear
+- name: Add dir {{ doc_root }}/local_content, where USB drive links can appear (0775)
  file:
    state: directory
    path: "{{ doc_root }}/local_content"
    owner: "{{ apache_user }}"
    group: "{{ apache_user }}"    # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222)
-    mode: '0775'
+    mode: 0775
 - name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off, /usr/sbin/iiab-clean-usb.sh'
  template:
@ -81,13 +81,6 @@
    path: /etc/usbmount/mount.d/00_create_model_symlink
    state: absent
 # 2021-03-25: Consider removing this stanza & all of this role's Apache logic!
 - name: Install /etc/{{ apache_conf_dir }}/content_dir.conf from template
  template:
    src: content_dir.conf
    dest: "/etc/{{ apache_conf_dir }}"    # apache2/sites-available on debuntu
  when: apache_installed is defined
 # RECORD 'USB_LIB' AS INSTALLED
--- a/roles/usb_lib/tasks/main.yml
+++ b/roles/usb_lib/tasks/main.yml
@ -56,13 +56,9 @@
  when: not usb_lib_umask0000_for_kolibri
- name: Enable/Disable/Restart Apache if primary
+- name: Enable/Disable/Restart NGINX
  include_tasks: apache.yml
  when: not nginx_enabled
 - name: Enable/Disable/Restart NGINX if primary
  include_tasks: nginx.yml
-  when: nginx_enabled
+
 # 2021-04-29: Clean up here to catch the already installed users, remove for the next release (PR #2760)
 - name: Remove /etc/usbmount/mount.d/00_create_model_symlink
--- a/tests/test.yml
+++ b/tests/test.yml
@ -28,11 +28,11 @@
    #- { role: dokuwiki }
    #- { role: ejabberd }
    #- { role: ejabberd_xs }
-    - { role: elgg }
+    #- { role: elgg }
    - { role: firmware }
    - { role: gitea }
    #- { role: homepage }
-    - { role: httpd }
+    #- { role: httpd }
    #- { role: idmgr }
    - { role: iiab-admin }
    - { role: internetarchive }
--- a/unmaintained-roles.txt
+++ b/unmaintained-roles.txt
@ -6,7 +6,9 @@ docker
 dokuwiki
 ejabberd
 ejabberd_xs
 elgg
 homepage
 httpd
 httpd-enable
 idmgr
 moodle-1.9
--- a/vars/default_vars.yml
+++ b/vars/default_vars.yml
@ -43,10 +43,6 @@ py3_dist_path: /usr/lib/python3/dist-packages
 # Ansible's default timeout for "get_url:" downloads (10 seconds) often fails
 download_timeout: 200
 # Languages (for Apache)
 default_language: en
 language_priority: en es fr
 # Real-time clock: RTC chip family.  Future auto-detection plausible?
 rtc_id: none    # Or ds3231 ?  Used in 1-prep/tasks/raspberry_pi.yml
@ -154,9 +150,11 @@ iiab_gateway_enabled: False
 gw_squid_whitelist: False
 gw_block_https: False
 # UNMAINTAINED as of July 2021
 dhcpd_install: False
 dhcpd_enabled: False
 # UNMAINTAINED as of July 2021
 # named (BIND)
 named_install: False
 named_enabled: False
@ -169,7 +167,7 @@ dnsmasq_enabled: True
 # Enable in local_vars.yml AFTER installing IIAB!  Then run "cd /opt/iiab/iiab; ./iiab-network"
 dns_jail_enabled: False
-# Bluetooth PAN access to IIAB server
+# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
 bluetooth_install: True
 bluetooth_enabled: False
 bluetooth_term_enabled: False
@ -263,17 +261,6 @@ nginx_high_php_limits: False
 # Make this False to disable http://box/common/services/power_off.php button:
 apache_allow_sudo: True
 # See also Apache vars {default_language, language_priority} @ top of this file
 #
 # 2020-09-24: BOTH VALUES BELOW ARE IGNORED as Apache is installed on demand as
 # a dependency -- by CUPS, Elgg, Lokole, Moodle, Node-RED, PBX &/or phpMyAdmin
 apache_install: False
 apache_enabled: False
 #
 # NGINX proxies to Apache for legacy IIAB services, using:
 apache_port: 8090
 apache_interface: 127.0.0.1    # 2020-01-13: Var unused
 # 4-SERVER-OPTIONS
@ -282,9 +269,11 @@ apache_interface: 127.0.0.1    # 2020-01-13: Var unused
 # DNS prep (dnsmasq, named &/or dhcpd) run here.  The full network stage runs
 # after 9-LOCAL-ADDONS (or manually run "cd /opt/iiab/iiab; ./iiab-network")
 # UNMAINTAINED as of July 2021
 squid_install: False
 squid_enabled: False
 # UNMAINTAINED as of July 2021
 # DansGuardian REQUIRES Squid (above) be installed & enabled.
 # DansGuardian is NO LONGER AVAILABLE in Debian Buster i.e. since June 2019.
 dansguardian_install: False
@ -339,7 +328,6 @@ idmgr_enabled: False    # 2020-01-23: UNUSED
 # 6-GENERIC-APPS
 # UNMAINTAINED as of September 2020
 azuracast_install: False
 azuracast_enabled: False    # This var is currently IGNORED
 azuracast_http_port: 10080
@ -360,6 +348,7 @@ dokuwiki_url: /dokuwiki
 ejabberd_install: False
 ejabberd_enabled: False
 # UNMAINTAINED as of July 2021
 elgg_install: False
 elgg_enabled: False
 # elgg_mysql_password: $6$iiab51$jeTwnATcbaa92xo0QBTgjLBU.5aVDDrbKeNyyC99R/TAWz6pvfzj.L7lfnOVVjD78nxqT.gkNn6XZmuRV0W3o1
@ -539,15 +528,16 @@ monit_install: False
 monit_enabled: False
 watchdog:
  - sshd
-  - idmgr
+  #- idmgr
-  - ejabberd
+  #- ejabberd
-  - httpd
+  #- httpd
  - postgresql
-  - squid
+  #- squid
 munin_install: False
 munin_enabled: False
 # UNMAINTAINED as of July 2021
 # Handy for maintaining tables, but DANGEROUS if not locked down
 phpmyadmin_install: False
 phpmyadmin_enabled: False
--- a/vars/local_vars_big.yml
+++ b/vars/local_vars_big.yml
@ -15,10 +15,6 @@
 # Ansible's default timeout for "get_url:" downloads (10 seconds) often fails
 download_timeout: 200
 # Languages (for Apache)
 default_language: en
 language_priority: en es fr
 # Real-time clock: set RTC chip family here.  Future auto-detection plausible?
 rtc_id: none    # Or ds3231 ?
@ -102,21 +98,10 @@ ports_externally_visible: 3     # ssh + http-or-https + common IIAB services
 # Set True if client machines should have "passthrough" access to WAN/Internet:
 iiab_gateway_enabled: False
 dhcpd_install: False
 dhcpd_enabled: False
 # named (BIND)
 named_install: False
 named_enabled: False
 # dnsmasq - handles DHCP and DNS
 dnsmasq_install: True
 dnsmasq_enabled: True
 # Enable AFTER installing IIAB!  Then run "cd /opt/iiab/iiab; ./iiab-network"
 dns_jail_enabled: False
-# Bluetooth PAN access to IIAB server
+# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
 bluetooth_install: True
 bluetooth_enabled: False
 bluetooth_term_enabled: False
@ -160,8 +145,6 @@ nginx_high_php_limits: False
 # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133
 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini
 # See also Apache vars {default_language, language_priority} @ top of this file
 #
 # Make this False to disable http://box/common/services/power_off.php button:
 apache_allow_sudo: True
@ -173,14 +156,6 @@ apache_allow_sudo: True
 # DNS prep (dnsmasq, named &/or dhcpd) run here.  The full network stage runs
 # after 9-LOCAL-ADDONS (or manually run "cd /opt/iiab/iiab; ./iiab-network")
 squid_install: False
 squid_enabled: False
 # DansGuardian REQUIRES Squid (above) be installed & enabled.
 # DansGuardian is NO LONGER AVAILABLE in Debian Buster i.e. since June 2019.
 dansguardian_install: False
 dansguardian_enabled: False
 # Common UNIX Printing System (CUPS)
 cups_install: True
 cups_enabled: True
@ -201,42 +176,12 @@ usb_lib_umask0000_for_kolibri: True
 # Lesser-supported XO services need additional testing.  Please contact
 # http://lists.laptop.org/pipermail/server-devel/ if you're able to help test.
 # UNMAINTAINED
 # xo_services_install: False
 # xo_services_enabled: False
 # UNMAINTAINED
 # activity_server_install: False
 # activity_server_enabled: False
 # UNMAINTAINED
 # Please instead consider 'ejabberd' in Stage 6-GENERIC-APPS below
 # ejabberd_xs_install: False
 # ejabberd_xs_enabled: False
 # UNMAINTAINED
 # Change calibre_port from 8080 to 8010 below, if you enable idmgr
 # idmgr_install: False
 # idmgr_enabled: False
 # 6-GENERIC-APPS
 # UNMAINTAINED as of September 2020
 azuracast_install: False
 azuracast_enabled: False    # This var is currently IGNORED.
 # UNMAINTAINED as of January 2020: https://github.com/iiab/iiab/issues/2056
 # dokuwiki_install: False
 # dokuwiki_enabled: False
 # UNMAINTAINED as of November 2019
 # ejabberd_install: False
 # ejabberd_enabled: False
 elgg_install: True
 elgg_enabled: True
 # Gitea (lightweight self-hosted "GitHub") from https://gitea.io
 gitea_install: True
 gitea_enabled: True
@ -347,8 +292,9 @@ monit_enabled: False
 munin_install: True
 munin_enabled: True
 # UNMAINTAINED as of July 2021
 # Handy for maintaining tables, but DANGEROUS if not locked down
-phpmyadmin_install: True
+phpmyadmin_install: False
 phpmyadmin_enabled: False
 vnstat_install: True
--- a/vars/local_vars_medium.yml
+++ b/vars/local_vars_medium.yml
@ -15,10 +15,6 @@
 # Ansible's default timeout for "get_url:" downloads (10 seconds) often fails
 download_timeout: 200
 # Languages (for Apache)
 default_language: en
 language_priority: en es fr
 # Real-time clock: set RTC chip family here.  Future auto-detection plausible?
 rtc_id: none    # Or ds3231 ?
@ -102,21 +98,10 @@ ports_externally_visible: 3     # ssh + http-or-https + common IIAB services
 # Set True if client machines should have "passthrough" access to WAN/Internet:
 iiab_gateway_enabled: False
 dhcpd_install: False
 dhcpd_enabled: False
 # named (BIND)
 named_install: False
 named_enabled: False
 # dnsmasq - handles DHCP and DNS
 dnsmasq_install: True
 dnsmasq_enabled: True
 # Enable AFTER installing IIAB!  Then run "cd /opt/iiab/iiab; ./iiab-network"
 dns_jail_enabled: False
-# Bluetooth PAN access to IIAB server
+# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
 bluetooth_install: True
 bluetooth_enabled: False
 bluetooth_term_enabled: False
@ -160,8 +145,6 @@ nginx_high_php_limits: False
 # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133
 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini
 # See also Apache vars {default_language, language_priority} @ top of this file
 #
 # Make this False to disable http://box/common/services/power_off.php button:
 apache_allow_sudo: True
@ -173,14 +156,6 @@ apache_allow_sudo: True
 # DNS prep (dnsmasq, named &/or dhcpd) run here.  The full network stage runs
 # after 9-LOCAL-ADDONS (or manually run "cd /opt/iiab/iiab; ./iiab-network")
 squid_install: False
 squid_enabled: False
 # DansGuardian REQUIRES Squid (above) be installed & enabled.
 # DansGuardian is NO LONGER AVAILABLE in Debian Buster i.e. since June 2019.
 dansguardian_install: False
 dansguardian_enabled: False
 # Common UNIX Printing System (CUPS)
 cups_install: False
 cups_enabled: False
@ -201,42 +176,12 @@ usb_lib_umask0000_for_kolibri: True
 # Lesser-supported XO services need additional testing.  Please contact
 # http://lists.laptop.org/pipermail/server-devel/ if you're able to help test.
 # UNMAINTAINED
 # xo_services_install: False
 # xo_services_enabled: False
 # UNMAINTAINED
 # activity_server_install: False
 # activity_server_enabled: False
 # UNMAINTAINED
 # Please instead consider 'ejabberd' in Stage 6-GENERIC-APPS below
 # ejabberd_xs_install: False
 # ejabberd_xs_enabled: False
 # UNMAINTAINED
 # Change calibre_port from 8080 to 8010 below, if you enable idmgr
 # idmgr_install: False
 # idmgr_enabled: False
 # 6-GENERIC-APPS
 # UNMAINTAINED as of September 2020
 azuracast_install: False
 azuracast_enabled: False    # This var is currently IGNORED.
 # UNMAINTAINED as of January 2020: https://github.com/iiab/iiab/issues/2056
 # dokuwiki_install: False
 # dokuwiki_enabled: False
 # UNMAINTAINED as of November 2019
 # ejabberd_install: False
 # ejabberd_enabled: False
 elgg_install: False
 elgg_enabled: False
 # Gitea (lightweight self-hosted "GitHub") from https://gitea.io
 gitea_install: False
 gitea_enabled: False
@ -347,6 +292,7 @@ monit_enabled: False
 munin_install: False
 munin_enabled: False
 # UNMAINTAINED as of July 2021
 # Handy for maintaining tables, but DANGEROUS if not locked down
 phpmyadmin_install: False
 phpmyadmin_enabled: False
--- a/vars/local_vars_min.yml
+++ b/vars/local_vars_min.yml
@ -15,10 +15,6 @@
 # Ansible's default timeout for "get_url:" downloads (10 seconds) often fails
 download_timeout: 200
 # Languages (for Apache)
 default_language: en
 language_priority: en es fr
 # Real-time clock: set RTC chip family here.  Future auto-detection plausible?
 rtc_id: none    # Or ds3231 ?
@ -102,21 +98,10 @@ ports_externally_visible: 3     # ssh + http-or-https + common IIAB services
 # Set True if client machines should have "passthrough" access to WAN/Internet:
 iiab_gateway_enabled: False
 dhcpd_install: False
 dhcpd_enabled: False
 # named (BIND)
 named_install: False
 named_enabled: False
 # dnsmasq - handles DHCP and DNS
 dnsmasq_install: True
 dnsmasq_enabled: True
 # Enable AFTER installing IIAB!  Then run "cd /opt/iiab/iiab; ./iiab-network"
 dns_jail_enabled: False
-# Bluetooth PAN access to IIAB server
+# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
 bluetooth_install: True
 bluetooth_enabled: False
 bluetooth_term_enabled: False
@ -160,8 +145,6 @@ nginx_high_php_limits: False
 # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133
 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini
 # See also Apache vars {default_language, language_priority} @ top of this file
 #
 # Make this False to disable http://box/common/services/power_off.php button:
 apache_allow_sudo: True
@ -173,14 +156,6 @@ apache_allow_sudo: True
 # DNS prep (dnsmasq, named &/or dhcpd) run here.  The full network stage runs
 # after 9-LOCAL-ADDONS (or manually run "cd /opt/iiab/iiab; ./iiab-network")
 squid_install: False
 squid_enabled: False
 # DansGuardian REQUIRES Squid (above) be installed & enabled.
 # DansGuardian is NO LONGER AVAILABLE in Debian Buster i.e. since June 2019.
 dansguardian_install: False
 dansguardian_enabled: False
 # Common UNIX Printing System (CUPS)
 cups_install: False
 cups_enabled: False
@ -201,42 +176,12 @@ usb_lib_umask0000_for_kolibri: True
 # Lesser-supported XO services need additional testing.  Please contact
 # http://lists.laptop.org/pipermail/server-devel/ if you're able to help test.
 # UNMAINTAINED
 # xo_services_install: False
 # xo_services_enabled: False
 # UNMAINTAINED
 # activity_server_install: False
 # activity_server_enabled: False
 # UNMAINTAINED
 # Please instead consider 'ejabberd' in Stage 6-GENERIC-APPS below
 # ejabberd_xs_install: False
 # ejabberd_xs_enabled: False
 # UNMAINTAINED
 # Change calibre_port from 8080 to 8010 below, if you enable idmgr
 # idmgr_install: False
 # idmgr_enabled: False
 # 6-GENERIC-APPS
 # UNMAINTAINED as of September 2020
 azuracast_install: False
 azuracast_enabled: False    # This var is currently IGNORED.
 # UNMAINTAINED as of January 2020: https://github.com/iiab/iiab/issues/2056
 # dokuwiki_install: False
 # dokuwiki_enabled: False
 # UNMAINTAINED as of November 2019
 # ejabberd_install: False
 # ejabberd_enabled: False
 elgg_install: False
 elgg_enabled: False
 # Gitea (lightweight self-hosted "GitHub") from https://gitea.io
 gitea_install: False
 gitea_enabled: False
@ -347,6 +292,7 @@ monit_enabled: False
 munin_install: False
 munin_enabled: False
 # UNMAINTAINED as of July 2021
 # Handy for maintaining tables, but DANGEROUS if not locked down
 phpmyadmin_install: False
 phpmyadmin_enabled: False
--- a/vars/local_vars_olpc.yml.unused
+++ b/vars/local_vars_olpc.yml.unused