Merge branch 'deprecate-wondershaper-etc' of https://github.com/holta/iiab into deprecate-wondershaper-etc

roles/0-init/tasks/validate_vars.yml

@@ -63,7 +63,7 @@
 #
 # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc
 
-- name: Set vars_checklist for 44 + 44 + 40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked
+- name: Set vars_checklist for 42 + 42 + 38 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked
   set_fact:
     vars_checklist:
       - hostapd
@@ -78,8 +78,8 @@
       #- nginx              # MANDATORY
       #- apache             # Unmaintained - former dependency
       #- mysql              # MANDATORY
-      - squid
-      - dansguardian
+      #- squid              # Unmaintained
+      #- dansguardian       # Unmaintained
       - cups
       - samba
       - usb_lib

roles/4-server-options/tasks/main.yml

@@ -35,9 +35,9 @@
   when: dhcpd_install is defined and dhcpd_install
 
 # UNMAINTAINED
-- name: Install Squid (and DansGuardian if dansguardian_install)
-  include_tasks: roles/network/tasks/squid.yml
-  when: squid_install is defined and squid_install
+# - name: Install Squid (and DansGuardian if dansguardian_install)
+#   include_tasks: roles/network/tasks/squid.yml
+#   when: squid_install is defined and squid_install
 
 
 - name: Install Bluetooth - only on Raspberry Pi

roles/network/defaults/main.yml

@@ -85,8 +85,8 @@ systemd_networkd_active: False
 # The values here are default local variables
 gui_wan_iface: unset
 gui_static_wan_ip: unset
-wondershaper_dspeed: 4096
-wondershaper_upspeed: 1024
+# wondershaper_dspeed: 4096
+# wondershaper_upspeed: 1024
 
 # netplan
 fix_dispatcher: True

roles/network/tasks/computed_network.yml

@@ -153,7 +153,7 @@
 
 - name: Add 'computed_network' variable values to {{ iiab_ini_file }}
   ini_file:
-    dest: "{{ iiab_ini_file }}"
+    dest: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
     section: computed_network
     option: "{{ item.option }}"
     value: "{{ item.value | string }}"

roles/network/tasks/computed_services.yml

@@ -1,17 +1,17 @@
 - name: No LAN configured - 'Appliance' mode
   set_fact:
-    dansguardian_enabled: False
-    squid_enabled: False
-    wondershaper_enabled: False
+    # dansguardian_enabled: False
+    # squid_enabled: False
+    # wondershaper_enabled: False
     hostapd_enabled: False
     iiab_network_mode: "Appliance"
   when: iiab_lan_iface == "none" or user_lan_iface == "none"
 
 - name: LAN configured - 'LanController' mode
   set_fact:
-    dansguardian_enabled: False
-    squid_enabled: False
-    wondershaper_enabled: False
+    # dansguardian_enabled: False
+    # squid_enabled: False
+    # wondershaper_enabled: False
     iiab_network_mode: "LanController"
   when: iiab_lan_iface != "none" and iiab_wan_iface == "none"
 
@@ -52,7 +52,7 @@
 
 - name: Add 'network' variable values (from computed_services.yml) to {{ iiab_ini_file }}
   ini_file:
-    dest: "{{ iiab_ini_file }}"
+    dest: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
     section: network
     option: "{{ item.option }}"
     value: "{{ item.value | string }}"

roles/network/tasks/enable_services.yml

@@ -11,29 +11,29 @@
     enabled: yes
   when: dhcpd_install and dhcpd_enabled
 
-- name: Install /etc/sysconfig/dhcpd, /etc/dhcpd-iiab.conf from templates
+- name: Install /etc/sysconfig/dhcpd, /etc/dhcpd-iiab.conf from templates (root:root, 0644 by default)
   template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
-    owner: root
-    group: root
-    mode: "{{ item.mode }}"
+    # owner: root
+    # group: root
+    # mode: "{{ item.mode }}"
   with_items:
-   - { src: 'dhcp/dhcpd-env.j2', dest: '/etc/sysconfig/dhcpd', mode: '0644' }
-   - { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf', mode: '0644' }
+   - { src: 'dhcp/dhcpd-env.j2', dest: '/etc/sysconfig/dhcpd' }
+   - { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf' }
   when: dhcpd_install and dhcpd_enabled
 
-- name: Install /etc/named-iiab.conf and two *.zone.db files into /var/named-iiab
+- name: Install /etc/named-iiab.conf and two *.zone.db files into /var/named-iiab (root:root, 0644 by default)
   template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
-    owner: root
-    group: root
-    mode: "{{ item.mode }}"
+    # owner: root
+    # group: root
+    # mode: "{{ item.mode }}"
   with_items:
-   - { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', mode: '0644' }
-   - { src: 'named/school.local.zone.db', dest: '/var/named-iiab/', mode: '0644' }
-   - { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/', mode: '0644' }
+   - { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf' }
+   - { src: 'named/school.local.zone.db', dest: '/var/named-iiab/' }
+   - { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/' }
   when: named_install and named_enabled
 
 - name: Enable named service ({{ dns_service }}) if named_enabled
@@ -93,13 +93,13 @@
 #- debug:
 #    var: nd_dir
 
-- name: To restart dnsmasq whenever br0 comes up, install /etc/networkd-dispatcher/routable.d/dnsmasq.sh from template (if isn't Appliance, and directory /etc/networkd-dispatcher/routable.d exists, i.e. OS's like Ubuntu 18.04 or later)
+- name: To restart dnsmasq whenever br0 comes up, install /etc/networkd-dispatcher/routable.d/dnsmasq.sh from template (if isn't Appliance, and directory /etc/networkd-dispatcher/routable.d exists, i.e. OS's like Ubuntu 18.04 or later) (root:root by default)
   template:
     src: roles/network/templates/network/dnsmasq.sh.j2
     dest: /etc/networkd-dispatcher/routable.d/dnsmasq.sh
     mode: 0755
-    owner: root
-    group: root
+    # owner: root
+    # group: root
   when: dnsmasq_install and dnsmasq_enabled and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance")
   #when: dnsmasq_install and dnsmasq_enabled and nd_enabled is defined and nd_enabled.stdout == "enabled" and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance")
   #when: dnsmasq_install and dnsmasq_enabled and systemd_out.status.UnitFileState == "enabled" and networkd_dir.stat.exists and networkd_dir.stat.isdir and (iiab_network_mode != "Appliance")
@@ -122,136 +122,136 @@
     enabled: no
   when: dnsmasq_install and not dnsmasq_enabled
 
-- name: Enable DansGuardian systemd service, if dansguardian_enabled
-  systemd:
-    name: dansguardian
-    enabled: yes
-  when: dansguardian_install and dansguardian_enabled
+# - name: Enable DansGuardian systemd service, if dansguardian_enabled
+#   systemd:
+#     name: dansguardian
+#     enabled: yes
+#   when: dansguardian_install and dansguardian_enabled
 
-- name: Disable DansGuardian, if not dansguardian_enabled
-  systemd:
-    name: dansguardian
-    enabled: no
-  when: (dansguardian_install or dansguardian_installed is defined) and not dansguardian_enabled
+# - name: Disable DansGuardian, if not dansguardian_enabled
+#   systemd:
+#     name: dansguardian
+#     enabled: no
+#   when: (dansguardian_install or dansguardian_installed is defined) and not dansguardian_enabled
 
-- name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }}, if squid_enabled
-  lineinfile:
-    path: "{{ iiab_env_file }}"
-    regexp: '^HTTPCACHE_ON=*'
-    line: 'HTTPCACHE_ON=True'
-    state: present
-  when: squid_install and squid_enabled
+# - name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }}, if squid_enabled
+#   lineinfile:
+#     path: "{{ iiab_env_file }}"
+#     regexp: '^HTTPCACHE_ON=*'
+#     line: 'HTTPCACHE_ON=True'
+#     state: present
+#   when: squid_install and squid_enabled
 
-- name: Enable Squid systemd service ({{ proxy }}) if squid_enabled
-  systemd:
-    name: "{{ proxy }}"
-    enabled: yes
-  when: squid_install and squid_enabled
+# - name: Enable Squid systemd service ({{ proxy }}) if squid_enabled
+#   systemd:
+#     name: "{{ proxy }}"
+#     enabled: yes
+#   when: squid_install and squid_enabled
 
-- name: Install /etc/{{ proxy }}/squid-iiab.conf from template, owned by {{ proxy_user }}:{{ proxy_user }}
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: "{{ item.owner }}"
-    group: "{{ item.group }}"
-    mode: "{{ item.mode }}"
-  with_items:
-    - src: squid/squid-iiab.conf.j2
-      dest: "/etc/{{ proxy }}/squid-iiab.conf"
-      owner: "{{ proxy_user }}"
-      group: "{{ proxy_user }}"
-      mode: 0644
-  when: squid_install and squid_enabled
+# - name: Install /etc/{{ proxy }}/squid-iiab.conf from template, owned by {{ proxy_user }}:{{ proxy_user }}
+#   template:
+#     src: "{{ item.src }}"
+#     dest: "{{ item.dest }}"
+#     owner: "{{ item.owner }}"
+#     group: "{{ item.group }}"
+#     mode: "{{ item.mode }}"
+#   with_items:
+#     - src: squid/squid-iiab.conf.j2
+#       dest: "/etc/{{ proxy }}/squid-iiab.conf"
+#       owner: "{{ proxy_user }}"
+#       group: "{{ proxy_user }}"
+#       mode: 0644
+#   when: squid_install and squid_enabled
 
-- name: Point to Squid config file from startup file, if squid_enabled (debuntu)
-  lineinfile:
-    regexp: '^CONFIG'
-    line: "CONFIG=/etc/{{ proxy }}/squid-iiab.conf"
-    path: "/etc/init.d/{{ proxy }}"
-  when: squid_install and squid_enabled and is_debuntu
+# - name: Point to Squid config file from startup file, if squid_enabled (debuntu)
+#   lineinfile:
+#     regexp: '^CONFIG'
+#     line: "CONFIG=/etc/{{ proxy }}/squid-iiab.conf"
+#     path: "/etc/init.d/{{ proxy }}"
+#   when: squid_install and squid_enabled and is_debuntu
 
-- name: Disable Squid service, if not squid_enabled
-  systemd:
-    name: "{{ proxy }}"
-    enabled: no
-  when: (squid_install or squid_installed is defined) and not squid_enabled
+# - name: Disable Squid service, if not squid_enabled
+#   systemd:
+#     name: "{{ proxy }}"
+#     enabled: no
+#   when: (squid_install or squid_installed is defined) and not squid_enabled
 
-- name: Revert to 'HTTPCACHE_ON=False' if not squid_enabled
-  lineinfile:
-    path: "{{ iiab_env_file }}"
-    regexp: '^HTTPCACHE_ON=*'
-    line: 'HTTPCACHE_ON=False'
-    state: present
-  when: squid_install and not squid_enabled
+# - name: Revert to 'HTTPCACHE_ON=False' if not squid_enabled
+#   lineinfile:
+#     path: "{{ iiab_env_file }}"
+#     regexp: '^HTTPCACHE_ON=*'
+#     line: 'HTTPCACHE_ON=False'
+#     state: present
+#   when: squid_install and not squid_enabled
 
-- name: Enable Wondershaper service, if wondershaper_enabled
-  systemd:
-    name: wondershaper
-    enabled: yes
-  when: wondershaper_install and wondershaper_enabled
+# - name: Enable Wondershaper service, if wondershaper_enabled
+#   systemd:
+#     name: wondershaper
+#     enabled: yes
+#   when: wondershaper_install and wondershaper_enabled
 
-- name: Disable Wondershaper service, if not wondershaper_enabled
-  systemd:
-    name: wondershaper
-    enabled: no
-  when: (wondershaper_install or wondershaper_installed is defined) and not wondershaper_enabled
+# - name: Disable Wondershaper service, if not wondershaper_enabled
+#   systemd:
+#     name: wondershaper
+#     enabled: no
+#   when: (wondershaper_install or wondershaper_installed is defined) and not wondershaper_enabled
 
 # check-LAN should be iptables.yml remove later
-- name: Install clean copy of /usr/bin/iiab-gen-iptables from template
+- name: Install clean copy of /usr/bin/iiab-gen-iptables from template (root:root by default)
   template:
     src: gateway/iiab-gen-iptables
     dest: /usr/bin/iiab-gen-iptables
-    owner: root
-    group: root
+    # owner: root
+    # group: root
     mode: 0755
 
-- name: Install iiab-internet-on|off
+- name: Install /usr/bin/iiab-internet-on|off from template (root:root by default)
   template:
     src: "{{ item }}"
     dest: /usr/bin/
-    owner: root
-    group: root
+    # owner: root
+    # group: root
     mode: 0755
   with_items:
     - gateway/iiab-internet-on
     - gateway/iiab-internet-off
 
 
-- name: Add 'squid' variable values to {{ iiab_ini_file }}
-  ini_file:
-    path: "{{ iiab_ini_file }}"
-    section: squid
-    option: "{{ item.option }}"
-    value: "{{ item.value | string }}"
-  with_items:
-    - option: squid_install
-      value: "{{ squid_install }}"
-    - option: squid_enabled
-      value: "{{ squid_enabled }}"
-  when: squid_installed is defined
+# - name: Add 'squid' variable values to {{ iiab_ini_file }}
+#   ini_file:
+#     path: "{{ iiab_ini_file }}"
+#     section: squid
+#     option: "{{ item.option }}"
+#     value: "{{ item.value | string }}"
+#   with_items:
+#     - option: squid_install
+#       value: "{{ squid_install }}"
+#     - option: squid_enabled
+#       value: "{{ squid_enabled }}"
+#   when: squid_installed is defined
 
-- name: Add 'dansguardian' variable values to {{ iiab_ini_file }}
-  ini_file:
-    path: "{{ iiab_ini_file }}"
-    section: dansguardian
-    option: "{{ item.option }}"
-    value: "{{ item.value | string }}"
-  with_items:
-    - option: dansguardian_install
-      value: "{{ dansguardian_install }}"
-    - option: dansguardian_enabled
-      value: "{{ dansguardian_enabled }}"
-  when: dansguardian_installed is defined
+# - name: Add 'dansguardian' variable values to {{ iiab_ini_file }}
+#   ini_file:
+#     path: "{{ iiab_ini_file }}"
+#     section: dansguardian
+#     option: "{{ item.option }}"
+#     value: "{{ item.value | string }}"
+#   with_items:
+#     - option: dansguardian_install
+#       value: "{{ dansguardian_install }}"
+#     - option: dansguardian_enabled
+#       value: "{{ dansguardian_enabled }}"
+#   when: dansguardian_installed is defined
 
-- name: Add 'wondershaper' variable values to {{ iiab_ini_file }}
-  ini_file:
-    path: "{{ iiab_ini_file }}"
-    section: wondershaper
-    option: "{{ item.option }}"
-    value: "{{ item.value | string }}"
-  with_items:
-    - option: wondershaper_install
-      value: "{{ wondershaper_install }}"
-    - option: wondershaper_enabled
-      value: "{{ wondershaper_enabled }}"
-  when: wondershaper_installed is defined
+# - name: Add 'wondershaper' variable values to {{ iiab_ini_file }}
+#   ini_file:
+#     path: "{{ iiab_ini_file }}"
+#     section: wondershaper
+#     option: "{{ item.option }}"
+#     value: "{{ item.value | string }}"
+#   with_items:
+#     - option: wondershaper_install
+#       value: "{{ wondershaper_install }}"
+#     - option: wondershaper_enabled
+#       value: "{{ wondershaper_enabled }}"
+#   when: wondershaper_installed is defined

roles/network/tasks/main.yml

@@ -21,9 +21,9 @@
 - name: computed_network
   include_tasks: computed_network.yml
 
-- name: Configure wondershaper
-  include_tasks: wondershaper.yml
-  when: wondershaper_install or wondershaper_installed is defined
+# - name: Configure wondershaper
+#   include_tasks: wondershaper.yml
+#   when: wondershaper_install or wondershaper_installed is defined
 
 - name: (Re)Install named
   include_tasks: named.yml
@@ -33,9 +33,9 @@
   include_tasks: dhcpd.yml
   when: dhcpd_install and FQDN_changed and iiab_stage|int == 9
 
-- name: (Re)Install Squid
-  include_tasks: squid.yml
-  when: squid_install and FQDN_changed and iiab_stage|int == 9
+# - name: (Re)Install Squid
+#   include_tasks: squid.yml
+#   when: squid_install and FQDN_changed and iiab_stage|int == 9
 
 #preprep for backends
 - name: Netplan in use on Ubuntu 18.04+

roles/network/tasks/restart.yml

@@ -16,37 +16,37 @@
     state: restarted
   when: named_enabled and named_install
 
-- name: Stop Squid service
-  systemd:
-    name: "{{ proxy }}"
-    state: stopped
-  async: 120
-  when: squid_install or squid_installed is defined
+# - name: Stop Squid service
+#   systemd:
+#     name: "{{ proxy }}"
+#     state: stopped
+#   async: 120
+#   when: squid_install or squid_installed is defined
 
-- name: Stop DansGuardian
-  systemd:
-    name: dansguardian
-    state: stopped
-  when: dansguardian_install or dansguardian_installed is defined
+# - name: Stop DansGuardian
+#   systemd:
+#     name: dansguardian
+#     state: stopped
+#   when: dansguardian_install or dansguardian_installed is defined
 
-- name: Restart DansGuardian service (dansguardian) except Ubuntu which needs reboot to activate
-  systemd:
-    name: dansguardian
-    state: restarted
-  when: dansguardian_enabled and dansguardian_install and ( not is_ubuntu and iiab_stage|int < 4 )
+# - name: Restart DansGuardian service (dansguardian) except Ubuntu which needs reboot to activate
+#   systemd:
+#     name: dansguardian
+#     state: restarted
+#   when: dansguardian_enabled and dansguardian_install and ( not is_ubuntu and iiab_stage|int < 4 )
 
-# Squid get re-loaded with dispatcher.d
-- name: Restart Squid service ({{ proxy }})
-  systemd:
-    name: "{{ proxy }}"
-    state: restarted
-  when: squid_enabled and squid_install
+# # Squid get re-loaded with dispatcher.d
+# - name: Restart Squid service ({{ proxy }})
+#   systemd:
+#     name: "{{ proxy }}"
+#     state: restarted
+#   when: squid_enabled and squid_install
 
-- name: Restart Wondershaper service (wondershaper)
-  systemd:
-    name: wondershaper
-    state: restarted
-  when: wondershaper_enabled
+# - name: Restart Wondershaper service (wondershaper)
+#   systemd:
+#     name: wondershaper
+#     state: restarted
+#   when: wondershaper_enabled
 
 - name: Restart Avahi service (avahi-daemon)
   systemd:

tests/test.yml

@@ -14,6 +14,7 @@
     - { role: 9-local-addons }
     #- { role: activity-server
     #- { role: ajenti }
+    - { role: all-vars }
     #- { role: authserver }
     - { role: awstats }
     - { role: azuracast }
@@ -80,9 +81,10 @@
     - { role: yarn }
     #- { roles: xovis }
 
-# Let's try to keep these 9 aligned:
+# Let's try to keep these 10 aligned:
 #
 # http://FAQ.IIAB.IO > "What services (IIAB apps) are suggested during installation?"
+# https://github.com/iiab/iiab/blob/master/vars/local_vars_unittest.yml
 # https://github.com/iiab/iiab/blob/master/vars/local_vars_min.yml
 # https://github.com/iiab/iiab/blob/master/vars/local_vars_medium.yml
 # https://github.com/iiab/iiab/blob/master/vars/local_vars_big.yml

vars/default_vars.yml

@@ -123,7 +123,7 @@ wifi_up_down: True    # Creates a 2nd virtual WiFi adapter for upstream WiFi
 
 # Set True if client machines should have "passthrough" access to WAN/Internet:
 iiab_gateway_enabled: False
-gw_squid_whitelist: False
+# gw_squid_whitelist: False
 gw_block_https: False
 
 # Gateway mode
@@ -185,8 +185,8 @@ block_DNS: False
 dns_jail_enabled: False
 
 # UNMAINTAINED as of October 2017: https://github.com/iiab/iiab/pull/382
-wondershaper_install: False
-wondershaper_enabled: False
+# wondershaper_install: False
+# wondershaper_enabled: False
 
 
 # 1-PREP
@@ -258,14 +258,14 @@ nginx_log_dir: /var/log/nginx
 # DNS prep (named &/or dhcpd) used to run here.  See dnsmasq in 1-PREP above.
 
 # UNMAINTAINED as of July 2021
-squid_install: False
-squid_enabled: False
+# squid_install: False
+# squid_enabled: False
 
 # UNMAINTAINED as of July 2021
 # DansGuardian REQUIRES Squid (above) be installed & enabled.
 # DansGuardian is NO LONGER AVAILABLE in Debian Buster i.e. since June 2019.
-dansguardian_install: False
-dansguardian_enabled: False
+# dansguardian_install: False
+# dansguardian_enabled: False
 
 # Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
 bluetooth_install: True