external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Merge pull request #2142 from holta/nginx-quick-cleanup

Browse source 
(1) Quick clean high-level roles: NGINX, Apache, network, OpenVPN, numbered roles (stages) & defaults_vars.yml (2) Add vars/ubuntu-20.yml for Ubuntu 20.04 pre-releases (3) Fix http://box/mediawiki
This commit is contained in:
A Holt 2020-01-13 17:51:30 -05:00 committed by GitHub
commit 144f6b9cc5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
26 changed files with 209 additions and 230 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
roles/0-init/tasks/main.yml
View file

@ -21,13 +21,13 @@
copy:
src: "{{ iiab_dir }}/scripts/iiab-diagnostics"
dest: /usr/bin/
mode: 0755
mode: '0755'
- name: Create globally-writable directory /etc/iiab/diag so non-root users can run iiab-diagnostics
file:
state: directory
path: /etc/iiab/diag
mode: 0777
mode: '0777'
- name: Re-read local_facts.facts from /etc/ansible/facts.d
setup:

20
roles/1-prep/tasks/main.yml
View file

@ -55,9 +55,9 @@
copy:
src: roles/1-prep/files/iiab.conf
dest: /etc/tmpfiles.d/
owner: root
group: root
mode: 0644
# owner: root
# group: root
# mode: '0644'
force: yes
when: grep_ubermix.rc == 0 # 1 if absent in file, 2 if file doesn't exist
#when: ro_dir.stat.exists
@ -66,27 +66,26 @@
include_role:
name: sshd
# has no "when: XXXXX_install" flag
tags: base, sshd
#tags: base, sshd
- name: IIAB-ADMIN
include_role:
name: iiab-admin
# has no "when: XXXXX_install" flag
tags: base, iiab-admin
#tags: base, iiab-admin
- name: OPENVPN
include_role:
name: openvpn
when: openvpn_install | bool
tags: openvpn
#tags: openvpn
# for rpi, without rtc, we need time as soon as possible
- name: Install chrony (an NTP package) especially for RPi's lacking RTC
package:
name: chrony
state: present
tags:
- download
#tags: download
#TODO: Use regexp filter instead of hard-code ip
- name: Install /etc/chrony.conf from template
@ -102,7 +101,7 @@
# Curiously this has NOT stopped IIAB 7.0/master from working on Debian 10
# pre-releases, during @floydianslips' March 2019 testing anyway! SEE #1387
- name: Disable AppArmor -- override OS default (ubuntu)
service:
systemd:
name: apparmor
enabled: False
state: stopped
@ -141,6 +140,3 @@
template:
src: roles/1-prep/templates/iiab.env.j2
dest: "{{ iiab_env_file }}"
owner: root
group: root
mode: 0644

67
roles/2-common/tasks/main.yml
View file

@ -23,57 +23,21 @@
- include_tasks: packages.yml
- include_tasks: iptables.yml
- sysctl:
name: net.ipv4.ip_forward
value: '1'
state: present
- sysctl:
name: net.ipv4.conf.default.rp_filter
value: '1'
state: present
- sysctl:
name: net.ipv4.conf.default.accept_source_route
value: '0'
state: present
- sysctl:
name: kernel.sysrq
value: '1'
state: present
- sysctl:
name: kernel.core_uses_pid
value: '1'
state: present
- sysctl:
name: net.ipv4.tcp_syncookies
value: '1'
state: present
- sysctl:
name: kernel.shmmax
value: '268435456'
state: present
# IPv6 disabled
- sysctl:
name: net.ipv6.conf.all.disable_ipv6
value: '1'
state: present
- sysctl:
name: net.ipv6.conf.default.disable_ipv6
value: '1'
state: present
- sysctl:
name: net.ipv6.conf.lo.disable_ipv6
value: '1'
state: present
- name: Use 'sysctl' to set 10 network/kernel settings, turning off IPv6 if possible
sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}"
with_items:
- { name: 'net.ipv4.ip_forward', value: '1' }
- { name: 'net.ipv4.conf.default.rp_filter', value: '1' }
- { name: 'net.ipv4.conf.default.accept_source_route', value: '0' }
- { name: 'kernel.sysrq', value: '1' }
- { name: 'kernel.core_uses_pid', value: '1' }
- { name: 'net.ipv4.tcp_syncookies', value: '1' }
- { name: 'kernel.shmmax', value: '268435456' }
- { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled
- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' }
- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' }
- name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH
template:
@ -91,4 +55,3 @@
dest: "{{ iiab_env_file }}"
regexp: '^STAGE=*'
line: 'STAGE=2'
state: present

17
roles/3-base-server/tasks/main.yml
View file

@ -3,30 +3,29 @@
- name: ...IS BEGINNING =====================================
command: echo
- name: Install NGINX (configured LATER, in Stage 9-LOCAL-ADDONS)
include_tasks: roles/nginx/tasks/install.yml
when: nginx_install | bool
- name: HTTPD (APACHE)
include_role:
name: httpd
when: apache_install | bool
tags: base, httpd
#tags: base, httpd
- name: MYSQL
include_role:
name: mysql
# has no "when: XXXXX_install" flag
tags: base, mysql
- name: Install nginx
include_tasks: roles/nginx/tasks/install.yml
when: nginx_install | bool
when: mysql_install | bool
#tags: base, mysql
- name: Install dnsmasq
include_tasks: roles/network/tasks/dnsmasq.yml
when: dnsmasq_install | bool
tags: base, domain, dnsmasq, network
#tags: base, domain, dnsmasq, network
- name: Recording STAGE 3 HAS COMPLETED =====================
lineinfile:
dest: "{{ iiab_env_file }}"
regexp: '^STAGE=*'
line: 'STAGE=3'
state: present

19
roles/4-server-options/tasks/main.yml
View file

@ -8,29 +8,29 @@
- name: Install named / BIND
include_tasks: roles/network/tasks/named.yml
when: named_install | bool
tags: base, named, network, domain
#tags: base, named, network, domain
- name: Installing dhcpd
include_tasks: roles/network/tasks/dhcpd.yml
when: dhcpd_install | bool
tags: base, dhcpd, network, domain
#tags: base, dhcpd, network, domain
- name: Install Squid (and DansGuardian if dansguardian_install)
include_tasks: roles/network/tasks/squid.yml
when: squid_install | bool
tags: base, squid, network, domain
#tags: base, squid, network, domain
- name: Install Bluetooth - only on Raspberry Pi
include_role:
name: bluetooth
when: (is_rpi and bluetooth_install) or bluetooth_installed is defined
tags: bluetooth
#tags: bluetooth
- name: USB-LIB
include_role:
name: usb-lib
when: usb_lib_install | bool
tags: usb-lib
#tags: usb-lib
# NETWORK moved to the very end, after Stage 9 (9-LOCAL-ADDONS)
# It can also be run manually using: cd /opt/iiab/iiab; ./iiab-network
@ -46,25 +46,25 @@
include_role:
name: homepage
# has no "when: XXXXX_install" flag
tags: base, homepage
#tags: base, homepage
- name: POSTGRESQL
include_role:
name: postgresql
when: postgresql_install | bool
tags: postgresql, pathagar, moodle
#tags: postgresql, pathagar, moodle
- name: CUPS
include_role:
name: cups
when: cups_install or cups_installed is defined
tags: cups
#tags: cups
- name: SAMBA
include_role:
name: samba
when: samba_install or samba_installed is defined
tags: samba
#tags: samba
- name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script was installed at the beginning of Stage 3 = roles/3-base-server/tasks/main.yml, which ran Apache playbook = roles/httpd/tasks/main.yml)
command: /usr/bin/iiab-refresh-wiki-docs
@ -75,4 +75,3 @@
dest: "{{ iiab_env_file }}"
regexp: '^STAGE=*'
line: 'STAGE=4'
state: present

7
roles/5-xo-services/tasks/main.yml
View file

@ -7,23 +7,22 @@
include_role:
name: activity-server
when: activity_server_install | bool
tags: olpc, activity-server
#tags: olpc, activity-server
- name: EJABBERD_XS
include_role:
name: ejabberd_xs
when: ejabberd_xs_install | bool
tags: olpc, ejabberd-xs
#tags: olpc, ejabberd-xs
- name: IDMGR
include_role:
name: idmgr
when: idmgr_install | bool
tags: olpc, idmgr
#tags: olpc, idmgr
- name: Recording STAGE 5 HAS COMPLETED =====================
lineinfile:
dest: "{{ iiab_env_file }}"
regexp: '^STAGE=*'
line: 'STAGE=5'
state: present

50
roles/6-generic-apps/tasks/main.yml
View file

@ -6,75 +6,79 @@
- name: AZURACAST
include_role:
name: azuracast
tags: azuracast
when: azuracast_install | bool
#tags: azuracast
# UNMAINTAINED
- name: DOKUWIKI
include_role:
name: dokuwiki
tags: dokuwiki
- name: MEDIAWIKI
include_role:
name: mediawiki
tags: mediawiki
when: dokuwiki_install | bool
#tags: dokuwiki
# UNMAINTAINED
- name: EJABBERD
include_role:
name: ejabberd
when: ejabberd_install | bool
tags: ejabberd
#tags: ejabberd
- name: ELGG
include_role:
name: elgg
tags: elgg
when: elgg_install | bool
#tags: elgg
- name: GITEA
include_role:
name: gitea
tags: gitea
when: gitea_install | bool
#tags: gitea
- name: LOKOLE
include_role:
name: lokole
tags: lokole
when: lokole_install | bool
#tags: lokole
- name: MEDIAWIKI
include_role:
name: mediawiki
when: mediawiki_install | bool
#tags: mediawiki
- name: MOSQUITTO
include_role:
name: mosquitto
tags: mosquitto
when: mosquitto_install | bool
#tags: mosquitto
- name: NODE-RED
include_role:
name: nodered
tags: nodered
when: nodered_install | bool
#tags: nodered
- name: NEXTCLOUD
include_role:
name: nextcloud
tags: nextcloud
#- name: OWNCLOUD
# include_role:
# name: owncloud
# when: owncloud_install | bool
# tags: owncloud
when: nextcloud_install | bool
#tags: nextcloud
- name: PBX
include_role:
name: pbx
when: pbx_install | bool
tags: pbx
#tags: pbx
- name: WORDPRESS
include_role:
name: wordpress
tags: wordpress
when: wordpress_install | bool
#tags: wordpress
- name: Recording STAGE 6 HAS COMPLETED ====================
lineinfile:
dest: "{{ iiab_env_file }}"
regexp: '^STAGE=*'
line: 'STAGE=6'
state: present

23
roles/7-edu-apps/tasks/main.yml
View file

@ -6,50 +6,55 @@
- name: KALITE
include_role:
name: kalite
tags: kalite
when: kalite_install | bool
#tags: kalite
- name: KOLIBRI
include_role:
name: kolibri
tags: kolibri
when: kolibri_install | bool
#tags: kolibri
- name: KIWIX
include_role:
name: kiwix
tags: kiwix
when: kiwix_install | bool
#tags: kiwix
- name: MOODLE
include_role:
name: moodle
tags: olpc, moodle
when: moodle_install | bool
#tags: olpc, moodle
- name: OSM-VECTOR-MAPS
include_role:
name: osm-vector-maps
tags: osm, maps
when: osm_vector_maps_install | bool
#tags: osm, maps
# UNMAINTAINED
- name: OSM
include_role:
name: osm
when: osm_install is defined and osm_install
tags: osm, maps
#tags: osm, maps
# UNMAINTAINED
- name: PATHAGAR
include_role:
name: pathagar
when: pathagar_install is defined and pathagar_install
tags: pathagar
#tags: pathagar
- name: SUGARIZER
include_role:
name: sugarizer
tags: sugarizer
when: sugarizer_install | bool
#tags: sugarizer
- name: Recording STAGE 7 HAS COMPLETED ========================
lineinfile:
dest: "{{ iiab_env_file }}"
regexp: '^STAGE=*'
line: 'STAGE=7'
state: present

15
roles/8-mgmt-tools/tasks/main.yml
View file

@ -7,39 +7,40 @@
include_role:
name: transmission
when: transmission_install | bool
tags: transmission
#tags: transmission
- name: AWSTATS
include_role:
name: awstats
tags: awstats
when: awstats_install | bool
#tags: awstats
- name: MONIT
include_role:
name: monit
when: monit_install | bool
tags: monit
#tags: monit
- name: MUNIN
include_role:
name: munin
tags: munin
when: munin_install | bool
#tags: munin
- name: PHPMYADMIN
include_role:
name: phpmyadmin
when: phpmyadmin_install | bool
tags: phpmyadmin
#tags: phpmyadmin
- name: VNSTAT
include_role:
name: vnstat
when: vnstat_install | bool
tags: vnstat
#tags: vnstat
- name: Recording STAGE 8 HAS COMPLETED ======================
lineinfile:
dest: "{{ iiab_env_file }}"
regexp: '^STAGE=*'
line: 'STAGE=8'
state: present

34
roles/9-local-addons/tasks/main.yml
View file

@ -6,55 +6,53 @@
- name: INTERNETARCHIVE
include_role:
name: internetarchive
tags: internetarchive
when: internetarchive_install | bool
#tags: internetarchive
# Until porting complete (@jvonau helping transition to Python 3)
#- name: 'Install Python 2.7 packages: python, python-pip'
# package:
# name:
# - python
# - python-pip # Used by Admin Console
# state: present
# To be ported soon
# Is porting to Python 3 complete, and if so does this belong elsewhere?
- name: CAPTIVE PORTAL
include_tasks: roles/captiveportal/tasks/main.yml
when: captiveportal_install | bool
tags: base, captiveportal, network, domain
#tags: base, captiveportal, network, domain
- name: MINETEST
include_role:
name: minetest
tags: minetest
when: minetest_install | bool
#tags: minetest
# KEEP AT THE END as this installs dependencies from Debian's 'testing' branch!
- name: CALIBRE
include_role:
name: calibre
tags: calibre
when: calibre_install | bool
#tags: calibre
- name: CALIBRE-WEB
include_role:
name: calibre-web
tags: calibre-web
when: calibreweb_install | bool
#tags: calibre-web
# Could split these two below to Stage 10?
- name: Configure NGINX
- name: Configure NGINX (already installed in Stage 3-BASE-SERVER)
# If just CONFIGURING, should we use one of the following instead ??
# include_tasks: roles/nginx/tasks/setup.yml
# include_tasks: roles/nginx/tasks/enable.yml
include_role:
name: nginx
when: nginx_install | bool
tags: base, nginx
#tags: base, nginx
- name: Configure Apache systemd service ({{ apache_service }})
include_role:
name: httpd-enable
when: apache_install | bool
tags: base, httpd
#tags: base, httpd
- name: Recording STAGE 9 HAS COMPLETED ====================
lineinfile:
dest: "{{ iiab_env_file }}"
regexp: '^STAGE=*'
line: 'STAGE=9'
state: present

6
roles/httpd/defaults/main.yml
View file

@ -1,6 +1,12 @@
# default_language: en
# language_priority: en es fr
# apache_install: True
# apache_enabled: False
# apache_port: 8090 # NGINX proxies to this IP address, for legacy IIAB services still requiring Apache
# apache_interface: 127.0.0.1
# For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147
# apache_high_php_limits: False
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!

1
roles/mediawiki/defaults/main.yml
View file

@ -26,4 +26,5 @@ mediawiki_install_path: "{{ content_base }}" # /library
mediawiki_abs_path: "{{ mediawiki_install_path }}/mediawiki-{{ mediawiki_version }}"
mediawiki_url: /wiki
mediawiki_url2: /mediawiki
mediawiki_full_url: "http://{{ iiab_hostname }}.{{ iiab_domain }}{{ mediawiki_url }}" # http://box.lan/wiki

4
roles/mediawiki/tasks/enable.yml
View file

@ -16,13 +16,13 @@
# NGINX
- name: Enable http://box{{ mediawiki_url }} via NGINX, by installing {{ nginx_config_dir }}/mediawiki-nginx.conf from template
- name: Enable http://box{{ mediawiki_url }} & http://box{{ mediawiki_url2 }} via NGINX, by installing {{ nginx_config_dir }}/mediawiki-nginx.conf from template
template:
src: mediawiki-nginx.conf.j2
dest: "{{ nginx_config_dir }}/mediawiki-nginx.conf"
when: nginx_install and mediawiki_enabled
- name: Disable http://box{{ mediawiki_url }} via NGINX, by removing {{ nginx_config_dir }}/mediawiki-nginx.conf
- name: Disable http://box{{ mediawiki_url }} & http://box{{ mediawiki_url2 }} via NGINX, by removing {{ nginx_config_dir }}/mediawiki-nginx.conf
file:
path: "{{ nginx_config_dir }}/mediawiki-nginx.conf"
state: absent

5
roles/mediawiki/templates/mediawiki-nginx.conf.j2
View file

@ -52,3 +52,8 @@ location {{ mediawiki_url }}/ {
location = {{ mediawiki_url }} {
return 301 {{ mediawiki_url }}/Main_Page;
}
# http://box/mediawiki* redirect to http://box/wiki/Main_Page
location {{ mediawiki_url2 }} {
return 301 {{ mediawiki_url }}/Main_Page;
}

66
roles/network/tasks/main.yml
View file

@ -1,8 +1,6 @@
- include_tasks: detected_network.yml
when: not installing #REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml
tags:
- network #REMOVE SUCH LINES (BELOW TOO) AS WE'RE IN "network" ?
- network-discover
when: not installing # REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml
#tags: network, network-discover # REMOVE SUCH LINES (BELOW TOO) AS WE'RE IN "network" ?
- name: IF WIFI IS PRIMARY GATEWAY, PLEASE RUN 'iiab-hotspot-on' MANUALLY
set_fact:
@ -29,14 +27,10 @@
- include_tasks: computed_network.yml
when: not installing #REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml
tags:
- network
- network-discover
#tags: network, network-discover
- include_tasks: hostapd.yml
tags:
- network
- AP
#tags: network, AP
#- name: RPi - don't reboot to AP post install - installed via wifi - don't blow away current network
# set_fact:
@ -50,17 +44,12 @@
##### End static ip address info
#- include_tasks: hosts.yml
# tags:
# - network
# - hostname
# - domain
# tags: network, hostname, domain
- name: Configure wondershaper
include_tasks: wondershaper.yml
when: wondershaper_install | bool or wondershaper_installed is defined
tags:
- network
- wondershaper
#tags: network, wondershaper
- name: (Re)Install named
include_tasks: named.yml
@ -76,24 +65,13 @@
#### start services
- include_tasks: avahi.yml
tags:
- network
#tags: network
- include_tasks: computed_services.yml
tags:
- network
- named
- dhcpd
- dnsmasq
- squid
#tags: network, named, dhcpd, dnsmasq, squid
- include_tasks: enable_services.yml
tags:
- network
- named
- dhcpd
- dnsmasq
- squid
#tags: network, named, dhcpd, dnsmasq, squid
#### end services
#### Start network layout
@ -101,52 +79,40 @@
include_tasks: ifcfg_mods.yml
when: is_redhat | bool
#and not installing
tags:
- network
#tags: network
- name: Netplan in use on Ubuntu 18.04+
include_tasks: netplan.yml
when: is_ubuntu and not is_ubuntu_16
#when: is_ubuntu_18 | bool
#and not installing
tags:
- network
#tags: network
- name: NetworkManager in use
include_tasks: NM-debian.yml
when: is_debuntu and network_manager_active
#and not installing
tags:
- network
#tags: network
- name: systemd-networkd in use
include_tasks: sysd-netd-debian.yml
when: is_debuntu and systemd_networkd_active
#and not installing
tags:
- network
#tags: network
- name: RPi's have dhcpcd in use
include_tasks: rpi_debian.yml
when: is_debuntu and is_rpi
#and not installing
tags:
- network
#tags: network
- name: Not RPi, Not NetworkManager, Not systemd-networkd in use
include_tasks: debian.yml
when: (not is_rpi and not network_manager_active and not systemd_networkd_active and is_debuntu) or is_ubuntu_16
#and not installing
tags:
- network
#tags: network
#### end network layout
- include_tasks: restart.yml
when: not installing
tags:
- network
- named
- dhcpd
- dnsmasq
- squid
- AP
#tags: network, named, dhcpd, dnsmasq, squid, AP

15
roles/nginx/defaults/main.yml
View file

@ -1 +1,14 @@
nginx_log_dir: /var/log/nginx
# 2019-01-13: IIAB's use of NGINX is still evolving -- please review this
# evolving doc: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md
# nginx_install: True
# nginx_enabled: True
# nginx_port: 80
# nginx_interface: 0.0.0.0
# nginx_config_dir: /etc/nginx/conf.d
# nginx_log_dir: /var/log/nginx
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!

0
roles/nginx/tasks/disable.yml → roles/nginx/tasks/disable.yml.deprecated
View file

0
roles/nginx/tasks/only_nginx.yml → roles/nginx/tasks/only_nginx.yml.deprecated
View file

0
roles/nginx/tasks/uses_apache.yml → roles/nginx/tasks/uses_apache.yml.deprecated
View file

0
roles/nginx/templates/dokuwiki-nginx.conf → roles/nginx/templates/dokuwiki-nginx.conf.deprecated
View file

0
roles/nginx/templates/kalite-nginx.conf → roles/nginx/templates/kalite-nginx.conf.unused
View file

0
roles/nginx/templates/mediawiki-nginx.conf.j2 → roles/nginx/templates/mediawiki-nginx.conf.j2.deprecated
View file

0
roles/nginx/templates/wordpress-nginx.conf → roles/nginx/templates/wordpress-nginx.conf.deprecated
View file

28
roles/openvpn/tasks/main.yml
View file

@ -1,11 +1,16 @@
# TO DO: WRAP 10 OR 11 STANZAS BELOW (and saving vars to iiab_ini_file at
# bottom) INTO install.yml, somehow conditioned by...
# when: openvpn_install | bool
#
# BEWARE: 11th stanza (ssh pubkey deletions) is already conditioned by...
# when: not openvpn_install
- name: Install OpenVPN and Nmap packages
package:
name:
- openvpn
- nmap
state: present
#tags:
# - download
# Newer versions of NMap do not include NCat, needed to announce /etc/iiab/openvpn_handle
- name: Install Ncat package (if Debian > 9 or Ubuntu > 18)
@ -13,17 +18,12 @@
name: ncat
state: present
when: is_debuntu and not (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18)
#when: need_ncat | bool
#tags:
# - download
- name: Install ssh public keys for remote support (if openvpn_install)
lineinfile:
line: "{{ item.pubkey }}"
regexp: "{{ item.regexp }}"
path: /root/.ssh/authorized_keys
#backup: yes
when: openvpn_install | bool
with_items:
- regexp: "LvCSAAcfYIdZPR4ePVpVUZ/IbkGjpQSoRMa5HuVjMO3cZNR27ptqjNjq2husJOyhMFCOBTzo4thioGyTpBr4u3s=$" # Tim Moody
pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAhlQIh8ZPx4awdM0O6QNcPbx3qIZ39FHjF2YJ2SX3z7iLnYiz03Ek6Bux9P4HvaVAqlApiz2I68Vq8TfU2s/+LvCSAAcfYIdZPR4ePVpVUZ/IbkGjpQSoRMa5HuVjMO3cZNR27ptqjNjq2husJOyhMFCOBTzo4thioGyTpBr4u3s="
@ -46,20 +46,16 @@
regexp: "{{ item }}"
path: /root/.ssh/authorized_keys
state: absent
#backup: yes
when: not openvpn_install
with_items:
- "LvCSAAcfYIdZPR4ePVpVUZ/IbkGjpQSoRMa5HuVjMO3cZNR27ptqjNjq2husJOyhMFCOBTzo4thioGyTpBr4u3s=$"
- "tUM4hl009fbXY4Yy3bAadWL1CquVrZmKfBBWhyhz8zLD6TQ== ghunt@ip-192-168-123-123.ec2.internal$"
- "heOMXXNU6skxdPh2fcHh0bzQcaCSQ== holt@crank$"
when: not openvpn_install
- name: 'Create dirs: /etc/openvpn/keys, /etc/openvpn/scripts'
file:
path: "{{ item }}"
state: directory
owner: root
group: root
mode: 0755
with_items:
- /etc/openvpn/keys
- /etc/openvpn/scripts
@ -68,8 +64,6 @@
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
backup: yes
with_items:
@ -83,14 +77,12 @@
- { src: 'openvpn_handle.j2', dest: '/etc/iiab/openvpn_handle', mode: '0644' }
- { src: 'iiab-remote-on.j2', dest: '/usr/bin/iiab-remote-on', mode: '0755' }
- { src: 'iiab-remote-off', dest: '/usr/bin/iiab-remote-off', mode: '0755' }
# 2019-10-09: Not recommended for over a year & no longer in use
# - { src: 'iiab-handle.j2', dest: '/usr/bin/iiab-handle', mode: '0755' }
- name: Copy /opt/iiab/iiab/iiab-support to /usr/bin/iiab-support, in case git tree deleted e.g. on a smaller IIAB install
copy:
src: "{{ iiab_dir }}/iiab-support"
dest: /usr/bin/
mode: 0755
mode: '0755'
- name: Create iiab-support-on (symlink to iiab-support for now)
file:
@ -116,6 +108,7 @@
path: /usr/bin/iiab-vpn-off
state: link
# TO DO: WRAP COMMENTS + 4 ACTIVE STANZAS BELOW INTO enable.yml...
# FIXED SOMETIME PRIOR TO AUGUST 2018: earlier versions of Ansible had not
# been working with systemd service names that contained the "@" character.
@ -198,7 +191,6 @@
# ignore_errors: True
# when: not openvpn_enabled and not installing
- name: Add 'openvpn' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}"

27
vars/default_vars.yml
View file

@ -225,27 +225,27 @@ exFAT_enabled: True
# 3-BASE-SERVER
# Variables for Administrative Console
# 2020-01-13: Both vars unused
admin_console_install: True
admin_console_enabled: True
# variables related to introduction of nginx
# apache
apache_install: True
apache_enabled: False
apache_port: "8090"
apache_interface: "127.0.0.1"
# The following variable, if True, allows Admin Console to poweroff IIAB
# see below
#allow_apache_sudo: False
nginx_port: "80"
nginx_interface: "0.0.0.0"
# 2019-01-13: IIAB's use of NGINX is still evolving -- please review this
# evolving doc: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md
nginx_install: True
nginx_enabled: True
nginx_port: 80
nginx_interface: 0.0.0.0
nginx_config_dir: /etc/nginx/conf.d
nginx_log_dir: /var/log/nginx
# See also Apache vars {default_language, language_priority} @ top of this file
apache_install: True
apache_enabled: False
#
# NGINX proxies to Apache for legacy IIAB services, using:
apache_port: 8090
apache_interface: 127.0.0.1 # 2020-01-13: Var unused
#
# For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147
apache_high_php_limits: False
@ -657,6 +657,7 @@ calibreweb_home: "{{ content_base }}/calibre-web" # /library/calibre-web
is_debuntu: False # Covers all 3: Ubuntu, Debian, Raspbian
is_ubuntu: False
is_ubuntu_20: False
is_ubuntu_19: False
is_ubuntu_18: False
is_ubuntu_17: False

31
vars/ubuntu-20.yml Normal file
View file

@ -0,0 +1,31 @@
is_debuntu: True
is_ubuntu: True
is_ubuntu_20: True
# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True
# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True)
dns_service: bind9
dns_user: bind
dhcp_service: isc-dhcp-server
proxy: squid
proxy_user: proxy
apache_service: apache2
apache_user: www-data
apache_config_dir: apache2/sites-available
apache_log_dir: /var/log/apache2
smb_service: smbd
nmb_service: nmbd
systemctl_program: /bin/systemctl
# issue raised
mysql_service: mariadb
apache_log: /var/log/apache2/access.log
sshd_package: openssh-server
sshd_service: ssh
php_version: 7.3 # 7.4 might be nec for Ubuntu 20.04 later?
# "postgresql_version: 11.2" failed (too detailed for /etc/systemd/system/postgresql-iiab.service on Ubuntu 19.04)
postgresql_version: 12
systemd_location: /lib/systemd/system
# Upgrade Ubuntu 20.04's Calibre 4.x to very latest...for now?
calibre_via_debs: False
calibre_via_python: True