external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Merge branch 'master' into cwivagg/matomo_20220618

Browse source
This commit is contained in:
cwivagg 2022-07-12 09:29:09 -04:00 committed by GitHub
commit 14b202d095
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
148 changed files with 1922 additions and 1442 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -54,4 +54,4 @@ Install our latest pre-release using the 1-line installer at: [**download.iiab.i
You can also consider <!--latest Internet-in-a-Box (IIAB)--> earlier official releases at: [github.com/iiab/iiab/releases](https://github.com/iiab/iiab/releases)
For much older versions, see: [github.com/xsce](http://github.com/xsce), [schoolserver.org](http://schoolserver.org)
For much older versions, see: [github.com/xsce](https://github.com/xsce), [schoolserver.org](http://schoolserver.org)

8
iiab-from-cmdline.yml
View file

@ -3,10 +3,10 @@
become: yes
vars_files:
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- /etc/iiab/local_vars.yml
- /etc/iiab/iiab_state.yml
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- /etc/iiab/local_vars.yml
- /etc/iiab/iiab_state.yml
roles:
- { role: 0-init }

8
iiab-from-console.yml
View file

@ -3,10 +3,10 @@
become: yes
vars_files:
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- /etc/iiab/local_vars.yml
- /etc/iiab/iiab_state.yml
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- /etc/iiab/local_vars.yml
- /etc/iiab/iiab_state.yml
roles:
- { role: 0-init }

88
iiab-install
View file

@ -1,17 +1,57 @@
#!/bin/bash -e
# Running from a git repo
# Add cmdline options for passing to ansible
# Todo add proper shift to gobble up --debug --reinstall
PLAYBOOK=iiab-stages.yml
INVENTORY=ansible_hosts
IIAB_STATE_FILE=/etc/iiab/iiab_state.yml
ARGS=""
ARGS="--extra-vars {" # Needs boolean not string so use JSON list. bash forces {...} to '{...}' for Ansible
CWD=`pwd`
OS=`grep ^ID= /etc/os-release | cut -d= -f2`
OS=${OS//\"/}
OS=${OS//\"/} # Remove all '"'
MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993
MIN_ANSIBLE_VER=2.11.6 # Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB.
MIN_ANSIBLE_VER=2.12.7 # Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB.
REINSTALL=false
DEBUG=false
SKIP_ROLE_ON_ERROR=false
usage() {
echo -e "\n\e[1mUse './iiab-install' for regular installs, or to continue an install."
echo -e "Use './iiab-install --risky' to force 'skip_role_on_error: True'"
echo -e "Use './iiab-install --reinstall' to force running all Stages 0-9, followed by the Network Role."
echo -e "Use './iiab-install --debug' to run Stage 0, followed by Stages 3-9, followed by the Network Role."
echo -e "Use './iiab-configure' to run Stage 0, followed by Stages 4-9."
echo -e "Use './runrole' to run Stage 0, followed by a single Stage or Role."
echo -e "Use './iiab-network' to run Stage 0, followed by the Network Role.\e[0m\n"
}
# https://stackoverflow.com/questions/192249/how-do-i-parse-command-line-arguments-in-bash/14203146#14203146
while [[ $# -gt 0 ]]; do
case $1 in
--reinstall)
REINSTALL=true
shift
;;
--debug)
DEBUG=true
shift
;;
-r|--risky)
SKIP_ROLE_ON_ERROR=true
shift
;;
*)
usage
exit 1
;;
esac
done
ARGS="$ARGS\"skip_role_on_error\":$SKIP_ROLE_ON_ERROR" # Needs boolean not
# string so use JSON list. Ansible permits these boolean values: (refresher)
# https://github.com/iiab/iiab/blob/master/roles/0-init/tasks/validate_vars.yml#L19-L43
if [ ! -f /etc/iiab/local_vars.yml ]; then
@ -27,11 +67,11 @@ if [ ! -f /etc/iiab/local_vars.yml ]; then
echo -e "\nEXITING: /opt/iiab/iiab/iiab-install REQUIRES /etc/iiab/local_vars.yml\n" >&2
echo -e "(1) Please read http://wiki.laptop.org/go/IIAB/local_vars.yml to learn more" >&2
echo -e "(2) MIN/MEDIUM/BIG samples are included in /opt/iiab/iiab/vars" >&2
echo -e "(1) See http://FAQ.IIAB.IO -> What is local_vars.yml and how do I customize it?" >&2
echo -e "(2) SMALL/MEDIUM/LARGE samples are included in /opt/iiab/iiab/vars" >&2
echo -e "(3) NO TIME FOR DETAILS? RUN INTERNET-IN-A-BOX'S FRIENDLY 1-LINE INSTALLER:\n" >&2
echo -e ' http://download.iiab.io\n' >&2
echo -e ' https://download.iiab.io\n' >&2
exit 1
fi
@ -57,16 +97,6 @@ if [ ! -f $PLAYBOOK ]; then
exit 1
fi
if [ "$1" != "--debug" ] && [ "$1" != "--reinstall" ] && [ "$1" != "" ]; then
echo "Use './iiab-install' for regular installs, or to continue an install."
echo "Use './iiab-install --reinstall' to force running all Stages 0-9, followed by the Network Role."
echo "Use './iiab-install --debug' to run Stage 0, followed by Stages 3-9, followed by the Network Role."
echo "Use './iiab-configure' to run Stage 0, followed by Stages 4-9."
echo "Use './runrole' to run Stage 0, followed by a single Stage or Role."
echo "Use './iiab-network' to run Stage 0, followed by the Network Role."
exit 1
fi
# Subroutine compares software version numbers. Generates rare false positives
# like "1.0 > 1" and "2.4.0 > 2.4". Avoid risks by structuring conditionals w/
# a consistent # of decimal points e.g. "if version_gt w.x.y.z a.b.c.d; then"
@ -125,27 +155,23 @@ if [ -f /etc/iiab/iiab.env ]; then
fi
fi
if [ "$1" == "--reinstall" ]; then
if $($REINSTALL); then
STAGE=0
ARGS="$ARGS"" --extra-vars reinstall=True"
#ARGS="$ARGS"" --extra-vars reinstall=True"
ARGS="$ARGS,\"reinstall\":True" # Needs boolean not string so use JSON list
sed -i 's/^STAGE=.*/STAGE=0/' /etc/iiab/iiab.env
echo "Wrote STAGE=0 (counter) to /etc/iiab/iiab.env"
elif [ "$STAGE" -ge 2 ] && [ "$1" == "--debug" ]; then
elif [ "$STAGE" -ge 2 ] && $($DEBUG); then
STAGE=2
sed -i 's/^STAGE=.*/STAGE=2/' /etc/iiab/iiab.env
echo "Wrote STAGE=2 (counter) to /etc/iiab/iiab.env"
elif [ "$STAGE" -eq 9 ]; then
echo -e "\nEXITING: STAGE (counter) in /etc/iiab/iiab.env shows Stage 9 Is Already Done."
echo -e "Use './iiab-install --reinstall' to force running all Stages 0-9, followed by the Network Role."
echo -e "Use './iiab-install --debug' to run Stage 0, followed by Stages 3-9, followed by the Network Role."
echo -e "Use './iiab-configure' to run Stage 0, followed by Stages 4-9."
echo -e "Use './runrole' to run Stage 0, followed by a single Stage or Role."
echo -e "Use './iiab-network' to run Stage 0, followed by the Network Role.\n\n"
exit 0 # Allows rerunning http://download.iiab.io/install.txt
echo -e "\n\e[1mEXITING: STAGE (counter) in /etc/iiab/iiab.env shows Stage 9 Is Already Done.\e[0m"
usage
exit 0 # Allows rerunning https://download.iiab.io/install.txt
fi
fi
if [ "$STAGE" -lt 2 ] && [ "$1" == "--debug" ]; then
if [ "$STAGE" -lt 2 ] && $($DEBUG); then
echo -e "\n'--debug' *ignored* as STAGE (counter) < 2."
fi
@ -168,6 +194,8 @@ export ANSIBLE_LOG_PATH="$CWD""/iiab-install.log"
ansible -m setup -i $INVENTORY localhost --connection=local | grep python
ansible -m setup -i $INVENTORY localhost --connection=local >> /dev/null # So vars are recorded in /opt/iiab/iiab/iiab-install.log
ansible-playbook -i $INVENTORY $PLAYBOOK ${ARGS} --connection=local
ARGS="$ARGS}"
echo -e "\nNOW RUN: ansible-playbook -i $INVENTORY $PLAYBOOK $ARGS --connection=local\n"
ansible-playbook -i $INVENTORY $PLAYBOOK $ARGS --connection=local
echo -e "./iiab-install $* COMPLETED IN $CWD\n\n"

8
iiab-network.yml
View file

@ -3,10 +3,10 @@
become: yes
vars_files:
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- /etc/iiab/local_vars.yml
- /etc/iiab/iiab_state.yml
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- /etc/iiab/local_vars.yml
- /etc/iiab/iiab_state.yml
roles:
- { role: 0-init }

10
iiab-stages.yml
View file

@ -3,11 +3,11 @@
become: yes
vars_files:
- roles/0-init/defaults/main.yml
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- /etc/iiab/local_vars.yml
- /etc/iiab/iiab_state.yml
- roles/0-init/defaults/main.yml
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- /etc/iiab/local_vars.yml
- /etc/iiab/iiab_state.yml
tasks:

6
install-support.yml → install-support.yml.unused
View file

@ -2,9 +2,9 @@
become: yes
vars_files:
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- /etc/iiab/local_vars.yml
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- /etc/iiab/local_vars.yml
roles:
- { role: 0-init }

8
roles/0-init/defaults/main.yml
View file

@ -23,14 +23,6 @@
# ...after it is set in 0-init/tasks/main.yml
first_run: False
rpi_model: none # 2021-07-30: Broadly used!
#xo_model: none # 2021-07-30: No longer used
# 2021-07-30: Recorded to /etc/iiab/iiab.ini but not used programmatically:
gw_active: False
# 2021-07-30: Broadly used, but not in an organized way -- most all IIAB
# outfitting/provisioning happens online -- in situations where connectivity
# failures should be reported to the operator, rather than papered over:
internet_available: False
discovered_wan_iface: none # 2021-07-30: Very broadly used!
# 2021-07-30: Barely used -- for {named, dhcpd, squid} in
# roles/network/tasks/main.yml -- after being set in 0-init/tasks/network.yml

6
roles/0-init/tasks/create_iiab_ini.yml
View file

@ -29,14 +29,16 @@
value: "{{ ansible_architecture }}"
- option: iiab_base_ver
value: "{{ iiab_base_ver }}"
- option: iiab_remote_url
value: "{{ ansible_local.local_facts.iiab_remote_url }}"
- option: iiab_branch
value: "{{ ansible_local.local_facts.iiab_branch }}"
- option: iiab_commit
value: "{{ ansible_local.local_facts.iiab_commit }}"
- option: iiab_recent_tag
value: "{{ ansible_local.local_facts.iiab_recent_tag }}"
- option: install_date
value: "{{ ansible_date_time.iso8601 }}"
#- option: xo_model
# value: "{{ xo_model }}"
- option: rpi_model
value: "{{ rpi_model }}"
- option: devicetree_model

27
roles/0-init/tasks/hostname.yml
View file

@ -1,3 +1,8 @@
- name: "Set 'iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}'"
set_fact:
iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}"
FQDN_changed: False
- name: Does /etc/cloud/cloud.cfg exist e.g. is this Ubuntu Server 18+ ?
stat:
path: /etc/cloud/cloud.cfg
@ -17,16 +22,10 @@
# 2021-08-31: Periods in /etc/hostname fail with some WiFi routers (#2904)
# command: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}"
#- name: Install /etc/sysconfig/network from template (redhat)
# template:
# src: roles/network/templates/network/sysconfig.network.j2
# dest: /etc/sysconfig/network
# owner: root
# group: root
# mode: 0644
# when: is_redhat
# roles/network/tasks/hosts.yml [no longer in use] ALSO did this:
# 2022-07-11: Should the first entry match just hostname and domain move to
# after localhost? See PR's #1 & #8 -- with discussion on #3302 -- and also:
# 1. /etc/hosts -- #1815 solved by PR #1847
# 2. /etc/hostname -- #2904 solved by PR #2973
- name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan"'
lineinfile:
path: /etc/hosts
@ -36,6 +35,14 @@
#group: root
#mode: 0644
# 2021-07-30: FQDN_changed isn't used as in the past -- its remaining use is
# for {named, dhcpd, squid} in roles/network/tasks/main.yml -- possibly it
# should be reconsidered? See PR #2876: roles/network might become optional?
- name: "Also set 'FQDN_changed: True' -- if iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }})"
set_fact:
FQDN_changed: True
when: iiab_fqdn != ansible_fqdn
#- name: Re-configuring httpd - not initial install
# include_tasks: roles/httpd/tasks/main.yml
# when: iiab_stage|int > 3

34
roles/0-init/tasks/main.yml
View file

@ -11,14 +11,8 @@
set_fact:
rpi_model: "{{ ansible_local.local_facts.rpi_model }}"
devicetree_model: "{{ ansible_local.local_facts.devicetree_model }}"
#xo_model: "{{ ansible_local.local_facts.xo_model }}"
iiab_stage: "{{ ansible_local.local_facts.stage }}"
# 2020-10-29: Appears no longer nec (see 3 above ansible_local.local_facts.*)
#- name: Re-read local_facts.facts from /etc/ansible/facts.d
# setup:
# filter: ansible_local
# Initialize /etc/iiab/iiab.ini writing the 'location' and 'version' sections
# once and only once, to preserve the install date and git hash.
- name: Create {{ iiab_ini_file }}, if it doesn't exist
@ -27,9 +21,9 @@
# 2021-07-30: The 'first_run' flag isn't much used anymore. In theory it's
# still used in these 2 places:
# (1) roles/1-prep/tasks/main.yml for raspberry_pi.yml
# (1) roles/1-prep/tasks/hardware.yml for raspberry_pi.yml
# (2) roles/network/tasks/named.yml for "Stop named before copying files"
# In practice however, it's no longer important, and might be reconsidered?
# This needs to be reworked for 0-init speed, and overall understandability.
- name: Set first_run flag
set_fact:
first_run: True
@ -38,11 +32,14 @@
# Copies the latest/known version of iiab-diagnostics into /usr/bin (so it can
# be run even if local source tree /opt/iiab/iiab is deleted to conserve disk).
- name: Copy /opt/iiab/iiab/scripts/iiab-diagnostics to /usr/bin/iiab-diagnostics
- name: Copy iiab-summary & iiab-diagnostics from /opt/iiab/iiab/scripts/ to /usr/bin/
copy:
src: "{{ iiab_dir }}/scripts/iiab-diagnostics"
src: "{{ iiab_dir }}/scripts/{{ item }}"
dest: /usr/bin/
mode: '0755'
with_items:
- iiab-summary
- iiab-diagnostics
- name: Create globally-writable directory /etc/iiab/diag (0777) so non-root users can run 'iiab-diagnostics'
file:
@ -57,9 +54,8 @@
- name: "Time Zone / TZ: Set symlink /etc/localtime to UTC if it doesn't exist?"
include_tasks: tz.yml
- name: Test Gateway + Test Internet + Set new hostname/domain (hostname.yml) if nec + Set 'gui_port' to 80 or 443 for Admin Console
include_tasks: network.yml
- name: Set hostname / domain (etc) in various places
include_tasks: hostname.yml
- name: Add 'runtime' variable values to {{ iiab_ini_file }}
ini_file:
@ -74,10 +70,14 @@
value: "{{ iiab_base_ver }}"
- option: iiab_revision
value: "{{ iiab_revision }}"
- option: iiab_remote_url
value: "{{ ansible_local.local_facts.iiab_remote_url }}"
- option: runtime_branch
value: "{{ ansible_local.local_facts.iiab_branch }}"
- option: runtime_commit
value: "{{ ansible_local.local_facts.iiab_commit }}"
- option: iiab_recent_tag
value: "{{ ansible_local.local_facts.iiab_recent_tag }}"
- option: runtime_date
value: "{{ ansible_date_time.iso8601 }}"
- option: ansible_version
@ -88,10 +88,6 @@
value: "{{ ansible_memtotal_mb }}"
- option: swap_mb
value: "{{ ansible_swaptotal_mb }}"
- option: gw_active
value: "{{ gw_active }}"
- option: internet_available
value: "{{ internet_available }}"
- option: rpi_model
value: "{{ rpi_model }}"
- option: devicetree_model
@ -102,10 +98,6 @@
value: "{{ local_tz }}"
- option: etc_localtime.stdout # e.g. 'America/New_York' direct from symlink /etc/localtime -- or '' if /etc/localtime doesn't exist
value: "{{ etc_localtime.stdout }}"
#- option: no_NM_reload
# value: "{{ no_NM_reload }}"
#- option: is_F18
# value: "{{ is_F18 }}"
- option: FQDN_changed
value: "{{ FQDN_changed }}"

74
roles/0-init/tasks/network.yml
View file

@ -1,74 +0,0 @@
- name: Do we have a gateway? If 'ip route' specifies a default route, Ansible parses details here...
debug:
var: ansible_default_ipv4
- name: "If above ansible_default_ipv4.gateway is defined, set WAN candidate 'discovered_wan_iface: {{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias"
set_fact:
discovered_wan_iface: "{{ ansible_default_ipv4.alias }}"
when: ansible_default_ipv4.gateway is defined
- name: "Verify gateway active: ping -c4 {{ ansible_default_ipv4.gateway }} -- using ansible_default_ipv4.gateway"
shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" | grep icmp_seq=4 | wc -l
register: gw_active_test
when: discovered_wan_iface != "none"
- name: "If gateway responded, set 'gw_active: True' and 'iiab_wan_iface: {{ discovered_wan_iface }}' -- using discovered_wan_iface"
set_fact:
iiab_wan_iface: "{{ discovered_wan_iface }}"
gw_active: True
when: discovered_wan_iface != "none" and gw_active_test.stdout == "1"
- name: 'Test for Internet access, using: {{ iiab_download_url }}/heart-beat.txt'
get_url:
url: "{{ iiab_download_url }}/heart-beat.txt"
dest: /tmp/heart-beat.txt
#timeout: "{{ download_timeout }}"
# @jvonau recommends: 100sec is too much (keep 10sec default)
ignore_errors: True
#async: 10
#poll: 2
register: internet_access_test
- name: "Set 'internet_available: True' if above download succeeded AND not disregard_network"
set_fact:
internet_available: True # Initialized to 'False' in 0-init/defaults/main.yml
when: not internet_access_test.failed and not disregard_network
- name: Remove downloaded Internet test file /tmp/heart-beat.txt
file:
path: /tmp/heart-beat.txt
state: absent
- name: "Set 'iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}'"
set_fact:
iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}"
FQDN_changed: False
- name: Set hostname / domain (etc) in various places -- if iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }})
include_tasks: hostname.yml
when: iiab_fqdn != ansible_fqdn
# 2021-07-30: FQDN_changed isn't used as in the past -- its remaining use is
# for {named, dhcpd, squid} in roles/network/tasks/main.yml -- possibly it
# should be reconsidered? See PR #2876: roles/network might become optional?
- name: "Also set 'FQDN_changed: True' -- if iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }})"
set_fact:
FQDN_changed: True
when: iiab_fqdn != ansible_fqdn
# 2021-08-17: (1) iiab-gen-iptables works better if gui_port is set directly in
# default_vars.yml and/or local_vars.yml (2) Admin Console's iiab-admin.yml
# and js-menu.yml set 'adm_cons_force_ssl: False'
# - name: "Set 'gui_port: 80' for Admin Console if not adm_cons_force_ssl"
# set_fact:
# gui_port: 80
# when: not adm_cons_force_ssl
# - name: "Set 'gui_port: 443' for Admin Console if adm_cons_force_ssl"
# set_fact:
# gui_port: 443
# when: adm_cons_force_ssl

4
roles/0-init/tasks/validate_vars.yml
View file

@ -63,7 +63,8 @@
#
# 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc
- name: Set vars_checklist for 46 + 46 + 42 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked
- name: Set vars_checklist for 45 + 45 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked
set_fact:
vars_checklist:
- hostapd
@ -123,6 +124,7 @@
- calibreweb
- calibre
- pbx
- network
- name: Assert that {{ vars_checklist | length }} "XYZ_install" vars are all... defined
assert:

2
roles/1-prep/tasks/hardware.yml
View file

@ -14,7 +14,7 @@
- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6
get_url:
url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode" # http://download.iiab.io/packages
url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode" # https://download.iiab.io/packages
dest: /lib/firmware
timeout: "{{ download_timeout }}"
when: usb_NUC6.stdout|int > 0

19
roles/1-prep/tasks/main.yml
View file

@ -23,9 +23,15 @@
name: iiab-admin
#when: iiab_admin_install # Flag might be created in future?
- name: Install dnsmasq -- configure LATER in 'network', after Stage 9
include_tasks: roles/network/tasks/dnsmasq.yml
#when: dnsmasq_install # Flag might be used in future?
- name: Copy iiab-apps-to-be-installed from {{ iiab_dir }} to /usr/bin/
copy:
src: "{{ iiab_dir }}/scripts/iiab-apps-to-be-installed" # /opt/iiab/iiab
dest: /usr/bin/
mode: '0755'
- name: Install ~12 network/wifi/related packages + Squid if necessary + configure /etc/sysctl.conf -- full configuration LATER in 'network', after Stage 9
include_tasks: roles/network/tasks/install.yml
when: network_install and network_installed is undefined
- include_tasks: uuid.yml
- include_tasks: ubermix.yml
@ -62,7 +68,10 @@
# when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed
- name: Recording STAGE 1 HAS COMPLETED ============================
- name: Install {{ iiab_env_file }} from template -- FYI this file can be run as a script if absolutely nec -- e.g. 'source /etc/iiab/iiab.env && echo $WWWROOT'
template:
src: roles/1-prep/templates/iiab.env.j2
dest: "{{ iiab_env_file }}" # Can also be run as a script if absolutely nec, e.g. 'source /etc/iiab/iiab.env && echo $WWWROOT'
dest: "{{ iiab_env_file }}"
- name: Recording STAGE 1 HAS COMPLETED ============================
meta: noop

6
roles/2-common/tasks/fl.yml
View file

@ -1,6 +1,6 @@
# fl.yml signifies "file layout"
- name: "File Layout - Create directories: 1 in /etc, 1 in {{ py3_dist_path }}, 3 in {{ iiab_base }}, 17 in {{ content_base }}" # iiab_base: /opt/iiab
- name: "File Layout - Create directories: 1 in {{ py3_dist_path }}, 2 in {{ iiab_base }}, 17 in {{ content_base }}" # iiab_base: /opt/iiab
file:
path: "{{ item }}"
# owner: root
@ -8,9 +8,9 @@
# mode: '0755'
state: directory
with_items:
- /etc/sysconfig/olpc-scripts/setup.d/installed/
#- /etc/sysconfig/olpc-scripts/setup.d/installed/
- "{{ py3_dist_path }}/iiab" # /usr/lib/python3/dist-packages
- "{{ yum_packages_dir }}" # /opt/iiab/yum-packages
#- "{{ yum_packages_dir }}" # /opt/iiab/yum-packages
- "{{ pip_packages_dir }}" # /opt/iiab/pip-packages
- "{{ downloads_dir }}" # /opt/iiab/downloads
#- "{{ content_base }}/downloads" # /library/downloads auto-created just below

10
roles/2-common/tasks/main.yml
View file

@ -8,8 +8,14 @@
- include_tasks: packages.yml
- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall)
include_tasks: network.yml
- name: "Use 'sysctl' to set 'kernel.core_uses_pid: 1' in /etc/sysctl.conf"
sysctl: # Places these settings in /etc/sysctl.conf, to survive reboot
name: "{{ item.name }}"
value: "{{ item.value }}"
with_items:
#- { name: 'kernel.sysrq', value: '1' } # OS values differ, Ok?
- { name: 'kernel.core_uses_pid', value: '1' }
#- { name: 'kernel.shmmax', value: '268435456' } # OS values differ, Ok?
- include_tasks: iiab-startup.yml

4
roles/2-common/tasks/packages.yml
View file

@ -16,12 +16,12 @@
#- lynx # 505kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml
#- make # 376kB download: 2021-07-27: Currently used by roles/pbx and no other roles
- mlocate # 92kB download
#- ntfs-3g # 379kB download: RaspiOS installs this regardless -- 2021-07-31: But this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g -- and upcoming kernel 5.15 improvements: https://www.phoronix.com/scan.php?page=news_item&px=New-NTFS-Likely-For-Linux-5.15
#- ntfs-3g # 379kB download: RasPiOS installs this regardless -- 2021-07-31: But this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g -- and upcoming kernel 5.15 improvements: https://www.phoronix.com/scan.php?page=news_item&px=New-NTFS-Likely-For-Linux-5.15
#- openssh-server # 318kB download: RasPiOS installs this regardless -- this is also installed by 1-prep's roles/sshd/tasks/main.yml to cover all OS's
- pandoc # 19kB download: For /usr/bin/iiab-refresh-wiki-docs
- pastebinit # 47kB download: For /usr/bin/iiab-diagnostics
#- python3-pip # 337kB download: RasPiOS installs this regardless -- 2021-07-29: And already installed by /opt/iiab/iiab/scripts/ansible -- this auto-installs 'python3-setuptools' and 'python3' etc
#- python3-venv # 1188kB download: RasPiOS installs this regardless -- 2021-07-30: For Ansible module 'pip' used in roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves. FYI: Debian 11 auto-installs 'python3-venv' when you install 'python3' -- whereas Ubuntu (e.g. 20.04 & 21.10) and RaspiOS 10 did not.
#- python3-venv # 1188kB download: RasPiOS installs this regardless -- 2021-07-30: For Ansible module 'pip' used in roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves. FYI: Debian 11 auto-installs 'python3-venv' when you install 'python3' -- whereas Ubuntu (e.g. 20.04 & 21.10) and RasPiOS 10 did not.
- rsync # 351kB download: RasPiOS installs this regardless
#- screen # 551kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml
- sqlite3 # 1054kB download

17
roles/4-server-options/tasks/main.yml
View file

@ -24,23 +24,6 @@
name: sshd
when: sshd_install
# UNMAINTAINED
- name: Install named / BIND
include_tasks: roles/network/tasks/named.yml
when: named_install is defined and named_install
# UNMAINTAINED
- name: Install dhcpd
include_tasks: roles/network/tasks/dhcpd.yml
when: dhcpd_install is defined and dhcpd_install
# LESS MAINTAINED
- name: Install Squid
include_tasks: roles/network/tasks/squid.yml
when: squid_install and squid_installed is undefined
- name: Install Bluetooth - only on Raspberry Pi
include_role:
name: bluetooth

4
roles/6-generic-apps/tasks/main.yml
View file

@ -3,6 +3,7 @@
- name: ...IS BEGINNING ====================================
meta: noop
# UNMAINTAINED
- name: AZURACAST
include_role:
name: azuracast
@ -36,10 +37,11 @@
name: jupyterhub
when: jupyterhub_install
# UNMAINTAINED
- name: LOKOLE
include_role:
name: lokole
when: lokole_install
when: lokole_install is defined and lokole_install
- name: MEDIAWIKI
include_role:

47
roles/awstats/tasks/main.yml
View file

@ -19,27 +19,34 @@
quiet: yes
- name: Install AWStats if 'awstats_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: awstats_installed is undefined
- block:
- name: Install AWStats if 'awstats_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: awstats_installed is undefined
- name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml
- name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml
- name: Add 'awstats' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: awstats
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: AWStats
- option: description
value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."'
- option: awstats_install
value: "{{ awstats_install }}"
- option: awstats_enabled
value: "{{ awstats_enabled }}"
- name: Add 'awstats' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: awstats
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: AWStats
- option: description
value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."'
- option: awstats_install
value: "{{ awstats_install }}"
- option: awstats_enabled
value: "{{ awstats_enabled }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

2
roles/awstats/templates/awstats.schoolserver.conf.j2
View file

@ -261,7 +261,7 @@ AllowToUpdateStatsFromBrowser=1
# 3 - Possible on CLI and CGI
# Default: 2
#
AllowFullYearView=2
AllowFullYearView=3

6
roles/azuracast/README.rst
View file

@ -1,6 +1,6 @@
==========
================
AzuraCast README
==========
================
This playbook adds `AzuraCast <https://azuracast.com/>`_ to Internet-in-a-Box (IIAB) for network radio station functionality. With 'AzuraCast' you and your community can schedule podcasts, music, and even do live streaming of audio content. A variety of streaming formats are supported.
@ -11,7 +11,7 @@ As of 2019-08-04, this will only run on Ubuntu 18.04, and tentatively on Debian
Using It
--------
* Do a normal IIAB install (http://download.iiab.io), making sure to set both variables ``azuracast_install`` and ``azuracast_enabled`` to ``True`` when it prompts you to edit `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_, as you begin the installation.
* Do a normal IIAB install (https://download.iiab.io), making sure to set both variables ``azuracast_install`` and ``azuracast_enabled`` to ``True`` when it prompts you to edit `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_, as you begin the installation.
* When the IIAB software install completes, it will ask you to reboot, and AzuraCast's console will then be available at http://box.lan:10080
* This console site will prompt you to complete AzuraCast's initial setup: user accounts, managing stations, radio streams, etc.
* Finally, check out some `how-to videos <https://www.youtube.com/watch?v=b1Rxlu5P804>`_ to learn to manage your own radio station!

2
roles/calibre-web/tasks/install.yml
View file

@ -51,7 +51,7 @@
# VIRTUALENV EXAMPLE COMMANDS:
# cd /usr/local/calibre-web-py3
# source bin/activate
# python3 -m pip list
# python3 -m pip list ('pip list' probably sufficient, likewise below)
# python3 -m pip freeze > /tmp/requirements.txt
# python3 -m pip install -r requirements.txt
# deactivate

73
roles/calibre-web/tasks/main.yml
View file

@ -19,40 +19,47 @@
quiet: yes
- name: Install Calibre-Web if 'calibreweb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: calibreweb_installed is undefined
- block:
- name: Install Calibre-Web if 'calibreweb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: calibreweb_installed is undefined
- include_tasks: enable-or-disable.yml
- include_tasks: enable-or-disable.yml
- name: Add 'calibre-web' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: calibre-web
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Calibre-Web
- option: description
value: '"Calibre-Web is a web app providing a clean interface for browsing, reading and downloading e-books."'
- option: calibreweb_install
value: "{{ calibreweb_install }}"
- option: calibreweb_enabled
value: "{{ calibreweb_enabled }}"
- option: calibreweb_url1
value: "{{ calibreweb_url1 }}"
- option: calibreweb_url2
value: "{{ calibreweb_url2 }}"
- option: calibreweb_url3
value: "{{ calibreweb_url3 }}"
- option: calibreweb_path
value: "{{ calibreweb_venv_path }}"
- option: calibreweb_home
value: "{{ calibreweb_home }}"
- option: calibreweb_port
value: "{{ calibreweb_port }}"
- option: calibreweb_settings_database
value: "{{ calibreweb_settings_database }}"
- name: Add 'calibre-web' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: calibre-web
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Calibre-Web
- option: description
value: '"Calibre-Web is a web app providing a clean interface for browsing, reading and downloading e-books."'
- option: calibreweb_install
value: "{{ calibreweb_install }}"
- option: calibreweb_enabled
value: "{{ calibreweb_enabled }}"
- option: calibreweb_url1
value: "{{ calibreweb_url1 }}"
- option: calibreweb_url2
value: "{{ calibreweb_url2 }}"
- option: calibreweb_url3
value: "{{ calibreweb_url3 }}"
- option: calibreweb_path
value: "{{ calibreweb_venv_path }}"
- option: calibreweb_home
value: "{{ calibreweb_home }}"
- option: calibreweb_port
value: "{{ calibreweb_port }}"
- option: calibreweb_settings_database
value: "{{ calibreweb_settings_database }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

4
roles/calibre/defaults/main.yml
View file

@ -34,11 +34,11 @@ calibre_userdb: "{{ calibre_dbpath }}/users.sqlite"
# calibre-server --manage-users --userdb /library/calibre/users.sqlite
calibre_sample_book: "Metamorphosis-jackson.epub"
# Must be downloadable from http://download.iiab.io/packages
# Must be downloadable from https://download.iiab.io/packages
calibre_src_url: "https://raw.githubusercontent.com/kovidgoyal/calibre/master/setup/linux-installer.py"
calibre_deb_url: "{{ iiab_download_url }}" # http://download.iiab.io/packages
calibre_deb_url: "{{ iiab_download_url }}" # https://download.iiab.io/packages
# Above URL must offer both .deb files below: (for scripts/calibre-install-pinned-rpi.sh to run)
calibre_deb_pin_version: 3.33.1+dfsg-1 # for calibre_3.33.1+dfsg-1_all.deb (24M, 2018-10-21)
calibre_bin_deb_pin_version: "{{ calibre_deb_pin_version }}" # for calibre-bin_3.33.1+dfsg-1_armhf.deb (706K, 2018-10-23)

29
roles/calibre/tasks/enable-or-disable.yml Normal file
View file

@ -0,0 +1,29 @@
# http://box:8080 & http://box:8080/mobile WORK BUT OTHER URL'S LIKE http://box/calibre ARE A MESS (BOOKS RARELY DISPLAY)
#
# 2018-08-27 POSSIBLE FIX...CONSIDER THIS ProxyPass / ProxyPassReverse TECHNIQUE:
# https://github.com/iiab/iiab/tree/master/roles/calibre-web/templates/calibre-web.conf.j2
# (anyway this works great for calibre-web, allowing http://box/books
# to work even better than http://box:8083 when box == 192.168.0.x !)
#
#- name: Attempt to enable http://box/calibre via Apache (UNTESTED)
# command: a2ensite calibre.conf
# when: apache_installed and calibre_enabled
#
#- name: Attempt to disable http://box/calibre via Apache (UNTESTED)
# command: a2dissite calibre.conf
# when: apache_installed and not calibre_enabled
- name: Enable & (Re)Start 'calibre-serve' service, if calibre_enabled
systemd:
daemon_reload: yes
name: calibre-serve
enabled: yes
state: restarted
when: calibre_enabled
- name: Disable & Stop 'calibre-serve' service, if not calibre_enabled
systemd:
name: calibre-serve
enabled: no
state: stopped
when: not calibre_enabled

86
roles/calibre/tasks/main.yml
View file

@ -19,65 +19,37 @@
quiet: yes
- name: Install Calibre if 'calibre_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: calibre_installed is undefined
- block:
# http://box:8080 & http://box:8080/mobile WORK BUT OTHER URL'S LIKE http://box/calibre ARE A MESS (BOOKS RARELY DISPLAY)
#
# 2018-08-27 POSSIBLE FIX...CONSIDER THIS ProxyPass / ProxyPassReverse TECHNIQUE:
# https://github.com/iiab/iiab/tree/master/roles/calibre-web/templates/calibre-web.conf.j2
# (anyway this works great for calibre-web, allowing http://box/books
# to work even better than http://box:8083 when box == 192.168.0.x !)
#
#- name: Attempt to enable http://box/calibre via Apache (UNTESTED)
# command: a2ensite calibre.conf
# when: apache_installed and calibre_enabled
#
#- name: Attempt to disable http://box/calibre via Apache (UNTESTED)
# command: a2dissite calibre.conf
# when: apache_installed and not calibre_enabled
- name: Install Calibre if 'calibre_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: calibre_installed is undefined
- name: Enable & (Re)Start 'calibre-serve' service, if calibre_enabled
systemd:
daemon_reload: yes
name: calibre-serve
enabled: yes
state: restarted
when: calibre_enabled
- include_tasks: enable-or-disable.yml
- name: Disable & Stop 'calibre-serve' service, if not calibre_enabled
systemd:
name: calibre-serve
enabled: no
state: stopped
when: not calibre_enabled
- name: Add 'calibre' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: calibre
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Calibre
- option: description
value: '"Calibre is an extremely popular personal library system for e-books."'
- option: calibre_src_url
value: "{{ calibre_src_url }}"
- option: calibre_dbpath
value: "{{ calibre_dbpath }}"
- option: calibre_port
value: "{{ calibre_port }}"
- option: calibre_enabled
value: "{{ calibre_enabled }}"
#- name: Enable/Disable/Restart Apache if primary
# include_tasks: apache.yml
# when: not nginx_enabled
#
#- name: Enable/Disable/Restart NGINX if primary
# include_tasks: nginx.yml
# when: nginx_enabled
rescue:
- name: Add 'calibre' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: calibre
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Calibre
- option: description
value: '"Calibre is an extremely popular personal library system for e-books."'
- option: calibre_src_url
value: "{{ calibre_src_url }}"
- option: calibre_dbpath
value: "{{ calibre_dbpath }}"
- option: calibre_port
value: "{{ calibre_port }}"
- option: calibre_enabled
value: "{{ calibre_enabled }}"
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

2
roles/captiveportal/README.md
View file

@ -1,4 +1,4 @@
_Please Also See: http://FAQ.IIAB.IO > ["Captive Portal Administration: What tips & tricks exist?"](http://wiki.laptop.org/go/IIAB/FAQ#Captive_Portal_Administration:_What_tips_.26_tricks_exist.3F)_
_Please Also See: http://FAQ.IIAB.IO > ["Captive Portal Administration: What tips & tricks exist?"](https://wiki.iiab.io/go/FAQ#Captive_Portal_Administration:_What_tips_&_tricks_exist%3F)_
## Theory of Operation

2
roles/captiveportal/tasks/install.yml
View file

@ -26,7 +26,7 @@
mode: "{{ item.mode }}"
with_items:
- { src: roles/captiveportal/templates/checkurls, dest: /opt/iiab/captiveportal/, mode: '0644' }
- { src: roles/captiveportal/templates/iiab-divert-to-nginx, dest: /usr/sbin/, mode: '0755' }
- { src: roles/captiveportal/templates/iiab-divert-to-nginx.j2, dest: /usr/sbin/iiab-divert-to-nginx, mode: '0755' }
- { src: roles/captiveportal/templates/iiab-make-cp-servers.py, dest: /usr/sbin/, mode: '0755' }
- name: Install /opt/iiab/captiveportal/capture-wsgi.py from template, mode '0755' (creates the server)

46
roles/captiveportal/tasks/main.yml
View file

@ -19,27 +19,33 @@
quiet: yes
- name: Install Captive Portal if 'captiveportal_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: captiveportal_installed is undefined
- block:
- name: Install Captive Portal if 'captiveportal_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: captiveportal_installed is undefined
- name: Enable or Disable Captive Portal
include_tasks: enable-or-disable.yml
- include_tasks: enable-or-disable.yml
- name: Add 'captiveportal' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: captiveportal
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Captive Portal
- option: description
value: '"Captive Portal tries to open the browser automatically, so users don''t have to type in URL''s like http://box.lan in support of kiosk-like situations, in multilingual and less literate communities."'
- option: captiveportal_install
value: "{{ captiveportal_install }}"
- option: captiveportal_enabled
value: "{{ captiveportal_enabled }}"
- name: Add 'captiveportal' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: captiveportal
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Captive Portal
- option: description
value: '"Captive Portal tries to open the browser automatically, so users don''t have to type in URL''s like http://box.lan in support of kiosk-like situations, in multilingual and less literate communities."'
- option: captiveportal_install
value: "{{ captiveportal_install }}"
- option: captiveportal_enabled
value: "{{ captiveportal_enabled }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

2
roles/captiveportal/templates/iiab-divert-to-nginx → roles/captiveportal/templates/iiab-divert-to-nginx.j2
View file

@ -1,4 +1,4 @@
#!/bin/bash -x
awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
awk '{print("address=/" $1 "/{{ lan_ip }}")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
echo "#following tells windows 7 that captive portal is active" >> /etc/dnsmasq.d/capture
echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture

2
roles/cups/README.md
View file

@ -2,7 +2,7 @@
[CUPS](https://en.wikipedia.org/wiki/CUPS) (also known as the "Common UNIX Printing System") is the standards-based, open source printing system for Linux and macOS.
It allows your [Internet-in-a-Box (IIAB)](http://internet-in-a-box.org) to act as a print server.
It allows your [Internet-in-a-Box (IIAB)](https://internet-in-a-box.org) to act as a print server.
This can be useful if a printer is attached to your IIAB &mdash; so student/teacher print jobs from client computers and phones can be processed &mdash; and then sent to the appropriate printer.

8
roles/cups/tasks/install.yml
View file

@ -76,14 +76,14 @@
name: cups
state: started
# - name: "Authorize Nearby IP Addresses: Run 'cupsctl --remote-admin --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://172.18.96.1:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf"
# - name: "Authorize Nearby IP Addresses: Run 'cupsctl --remote-admin --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://{{ lan_ip }}:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf"
# command: cupsctl --remote-admin --share-printers --user-cancel-any
# 2021-07-11: BOTH FLAGS *CANNOT* BE USED TOGETHER -- CHOOSE ONE OR THE OTHER:
# (1) '--remote-admin' AS ABOVE, OR (2) '--remote-any' AS BELOW.
# (RUN 'cupsctl' WITHOUT PARAMETERS TO CONFIRM THIS!)
- name: "Authorize All IP Addresses: Run 'cupsctl --remote-any --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://172.18.96.1:631 AND http://10.8.0.y:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf"
- name: "Authorize All IP Addresses: Run 'cupsctl --remote-any --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://{{ lan_ip }}:631 AND http://10.8.0.y:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf"
command: cupsctl --remote-any --share-printers --user-cancel-any
# 2021-07-11: In theory 'cupsctl' stanzas could be put in enable-or-disable.yml
@ -96,7 +96,7 @@
# command: cupsctl --no-remote-admin --no-remote-any --no-share-printers --no-user-cancel-any --no-debug-logging
# when: not cups_enabled
# - name: "2021-07-14: EXPERIMENTALLY ADD DIRECTIVES TO /etc/cups/cupsd.conf followed by 'systemctl restart cups'. As should no longer be nec thanks to NEW cups/templates/cups.conf for /etc/nginx/conf.d/cups.conf (followed by 'systemctl restart nginx'). Which FIXED URL'S LIKE: http://box/print, http://box.lan/print, http://192.168.0.x/print, http://172.18.96.1/print and http://10.8.0.x/print (WITH OR WITHOUT THE TRAILING SLASH!) RECAP: (1) So be it that these 2 URL'S STILL DON'T WORK: http://box:631, http://box.lan:631 (due to CUPS' internal web server's overly stringent hostname checks, i.e. '400 Bad Request' and 'Request from \"localhost\" using invalid Host: field \"box[.lan]:631\".' in /var/log/cups/error_log) -- (2) While these 2 URL'S STILL DO WORK: http://localhost:631, http://127.0.0.1:631 -- (3) Whereas these 3 URL'S MAY WORK, DEPENDING ON 'cupsctl' COMMAND(S) ABOVE: http://192.168.0.x:631, http://172.18.96.1:631, http://10.8.0.x:631"
# - name: "2021-07-14: EXPERIMENTALLY ADD DIRECTIVES TO /etc/cups/cupsd.conf followed by 'systemctl restart cups'. As should no longer be nec thanks to NEW cups/templates/cups.conf for /etc/nginx/conf.d/cups.conf (followed by 'systemctl restart nginx'). Which FIXED URL'S LIKE: http://box/print, http://box.lan/print, http://192.168.0.x/print, http://{{ lan_ip }}/print and http://10.8.0.x/print (WITH OR WITHOUT THE TRAILING SLASH!) RECAP: (1) So be it that these 2 URL'S STILL DON'T WORK: http://box:631, http://box.lan:631 (due to CUPS' internal web server's overly stringent hostname checks, i.e. '400 Bad Request' and 'Request from \"localhost\" using invalid Host: field \"box[.lan]:631\".' in /var/log/cups/error_log) -- (2) While these 2 URL'S STILL DO WORK: http://localhost:631, http://127.0.0.1:631 -- (3) Whereas these 3 URL'S MAY WORK, DEPENDING ON 'cupsctl' COMMAND(S) ABOVE: http://192.168.0.x:631, http://{{ lan_ip }}:631, http://10.8.0.x:631"
# lineinfile:
# path: /etc/cups/cupsd.conf
# line: "{{ item }}"
@ -105,7 +105,7 @@
# - "HostNameLookups On" # More False Leads: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530027
# - "ServerAlias *"
# - "#ServerName {{ iiab_hostname }}.{{ iiab_domain }}" # box.lan
# - "#Listen {{ lan_ip }}:631" # 172.18.96.1
# - "#Listen {{ lan_ip }}:631" # e.g. 10.10.10.10
# - "#Listen 127.0.0.1:631"
# - "#Listen 0.0.0.0:631"
# - "#Listen *:631"

2
roles/cups/templates/cups.conf.j2
View file

@ -21,7 +21,7 @@ location ~ ^/print(|/.*)$ { # '~' -> '~*' for case-insensitive regex
return 301 http://localhost:631;
}
return 301 http://$host:631; # For 192.168.0.x, 172.18.96.1, 10.8.0.y ETC
return 301 http://$host:631; # For 192.168.0.x, 10.10.10.10, 172.18.96.1, 10.8.0.y ETC
}

18
roles/firmware/tasks/download.yml
View file

@ -9,19 +9,19 @@
- brcmfmac43455-sdio.clm_blob
ignore_errors: yes
- name: Download higher-capacity firmware (for RPi internal WiFi, per https://github.com/iiab/iiab/issues/823#issuecomment-662285202 and https://github.com/iiab/iiab/issues/2853)
- name: Download higher-capacity firmwares (for RPi internal WiFi, per https://github.com/iiab/iiab/issues/823#issuecomment-662285202 and https://github.com/iiab/iiab/issues/2853)
get_url:
url: "{{ item }}"
url: "{{ iiab_download_url }}/{{ item }}"
dest: /lib/firmware/brcm/
timeout: "{{ download_timeout }}"
with_items:
- http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2021-11-30_minimal # 19 -- from https://github.com/RPi-Distro/firmware-nonfree/blob/feeeda21e930c2e182484e8e1269b61cca2a8451/debian/config/brcm80211/cypress/cyfmac43455-sdio-minimal.bin
- http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2021-10-05_3rd-trial-minimal # 24 -- from https://github.com/iiab/iiab/issues/2853#issuecomment-934293015
- http://d.iiab.io/packages/brcmfmac43455-sdio.clm_blob_2021-11-17_rpi # Works w/ both above -- from https://github.com/RPi-Distro/firmware-nonfree/blob/dc406650e840705957f8403efeacf71d2d7543b3/debian/config/brcm80211/cypress/cyfmac43455-sdio.clm_blob
- http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1 # 32 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202
- http://d.iiab.io/packages/brcmfmac43455-sdio.clm_blob_2018-02-26_rpi
- http://d.iiab.io/packages/brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65 # 30 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202
- http://d.iiab.io/packages/brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65
- brcmfmac43455-sdio.bin_2021-11-30_minimal # 19 -- from https://github.com/RPi-Distro/firmware-nonfree/blob/feeeda21e930c2e182484e8e1269b61cca2a8451/debian/config/brcm80211/cypress/cyfmac43455-sdio-minimal.bin
- brcmfmac43455-sdio.bin_2021-10-05_3rd-trial-minimal # 24 -- from https://github.com/iiab/iiab/issues/2853#issuecomment-934293015
- brcmfmac43455-sdio.clm_blob_2021-11-17_rpi # Works w/ both above -- from https://github.com/RPi-Distro/firmware-nonfree/blob/dc406650e840705957f8403efeacf71d2d7543b3/debian/config/brcm80211/cypress/cyfmac43455-sdio.clm_blob
- brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1 # 32 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202
- brcmfmac43455-sdio.clm_blob_2018-02-26_rpi
- brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65 # 30 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202
- brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65
# RECORD firmware AS DOWNLOADED

16
roles/gitea/tasks/nginx.yml → roles/gitea/tasks/enable-or-disable.yml
View file

@ -1,3 +1,19 @@
- name: Enable & Restart 'gitea' systemd service, if gitea_enabled
systemd:
name: gitea
daemon_reload: yes
enabled: yes
state: restarted
when: gitea_enabled
- name: Disable & Stop 'gitea' systemd service, if not gitea_enabled
systemd:
name: gitea
enabled: no
state: stopped
when: not gitea_enabled
- name: Enable http://box{{ gitea_url }} via NGINX, by installing {{ nginx_conf_dir }}/gitea-nginx.conf from template
template:
src: gitea-nginx.conf.j2

67
roles/gitea/tasks/main.yml
View file

@ -19,46 +19,37 @@
quiet: yes
- name: Install Gitea {{ gitea_version }} if 'gitea_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: gitea_installed is undefined
- block:
- name: Install Gitea {{ gitea_version }} if 'gitea_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: gitea_installed is undefined
- name: Enable & Restart 'gitea' systemd service, if gitea_enabled
systemd:
name: gitea
daemon_reload: yes
enabled: yes
state: restarted
when: gitea_enabled
- include_tasks: enable-or-disable.yml
- name: Disable & Stop 'gitea' systemd service, if not gitea_enabled
systemd:
name: gitea
enabled: no
state: stopped
when: not gitea_enabled
- name: Add 'gitea' to list of services at {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: gitea
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Gitea
- option: description
value: '"Gitea is like GitHub for more offline communities: Git with a cup of tea"'
- option: gitea_install
value: "{{ gitea_install }}"
- option: gitea_enabled
value: "{{ gitea_enabled }}"
- option: gitea_run_directory
value: "{{ gitea_run_directory }}"
- option: gitea_url
value: "{{ gitea_url }}"
- name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml
rescue:
- name: Add 'gitea' to list of services at {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: gitea
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Gitea
- option: description
value: '"Gitea is like GitHub for more offline communities: Git with a cup of tea"'
- option: gitea_install
value: "{{ gitea_install }}"
- option: gitea_enabled
value: "{{ gitea_enabled }}"
- option: gitea_run_directory
value: "{{ gitea_run_directory }}"
- option: gitea_url
value: "{{ gitea_url }}"
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

10
roles/iiab-admin/README.rst
View file

@ -13,7 +13,7 @@
iiab-admin README
=================
`Internet-in-a-Box <http://internet-in-a-box.org>`_ (IIAB) encourages you to pay attention to the security of your learning community.
`Internet-in-a-Box <https://internet-in-a-box.org>`_ (IIAB) encourages you to pay attention to the security of your learning community.
This Ansible playbook is one of the very first that runs when you install IIAB, and we hope reading this helps you understand your choices:
@ -21,11 +21,11 @@ Configure user 'iiab-admin'
---------------------------
* `admin-user.yml <tasks/admin-user.yml>`_ configures a Linux user that will give you access to IIAB's Admin Console (http://box.lan/admin) after IIAB is installed — and can also help you at the command-line with IIAB community support commands like {iiab-diagnostics, iiab-hotspot-on, iiab-check-firmware, etc}.
* If initial creation of the user and password was somehow not already taken care of by IIAB's 1-line installer (http://download.iiab.io) or by your underlying OS, that too will be taken care of here.
* If initial creation of the user and password was somehow not already taken care of by IIAB's 1-line installer (https://download.iiab.io) or by your underlying OS, that too will be taken care of here.
* By default this user is ``iiab-admin`` with password ``g0adm1n``
* *Do change the default password if you haven't yet, by running:* **sudo passwd iiab-admin**
* After IIAB is installed, you can also change the password by logging into Admin Console (http://box.lan/admin) > Utilities > Change Password.
* If you prefer to use a pre-existing user like ``pi`` or ``ubuntu`` (or any other username) customize the variable ``iiab_admin_user`` in your `/etc/iiab/local_vars.yml <http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_ (preferably do this prior to installing IIAB!)
* If you prefer to use a pre-existing user like ``pi`` or ``ubuntu`` (or any other username) customize the variable ``iiab_admin_user`` in your `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ (preferably do this prior to installing IIAB!)
* You can set ``iiab_admin_can_sudo: False`` if you want a strict security lockdown (if you're really sure you won't need IIAB community support commands like `/usr/bin/iiab-diagnostics <../../scripts/iiab-diagnostics.README.md>`_, `/usr/bin/iiab-hotspot-on <../network/templates/network/iiab-hotspot-on>`_, `iiab-check-firmware <../firmware/templates/iiab-check-firmware>`_, etc!)
* You can also set ``iiab_admin_user_install: False`` if you're sure you know how to do all this `account and sudo configuration <tasks/admin-user.yml>`_ manually.
@ -36,14 +36,14 @@ Security
#. ``iiab-admin`` (specified by ``admin_console_group`` in `/opt/iiab/iiab/vars/default_vars.yml <../../vars/default_vars.yml>`_ and `/opt/iiab/iiab-admin-console/vars/default_vars.yml <https://github.com/iiab/iiab-admin-console/blob/master/vars/default_vars.yml>`_)
#. ``sudo``
* Please read much more about what escalated (root) actions are authorized when you log into IIAB's Admin Console, and how this works: https://github.com/iiab/iiab-admin-console/blob/master/Authentication.md
* If your IIAB includes OpenVPN, ``/root/.ssh/authorized_keys`` should be installed by `roles/openvpn/tasks/install.yml <../openvpn/tasks/install.yml>`_ to facilitate remote community support. Feel free to remove this as mentioned here: http://wiki.laptop.org/go/IIAB/Security
* If your IIAB includes OpenVPN, ``/root/.ssh/authorized_keys`` should be installed by `roles/openvpn/tasks/install.yml <../openvpn/tasks/install.yml>`_ to facilitate remote community support. Feel free to remove this as mentioned here: https://wiki.iiab.io/go/Security
* Auto-checking for the default/published password (as specified by ``iiab_admin_published_pwd`` in `/opt/iiab/iiab/vars/default_vars.yml <../../vars/default_vars.yml>`_) is implemented in `/etc/profile.d <templates/sshpwd-profile-iiab.sh>`_ (and `/etc/xdg/lxsession/LXDE-pi <templates/sshpwd-lxde-iiab.sh>`_ when it exists, i.e. on Raspberry Pi OS with desktop).
Example
=======
* If you later change your mind about ``sudo`` privileges for user 'iiab-admin' (as specified by ``iiab_admin_user``) then do this:
#. Go ahead and change the value of ``iiab_admin_can_sudo`` (to either True or False) in `/etc/iiab/local_vars.yml <http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_
#. Go ahead and change the value of ``iiab_admin_can_sudo`` (to either True or False) in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_
#. Make sure that ``iiab_admin_user_install: True`` is also set.
#. Then re-run this Ansible playbook, by running ``cd /opt/iiab/iiab`` followed by ``sudo ./runrole --reinstall iiab-admin``

2
roles/iiab-admin/tasks/main.yml
View file

@ -23,7 +23,7 @@
# (1) by the OS installer
# (2) by the OS's graphical desktop tools
# (3) at the command-line: sudo passwd iiab-admin
# (4) by IIAB's 1-line installer: http://download.iiab.io
# (4) by IIAB's 1-line installer: https://download.iiab.io
# (5) by this role: roles/iiab-admin/tasks/admin-user.yml
# (6) by IIAB's Admin Console during installation
# ...and/or...

2
roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2
View file

@ -19,7 +19,7 @@ check_user_pwd() {
# enough when user does not exist. Or uncomment to FORCE ERROR CODE 2.
# Either way, overall bash script still returns exit code 0 ("success")
# sudo works below (unlike in sshpwd-profile-iiab.sh) b/c RaspiOS ships w/
# sudo works below (unlike in sshpwd-profile-iiab.sh) b/c RasPiOS ships w/
# /etc/sudoers.d/010_pi-nopasswd containing "pi ALL=(ALL) NOPASSWD: ALL"
# (read access to /etc/shadow is otherwise restricted to just root and
# group www-data i.e. Apache, NGINX get special access). SEE: #2431, #2561

4
roles/internetarchive/README.md
View file

@ -8,7 +8,7 @@ Access to our library of millions of books, journals, audio and video recordings
This Ansible role installs the Internet Archive's dweb-mirror project on
Internet-in-a-Box (IIAB). Use this to build up a dynamic offline library
arising from the materials you can explore at http://dweb.archive.org
arising from the materials you can explore at https://dweb.archive.org
The Offline Internet Archive server:
@ -248,7 +248,7 @@ and just checks the content is up to date.
## Managing collections on Internet Archive
You can create and manage your own collections on the [Internet Archive site](http://www.archive.org).
You can create and manage your own collections on the [Internet Archive site](https://www.archive.org).
Other people can then crawl those collections.
First get in touch with Mitra Ardron at `mitra@archive.org`, as processes may have changed since this is written.

16
roles/internetarchive/tasks/nginx.yml → roles/internetarchive/tasks/enable-or-disable.yml
View file

@ -1,3 +1,19 @@
- name: Enable & Restart 'internetarchive' systemd service, if internetarchive_enabled
systemd:
name: internetarchive
daemon_reload: yes
enabled: yes
state: restarted
when: internetarchive_enabled
- name: Disable & Stop 'internetarchive' systemd service, if not internetarchive_enabled
systemd:
name: internetarchive
enabled: no
state: stopped
when: not internetarchive_enabled
- name: Enable http://box/archive via NGINX, by installing {{ nginx_conf_dir }}/internetarchive-nginx.conf from template
template:
src: internetarchive-nginx.conf.j2 # TO DO: roles/internetarchive/templates/internetarchive-nginx.conf.j2

94
roles/internetarchive/tasks/main.yml
View file

@ -19,76 +19,60 @@
quiet: yes
# 2020-02-11: @mitra42 & @holta agree (#2247) that the following 2-stanza
# "UPDATE internetarchive" block should run whenever one isn't installing
# (or reinstalling) internetarchive, for now. We're aware this means slowness
# during "./runrole internetarchive" but that's very intentional for now -- as
# it leads to more testing of more recent versions of internetarchive, which
# is strongly desired. Finally, these current norms can and probably will be
# changed in future, when broader IIAB norms develop around "./runrole
# --upgrade internetarchive" or "./runrole --update internetarchive" or such,
# as may evolve @ https://github.com/iiab/iiab/pull/2238#discussion_r376168178
- block:
- block: # BEGIN 2-STANZA BLOCK
# 2020-02-11: @mitra42 & @holta agree (#2247) that the following 2-stanza
# "UPDATE internetarchive" portion should run whenever one isn't installing
# (or reinstalling) internetarchive, for now. We're aware this means slowness
# during "./runrole internetarchive" but that's very intentional for now -- as
# it leads to more testing of more recent versions of internetarchive, which
# is strongly desired. Finally, these current norms can and probably will be
# changed in future, when broader IIAB norms develop around "./runrole
# --upgrade internetarchive" or "./runrole --update internetarchive" or such,
# as may evolve @ https://github.com/iiab/iiab/pull/2238#discussion_r376168178
- name: "UPGRADE: Stop 'internetarchive' systemd service, if internetarchive_installed is defined"
systemd:
name: internetarchive
daemon_reload: yes
state: stopped
when: internetarchive_installed is defined
- name: "UPGRADE: Run 'yarn upgrade' in {{ internetarchive_dir }}, if internetarchive_installed is defined"
shell: yarn config set child-concurrency 1 && yarn install && yarn upgrade
args:
chdir: "{{ internetarchive_dir }}"
when: internetarchive_installed is defined
when: internetarchive_installed is defined # END 2-STANZA BLOCK
# "ELSE" INSTALL...
# "ELSE" INSTALL...
- name: Install Internet Archive if 'internetarchive_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: internetarchive_installed is undefined
- name: Install Internet Archive if 'internetarchive_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: internetarchive_installed is undefined
# ENABLE/DISABLE/RESTART SYSTEMD SERVICE & WEB SERVERS AS NEC ?
- name: Enable & Restart 'internetarchive' systemd service, if internetarchive_enabled
systemd:
name: internetarchive
daemon_reload: yes
enabled: yes
state: restarted
when: internetarchive_enabled
- name: Disable & Stop 'internetarchive' systemd service, if not internetarchive_enabled
systemd:
name: internetarchive
enabled: no
state: stopped
when: not internetarchive_enabled
# - name: Enable/Disable/Restart Apache if primary
# include_tasks: apache.yml
# when: apache_installed is defined and not nginx_enabled
- name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml
#when: nginx_enabled
- include_tasks: enable-or-disable.yml
- name: Add 'internetarchive' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: internetarchive
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Internet Archive
- option: description
value: '"Take the Internet Archive experience and materials offline, in a decentralized way!"'
- option: internetarchive_install
value: "{{ internetarchive_install }}"
- option: internetarchive_enabled
value: "{{ internetarchive_enabled }}"
- name: Add 'internetarchive' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: internetarchive
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Internet Archive
- option: description
value: '"Take the Internet Archive experience and materials offline, in a decentralized way!"'
- option: internetarchive_install
value: "{{ internetarchive_install }}"
- option: internetarchive_enabled
value: "{{ internetarchive_enabled }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

2
roles/jupyterhub/README.md
View file

@ -74,4 +74,4 @@ _WARNING: If on login users see "500 : Internal Server Error", you may need to r
While PAWS is a little bit off topic, if you have an interest in Wikipedia, please do see this 23m 42s video ["Intro to PAWS/Jupyter notebooks for Python beginners"](https://www.youtube.com/watch?v=AUZkioRI-aA&list=PLeoTcBlDanyNQXBqI1rVXUqUTSSiuSIXN&index=8) by Chico Venancio, from 2021-06-01.
He explains PAWS as a "powerful Python execution environment http://paws.wmcloud.org [allowing] ordinary folks to write interactive scripts to work with Wikimedia content."
He explains PAWS as a "powerful Python execution environment https://paws.wmcloud.org = https://wikitech.wikimedia.org/wiki/PAWS [allowing] ordinary folks to write interactive scripts to work with Wikimedia content."

53
roles/jupyterhub/tasks/install.yml
View file

@ -33,21 +33,33 @@
global: yes
state: latest
- name: "pip install 7 packages into virtual environment: {{ jupyterhub_venv }} (~217 MB)"
- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~304 MB total, after 2 Ansible calls)"
pip:
name:
- pip
- wheel
- ipywidgets
- jupyterhub
virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub
virtualenv_site_packages: no
virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below
#virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2)
extra_args: "--no-cache-dir" # 2021-11-30, 2022-07-07: The "--pre" flag had earlier been needed, for beta-like pre-releases of JupyterHub 2.0.0
# 2022-07-07: Attempting to "pip install" all 7 together (3 above + 4 below)
# fails on OS's like 64-bit RasPiOS (but interestingly works on Ubuntu 22.04!)
# https://github.com/iiab/iiab/issues/3283
- name: Break up jupyterhub/jupyterlab pip installs into 2 parts (3 packages above + 4 packages here) due to mutual dependency deadlock on some OS's
pip:
name:
- jupyterlab
- jupyterhub_firstuseauthenticator
- jupyterhub-systemdspawner
virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub
- ipywidgets
virtualenv: "{{ jupyterhub_venv }}"
virtualenv_site_packages: no
virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2021-07-29: This works on RaspiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below
#virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2)
extra_args: "--no-cache-dir --pre" # 2021-11-30: The "--pre" flag should likely be removed after JupyterHub 2.0.0 is released.
virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}"
extra_args: "--no-cache-dir"
- name: "Install from template: {{ jupyterhub_venv }}/etc/jupyterhub/jupyterhub_config.py"
template:
@ -59,20 +71,21 @@
src: jupyterhub.service.j2
dest: /etc/systemd/system/jupyterhub.service
- name: Install {{ jupyterhub_venv }}/bin/getsite.py from template, to fetch site_packages path, e.g. {{ jupyterhub_venv }}/lib/python{{ python_ver }}/site-packages
template:
src: getsite.py.j2
dest: "{{ jupyterhub_venv }}/bin/getsite.py"
mode: 0755
- name: Install patch_FUA.sh from template -- to (1) fix async password-changing page, and (2) force usernames to lowercase -- patching $SITE_PACKAGES/firstuseauthenticator/firstuseauthenticator.py
template:
src: patch_FUA.sh.j2
dest: "{{ jupyterhub_venv }}/bin/patch_FUA.sh"
mode: 0755
- name: "Run the above two, via: {{ jupyterhub_venv }}/bin/patch_FUA.sh"
command: "{{ jupyterhub_venv }}/bin/patch_FUA.sh"
# 2022-07-07: No longer needed, thx to upstream fixes
# - name: Install {{ jupyterhub_venv }}/bin/getsite.py from template, to fetch site_packages path, e.g. {{ jupyterhub_venv }}/lib/python{{ python_ver }}/site-packages
# template:
# src: getsite.py.j2
# dest: "{{ jupyterhub_venv }}/bin/getsite.py"
# mode: 0755
#
# - name: Install patch_FUA.sh from template -- to (1) fix async password-changing page, and (2) force usernames to lowercase -- patching $SITE_PACKAGES/firstuseauthenticator/firstuseauthenticator.py
# template:
# src: patch_FUA.sh.j2
# dest: "{{ jupyterhub_venv }}/bin/patch_FUA.sh"
# mode: 0755
#
# - name: "Run the above two, via: {{ jupyterhub_venv }}/bin/patch_FUA.sh"
# command: "{{ jupyterhub_venv }}/bin/patch_FUA.sh"
- name: Install patch_http-warning.sh from template, to turn off the warning about http insecurity, in {{ jupyterhub_venv }}/share/jupyterhub/templates/login.html
template:

45
roles/jupyterhub/tasks/main.yml
View file

@ -19,26 +19,33 @@
quiet: yes
- name: Install Jupyter if jupyterhub_installed not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: jupyterhub_installed is undefined
- block:
- name: Install Jupyter if jupyterhub_installed not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: jupyterhub_installed is undefined
- include_tasks: enable-or-disable.yml
- include_tasks: enable-or-disable.yml
- name: Add 'jupyterhub' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: jupyterhub
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: JupyterHub
- option: description
value: '"High Schools may want to consider JupyterHub to integrate coding with dynamic interactive graphing — A New Way to Think About Programming — allowing students to integrate science experiment results and program output within their notebook/document/blog."'
- option: jupyterhub_install
value: "{{ jupyterhub_install }}"
- option: jupyterhub_enabled
value: "{{ jupyterhub_enabled }}"
- name: Add 'jupyterhub' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: jupyterhub
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: JupyterHub
- option: description
value: '"High Schools may want to consider JupyterHub to integrate coding with dynamic interactive graphing — A New Way to Think About Programming — allowing students to integrate science experiment results and program output within their notebook/document/blog."'
- option: jupyterhub_install
value: "{{ jupyterhub_install }}"
- option: jupyterhub_enabled
value: "{{ jupyterhub_enabled }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

0
roles/jupyterhub/templates/getsite.py.j2 → roles/jupyterhub/templates/getsite.py.j2.unused
View file

0
roles/jupyterhub/templates/patch_FUA.sh.j2 → roles/jupyterhub/templates/patch_FUA.sh.j2.unused
View file

14
roles/kalite/tasks/enable-or-disable.yml Normal file
View file

@ -0,0 +1,14 @@
- name: Enable & (Re)Start 'kalite-serve' service, if kalite_enabled
systemd:
daemon_reload: yes
name: kalite-serve
enabled: yes
state: restarted
when: kalite_enabled
- name: Disable & Stop 'kalite-serve' service, if not kalite_enabled
systemd:
name: kalite-serve
enabled: no
state: stopped
when: not kalite_enabled

2
roles/kalite/tasks/install.yml
View file

@ -65,7 +65,7 @@
replace: 'a-zA-Z0-9\-'
when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19)
# 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already.
# JV: why not just is_ubuntu_20? AH: to make this work on Ubuntu 21+ and ideally Debian/RaspiOS 11+ too?
# JV: why not just is_ubuntu_20? AH: to make this work on Ubuntu 21+ and ideally Debian/RasPiOS 11+ too?
- name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes, if Raspbian/Debian < 11 or Ubuntu < 20
replace:

64
roles/kalite/tasks/main.yml
View file

@ -19,43 +19,37 @@
quiet: yes
- name: Install KA Lite if 'kalite_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: kalite_installed is undefined
- block:
- name: Install KA Lite if 'kalite_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: kalite_installed is undefined
- name: Enable & (Re)Start 'kalite-serve' service, if kalite_enabled
systemd:
daemon_reload: yes
name: kalite-serve
enabled: yes
state: restarted
when: kalite_enabled
- include_tasks: enable-or-disable.yml
- name: Disable & Stop 'kalite-serve' service, if not kalite_enabled
systemd:
name: kalite-serve
enabled: no
state: stopped
when: not kalite_enabled
- name: Add 'kalite' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: kalite
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: "KA Lite"
- option: description
value: '"KA Lite downloads Khan Academy videos for offline use, with exercises and accounts if students want to track their own progress."'
- option: kalite_install
value: "{{ kalite_install }}"
- option: kalite_enabled
value: "{{ kalite_enabled }}"
- option: path
value: "{{ kalite_root }}"
- option: port
value: "{{ kalite_server_port }}"
rescue:
- name: Add 'kalite' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: kalite
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: "KA Lite"
- option: description
value: '"KA Lite downloads Khan Academy videos for offline use, with exercises and accounts if students want to track their own progress."'
- option: kalite_install
value: "{{ kalite_install }}"
- option: kalite_enabled
value: "{{ kalite_enabled }}"
- option: path
value: "{{ kalite_root }}"
- option: port
value: "{{ kalite_server_port }}"
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

6
roles/kiwix/defaults/main.yml
View file

@ -22,9 +22,9 @@
kiwix_library_xml: "{{ iiab_zim_path }}/library.xml"
# 3 lines below specify which version(s) of kiwix-tools to download from...
# http://download.iiab.io/packages/ ...as originally obtained from...
# http://download.kiwix.org/release/kiwix-tools/ ...or sometimes...
# http://download.kiwix.org/nightly/
# https://download.iiab.io/packages/ ...as originally obtained from...
# https://download.kiwix.org/release/kiwix-tools/ ...or sometimes...
# https://download.kiwix.org/nightly/
kiwix_version_armhf: kiwix-tools_linux-armhf-3.3.0
kiwix_version_linux64: kiwix-tools_linux-x86_64-3.3.0

2
roles/kiwix/tasks/install.yml
View file

@ -34,7 +34,7 @@
- name: Download {{ iiab_download_url }}/{{ kiwix_src_file }} to /opt/iiab/downloads
get_url:
url: "{{ iiab_download_url }}/{{ kiwix_src_file }}" # http://download.iiab.io/packages
url: "{{ iiab_download_url }}/{{ kiwix_src_file }}" # https://download.iiab.io/packages
dest: "{{ downloads_dir }}/{{ kiwix_src_file }}" # /opt/iiab/downloads
timeout: "{{ download_timeout }}"

69
roles/kiwix/tasks/main.yml
View file

@ -19,38 +19,45 @@
quiet: yes
- name: Install Kiwix if 'kiwix_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: kiwix_installed is undefined
- block:
- name: Install Kiwix if 'kiwix_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: kiwix_installed is undefined
- include_tasks: enable-or-disable.yml
- include_tasks: enable-or-disable.yml
- name: Add 'kiwix' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}"
section: kiwix
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Kiwix
- option: description
value: '"Part of https://github.com/kiwix/kiwix-tools/ -- kiwix-serve is the most used web server for ZIM files."'
- option: kiwix_install
value: "{{ kiwix_install }}"
- option: kiwix_enabled
value: "{{ kiwix_enabled }}"
- option: kiwix_url
value: "{{ kiwix_url }}"
- option: kiwix_url_plus_slash
value: "{{ kiwix_url_plus_slash }}"
- option: kiwix_path
value: "{{ kiwix_path }}"
- option: kiwix_port
value: "{{ kiwix_port }}"
- option: iiab_zim_path
value: "{{ iiab_zim_path }}"
- option: kiwix_library_xml
value: "{{ kiwix_library_xml }}"
- name: Add 'kiwix' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}"
section: kiwix
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Kiwix
- option: description
value: '"Part of https://github.com/kiwix/kiwix-tools/ -- kiwix-serve is the most used web server for ZIM files."'
- option: kiwix_install
value: "{{ kiwix_install }}"
- option: kiwix_enabled
value: "{{ kiwix_enabled }}"
- option: kiwix_url
value: "{{ kiwix_url }}"
- option: kiwix_url_plus_slash
value: "{{ kiwix_url_plus_slash }}"
- option: kiwix_path
value: "{{ kiwix_path }}"
- option: kiwix_port
value: "{{ kiwix_port }}"
- option: iiab_zim_path
value: "{{ iiab_zim_path }}"
- option: kiwix_library_xml
value: "{{ kiwix_library_xml }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

67
roles/kolibri/tasks/main.yml
View file

@ -19,37 +19,46 @@
quiet: yes
#- name: "Set 'kolibri_provision: False' for a more lightweight (re)install"
# set_fact:
# kolibri_provision: False
# when: ???
- block:
- name: Install Kolibri, if 'kolibri_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: kolibri_installed is undefined
#- name: "Set 'kolibri_provision: False' for a more lightweight (re)install"
# set_fact:
# kolibri_provision: False
# when: ???
- name: Install Kolibri, if 'kolibri_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: kolibri_installed is undefined
- include_tasks: enable-or-disable.yml
- include_tasks: enable-or-disable.yml
- name: Add 'kolibri' variable values to {{ iiab_ini_file }} # /etc/iiab/iiab.ini
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: kolibri
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Kolibri
- option: description
value: '"Kolibri is an open-source educational platform specially designed to provide offline access to a wide range of quality, openly licensed educational contents in low-resource contexts like rural schools, refugee camps, orphanages, and also in non-formal school programs."'
- option: kolibri_install
value: "{{ kolibri_install }}"
- option: kolibri_enabled
value: "{{ kolibri_enabled }}"
- option: kolibri_url
value: "{{ kolibri_url }}"
- option: kolibri_path
value: "{{ kolibri_exec_path }}"
- option: kolibri_port
value: "{{ kolibri_http_port }}"
- name: Add 'kolibri' variable values to {{ iiab_ini_file }} # /etc/iiab/iiab.ini
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: kolibri
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Kolibri
- option: description
value: '"Kolibri is an open-source educational platform specially designed to provide offline access to a wide range of quality, openly licensed educational contents in low-resource contexts like rural schools, refugee camps, orphanages, and also in non-formal school programs."'
- option: kolibri_install
value: "{{ kolibri_install }}"
- option: kolibri_enabled
value: "{{ kolibri_enabled }}"
- option: kolibri_url
value: "{{ kolibri_url }}"
- option: kolibri_path
value: "{{ kolibri_exec_path }}"
- option: kolibri_port
value: "{{ kolibri_http_port }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

2
roles/kolibri/templates/kolibri.service.j2
View file

@ -10,7 +10,7 @@ Environment=KOLIBRI_HTTP_PORT={{ kolibri_http_port }}
Environment=KOLIBRI_URL_PATH_PREFIX={{ kolibri_url_without_slash }}
User={{ kolibri_user }}
Group={{ apache_user }}
# 2020-10-03: Kolibri was timing out on RaspiOS & Ubuntu 20 NUC: iiab/iiab#2555
# 2020-10-03: Kolibri was timing out on RasPiOS & Ubuntu 20 NUC: iiab/iiab#2555
TimeoutStartSec=1200
# The following is the systemd default, which is too much for most teachers in
# low-electricity environments (30-60 sec is about all they can handle before

6
roles/lokole/README.rst
View file

@ -17,9 +17,9 @@ For an up-to-date list of supported languages, refer to the `Lokole translations
Using It
--------
If your IIAB was `installed <http://wiki.laptop.org/go/IIAB/FAQ#Is_a_quick_installation_possible.3F>`_ with the Lokole web app[*] it can be accessed at http://box/lokole
If your IIAB was `installed <https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible%3F>`_ with the Lokole web app[*] it can be accessed at http://box/lokole
[*] If you're not sure, verify that your IIAB's `/etc/iiab/local_vars.yml <http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_ contains ``lokole_install: True`` and ``lokole_enabled: True``
[*] If you're not sure, verify that your IIAB's `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ contains ``lokole_install: True`` and ``lokole_enabled: True``
By default in an offline community, ``lokole_sim_type: LocalOnly`` is set (e.g. instead of ``lokole_sim_type: Ethernet``) and email addresses will look like:
@ -85,7 +85,7 @@ The Lokole software can be configured to access the Internet via USB modem, SIM
If configured to work with a USB modem or other form of Internet connection, Lokole will sync with the cloud server (operated by `Ascoderu <https://ascoderu.ca/>`_) on a nightly basis to deliver and receive emails globally. *However, arranging this is extremely complicated.* You would need a compatible form of connection and an Internet expert familiar with modem protocols, MX records, etc. Ask that person to read the `Lokole software README <https://github.com/ascoderu/lokole/blob/master/README.rst>`_ in its entirety, to help you understand whether this is realistic for your organization.
Lokole and Internet-in-a-Box would welcome a business plan (whether volunteer-based, grant-based or for-profit) from someone willing to operationalize this — making it relatively hassle-free for schools, clinics, libraries and orphanages around the world — that generally do not have access to technical experts. Please `contact us <http://wiki.laptop.org/go/IIAB/FAQ#What_are_the_best_places_for_community_support.3F>`_ if you have the capacity to help make such a social enterprise happen.
Lokole and Internet-in-a-Box would welcome a business plan (whether volunteer-based, grant-based or for-profit) from someone willing to operationalize this — making it relatively hassle-free for schools, clinics, libraries and orphanages around the world — that generally do not have access to technical experts. Please `contact us <https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support%3F>`_ if you have the capacity to help make such a social enterprise happen.
Troubleshooting
---------------

95
roles/lokole/tasks/main.yml
View file

@ -19,53 +19,62 @@
quiet: yes
- name: Install Lokole if lokole_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: lokole_installed is undefined
- block:
- name: Install Lokole if lokole_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: lokole_installed is undefined
- name: Do a 'systemctl daemon-reload'
systemd:
daemon_reload: yes
when: lokole_enabled
- name: Do a 'systemctl daemon-reload'
systemd:
daemon_reload: yes
when: lokole_enabled
- name: Enable & Restart supervisor systemd service, if lokole_enabled
systemd:
name: supervisor
enabled: yes
state: restarted
when: lokole_enabled
- name: Enable & Restart supervisor systemd service, if lokole_enabled
systemd:
name: supervisor
enabled: yes
state: restarted
when: lokole_enabled
- name: Disable & Stop supervisor systemd service, if not lokole_enabled
systemd:
name: supervisor
enabled: no
state: stopped
when: not lokole_enabled
- name: Disable & Stop supervisor systemd service, if not lokole_enabled
systemd:
name: supervisor
enabled: no
state: stopped
when: not lokole_enabled
- name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml
- name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml
- name: Add 'lokole' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: lokole
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Lokole
- option: description
value: '"Lokole is an email service that works offline, for rural communities. With a 3G/4G modem, you can arrange to batch-upload / batch-download emails once per night -- for almost no cost at all -- depending on mobile data plans in your country."'
#value: '"Lokole is an email service that works offline, for rural communities. In some cases, emails can also be transmitted to/from the Internet, taking advantage of discounted mobile data rates."'
- option: lokole_install
value: "{{ lokole_install }}"
- option: lokole_enabled
value: "{{ lokole_enabled }}"
- option: lokole_settings
value: "{{ lokole_settings }}"
- option: lokole_url
value: "{{ lokole_url }}"
- option: lokole_full_url
value: "{{ lokole_full_url }}"
- name: Add 'lokole' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: lokole
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Lokole
- option: description
value: '"Lokole is an email service that works offline, for rural communities. With a 3G/4G modem, you can arrange to batch-upload / batch-download emails once per night -- for almost no cost at all -- depending on mobile data plans in your country."'
#value: '"Lokole is an email service that works offline, for rural communities. In some cases, emails can also be transmitted to/from the Internet, taking advantage of discounted mobile data rates."'
- option: lokole_install
value: "{{ lokole_install }}"
- option: lokole_enabled
value: "{{ lokole_enabled }}"
- option: lokole_settings
value: "{{ lokole_settings }}"
- option: lokole_url
value: "{{ lokole_url }}"
- option: lokole_full_url
value: "{{ lokole_full_url }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

2
roles/mediawiki/defaults/main.yml
View file

@ -5,7 +5,7 @@
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
mediawiki_major_version: 1.38 # "1.35" also works
mediawiki_minor_version: 1
mediawiki_minor_version: 2
mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}"
mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}"

71
roles/mediawiki/tasks/main.yml
View file

@ -19,39 +19,46 @@
quiet: yes
- name: Install MediaWiki {{ mediawiki_version }} if 'mediawiki_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: mediawiki_installed is undefined
- block:
- name: Install MediaWiki {{ mediawiki_version }} if 'mediawiki_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: mediawiki_installed is undefined
- name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml
- name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml
- name: Add 'mediawiki' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: mediawiki
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: MediaWiki
- option: description
value: '"MediaWiki is a blog and web site management application, from the people who create Wikipedia."'
- option: mediawiki_install
value: "{{ mediawiki_install }}"
- option: mediawiki_enabled
value: "{{ mediawiki_enabled }}"
- option: mediawiki_src
value: "{{ mediawiki_src }}"
- option: mediawiki_abs_path
value: "{{ mediawiki_abs_path }}"
- option: mediawiki_db_name
value: "{{ mediawiki_db_name }}"
- option: mediawiki_db_user
value: "{{ mediawiki_db_user }}"
- option: mediawiki_url
value: "{{ mediawiki_url }}"
- option: mediawiki_full_url
value: "{{ mediawiki_full_url }}"
- name: Add 'mediawiki' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: mediawiki
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: MediaWiki
- option: description
value: '"MediaWiki is a blog and web site management application, from the people who create Wikipedia."'
- option: mediawiki_install
value: "{{ mediawiki_install }}"
- option: mediawiki_enabled
value: "{{ mediawiki_enabled }}"
- option: mediawiki_src
value: "{{ mediawiki_src }}"
- option: mediawiki_abs_path
value: "{{ mediawiki_abs_path }}"
- option: mediawiki_db_name
value: "{{ mediawiki_db_name }}"
- option: mediawiki_db_user
value: "{{ mediawiki_db_user }}"
- option: mediawiki_url
value: "{{ mediawiki_url }}"
- option: mediawiki_full_url
value: "{{ mediawiki_full_url }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

2
roles/minetest/README.rst
View file

@ -23,7 +23,7 @@ No password is required.
Configurable Parameters
-----------------------
If changes are necessary, please edit `/etc/iiab/local_vars.yml <http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_ (adding any variables that you need) prior to installation if possible:
If changes are necessary, please edit `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ (adding any variables that you need) prior to installation if possible:
- ``minetest_install:`` set Minetest up to install; default is False
- ``minetest_enabled:`` set Minetest up to be enabled; default is False

57
roles/minetest/tasks/main.yml
View file

@ -19,32 +19,39 @@
quiet: yes
- name: Install Minetest if 'minetest_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: provision.yml # i.e. install.yml in other roles
when: minetest_installed is undefined
- block:
- name: Install Minetest if 'minetest_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: provision.yml # i.e. install.yml in other roles
when: minetest_installed is undefined
- include_tasks: enable-or-disable.yml
- include_tasks: enable-or-disable.yml
- name: Add 'minetest' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: minetest
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Minetest Server
- option: description
value: '"Minetest is an open source clone of the Minecraft building blocks game."'
- option: minetest_install
value: "{{ minetest_install }}"
- option: minetest_enabled
value: "{{ minetest_enabled }}"
- option: minetest_world_dir
value: "{{ minetest_world_dir }}"
- option: minetest_port
value: "{{ minetest_port }}"
- option: minetest_world_dir
value: "{{ minetest_world_dir }}"
- name: Add 'minetest' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: minetest
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Minetest Server
- option: description
value: '"Minetest is an open source clone of the Minecraft building blocks game."'
- option: minetest_install
value: "{{ minetest_install }}"
- option: minetest_enabled
value: "{{ minetest_enabled }}"
- option: minetest_world_dir
value: "{{ minetest_world_dir }}"
- option: minetest_port
value: "{{ minetest_port }}"
- option: minetest_world_dir
value: "{{ minetest_world_dir }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

1
roles/mongodb/tasks/enable-or-disable.yml
View file

@ -1,6 +1,7 @@
- name: Enable & (Re)Start 'mongodb.service' if mongodb_enabled
systemd:
name: mongodb
daemon_reload: yes
enabled: yes
state: restarted
when: mongodb_enabled

14
roles/mongodb/tasks/install.yml
View file

@ -10,7 +10,7 @@
# being used on Raspbian, all I found! (Raspbian's apt pkg is MongoDB 2.4.14)
#
# mongodb_stretch_3_0_14_core.zip (20M) & mongodb_stretch_3_0_14_tools.zip (15M)
# were backed up from andyfelong.com to http://download.iiab.io/packages/
# were backed up from andyfelong.com to https://download.iiab.io/packages/
#
# CLARIF: mongodb_stretch_3_0_14_core.zip IS IN FACT 3.0.14 (core) BUT...
# mongodb_stretch_3_0_14_tools.zip IS REALLY 3.0.15 (tools)
@ -21,16 +21,16 @@
path: /tmp/mongodb-3.0.1x
state: directory
- name: Download & unzip 20MB http://download.iiab.io/packages/mongodb_stretch_3_0_14_core.zip to /tmp/mongodb-3.0.1x (aarch32)
- name: Download & unzip 20MB https://download.iiab.io/packages/mongodb_stretch_3_0_14_core.zip to /tmp/mongodb-3.0.1x (aarch32)
unarchive:
remote_src: yes
src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_core.zip" # http://download.iiab.io/packages
src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_core.zip" # https://download.iiab.io/packages
dest: /tmp/mongodb-3.0.1x
- name: Install (move) its 3 CORE binaries from /tmp/mongodb-3.0.1x/core to /usr/bin (aarch32)
shell: mv /tmp/mongodb-3.0.1x/core/* /usr/bin
- name: Download & unzip 15MB http://download.iiab.io/packages/mongodb_stretch_3_0_14_tools.zip [IN FACT THIS ONE'S 3.0.15] to /tmp/mongodb-3.0.1x (aarch32)
- name: Download & unzip 15MB https://download.iiab.io/packages/mongodb_stretch_3_0_14_tools.zip [IN FACT THIS ONE'S 3.0.15] to /tmp/mongodb-3.0.1x (aarch32)
unarchive:
remote_src: yes
src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_tools.zip"
@ -85,11 +85,11 @@
- name: Install mongodb-org's Debian buster source/repo (we only use x86_64 i.e. arm64) for MongoDB version {{ mongodb_64bit_version }}
apt_repository:
# 2020-10-28 and 2022-06-09: http://repo.mongodb.org/apt/debian/dists/
# 2020-10-28 and 2022-06-09: https://repo.mongodb.org/apt/debian/dists/
# supports only {Buster 10, Stretch 9, Jessie 8, Wheezy 7}. So Bullseye
# 11 and Bookworm 12 (testing branch) revert to buster for now:
repo: deb http://repo.mongodb.org/apt/debian buster/mongodb-org/{{ mongodb_64bit_version }} main
#repo: deb http://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main
repo: deb https://repo.mongodb.org/apt/debian buster/mongodb-org/{{ mongodb_64bit_version }} main
#repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main
state: present
filename: mongodb-org
when: is_debian and ansible_architecture == "x86_64"

51
roles/mongodb/tasks/main.yml
View file

@ -44,29 +44,36 @@
# ELSE...
- name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: mongodb_installed is undefined
# when: mongodb_installed is undefined and not (ansible_architecture == "aarch64" and is_debian_10 and not is_raspbian)
- block:
- name: Enable or Disable MongoDB, if mongodb_installed is defined (sugarizer.service auto-starts MongoDB as nec, so doesn't need this or care what happens here!)
include_tasks: enable-or-disable.yml
when: mongodb_installed is defined
- name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: mongodb_installed is undefined
# when: mongodb_installed is undefined and not (ansible_architecture == "aarch64" and is_debian_10 and not is_raspbian)
- name: Enable or Disable MongoDB (FYI sugarizer.service auto-starts MongoDB as nec, so doesn't need this or care what happens here!)
include_tasks: enable-or-disable.yml
- name: Add 'mongodb' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: mongodb
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: MongoDB
- option: description
value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."'
- option: mongodb_install
value: "{{ mongodb_install }}"
- option: mongodb_enabled
value: "{{ mongodb_enabled }}"
- name: Add 'mongodb' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: mongodb
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: MongoDB
- option: description
value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."'
- option: mongodb_install
value: "{{ mongodb_install }}"
- option: mongodb_enabled
value: "{{ mongodb_enabled }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

77
roles/monit/tasks/main.yml
View file

@ -19,43 +19,52 @@
quiet: yes
# 2019-07-06: The 'monit' package was suddenly removed from Debian 10.0.0
# "Buster" during the very final days prior to release, as confirmed by the
# sudden disappearance of these 2 pages:
#
# https://packages.debian.org/buster/monit
# https://packages.debian.org/source/buster/monit
#
# And yet Raspbian Buster (is_raspbian_10, which confusingly IIAB declares to
# be is_debian_10 in vars/raspbian-10.yml for now!) still provides 'monit' via
# apt -- so eliminating "Debian 10+" requires this funky conditional:
- block:
# 2020-09-21: The 'monit' package appears to be returning to Debian 11, per:
#
# https://packages.debian.org/bullseye/monit
# https://packages.debian.org/source/bullseye/monit
#
# SEE iiab/iiab#1849 re: "Debian 10 Buster no longer includes Monit" etc.
# 2019-07-06: The 'monit' package was suddenly removed from Debian 10.0.0
# "Buster" during the very final days prior to release, as confirmed by the
# sudden disappearance of these 2 pages:
#
# https://packages.debian.org/buster/monit
# https://packages.debian.org/source/buster/monit
#
# And yet Raspbian Buster (is_raspbian_10, which confusingly IIAB declares to
# be is_debian_10 in vars/raspbian-10.yml for now!) still provides 'monit' via
# apt -- so eliminating "Debian 10+" requires this funky conditional:
- name: Install Monit if 'monit_installed' not defined, e.g. in {{ iiab_state_file }} AND not Debian 10 # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: monit_installed is undefined and not (is_debian_10 and not is_raspbian)
#when: monit_installed is undefined and not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9))
# 2020-09-21: The 'monit' package appears to be returning to Debian 11, per:
#
# https://packages.debian.org/bullseye/monit
# https://packages.debian.org/source/bullseye/monit
#
# SEE iiab/iiab#1849 re: "Debian 10 Buster no longer includes Monit" etc.
- name: Install Monit if 'monit_installed' not defined, e.g. in {{ iiab_state_file }} AND not Debian 10 # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: monit_installed is undefined and not (is_debian_10 and not is_raspbian)
#when: monit_installed is undefined and not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9))
- include_tasks: enable-or-disable.yml
- include_tasks: enable-or-disable.yml
- name: Add 'monit' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: monit
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Monit
- option: description
value: '"Monit is a background service monitor which can correct problems, send email, restart services."'
- option: enabled
value: "{{ monit_enabled }}"
- name: Add 'monit' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: monit
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Monit
- option: description
value: '"Monit is a background service monitor which can correct problems, send email, restart services."'
- option: enabled
value: "{{ monit_enabled }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

2
roles/monit/templates/monitrc.unused
View file

@ -65,7 +65,7 @@ set daemon 300 # check services at 5-minute intervals
#
#
## Send status and events to M/Monit (for more informations about M/Monit
## see http://mmonit.com/). By default Monit registers credentials with
## see https://mmonit.com/). By default Monit registers credentials with
## M/Monit so M/Monit can smoothly communicate back to Monit and you don't
## have to register Monit credentials manually in M/Monit. It is possible to
## disable credential registration using the commented out option below.

49
roles/moodle/tasks/main.yml
View file

@ -19,28 +19,35 @@
quiet: yes
- name: Install Moodle if 'moodle_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: moodle_installed is undefined
- block:
- name: Install Moodle if 'moodle_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: moodle_installed is undefined
- include_tasks: enable-or-disable.yml
- include_tasks: enable-or-disable.yml
- name: Add 'moodle' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: moodle
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Moodle
- option: description
value: '"Access the Moodle learning management system."'
- option: moodle_install
value: "{{ moodle_install }}"
- option: moodle_enabled
value: "{{ moodle_enabled }}"
- option: moodle_base
value: "{{ moodle_base }}"
- name: Add 'moodle' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: moodle
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Moodle
- option: description
value: '"Access the Moodle learning management system."'
- option: moodle_install
value: "{{ moodle_install }}"
- option: moodle_enabled
value: "{{ moodle_enabled }}"
- option: moodle_base
value: "{{ moodle_base }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

2
roles/mosquitto/README.rst
View file

@ -9,7 +9,7 @@ Roughly follows this guide: https://www.digitalocean.com/community/tutorials/how
Using It
--------
Prior to installing IIAB, make sure your `/etc/iiab/local_vars.yml <http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_ contains::
Prior to installing IIAB, make sure your `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ contains::
mosquitto_install: True
mosquitto_enabled: True

45
roles/mosquitto/tasks/main.yml
View file

@ -19,26 +19,33 @@
quiet: yes
- name: Install Mosquitto if 'mosquitto_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: mosquitto_installed is undefined
- block:
- name: Install Mosquitto if 'mosquitto_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: mosquitto_installed is undefined
- include_tasks: enable-or-disable.yml
- include_tasks: enable-or-disable.yml
- name: Add 'mosquitto' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: mosquitto
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Mosquitto service
- option: description
value: '"Mosquitto (uses the MQTT protocol) is a pub-sub broker for electronics projects and educational Internet of Things (IoT) experiments. It''s designed for TCP/IP with remote locations where a ''small code footprint'' is required or bandwidth is limited. See also: Node-RED"'
- option: mosquitto_install
value: "{{ mosquitto_install }}"
- option: mosquitto_enabled
value: "{{ mosquitto_enabled }}"
- name: Add 'mosquitto' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: mosquitto
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Mosquitto service
- option: description
value: '"Mosquitto (uses the MQTT protocol) is a pub-sub broker for electronics projects and educational Internet of Things (IoT) experiments. It''s designed for TCP/IP with remote locations where a ''small code footprint'' is required or bandwidth is limited. See also: Node-RED"'
- option: mosquitto_install
value: "{{ mosquitto_install }}"
- option: mosquitto_enabled
value: "{{ mosquitto_enabled }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

16
roles/munin/tasks/nginx.yml → roles/munin/tasks/enable-or-disable.yml
View file

@ -1,3 +1,19 @@
- name: Enable & Start 'munin-node' systemd service
systemd:
name: munin-node
daemon_reload: yes
enabled: yes
state: started
when: munin_enabled
- name: Disable & Stop 'munin-node' systemd service
systemd:
name: munin-node
enabled: no
state: stopped
when: not munin_enabled
- name: Enable http://box/munin via NGINX, by installing {{ nginx_conf_dir }}/munin24-nginx.conf from template
template:
src: munin24-nginx.conf.j2

59
roles/munin/tasks/main.yml
View file

@ -19,42 +19,33 @@
quiet: yes
- name: Install Munin if 'munin_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: munin_installed is undefined
- block:
- name: Install Munin if 'munin_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: munin_installed is undefined
- name: Enable & Start 'munin-node' systemd service
systemd:
name: munin-node
daemon_reload: yes
enabled: yes
state: started
when: munin_enabled
- include_tasks: enable-or-disable.yml
- name: Disable & Stop 'munin-node' systemd service
systemd:
name: munin-node
enabled: no
state: stopped
when: not munin_enabled
- name: Add 'munin' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: munin
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Munin
- option: description
value: '"Munin is a networked resource monitoring tool that can help analyze resource trends and ''what just happened to kill our performance?'' problems."'
- option: munin_install
value: "{{ munin_install }}"
- option: munin_enabled
value: "{{ munin_enabled }}"
- name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml
rescue:
- name: Add 'munin' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: munin
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Munin
- option: description
value: '"Munin is a networked resource monitoring tool that can help analyze resource trends and ''what just happened to kill our performance?'' problems."'
- option: munin_install
value: "{{ munin_install }}"
- option: munin_enabled
value: "{{ munin_enabled }}"
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

2
roles/network/README.rst
View file

@ -2,7 +2,7 @@
Network README
==============
This is run by `Ansible <http://wiki.laptop.org/go/IIAB/FAQ#What_is_Ansible_and_what_version_should_I_use.3F>`_ after it has installed the core (`Stages 0-to-9 <https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible>`_) of `Internet-in-a-Box (IIAB) <https://internet-in-a-box.org>`_ and its apps/services.
This is run by `Ansible <https://wiki.iiab.io/go/FAQ#What_is_Ansible_and_what_version_should_I_use%3F>`_ after it has installed the core (`Stages 0-to-9 <https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible>`_) of `Internet-in-a-Box (IIAB) <https://internet-in-a-box.org>`_ and its apps/services.
Specifically, this 'network' role is run...

4
roles/network/defaults/main.yml
View file

@ -27,6 +27,7 @@
# hostapd_enabled: True
# Above set in /opt/iiab/iiab/vars/default_vars.yml
hostapd_wait: 10
host_wireless_n: False
driver_name: nl80211
@ -63,7 +64,8 @@ can_be_ap: False
exclude_devices: none
device_gw: none
prior_gw_device: unset
# 2022-06-29: Legacy vars no longer used by roles/0-init
discovered_wan_iface: none # 2021-07-30: Very broadly used!
iiab_wan_iface: none
iiab_lan_iface: none
discovered_lan_iface: none

2
roles/network/tasks/computed_network.yml
View file

@ -172,3 +172,5 @@
value: "{{ iiab_lan_iface }}"
- option: iiab_network_mode
value: "{{ iiab_network_mode }}"
- option: network_enabled
value: "{{ network_enabled }}"

10
roles/network/tasks/detected_network.yml
View file

@ -1,3 +1,13 @@
# Similar code block in roles/vnstat/tasks/install.yml
- name: Do we have a gateway? If 'ip route' specifies a default route, Ansible parses details here...
debug:
var: ansible_default_ipv4
- name: "If above ansible_default_ipv4.gateway is defined, set WAN candidate 'discovered_wan_iface: {{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias"
set_fact:
discovered_wan_iface: "{{ ansible_default_ipv4.alias }}"
when: ansible_default_ipv4.gateway is defined
# so this works
- name: Interface count
shell: ls /sys/class/net | grep -v {{ virtual_network_devices }} | wc | awk '{print $1}'

4
roles/network/tasks/enable_services.yml
View file

@ -32,8 +32,8 @@
# mode: "{{ item.mode }}"
with_items:
- { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf' }
- { src: 'named/school.local.zone.db', dest: '/var/named-iiab/' }
- { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/' }
- { src: 'named/school.local.zone.db.j2', dest: '/var/named-iiab/school.local.zone.db' }
- { src: 'named/school.internal.zone.db.j2', dest: '/var/named-iiab/school.internal.zone.db' }
when: named_install and named_enabled
- name: Enable named service ({{ dns_service }}) if named_enabled

17
roles/network/tasks/hostapd.yml
View file

@ -50,21 +50,8 @@
mode: 0644
when: not wifi_up_down and can_be_ap
- name: Create /usr/bin/iiab-hotspot-on from template
template:
src: hostapd/iiab-hotspot-on
dest: /usr/bin/iiab-hotspot-on
owner: root
group: root
mode: 0755
- name: Create /usr/bin/iiab-hotspot-off from template
template:
src: hostapd/iiab-hotspot-off
dest: /usr/bin/iiab-hotspot-off
owner: root
group: root
mode: 0755
# 2022-07-11: Install of iiab-hotspot-on|off moved to network/tasks/main.yml
# as required for Admin Console
- name: Create dhcpcd hook for hostapd and ap0 when wifi_up_down True
template:

47
roles/2-common/tasks/network.yml → roles/network/tasks/install.yml
View file

@ -1,6 +1,9 @@
# 2022-03-16: 'apt show <pkg> | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop.
- name: Install package networkd-dispatcher (OS's other than RaspiOS)
- name: Install dnsmasq -- configure LATER in 'network', after Stage 9
include_tasks: roles/network/tasks/dnsmasq.yml
- name: Install package networkd-dispatcher (OS's other than RasPiOS)
package:
name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes
state: present
@ -16,19 +19,19 @@
# total download size) and they can help IIAB field operators with BOTH
# (1) internal WiFi AND (2) USB WiFi devices inserted anytime/later.
- name: 'Install 11 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, rfkill, wpasupplicant, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network'
- name: 'Install 11 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, rfkill, wireless-tools, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network'
package:
name:
- avahi-daemon # 97kB download: RaspiOS (and package libnss-mnds, below) install this regardless -- holdover from the XO days and used to advertise ssh/admin-console being available via avahi-daemon -- used with https://github.com/iiab/iiab/blob/master/roles/network/tasks/avahi.yml
- avahi-daemon # 97kB download: RasPiOS (and package libnss-mnds, below) install this regardless -- holdover from the XO days and used to advertise ssh/admin-console being available via avahi-daemon -- used with https://github.com/iiab/iiab/blob/master/roles/network/tasks/avahi.yml
#- avahi-discover # 46kB download: 2021-07-27: Commented out long ago
- hostapd # 764kB download: IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator -- has its service masked out of the box, and only used when IIAB's network roles detects the presence of WiFi and an AP is desired
#- inetutils-syslogd # 240kB download: 2021-07-27: Error logging facility -- holdover from the XO days, journalctl has replaced this in newer distros
- iproute2 # 902kB download: RaspiOS installs this regardless -- the new networking and traffic control tools, meant to replace net-tools
- iproute2 # 902kB download: RasPiOS installs this regardless -- the new networking and traffic control tools, meant to replace net-tools
- iptables-persistent # 12kB download: Boot-time loader for netfilter rules, iptables (firewall) plugin -- however Netfilter / nftables is ever moving forward so keep an eye on it!
- iw # 97kB download: RasPiOS installs this regardless -- configure Linux wireless devices -- hard dependence for ap0 creation, SEE https://github.com/iiab/iiab/blob/master/roles/network/templates/hostapd/iiab-clone-wifi.service.j2
- libnss-mdns # 27kB download: RaspiOS (and package avahi-daemon, above) install this regardless -- client-side library -- provides name resolution via mDNS (Multicast DNS) using Zeroconf/Bonjour e.g. Avahi
- libnss-mdns # 27kB download: RasPiOS (and package avahi-daemon, above) install this regardless -- client-side library -- provides name resolution via mDNS (Multicast DNS) using Zeroconf/Bonjour e.g. Avahi
- netmask # 25kB download: Handy utility -- helps determine network masks
- net-tools # 248kB download: RaspiOS installs this regardless -- @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output?
- net-tools # 248kB download: RasPiOS installs this regardless -- @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output?
- rfkill # 87kB download: RasPiOS installs this regardless -- enable & disable wireless devices
- wireless-tools # 112kB download: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions
- wpasupplicant # 1188kB download: RasPiOS installs this regardless -- client library for connections to a WiFi AP
@ -44,7 +47,7 @@
# Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes:
- name: "Use 'sysctl' to set 'kernel.core_uses_pid: 1' + 4 network settings in /etc/sysctl.conf -- e.g. disabling IPv6 (this might be overkill, as IPv6 should really only be disabled on the LAN side, i.e. br0)"
- name: "4 network settings in /etc/sysctl.conf -- e.g. disabling IPv6 (this might be overkill, as IPv6 should really only be disabled on the LAN side, i.e. br0)"
sysctl: # Places these settings in /etc/sysctl.conf, to survive reboot
name: "{{ item.name }}"
value: "{{ item.value }}"
@ -52,10 +55,34 @@
- { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet
- { name: 'net.ipv4.conf.default.rp_filter', value: '1' }
- { name: 'net.ipv4.conf.default.accept_source_route', value: '0' }
#- { name: 'kernel.sysrq', value: '1' } # OS values differ, Ok?
- { name: 'kernel.core_uses_pid', value: '1' }
#- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020
#- { name: 'kernel.shmmax', value: '268435456' } # OS values differ, Ok?
- { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled
#- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET
#- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE
# UNMAINTAINED
- name: Install named / BIND
include_tasks: roles/network/tasks/named.yml
when: named_install is defined and named_install
# UNMAINTAINED
- name: Install dhcpd
include_tasks: roles/network/tasks/dhcpd.yml
when: dhcpd_install is defined and dhcpd_install
# LESS MAINTAINED
- name: Install Squid
include_tasks: roles/network/tasks/squid.yml
when: squid_install and squid_installed is undefined
- name: "Set 'network_installed: True'"
set_fact:
network_installed: True
- name: "Add 'network_installed: True' to {{ iiab_state_file }}"
lineinfile:
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^network_installed'
line: 'network_installed: True'

114
roles/network/tasks/main.yml
View file

@ -21,59 +21,83 @@
- name: computed_network
include_tasks: computed_network.yml
# - name: Configure wondershaper
# include_tasks: wondershaper.yml
# when: wondershaper_install or wondershaper_installed is defined
- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall)
include_tasks: install.yml
when: network_install and network_installed is undefined
- name: (Re)Install named
include_tasks: named.yml
when: named_install and FQDN_changed and iiab_stage|int == 9
- name: Create /usr/bin/iiab-hotspot-on from template
template:
src: hostapd/iiab-hotspot-on
dest: /usr/bin/iiab-hotspot-on
owner: root
group: root
mode: 0755
- name: (Re)Install dhcpd
include_tasks: dhcpd.yml
when: dhcpd_install and FQDN_changed and iiab_stage|int == 9
- name: Create /usr/bin/iiab-hotspot-off from template
template:
src: hostapd/iiab-hotspot-off
dest: /usr/bin/iiab-hotspot-off
owner: root
group: root
mode: 0755
- name: (Re)Install Squid
include_tasks: squid.yml
when: squid_install and FQDN_changed and iiab_stage|int == 9
- name: Configuring Network if enabled
block:
# - name: Configure wondershaper
# include_tasks: wondershaper.yml
# when: wondershaper_install or wondershaper_installed is defined
#preprep for backends
- name: Netplan in use on Ubuntu 18.04+
include_tasks: netplan.yml
when: is_ubuntu and not is_ubuntu_16
- name: (Re)Install named
include_tasks: named.yml
when: named_install and FQDN_changed and iiab_stage|int == 9
#### Start services
- name: avahi
include_tasks: avahi.yml
- name: hostapd
include_tasks: hostapd.yml
- name: computed_services
include_tasks: computed_services.yml
- name: enable_services
include_tasks: enable_services.yml
#### End services
- name: (Re)Install dhcpd
include_tasks: dhcpd.yml
when: dhcpd_install and FQDN_changed and iiab_stage|int == 9
#### Start network layout
#- name: Redhat networking
# include_tasks: ifcfg_mods.yml
# when: is_redhat
- name: (Re)Install Squid
include_tasks: squid.yml
when: squid_install and FQDN_changed and iiab_stage|int == 9
- name: NetworkManager in use
include_tasks: NM-debian.yml
when: is_debuntu and network_manager_active
#preprep for backends
- name: Netplan in use on Ubuntu 18.04+
include_tasks: netplan.yml
when: is_ubuntu and not is_ubuntu_16
- name: systemd-networkd in use
include_tasks: sysd-netd-debian.yml
when: is_debuntu and systemd_networkd_active
#### Start services
- name: avahi
include_tasks: avahi.yml
- name: hostapd
include_tasks: hostapd.yml
- name: computed_services
include_tasks: computed_services.yml
- name: enable_services
include_tasks: enable_services.yml
#### End services
- name: Raspbian uses dhcpcd only with no N-M or SYS-NETD active
include_tasks: rpi_debian.yml
when: is_raspbian
#### Start network layout
#- name: Redhat networking
# include_tasks: ifcfg_mods.yml
# when: is_redhat
- name: Not RPi, Not NetworkManager, Not systemd-networkd in use
include_tasks: debian.yml
when: (not is_raspbian and not network_manager_active and not systemd_networkd_active and is_debuntu) or is_ubuntu_16
#### end network layout
- name: NetworkManager in use
include_tasks: NM-debian.yml
when: is_debuntu and network_manager_active
- name: Restart services
include_tasks: restart.yml
- name: systemd-networkd in use
include_tasks: sysd-netd-debian.yml
when: is_debuntu and systemd_networkd_active
- name: Raspbian uses dhcpcd only with no N-M or SYS-NETD active
include_tasks: rpi_debian.yml
when: is_raspbian
- name: Not RPi, Not NetworkManager, Not systemd-networkd in use
include_tasks: debian.yml
when: (not is_raspbian and not network_manager_active and not systemd_networkd_active and is_debuntu) or is_ubuntu_16
#### end network layout
- name: Restart services
include_tasks: restart.yml
# end block
when: network_installed is defined and network_enabled

4
roles/network/tasks/named.yml
View file

@ -58,8 +58,8 @@
- { src: 'roles/network/templates/named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
# the following two files are not writeable by named, but bind 9.4 cannot discover that fact correctly
- { src: 'roles/network/templates/named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db', owner: "root", mode: '0644' }
- { src: 'roles/network/templates/named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db', owner: "root", mode: '0644' }
- { src: 'roles/network/templates/named/school.internal.zone.db.j2', dest: '/var/named-iiab/school.internal.zone.db', owner: "root", mode: '0644' }
- { src: 'roles/network/templates/named/school.local.zone.db.j2', dest: '/var/named-iiab/school.local.zone.db', owner: "root", mode: '0644' }
- { src: 'roles/network/templates/named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/dummy', dest: '/var/named-iiab/data/dummy', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/named.blackhole', dest: '/var/named-iiab/named.blackhole', owner: "{{ dns_user }}", mode: '0644' }

24
roles/network/tasks/netplan.yml
View file

@ -59,14 +59,22 @@
with_items:
- "{{ netplan.stdout_lines }}"
- name: Replace networkd-dispatcher #2585 for "groovy"
get_url:
url: https://gitlab.com/craftyguy/networkd-dispatcher/-/raw/2.1/networkd-dispatcher
dest: /usr/bin/networkd-dispatcher
timeout: "{{ download_timeout }}"
when: internet_available and fix_dispatcher and ansible_distribution_release == "groovy"
# 2021-08-29 context from @jvonau: Fix is 'Groovy' specific, 21.04 and later
# should have the fix baked into a newer apt package installed by default.
# 2022-06-30: Ubuntu Groovy (20.10) is ancient history but this code might now
# help Linux Mint ?
#
# 2022-05-29: @jvonau wrote on #3106 "networkd-dispatcher has a traceback,
# I suspect the cause is the same as found #2645, need to confirm the package
# version installed with apt list networkd-dispatcher before suggesting the
# workaround be extended to LinuxMint"
#
# - name: Replace networkd-dispatcher #2585 for "groovy"
# get_url:
# url: https://gitlab.com/craftyguy/networkd-dispatcher/-/raw/2.1/networkd-dispatcher
# dest: /usr/bin/networkd-dispatcher
# timeout: "{{ download_timeout }}"
# when: iiab_stage|int < 9 and fix_dispatcher and ansible_distribution_release == "groovy"
# # 2021-08-29 context from @jvonau: Fix is 'Groovy' specific, 21.04 and later
# # should have the fix baked into a newer apt package installed by default.
#- name: Supply netplan template
# template:

59
roles/network/templates/dhcp/dhcpd-iiab.conf.j2
View file

@ -5,27 +5,44 @@ ddns-update-style interim;
#ignore client-updates;
option domain-name "{{ iiab_domain }}";
option domain-name-servers 172.18.96.1;
option ntp-servers 172.18.96.1;
option domain-name-servers {{ lan_ip }};
option ntp-servers {{ lan_ip }};
{% if network_172 %}
subnet 172.18.96.0 netmask 255.255.224.0 {
{% if iiab_network_mode == "Gateway" %}
option routers 172.18.96.1;
{% endif %}
option subnet-mask 255.255.224.0;
option broadcast-address 172.18.127.255;
# this is the whole range we have available - 8K addresses
# range 172.18.96.2 172.18.127.254;
# instead, we'll save 510 addresses for later.
range 172.18.96.2 172.18.125.254;
# the other /24s:
# -> 172.18.126.0/24 for static IP addresses
# for printers, AP management consoles, etc.
# -> 172.18.127.0/24 for temporary addresses for
# XO activation
# As this subnet is wired or wifi a/b/g, these lease
# times are on the long side
default-lease-time 10800;
max-lease-time 21600;
{% if iiab_network_mode == "Gateway" %}
option routers {{ lan_ip }};
{% endif %}
option subnet-mask 255.255.224.0;
option broadcast-address 172.18.127.255;
# Description of network allocations in old OLPC school server
# this is the whole range we have available - 8K addresses
# range 172.18.96.2 172.18.127.254;
# instead, we'll save 510 addresses for later.
range 172.18.96.2 172.18.125.254;
# the other /24s:
# -> 172.18.126.0/24 for static IP addresses
# for printers, AP management consoles, etc.
# -> 172.18.127.0/24 for temporary addresses for
# XO activation
# As this subnet is wired or wifi a/b/g, these lease
# times are on the long side
default-lease-time 10800;
max-lease-time 21600;
}
{% else %}
subnet 10.10.10.0 netmask 255.255.255.0 {
{% if iiab_network_mode == "Gateway" %}
option routers {{ lan_ip }};
{% endif %}
option subnet-mask 255.255.255.0;
option broadcast-address 10.10.10.255;
range 10.10.10.11 10.10.10.254;
# As this subnet is wired or wifi a/b/g, these lease
# times are on the long side
default-lease-time 10800;
max-lease-time 21600;
}
{% endif %}

2
roles/network/templates/gateway/iiab-gen-iptables
View file

@ -64,7 +64,7 @@ echo "iiab_gateway_enabled: $iiab_gateway_enabled"
echo
#network_mode=`grep iiab_network_mode_applied /etc/iiab/iiab.ini | gawk '{print $3}'`
#echo -e "Network Mode: $network_mode\n"
lan_ip=$(iiab_var_value lan_ip) # 172.18.96.1
lan_ip=$(iiab_var_value lan_ip) # e.g. 10.10.10.10
ports_externally_visible=$(iiab_var_value ports_externally_visible)
gw_block_https=$(iiab_var_value gw_block_https)

27
roles/network/templates/named/school.internal.zone.db
View file

@ -1,27 +0,0 @@
@ in soa localhost. root 1 3H 15M 1W 1D
ns localhost.
{{ iiab_hostname }} IN A 172.18.96.1
schoolserver IN A 172.18.96.1
school IN A 172.18.96.1
www IN A 172.18.96.1
ntp IN A 172.18.96.1
time IN A 172.18.96.1
presence IN A 172.18.96.1
xs IN A 172.18.96.1
library IN A 172.18.96.1
box IN A 172.18.96.1
conference.schoolserver IN A 172.18.96.1
; translations of school - in plain latin script
; or un punycode of the utf-8 representation
; es - escuela
escuela IN CNAME school
; de - schule
schule IN CNAME school

27
roles/network/templates/named/school.internal.zone.db.j2 Normal file
View file

@ -0,0 +1,27 @@
@ in soa localhost. root 1 3H 15M 1W 1D
ns localhost.
{{ iiab_hostname }} IN A {{ lan_ip }}
schoolserver IN A {{ lan_ip }}
school IN A {{ lan_ip }}
www IN A {{ lan_ip }}
ntp IN A {{ lan_ip }}
time IN A {{ lan_ip }}
presence IN A {{ lan_ip }}
xs IN A {{ lan_ip }}
library IN A {{ lan_ip }}
box IN A {{ lan_ip }}
conference.schoolserver IN A {{ lan_ip }}
; translations of school - in plain latin script
; or un punycode of the utf-8 representation
; es - escuela
escuela IN CNAME school
; de - schule
schule IN CNAME school

22
roles/network/templates/named/school.local.zone.db → roles/network/templates/named/school.local.zone.db.j2
View file

@ -3,18 +3,18 @@
@ in soa localhost. root 1 3H 15M 1W 1D
ns localhost.
{{ iiab_hostname }} IN A 172.18.96.1
schoolserver IN A 172.18.96.1
school IN A 172.18.96.1
www IN A 172.18.96.1
ntp IN A 172.18.96.1
time IN A 172.18.96.1
presence IN A 172.18.96.1
xs IN A 172.18.96.1
library IN A 172.18.96.1
box IN A 172.18.96.1
{{ iiab_hostname }} IN A {{ lan_ip }}
schoolserver IN A {{ lan_ip }}
school IN A {{ lan_ip }}
www IN A {{ lan_ip }}
ntp IN A {{ lan_ip }}
time IN A {{ lan_ip }}
presence IN A {{ lan_ip }}
xs IN A {{ lan_ip }}
library IN A {{ lan_ip }}
box IN A {{ lan_ip }}
conference.schoolserver IN A 172.18.96.1
conference.schoolserver IN A {{ lan_ip }}
; translations of school - in plain latin script

4
roles/network/templates/network/bridge-br0
View file

@ -6,7 +6,11 @@ interface-name=br0
permissions=
[ipv4]
{% if network_172 %}
address1={{ lan_ip }}/19
{% else %}
address1={{ lan_ip }}/24
{% endif %}
dns-search={{ iiab_domain }}
method=manual

4
roles/network/templates/network/dhcpcd.conf.j2
View file

@ -58,7 +58,11 @@ denyinterfaces {{ iiab_wired_lan_iface }}
{% if dhcpcd_result == "enabled" and iiab_lan_iface != "none" %}
interface {{ iiab_lan_iface }}
{% if network_172 %}
static ip_address={{ lan_ip }}/19
{% else %}
static ip_address={{ lan_ip }}/24
{% endif %}
static domain_name_servers=127.0.0.1
{% endif %}

5
roles/network/templates/network/dnsmasq.conf.j2
View file

@ -18,7 +18,12 @@ addn-hosts=/etc/hosts.dnsmasq
expand-hosts
# Specify the range of IP addresses the DHCP server will lease out to devices, and the duration of the lease
{% if network_172 %}
dhcp-range=172.18.100.1,172.18.126.254,1h
{% else %}
dhcp-range=10.10.10.11,10.10.10.254,1h
{% endif %}
# Specify the default route
dhcp-option=3,{{ lan_ip }}
# Specify the DNS server address

4
roles/network/templates/network/systemd-br0-network.j2
View file

@ -3,7 +3,11 @@
Name=br0
[Network]
{% if network_172 %}
Address={{ lan_ip }}/19
{% else %}
Address={{ lan_ip }}/24
{% endif %}
LinkLocalAddressing=no
ConfigureWithoutCarrier=yes
RequiredForOnline=degraded-carrier

4
roles/nextcloud/README.md
View file

@ -1,6 +1,6 @@
# Nextcloud README
Students and teachers can store their documents, calendars, contacts and photos locally within [Nextcloud](https://nextcloud.com), which is much like having a (local) version of Dropbox or Google Drive on your very own [Internet-in-a-Box](http://internet-in-a-box.org).
Students and teachers can store their documents, calendars, contacts and photos locally within [Nextcloud](https://nextcloud.com), which is much like having a (local) version of Dropbox or Google Drive on your very own [Internet-in-a-Box](https://internet-in-a-box.org).
This Ansible playbook was derived from an earlier ownCloud playbook thanks to [Josh Dennis](https://github.com/floydianslips) in 2016/2017.
@ -43,7 +43,7 @@ Useful PHP recommendations for these settings (while largely tailored to WordPre
## Using It
Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://172.18.96.1/nextcloud (or similar) using:
Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://10.10.10.10/nextcloud (or similar) using:
Username: Admin
Password: changeme

2
roles/nextcloud/defaults/main.yml
View file

@ -14,7 +14,7 @@
# 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle
# you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112).
# The following line can avoid that: (but might install an older Nextcloud!)
# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2
# nextcloud_dl_url: https://d.iiab.io/packages/latest.tar.bz2
nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest.tar.bz2
nextcloud_url: /nextcloud

67
roles/nextcloud/tasks/main.yml
View file

@ -19,37 +19,44 @@
quiet: yes
- name: Install Nextcloud if 'nextcloud_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: nextcloud_installed is undefined
- block:
- name: Install Nextcloud if 'nextcloud_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: nextcloud_installed is undefined
- name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml
- name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml
- name: Add 'nextcloud' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: Nextcloud
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Nextcloud
- option: description
value: '"Nextcloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."'
- option: nextcloud_install
value: "{{ nextcloud_install }}"
- option: nextcloud_enabled
value: "{{ nextcloud_enabled }}"
- option: nextcloud_dl_url
value: "{{ nextcloud_dl_url }}"
- option: nextcloud_url
value: "{{ nextcloud_url }}"
- option: nextcloud_base_dir
value: "{{ nextcloud_base_dir }}"
- option: nextcloud_root_dir
value: "{{ nextcloud_root_dir }}"
- option: nextcloud_data_dir
value: "{{ nextcloud_data_dir }}"
- name: Add 'nextcloud' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: Nextcloud
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Nextcloud
- option: description
value: '"Nextcloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."'
- option: nextcloud_install
value: "{{ nextcloud_install }}"
- option: nextcloud_enabled
value: "{{ nextcloud_enabled }}"
- option: nextcloud_dl_url
value: "{{ nextcloud_dl_url }}"
- option: nextcloud_url
value: "{{ nextcloud_url }}"
- option: nextcloud_base_dir
value: "{{ nextcloud_base_dir }}"
- option: nextcloud_root_dir
value: "{{ nextcloud_root_dir }}"
- option: nextcloud_data_dir
value: "{{ nextcloud_data_dir }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

2
roles/nginx/README.md
View file

@ -35,7 +35,7 @@
* usb_lib
* wordpress
2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service:<!--But if you want to attempt their "Shim" proxying legacy testing mode, try setting your *primary web server* to Apache using `apache_install: True` and `apache_enabled: True` (and `nginx_enabled: False` to disable NGINX) in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) before you install IIAB. You may also need to run `cd /opt/iiab/iiab; ./runrole httpd` since this has been removed from [roles/3-base-server/tasks/main.yml](https://github.com/iiab/iiab/blob/master/roles/3-base-server/tasks/main.yml)-->
2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service:<!--But if you want to attempt their "Shim" proxying legacy testing mode, try setting your *primary web server* to Apache using `apache_install: True` and `apache_enabled: True` (and `nginx_enabled: False` to disable NGINX) in [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F) before you install IIAB. You may also need to run `cd /opt/iiab/iiab; ./runrole httpd` since this has been removed from [roles/3-base-server/tasks/main.yml](https://github.com/iiab/iiab/blob/master/roles/3-base-server/tasks/main.yml)-->
* **NONE: Apache support is now fully REMOVED as of 2021-08-08** ([PR #2850](https://github.com/iiab/iiab/pull/2850))

44
roles/nodejs/tasks/main.yml
View file

@ -35,23 +35,31 @@
var: nodejs_installed
- name: Install Node.js if 'nodejs_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: nodejs_installed is undefined
- block:
- name: Install Node.js if 'nodejs_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: nodejs_installed is undefined
- name: Add 'nodejs' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: nodejs
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Node.js
- option: description
value: '"Node.js is a JavaScript runtime environment built on Chrome''s V8 JavaScript engine, that executes JavaScript code outside of a browser."'
- option: nodejs_install
value: "{{ nodejs_install }}"
- option: nodejs_enabled
value: "{{ nodejs_enabled }}"
- name: Add 'nodejs' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: nodejs
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Node.js
- option: description
value: '"Node.js is a JavaScript runtime environment built on Chrome''s V8 JavaScript engine, that executes JavaScript code outside of a browser."'
- option: nodejs_install
value: "{{ nodejs_install }}"
- option: nodejs_enabled
value: "{{ nodejs_enabled }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

45
roles/nodered/tasks/main.yml
View file

@ -19,26 +19,33 @@
quiet: yes
- name: Install Node-RED if nodered_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: nodered_installed is undefined
- block:
- name: Install Node-RED if nodered_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: nodered_installed is undefined
- include_tasks: enable-or-disable.yml
- include_tasks: enable-or-disable.yml
- name: Add 'nodered' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: nodered
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Node-RED
- option: description
value: '"Node-RED is a flow-based development tool for visual programming developed originally by IBM for wiring together hardware devices, APIs and online services as part of the Internet of Things. Node-RED provides a web browser-based flow editor, which can be used to create JavaScript functions."'
- option: nodered_install
value: "{{ nodered_install }}"
- option: nodered_enabled
value: "{{ nodered_enabled }}"
- name: Add 'nodered' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: nodered
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Node-RED
- option: description
value: '"Node-RED is a flow-based development tool for visual programming developed originally by IBM for wiring together hardware devices, APIs and online services as part of the Internet of Things. Node-RED provides a web browser-based flow editor, which can be used to create JavaScript functions."'
- option: nodered_install
value: "{{ nodered_install }}"
- option: nodered_enabled
value: "{{ nodered_enabled }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

6
roles/osm-vector-maps/defaults/main.yml
View file

@ -15,8 +15,8 @@ maps_branch: master # Quotes not required
#maps_branch: maps7.3
# 2022-04-30 -- Bluehost (timmoody.com) has become extremely slow!
#map_installer_url: http://timmoody.com/iiab-files/maps
map_installer_url: http://download.iiab.io/content/OSM/vector-tiles
#map_installer_url: https://timmoody.com/iiab-files/maps
map_installer_url: https://download.iiab.io/content/OSM/vector-tiles
installer_planet: planet_z0-z6_2020.mbtiles
installer_satellite: satellite_z0-z6_2020.mbtiles
@ -29,4 +29,4 @@ archive_org_url: https://archive.org/download
# 2022-04-30 -- Unused, but URL illustrates legacy approach:
#iiab_map_url: http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden
#iiab_map_url: https://download.iiab.io/content/OSM/vector-tiles/maplist/hidden

2
roles/osm-vector-maps/tasks/install.yml
View file

@ -79,7 +79,7 @@
- name: Download 48MB {{ map_installer_url }}/{{ installer_planet }} to {{ vector_map_path }}/installer/ -- for map installer
get_url:
url: "{{ map_installer_url }}/{{ installer_planet }}" # e.g. http://download.iiab.io/content/OSM/vector-tiles + / + planet_z0-z6_2020.mbtiles
url: "{{ map_installer_url }}/{{ installer_planet }}" # e.g. https://download.iiab.io/content/OSM/vector-tiles + / + planet_z0-z6_2020.mbtiles
dest: "{{ vector_map_path }}/installer/"
timeout: "{{ download_timeout }}"

Some files were not shown because too many files have changed in this diff Show more