Merge pull request #367 from iiab/master

sync from iiab:master
2025-03-09 15:40:17 +00:00 · 2020-02-10 09:02:48 -05:00 · 2020-02-10 09:02:48 -05:00 · 159512ed03
commit 159512ed03
parent d29a653e9b 3576bf0565
131 changed files with 2135 additions and 1625 deletions
--- a/roles/0-DEPRECATED-ROLES/pathagar/tasks/main.yml
+++ b/roles/0-DEPRECATED-ROLES/pathagar/tasks/main.yml
@ -3,7 +3,7 @@
    postgresql_install: True
    postgresql_enabled: True
- name: POSTGRESQL - run the 'postgresql' role
+- name: POSTGRESQL - run 'postgresql' role
  include_role:
    name: postgresql
--- a/roles/2-common/tasks/main.yml
+++ b/roles/2-common/tasks/main.yml
@ -52,6 +52,6 @@
 - name: Recording STAGE 2 HAS COMPLETED ==========================
  lineinfile:
-    dest: "{{ iiab_env_file }}"
+    path: "{{ iiab_env_file }}"
    regexp: '^STAGE=*'
    line: 'STAGE=2'
--- a/roles/3-base-server/tasks/main.yml
+++ b/roles/3-base-server/tasks/main.yml
@ -23,6 +23,6 @@
 - name: Recording STAGE 3 HAS COMPLETED =====================
  lineinfile:
-    dest: "{{ iiab_env_file }}"
+    path: "{{ iiab_env_file }}"
    regexp: '^STAGE=*'
    line: 'STAGE=3'
--- a/roles/4-server-options/tasks/main.yml
+++ b/roles/4-server-options/tasks/main.yml
@ -50,6 +50,6 @@
 - name: Recording STAGE 4 HAS COMPLETED ==================
  lineinfile:
-    dest: "{{ iiab_env_file }}"
+    path: "{{ iiab_env_file }}"
    regexp: '^STAGE=*'
    line: 'STAGE=4'
--- a/roles/5-xo-services/tasks/main.yml
+++ b/roles/5-xo-services/tasks/main.yml
@ -23,6 +23,6 @@
 - name: Recording STAGE 5 HAS COMPLETED =====================
  lineinfile:
-    dest: "{{ iiab_env_file }}"
+    path: "{{ iiab_env_file }}"
    regexp: '^STAGE=*'
    line: 'STAGE=5'
--- a/roles/6-generic-apps/tasks/main.yml
+++ b/roles/6-generic-apps/tasks/main.yml
@ -67,6 +67,6 @@
 - name: Recording STAGE 6 HAS COMPLETED ====================
  lineinfile:
-    dest: "{{ iiab_env_file }}"
+    path: "{{ iiab_env_file }}"
    regexp: '^STAGE=*'
    line: 'STAGE=6'
--- a/roles/7-edu-apps/tasks/main.yml
+++ b/roles/7-edu-apps/tasks/main.yml
@ -47,6 +47,6 @@
 - name: Recording STAGE 7 HAS COMPLETED ========================
  lineinfile:
-    dest: "{{ iiab_env_file }}"
+    path: "{{ iiab_env_file }}"
    regexp: '^STAGE=*'
    line: 'STAGE=7'
--- a/roles/8-mgmt-tools/tasks/main.yml
+++ b/roles/8-mgmt-tools/tasks/main.yml
@ -35,6 +35,6 @@
 - name: Recording STAGE 8 HAS COMPLETED ======================
  lineinfile:
-    dest: "{{ iiab_env_file }}"
+    path: "{{ iiab_env_file }}"
    regexp: '^STAGE=*'
    line: 'STAGE=8'
--- a/roles/9-local-addons/tasks/main.yml
+++ b/roles/9-local-addons/tasks/main.yml
@ -12,7 +12,6 @@
 - name: CAPTIVE PORTAL
  include_role:
    name: captiveportal
  #include_tasks: roles/captiveportal/tasks/main.yml
  when: captiveportal_install | bool
 - name: MINETEST
@ -52,6 +51,6 @@
 - name: Recording STAGE 9 HAS COMPLETED ====================
  lineinfile:
-    dest: "{{ iiab_env_file }}"
+    path: "{{ iiab_env_file }}"
    regexp: '^STAGE=*'
    line: 'STAGE=9'
--- a/roles/awstats/tasks/apache.yml
+++ b/roles/awstats/tasks/apache.yml
@ -0,0 +1,12 @@
 - name: Enable http://box/awstats and/or http://box/awstats/awstats.pl via Apache
  command: a2ensite awstats.conf
  when: awstats_enabled | bool
 - name: Disable http://box/awstats and/or http://box/awstats/awstats.pl via Apache
  command: a2dissite awstats.conf
  when: not awstats_enabled
 - name: (Re)Start '{{ apache_service }}' systemd service
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
    state: restarted
--- a/roles/awstats/tasks/enable.yml
+++ b/roles/awstats/tasks/enable.yml
@ -1,55 +0,0 @@
 # Apache
 - name: Enable http://box/awstats and/or http://box/awstats/awstats.pl via Apache
  command: a2ensite awstats.conf
  when: apache_install and awstats_enabled
 - name: Disable http://box/awstats and/or http://box/awstats/awstats.pl via Apache
  command: a2dissite awstats.conf
  when: apache_install and not awstats_enabled
 - name: Restart Apache systemd service ({{ apache_service }})
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
    state: restarted
  when: apache_enabled | bool
 # NGINX
 - name: Enable http://box/awstats via NGINX, by installing /etc/nginx/cgi-bin.php & {{ nginx_conf_dir }}/awstats-nginx.conf from template
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  with_items:
    - { src: "awstats-nginx.conf", dest: "{{ nginx_conf_dir }}/" }
    - { src: "cgi-bin.php", dest: "/etc/nginx/" }
  when: nginx_install and awstats_enabled
 - name: Disable http://box/awstats_url via NGINX, by removing {{ nginx_conf_dir }}/awstats-nginx.conf
  file:
    path: "{{ nginx_conf_dir }}/awstats-nginx.conf"
    state: absent
  when: nginx_install and not awstats_enabled
 - name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    state: restarted
  when: nginx_enabled | bool
 - name: Add 'awstats' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
    section: awstats
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: AWStats
    - option: description
      value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."'
    - option: install
      value: "{{ awstats_install }}"
    - option: enabled
      value: "{{ awstats_enabled }}"
--- a/roles/awstats/tasks/install.yml
+++ b/roles/awstats/tasks/install.yml
@ -1,3 +1,10 @@
 # TO DO:
 #
 # - Prepare for a possible future w/o Apache by verifying/refining below...
 #   - 5 'when: apache_install | bool'
 #   - 1 'when: nginx_install | bool'
 #   - 8 core stanzas w/o such 'when:' clauses
 - name: 'Install 3 packages: awstats, openssl, pwauth'
  package:
    name:
@ -12,33 +19,47 @@
      - libapache2-mod-authnz-external
      - apache2-utils
    state: present
  when: apache_install | bool
- name: Enable cgi execution via Apache
+- name: Run 'a2enmod cgi' to enable cgi execution via Apache
  command: a2enmod cgi
  when: apache_install | bool
- name: 'Mandate {{ apache_user }}:{{ apache_user }} perm 0750 dirs: {{ awstats_data_dir }} (intermediate summary storage) & {{ apache_log_dir }}'    # /library/awstats & /var/log/apache2 typically
+- name: Create directory... mkdir {{ apache_log_dir }}, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx
  file:
    state: directory
    recurse: yes
    path: "{{ apache_log_dir }}"    # /var/log/apache2 on debuntu
    owner: "{{ apache_user }}"      # www-data on debuntu
    group: "{{ apache_user }}"
    mode: u+rw,g+r,g-w,o-rwx    # '0750' turned on too many x bits
    #force: yes
  when: apache_install | bool
 - name: Create 2 directories... mkdir {{ awstats_data_dir }} (intermediate summary storage) and /usr/lib/cgi-bin/awstats, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx
  file:
    state: directory
    recurse: yes
    path: "{{ item }}"
    owner: "{{ apache_user }}"
    group: "{{ apache_user }}"
-    mode: '0750'
+    mode: u+rw,g+r,g-w,o-rwx    # '0750' turned on too many x bits
-    state: directory
+    #force: yes
    recurse: yes
    force: yes
  with_items:
-    - "{{ awstats_data_dir }}"
+    - "{{ awstats_data_dir }}"    # /library/awstats
    - "{{ apache_log_dir }}"
    - /usr/lib/cgi-bin/awstats    # create backward compatible path for awstats
 - name: Install /etc/{{ apache_conf_dir }}/awstats.conf from template
  template:
    src: apache-awstats.conf
-    dest: "/etc/{{ apache_conf_dir }}/awstats.conf"
+    dest: "/etc/{{ apache_conf_dir }}/awstats.conf"    # apache2/sites-available on debuntu
  when: apache_install | bool
 - name: Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable
  template:
    src: logrotate.d.apache2
    dest: /etc/logrotate.d/apache2
  when: apache_install | bool
 - name: Does /etc/awstats/awstats.conf exist?
  stat:
@ -59,22 +80,25 @@
  template:
    src: awstats.schoolserver.conf.j2
    dest: /etc/awstats/awstats.schoolserver.conf
  # when: awstats_enabled | bool
 - name: Symlink /etc/awstats/awstats.conf -> /etc/awstats/awstats.schoolserver.conf for access by IP address
  file:
    src: /etc/awstats/awstats.schoolserver.conf
    path: /etc/awstats/awstats.conf
    state: link
  # when: awstats_enabled | bool
 # - name: On first enabling of AWStats, summarize httpd logs up to now (OS's other than debuntu)
 #   shell: /bin/perl /usr/share/awstats/wwwroot/cgi-bin/awstats.pl -config=schoolserver -update
 #   when: awstats_enabled and not is_debuntu
- name: On first enabling of AWStats, summarize httpd logs up to now
+- name: "Summarize logs up to now: /usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=schoolserver -update"
  shell: /usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=schoolserver -update
-  # when: awstats_enabled | bool
+
 - name: Install /etc/nginx/cgi-bin.php from template
  template:
    src: cgi-bin.php
    dest: /etc/nginx/
  when: nginx_install | bool
 # RECORD AWStats AS INSTALLED
@ -85,6 +109,6 @@
 - name: "Add 'awstats_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^awstats_installed'
    line: 'awstats_installed: True'
--- a/roles/awstats/tasks/main.yml
+++ b/roles/awstats/tasks/main.yml
@ -1,7 +1,50 @@
- name: Install AWStats if awstats_install
+# "How do i fail a task in Ansible if the variable contains a boolean value?
-  include_tasks: install.yml
+# I want to perform input validation for Ansible playbooks"
-  when: awstats_install and not awstats_installed is defined
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
- name: Enable AWStats
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
-  include_tasks: enable.yml
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
-  when: awstats_install or awstats_installed is defined
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
 - name: Assert that "awstats_install is sameas true" (boolean not string etc)
  assert:
    that: awstats_install is sameas true
    fail_msg: "PLEASE SET 'awstats_install: True' e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
 - name: Assert that "awstats_enabled | type_debug == 'bool'" (boolean not string etc)
  assert:
    that: awstats_enabled | type_debug == 'bool'
    fail_msg: "PLEASE GIVE VARIABLE 'awstats_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
 - name: Install AWStats if 'awstats_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
  include_tasks: install.yml
  when: awstats_installed is undefined
 - name: Enable/Disable/Restart Apache if primary
  include_tasks: apache.yml
  when: not nginx_enabled
 - name: Enable/Disable/Restart NGINX if primary
  include_tasks: nginx.yml
  when: nginx_enabled | bool
 - name: Add 'awstats' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
    section: awstats
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: AWStats
    - option: description
      value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."'
    - option: install
      value: "{{ awstats_install }}"
    - option: enabled
      value: "{{ awstats_enabled }}"
--- a/roles/awstats/tasks/nginx.yml
+++ b/roles/awstats/tasks/nginx.yml
@ -0,0 +1,16 @@
 - name: Enable http://box/awstats via NGINX, by installing {{ nginx_conf_dir }}/awstats-nginx.conf from template
  template:
    src: awstats-nginx.conf
    dest: "{{ nginx_conf_dir }}/"    # /etc/nginx/conf.d
  when: awstats_enabled | bool
 - name: Disable http://box/awstats via NGINX, by removing {{ nginx_conf_dir }}/awstats-nginx.conf
  file:
    path: "{{ nginx_conf_dir }}/awstats-nginx.conf"    # /etc/nginx/conf.d
    state: absent
  when: not awstats_enabled
 - name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    state: restarted
--- a/roles/awstats/templates/awstats-nginx.conf
+++ b/roles/awstats/templates/awstats-nginx.conf
@ -21,4 +21,3 @@ location ~ ^/cgi-bin/.*\.(cgi|pl|py|rb) {
    fastcgi_param   X_SCRIPT_NAME      $fastcgi_script_name;
    fastcgi_param   REMOTE_USER        $remote_user;
 }
--- a/roles/azuracast/tasks/install.yml
+++ b/roles/azuracast/tasks/install.yml
@ -73,6 +73,6 @@
 - name: "Add 'azuracast_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^azuracast_installed'
    line: 'azuracast_installed: True'
--- a/roles/bluetooth/tasks/install.yml
+++ b/roles/bluetooth/tasks/install.yml
@ -64,6 +64,6 @@
 - name: "Add 'bluetooth_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^bluetooth_installed'
    line: 'bluetooth_installed: True'
--- a/roles/calibre-web/README.rst
+++ b/roles/calibre-web/README.rst
@ -147,11 +147,11 @@ Known Issues
  it's not a priority, as URL's like {http://192.168.0.x/books,
  http://10.8.0.x/books, http://127.0.0.1/books and http://box/books} all work. |se| |nbsp|  Marked as "wontfix" on 2018-09-12: `#1050 <https://github.com/iiab/iiab/issues/1050>`_
-* Calibre-Web does not currently use version numbers, so glitches may
+* |ss| Calibre-Web does not currently use version numbers, so glitches may
  occasionally arise, when upstream developers change its master branch without
-  warning.
+  warning. |se|
-* Imagemagick policy prevents generating thumbnails for PDF's during upload: `#1530 <https://github.com/iiab/iiab/issues/1530>`_ `janeczku/calibre-web#827 <https://github.com/janeczku/calibre-web/issues/827>`_
+* |ss| Imagemagick policy prevents generating thumbnails for PDF's during upload: `#1530 <https://github.com/iiab/iiab/issues/1530>`_ `janeczku/calibre-web#827 <https://github.com/janeczku/calibre-web/issues/827>`_ |se|
 * Upload of not supported file formats gives no feedback to the user: `janeczku/calibre-web#828 <https://github.com/janeczku/calibre-web/issues/828>`_
--- a/roles/calibre-web/defaults/main.yml
+++ b/roles/calibre-web/defaults/main.yml
@ -19,16 +19,16 @@ calibreweb_version: 0.6.5    # WAS: master, 0.6.4
 calibreweb_venv_path: /usr/local/calibre-web
 calibreweb_exec_path: "{{ calibreweb_venv_path }}/cps.py"
-# calibre-web folder to store configuration files.
+# Config files put in:
 calibreweb_config: "{{ calibreweb_home }}/config"
-# calibre-web setup will be provisioned with default administrative account,
+# Calibre-Web will be provisioned with default administrative account,
 # metadata.db and language if /library/calibre-web/metadata.db does not exist.
 # NOT CURRENTLY IN USE: calibreweb_provision: True
 calibreweb_settings_database: app.db
 calibreweb_database: metadata.db
-# calibre-web system user
+# Files owned by:
 calibreweb_user: root
 # UNUSED variables, as of March 2019:
--- a/roles/calibre-web/tasks/apache.yml
+++ b/roles/calibre-web/tasks/apache.yml
@ -0,0 +1,12 @@
 - name: Enable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} via Apache    # http://box/books, http://box/libros, http://box/livres
  command: a2ensite calibre-web.conf
  when: calibreweb_enabled | bool
 - name: Disable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} via Apache
  command: a2dissite calibre-web.conf
  when: not calibreweb_enabled
 - name: (Re)Start '{{ apache_service }}' systemd service
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
    state: restarted
--- a/roles/calibre-web/tasks/enable.yml
+++ b/roles/calibre-web/tasks/enable.yml
@ -1,85 +0,0 @@
 - name: Enable & Restart 'calibre-web' systemd service
  systemd:
    name: calibre-web
    daemon_reload: yes
    enabled: yes
    state: restarted
  when: calibreweb_enabled | bool
 - name: Disable & Stop 'calibre-web' systemd service
  systemd:
    name: calibre-web
    enabled: no
    state: stopped
  when: not calibreweb_enabled
 # SEE ALSO: https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy
 # Apache
 # i.e. http://box/books, http://box/libros, http://box/livres
 - name: Enable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} via Apache
  command: a2ensite calibre-web.conf
  when: apache_install and calibreweb_enabled
 - name: Disable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} via Apache
  command: a2dissite calibre-web.conf
  when: apache_install and not calibreweb_enabled
 - name: Restart Apache systemd service ({{ apache_service }})
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
    state: restarted
  when: apache_enabled | bool
 # NGINX
 # TO DO: restore http://box/libros & http://box/livres, alongside English (#2195)
 - name: Enable http://box{{ calibreweb_url1 }} via NGINX, by installing {{ nginx_conf_dir }}/calibre-web-nginx.conf from template    # http://box/books
  template:
    src: calibre-web-nginx.conf.j2
    dest: "{{ nginx_conf_dir }}/calibre-web-nginx.conf"    # /etc/nginx/conf.d
  when: nginx_install and calibreweb_enabled
 - name: Disable http://box{{ calibreweb_url1 }} via NGINX, by removing {{ nginx_conf_dir }}/calibre-web-nginx.conf
  file:
    path: "{{ nginx_conf_dir }}/calibre-web-nginx.conf"    # /etc/nginx/conf.d
    state: absent
  when: nginx_install and not calibreweb_enabled
 - name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    state: restarted
  when: nginx_enabled | bool
 - name: Add 'calibre-web' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
    section: calibre-web
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Calibre-Web
    - option: description
      value: '"Calibre-Web is a web app providing a clean interface for browsing, reading and downloading e-books."'
    - option: calibreweb_url1
      value: "{{ calibreweb_url1 }}"
    - option: calibreweb_url2
      value: "{{ calibreweb_url2 }}"
    - option: calibreweb_url3
      value: "{{ calibreweb_url3 }}"
    - option: calibreweb_path
      value: "{{ calibreweb_venv_path }}"
    - option: calibreweb_home
      value: "{{ calibreweb_home }}"
    - option: calibreweb_port
      value: "{{ calibreweb_port }}"
    - option: calibreweb_database
      value: "{{ calibreweb_database }}"
    - option: calibreweb_enabled
      value: "{{ calibreweb_enabled }}"
--- a/roles/calibre-web/tasks/install.yml
+++ b/roles/calibre-web/tasks/install.yml
@ -1,39 +1,36 @@
- name: Install ImageMagick package (debuntu)
+- name: "Install ImageMagick package: imagemagick"
  package:
    name: imagemagick
    state: present
  when: is_debuntu | bool
- name: Allow ImageMagick to read PDFs (debuntu)
+- name: Allow ImageMagick to read PDFs, per /etc/ImageMagick-6/policy.xml, to create book cover thumbnails
  lineinfile:
    path: /etc/ImageMagick-6/policy.xml
    regexp: '<policy domain="coder" rights="none" pattern="PDF" />'
    backrefs: yes
    line: '  <policy domain="coder" rights="read" pattern="PDF" />'
    state: present
  when: is_debuntu | bool
- name: "Create 3 Calibre-Web folders to store data and configuration files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }}"
+- name: "Create 3 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }} (all set to {{ calibreweb_user }}:{{ apache_user }}, '0755')"
  file:
    path: "{{ item }}"
    owner: "{{ calibreweb_user }}"
    group: "{{ apache_user }}"
    mode: '0755'
    state: directory
    path: "{{ item }}"
    owner: "{{ calibreweb_user }}"    # root
    group: "{{ apache_user }}"        # www-data on debuntu
    mode: '0755'
  with_items:
-    - "{{ calibreweb_home }}"
+    - "{{ calibreweb_home }}"         # /library/calibre-web
-    - "{{ calibreweb_venv_path }}"
+    - "{{ calibreweb_venv_path }}"    # /usr/local/calibre-web
-    - "{{ calibreweb_config }}"
+    - "{{ calibreweb_config }}"       # /library/calibre-web/config
 ## TODO: Calibre-web future release might get into pypi https://github.com/janeczku/calibre-web/issues/456
- name: Download Calibre-Web github repository to {{ calibreweb_venv_path }}
+- name: Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from https://github.com/janeczku/calibre-web.git to {{ calibreweb_venv_path }}
  git:
    repo: https://github.com/janeczku/calibre-web.git
-    dest: "{{ calibreweb_venv_path }}"
+    dest: "{{ calibreweb_venv_path }}"    # /usr/local/calibre-web
    force: yes
    #update: yes   # not needed, as Ansible's default is to update
    depth: 1
-    version: "{{ calibreweb_version }}"
+    version: "{{ calibreweb_version }}"    # e.g. master, 0.6.5
  when: internet_available | bool
 ## Ansible Pip Bug: Cannot use 'chdir' with 'env' https://github.com/ansible/ansible/issues/37912 (Patch landed)
@ -45,31 +42,32 @@
 #  ignore_errors: True
 ##
 # Implementing this with Ansible command module for now.
- name: Download Calibre-Web dependencies (using pip) into virtual environment
+- name: Download Calibre-Web dependencies (using pip) into python2.7 virtual environment {{ calibreweb_venv_path }}
  pip:
    requirements: "{{ calibreweb_venv_path }}/requirements.txt"
-    virtualenv: "{{ calibreweb_venv_path }}"
+    virtualenv: "{{ calibreweb_venv_path }}"    # /usr/local/calibre-web
    virtualenv_site_packages: no
    virtualenv_command: /usr/bin/virtualenv
    virtualenv_python: python2.7
  when: internet_available | bool
- name: Symlink {{ calibreweb_venv_path }}/vendor to {{ calibreweb_venv_path }}/lib/python2.7/site-packages to keep cps.py happy
+# 2020-02-02: IS PYTHON 3 POSSIBLE ABOVE AND BELOW?
 - name: Symlink {{ calibreweb_venv_path }}/vendor -> {{ calibreweb_venv_path }}/lib/python2.7/site-packages - to keep {{ calibreweb_venv_path }}/cps.py happy
  file:
    src: "{{ calibreweb_venv_path }}/lib/python2.7/site-packages"
-    dest: "{{ calibreweb_venv_path }}/vendor"
+    path: "{{ calibreweb_venv_path }}/vendor"    # /usr/local/calibre-web
    state: link
- name: Install unit file /etc/systemd/system/calibre-web.service & /etc/apache2/sites-available/calibre-web.conf for http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} from templates
+- name: Install /etc/systemd/system/calibre-web.service from template
  template:
-    src: "{{ item.src }}"
+    src: calibre-web.service.j2
-    dest: "{{ item.dest }}"
+    dest: /etc/systemd/system/calibre-web.service
-    # owner: root
+
-    # group: root
+- name: Install /etc/{{ apache_conf_dir }}/calibre-web.conf from template, for http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} via Apache    # http://box/books, http://box/libros, http://box/livres
-    # mode: '0644'
+  template:
-  with_items:
+    src: calibre-web.conf.j2
-    - { src: 'calibre-web.service.j2', dest: '/etc/systemd/system/calibre-web.service' }
+    dest: "/etc/{{ apache_conf_dir }}/calibre-web.conf"    # apache2/sites-available on debuntu
    - { src: 'calibre-web.conf.j2', dest: '/etc/apache2/sites-available/calibre-web.conf' }
  when: apache_install | bool
 - name: Does /library/calibre-web/metadata.db exist?
@ -77,12 +75,12 @@
    path: /library/calibre-web/metadata.db
  register: metadatadb
- name: Provision/Copy both default metadata files into /library/calibre-web IF metadata.db did not exist
+- name: Provision/Copy both default metadata files (metadata.db, metadata_db_prefs_backup.json) into {{ calibreweb_home }} IF metadata.db did not exist
  copy:
    src: "{{ item }}"
-    dest: "{{ calibreweb_home }}"
+    dest: "{{ calibreweb_home }}"     # /library/calibre-web
-    owner: "{{ calibreweb_user }}"
+    owner: "{{ calibreweb_user }}"    # root
-    group: "{{ apache_user }}"
+    group: "{{ apache_user }}"        # www-data on debuntu
    mode: '0644'
    backup: yes
  with_items:
@ -91,12 +89,12 @@
  when: not metadatadb.stat.exists
  #when: calibreweb_provision | bool
- name: Provision/Copy default admin settings to {{ calibreweb_config }}/app.db IF metadata.db did not exist    # {{ calibreweb_config }} is /library/calibre-web/config
+- name: Provision/Copy default admin settings to {{ calibreweb_config }}/app.db IF metadata.db did not exist
  copy:
    src: roles/calibre-web/files/app.db
-    dest: "{{ calibreweb_config }}"
+    dest: "{{ calibreweb_config }}"    # /library/calibre-web/config
-    owner: "{{ calibreweb_user }}"
+    owner: "{{ calibreweb_user }}"     # root
-    group: "{{ apache_user }}"
+    group: "{{ apache_user }}"         # www-data on debuntu
    mode: '0644'
    backup: yes
  when: not metadatadb.stat.exists
@ -111,6 +109,6 @@
 - name: "Add 'calibreweb_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^calibreweb_installed'
    line: 'calibreweb_installed: True'
--- a/roles/calibre-web/tasks/main.yml
+++ b/roles/calibre-web/tasks/main.yml
@ -1,5 +1,77 @@
- include_tasks: install.yml
+# "How do i fail a task in Ansible if the variable contains a boolean value?
-  when: calibreweb_install and not calibreweb_installed is defined
+# I want to perform input validation for Ansible playbooks"
 # https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
- include_tasks: enable.yml
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
-  when: calibreweb_install or calibreweb_installed is defined
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
 # https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
 - name: Assert that "calibreweb_install is sameas true" (boolean not string etc)
  assert:
    that: calibreweb_install is sameas true
    fail_msg: "PLEASE SET 'calibreweb_install: True' e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
 - name: Assert that "calibreweb_enabled | type_debug == 'bool'" (boolean not string etc)
  assert:
    that: calibreweb_enabled | type_debug == 'bool'
    fail_msg: "PLEASE GIVE VARIABLE 'calibreweb_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
 - name: Install Calibre-Web if 'calibreweb_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
  include_tasks: install.yml
  when: calibreweb_installed is undefined
 - name: Enable & Restart 'calibre-web' systemd service, if calibreweb_enabled
  systemd:
    name: calibre-web
    daemon_reload: yes
    enabled: yes
    state: restarted
  when: calibreweb_enabled | bool
 - name: Disable & Stop 'calibre-web' systemd service, if not calibreweb_enabled
  systemd:
    name: calibre-web
    enabled: no
    state: stopped
  when: not calibreweb_enabled
 - name: Enable/Disable/Restart Apache if primary
  include_tasks: apache.yml
  when: not nginx_enabled
 - name: Enable/Disable/Restart NGINX if primary
  include_tasks: nginx.yml
  when: nginx_enabled | bool
 - name: Add 'calibre-web' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
    section: calibre-web
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Calibre-Web
    - option: description
      value: '"Calibre-Web is a web app providing a clean interface for browsing, reading and downloading e-books."'
    - option: calibreweb_url1
      value: "{{ calibreweb_url1 }}"
    - option: calibreweb_url2
      value: "{{ calibreweb_url2 }}"
    - option: calibreweb_url3
      value: "{{ calibreweb_url3 }}"
    - option: calibreweb_path
      value: "{{ calibreweb_venv_path }}"
    - option: calibreweb_home
      value: "{{ calibreweb_home }}"
    - option: calibreweb_port
      value: "{{ calibreweb_port }}"
    - option: calibreweb_database
      value: "{{ calibreweb_database }}"
    - option: calibreweb_enabled
      value: "{{ calibreweb_enabled }}"
--- a/roles/calibre-web/tasks/nginx.yml
+++ b/roles/calibre-web/tasks/nginx.yml
@ -0,0 +1,19 @@
 # TO DO: restore http://box/libros & http://box/livres etc, alongside English (#2195)
 # RELATED: https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy
 - name: Enable http://box{{ calibreweb_url1 }} via NGINX, by installing {{ nginx_conf_dir }}/calibre-web-nginx.conf from template    # http://box/books
  template:
    src: calibre-web-nginx.conf.j2
    dest: "{{ nginx_conf_dir }}/calibre-web-nginx.conf"    # /etc/nginx/conf.d
  when: calibreweb_enabled | bool
 - name: Disable http://box{{ calibreweb_url1 }} via NGINX, by removing {{ nginx_conf_dir }}/calibre-web-nginx.conf
  file:
    path: "{{ nginx_conf_dir }}/calibre-web-nginx.conf"    # /etc/nginx/conf.d
    state: absent
  when: not calibreweb_enabled
 - name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    state: restarted
--- a/roles/calibre-web/templates/calibre-web-nginx.conf.j2
+++ b/roles/calibre-web/templates/calibre-web-nginx.conf.j2
@ -1,3 +1,6 @@
 # TO DO: restore http://box/libros & http://box/livres etc, alongside English (#2195)
 # RELATED: https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy
 location {{ calibreweb_url1 }}/ {
    proxy_set_header        Host            $http_host;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
--- a/roles/calibre/tasks/install.yml
+++ b/roles/calibre/tasks/install.yml
@ -93,6 +93,6 @@
 - name: "Add 'calibre_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^calibre_installed'
    line: 'calibre_installed: True'
--- a/roles/captiveportal/README.md
+++ b/roles/captiveportal/README.md
@ -11,11 +11,13 @@
    1. iiab-divert-to-nginx -- Bash script writes dnsmasq config file which points to IIAB server
    1. iiab-make-cp-servers.py -- Python script writes nginx configuration file to /etc/nginx/sites-enabled
    1. capture-wsgi.py -- the script which determines the client agent, records it in sqlite database, and responds with redirects as appropriate for each OS.
-    1. uwsgi-captiveportal.service -- systemd unit file which runs uwsgi which makes capture-wsgi.py available on port 9090.
+    1. captiveportal.ini.j2 -- config file for uwsgi service, which in turn runs the capture-wsgi.py script.
    1. uwsgi.service -- systemd unit file which runs python3 programs --permits captive portal and admin-console python scripts to function.
 ## Extending and Debugging Captive Portal
- * The python capture script can be run interactively in terminal (use systemctl stop uwsgi-captiveportal to free up the port). This will expose any python errors easily.
+ * Running the capture-wsgi.py python script interactively will expose any python errors easily. 
- * Run the capture-wsgi.py with "-l" in a terminal to increase logging to /var/log/apache2/portal.log
+ * The python capture script can be run interactively in terminal rather than automatically by uwsgi -- (use "systemctl stop uwsgi" to free up the port used by captive portal: 9090). The uwsgi service for captive portal grabs port 9090, and two programs cannot share the same port. NOTE: that while the uwsgi service is stopped, the admin-console will not function).
 * Run the capture-wsgi.py with "-l" in a terminal to increase logging to /var/log/captiveportal/captiveportal.log
 * To discover untrapped urls, "apt-get install tcpdump", and "tcpdump -i br0 capture.tcp". I transfer this file to a machine with a GUI, and wireshark to interpret the conversations on the wire. The DNS packets are the ones to look for.
 ## Known Problems
--- a/roles/captiveportal/tasks/install.yml
+++ b/roles/captiveportal/tasks/install.yml
@ -61,6 +61,6 @@
 - name: "Add 'captiveportal_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^captiveportal_installed'
    line: 'captiveportal_installed: True'
--- a/roles/cups/tasks/main.yml
+++ b/roles/cups/tasks/main.yml
@ -31,7 +31,7 @@
 - name: "Add 'cups_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^cups_installed'
    line: 'cups_installed: True'
--- a/roles/elgg/tasks/apache.yml
+++ b/roles/elgg/tasks/apache.yml
@ -0,0 +1,12 @@
 - name: Enable http://box{{ elgg_url }} via Apache    # http://box/elgg
  command: a2ensite elgg.conf
  when: elgg_enabled | bool
 - name: Disable http://box{{ elgg_url }} via Apache    # http://box/elgg
  command: a2dissite elgg.conf
  when: not elgg_enabled
 - name: (Re)Start '{{ apache_service }}' systemd service
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
    state: restarted
--- a/roles/elgg/tasks/enable.yml
+++ b/roles/elgg/tasks/enable.yml
@ -1,52 +0,0 @@
 # Apache
 - name: Enable http://box{{ elgg_url }} via Apache    # http://box/elgg
  command: a2ensite elgg.conf
  when: apache_install and elgg_enabled
 - name: Disable http://box{{ elgg_url }} via Apache    # http://box/elgg
  command: a2dissite elgg.conf
  when: apache_install and not elgg_enabled
 - name: Restart Apache systemd service ({{ apache_service }})
  systemd:
    name: "{{ apache_service }}"
    state: restarted
  when: apache_enabled | bool
 # NGINX
 - name: "SHIM: Enable http://box{{ elgg_url }} via NGINX, by installing {{ nginx_conf_dir }}/elgg-nginx.conf from template"    # http://box/elgg
  template:
    src: elgg-nginx.conf.j2
    dest: "{{ nginx_conf_dir }}/elgg-nginx.conf"
  when: nginx_install and elgg_enabled
 - name: "SHIM: Disable http://box{{ elgg_url }} via NGINX, by removing {{ nginx_conf_dir }}/elgg-nginx.conf"    # http://box/elgg
  file:
    path: "{{ nginx_conf_dir }}/elgg-nginx.conf"
    state: absent
  when: nginx_install and not elgg_enabled
 - name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    state: restarted
  when: nginx_enabled | bool
 - name: Add 'elgg' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
    section: elgg
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Elgg
    - option: description
      value: '"Elgg is an award-winning social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured social networks and applications."'
    - option: path
      value: /opt/elgg
    - option: elgg_enabled
      value: "{{ elgg_enabled }}"
--- a/roles/elgg/tasks/install.yml
+++ b/roles/elgg/tasks/install.yml
@ -1,5 +1,15 @@
-# Assume we only get here if elgg_install: True
+# Assume (enforce!) we only get here if elgg_install: True
-# Assume MySQL is running
+# Assume (enforce?) MySQL is running
 # - name: "Set 'mysql_install: True' and 'mysql_enabled: True'"
 #   set_fact:
 #     mysql_install: True
 #     mysql_enabled: True
 #
 # - name: MYSQL - run 'mysql' role (attempt to install & enable MySQL)
 #   include_role:
 #     name: mysql
 - name: Download {{ iiab_download_url }}/elgg-{{ elgg_version }}.zip to {{ downloads_dir }}
  #shell: wget {{ iiab_download_url }}/elgg-{{ elgg_version }}.zip -c -P {{ downloads_dir }}
@ -88,6 +98,10 @@
    dest: "/etc/{{ apache_conf_dir }}/elgg.conf"
 - name: Set up Elgg's MySQL database
  include_tasks: setup.yml
 # RECORD Elgg AS INSTALLED
 - name: "Set 'elgg_installed: True'"
@ -96,6 +110,6 @@
 - name: "Add 'elgg_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^elgg_installed'
    line: 'elgg_installed: True'
--- a/roles/elgg/tasks/main.yml
+++ b/roles/elgg/tasks/main.yml
@ -1,11 +1,51 @@
- name: Install Elgg
+# "How do i fail a task in Ansible if the variable contains a boolean value?
 # I want to perform input validation for Ansible playbooks"
 # https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
 # We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
 # to re-check whether vars are defined here.  As Ansible vars cannot be unset:
 # https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
 - name: Assert that "elgg_install is sameas true" (boolean not string etc)
  assert:
    that: elgg_install is sameas true
    fail_msg: "PLEASE SET 'elgg_install: True' e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
 - name: Assert that "elgg_enabled | type_debug == 'bool'" (boolean not string etc)
  assert:
    that: elgg_enabled | type_debug == 'bool'
    fail_msg: "PLEASE GIVE VARIABLE 'elgg_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
 - name: Install Elgg if 'elgg_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
  include_tasks: install.yml
-  when: elgg_install and not elgg_installed is defined
+  when: elgg_installed is undefined
 - name: Provision DB
  include_tasks: setup.yml
  when: elgg_install and not installing
- name: Enable Elgg
+#- name: Enable/Disable/Restart Apache if primary
-  include_tasks: enable.yml
+- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
-  when: elgg_install or elgg_installed is defined
+  include_tasks: apache.yml
  #when: not nginx_enabled
 - name: Enable/Disable/Restart NGINX if primary
  include_tasks: nginx.yml
  when: nginx_enabled | bool
 - name: Add 'elgg' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
    section: elgg
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Elgg
    - option: description
      value: '"Elgg is an award-winning social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured social networks and applications."'
    - option: path
      value: /opt/elgg
    - option: elgg_enabled
      value: "{{ elgg_enabled }}"
--- a/roles/elgg/tasks/nginx.yml
+++ b/roles/elgg/tasks/nginx.yml
@ -0,0 +1,16 @@
 - name: Enable http://box{{ elgg_url }} via NGINX, by installing {{ nginx_conf_dir }}/elgg-nginx.conf from template    # http://box/elgg
  template:
    src: elgg-nginx.conf.j2
    dest: "{{ nginx_conf_dir }}/elgg-nginx.conf"    # /etc/nginx/conf.d
  when: elgg_enabled | bool
 - name: Disable http://box{{ elgg_url }} via NGINX, by removing {{ nginx_conf_dir }}/elgg-nginx.conf    # http://box/elgg
  file:
    path: "{{ nginx_conf_dir }}/elgg-nginx.conf"    # /etc/nginx/conf.d
    state: absent
  when: not elgg_enabled
 - name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    state: restarted
--- a/roles/gitea/README.rst
+++ b/roles/gitea/README.rst
@ -2,7 +2,7 @@
 Gitea README
 ============
-This Ansible role installs Gitea - a self-hosted Git service written in Go.
+This Ansible role installs Gitea — a self-hosted Git service written in Go.
 Using It
 --------
--- a/roles/gitea/defaults/main.yml
+++ b/roles/gitea/defaults/main.yml
@ -7,7 +7,8 @@
 # Using @coolaj86's script as a template
 # https://git.coolaj86.com/coolaj86/gitea-installer.sh
-# Information needed to install Gitea
+# Info needed to install Gitea:
 gitea_version: 1.10.3
 iset_suffixes:
  i386: 386
@ -20,7 +21,7 @@ gitea_iset_suffix: "{{ iset_suffixes[ansible_architecture] | default('unknown')
 gitea_download_url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_iset_suffix }}"
 gitea_integrity_url: "{{ gitea_download_url }}.asc"
-gitea_root_directory: /library/gitea
+gitea_root_directory: "{{ content_base }}/gitea"    # /library/gitea
 gitea_subdirectories:
  - bin
  - custom
@ -31,19 +32,9 @@ gitea_subdirectories:
 gitea_install_path: "{{ gitea_root_directory }}/bin/gitea-{{ gitea_version }}"
 gitea_checksum_path: "{{ gitea_root_directory }}/bin/gitea-{{ gitea_version }}.asc"
-gitea_link_path: "{{ gitea_root_directory }}/gitea"
+# Info needed to verify Gitea
 # Information needed to verify Gitea
 gitea_gpg_key: 7C9E68152594688862D62AF62D9AE806EC1592E2
 # Information needed to run Gitea
 gitea_user: gitea
 gitea_home: "/home/{{ gitea_user }}"    # SSH credentials stored here
 gitea_run_directory: "{{ gitea_root_directory }}"
 gitea_url: /gitea
 gitea_port: 61734    # leet for GITEA
 # Data locations
 gitea_db_path: "{{ gitea_root_directory }}/data/gitea.db"
 gitea_repo_root: "{{ gitea_root_directory }}/data/repositories"
@ -55,3 +46,14 @@ gitea_log_root: "{{ gitea_root_directory }}/log"
 # Extra configuration
 gitea_display_name: Internet-in-a-Box Gitea
 skip_install_screen: true    # lowercase for Gitea's own /etc/gitea/app.ini
 gitea_link_path: "{{ gitea_root_directory }}/gitea"
 # Info needed to run Gitea:
 gitea_user: gitea
 gitea_home: "/home/{{ gitea_user }}"    # SSH credentials stored here
 gitea_run_directory: "{{ gitea_root_directory }}"
 gitea_url: /gitea
 gitea_port: 61734    # leet for GITEA
--- a/roles/gitea/tasks/apache.yml
+++ b/roles/gitea/tasks/apache.yml
@ -0,0 +1,12 @@
 - name: Enable http://box{{ gitea_url }} via Apache    # http://box/gitea
  command: a2ensite gitea.conf
  when: gitea_enabled | bool
 - name: Disable http://box{{ gitea_url }} via Apache    # http://box/gitea
  command: a2dissite gitea.conf
  when: not gitea_enabled
 - name: (Re)Start '{{ apache_service }}' systemd service
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
    state: restarted
--- a/roles/gitea/tasks/enable.yml
+++ b/roles/gitea/tasks/enable.yml
@ -1,69 +0,0 @@
 - name: Enable & Restart 'gitea' systemd service
  systemd:
    name: gitea
    daemon_reload: yes
    enabled: yes
    state: restarted
  when: gitea_enabled | bool
 - name: Disable & Restart 'gitea' systemd service
  systemd:
    name: gitea
    enabled: no
    state: stopped
  when: not gitea_enabled
 # Apache
 - name: Enable http://box{{ gitea_url }} via Apache    # i.e. http://box/gitea
  command: a2ensite gitea.conf
  when: apache_install and gitea_enabled
 - name: Disable http://box{{ gitea_url }} via Apache
  command: a2dissite gitea.conf
  when: apache_install and not gitea_enabled
 - name: Restart Apache systemd service ({{ apache_service }})
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
    state: restarted
  when: apache_enabled | bool
 # NGINX
 - name: Enable http://box{{ gitea_url }} via NGINX, by installing {{ nginx_conf_dir }}/gitea-nginx.conf from template
  template:
    src: gitea-nginx.conf.j2
    dest: "{{ nginx_conf_dir }}/gitea-nginx.conf"
  when: nginx_install and gitea_enabled
 - name: Disable http://box{{ gitea_url }} via NGINX, by removing {{ nginx_conf_dir }}/gitea-nginx.conf
  file:
    path: "{{ nginx_conf_dir }}/gitea-nginx.conf"
    state: absent
  when: nginx_install and not gitea_enabled
 - name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    state: restarted
  when: nginx_enabled | bool
 - name: Add 'gitea' to list of services at {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
    section: gitea
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Gitea
    - option: description
      value: '"Gitea is like GitHub for more offline communities: Git with a cup of tea"'
    - option: gitea_run_directory
      value: "{{ gitea_run_directory }}"
    - option: gitea_url
      value: "{{ gitea_url }}"
    - option: gitea_enabled
      value: "{{ gitea_enabled }}"
--- a/roles/gitea/tasks/install.yml
+++ b/roles/gitea/tasks/install.yml
@ -1,4 +1,4 @@
-# Prepare to install Gitea: create user and directory structure
+# 1. Prepare to install Gitea: create user and directory structure
 - name: Shut down existing Gitea instance (if we're reinstalling)
  systemd:
@ -16,11 +16,11 @@
    name: gitea
    comment: Gitea daemon account
    groups: gitea
-    home: "{{ gitea_home }}"
+    home: "{{ gitea_home }}"    # /home/gitea
 - name: Create Gitea directory structure
  file:
-    path: "{{ gitea_root_directory }}/{{ item }}"
+    path: "{{ gitea_root_directory }}/{{ item }}"    # /library/gitea
    state: directory
    owner: gitea
    group: gitea
@ -28,21 +28,22 @@
 - name: Make directories data, indexers, and log writable
  file:
-    path: "{{ gitea_root_directory }}/{{ item }}"
+    path: "{{ gitea_root_directory }}/{{ item }}"    # /library/gitea
    mode: '0750'
  with_items:
    - data
    - indexers
    - log
-# Download, verify, and link Gitea binary
+
 # 2. Download, verify, and link Gitea binary
 - name: Fail if we detect unknown architecture
  fail:
    msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\""
  when: gitea_iset_suffix == "unknown"
- name: Download Gitea binary
+- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }}
  get_url:
    url: "{{ gitea_download_url }}"
    dest: "{{ gitea_install_path }}"
@ -69,14 +70,15 @@
    group: gitea
    state: link
-# Configure Gitea
+
 # 3. Configure Gitea
 # For security reasons, the Gitea developers recommend removing group write
 # permissions from /etc/gitea/ and /etc/gitea/app.ini after the first run of 
 # Gitea. User gitea needs write permissions during the first run but not 
 # subsequent runs.
- name: Create Gitea config directory
+- name: mkdir /etc/gitea
  file:
    state: directory
    path: /etc/gitea
@ -84,7 +86,7 @@
    group: gitea
    mode: '0770'
- name: Create app.ini
+- name: Install /etc/gitea/app.ini from template
  template:
    src: app.ini.j2
    dest: /etc/gitea/app.ini
@ -92,7 +94,8 @@
    group: gitea
    mode: '0664'
-# Create systemd service & prepare Apache for http://box/gitea
+
 # 4. Create systemd service & prepare Apache for http://box/gitea
 - name: "Install from templates: /etc/systemd/system/gitea.service, /etc/apache2/sites-available/gitea.conf"
  template:
@ -103,7 +106,7 @@
    - { src: 'gitea.conf.j2', dest: "/etc/{{ apache_conf_dir }}/gitea.conf" }
-# RECORD Gitea AS INSTALLED
+# 5. RECORD Gitea AS INSTALLED
 - name: "Set 'gitea_installed: True'"
  set_fact:
@ -111,6 +114,6 @@
 - name: "Add 'gitea_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^gitea_installed'
    line: 'gitea_installed: True'
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@ -1,7 +1,67 @@
- name: Install Gitea {{ gitea_version }} if gitea_install
+# "How do i fail a task in Ansible if the variable contains a boolean value?
-  include_tasks: install.yml
+# I want to perform input validation for Ansible playbooks"
-  when: gitea_install and not (gitea_installed is defined)
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
- name: Enable Gitea {{ gitea_version }} if gitea_install
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
-  include_tasks: enable.yml
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
-  when: gitea_install or gitea_installed is defined
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
 - name: Assert that "gitea_install is sameas true" (boolean not string etc)
  assert:
    that: gitea_install is sameas true
    fail_msg: "PLEASE SET 'gitea_install: True' e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
 - name: Assert that "gitea_enabled | type_debug == 'bool'" (boolean not string etc)
  assert:
    that: gitea_enabled | type_debug == 'bool'
    fail_msg: "PLEASE GIVE VARIABLE 'gitea_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
 - name: Install Gitea {{ gitea_version }} if 'gitea_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
  include_tasks: install.yml
  when: gitea_installed is undefined
 - name: Enable & Restart 'gitea' systemd service, if gitea_enabled
  systemd:
    name: gitea
    daemon_reload: yes
    enabled: yes
    state: restarted
  when: gitea_enabled | bool
 - name: Disable & Stop 'gitea' systemd service, if not gitea_enabled
  systemd:
    name: gitea
    enabled: no
    state: stopped
  when: not gitea_enabled
 - name: Enable/Disable/Restart Apache if primary
  include_tasks: apache.yml
  when: not nginx_enabled
 - name: Enable/Disable/Restart NGINX if primary
  include_tasks: nginx.yml
  when: nginx_enabled | bool
 - name: Add 'gitea' to list of services at {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab_state.yml
    section: gitea
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Gitea
    - option: description
      value: '"Gitea is like GitHub for more offline communities: Git with a cup of tea"'
    - option: gitea_run_directory
      value: "{{ gitea_run_directory }}"
    - option: gitea_url
      value: "{{ gitea_url }}"
    - option: gitea_enabled
      value: "{{ gitea_enabled }}"
--- a/roles/gitea/tasks/nginx.yml
+++ b/roles/gitea/tasks/nginx.yml
@ -0,0 +1,16 @@
 - name: Enable http://box{{ gitea_url }} via NGINX, by installing {{ nginx_conf_dir }}/gitea-nginx.conf from template
  template:
    src: gitea-nginx.conf.j2
    dest: "{{ nginx_conf_dir }}/gitea-nginx.conf"    # /etc/nginx/conf.d
  when: gitea_enabled | bool
 - name: Disable http://box{{ gitea_url }} via NGINX, by removing {{ nginx_conf_dir }}/gitea-nginx.conf
  file:
    path: "{{ nginx_conf_dir }}/gitea-nginx.conf"    # /etc/nginx/conf.d
    state: absent
  when: not gitea_enabled
 - name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    state: restarted
--- a/roles/httpd/tasks/install.yml
+++ b/roles/httpd/tasks/install.yml
@ -149,6 +149,6 @@
 - name: "Add 'apache_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^apache_installed'
    line: 'apache_installed: True'
--- a/roles/httpd/templates/010-iiab.conf.j2
+++ b/roles/httpd/templates/010-iiab.conf.j2
@ -53,6 +53,7 @@ ServerTokens OS
 #    proxy_send_timeout 60s;       # time to accept the request
 # More background details on this ongoing Kiwix problem:
 #    https://github.com/iiab/iiab/pull/2063
 #    https://github.com/iiab/iiab/issues/2152
 #    https://github.com/kiwix/kiwix-tools/issues/345
 #
--- a/roles/internetarchive/defaults/main.yml
+++ b/roles/internetarchive/defaults/main.yml
@ -6,5 +6,6 @@
 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
 # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
-internetarchive_dir: '{{ iiab_base }}/internetarchive'
+internetarchive_dir: "{{ iiab_base }}/internetarchive"    # /opt/iiab
-internetarchive_upgrade: False
+
 # internetarchive_upgrade: False    # 2020-02-04: No longer needed!?
--- a/roles/internetarchive/tasks/apache.yml
+++ b/roles/internetarchive/tasks/apache.yml
@ -0,0 +1,12 @@
 - name: Enable internetarchive.conf via Apache (for short URL http://box/archive eventually?) if internetarchive_enabled
  command: a2ensite internetarchive.conf
  when: internetarchive_enabled | bool
 - name: Disable internetarchive.conf via Apache, if not internetarchive_enabled
  command: a2dissite internetarchive.conf
  when: not internetarchive_enabled
 - name: (Re)Start '{{ apache_service }}' systemd service
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
    state: restarted
--- a/roles/internetarchive/tasks/enable.yml
+++ b/roles/internetarchive/tasks/enable.yml
@ -1,47 +0,0 @@
 - name: Create symlink internetarchive.conf from sites-enabled to sites-available, for short URL http://box/archive (if debuntu and internetarchive_enabled)
  file:
    src: /etc/apache2/sites-available/internetarchive.conf
    path: /etc/apache2/sites-enabled/internetarchive.conf
    state: link
  when: is_debuntu and internetarchive_enabled
 - name: Remove symlink /etc/apache2/sites-enabled/internetarchive.conf (if debuntu and not internetarchive_enabled)
  file:
    path: /etc/apache2/sites-enabled/internetarchive.conf
    state: absent
  when: is_debuntu and not internetarchive_enabled
 # RESTART/ENABLE SYSTEMD SERVICE
 - name: Disable 'internetarchive' systemd service (if not internetarchive_enabled)
  systemd:
    name: internetarchive
    enabled: no
  when: not internetarchive_enabled
 - name: Enable & Restart 'internetarchive' systemd service (if internetarchive_enabled)
  systemd:
    name: internetarchive
    daemon_reload: yes
    enabled: yes
    state: restarted
  when: internetarchive_enabled | bool
 - name: Restart Apache service ({{ apache_service }}) to enable/disable http://box/archive (not just http://box:{{ internetarchive_port }})
  systemd:
    name: "{{ apache_service }}"    # httpd or apache2
    state: restarted
  when: internetarchive_enabled | bool
 - name: Add 'internetarchive' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
    section: internetarchive
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Internet Archive
    - option: description
      value: '"Take the Internet Archive experience and materials offline, in a decentralized way!"'
    - option: internetarchive_enabled
      value: "{{ internetarchive_enabled }}"
--- a/roles/internetarchive/tasks/install.yml
+++ b/roles/internetarchive/tasks/install.yml
@ -5,16 +5,21 @@
    nodejs_install: True
    nodejs_enabled: True
- name: Install Node.JS
+- name: NODEJS - run 'nodejs' role (attempt to install & enable Node.js)
  include_role:
    name: nodejs
 - name: FAIL (STOP INSTALLING) IF nodejs_version is not set to 10.x or 12.x
  fail:
    msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x or 12.x, and your nodejs_version is set to {{ nodejs_version }}.  Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml"
  when: (nodejs_version != "10.x") and (nodejs_version != "12.x")
 - name: "Set 'yarn_install: True' and 'yarn_enabled: True'"
  set_fact:
    yarn_install: True
    yarn_enabled: True
- name: Install Yarn
+- name: YARN - run 'yarn' role (attempt to install & enable Yarn package manager)
  include_role:
    name: yarn
@ -23,40 +28,42 @@
    name: libsecret-1-dev
    state: present
 # CREATE 2 DIRS & RUN YARN
 - name: mkdir {{ internetarchive_dir }}
  file:
    path: "{{ internetarchive_dir }}"    # /opt/iiab/internetarchive
    state: directory
-    owner: "root"
+    path: "{{ internetarchive_dir }}"    # /opt/iiab/internetarchive
    # owner: root
- name: Run yarn install to get needed modules (CAN TAKE ~15 MINUTES)
+- name: Run yarn install to populate {{ internetarchive_dir }}/node_modules (CAN TAKE ~15 MINUTES)
  shell: yarn config set child-concurrency 1 && yarn add @internetarchive/dweb-mirror
  args:
    chdir: "{{ internetarchive_dir }}"
    creates: "{{ internetarchive_dir }}/node_modules/@internetarchive/dweb-mirror/internetarchive"
  when: internet_available | bool
-  register: internetarchive_installing
+  # register: internetarchive_installing
- name: mkdir /library/archiveorg
+- name: mkdir {{ content_base }}/archiveorg
  file:
    path: "/library/archiveorg"
    state: directory
-    owner: "root"
+    path: "{{ content_base }}/archiveorg"    # /library
    # owner: root
 # CONFIG FILES
- name: "Install from templates: internetarchive.service (systemd), internetarchive.conf (Apache)"
+- name: "Install from templates: /etc/systemd/system/internetarchive.service, /etc/{{ apache_conf_dir }}/internetarchive.conf"
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
-    mode: '0644'
+    # owner: root
-    owner: root
+    # group: root
-    group: root
+    # mode: '0644'
  with_items:
    - { src: 'internetarchive.service.j2', dest: '/etc/systemd/system/internetarchive.service' }
-    - { src: 'internetarchive.conf', dest: '/etc/apache2/sites-available/internetarchive.conf' }
+    - { src: 'internetarchive.conf', dest: '/etc/{{ apache_conf_dir }}/internetarchive.conf' }    # apache2/sites-available
 # RECORD Internet Archive AS INSTALLED
@ -67,6 +74,6 @@
 - name: "Add 'internetarchive_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^internetarchive_installed'
    line: 'internetarchive_installed: True'
--- a/roles/internetarchive/tasks/main.yml
+++ b/roles/internetarchive/tasks/main.yml
@ -1,32 +1,93 @@
-# We need a recent version of node
+# "How do i fail a task in Ansible if the variable contains a boolean value?
- name: FAIL (STOP INSTALLING) IF nodejs_version is not set to 10.x or 12.x
+# I want to perform input validation for Ansible playbooks"
-  fail:
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
    msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x or 12.x, and your nodejs_version is set to {{ nodejs_version }}.  Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml"
  when: internetarchive_install and (nodejs_version != "10.x") and (nodejs_version != "12.x")
- name: Install Yarn and Internet Archive
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
-  include_tasks: install.yml
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
-  when: internetarchive_install and not internetarchive_installed is defined
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
- name: Set --reinstall fact
+- name: Assert that "internetarchive_install is sameas true" (boolean not string etc)
-  set_fact:
+  assert:
-    internetarchive_upgrade: True
+    that: internetarchive_install is sameas true
-  when: reinstall is defined
+    fail_msg: "PLEASE SET 'internetarchive_install: True' e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
-# STOP SYSTEMD SERVICE
+- name: Assert that "internetarchive_enabled | type_debug == 'bool'" (boolean not string etc)
- name: Stop 'internetarchive' systemd service
+  assert:
    that: internetarchive_enabled | type_debug == 'bool'
    fail_msg: "PLEASE GIVE VARIABLE 'internetarchive_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
 #- name: Set --reinstall fact
 #  set_fact:
 #    internetarchive_upgrade: True
 #  when: reinstall is defined
 - block:    # UPDATE IF... internetarchive_installed is defined and internet_available
  - name: Stop 'internetarchive' systemd service, if internetarchive_upgrade
    systemd:
      name: internetarchive
      daemon_reload: yes
      state: stopped
-  when: internetarchive_enabled and internetarchive_upgrade
+    #when: internetarchive_enabled and internetarchive_upgrade
- name: 'Update pre-existing install: yarn upgrade'
+  - name: Update pre-existing install (yarn upgrade) if internetarchive_upgrade
    shell: yarn config set child-concurrency 1 && yarn install && yarn upgrade
    args:
      chdir: "{{ internetarchive_dir }}"
-  when: internetarchive_enabled and internetarchive_upgrade
+    #when: internetarchive_enabled and internetarchive_upgrade
- name: Enable Internet Archive
+  when: internetarchive_installed is defined and internet_available   # END BLOCK
-  include_tasks: enable.yml
+
-  when: internetarchive_install or internetarchive_installed is defined
+# "ELSE" INSTALL...
 - name: Install Internet Archive if 'internetarchive_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
  include_tasks: install.yml
  when: internetarchive_installed is undefined and internet_available
 # ENABLE/DISABLE/RESTART SYSTEMD SERVICE & WEB SERVERS AS NEC ?
 - name: Enable & Restart 'internetarchive' systemd service, if internetarchive_enabled
  systemd:
    name: internetarchive
    daemon_reload: yes
    enabled: yes
    state: restarted
  when: internetarchive_enabled | bool
 - name: Disable & Stop 'internetarchive' systemd service, if not internetarchive_enabled
  systemd:
    name: internetarchive
    enabled: no
    state: stopped
  when: not internetarchive_enabled
 #- name: Enable/Disable/Restart Apache if primary
 - name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
  include_tasks: apache.yml
  #when: not nginx_enabled
 - name: Enable/Disable/Restart NGINX if primary
  include_tasks: nginx.yml
  when: nginx_enabled | bool
 - name: Add 'internetarchive' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
    section: internetarchive
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Internet Archive
    - option: description
      value: '"Take the Internet Archive experience and materials offline, in a decentralized way!"'
    - option: internetarchive_install
      value: "{{ internetarchive_install }}"
    - option: internetarchive_enabled
      value: "{{ internetarchive_enabled }}"
--- a/roles/internetarchive/tasks/nginx.yml
+++ b/roles/internetarchive/tasks/nginx.yml
@ -0,0 +1,16 @@
 - name: Enable http://box/archive via NGINX, by installing {{ nginx_conf_dir }}/internetarchive-nginx.conf from template
  template:
    src: internetarchive-nginx.conf.j2    # TO DO: roles/internetarchive/templates/internetarchive-nginx.conf.j2
    dest: "{{ nginx_conf_dir }}/internetarchive-nginx.conf"    # /etc/nginx/conf.d
  when: internetarchive_enabled | bool
 - name: Disable http://box/archive via NGINX, by removing {{ nginx_conf_dir }}/internetarchive-nginx.conf
  file:
    path: "{{ nginx_conf_dir }}/internetarchive-nginx.conf"    # /etc/nginx/conf.d
    state: absent
  when: not internetarchive_enabled
 - name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    state: restarted
--- a/roles/internetarchive/templates/internetarchive-nginx.conf.j2
+++ b/roles/internetarchive/templates/internetarchive-nginx.conf.j2
@ -0,0 +1,2 @@
 # 2020-02-04: Let's try to get http://box/archive working with NGINX, using
 # this file.  BACKGROUND: https://github.com/iiab/iiab/pull/2120
--- a/roles/kalite/tasks/setup.yml
+++ b/roles/kalite/tasks/setup.yml
@ -27,6 +27,6 @@
 - name: "Add 'kalite_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^kalite_installed'
    line: 'kalite_installed: True'
--- a/roles/kiwix/defaults/main.yml
+++ b/roles/kiwix/defaults/main.yml
@ -38,3 +38,5 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml"
 # - NEW WAY: cd /opt/iiab/iiab; ./runrole --reinstall kiwix
 # - OLD WAY: rm /opt/iiab/kiwix/bin/kiwix-serve; cd /opt/iiab/iiab; ./runrole kiwix
 kiwix_force_install: False
 kiwix_nginx_timeout: 600
 kiwix_threads: 4
--- a/roles/kiwix/tasks/install.yml
+++ b/roles/kiwix/tasks/install.yml
@ -93,6 +93,6 @@
 - name: "Add 'kiwix_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^kiwix_installed'
    line: 'kiwix_installed: True'
--- a/roles/kiwix/templates/kiwix-nginx.conf
+++ b/roles/kiwix/templates/kiwix-nginx.conf
@ -1,3 +1,12 @@
 location /kiwix {
  proxy_set_header   X-Real-IP $remote_addr;
  proxy_set_header   Host      $http_host;
  proxy_http_version 1.1;
  proxy_set_header Connection "";
  proxy_connect_timeout {{ kiwix_nginx_timeout }};
  proxy_send_timeout {{ kiwix_nginx_timeout }};
  proxy_read_timeout {{ kiwix_nginx_timeout }};
  send_timeout {{ kiwix_nginx_timeout }};
  proxy_pass http://127.0.0.1:3000;
 }
--- a/roles/kiwix/templates/kiwix-serve.service.j2
+++ b/roles/kiwix/templates/kiwix-serve.service.j2
@ -4,7 +4,7 @@ After=syslog.target network.target local-fs.target
 [Service]
 Type=forking
-ExecStart={{ iiab_base }}/kiwix/bin/kiwix-serve --daemon --port {{ kiwix_port }} --nolibrarybutton --library {{ kiwix_library_xml }} --urlRootLocation={{ kiwix_url }}
+ExecStart={{ iiab_base }}/kiwix/bin/kiwix-serve --daemon --port {{ kiwix_port }} --nolibrarybutton --library {{ kiwix_library_xml }} --urlRootLocation={{ kiwix_url }} --threads {{ kiwix_threads }}
 TimeoutStartSec=180
 Restart=on-abort
 RestartSec=5s
--- a/roles/kolibri/tasks/apache.yml
+++ b/roles/kolibri/tasks/apache.yml
@ -0,0 +1,12 @@
 - name: Enable http://box{{ kolibri_url }} via Apache    # http://box/kolibri
  command: a2ensite kolibri.conf
  when: kolibri_enabled | bool
 - name: Disable http://box{{ kolibri_url }} via Apache    # http://box/kolibri
  command: a2dissite kolibri.conf
  when: not kolibri_enabled
 - name: (Re)Start '{{ apache_service }}' systemd service
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
    state: restarted
--- a/roles/kolibri/tasks/enable.yml
+++ b/roles/kolibri/tasks/enable.yml
@ -1,71 +0,0 @@
 - name: Enable & Start 'kolibri' systemd service
  systemd:
    name: kolibri
    daemon_reload: yes
    enabled: yes
    state: started
  when: kolibri_enabled | bool
 - name: Disable & Stop 'kolibri' systemd service
  systemd:
    name: kolibri
    enabled: no
    state: stopped
  when: not kolibri_enabled
  # Apache
 - name: Enable http://box{{ kolibri_url }} via Apache    # i.e. http://box/kolibri
  command: a2ensite kolibri.conf
  when: apache_install and kolibri_enabled
 - name: Disable http://box{{ kolibri_url }} via Apache
  command: a2dissite kolibri.conf
  when: apache_install and not kolibri_enabled
 - name: Restart Apache systemd service ({{ apache_service }})
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
    state: restarted
  when: apache_enabled | bool
 # NGINX
 - name: Enable http://box{{ kolibri_url }} via NGINX, by installing {{ nginx_conf_dir }}/kolibri-nginx.conf from template
  template:
    src: kolibri-nginx.conf.j2
    dest: "{{ nginx_conf_dir }}/kolibri-nginx.conf"
  when: nginx_install and kolibri_enabled
 - name: Disable http://box{{ kolibri_url }} via NGINX, by removing {{ nginx_conf_dir }}/kolibri-nginx.conf
  file:
    path: "{{ nginx_conf_dir }}/kolibri-nginx.conf"
    state: absent
  when: nginx_install and not kolibri_enabled
 - name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    state: restarted
  when: nginx_enabled | bool
 - name: Add 'kolibri' variable values to {{ iiab_ini_file }}    # /etc/iiab/iiab.ini
  ini_file:
    path: "{{ iiab_ini_file }}"
    section: kolibri
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: kolibri
    - option: description
      value: '"Kolibri is an open-source educational platform specially designed to provide offline access to a wide range of quality, openly licensed educational contents in low-resource contexts like rural schools, refugee camps, orphanages, and also in non-formal school programs."'
    - option: kolibri_url
      value: "{{ kolibri_url }}"
    - option: kolibri_path
      value: "{{ kolibri_exec_path }}"
    - option: kolibri_port
      value: "{{ kolibri_http_port }}"
    - option: kolibri_enabled
      value: "{{ kolibri_enabled }}"
--- a/roles/kolibri/tasks/install.yml
+++ b/roles/kolibri/tasks/install.yml
@ -9,37 +9,37 @@
    system: yes
    create_home: no
- name: Create {{ kolibri_home }} (for Kolibri content, configuration, sqlite3 databases)
+- name: Create directory {{ kolibri_home }} for Kolibri content, configuration, sqlite3 databases ({{ kolibri_user }}:{{ apache_user }}, '0755')
  file:
    state: directory
    path: "{{ kolibri_home }}"     # /library/kolibri
    owner: "{{ kolibri_user }}"    # kolibri
    group: "{{ apache_user }}"     # www-data (on Debian/Ubuntu/Raspbian)
-    mode: 0755
+    mode: '0755'
    state: directory
- name: Create /etc/kolibri
+- name: Create directory /etc/kolibri
  file:
    name: /etc/kolibri
    state: directory
-    owner: root
+    name: /etc/kolibri
-    group: root
+    # owner: root
-    mode: 0755
+    # group: root
    # mode: '0755'
 - name: Save kolibri_user ({{ kolibri_user }}) to /etc/kolibri/username
  copy:
    content: "{{ kolibri_user }}"
    dest: /etc/kolibri/username
-    owner: root
+    # owner: root
-    group: root
+    # group: root
-    mode: 0644
+    # mode: '0644'
 - name: Save kolibri_home (KOLIBRI_HOME="{{ kolibri_home }}") to /etc/kolibri/daemon.conf
  copy:
    content: 'KOLIBRI_HOME="{{ kolibri_home }}"'
    dest: /etc/kolibri/daemon.conf
-    owner: root
+    # owner: root
-    group: root
+    # group: root
-    mode: 0644
+    # mode: '0644'
 - name: apt install latest Kolibri .deb from {{ kolibri_deb_url }} (populates {{ kolibri_home }}, migrates database)    # i.e. /library/kolibri
  apt:
@ -49,22 +49,21 @@
    KOLIBRI_USER: "{{ kolibri_user }}"    # both can't hurt & Might Help Later
  when: internet_available | bool
- name: 'Install from templates: kolibri.service unit file for systemd & sites-available/kolibri.conf for Apache'
+- name: 'Install from templates: /etc/systemd/system/kolibri.service & /etc/{{ apache_conf_dir }}/kolibri.conf'
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
-    owner: root
+    # owner: root
-    group: root
+    # group: root
-    mode: 0644
+    # mode: '0644'
  with_items:
    - { src: 'kolibri.service.j2', dest: '/etc/systemd/system/kolibri.service' }
-    - { src: 'kolibri.conf.j2', dest: '/etc/apache2/sites-available/kolibri.conf' }
+    - { src: 'kolibri.conf.j2', dest: '/etc/{{ apache_conf_dir }}/kolibri.conf' }    # apache2/sites-available
- name: Enable 'kolibri' systemd service (for reboots) but ensure it's stopped for Kolibri provisioning
+- name: Stop 'kolibri' systemd service, for Kolibri provisioning (after daemon_reload)
  systemd:
    name: kolibri
    daemon_reload: yes
    enabled: yes
    state: stopped
@ -122,6 +121,6 @@
 - name: "Add 'kolibri_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^kolibri_installed'
    line: 'kolibri_installed: True'
--- a/roles/kolibri/tasks/main.yml
+++ b/roles/kolibri/tasks/main.yml
@ -1,7 +1,74 @@
- name: Install Kolibri
+# "How do i fail a task in Ansible if the variable contains a boolean value?
-  include_tasks: install.yml
+# I want to perform input validation for Ansible playbooks"
-  when: kolibri_install and not kolibri_installed is defined
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
- name: Enable Kolibri
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
-  include_tasks: enable.yml
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
-  when: kolibri_install or kolibri_installed is defined
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
 - name: Assert that "kolibri_install is sameas true" (boolean not string etc)
  assert:
    that: kolibri_install is sameas true
    fail_msg: "PLEASE SET 'kolibri_install: True' e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
 - name: Assert that "kolibri_enabled | type_debug == 'bool'" (boolean not string etc)
  assert:
    that: kolibri_enabled | type_debug == 'bool'
    fail_msg: "PLEASE GIVE VARIABLE 'kolibri_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
 #- name: "Set 'kolibri_provision: False' for a more lightweight (re)install"
 #  set_fact:
 #    kolibri_provision: False
 #  when: ???
 - name: Install Kolibri, if 'kolibri_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
  include_tasks: install.yml
  when: kolibri_installed is undefined
 - name: Enable & Start 'kolibri' systemd service, if kolibri_enabled
  systemd:
    name: kolibri
    daemon_reload: yes
    enabled: yes
    state: started
  when: kolibri_enabled | bool
 - name: Disable & Stop 'kolibri' systemd service, if not kolibri_enabled
  systemd:
    name: kolibri
    enabled: no
    state: stopped
  when: not kolibri_enabled
 - name: Enable/Disable/Restart Apache if primary
  include_tasks: apache.yml
  when: not nginx_enabled
 - name: Enable/Disable/Restart NGINX if primary
  include_tasks: nginx.yml
  when: nginx_enabled | bool
 - name: Add 'kolibri' variable values to {{ iiab_ini_file }}    # /etc/iiab/iiab.ini
  ini_file:
    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
    section: kolibri
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Kolibri
    - option: description
      value: '"Kolibri is an open-source educational platform specially designed to provide offline access to a wide range of quality, openly licensed educational contents in low-resource contexts like rural schools, refugee camps, orphanages, and also in non-formal school programs."'
    - option: kolibri_url
      value: "{{ kolibri_url }}"
    - option: kolibri_path
      value: "{{ kolibri_exec_path }}"
    - option: kolibri_port
      value: "{{ kolibri_http_port }}"
    - option: kolibri_enabled
      value: "{{ kolibri_enabled }}"
--- a/roles/kolibri/tasks/nginx.yml
+++ b/roles/kolibri/tasks/nginx.yml
@ -0,0 +1,16 @@
 - name: Enable http://box{{ kolibri_url }} via NGINX, by installing {{ nginx_conf_dir }}/kolibri-nginx.conf from template    # http://box/kolibri
  template:
    src: kolibri-nginx.conf.j2
    dest: "{{ nginx_conf_dir }}/kolibri-nginx.conf"    # /etc/nginx/conf.d
  when: kolibri_enabled | bool
 - name: Disable http://box{{ kolibri_url }} via NGINX, by removing {{ nginx_conf_dir }}/kolibri-nginx.conf    # http://box/kolibri
  file:
    path: "{{ nginx_conf_dir }}/kolibri-nginx.conf"    # /etc/nginx/conf.d
    state: absent
  when: not kolibri_enabled
 - name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    state: restarted
--- a/roles/lokole/tasks/apache.yml
+++ b/roles/lokole/tasks/apache.yml
@ -6,7 +6,7 @@
  command: a2dissite lokole.conf
  when: not lokole_enabled
- name: Restart '{{ apache_service }}' systemd service
+- name: (Re)Start '{{ apache_service }}' systemd service
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
    state: restarted
--- a/roles/lokole/tasks/install.yml
+++ b/roles/lokole/tasks/install.yml
@ -100,6 +100,6 @@
 - name: "Add 'lokole_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^lokole_installed'
    line: 'lokole_installed: True'
--- a/roles/lokole/tasks/main.yml
+++ b/roles/lokole/tasks/main.yml
@ -19,12 +19,12 @@
    quiet: yes
- name: Install Lokole {{ lokole_version }} if lokole_installed is not defined
+- name: Install Lokole if lokole_installed is not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
  include_tasks: install.yml
  when: lokole_installed is undefined
- name: Enable & Restart 'lokole' systemd service
+- name: Enable & Restart 'lokole' systemd service, if lokole_enabled
  systemd:
    name: lokole
    daemon_reload: yes
@ -32,7 +32,7 @@
    state: restarted
  when: lokole_enabled | bool
- name: Disable & Stop 'lokole' systemd service
+- name: Disable & Stop 'lokole' systemd service, if not lokole_enabled
  systemd:
    name: lokole
    enabled: no
--- a/roles/lokole/tasks/nginx.yml
+++ b/roles/lokole/tasks/nginx.yml
@ -1,10 +1,10 @@
- name: "SHIM: Enable http://box{{ lokole_url }} via NGINX, by installing {{ nginx_conf_dir }}/lokole-nginx.conf from template"    # http://box/lokole
+- name: Enable http://box{{ lokole_url }} via NGINX, by installing {{ nginx_conf_dir }}/lokole-nginx.conf from template    # http://box/lokole
  template:
    src: lokole-nginx.conf.j2
    dest: "{{ nginx_conf_dir }}/lokole-nginx.conf"    # /etc/nginx/conf.d
  when: lokole_enabled | bool
- name: "SHIM: Disable http://box{{ lokole_url }} via NGINX, by removing {{ nginx_conf_dir }}/lokole-nginx.conf"    # http://box/lokole
+- name: Disable http://box{{ lokole_url }} via NGINX, by removing {{ nginx_conf_dir }}/lokole-nginx.conf    # http://box/lokole
  file:
    path: "{{ nginx_conf_dir }}/lokole-nginx.conf"    # /etc/nginx/conf.d
    state: absent
--- a/roles/mediawiki/defaults/main.yml
+++ b/roles/mediawiki/defaults/main.yml
@ -29,4 +29,4 @@ mediawiki_abs_path: "{{ mediawiki_install_path }}/mediawiki-{{ mediawiki_version
 mediawiki_url: /wiki
 mediawiki_url2: /mediawiki
 mediawiki_full_url: "http://{{ iiab_hostname }}.{{ iiab_domain }}{{ mediawiki_url }}"    # http://box.lan/wiki
-mediawiki_symlink: w # can also be mwlink. NO slashes as they are suppplied as needed in the code
+mediawiki_symlink: w    # Can also be mwlink. NO slashes as they are supplied as needed in the code
--- a/roles/mediawiki/tasks/apache.yml
+++ b/roles/mediawiki/tasks/apache.yml
@ -0,0 +1,12 @@
 - name: Enable http://box{{ mediawiki_url }} via Apache    # http://box/wiki
  command: a2ensite mediawiki.conf
  when: mediawiki_enabled | bool
 - name: Disable http://box{{ mediawiki_url }} via Apache    # http://box/wiki
  command: a2dissite mediawiki.conf
  when: not mediawiki_enabled
 - name: Restart '{{ apache_service }}' systemd service
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
    state: restarted
--- a/roles/mediawiki/tasks/enable.yml
+++ b/roles/mediawiki/tasks/enable.yml
@ -1,62 +0,0 @@
 # Apache
 - name: Enable http://box{{ mediawiki_url }} via Apache    # i.e. http://box/wiki
  command: a2ensite mediawiki.conf
  when: apache_install and mediawiki_enabled
 - name: Disable http://box{{ mediawiki_url }} via Apache
  command: a2dissite mediawiki.conf
  when: apache_install and not mediawiki_enabled
 - name: Restart Apache systemd service ({{ apache_service }})
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
    state: restarted
  when: apache_enabled | bool
 # NGINX
 - name: Enable http://box{{ mediawiki_url }} & http://box{{ mediawiki_url2 }} via NGINX, by installing {{ nginx_conf_dir }}/mediawiki-nginx.conf from template
  template:
    src: mediawiki-nginx.conf.j2
    dest: "{{ nginx_conf_dir }}/mediawiki-nginx.conf"
  when: nginx_install and mediawiki_enabled
 - name: Disable http://box{{ mediawiki_url }} & http://box{{ mediawiki_url2 }} via NGINX, by removing {{ nginx_conf_dir }}/mediawiki-nginx.conf
  file:
    path: "{{ nginx_conf_dir }}/mediawiki-nginx.conf"
    state: absent
  when: nginx_install and not mediawiki_enabled
 - name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    state: restarted
  when: nginx_enabled | bool
 - name: Add 'mediawiki' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
    section: mediawiki
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: MediaWiki
    - option: description
      value: '"MediaWiki is a blog and web site management application, from the people who create Wikipedia."'
    - option: mediawiki_src
      value: "{{ mediawiki_src }}"
    - option: mediawiki_abs_path
      value: "{{ mediawiki_abs_path }}"
    - option: mediawiki_db_name
      value: "{{ mediawiki_db_name }}"
    - option: mediawiki_db_user
      value: "{{ mediawiki_db_user }}"
    - option: mediawiki_url
      value: "{{ mediawiki_url }}"
    - option: mediawiki_full_url
      value: "{{ mediawiki_full_url }}"
    - option: mediawiki_enabled
      value: "{{ mediawiki_enabled }}"
--- a/roles/mediawiki/tasks/install.yml
+++ b/roles/mediawiki/tasks/install.yml
@ -8,43 +8,43 @@
 - name: Download {{ mediawiki_download_base_url }}/{{ mediawiki_src }} to {{ downloads_dir }}
  get_url:
    url: "{{ mediawiki_download_base_url }}/{{ mediawiki_src }}"
-    dest: "{{ downloads_dir }}"
+    dest: "{{ downloads_dir }}"    # /opt/iiab/downloads
    timeout: "{{ download_timeout }}"
    #force: yes
    #backup: yes
  when: internet_available | bool
- name: Unpack it to permanent location {{ mediawiki_abs_path }}
+- name: Unarchive (unpack) it to permanent location {{ mediawiki_abs_path }} ({{ apache_user }}:{{ apache_user }}, u+rw,g+r,o+r)
  unarchive:
    src: "{{ downloads_dir }}/{{ mediawiki_src }}"
-    dest: "{{ mediawiki_install_path }}"
+    dest: "{{ mediawiki_install_path }}"    # /library
    owner: "{{ apache_user }}"
    group: "{{ apache_user }}"
    mode: u+rw,g+r,o+r    # '0755' forced executable bits on files
    keep_newer: yes
- name: Create symlink {{ doc_root }}/{{ mediawiki_symlink }} -> {{ mediawiki_abs_path }}
+- name: Symlink {{ doc_root }}/{{ mediawiki_symlink }} -> {{ mediawiki_abs_path }}
  file:
-    src: "{{ mediawiki_abs_path }}"
+    src: "{{ mediawiki_abs_path }}"    # /library/mediawiki-1.XY.Z
-    path: "{{ doc_root }}/{{ mediawiki_symlink }}"
+    path: "{{ doc_root }}/{{ mediawiki_symlink }}"    # /library/www/html/w
    state: link
 - name: Start MySQL systemd service ({{ mysql_service }}) so we can create db
  systemd:
    state: started
    name: "{{ mysql_service }}"
    state: started
 - name: Create MySQL database {{ mediawiki_db_name }}
  mysql_db:
-    name: "{{ mediawiki_db_name }}"
+    name: "{{ mediawiki_db_name }}"    # iiab_mediawiki
-    state: present
+    #state: present
 - name: Create MySQL database user {{ mediawiki_db_user }} with password, and permissions to above db
  mysql_user:
-    name: "{{ mediawiki_db_user }}"
+    name: "{{ mediawiki_db_user }}"    # iiab_mediawiki_user
    password: "{{ mediawiki_db_user_password }}"
    priv: "{{ mediawiki_db_name }}.*:ALL,GRANT"
-    state: present
+    #state: present
 - name: Configure MediaWiki, if {{ mediawiki_abs_path }}/LocalSettings.php doesn't exist
  shell: >
@ -61,29 +61,29 @@
    "{{ mediawiki_site_name }}"
    "{{ mediawiki_admin_user }}"
  args:
-    chdir: "{{ mediawiki_abs_path }}"
+    chdir: "{{ mediawiki_abs_path }}"    # /library/mediawiki-1.XY.Z
    creates: "{{ mediawiki_abs_path }}/LocalSettings.php"
 - name: Configure wgArticlePath variable in {{ mediawiki_abs_path }}/LocalSettings.php
  lineinfile:
-    dest: "{{ mediawiki_abs_path }}/LocalSettings.php"
+    path: "{{ mediawiki_abs_path }}/LocalSettings.php"    # /library/mediawiki-1.XY.Z
    line: '$wgArticlePath = "/wiki/$1";'
 - name: Configure $wgUsePathInfo variable in {{ mediawiki_abs_path }}/LocalSettings.php
  lineinfile:
-    dest: "{{ mediawiki_abs_path }}/LocalSettings.php"
+    path: "{{ mediawiki_abs_path }}/LocalSettings.php"    # /library/mediawiki-1.XY.Z
    line: '$wgUsePathInfo = true;'
 - name: Configure $wgServer variable in {{ mediawiki_abs_path }}/LocalSettings.php
  lineinfile:
-    dest: "{{ mediawiki_abs_path }}/LocalSettings.php"
+    path: "{{ mediawiki_abs_path }}/LocalSettings.php"    # /library/mediawiki-1.XY.Z
    regexp: '^\$wgServer ='
    line: '$wgServer = "//" . $_SERVER["HTTP_HOST"];'
 - name: Install /etc/{{ apache_conf_dir }}/mediawiki.conf from template, for http://box{{ mediawiki_url }} via Apache
  template:
    src: mediawiki.conf.j2
-    dest: "/etc/{{ apache_conf_dir }}/mediawiki.conf"
+    dest: "/etc/{{ apache_conf_dir }}/mediawiki.conf"    # apache2/sites-available on debuntu
 # RECORD MediaWiki AS INSTALLED
@ -94,6 +94,6 @@
 - name: "Add 'mediawiki_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^mediawiki_installed'
    line: 'mediawiki_installed: True'
--- a/roles/mediawiki/tasks/main.yml
+++ b/roles/mediawiki/tasks/main.yml
@ -1,7 +1,60 @@
- name: Install MediaWiki {{ mediawiki_version }}
+# "How do i fail a task in Ansible if the variable contains a boolean value?
-  include_tasks: install.yml
+# I want to perform input validation for Ansible playbooks"
-  when: mediawiki_install and not mediawiki_installed is defined
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
- name: Enable MediaWiki
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
-  include_tasks: enable.yml
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
-  when: mediawiki_install or mediawiki_installed is defined
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
 - name: Assert that "mediawiki_install is sameas true" (boolean not string etc)
  assert:
    that: mediawiki_install is sameas true
    fail_msg: "PLEASE SET 'mediawiki_install: True' e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
 - name: Assert that "mediawiki_enabled | type_debug == 'bool'" (boolean not string etc)
  assert:
    that: mediawiki_enabled | type_debug == 'bool'
    fail_msg: "PLEASE GIVE VARIABLE 'mediawiki_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
 - name: Install MediaWiki {{ mediawiki_version }} if 'mediawiki_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
  include_tasks: install.yml
  when: mediawiki_installed is undefined
 - name: Enable/Disable/Restart Apache if primary
  include_tasks: apache.yml
  when: not nginx_enabled
 - name: Enable/Disable/Restart NGINX if primary
  include_tasks: nginx.yml
  when: nginx_enabled | bool
 - name: Add 'mediawiki' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
    section: mediawiki
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: MediaWiki
    - option: description
      value: '"MediaWiki is a blog and web site management application, from the people who create Wikipedia."'
    - option: mediawiki_src
      value: "{{ mediawiki_src }}"
    - option: mediawiki_abs_path
      value: "{{ mediawiki_abs_path }}"
    - option: mediawiki_db_name
      value: "{{ mediawiki_db_name }}"
    - option: mediawiki_db_user
      value: "{{ mediawiki_db_user }}"
    - option: mediawiki_url
      value: "{{ mediawiki_url }}"
    - option: mediawiki_full_url
      value: "{{ mediawiki_full_url }}"
    - option: mediawiki_enabled
      value: "{{ mediawiki_enabled }}"
--- a/roles/mediawiki/tasks/nginx.yml
+++ b/roles/mediawiki/tasks/nginx.yml
@ -0,0 +1,16 @@
 - name: Enable http://box{{ mediawiki_url }} & http://box{{ mediawiki_url2 }} via NGINX, by installing {{ nginx_conf_dir }}/mediawiki-nginx.conf from template    # http://box/wiki & http://box/mediawiki
  template:
    src: mediawiki-nginx.conf.j2
    dest: "{{ nginx_conf_dir }}/mediawiki-nginx.conf"    # /etc/nginx.conf.d
  when: mediawiki_enabled | bool
 - name: Disable http://box{{ mediawiki_url }} & http://box{{ mediawiki_url2 }} via NGINX, by removing {{ nginx_conf_dir }}/mediawiki-nginx.conf    # http://box/wiki & http://box/mediawiki
  file:
    path: "{{ nginx_conf_dir }}/mediawiki-nginx.conf"    # /etc/nginx.conf.d
    state: absent
  when: not mediawiki_enabled
 - name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    state: restarted
--- a/roles/minetest/tasks/provision.yml
+++ b/roles/minetest/tasks/provision.yml
@ -78,6 +78,6 @@
 - name: "Add 'minetest_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^minetest_installed'
    line: 'minetest_installed: True'
--- a/roles/mongodb/tasks/install.yml
+++ b/roles/mongodb/tasks/install.yml
@ -135,6 +135,6 @@
 - name: "Add 'mongodb_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^mongodb_installed'
    line: 'mongodb_installed: True'
--- a/roles/mongodb/tasks/main.yml
+++ b/roles/mongodb/tasks/main.yml
@ -18,42 +18,37 @@
    fail_msg: "PLEASE GIVE VARIABLE 'mongodb_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
- name: EXIT MONGODB PLAYBOOK, IF DEBIAN 10+ (where MongoDB doesn't exist)
+- debug:
-  meta: end_play
+    var: mongodb_install
-  when: (is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)
+- debug:
    var: mongodb_enabled
 - debug:
    var: mongodb_installed
- name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
+- debug:
-  include_tasks: install.yml
+    var: is_debian
-  when: mongodb_installed is undefined
+- debug:
    var: is_raspbian
 - name: EXIT 'mongodb' ROLE & CONTINUE, IF 'is_debian and not is_raspbian' i.e. TRUE DEBIAN (where MongoDB no longer exists)
  fail:    # FORCE IT RED THIS ONCE!
    msg: ATTEMPTED MongoDB INSTALLATION WITH (TRUE) DEBIAN, which is no longer supported.  Nevertheless IIAB will continue (consider this a warning!)
  when: is_debian and not is_raspbian
  #when: (is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)    # Test for Debian 10+
  ignore_errors: yes
- name: Enable & Restart 'mongodb' systemd service if mongodb_enabled, incl daemon-reload (in case mongodb.service changed?)
+# ELSE...
  systemd:
    name: mongodb
    daemon_reload: yes
    enabled: yes
    state: restarted
  when: mongodb_enabled | bool
- name: Disable 'mongodb' service, if not mongodb_enabled
+- name: Install/Enable/Disable/Record MongoDB (main2.yml) if is_raspbian or not is_debian, i.e. not True Debian
-  systemd:
+  include_tasks: main2.yml
-    name: mongodb
+  when: is_raspbian or not is_debian
    enabled: no
    state: stopped
  when: not mongodb_enabled
 # THE block: APPROACH BELOW WORKS JUST LIKE main2.yml ABOVE.
 # BUT IT VISUALLY POLLUTES: MANY BLUE "skipping:" MESSAGES IN ANSIBLE'S OUTPUT.
- name: Add 'mongodb' variable values to {{ iiab_ini_file }}
+# - block:    # ENTIRE BLOCK CONDITIONED ON 'when: is_raspbian or not is_debian'
-  ini_file:
+#
-    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
+#   [MOVED TO main2.yml]
-    section: mongodb
+#
-    option: "{{ item.option }}"
+#   when: is_raspbian or not is_debian    # CONDITION FOR ENTIRE ABOVE block: 
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: MongoDB
    - option: description
      value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."'
    - option: enabled
      value: "{{ mongodb_enabled }}"
--- a/roles/mongodb/tasks/main2.yml
+++ b/roles/mongodb/tasks/main2.yml
@ -0,0 +1,34 @@
 - name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
  include_tasks: install.yml
  when: mongodb_installed is undefined
 - name: Enable & Restart 'mongodb' systemd service if mongodb_enabled, incl daemon-reload (in case mongodb.service changed?)
  systemd:
    name: mongodb
    daemon_reload: yes
    enabled: yes
    state: restarted
  when: mongodb_enabled | bool
 - name: Disable & Stop 'mongodb' service, if not mongodb_enabled
  systemd:
    name: mongodb
    enabled: no
    state: stopped
  when: not mongodb_enabled
 - name: Add 'mongodb' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
    section: mongodb
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: MongoDB
    - option: description
      value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."'
    - option: enabled
      value: "{{ mongodb_enabled }}"
--- a/roles/monit/tasks/install.yml
+++ b/roles/monit/tasks/install.yml
@ -63,6 +63,6 @@
 - name: "Add 'monit_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^monit_installed'
    line: 'monit_installed: True'
--- a/roles/moodle/tasks/apache.yml
+++ b/roles/moodle/tasks/apache.yml
@ -0,0 +1,12 @@
 - name: Enable http://box/moodle via Apache
  command: a2ensite 022-moodle.conf
  when: moodle_enabled | bool
 - name: Disable http://box/moodle via Apache
  command: a2dissite 022-moodle.conf
  when: not moodle_enabled
 - name: (Re)Start '{{ apache_service }}' systemd service
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
    state: restarted
--- a/roles/moodle/tasks/enable.yml
+++ b/roles/moodle/tasks/enable.yml
@ -1,67 +0,0 @@
 - name: Enable 'postgresql-iiab' systemd service, if moodle_enabled
  systemd:
    name: postgresql-iiab
    state: started
    enabled: yes
  when: moodle_enabled
 # if the only service using the backend db disable if not running
 - name: Disable 'postgresql-iiab' systemd service, if not moodle_enabled and not (pathagar_enabled is defined and pathagar_enabled)
  systemd:
    name: postgresql-iiab
    state: stopped
    enabled: no
  when: not moodle_enabled and not (pathagar_enabled is defined and pathagar_enabled)
 # Apache
 - name: Enable http://box/moodle via Apache
  command: a2ensite 022-moodle.conf
  when: apache_install and moodle_enabled
 - name: Disable http://box/moodle via Apache
  command: a2dissite 022-moodle.conf
  when: apache_install and not moodle_enabled
 - name: Restart '{{ apache_service }}' systemd service
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
    state: restarted
  when: apache_enabled | bool
 # NGINX
 - name: Enable http://box/moodle via NGINX, by installing {{ nginx_conf_dir }}/moodle-nginx.conf from template
  template:
    src: moodle-nginx.conf.j2
    dest: "{{ nginx_conf_dir }}/moodle-nginx.conf"
  when: nginx_install and moodle_enabled
 - name: Disable http://box/moodle via NGINX, by removing {{ nginx_conf_dir }}/moodle-nginx.conf
  file:
    path: "{{ nginx_conf_dir }}/moodle-nginx.conf"
    state: absent
  when: nginx_install and not moodle_enabled
 - name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    state: restarted
  when: nginx_enabled | bool
 - name: Add 'moodle' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
    section: moodle
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Moodle
    - option: description
      value: '"Access the Moodle learning management system."'
    - option: "moodle_base"
      value: "{{ moodle_base }}"
    - option: moodle_enabled
      value: "{{ moodle_enabled }}"
--- a/roles/moodle/tasks/install.yml
+++ b/roles/moodle/tasks/install.yml
@ -1,19 +1,13 @@
 - debug:
    var: postgresql_install
 - debug:
    var: postgresql_enabled
 - debug:
    var: postgresql_installed
 - name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'"
  set_fact:
    postgresql_install: True
    postgresql_enabled: True
- name: POSTGRESQL - run the 'postgresql' role
+- name: POSTGRESQL - run 'postgresql' role (attempt to install & enable PostgreSQL)
  include_role:
    name: postgresql
 - name: "Install packages: python-psycopg2, php-pgsql (OS's other than debuntu)"
  package:
    name:
@ -35,22 +29,22 @@
    state: present
  when: is_debuntu | bool
- name: "Install package: php{{ php_version }}-zip (ubuntu or debian-9+)"
+- name: "Install package: php{{ php_version }}-zip (Ubuntu or Debian 9+)"
  package:
    name: "php{{ php_version }}-zip"
  when: is_ubuntu or (is_debian and not is_debian_8)
- name: "Install package: php-pclzip (debian-8)"
+# - name: "Install package: php-pclzip (debian-8)"
-  package:
+#   package:
-    name: php-pclzip
+#     name: php-pclzip
-  when: is_debian_8 | bool
+#   when: is_debian_8 | bool
- name: Determine if Moodle is already downloaded
+- name: Does {{ moodle_base }}/config-dist.php exist? (indicating Moodle is/was installed)
  stat:
    path: "{{ moodle_base }}/config-dist.php"
  register: moodle
- name: Download the latest Moodle repo
+- name: Clone (i.e. use git to download) {{ moodle_repo_url }} to {{ moodle_base }}
  git:
    repo: "{{ moodle_repo_url }}"
    dest: "{{ moodle_base }}"
@ -63,32 +57,32 @@
 - name: Create dir {{ moodle_base }} owned by {{ apache_user }} (for config file?)
  file:
    state: directory
    path: "{{ moodle_base }}"
    owner: "{{ apache_user }}"
    recurse: yes
    state: directory
 - name: Create dir {{ content_base }}/dbdata/moodle owned by {{ apache_user }}
  file:
    state: directory
    path: "{{ content_base }}/dbdata/moodle"
    owner: "{{ apache_user }}"
    # mode: '0755'
    state: directory
- name: Create dir {{ moodle_data }} owned by {{ apache_user }}:{{ apache_user }} with write permission 0770    # /library/moodle
+- name: Create dir {{ moodle_data }} ({{ apache_user }}:{{ apache_user }}, '0770')    # /library/moodle
  file:
    state: directory
    path: "{{ moodle_data }}"
    owner: "{{ apache_user }}"
    group: "{{ apache_user }}"
    mode: '0770'
    state: directory
- name: Remove Apache's stock moodle.conf
+- name: Remove stock /etc/{{ apache_conf_dir }}/moodle.conf
  file:
    path: "/etc/{{ apache_conf_dir }}/moodle.conf"
    state: absent
- name: Install Apache's 022-moodle.conf from template, if moodle_enabled
+- name: Install /etc/{{ apache_conf_dir }}/022-moodle.conf from template
  template:
    src: 022-moodle.j2
    dest: "/etc/{{ apache_conf_dir }}/022-moodle.conf"
@ -96,10 +90,10 @@
    # group: root
    # mode: '0644'
- name: Restart postgresql-iiab
+- name: Start 'postgresql-iiab' systemd service, to configure Moodle's DB
-  service:
+  systemd:
    name: postgresql-iiab
-    state: restarted
+    state: started
 - name: Create PostgreSQL db user Admin/changeme
  postgresql_user:
@ -121,21 +115,21 @@
  become: yes
  become_user: postgres
- name: Install {{ moodle_base }}/moodle_installer from template
+- name: Install {{ moodle_base }}/moodle_installer from template ('0755')
  template:
    src: moodle_installer
    dest: "{{ moodle_base }}"
    mode: '0755'
- name: Enable & Restart postgresql-iiab
+- name: (Re)Start 'postgresql-iiab' systemd service
-  service:
+  systemd:
    name: postgresql-iiab
    state: restarted
-    enabled: yes
+    #enabled: yes
-  when: moodle_enabled | bool
+  #when: moodle_enabled | bool
- name: Restart Apache systemd service ({{ apache_service }})
+- name: (Re)Start '{{ apache_service }}' systemd service
-  service:
+  systemd:
    name: "{{ apache_service }}"
    state: restarted
@ -148,10 +142,10 @@
  shell: "{{ moodle_base }}/moodle_installer"
  when: config.stat.exists is defined and not config.stat.exists
- name: Give read permission 0644 to {{ moodle_base }}/config.php    # /opt/iiab/moodle/config.php
+- name: Make {{ moodle_base }}/config.php readable, with permission '0644'
  #command: chown -R {{ apache_user }} {{ moodle_base }}
  file:
-    path: "{{ moodle_base }}/config.php"
+    path: "{{ moodle_base }}/config.php"    # /opt/iiab/moodle
    mode: '0644'
@ -163,6 +157,6 @@
 - name: "Add 'moodle_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^moodle_installed'
    line: 'moodle_installed: True'
--- a/roles/moodle/tasks/main.yml
+++ b/roles/moodle/tasks/main.yml
@ -1,7 +1,82 @@
- name: "Install Moodle"
+# "How do i fail a task in Ansible if the variable contains a boolean value?
-  include_tasks: install.yml
+# I want to perform input validation for Ansible playbooks"
-  when: moodle_install and not moodle_installed is defined
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
- name: Enable Moodle
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
-  include_tasks: enable.yml
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
-  when: moodle_install or moodle_installed is defined
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
 - name: Assert that "moodle_install is sameas true" (boolean not string etc)
  assert:
    that: moodle_install is sameas true
    fail_msg: "PLEASE SET 'moodle_install: True' e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
 - name: Assert that "moodle_enabled | type_debug == 'bool'" (boolean not string etc)
  assert:
    that: moodle_enabled | type_debug == 'bool'
    fail_msg: "PLEASE GIVE VARIABLE 'moodle_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
 - name: Install Moodle if 'moodle_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
  include_tasks: install.yml
  when: moodle_installed is undefined
 # - name: Enable 'postgresql-iiab' systemd service, if moodle_enabled
 #   systemd:
 #     name: postgresql-iiab
 #     deamon_reload: yes
 #     state: started
 #     enabled: yes
 #   when: moodle_enabled | bool
 #
 # # if the only service using the backend db disable if not running
 # - name: Disable 'postgresql-iiab' systemd service, if 'not moodle_enabled and not (pathagar_enabled is defined and pathagar_enabled)'
 #   systemd:
 #     name: postgresql-iiab
 #     state: stopped
 #     enabled: no
 #   when: not moodle_enabled and not (pathagar_enabled is defined and pathagar_enabled)
 - name: "Set 'postgresql_enabled: True' if moodle_enabled"
  set_fact:
    postgresql_enabled: True
  when: moodle_enabled | bool
 - name: "Set 'postgresql_enabled: False' if 'not moodle_enabled and not (pathagar_enabled is defined and pathagar_enabled)'"
  set_fact:
    postgresql_enabled: False
  when: not moodle_enabled and not (pathagar_enabled is defined and pathagar_enabled)
 - name: POSTGRESQL - run 'postgresql' role (Enable&Start or Disable&Stop PostgreSQL)
  include_role:
    name: postgresql
 #- name: Enable/Disable/Restart Apache if primary
 - name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
  include_tasks: apache.yml
  #when: not nginx_enabled
 - name: Enable/Disable/Restart NGINX if primary
  include_tasks: nginx.yml
  when: nginx_enabled | bool
 - name: Add 'moodle' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
    section: moodle
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Moodle
    - option: description
      value: '"Access the Moodle learning management system."'
    - option: "moodle_base"
      value: "{{ moodle_base }}"
    - option: moodle_enabled
      value: "{{ moodle_enabled }}"
--- a/roles/moodle/tasks/nginx.yml
+++ b/roles/moodle/tasks/nginx.yml
@ -0,0 +1,16 @@
 - name: Enable http://box/moodle via NGINX, by installing {{ nginx_conf_dir }}/moodle-nginx.conf from template
  template:
    src: moodle-nginx.conf.j2
    dest: "{{ nginx_conf_dir }}/moodle-nginx.conf"    # /etc/nginx/conf.d
  when: moodle_enabled | bool
 - name: Disable http://box/moodle via NGINX, by removing {{ nginx_conf_dir }}/moodle-nginx.conf
  file:
    path: "{{ nginx_conf_dir }}/moodle-nginx.conf"    # /etc/nginx/conf.d
    state: absent
  when: not moodle_enabled
 - name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    state: restarted
--- a/roles/mosquitto/tasks/install.yml
+++ b/roles/mosquitto/tasks/install.yml
@ -38,6 +38,6 @@
 - name: "Add 'mosquitto_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^mosquitto_installed'
    line: 'mosquitto_installed: True'
--- a/roles/munin/tasks/apache.yml
+++ b/roles/munin/tasks/apache.yml
@ -6,7 +6,7 @@
  command: a2dissite munin24.conf
  when: not munin_enabled
- name: Restart '{{ apache_service }}' systemd service
+- name: (Re)Start '{{ apache_service }}' systemd service
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
    state: restarted
--- a/roles/munin/tasks/install.yml
+++ b/roles/munin/tasks/install.yml
@ -57,6 +57,6 @@
 - name: "Add 'munin_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^munin_installed'
    line: 'munin_installed: True'
--- a/roles/mysql/tasks/install.yml
+++ b/roles/mysql/tasks/install.yml
@ -0,0 +1,183 @@
 # Stanzas as of 2020-02-04:
 #
 # - 4 base install
 #   - Remove the last 3 above, as CentOS & Fedora no longer supported ?
 # - 6 double timeout for slow CPUs
 # - 7 DB config
 # - 2 record as installed
 - name: 'Install MySQL packages: mariadb-server, mariadb-client, and 9 php packages (debuntu)'
  package:
    name:
      - mariadb-server
      - mariadb-client
      - php{{ php_version }}
      - php{{ php_version }}-mysql
      - php-pear
      - php{{ php_version }}-gd
      - php{{ php_version }}-imap
      - php{{ php_version }}-ldap
      - php{{ php_version }}-odbc
      - php{{ php_version }}-xml    # Was below
      - php{{ php_version }}-xmlrpc
    state: present
  when: is_debuntu | bool
 # - name: Install package 'php{{ php_version }}-xml' (debuntu)    # WAS: (ubuntu or debian 9+)
 #   package:
 #     name: "php{{ php_version }}-xml"
 #     state: present
 #   when: is_debuntu | bool
 #   #when: is_ubuntu or (is_debian and not is_debian_8)
 #- name: Install php-xml-parser (debian-8)
 #  package:
 #    name: php-xml-parser
 #    state: present
 #  when: is_debian_8 | bool
 - name: "Install packages: mysql, MySQL-python and 9 php packages (OS's other than debuntu)"
  package:
    name:
      - MySQL-python
      - mysql
      - php
      - php-mysql
      - php-pear
      - php-gd
      - php-imap
      - php-ldap
      - php-odbc
      - php-xml
      - php-xmlrpc
    state: present
  when: not is_debuntu
 - include_tasks: centos.yml
  when: ansible_distribution == "CentOS"
 - include_tasks: fedora.yml
  when: ansible_distribution == "Fedora"
 # 2019-07-03 @jvonau @holta: the next 50 lines (6 stanzas) double MariaDB's
 # default boot timeout (90s to 180s) for slow CPUs like this Ubuntu 18.04.2 VM:
 # https://github.com/iiab/iiab/issues/1802
 # https://mariadb.com/kb/en/library/what-to-do-if-mariadb-doesnt-start/#systemd
 - name: Check if /lib/systemd/system/mariadb.service exists
  stat:
    path: /lib/systemd/system/mariadb.service
  register: mariadb_unit_file
 - name: Copy pkg's /lib/systemd/system/mariadb.service to /etc/systemd/system/ to be customized (CREATES TIMESTAMPED BACKUPS OF /etc/systemd/system/mariadb.service e.g. IF OPERATOR CUSTOMIZED IT, EVEN DESPITE WARNING BELOW!)
  copy:
    force: yes
    backup: yes
    src: /lib/systemd/system/mariadb.service
    dest: /etc/systemd/system/
  when: mariadb_unit_file.stat.exists
 - name: Symlink /etc/systemd/system/mysql.service -> /etc/systemd/system/mariadb.service
  file:
    state: link
    force: yes
    src: /etc/systemd/system/mariadb.service
    path: /etc/systemd/system/mysql.service
  when: mariadb_unit_file.stat.exists
 - name: Symlink /etc/systemd/system/mysqld.service -> /etc/systemd/system/mariadb.service
  file:
    state: link
    force: yes
    src: /etc/systemd/system/mariadb.service
    path: /etc/systemd/system/mysqld.service
  when: mariadb_unit_file.stat.exists
 - name: "WARN OPERATOR: Changes made to /etc/systemd/system/mariadb.service WILL BE LOST whenever 'mysql' playbook is run"
  lineinfile:
    path: /etc/systemd/system/mariadb.service
    insertbefore: BOF    # Beginning of file
    line: "# WARNING: CHANGES TO THIS FILE WILL BE REGULARLY *OVERWRITTEN* BY:\n# /opt/iiab/iiab/roles/mysql/tasks/main.yml\n"
  when: mariadb_unit_file.stat.exists
 - name: Set systemd boot timeout to 180 seconds for slow machines, in /etc/systemd/system/mariadb.service
  lineinfile:
    path: /etc/systemd/system/mariadb.service
    insertafter: '^\[Service\]$'
    regexp: "^TimeoutStartSec="
    line: "\n# 2019-07-03: @jvonau @holta doubled MariaDB's default boot timeout, from\n# 90 seconds to 180 seconds, for slow machines like this Ubuntu 18.04.2 VM:\n# https://github.com/iiab/iiab/issues/1802\n# https://mariadb.com/kb/en/library/what-to-do-if-mariadb-doesnt-start/#systemd\nTimeoutStartSec=180\n"
    # If the line above were to be run repeatedly (never happens here!) Ansible
    # would pollute MariaDB's systemd unit file.  As multi-line regexp's are
    # not allowed (both regexp's should match, for idempotency).  If nec, use
    # the 1-liner below, or Ansible's 'blockinfile' which pollutes config files
    # in its own way...surrounding blocks with marker lines.
    # line: "TimeoutStartSec=180"
  when: mariadb_unit_file.stat.exists
 # 7 STANZAS BELOW...could later be put into setup.yml or config.yml or or provision.yml ?
 # Name of MySQL service varies by OS, so hardcoded in /opt/iiab/iiab/vars/<OS>.yml (formerly in roles/0-init/tasks/main.yml)
 - name: Start MySQL systemd service ({{ mysql_service }}) to permit configuration
  systemd:
    name: "{{ mysql_service }}"
    daemon_reload: yes
    state: restarted
 - name: Install /root/.my.cnf file from template, with root password credentials
  template:
    src: my.cnf.j2
    dest: /root/.my.cnf
    owner: root
    mode: '0600'
 # 'localhost' needs to be the last item for idempotency, see
 # http://ansible.cc/docs/modules.html#mysql-user
 # unfortunately it still doesn't work
 - name: Update MySQL root password for localhost root accounts
  mysql_user:
    name: root
    host: localhost
    password: "{{ mysql_root_password }}"
    priv: "*.*:ALL,GRANT"
 - name: Update MySQL root password for all remaining root accounts (127.0.0.1, ::1)
  mysql_user:
    name: root
    host: "{{ item }}"
    password: "{{ mysql_root_password }}"
    priv: "*.*:ALL,GRANT"
  with_items:
    #- "{{ iiab_hostname }}.{{ iiab_domain }}"
    - 127.0.0.1
    - ::1
 - name: Delete anonymous MySQL server user for {{ ansible_hostname }}
  mysql_user:
    user: ""
    host: "{{ ansible_hostname }}"
    state: absent
 - name: Delete anonymous MySQL server user for localhost
  mysql_user:
    user: ""
    state: absent
 - name: Remove the MySQL 'test' database
  mysql_db:
    db: test
    state: absent
 # RECORD MySQL AS INSTALLED
 - name: "Set 'mysql_installed: True'"
  set_fact:
    mysql_installed: True
 - name: "Add 'mysql_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^mysql_installed'
    line: 'mysql_installed: True'
--- a/roles/mysql/tasks/main.yml
+++ b/roles/mysql/tasks/main.yml
@ -1,194 +1,46 @@
-# TO DO:
+# "How do i fail a task in Ansible if the variable contains a boolean value?
-# - Validate input vars mysql_install & mysql_enabled
+# I want to perform input validation for Ansible playbooks"
-# - Put ~13 stanzas just below into install.yml
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
 #   - Triggered by... 'when: mysql_installed is undefined'
 #   - Eliminate stale Fedora/CentOS code & gratuitous when: is_debuntu clauses?
 # - Put ~8 stanzas below that into enable-or-disable.yml
- name: 'Install MySQL packages: mariadb-server, mariadb-client, and 8 php packages (debuntu)'
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
-  package:
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
-    name:
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
      - mariadb-server
      - mariadb-client
      - php{{ php_version }}
      - php{{ php_version }}-mysql
      - php-pear
      - php{{ php_version }}-gd
      - php{{ php_version }}-imap
      - php{{ php_version }}-ldap
      - php{{ php_version }}-odbc
      #- php{{ php_version }}-xml
      - php{{ php_version }}-xmlrpc
    state: present
  when: is_debuntu | bool
- name: Install package 'php{{ php_version }}-xml' (debuntu)    # WAS: (ubuntu or debian 9+)
+- name: Assert that "mysql_install is sameas true" (boolean not string etc)
-  package:
+  assert:
-    name: "php{{ php_version }}-xml"
+    that: mysql_install is sameas true
-    state: present
+    fail_msg: "PLEASE SET 'mysql_install: True' e.g. IN: /etc/iiab/local_vars.yml"
-  when: is_debuntu | bool
+    quiet: yes
  #when: is_ubuntu or (is_debian and not is_debian_8)
-#- name: Install php-xml-parser (debian-8)
+- name: Assert that "mysql_enabled | type_debug == 'bool'" (boolean not string etc)
-#  package:
+  assert:
-#    name: php-xml-parser
+    that: mysql_enabled | type_debug == 'bool'
-#    state: present
+    fail_msg: "PLEASE GIVE VARIABLE 'mysql_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
-#  when: is_debian_8 | bool
+    quiet: yes
- name: "Install packages: mysql, MySQL-python and 9 php packages (OS's other than debuntu)"
+- debug:
-  package:
+    var: mysql_install
-    name:
+- debug:
-      - MySQL-python
+    var: mysql_enabled
-      - mysql
+- debug:
-      - php
+    var: mysql_installed
      - php-mysql
      - php-pear
      - php-gd
      - php-imap
      - php-ldap
      - php-odbc
      - php-xml
      - php-xmlrpc
    state: present
  when: not is_debuntu
 - include_tasks: centos.yml
  when: ansible_distribution == "CentOS"
 - include_tasks: fedora.yml
  when: ansible_distribution == "Fedora"
-# 2019-07-03 @jvonau @holta: the next 50 lines (6 stanzas) double MariaDB's
+- name: Install MySQL if 'mysql_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
-# default boot timeout (90s to 180s) for slow CPUs like this Ubuntu 18.04.2 VM:
+  include_tasks: install.yml
-# https://github.com/iiab/iiab/issues/1802
+  when: mysql_installed is undefined
 # https://mariadb.com/kb/en/library/what-to-do-if-mariadb-doesnt-start/#systemd
 - name: Check if /lib/systemd/system/mariadb.service exists
  stat:
    path: /lib/systemd/system/mariadb.service
  register: mariadb_unit_file
 - name: Copy pkg's /lib/systemd/system/mariadb.service to /etc/systemd/system/ to be customized (CREATES TIMESTAMPED BACKUPS OF /etc/systemd/system/mariadb.service e.g. IF OPERATOR CUSTOMIZED IT, EVEN DESPITE WARNING BELOW!)
  copy:
    force: yes
    backup: yes
    src: /lib/systemd/system/mariadb.service
    dest: /etc/systemd/system/
  when: mariadb_unit_file.stat.exists
 - name: Symlink /etc/systemd/system/mysql.service -> /etc/systemd/system/mariadb.service
  file:
    state: link
    force: yes
    src: /etc/systemd/system/mariadb.service
    path: /etc/systemd/system/mysql.service
  when: mariadb_unit_file.stat.exists
 - name: Symlink /etc/systemd/system/mysqld.service -> /etc/systemd/system/mariadb.service
  file:
    state: link
    force: yes
    src: /etc/systemd/system/mariadb.service
    path: /etc/systemd/system/mysqld.service
  when: mariadb_unit_file.stat.exists
 - name: "WARN OPERATOR: Changes made to /etc/systemd/system/mariadb.service WILL BE LOST whenever 'mysql' playbook is run"
  lineinfile:
    path: /etc/systemd/system/mariadb.service
    insertbefore: BOF    # Beginning of file
    line: "# WARNING: CHANGES TO THIS FILE WILL BE REGULARLY *OVERWRITTEN* BY:\n# /opt/iiab/iiab/roles/mysql/tasks/main.yml\n"
  when: mariadb_unit_file.stat.exists
 - name: Set systemd boot timeout to 180 seconds for slow machines, in /etc/systemd/system/mariadb.service
  lineinfile:
    path: /etc/systemd/system/mariadb.service
    insertafter: '^\[Service\]$'
    regexp: "^TimeoutStartSec="
    line: "\n# 2019-07-03: @jvonau @holta doubled MariaDB's default boot timeout, from\n# 90 seconds to 180 seconds, for slow machines like this Ubuntu 18.04.2 VM:\n# https://github.com/iiab/iiab/issues/1802\n# https://mariadb.com/kb/en/library/what-to-do-if-mariadb-doesnt-start/#systemd\nTimeoutStartSec=180\n"
    # If the line above were to be run repeatedly (never happens here!) Ansible
    # would pollute MariaDB's systemd unit file.  As multi-line regexp's are
    # not allowed (both regexp's should match, for idempotency).  If nec, use
    # the 1-liner below, or Ansible's 'blockinfile' which pollutes config files
    # in its own way...surrounding blocks with marker lines.
    # line: "TimeoutStartSec=180"
  when: mariadb_unit_file.stat.exists
-# RECORD MySQL AS INSTALLED
+- name: Enable & Start MySQL ({{ mysql_service }}) systemd service, if mysql_enabled
 - name: "Set 'mysql_installed: True'"
  set_fact:
    mysql_installed: True
 - name: "Add 'mysql_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^mysql_installed'
    line: 'mysql_installed: True'
 # Name of MySQL service varies by OS, so hardcoded in /opt/iiab/iiab/vars/<OS>.yml (formerly in roles/0-init/tasks/main.yml)
 - name: Enable & Start MySQL systemd service ({{ mysql_service }}) if mysql_enabled
  systemd:
    name: "{{ mysql_service }}"
    daemon_reload: yes
-    state: restarted
+    state: started
    enabled: yes
  when: mysql_enabled | bool
- name: Install /root/.my.cnf file from template, with root password credentials, if mysql_enabled
+# We had to start MySQL in order to configure it, now turn if off if not enabled
-  template:
+- name: Disable & Stop MySQL ({{ mysql_service }}) systemd service, if not mysql_enabled
    src: my.cnf.j2
    dest: /root/.my.cnf
    owner: root
    mode: '0600'
  when: mysql_enabled | bool
 # 'localhost' needs to be the last item for idempotency, see
 # http://ansible.cc/docs/modules.html#mysql-user
 # unfortunately it still doesn't work
 - name: Update MySQL root password for localhost root accounts, if mysql_enabled
  mysql_user:
    name: root
    host: localhost
    password: "{{ mysql_root_password }}"
    priv: "*.*:ALL,GRANT"
  when: mysql_enabled | bool
 - name: Update MySQL root password for all remaining root accounts (127.0.0.1, ::1) if mysql_enabled
  mysql_user:
    name: root
    host: "{{ item }}"
    password: "{{ mysql_root_password }}"
    priv: "*.*:ALL,GRANT"
  with_items:
    #- "{{ iiab_hostname }}.{{ iiab_domain }}"
    - 127.0.0.1
    - ::1
  when: mysql_enabled | bool
 - name: Delete anonymous MySQL server user for {{ ansible_hostname }}, if mysql_enabled
  mysql_user:
    user: ""
    host: "{{ ansible_hostname }}"
    state: absent
  when: mysql_enabled | bool
 - name: Delete anonymous MySQL server user for localhost, if mysql_enabled
  mysql_user:
    user: ""
    state: absent
  when: mysql_enabled | bool
 - name: Remove the MySQL 'test' database, if mysql_enabled
  mysql_db:
    db: test
    state: absent
  when: mysql_enabled | bool
 # we had to start mysql in order to configure it, now turn if off if not enabled
 - name: Config is done but now DISABLE MySQL service, if not mysql_enabled
  systemd:
    name: "{{ mysql_service }}"
    enabled: no
@ -198,7 +50,7 @@
 - name: Add 'mysql' variable values to {{ iiab_ini_file }}
  ini_file:
-    path: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
    section: mysql
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
--- a/roles/network/tasks/computed_network.yml
+++ b/roles/network/tasks/computed_network.yml
@ -174,14 +174,14 @@
 - name: Record IIAB_WAN_DEVICE to {{ iiab_env_file }}
  lineinfile:
-    dest: "{{ iiab_env_file }}"
+    path: "{{ iiab_env_file }}"
    regexp: '^IIAB_WAN_DEVICE=*'
    line: 'IIAB_WAN_DEVICE="{{ iiab_wan_iface }}"'
  when: not installing   #REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml
 - name: Record IIAB_LAN_DEVICE to {{ iiab_env_file }}
  lineinfile:
-    dest: "{{ iiab_env_file }}"
+    path: "{{ iiab_env_file }}"
    regexp: '^IIAB_LAN_DEVICE=*'
    line: 'IIAB_LAN_DEVICE="{{ iiab_lan_iface }}"'
    state: present
--- a/roles/network/tasks/dansguardian.yml
+++ b/roles/network/tasks/dansguardian.yml
@ -50,6 +50,6 @@
 - name: "Add 'dansguardian_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^dansguardian_installed'
    line: 'dansguardian_installed: True'
--- a/roles/network/tasks/dhcpd.yml
+++ b/roles/network/tasks/dhcpd.yml
@ -56,6 +56,6 @@
 - name: "Add 'dhcpd_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^dhcpd_installed'
    line: 'dhcpd_installed: True'
--- a/roles/network/tasks/enable_services.yml
+++ b/roles/network/tasks/enable_services.yml
@ -174,7 +174,7 @@
 - name: Revert to 'HTTPCACHE_ON=False' if not squid_enabled
  lineinfile:
-    dest: "{{ iiab_env_file }}"
+    path: "{{ iiab_env_file }}"
    regexp: '^HTTPCACHE_ON=*'
    line: 'HTTPCACHE_ON=False'
    state: present
--- a/roles/network/tasks/hostapd.yml
+++ b/roles/network/tasks/hostapd.yml
@ -63,7 +63,7 @@
 - name: Record HOSTAPD_ENABLED to {{ iiab_env_file }}
  lineinfile:
-    dest: "{{ iiab_env_file }}"
+    path: "{{ iiab_env_file }}"
    regexp: '^HOSTAPD_ENABLED=*'
    line: 'HOSTAPD_ENABLED={{ hostapd_enabled }}'
    state: present
--- a/roles/network/tasks/named.yml
+++ b/roles/network/tasks/named.yml
@ -79,7 +79,7 @@
 - name: "Add 'named_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^named_installed'
    line: 'named_installed: True'
--- a/roles/network/tasks/squid.yml
+++ b/roles/network/tasks/squid.yml
@ -82,7 +82,7 @@
 - name: "Add 'squid_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^squid_installed'
    line: 'squid_installed: True'
--- a/roles/network/tasks/wondershaper.yml
+++ b/roles/network/tasks/wondershaper.yml
@ -40,7 +40,7 @@
 - name: "Add 'wondershaper_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^wondershaper_installed'
    line: 'wondershaper_installed: True'
--- a/roles/nextcloud/tasks/apache.yml
+++ b/roles/nextcloud/tasks/apache.yml
@ -6,7 +6,7 @@
  command: a2dissite nextcloud.conf
  when: not nextcloud_enabled
- name: Restart '{{ apache_service }}' systemd service
+- name: (Re)Start '{{ apache_service }}' systemd service
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
    state: restarted
--- a/roles/nextcloud/tasks/install.yml
+++ b/roles/nextcloud/tasks/install.yml
@ -188,6 +188,6 @@
 - name: "Add 'nextcloud_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^nextcloud_installed'
    line: 'nextcloud_installed: True'
--- a/roles/nextcloud/tasks/nginx.yml
+++ b/roles/nextcloud/tasks/nginx.yml
@ -1,10 +1,10 @@
- name: "SHIM: Enable http://box{{ nextcloud_url }} via NGINX, by installing {{ nginx_conf_dir }}/nextcloud-nginx.conf from template"    # http://box/nextcloud
+- name: Enable http://box{{ nextcloud_url }} via NGINX, by installing {{ nginx_conf_dir }}/nextcloud-nginx.conf from template    # http://box/nextcloud
  template:
    src: nextcloud-nginx.conf.j2
    dest: "{{ nginx_conf_dir }}/nextcloud-nginx.conf"    # /etc/nginx/conf.d
  when: nextcloud_enabled | bool
- name: "SHIM: Disable http://box{{ nextcloud_url }} via NGINX, by removing {{ nginx_conf_dir }}/nextcloud-nginx.conf"    # http://box/nextcloud
+- name: Disable http://box{{ nextcloud_url }} via NGINX, by removing {{ nginx_conf_dir }}/nextcloud-nginx.conf    # http://box/nextcloud
  file:
    path: "{{ nginx_conf_dir }}/nextcloud-nginx.conf"    # /etc/nginx/conf.d
    state: absent
--- a/roles/nginx/README.md
+++ b/roles/nginx/README.md
@ -1,6 +1,6 @@
 ### Transition to NGINX
-1. Initial testing strategy (December 2019 - January 2020) is to move NGINX to [port 80](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services), and proxy everything to Apache on [port 8090](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) &mdash; creating "Shims" for each IIAB App/Service in *Section iii.* below.
+1. Initial testing strategy (December 2019 - February 2020) is to move NGINX to [port 80](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services), and proxy everything to Apache on [port 8090](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) &mdash; creating "Shims" for each IIAB App/Service in *Section iii.* below.
   Until "Native" NGINX is later implemented for that IIAB App/Service &mdash; allowing it to move up to *Section ii.* below.
@ -10,20 +10,21 @@
 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX.
-3. Current state of IIAB App/Service migrations as of 2020-01-24:
+3. Current state of IIAB App/Service migrations as of 2020-02-04:
   1. These support "Native" NGINX but ***NOT*** Apache
      * Admin Console
      * captiveportal
      * IIAB documentation (http://box/info)
      * osm-vector-maps
-      * RACHEL-like modules
+      * OER2Go/RACHEL modules
-      * usb-lib
+      * usb-lib [*]
   2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!)  Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service.  But if you want to attempt their "Shim" proxying legacy testing mode, change your *primary web server* over to Apache by setting `nginx_enabled: False` in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) (which will [auto-enable Apache](../0-init/tasks/main.yml#L40-L44) for your testing).
      * awstats
      * calibre-web
      * gitea
-      * kiwix
+      * kiwix [*]
      * kolibri
      * mediawiki
      * munin
@ -31,13 +32,18 @@
      * wordpress
   3. These support Apache but ***NOT*** "Native" NGINX.  They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090.  See [roles/0-init/tasks/main.yml#L40-L44](../0-init/tasks/main.yml#L40-L44) for a list of these IIAB Apps/Services, that auto-enable Apache.
      * dokuwiki ([#2056](https://github.com/iiab/iiab/issues/2056))
      * elgg
      * lokole
      * moodle
-      * nextcloud ([PR #2119](https://github.com/iiab/iiab/pull/2119))
+      * nextcloud ([PR #2119](https://github.com/iiab/iiab/pull/2119)) [*]
      * nodered
-   4. Not Yet Dealt With!
+   4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations).  In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite)
      * calibre (menu goes directly to port 8080) [*]
      * internetarchive (menu goes directly to port 4244, [PR #2120](https://github.com/iiab/iiab/pull/2120))
-      * kalite (menu goes directly to ports 8006-8008)
+      * kalite (menu goes directly to ports 8006-8008) [*]
      * minetest [*]
      * openvpn [*]
      * pbx
 [*] Apache, NGINX and the 7 starred roles above could use improvement as of 2020-02-04.
--- a/roles/nginx/tasks/install.yml
+++ b/roles/nginx/tasks/install.yml
@ -52,6 +52,6 @@
 - name: "Add 'nginx_installed: True' to {{ iiab_state_file }}"
  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^nginx_installed'
    line: 'nginx_installed: True'
--- a/roles/nodejs/tasks/install.yml
+++ b/roles/nodejs/tasks/install.yml
@ -0,0 +1,154 @@
 # 1. TEST IF Node.js ALEADY INSTALLED & WARN AS NEC
 # 2019-02-03: BELOW TESTS IF 'nodejs' VERSION IS ALREADY INSTALLED:
 # IF SO & THIS DOESN'T MATCH nodejs_version AS SET IN defaults_vars.yml
 # AND/OR local_vars.yml, INSTALL HALTS WITH AN EXPLANATION (PR #1447)
 # 2019-07-04: FOR A SOMEWHAT MORE MODERN "VERSION DETECTOR" SEE:
 # github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml#L1-L40
 - name: Try to run 'nodejs -v' to get Node.js version
  # 'node -v' doesn't work with older versions e.g. Ubuntu 16.04's nodejs 4.2.6
  # Both below convert v10.15.1 to 10.x, but this is safer: (removes non-digits)
  shell: nodejs -v | sed 's/[^0-9]*//' | sed 's/[^0-9].*/.x/'
  #shell: nodejs -v | sed 's/^[vV]//' | sed 's/\..*/.x/'
  register: nodejs_version_installed
 #- debug:
 #    var: nodejs_version_installed
 # When nodejs is NOT installed:
 # nodejs_version_installed.rc == 0    # Crazy with stderr below, "due to pipes"
 # nodejs_version_installed.stdout == ""
 # nodejs_version_installed.stderr == "/bin/sh: 1: nodejs: not found"
 # BOTH ABOVE (incl non-null stderr) are USED BELOW to confirm install is nec!
 #- name: "ENFORCE PRECONDITION: Stop installing (intentionally fail) IF an installed 'nodejs' version isn't {{ nodejs_version }}"
 #  fail:
 #    msg: >
 #      PLEASE REMOVE 'nodejs' VERSION {{ nodejs_version_installed.stdout }} AS
 #      IT DOES NOT MATCH THE REQUIRED nodejs_version: {{ nodejs_version }} --
 #      as set in /opt/iiab/iiab/vars/default_vars.yml and/or
 #      /etc/iiab/local_vars.yml -- then re-run this IIAB installer.
 #  when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stderr == ""
 # Forces < 12 or > 12 to be removed, ignored if file is absent
 - name: Remove /etc/apt/sources.list.d/nodesource.list if nodejs_version_installed.stdout is not {{ nodejs_version }}
  file:
    state: absent
    path: /etc/apt/sources.list.d/nodesource.list
  when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != ""
 # BRUTAL but ensures consistency across OS's / distros like Raspbian Desktop & Ubermix that often include an older version of Node.js
 # Forces < 12 or > 12 to be uninstalled
 - name: ASK apt/yum/dnf TO REMOVE PRE-EXISTING Node.js {{ nodejs_version_installed.stdout }} (IF IT'S NOT {{ nodejs_version }})
  package:
    name: nodejs
    state: absent
  when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != ""
 # Forces == 12
 - name: Warn if Node.js {{ nodejs_version}} already installed & might be updated
  debug:
    msg: "WARN: YOUR Node.js {{ nodejs_version }} MIGHT NOW BE UPDATED USING nodesource.com"
  when: nodejs_version_installed is defined and nodejs_version_installed.stdout == nodejs_version
 # 2. INSTALL Node.js USING nodesource.com
 # 2019-02-12: Should not be nec, as stanza below it should overwrite
 # /etc/apt/sources.list.d/nodesource.list regardless!
 #
 #- name: Clear prior /etc/apt/sources.list.d/nodesource.list (permitting Node.js downgrade if nec)
 #  file:
 #    path: /etc/apt/sources.list.d/nodesource.list
 #    state: absent
 #  when: internet_available and is_debuntu
 - name: Set up Node.js {{ nodejs_version }} apt sources (debuntu)
  shell: curl -sL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash -
  args:
    warn: no
    creates: /etc/apt/sources.list.d/nodesource.list
  when: internet_available and is_debuntu
  #when: internet_available and (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17)
  # NOT NEC TO TEST FOR is_raspbian_8 OR is_raspbian_9 AS /opt/iiab/iiab/vars/<OS>.yml
  # DEFINES THESE AS SUBSETS OF is_debian_8 OR is_debian_9 (FOR NOW!)
 # 2019-03-29: Above works on Debian 10 Buster pre-releases, but fails on Ubuntu
 # 19.04 Beta.  Comment it out for now, and manually run: "apt install npm" then
 # "npm install -g npm@latest" (all *SHOULD* be magically fixed by 2019-04-18 ?)
 # Forces update
 - name: Install latest Node.js {{ nodejs_version }} which includes /usr/bin/npm (debuntu)
  package:
    #name: nodejs={{ nodejs_version }}
    name: nodejs
    state: latest
    #state: present
  when: internet_available and is_debuntu
  #when: internet_available and (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17)
 - name: Set up & install Node.js {{ nodejs_version }} which includes /usr/bin/npm (redhat)
  shell: curl -sL https://rpm.nodesource.com/setup_{{ nodejs_version }} | bash -
  args:
    warn: no
  when: internet_available and is_redhat
 # 2018-07-14: BOTH STEPS ABOVE TAKE TIME, but Raspbian (apt offers npm
 # 1.4.21) & Debian 9 (apt offers no npm!) STILL NEED the above
 # nodesource.com approach to get a version of npm that works with Sugarizer:
 # https://github.com/iiab/iiab/issues/798#issuecomment-404324530
 #
 # MORE POSITIVELY: this nodesource.com approach (brings in npm 5.6.0 with
 # nodejs 8.11.3 for now, to any OS) would also work on Ubuntu 18.04, and
 # might even bring about a sane consistency across mainline OS's?
 #
 # BUT FOR NOW: Ubuntu 18.04's apt (approach below) brings in npm 3.5.2,
 # which appears suffic "SO FAR"?  18.04's nodejs 8.10.0 is more reassuring!
 #
 # CRAZY IDEA: most versions of npm can upgrade themselves to the latest
 # (6.2.0 for now) using command "npm install -g npm", if that helps us in
 # future, e.g. TK's memory issue etc?  If so, be CAREFUL this puts npm
 # in /usr/local/bin on Ubuntu 18.04 -- unlike Ubuntu 16.04 and Raspbian
 # where it upgrades /usr/bin/npm in place:
 # https://askubuntu.com/questions/1036278/npm-is-incorrect-version-on-latest-ubuntu-18-04-installation
 # 2019-02-03: OLD WAY (PRIOR TO 2019) BELOW.  Since then, @m-anish helped
 # us standardize on the above nodesource.com approach i.e.
 # https://github.com/nodesource/distributions#debinstall ...across all
 # distros (so nodejs & npm always findable in /usr/bin, for Node-RED etc)
 # - name: Install packages nodejs {{ nodejs_version }} and npm (debuntu distros AFTER 2017, or other distros)
 #   package:
 #     name:
 #       - nodejs={{ nodejs_version }}    # Nec to change above from 'package:' to 'apt:' ?
 #       - npm
 #     state: latest
 #   when: internet_available and not (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17)
 # 2019-01-16: fyi Node.js 10.x became "LTS" on 2018-10-30 but distros are
 # holding back for now: certainly Ubuntu 18.04 and even Debian 10/Buster
 # ("testing" branch) both install Node.js 8.x (instead of 10.x).  While the
 # more bleeding-edge Debian Sid ("unstable" branch) does install Node.js 10.x
 #
 # This May Change: thanks all for running "apt -a list nodejs" on Buster's
 # daily builds @ www.debian.org/devel/debian-installer/ and Disco Dingo (Ubuntu
 # 19.04) https://launchpad.net/ubuntu/+source/nodejs to keep us informed!
 # 2019-03-29: Debian 10 Buster & Ubuntu 19.04 pre-releases made the jump
 # thankfully; currently both offer Node.js 10.15.2
 # 3. RECORD Node.js AS INSTALLED
 - name: "Set 'nodejs_installed: True'"
  set_fact:
    nodejs_installed: True
 - name: "Add 'nodejs_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^nodejs_installed'
    line: 'nodejs_installed: True'
--- a/roles/nodejs/tasks/main.yml
+++ b/roles/nodejs/tasks/main.yml
@ -1,164 +1,57 @@
-# 2019-02-12: SEE VAR nodejs_version: 10.x (FOR NOW!) IN vars/default_vars.yml
+# SEE VAR nodejs_version: 12.x IN /opt/iiab/iiab/vars/default_vars.yml (FOR
-# AND IF NEC OVERRIDE THIS IN /etc/iiab/local_vars.yml
+# NOW!) AND IF NEC OVERRIDE THIS IN /etc/iiab/local_vars.yml
-# Duplicate Node.js code unified by @jvonau.  Revised by @holta.  Now used by:
+# Duplicate Node.js code unified by @jvonau.  Revised by @holta.  Used by:
-#  roles/nodered/tasks/main.yml   w/ roles/nodered/meta/main.yml
+#  roles/nodered/tasks/*.yml   formerly w/ roles/nodered/meta/main.yml
-#  roles/pbx/tasks/main.yml       w/ roles/pbx/meta/main.yml (Asterisk/FreePBX)
+#  roles/pbx/tasks/*.yml       formerly w/ roles/pbx/meta/main.yml (Asterisk/FreePBX)
-#  roles/sugarizer/tasks/main.yml w/ roles/sugarizer/meta/main.yml
+#  roles/sugarizer/tasks/*.yml formerly w/ roles/sugarizer/meta/main.yml
-# 1. TEST IF Node.js ALEADY INSTALLED & WARN AS NEC
+# "How do i fail a task in Ansible if the variable contains a boolean value?
 # I want to perform input validation for Ansible playbooks"
 # https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
-# 2019-02-03: BELOW TESTS IF 'nodejs' VERSION IS ALREADY INSTALLED:
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
-# IF SO & THIS DOESN'T MATCH nodejs_version AS SET IN defaults_vars.yml
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
-# AND/OR local_vars.yml, INSTALL HALTS WITH AN EXPLANATION (PR #1447)
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
-# 2019-07-04: FOR A SOMEWHAT MORE MODERN "VERSION DETECTOR" SEE:
+- name: Assert that "nodejs_install is sameas true" (boolean not string etc)
-# github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml#L1-L40
+  assert:
    that: nodejs_install is sameas true
    fail_msg: "PLEASE SET 'nodejs_install: True' e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
- name: Try to run 'nodejs -v' to get Node.js version
+- name: Assert that "nodejs_enabled | type_debug == 'bool'" (boolean not string etc)
-  # 'node -v' doesn't work with older versions e.g. Ubuntu 16.04's nodejs 4.2.6
+  assert:
-  # Both below convert v10.15.1 to 10.x, but this is safer: (removes non-digits)
+    that: nodejs_enabled | type_debug == 'bool'
-  shell: nodejs -v | sed 's/[^0-9]*//' | sed 's/[^0-9].*/.x/'
+    fail_msg: "PLEASE GIVE VARIABLE 'nodejs_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
-  #shell: nodejs -v | sed 's/^[vV]//' | sed 's/\..*/.x/'
+    quiet: yes
  register: nodejs_version_installed
-#- debug:
+- debug:
-#    var: nodejs_version_installed
+    var: nodejs_install
-
+- debug:
-# When nodejs is NOT installed:
+    var: nodejs_enabled
-# nodejs_version_installed.rc == 0    # Crazy with stderr below, "due to pipes"
+- debug:
-# nodejs_version_installed.stdout == ""
+    var: nodejs_installed
 # nodejs_version_installed.stderr == "/bin/sh: 1: nodejs: not found"
 # BOTH ABOVE (incl non-null stderr) are USED BELOW to confirm install is nec!
 #- name: "ENFORCE PRECONDITION: Stop installing (intentionally fail) IF an installed 'nodejs' version isn't {{ nodejs_version }}"
 #  fail:
 #    msg: >
 #      PLEASE REMOVE 'nodejs' VERSION {{ nodejs_version_installed.stdout }} AS
 #      IT DOES NOT MATCH THE REQUIRED nodejs_version: {{ nodejs_version }} --
 #      as set in /opt/iiab/iiab/vars/default_vars.yml and/or
 #      /etc/iiab/local_vars.yml -- then re-run this IIAB installer.
 #  when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stderr == ""
 # Forces < 12 or > 12 to be removed, ignored if file is absent
 - name: Remove /etc/apt/sources.list.d/nodesource.list if nodejs_version_installed.stdout is not {{ nodejs_version }}
  file:
    state: absent
    path: /etc/apt/sources.list.d/nodesource.list
  when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != ""
 # BRUTAL but ensures consistency across OS's / distros like Raspbian Desktop & Ubermix that often include an older version of Node.js
 # Forces < 12 or > 12 to be uninstalled
 - name: ASK apt/yum/dnf TO REMOVE PRE-EXISTING Node.js {{ nodejs_version_installed.stdout }} (IF IT'S NOT {{ nodejs_version }})
  package:
    name: nodejs
    state: absent
  when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != ""
 # Forces == 12
 - name: Warn if Node.js {{ nodejs_version}} already installed & might be updated
  debug:
    msg: "WARN: YOUR Node.js {{ nodejs_version }} MIGHT NOW BE UPDATED USING nodesource.com"
  when: nodejs_version_installed is defined and nodejs_version_installed.stdout == nodejs_version
-# 2. INSTALL Node.js USING nodesource.com
+- name: Install Node.js if 'nodejs_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
-
+  include_tasks: install.yml
-# 2019-02-12: Should not be nec, as stanza below it should overwrite
+  when: nodejs_installed is undefined
 # /etc/apt/sources.list.d/nodesource.list regardless!
 #
 #- name: Clear prior /etc/apt/sources.list.d/nodesource.list (permitting Node.js downgrade if nec)
 #  file:
 #    path: /etc/apt/sources.list.d/nodesource.list
 #    state: absent
 #  when: internet_available and is_debuntu
 - name: Set up Node.js {{ nodejs_version }} apt sources (debuntu)
  shell: curl -sL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash -
  args:
    warn: no
    creates: /etc/apt/sources.list.d/nodesource.list
  when: internet_available and is_debuntu
  #when: internet_available and (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17)
  # NOT NEC TO TEST FOR is_raspbian_8 OR is_raspbian_9 AS /opt/iiab/iiab/vars/<OS>.yml
  # DEFINES THESE AS SUBSETS OF is_debian_8 OR is_debian_9 (FOR NOW!)
 # 2019-03-29: Above works on Debian 10 Buster pre-releases, but fails on Ubuntu
 # 19.04 Beta.  Comment it out for now, and manually run: "apt install npm" then
 # "npm install -g npm@latest" (all *SHOULD* be magically fixed by 2019-04-18 ?)
 # Forces update
 - name: Install latest Node.js {{ nodejs_version }} which includes /usr/bin/npm (debuntu)
  package:
    #name: nodejs={{ nodejs_version }}
    name: nodejs
    state: latest
    #state: present
  when: internet_available and is_debuntu
  #when: internet_available and (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17)
 - name: Set up & install Node.js {{ nodejs_version }} which includes /usr/bin/npm (redhat)
  shell: curl -sL https://rpm.nodesource.com/setup_{{ nodejs_version }} | bash -
  args:
    warn: no
  when: internet_available and is_redhat
-# 2018-07-14: BOTH STEPS ABOVE TAKE TIME, but Raspbian (apt offers npm
+- name: Add 'nodejs' variable values to {{ iiab_ini_file }}
-# 1.4.21) & Debian 9 (apt offers no npm!) STILL NEED the above
+  ini_file:
-# nodesource.com approach to get a version of npm that works with Sugarizer:
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab_state.yml
-# https://github.com/iiab/iiab/issues/798#issuecomment-404324530
+    section: nodejs
-#
+    option: "{{ item.option }}"
-# MORE POSITIVELY: this nodesource.com approach (brings in npm 5.6.0 with
+    value: "{{ item.value | string }}"
-# nodejs 8.11.3 for now, to any OS) would also work on Ubuntu 18.04, and
+  with_items:
-# might even bring about a sane consistency across mainline OS's?
+    - option: name
-#
+      value: Node.js
-# BUT FOR NOW: Ubuntu 18.04's apt (approach below) brings in npm 3.5.2,
+    - option: description
-# which appears suffic "SO FAR"?  18.04's nodejs 8.10.0 is more reassuring!
+      value: '"Node.js is a JavaScript runtime environment built on Chrome''s V8 JavaScript engine, that executes JavaScript code outside of a browser."'
-#
+    - option: nodejs_install
-# CRAZY IDEA: most versions of npm can upgrade themselves to the latest
+      value: "{{ nodejs_install }}"
-# (6.2.0 for now) using command "npm install -g npm", if that helps us in
+    - option: nodejs_enabled
-# future, e.g. TK's memory issue etc?  If so, be CAREFUL this puts npm
+      value: "{{ nodejs_enabled }}"
 # in /usr/local/bin on Ubuntu 18.04 -- unlike Ubuntu 16.04 and Raspbian
 # where it upgrades /usr/bin/npm in place:
 # https://askubuntu.com/questions/1036278/npm-is-incorrect-version-on-latest-ubuntu-18-04-installation
 # 2019-02-03: OLD WAY (PRIOR TO 2019) BELOW.  Since then, @m-anish helped
 # us standardize on the above nodesource.com approach i.e.
 # https://github.com/nodesource/distributions#debinstall ...across all
 # distros (so nodejs & npm always findable in /usr/bin, for Node-RED etc)
 # - name: Install packages nodejs {{ nodejs_version }} and npm (debuntu distros AFTER 2017, or other distros)
 #   package:
 #     name:
 #       - nodejs={{ nodejs_version }}    # Nec to change above from 'package:' to 'apt:' ?
 #       - npm
 #     state: latest
 #   when: internet_available and not (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17)
 # 2019-01-16: fyi Node.js 10.x became "LTS" on 2018-10-30 but distros are
 # holding back for now: certainly Ubuntu 18.04 and even Debian 10/Buster
 # ("testing" branch) both install Node.js 8.x (instead of 10.x).  While the
 # more bleeding-edge Debian Sid ("unstable" branch) does install Node.js 10.x
 #
 # This May Change: thanks all for running "apt -a list nodejs" on Buster's
 # daily builds @ www.debian.org/devel/debian-installer/ and Disco Dingo (Ubuntu
 # 19.04) https://launchpad.net/ubuntu/+source/nodejs to keep us informed!
 # 2019-03-29: Debian 10 Buster & Ubuntu 19.04 pre-releases made the jump
 # thankfully; currently both offer Node.js 10.15.2
 # 3. RECORD Node.js AS INSTALLED
 - name: "Set 'nodejs_installed: True'"
  set_fact:
    nodejs_installed: True
 - name: "Add 'nodejs_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^nodejs_installed'
    line: 'nodejs_installed: True'
--- a/Show more
+++ b/Show more
		`@ -0,0 +1,2 @@`
							`# 2020-02-04: Let's try to get http://box/archive working with NGINX, using`
							`# this file. BACKGROUND: https://github.com/iiab/iiab/pull/2120`