mirror of
https://github.com/iiab/iiab.git
synced 2025-02-15 04:32:11 +00:00
Merge pull request #891 from holta/dnsmasq-pr870-cleanup
PR870 cleanup for understandability (dnsmasq, Captive Portal)
This commit is contained in:
A Holt
GitHub
commit
183b407565
4 changed files with 138 additions and 101 deletions
|
|
@ -1,4 +1,3 @@
|
||||||
---
|
|
||||||
# Defaults for network detection
|
# Defaults for network detection
|
||||||
wireless_lan_present: False
|
wireless_lan_present: False
|
||||||
strict_networking: False
|
strict_networking: False
|
||||||
|
|
@ -19,14 +18,14 @@ discovered_lan_iface: "none"
|
||||||
discovered_wired_iface: "none"
|
discovered_wired_iface: "none"
|
||||||
discovered_wireless_iface: "none"
|
discovered_wireless_iface: "none"
|
||||||
|
|
||||||
#Redhat
|
# Red Hat
|
||||||
#iiab_wired_lan_iface: "none"
|
#iiab_wired_lan_iface: "none"
|
||||||
#iiab_wireless_lan_iface: "none"
|
#iiab_wireless_lan_iface: "none"
|
||||||
has_WAN: False
|
has_WAN: False
|
||||||
has_ifcfg_gw: "none"
|
has_ifcfg_gw: "none"
|
||||||
has_wifi_gw: "none"
|
has_wifi_gw: "none"
|
||||||
|
|
||||||
#Debian
|
# Debian
|
||||||
dhcpcd_result: ""
|
dhcpcd_result: ""
|
||||||
wan_in_interfaces: False
|
wan_in_interfaces: False
|
||||||
network_manager_active: False
|
network_manager_active: False
|
||||||
|
|
@ -39,7 +38,7 @@ gui_desired_network_role: Gateway
|
||||||
wondershaper_dspeed: "4096"
|
wondershaper_dspeed: "4096"
|
||||||
wondershaper_upspeed: "1024"
|
wondershaper_upspeed: "1024"
|
||||||
|
|
||||||
# WiFi
|
# Wi-Fi
|
||||||
host_ssid: IIAB
|
host_ssid: IIAB
|
||||||
hostapd_wait: 1
|
hostapd_wait: 1
|
||||||
host_wifi_mode: g
|
host_wifi_mode: g
|
||||||
|
|
@ -63,16 +62,18 @@ network_config_dir: /etc/network/interfaces.d
|
||||||
dns_jail_enabled: False
|
dns_jail_enabled: False
|
||||||
services_externally_visible: False
|
services_externally_visible: False
|
||||||
|
|
||||||
# following variables set for old apache,dhcpd,named usage
|
# Following variables set for old Apache, dhcpd, named usage
|
||||||
dhcpd_install: True
|
dhcpd_install: True
|
||||||
dhcpd_enabled: True
|
dhcpd_enabled: True
|
||||||
named_install: True
|
named_install: True
|
||||||
named_enabled: True
|
named_enabled: True
|
||||||
dnsmasq_enabled: False
|
dnsmasq_enabled: False
|
||||||
dnsmasq_install: False
|
dnsmasq_install: False
|
||||||
|
|
||||||
|
# For @tim-moody's Nodogsplash approach to Captive Portal? High experimental as of June 2018: github.com/iiab/iiab/issues/608
|
||||||
captive_portal_enabled: False
|
captive_portal_enabled: False
|
||||||
|
|
||||||
# for simple python captive portal
|
# Simple python Captive Portal, that @m-anish & @jvonau are experimenting with in July 2018: github.com/iiab/iiab/pull/870
|
||||||
py_captive_portal_install: True
|
py_captive_portal_install: True
|
||||||
py_captive_portal_enabled: True
|
py_captive_portal_enabled: True
|
||||||
py_captive_portal_port: "9090"
|
py_captive_portal_port: "9090"
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,10 @@
|
||||||
- name: Create directory for captive portal script
|
- name: Create directory for Captive Portal script
|
||||||
file: path=/opt/iiab/captive-portal state=directory
|
file:
|
||||||
|
path: /opt/iiab/captive-portal
|
||||||
|
state: directory
|
||||||
when: py_captive_portal_install
|
when: py_captive_portal_install
|
||||||
|
|
||||||
- name: Copy captive portal script
|
- name: Copy Captive Portal script
|
||||||
template:
|
template:
|
||||||
src: roles/network/templates/captive_portal/captive_portal.py.j2
|
src: roles/network/templates/captive_portal/captive_portal.py.j2
|
||||||
dest: /opt/iiab/captive-portal/captive_portal.py
|
dest: /opt/iiab/captive-portal/captive_portal.py
|
||||||
|
|
@ -11,7 +13,7 @@
|
||||||
mode: 0740
|
mode: 0740
|
||||||
when: py_captive_portal_install
|
when: py_captive_portal_install
|
||||||
|
|
||||||
- name: Copy captive portal service file
|
- name: Copy Captive Portal service file
|
||||||
template:
|
template:
|
||||||
src: roles/network/templates/captive_portal/captive_portal.service.j2
|
src: roles/network/templates/captive_portal/captive_portal.service.j2
|
||||||
dest: /etc/systemd/system/captive_portal.service
|
dest: /etc/systemd/system/captive_portal.service
|
||||||
|
|
@ -21,17 +23,25 @@
|
||||||
when: py_captive_portal_install
|
when: py_captive_portal_install
|
||||||
|
|
||||||
- name: Enable captive_portal after copying files
|
- name: Enable captive_portal after copying files
|
||||||
service: name=captive_portal.service enabled=yes
|
service:
|
||||||
|
name: captive_portal.service
|
||||||
|
enabled: yes
|
||||||
when: py_captive_portal_install and py_captive_portal_enabled
|
when: py_captive_portal_install and py_captive_portal_enabled
|
||||||
|
|
||||||
- name: Start captive_portal after copying files
|
- name: Start captive_portal after copying files
|
||||||
service: name=captive_portal.service state=started
|
service:
|
||||||
|
name: captive_portal.service
|
||||||
|
state: started
|
||||||
when: py_captive_portal_install and py_captive_portal_enabled
|
when: py_captive_portal_install and py_captive_portal_enabled
|
||||||
|
|
||||||
- name: Disable captive_portal after copying files
|
- name: Disable captive_portal after copying files
|
||||||
service: name=captive_portal.service enabled=no
|
service:
|
||||||
|
name: captive_portal.service
|
||||||
|
enabled: no
|
||||||
when: py_captive_portal_install and py_captive_portal_enabled
|
when: py_captive_portal_install and py_captive_portal_enabled
|
||||||
|
|
||||||
- name: Stop captive_portal after copying files
|
- name: Stop captive_portal after copying files
|
||||||
service: name=captive_portal.service state=started
|
service:
|
||||||
|
name: captive_portal.service
|
||||||
|
state: started
|
||||||
when: py_captive_portal_install and py_captive_portal_enabled
|
when: py_captive_portal_install and py_captive_portal_enabled
|
||||||
|
|
|
||||||
|
|
@ -1,157 +1,181 @@
|
||||||
- name: Disable dhcpd service
|
- name: Disable dhcpd service
|
||||||
service: name=dhcpd
|
service:
|
||||||
enabled=no
|
name: dhcpd
|
||||||
|
enabled: no
|
||||||
when: not dhcpd_enabled and dhcpd_install
|
when: not dhcpd_enabled and dhcpd_install
|
||||||
|
|
||||||
# service is restarted with NM dispatcher.d script
|
# service is restarted with NM dispatcher.d script
|
||||||
- name: Enable dhcpd service
|
- name: Enable dhcpd service
|
||||||
service: name=dhcpd
|
service:
|
||||||
enabled=yes
|
name: dhcpd
|
||||||
|
enabled: yes
|
||||||
when: dhcpd_enabled and dhcpd_install
|
when: dhcpd_enabled and dhcpd_install
|
||||||
|
|
||||||
- name: Copy /etc/sysconfig/dhcpd file
|
- name: Copy /etc/sysconfig/dhcpd file
|
||||||
template: src={{ item.src }}
|
template:
|
||||||
dest={{ item.dest }}
|
src: "{{ item.src }}"
|
||||||
owner=root
|
dest: "{{ item.dest }}"
|
||||||
group=root
|
owner: root
|
||||||
mode={{ item.mode }}
|
group: root
|
||||||
|
mode: "{{ item.mode }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { src: 'dhcp/dhcpd-env.j2' , dest: '/etc/sysconfig/dhcpd' , mode: '0644' }
|
- { src: 'dhcp/dhcpd-env.j2', dest: '/etc/sysconfig/dhcpd', mode: '0644' }
|
||||||
- { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf', mode: '0644' }
|
- { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf', mode: '0644' }
|
||||||
when: dhcpd_enabled and dhcpd_install
|
when: dhcpd_enabled and dhcpd_install
|
||||||
|
|
||||||
- name: Copy named file
|
- name: Copy named file
|
||||||
template: src={{ item.src }}
|
template:
|
||||||
dest={{ item.dest }}
|
src: "{{ item.src }}"
|
||||||
owner=root
|
dest: "{{ item.dest }}"
|
||||||
group=root
|
owner: root
|
||||||
mode={{ item.mode }}
|
group: root
|
||||||
|
mode: "{{ item.mode }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { src: 'named/named-iiab.conf.j2' , dest: '/etc/named-iiab.conf' , mode: '0644' }
|
- { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', mode: '0644' }
|
||||||
- { src: 'named/school.local.zone.db' , dest: '/var/named-iiab/' , mode: '0644' }
|
- { src: 'named/school.local.zone.db', dest: '/var/named-iiab/', mode: '0644' }
|
||||||
- { src: 'named/school.internal.zone.db' , dest: '/var/named-iiab/' , mode: '0644' }
|
- { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/', mode: '0644' }
|
||||||
|
|
||||||
- name: Enable named service
|
- name: Enable named service
|
||||||
service: name={{ dns_service }}
|
service:
|
||||||
enabled=yes
|
name: "{{ dns_service }}"
|
||||||
|
enabled: yes
|
||||||
when: named_enabled and named_install
|
when: named_enabled and named_install
|
||||||
|
|
||||||
- name: Disable named service
|
- name: Disable named service
|
||||||
service: name={{ dns_service }}
|
service:
|
||||||
enabled=no
|
name: "{{ dns_service }}"
|
||||||
|
enabled: no
|
||||||
when: not named_enabled and named_install
|
when: not named_enabled and named_install
|
||||||
|
|
||||||
- name: Disable dnsmasq
|
- name: Disable dnsmasq
|
||||||
service: name=dnsmasq
|
service:
|
||||||
enabled=no
|
name: dnsmasq
|
||||||
|
enabled: no
|
||||||
when: not dnsmasq_enabled and dnsmasq_install
|
when: not dnsmasq_enabled and dnsmasq_install
|
||||||
|
|
||||||
- name: dnsmasq copy config file to /etc
|
- name: Copy dnsmasq.conf to /etc
|
||||||
template: src=network/dnsmasq.conf.j2 dest=/etc/dnsmasq.conf
|
template:
|
||||||
|
src: network/dnsmasq.conf.j2
|
||||||
|
dest: /etc/dnsmasq.conf
|
||||||
when: dnsmasq_enabled and dnsmasq_install
|
when: dnsmasq_enabled and dnsmasq_install
|
||||||
|
|
||||||
- name: Enable dnsmasq
|
- name: Enable dnsmasq
|
||||||
service: name=dnsmasq
|
service:
|
||||||
enabled=yes
|
name: dnsmasq
|
||||||
|
enabled: yes
|
||||||
when: dnsmasq_enabled and dnsmasq_install
|
when: dnsmasq_enabled and dnsmasq_install
|
||||||
|
|
||||||
- name: Enable DansGuardian
|
- name: Enable DansGuardian
|
||||||
service: name=dansguardian
|
service:
|
||||||
enabled=yes
|
name: dansguardian
|
||||||
|
enabled: yes
|
||||||
when: dansguardian_enabled and dansguardian_install
|
when: dansguardian_enabled and dansguardian_install
|
||||||
|
|
||||||
- name: Disable DansGuardian
|
- name: Disable DansGuardian
|
||||||
service: name=dansguardian
|
service:
|
||||||
enabled=no
|
name: dansguardian
|
||||||
|
enabled: no
|
||||||
when: not dansguardian_enabled and dansguardian_install
|
when: not dansguardian_enabled and dansguardian_install
|
||||||
|
|
||||||
- name: Create xs_httpcache flag
|
- name: Create xs_httpcache flag
|
||||||
lineinfile: dest=/etc/iiab/iiab.env
|
lineinfile:
|
||||||
regexp='^HTTPCACHE_ON=*'
|
dest: /etc/iiab/iiab.env
|
||||||
line='HTTPCACHE_ON=True'
|
regexp: '^HTTPCACHE_ON=*'
|
||||||
state=present
|
line: 'HTTPCACHE_ON=True'
|
||||||
|
state: present
|
||||||
when: squid_enabled and squid_install
|
when: squid_enabled and squid_install
|
||||||
|
|
||||||
- name: Enable Squid service
|
- name: Enable Squid service
|
||||||
service: name={{ proxy }}
|
service:
|
||||||
enabled=yes
|
name: "{{ proxy }}"
|
||||||
|
enabled: yes
|
||||||
when: squid_enabled and squid_install
|
when: squid_enabled and squid_install
|
||||||
|
|
||||||
- name: Copy init script and config file
|
- name: Copy init script and config file
|
||||||
template: src={{ item.src }}
|
template:
|
||||||
dest={{ item.dest }}
|
src: "{{ item.src }}"
|
||||||
owner={{ item.owner }}
|
dest: "{{ item.dest }}"
|
||||||
group={{ item.group }}
|
owner: "{{ item.owner }}"
|
||||||
mode={{ item.mode }}
|
group: "{{ item.group }}"
|
||||||
|
mode: "{{ item.mode }}"
|
||||||
with_items:
|
with_items:
|
||||||
- src: 'squid/squid-iiab.conf.j2'
|
- src: squid/squid-iiab.conf.j2
|
||||||
dest: '/etc/{{ proxy }}/squid-iiab.conf'
|
dest: "/etc/{{ proxy }}/squid-iiab.conf"
|
||||||
owner: '{{ proxy_user }}'
|
owner: "{{ proxy_user }}"
|
||||||
group: '{{ proxy_user }}'
|
group: "{{ proxy_user }}"
|
||||||
mode: '0644'
|
mode: 0644
|
||||||
when: squid_enabled and squid_install
|
when: squid_enabled and squid_install
|
||||||
|
|
||||||
- name: Point to Squid config file from startup file
|
- name: Point to Squid config file from startup file
|
||||||
lineinfile: regexp='^CONFIG'
|
lineinfile:
|
||||||
line='CONFIG=/etc/{{ proxy }}/squid-iiab.conf'
|
regexp: '^CONFIG'
|
||||||
dest=/etc/init.d/{{ proxy }}
|
line: "CONFIG=/etc/{{ proxy }}/squid-iiab.conf"
|
||||||
|
dest: "/etc/init.d/{{ proxy }}"
|
||||||
when: squid_enabled and squid_install and is_debuntu
|
when: squid_enabled and squid_install and is_debuntu
|
||||||
|
|
||||||
- name: Disable Squid service
|
- name: Disable Squid service
|
||||||
service: name={{ proxy }}
|
service:
|
||||||
enabled=no
|
name: "{{ proxy }}"
|
||||||
|
enabled: no
|
||||||
when: not squid_enabled and squid_install
|
when: not squid_enabled and squid_install
|
||||||
|
|
||||||
- name: Remove xs_httpcache flag
|
- name: Remove xs_httpcache flag
|
||||||
lineinfile: dest=/etc/iiab/iiab.env
|
lineinfile:
|
||||||
regexp='^HTTPCACHE_ON=*'
|
dest: /etc/iiab/iiab.env
|
||||||
line='HTTPCACHE_ON=False'
|
regexp: '^HTTPCACHE_ON=*'
|
||||||
state=present
|
line: 'HTTPCACHE_ON=False'
|
||||||
|
state: present
|
||||||
when: not squid_enabled
|
when: not squid_enabled
|
||||||
|
|
||||||
- name: Enable Wondershaper service
|
- name: Enable Wondershaper service
|
||||||
service: name=wondershaper
|
service:
|
||||||
enabled=yes
|
name: wondershaper
|
||||||
|
enabled: yes
|
||||||
when: wondershaper_enabled and wondershaper_install
|
when: wondershaper_enabled and wondershaper_install
|
||||||
|
|
||||||
- name: Disable Wondershaper service
|
- name: Disable Wondershaper service
|
||||||
service: name=wondershaper
|
service:
|
||||||
enabled=no
|
name: wondershaper
|
||||||
|
enabled: no
|
||||||
when: not wondershaper_enabled and wondershaper_install
|
when: not wondershaper_enabled and wondershaper_install
|
||||||
|
|
||||||
# check-LAN should be iptables.yml remove later
|
# check-LAN should be iptables.yml remove later
|
||||||
- name: Grab clean copy of iiab-gen-iptables
|
- name: Grab clean copy of iiab-gen-iptables
|
||||||
template: src={{ item.0 }}
|
template:
|
||||||
dest={{ item.1 }}
|
src: "{{ item.0 }}"
|
||||||
owner='root'
|
dest: "{{ item.1 }}"
|
||||||
group='root'
|
owner: root
|
||||||
mode='0755'
|
group: root
|
||||||
|
mode: 0755
|
||||||
with_items:
|
with_items:
|
||||||
- { 0: 'gateway/iiab-gen-iptables', 1: '/usr/bin/iiab-gen-iptables' }
|
- { 0: 'gateway/iiab-gen-iptables', 1: '/usr/bin/iiab-gen-iptables' }
|
||||||
|
|
||||||
- name: Add 'squid' to service list
|
- name: Add 'squid' to list of services at /etc/iiab/iiab.ini
|
||||||
ini_file: dest='{{ service_filelist }}'
|
ini_file:
|
||||||
section=squid
|
dest: "{{ service_filelist }}"
|
||||||
option='{{ item.option }}'
|
section: squid
|
||||||
value='{{ item.value }}'
|
option: "{{ item.option }}"
|
||||||
|
value: "{{ item.value }}"
|
||||||
with_items:
|
with_items:
|
||||||
- option: enabled
|
- option: enabled
|
||||||
value: "{{ squid_enabled }}"
|
value: "{{ squid_enabled }}"
|
||||||
|
|
||||||
- name: Add 'dansguardian' to service list
|
- name: Add 'dansguardian' to list of services at /etc/iiab/iiab.ini
|
||||||
ini_file: dest='{{ service_filelist }}'
|
ini_file:
|
||||||
section=dansguardian
|
dest: "{{ service_filelist }}"
|
||||||
option='{{ item.option }}'
|
section: dansguardian
|
||||||
value='{{ item.value }}'
|
option: "{{ item.option }}"
|
||||||
|
value: "{{ item.value }}"
|
||||||
with_items:
|
with_items:
|
||||||
- option: enabled
|
- option: enabled
|
||||||
value: "{{ dansguardian_enabled }}"
|
value: "{{ dansguardian_enabled }}"
|
||||||
|
|
||||||
- name: Add 'wondershaper' to service list
|
- name: Add 'wondershaper' to list of services at /etc/iiab/iiab.ini
|
||||||
ini_file: dest='{{ service_filelist }}'
|
ini_file:
|
||||||
section=wondershaper
|
dest: "{{ service_filelist }}"
|
||||||
option='{{ item.option }}'
|
section: wondershaper
|
||||||
value='{{ item.value }}'
|
option: "{{ item.option }}"
|
||||||
|
value: "{{ item.value }}"
|
||||||
with_items:
|
with_items:
|
||||||
- option: enabled
|
- option: enabled
|
||||||
value: "{{ wondershaper_enabled }}"
|
value: "{{ wondershaper_enabled }}"
|
||||||
|
|
|
||||||
|
|
@ -52,8 +52,9 @@ local_tz: "{{ ansible_date_time.tz }}"
|
||||||
# Read https://github.com/iiab/iiab/wiki/IIAB-Networking
|
# Read https://github.com/iiab/iiab/wiki/IIAB-Networking
|
||||||
# Also readable offline @ http://box/info/IIAB-Networking.html
|
# Also readable offline @ http://box/info/IIAB-Networking.html
|
||||||
|
|
||||||
# NETWORK PARAMETERS FOLLOW ACROSS THE NEXT 60 LINES, as enabled by Ansible's
|
# NETWORK PARAMETERS FOLLOW ACROSS THE NEXT 65 LINES, as enabled by Ansible's
|
||||||
# NETWORK role (/opt/iiab/iiab/roles/network/*) in 4-SERVER-OPTIONS.
|
# NETWORK role (/opt/iiab/iiab/roles/network/*) in 4-SERVER-OPTIONS below.
|
||||||
|
# SEE ALSO: /opt/iiab/iiab/roles/network/defaults/main.yml
|
||||||
|
|
||||||
iiab_hostname: box
|
iiab_hostname: box
|
||||||
iiab_domain: lan
|
iiab_domain: lan
|
||||||
|
|
@ -103,18 +104,19 @@ dhcpd_enabled: False
|
||||||
named_install: True
|
named_install: True
|
||||||
named_enabled: True
|
named_enabled: True
|
||||||
block_DNS: False
|
block_DNS: False
|
||||||
# Captive Portal highly experimental as of July 2018: https://github.com/iiab/iiab/pull/870
|
|
||||||
py_captive_portal_install: True
|
|
||||||
py_captive_portal_enabled: False
|
|
||||||
|
|
||||||
# dnsmasq
|
# dnsmasq
|
||||||
dnsmasq_install: True
|
dnsmasq_install: True
|
||||||
dnsmasq_enabled: False
|
dnsmasq_enabled: False
|
||||||
|
|
||||||
# Captive Portal highly experimental as of June 2018: https://github.com/iiab/iiab/issues/608
|
# For @tim-moody's Nodogsplash approach to Captive Portal? High experimental as of June 2018: github.com/iiab/iiab/issues/608
|
||||||
captive_portal_install: False
|
captive_portal_install: False
|
||||||
captive_portal_enabled: False
|
captive_portal_enabled: False
|
||||||
|
|
||||||
|
# Simple python Captive Portal, that @m-anish & @jvonau are experimenting with in July 2018: github.com/iiab/iiab/pull/870
|
||||||
|
py_captive_portal_install: True
|
||||||
|
py_captive_portal_enabled: False
|
||||||
|
|
||||||
# Squid
|
# Squid
|
||||||
squid_install: False
|
squid_install: False
|
||||||
squid_enabled: False
|
squid_enabled: False
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue