external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Merge pull request #916 from holta/open-kolibri-port

Browse source 
Open kolibri port in iptables, for on-campus browsing on WAN side of IIAB (e.g. http://192.168.0.x:8009)
This commit is contained in:
A Holt 2018-07-17 02:36:18 -04:00 committed by GitHub
commit 22cd73e4b4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 67 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

56
roles/network/tasks/debian.yml
View file

@ -21,52 +21,64 @@
# state=present # state=present
- name: For upgrades from earlier IIAB 6.2, remove br0 file - name: For upgrades from earlier IIAB 6.2, remove br0 file
file: path=/etc/network/interfaces.d/br0 file:
state=absent path: /etc/network/interfaces.d/br0
state: absent
when: iiab_lan_iface != "br0" and wan_ip == "dhcp" when: iiab_lan_iface != "br0" and wan_ip == "dhcp"
- name: Supply resolvconf.conf - name: Supply resolvconf.conf
template: dest=/etc/resolvconf.conf template:
src=network/resolvconf.j2 dest: /etc/resolvconf.conf
src: network/resolvconf.j2
- name: Supply dhcpcd.conf - name: Supply dhcpcd.conf
template: dest=/etc/dhcpcd.conf template:
src=network/dhcpcd.conf.j2 dest: /etc/dhcpcd.conf
src: network/dhcpcd.conf.j2
when: dhcpcd_result == "enabled" when: dhcpcd_result == "enabled"
- name: Copy the bridge script - name: Copy the bridge script
template: dest=/etc/network/interfaces.d/iiab template:
src=network/systemd.j2 dest: /etc/network/interfaces.d/iiab
src: network/systemd.j2
when: not is_rpi and (iiab_lan_iface == "br0" or wan_ip != "dhcp" or gui_static_wan_ip == "undefined") when: not is_rpi and (iiab_lan_iface == "br0" or wan_ip != "dhcp" or gui_static_wan_ip == "undefined")
- name: Copy the bridge script for RPi - name: Copy the bridge script for RPi
template: dest=/etc/network/interfaces.d/iiab template:
src=network/rpi.j2 dest: /etc/network/interfaces.d/iiab
src: network/rpi.j2
when: is_rpi and iiab_lan_iface == "br0" when: is_rpi and iiab_lan_iface == "br0"
- name: Workaround auto issue on Debian-9 - name: Workaround auto issue (debian-9)
template: dest=/etc/network/interfaces.d/patch_auto template:
src=network/debian-auto.j2 dest: /etc/network/interfaces.d/patch_auto
src: network/debian-auto.j2
when: iiab_wan_iface != "none" and is_debian_9 when: iiab_wan_iface != "none" and is_debian_9
- name: Clearing out /etc/network/interfaces for static addresses (is_debian_9) - name: Clearing out /etc/network/interfaces for static addresses (debian-9)
lineinfile: lineinfile:
state: absent state: absent
path: /etc/network/interfaces path: /etc/network/interfaces
regexp: "{{ iiab_wan_iface }}" regexp: "{{ iiab_wan_iface }}"
when: wan_ip != "dhcp" and iiab_wan_iface != "none" and is_debian_9 when: wan_ip != "dhcp" and iiab_wan_iface != "none" and is_debian_9
- name: bind may be affected - name: BIND may be affected
service: name={{ dns_service }} state=stopped service:
name: "{{ dns_service }}"
state: stopped
when: named_install and dnsmasq_enabled when: named_install and dnsmasq_enabled
# dhcpd_server release the interface # dhcpd_server release the interface
- name: dhcpd_server may be affected - stopping dhcpd - name: dhcpd_server may be affected - stopping dhcpd
service: name=dhcpd state=stopped service:
name: dhcpd
state: stopped
when: dhcpd_install when: dhcpd_install
- name: dhcpd_server may be affected - stopping dnsmasq - name: dhcpd_server may be affected - stopping dnsmasq
service: name=dnsmasq state=stopped service:
name: dnsmasq
state: stopped
when: dnsmasq_install when: dnsmasq_install
- name: Reload systemd - name: Reload systemd
@ -75,9 +87,13 @@
# now pick up denyinterfaces # now pick up denyinterfaces
- name: Restart dhcpcd - name: Restart dhcpcd
service: name=dhcpcd state=restarted service:
name: dhcpcd
state: restarted
when: dhcpcd_result == "enabled" when: dhcpcd_result == "enabled"
- name: Restart the networking service - name: Restart the networking service
service: name=networking state=restarted service:
name: networking
state: restarted
when: not nobridge is defined and not no_net_restart when: not nobridge is defined and not no_net_restart

2
roles/network/tasks/down-debian.yml
View file

@ -5,7 +5,7 @@
# dest: /etc/resolvconf.conf # dest: /etc/resolvconf.conf
# src: network/resolvconf.j2 # src: network/resolvconf.j2
- name: bind may be affected - name: BIND may be affected
service: service:
name: "{{ dns_service }}" name: "{{ dns_service }}"
state: stopped state: stopped

31
roles/network/tasks/ifcfg_mods.yml
View file

@ -26,16 +26,22 @@
with_items: with_items:
- "{{ discovered_lan_iface }}" - "{{ discovered_lan_iface }}"
- name: bind may be affected - name: BIND may be affected
service: name={{ dns_service }} state=stopped service:
name: "{{ dns_service }}"
state: stopped
when: named_install and dnsmasq_enabled when: named_install and dnsmasq_enabled
- name: dhcpd_server may be affected - stopping dhcpd - name: dhcpd_server may be affected - stopping dhcpd
service: name=dhcpd state=stopped service:
name: dhcpd
state: stopped
when: dhcpd_install when: dhcpd_install
- name: dhcpd_server may be affected - stopping dnsmasq - name: dhcpd_server may be affected - stopping dnsmasq
service: name=dnsmasq state=stopped service:
name: dnsmasq
state: stopped
when: dnsmasq_install when: dnsmasq_install
- name: Stop the LAN/Bridge deleting iiab-LAN - name: Stop the LAN/Bridge deleting iiab-LAN
@ -59,21 +65,24 @@
# when: iiab_wan_iface != "none" and not has_WAN and has_ifcfg_gw == "none" and xo_model == "none" and not iiab_demo_mode # when: iiab_wan_iface != "none" and not has_WAN and has_ifcfg_gw == "none" and xo_model == "none" and not iiab_demo_mode
- name: Configuring LAN interface as iiab_lan_iface - name: Configuring LAN interface as iiab_lan_iface
template: src=network/ifcfg.j2 template:
dest=/etc/sysconfig/network-scripts/ifcfg-LAN src: network/ifcfg.j2
dest: /etc/sysconfig/network-scripts/ifcfg-LAN
when: iiab_lan_iface != "none" when: iiab_lan_iface != "none"
# can be more than one wired interface # can be more than one wired interface
- name: Wired enslaving ## lan_list_result ## to Bridge - name: Wired enslaving ## lan_list_result ## to Bridge
template: src=network/ifcfg-slave.j2 template:
dest=/etc/sysconfig/network-scripts/ifcfg-{{ item|trim }} src: network/ifcfg-slave.j2
dest: "/etc/sysconfig/network-scripts/ifcfg-{{ item|trim }}"
when: iiab_lan_iface == "br0" and item|trim != iiab_wireless_lan_iface and item|trim != iiab_wan_iface when: iiab_lan_iface == "br0" and item|trim != iiab_wireless_lan_iface and item|trim != iiab_wan_iface
with_items: with_items:
- "{{ lan_list_result.stdout_lines }}" - "{{ lan_list_result.stdout_lines }}"
- name: WiFi enslaving {{ iiab_wireless_lan_iface }} to Bridge - name: WiFi enslaving {{ iiab_wireless_lan_iface }} to Bridge
template: src=network/wifi-slave.j2 template:
dest=/etc/sysconfig/network-scripts/ifcfg-{{ iiab_wireless_lan_iface }} src: network/wifi-slave.j2
dest: "/etc/sysconfig/network-scripts/ifcfg-{{ iiab_wireless_lan_iface }}"
when: iiab_lan_iface == "br0" and iiab_wireless_lan_iface != "none" when: iiab_lan_iface == "br0" and iiab_wireless_lan_iface != "none"
tags: tags:
- network - network
@ -81,7 +90,7 @@
- include_tasks: enable_wan.yml - include_tasks: enable_wan.yml
when: not installing and not iiab_demo_mode when: not installing and not iiab_demo_mode
- name: ask systemd to reread the unit files, picks up changes done - name: Ask systemd to reread the unit files, picks up changes done
systemd: systemd:
daemon_reload: yes daemon_reload: yes
when: not installing when: not installing

2
roles/network/tasks/restart.yml
View file

@ -1,4 +1,4 @@
- name: restart hostapd when wifi is present - name: Restart hostapd when WiFi is present
systemd: systemd:
name: hostapd name: hostapd
state: restarted state: restarted

4
roles/network/templates/gateway/iiab-gen-iptables
View file

@ -57,12 +57,13 @@ services_externally_visible={{ services_externally_visible }}
calibre_port={{ calibre_port }} calibre_port={{ calibre_port }}
kiwix_port={{ kiwix_port }} kiwix_port={{ kiwix_port }}
kalite_server_port={{ kalite_server_port }} kalite_server_port={{ kalite_server_port }}
kolibri_http_port={{ kolibri_http_port }}
sugarizer_port={{ sugarizer_port }} sugarizer_port={{ sugarizer_port }}
block_DNS={{ block_DNS }} block_DNS={{ block_DNS }}
captive_portal_enabled={{ captive_portal_enabled }} captive_portal_enabled={{ captive_portal_enabled }}
py_captive_portal_enabled={{ py_captive_portal_enabled }} py_captive_portal_enabled={{ py_captive_portal_enabled }}
echo "Lan is $lan and WAN is $wan" echo "LAN is $lan and WAN is $wan"
# #
# delete all existing rules. # delete all existing rules.
# #
@ -90,6 +91,7 @@ fi
if [ "$services_externally_visible" == "True" ]; then if [ "$services_externally_visible" == "True" ]; then
$IPTABLES -A INPUT -p tcp --dport $kiwix_port -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p tcp --dport $kiwix_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $kalite_server_port -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p tcp --dport $kalite_server_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $kolibri_http_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $calibre_port -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p tcp --dport $calibre_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $sugarizer_port -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p tcp --dport $sugarizer_port -m state --state NEW -i $wan -j ACCEPT
fi fi

1
vars/default_vars.yml
View file

@ -316,6 +316,7 @@ kalite_password: kalite
# Kolibri # Kolibri
kolibri_install: False kolibri_install: False
kolibri_enabled: False kolibri_enabled: False
kolibri_http_port: 8009
# Kiwix # Kiwix
kiwix_install: True kiwix_install: True