diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 53fedcd50..3016e0e22 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -21,13 +21,13 @@ copy: src: "{{ iiab_dir }}/scripts/iiab-diagnostics" dest: /usr/bin/ - mode: 0755 + mode: '0755' - name: Create globally-writable directory /etc/iiab/diag so non-root users can run iiab-diagnostics file: state: directory path: /etc/iiab/diag - mode: 0777 + mode: '0777' - name: Re-read local_facts.facts from /etc/ansible/facts.d setup: diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 9cdb8ebd6..57ee5b52b 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -55,9 +55,9 @@ copy: src: roles/1-prep/files/iiab.conf dest: /etc/tmpfiles.d/ - owner: root - group: root - mode: 0644 + # owner: root + # group: root + # mode: '0644' force: yes when: grep_ubermix.rc == 0 # 1 if absent in file, 2 if file doesn't exist #when: ro_dir.stat.exists @@ -66,27 +66,26 @@ include_role: name: sshd # has no "when: XXXXX_install" flag - tags: base, sshd + #tags: base, sshd - name: IIAB-ADMIN include_role: name: iiab-admin # has no "when: XXXXX_install" flag - tags: base, iiab-admin + #tags: base, iiab-admin - name: OPENVPN include_role: name: openvpn when: openvpn_install | bool - tags: openvpn + #tags: openvpn # for rpi, without rtc, we need time as soon as possible - name: Install chrony (an NTP package) especially for RPi's lacking RTC package: name: chrony state: present - tags: - - download + #tags: download #TODO: Use regexp filter instead of hard-code ip - name: Install /etc/chrony.conf from template @@ -102,7 +101,7 @@ # Curiously this has NOT stopped IIAB 7.0/master from working on Debian 10 # pre-releases, during @floydianslips' March 2019 testing anyway! SEE #1387 - name: Disable AppArmor -- override OS default (ubuntu) - service: + systemd: name: apparmor enabled: False state: stopped @@ -141,6 +140,3 @@ template: src: roles/1-prep/templates/iiab.env.j2 dest: "{{ iiab_env_file }}" - owner: root - group: root - mode: 0644 diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index fa9420908..9e736a9bb 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -23,57 +23,21 @@ - include_tasks: packages.yml - include_tasks: iptables.yml -- sysctl: - name: net.ipv4.ip_forward - value: '1' - state: present - -- sysctl: - name: net.ipv4.conf.default.rp_filter - value: '1' - state: present - -- sysctl: - name: net.ipv4.conf.default.accept_source_route - value: '0' - state: present - -- sysctl: - name: kernel.sysrq - value: '1' - state: present - -- sysctl: - name: kernel.core_uses_pid - value: '1' - state: present - -- sysctl: - name: net.ipv4.tcp_syncookies - value: '1' - state: present - -- sysctl: - name: kernel.shmmax - value: '268435456' - state: present - -# IPv6 disabled - -- sysctl: - name: net.ipv6.conf.all.disable_ipv6 - value: '1' - state: present - -- sysctl: - name: net.ipv6.conf.default.disable_ipv6 - value: '1' - state: present - -- sysctl: - name: net.ipv6.conf.lo.disable_ipv6 - value: '1' - state: present +- name: Use 'sysctl' to set 10 network/kernel settings, turning off IPv6 if possible + sysctl: + name: "{{ item.name }}" + value: "{{ item.value }}" + with_items: + - { name: 'net.ipv4.ip_forward', value: '1' } + - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } + - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } + - { name: 'kernel.sysrq', value: '1' } + - { name: 'kernel.core_uses_pid', value: '1' } + - { name: 'net.ipv4.tcp_syncookies', value: '1' } + - { name: 'kernel.shmmax', value: '268435456' } + - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled + - { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } + - { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } - name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH template: @@ -91,4 +55,3 @@ dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=2' - state: present diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 162dbd60d..9997c87f5 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -3,30 +3,29 @@ - name: ...IS BEGINNING ===================================== command: echo +- name: Install NGINX (configured LATER, in Stage 9-LOCAL-ADDONS) + include_tasks: roles/nginx/tasks/install.yml + when: nginx_install | bool + - name: HTTPD (APACHE) include_role: name: httpd when: apache_install | bool - tags: base, httpd + #tags: base, httpd - name: MYSQL include_role: name: mysql - # has no "when: XXXXX_install" flag - tags: base, mysql - -- name: Install nginx - include_tasks: roles/nginx/tasks/install.yml - when: nginx_install | bool + when: mysql_install | bool + #tags: base, mysql - name: Install dnsmasq include_tasks: roles/network/tasks/dnsmasq.yml when: dnsmasq_install | bool - tags: base, domain, dnsmasq, network + #tags: base, domain, dnsmasq, network - name: Recording STAGE 3 HAS COMPLETED ===================== lineinfile: dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=3' - state: present diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index e0740cf93..0ce4d852e 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -8,29 +8,29 @@ - name: Install named / BIND include_tasks: roles/network/tasks/named.yml when: named_install | bool - tags: base, named, network, domain + #tags: base, named, network, domain - name: Installing dhcpd include_tasks: roles/network/tasks/dhcpd.yml when: dhcpd_install | bool - tags: base, dhcpd, network, domain + #tags: base, dhcpd, network, domain - name: Install Squid (and DansGuardian if dansguardian_install) include_tasks: roles/network/tasks/squid.yml when: squid_install | bool - tags: base, squid, network, domain + #tags: base, squid, network, domain - name: Install Bluetooth - only on Raspberry Pi include_role: name: bluetooth when: (is_rpi and bluetooth_install) or bluetooth_installed is defined - tags: bluetooth + #tags: bluetooth - name: USB-LIB include_role: name: usb-lib when: usb_lib_install | bool - tags: usb-lib + #tags: usb-lib # NETWORK moved to the very end, after Stage 9 (9-LOCAL-ADDONS) # It can also be run manually using: cd /opt/iiab/iiab; ./iiab-network @@ -46,25 +46,25 @@ include_role: name: homepage # has no "when: XXXXX_install" flag - tags: base, homepage + #tags: base, homepage - name: POSTGRESQL include_role: name: postgresql when: postgresql_install | bool - tags: postgresql, pathagar, moodle + #tags: postgresql, pathagar, moodle - name: CUPS include_role: name: cups when: cups_install or cups_installed is defined - tags: cups + #tags: cups - name: SAMBA include_role: name: samba when: samba_install or samba_installed is defined - tags: samba + #tags: samba - name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script was installed at the beginning of Stage 3 = roles/3-base-server/tasks/main.yml, which ran Apache playbook = roles/httpd/tasks/main.yml) command: /usr/bin/iiab-refresh-wiki-docs @@ -75,4 +75,3 @@ dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=4' - state: present diff --git a/roles/5-xo-services/tasks/main.yml b/roles/5-xo-services/tasks/main.yml index 80fc5146d..0ab041970 100644 --- a/roles/5-xo-services/tasks/main.yml +++ b/roles/5-xo-services/tasks/main.yml @@ -7,23 +7,22 @@ include_role: name: activity-server when: activity_server_install | bool - tags: olpc, activity-server + #tags: olpc, activity-server - name: EJABBERD_XS include_role: name: ejabberd_xs when: ejabberd_xs_install | bool - tags: olpc, ejabberd-xs + #tags: olpc, ejabberd-xs - name: IDMGR include_role: name: idmgr when: idmgr_install | bool - tags: olpc, idmgr + #tags: olpc, idmgr - name: Recording STAGE 5 HAS COMPLETED ===================== lineinfile: dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=5' - state: present diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index c6edbf859..5f1d94269 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -6,75 +6,79 @@ - name: AZURACAST include_role: name: azuracast - tags: azuracast + when: azuracast_install | bool + #tags: azuracast +# UNMAINTAINED - name: DOKUWIKI include_role: name: dokuwiki - tags: dokuwiki - -- name: MEDIAWIKI - include_role: - name: mediawiki - tags: mediawiki + when: dokuwiki_install | bool + #tags: dokuwiki # UNMAINTAINED - name: EJABBERD include_role: name: ejabberd when: ejabberd_install | bool - tags: ejabberd + #tags: ejabberd - name: ELGG include_role: name: elgg - tags: elgg + when: elgg_install | bool + #tags: elgg - name: GITEA include_role: name: gitea - tags: gitea + when: gitea_install | bool + #tags: gitea - name: LOKOLE include_role: name: lokole - tags: lokole + when: lokole_install | bool + #tags: lokole + +- name: MEDIAWIKI + include_role: + name: mediawiki + when: mediawiki_install | bool + #tags: mediawiki - name: MOSQUITTO include_role: name: mosquitto - tags: mosquitto + when: mosquitto_install | bool + #tags: mosquitto - name: NODE-RED include_role: name: nodered - tags: nodered + when: nodered_install | bool + #tags: nodered - name: NEXTCLOUD include_role: name: nextcloud - tags: nextcloud - -#- name: OWNCLOUD -# include_role: -# name: owncloud -# when: owncloud_install | bool -# tags: owncloud + when: nextcloud_install | bool + #tags: nextcloud - name: PBX include_role: name: pbx when: pbx_install | bool - tags: pbx + #tags: pbx - name: WORDPRESS include_role: name: wordpress - tags: wordpress + when: wordpress_install | bool + #tags: wordpress - name: Recording STAGE 6 HAS COMPLETED ==================== lineinfile: dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=6' - state: present diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index 49711b407..5f31c4be8 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -6,50 +6,55 @@ - name: KALITE include_role: name: kalite - tags: kalite + when: kalite_install | bool + #tags: kalite - name: KOLIBRI include_role: name: kolibri - tags: kolibri + when: kolibri_install | bool + #tags: kolibri - name: KIWIX include_role: name: kiwix - tags: kiwix + when: kiwix_install | bool + #tags: kiwix - name: MOODLE include_role: name: moodle - tags: olpc, moodle + when: moodle_install | bool + #tags: olpc, moodle - name: OSM-VECTOR-MAPS include_role: name: osm-vector-maps - tags: osm, maps + when: osm_vector_maps_install | bool + #tags: osm, maps # UNMAINTAINED - name: OSM include_role: name: osm when: osm_install is defined and osm_install - tags: osm, maps + #tags: osm, maps # UNMAINTAINED - name: PATHAGAR include_role: name: pathagar when: pathagar_install is defined and pathagar_install - tags: pathagar + #tags: pathagar - name: SUGARIZER include_role: name: sugarizer - tags: sugarizer + when: sugarizer_install | bool + #tags: sugarizer - name: Recording STAGE 7 HAS COMPLETED ======================== lineinfile: dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=7' - state: present diff --git a/roles/8-mgmt-tools/tasks/main.yml b/roles/8-mgmt-tools/tasks/main.yml index c7547d2ac..c90b3bc2c 100644 --- a/roles/8-mgmt-tools/tasks/main.yml +++ b/roles/8-mgmt-tools/tasks/main.yml @@ -7,39 +7,40 @@ include_role: name: transmission when: transmission_install | bool - tags: transmission + #tags: transmission - name: AWSTATS include_role: name: awstats - tags: awstats + when: awstats_install | bool + #tags: awstats - name: MONIT include_role: name: monit when: monit_install | bool - tags: monit + #tags: monit - name: MUNIN include_role: name: munin - tags: munin + when: munin_install | bool + #tags: munin - name: PHPMYADMIN include_role: name: phpmyadmin when: phpmyadmin_install | bool - tags: phpmyadmin + #tags: phpmyadmin - name: VNSTAT include_role: name: vnstat when: vnstat_install | bool - tags: vnstat + #tags: vnstat - name: Recording STAGE 8 HAS COMPLETED ====================== lineinfile: dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=8' - state: present diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 954b72366..140841bbc 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -6,55 +6,53 @@ - name: INTERNETARCHIVE include_role: name: internetarchive - tags: internetarchive + when: internetarchive_install | bool + #tags: internetarchive -# Until porting complete (@jvonau helping transition to Python 3) -#- name: 'Install Python 2.7 packages: python, python-pip' -# package: -# name: -# - python -# - python-pip # Used by Admin Console -# state: present - -# To be ported soon +# Is porting to Python 3 complete, and if so does this belong elsewhere? - name: CAPTIVE PORTAL include_tasks: roles/captiveportal/tasks/main.yml when: captiveportal_install | bool - tags: base, captiveportal, network, domain + #tags: base, captiveportal, network, domain - name: MINETEST include_role: name: minetest - tags: minetest + when: minetest_install | bool + #tags: minetest # KEEP AT THE END as this installs dependencies from Debian's 'testing' branch! - name: CALIBRE include_role: name: calibre - tags: calibre + when: calibre_install | bool + #tags: calibre - name: CALIBRE-WEB include_role: name: calibre-web - tags: calibre-web + when: calibreweb_install | bool + #tags: calibre-web # Could split these two below to Stage 10? -- name: Configure NGINX +- name: Configure NGINX (already installed in Stage 3-BASE-SERVER) + # If just CONFIGURING, should we use one of the following instead ?? + # include_tasks: roles/nginx/tasks/setup.yml + # include_tasks: roles/nginx/tasks/enable.yml include_role: name: nginx when: nginx_install | bool - tags: base, nginx + #tags: base, nginx - name: Configure Apache systemd service ({{ apache_service }}) include_role: name: httpd-enable when: apache_install | bool - tags: base, httpd + #tags: base, httpd - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=9' - state: present diff --git a/roles/httpd/defaults/main.yml b/roles/httpd/defaults/main.yml index e3a6706d8..a1196888d 100644 --- a/roles/httpd/defaults/main.yml +++ b/roles/httpd/defaults/main.yml @@ -1,6 +1,12 @@ # default_language: en # language_priority: en es fr +# apache_install: True +# apache_enabled: False + +# apache_port: 8090 # NGINX proxies to this IP address, for legacy IIAB services still requiring Apache +# apache_interface: 127.0.0.1 + # For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147 # apache_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 64ac1880d..e0ef229ef 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -26,4 +26,5 @@ mediawiki_install_path: "{{ content_base }}" # /library mediawiki_abs_path: "{{ mediawiki_install_path }}/mediawiki-{{ mediawiki_version }}" mediawiki_url: /wiki +mediawiki_url2: /mediawiki mediawiki_full_url: "http://{{ iiab_hostname }}.{{ iiab_domain }}{{ mediawiki_url }}" # http://box.lan/wiki diff --git a/roles/mediawiki/tasks/enable.yml b/roles/mediawiki/tasks/enable.yml index 888a0600d..33efcd89d 100644 --- a/roles/mediawiki/tasks/enable.yml +++ b/roles/mediawiki/tasks/enable.yml @@ -16,13 +16,13 @@ # NGINX -- name: Enable http://box{{ mediawiki_url }} via NGINX, by installing {{ nginx_config_dir }}/mediawiki-nginx.conf from template +- name: Enable http://box{{ mediawiki_url }} & http://box{{ mediawiki_url2 }} via NGINX, by installing {{ nginx_config_dir }}/mediawiki-nginx.conf from template template: src: mediawiki-nginx.conf.j2 dest: "{{ nginx_config_dir }}/mediawiki-nginx.conf" when: nginx_install and mediawiki_enabled -- name: Disable http://box{{ mediawiki_url }} via NGINX, by removing {{ nginx_config_dir }}/mediawiki-nginx.conf +- name: Disable http://box{{ mediawiki_url }} & http://box{{ mediawiki_url2 }} via NGINX, by removing {{ nginx_config_dir }}/mediawiki-nginx.conf file: path: "{{ nginx_config_dir }}/mediawiki-nginx.conf" state: absent diff --git a/roles/mediawiki/templates/mediawiki-nginx.conf.j2 b/roles/mediawiki/templates/mediawiki-nginx.conf.j2 index 47704e4cb..26cee7900 100644 --- a/roles/mediawiki/templates/mediawiki-nginx.conf.j2 +++ b/roles/mediawiki/templates/mediawiki-nginx.conf.j2 @@ -52,3 +52,8 @@ location {{ mediawiki_url }}/ { location = {{ mediawiki_url }} { return 301 {{ mediawiki_url }}/Main_Page; } + +# http://box/mediawiki* redirect to http://box/wiki/Main_Page +location {{ mediawiki_url2 }} { + return 301 {{ mediawiki_url }}/Main_Page; +} diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 9e3893271..431498f21 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -1,8 +1,6 @@ - include_tasks: detected_network.yml - when: not installing #REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml - tags: - - network #REMOVE SUCH LINES (BELOW TOO) AS WE'RE IN "network" ? - - network-discover + when: not installing # REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml + #tags: network, network-discover # REMOVE SUCH LINES (BELOW TOO) AS WE'RE IN "network" ? - name: IF WIFI IS PRIMARY GATEWAY, PLEASE RUN 'iiab-hotspot-on' MANUALLY set_fact: @@ -29,14 +27,10 @@ - include_tasks: computed_network.yml when: not installing #REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml - tags: - - network - - network-discover + #tags: network, network-discover - include_tasks: hostapd.yml - tags: - - network - - AP + #tags: network, AP #- name: RPi - don't reboot to AP post install - installed via wifi - don't blow away current network # set_fact: @@ -50,17 +44,12 @@ ##### End static ip address info #- include_tasks: hosts.yml -# tags: -# - network -# - hostname -# - domain +# tags: network, hostname, domain - name: Configure wondershaper include_tasks: wondershaper.yml when: wondershaper_install | bool or wondershaper_installed is defined - tags: - - network - - wondershaper + #tags: network, wondershaper - name: (Re)Install named include_tasks: named.yml @@ -76,24 +65,13 @@ #### start services - include_tasks: avahi.yml - tags: - - network + #tags: network - include_tasks: computed_services.yml - tags: - - network - - named - - dhcpd - - dnsmasq - - squid + #tags: network, named, dhcpd, dnsmasq, squid - include_tasks: enable_services.yml - tags: - - network - - named - - dhcpd - - dnsmasq - - squid + #tags: network, named, dhcpd, dnsmasq, squid #### end services #### Start network layout @@ -101,52 +79,40 @@ include_tasks: ifcfg_mods.yml when: is_redhat | bool #and not installing - tags: - - network + #tags: network - name: Netplan in use on Ubuntu 18.04+ include_tasks: netplan.yml when: is_ubuntu and not is_ubuntu_16 #when: is_ubuntu_18 | bool #and not installing - tags: - - network + #tags: network - name: NetworkManager in use include_tasks: NM-debian.yml when: is_debuntu and network_manager_active #and not installing - tags: - - network + #tags: network - name: systemd-networkd in use include_tasks: sysd-netd-debian.yml when: is_debuntu and systemd_networkd_active #and not installing - tags: - - network + #tags: network - name: RPi's have dhcpcd in use include_tasks: rpi_debian.yml when: is_debuntu and is_rpi #and not installing - tags: - - network + #tags: network - name: Not RPi, Not NetworkManager, Not systemd-networkd in use include_tasks: debian.yml when: (not is_rpi and not network_manager_active and not systemd_networkd_active and is_debuntu) or is_ubuntu_16 #and not installing - tags: - - network + #tags: network #### end network layout - include_tasks: restart.yml when: not installing - tags: - - network - - named - - dhcpd - - dnsmasq - - squid - - AP + #tags: network, named, dhcpd, dnsmasq, squid, AP diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml index ae625c277..e9974baca 100644 --- a/roles/nginx/defaults/main.yml +++ b/roles/nginx/defaults/main.yml @@ -1 +1,14 @@ -nginx_log_dir: /var/log/nginx +# 2019-01-13: IIAB's use of NGINX is still evolving -- please review this +# evolving doc: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md + +# nginx_install: True +# nginx_enabled: True + +# nginx_port: 80 +# nginx_interface: 0.0.0.0 + +# nginx_config_dir: /etc/nginx/conf.d +# nginx_log_dir: /var/log/nginx + +# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml +# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/roles/nginx/tasks/disable.yml b/roles/nginx/tasks/disable.yml.deprecated similarity index 100% rename from roles/nginx/tasks/disable.yml rename to roles/nginx/tasks/disable.yml.deprecated diff --git a/roles/nginx/tasks/only_nginx.yml b/roles/nginx/tasks/only_nginx.yml.deprecated similarity index 100% rename from roles/nginx/tasks/only_nginx.yml rename to roles/nginx/tasks/only_nginx.yml.deprecated diff --git a/roles/nginx/tasks/uses_apache.yml b/roles/nginx/tasks/uses_apache.yml.deprecated similarity index 100% rename from roles/nginx/tasks/uses_apache.yml rename to roles/nginx/tasks/uses_apache.yml.deprecated diff --git a/roles/nginx/templates/dokuwiki-nginx.conf b/roles/nginx/templates/dokuwiki-nginx.conf.deprecated similarity index 100% rename from roles/nginx/templates/dokuwiki-nginx.conf rename to roles/nginx/templates/dokuwiki-nginx.conf.deprecated diff --git a/roles/nginx/templates/kalite-nginx.conf b/roles/nginx/templates/kalite-nginx.conf.unused similarity index 100% rename from roles/nginx/templates/kalite-nginx.conf rename to roles/nginx/templates/kalite-nginx.conf.unused diff --git a/roles/nginx/templates/mediawiki-nginx.conf.j2 b/roles/nginx/templates/mediawiki-nginx.conf.j2.deprecated similarity index 100% rename from roles/nginx/templates/mediawiki-nginx.conf.j2 rename to roles/nginx/templates/mediawiki-nginx.conf.j2.deprecated diff --git a/roles/nginx/templates/wordpress-nginx.conf b/roles/nginx/templates/wordpress-nginx.conf.deprecated similarity index 100% rename from roles/nginx/templates/wordpress-nginx.conf rename to roles/nginx/templates/wordpress-nginx.conf.deprecated diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 7a6a48c0a..032b6733d 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -1,11 +1,16 @@ +# TO DO: WRAP 10 OR 11 STANZAS BELOW (and saving vars to iiab_ini_file at +# bottom) INTO install.yml, somehow conditioned by... +# when: openvpn_install | bool +# +# BEWARE: 11th stanza (ssh pubkey deletions) is already conditioned by... +# when: not openvpn_install + - name: Install OpenVPN and Nmap packages package: name: - openvpn - nmap state: present - #tags: - # - download # Newer versions of NMap do not include NCat, needed to announce /etc/iiab/openvpn_handle - name: Install Ncat package (if Debian > 9 or Ubuntu > 18) @@ -13,17 +18,12 @@ name: ncat state: present when: is_debuntu and not (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18) - #when: need_ncat | bool - #tags: - # - download - name: Install ssh public keys for remote support (if openvpn_install) lineinfile: line: "{{ item.pubkey }}" regexp: "{{ item.regexp }}" path: /root/.ssh/authorized_keys - #backup: yes - when: openvpn_install | bool with_items: - regexp: "LvCSAAcfYIdZPR4ePVpVUZ/IbkGjpQSoRMa5HuVjMO3cZNR27ptqjNjq2husJOyhMFCOBTzo4thioGyTpBr4u3s=$" # Tim Moody pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAhlQIh8ZPx4awdM0O6QNcPbx3qIZ39FHjF2YJ2SX3z7iLnYiz03Ek6Bux9P4HvaVAqlApiz2I68Vq8TfU2s/+LvCSAAcfYIdZPR4ePVpVUZ/IbkGjpQSoRMa5HuVjMO3cZNR27ptqjNjq2husJOyhMFCOBTzo4thioGyTpBr4u3s=" @@ -46,20 +46,16 @@ regexp: "{{ item }}" path: /root/.ssh/authorized_keys state: absent - #backup: yes - when: not openvpn_install with_items: - "LvCSAAcfYIdZPR4ePVpVUZ/IbkGjpQSoRMa5HuVjMO3cZNR27ptqjNjq2husJOyhMFCOBTzo4thioGyTpBr4u3s=$" - "tUM4hl009fbXY4Yy3bAadWL1CquVrZmKfBBWhyhz8zLD6TQ== ghunt@ip-192-168-123-123.ec2.internal$" - "heOMXXNU6skxdPh2fcHh0bzQcaCSQ== holt@crank$" + when: not openvpn_install - name: 'Create dirs: /etc/openvpn/keys, /etc/openvpn/scripts' file: path: "{{ item }}" state: directory - owner: root - group: root - mode: 0755 with_items: - /etc/openvpn/keys - /etc/openvpn/scripts @@ -68,8 +64,6 @@ template: src: "{{ item.src }}" dest: "{{ item.dest }}" - owner: root - group: root mode: "{{ item.mode }}" backup: yes with_items: @@ -83,14 +77,12 @@ - { src: 'openvpn_handle.j2', dest: '/etc/iiab/openvpn_handle', mode: '0644' } - { src: 'iiab-remote-on.j2', dest: '/usr/bin/iiab-remote-on', mode: '0755' } - { src: 'iiab-remote-off', dest: '/usr/bin/iiab-remote-off', mode: '0755' } - # 2019-10-09: Not recommended for over a year & no longer in use - # - { src: 'iiab-handle.j2', dest: '/usr/bin/iiab-handle', mode: '0755' } - name: Copy /opt/iiab/iiab/iiab-support to /usr/bin/iiab-support, in case git tree deleted e.g. on a smaller IIAB install copy: src: "{{ iiab_dir }}/iiab-support" dest: /usr/bin/ - mode: 0755 + mode: '0755' - name: Create iiab-support-on (symlink to iiab-support for now) file: @@ -116,6 +108,7 @@ path: /usr/bin/iiab-vpn-off state: link +# TO DO: WRAP COMMENTS + 4 ACTIVE STANZAS BELOW INTO enable.yml... # FIXED SOMETIME PRIOR TO AUGUST 2018: earlier versions of Ansible had not # been working with systemd service names that contained the "@" character. @@ -198,7 +191,6 @@ # ignore_errors: True # when: not openvpn_enabled and not installing - - name: Add 'openvpn' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 1248df3b6..c087833d4 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -225,27 +225,27 @@ exFAT_enabled: True # 3-BASE-SERVER -# Variables for Administrative Console + +# 2020-01-13: Both vars unused admin_console_install: True admin_console_enabled: True -# variables related to introduction of nginx -# apache -apache_install: True -apache_enabled: False -apache_port: "8090" -apache_interface: "127.0.0.1" -# The following variable, if True, allows Admin Console to poweroff IIAB -# see below -#allow_apache_sudo: False - -nginx_port: "80" -nginx_interface: "0.0.0.0" +# 2019-01-13: IIAB's use of NGINX is still evolving -- please review this +# evolving doc: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md nginx_install: True nginx_enabled: True +nginx_port: 80 +nginx_interface: 0.0.0.0 nginx_config_dir: /etc/nginx/conf.d +nginx_log_dir: /var/log/nginx # See also Apache vars {default_language, language_priority} @ top of this file +apache_install: True +apache_enabled: False +# +# NGINX proxies to Apache for legacy IIAB services, using: +apache_port: 8090 +apache_interface: 127.0.0.1 # 2020-01-13: Var unused # # For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147 apache_high_php_limits: False @@ -657,6 +657,7 @@ calibreweb_home: "{{ content_base }}/calibre-web" # /library/calibre-web is_debuntu: False # Covers all 3: Ubuntu, Debian, Raspbian is_ubuntu: False +is_ubuntu_20: False is_ubuntu_19: False is_ubuntu_18: False is_ubuntu_17: False diff --git a/vars/ubuntu-20.yml b/vars/ubuntu-20.yml new file mode 100644 index 000000000..26fdea9ec --- /dev/null +++ b/vars/ubuntu-20.yml @@ -0,0 +1,31 @@ +is_debuntu: True +is_ubuntu: True +is_ubuntu_20: True + +# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True +# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) +dns_service: bind9 +dns_user: bind +dhcp_service: isc-dhcp-server + +proxy: squid +proxy_user: proxy +apache_service: apache2 +apache_user: www-data +apache_config_dir: apache2/sites-available +apache_log_dir: /var/log/apache2 +smb_service: smbd +nmb_service: nmbd +systemctl_program: /bin/systemctl +# issue raised +mysql_service: mariadb +apache_log: /var/log/apache2/access.log +sshd_package: openssh-server +sshd_service: ssh +php_version: 7.3 # 7.4 might be nec for Ubuntu 20.04 later? +# "postgresql_version: 11.2" failed (too detailed for /etc/systemd/system/postgresql-iiab.service on Ubuntu 19.04) +postgresql_version: 12 +systemd_location: /lib/systemd/system +# Upgrade Ubuntu 20.04's Calibre 4.x to very latest...for now? +calibre_via_debs: False +calibre_via_python: True