From 8e1f94bd509e9da1314a5242e887cf31e409db9b Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 10:08:06 -0500 Subject: [PATCH 01/36] Rename disable.yml to disable.yml.deprecated --- roles/nginx/tasks/{disable.yml => disable.yml.deprecated} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/nginx/tasks/{disable.yml => disable.yml.deprecated} (100%) diff --git a/roles/nginx/tasks/disable.yml b/roles/nginx/tasks/disable.yml.deprecated similarity index 100% rename from roles/nginx/tasks/disable.yml rename to roles/nginx/tasks/disable.yml.deprecated From b0806ed466b09375aba12eb107e264da9d87ef43 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 10:08:36 -0500 Subject: [PATCH 02/36] Rename only_nginx.yml to only_nginx.yml.deprecated --- roles/nginx/tasks/{only_nginx.yml => only_nginx.yml.deprecated} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/nginx/tasks/{only_nginx.yml => only_nginx.yml.deprecated} (100%) diff --git a/roles/nginx/tasks/only_nginx.yml b/roles/nginx/tasks/only_nginx.yml.deprecated similarity index 100% rename from roles/nginx/tasks/only_nginx.yml rename to roles/nginx/tasks/only_nginx.yml.deprecated From dd6ae5dd5240e7690f80e44b0bbbeb7e8ce6fa20 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 10:08:51 -0500 Subject: [PATCH 03/36] Rename uses_apache.yml to uses_apache.yml.deprecated --- roles/nginx/tasks/{uses_apache.yml => uses_apache.yml.deprecated} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/nginx/tasks/{uses_apache.yml => uses_apache.yml.deprecated} (100%) diff --git a/roles/nginx/tasks/uses_apache.yml b/roles/nginx/tasks/uses_apache.yml.deprecated similarity index 100% rename from roles/nginx/tasks/uses_apache.yml rename to roles/nginx/tasks/uses_apache.yml.deprecated From e5a1c6c60e696aaa6b9c2aaa7b2e80087c9f3490 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 10:11:46 -0500 Subject: [PATCH 04/36] Rename dokuwiki-nginx.conf to dokuwiki-nginx.conf.deprecated --- .../{dokuwiki-nginx.conf => dokuwiki-nginx.conf.deprecated} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/nginx/templates/{dokuwiki-nginx.conf => dokuwiki-nginx.conf.deprecated} (100%) diff --git a/roles/nginx/templates/dokuwiki-nginx.conf b/roles/nginx/templates/dokuwiki-nginx.conf.deprecated similarity index 100% rename from roles/nginx/templates/dokuwiki-nginx.conf rename to roles/nginx/templates/dokuwiki-nginx.conf.deprecated From 6f4b60b2ffb4214872a0bac6fc99a9f6a81055fe Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 10:12:01 -0500 Subject: [PATCH 05/36] Rename kalite-nginx.conf to kalite-nginx.conf.unused --- .../templates/{kalite-nginx.conf => kalite-nginx.conf.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/nginx/templates/{kalite-nginx.conf => kalite-nginx.conf.unused} (100%) diff --git a/roles/nginx/templates/kalite-nginx.conf b/roles/nginx/templates/kalite-nginx.conf.unused similarity index 100% rename from roles/nginx/templates/kalite-nginx.conf rename to roles/nginx/templates/kalite-nginx.conf.unused From 58da22f3269d9c7e64093420ee18cdca526bdc22 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 10:12:16 -0500 Subject: [PATCH 06/36] Rename mediawiki-nginx.conf.j2 to mediawiki-nginx.conf.j2.deprecated --- ...mediawiki-nginx.conf.j2 => mediawiki-nginx.conf.j2.deprecated} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/nginx/templates/{mediawiki-nginx.conf.j2 => mediawiki-nginx.conf.j2.deprecated} (100%) diff --git a/roles/nginx/templates/mediawiki-nginx.conf.j2 b/roles/nginx/templates/mediawiki-nginx.conf.j2.deprecated similarity index 100% rename from roles/nginx/templates/mediawiki-nginx.conf.j2 rename to roles/nginx/templates/mediawiki-nginx.conf.j2.deprecated From d0e050e7178e9dd6462c45e48dfd31a5472198d1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 10:12:29 -0500 Subject: [PATCH 07/36] Rename wordpress-nginx.conf to wordpress-nginx.conf.deprecated --- .../{wordpress-nginx.conf => wordpress-nginx.conf.deprecated} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/nginx/templates/{wordpress-nginx.conf => wordpress-nginx.conf.deprecated} (100%) diff --git a/roles/nginx/templates/wordpress-nginx.conf b/roles/nginx/templates/wordpress-nginx.conf.deprecated similarity index 100% rename from roles/nginx/templates/wordpress-nginx.conf rename to roles/nginx/templates/wordpress-nginx.conf.deprecated From c396f7bb75975b492b106f8259340fb5a3da3e61 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 10:17:02 -0500 Subject: [PATCH 08/36] Update 3-base-server/tasks/main.yml --- roles/3-base-server/tasks/main.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 162dbd60d..a5a6dea37 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -3,26 +3,23 @@ - name: ...IS BEGINNING ===================================== command: echo +- name: Install NGINX (Configure LATER, in Stage 9) + include_tasks: roles/nginx/tasks/install.yml + when: nginx_install | bool + - name: HTTPD (APACHE) include_role: name: httpd when: apache_install | bool - tags: base, httpd - name: MYSQL include_role: name: mysql # has no "when: XXXXX_install" flag - tags: base, mysql - -- name: Install nginx - include_tasks: roles/nginx/tasks/install.yml - when: nginx_install | bool - name: Install dnsmasq include_tasks: roles/network/tasks/dnsmasq.yml when: dnsmasq_install | bool - tags: base, domain, dnsmasq, network - name: Recording STAGE 3 HAS COMPLETED ===================== lineinfile: From 51db2e2622daaa71041b387ba565decd9a3c11bf Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 10:22:47 -0500 Subject: [PATCH 09/36] Clean 9-local-addons/tasks/main.yml --- roles/9-local-addons/tasks/main.yml | 26 +++++++++----------------- 1 file changed, 9 insertions(+), 17 deletions(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 954b72366..23aa92adc 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -6,51 +6,43 @@ - name: INTERNETARCHIVE include_role: name: internetarchive - tags: internetarchive + #tags: internetarchive -# Until porting complete (@jvonau helping transition to Python 3) -#- name: 'Install Python 2.7 packages: python, python-pip' -# package: -# name: -# - python -# - python-pip # Used by Admin Console -# state: present - -# To be ported soon +# Is porting to Python 3 complete? - name: CAPTIVE PORTAL include_tasks: roles/captiveportal/tasks/main.yml when: captiveportal_install | bool - tags: base, captiveportal, network, domain + #tags: base, captiveportal, network, domain - name: MINETEST include_role: name: minetest - tags: minetest + #tags: minetest # KEEP AT THE END as this installs dependencies from Debian's 'testing' branch! - name: CALIBRE include_role: name: calibre - tags: calibre + #tags: calibre - name: CALIBRE-WEB include_role: name: calibre-web - tags: calibre-web + #tags: calibre-web # Could split these two below to Stage 10? -- name: Configure NGINX +- name: Configure NGINX (installed in Stage 3-BASE-SERVER) include_role: name: nginx when: nginx_install | bool - tags: base, nginx + #tags: base, nginx - name: Configure Apache systemd service ({{ apache_service }}) include_role: name: httpd-enable when: apache_install | bool - tags: base, httpd + #tags: base, httpd - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: From afc9f01310461655c212e589d44d2141564645c6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 10:25:29 -0500 Subject: [PATCH 10/36] Clean 3-base-server/tasks/main.yml --- roles/3-base-server/tasks/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index a5a6dea37..4f98698f4 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -11,15 +11,18 @@ include_role: name: httpd when: apache_install | bool + #tags: base, httpd - name: MYSQL include_role: name: mysql # has no "when: XXXXX_install" flag + #tags: base, mysql - name: Install dnsmasq include_tasks: roles/network/tasks/dnsmasq.yml when: dnsmasq_install | bool + #tags: base, domain, dnsmasq, network - name: Recording STAGE 3 HAS COMPLETED ===================== lineinfile: From 271a82346cb492d193e8207de5e1c30f1dbfb039 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 10:26:23 -0500 Subject: [PATCH 11/36] Update default_vars.yml --- vars/default_vars.yml | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 1248df3b6..d04fbb31c 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -225,28 +225,24 @@ exFAT_enabled: True # 3-BASE-SERVER -# Variables for Administrative Console + +# 2020-01-13: Vars unused admin_console_install: True admin_console_enabled: True -# variables related to introduction of nginx -# apache -apache_install: True -apache_enabled: False -apache_port: "8090" -apache_interface: "127.0.0.1" -# The following variable, if True, allows Admin Console to poweroff IIAB -# see below -#allow_apache_sudo: False - -nginx_port: "80" -nginx_interface: "0.0.0.0" +nginx_port: 80 +nginx_interface: 0.0.0.0 nginx_install: True nginx_enabled: True nginx_config_dir: /etc/nginx/conf.d # See also Apache vars {default_language, language_priority} @ top of this file # +apache_install: True +apache_enabled: False +apache_port: 8090 # NGINX proxies to this IP address, for legacy IIAB services still requiring Apache +apache_interface: 127.0.0.1 +# # For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147 apache_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! @@ -657,6 +653,7 @@ calibreweb_home: "{{ content_base }}/calibre-web" # /library/calibre-web is_debuntu: False # Covers all 3: Ubuntu, Debian, Raspbian is_ubuntu: False +is_ubuntu_20: False is_ubuntu_19: False is_ubuntu_18: False is_ubuntu_17: False From 6015aabd9e8caf44d01f747a22e56437d8739144 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 10:49:33 -0500 Subject: [PATCH 12/36] Create vars/ubuntu-20.yml --- vars/ubuntu-20.yml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 vars/ubuntu-20.yml diff --git a/vars/ubuntu-20.yml b/vars/ubuntu-20.yml new file mode 100644 index 000000000..26fdea9ec --- /dev/null +++ b/vars/ubuntu-20.yml @@ -0,0 +1,31 @@ +is_debuntu: True +is_ubuntu: True +is_ubuntu_20: True + +# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True +# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) +dns_service: bind9 +dns_user: bind +dhcp_service: isc-dhcp-server + +proxy: squid +proxy_user: proxy +apache_service: apache2 +apache_user: www-data +apache_config_dir: apache2/sites-available +apache_log_dir: /var/log/apache2 +smb_service: smbd +nmb_service: nmbd +systemctl_program: /bin/systemctl +# issue raised +mysql_service: mariadb +apache_log: /var/log/apache2/access.log +sshd_package: openssh-server +sshd_service: ssh +php_version: 7.3 # 7.4 might be nec for Ubuntu 20.04 later? +# "postgresql_version: 11.2" failed (too detailed for /etc/systemd/system/postgresql-iiab.service on Ubuntu 19.04) +postgresql_version: 12 +systemd_location: /lib/systemd/system +# Upgrade Ubuntu 20.04's Calibre 4.x to very latest...for now? +calibre_via_debs: False +calibre_via_python: True From 865dd33546d5c0c2afb91483db01dbf010aa09c6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 10:54:33 -0500 Subject: [PATCH 13/36] Update nginx/defaults/main.yml --- roles/nginx/defaults/main.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml index ae625c277..e9974baca 100644 --- a/roles/nginx/defaults/main.yml +++ b/roles/nginx/defaults/main.yml @@ -1 +1,14 @@ -nginx_log_dir: /var/log/nginx +# 2019-01-13: IIAB's use of NGINX is still evolving -- please review this +# evolving doc: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md + +# nginx_install: True +# nginx_enabled: True + +# nginx_port: 80 +# nginx_interface: 0.0.0.0 + +# nginx_config_dir: /etc/nginx/conf.d +# nginx_log_dir: /var/log/nginx + +# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml +# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! From 43b6994174ad4547b1c58a9d69cecb7654ca243c Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 10:55:35 -0500 Subject: [PATCH 14/36] Update default_vars.yml --- vars/default_vars.yml | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index d04fbb31c..c087833d4 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -226,22 +226,26 @@ exFAT_enabled: True # 3-BASE-SERVER -# 2020-01-13: Vars unused +# 2020-01-13: Both vars unused admin_console_install: True admin_console_enabled: True -nginx_port: 80 -nginx_interface: 0.0.0.0 +# 2019-01-13: IIAB's use of NGINX is still evolving -- please review this +# evolving doc: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md nginx_install: True nginx_enabled: True +nginx_port: 80 +nginx_interface: 0.0.0.0 nginx_config_dir: /etc/nginx/conf.d +nginx_log_dir: /var/log/nginx # See also Apache vars {default_language, language_priority} @ top of this file -# apache_install: True apache_enabled: False -apache_port: 8090 # NGINX proxies to this IP address, for legacy IIAB services still requiring Apache -apache_interface: 127.0.0.1 +# +# NGINX proxies to Apache for legacy IIAB services, using: +apache_port: 8090 +apache_interface: 127.0.0.1 # 2020-01-13: Var unused # # For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147 apache_high_php_limits: False From c82be24f232553b68db4a069d038daabfd123b39 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 10:59:00 -0500 Subject: [PATCH 15/36] Update 3-base-server/tasks/main.yml --- roles/3-base-server/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 4f98698f4..04e310c05 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -3,7 +3,7 @@ - name: ...IS BEGINNING ===================================== command: echo -- name: Install NGINX (Configure LATER, in Stage 9) +- name: Install NGINX (configured LATER, in Stage 9-LOCAL-ADDONS) include_tasks: roles/nginx/tasks/install.yml when: nginx_install | bool From f8ff1bc68a3b56928e221a9a01a2967689af5aa9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 11:02:52 -0500 Subject: [PATCH 16/36] Suggestion for 9-local-addons/tasks/main.yml --- roles/9-local-addons/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 23aa92adc..bb50786b4 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -33,6 +33,8 @@ # Could split these two below to Stage 10? - name: Configure NGINX (installed in Stage 3-BASE-SERVER) + # If just CONFIGURING, shouldn't we use the following instead ?? + # include_tasks: roles/nginx/tasks/setup.yml include_role: name: nginx when: nginx_install | bool From e2d0913295375be665eec5c12838599fa357fd4e Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 11:05:20 -0500 Subject: [PATCH 17/36] Refine suggestion in 9-local-addons/tasks/main.yml --- roles/9-local-addons/tasks/main.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index bb50786b4..553735f09 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -32,9 +32,10 @@ # Could split these two below to Stage 10? -- name: Configure NGINX (installed in Stage 3-BASE-SERVER) - # If just CONFIGURING, shouldn't we use the following instead ?? +- name: Configure NGINX (already installed in Stage 3-BASE-SERVER) + # If just CONFIGURING, should we use one of the following instead ?? # include_tasks: roles/nginx/tasks/setup.yml + # include_tasks: roles/nginx/tasks/enable.yml include_role: name: nginx when: nginx_install | bool From 130cf17fc725e085ec01d2d2d760107d9d2b5e28 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 11:08:11 -0500 Subject: [PATCH 18/36] Clean 0-init/tasks/main.yml --- roles/0-init/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 53fedcd50..3016e0e22 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -21,13 +21,13 @@ copy: src: "{{ iiab_dir }}/scripts/iiab-diagnostics" dest: /usr/bin/ - mode: 0755 + mode: '0755' - name: Create globally-writable directory /etc/iiab/diag so non-root users can run iiab-diagnostics file: state: directory path: /etc/iiab/diag - mode: 0777 + mode: '0777' - name: Re-read local_facts.facts from /etc/ansible/facts.d setup: From 2e49e24d13c0b2119b0cb2ccbda668f94f58955d Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 11:11:46 -0500 Subject: [PATCH 19/36] Clean 1-prep/tasks/main.yml --- roles/1-prep/tasks/main.yml | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 9cdb8ebd6..57ee5b52b 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -55,9 +55,9 @@ copy: src: roles/1-prep/files/iiab.conf dest: /etc/tmpfiles.d/ - owner: root - group: root - mode: 0644 + # owner: root + # group: root + # mode: '0644' force: yes when: grep_ubermix.rc == 0 # 1 if absent in file, 2 if file doesn't exist #when: ro_dir.stat.exists @@ -66,27 +66,26 @@ include_role: name: sshd # has no "when: XXXXX_install" flag - tags: base, sshd + #tags: base, sshd - name: IIAB-ADMIN include_role: name: iiab-admin # has no "when: XXXXX_install" flag - tags: base, iiab-admin + #tags: base, iiab-admin - name: OPENVPN include_role: name: openvpn when: openvpn_install | bool - tags: openvpn + #tags: openvpn # for rpi, without rtc, we need time as soon as possible - name: Install chrony (an NTP package) especially for RPi's lacking RTC package: name: chrony state: present - tags: - - download + #tags: download #TODO: Use regexp filter instead of hard-code ip - name: Install /etc/chrony.conf from template @@ -102,7 +101,7 @@ # Curiously this has NOT stopped IIAB 7.0/master from working on Debian 10 # pre-releases, during @floydianslips' March 2019 testing anyway! SEE #1387 - name: Disable AppArmor -- override OS default (ubuntu) - service: + systemd: name: apparmor enabled: False state: stopped @@ -141,6 +140,3 @@ template: src: roles/1-prep/templates/iiab.env.j2 dest: "{{ iiab_env_file }}" - owner: root - group: root - mode: 0644 From 6135e7af64700868e3034772d88733b343b060e1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 11:28:04 -0500 Subject: [PATCH 20/36] Clean 2-common/tasks/main.yml --- roles/2-common/tasks/main.yml | 67 ++++++++--------------------------- 1 file changed, 15 insertions(+), 52 deletions(-) diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index fa9420908..9e736a9bb 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -23,57 +23,21 @@ - include_tasks: packages.yml - include_tasks: iptables.yml -- sysctl: - name: net.ipv4.ip_forward - value: '1' - state: present - -- sysctl: - name: net.ipv4.conf.default.rp_filter - value: '1' - state: present - -- sysctl: - name: net.ipv4.conf.default.accept_source_route - value: '0' - state: present - -- sysctl: - name: kernel.sysrq - value: '1' - state: present - -- sysctl: - name: kernel.core_uses_pid - value: '1' - state: present - -- sysctl: - name: net.ipv4.tcp_syncookies - value: '1' - state: present - -- sysctl: - name: kernel.shmmax - value: '268435456' - state: present - -# IPv6 disabled - -- sysctl: - name: net.ipv6.conf.all.disable_ipv6 - value: '1' - state: present - -- sysctl: - name: net.ipv6.conf.default.disable_ipv6 - value: '1' - state: present - -- sysctl: - name: net.ipv6.conf.lo.disable_ipv6 - value: '1' - state: present +- name: Use 'sysctl' to set 10 network/kernel settings, turning off IPv6 if possible + sysctl: + name: "{{ item.name }}" + value: "{{ item.value }}" + with_items: + - { name: 'net.ipv4.ip_forward', value: '1' } + - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } + - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } + - { name: 'kernel.sysrq', value: '1' } + - { name: 'kernel.core_uses_pid', value: '1' } + - { name: 'net.ipv4.tcp_syncookies', value: '1' } + - { name: 'kernel.shmmax', value: '268435456' } + - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled + - { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } + - { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } - name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH template: @@ -91,4 +55,3 @@ dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=2' - state: present From 3fc4841ad6add767fa13f9a4bfea17bdc2a8e6c0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 11:28:47 -0500 Subject: [PATCH 21/36] Clean 9-local-addons/tasks/main.yml --- roles/9-local-addons/tasks/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 553735f09..837a2dfb4 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -52,4 +52,3 @@ dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=9' - state: present From 3db9e2ee24b518f47adabfdca22114959a4fcbff Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 11:29:16 -0500 Subject: [PATCH 22/36] Clean 3-base-server/tasks/main.yml --- roles/3-base-server/tasks/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 04e310c05..d9aff9d22 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -29,4 +29,3 @@ dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=3' - state: present From 5011b26ec00cb90c75343e7ac6f49936aba750a2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 11:32:38 -0500 Subject: [PATCH 23/36] Clean 4-server-options/tasks/main.yml --- roles/4-server-options/tasks/main.yml | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index e0740cf93..0ce4d852e 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -8,29 +8,29 @@ - name: Install named / BIND include_tasks: roles/network/tasks/named.yml when: named_install | bool - tags: base, named, network, domain + #tags: base, named, network, domain - name: Installing dhcpd include_tasks: roles/network/tasks/dhcpd.yml when: dhcpd_install | bool - tags: base, dhcpd, network, domain + #tags: base, dhcpd, network, domain - name: Install Squid (and DansGuardian if dansguardian_install) include_tasks: roles/network/tasks/squid.yml when: squid_install | bool - tags: base, squid, network, domain + #tags: base, squid, network, domain - name: Install Bluetooth - only on Raspberry Pi include_role: name: bluetooth when: (is_rpi and bluetooth_install) or bluetooth_installed is defined - tags: bluetooth + #tags: bluetooth - name: USB-LIB include_role: name: usb-lib when: usb_lib_install | bool - tags: usb-lib + #tags: usb-lib # NETWORK moved to the very end, after Stage 9 (9-LOCAL-ADDONS) # It can also be run manually using: cd /opt/iiab/iiab; ./iiab-network @@ -46,25 +46,25 @@ include_role: name: homepage # has no "when: XXXXX_install" flag - tags: base, homepage + #tags: base, homepage - name: POSTGRESQL include_role: name: postgresql when: postgresql_install | bool - tags: postgresql, pathagar, moodle + #tags: postgresql, pathagar, moodle - name: CUPS include_role: name: cups when: cups_install or cups_installed is defined - tags: cups + #tags: cups - name: SAMBA include_role: name: samba when: samba_install or samba_installed is defined - tags: samba + #tags: samba - name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script was installed at the beginning of Stage 3 = roles/3-base-server/tasks/main.yml, which ran Apache playbook = roles/httpd/tasks/main.yml) command: /usr/bin/iiab-refresh-wiki-docs @@ -75,4 +75,3 @@ dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=4' - state: present From 08cddfcb8c9c0a30af92e9140483e2b1f83a44bc Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 11:34:15 -0500 Subject: [PATCH 24/36] Clean 5-xo-services/tasks/main.yml --- roles/5-xo-services/tasks/main.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/5-xo-services/tasks/main.yml b/roles/5-xo-services/tasks/main.yml index 80fc5146d..0ab041970 100644 --- a/roles/5-xo-services/tasks/main.yml +++ b/roles/5-xo-services/tasks/main.yml @@ -7,23 +7,22 @@ include_role: name: activity-server when: activity_server_install | bool - tags: olpc, activity-server + #tags: olpc, activity-server - name: EJABBERD_XS include_role: name: ejabberd_xs when: ejabberd_xs_install | bool - tags: olpc, ejabberd-xs + #tags: olpc, ejabberd-xs - name: IDMGR include_role: name: idmgr when: idmgr_install | bool - tags: olpc, idmgr + #tags: olpc, idmgr - name: Recording STAGE 5 HAS COMPLETED ===================== lineinfile: dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=5' - state: present From 50f72834df59355bcfba7cf1d8853f6892f5ff19 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 11:43:45 -0500 Subject: [PATCH 25/36] Clean 6-generic-apps/tasks/main.yml --- roles/6-generic-apps/tasks/main.yml | 41 ++++++++++++++++------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index c6edbf859..f77eba547 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -6,75 +6,78 @@ - name: AZURACAST include_role: name: azuracast - tags: azuracast + when: azuracast_install | bool + #tags: azuracast - name: DOKUWIKI include_role: name: dokuwiki - tags: dokuwiki + when: dokuwiki_install | bool + #tags: dokuwiki - name: MEDIAWIKI include_role: name: mediawiki - tags: mediawiki + when: mediawiki_install | bool + #tags: mediawiki # UNMAINTAINED - name: EJABBERD include_role: name: ejabberd when: ejabberd_install | bool - tags: ejabberd + #tags: ejabberd - name: ELGG include_role: name: elgg - tags: elgg + when: elgg_install | bool + #tags: elgg - name: GITEA include_role: name: gitea - tags: gitea + when: gitea_install | bool + #tags: gitea - name: LOKOLE include_role: name: lokole - tags: lokole + when: lokole_install | bool + #tags: lokole - name: MOSQUITTO include_role: name: mosquitto - tags: mosquitto + when: mosquitto_install | bool + #tags: mosquitto - name: NODE-RED include_role: name: nodered - tags: nodered + when: nodered_install | bool + #tags: nodered - name: NEXTCLOUD include_role: name: nextcloud - tags: nextcloud - -#- name: OWNCLOUD -# include_role: -# name: owncloud -# when: owncloud_install | bool -# tags: owncloud + when: nextcloud_install | bool + #tags: nextcloud - name: PBX include_role: name: pbx when: pbx_install | bool - tags: pbx + #tags: pbx - name: WORDPRESS include_role: name: wordpress - tags: wordpress + when: wordpress_install | bool + #tags: wordpress - name: Recording STAGE 6 HAS COMPLETED ==================== lineinfile: dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=6' - state: present From 29fe4460b2d6b998491a0d78d9018ba6de242a4e Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 11:47:03 -0500 Subject: [PATCH 26/36] Clean 3-base-server/tasks/main.yml --- roles/3-base-server/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index d9aff9d22..9997c87f5 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -16,7 +16,7 @@ - name: MYSQL include_role: name: mysql - # has no "when: XXXXX_install" flag + when: mysql_install | bool #tags: base, mysql - name: Install dnsmasq From 2dbf5b5eb1387f89cca95c4c472563fc1c2c0e77 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 11:59:16 -0500 Subject: [PATCH 27/36] Clean 7-edu-apps/tasks/main.yml --- roles/7-edu-apps/tasks/main.yml | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index 49711b407..5f31c4be8 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -6,50 +6,55 @@ - name: KALITE include_role: name: kalite - tags: kalite + when: kalite_install | bool + #tags: kalite - name: KOLIBRI include_role: name: kolibri - tags: kolibri + when: kolibri_install | bool + #tags: kolibri - name: KIWIX include_role: name: kiwix - tags: kiwix + when: kiwix_install | bool + #tags: kiwix - name: MOODLE include_role: name: moodle - tags: olpc, moodle + when: moodle_install | bool + #tags: olpc, moodle - name: OSM-VECTOR-MAPS include_role: name: osm-vector-maps - tags: osm, maps + when: osm_vector_maps_install | bool + #tags: osm, maps # UNMAINTAINED - name: OSM include_role: name: osm when: osm_install is defined and osm_install - tags: osm, maps + #tags: osm, maps # UNMAINTAINED - name: PATHAGAR include_role: name: pathagar when: pathagar_install is defined and pathagar_install - tags: pathagar + #tags: pathagar - name: SUGARIZER include_role: name: sugarizer - tags: sugarizer + when: sugarizer_install | bool + #tags: sugarizer - name: Recording STAGE 7 HAS COMPLETED ======================== lineinfile: dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=7' - state: present From 4d4591de84d20b3f1c778c1b11029689f846faa5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 12:01:25 -0500 Subject: [PATCH 28/36] Clean 8-mgmt-tools/tasks/main.yml --- roles/8-mgmt-tools/tasks/main.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/roles/8-mgmt-tools/tasks/main.yml b/roles/8-mgmt-tools/tasks/main.yml index c7547d2ac..c90b3bc2c 100644 --- a/roles/8-mgmt-tools/tasks/main.yml +++ b/roles/8-mgmt-tools/tasks/main.yml @@ -7,39 +7,40 @@ include_role: name: transmission when: transmission_install | bool - tags: transmission + #tags: transmission - name: AWSTATS include_role: name: awstats - tags: awstats + when: awstats_install | bool + #tags: awstats - name: MONIT include_role: name: monit when: monit_install | bool - tags: monit + #tags: monit - name: MUNIN include_role: name: munin - tags: munin + when: munin_install | bool + #tags: munin - name: PHPMYADMIN include_role: name: phpmyadmin when: phpmyadmin_install | bool - tags: phpmyadmin + #tags: phpmyadmin - name: VNSTAT include_role: name: vnstat when: vnstat_install | bool - tags: vnstat + #tags: vnstat - name: Recording STAGE 8 HAS COMPLETED ====================== lineinfile: dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=8' - state: present From 4912114b7b6a330de26b78d6e63e065e53322cc8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 12:05:36 -0500 Subject: [PATCH 29/36] Clean 9-local-addons/tasks/main.yml --- roles/9-local-addons/tasks/main.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 837a2dfb4..140841bbc 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -6,9 +6,10 @@ - name: INTERNETARCHIVE include_role: name: internetarchive + when: internetarchive_install | bool #tags: internetarchive -# Is porting to Python 3 complete? +# Is porting to Python 3 complete, and if so does this belong elsewhere? - name: CAPTIVE PORTAL include_tasks: roles/captiveportal/tasks/main.yml when: captiveportal_install | bool @@ -17,17 +18,20 @@ - name: MINETEST include_role: name: minetest + when: minetest_install | bool #tags: minetest # KEEP AT THE END as this installs dependencies from Debian's 'testing' branch! - name: CALIBRE include_role: name: calibre + when: calibre_install | bool #tags: calibre - name: CALIBRE-WEB include_role: name: calibre-web + when: calibreweb_install | bool #tags: calibre-web # Could split these two below to Stage 10? From d4906db5cefcaae976053b6c7d5af582b60dfffb Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 12:13:11 -0500 Subject: [PATCH 30/36] Experimentally comment out tags from network/tasks/main.yml --- roles/network/tasks/main.yml | 66 +++++++++--------------------------- 1 file changed, 16 insertions(+), 50 deletions(-) diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 9e3893271..431498f21 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -1,8 +1,6 @@ - include_tasks: detected_network.yml - when: not installing #REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml - tags: - - network #REMOVE SUCH LINES (BELOW TOO) AS WE'RE IN "network" ? - - network-discover + when: not installing # REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml + #tags: network, network-discover # REMOVE SUCH LINES (BELOW TOO) AS WE'RE IN "network" ? - name: IF WIFI IS PRIMARY GATEWAY, PLEASE RUN 'iiab-hotspot-on' MANUALLY set_fact: @@ -29,14 +27,10 @@ - include_tasks: computed_network.yml when: not installing #REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml - tags: - - network - - network-discover + #tags: network, network-discover - include_tasks: hostapd.yml - tags: - - network - - AP + #tags: network, AP #- name: RPi - don't reboot to AP post install - installed via wifi - don't blow away current network # set_fact: @@ -50,17 +44,12 @@ ##### End static ip address info #- include_tasks: hosts.yml -# tags: -# - network -# - hostname -# - domain +# tags: network, hostname, domain - name: Configure wondershaper include_tasks: wondershaper.yml when: wondershaper_install | bool or wondershaper_installed is defined - tags: - - network - - wondershaper + #tags: network, wondershaper - name: (Re)Install named include_tasks: named.yml @@ -76,24 +65,13 @@ #### start services - include_tasks: avahi.yml - tags: - - network + #tags: network - include_tasks: computed_services.yml - tags: - - network - - named - - dhcpd - - dnsmasq - - squid + #tags: network, named, dhcpd, dnsmasq, squid - include_tasks: enable_services.yml - tags: - - network - - named - - dhcpd - - dnsmasq - - squid + #tags: network, named, dhcpd, dnsmasq, squid #### end services #### Start network layout @@ -101,52 +79,40 @@ include_tasks: ifcfg_mods.yml when: is_redhat | bool #and not installing - tags: - - network + #tags: network - name: Netplan in use on Ubuntu 18.04+ include_tasks: netplan.yml when: is_ubuntu and not is_ubuntu_16 #when: is_ubuntu_18 | bool #and not installing - tags: - - network + #tags: network - name: NetworkManager in use include_tasks: NM-debian.yml when: is_debuntu and network_manager_active #and not installing - tags: - - network + #tags: network - name: systemd-networkd in use include_tasks: sysd-netd-debian.yml when: is_debuntu and systemd_networkd_active #and not installing - tags: - - network + #tags: network - name: RPi's have dhcpcd in use include_tasks: rpi_debian.yml when: is_debuntu and is_rpi #and not installing - tags: - - network + #tags: network - name: Not RPi, Not NetworkManager, Not systemd-networkd in use include_tasks: debian.yml when: (not is_rpi and not network_manager_active and not systemd_networkd_active and is_debuntu) or is_ubuntu_16 #and not installing - tags: - - network + #tags: network #### end network layout - include_tasks: restart.yml when: not installing - tags: - - network - - named - - dhcpd - - dnsmasq - - squid - - AP + #tags: network, named, dhcpd, dnsmasq, squid, AP From 8443cc22436cc94b760a7563f0be46fb3f1c7865 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 12:14:06 -0500 Subject: [PATCH 31/36] Update httpd/defaults/main.yml --- roles/httpd/defaults/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/httpd/defaults/main.yml b/roles/httpd/defaults/main.yml index e3a6706d8..a1196888d 100644 --- a/roles/httpd/defaults/main.yml +++ b/roles/httpd/defaults/main.yml @@ -1,6 +1,12 @@ # default_language: en # language_priority: en es fr +# apache_install: True +# apache_enabled: False + +# apache_port: 8090 # NGINX proxies to this IP address, for legacy IIAB services still requiring Apache +# apache_interface: 127.0.0.1 + # For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147 # apache_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! From 9654ad403bc212e2c450fe3b9bda0ebc3223c4cb Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 13:05:01 -0500 Subject: [PATCH 32/36] Update 6-generic-apps/tasks/main.yml --- roles/6-generic-apps/tasks/main.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index f77eba547..5f1d94269 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -9,18 +9,13 @@ when: azuracast_install | bool #tags: azuracast +# UNMAINTAINED - name: DOKUWIKI include_role: name: dokuwiki when: dokuwiki_install | bool #tags: dokuwiki -- name: MEDIAWIKI - include_role: - name: mediawiki - when: mediawiki_install | bool - #tags: mediawiki - # UNMAINTAINED - name: EJABBERD include_role: @@ -46,6 +41,12 @@ when: lokole_install | bool #tags: lokole +- name: MEDIAWIKI + include_role: + name: mediawiki + when: mediawiki_install | bool + #tags: mediawiki + - name: MOSQUITTO include_role: name: mosquitto From 8b7a5b20a07e8bbc5f8dfb7959175377714c518d Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 14:11:04 -0500 Subject: [PATCH 33/36] Redirect http://box/mediawiki* to http://box/wiki/Main_Page --- roles/mediawiki/templates/mediawiki-nginx.conf.j2 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/mediawiki/templates/mediawiki-nginx.conf.j2 b/roles/mediawiki/templates/mediawiki-nginx.conf.j2 index 47704e4cb..26cee7900 100644 --- a/roles/mediawiki/templates/mediawiki-nginx.conf.j2 +++ b/roles/mediawiki/templates/mediawiki-nginx.conf.j2 @@ -52,3 +52,8 @@ location {{ mediawiki_url }}/ { location = {{ mediawiki_url }} { return 301 {{ mediawiki_url }}/Main_Page; } + +# http://box/mediawiki* redirect to http://box/wiki/Main_Page +location {{ mediawiki_url2 }} { + return 301 {{ mediawiki_url }}/Main_Page; +} From bc08564d06144b5f6299a70e5906685bf5e076f4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 14:12:20 -0500 Subject: [PATCH 34/36] Redirect http://box/mediawiki* to http://box/wiki/Main_Page --- roles/mediawiki/tasks/enable.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mediawiki/tasks/enable.yml b/roles/mediawiki/tasks/enable.yml index 888a0600d..33efcd89d 100644 --- a/roles/mediawiki/tasks/enable.yml +++ b/roles/mediawiki/tasks/enable.yml @@ -16,13 +16,13 @@ # NGINX -- name: Enable http://box{{ mediawiki_url }} via NGINX, by installing {{ nginx_config_dir }}/mediawiki-nginx.conf from template +- name: Enable http://box{{ mediawiki_url }} & http://box{{ mediawiki_url2 }} via NGINX, by installing {{ nginx_config_dir }}/mediawiki-nginx.conf from template template: src: mediawiki-nginx.conf.j2 dest: "{{ nginx_config_dir }}/mediawiki-nginx.conf" when: nginx_install and mediawiki_enabled -- name: Disable http://box{{ mediawiki_url }} via NGINX, by removing {{ nginx_config_dir }}/mediawiki-nginx.conf +- name: Disable http://box{{ mediawiki_url }} & http://box{{ mediawiki_url2 }} via NGINX, by removing {{ nginx_config_dir }}/mediawiki-nginx.conf file: path: "{{ nginx_config_dir }}/mediawiki-nginx.conf" state: absent From f492a6351415f533251c40f388d2cf1c8a7ef2ee Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 14:12:43 -0500 Subject: [PATCH 35/36] Redirect http://box/mediawiki* to http://box/wiki/Main_Page --- roles/mediawiki/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 64ac1880d..e0ef229ef 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -26,4 +26,5 @@ mediawiki_install_path: "{{ content_base }}" # /library mediawiki_abs_path: "{{ mediawiki_install_path }}/mediawiki-{{ mediawiki_version }}" mediawiki_url: /wiki +mediawiki_url2: /mediawiki mediawiki_full_url: "http://{{ iiab_hostname }}.{{ iiab_domain }}{{ mediawiki_url }}" # http://box.lan/wiki From 2877bf442c9629126016545a6d97693a9d32260f Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 Jan 2020 16:19:50 -0500 Subject: [PATCH 36/36] Clean openvpn/tasks/main.yml --- roles/openvpn/tasks/main.yml | 28 ++++++++++------------------ 1 file changed, 10 insertions(+), 18 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 7a6a48c0a..032b6733d 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -1,11 +1,16 @@ +# TO DO: WRAP 10 OR 11 STANZAS BELOW (and saving vars to iiab_ini_file at +# bottom) INTO install.yml, somehow conditioned by... +# when: openvpn_install | bool +# +# BEWARE: 11th stanza (ssh pubkey deletions) is already conditioned by... +# when: not openvpn_install + - name: Install OpenVPN and Nmap packages package: name: - openvpn - nmap state: present - #tags: - # - download # Newer versions of NMap do not include NCat, needed to announce /etc/iiab/openvpn_handle - name: Install Ncat package (if Debian > 9 or Ubuntu > 18) @@ -13,17 +18,12 @@ name: ncat state: present when: is_debuntu and not (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18) - #when: need_ncat | bool - #tags: - # - download - name: Install ssh public keys for remote support (if openvpn_install) lineinfile: line: "{{ item.pubkey }}" regexp: "{{ item.regexp }}" path: /root/.ssh/authorized_keys - #backup: yes - when: openvpn_install | bool with_items: - regexp: "LvCSAAcfYIdZPR4ePVpVUZ/IbkGjpQSoRMa5HuVjMO3cZNR27ptqjNjq2husJOyhMFCOBTzo4thioGyTpBr4u3s=$" # Tim Moody pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAhlQIh8ZPx4awdM0O6QNcPbx3qIZ39FHjF2YJ2SX3z7iLnYiz03Ek6Bux9P4HvaVAqlApiz2I68Vq8TfU2s/+LvCSAAcfYIdZPR4ePVpVUZ/IbkGjpQSoRMa5HuVjMO3cZNR27ptqjNjq2husJOyhMFCOBTzo4thioGyTpBr4u3s=" @@ -46,20 +46,16 @@ regexp: "{{ item }}" path: /root/.ssh/authorized_keys state: absent - #backup: yes - when: not openvpn_install with_items: - "LvCSAAcfYIdZPR4ePVpVUZ/IbkGjpQSoRMa5HuVjMO3cZNR27ptqjNjq2husJOyhMFCOBTzo4thioGyTpBr4u3s=$" - "tUM4hl009fbXY4Yy3bAadWL1CquVrZmKfBBWhyhz8zLD6TQ== ghunt@ip-192-168-123-123.ec2.internal$" - "heOMXXNU6skxdPh2fcHh0bzQcaCSQ== holt@crank$" + when: not openvpn_install - name: 'Create dirs: /etc/openvpn/keys, /etc/openvpn/scripts' file: path: "{{ item }}" state: directory - owner: root - group: root - mode: 0755 with_items: - /etc/openvpn/keys - /etc/openvpn/scripts @@ -68,8 +64,6 @@ template: src: "{{ item.src }}" dest: "{{ item.dest }}" - owner: root - group: root mode: "{{ item.mode }}" backup: yes with_items: @@ -83,14 +77,12 @@ - { src: 'openvpn_handle.j2', dest: '/etc/iiab/openvpn_handle', mode: '0644' } - { src: 'iiab-remote-on.j2', dest: '/usr/bin/iiab-remote-on', mode: '0755' } - { src: 'iiab-remote-off', dest: '/usr/bin/iiab-remote-off', mode: '0755' } - # 2019-10-09: Not recommended for over a year & no longer in use - # - { src: 'iiab-handle.j2', dest: '/usr/bin/iiab-handle', mode: '0755' } - name: Copy /opt/iiab/iiab/iiab-support to /usr/bin/iiab-support, in case git tree deleted e.g. on a smaller IIAB install copy: src: "{{ iiab_dir }}/iiab-support" dest: /usr/bin/ - mode: 0755 + mode: '0755' - name: Create iiab-support-on (symlink to iiab-support for now) file: @@ -116,6 +108,7 @@ path: /usr/bin/iiab-vpn-off state: link +# TO DO: WRAP COMMENTS + 4 ACTIVE STANZAS BELOW INTO enable.yml... # FIXED SOMETIME PRIOR TO AUGUST 2018: earlier versions of Ansible had not # been working with systemd service names that contained the "@" character. @@ -198,7 +191,6 @@ # ignore_errors: True # when: not openvpn_enabled and not installing - - name: Add 'openvpn' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}"