external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-02-15 04:32:11 +00:00
Code Issues Releases Wiki Activity

Merge pull request #12 from iiab/master

Browse source 
sync from iiab/iiab
This commit is contained in:
A Holt 2017-10-17 20:55:17 -04:00 committed by GitHub
commit 344a65c900
35 changed files with 51 additions and 89 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
roles/gateway/README.rst
View file

@ -1,46 +0,0 @@
==============
Gateway README
==============
Under the heading of Gateway are a number of services that provide dhcp addresses and NAT to the lan
and filter wan access both in terms of content and bandwidth.
LAN
---
The LAN is managed by the dhcpd service and by iptables. The configuration of iptables is complicated
and works as follows:
/etc/systemd/system/iptables.service calls
/etc/sysconfig/iptables-config which calls
/usr/bin/iiab-gen-iptables
and saves the resultant configuration to /etc/sysconfig/iptables
it then supplies additional rules to iptables
As of March 2014 the following files are obsolete
/etc/sysconfig/olpc-scripts/iptables-xs
/etc/sysconfig/olpc-scripts/ip6tables-xs
Filters
-------
Content is filtered by squid and dansguardian and there are ansible variables that control them.
There is a white list file, sites.whitelist.txt. URL patterns not in this file will not be accessible.
An additional rule to block https has been added to iptables, also controlled by an ansible variable.
**N.B. https blocking and whitelist checking are disabled by default**
To enable whitelist checking and/or https blocking edit
#Gateway Filters
gw_squid_whitelist: False
gw_block_https: False
changing False to True where appropriate and then run runtags facts, gateway
Bandwidth is filtered by wondershaper.

1
roles/gateway/tasks/main.yml
View file

@ -1 +0,0 @@
-name: placekeeper

2
roles/kalite/tasks/install-f18.yml
View file

@ -52,7 +52,7 @@
dest="{{ kalite_root }}/kalite/local_settings.py" dest="{{ kalite_root }}/kalite/local_settings.py"
owner={{ kalite_user }} owner={{ kalite_user }}
group={{ kalite_user }} group={{ kalite_user }}
mode=644 mode=0644
- name: Create kalite service(s) and support scripts - name: Create kalite service(s) and support scripts
template: backup=no template: backup=no

2
roles/network/tasks/avahi.yml
View file

@ -31,7 +31,7 @@
dest=/etc/avahi/services/schoolserver.service dest=/etc/avahi/services/schoolserver.service
owner=avahi owner=avahi
group=avahi group=avahi
mode=640 mode=0640
when: 'gui_wan == True' when: 'gui_wan == True'
- name: Find a clean copy of ssh.service - name: Find a clean copy of ssh.service

6
roles/network/tasks/enable_services.yml
View file

@ -16,7 +16,7 @@
group=root group=root
mode={{ item.mode }} mode={{ item.mode }}
with_items: with_items:
- { src: 'dhcp/dhcpd-env.j2' , dest: '/etc/sysconfig/dhcpd' , mode: '0755' } - { src: 'dhcp/dhcpd-env.j2' , dest: '/etc/sysconfig/dhcpd' , mode: '0644' }
when: dhcpd_enabled when: dhcpd_enabled
- name: Copy named file - name: Copy named file
@ -26,8 +26,8 @@
group=root group=root
mode={{ item.mode }} mode={{ item.mode }}
with_items: with_items:
- { src: 'named/school.local.zone.db' , dest: '/var/named-iiab/' , mode: '0755' } - { src: 'named/school.local.zone.db' , dest: '/var/named-iiab/' , mode: '0644' }
- { src: 'named/school.internal.zone.db' , dest: '/var/named-iiab/' , mode: '0755' } - { src: 'named/school.internal.zone.db' , dest: '/var/named-iiab/' , mode: '0644' }
- name: Enable named service - name: Enable named service
service: name={{ dns_service }} service: name={{ dns_service }}

0
roles/network/templates/avahi/portal.service Executable file → Normal file
View file

0
roles/network/templates/dhcp/dhcpd-env.j2 Executable file → Normal file
View file

0
roles/network/templates/dhcp/dhcpd.service Executable file → Normal file
View file

0
roles/network/templates/named/localdomain.zone Executable file → Normal file
View file

0
roles/network/templates/named/localhost.zone Executable file → Normal file
View file

0
roles/network/templates/named/named Executable file → Normal file
View file

0
roles/network/templates/named/named-iiab.conf.j2 Executable file → Normal file
View file

0
roles/network/templates/named/named.broadcast Executable file → Normal file
View file

0
roles/network/templates/named/named.ip6.local Executable file → Normal file
View file

0
roles/network/templates/named/named.j2 Executable file → Normal file
View file

0
roles/network/templates/named/named.local Executable file → Normal file
View file

0
roles/network/templates/named/named.rfc1912.zones Executable file → Normal file
View file

0
roles/network/templates/named/named.root Executable file → Normal file
View file

0
roles/network/templates/named/named.root.hints Executable file → Normal file
View file

0
roles/network/templates/named/named.zero Executable file → Normal file
View file

0
roles/network/templates/named/school.external.zone.db Executable file → Normal file
View file

0
roles/network/templates/named/school.internal.zone.16.in-addr.db.j2 Executable file → Normal file
View file

0
roles/network/templates/named/school.internal.zone.32.in-addr.db.j2 Executable file → Normal file
View file

0
roles/network/templates/named/school.internal.zone.48.in-addr.db.j2 Executable file → Normal file
View file

0
roles/network/templates/named/school.internal.zone.db Executable file → Normal file
View file

0
roles/network/templates/named/school.internal.zone.in-addr.db.j2 Executable file → Normal file
View file

0
roles/network/templates/network/sysconfig.network.j2 Executable file → Normal file
View file

0
roles/network/templates/squid/iiab-httpcache.j2 Executable file → Normal file
View file

0
roles/network/templates/squid/squid-iiab.conf.j2 Executable file → Normal file
View file

0
roles/network/templates/squid/squid.sysconfig Executable file → Normal file
View file

0
roles/network/templates/wondershaper/wondershaper.j2 Executable file → Normal file
View file

2
roles/samba/tasks/main.yml
View file

@ -6,7 +6,7 @@
user: name="{{ smbuser }}" shell=/sbin/nologin password="{{ smbpassword }}" user: name="{{ smbuser }}" shell=/sbin/nologin password="{{ smbpassword }}"
- name: create the public folder - name: create the public folder
file: dest="{{ shared_dir }}" owner="{{ smbuser }}" group="{{ smbuser }}" mode=777 state=directory file: dest="{{ shared_dir }}" owner="{{ smbuser }}" group="{{ smbuser }}" mode=0777 state=directory
# Install and configure samba server (requires ports 137, 138, 139, 445 open). # Install and configure samba server (requires ports 137, 138, 139, 445 open).
- name: Ensure Samba-related packages are installed. - name: Ensure Samba-related packages are installed.

77
roles/sugarizer/tasks/main.yml
View file

@ -2,42 +2,52 @@
get_url: url={{ iiab_download_url }}/{{ sugarizer_version }}.tar.gz get_url: url={{ iiab_download_url }}/{{ sugarizer_version }}.tar.gz
dest={{ downloads_dir }}/{{ sugarizer_version }}.tar.gz dest={{ downloads_dir }}/{{ sugarizer_version }}.tar.gz
#fixme
- name: Untar it to target location - name: Untar it to target location
command: tar xzf {{ downloads_dir }}/{{ sugarizer_version }}.tar.gz -C {{ sugarizer_location }} command: tar xzf {{ downloads_dir }}/{{ sugarizer_version }}.tar.gz -C {{ sugarizer_location }}
creates="{{ sugarizer_location }}/{{ sugarizer_version }}/index.html"
- name: Create a symbolic link from generic url to version specific location - name: Create a symbolic link from generic url to version specific location
file: dest={{ sugarizer_location }}/sugarizer file: dest={{ sugarizer_location }}/sugarizer
src={{ sugarizer_location }}/{{ sugarizer_version }} src={{ sugarizer_location }}/{{ sugarizer_version }}
state=link state=link
- name: Install sugarizer required packages - name: Install sugarizer required packages - is_debuntu
package: name=nodejs package: name={{ item }}
state=present state=present
# - npm with_items:
when: internet_available - node-gyp
when: internet_available and is_debuntu
- name: Install npm non debian - name: Install npm non is_debuntu
package: name=npm package: name={{ item }}
state=present state=present
when: internet_available and not is_debian with_items:
- nodejs
- npm
when: internet_available and not is_debuntu
# attempting to reinstall npn is broken on raspbian 9 # attempting to reinstall npn is broken on raspbian 9
- name: check for npm already installed - name: check for sugarizer already installed
stat: path={{ sugarizer_location }}/sugarizer/server/node_modules stat: path={{ sugarizer_location }}/sugarizer/server/node_modules
register: npm register: npm
- name: set a flag to abort second attempt to install - name: set a flag to abort second attempt to install
set_fact: set_fact:
npm_exists: True npm_exists: True
when: npm.stat.exists is defined and npm.stat.exists when: npm.stat.exists is defined and npm.stat.exists
- name: Install npm on debian -- set up apt sources - name: Set up apt sources on is_debuntu
shell: curl -sL https://deb.nodesource.com/setup_6.x | bash - shell: curl -sL https://deb.nodesource.com/setup_6.x | bash -
when: internet_available and is_debian and not npm_exists when: internet_available and is_debuntu
- name: Actually get it installed - name: Actually get it installed on is_debuntu
command: apt-get install -y npm package: name={{ item }}
when: internet_available and is_debian and not npm_exists state=present
with_items:
- nodejs
- npm
when: internet_available and is_debuntu
- name: Create systemd files and copy our ini file - name: Create systemd files and copy our ini file
template: src={{ item.src }} template: src={{ item.src }}
@ -46,7 +56,7 @@
group=root group=root
mode=0644 mode=0644
with_items: with_items:
# - { src: 'sugarizer.service.j2' , dest: '/etc/systemd/system/sugarizer.service'} - { src: 'sugarizer.service.j2' , dest: '/etc/systemd/system/sugarizer.service'}
- { src: 'sugarizer.ini' , dest: '{{ sugarizer_location }}/sugarizer/server' } - { src: 'sugarizer.ini' , dest: '{{ sugarizer_location }}/sugarizer/server' }
# - { src: 'sugarizer.conf' , dest: '/etc/apache2/sites-available' } # - { src: 'sugarizer.conf' , dest: '/etc/apache2/sites-available' }
@ -55,35 +65,34 @@
# dest=/etc/apache2/sites-enabled/sugarizer.conf # dest=/etc/apache2/sites-enabled/sugarizer.conf
# state=link # state=link
- name: Create the express framework for node.js - name: Create the express framework for node.js - ALL less F18
shell: npm install shell: npm install
args: args:
chdir: "{{ sugarizer_location }}/sugarizer/server" chdir: "{{ sugarizer_location }}/sugarizer/server"
creates: "{{ sugarizer_location }}/sugarizer/server/node_modules" creates: "{{ sugarizer_location }}/sugarizer/server/node_modules"
when: not is_F18 when: not is_F18 and not npm_exists
- name: Create the express framework for node.js - name: Create the express framework for node.js - F18
shell: npm install shell: npm install
args: args:
chdir: "{{ sugarizer_location }}/sugarizer/server" chdir: "{{ sugarizer_location }}/sugarizer/server"
when: is_F18 when: is_F18 and not npm_exists
#- name: enable services - name: enable services - All
# service: name={{ item.name }} service: name={{ item.name }}
# enabled=yes enabled=yes
# state=restarted state=restarted
# with_items: with_items:
# - { name: sugarizer } - { name: sugarizer }
# when: sugarizer_enabled when: sugarizer_enabled
- name: disable services - All
#- name: disable services service: name={{ item.name }}
# service: name={{ item.name }} enabled=no
# enabled=no state=stopped
# state=stopped with_items:
# with_items: - { name: sugarizer }
# - { name: sugarizer } when: not sugarizer_enabled
# when: not sugarizer_enabled
- name: add sugarizer to service list - name: add sugarizer to service list
ini_file: dest='{{ service_filelist }}' ini_file: dest='{{ service_filelist }}'

2
roles/sugarizer/templates/sugarizer.service.j2
View file

@ -6,7 +6,7 @@ Requires=After=mongodb.service # Requires the mongodb service to run first
WorkingDirectory={{ sugarizer_location }}/sugarizer/server/ WorkingDirectory={{ sugarizer_location }}/sugarizer/server/
ExecStart=/usr/bin/node sugarizer.js ExecStart=/usr/bin/node sugarizer.js
Restart=always Restart=always
RestartSec=10 # Restart service after 10 seconds if node service crashes #RestartSec=10 # Restart service after 10 seconds if node service crashes
StandardOutput=syslog # Output to syslog StandardOutput=syslog # Output to syslog
StandardError=syslog # Output to syslog StandardError=syslog # Output to syslog
SyslogIdentifier=sugarizer SyslogIdentifier=sugarizer

2
runansible
View file

@ -12,7 +12,7 @@ if [ ! -f ./vars/local_vars.yml ]; then
OS=${OS//\"/} OS=${OS//\"/}
case $OS in case $OS in
OLPC) OLPC | fedora)
cp ./vars/olpc.localvars ./vars/local_vars.yml cp ./vars/olpc.localvars ./vars/local_vars.yml
;; ;;
centos | debian | ubuntu | raspbian) centos | debian | ubuntu | raspbian)