external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-02-13 03:32:12 +00:00
Code Issues Releases Wiki Activity

Merge pull request #12 from iiab/master

Browse source 
sync from iiab/iiab
This commit is contained in:
A Holt 2017-10-17 20:55:17 -04:00 committed by GitHub
commit 344a65c900
35 changed files with 51 additions and 89 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
roles/gateway/README.rst
View file

@ -1,46 +0,0 @@
==============
Gateway README
==============
Under the heading of Gateway are a number of services that provide dhcp addresses and NAT to the lan
and filter wan access both in terms of content and bandwidth.
LAN
---
The LAN is managed by the dhcpd service and by iptables. The configuration of iptables is complicated
and works as follows:
/etc/systemd/system/iptables.service calls
/etc/sysconfig/iptables-config which calls
/usr/bin/iiab-gen-iptables
and saves the resultant configuration to /etc/sysconfig/iptables
it then supplies additional rules to iptables
As of March 2014 the following files are obsolete
/etc/sysconfig/olpc-scripts/iptables-xs
/etc/sysconfig/olpc-scripts/ip6tables-xs
Filters
-------
Content is filtered by squid and dansguardian and there are ansible variables that control them.
There is a white list file, sites.whitelist.txt. URL patterns not in this file will not be accessible.
An additional rule to block https has been added to iptables, also controlled by an ansible variable.
**N.B. https blocking and whitelist checking are disabled by default**
To enable whitelist checking and/or https blocking edit
#Gateway Filters
gw_squid_whitelist: False
gw_block_https: False
changing False to True where appropriate and then run runtags facts, gateway
Bandwidth is filtered by wondershaper.

1
roles/gateway/tasks/main.yml
View file

@ -1 +0,0 @@
-name: placekeeper

2
roles/kalite/tasks/install-f18.yml
View file

@ -52,7 +52,7 @@
dest="{{ kalite_root }}/kalite/local_settings.py"
owner={{ kalite_user }}
group={{ kalite_user }}
mode=644
mode=0644
- name: Create kalite service(s) and support scripts
template: backup=no

2
roles/network/tasks/avahi.yml
View file

@ -31,7 +31,7 @@
dest=/etc/avahi/services/schoolserver.service
owner=avahi
group=avahi
mode=640
mode=0640
when: 'gui_wan == True'
- name: Find a clean copy of ssh.service

6
roles/network/tasks/enable_services.yml
View file

@ -16,7 +16,7 @@
group=root
mode={{ item.mode }}
with_items:
- { src: 'dhcp/dhcpd-env.j2' , dest: '/etc/sysconfig/dhcpd' , mode: '0755' }
- { src: 'dhcp/dhcpd-env.j2' , dest: '/etc/sysconfig/dhcpd' , mode: '0644' }
when: dhcpd_enabled
- name: Copy named file
@ -26,8 +26,8 @@
group=root
mode={{ item.mode }}
with_items:
- { src: 'named/school.local.zone.db' , dest: '/var/named-iiab/' , mode: '0755' }
- { src: 'named/school.internal.zone.db' , dest: '/var/named-iiab/' , mode: '0755' }
- { src: 'named/school.local.zone.db' , dest: '/var/named-iiab/' , mode: '0644' }
- { src: 'named/school.internal.zone.db' , dest: '/var/named-iiab/' , mode: '0644' }
- name: Enable named service
service: name={{ dns_service }}

0
roles/network/templates/avahi/portal.service Executable file → Normal file
View file

0
roles/network/templates/dhcp/dhcpd-env.j2 Executable file → Normal file
View file

0
roles/network/templates/dhcp/dhcpd.service Executable file → Normal file
View file

0
roles/network/templates/named/localdomain.zone Executable file → Normal file
View file

0
roles/network/templates/named/localhost.zone Executable file → Normal file
View file

0
roles/network/templates/named/named Executable file → Normal file
View file

0
roles/network/templates/named/named-iiab.conf.j2 Executable file → Normal file
View file

0
roles/network/templates/named/named.broadcast Executable file → Normal file
View file

0
roles/network/templates/named/named.ip6.local Executable file → Normal file
View file

0
roles/network/templates/named/named.j2 Executable file → Normal file
View file

0
roles/network/templates/named/named.local Executable file → Normal file
View file

0
roles/network/templates/named/named.rfc1912.zones Executable file → Normal file
View file

0
roles/network/templates/named/named.root Executable file → Normal file
View file

0
roles/network/templates/named/named.root.hints Executable file → Normal file
View file

0
roles/network/templates/named/named.zero Executable file → Normal file
View file

0
roles/network/templates/named/school.external.zone.db Executable file → Normal file
View file

0
roles/network/templates/named/school.internal.zone.16.in-addr.db.j2 Executable file → Normal file
View file

0
roles/network/templates/named/school.internal.zone.32.in-addr.db.j2 Executable file → Normal file
View file

0
roles/network/templates/named/school.internal.zone.48.in-addr.db.j2 Executable file → Normal file
View file

0
roles/network/templates/named/school.internal.zone.db Executable file → Normal file
View file

0
roles/network/templates/named/school.internal.zone.in-addr.db.j2 Executable file → Normal file
View file

0
roles/network/templates/network/sysconfig.network.j2 Executable file → Normal file
View file

0
roles/network/templates/squid/iiab-httpcache.j2 Executable file → Normal file
View file

0
roles/network/templates/squid/squid-iiab.conf.j2 Executable file → Normal file
View file

0
roles/network/templates/squid/squid.sysconfig Executable file → Normal file
View file

0
roles/network/templates/wondershaper/wondershaper.j2 Executable file → Normal file
View file

2
roles/samba/tasks/main.yml
View file

@ -6,7 +6,7 @@
user: name="{{ smbuser }}" shell=/sbin/nologin password="{{ smbpassword }}"
- name: create the public folder
file: dest="{{ shared_dir }}" owner="{{ smbuser }}" group="{{ smbuser }}" mode=777 state=directory
file: dest="{{ shared_dir }}" owner="{{ smbuser }}" group="{{ smbuser }}" mode=0777 state=directory
# Install and configure samba server (requires ports 137, 138, 139, 445 open).
- name: Ensure Samba-related packages are installed.

77
roles/sugarizer/tasks/main.yml
View file

@ -2,42 +2,52 @@
get_url: url={{ iiab_download_url }}/{{ sugarizer_version }}.tar.gz
dest={{ downloads_dir }}/{{ sugarizer_version }}.tar.gz
#fixme
- name: Untar it to target location
command: tar xzf {{ downloads_dir }}/{{ sugarizer_version }}.tar.gz -C {{ sugarizer_location }}
creates="{{ sugarizer_location }}/{{ sugarizer_version }}/index.html"
- name: Create a symbolic link from generic url to version specific location
file: dest={{ sugarizer_location }}/sugarizer
src={{ sugarizer_location }}/{{ sugarizer_version }}
state=link
- name: Install sugarizer required packages
package: name=nodejs
- name: Install sugarizer required packages - is_debuntu
package: name={{ item }}
state=present
# - npm
when: internet_available
with_items:
- node-gyp
when: internet_available and is_debuntu
- name: Install npm non debian
package: name=npm
- name: Install npm non is_debuntu
package: name={{ item }}
state=present
when: internet_available and not is_debian
with_items:
- nodejs
- npm
when: internet_available and not is_debuntu
# attempting to reinstall npn is broken on raspbian 9
- name: check for npm already installed
- name: check for sugarizer already installed
stat: path={{ sugarizer_location }}/sugarizer/server/node_modules
register: npm
- name: set a flag to abort second attempt to install
set_fact:
set_fact:
npm_exists: True
when: npm.stat.exists is defined and npm.stat.exists
- name: Install npm on debian -- set up apt sources
- name: Set up apt sources on is_debuntu
shell: curl -sL https://deb.nodesource.com/setup_6.x | bash -
when: internet_available and is_debian and not npm_exists
when: internet_available and is_debuntu
- name: Actually get it installed
command: apt-get install -y npm
when: internet_available and is_debian and not npm_exists
- name: Actually get it installed on is_debuntu
package: name={{ item }}
state=present
with_items:
- nodejs
- npm
when: internet_available and is_debuntu
- name: Create systemd files and copy our ini file
template: src={{ item.src }}
@ -46,7 +56,7 @@
group=root
mode=0644
with_items:
# - { src: 'sugarizer.service.j2' , dest: '/etc/systemd/system/sugarizer.service'}
- { src: 'sugarizer.service.j2' , dest: '/etc/systemd/system/sugarizer.service'}
- { src: 'sugarizer.ini' , dest: '{{ sugarizer_location }}/sugarizer/server' }
# - { src: 'sugarizer.conf' , dest: '/etc/apache2/sites-available' }
@ -55,35 +65,34 @@
# dest=/etc/apache2/sites-enabled/sugarizer.conf
# state=link
- name: Create the express framework for node.js
- name: Create the express framework for node.js - ALL less F18
shell: npm install
args:
chdir: "{{ sugarizer_location }}/sugarizer/server"
creates: "{{ sugarizer_location }}/sugarizer/server/node_modules"
when: not is_F18
when: not is_F18 and not npm_exists
- name: Create the express framework for node.js
- name: Create the express framework for node.js - F18
shell: npm install
args:
chdir: "{{ sugarizer_location }}/sugarizer/server"
when: is_F18
when: is_F18 and not npm_exists
#- name: enable services
# service: name={{ item.name }}
# enabled=yes
# state=restarted
# with_items:
# - { name: sugarizer }
# when: sugarizer_enabled
- name: enable services - All
service: name={{ item.name }}
enabled=yes
state=restarted
with_items:
- { name: sugarizer }
when: sugarizer_enabled
#- name: disable services
# service: name={{ item.name }}
# enabled=no
# state=stopped
# with_items:
# - { name: sugarizer }
# when: not sugarizer_enabled
- name: disable services - All
service: name={{ item.name }}
enabled=no
state=stopped
with_items:
- { name: sugarizer }
when: not sugarizer_enabled
- name: add sugarizer to service list
ini_file: dest='{{ service_filelist }}'

2
roles/sugarizer/templates/sugarizer.service.j2
View file

@ -6,7 +6,7 @@ Requires=After=mongodb.service # Requires the mongodb service to run first
WorkingDirectory={{ sugarizer_location }}/sugarizer/server/
ExecStart=/usr/bin/node sugarizer.js
Restart=always
RestartSec=10 # Restart service after 10 seconds if node service crashes
#RestartSec=10 # Restart service after 10 seconds if node service crashes
StandardOutput=syslog # Output to syslog
StandardError=syslog # Output to syslog
SyslogIdentifier=sugarizer

2
runansible
View file

@ -12,7 +12,7 @@ if [ ! -f ./vars/local_vars.yml ]; then
OS=${OS//\"/}
case $OS in
OLPC)
OLPC | fedora)
cp ./vars/olpc.localvars ./vars/local_vars.yml
;;
centos | debian | ubuntu | raspbian)