diff --git a/roles/network/tasks/debian.yml b/roles/network/tasks/debian.yml index 4ec38b22a..9eeddb4f6 100644 --- a/roles/network/tasks/debian.yml +++ b/roles/network/tasks/debian.yml @@ -21,52 +21,64 @@ # state=present - name: For upgrades from earlier IIAB 6.2, remove br0 file - file: path=/etc/network/interfaces.d/br0 - state=absent + file: + path: /etc/network/interfaces.d/br0 + state: absent when: iiab_lan_iface != "br0" and wan_ip == "dhcp" - name: Supply resolvconf.conf - template: dest=/etc/resolvconf.conf - src=network/resolvconf.j2 + template: + dest: /etc/resolvconf.conf + src: network/resolvconf.j2 - name: Supply dhcpcd.conf - template: dest=/etc/dhcpcd.conf - src=network/dhcpcd.conf.j2 + template: + dest: /etc/dhcpcd.conf + src: network/dhcpcd.conf.j2 when: dhcpcd_result == "enabled" - name: Copy the bridge script - template: dest=/etc/network/interfaces.d/iiab - src=network/systemd.j2 + template: + dest: /etc/network/interfaces.d/iiab + src: network/systemd.j2 when: not is_rpi and (iiab_lan_iface == "br0" or wan_ip != "dhcp" or gui_static_wan_ip == "undefined") - name: Copy the bridge script for RPi - template: dest=/etc/network/interfaces.d/iiab - src=network/rpi.j2 + template: + dest: /etc/network/interfaces.d/iiab + src: network/rpi.j2 when: is_rpi and iiab_lan_iface == "br0" -- name: Workaround auto issue on Debian-9 - template: dest=/etc/network/interfaces.d/patch_auto - src=network/debian-auto.j2 +- name: Workaround auto issue (debian-9) + template: + dest: /etc/network/interfaces.d/patch_auto + src: network/debian-auto.j2 when: iiab_wan_iface != "none" and is_debian_9 -- name: Clearing out /etc/network/interfaces for static addresses (is_debian_9) +- name: Clearing out /etc/network/interfaces for static addresses (debian-9) lineinfile: - state: absent - path: /etc/network/interfaces - regexp: "{{ iiab_wan_iface }}" + state: absent + path: /etc/network/interfaces + regexp: "{{ iiab_wan_iface }}" when: wan_ip != "dhcp" and iiab_wan_iface != "none" and is_debian_9 -- name: bind may be affected - service: name={{ dns_service }} state=stopped +- name: BIND may be affected + service: + name: "{{ dns_service }}" + state: stopped when: named_install and dnsmasq_enabled # dhcpd_server release the interface - name: dhcpd_server may be affected - stopping dhcpd - service: name=dhcpd state=stopped + service: + name: dhcpd + state: stopped when: dhcpd_install - name: dhcpd_server may be affected - stopping dnsmasq - service: name=dnsmasq state=stopped + service: + name: dnsmasq + state: stopped when: dnsmasq_install - name: Reload systemd @@ -75,9 +87,13 @@ # now pick up denyinterfaces - name: Restart dhcpcd - service: name=dhcpcd state=restarted + service: + name: dhcpcd + state: restarted when: dhcpcd_result == "enabled" - name: Restart the networking service - service: name=networking state=restarted + service: + name: networking + state: restarted when: not nobridge is defined and not no_net_restart diff --git a/roles/network/tasks/down-debian.yml b/roles/network/tasks/down-debian.yml index 393d7fd4e..c5954a72a 100644 --- a/roles/network/tasks/down-debian.yml +++ b/roles/network/tasks/down-debian.yml @@ -5,7 +5,7 @@ # dest: /etc/resolvconf.conf # src: network/resolvconf.j2 -- name: bind may be affected +- name: BIND may be affected service: name: "{{ dns_service }}" state: stopped diff --git a/roles/network/tasks/ifcfg_mods.yml b/roles/network/tasks/ifcfg_mods.yml index b5a3f5f9c..444f3241f 100644 --- a/roles/network/tasks/ifcfg_mods.yml +++ b/roles/network/tasks/ifcfg_mods.yml @@ -26,16 +26,22 @@ with_items: - "{{ discovered_lan_iface }}" -- name: bind may be affected - service: name={{ dns_service }} state=stopped +- name: BIND may be affected + service: + name: "{{ dns_service }}" + state: stopped when: named_install and dnsmasq_enabled - name: dhcpd_server may be affected - stopping dhcpd - service: name=dhcpd state=stopped + service: + name: dhcpd + state: stopped when: dhcpd_install - name: dhcpd_server may be affected - stopping dnsmasq - service: name=dnsmasq state=stopped + service: + name: dnsmasq + state: stopped when: dnsmasq_install - name: Stop the LAN/Bridge deleting iiab-LAN @@ -59,21 +65,24 @@ # when: iiab_wan_iface != "none" and not has_WAN and has_ifcfg_gw == "none" and xo_model == "none" and not iiab_demo_mode - name: Configuring LAN interface as iiab_lan_iface - template: src=network/ifcfg.j2 - dest=/etc/sysconfig/network-scripts/ifcfg-LAN + template: + src: network/ifcfg.j2 + dest: /etc/sysconfig/network-scripts/ifcfg-LAN when: iiab_lan_iface != "none" # can be more than one wired interface - name: Wired enslaving ## lan_list_result ## to Bridge - template: src=network/ifcfg-slave.j2 - dest=/etc/sysconfig/network-scripts/ifcfg-{{ item|trim }} + template: + src: network/ifcfg-slave.j2 + dest: "/etc/sysconfig/network-scripts/ifcfg-{{ item|trim }}" when: iiab_lan_iface == "br0" and item|trim != iiab_wireless_lan_iface and item|trim != iiab_wan_iface with_items: - - "{{ lan_list_result.stdout_lines }}" + - "{{ lan_list_result.stdout_lines }}" - name: WiFi enslaving {{ iiab_wireless_lan_iface }} to Bridge - template: src=network/wifi-slave.j2 - dest=/etc/sysconfig/network-scripts/ifcfg-{{ iiab_wireless_lan_iface }} + template: + src: network/wifi-slave.j2 + dest: "/etc/sysconfig/network-scripts/ifcfg-{{ iiab_wireless_lan_iface }}" when: iiab_lan_iface == "br0" and iiab_wireless_lan_iface != "none" tags: - network @@ -81,7 +90,7 @@ - include_tasks: enable_wan.yml when: not installing and not iiab_demo_mode -- name: ask systemd to reread the unit files, picks up changes done +- name: Ask systemd to reread the unit files, picks up changes done systemd: daemon_reload: yes when: not installing @@ -111,7 +120,7 @@ ignore_errors: True when: iiab_lan_iface == "br0" and item|trim != iiab_wireless_lan_iface and item|trim != iiab_wan_iface and not iiab_demo_mode with_items: - - "{{ lan_list_result.stdout_lines }}" + - "{{ lan_list_result.stdout_lines }}" #- name: restart hostapd when wifi is present # service: name=hostapd state=started diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 30aa4b307..6a60ec235 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -1,4 +1,4 @@ -- name: restart hostapd when wifi is present +- name: Restart hostapd when WiFi is present systemd: name: hostapd state: restarted diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 0e456dab1..812fe1b39 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -57,12 +57,13 @@ services_externally_visible={{ services_externally_visible }} calibre_port={{ calibre_port }} kiwix_port={{ kiwix_port }} kalite_server_port={{ kalite_server_port }} +kolibri_http_port={{ kolibri_http_port }} sugarizer_port={{ sugarizer_port }} block_DNS={{ block_DNS }} captive_portal_enabled={{ captive_portal_enabled }} py_captive_portal_enabled={{ py_captive_portal_enabled }} -echo "Lan is $lan and WAN is $wan" +echo "LAN is $lan and WAN is $wan" # # delete all existing rules. # @@ -90,6 +91,7 @@ fi if [ "$services_externally_visible" == "True" ]; then $IPTABLES -A INPUT -p tcp --dport $kiwix_port -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p tcp --dport $kalite_server_port -m state --state NEW -i $wan -j ACCEPT + $IPTABLES -A INPUT -p tcp --dport $kolibri_http_port -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p tcp --dport $calibre_port -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p tcp --dport $sugarizer_port -m state --state NEW -i $wan -j ACCEPT fi diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 05cc37f58..ce69cc687 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -316,6 +316,7 @@ kalite_password: kalite # Kolibri kolibri_install: False kolibri_enabled: False +kolibri_http_port: 8009 # Kiwix kiwix_install: True