From 41a91bd0f546bd4fc4ddef5bbbec17aca1296509 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Thu, 23 Jun 2022 04:55:56 +0100 Subject: [PATCH] get lan_ip soft coded everywhere --- .../templates/iiab-divert-to-nginx | 2 +- roles/cups/tasks/install.yml | 8 +++---- .../network/templates/dhcp/dhcpd-iiab.conf.j2 | 17 +++++++++----- .../templates/gateway/iiab-gen-iptables | 2 +- .../templates/named/school.internal.zone.db | 22 +++++++++---------- .../templates/named/school.local.zone.db | 22 +++++++++---------- roles/nextcloud/README.md | 2 +- roles/samba/templates/smb.conf.j2 | 2 +- roles/transmission/defaults/main.yml | 2 +- vars/default_vars.yml | 9 +++++--- 10 files changed, 49 insertions(+), 39 deletions(-) diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx index c708de87a..8d6d06b2e 100755 --- a/roles/captiveportal/templates/iiab-divert-to-nginx +++ b/roles/captiveportal/templates/iiab-divert-to-nginx @@ -1,4 +1,4 @@ #!/bin/bash -x -awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture +awk '{print("address=/" $1 "/{{ lan_ip }}")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture echo "#following tells windows 7 that captive portal is active" >> /etc/dnsmasq.d/capture echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index d585b42e0..6b8971f34 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -76,14 +76,14 @@ name: cups state: started -# - name: "Authorize Nearby IP Addresses: Run 'cupsctl --remote-admin --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://172.18.96.1:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf" +# - name: "Authorize Nearby IP Addresses: Run 'cupsctl --remote-admin --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://{{ lan_ip }}:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf" # command: cupsctl --remote-admin --share-printers --user-cancel-any # 2021-07-11: BOTH FLAGS *CANNOT* BE USED TOGETHER -- CHOOSE ONE OR THE OTHER: # (1) '--remote-admin' AS ABOVE, OR (2) '--remote-any' AS BELOW. # (RUN 'cupsctl' WITHOUT PARAMETERS TO CONFIRM THIS!) -- name: "Authorize All IP Addresses: Run 'cupsctl --remote-any --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://172.18.96.1:631 AND http://10.8.0.y:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf" +- name: "Authorize All IP Addresses: Run 'cupsctl --remote-any --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://{{ lan_ip }}:631 AND http://10.8.0.y:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf" command: cupsctl --remote-any --share-printers --user-cancel-any # 2021-07-11: In theory 'cupsctl' stanzas could be put in enable-or-disable.yml @@ -96,7 +96,7 @@ # command: cupsctl --no-remote-admin --no-remote-any --no-share-printers --no-user-cancel-any --no-debug-logging # when: not cups_enabled -# - name: "2021-07-14: EXPERIMENTALLY ADD DIRECTIVES TO /etc/cups/cupsd.conf followed by 'systemctl restart cups'. As should no longer be nec thanks to NEW cups/templates/cups.conf for /etc/nginx/conf.d/cups.conf (followed by 'systemctl restart nginx'). Which FIXED URL'S LIKE: http://box/print, http://box.lan/print, http://192.168.0.x/print, http://172.18.96.1/print and http://10.8.0.x/print (WITH OR WITHOUT THE TRAILING SLASH!) RECAP: (1) So be it that these 2 URL'S STILL DON'T WORK: http://box:631, http://box.lan:631 (due to CUPS' internal web server's overly stringent hostname checks, i.e. '400 Bad Request' and 'Request from \"localhost\" using invalid Host: field \"box[.lan]:631\".' in /var/log/cups/error_log) -- (2) While these 2 URL'S STILL DO WORK: http://localhost:631, http://127.0.0.1:631 -- (3) Whereas these 3 URL'S MAY WORK, DEPENDING ON 'cupsctl' COMMAND(S) ABOVE: http://192.168.0.x:631, http://172.18.96.1:631, http://10.8.0.x:631" +# - name: "2021-07-14: EXPERIMENTALLY ADD DIRECTIVES TO /etc/cups/cupsd.conf followed by 'systemctl restart cups'. As should no longer be nec thanks to NEW cups/templates/cups.conf for /etc/nginx/conf.d/cups.conf (followed by 'systemctl restart nginx'). Which FIXED URL'S LIKE: http://box/print, http://box.lan/print, http://192.168.0.x/print, http://{{ lan_ip }}/print and http://10.8.0.x/print (WITH OR WITHOUT THE TRAILING SLASH!) RECAP: (1) So be it that these 2 URL'S STILL DON'T WORK: http://box:631, http://box.lan:631 (due to CUPS' internal web server's overly stringent hostname checks, i.e. '400 Bad Request' and 'Request from \"localhost\" using invalid Host: field \"box[.lan]:631\".' in /var/log/cups/error_log) -- (2) While these 2 URL'S STILL DO WORK: http://localhost:631, http://127.0.0.1:631 -- (3) Whereas these 3 URL'S MAY WORK, DEPENDING ON 'cupsctl' COMMAND(S) ABOVE: http://192.168.0.x:631, http://{{ lan_ip }}:631, http://10.8.0.x:631" # lineinfile: # path: /etc/cups/cupsd.conf # line: "{{ item }}" @@ -105,7 +105,7 @@ # - "HostNameLookups On" # More False Leads: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530027 # - "ServerAlias *" # - "#ServerName {{ iiab_hostname }}.{{ iiab_domain }}" # box.lan -# - "#Listen {{ lan_ip }}:631" # 172.18.96.1 +# - "#Listen {{ lan_ip }}:631" # {{ lan_ip }} # - "#Listen 127.0.0.1:631" # - "#Listen 0.0.0.0:631" # - "#Listen *:631" diff --git a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 index a3c844120..c6cdc6028 100644 --- a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 +++ b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 @@ -5,15 +5,22 @@ ddns-update-style interim; #ignore client-updates; option domain-name "{{ iiab_domain }}"; -option domain-name-servers 172.18.96.1; -option ntp-servers 172.18.96.1; +option domain-name-servers {{ lan_ip }}; +option ntp-servers {{ lan_ip }}; subnet 172.18.96.0 netmask 255.255.224.0 { {% if iiab_network_mode == "Gateway" %} - option routers 172.18.96.1; + option routers {{ lan_ip }}; {% endif %} - option subnet-mask 255.255.224.0; - option broadcast-address 172.18.127.255; + {% if 172_network %} + option subnet-mask 255.255.224.0; + option broadcast-address 172.18.127.255; + {% else %} + option subnet-mask 255.255.255.0; + option broadcast-address 10.10.10.255; + {% endif %} + + # Description of network allocations in old OLPC school server # this is the whole range we have available - 8K addresses # range 172.18.96.2 172.18.127.254; # instead, we'll save 510 addresses for later. diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 79a112b55..d784d38a9 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -64,7 +64,7 @@ echo "iiab_gateway_enabled: $iiab_gateway_enabled" echo #network_mode=`grep iiab_network_mode_applied /etc/iiab/iiab.ini | gawk '{print $3}'` #echo -e "Network Mode: $network_mode\n" -lan_ip=$(iiab_var_value lan_ip) # 172.18.96.1 +lan_ip=$(iiab_var_value lan_ip) # {{ lan_ip }} ports_externally_visible=$(iiab_var_value ports_externally_visible) gw_block_https=$(iiab_var_value gw_block_https) diff --git a/roles/network/templates/named/school.internal.zone.db b/roles/network/templates/named/school.internal.zone.db index 99a131aa2..ec930bee8 100644 --- a/roles/network/templates/named/school.internal.zone.db +++ b/roles/network/templates/named/school.internal.zone.db @@ -1,19 +1,19 @@ @ in soa localhost. root 1 3H 15M 1W 1D ns localhost. -{{ iiab_hostname }} IN A 172.18.96.1 -schoolserver IN A 172.18.96.1 -school IN A 172.18.96.1 -www IN A 172.18.96.1 -ntp IN A 172.18.96.1 -time IN A 172.18.96.1 -presence IN A 172.18.96.1 -xs IN A 172.18.96.1 -library IN A 172.18.96.1 -box IN A 172.18.96.1 +{{ iiab_hostname }} IN A {{ lan_ip }} +schoolserver IN A {{ lan_ip }} +school IN A {{ lan_ip }} +www IN A {{ lan_ip }} +ntp IN A {{ lan_ip }} +time IN A {{ lan_ip }} +presence IN A {{ lan_ip }} +xs IN A {{ lan_ip }} +library IN A {{ lan_ip }} +box IN A {{ lan_ip }} -conference.schoolserver IN A 172.18.96.1 +conference.schoolserver IN A {{ lan_ip }} ; translations of school - in plain latin script diff --git a/roles/network/templates/named/school.local.zone.db b/roles/network/templates/named/school.local.zone.db index 3d0619e96..8b4bc384e 100644 --- a/roles/network/templates/named/school.local.zone.db +++ b/roles/network/templates/named/school.local.zone.db @@ -3,18 +3,18 @@ @ in soa localhost. root 1 3H 15M 1W 1D ns localhost. -{{ iiab_hostname }} IN A 172.18.96.1 -schoolserver IN A 172.18.96.1 -school IN A 172.18.96.1 -www IN A 172.18.96.1 -ntp IN A 172.18.96.1 -time IN A 172.18.96.1 -presence IN A 172.18.96.1 -xs IN A 172.18.96.1 -library IN A 172.18.96.1 -box IN A 172.18.96.1 +{{ iiab_hostname }} IN A {{ lan_ip }} +schoolserver IN A {{ lan_ip }} +school IN A {{ lan_ip }} +www IN A {{ lan_ip }} +ntp IN A {{ lan_ip }} +time IN A {{ lan_ip }} +presence IN A {{ lan_ip }} +xs IN A {{ lan_ip }} +library IN A {{ lan_ip }} +box IN A {{ lan_ip }} -conference.schoolserver IN A 172.18.96.1 +conference.schoolserver IN A {{ lan_ip }} ; translations of school - in plain latin script diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 99cdc4b02..3759ad121 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -43,7 +43,7 @@ Useful PHP recommendations for these settings (while largely tailored to WordPre ## Using It -Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://172.18.96.1/nextcloud (or similar) using: +Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://{{ lan_ip }}/nextcloud (or similar) using: Username: Admin Password: changeme diff --git a/roles/samba/templates/smb.conf.j2 b/roles/samba/templates/smb.conf.j2 index acfc004a7..8dd667d05 100755 --- a/roles/samba/templates/smb.conf.j2 +++ b/roles/samba/templates/smb.conf.j2 @@ -92,7 +92,7 @@ ; netbios name = MYSERVER ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 - hosts allow = 127. 172.18. + hosts allow = 127. 172.18. 10.10. ; max protocol = SMB2 diff --git a/roles/transmission/defaults/main.yml b/roles/transmission/defaults/main.yml index 380ea6048..773ec65f4 100644 --- a/roles/transmission/defaults/main.yml +++ b/roles/transmission/defaults/main.yml @@ -12,7 +12,7 @@ # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme # transmission_http_port: 9091 # transmission_url: /transmission/ -# transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.* +# transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*,10.10.10.* # transmission_whitelist_enabled: "false" # LOWERCASE STRING for settings.json # transmission_peer_port: 51413 diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 22d000eac..9eac09d85 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -98,8 +98,11 @@ disregard_network: False # Use cache, or error out if cache does not exist. iiab_hostname: box iiab_domain: lan -lan_ip: 172.18.96.1 -lan_netmask: 255.255.224.0 +lan_ip: 10.10.10.10 +172_network: False +#lan_ip: 172.18.96.1 # Use this ip for compatibility with older network systems +lan_netmask: 255.255.255.0 +#lan_netmask: 255.255.224.0 # Older networks were larger # Internal Wi-Fi Access Point # Values are used if there is an internal Wi-Fi adapter and hostapd is enabled. @@ -540,7 +543,7 @@ transmission_group: debian-transmission # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme transmission_http_port: 9091 transmission_url: /transmission/ -transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.* +transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*,10.10.10,* transmission_whitelist_enabled: "false" # LOWERCASE STRING for settings.json transmission_peer_port: 51413