1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00

Merge pull request #438 from iiab/master

Sync from iiab/iiab:master
This commit is contained in:
A Holt 2020-10-18 22:42:22 -07:00 committed by GitHub
commit 45f345c8ff
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
173 changed files with 2332 additions and 2268 deletions

View file

@ -80,7 +80,7 @@
# SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml # SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml
- name: enable mod_expires for debian - name: enable mod_expires for debian
command: a2enmod expires command: a2enmod expires
when: is_debuntu | bool when: is_debuntu
- name: create the link which enables the site - name: create the link which enables the site
file: src=/etc/apache2/sites-available/xs-activity-server.conf file: src=/etc/apache2/sites-available/xs-activity-server.conf

View file

@ -1,3 +1,3 @@
- name: Install wondershaper ajenti plugin - name: Install wondershaper ajenti plugin
pip: name="{{ iiab_download_url }}"/ajenti-plugin-wondershaper-0.3.tar.gz pip: name="{{ iiab_download_url }}"/ajenti-plugin-wondershaper-0.3.tar.gz
when: internet_available | bool when: internet_available

View file

@ -45,7 +45,7 @@
service: name=ajenti service: name=ajenti
enabled=yes enabled=yes
state=restarted state=restarted
when: ajenti_enabled | bool when: ajenti_enabled
- name: Add 'ajenti' variable values to {{ iiab_ini_file }} - name: Add 'ajenti' variable values to {{ iiab_ini_file }}
ini_file: ini_file:

View file

@ -4,7 +4,7 @@
- name: Install xs-authserver from pypi - name: Install xs-authserver from pypi
pip: name=xs-authserver pip: name=xs-authserver
when: internet_available | bool when: internet_available
- name: install gunicorn - name: install gunicorn
package: name=python-gunicorn package: name=python-gunicorn
@ -48,7 +48,7 @@
service: name=xs-authserver service: name=xs-authserver
state=restarted state=restarted
enabled=yes enabled=yes
when: authserver_enabled | bool when: authserver_enabled
- name: Add 'authserver' variable values to {{ iiab_ini_file }} - name: Add 'authserver' variable values to {{ iiab_ini_file }}
ini_file: ini_file:

View file

@ -4,7 +4,7 @@
with_items: with_items:
- docker - docker
- python-docker-py - python-docker-py
when: docker_install | bool when: docker_install
- name: put the systemd startup file in place - name: put the systemd startup file in place
template: src=docker.service template: src=docker.service
@ -31,7 +31,7 @@
service: name=docker service: name=docker
state=started state=started
enabled=true enabled=true
when: docker_enabled | bool when: docker_enabled
- name: Disable docker - name: Disable docker
service: name=docker service: name=docker

View file

@ -12,7 +12,7 @@
systemd: systemd:
name: "{{ apache_service }}" name: "{{ apache_service }}"
state: restarted state: restarted
when: apache_enabled | bool when: apache_enabled
# NGINX # NGINX
@ -32,7 +32,7 @@
systemd: systemd:
name: nginx name: nginx
state: restarted state: restarted
when: nginx_enabled | bool when: nginx_enabled
- name: Add 'dokuwiki' variable values to {{ iiab_ini_file }} - name: Add 'dokuwiki' variable values to {{ iiab_ini_file }}

View file

@ -3,7 +3,7 @@
url: "{{ iiab_download_url }}/{{ dokuwiki_version }}.tgz" url: "{{ iiab_download_url }}/{{ dokuwiki_version }}.tgz"
dest: "{{ downloads_dir }}/" dest: "{{ downloads_dir }}/"
timeout: "{{ download_timeout }}" timeout: "{{ download_timeout }}"
when: internet_available | bool when: internet_available
- name: Unarchive (unpack) it to /library/{{ dokuwiki_version }} - name: Unarchive (unpack) it to /library/{{ dokuwiki_version }}
unarchive: unarchive:

View file

@ -34,7 +34,7 @@
# src: ejabberd-iiab.init # src: ejabberd-iiab.init
# dest: /etc/init.d/ejabberd-iiab # dest: /etc/init.d/ejabberd-iiab
# mode: 0755 # mode: 0755
# when: is_debuntu | bool # when: is_debuntu
#- name: Put the startup script in place - non debian #- name: Put the startup script in place - non debian
# template: # template:
@ -71,7 +71,7 @@
#name: ejabberd-iiab #name: ejabberd-iiab
state: restarted state: restarted
enabled: yes enabled: yes
when: ejabberd_enabled | bool when: ejabberd_enabled
#when: ejabberd_config.changed and ejabberd_enabled #when: ejabberd_config.changed and ejabberd_enabled
#- name: Wait for ejabberd service start #- name: Wait for ejabberd service start

View file

@ -18,4 +18,4 @@
# src: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf" # src: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf"
# path: /etc/apache2/sites-enabled/iiab-homepage.conf # path: /etc/apache2/sites-enabled/iiab-homepage.conf
# state: link # state: link
# when: is_debuntu | bool # when: is_debuntu

View file

@ -42,7 +42,7 @@
with_items: with_items:
- idmgr - idmgr
- xinetd - xinetd
when: xo_services_enabled | bool when: xo_services_enabled
- name: Disable idmgr service - name: Disable idmgr service
service: name={{ item }} service: name={{ item }}

View file

@ -1,3 +1,3 @@
- name: Install nodogsplash (Raspbian only) - name: Install nodogsplash (Raspbian only)
include_tasks: rpi.yml include_tasks: rpi.yml
when: is_raspbian | bool when: is_raspbian

View file

@ -8,7 +8,7 @@
url: "{{ iiab_download_url }}/{{ nodogsplash_arm_deb }}" url: "{{ iiab_download_url }}/{{ nodogsplash_arm_deb }}"
dest: "{{ downloads_dir }}/{{ nodogsplash_arm_deb }}" dest: "{{ downloads_dir }}/{{ nodogsplash_arm_deb }}"
timeout: "{{ download_timeout }}" timeout: "{{ download_timeout }}"
when: internet_available | bool when: internet_available
#async: 300 #async: 300
#poll: 5 #poll: 5
@ -43,7 +43,7 @@
name: nodogsplash name: nodogsplash
enabled: yes enabled: yes
state: started state: started
when: nodogsplash_enabled | bool when: nodogsplash_enabled
- name: Disable 'nodogsplash' systemd service, if not nodogsplash_enabled - name: Disable 'nodogsplash' systemd service, if not nodogsplash_enabled
systemd: systemd:

View file

@ -7,7 +7,7 @@
- libapache2-mod-wsgi - libapache2-mod-wsgi
- libapache2-mod-xsendfile - libapache2-mod-xsendfile
state: present state: present
when: is_debuntu | bool when: is_debuntu
- name: Install 6 OSM required packages (not debuntu) - name: Install 6 OSM required packages (not debuntu)
package: package:
@ -110,7 +110,7 @@
group: root group: root
mode: 0644 mode: 0644
backup: no backup: no
when: osm_enabled | bool when: osm_enabled
- name: Create softlink osm.conf from sites-enabled to sites-available (debuntu) - name: Create softlink osm.conf from sites-enabled to sites-available (debuntu)
file: file:
@ -144,7 +144,7 @@
owner: root owner: root
group: root group: root
state: link state: link
when: osm_enabled | bool when: osm_enabled
- name: Create dir /library/knowledge/modules - name: Create dir /library/knowledge/modules
file: file:
@ -165,7 +165,7 @@
- { src: 'map.html', dest: "{{ osm_path }}/static/map.html" } - { src: 'map.html', dest: "{{ osm_path }}/static/map.html" }
- { src: 'l.control.geosearch.js', dest: "{{ osm_path }}/static/lib/leaflet/geosearch/l.control.geosearch.js" } - { src: 'l.control.geosearch.js', dest: "{{ osm_path }}/static/lib/leaflet/geosearch/l.control.geosearch.js" }
- { src: "{{ osm_path }}/static/map.html", dest: "{{ osm_path }}/static/index.html" } - { src: "{{ osm_path }}/static/map.html", dest: "{{ osm_path }}/static/index.html" }
when: osm_enabled | bool when: osm_enabled
- name: Restart httpd service - name: Restart httpd service
service: service:

View file

@ -4,7 +4,7 @@
- name: add a repo def for ubuntu - name: add a repo def for ubuntu
template: dest=/etc/apt/sources.list.d/ template: dest=/etc/apt/sources.list.d/
src=owncloud.list src=owncloud.list
when: is_ubuntu | bool when: is_ubuntu
- name: See if the owncloud startup page exists - name: See if the owncloud startup page exists
stat: path={{ owncloud_prefix }}/owncloud/index.php stat: path={{ owncloud_prefix }}/owncloud/index.php
@ -40,7 +40,7 @@
- name: Get the owncloud software - name: Get the owncloud software
get_url: url={{ iiab_download_url }}/{{ owncloud_src_file }} dest={{ downloads_dir }}/{{ owncloud_src_file }} get_url: url={{ iiab_download_url }}/{{ owncloud_src_file }} dest={{ downloads_dir }}/{{ owncloud_src_file }}
when: internet_available | bool when: internet_available
async: 300 async: 300
poll: 5 poll: 5
@ -54,7 +54,7 @@
- name: Copy it to permanent location /opt - name: Copy it to permanent location /opt
unarchive: src={{ downloads_dir }}/{{ owncloud_src_file }} unarchive: src={{ downloads_dir }}/{{ owncloud_src_file }}
dest={{ owncloud_prefix }} dest={{ owncloud_prefix }}
when: is_F18 | bool when: is_F18
- name: in Centos, the following config dir is symlink to /etc/owncloud - name: in Centos, the following config dir is symlink to /etc/owncloud
file: path=/etc/owncloud file: path=/etc/owncloud
@ -103,7 +103,7 @@
# Enable owncloud by copying template to httpd config # Enable owncloud by copying template to httpd config
- include_tasks: owncloud_enabled.yml - include_tasks: owncloud_enabled.yml
when: owncloud_enabled | bool when: owncloud_enabled
- name: Add 'owncloud' variable values to {{ iiab_ini_file }} - name: Add 'owncloud' variable values to {{ iiab_ini_file }}
ini_file: ini_file:

View file

@ -29,7 +29,7 @@
- libapache2-mod-wsgi - libapache2-mod-wsgi
- libxml2-dev - libxml2-dev
- libxslt-dev - libxslt-dev
when: is_debuntu | bool when: is_debuntu
- name: "Install Pathagar prerequisites: mod_wsgi, libxml2-devel, libxslt-devel (not debuntu)" - name: "Install Pathagar prerequisites: mod_wsgi, libxml2-devel, libxslt-devel (not debuntu)"
package: package:
@ -78,7 +78,7 @@
- django-tagging==0.3.1 - django-tagging==0.3.1
- django-sendfile==0.3.6 - django-sendfile==0.3.6
- lxml==3.4.4 - lxml==3.4.4
when: internet_available | bool when: internet_available
- name: Install Pathagar requirements in a virtualenv - name: Install Pathagar requirements in a virtualenv
pip: pip:

View file

@ -41,13 +41,13 @@
service: name=docker service: name=docker
state=restarted state=restarted
enabled=yes enabled=yes
when: schooltool_enabled | bool when: schooltool_enabled
- name: Enable schooltool - name: Enable schooltool
service: name=schooltool service: name=schooltool
state=started state=started
enabled=yes enabled=yes
when: schooltool_enabled | bool when: schooltool_enabled
- name: Disable schooltool - name: Disable schooltool
service: name=schooltool service: name=schooltool

View file

@ -29,7 +29,7 @@
- name: Enable sugar-stats service - name: Enable sugar-stats service
service: name=sugar-stats-server service: name=sugar-stats-server
enabled=yes enabled=yes
when: sugar_stats_enabled | bool when: sugar_stats_enabled
- name: Disable sugar-stats service - name: Disable sugar-stats service
service: name=sugar-stats-server service: name=sugar-stats-server

View file

@ -4,7 +4,7 @@
- name: Install statistics-consolidation with pip - name: Install statistics-consolidation with pip
pip: name=stats-consolidation version=2.1.2 pip: name=stats-consolidation version=2.1.2
when: internet_available | bool when: internet_available
- name: Install required libraries - name: Install required libraries
package: name={{ item }} package: name={{ item }}

View file

@ -20,7 +20,7 @@
url: "{{ teamviewer_url }}/{{ teamviewer_rpm_file }}" url: "{{ teamviewer_url }}/{{ teamviewer_rpm_file }}"
dest: "{{ yum_packages_dir }}/{{ teamviewer_rpm_file }}" dest: "{{ yum_packages_dir }}/{{ teamviewer_rpm_file }}"
timeout: "{{ download_timeout }}" timeout: "{{ download_timeout }}"
when: internet_available | bool when: internet_available
# F22 has issues with yum localinstall exclude for now # F22 has issues with yum localinstall exclude for now
- name: Do the install of TeamViewer, pulling in any required dependencies - name: Do the install of TeamViewer, pulling in any required dependencies

View file

@ -6,7 +6,7 @@
- name: Install Teamviewer if intel - name: Install Teamviewer if intel
include_tasks: install.yml include_tasks: install.yml
when: teamviewer_install | bool when: teamviewer_install
- name: Add 'teamviewer' variable values to {{ iiab_ini_file }} - name: Add 'teamviewer' variable values to {{ iiab_ini_file }}
ini_file: ini_file:

View file

@ -7,7 +7,7 @@
- python-pip - python-pip
- nodejs - nodejs
- npm - npm
when: internet_available | bool when: internet_available
- name: Determine if xovis is already downloaded - name: Determine if xovis is already downloaded
stat: path={{ downloadds_dir }}/xovis/xxx stat: path={{ downloadds_dir }}/xovis/xxx
@ -23,7 +23,7 @@
npm: name=kanso npm: name=kanso
global=yes global=yes
path={{ downloads_dir }} path={{ downloads_dir }}
when: internet_available | bool when: internet_available
- name: move the xovis repo into place - name: move the xovis repo into place
shell: "cp -rp {{ downloads_dir }}/xovis {{ xovis_root }}" shell: "cp -rp {{ downloads_dir }}/xovis {{ xovis_root }}"
@ -37,7 +37,7 @@
- name: Install the xovis python dependencies - name: Install the xovis python dependencies
pip: requirements={{ xovis_root }}/process_stats/requirements.txt pip: requirements={{ xovis_root }}/process_stats/requirements.txt
when: internet_available | bool when: internet_available
- name: Update xovis repo with Chart Heading - name: Update xovis repo with Chart Heading
lineinfile: dest="{{ xovis_root }}/index.html" regexp='(.+)<h1>(.*)</h1>' line='\1<h1>{{ xovis_chart_heading }}</h1>' backrefs=yes lineinfile: dest="{{ xovis_root }}/index.html" regexp='(.+)<h1>(.*)</h1>' line='\1<h1>{{ xovis_chart_heading }}</h1>' backrefs=yes
@ -49,17 +49,17 @@
service: name=couchdb service: name=couchdb
enabled=yes enabled=yes
state=started state=started
when: xovis_enabled | bool when: xovis_enabled
- name: Wait for CouchDB to become ready - name: Wait for CouchDB to become ready
wait_for: port=5984 wait_for: port=5984
delay=1 delay=1
timeout=5 timeout=5
when: xovis_enabled | bool when: xovis_enabled
- name: Add admin user - name: Add admin user
command: curl -X PUT {{ xovis_target_host }}/_config/admins/{{ xovis_db_user }} -d "\"{{ xovis_db_password }}\"" command: curl -X PUT {{ xovis_target_host }}/_config/admins/{{ xovis_db_user }} -d "\"{{ xovis_db_password }}\""
when: xovis_enabled | bool when: xovis_enabled
- name: Check if db exists - name: Check if db exists
shell: "kanso listdb | grep {{ xovis_db_name }}" shell: "kanso listdb | grep {{ xovis_db_name }}"
@ -79,7 +79,7 @@
-d {{ xovis_backup_dir }} -d {{ xovis_backup_dir }}
--deployment {{ xovis_deployment_name }} --deployment {{ xovis_deployment_name }}
--server http://{{ xovis_db_login }}@{{ xovis_target_host }}" --server http://{{ xovis_db_login }}@{{ xovis_target_host }}"
when: xovis_enabled | bool when: xovis_enabled
- name: Add 'xovis' variable values to {{ iiab_ini_file }} - name: Add 'xovis' variable values to {{ iiab_ini_file }}
ini_file: ini_file:

View file

@ -13,7 +13,7 @@
- name: 'Turn the crank for systemd: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}" (debuntu)' - name: 'Turn the crank for systemd: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}" (debuntu)'
shell: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}" shell: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}"
when: is_debuntu | bool when: is_debuntu
- name: Install /etc/sysconfig/network from template (redhat) - name: Install /etc/sysconfig/network from template (redhat)
template: template:
@ -22,7 +22,7 @@
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
when: is_redhat | bool when: is_redhat
# roles/network/tasks/hosts.yml [no longer in use] ALSO did this: # roles/network/tasks/hosts.yml [no longer in use] ALSO did this:
- name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan"' - name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan"'

View file

@ -20,7 +20,7 @@
# sections once and only once to preserve the install date and git hash. # sections once and only once to preserve the install date and git hash.
- name: Create IIAB tools and {{ iiab_ini_file }}, if first_run - name: Create IIAB tools and {{ iiab_ini_file }}, if first_run
include_tasks: first_run.yml include_tasks: first_run.yml
when: first_run | bool when: first_run
# Copies the latest/known version of iiab-diagnostics into /usr/bin (so it can # Copies the latest/known version of iiab-diagnostics into /usr/bin (so it can
# be run even if local source tree /opt/iiab/iiab is deleted to conserve disk). # be run even if local source tree /opt/iiab/iiab is deleted to conserve disk).
@ -94,7 +94,7 @@
- name: Set port 443 for Admin Console if adm_cons_force_ssl - name: Set port 443 for Admin Console if adm_cons_force_ssl
set_fact: set_fact:
gui_port: 443 gui_port: 443
when: adm_cons_force_ssl | bool when: adm_cons_force_ssl
- name: "Set iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}" - name: "Set iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}"
set_fact: set_fact:
@ -108,7 +108,7 @@
- name: Set hostname if FQDN_changed - name: Set hostname if FQDN_changed
include_tasks: hostname.yml include_tasks: hostname.yml
when: FQDN_changed | bool when: FQDN_changed
- name: Add 'runtime' variable values to {{ iiab_ini_file }} - name: Add 'runtime' variable values to {{ iiab_ini_file }}
ini_file: ini_file:

View file

@ -13,8 +13,8 @@
# by various scripts, possibly bypassing 0-init? Either way, risks abound :/ # by various scripts, possibly bypassing 0-init? Either way, risks abound :/
# 1. "Ansible 2.8+ ADVISORY: avoid warnings by using 'when: var | bool' for # 1. "Ansible 2.8+ ADVISORY: avoid warnings by using 'when: var | bool' for
# top-level BARE vars (in case they're strings, instead of boolean)" # top-level BARE vars (in case they're strings, instead of boolean)" per #1632.
# https://github.com/iiab/iiab/issues/1632 # 2020-10-16: NO LONGER NEC, SEE: https://github.com/iiab/iiab/pull/2576
# 2. "How Exactly Does Ansible Parse Boolean Variables?" # 2. "How Exactly Does Ansible Parse Boolean Variables?"
# https://stackoverflow.com/questions/47877464/how-exactly-does-ansible-parse-boolean-variables/47877502#47877502 # https://stackoverflow.com/questions/47877464/how-exactly-does-ansible-parse-boolean-variables/47877502#47877502
@ -32,6 +32,10 @@
# ~18 words too WILL FAIL as strings (as will any non-empty string...so beware # ~18 words too WILL FAIL as strings (as will any non-empty string...so beware
# casting strings to boolean later on...can make the situation worse!) # casting strings to boolean later on...can make the situation worse!)
# https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.8.html#bare-variables-in-conditionals # https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.8.html#bare-variables-in-conditionals
#
# 2020-07-08 - Excellent analysis & summary by Jon Spriggs: "In Ansible,
# determine the type of a value, and casting those values to other types"
# https://jon.sprig.gs/blog/post/1801
# 3. "How do i fail a task in Ansible if the variable contains a boolean value? # 3. "How do i fail a task in Ansible if the variable contains a boolean value?
# I want to perform input validation for Ansible playbooks" # I want to perform input validation for Ansible playbooks"

View file

@ -5,7 +5,7 @@
- name: dnsmasq (install now, configure LATER in 'network', after Stage 9) - name: dnsmasq (install now, configure LATER in 'network', after Stage 9)
include_tasks: roles/network/tasks/dnsmasq.yml include_tasks: roles/network/tasks/dnsmasq.yml
#when: dnsmasq_install | bool # Flag might be used in future? #when: dnsmasq_install # Flag might be used in future?
- name: Install uuid-runtime package (debuntu) - name: Install uuid-runtime package (debuntu)
package: package:
@ -13,7 +13,7 @@
- uuid-runtime - uuid-runtime
- sudo - sudo
state: present state: present
when: is_debuntu | bool when: is_debuntu
- name: Does /etc/iiab/uuid file exist? - name: Does /etc/iiab/uuid file exist?
stat: stat:
@ -79,17 +79,17 @@
- name: SSHD - name: SSHD
include_role: include_role:
name: sshd name: sshd
when: sshd_install | bool when: sshd_install
- name: IIAB-ADMIN - name: IIAB-ADMIN
include_role: include_role:
name: iiab-admin name: iiab-admin
#when: iiab_admin_install | bool # Flag might be created in future? #when: iiab_admin_install # Flag might be created in future?
- name: OPENVPN - name: OPENVPN
include_role: include_role:
name: openvpn name: openvpn
when: openvpn_install | bool when: openvpn_install
# Debian 10 "Buster" is apparently enabling AppArmor in 2019: # Debian 10 "Buster" is apparently enabling AppArmor in 2019:
# https://wiki.debian.org/AppArmor/Progress # https://wiki.debian.org/AppArmor/Progress
@ -102,7 +102,7 @@
name: apparmor name: apparmor
enabled: False enabled: False
state: stopped state: stopped
when: is_ubuntu | bool when: is_ubuntu
ignore_errors: True ignore_errors: True
- name: Disable SELinux on next boot (OS's other than debuntu) - name: Disable SELinux on next boot (OS's other than debuntu)

View file

@ -30,7 +30,7 @@
package: package:
name: iptables-persistent name: iptables-persistent
state: present state: present
when: is_debuntu | bool when: is_debuntu
- name: Install package iptables-services (OS's other than debuntu) - name: Install package iptables-services (OS's other than debuntu)
package: package:
@ -51,4 +51,4 @@
src: iptables src: iptables
dest: /etc/network/if-pre-up.d/iptables dest: /etc/network/if-pre-up.d/iptables
mode: '0755' mode: '0755'
when: is_debuntu | bool when: is_debuntu

View file

@ -12,7 +12,7 @@
- xml-common - xml-common
- yum-utils - yum-utils
state: present state: present
when: is_redhat | bool when: is_redhat
- name: "Install 6 deb/apt packages: avahi-daemon, exfat-fuse, exfat-utils, inetutils-syslogd, libnss-mdns, wpasupplicant (debuntu)" - name: "Install 6 deb/apt packages: avahi-daemon, exfat-fuse, exfat-utils, inetutils-syslogd, libnss-mdns, wpasupplicant (debuntu)"
package: package:
@ -25,9 +25,9 @@
- libnss-mdns - libnss-mdns
- wpasupplicant - wpasupplicant
state: present state: present
when: is_debuntu | bool when: is_debuntu
- name: "Install 23 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sqlite3, sudo, tar, unzip, usbutils, wget" - name: "Install 22 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sqlite3, sudo, tar, unzip, usbutils, wget"
package: package:
name: name:
- acpid - acpid
@ -52,7 +52,7 @@
- rsync - rsync
#- screen # Installed by 1-prep's roles/iiab-admin/tasks/access.yml #- screen # Installed by 1-prep's roles/iiab-admin/tasks/access.yml
- sqlite3 - sqlite3
- sudo #- sudo # Installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml
- tar - tar
- unzip - unzip
#- usbmount # Moved to roles/usb_lib/tasks/install.yml #- usbmount # Moved to roles/usb_lib/tasks/install.yml

View file

@ -13,18 +13,18 @@
- name: get the createrepo program - name: get the createrepo program
package: name=createrepo package: name=createrepo
state=present state=present
when: is_redhat | bool when: is_redhat
- name: Create local repo - name: Create local repo
shell: createrepo {{ yum_packages_dir }} shell: createrepo {{ yum_packages_dir }}
when: is_redhat | bool when: is_redhat
- name: Install local repo file. - name: Install local repo file.
template: dest=/etc/yum.repos.d/iiab-local.repo template: dest=/etc/yum.repos.d/iiab-local.repo
src=local.repo src=local.repo
owner=root owner=root
mode=0644 mode=0644
when: is_redhat | bool when: is_redhat
- name: Install yum packages - name: Install yum packages
package: name={{ item }} package: name={{ item }}
@ -36,7 +36,7 @@
- linux-firmware - linux-firmware
- syslog - syslog
- xml-common - xml-common
when: is_redhat | bool when: is_redhat
- name: Install yum packages for Debian - name: Install yum packages for Debian
package: name={{ item }} package: name={{ item }}
@ -44,7 +44,7 @@
with_items: with_items:
- inetutils-syslogd - inetutils-syslogd
- wpasupplicant - wpasupplicant
when: is_debuntu | bool when: is_debuntu
- name: Install common packages - name: Install common packages
package: name={{ item }} package: name={{ item }}
@ -82,7 +82,7 @@
- glibc # CVE-2015-7547 - glibc # CVE-2015-7547
- bash - bash
- iptables - iptables
when: is_redhat | bool when: is_redhat
- name: Update common packages (debian) - name: Update common packages (debian)
package: name={{ item }} package: name={{ item }}
@ -91,7 +91,7 @@
- libc6 - libc6
- bash - bash
- iptables - iptables
when: is_debuntu | bool when: is_debuntu
# instuctions state to start with a fully updated system before starting, stop using # instuctions state to start with a fully updated system before starting, stop using

View file

@ -6,7 +6,7 @@
- name: MYSQL - name: MYSQL
include_role: include_role:
name: mysql name: mysql
#when: mysql_install | bool #when: mysql_install
# 2020-05-21: Apache role 'httpd' is installed as nec by any of these 7 roles: # 2020-05-21: Apache role 'httpd' is installed as nec by any of these 7 roles:
# #
@ -22,12 +22,12 @@
- name: NGINX - name: NGINX
include_role: include_role:
name: nginx name: nginx
#when: nginx_install | bool #when: nginx_install
- name: WWW_BASE (WWW_OPTIONS should be installed later) - name: WWW_BASE (WWW_OPTIONS should be installed later)
include_role: include_role:
name: www_base name: www_base
#when: www_base_install | bool # Flag might be created in future? #when: www_base_install # Flag might be created in future?
- name: Recording STAGE 3 HAS COMPLETED ===================== - name: Recording STAGE 3 HAS COMPLETED =====================
lineinfile: lineinfile:

View file

@ -16,25 +16,25 @@
- name: Install pylibs (IIAB's python libs) - name: Install pylibs (IIAB's python libs)
include_role: include_role:
name: pylibs name: pylibs
#when: pylibs_install | bool # Flag might be created in future? #when: pylibs_install # Flag might be created in future?
# Also run by roles/1-prep/tasks/main.yml as required by OpenVPN. # Also run by roles/1-prep/tasks/main.yml as required by OpenVPN.
- name: SSHD - name: SSHD
include_role: include_role:
name: sshd name: sshd
when: sshd_install | bool when: sshd_install
- name: Install named / BIND - name: Install named / BIND
include_tasks: roles/network/tasks/named.yml include_tasks: roles/network/tasks/named.yml
when: named_install | bool when: named_install
- name: Install dhcpd - name: Install dhcpd
include_tasks: roles/network/tasks/dhcpd.yml include_tasks: roles/network/tasks/dhcpd.yml
when: dhcpd_install | bool when: dhcpd_install
- name: Install Squid (and DansGuardian if dansguardian_install) - name: Install Squid (and DansGuardian if dansguardian_install)
include_tasks: roles/network/tasks/squid.yml include_tasks: roles/network/tasks/squid.yml
when: squid_install | bool when: squid_install
- name: Install Bluetooth - only on Raspberry Pi - name: Install Bluetooth - only on Raspberry Pi
include_role: include_role:
@ -44,17 +44,17 @@
- name: USB_LIB - name: USB_LIB
include_role: include_role:
name: usb_lib name: usb_lib
when: usb_lib_install | bool when: usb_lib_install
- name: CUPS - name: CUPS
include_role: include_role:
name: cups name: cups
when: cups_install | bool when: cups_install
- name: SAMBA - name: SAMBA
include_role: include_role:
name: samba name: samba
when: samba_install | bool when: samba_install
# 2020-02-17: What was roles/homepage lives in roles/www_options # 2020-02-17: What was roles/homepage lives in roles/www_options
# 2020-10-08: Softcoded iiab_home_url should work (e.g. using local_vars.yml or # 2020-10-08: Softcoded iiab_home_url should work (e.g. using local_vars.yml or
@ -65,7 +65,7 @@
- name: WWW_OPTIONS (WWW_BASE should have been installed earlier) - name: WWW_OPTIONS (WWW_BASE should have been installed earlier)
include_role: include_role:
name: www_options name: www_options
#when: www_options_install | bool # Flag might be created in future? #when: www_options_install # Flag might be created in future?
- name: Recording STAGE 4 HAS COMPLETED ================== - name: Recording STAGE 4 HAS COMPLETED ==================
lineinfile: lineinfile:

View file

@ -24,47 +24,47 @@
- name: ELGG - name: ELGG
include_role: include_role:
name: elgg name: elgg
when: elgg_install | bool when: elgg_install
- name: GITEA - name: GITEA
include_role: include_role:
name: gitea name: gitea
when: gitea_install | bool when: gitea_install
- name: LOKOLE - name: LOKOLE
include_role: include_role:
name: lokole name: lokole
when: lokole_install | bool when: lokole_install
- name: MEDIAWIKI - name: MEDIAWIKI
include_role: include_role:
name: mediawiki name: mediawiki
when: mediawiki_install | bool when: mediawiki_install
- name: MOSQUITTO - name: MOSQUITTO
include_role: include_role:
name: mosquitto name: mosquitto
when: mosquitto_install | bool when: mosquitto_install
- name: NODE-RED - name: NODE-RED
include_role: include_role:
name: nodered name: nodered
when: nodered_install | bool when: nodered_install
- name: NEXTCLOUD - name: NEXTCLOUD
include_role: include_role:
name: nextcloud name: nextcloud
when: nextcloud_install | bool when: nextcloud_install
- name: PBX - name: PBX
include_role: include_role:
name: pbx name: pbx
when: pbx_install | bool when: pbx_install
- name: WORDPRESS - name: WORDPRESS
include_role: include_role:
name: wordpress name: wordpress
when: wordpress_install | bool when: wordpress_install
- name: Recording STAGE 6 HAS COMPLETED ==================== - name: Recording STAGE 6 HAS COMPLETED ====================
lineinfile: lineinfile:

View file

@ -6,27 +6,27 @@
- name: KALITE - name: KALITE
include_role: include_role:
name: kalite name: kalite
when: kalite_install | bool when: kalite_install
- name: KOLIBRI - name: KOLIBRI
include_role: include_role:
name: kolibri name: kolibri
when: kolibri_install | bool when: kolibri_install
- name: KIWIX - name: KIWIX
include_role: include_role:
name: kiwix name: kiwix
when: kiwix_install | bool when: kiwix_install
- name: MOODLE - name: MOODLE
include_role: include_role:
name: moodle name: moodle
when: moodle_install | bool when: moodle_install
- name: OSM-VECTOR-MAPS - name: OSM-VECTOR-MAPS
include_role: include_role:
name: osm-vector-maps name: osm-vector-maps
when: osm_vector_maps_install | bool when: osm_vector_maps_install
# UNMAINTAINED # UNMAINTAINED
- name: OSM - name: OSM
@ -43,7 +43,7 @@
- name: SUGARIZER - name: SUGARIZER
include_role: include_role:
name: sugarizer name: sugarizer
when: sugarizer_install | bool when: sugarizer_install
- name: Recording STAGE 7 HAS COMPLETED ======================== - name: Recording STAGE 7 HAS COMPLETED ========================
lineinfile: lineinfile:

View file

@ -6,32 +6,32 @@
- name: TRANSMISSION - name: TRANSMISSION
include_role: include_role:
name: transmission name: transmission
when: transmission_install | bool when: transmission_install
- name: AWSTATS - name: AWSTATS
include_role: include_role:
name: awstats name: awstats
when: awstats_install | bool when: awstats_install
- name: MONIT - name: MONIT
include_role: include_role:
name: monit name: monit
when: monit_install | bool when: monit_install
- name: MUNIN - name: MUNIN
include_role: include_role:
name: munin name: munin
when: munin_install | bool when: munin_install
- name: PHPMYADMIN - name: PHPMYADMIN
include_role: include_role:
name: phpmyadmin name: phpmyadmin
when: phpmyadmin_install | bool when: phpmyadmin_install
- name: VNSTAT - name: VNSTAT
include_role: include_role:
name: vnstat name: vnstat
when: vnstat_install | bool when: vnstat_install
- name: Recording STAGE 8 HAS COMPLETED ====================== - name: Recording STAGE 8 HAS COMPLETED ======================
lineinfile: lineinfile:

View file

@ -6,29 +6,29 @@
- name: INTERNETARCHIVE - name: INTERNETARCHIVE
include_role: include_role:
name: internetarchive name: internetarchive
when: internetarchive_install | bool when: internetarchive_install
# Is porting to Python 3 complete, and if so does this belong elsewhere? # Is porting to Python 3 complete, and if so does this belong elsewhere?
- name: CAPTIVE PORTAL - name: CAPTIVE PORTAL
include_role: include_role:
name: captiveportal name: captiveportal
when: captiveportal_install | bool when: captiveportal_install
- name: MINETEST - name: MINETEST
include_role: include_role:
name: minetest name: minetest
when: minetest_install | bool when: minetest_install
# KEEP AT THE END as this installs dependencies from Debian's 'testing' branch! # KEEP AT THE END as this installs dependencies from Debian's 'testing' branch!
- name: CALIBRE - name: CALIBRE
include_role: include_role:
name: calibre name: calibre
when: calibre_install | bool when: calibre_install
- name: CALIBRE-WEB - name: CALIBRE-WEB
include_role: include_role:
name: calibre-web name: calibre-web
when: calibreweb_install | bool when: calibreweb_install
- name: Recording STAGE 9 HAS COMPLETED ==================== - name: Recording STAGE 9 HAS COMPLETED ====================
lineinfile: lineinfile:

View file

@ -1,6 +1,6 @@
- name: Enable http://box/awstats and/or http://box/awstats/awstats.pl via Apache - name: Enable http://box/awstats and/or http://box/awstats/awstats.pl via Apache
command: a2ensite awstats.conf command: a2ensite awstats.conf
when: awstats_enabled | bool when: awstats_enabled
- name: Disable http://box/awstats and/or http://box/awstats/awstats.pl via Apache - name: Disable http://box/awstats and/or http://box/awstats/awstats.pl via Apache
command: a2dissite awstats.conf command: a2dissite awstats.conf

View file

@ -2,7 +2,7 @@
# #
# - Prepare for a possible future w/o Apache by verifying/refining below... # - Prepare for a possible future w/o Apache by verifying/refining below...
# - 5 'when: apache_installed is defined' # - 5 'when: apache_installed is defined'
# - 1 'when: nginx_install | bool' # - 1 'when: nginx_install'
# - 8 core stanzas w/o such 'when:' clauses # - 8 core stanzas w/o such 'when:' clauses
- name: 'Install 3 packages: awstats, openssl, pwauth' - name: 'Install 3 packages: awstats, openssl, pwauth'
@ -98,7 +98,7 @@
template: template:
src: cgi-bin.php src: cgi-bin.php
dest: /etc/nginx/ dest: /etc/nginx/
when: nginx_install | bool when: nginx_install
# RECORD AWStats AS INSTALLED # RECORD AWStats AS INSTALLED

View file

@ -30,7 +30,7 @@
- name: Enable/Disable/Restart NGINX if primary - name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml include_tasks: nginx.yml
when: nginx_enabled | bool when: nginx_enabled
- name: Add 'awstats' variable values to {{ iiab_ini_file }} - name: Add 'awstats' variable values to {{ iiab_ini_file }}

View file

@ -2,7 +2,7 @@
template: template:
src: awstats-nginx.conf src: awstats-nginx.conf
dest: "{{ nginx_conf_dir }}/" # /etc/nginx/conf.d dest: "{{ nginx_conf_dir }}/" # /etc/nginx/conf.d
when: awstats_enabled | bool when: awstats_enabled
- name: Disable http://box/awstats via NGINX, by removing {{ nginx_conf_dir }}/awstats-nginx.conf - name: Disable http://box/awstats via NGINX, by removing {{ nginx_conf_dir }}/awstats-nginx.conf
file: file:

View file

@ -25,7 +25,7 @@
dest: "{{ azuracast_host_dir }}/" dest: "{{ azuracast_host_dir }}/"
timeout: "{{ download_timeout }}" timeout: "{{ download_timeout }}"
mode: 0755 mode: 0755
when: internet_available | bool when: internet_available
- name: AzuraCast - Download AzuraCast's docker-compose.yml sample from GitHub to {{ azuracast_host_dir }} - name: AzuraCast - Download AzuraCast's docker-compose.yml sample from GitHub to {{ azuracast_host_dir }}
get_url: get_url:
@ -33,7 +33,7 @@
dest: "{{ azuracast_host_dir }}/docker-compose.yml" dest: "{{ azuracast_host_dir }}/docker-compose.yml"
timeout: "{{ download_timeout }}" timeout: "{{ download_timeout }}"
mode: 0755 mode: 0755
when: internet_available | bool when: internet_available
- name: AzuraCast - Make changes to docker.sh script so it runs headless - name: AzuraCast - Make changes to docker.sh script so it runs headless
lineinfile: lineinfile:

View file

@ -31,7 +31,7 @@
name: bt-pan name: bt-pan
enabled: yes enabled: yes
state: restarted state: restarted
when: bluetooth_enabled | bool when: bluetooth_enabled
- name: Disable 'bt-pan' service - name: Disable 'bt-pan' service
systemd: systemd:
@ -47,7 +47,7 @@
name: bt-term name: bt-term
enabled: yes enabled: yes
state: restarted state: restarted
when: bluetooth_term_enabled | bool when: bluetooth_term_enabled
- name: Disable 'bt-term' service - name: Disable 'bt-term' service
systemd: systemd:

View file

@ -1,6 +1,6 @@
- name: Enable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} via Apache # http://box/books, http://box/libros, http://box/livres - name: Enable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} via Apache # http://box/books, http://box/libros, http://box/livres
command: a2ensite calibre-web.conf command: a2ensite calibre-web.conf
when: calibreweb_enabled | bool when: calibreweb_enabled
- name: Disable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} via Apache - name: Disable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} via Apache
command: a2dissite calibre-web.conf command: a2dissite calibre-web.conf

View file

@ -33,7 +33,7 @@
force: yes force: yes
depth: 1 depth: 1
version: "{{ calibreweb_version }}" # e.g. master, 0.6.5 version: "{{ calibreweb_version }}" # e.g. master, 0.6.5
when: internet_available | bool when: internet_available
## Ansible Pip Bug: Cannot use 'chdir' with 'env' https://github.com/ansible/ansible/issues/37912 (Patch landed) ## Ansible Pip Bug: Cannot use 'chdir' with 'env' https://github.com/ansible/ansible/issues/37912 (Patch landed)
#- name: Download calibre-web dependencies into vendor subdirectory. #- name: Download calibre-web dependencies into vendor subdirectory.
@ -50,7 +50,7 @@
virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3
virtualenv_site_packages: no virtualenv_site_packages: no
virtualenv_command: python3 -m venv {{ calibreweb_venv_path }} virtualenv_command: python3 -m venv {{ calibreweb_venv_path }}
when: internet_available | bool when: internet_available
- name: Install /etc/systemd/system/calibre-web.service from template - name: Install /etc/systemd/system/calibre-web.service from template
template: template:
@ -80,7 +80,7 @@
- roles/calibre-web/files/metadata.db - roles/calibre-web/files/metadata.db
- roles/calibre-web/files/metadata_db_prefs_backup.json - roles/calibre-web/files/metadata_db_prefs_backup.json
when: not metadatadb.stat.exists when: not metadatadb.stat.exists
#when: calibreweb_provision | bool #when: calibreweb_provision
- name: Provision/Copy default admin settings to {{ calibreweb_config }}/app.db IF metadata.db did not exist - name: Provision/Copy default admin settings to {{ calibreweb_config }}/app.db IF metadata.db did not exist
copy: copy:
@ -91,7 +91,7 @@
mode: '0644' mode: '0644'
backup: yes backup: yes
when: not metadatadb.stat.exists when: not metadatadb.stat.exists
#when: calibreweb_provision | bool #when: calibreweb_provision
# RECORD Calibre-Web AS INSTALLED # RECORD Calibre-Web AS INSTALLED

View file

@ -30,7 +30,7 @@
daemon_reload: yes daemon_reload: yes
enabled: yes enabled: yes
state: restarted state: restarted
when: calibreweb_enabled | bool when: calibreweb_enabled
- name: Disable & Stop 'calibre-web' systemd service, if not calibreweb_enabled - name: Disable & Stop 'calibre-web' systemd service, if not calibreweb_enabled
systemd: systemd:
@ -45,7 +45,7 @@
- name: Enable/Disable/Restart NGINX if primary - name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml include_tasks: nginx.yml
when: nginx_enabled | bool when: nginx_enabled
- name: Add 'calibre-web' variable values to {{ iiab_ini_file }} - name: Add 'calibre-web' variable values to {{ iiab_ini_file }}

View file

@ -5,7 +5,7 @@
template: template:
src: calibre-web-nginx.conf.j2 src: calibre-web-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/calibre-web-nginx.conf" # /etc/nginx/conf.d dest: "{{ nginx_conf_dir }}/calibre-web-nginx.conf" # /etc/nginx/conf.d
when: calibreweb_enabled | bool when: calibreweb_enabled
- name: Disable http://box{{ calibreweb_url1 }} via NGINX, by removing {{ nginx_conf_dir }}/calibre-web-nginx.conf - name: Disable http://box{{ calibreweb_url1 }} via NGINX, by removing {{ nginx_conf_dir }}/calibre-web-nginx.conf
file: file:

View file

@ -14,7 +14,7 @@
# #
#- name: Install Calibre via .debs (if Raspbian) #- name: Install Calibre via .debs (if Raspbian)
# command: scripts/calibre-install-latest-rpi.sh # WORKED for Calibre 3.33.1 on 2018-10-23. And Calibre 3.28 on 2018-07-26 (PR #971). Likewise for Calibre 3.26.x. FAILED with Calibre 3.24+ ("calibre : Depends: python-pyqt5 (>= 5.10.1+dfsg-2) but 5.10.1+dfsg-1+rpi1 is to be installed") since June 2018. # command: scripts/calibre-install-latest-rpi.sh # WORKED for Calibre 3.33.1 on 2018-10-23. And Calibre 3.28 on 2018-07-26 (PR #971). Likewise for Calibre 3.26.x. FAILED with Calibre 3.24+ ("calibre : Depends: python-pyqt5 (>= 5.10.1+dfsg-2) but 5.10.1+dfsg-1+rpi1 is to be installed") since June 2018.
# when: is_raspbian | bool # when: is_raspbian
# 2020-04-29: Can work *IF* you do 'apt install python2' and change top line # 2020-04-29: Can work *IF* you do 'apt install python2' and change top line
# of /opt/iiab/downloads/calibre-installer.py from '#!/usr/bin/env python2' # of /opt/iiab/downloads/calibre-installer.py from '#!/usr/bin/env python2'

View file

@ -44,7 +44,7 @@
name: calibre-serve name: calibre-serve
enabled: yes enabled: yes
state: restarted state: restarted
when: calibre_enabled | bool when: calibre_enabled
- name: Disable & Stop 'calibre-serve' service, if not calibre_enabled - name: Disable & Stop 'calibre-serve' service, if not calibre_enabled
systemd: systemd:
@ -59,7 +59,7 @@
# #
#- name: Enable/Disable/Restart NGINX if primary #- name: Enable/Disable/Restart NGINX if primary
# include_tasks: nginx.yml # include_tasks: nginx.yml
# when: nginx_enabled | bool # when: nginx_enabled
- name: Add 'calibre' variable values to {{ iiab_ini_file }} - name: Add 'calibre' variable values to {{ iiab_ini_file }}

View file

@ -12,7 +12,7 @@
backup: yes backup: yes
timeout: "{{ download_timeout }}" timeout: "{{ download_timeout }}"
register: calibre_download_output register: calibre_download_output
when: internet_available | bool when: internet_available
# ALWAYS DEFINED, DESPITE get_url DOCUMENTATION CLAIM... # ALWAYS DEFINED, DESPITE get_url DOCUMENTATION CLAIM...
# - debug: # - debug:
@ -53,4 +53,4 @@
shell: "{{ downloads_dir }}/calibre-installer.py >> /dev/null" shell: "{{ downloads_dir }}/calibre-installer.py >> /dev/null"
#args: #args:
# creates: /usr/bin/calibre-uninstall # creates: /usr/bin/calibre-uninstall
when: internet_available | bool when: internet_available

View file

@ -15,7 +15,7 @@
template: template:
src: captiveportal.ini.j2 src: captiveportal.ini.j2
dest: /etc/uwsgi/apps-enabled/captiveportal.ini dest: /etc/uwsgi/apps-enabled/captiveportal.ini
when: captiveportal_enabled | bool when: captiveportal_enabled
- name: Delete /etc/uwsgi/apps-enabled/captiveportal.ini (if not captiveportal_enabled) - name: Delete /etc/uwsgi/apps-enabled/captiveportal.ini (if not captiveportal_enabled)
file: file:
@ -28,7 +28,7 @@
src: /etc/nginx/sites-available/capture.conf src: /etc/nginx/sites-available/capture.conf
path: /etc/nginx/sites-enabled/capture.conf path: /etc/nginx/sites-enabled/capture.conf
state: link state: link
when: captiveportal_enabled | bool when: captiveportal_enabled
- name: Delete symlink /etc/nginx/sites-enabled/capture.conf to disable NGINX to location definitions for checkurls (if not captiveportal_enabled) - name: Delete symlink /etc/nginx/sites-enabled/capture.conf to disable NGINX to location definitions for checkurls (if not captiveportal_enabled)
file: file:
@ -38,7 +38,7 @@
- name: Run iiab-divert-to-nginx to generate diversion lists for NGINX - name: Run iiab-divert-to-nginx to generate diversion lists for NGINX
shell: /usr/sbin/iiab-divert-to-nginx shell: /usr/sbin/iiab-divert-to-nginx
when: captiveportal_enabled | bool when: captiveportal_enabled
- name: Delete /etc/dnsmasq.d/capture to make sure dnsmasq is not diverting (if not captiveportal_enabled) - name: Delete /etc/dnsmasq.d/capture to make sure dnsmasq is not diverting (if not captiveportal_enabled)
file: file:
@ -60,10 +60,10 @@
systemd: systemd:
name: dnsmasq name: dnsmasq
state: stopped state: stopped
when: dnsmasq_enabled | bool when: dnsmasq_enabled
- name: Start 'dnsmasq' systemd service (if dnsmasq_enabled) - name: Start 'dnsmasq' systemd service (if dnsmasq_enabled)
systemd: systemd:
name: dnsmasq name: dnsmasq
state: started state: started
when: dnsmasq_enabled | bool when: dnsmasq_enabled

View file

@ -1,6 +1,6 @@
- name: Enable http://box/cups via Apache (MIGHT NOT WORK?) - name: Enable http://box/cups via Apache (MIGHT NOT WORK?)
command: a2ensite cups.conf command: a2ensite cups.conf
when: cups_enabled | bool when: cups_enabled
- name: Disable http://box/cups via Apache - name: Disable http://box/cups via Apache
command: a2dissite cups.conf command: a2dissite cups.conf
@ -18,7 +18,7 @@
with_items: with_items:
- cups - cups
- cups-browsed - cups-browsed
when: cups_enabled | bool when: cups_enabled
#when: cups_enabled and not is_F18 #when: cups_enabled and not is_F18
# - name: Enable & Start 'cups' systemd service (Fedora 18, for XO laptops) # - name: Enable & Start 'cups' systemd service (Fedora 18, for XO laptops)
@ -30,7 +30,7 @@
- name: Permit headless admin of CUPS -- only works when CUPS daemon is running (if cups_enabled) - name: Permit headless admin of CUPS -- only works when CUPS daemon is running (if cups_enabled)
shell: "cupsctl --remote-admin" shell: "cupsctl --remote-admin"
when: cups_enabled | bool when: cups_enabled
- name: Disable & Stop 'cups' & 'cups-browsed' systemd services (OS's other than Fedora 18) - name: Disable & Stop 'cups' & 'cups-browsed' systemd services (OS's other than Fedora 18)
systemd: systemd:

View file

@ -1,6 +1,6 @@
- name: Enable http://box{{ elgg_url }} via Apache # http://box/elgg - name: Enable http://box{{ elgg_url }} via Apache # http://box/elgg
command: a2ensite elgg.conf command: a2ensite elgg.conf
when: elgg_enabled | bool when: elgg_enabled
- name: Disable http://box{{ elgg_url }} via Apache # http://box/elgg - name: Disable http://box{{ elgg_url }} via Apache # http://box/elgg
command: a2dissite elgg.conf command: a2dissite elgg.conf

View file

@ -34,7 +34,7 @@
url: "{{ iiab_download_url }}/elgg-{{ elgg_version }}.zip" url: "{{ iiab_download_url }}/elgg-{{ elgg_version }}.zip"
dest: "{{ downloads_dir }}" dest: "{{ downloads_dir }}"
timeout: "{{ download_timeout }}" timeout: "{{ download_timeout }}"
when: internet_available | bool when: internet_available
- name: Check for existence of /opt/elgg-{{ elgg_version }}/index.php - name: Check for existence of /opt/elgg-{{ elgg_version }}/index.php
stat: stat:

View file

@ -31,7 +31,7 @@
- name: Enable/Disable/Restart NGINX if primary - name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml include_tasks: nginx.yml
when: nginx_enabled | bool when: nginx_enabled
- name: Add 'elgg' variable values to {{ iiab_ini_file }} - name: Add 'elgg' variable values to {{ iiab_ini_file }}

View file

@ -2,7 +2,7 @@
template: template:
src: elgg-nginx.conf.j2 src: elgg-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/elgg-nginx.conf" # /etc/nginx/conf.d dest: "{{ nginx_conf_dir }}/elgg-nginx.conf" # /etc/nginx/conf.d
when: elgg_enabled | bool when: elgg_enabled
- name: Disable http://box{{ elgg_url }} via NGINX, by removing {{ nginx_conf_dir }}/elgg-nginx.conf # http://box/elgg - name: Disable http://box{{ elgg_url }} via NGINX, by removing {{ nginx_conf_dir }}/elgg-nginx.conf # http://box/elgg
file: file:

View file

@ -28,7 +28,7 @@
name: "{{ dbname }}" name: "{{ dbname }}"
state: import state: import
target: /tmp/elggdb.sql target: /tmp/elggdb.sql
when: create_elgg_database.changed | bool when: create_elgg_database.changed
- name: Remove database dump /tmp/elggdb.sql - name: Remove database dump /tmp/elggdb.sql
file: file:

View file

@ -1,6 +1,6 @@
- name: Enable http://box{{ gitea_url }} via Apache # http://box/gitea - name: Enable http://box{{ gitea_url }} via Apache # http://box/gitea
command: a2ensite gitea.conf command: a2ensite gitea.conf
when: gitea_enabled | bool when: gitea_enabled
- name: Disable http://box{{ gitea_url }} via Apache # http://box/gitea - name: Disable http://box{{ gitea_url }} via Apache # http://box/gitea
command: a2dissite gitea.conf command: a2dissite gitea.conf

View file

@ -48,13 +48,13 @@
url: "{{ gitea_download_url }}" url: "{{ gitea_download_url }}"
dest: "{{ gitea_install_path }}" dest: "{{ gitea_install_path }}"
mode: '0775' mode: '0775'
when: internet_available | bool when: internet_available
- name: Download Gitea GPG signature - name: Download Gitea GPG signature
get_url: get_url:
url: "{{ gitea_integrity_url }}" url: "{{ gitea_integrity_url }}"
dest: "{{ gitea_checksum_path }}" dest: "{{ gitea_checksum_path }}"
when: internet_available | bool when: internet_available
- name: Verify Gitea binary with GPG signature - name: Verify Gitea binary with GPG signature
shell: | shell: |

View file

@ -30,7 +30,7 @@
daemon_reload: yes daemon_reload: yes
enabled: yes enabled: yes
state: restarted state: restarted
when: gitea_enabled | bool when: gitea_enabled
- name: Disable & Stop 'gitea' systemd service, if not gitea_enabled - name: Disable & Stop 'gitea' systemd service, if not gitea_enabled
systemd: systemd:
@ -45,7 +45,7 @@
- name: Enable/Disable/Restart NGINX if primary - name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml include_tasks: nginx.yml
when: nginx_enabled | bool when: nginx_enabled
- name: Add 'gitea' to list of services at {{ iiab_ini_file }} - name: Add 'gitea' to list of services at {{ iiab_ini_file }}

View file

@ -2,7 +2,7 @@
template: template:
src: gitea-nginx.conf.j2 src: gitea-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/gitea-nginx.conf" # /etc/nginx/conf.d dest: "{{ nginx_conf_dir }}/gitea-nginx.conf" # /etc/nginx/conf.d
when: gitea_enabled | bool when: gitea_enabled
- name: Disable http://box{{ gitea_url }} via NGINX, by removing {{ nginx_conf_dir }}/gitea-nginx.conf - name: Disable http://box{{ gitea_url }} via NGINX, by removing {{ nginx_conf_dir }}/gitea-nginx.conf
file: file:

View file

@ -10,7 +10,7 @@
- name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) by running 'a2ensite iiab-homepage.conf'" - name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) by running 'a2ensite iiab-homepage.conf'"
command: a2ensite iiab-homepage.conf command: a2ensite iiab-homepage.conf
#when: apache_enabled | bool #when: apache_enabled
# - name: Disable IIAB pages via Apache (e.g. on port 80) by running 'a2dissite iiab-homepage.conf', if not apache_enabled" # - name: Disable IIAB pages via Apache (e.g. on port 80) by running 'a2dissite iiab-homepage.conf', if not apache_enabled"
# command: a2dissite iiab-homepage.conf # command: a2dissite iiab-homepage.conf

View file

@ -8,8 +8,8 @@
# - "php{{ php_version }}" # - "php{{ php_version }}"
# - "php{{ php_version }}-curl" # - "php{{ php_version }}-curl"
state: present state: present
when: is_debuntu | bool when: is_debuntu
# when: is_debian | bool # when: is_debian
# - name: 'Install 2 packages: apache2, php (ubuntu)' # - name: 'Install 2 packages: apache2, php (ubuntu)'
# package: # package:
@ -19,7 +19,7 @@
# - "{{ apache_service }}" # apache2 on Debuntu # - "{{ apache_service }}" # apache2 on Debuntu
# - php # - php
# state: present # state: present
# when: is_ubuntu | bool # when: is_ubuntu
# 2019-05-30: It's interesting that http://box.lan/admin and everything seems # 2019-05-30: It's interesting that http://box.lan/admin and everything seems
# to work even without php{{ php_version }}-sqlite3 as confirmed on Ubuntu # to work even without php{{ php_version }}-sqlite3 as confirmed on Ubuntu
@ -49,7 +49,7 @@
- php - php
- php-curl - php-curl
state: present state: present
when: is_redhat | bool when: is_redhat
# Remove symlinks for mpm_event, replace with mpm_prefork # Remove symlinks for mpm_event, replace with mpm_prefork
- name: Remove both mpm_event symlinks from /etc/apache2/mods-enabled (debuntu) - name: Remove both mpm_event symlinks from /etc/apache2/mods-enabled (debuntu)
@ -59,7 +59,7 @@
with_items: with_items:
- mpm_event.conf - mpm_event.conf
- mpm_event.load - mpm_event.load
when: is_debuntu | bool when: is_debuntu
- name: Create both mpm_prefork symlinks from /etc/apache2/mods-enabled to /etc/apache2/mods-available (debuntu) - name: Create both mpm_prefork symlinks from /etc/apache2/mods-enabled to /etc/apache2/mods-available (debuntu)
file: file:
@ -69,7 +69,7 @@
with_items: with_items:
- mpm_prefork.conf - mpm_prefork.conf
- mpm_prefork.load - mpm_prefork.load
when: is_debuntu | bool when: is_debuntu
- name: 'Enable 5 Apache modules, as with "a2enmod" command: headers, proxy, proxy_html, proxy_http, rewrite (for http://box/kiwix, http://box/kolibri, http://box/nodered, etc--if debuntu)' - name: 'Enable 5 Apache modules, as with "a2enmod" command: headers, proxy, proxy_html, proxy_http, rewrite (for http://box/kiwix, http://box/kolibri, http://box/nodered, etc--if debuntu)'
apache2_module: apache2_module:
@ -80,7 +80,7 @@
- proxy_html - proxy_html
- proxy_http - proxy_http
- rewrite - rewrite
when: is_debuntu | bool when: is_debuntu
- name: Remove 000-default.conf from /etc/apache2 and /etc/apache2/sites-enabled (debuntu) - name: Remove 000-default.conf from /etc/apache2 and /etc/apache2/sites-enabled (debuntu)
file: file:
@ -89,7 +89,7 @@
with_items: with_items:
- /etc/apache2/000-default.conf # Not nec on Raspbian. Is this really still needed elsewhere? - /etc/apache2/000-default.conf # Not nec on Raspbian. Is this really still needed elsewhere?
- /etc/apache2/sites-enabled/000-default.conf - /etc/apache2/sites-enabled/000-default.conf
when: is_debuntu | bool when: is_debuntu
- name: Create Apache's pid dir /var/run/{{ apache_user }} - name: Create Apache's pid dir /var/run/{{ apache_user }}
file: file:
@ -128,7 +128,7 @@
- name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) by running 'a2ensite 010-iiab.conf'" - name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) by running 'a2ensite 010-iiab.conf'"
command: a2ensite 010-iiab.conf command: a2ensite 010-iiab.conf
#when: apache_enabled | bool #when: apache_enabled
# - name: Disable IIAB pages via Apache (e.g. on port 80) by running 'a2dissite 010-iiab.conf', if not apache_enabled" # - name: Disable IIAB pages via Apache (e.g. on port 80) by running 'a2dissite 010-iiab.conf', if not apache_enabled"
# command: a2dissite 010-iiab.conf # command: a2dissite 010-iiab.conf

View file

@ -36,7 +36,7 @@
name: "{{ apache_service }}" name: "{{ apache_service }}"
enabled: yes enabled: yes
state: started # No need to restart, as many IIAB apps do that later state: started # No need to restart, as many IIAB apps do that later
when: apache_enabled | bool when: apache_enabled
- name: Disable & Stop {{ apache_service }} systemd service, if not apache_enabled - name: Disable & Stop {{ apache_service }} systemd service, if not apache_enabled
systemd: systemd:

View file

@ -13,31 +13,59 @@
iiab-admin README iiab-admin README
================= =================
This role is home to a number of administrative (Ansible) playbooks: `Internet-in-a-Box <http://internet-in-a-box.org>`_ (IIAB) encourages you to pay attention to the security of your learning community.
Add Administrative User This Ansible playbook is one of the very first that runs when you install IIAB, and we hope reading this helps you understand your choices:
-----------------------
* Adds the Linux user that will allow you access to IIAB's Admin Console (http://box.lan/admin) if this has not already been done for you by IIAB's 1-line installer (http://download.iiab.io). Configure user 'iiab-admin'
* By default this is ``iiab-admin`` with password ``g0adm1n`` ---------------------------
* `admin-user.yml <tasks/admin-user.yml>`_ configures a Linux user that will give you access to IIAB's Admin Console (http://box.lan/admin) after IIAB is installed — and can also help you at the command-line with IIAB community support commands like {iiab-diagnostics, iiab-hotspot-on, iiab-check-firmware, etc}.
* If initial creation of the user and password was somehow not already taken care of by IIAB's 1-line installer (http://download.iiab.io) or by your underlying OS, that too will be taken care of here.
* By default this user is ``iiab-admin`` with password ``g0adm1n``
* *Do change the default password if you haven't yet, by running:* **sudo passwd iiab-admin** * *Do change the default password if you haven't yet, by running:* **sudo passwd iiab-admin**
* After IIAB is installed, you can also change the password by logging into Admin Console (http://box.lan/admin) > Utilities > Change Password * After IIAB is installed, you can also change the password by logging into Admin Console (http://box.lan/admin) > Utilities > Change Password.
* If you prefer using a pre-existing user like ``pi`` or ``ubuntu`` etc, consider customizing variables ``iiab_admin_user_install``, ``iiab_admin_user`` and ``iiab_admin_user_group`` in your `/etc/iiab/local_vars.yml <http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_ (please do this prior to installing IIAB !) * If you prefer to use a pre-existing user like ``pi`` or ``ubuntu`` (or any other username) customize the variable ``iiab_admin_user`` in your `/etc/iiab/local_vars.yml <http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_ (preferably do this prior to installing IIAB!)
* Please read more about what escalated (root) actions are authorized when you log into IIAB's Admin Console, and how this works: https://github.com/iiab/iiab-admin-console/blob/master/Authentication.md * You can set ``iiab_admin_can_sudo: False`` if you want a strict security lockdown (if you're really sure you won't need IIAB community support commands like `/usr/bin/iiab-diagnostics <../../scripts/iiab-diagnostics.README.md>`_, `/usr/bin/iiab-hotspot-on <../network/templates/network/iiab-hotspot-on>`_, `iiab-check-firmware <../firmware/templates/iiab-check-firmware>`_, etc!)
* You can also set ``iiab_admin_user_install: False`` if you're sure you know how to do all this `account and sudo configuration <tasks/admin-user.yml>`_ manually.
Desiderata, for the historical record: Security
--------
* Auto-checking for the default password is implemented in `/etc/profile.d <https://github.com/iiab/iiab/blob/master/roles/iiab-admin/templates/sshpwd-profile-iiab.sh>`_ (and `/etc/xdg/lxsession/LXDE-pi <https://github.com/iiab/iiab/blob/master/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh>`_ when it exists). * A user MUST be a member of at least one of these 2 Linux groups, in order to log in to IIAB's Admin Console: (http://box.lan/admin)
* |ss| N.B. to create password hash use python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")' |se| |nbsp| (not recommended as of October 2020) #. ``iiab-admin`` (specified by ``admin_console_group`` in `/opt/iiab/iiab/vars/default_vars.yml <../../vars/default_vars.yml>`_ and `/opt/iiab/iiab-admin-console/vars/default_vars.yml <https://github.com/iiab/iiab-admin-console/blob/master/vars/default_vars.yml>`_)
* |ss| Make a sudoer |se| |nbsp| (likely going away in October 2020, as group 'iiab-admin' should be recommended instead of group 'sudo') #. ``sudo``
* |ss| Add /root/.ssh and dummy authorized_keys file as placeholder |se| |nbsp| (moved to `roles/openvpn/tasks/install.yml <https://github.com/iiab/iiab/blob/master/roles/openvpn/tasks/install.yml>`_) * Please read much more about what escalated (root) actions are authorized when you log into IIAB's Admin Console, and how this works: https://github.com/iiab/iiab-admin-console/blob/master/Authentication.md
* |ss| Force password for sudoers |se| |nbsp| (sudo flag ``NOPASSWORD:`` and the ``wheel`` group will no longer being used as of October 2020) * If your IIAB includes OpenVPN, ``/root/.ssh/authorized_keys`` should be installed by `roles/openvpn/tasks/install.yml <../openvpn/tasks/install.yml>`_ to facilitate remote community support. Feel free to remove this as mentioned here: http://wiki.laptop.org/go/IIAB/Security
* Auto-checking for the default/published password (as specified by ``iiab_admin_published_pwd`` in `/opt/iiab/iiab/vars/default_vars.yml <../../vars/default_vars.yml>`_) is implemented in `/etc/profile.d <templates/sshpwd-profile-iiab.sh>`_ (and `/etc/xdg/lxsession/LXDE-pi <templates/sshpwd-lxde-iiab.sh>`_ when it exists, i.e. on Raspberry Pi OS with desktop).
Add Packages for Remote Access Example
------------------------------ =======
* screen * If you later change your mind about ``sudo`` privileges for user 'iiab-admin' (as specified by ``iiab_admin_user``) then do this:
* lynx #. Go ahead and change the value of ``iiab_admin_can_sudo`` (to either True or False) in `/etc/iiab/local_vars.yml <http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_
#. Make sure that ``iiab_admin_user_install: True`` is also set.
#. Then re-run this Ansible playbook, by running ``cd /opt/iiab/iiab`` followed by ``sudo ./runrole --reinstall iiab-admin``
Historical Notes
================
* We no longer support setting your password using a hash e.g. ``python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")'`` (or the Python 3 equivalent, ``python3 -c 'import crypt; print(crypt.crypt("<plaintext>", crypt.mksalt(crypt.METHOD_SHA512)))'``) as these are very cumbersome — and worse, exposing your "salt" opens up your password to `possible attack <https://stackoverflow.com/questions/6776050/how-long-to-brute-force-a-salted-sha-512-hash-salt-provided>`_. [October 2020]
* The sudo flag ``NOPASSWORD:`` and the ``wheel`` group are similarly no longer recommended, so that your IIAB faces fewer security risks. [October 2020]
Remote Support Tools
--------------------
The `iiab-diagnostics <../../scripts/iiab-diagnostics.README.md>`_ and `OpenVPN <https://en.wikipedia.org/wiki/OpenVPN>`_ options mentioned above can greatly help you empower your community, typically during the implementation phase of your project, even if Linux is new to you.
Similarly, `access.yml <tasks/access.yml>`_ adds a couple text mode tools — extremely helpful over expensive / low-bandwidth connections:
* `lynx <https://en.wikipedia.org/wiki/Lynx_(web_browser)>`_
* `screen <https://linuxize.com/post/how-to-use-linux-screen/>`_
*More great tools to help you jumpstart community action at a distance:*
* http://FAQ.IIAB.IO > "How can I remotely manage my Internet-in-a-Box?"
Admin Console Admin Console
------------- -------------

View file

@ -1,24 +1,16 @@
# Must keep roles/0-init/defaults/main.yml sync'd ? (Seems no longer true as of 2018-10-15) # Please read more about the 'iiab-admin' Linux user, for login to IIAB's
# Admin Console (http://box.lan/admin) AND to help you at the command-line:
# https://github.com/iiab/iiab/tree/master/roles/iiab-admin
# https://github.com/iiab/iiab-admin-console/blob/master/Authentication.md
# Set iiab_admin_user_install: False if you don't want iiab_admin_user & wheel # iiab_admin_user: iiab-admin # Some prefer to reuse 'pi' or 'ubuntu' etc.
# group auto-created in roles/iiab-admin/tasks/main.yml (hence disabling sudo-
# checks/warnings of published passwds like pi/raspberry & iiab-admin/g0adm1n). # Set iiab_admin_user_install: False if you don't want iiab_admin_user auto-
# configured e.g. by IIAB's 1-line installer & iiab-admin/tasks/admin-user.yml
# iiab_admin_user_install: True # iiab_admin_user_install: True
# If iiab_admin_user_install: False, set iiab_admin_user (below) to an existing # iiab_admin_can_sudo: True # For /usr/bin/iiab-* support commands. Optional.
# Linux user that has sudo access, for login to Admin Console http://box/admin # iiab_admin_published_pwd: g0adm1n # Default password. For pwd warnings too.
# admin_console_group: iiab-admin # This group & sudo log in to Admin Console
# ODDLY THIS IS ALSO USED BY roles/usb-lib/tasks/main.yml TO SET GROUP PERM FOR /library/www/html/local_content (ISN'T {{ apache_user }} MORE APPROPRIATE?)
# iiab_admin_user: iiab-admin
# For live checks/alerts of published pwds
# iiab_admin_published_pwd: g0adm1n
# Password hash to override above, if Ansible creates above user:
# iiab_admin_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop.
# Obtain a password hash - NEW MORE SECURE WAY:
# python3 -c 'import crypt; print(crypt.crypt("<plaintext>", crypt.mksalt(crypt.METHOD_SHA512)))'
# Obtain a password hash - OLD WAY:
# python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")'
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!

View file

@ -1,6 +1,6 @@
- name: "Install textmode remote access packages: screen, lynx" - name: "Install text mode packages, useful during remote access: screen, lynx"
package: package:
name: name:
- screen - lynx
- lynx - screen
state: present state: present

View file

@ -1,53 +1,56 @@
- name: Create user {{ iiab_admin_user }} in group sudo for Admin Console; set password from iiab_admin_pwd_hash if newly creating account # Summary of how this works with IIAB's Admin Console etc:
user: # https://github.com/iiab/iiab/blob/master/roles/iiab-admin/README.rst
name: "{{ iiab_admin_user }}" # iiab-admin
password: "{{ iiab_admin_pwd_hash }}"
update_password: on_create
shell: /bin/bash
groups: sudo
#- name: Create a wheel group
# group:
# name: wheel
# state: present
#- name: Create a sudo group (redhat) # YOU CAN CHANGE THIS USER TO 'pi' OR 'ubuntu' ETC, IN /etc/iiab/local_vars.yml
# group: - name: Does user '{{ iiab_admin_user }}' (iiab_admin_user) exist? # iiab-admin BY DEFAULT
# name: sudo command: "id {{ iiab_admin_user | quote }}" # quote to avoid ';' exploits
# state: present register: user_info
# when: is_redhat | bool failed_when: False # Hides red errors (stronger than 'ignore_errors: yes')
#- name: 'Add user {{ iiab_admin_user }} to groups: wheel, sudo' # admin_console_group: iiab-admin # PER default_vars.yml, SHOULD NEVER CHANGE
# user: - name: Establish Linux group '{{ admin_console_group }}' group, for login to Admin Console
# name: "{{ iiab_admin_user }}" group:
# groups: wheel,sudo name: "{{ admin_console_group }}"
- name: Edit the sudoers file -- first make it editable
file:
path: /etc/sudoers
mode: 0640
- name: Have sudo log all commands it handles
lineinfile:
regexp: logfile
line: "Defaults logfile = /var/log/sudo.log"
dest: /etc/sudoers
state: present state: present
- name: Configure user '{{ iiab_admin_user }}' with group '{{ admin_console_group }}' for login to IIAB's Admin Console (http://box.lan/admin) AND for IIAB community support commands (/usr/bin/iiab-* and /usr/sbin/iiab-*) at the command-line
user:
name: "{{ iiab_admin_user }}"
#group: "{{ iiab_admin_user }}" # Not nec. Anyway this happens during account creation b/c 'USERGROUPS_ENAB yes' is set in any modern /etc/login.defs
groups: "{{ admin_console_group }}" # What guarantees any user's ability to login to Admin Console, just in case the user is not a member of sudo in future. FWIW Ansible adds the user to this group in /etc/group even in cases where that's not nec -- i.e. user iiab-admin's primary group is normally sufficient if it (the correct GID, corresponding to group iiab-admin) is in the 4th column of /etc/passwd.
append: yes
shell: /bin/bash
#password: "{{ iiab_admin_pwd_hash }}" # 2020-10-14: DEPRECATED in favor
#update_password: on_create # of 'command: chpasswd' below.
- name: If user didn't exist, set password to '{{ iiab_admin_published_pwd }}' # g0adm1n
#shell: "echo {{ iiab_admin_user }}:{{ iiab_admin_published_pwd }} | chpasswd"
command: chpasswd # Equiv to line above, but safer
args:
stdin: "{{ iiab_admin_user | quote }}:{{ iiab_admin_published_pwd | quote }}"
when: user_info.rc != 0
# sudo-prereqs.yml needs to have been run!
- name: Add user {{ iiab_admin_user }} to group sudo, for IIAB community support commands like {iiab-diagnostics, iiab-hotspot-on, iiab-check-firmware}, if iiab_admin_can_sudo
#command: "gpasswd -a {{ iiab_admin_user | quote }} sudo"
user:
name: "{{ iiab_admin_user }}"
groups: sudo
append: yes
when: iiab_admin_can_sudo
- name: Remove user {{ iiab_admin_user }} from group sudo, if not iiab_admin_can_sudo
command: "gpasswd -d {{ iiab_admin_user | quote }} sudo"
when: not iiab_admin_can_sudo
failed_when: False # Hides red errors (stronger than 'ignore_errors: yes')
#- name: Lets {{ iiab_admin_user }} sudo without password #- name: Lets {{ iiab_admin_user }} sudo without password
##- name: Lets wheel sudo without password ##- name: Lets wheel sudo without password
# lineinfile: # lineinfile:
# path: /etc/sudoers
# line: "{{ iiab_admin_user }} ALL=(ALL) NOPASSWD: ALL" # line: "{{ iiab_admin_user }} ALL=(ALL) NOPASSWD: ALL"
## line: "%wheel ALL= NOPASSWD: ALL" ## line: "%wheel ALL= NOPASSWD: ALL"
# dest: /etc/sudoers
- name: Remove the line which requires tty
lineinfile:
regexp: requiretty
dest: /etc/sudoers
state: absent
- name: End editing the sudoers file -- protect it again
file:
path: /etc/sudoers
mode: 0440

View file

@ -1,39 +1,32 @@
- include_tasks: admin-user.yml # Summary of how this works with IIAB's Admin Console etc:
when: iiab_admin_user_install | bool # https://github.com/iiab/iiab/blob/master/roles/iiab-admin/README.rst
- include_tasks: access.yml
- name: Install /etc/profile.d/sshpwd-profile-iiab.sh from template, to issue warnings (during shell/ssh logins) if iiab-admin password is the default - name: Install lynx, screen
template: include_tasks: access.yml
src: sshpwd-profile-iiab.sh
dest: /etc/profile.d/
mode: '0644'
- name: Is this LXDE-pi? - name: Install sudo & /etc/sudoers with logging to /var/log/sudo.log
stat: include_tasks: sudo-prereqs.yml
path: /etc/xdg/lxsession/LXDE-pi
register: lx
- name: "Likewise for Raspbian, installing: /etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh" - name: Configure user iiab-admin / password and its group(s), if iiab_admin_user_install
template: include_tasks: admin-user.yml
src: sshpwd-lxde-iiab.sh when: iiab_admin_user_install
dest: /etc/xdg/lxsession/LXDE-pi/
mode: '0755'
when: lx.stat.isdir is defined and lx.stat.isdir and is_raspbian and is_debuntu
# 2019-03-07: This popup (/etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh) does # Idea: institute precautionary system-wide published password warning(s)
# not actually appear when triggered by /etc/xdg/autostart/pprompt-iiab.desktop # for user iiab-admin / g0adm1n, i.e. {{ iiab_admin_user }} with password
# (or pprompt.desktop as Raspbian has working since 2018-11-13!) Too bad as it # {{ iiab_admin_published_pwd }}, regardless whether the password is set:
# would be really nice to standardize this popup across Ubermix & all distros.. #
# Is this a permissions/security issue presumably? Official autostart spec is: # (1) by the OS installer
# https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html # (2) by the OS's graphical desktop tools
# Raspbian's 2016-2018 evolution here: https://github.com/iiab/iiab/issues/1537 # (3) at the command-line: sudo passwd iiab-admin
# (4) by IIAB's 1-line installer: http://download.iiab.io
# (5) by this role: roles/iiab-admin/tasks/admin-user.yml
# (6) by IIAB's Admin Console during installation
# ...and/or...
# (7) by IIAB's Admin Console > Utilities > Change Password
- name: Put line in /etc/xdg/lxsession/LXDE-pi/autostart to run the above (raspbian) - name: Install password warning(s)
lineinfile: include_tasks: pwd-warnings.yml
path: /etc/xdg/lxsession/LXDE-pi/autostart
line: "@/etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh"
when: lx.stat.isdir is defined and lx.stat.isdir and is_raspbian and is_debuntu
# RECORD iiab-admin AS INSTALLED # RECORD iiab-admin AS INSTALLED
@ -62,3 +55,7 @@
value: '"Admin User"' value: '"Admin User"'
- option: iiab_admin_user - option: iiab_admin_user
value: "{{ iiab_admin_user }}" value: "{{ iiab_admin_user }}"
- option: iiab_admin_user_install
value: "{{ iiab_admin_user_install }}"
- option: iiab_admin_can_sudo
value: "{{ iiab_admin_can_sudo }}"

View file

@ -0,0 +1,31 @@
- name: Install /etc/profile.d/sshpwd-profile-iiab.sh from template, to issue warnings (during shell/ssh logins) if iiab-admin password is the default
template:
src: sshpwd-profile-iiab.sh
dest: /etc/profile.d/
mode: '0644'
- name: Is this LXDE-pi?
stat:
path: /etc/xdg/lxsession/LXDE-pi
register: lx
- name: "Likewise for Raspbian, installing: /etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh"
template:
src: sshpwd-lxde-iiab.sh
dest: /etc/xdg/lxsession/LXDE-pi/
mode: '0755'
when: lx.stat.isdir is defined and lx.stat.isdir and is_raspbian and is_debuntu
# 2019-03-07: This popup (/etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh) does
# not actually appear when triggered by /etc/xdg/autostart/pprompt-iiab.desktop
# (or pprompt.desktop as Raspbian has working since 2018-11-13!) Too bad as it
# would be really nice to standardize this popup across Ubermix & all distros..
# Is this a permissions/security issue presumably? Official autostart spec is:
# https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html
# Raspbian's 2016-2018 evolution here: https://github.com/iiab/iiab/issues/1537
- name: Put line in /etc/xdg/lxsession/LXDE-pi/autostart to run the above (raspbian)
lineinfile:
path: /etc/xdg/lxsession/LXDE-pi/autostart
line: "@/etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh"
when: lx.stat.isdir is defined and lx.stat.isdir and is_raspbian and is_debuntu

View file

@ -0,0 +1,27 @@
# roles/2-common/tasks/packages.yml also installed sudo, but that's too late
- name: 'Install package: sudo'
package:
name: sudo
- name: Temporarily make file /etc/sudoers editable (0640)
file:
path: /etc/sudoers
mode: 0640
- name: '/etc/sudoers: Have sudo log all commands to /var/log/sudo.log -- in addition to the lengthier /var/log/auth.log'
lineinfile:
path: /etc/sudoers
regexp: logfile
line: "Defaults logfile = /var/log/sudo.log"
# Not nec (heavyhanded removal of customizations+comments) given sudo defaults.
#- name: Remove all lines that contain 'requiretty'
# lineinfile:
# path: /etc/sudoers
# regexp: requiretty
# state: absent
- name: End editing file /etc/sudoers -- protect it again (0440)
file:
path: /etc/sudoers
mode: 0440

View file

@ -3,6 +3,9 @@
# SEE ALSO: /etc/profile.d/sshpwd-profile-iiab.sh sourced from... # SEE ALSO: /etc/profile.d/sshpwd-profile-iiab.sh sourced from...
# https://github.com/iiab/iiab/blob/master/roles/iiab-admin/templates/sshpwd-profile-iiab.sh # https://github.com/iiab/iiab/blob/master/roles/iiab-admin/templates/sshpwd-profile-iiab.sh
# CAUTION: popup warnings still don't appear on most OS's, as mentioned here:
# https://github.com/iiab/iiab/blob/master/roles/iiab-admin/tasks/pwd-warnings.yml#L19-L25
# For Localization/Translation: (use /usr/bin/gettext below if later nec!) # For Localization/Translation: (use /usr/bin/gettext below if later nec!)
#export TEXTDOMAIN=pprompt-iiab #export TEXTDOMAIN=pprompt-iiab
#. gettext.sh #. gettext.sh

View file

@ -44,8 +44,6 @@ check_user_pwd() {
# HISTORICAL: if password-free sudo access is truly nec, it can be set with # HISTORICAL: if password-free sudo access is truly nec, it can be set with
# "iiab-admin ALL=(ALL) NOPASSWD: ALL" in /etc/sudoers as seen in the older: # "iiab-admin ALL=(ALL) NOPASSWD: ALL" in /etc/sudoers as seen in the older:
# https://github.com/iiab/iiab/blob/master/roles/iiab-admin/tasks/admin-user.yml # https://github.com/iiab/iiab/blob/master/roles/iiab-admin/tasks/admin-user.yml
# CAUTION: popup warnings still don't appear on most OS's, as mentioned here:
# https://github.com/iiab/iiab/blob/master/roles/iiab-admin/tasks/main.yml#L24-L30
if check_user_pwd "{{ iiab_admin_user }}" "{{ iiab_admin_published_pwd }}" ; then # iiab-admin g0adm1n if check_user_pwd "{{ iiab_admin_user }}" "{{ iiab_admin_published_pwd }}" ; then # iiab-admin g0adm1n
echo echo

View file

@ -1,6 +1,6 @@
- name: Enable internetarchive.conf via Apache (for short URL http://box/archive eventually?) if internetarchive_enabled - name: Enable internetarchive.conf via Apache (for short URL http://box/archive eventually?) if internetarchive_enabled
command: a2ensite internetarchive.conf command: a2ensite internetarchive.conf
when: internetarchive_enabled | bool when: internetarchive_enabled
- name: Disable internetarchive.conf via Apache, if not internetarchive_enabled - name: Disable internetarchive.conf via Apache, if not internetarchive_enabled
command: a2dissite internetarchive.conf command: a2dissite internetarchive.conf

View file

@ -46,7 +46,7 @@
args: args:
chdir: "{{ internetarchive_dir }}" chdir: "{{ internetarchive_dir }}"
creates: "{{ internetarchive_dir }}/node_modules/@internetarchive/dweb-mirror/internetarchive" creates: "{{ internetarchive_dir }}/node_modules/@internetarchive/dweb-mirror/internetarchive"
when: internet_available | bool when: internet_available
- name: mkdir {{ content_base }}/archiveorg - name: mkdir {{ content_base }}/archiveorg
file: file:

View file

@ -59,7 +59,7 @@
daemon_reload: yes daemon_reload: yes
enabled: yes enabled: yes
state: restarted state: restarted
when: internetarchive_enabled | bool when: internetarchive_enabled
- name: Disable & Stop 'internetarchive' systemd service, if not internetarchive_enabled - name: Disable & Stop 'internetarchive' systemd service, if not internetarchive_enabled
systemd: systemd:
@ -74,7 +74,7 @@
- name: Enable/Disable/Restart NGINX if primary - name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml include_tasks: nginx.yml
when: nginx_enabled | bool when: nginx_enabled
- name: Add 'internetarchive' variable values to {{ iiab_ini_file }} - name: Add 'internetarchive' variable values to {{ iiab_ini_file }}

View file

@ -2,7 +2,7 @@
template: template:
src: internetarchive-nginx.conf.j2 # TO DO: roles/internetarchive/templates/internetarchive-nginx.conf.j2 src: internetarchive-nginx.conf.j2 # TO DO: roles/internetarchive/templates/internetarchive-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/internetarchive-nginx.conf" # /etc/nginx/conf.d dest: "{{ nginx_conf_dir }}/internetarchive-nginx.conf" # /etc/nginx/conf.d
when: internetarchive_enabled | bool when: internetarchive_enabled
- name: Disable http://box/archive via NGINX, by removing {{ nginx_conf_dir }}/internetarchive-nginx.conf - name: Disable http://box/archive via NGINX, by removing {{ nginx_conf_dir }}/internetarchive-nginx.conf
file: file:

View file

@ -3,13 +3,13 @@
url: "{{ kalite_requirements }}" url: "{{ kalite_requirements }}"
dest: "{{ pip_packages_dir }}/kalite.txt" # /opt/iiab/pip-packages/kalite.txt dest: "{{ pip_packages_dir }}/kalite.txt" # /opt/iiab/pip-packages/kalite.txt
timeout: "{{ download_timeout }}" timeout: "{{ download_timeout }}"
when: internet_available | bool when: internet_available
# 2020-01-19: https://github.com/piwheels/packages/issues/74 says the following is not longer needed... # 2020-01-19: https://github.com/piwheels/packages/issues/74 says the following is not longer needed...
#- name: Run 'mv /etc/pip.conf /etc/pip.conf.see-iiab-issue-2139' as "TEMPORARY" workaround (2020-01-17) for piwheels.org's setuptools Python 2/3 brokenness on RPi (https://github.com/iiab/iiab/issues/2139) #- name: Run 'mv /etc/pip.conf /etc/pip.conf.see-iiab-issue-2139' as "TEMPORARY" workaround (2020-01-17) for piwheels.org's setuptools Python 2/3 brokenness on RPi (https://github.com/iiab/iiab/issues/2139)
# command: mv /etc/pip.conf /etc/pip.conf.see-iiab-issue-2139 # command: mv /etc/pip.conf /etc/pip.conf.see-iiab-issue-2139
# ignore_errors: yes # ignore_errors: yes
# when: is_raspbian | bool # when: is_raspbian
- name: Install python2, if Raspbian/Debian > 10 or Ubuntu > 19 - name: Install python2, if Raspbian/Debian > 10 or Ubuntu > 19
package: package:
@ -41,7 +41,7 @@
virtualenv_command: /usr/bin/virtualenv virtualenv_command: /usr/bin/virtualenv
virtualenv_python: python2.7 virtualenv_python: python2.7
extra_args: "--no-cache-dir" extra_args: "--no-cache-dir"
when: internet_available | bool when: internet_available
- name: "Install from templates: venv wrapper /usr/bin/kalite, systemd unit file kalite-serve.service" - name: "Install from templates: venv wrapper /usr/bin/kalite, systemd unit file kalite-serve.service"
template: template:

View file

@ -30,7 +30,7 @@
name: kalite-serve name: kalite-serve
enabled: yes enabled: yes
state: restarted state: restarted
when: kalite_enabled | bool when: kalite_enabled
- name: Disable & Stop 'kalite-serve' service, if not kalite_enabled - name: Disable & Stop 'kalite-serve' service, if not kalite_enabled
systemd: systemd:

View file

@ -1,8 +1,8 @@
Make zim with Make zim with
./zimwriterfs --welcome=index.html --favicon=favicon.png --language=eng --title=test --description=test --creator=XSCE --publisher=XSCE /root/devel/test_zim test.zim ./zimwriterfs --welcome=index.html --favicon=favicon.png --language=eng --title=test --description=test --creator=XSCE --publisher=XSCE /root/devel/test_zim test.zim
Create library.xml with Create library.xml with
/opt/schoolserver/kiwix/bin/kiwix-manage /library/zims/library.xml add /library/zims/content/test.zim /opt/schoolserver/kiwix/bin/kiwix-manage /library/zims/library.xml add /library/zims/content/test.zim

View file

@ -1,6 +1,6 @@
- name: Enable http://box{{ kiwix_url }} via Apache # http://box/kiwix - name: Enable http://box{{ kiwix_url }} via Apache # http://box/kiwix
command: a2ensite kiwix.conf command: a2ensite kiwix.conf
when: kiwix_enabled | bool when: kiwix_enabled
- name: Disable http://box{{ kiwix_url }} via Apache # http://box/kiwix - name: Disable http://box{{ kiwix_url }} via Apache # http://box/kiwix
command: a2dissite kiwix.conf command: a2dissite kiwix.conf

View file

@ -4,7 +4,7 @@
daemon_reload: yes daemon_reload: yes
enabled: yes enabled: yes
state: restarted state: restarted
when: kiwix_enabled | bool when: kiwix_enabled
- name: Disable & Stop 'kiwix-serve' systemd service - name: Disable & Stop 'kiwix-serve' systemd service
systemd: systemd:
@ -42,4 +42,4 @@
- name: Enable/Disable/Restart NGINX if primary - name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml include_tasks: nginx.yml
when: nginx_enabled | bool when: nginx_enabled

View file

@ -37,7 +37,7 @@
url: "{{ iiab_download_url }}/{{ kiwix_src_file }}" # http://download.iiab.io/packages url: "{{ iiab_download_url }}/{{ kiwix_src_file }}" # http://download.iiab.io/packages
dest: "{{ downloads_dir }}/{{ kiwix_src_file }}" dest: "{{ downloads_dir }}/{{ kiwix_src_file }}"
timeout: "{{ download_timeout }}" timeout: "{{ download_timeout }}"
when: internet_available | bool when: internet_available
- name: Create dir {{ iiab_zim_path }} and subdirs {content, index} for Kiwix ZIM files - name: Create dir {{ iiab_zim_path }} and subdirs {content, index} for Kiwix ZIM files
file: file:
@ -95,7 +95,7 @@
# - proxy_html # - proxy_html
# - proxy_http # - proxy_http
# - rewrite # - rewrite
# when: is_debuntu | bool # when: is_debuntu
# 4. INSTALL iiab-make-kiwix-lib*, kiwix-serve.service, kiwix.conf for Apache # 4. INSTALL iiab-make-kiwix-lib*, kiwix-serve.service, kiwix.conf for Apache

View file

@ -1,18 +1,18 @@
# Install kiwix android app apk for downloading # Install kiwix android app apk for downloading
- name: Create {{ doc_root }}{{ kiwix_apk_url }} directory - name: Create {{ doc_root }}{{ kiwix_apk_url }} directory
file: file:
path: "{{ doc_root }}{{ kiwix_apk_url }}" path: "{{ doc_root }}{{ kiwix_apk_url }}"
state: directory state: directory
- name: Download kiwix.apk to {{ doc_root }}{{ kiwix_apk_url }} - name: Download kiwix.apk to {{ doc_root }}{{ kiwix_apk_url }}
get_url: get_url:
url: "{{ kiwix_apk_src }}" # https://download.kiwix.org/release/kiwix-android/kiwix.apk url: "{{ kiwix_apk_src }}" # https://download.kiwix.org/release/kiwix-android/kiwix.apk
dest: "{{ doc_root }}{{ kiwix_apk_url }}" dest: "{{ doc_root }}{{ kiwix_apk_url }}"
timeout: "{{ download_timeout }}" timeout: "{{ download_timeout }}"
when: internet_available | bool when: internet_available
- name: Symlink {{ doc_root }}{{ kiwix_apk_url }}/zims -> {{ iiab_zim_path }}/content - name: Symlink {{ doc_root }}{{ kiwix_apk_url }}/zims -> {{ iiab_zim_path }}/content
file: file:
src: "{{ iiab_zim_path }}/content" # /library/zims/content src: "{{ iiab_zim_path }}/content" # /library/zims/content
path: "{{ doc_root }}{{ kiwix_apk_url }}/zims" # /library/www/html/softare/kiwix/zims path: "{{ doc_root }}{{ kiwix_apk_url }}/zims" # /library/www/html/softare/kiwix/zims
state: link state: link

View file

@ -2,7 +2,7 @@
template: template:
src: kiwix-nginx.conf.j2 src: kiwix-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/kiwix-nginx.conf" # /etc/nginx/conf.d dest: "{{ nginx_conf_dir }}/kiwix-nginx.conf" # /etc/nginx/conf.d
when: kiwix_enabled | bool when: kiwix_enabled
- name: Disable http://box{{ kiwix_url }} via NGINX, by removing {{ nginx_conf_dir }}/kiwix-nginx.conf # http://box/kiwix - name: Disable http://box{{ kiwix_url }} via NGINX, by removing {{ nginx_conf_dir }}/kiwix-nginx.conf # http://box/kiwix
file: file:

View file

@ -1,33 +1,33 @@
#!/bin/bash #!/bin/bash
LOCK_PATH=/run/lock/kiwix LOCK_PATH=/run/lock/kiwix
mkdir -p $LOCK_PATH mkdir -p $LOCK_PATH
WAITLOCK="$LOCK_PATH/make-kiwix-lib-wait.LCK"; WAITLOCK="$LOCK_PATH/make-kiwix-lib-wait.LCK";
RUNLOCK="$LOCK_PATH/kiwix-lib-access.LCK"; RUNLOCK="$LOCK_PATH/kiwix-lib-access.LCK";
KIWIXLIB={{ kiwix_library_xml }} KIWIXLIB={{ kiwix_library_xml }}
exec 200>$WAITLOCK; exec 200>$WAITLOCK;
exec 201>$RUNLOCK; exec 201>$RUNLOCK;
if flock -n -e 200; then : if flock -n -e 200; then :
echo 'Waiting to run iiab-make-kiwix-lib.py' echo 'Waiting to run iiab-make-kiwix-lib.py'
# wait for up to 5 min # wait for up to 5 min
flock -x -w 300 201 flock -x -w 300 201
flock -u 200 # unlock queue flock -u 200 # unlock queue
echo "Now running iiab-make-kiwix-lib.py" echo "Now running iiab-make-kiwix-lib.py"
# write to {{ kiwix_library_xml }}.tmp to minimize kiwix down # write to {{ kiwix_library_xml }}.tmp to minimize kiwix down
# zim map could be out of sync for a few seconds # zim map could be out of sync for a few seconds
# using new version that does deltas # using new version that does deltas
cp $KIWIXLIB $KIWIXLIB.tmp cp $KIWIXLIB $KIWIXLIB.tmp
/usr/bin/iiab-make-kiwix-lib.py /usr/bin/iiab-make-kiwix-lib.py
{{ systemctl_program }} stop kiwix-serve {{ systemctl_program }} stop kiwix-serve
rm $KIWIXLIB rm $KIWIXLIB
mv $KIWIXLIB.tmp $KIWIXLIB mv $KIWIXLIB.tmp $KIWIXLIB
{{ systemctl_program }} start kiwix-serve {{ systemctl_program }} start kiwix-serve
else else
echo "Can't get wait lock for iiab-make-kiwix-lib.py"; echo "Can't get wait lock for iiab-make-kiwix-lib.py";
exit 1; exit 1;
fi fi
echo 'Finished making Kiwix library.xml' echo 'Finished making Kiwix library.xml'
exit 0 exit 0

View file

@ -1,6 +1,6 @@
- name: Enable http://box{{ kolibri_url }} via Apache # http://box/kolibri - name: Enable http://box{{ kolibri_url }} via Apache # http://box/kolibri
command: a2ensite kolibri.conf command: a2ensite kolibri.conf
when: kolibri_enabled | bool when: kolibri_enabled
- name: Disable http://box{{ kolibri_url }} via Apache # http://box/kolibri - name: Disable http://box{{ kolibri_url }} via Apache # http://box/kolibri
command: a2dissite kolibri.conf command: a2dissite kolibri.conf

View file

@ -37,7 +37,7 @@
environment: environment:
KOLIBRI_HOME: "{{ kolibri_home }}" # these don't do a thing for now but KOLIBRI_HOME: "{{ kolibri_home }}" # these don't do a thing for now but
KOLIBRI_USER: "{{ kolibri_user }}" # both can't hurt & Might Help Later KOLIBRI_USER: "{{ kolibri_user }}" # both can't hurt & Might Help Later
when: internet_available | bool when: internet_available
- name: 'Install from template: /etc/systemd/system/kolibri.service' - name: 'Install from template: /etc/systemd/system/kolibri.service'
template: template:
@ -64,7 +64,7 @@
# ignore_errors: yes # ignore_errors: yes
# become: yes # become: yes
# become_user: "{{ kolibri_user }}" # become_user: "{{ kolibri_user }}"
# when: kolibri_provision | bool # when: kolibri_provision
# 2020-01-05: Deprecated per https://github.com/iiab/iiab/issues/2103 # 2020-01-05: Deprecated per https://github.com/iiab/iiab/issues/2103
#- name: Set Kolibri default language ({{ kolibri_language }}) #- name: Set Kolibri default language ({{ kolibri_language }})
@ -72,7 +72,7 @@
# ignore_errors: yes # ignore_errors: yes
# become: yes # become: yes
# become_user: "{{ kolibri_user }}" # become_user: "{{ kolibri_user }}"
# when: kolibri_provision | bool # when: kolibri_provision
- name: 'Provision Kolibri, while setting: facility name, admin acnt / password, preset type, and language' - name: 'Provision Kolibri, while setting: facility name, admin acnt / password, preset type, and language'
shell: > shell: >
@ -84,7 +84,7 @@
ignore_errors: yes ignore_errors: yes
become: yes become: yes
become_user: "{{ kolibri_user }}" become_user: "{{ kolibri_user }}"
when: kolibri_provision | bool when: kolibri_provision
- name: chown -R {{ kolibri_user }}:{{ apache_user }} {{ kolibri_home }} for good measure? - name: chown -R {{ kolibri_user }}:{{ apache_user }} {{ kolibri_home }} for good measure?
file: file:
@ -92,7 +92,7 @@
owner: "{{ kolibri_user }}" # kolibri owner: "{{ kolibri_user }}" # kolibri
group: "{{ apache_user }}" # www-data (on Debian/Ubuntu/Raspbian) group: "{{ apache_user }}" # www-data (on Debian/Ubuntu/Raspbian)
recurse: yes recurse: yes
when: kolibri_provision | bool when: kolibri_provision
# 2019-10-07: Moved to roles/httpd/tasks/main.yml # 2019-10-07: Moved to roles/httpd/tasks/main.yml

View file

@ -35,7 +35,7 @@
daemon_reload: yes daemon_reload: yes
enabled: yes enabled: yes
state: started state: started
when: kolibri_enabled | bool when: kolibri_enabled
- name: Disable & Stop 'kolibri' systemd service, if not kolibri_enabled - name: Disable & Stop 'kolibri' systemd service, if not kolibri_enabled
systemd: systemd:
@ -50,7 +50,7 @@
- name: Enable/Disable/Restart NGINX if primary - name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml include_tasks: nginx.yml
when: nginx_enabled | bool when: nginx_enabled
- name: Add 'kolibri' variable values to {{ iiab_ini_file }} # /etc/iiab/iiab.ini - name: Add 'kolibri' variable values to {{ iiab_ini_file }} # /etc/iiab/iiab.ini

View file

@ -2,7 +2,7 @@
template: template:
src: kolibri-nginx.conf.j2 src: kolibri-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/kolibri-nginx.conf" # /etc/nginx/conf.d dest: "{{ nginx_conf_dir }}/kolibri-nginx.conf" # /etc/nginx/conf.d
when: kolibri_enabled | bool when: kolibri_enabled
- name: Disable http://box{{ kolibri_url }} via NGINX, by removing {{ nginx_conf_dir }}/kolibri-nginx.conf # http://box/kolibri - name: Disable http://box{{ kolibri_url }} via NGINX, by removing {{ nginx_conf_dir }}/kolibri-nginx.conf # http://box/kolibri
file: file:

View file

@ -1,6 +1,6 @@
- name: Enable http://box{{ lokole_url }} via Apache # http://box/lokole - name: Enable http://box{{ lokole_url }} via Apache # http://box/lokole
command: a2ensite lokole.conf command: a2ensite lokole.conf
when: lokole_enabled | bool when: lokole_enabled
- name: Disable http://box{{ lokole_url }} via Apache # http://box/lokole - name: Disable http://box{{ lokole_url }} via Apache # http://box/lokole
command: a2dissite lokole.conf command: a2dissite lokole.conf

View file

@ -37,7 +37,7 @@
virtualenv_command: python3 -m venv "{{ lokole_venv }}" virtualenv_command: python3 -m venv "{{ lokole_venv }}"
extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/ extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/
when: when:
- internet_available | bool - internet_available
- lokole_commit is defined - lokole_commit is defined
# For development purposes -- To install a given pip version of Lokole, add # For development purposes -- To install a given pip version of Lokole, add
@ -51,7 +51,7 @@
virtualenv_command: python3 -m venv "{{ lokole_venv }}" virtualenv_command: python3 -m venv "{{ lokole_venv }}"
extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/ extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/
when: when:
- internet_available | bool - internet_available
- lokole_version is defined - lokole_version is defined
- name: "DEFAULT: pip install opwen_email_client (Lokole, latest available version) from PyPI to {{ lokole_venv }}, if above vars both UNdefined" - name: "DEFAULT: pip install opwen_email_client (Lokole, latest available version) from PyPI to {{ lokole_venv }}, if above vars both UNdefined"
@ -61,7 +61,7 @@
virtualenv_command: python3 -m venv "{{ lokole_venv }}" virtualenv_command: python3 -m venv "{{ lokole_venv }}"
extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/ extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/
when: when:
- internet_available | bool - internet_available
- lokole_commit is undefined and lokole_version is undefined - lokole_commit is undefined and lokole_version is undefined
- name: Compile translations - name: Compile translations
@ -99,7 +99,7 @@
src: lokole.conf.j2 src: lokole.conf.j2
dest: "/etc/{{ apache_conf_dir }}/lokole.conf" dest: "/etc/{{ apache_conf_dir }}/lokole.conf"
mode: 0644 mode: 0644
when: apache_install | bool when: apache_install
- name: Install unit files {lokole.service, celery.service, celerybeat.service, lokole_restarter.service} into /etc/systemd/system, from template - name: Install unit files {lokole.service, celery.service, celerybeat.service, lokole_restarter.service} into /etc/systemd/system, from template
template: template:

View file

@ -27,14 +27,14 @@
- name: Do a 'systemctl daemon-reload' if lokole_enabled - name: Do a 'systemctl daemon-reload' if lokole_enabled
systemd: systemd:
daemon_reload: yes daemon_reload: yes
when: lokole_enabled | bool when: lokole_enabled
- name: Enable & Restart {lokole, celery, celerybeat, lokole_restarter} systemd services, if lokole_enabled - name: Enable & Restart {lokole, celery, celerybeat, lokole_restarter} systemd services, if lokole_enabled
systemd: systemd:
name: "{{ item }}" name: "{{ item }}"
enabled: yes enabled: yes
state: restarted state: restarted
when: lokole_enabled | bool when: lokole_enabled
with_items: with_items:
- lokole - lokole
- celery - celery
@ -60,7 +60,7 @@
- name: Enable/Disable/Restart NGINX if primary - name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml include_tasks: nginx.yml
when: nginx_enabled | bool when: nginx_enabled
- name: Add 'lokole' variable values to {{ iiab_ini_file }} - name: Add 'lokole' variable values to {{ iiab_ini_file }}

View file

@ -2,7 +2,7 @@
template: template:
src: lokole-nginx.conf.j2 src: lokole-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/lokole-nginx.conf" # /etc/nginx/conf.d dest: "{{ nginx_conf_dir }}/lokole-nginx.conf" # /etc/nginx/conf.d
when: lokole_enabled | bool when: lokole_enabled
- name: Disable http://box{{ lokole_url }} via NGINX, by removing {{ nginx_conf_dir }}/lokole-nginx.conf # http://box/lokole - name: Disable http://box{{ lokole_url }} via NGINX, by removing {{ nginx_conf_dir }}/lokole-nginx.conf # http://box/lokole
file: file:

View file

@ -1,6 +1,6 @@
- name: Enable http://box{{ mediawiki_url }} via Apache # http://box/wiki - name: Enable http://box{{ mediawiki_url }} via Apache # http://box/wiki
command: a2ensite mediawiki.conf command: a2ensite mediawiki.conf
when: mediawiki_enabled | bool when: mediawiki_enabled
- name: Disable http://box{{ mediawiki_url }} via Apache # http://box/wiki - name: Disable http://box{{ mediawiki_url }} via Apache # http://box/wiki
command: a2dissite mediawiki.conf command: a2dissite mediawiki.conf

View file

@ -12,7 +12,7 @@
timeout: "{{ download_timeout }}" timeout: "{{ download_timeout }}"
#force: yes #force: yes
#backup: yes #backup: yes
when: internet_available | bool when: internet_available
- name: Unarchive (unpack) it to permanent location {{ mediawiki_abs_path }} ({{ apache_user }}:{{ apache_user }}, u+rw,g+r,o+r) - name: Unarchive (unpack) it to permanent location {{ mediawiki_abs_path }} ({{ apache_user }}:{{ apache_user }}, u+rw,g+r,o+r)
unarchive: unarchive:

View file

@ -30,7 +30,7 @@
- name: Enable/Disable/Restart NGINX if primary - name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml include_tasks: nginx.yml
when: nginx_enabled | bool when: nginx_enabled
- name: Add 'mediawiki' variable values to {{ iiab_ini_file }} - name: Add 'mediawiki' variable values to {{ iiab_ini_file }}

View file

@ -2,7 +2,7 @@
template: template:
src: mediawiki-nginx.conf.j2 src: mediawiki-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/mediawiki-nginx.conf" # /etc/nginx.conf.d dest: "{{ nginx_conf_dir }}/mediawiki-nginx.conf" # /etc/nginx.conf.d
when: mediawiki_enabled | bool when: mediawiki_enabled
- name: Disable http://box{{ mediawiki_url }} & http://box{{ mediawiki_url2 }} via NGINX, by removing {{ nginx_conf_dir }}/mediawiki-nginx.conf # http://box/wiki & http://box/mediawiki - name: Disable http://box{{ mediawiki_url }} & http://box{{ mediawiki_url2 }} via NGINX, by removing {{ nginx_conf_dir }}/mediawiki-nginx.conf # http://box/wiki & http://box/mediawiki
file: file:

View file

@ -7,7 +7,7 @@
# only works if server run as root # only works if server run as root
minetest_runas_user: root minetest_runas_user: root
minetest_runas_group: root minetest_runas_group: root
when: is_raspbian | bool when: is_raspbian
# For other installs # For other installs
- name: Set some facts for other platforms - name: Set some facts for other platforms

View file

@ -5,7 +5,7 @@
name: minetest-server name: minetest-server
enabled: yes enabled: yes
state: restarted state: restarted
when: minetest_enabled | bool when: minetest_enabled
- name: Disable & Stop 'minetest-server' service - name: Disable & Stop 'minetest-server' service
systemd: systemd:

View file

@ -24,7 +24,7 @@
line: "{{ item.line }}" line: "{{ item.line }}"
with_items: with_items:
- { regexp: '^mg_name = ', line: 'mg_name = flat' } - { regexp: '^mg_name = ', line: 'mg_name = flat' }
when: minetest_flat_world | bool when: minetest_flat_world
- name: Create /library/games/minetest/worlds/world - name: Create /library/games/minetest/worlds/world
file: file:

View file

@ -49,4 +49,4 @@
with_items: with_items:
- { src: 'minetest.conf.j2', dest: '/etc/minetest/minetest.conf' } - { src: 'minetest.conf.j2', dest: '/etc/minetest/minetest.conf' }
- { src: 'minetest-server.service.j2', dest: '/etc/systemd/system/minetest-server.service' } - { src: 'minetest-server.service.j2', dest: '/etc/systemd/system/minetest-server.service' }
when: minetest_install | bool when: minetest_install

View file

@ -92,7 +92,7 @@
repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse
state: present state: present
filename: mongodb-org filename: mongodb-org
when: is_linuxmint | bool when: is_linuxmint
- name: Use mongodb-org's Ubuntu repo for all non-Mint Ubuntu - 64bit only - name: Use mongodb-org's Ubuntu repo for all non-Mint Ubuntu - 64bit only
apt_repository: apt_repository:

Some files were not shown because too many files have changed in this diff Show more