external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-02-12 11:12:06 +00:00
Code Issues Releases Wiki Activity

Merge pull request #375 from iiab/master

Browse source 
sync from iiab:master
This commit is contained in:
A Holt 2020-02-16 23:14:35 -05:00 committed by GitHub
commit 46ee174962
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
23 changed files with 457 additions and 383 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
roles/0-init/tasks/main.yml
View file

@ -37,11 +37,11 @@
include_tasks: validate_vars.yml
# SEE: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md
- name: "apache_install is currently '{{ apache_install }}' and apache_enabled is currently '{{ apache_enabled }}'. Now let's set 'apache_install: True' and 'apache_enabled: True' if NGINX is set not to be enabled OR if any of {DokuWiki, Elgg, Lokole, Moodle, Nextcloud, Node-RED} are set to install."
- name: "apache_install is currently '{{ apache_install }}' and apache_enabled is currently '{{ apache_enabled }}'. Now let's set 'apache_install: True' and 'apache_enabled: True' if NGINX is set not to be enabled OR if any of {Elgg, Lokole, Moodle, Node-RED} are set to install."
set_fact:
apache_install: True
apache_enabled: True
when: not nginx_enabled or dokuwiki_install or elgg_install or lokole_install or moodle_install or nextcloud_install or nodered_install
when: not nginx_enabled or elgg_install or lokole_install or moodle_install or nodered_install
#
#- name: "Verify 'apache_install: True' and 'apache_enabled: True' if any of {DokuWiki, Elgg, Lokole, Moodle, Nextcloud, Node-RED} are set to install"
# assert:

2
roles/gitea/defaults/main.yml
View file

@ -9,7 +9,7 @@
# Info needed to install Gitea:
gitea_version: 1.11.0
gitea_version: 1.11.1
iset_suffixes:
i386: 386
x86_64: amd64

11
roles/httpd/defaults/main.yml
View file

@ -7,15 +7,12 @@
# apache_port: 8090 # NGINX proxies to this IP address, for legacy IIAB services still requiring Apache
# apache_interface: 127.0.0.1
# For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147
# apache_high_php_limits: False
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!
# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS...
# https://github.com/iiab/iiab/blob/master/roles/httpd/tasks/enable.yml#L1-L14
# ...ARE SUITABLE FOR YOUR HARDWARE IN /etc/php/<VERSION>/apache2/php.ini
# Make this False to disable http://box/common/services/power_off.php button:
# apache_allow_sudo: True
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
# 2020-02-15: apache_high_php_limits deprecated...
# Please instead set 'nginx_high_php_limits: True' in /etc/iiab/local_vars.yml

2
roles/moodle/defaults/main.yml
View file

@ -1,4 +1,4 @@
# If using Moodle intensively, consider setting apache_high_php_limits in:
# If using Moodle intensively, consider setting nginx_high_php_limits in:
# /etc/iiab/local_vars.yml
# moodle_install: False

8
roles/nextcloud/README.md
View file

@ -19,13 +19,13 @@ The Nextcloud suite is divided into three main categories:
nextcloud_install: True
nextcloud_enabled: True
(2) If you want to access Nextcloud from IPv4 addresses across the public Internet, then also set:
<strike>(2) If you want to access Nextcloud from IPv4 addresses across the public Internet, then also set:
nextcloud_allow_public_ips: True
To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` _after_ it's created by this template: [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2)
To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` _after_ it's created by this template: [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2)</strike>
(3) Strongly consider also setting `apache_high_php_limits: True` in the 3-BASE-SERVER section of /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 5 settings in /etc/php/[ACTUAL PHP VERSION]/apache2/php.ini:
(3) Strongly consider also setting `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 5 settings in /etc/php/[ACTUAL PHP VERSION]/fpm/php.ini:
- upload_max_filesize
- post_max_size
@ -33,7 +33,7 @@ To further refine Nextcloud access controls based on IPv4 addresses, you can edi
- max_execution_time
- max_input_time
Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/httpd/tasks/enable.yml](https://github.com/iiab/iiab/blob/master/roles/httpd/tasks/enable.yml#L1-L14)
Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_front_end/tasks/main.yml#L47-L51](../www_front_end/tasks/main.yml#L47-L51)
## Using It

43
roles/nextcloud/defaults/main.yml
View file

@ -1,46 +1,51 @@
# If using Nextcloud intensively, consider setting apache_high_php_limits in:
# If using Nextcloud intensively, consider setting nginx_high_php_limits in:
# /etc/iiab/local_vars.yml
# nextcloud_install: False
# nextcloud_enabled: False
# nextcloud_allow_public_ips: False
# Configuration tips for IPv4 access controls and tuning RAM/resources:
# https://github.com/iiab/iiab/blob/master/roles/nextcloud/README.md
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
# REMOVE /opt/nextcloud/version.php TO FORCE AN INSTALL OR REINSTALL OR UPGRADE
nextcloud_url: /nextcloud
nextcloud_prefix: /opt
nextcloud_data_dir: "{{ content_base }}/nextcloud/data" # /library/nextcloud/data
# 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle
# you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112).
# The following line can avoid that: (but might install an older Nextcloud!)
# nextcloud_dl_url: http://d.iiab.io/packages
nextcloud_dl_url: https://download.nextcloud.com/server/releases
# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2
nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest.tar.bz2
nextcloud_url: /nextcloud
nextcloud_base_dir: "{{ doc_base }}" # /library/www
#nextcloud_base_dir: "{{ doc_root }}" # /library/www/html
nextcloud_root_dir: "{{ nextcloud_base_dir }}/nextcloud"
#
# 2020-02-16 options...
# /opt/nextcloud <-- Old Nextcloud recommendation
# /var/www/nextcloud <-- Nextcloud recommendation
# /library/nextcloud <-- Old IIAB recommendation
# /library/www/nextcloud <-- IIAB RECOMMENDATION FOR NOW ?
# /library/www/html/nextcloud <-- Bad idea? Security & privacy consequences?
#
# IN ANY CASE, PLEASE VERIFY nextcloud/config/config.php AFTER INSTALLATION!
#
# Nextcloud's default for now--OR PUT PERSONAL DATA ON ANOTHER DRIVE/PARTITION:
nextcloud_data_dir: "{{ nextcloud_root_dir }}/data" # /library/www/nextcloud
# For OLD OS's where PHP 7.1+ isn't detected -- e.g. Raspbian 9, Debian 9, Ubuntu 16.04
nextcloud_orig_src_file_old: latest-15.tar.bz2
nextcloud_src_file_old: nextcloud_{{ nextcloud_orig_src_file_old }}
# For NEW OS's where PHP 7.1+ is auto-detected -- e.g. Raspbian 10, Debian 10 & Ubuntu 18.04
nextcloud_orig_src_file: latest.tar.bz2
nextcloud_src_file: nextcloud_{{ nextcloud_orig_src_file }}
# We install on MySQL with these settings:
nextcloud_dbname: nextcloud
nextcloud_dbhost: localhost
nextcloud_dbuser: nextcloud
nextcloud_dbpassword: nextcloudmysql
nextcloud_user: nextcloud
nextcloud_user_password: nextcloudmysql
nextcloud_admin_user: 'Admin'
nextcloud_admin_password: 'changeme'
# 2019-09-04: UNUSED (due to changes in roles/nextcloud/templates/nextcloud.conf.j2)
nextcloud_required_ip: 10.0.0.0/8 192.168.0.0/16
# 2020-02-15: UNUSED at the time. Legacy remains from Apache:
# nextcloud_allow_public_ips: True

240
roles/nextcloud/tasks/install.yml
View file

@ -1,183 +1,117 @@
# CHECK FOR PHP VERSION AUTOMATICALLY, TO DETERMINE WHICH NEXTCLOUD TO INSTALL.
# INSPIRED BY: github.com/iiab/iiab/blob/master/roles/nodejs/tasks/main.yml#L10-L54
# INSPIRED BY: github.com/iiab/iiab/blob/master/roles/nodejs/tasks/main.yml
- name: Try to run 'php -v' to get PHP version
# e.g. converts multi-line "PHP 7.0.33-0ubuntu0.16.04.5 (cli) ( NTS ) ..." to "7.0.33"
shell: php -v | head -1 | sed 's/^[^0-9.]*//' | sed 's/[^0-9.].*//'
register: php_version_installed
#ignore_errors: yes # NOT NEC: if php is not installed, php_version_installed.stdout will get set to ""
# - name: Try to run 'php -v' to get PHP version
# # e.g. converts multi-line "PHP 7.0.33-0ubuntu0.16.04.5 (cli) ( NTS ) ..." to "7.0.33"
# shell: php -v | head -1 | sed 's/^[^0-9.]*//' | sed 's/[^0-9.].*//'
# register: php_version_installed
# #ignore_errors: yes # NOT NEC: if php is not installed, php_version_installed.stdout will get set to ""
#- debug:
# var: php_version_installed
# - debug:
# var: php_version_installed
# NOTE: this could easily be made to work even if PHP was not installed, e.g.
# by pre-initializing variable 'php_new' to False here. But trapping the
# absence of PHP (below) is a useful software safety precondition!
#
#- name: Initialize var 'php_new' to False
# set_fact:
# php_new: False
# # NOTE: this could easily be made to work even if PHP was not installed, e.g.
# # by pre-initializing variable 'php_new' to False here. But trapping the
# # absence of PHP (below) is a useful software safety precondition!
# #
# #- name: Initialize var 'php_new' to False
# # set_fact:
# # php_new: False
- name: INTENTIONALLY FAIL, IF PHP (Nextcloud prerequisite) ISN'T INSTALLED
fail:
msg: >
Nextcloud install cannot proceed, as it requires PHP be installed first.
Note that as of 2019-07-04, IIAB takes care of this by forcing vars
mysql_install and mysql_enabled to True in
/opt/iiab/iiab/roles/0-init/tasks/main.yml, which in turn forces the
installation of PHP in /opt/iiab/iiab/roles/mysql/tasks/main.yml, as
invoked by /opt/iiab/iiab/roles/3-base-server/tasks/main.yml
when: php_version_installed.stdout == ""
# - name: INTENTIONALLY FAIL, IF PHP (Nextcloud prerequisite) ISN'T INSTALLED
# fail:
# msg: >
# Nextcloud install cannot proceed, as it requires PHP be installed first.
# Note that as of 2019-07-04, IIAB takes care of this by forcing vars
# mysql_install and mysql_enabled to True in
# /opt/iiab/iiab/roles/0-init/tasks/main.yml, which in turn forces the
# installation of PHP in /opt/iiab/iiab/roles/mysql/tasks/main.yml, as
# invoked by /opt/iiab/iiab/roles/3-base-server/tasks/main.yml
# when: php_version_installed.stdout == ""
- name: Set var 'php_new' indicating if installed version of PHP ({{ php_version_installed.stdout }}) >= 7.1, as required by Nextcloud 16
set_fact:
php_new: "{{ php_version_installed.stdout is version('7.1', '>=') }}"
# Ansible's Version Comparison routine:
# https://docs.ansible.com/ansible/latest/user_guide/playbooks_tests.html#version-comparison
when: php_version_installed.stdout != "" # i.e. IF ABOVE 'php -v' WORKED
# - name: Set var 'php_new' indicating if installed version of PHP ({{ php_version_installed.stdout }}) >= 7.1, as required by Nextcloud 16
# set_fact:
# php_new: "{{ php_version_installed.stdout is version('7.1', '>=') }}"
# # Ansible's Version Comparison routine:
# # https://docs.ansible.com/ansible/latest/user_guide/playbooks_tests.html#version-comparison
# when: php_version_installed.stdout != "" # i.e. IF ABOVE 'php -v' WORKED
#- debug:
# var: php_new
# - debug:
# var: php_new
- name: Download {{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file_old }} to {{ downloads_dir }}/{{ nextcloud_src_file_old }} on older OS's lacking PHP 7.1+
get_url:
url: "{{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file_old }}"
dest: "{{ downloads_dir }}/{{ nextcloud_src_file_old }}"
timeout: "{{ download_timeout }}"
force: yes
#validate_certs: False # TEMPORARY ON/AFTER 2018-07-22 AS download.nextcloud.com CERT EXPIRED: https://github.com/iiab/iiab/issues/954
#async: 1800
#poll: 10
when: internet_available and not php_new
#when: internet_available and nextcloud_force_install and (is_debian_9 or is_raspbian_9 or is_ubuntu_16)
- name: Download {{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file }} to {{ downloads_dir }}/{{ nextcloud_src_file }} on newer OS's that have PHP 7.1+
get_url:
url: "{{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file }}"
dest: "{{ downloads_dir }}/{{ nextcloud_src_file }}"
timeout: "{{ download_timeout }}"
force: yes
#validate_certs: False # TEMPORARY ON/AFTER 2018-07-22 AS download.nextcloud.com CERT EXPIRED: https://github.com/iiab/iiab/issues/954
#async: 1800
#poll: 10
when: internet_available and php_new
#when: internet_available and nextcloud_force_install and not (is_debian_9 or is_raspbian_9 or is_ubuntu_16)
# Ubuntu and Debian treat names differently
- name: Install 4 php packages (debian/raspian)
# https://docs.nextcloud.com/server/18/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
- name: Install ffmpeg + libxml2 + 13 php packages
package:
name:
- "libapache2-mod-php{{ php_version }}"
- "php{{ php_version }}-imagick"
- "php{{ php_version }}-mbstring"
- "php{{ php_version }}-zip"
state: present
when: is_debian | bool
# Ubuntu and Debian treat names differently
- name: Install 4 php packages (ubuntu)
package:
name:
- libapache2-mod-php
- php-imagick
#- dnsutils # NOT REQUESTED by Nextcloud
- ffmpeg # Optional (for preview generation)
- libxml2 # php-libxml requires libxml2 >= 2.7.0
#- libapache2-mod-php # 2020-02-15: NO LONGER NEEDED?
- php-bz2 # Optional (for extraction of apps)
#- php-cli # NOT REQUESTED by Nextcloud
#- php-common # NOT REQUESTED by Nextcloud
- php-curl
- php-fpm # ALSO INSTALLED IN roles/www_back_end (Stage 3) for nginx_high_php_limits
- php-gd
- php-gmp # Optional (for SFTP storage)
- php-imagick # Optional (for preview generation)
- php-intl # Optional (increases language translation performance and fixes sorting of non-ASCII characters)
- php-json
#- php-libxml # NOT INSTALLABLE: ENABLED BY DEFAULT (https://www.php.net/manual/en/libxml.installation.php)
- php-mbstring
- php-mysql
#- php-openssl # NOT INSTALLABLE: ENABLED BY DEFAULT?
#- php-pdo_mysql # NOT INSTALLABLE: php-mysql handles this on all OS's?
#- php-redis # @m-anish future work?
#- php-session # NOT INSTALLABLE: ENABLED BY DEFAULT?
- php-smbclient # Optional (SMB/CIFS integration
- php-xml # NOT FORMALLY REQUESTED by Nextcloud (BUT hopefully delivers php-simplexml if not {php-xmlreader, php-xmlwriter} on Raspbian?)
- php-zip
#- php-zlib # NOT INSTALLABLE: ENABLED BY DEFAULT?
state: present
when: is_ubuntu | bool
- name: Install 5 more php packages (debuntu)
# https://docs.nextcloud.com/server/18/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
- name: Install 9 additional php packages, if OS is not Raspbian (these are not available on Raspbian on RPi, as of Feb 2020)
package:
name:
- "php{{ php_version }}-gd"
- "php{{ php_version }}-json"
- "php{{ php_version }}-mysql"
- "php{{ php_version }}-curl"
- "php{{ php_version }}-intl"
- php-ctype
- php-dom
- php-exif # Optional (for image rotation in pictures app)
- php-fileinfo # Optional (enhances file analysis performance)
- php-iconv
- php-posix
- php-simplexml
- php-xmlreader
- php-xmlwriter
state: present
when: is_debuntu | bool
when: not is_raspbian
- name: 'Install php{{ php_version }}-mcrypt IF this is a "pre-2018" distro in the debuntu family. NOTE: PHP 7.1 deprecated mcrypt 1-Dec-2016 and PHP 7.2 dropped it completely 30-Nov-2017, as it should no longer be nec.'
package:
name: "php{{ php_version }}-mcrypt"
state: present
when: is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17
# NOT NEC TO TEST FOR is_raspbian_8 OR is_raspbian_9 AS /opt/iiab/iiab/vars/<OS>.yml
# DEFINES THESE AS SUBSETS OF is_debian_8 OR is_debian_9 (FOR NOW!)
## we need to install the rpm in order to get the dependencies
## but we only need to do this the first time
#
#- name: Install 7 php packages (redhat)
# package:
# name:
# - php
# - php-gd
# - php-json
# - php-mysql
# - php-curl
# - php-intl
# - php-mcrypt
# # CentOS does not have a package for php-imagick
# #- php-imagick
# state: present
# when: is_redhat | bool
- name: Unarchive {{ nextcloud_src_file_old }} to permanent location {{ nextcloud_prefix }}/nextcloud on older OS's lacking PHP 7.1+ # i.e. unpack nextcloud_latest-15.tar.bz2 to /opt/nextcloud
unarchive:
src: "{{ downloads_dir }}/{{ nextcloud_src_file_old }}"
dest: "{{ nextcloud_prefix }}"
#creates: "{{ nextcloud_prefix }}/nextcloud/version.php"
when: not php_new
#when: nextcloud_force_install and (is_debian_9 or is_raspbian_9 or is_ubuntu_16)
- name: Unarchive {{ nextcloud_src_file }} to permanent location {{ nextcloud_prefix }}/nextcloud on newer OS's that have PHP 7.1+ # i.e. unpack nextcloud_latest-16.tar.bz2 to /opt/nextcloud
unarchive:
src: "{{ downloads_dir }}/{{ nextcloud_src_file }}"
dest: "{{ nextcloud_prefix }}"
#creates: "{{ nextcloud_prefix }}/nextcloud/version.php"
when: php_new | bool
#when: nextcloud_force_install and not (is_debian_9 or is_raspbian_9 or is_ubuntu_16)
#- name: Create dir /etc/nextcloud (centos) for a subsequent config dir that's symlinked to /etc/nextcloud ?
# file:
# path: /etc/nextcloud
# state: directory
# when: is_centos | bool
#
#- name: Install {{ nextcloud_prefix }}/nextcloud/config/autoconfig.php from template (centos)
# template:
# src: autoconfig.php.j2
# dest: "{{ nextcloud_prefix }}/nextcloud/config/autoconfig.php"
# owner: "{{ apache_user }}"
# group: "{{ apache_user }}"
# mode: '0640'
# when: is_centos | bool
- name: chown -R {{ apache_user }}:{{ apache_user }} {{ nextcloud_prefix }}/nextcloud
- name: Create dir {{ nextcloud_root_dir }}
file:
path: "{{ nextcloud_prefix }}/nextcloud" # /opt
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
recurse: yes
state: directory
path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud
- name: Create data directory {{ nextcloud_data_dir }}
file:
path: "{{ nextcloud_data_dir }}" # /opt/nextcloud/data
owner: "{{ apache_user }}"
- name: Unarchive {{ nextcloud_dl_url }} to {{ nextcloud_root_dir }} ({{ apache_user }}:{{ apache_user }})
unarchive:
remote_src: yes
src: "{{ nextcloud_dl_url }}"
#dest: "{{ nextcloud_base_dir }}" # /library/www
dest: "{{ nextcloud_root_dir }}" # /library/www/nextcloud
owner: "{{ apache_user }}" # apache2 on debuntu
group: "{{ apache_user }}"
mode: '0750'
state: directory
extra_opts: --strip-components=1 # Or use 'dest: /library/www' above
when: internet_available
- name: Install Apache's nextcloud.conf from template, for http://box/nextcloud
- name: Provision Nextcloud's MySQL DB, run Nextcloud's install wizard, etc
include_tasks: setup.yml
- name: Install /etc/{{ apache_conf_dir }}/nextcloud.conf from template, for http://box{{ nextcloud_url }} # http://box/nextcloud
template:
src: nextcloud.conf.j2
dest: "/etc/{{ apache_conf_dir }}/nextcloud.conf"
- name: Provision Nextcloud's MySQL DB, run Nextcloud's install wizard etc
include_tasks: setup.yml
dest: "/etc/{{ apache_conf_dir }}/nextcloud.conf" # apache2/sites-available on debuntu
when: apache_install | bool
# RECORD Nextcloud AS INSTALLED

23
roles/nextcloud/tasks/main.yml
View file

@ -22,14 +22,11 @@
- name: Install Nextcloud if 'nextcloud_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: nextcloud_installed is undefined
#
# ABOVE install.yml RUNS setup.yml
#- name: Enable/Disable/Restart Apache if primary
- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
- name: Enable/Disable/Restart Apache if primary
include_tasks: apache.yml
#when: not nginx_enabled
when: not nginx_enabled
- name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml
@ -47,11 +44,15 @@
value: Nextcloud
- option: description
value: '"Nextcloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."'
- option: path
value: "{{ nextcloud_prefix }}/nextcloud"
- option: nextcloud_orig_src_file
value: "{{ nextcloud_orig_src_file }}"
- option: nextcloud_src_file
value: "{{ nextcloud_src_file }}"
- option: nextcloud_dl_url
value: "{{ nextcloud_dl_url }}"
- option: nextcloud_url
value: "{{ nextcloud_url }}"
- option: nextcloud_base_dir
value: "{{ nextcloud_base_dir }}"
- option: nextcloud_root_dir
value: "{{ nextcloud_root_dir }}"
- option: nextcloud_data_dir
value: "{{ nextcloud_data_dir }}"
- option: nextcloud_enabled
value: "{{ nextcloud_enabled }}"

7
roles/nextcloud/tasks/nginx.yml
View file

@ -10,7 +10,10 @@
state: absent
when: not nextcloud_enabled
- name: Restart 'nginx' systemd service
- name: Restart 'nginx' & 'php{{ php_version }}-fpm' systemd services
systemd:
name: nginx
name: "{{ item }}"
state: restarted
with_items:
- nginx
- "php{{ php_version }}-fpm"

100
roles/nextcloud/tasks/setup.yml
View file

@ -9,23 +9,51 @@
password: "{{ nextcloud_dbpassword }}"
priv: "{{ nextcloud_dbname }}.*:ALL,GRANT"
with_items:
- "{{ nextcloud_dbhost }}"
- 127.0.0.1
- ::1
- localhost
# The install wizard fails if already installed.
- name: Determine if Nextcloud is installed
# https://docs.nextcloud.com/server/18/admin_manual/installation/command_line_installation.html
- name: Create data dir {{ nextcloud_data_dir }}
file:
state: directory
path: "{{ nextcloud_data_dir }}" # /library/www/nextcloud/data
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
# 1 of 3: Very Old Way... from OwnCloud days
#- name: Install {{ nextcloud_root_dir }}/config/autoconfig.php from template
# template:
# src: autoconfig.php.j2
# dest: "{{ nextcloud_root_dir }}/config/autoconfig.php"
# owner: "{{ apache_user }}"
# group: "{{ apache_user }}"
# mode: '0640'
# 2 of 3: Another Possible Way... not quite ready for prime time
# - name: Set 'datadirectory' to {{ nextcloud_data_dir }} in {{ nextcloud_root_dir }}/config/config.php
# lineinfile:
# path: "{{ nextcloud_root_dir }}/config/config.php"
# regexp: "^ 'datadirectory' => "
# insertafter: '^\$CONFIG = array \('
# line: " 'datadirectory' => '{{ nextcloud_data_dir }}',"
# 2020-02-16: SHOULD THIS STANZA GO AWAY IN FUTURE, in favor of 'nextcloud_installed is undefined' test below?
- name: Use php to determine if Nextcloud is installed (causes install wizard to fail)
shell: >
php {{ nextcloud_prefix }}/nextcloud/occ status |
php {{ nextcloud_root_dir }}/occ status |
gawk '/installed:/ { print $3 }'
become: yes
become_user: "{{ apache_user }}"
register: returned
- name: Run Nextcloud initial install wizard
# 3 of 3: New Way In 2020... use --data-dir "{{ nextcloud_data_dir }}"
# https://docs.nextcloud.com/server/18/admin_manual/installation/command_line_installation.html
# https://docs.nextcloud.com/server/18/admin_manual/configuration_server/occ_command.html#command-line-installation-label
- name: Run Nextcloud initial install wizard, seeding data dir {{ nextcloud_data_dir }} (IF THIS FAILS, CONSIDER MANUALLY DROPPING MySQL db '{{ nextcloud_dbname }}' THEN RERUN THIS)
shell: >
cd {{ nextcloud_prefix }}/nextcloud;
cd {{ nextcloud_root_dir }};
php occ maintenance:install
--database "mysql"
--database-name "{{ nextcloud_dbname }}"
@ -33,54 +61,22 @@
--database-pass "{{ nextcloud_dbpassword }}"
--admin-user "{{ nextcloud_admin_user }}"
--admin-pass "{{ nextcloud_admin_password }}"
--data-dir "{{ nextcloud_data_dir }}"
become: yes
become_user: "{{ apache_user }}"
when: nextcloud_enabled and returned.stdout == "false"
#when: nextcloud_installed is undefined
when: returned.stdout == "false" # and nextcloud_enabled
# RELATED: /etc/apache2/sites-available/nextcloud.conf sourced from
# https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2
- name: 'Allow Nextcloud access from all hosts and IP addresses (SEE ALSO: /etc/apache2/sites-available/nextcloud.conf)'
command: php {{ nextcloud_prefix }}/nextcloud/occ config:system:set trusted_domains 1 --value=*
become: yes
become_user: "{{ apache_user }}"
when: nextcloud_enabled and returned.stdout == "false"
# Code below was NEVER RUNNING as of 2018-10-29, as "wc | cut -d' ' -f1" ALWAYS
# returns null (rather than the intended returned_count !) This line could
# be replaced by ALTERNATIVE 1 or ALTERNATIVE 2 below IF it truly needs fixing.
#
# Or perhaps default user/password nextcloud/nextcloudmysql (from variables
# nextcloud_user/nextcloud_user_password) is just not needed in the end...
#
# NOTE: COMMENTS (FOLLOWING '#' SIGN) WITHIN A SHELL COMMAND CAUSE IT TO *FAIL*
#
#- name: Determine if Nextcloud user exists already
# shell: >
# php {{ nextcloud_prefix }}/nextcloud/occ user:list |
# grep {{ nextcloud_user }} | wc | cut -d' ' -f1 # USELESS
# #grep {{ nextcloud_user }} | wc -l # ALTERNATIVE 1
# #grep {{ nextcloud_user }} | wc | awk '{print $1}' # ALTERNATIVE 2
# become: yes
# become_user: "{{ apache_user }}"
# register: returned_count
#
# debug:
# var: returned_count
#
## nextcloud wants to make users rather than just mysql users and not done
#- name: Create the default user
# shell: >
# OC_PASS={{ nextcloud_user_password }};
# php {{ nextcloud_prefix }}/nextcloud/occ user:add
# --password-from-env --display-name={{ nextcloud_user }}
# --group="users" {{ nextcloud_user }}
# become: yes
# become_user: "{{ apache_user }}"
# when: nextcloud_enabled and returned_count == "0"
# 2019-09-04: NEXT 5 LINES APPEAR INEFFECTIVE DURING 1ST INSTALL? (possibly "overwrite.cli.url" appears later, when Nextcloud's web install completes using http://box/nextcloud ?)
- name: Try to remove overwrite.cli.url line (Rewrite URL) from /opt/nextcloud/config/config.php
# https://docs.nextcloud.com/server/18/admin_manual/installation/source_installation.html#php-fpm-configuration-notes
- name: Set 'clear_env = no' in /etc/php/{{ php_version }}/fpm/pool.d/www.conf
lineinfile:
regexp: "overwrite.cli.url"
state: absent
path: "{{ nextcloud_prefix }}/nextcloud/config/config.php"
path: "/etc/php/{{ php_version }}/fpm/pool.d/www.conf"
regexp: '^clear_env'
insertafter: ';.*clear_env'
line: 'clear_env = no'
- name: 'Allow Nextcloud access from all hosts and IP addresses (SEE ALSO: /etc/apache2/sites-available/nextcloud.conf)'
command: php {{ nextcloud_root_dir }}/occ config:system:set trusted_domains 1 --value=*
become: yes
become_user: "{{ apache_user }}"

0
roles/nextcloud/templates/autoconfig.php.j2 → roles/nextcloud/templates/autoconfig.php.j2.unused
View file

149
roles/nextcloud/templates/nextcloud-nginx.conf.j2
View file

@ -1,10 +1,143 @@
location {{ nextcloud_url }} {
proxy_pass http://127.0.0.1:{{ apache_port }}{{ nextcloud_url }};
}
# 2020-02-16: Customized from template...thanks to @m_anish:
#
# https://docs.nextcloud.com/server/18/admin_manual/installation/nginx.html#nextcloud-in-a-subdir-of-nginx
# https://docs.nextcloud.com/server/18/admin_manual/installation/nginx.html#nextcloud-in-the-webroot-of-nginx
location ~ {{ nextcloud_url }}/.*\.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:{{ apache_port }};
location ^~ {{ nextcloud_url }} {
## Add headers to serve security related headers
## Before enabling Strict-Transport-Security headers please read into this
## topic first.
##add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
##
## WARNING: Only add the preload option once you read about
## the consequences in https://hstspreload.org/. This option
## will add the domain to a hardcoded list that is shipped
## in all major browsers and getting removed from this list
## could take several months.
#
# THESE 1 + 6 ALSO APPEAR ~100 LINES BELOW
#
#add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
## Remove X-Powered-By, which is an information leak
#fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
#root {{ nextcloud_root_dir }}; # /library/www/nextcloud IN FUTURE ??
root {{ nextcloud_base_dir }}; # /library/www == {{ doc_base }} FOR NOW
location = /nextcloud/robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /nextcloud/.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /nextcloud/.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location /nextcloud {
rewrite ^ /nextcloud/index.php;
}
location ~ ^\/nextcloud\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/nextcloud\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
#fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/nextcloud\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block
location ~ ^\/nextcloud\/.+[^\/]\.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /nextcloud/index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#
# THESE 1 + 6 ALSO APPEAR ~100 LINES ABOVE
#
#add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets
access_log off;
}
location ~ ^\/nextcloud\/.+[^\/]\.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /nextcloud/index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}

10
roles/nextcloud/templates/nextcloud-nginx.conf.j2.shim.unused Normal file
View file

@ -0,0 +1,10 @@
location {{ nextcloud_url }} {
proxy_pass http://127.0.0.1:{{ apache_port }}{{ nextcloud_url }};
}
location ~ {{ nextcloud_url }}/.*\.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:{{ apache_port }};
}

40
roles/nextcloud/templates/nextcloud.conf.j2
View file

@ -1,10 +1,8 @@
# Ansible template that becomes /etc/apache2/sites-available/nextcloud.conf
Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud
Alias {{ nextcloud_url }} {{ nextcloud_root_dir }}
<Directory {{ nextcloud_prefix }}/nextcloud/>
# 2019-09-04 commenting out towards future removal
#Options -Indexes
<Directory {{ nextcloud_root_dir }}/>
Options +FollowSymlinks
AllowOverride All
@ -13,10 +11,7 @@ Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud
# Apache 2.4
# http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html
# 2019-09-04 commenting out towards future removal
#Require host localhost
{% if nextcloud_allow_public_ips %}
{% if True %} {# 2020-02-15: Condition WAS... nextcloud_allow_public_ips #}
# PERMIT ACCESS FROM ALL IPv4 ADDRESSES:
Require all granted
# PERMIT ACCESS FROM THESE IPv4 ADDRESS RANGES ONLY:
@ -32,33 +27,4 @@ Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud
#Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} {{ openvpn_server_virtual_ip }}/255.255.255.0
</IfModule>
# 2019-09-04 commenting out towards future removal
#<IfModule !mod_authz_core.c>
## Apache 2.2
#Order Deny,Allow
#Deny from all
#Allow from 127.0.0.1
#Allow from ::1
#</IfModule>
#
#ErrorDocument 404 /core/templates/404.php
#
# 2019-09-04 commenting out towards future removal
#<IfModule mod_php5.c>
#php_value upload_max_filesize 512M
#php_value post_max_size 512M
#php_value memory_limit 512M
#php_value mbstring.func_overload 0
#</IfModule>
#
#SetEnv htaccessWorking true
#
#<IfModule pagespeed_module>
#ModPagespeed Off
#</IfModule>
#
#RewriteEngine on
#RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last]
#RewriteRule ^\.well-known/carddav /remote.php/carddav/ [R]
#RewriteRule ^\.well-known/caldav /remote.php/caldav/ [R]
</Directory>

6
roles/nginx/README.md
View file

@ -10,7 +10,7 @@
2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX.
3. Current state of IIAB App/Service migrations as of 2020-02-14:
3. Current state of IIAB App/Service migrations as of 2020-02-16:
1. These support "Native" NGINX but ***NOT*** Apache
* Admin Console
@ -28,6 +28,7 @@
* kolibri
* mediawiki
* munin
* nextcloud
* sugarizer
* wordpress
@ -35,7 +36,6 @@
* elgg
* lokole
* moodle
* nextcloud ([PR #2119](https://github.com/iiab/iiab/pull/2119)) [*]
* nodered
4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations). In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite)
@ -46,4 +46,4 @@
* openvpn [*]
* pbx [*]
[*] The 6 above starred roles could use improvement, as of 2020-02-14.
[*] The 5 above starred roles could use improvement, as of 2020-02-16.

3
roles/nginx/defaults/main.yml
View file

@ -10,5 +10,8 @@
# nginx_conf_dir: /etc/nginx/conf.d
# nginx_log_dir: /var/log/nginx
# For schools that use WordPress/Nextcloud/Moodle intensively:
# nginx_high_php_limits: False
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!

2
roles/wordpress/defaults/main.yml
View file

@ -1,4 +1,4 @@
# If using WordPress intensively, consider setting apache_high_php_limits in:
# If using WordPress intensively, consider setting nginx_high_php_limits in:
# /etc/iiab/local_vars.yml
# wordpress_install: False

21
roles/www_back_end/tasks/main.yml
View file

@ -5,29 +5,8 @@
- include_tasks: html.yml
- include_tasks: php-stem.yml
# 2020-02-12: DOES THE FLAG BELOW (apache_high_php_limits) WORK WITH NGINX TOO?
# COMPARE apache_allow_sudo @ roles/www_front_end/tasks/main.yml
# For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!
- name: Enact high limits in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini if using WordPress/Nextcloud/Moodle intensively
lineinfile:
path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
when: apache_high_php_limits | bool
with_items:
- { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' }
- { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' }
- { regexp: '^memory_limit', line: 'memory_limit = 256M ; default is 128M / Nextcloud requests 512M' }
- { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' }
- { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' }
- name: Create dir {{ doc_root }}/home -- if you customized var iiab_home_url e.g. in /etc/iiab/local_vars.yml, that dir is created later -- by www_front_end/tasks/main.yml
file:
state: directory

37
roles/www_front_end/tasks/main.yml
View file

@ -25,11 +25,46 @@
when: nginx_install | bool
- block: # 3-STANZA BLOCK BEGINS
# Also installed by roles/nextcloud/tasks/install.yml in case './runrole nextcloud' bypasses this role here. (Possibly make php-fpm mandatory in nginx/tasks/install.yml in future?)
- name: Install php-fpm (FastCGI Process Manager) as nec
package:
name: php-fpm
# For schools that use WordPress/Nextcloud/Moodle intensively.
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!
# COMPARE apache_allow_sudo further below.
- name: Enact high limits in /etc/php/{{ php_version }}/fpm/php.ini if using WordPress/Nextcloud/Moodle intensively, as nec
lineinfile:
path: "/etc/php/{{ php_version }}/fpm/php.ini"
#path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
- { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' }
- { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' }
- { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' }
- { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' }
- { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' }
when: nginx_high_php_limits
- name: Restart 'php{{ php_version }}-fpm' systemd services, as nec
systemd:
name: "php{{ php_version }}-fpm"
state: restarted
when: (nextcloud_install or pbx_install) and nginx_enabled # 3-STANZA BLOCK ENDS
# 'Is a "Rapid Power Off" button possible for low-electricity environments?'
# gives more details here: http://FAQ.IIAB.IO
# COMPARE nginx_high_php_limits further above.
# 2020-02-12: DOES THE FLAG BELOW (apache_allow_sudo) WORK WITH NGINX TOO ?
# COMPARE apache_high_php_limits @ roles/www_back_end/tasks/main.yml
- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_apache_poweroff from template
template:

43
vars/default_vars.yml
View file

@ -236,6 +236,12 @@ exFAT_enabled: True
admin_console_install: True
admin_console_enabled: True
# MySQL MANDATORY - THESE 2 VARS HAVE NO EFFECT - SEE roles/0-init/tasks/main.yml & roles/mysql/tasks/main.yml
mysql_install: True
mysql_enabled: True
# mysql_root_password: $6$iiab51$3ICIW0CLWxxMW2a3yrHZ38ukZItD5tcadL4rWcE9D.qIGStxhh8rRsaSxoj3b.MYxI/VRDNjpzSYK/V6zkWFI0
mysql_root_password: fixmysql
# 2019-01-13: IIAB's use of NGINX is still evolving -- please review this
# evolving doc: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md
nginx_install: True
@ -244,6 +250,13 @@ nginx_port: 80
nginx_interface: 0.0.0.0
nginx_conf_dir: /etc/nginx/conf.d
nginx_log_dir: /var/log/nginx
#
# For schools that use WordPress/Nextcloud/Moodle intensively:
nginx_high_php_limits: False
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!
# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS...
# https://github.com/iiab/iiab/blob/master/roles/www_back_end/tasks/main.yml#L23-L27
# ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php/<VERSION>/fpm/php.ini
# See also Apache vars {default_language, language_priority} @ top of this file
apache_install: True
@ -253,22 +266,9 @@ apache_enabled: False
apache_port: 8090
apache_interface: 127.0.0.1 # 2020-01-13: Var unused
#
# For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147
apache_high_php_limits: False
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!
# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS...
# https://github.com/iiab/iiab/blob/master/roles/httpd/tasks/main.yml#L80-L84
# ...ARE SUITABLE FOR YOUR HARDWARE IN /etc/php/<VERSION>/apache2/php.ini
#
# Make this False to disable http://box/common/services/power_off.php button:
apache_allow_sudo: True
# MySQL MANDATORY - THESE 2 VARS HAVE NO EFFECT - SEE roles/0-init/tasks/main.yml & roles/mysql/tasks/main.yml
mysql_install: True
mysql_enabled: True
# mysql_root_password: $6$iiab51$3ICIW0CLWxxMW2a3yrHZ38ukZItD5tcadL4rWcE9D.qIGStxhh8rRsaSxoj3b.MYxI/VRDNjpzSYK/V6zkWFI0
mysql_root_password: fixmysql
# 4-SERVER-OPTIONS
@ -343,8 +343,8 @@ azuracast_enabled: False
azuracast_http_port: 10080
azuracast_https_port: 10443
# AzuraCast needs many ports in the 8000:8100 range by default, but IIAB services
# conflict with those ports so this variable below sets a sane prefix.
# AzuraCast needs many ports in the 8000:8100 range by default, but IIAB
# services conflict with those ports so this variable below sets a sane prefix.
# e.g. setting the below variable to 10 will result in port ranges 10000-10100
# being reserved for AzuraCast:
azuracast_port_range_prefix: 10
@ -399,17 +399,20 @@ nodered_port: 1880
nodered_web_path: nodered
# Store your docs, calendar, contacts & photos on your local server not cloud!
# If using WordPress intensively, set apache_high_php_limits in 3-BASE-SERVER
# If using Nextcloud intensively, set nginx_high_php_limits further above.
nextcloud_install: False
nextcloud_enabled: False
nextcloud_allow_public_ips: False
#
# 2020-02-15: UNUSED at this time. Legacy remains from Apache:
# nextcloud_allow_public_ips: True
#
# Configuration tips for IPv4 access controls and tuning RAM/resources:
# https://github.com/iiab/iiab/blob/master/roles/nextcloud/README.md
#
# 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle
# you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112).
# Uncomment the following line to end that: (might install an older Nextcloud!)
# nextcloud_dl_url: http://d.iiab.io/packages
# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3.
@ -421,7 +424,7 @@ pbx_signaling_ports_chan_pjsip: "5060"
pbx_data_ports: "10000:20000"
pbx_http_port: 83
# If using WordPress intensively, set apache_high_php_limits in 3-BASE-SERVER
# If using WordPress intensively, set nginx_high_php_limits further above.
wordpress_install: False
wordpress_enabled: False
@ -452,7 +455,7 @@ iiab_zim_path: "{{ content_base }}/zims" # /library/zims
moodle_install: False
moodle_enabled: False
# If using Moodle intensively, set apache_high_php_limits in 3-BASE-SERVER
# If using Moodle intensively, set nginx_high_php_limits further above.
# MongoDB (/library/dbdata/mongodb) greatly enhances the Sugarizer experience.
# This role was formerly installed by roles/sugarizer/meta/main.yml

29
vars/local_vars_big.yml
View file

@ -136,20 +136,20 @@ pi_swap_file_size: 1024
# 3-BASE-SERVER
# See also Apache vars {default_language, language_priority} @ top of this file
#
# For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147
apache_high_php_limits: False
# roles/mysql runs here (mandatory)
# For schools that use WordPress/Nextcloud/Moodle intensively:
nginx_high_php_limits: False
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!
# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS...
# https://github.com/iiab/iiab/blob/master/roles/httpd/tasks/main.yml#L80-L84
# ...ARE SUITABLE FOR YOUR HARDWARE IN /etc/php/<VERSION>/apache2/php.ini
# https://github.com/iiab/iiab/blob/master/roles/www_back_end/tasks/main.yml#L23-L27
# ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php/<VERSION>/fpm/php.ini
# See also Apache vars {default_language, language_priority} @ top of this file
#
# Make this False to disable http://box/common/services/power_off.php button:
apache_allow_sudo: True
# roles/mysql runs here (mandatory)
# 4-SERVER-OPTIONS
@ -236,17 +236,20 @@ nodered_install: True
nodered_enabled: True
# Store your docs, calendar, contacts & photos on your local server not cloud!
# If using WordPress intensively, set apache_high_php_limits in 3-BASE-SERVER
# If using Nextcloud intensively, set nginx_high_php_limits further above.
nextcloud_install: True
nextcloud_enabled: True
nextcloud_allow_public_ips: False
#
# 2020-02-15: UNUSED at this time. Legacy remains from Apache:
# nextcloud_allow_public_ips: True
#
# Configuration tips for IPv4 access controls and tuning RAM/resources:
# https://github.com/iiab/iiab/blob/master/roles/nextcloud/README.md
#
# 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle
# you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112).
# Uncomment the following line to end that: (might install an older Nextcloud!)
# nextcloud_dl_url: http://d.iiab.io/packages
# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3.
@ -254,7 +257,7 @@ pbx_install: False
pbx_enabled: False
asterisk_chan_dongle: False
# If using WordPress intensively, set apache_high_php_limits in 3-BASE-SERVER
# If using WordPress intensively, set nginx_high_php_limits further above.
wordpress_install: True
wordpress_enabled: True
@ -278,7 +281,7 @@ kiwix_enabled: True
# Warning: Moodle is a serious LMS, that takes a while to install
moodle_install: True
moodle_enabled: True
# If using Moodle intensively, set apache_high_php_limits in 3-BASE-SERVER
# If using Moodle intensively, set nginx_high_php_limits further above.
# Regional OSM vector maps use far less disk space than bitmap/raster versions.
# Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps

29
vars/local_vars_medium.yml
View file

@ -136,20 +136,20 @@ pi_swap_file_size: 1024
# 3-BASE-SERVER
# See also Apache vars {default_language, language_priority} @ top of this file
#
# For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147
apache_high_php_limits: False
# roles/mysql runs here (mandatory)
# For schools that use WordPress/Nextcloud/Moodle intensively:
nginx_high_php_limits: False
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!
# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS...
# https://github.com/iiab/iiab/blob/master/roles/httpd/tasks/main.yml#L80-L84
# ...ARE SUITABLE FOR YOUR HARDWARE IN /etc/php/<VERSION>/apache2/php.ini
# https://github.com/iiab/iiab/blob/master/roles/www_back_end/tasks/main.yml#L23-L27
# ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php/<VERSION>/fpm/php.ini
# See also Apache vars {default_language, language_priority} @ top of this file
#
# Make this False to disable http://box/common/services/power_off.php button:
apache_allow_sudo: True
# roles/mysql runs here (mandatory)
# 4-SERVER-OPTIONS
@ -236,17 +236,20 @@ nodered_install: False
nodered_enabled: False
# Store your docs, calendar, contacts & photos on your local server not cloud!
# If using WordPress intensively, set apache_high_php_limits in 3-BASE-SERVER
# If using Nextcloud intensively, set nginx_high_php_limits further above.
nextcloud_install: True
nextcloud_enabled: True
nextcloud_allow_public_ips: False
#
# 2020-02-15: UNUSED at this time. Legacy remains from Apache:
# nextcloud_allow_public_ips: True
#
# Configuration tips for IPv4 access controls and tuning RAM/resources:
# https://github.com/iiab/iiab/blob/master/roles/nextcloud/README.md
#
# 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle
# you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112).
# Uncomment the following line to end that: (might install an older Nextcloud!)
# nextcloud_dl_url: http://d.iiab.io/packages
# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3.
@ -254,7 +257,7 @@ pbx_install: False
pbx_enabled: False
asterisk_chan_dongle: False
# If using WordPress intensively, set apache_high_php_limits in 3-BASE-SERVER
# If using WordPress intensively, set nginx_high_php_limits further above.
wordpress_install: True
wordpress_enabled: True
@ -278,7 +281,7 @@ kiwix_enabled: True
# Warning: Moodle is a serious LMS, that takes a while to install
moodle_install: False
moodle_enabled: False
# If using Moodle intensively, set apache_high_php_limits in 3-BASE-SERVER
# If using Moodle intensively, set nginx_high_php_limits further above.
# Regional OSM vector maps use far less disk space than bitmap/raster versions.
# Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps

31
vars/local_vars_min.yml
View file

@ -136,20 +136,20 @@ pi_swap_file_size: 1024
# 3-BASE-SERVER
# See also Apache vars {default_language, language_priority} @ top of this file
#
# For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147
apache_high_php_limits: False
# roles/mysql runs here (mandatory)
# For schools that use WordPress/Nextcloud/Moodle intensively:
nginx_high_php_limits: False
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!
# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS...
# https://github.com/iiab/iiab/blob/master/roles/httpd/tasks/main.yml#L80-L84
# ...ARE SUITABLE FOR YOUR HARDWARE IN /etc/php/<VERSION>/apache2/php.ini
# https://github.com/iiab/iiab/blob/master/roles/www_back_end/tasks/main.yml#L23-L27
# ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php/<VERSION>/fpm/php.ini
# See also Apache vars {default_language, language_priority} @ top of this file
#
# Make this False to disable http://box/common/services/power_off.php button:
apache_allow_sudo: True
# roles/mysql runs here (mandatory)
# 4-SERVER-OPTIONS
@ -236,17 +236,20 @@ nodered_install: False
nodered_enabled: False
# Store your docs, calendar, contacts & photos on your local server not cloud!
# If using WordPress intensively, set apache_high_php_limits in 3-BASE-SERVER
# If using Nextcloud intensively, set nginx_high_php_limits further above.
nextcloud_install: False
nextcloud_enabled: False
nextcloud_allow_public_ips: False
#
# 2020-02-15: UNUSED at this time. Legacy remains from Apache:
# nextcloud_allow_public_ips: True
#
# Configuration tips for IPv4 access controls and tuning RAM/resources:
# https://github.com/iiab/iiab/blob/master/roles/nextcloud/README.md
#
# 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle
# you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112).
# Uncomment the following line to end that: (might install an older Nextcloud!)
# nextcloud_dl_url: http://d.iiab.io/packages
# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3.
@ -254,7 +257,7 @@ pbx_install: False
pbx_enabled: False
asterisk_chan_dongle: False
# If using WordPress intensively, set apache_high_php_limits in 3-BASE-SERVER
# If using WordPress intensively, set nginx_high_php_limits further above.
wordpress_install: False
wordpress_enabled: False
@ -275,10 +278,10 @@ kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta
kiwix_install: True
kiwix_enabled: True
# Warning: Moodle is a serious LMS, that takes a while to install
# Warning: Moodle is a serious LMS, that takes a while to install.
moodle_install: False
moodle_enabled: False
# If using Moodle intensively, set apache_high_php_limits in 3-BASE-SERVER
# If using Moodle intensively, set nginx_high_php_limits further above.
# Regional OSM vector maps use far less disk space than bitmap/raster versions.
# Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps