external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Merge branch 'master' into lokole-with-less-apache

Browse source
This commit is contained in:
A Holt 2021-07-06 02:33:17 -04:00 committed by GitHub
commit 4a0829f215
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
81 changed files with 830 additions and 542 deletions
Download patch file Download diff file Expand all files Collapse all files

2
LICENSING.md
View file

@ -15,6 +15,6 @@ this is to include the following two lines at the top of the file:
Licensed under the terms of the GNU GPL v2 or later; see LICENSE for details.
All files not containing an explicit copyright notice or terms of license in
the file are Copyright © 2015-2020, Unleash Kids, and are licensed under the
the file are Copyright © 2015-2021, Unleash Kids, and are licensed under the
terms of the GPLv2 license in the file named LICENSE in the root of the
repository.

7
README.md
View file

@ -35,11 +35,12 @@ Finally, you can [customize your Internet-in-a-Box home page](http://wiki.laptop
Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians *and* IT/UX/QA people of all kinds!
Please see "[How can I help?](http://wiki.laptop.org/go/IIAB/FAQ#How_can_I_help.3F)" at: [FAQ.IIAB.IO](http://FAQ.IIAB.IO)
If you would like to volunteer, please [make contact](http://internet-in-a-box.org/pages/contributing.html) after looking over "[How can I help?](http://wiki.laptop.org/go/IIAB/FAQ#How_can_I_help.3F)" at: [FAQ.IIAB.IO](http://FAQ.IIAB.IO)
To learn about our software architecture, check out our [Contributors Guide](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide). FYI we use [Ansible](http://wiki.laptop.org/go/IIAB/FAQ#What_is_Ansible_and_what_version_should_I_use.3F) <!--as the underlying technology--> to install, deploy, configure and manage the various software components.
<!-- To learn about our software architecture, check out our [Contributors Guide](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide).-->
To learn more about our open community architecture for "offline" education, start by reviewing "[What technical documentation exists?](http://wiki.laptop.org/go/IIAB/FAQ#What_technical_documentation_exists.3F)"
To learn more about our open community architecture for "offline" learning, check out "[What technical documentation exists?](http://wiki.laptop.org/go/IIAB/FAQ#What_technical_documentation_exists.3F)"
FYI we use [Ansible](http://wiki.laptop.org/go/IIAB/FAQ#What_is_Ansible_and_what_version_should_I_use.3F) <!--as the underlying technology--> to install, deploy, configure and manage the various software components.
*Thank you for helping us enable offline access to the Internet's free/open knowledge jewels, as well as "Sneakernet-of-Alexandria" distribution of local/indigenous content, when mass media channels do not serve grassroots voices.*

4
iiab-support
View file

@ -46,7 +46,7 @@ else
echo -e "\n\e[1mWARNING: openvpn_handle remains unchanged in both above files.\e[0m\n"
fi
if grep -q '^openvpn_install: True' /etc/iiab/local_vars.yml; then
if grep -q '^openvpn_installed: True\b' /etc/iiab/iiab_state.yml; then
echo -e "Your IIAB installation appears normal, with OpenVPN already installed...\n"
else
echo -e "Plz wait a few minutes as sshd, iiab-admin & OpenVPN are confirmed/installed...\n"
@ -58,8 +58,6 @@ else
if [ -d /opt/iiab/iiab ]; then
cd /opt/iiab/iiab
#CWD=`pwd`
#export ANSIBLE_LOG_PATH="$CWD/iiab-install.log"
export ANSIBLE_LOG_PATH="/opt/iiab/iiab/iiab-install.log"
ansible -m setup -i $INVENTORY localhost --connection=local | grep python
ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local

14
roles/1-prep/README.rst
View file

@ -2,7 +2,15 @@
1-prep README
=============
This 1st stage is primarily hardware-focused, prior to OS additions/mods.
This 1st stage (1-prep) is primarily hardware-focused, prior to OS
additions/mods, but also includes critical pieces sometimes needed for
remote support:
Traditionally it included preliminaries like hostname and things specific to a
particular platform, such as the XO laptop, done before the bulk of the install.
- SSH
- `iiab-admin <https://github.com/iiab/iiab/tree/master/roles/iiab-admin>`_ username and group to log into Admin Console
- OpenVPN software if/as needed later for remote support
Traditionally 1-prep also included preliminaries like hostname and
hardware-oriented things specific to a particular platform (such as
One Laptop Per Child's XO laptop) i.e. critical setup prior to the
bulk of IIAB's software install.

6
roles/2-common/tasks/network.yml
View file

@ -1,11 +1,11 @@
- name: Install package networkd-dispatcher (OS's other than RaspOS)
- name: Install package networkd-dispatcher (OS's other than RaspiOS)
package:
name: networkd-dispatcher
state: present
when: not is_raspbian
# used in the network role
- name: Install network related packages (debuntu)
- name: 'Install network packages: hostapd, iproute2, iptables-persistent, netmask (debuntu)'
package:
name:
- iproute2
@ -15,7 +15,7 @@
state: present
when: is_debuntu
- name: Install /etc/network/if-pre-up.d/iptables from template (debuntu)
- name: Install /etc/network/if-pre-up.d/iptables from template (0755, debuntu)
template:
src: iptables
dest: /etc/network/if-pre-up.d/iptables

12
roles/3-base-server/README.rst
View file

@ -4,10 +4,12 @@
This 3rd stage installs base server infra that Internet-in-a-Box requires, including:
- the web server (Apache for now, possibly NGINX in future)
- administrator security (username iiab-admin by default)
- MySQL (the database underlying many/most user-facing apps)
- `MySQL <https://github.com/iiab/iiab/blob/master/roles/mysql>`_ (database underlying many/most user-facing apps). This IIAB role also installs apt package:
- **php{{ php_version }}-mysql** — which forcibly installs **php{{ php_version }}-common**
- `NGINX <https://github.com/iiab/iiab/blob/master/roles/nginx>`_ web server (with Apache in some lingering cases). This IIAB role also installs apt package:
- **php{{ php_version }}-fpm** — which forcibly installs **php{{ php_version }}-cli**, **php{{ php_version }}-common** and **libsodium23**
- `www_base <https://github.com/iiab/iiab/blob/master/roles/www_base>`_ (similar to `www_options <https://github.com/iiab/iiab/blob/master/roles/www_options>`_ which runs later in 4-server-options)
4-server-options follows with more diverse/optional server infra functionality.
Recap: as with 2-common, 4-server-options and 5-xo-services: this 3rd stage installs core server infra, that is not user-facing.
As in the case of 2-common, 4-server-options and 5-xo-services: this stage installs core server infra, that is not user-facing.
The next stage (4-server-options) brings more diverse/optional server infra functionality.

8
roles/3-base-server/tasks/main.yml
View file

@ -3,14 +3,14 @@
- name: ...IS BEGINNING =====================================
command: echo
- name: MYSQL
- name: MYSQL + CORE PHP
include_role:
name: mysql
#when: mysql_install
# 2020-05-21: Apache role 'httpd' is installed as nec by any of these 7 roles:
# 2021-05-21: Apache role 'httpd' is installed as nec by any of these 6 roles:
#
# cups, elgg, lokole, moodle, nodered, pbx, phpmyadmin
# cups, elgg, moodle, nodered, pbx, phpmyadmin
#
# These 14 roles conditionally touch /etc/apache2/sites-available/*.conf files:
#
@ -19,7 +19,7 @@
#
# SEE ALSO: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md
- name: NGINX
- name: NGINX + CORE PHP
include_role:
name: nginx
#when: nginx_install

6
roles/9-local-addons/tasks/main.yml
View file

@ -30,6 +30,12 @@
name: calibre-web
when: calibreweb_install
- name: "2021-06-27 TEMPORARY CODE TO INSTALL 'php-pear' UNTIL ADMIN CONSOLE DECLARES ITS OWN DEPENDENCY FOR: https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19"
package:
name: php-pear # WARNING: this also drags in 'php{{ php_version }}-xml' (also installed by MediaWiki, Nextcloud, roles/pbx's FreePBX, WordPress) AND 'php{{ php_version }}-cgi' (also installed by roles/pbx's FreePBX)
state: present
when: admin_console_install
- name: Recording STAGE 9 HAS COMPLETED ====================
lineinfile:
path: "{{ iiab_env_file }}"

28
roles/awstats/tasks/install.yml
View file

@ -1,31 +1,29 @@
# TO DO:
#
# - Prepare for a possible future w/o Apache by verifying/refining below...
# - 5 'when: apache_installed is defined'
# Prepare for a possible future w/o Apache by verifying/refining below...
# - 5 'when: apache_installed is defined' (2021-05-21: COMMENT OUT THESE STANZAS SOON!?)
# - 1 'when: nginx_install'
# - 8 core stanzas w/o such 'when:' clauses
- name: 'Install 3 packages: awstats, openssl, pwauth'
- name: 'Install package: awstats'
package:
name:
- awstats
- pwauth
- openssl
name: awstats
state: present
- name: 'Install 2 packages: apache2-utils, libapache2-mod-authnz-external'
- name: 'Install package: pwauth (when: apache_installed is defined)'
package:
name:
- libapache2-mod-authnz-external
- apache2-utils
- pwauth # Auto-installs apache2-bin and libapache2-mod-authnz-external
#- apache2-utils # Unneeded? (In any case, already installed by Apache itself.)
#- openssl # Unneeded? (In any case, already installed by most every Linux distro.)
state: present
when: apache_installed is defined
- name: Run 'a2enmod cgi' to enable cgi execution via Apache
- name: "Run 'a2enmod cgi' to enable cgi execution via Apache (when: apache_installed is defined)"
command: a2enmod cgi
when: apache_installed is defined
- name: Create directory... mkdir {{ apache_log_dir }}, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx
- name: 'Create directory... mkdir {{ apache_log_dir }}, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx (when: apache_installed is defined)'
file:
state: directory
recurse: yes
@ -41,7 +39,7 @@
state: directory
recurse: yes
path: "{{ item }}"
owner: "{{ apache_user }}"
owner: "{{ apache_user }}" # USED FOR NGINX TOO: 'www-data' on debuntu
group: "{{ apache_user }}"
mode: u+rw,g+r,g-w,o-rwx # '0750' turned on too many x bits
#force: yes
@ -49,13 +47,13 @@
- "{{ awstats_data_dir }}" # /library/awstats
- /usr/lib/cgi-bin/awstats # create backward compatible path for awstats
- name: Install /etc/{{ apache_conf_dir }}/awstats.conf from template
- name: 'Install /etc/{{ apache_conf_dir }}/awstats.conf from template (when: apache_installed is defined)'
template:
src: apache-awstats.conf
dest: "/etc/{{ apache_conf_dir }}/awstats.conf" # apache2/sites-available on debuntu
when: apache_installed is defined
- name: Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable
- name: "Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable (when: apache_installed is defined)"
template:
src: logrotate.d.apache2
dest: /etc/logrotate.d/apache2

7
roles/captiveportal/tasks/install.yml
View file

@ -1,10 +1,9 @@
- name: "Download & install packages: python3-dateutil, python3-jinja2"
- name: "Install packages: python3-dateutil, python3-jinja2"
package:
name: "{{ item }}"
state: present
with_items:
name:
- python3-dateutil
- python3-jinja2
state: present
- name: mkdir /opt/iiab/captiveportal for scripts & templates, set owner to {{ apache_user }}
file:

43
roles/httpd/tasks/install.yml
View file

@ -1,14 +1,13 @@
- name: 'Install 4 packages: apache2, libapache2-mod-php{{ php_version }}, php{{ php_version }}, php{{ php_version }}-curl'
- name: 'Install 2 packages: {{ apache_service }}, libapache2-mod-php{{ php_version }}'
package:
#name: [u'apache2', u'php{{ php_version }}', u'php{{ php_version }}-curl'] # FAILS ('u' for Unicode strings)
#name: ['apache2', 'php{{ php_version }}', 'php{{ php_version }}-curl'] # WORKS?
name:
- "{{ apache_service }}" # apache2 on Debuntu
- "libapache2-mod-php{{ php_version }}" # 2020-06-15: Required (e.g. for Elgg, Moodle & possibly others) now that mysql/tasks/install.yml installs "php{{ php_version }}-common" rather than the full "php{{ php_version }}"
- libapache2-mod-php{{ php_version }} # 2020-06-15: Required (e.g. for Elgg, Moodle & possibly others) now that mysql/tasks/install.yml installs "php{{ php_version }}-common" rather than the full "php{{ php_version }}" -- 2021-06-28 FYI: this also drags in libsodium23 (likewise installed via nginx/tasks/install.yml AND moodle/tasks/install.yml)
#- "php{{ php_version }}"
#- "php{{ php_version }}-curl"
state: present
when: is_debuntu
# when: is_debian
# - name: 'Install 2 packages: apache2, php (ubuntu)'
@ -39,29 +38,29 @@
# when: is_debuntu and (not is_debian_8) and (not is_ubuntu_16)
# #when: (is_debian and ansible_distribution_major_version == "9") or is_ubuntu_18
- name: 'Install 4 packages: httpd, mod_authnz_external, php, php-curl (redhat)'
package:
#name: [u'httpd', u'php', u'php-curl', u'mod_authnz_external'] # FAILS ('u' for Unicode strings)
#name: ['httpd', 'php', 'php-curl', 'mod_authnz_external'] # WORKS
name:
- httpd
- mod_authnz_external
- php
- php-curl
state: present
when: is_redhat
#- name: 'Install 4 packages: httpd, mod_authnz_external, php, php-curl (redhat)'
# package:
# #name: [u'httpd', u'php', u'php-curl', u'mod_authnz_external'] # FAILS ('u' for Unicode strings)
# #name: ['httpd', 'php', 'php-curl', 'mod_authnz_external'] # WORKS
# name:
# - httpd
# - mod_authnz_external
# - php
# - php-curl
# state: present
# when: is_redhat
# Remove symlinks for mpm_event, replace with mpm_prefork
- name: Remove both mpm_event symlinks from /etc/apache2/mods-enabled (debuntu)
- name: Remove both mpm_event symlinks from /etc/apache2/mods-enabled
file:
path: "/etc/apache2/mods-enabled/{{ item }}"
state: absent
with_items:
- mpm_event.conf
- mpm_event.load
when: is_debuntu
#when: is_debuntu
- name: Create both mpm_prefork symlinks from /etc/apache2/mods-enabled to /etc/apache2/mods-available (debuntu)
- name: Create both mpm_prefork symlinks from /etc/apache2/mods-enabled to /etc/apache2/mods-available
file:
src: "/etc/apache2/mods-available/{{ item }}"
path: "/etc/apache2/mods-enabled/{{ item }}"
@ -69,9 +68,9 @@
with_items:
- mpm_prefork.conf
- mpm_prefork.load
when: is_debuntu
#when: is_debuntu
- name: 'Enable 5 Apache modules, as with "a2enmod" command: headers, proxy, proxy_html, proxy_http, rewrite (for http://box/kiwix, http://box/kolibri, http://box/nodered, etc--if debuntu)'
- name: 'Enable 5 Apache modules, as with "a2enmod" command: headers, proxy, proxy_html, proxy_http, rewrite (for http://box/kiwix, http://box/kolibri, http://box/nodered, etc)'
apache2_module:
name: "{{ item }}"
with_items:
@ -80,16 +79,16 @@
- proxy_html
- proxy_http
- rewrite
when: is_debuntu
#when: is_debuntu
- name: Remove 000-default.conf from /etc/apache2 and /etc/apache2/sites-enabled (debuntu)
- name: Remove 000-default.conf from /etc/apache2 and /etc/apache2/sites-enabled
file:
path: "{{ item }}"
state: absent
with_items:
- /etc/apache2/000-default.conf # Not nec on Raspbian. Is this really still needed elsewhere?
- /etc/apache2/sites-enabled/000-default.conf
when: is_debuntu
#when: is_debuntu
- name: Create Apache's pid dir /var/run/{{ apache_user }}
file:

9
roles/internetarchive/tasks/install.yml
View file

@ -9,10 +9,11 @@
include_role:
name: nodejs
- name: FAIL (STOP INSTALLING) IF nodejs_version is not set to 10.x, 12.x or 14.x
fail:
msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x or 12.x or 14.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml"
when: (nodejs_version != "10.x") and (nodejs_version != "12.x") and (nodejs_version != "14.x")
- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 16.x
assert:
that: nodejs_version is version('10.x', '>=') and nodejs_version is version('16.x', '<=')
fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 16.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml"
quiet: yes
- name: "Set 'yarn_install: True' and 'yarn_enabled: True'"
set_fact:

6
roles/kiwix/defaults/main.yml
View file

@ -26,9 +26,9 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml"
# http://download.kiwix.org/release/kiwix-tools/ ...or sometimes...
# http://download.kiwix.org/nightly/
kiwix_version_armhf: kiwix-tools_linux-armhf-3.1.2-4
kiwix_version_linux64: kiwix-tools_linux-x86_64-3.1.2-4
kiwix_version_i686: kiwix-tools_linux-i586-3.1.2-4
kiwix_version_armhf: kiwix-tools_linux-armhf-3.1.2-5
kiwix_version_linux64: kiwix-tools_linux-x86_64-3.1.2-5
kiwix_version_i686: kiwix-tools_linux-i586-3.1.2-5
# kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2"
# v0.9 for i686 published May 2014 ("use it to test legacy ZIM content")

4
roles/kiwix/tasks/install.yml
View file

@ -4,10 +4,10 @@
set_fact:
kiwix_src_dir: False
- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_armhf }}' (armv6l or armv71)"
- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_armhf }}' (armv6l or armv71 or aarch64)"
set_fact:
kiwix_src_dir: "{{ kiwix_version_armhf }}"
when: ansible_machine == "armv7l" or ansible_machine == "armv6l" or ansible_machine == "aarch64"
when: ansible_machine == "armv6l" or ansible_machine == "armv7l" or ansible_machine == "aarch64"
- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_linux64 }}' (x86_64)"
set_fact:

16
roles/kolibri/README.rst
View file

@ -26,11 +26,11 @@ Automatic Device Provisioning
When kolibri_provision is enabled (e.g. in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_) the installation will set up the following defaults::
Kolibri Facility name: 'Kolibri-in-a-Box'
Kolibri Preset type: formal # Options: formal, nonformal, informal
Kolibri default language: en # Options: ar, bn-bd, en, es-es, fa, fr-fr, hi-in, mr, nyn, pt-br, sw-tz, ta, te, ur-pk, yo, zu
Kolibri Admin username: Admin
Kolibri Admin password: changeme
kolibri_facility: Kolibri-in-a-Box
kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py
kolibri_preset: formal # formal, nonformal, informal
kolibri_admin_user: Admin
kolibri_admin_password: changeme
*Feel free to override any of the above, by copying the relevant line from /opt/iiab/iiab/roles/kolibri/defaults/main.yml to /etc/iiab/local_vars.yml (then run 'cd /opt/iiab/iiab' followed by './runrole kolibri' per IIAB's general guidelines at http://FAQ.IIAB.IO).*
@ -42,13 +42,17 @@ Kolibri 0.10 introduced ``kolibri manage deprovision`` which will remove user co
Troubleshooting
---------------
You can run the server manually with the following commands::
This unproxied version of Kolibri can sometimes help: http://box:8009/kolibri/
You can run Kolibri manually with commands like::
systemctl stop kolibri # Make sure the systemd service is not running
export KOLIBRI_HOME=/library/kolibri
export KOLIBRI_HTTP_PORT=8009 # Otherwise Kolibri will try to run on default port 8080
kolibri start
...while you look over Kolibri's systemd unit file (`/etc/systemd/system/kolibri.service <https://github.com/iiab/iiab/blob/master/roles/kolibri/templates/kolibri.service.j2>`_) for the latest parameters!
To return to using the systemd unit file::
kolibri stop

2
roles/kolibri/defaults/main.yml
View file

@ -1,7 +1,7 @@
# kolibri_install: False
# kolibri_enabled: False
# kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu
# kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py
# kolibri_http_port: 8009

9
roles/lokole/defaults/main.yml
View file

@ -20,14 +20,17 @@ lokole_admin_password: changeme
lokole_install_path: "{{ content_base }}/lokole" # /library/lokole
lokole_venv: "{{ lokole_install_path }}/venv" # /library/lokole/venv
lokole_confd: /etc/supervisor/conf.d
# Info needed to run Lokole:
lokole_user: lokole
lokole_url: /lokole
lokole_uid: "2000"
lokole_run_directory: /home/{{ lokole_user }}/state
lokole_log_directory: /home/{{ lokole_user }}/log
lokole_domain_socket: "{{ lokole_run_directory }}/lokole_gunicorn.sock"
lokole_home_dir: /home/{{ lokole_user }}
lokole_run_dir: "{{ lokole_home_dir }}/state"
lokole_log_dir: "{{ lokole_home_dir }}/logs"
lokole_settings: "{{ lokole_run_dir }}/settings.env"
lokole_domain_socket: "{{ lokole_run_dir }}/lokole_gunicorn.sock"
lokole_sim_type: LocalOnly
lokole_full_url: "http://{{ iiab_hostname }}.{{ iiab_domain }}{{ lokole_url }}" # http://box.lan/lokole

76
roles/lokole/tasks/install.yml
View file

@ -25,6 +25,13 @@
- libjpeg-dev
- libssl-dev
- libopenjp2-7 # 2020-02-01: To solve bug #2221
- supervisor
- usb-modeswitch
- usb-modeswitch-data
- mobile-broadband-provider-info
- ppp
- wvdial
state: present
# For development purposes -- To install Lokole from a given commit, add the
@ -75,52 +82,63 @@
ansible.builtin.user:
state: present
name: "{{ lokole_user }}"
#group: "{{ lokole_user }}"
groups: dialout, dip
system: yes
uid: "{{ lokole_uid }}"
home: /home/{{ lokole_user }}
#uid: "{{ lokole_uid }}"
home: "{{ lokole_home_dir }}"
- name: mkdir {{ lokole_run_directory }}
- name: mkdir {{ lokole_run_dir }}
file:
state: directory
path: "{{ lokole_run_directory }}"
path: "{{ lokole_run_dir }}/lokole_restarter"
group: "{{ lokole_user }}"
owner: "{{ lokole_user }}"
mode: g+rw
- name: mkdir /{{ lokole_user }}/log
- name: mkdir {{ lokole_log_dir }}
file:
state: directory
path: "{{ lokole_log_directory }}"
path: "{{ lokole_log_dir }}"
group: "{{ lokole_user }}"
owner: "{{ lokole_user }}"
mode: g+rw
- name: Install {{ lokole_run_directory }}/settings.env
- name: Generate key and salt
set_fact:
lokole_key: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=32') }}"
lokole_salt: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=16') }}"
- name: Install {{ lokole_settings }}
template:
src: settings.env.j2
dest: "{{ lokole_run_directory }}/settings.env"
dest: "{{ lokole_settings }}"
group: "{{ lokole_user }}"
owner: "{{ lokole_user }}"
mode: a+rw
mode: g+rw
- name: Install {{ lokole_run_directory }}/webapp_secrets.sh from template, to configure Lokole
template:
src: webapp_secrets.sh.j2
dest: "{{ lokole_run_directory }}/webapp_secrets.sh"
mode: a+x
#- name: Fixup supervisorctl
# file:
# path: /usr/bin/supervisorctl
# owner: root
# group: "{{ lokole_user }}"
# mode: u=rw+s,g=rx,o=rx
- name: Install {{ lokole_run_directory }}/webapp.sh from template, to configure Gunicorn
- name: Install {{ lokole_confd }} templates to configure Lokole
template:
src: webapp.sh.j2
dest: "{{ lokole_run_directory }}/webapp.sh"
src: "{{ item.src }}"
dest: "{{ lokole_confd }}"
group: "{{ lokole_user }}"
owner: "{{ lokole_user }}"
mode: a+x
mode: 0644
with_items:
- { src: 'lokole_gunicorn.conf' }
- { src: 'lokole_celery_beat.conf' }
- { src: 'lokole_celery_worker.conf' }
- { src: 'lokole_restarter.conf' }
- name: Create Lokole admin user with password, for http://box{{ lokole_url }} # http://box/lokole
shell: |
. {{ lokole_run_directory }}/webapp_secrets.sh
{{ lokole_venv }}/bin/manage.py createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}'
include_tasks: setup.yml
#- name: Install /etc/{{ apache_conf_dir }}/lokole.conf from template, for http://box{{ lokole_url }} via Apache # http://box/lokole
# template:
@ -129,24 +147,12 @@
# mode: 0644
# when: apache_install
- name: Install unit files {lokole.service, celery.service, celerybeat.service, lokole_restarter.service} into /etc/systemd/system, from template
template:
src: "{{ item.src }}"
dest: "{{ item.dest}}"
mode: 0644
with_items:
- { src: 'lokole.service.j2', dest: '/etc/systemd/system/lokole.service' }
- { src: 'celery.service.j2', dest: '/etc/systemd/system/celery.service' }
- { src: 'celerybeat.service.j2', dest: '/etc/systemd/system/celerybeat.service' }
- { src: 'lokole_restarter.service.j2', dest: '/etc/systemd/system/lokole_restarter.service' }
# RECORD Lokole AS INSTALLED
- name: "Set 'lokole_installed: True'"
set_fact:
lokole_installed: True
# RECORD Lokole AS INSTALLED
- name: "Add 'lokole_installed: True' to {{ iiab_state_file }}"
lineinfile:
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

30
roles/lokole/tasks/main.yml
View file

@ -24,43 +24,27 @@
when: lokole_installed is undefined
- name: Do a 'systemctl daemon-reload' if lokole_enabled
- name: Do a 'systemctl daemon-reload'
systemd:
daemon_reload: yes
when: lokole_enabled
- name: Enable & Restart {lokole, celery, celerybeat, lokole_restarter} systemd services, if lokole_enabled
- name: Enable & Restart supervisor systemd service, if lokole_enabled
systemd:
name: "{{ item }}"
name: supervisor
enabled: yes
state: restarted
when: lokole_enabled
with_items:
- lokole
- celery
- celerybeat
- lokole_restarter
- name: Disable & Stop all 4 (above) systemd services, if not lokole_enabled
- name: Disable & Stop supervisor systemd service, if not lokole_enabled
systemd:
name: "{{ item }}"
name: supervisor
enabled: no
state: stopped
when: not lokole_enabled
with_items: # @jvonau prefers reverse starting order, if stopping these 4
- lokole_restarter
- celerybeat
- celery
- lokole
#- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
#- name: Enable/Disable/Restart Apache if primary
# include_tasks: apache.yml
# when: not nginx_enabled
- name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml
#when: nginx_enabled
- name: Add 'lokole' variable values to {{ iiab_ini_file }}
@ -79,8 +63,8 @@
value: "{{ lokole_install }}"
- option: lokole_enabled
value: "{{ lokole_enabled }}"
- option: lokole_run_directory
value: "{{ lokole_run_directory }}"
- option: lokole_settings
value: "{{ lokole_settings }}"
- option: lokole_url
value: "{{ lokole_url }}"
- option: lokole_full_url

20
roles/lokole/tasks/setup.yml Normal file
View file

@ -0,0 +1,20 @@
- name: start supervisor
systemd:
name: supervisor
state: started
- name: Create Lokole admin user with password, for http://box{{ lokole_url }} # http://box/lokole
shell: |
while read envvar; do export "$envvar"; done < {{ lokole_run_dir }}/settings.env
{{ lokole_venv }}/bin/manage.py createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}'
- name: Change owner of dbfiles
file:
path: "{{ item.path }}"
state: file
owner: "{{ lokole_user }}"
group: "{{ lokole_user }}"
mode: u=rw
loop:
- { path: "{{ lokole_run_dir }}/users.sqlite3" }
# - { path: "{{ lokole_run_dir }}/celery.sqlite3" }

0
roles/lokole/templates/celery.service.j2 → roles/lokole/templates/celery.service.unused
View file

0
roles/lokole/templates/celerybeat.service.j2 → roles/lokole/templates/celerybeat.service.unused
View file

0
roles/lokole/templates/lokole.service.j2 → roles/lokole/templates/lokole.service.unused
View file

10
roles/lokole/templates/lokole_celery_beat.conf Normal file
View file

@ -0,0 +1,10 @@
[program:lokole_celery_beat]
command={{ lokole_venv }}/bin/celery --app=opwen_email_client.webapp.tasks beat --pidfile={{ lokole_run_dir }}/lokole_celery_beat.pid --loglevel=error
autostart=true
autorestart=true
startretries=3
stopasgroup=true
stderr_logfile={{ lokole_log_dir }}/lokole_celery_beat.stderr.log
stdout_logfile={{ lokole_log_dir }}/lokole_celery_beat.stdout.log
user={{ lokole_user }}
environment=OPWEN_SETTINGS={{ lokole_settings }}

10
roles/lokole/templates/lokole_celery_worker.conf Normal file
View file

@ -0,0 +1,10 @@
[program:lokole_celery_worker]
command={{ lokole_venv }}/bin/celery --app=opwen_email_client.webapp.tasks worker --loglevel=error --concurrency=2
autostart=true
autorestart=true
startretries=3
stopasgroup=true
stderr_logfile={{ lokole_log_dir }}/lokole_celery_worker.stderr.log
stdout_logfile={{ lokole_log_dir }}/lokole_celery_worker.stdout.log
user={{ lokole_user }}
environment=OPWEN_SETTINGS={{ lokole_settings }}

10
roles/lokole/templates/lokole_gunicorn.conf Normal file
View file

@ -0,0 +1,10 @@
[program:lokole_gunicorn]
command={{ lokole_venv }}/bin/gunicorn --bind=unix:{{ lokole_run_dir }}/lokole_gunicorn.sock --timeout=300 --workers=3 --log-level=error opwen_email_client.webapp:app
autostart=true
autorestart=true
startretries=3
stopasgroup=true
stderr_logfile={{ lokole_log_dir }}/lokole_gunicorn.stderr.log
stdout_logfile={{ lokole_log_dir }}/lokole_gunicorn.stdout.log
user={{ lokole_user }}
environment=OPWEN_SETTINGS={{ lokole_settings }}

10
roles/lokole/templates/lokole_restarter.conf Normal file
View file

@ -0,0 +1,10 @@
[program:lokole_restarter]
command={{ lokole_venv }}/bin/manage.py restarter --directory={{ lokole_run_dir }}/lokole_restarter
autostart=true
autorestart=true
startretries=3
stopasgroup=true
stderr_logfile={{ lokole_log_dir }}/lokole_restarter.stderr.log
stdout_logfile={{ lokole_log_dir }}/lokole_restarter.stdout.log
user=root
environment=OPWEN_SETTINGS={{ lokole_settings }}

0
roles/lokole/templates/lokole_restarter.service.j2 → roles/lokole/templates/lokole_restarter.service.unused
View file

17
roles/lokole/templates/settings.env.j2
View file

@ -1,8 +1,11 @@
OPWEN_SETTINGS='{{ lokole_run_directory }}/settings.env'
OPWEN_STATE_DIRECTORY='{{ lokole_run_directory }}'
OPWEN_APP_ROOT='{{ lokole_url }}/'
OPWEN_SETTINGS={{ lokole_run_dir }}/settings.env
OPWEN_STATE_DIRECTORY={{ lokole_run_dir }}
OPWEN_APP_ROOT={{ lokole_url }}/
OPWEN_MAX_UPLOAD_SIZE_MB=10
OPWEN_SYNC_SCHEDULE='1,16,31,46 * * * *'
OPWEN_SESSION_KEY='{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=32') }}'
OPWEN_PASSWORD_SALT='{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=16') }}'
OPWEN_SIM_TYPE='{{ lokole_sim_type }}'
OPWEN_SYNC_SCHEDULE="1,16,31,46 * * * *"
OPWEN_RESTART_PATH={{ lokole_run_dir }}/lokole_restarter/lokole_gunicorn=HUP,{{ lokole_run_dir }}/lokole_restarter/lokole_celery_worker=,{{ lokole_run_dir }}/lokole_restarter/lokole_celery_beat=
OPWEN_SESSION_KEY={{ lokole_key }}
OPWEN_SECRET_KEY={{ lokole_key }}
OPWEN_PASSWORD_SALT={{ lokole_salt }}
OPWEN_SIM_TYPE={{ lokole_sim_type }}
OPWEN_CLIENT_NAME={{ lokole_client_id }}

0
roles/lokole/templates/webapp.sh.j2 → roles/lokole/templates/webapp.sh.unused
View file

0
roles/lokole/templates/webapp_secrets.sh.j2 → roles/lokole/templates/webapp_secrets.sh.unused
View file

4
roles/mediawiki/defaults/main.yml
View file

@ -4,8 +4,8 @@
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
mediawiki_major_version: 1.35 # "1.35" also works
mediawiki_minor_version: 2
mediawiki_major_version: 1.36 # "1.35" also works
mediawiki_minor_version: 1
mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}"
mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}"

25
roles/mediawiki/tasks/install.yml
View file

@ -1,10 +1,23 @@
- name: 'Install packages: php{{ php_version }}-intl, php{{ php_version }}-mbstring'
# https://www.mediawiki.org/wiki/Manual:Installation_requirements#PHP
- name: 'Install packages: php{{ php_version }}-intl, php{{ php_version }}-mbstring, php{{ php_version }}-xml'
package:
name:
- "php{{ php_version }}-intl"
- "php{{ php_version }}-mbstring"
#- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
- php{{ php_version }}-intl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
#- php{{ php_version }}-json # See stanza just below
- php{{ php_version }}-mbstring # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
- php{{ php_version }}-xml # 2021-06-27: REQUIRED (AND ENFORCED) despite this being missing from MediaWiki's above requirements doc! Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml
state: present
# For PHP >= 8.0: phpX.Y-json is baked into PHP itself.
# For PHP < 8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json
#
#- name: Install php{{ php_version }}-json if PHP < 8.0
# package:
# name: php{{ php_version }}-json
# state: present
# when: php_version is version('8.0', '<')
- name: Download {{ mediawiki_download_base_url }}/{{ mediawiki_src }} to {{ downloads_dir }}
get_url:
url: "{{ mediawiki_download_base_url }}/{{ mediawiki_src }}"
@ -18,7 +31,7 @@
unarchive:
src: "{{ downloads_dir }}/{{ mediawiki_src }}"
dest: "{{ mediawiki_install_path }}" # /library
owner: "{{ apache_user }}"
owner: "{{ apache_user }}" # www-data on debuntu
group: "{{ apache_user }}"
mode: u+rw,g+r,o+r # '0755' forced executable bits on files
keep_newer: yes
@ -31,7 +44,7 @@
- name: Start MySQL systemd service ({{ mysql_service }}) so we can create db
systemd:
name: "{{ mysql_service }}"
name: "{{ mysql_service }}" # mariadb on debuntu
state: started
- name: Create MySQL database {{ mediawiki_db_name }}
@ -64,7 +77,7 @@
chdir: "{{ mediawiki_abs_path }}" # /library/mediawiki-1.XY.Z
creates: "{{ mediawiki_abs_path }}/LocalSettings.php"
- name: Configure wgArticlePath variable in {{ mediawiki_abs_path }}/LocalSettings.php
- name: Configure $wgArticlePath variable in {{ mediawiki_abs_path }}/LocalSettings.php
lineinfile:
path: "{{ mediawiki_abs_path }}/LocalSettings.php" # /library/mediawiki-1.XY.Z
line: '$wgArticlePath = "/wiki/$1";'

6
roles/moodle/defaults/main.yml
View file

@ -1,5 +1,5 @@
# If using Moodle intensively, consider setting nginx_high_php_limits in:
# /etc/iiab/local_vars.yml
# 2021-07-02 WARNING: Stage 4's roles/www_options/tasks/main.yml FORCES
# (the equivalent of) 'nginx_high_php_limits: True' if 'moodle_install: True'
# moodle_install: False
# moodle_enabled: False
@ -8,7 +8,7 @@
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
moodle_version: 311
moodle_repo_url: https://github.com/moodle/moodle.git
moodle_repo_url: https://github.com/moodle/moodle
#moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow!
moodle_base: "{{ iiab_base }}/moodle" # /opt/iiab
moodle_data: "{{ content_base }}/moodle" # /library

0
roles/moodle/tasks/apache.yml → roles/moodle/tasks/apache.yml.unused
View file

137
roles/moodle/tasks/install.yml
View file

@ -1,11 +1,10 @@
- name: "Set 'apache_install: True' and 'apache_enabled: True'"
set_fact:
apache_install: True
apache_enabled: True
# 2021-05-22: FYI nginx_high_php_limits is effectively now auto-enabled by
# www_options/tasks/main.yml#L100-L112 (as required by Moodle 3.11 w/ PHP 8) IF
# 'moodle_install: True'. Happens at the end of 4-server-options/tasks/main.yml
# See the 6 settings in /etc/php/{{ php_version }}/fpm/php.ini
- name: APACHE - run 'httpd' role
include_role:
name: httpd
# 2021-06-28: This ALSO now happens in /etc/php/{{ php_version }}/cli/php.ini
# (as required by Moodle's CLI installer, DESPITE it using fpm/php.ini later!)
- name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'"
@ -18,70 +17,55 @@
name: postgresql
- name: Install 8 php packages (debuntu)
# 2021-07-02: Let's monitor & learn from these 2 pages year-by-year:
# https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries
# https://github.com/moodlebox/moodlebox/blob/master/roles/packages/vars/main.yml
- name: Install ghostscript + libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify)
package:
name:
- php{{ php_version }}-pgsql
- php{{ php_version }}-curl
- php{{ php_version }}-zip
- php{{ php_version }}-gd
- php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+
- php{{ php_version }}-cli # 2020-06-15: In the past this included (above) mbstring? However this is not true on Ubuntu Server 20.04 LTS.
- php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+
#- php-apcu # 2021-07-02: Experiment with fewer dependencies
- ghostscript # 2021-07-02: OPTIONAL -- but useful for annotation of PDF's / assignments
- libsodium23 # 2021-06-28: Likewise installed in nginx/tasks/install.yml via php{{ php_version }}-fpm AND httpd/tasks/install.yml via libapache2-mod-php{{ php_version }} AND wordpress/tasks/install.yml -- it can ALSO be auto-installed by phpX.Y-cgi OR phpX.Y-cli as confirmed by 'apt rdepends libsodium23' -- Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium -- whereas https://www.php.net/manual/en/sodium.installation.php says it's always bundled with PHP 7.2+ -- VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"'
#- php{{ php_version }}-common # 2021-06-27: Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
#- php{{ php_version }}-cli # 2021-06-27: Compare to php{{ php_version }}-common just above! 2020-06-15: In the past this included (below) mbstring? However this is not true on Ubuntu Server 20.04 LTS.
- php{{ php_version }}-curl # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
- php{{ php_version }}-gd # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
- php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
- php{{ php_version }}-pgsql # 2021-06-27: Required for PostgreSQL
#- php{{ php_version }}-json # 2021-07-02: Not requested by Moodle's PHP doc above. Package baked into PHP 8+. FWIW with PHP < 8, phpX.Y-json is already auto-installed by phpX.Y-fpm in 3-base-server's nginx/tasks/install.yml
#- php{{ php_version }}-opcache # 2021-07-02: Experiment with fewer dependencies
#- php{{ php_version }}-readline # 2021-07-02: Experiment with fewer dependencies
- php{{ php_version }}-soap # 2020-12-03: Recommended by Moodle 3.10+
#- php-sodium # 2021-05-17: Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium AND ALREADY PRE-ENABLED BY PHP 7.2+ https://www.php.net/manual/en/sodium.installation.php AS CONFIRMED BY 'php -i | grep sodium' AND 'apt list "*sodium*"'
- php{{ php_version }}-xml # 2021-06-28: Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter}
#- php{{ php_version }}-xmlrpc # 2021-07-02: Doesn't exist with PHP 8.0 -- officially required per https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries BUT UNMAINTAINED FOR YEARS (POSSIBLE SECURITY RISK) SO MOVED TO PECL: https://php.watch/versions/8.0/xmlrpc
- php{{ php_version }}-zip # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
state: present
when: is_debuntu
- name: Does {{ moodle_base }}/config-dist.php exist? (indicating Moodle is/was installed)
stat:
path: "{{ moodle_base }}/config-dist.php" # /opt/iiab/moodle
register: moodle
- name: Clone (i.e. use git to download) {{ moodle_repo_url }} to {{ moodle_base }} (~300 MB)
- name: Download (clone) {{ moodle_repo_url }} to {{ moodle_base }} (~350MB initially, ~371MB later)
git:
repo: "{{ moodle_repo_url }}"
dest: "{{ moodle_base }}"
repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle
dest: "{{ moodle_base }}" # /opt/iiab/moodle
depth: 1
force: yes
version: "MOODLE_{{ moodle_version }}_STABLE"
#version: master # TEMPORARY DURING MAY 2018 TESTING, installed 3.5beta+ = https://download.moodle.org/releases/development/
#ignore_errors: yes
when: internet_available and moodle.stat.exists is defined and not moodle.stat.exists
- name: Create dir {{ moodle_base }} owned by {{ apache_user }} (for config file?)
- name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644)
file:
state: directory
path: "{{ moodle_base }}"
owner: "{{ apache_user }}" # www-data
group: "{{ apache_user }}"
recurse: yes
- name: Create dir {{ content_base }}/dbdata/moodle owned by {{ apache_user }}
file:
state: directory
path: "{{ content_base }}/dbdata/moodle" # /library
owner: "{{ apache_user }}"
- name: Create dir {{ moodle_data }} ({{ apache_user }}:{{ apache_user }}, '0770')
- name: Create dir {{ moodle_data }} ({{ apache_user }}:{{ apache_user }}) (by default 755 = drwxr-xr-x initially, but moodle_installer sets drwxrwsrwx below)
file:
state: directory
path: "{{ moodle_data }}" # /library/moodle
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
#mode: '0770' # Regardless, permissions end up as: drwxrwsrwx
- name: Remove stock /etc/{{ apache_conf_dir }}/moodle.conf
file:
path: "/etc/{{ apache_conf_dir }}/moodle.conf" # apache2/sites-available
state: absent
# 2021-02-01: Not nec if we can hopefully migrate from Apache to NGINX soon!
- name: Install /etc/{{ apache_conf_dir }}/022-moodle.conf from template
template:
src: 022-moodle.j2
dest: "/etc/{{ apache_conf_dir }}/022-moodle.conf"
# roles/postgresql/templates/postgresql-iiab.service WAS INSTALLED HERE:
# /etc/systemd/system/postgresql-iiab.service
- name: Start 'postgresql-iiab' systemd service, to configure Moodle's DB
systemd:
@ -108,38 +92,53 @@
become: yes
become_user: postgres
- name: Install {{ moodle_base }}/moodle_installer from template ('0755')
template:
src: moodle_installer
dest: "{{ moodle_base }}"
mode: '0755'
- name: (Re)Start 'postgresql-iiab' systemd service
systemd:
name: postgresql-iiab
state: restarted
#enabled: yes # Service ends up enabled regardless
- name: (Re)Start '{{ apache_service }}' systemd service
systemd:
name: "{{ apache_service }}"
state: restarted
- name: Does {{ moodle_base }}/config.php exist?
stat:
path: "{{ moodle_base }}/config.php"
register: config
- name: Install {{ moodle_base }}/moodle_installer from template (0755)
template:
src: moodle_installer
dest: "{{ moodle_base }}"
mode: 0755
- name: Execute {{ moodle_base }}/moodle_installer
- name: Execute {{ moodle_base }}/moodle_installer IF {{ moodle_base }}/config.php doesn't yet exist -- REQUIRES 'max_input_vars = 5000' (or higher) in /etc/php/{{ php_version }}/cli/php.ini with PHP 8+ (as set up by www_options/tasks/main.yml) -- WHEREAS LATER Moodle uses /etc/php/{{ php_version }}/fpm/php.ini during regular operation
shell: "{{ moodle_base }}/moodle_installer"
when: config.stat.exists is defined and not config.stat.exists
args:
creates: "{{ moodle_base }}/config.php"
# 2021-02-01: Let's stick with Moodle's default (640)
#- name: Make {{ moodle_base }}/config.php readable, with permission '0644'
# #command: chown -R {{ apache_user }} {{ moodle_base }}
# 2021-07-05: For /opt/iiab/moodle, let's stick with default permissions from
# above (755 dirs & 644 files), and ownership (www-data:www-data), as we do in
# moodle/tasks/mathjax.yml
# 2021-07-05: Seems like a good idea but Moodle's permissions recommendations
# at https://docs.moodle.org/20/en/Creating_Moodle_site_data_directory don't
# actually mandate this:
#
# - name: chmod -R o-rwx {{ moodle_data }} e.g. drwxrwsrwx to drwxrws---
# file:
# path: "{{ moodle_base }}/config.php" # /opt/iiab/moodle
# mode: '0644'
# path: "{{ moodle_data }}" # /library/moodle
# mode: o-rwx
# recurse: yes
# https://docs.moodle.org/311/en/Nginx#XSendfile_aka_X-Accel-Redirect
# https://github.com/moodle/moodle/blob/master/config-dist.php#L274-L287
- name: Write extra parameters to {{ moodle_base }}/config.php -- "Setting Moodle and Nginx to use XSendfile functionality is a big win as it frees PHP from delivering files allowing Nginx to do what it does best, i.e. deliver files"
lineinfile:
path: "{{ moodle_base }}/config.php"
line: '$CFG->{{ item.name }} = {{ item.value }};'
insertbefore: '^\$CFG->directorypermissions'
with_items:
#- { name: 'backuptempdir', value: "'{{ moodlebox_moodle_data_dir }}/backup'" }
- { name: 'xsendfile', value: "'X-Accel-Redirect'" }
- { name: 'xsendfilealiases', value: "array('/dataroot/' => $CFG->dataroot)" }
#- { name: 'customfiletypes', value: "array(\n (object)array(\n 'extension' => 'crt',\n 'icon' => 'sourcecode',\n 'type' => 'application/x-x509-ca-cert',\n 'customdescription' => 'X.509 CA certificate'\n )\n)"}
#- { name: 'showcampaigncontent', value: 'false' }
- include_tasks: mathjax.yml
# RECORD Moodle AS INSTALLED

7
roles/moodle/tasks/main.yml
View file

@ -29,19 +29,16 @@
postgresql_install: True
postgresql_enabled: True # Revert just below if...
- name: "Set 'postgresql_enabled: False' if 'not moodle_enabled and not (pathagar_enabled is defined and pathagar_enabled)'"
- name: "Set 'postgresql_enabled: False' if not moodle_enabled"
set_fact:
postgresql_enabled: False
when: not moodle_enabled and not (pathagar_enabled is defined and pathagar_enabled)
when: not moodle_enabled # and not (pathagar_enabled is defined and pathagar_enabled)
- name: POSTGRESQL - run 'postgresql' role (Enable&Start or Disable&Stop PostgreSQL)
include_role:
name: postgresql
- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
include_tasks: apache.yml
- name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml

27
roles/moodle/tasks/mathjax.yml Normal file
View file

@ -0,0 +1,27 @@
# 2021-07-05: Thanks to https://github.com/moodlebox/moodlebox/blob/master/roles/moodleinstall/tasks/mathjax.yml
# Verify this Moodle plugin after installation at:
# http://box.lan/moodle/admin/plugins.php
# http://box.lan/moodle/admin/settings.php?section=filtersettingmathjaxloader
- name: Download (clone) MathJax library/plugin from https://github.com/mathjax/MathJax to {{ moodle_base }}/lib/MathJax
git:
repo: https://github.com/mathjax/MathJax # Or: git://github.com/mathjax/MathJax.git
dest: "{{ moodle_base }}/lib/MathJax" # /opt/iiab/moodle
#version: "{{ moodle_mathjax_version }}" # 2021-07-05: https://github.com/moodlebox/moodlebox/blob/master/default.config.yml uses 2.7.9 from 2020-08-25 -- whereas https://github.com/mathjax/MathJax/releases offers 3.2.0 from 2021-07-17
depth: 1
- name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }}/lib/MathJax
file:
path: "{{ moodle_base }}/lib/MathJax"
owner: "{{ apache_user }}" # www-data
group: "{{ apache_user }}" # MoodleBox uses {{ moodlebox_username }} set to 'moodlebox' in https://github.com/moodlebox/moodlebox/blob/master/default.config.yml
#mode: ug+w,o-w # 2021-07-05: Let's stick with Moodle's default (755 dirs & 644 files), as we do in moodle/tasks/install.yml
recurse: yes
# SEE https://github.com/moodle/moodle/blob/master/filter/mathjaxloader/lang/en/filter_mathjaxloader.php
- name: Run {{ moodle_base }}/admin/cli/cfg.php --component=filter_mathjaxloader to change MathJax library/plugin URL
command: >
/usr/bin/php {{ moodle_base }}/admin/cli/cfg.php --component=filter_mathjaxloader --name=httpsurl --set=/lib/MathJax/MathJax.js
register: mathjax_url_result
changed_when: mathjax_url_result.rc == 0

0
roles/moodle/templates/022-moodle.j2 → roles/moodle/templates/022-moodle.jv.unused
View file

44
roles/moodle/templates/moodle-nginx.conf.j2
View file

@ -1,13 +1,37 @@
location /moodle {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:{{ apache_port }};
# 2021-07-02: Let's monitor & learn from these 3 pages year-by-year:
# https://docs.moodle.org/311/en/Nginx
# https://github.com/moodlebox/moodlebox/blob/master/roles/moodleinstall/tasks/coreinstall.yml
# https://github.com/moodlebox/moodlebox/blob/master/roles/webserver/templates/etc/nginx/sites-available/default.j2
# This passes 404 pages to Moodle so they can be themed
#error_page 404 /error/index.php; error_page 403 =404 /error/index.php;
# https://docs.moodle.org/311/en/Nginx#XSendfile_aka_X-Accel-Redirect
# https://github.com/moodle/moodle/blob/master/config-dist.php#L274-L287
location /dataroot/ {
internal;
alias {{ moodle_data }}/;
}
location ~ ^/moodle.*\.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:{{ apache_port }};
location ~ ^/moodle(.*)\.php(.*)$ {
alias {{ moodle_base }}$1.php$2;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_pass php;
fastcgi_read_timeout 300; # Default is 60s
include fastcgi_params; # fastcgi.conf also works
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
# Uncomment to override /etc/php/<VERSION>/fpm/php.ini -- FYI Stage 4's
# roles/www_options/tasks/main.yml FORCES these same settings and more
# (equivalent to 'nginx_high_php_limits: True') when 'moodle_install: True'
#fastcgi_param PHP_VALUE "max_execution_time=300\n upload_max_filesize=500M\n post_max_size=500M\n max_input_vars=5000";
}
location ~ ^/moodle {
root {{ iiab_base }};
}

16
roles/moodle/templates/moodle-nginx.conf.j2.native
View file

@ -1,16 +0,0 @@
location ^/moodle {
alias /opt/iiab/moodle;
try_files $uri $uri/ index.php =404;
}
location ~ /moodle/(.*)\.php {
root /opt/iiab/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_pass php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}

13
roles/moodle/templates/moodle-nginx.conf.j2.unused Normal file
View file

@ -0,0 +1,13 @@
location /moodle {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:{{ apache_port }};
}
location ~ ^/moodle.*\.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:{{ apache_port }};
}

10
roles/moodle/templates/moodle_installer
View file

@ -18,5 +18,13 @@ sudo -u {{ apache_user }} \
--non-interactive \
--agree-license \
--allow-unstable # TEMPORARY DURING MAY 2018 TESTING
# 2021-07-05 ideas from https://github.com/moodlebox/moodlebox/blob/master/roles/moodleinstall/tasks/coreinstall.yml :
# --lang= # moodlebox_moodle_lang
# --dbtype=mariadb
# --prefix= # moodlebox_moodle_db_prefix
# --summary= # moodlebox_moodle_summary
# --adminemail= # moodlebox_moodle_username @ moodlebox_hostname .invalid
# Above vars set in https://github.com/moodlebox/moodlebox/blob/master/default.config.yml
chown {{ apache_user }}:{{ apache_user }} {{ moodle_base }}/config.php
# 2021-07-05: No longer needed
#chown {{ apache_user }}:{{ apache_user }} {{ moodle_base }}/config.php

5
roles/mysql/tasks/install.yml
View file

@ -5,13 +5,14 @@
# - 7 DB config
# - 2 record as installed
- name: 'Install MySQL packages: mariadb-server, mariadb-client (debuntu)'
- name: 'Install MySQL packages: mariadb-server, mariadb-client, php{{ php_version }}-mysql'
package:
name:
- mariadb-server
- mariadb-client
#- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
- php{{ php_version }}-mysql # Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
state: present
when: is_debuntu
# 2020-07-11:
# 10 PHP package installs moved to roles/www_base/tasks/main.yml

9
roles/nextcloud/README.md
View file

@ -25,19 +25,20 @@ The Nextcloud suite is divided into three main categories:
To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` _after_ it's created by this template: [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2)</strike>
(3) Strongly consider also setting `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 5 settings in /etc/php/[ACTUAL PHP VERSION]/fpm/php.ini:
(3) Strongly consider also setting `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 6 settings in /etc/php/[ACTUAL PHP VERSION]/fpm/php.ini:
- upload_max_filesize
- post_max_size
- memory_limit (Nextcloud recommends 512+ MB)
- max_execution_time
- max_input_time
- max_input_vars (Moodle 3.11+ requires 5000+ with PHP 8+)
Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/main.yml#L47-L51](../www_options/tasks/main.yml#L47-L51)
Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/main.yml#L53-L133](../www_options/tasks/main.yml#L53-L133)
(4) If you're running Nextcloud 21+ in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs. In places like these:
(4) If you're running Nextcloud 22+ in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs. In places like these:
- https://docs.nextcloud.com/server/21/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
- https://docs.nextcloud.com/server/22/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
- https://github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml
## Using It

47
roles/nextcloud/tasks/install.yml
View file

@ -40,38 +40,51 @@
# var: php_new
# https://docs.nextcloud.com/server/18/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
# February 2020: See @m-anish's PR #2119 and follow-up PR #2258.
# 2021-04-11: If you're running Nextcloud 21+ in production, carefully check the latest required AND recommended prereqs:
# https://docs.nextcloud.com/server/21/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
- name: Install ffmpeg + libxml2 + 13 php packages
# 2021-06-27: Use this after Nextcloud 22 is released "2021-07-06" :
# https://docs.nextcloud.com/server/22/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
- name: Install ffmpeg + libxml2 + 11 PHP packages (run 'php -m' or 'php -i' to verify)
package:
name:
#- dnsutils # NOT REQUESTED by Nextcloud
- ffmpeg # Optional (for preview generation)
- libxml2 # php-libxml requires libxml2 >= 2.7.0
#- libapache2-mod-php # 2020-02-15: NO LONGER NEEDED?
- php{{ php_version }}-bcmath # Highly recommended by Nextcloud 21 for "improved performance and better compatibility"
- php{{ php_version }}-bz2 # Optional (for extraction of apps)
- php{{ php_version }}-cli # Likely optional? @jvonau says this drags in php{{ php_version }}-common as @m-anish wanted in PR #2119 / #2258
- php{{ php_version }}-curl
- php{{ php_version }}-gd
- php{{ php_version }}-gmp # Optional (for SFTP storage)
- php{{ php_version }}-imagick # Optional (for preview generation)
- php{{ php_version }}-intl # Optional (increases language translation performance and fixes sorting of non-ASCII characters)
- php{{ php_version }}-json
- php{{ php_version }}-bcmath # Highly recommended by Nextcloud 21 for "improved performance and better compatibility" -- Likewise installed in pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
- php{{ php_version }}-bz2 # OPTIONAL (for extraction of apps)
#- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
- php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
#- php{{ php_version }}-exif # Optional (for image rotation in pictures app) but somehow already installed in our PHP core.
- php{{ php_version }}-gd # Likewise installed in moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
- php{{ php_version }}-gmp # OPTIONAL (for SFTP storage)
- php-imagick # OPTIONAL (for preview generation). BUT drags in Apache's libapache2-mod-phpX.Y etc, as confirmed by 'apt depends php-imagick' -- while php{{ php_version }}-imagick installs (despite not being shown within 'apt list "php*imagick"') it's no better -- and 'apt depends phpX.Y-imagick' mysteriously does NOT show its deps. Likewise installed in wordpress/tasks/install.yml
- php{{ php_version }}-intl # OPTIONAL (increases language translation performance and fixes sorting of non-ASCII characters): Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, wordpress/tasks/install.yml
#- php{{ php_version }}-json # See stanza just below
#- php{{ php_version }}-libxml # NOT INSTALLABLE: ENABLED BY DEFAULT (https://www.php.net/manual/en/libxml.installation.php)
- php{{ php_version }}-mbstring
- php{{ php_version }}-mysql
- php{{ php_version }}-mbstring # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
- php{{ php_version }}-mysql # Likewise installed in mysql/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
#- php{{ php_version }}-openssl # NOT INSTALLABLE: ENABLED BY DEFAULT?
#- php{{ php_version }}-pdo_mysql # NOT INSTALLABLE: php-mysql handles this on all OS's?
#- php{{ php_version }}-pdo_mysql # NOT INSTALLABLE: php{{ php_version }}-mysql handles this on all OS's?
#- php{{ php_version }}-redis # @m-anish future work?
#- php{{ php_version }}-session # NOT INSTALLABLE: ENABLED BY DEFAULT?
#- php{{ php_version }}-smbclient # Optional (SMB/CIFS integration)
- php{{ php_version }}-xml # NOT FORMALLY REQUESTED by Nextcloud (BUT hopefully delivers php-simplexml if not {php-xmlreader, php-xmlwriter} on Raspbian?)
- php{{ php_version }}-zip
- php{{ php_version }}-xml # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- Nextcloud's official requirements include {SimpleXML, XMLReader, XMLWriter} as confirmed by 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter}
#- php{{ php_version }}-xmlrpc # 2021-06-27: Experimentally remove, as explained in moodle/tasks/install.yml
- php{{ php_version }}-zip # Likewise installed in moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
#- php{{ php_version }}-zlib # NOT INSTALLABLE: ENABLED BY DEFAULT?
state: present
# For PHP >= 8.0: phpX.Y-json is baked into PHP itself.
# For PHP < 8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json
#
#- name: Install php{{ php_version }}-json if PHP < 8.0
# package:
# name: php{{ php_version }}-json
# state: present
# when: php_version is version('8.0', '<')
# https://docs.nextcloud.com/server/18/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
#- name: Install 9 additional php packages, if OS is not Raspbian (these are not available on Raspbian on RPi, as of Feb 2020)
# package:
@ -94,7 +107,7 @@
state: directory
path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud
- name: Unarchive {{ nextcloud_dl_url }} (100+ MB) to {{ nextcloud_root_dir }} (~449 MB, {{ apache_user }}:{{ apache_user }})
- name: Unarchive {{ nextcloud_dl_url }} (100+ MB) to {{ nextcloud_root_dir }} (434-450 MB, {{ apache_user }}:{{ apache_user }})
unarchive:
remote_src: yes # Overwrite even if "already exists on the target"
src: "{{ nextcloud_dl_url }}"

2
roles/nextcloud/tasks/nginx.yml
View file

@ -16,4 +16,4 @@
state: restarted
with_items:
- nginx
- "php{{ php_version }}-fpm"
- php{{ php_version }}-fpm

24
roles/nginx/README.md
View file

@ -1,27 +1,31 @@
### Transition to NGINX
1. Initial testing strategy (December 2019 - February 2020) is to move NGINX to [port 80](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services), and proxy everything to Apache on [port 8090](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) &mdash; creating "Shims" for each IIAB App/Service in *Section iii.* below.
1. Initial testing strategy (December 2019 - February 2020) was to move NGINX to [port 80](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services), and proxy everything to Apache on [port 8090](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) &mdash; creating "Shims" for each IIAB App/Service in *Section iii.* below.
Until "Native" NGINX is later implemented for that IIAB App/Service &mdash; allowing it to move up to *Section ii.* below.
Until "Native" NGINX is later implemented for each such IIAB App/Service &mdash; allowing each to move up to *Section ii.* below.
And potentially later moving it up to *Section i.* if its Apache support is dropped!
And potentially later moving each up to *Section i.* if its Apache support is dropped!
(Background: IIAB Apps/Services are generally [Ansible roles](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible) that live in [/opt/iiab/iiab/roles](https://github.com/iiab/iiab/tree/master/roles))
2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX.
3. Current state of IIAB App/Service migrations as of 2021-05-15:
3. Current state of IIAB App/Service migrations as of 2021-07-06: *(SEE ALSO [#2762](https://github.com/iiab/iiab/issues/2762))*
1. These support "Native" NGINX but ***NOT*** Apache
* Admin Console
* captiveportal
* IIAB documentation (http://box/info)
* jupyterhub
* moodle
* nodered
* osm-vector-maps
* OER2Go/RACHEL modules
* usb_lib
2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service:<!--But if you want to attempt their "Shim" proxying legacy testing mode, try setting your *primary web server* to Apache using `apache_install: True` and `apache_enabled: True` (and `nginx_enabled: False` to disable NGINX) in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) before you install IIAB. You may also need to run `cd /opt/iiab/iiab; ./runrole httpd` since this has been removed from [roles/3-base-server/tasks/main.yml](https://github.com/iiab/iiab/blob/master/roles/3-base-server/tasks/main.yml)-->
* awstats
* calibre-web
* gitea
@ -34,16 +38,16 @@
* sugarizer
* wordpress
3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of IIAB Apps/Services that auto-enable Apache.
3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of ~6 IIAB Apps/Services that auto-enable Apache.
* elgg
* moodle
* nodered
4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations). In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite)
* bluetooth
* calibre (menu goes directly to port 8080)
* cups [(available on port 631) * shim not yet in place.]
* internetarchive (menu goes directly to port 4244, [PR #2120](https://github.com/iiab/iiab/pull/2120)) [*]
* cups (menu goes directly to port 631) [*, shim not yet in place, [PR #2775](https://github.com/iiab/iiab/pull/2775)]
* internetarchive (menu goes directly to port 4244) [*, [PR #2120](https://github.com/iiab/iiab/pull/2120)]
* kalite (menu goes directly to ports 8006-8008)
* minetest
* mosquitto
@ -55,4 +59,4 @@
* transmission
* vnstat
[*] The 4 above starred roles could use improvement, as of 2021-05-15.
[*] The 4 above starred roles could use improvement, as of 2021-07-06.

17
roles/nginx/tasks/install.yml
View file

@ -5,16 +5,15 @@
ignore_errors: yes
# 'when: apache_installed is defined' insuff b/c mysql's php installs apache2
- name: Install required and helper packages for NGINX
- name: 'Install 5 packages for NGINX: libnginx-mod-http-subs-filter, nginx-extras, php{{ php_version }}-fpm, uwsgi, uwsgi-plugin-python3'
package:
name: "{{ item }}"
state: present
with_items:
- nginx-extras
- uwsgi
- uwsgi-plugin-python3
- php-fpm
name:
- libnginx-mod-http-subs-filter
- nginx-extras
- php{{ php_version }}-fpm # Drags in [1] php{{ php_version }}-cli (superset of php{{ php_version }}-common) [2] libsodium23 (likewise installed in moodle/tasks/install.yml AND wordpress/tasks/install.yml) [3] php{{ php_version }}-json if PHP < 8.0 (NEEDED FOR nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml AND wordpress/tasks/install.yml)
- uwsgi # Admin Console & roles/captiveportal should really install
- uwsgi-plugin-python3 # these 2 packages on demand (not every IIAB needs these).
state: present
# 2020-10-16: Removed per #2560
#- name: Add user '{{ apache_user }}' to shadow group, so it can authenticate Admin Console
@ -27,7 +26,7 @@
path: /etc/nginx/sites-enabled/default
state: absent
- name: 'Install 2 (of 4) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf'
- name: 'Install 3 (of 5) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/nginx/mime.types'
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"

11
roles/nginx/templates/nginx.conf.j2
View file

@ -1,6 +1,6 @@
# IIAB notes:
# /etc/nginx/sites-enabled is for server declarations
# /etc/nginx/conf.d is for location declarations within the main server block
# /etc/nginx/conf.d/* are included by /etc/nginx/server.conf
# /etc/nginx/sites-enabled/*.conf includes other sites
user www-data;
worker_processes auto;
@ -79,6 +79,13 @@ http {
'' close;
}
# 2021-06-22: Enables HTTP/1.1 byte-range, so Kolibri videos play on Apple
# and LG devices: https://github.com/learningequality/kolibri/issues/8164
# http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_force_ranges
# This should help all roles! RECAP: when unproxied, Kolibri videos worked
# (http://box:8009/kolibri/) but not when proxied (http://box/kolibri/).
proxy_force_ranges on;
##
# Virtual Host Configs
##

14
roles/nodejs/defaults/main.yml
View file

@ -1,15 +1,11 @@
# 2020-01-23: nodejs_install is completely ignored as Node.js is installed on
# demand as a dependency -- by Node-RED, Sugarizer and/or Internet Archive --
# but for now we set fake value 'nodejs_install: True' for
# 'nodejs_installed is defined' tests e.g. in 0-init/tasks/validate_vars.yml
# 2021-06-17: BOTH VALUES BELOW ARE INITIALLY IGNORED as Node.js is installed
# on demand as a dependency by 4 roles -- internetarchive (Internet Archive),
# nodered (Node-RED), pbx (Asterix, FreePBX) &/or Sugarizer:
# nodejs_install: True
# nodejs_install: False
# nodejs_enabled: False
# Node.js version used by roles/nodejs/tasks/main.yml for 3 roles:
# nodered (Node-RED), pbx (Asterix, FreePBX) & sugarizer (Sugarizer)
# nodejs_version: 14.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29
# nodejs_version: 16.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!

6
roles/nodejs/tasks/install.yml
View file

@ -32,7 +32,7 @@
# /etc/iiab/local_vars.yml -- then re-run this IIAB installer.
# when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stderr == ""
# Forces < 12 or > 12 to be removed, ignored if file is absent
# Forces < 16.x or > 16.x to be removed, ignored if file is absent
- name: Remove /etc/apt/sources.list.d/nodesource.list if nodejs_version_installed.stdout is not {{ nodejs_version }}
file:
state: absent
@ -40,14 +40,14 @@
when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != ""
# BRUTAL but ensures consistency across OS's / distros like Raspbian Desktop & Ubermix that often include an older version of Node.js
# Forces < 12 or > 12 to be uninstalled
# Forces < 16.x or > 16.x to be uninstalled
- name: ASK apt/yum/dnf TO REMOVE PRE-EXISTING Node.js {{ nodejs_version_installed.stdout }} (IF IT'S NOT {{ nodejs_version }})
package:
name: nodejs
state: absent
when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != ""
# Forces == 12
# Forces == 16.x
- name: Warn if Node.js {{ nodejs_version}} already installed & might be updated
debug:
msg: "WARN: YOUR Node.js {{ nodejs_version }} MIGHT NOW BE UPDATED USING nodesource.com"

2
roles/nodejs/tasks/main.yml
View file

@ -1,4 +1,4 @@
# SEE VAR nodejs_version: 14.x IN /opt/iiab/iiab/vars/default_vars.yml (FOR
# SEE VAR nodejs_version: 16.x IN /opt/iiab/iiab/vars/default_vars.yml (FOR
# NOW!) AND IF NEC OVERRIDE THIS IN /etc/iiab/local_vars.yml
# Duplicate Node.js code unified by @jvonau. Revised by @holta. Used by:

31
roles/nodered/tasks/install.yml
View file

@ -1,15 +1,5 @@
- name: "Set 'apache_install: True' and 'apache_enabled: True'"
set_fact:
apache_install: True
apache_enabled: True
- name: APACHE - run 'httpd' role
include_role:
name: httpd
# 2019-01-16: @jvonau's PR #1403 moved installation of Node.js (8.x for now) &
# npm to roles/nodejs/tasks/main.yml
# 2019-01-16: @jvonau's PR #1403 moved installation of Node.js [8.x at the time]
# and npm to roles/nodejs/tasks/main.yml
- name: "Set 'nodejs_install: True' and 'nodejs_enabled: True'"
set_fact:
@ -48,7 +38,7 @@
state: absent
when: nodered_install
# 2012-02-13: the 6 RPi stanzas below recreate Raspbian Desktop's Node-RED
# 2019-02-13: the 6 RPi stanzas below recreate Raspbian Desktop's Node-RED
# environment, inspired by:
# https://nodered.org/docs/hardware/raspberrypi
# https://github.com/node-red/raspbian-deb-package/blob/master/resources/update-nodejs-and-nodered
@ -112,18 +102,11 @@
dest: /etc/systemd/system/nodered.service
# mode: '0666'
- name: Install /etc/{{ apache_conf_dir }}/nodered.conf from template
template:
backup: yes
src: nodered.conf.j2
dest: "/etc/{{ apache_conf_dir }}/nodered.conf"
# mode: '0666'
# SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml
- name: Enable proxy_wstunnel apache2 module
apache2_module:
state: present
name: proxy_wstunnel
#- name: Enable proxy_wstunnel apache2 module
# apache2_module:
# state: present
# name: proxy_wstunnel
# RECORD Node-RED AS INSTALLED

8
roles/nodered/tasks/main.yml
View file

@ -39,14 +39,8 @@
state: stopped
when: not nodered_enabled
#- name: Enable/Disable/Restart Apache if primary
- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
include_tasks: apache.yml
#when: not nginx_enabled
- name: Enable/Disable/Restart NGINX if primary
- name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml
when: nginx_enabled
- name: Add 'nodered' variable values to {{ iiab_ini_file }}

25
roles/nodered/templates/nodered-nginx.conf.j2
View file

@ -1,3 +1,26 @@
# 'nodered_port: 1880' is set in /opt/iiab/iiab/vars/default_vars.yml
# https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services
location /nodered/ {
proxy_pass http://127.0.0.1:{{ apache_port }}/nodered/;
proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
#location /nodered/debug/ws/ {
# proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/debug/ws;
#
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
#}
#location /nodered/comms/ {
# proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/comms;
#
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
#}

0
roles/nodered/templates/nodered.conf.j2 → roles/nodered/templates/nodered.conf.j2.unused
View file

7
roles/osm-vector-maps/tasks/install.yml
View file

@ -170,16 +170,17 @@
dest: "{{ vector_map_path }}/maplist/index.html"
force: yes
- name: Get packages necessary for map installation
- name: "Install packages for map installation: python3-wget, php{{ php_version }}-sqlite3, python3-geojson, python3-pil"
package:
state: present
name:
- python3-wget
- "php{{ php_version }}-sqlite3"
#- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
- php{{ php_version }}-sqlite3
- python3-geojson
- python3-pil
- name: Copy a scripts to download tiles
- name: Copy 6 scripts to /usr/bin, for downloading tiles
get_url:
url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/scripts/{{ item }}"
dest: /usr/bin/

43
roles/pbx/tasks/freepbx_dependencies.yml
View file

@ -1,4 +1,4 @@
- name: FreePBX - Install dependencies
- name: FreePBX - Install dependencies (run 'php -m' or 'php -i' to verify PHP modules)
package:
name:
- wget
@ -8,23 +8,32 @@
- net-tools # required by FWConsole (command-line utility, that controls FreePBX)
- cron # required by FreePBX UCP package (User Control Panel)
- sox # required for CDR web-playback
- php
- php-pear
- php-cgi
- php-common
- php-curl
- php-mbstring
- php-gd
- php-mysql
# - php-gettext
- php-bcmath
- php-zip
- php-xml
- php-imap
- php-json
- php-snmp
- php-fpm
#- php{{ php_version }} # Basically drags in phpX.Y-cgi (already below!)
- php{{ php_version }}-bcmath # Likewise installed in nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php{{ php_version }}-cgi
#- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
- php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php{{ php_version }}-fpm # Likewise installed in nginx/tasks/install.yml
#- php{{ php_version }}-gettext
- php{{ php_version }}-gd # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml
- php{{ php_version }}-imap
#- php{{ php_version }}-json # See stanza just below
- php{{ php_version }}-mbstring # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php{{ php_version }}-mysql # Likewise installed in mysql/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php-pear # Likewise installed for ADMIN CONSOLE https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19
- php{{ php_version }}-snmp
- php{{ php_version }}-xml # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter}
- php{{ php_version }}-zip # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- libapache2-mod-php
#- python-mysqldb # https://github.com/Yannik/ansible-role-freepbx/blob/master/tasks/freepbx.yml#L33
- libapache2-mpm-itk # To serve FreePBX through a VirtualHost as asterisk user
state: latest
# For PHP >= 8.0: phpX.Y-json is baked into PHP itself.
# For PHP < 8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json
#
#- name: Install php{{ php_version }}-json if PHP < 8.0
# package:
# name: php{{ php_version }}-json
# state: present
# when: php_version is version('8.0', '<')

2
roles/phpmyadmin/defaults/main.yml
View file

@ -4,6 +4,6 @@
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
phpmyadmin_version: 5.1.0
phpmyadmin_version: 5.1.1
phpmyadmin_name: "phpMyAdmin-{{ phpmyadmin_version }}-all-languages"
phpmyadmin_dl_url: "https://files.phpmyadmin.net/phpMyAdmin/{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz"

2
roles/sugarizer/tasks/install.yml
View file

@ -29,7 +29,7 @@
# 2. DOWNLOAD+LINK /opt/iiab/sugarizer
- name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~717 MB)
- name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~469 MB)
git:
repo: https://github.com/llaske/sugarizer
dest: "{{ iiab_base }}/{{ sugarizer_dir_version }}"

27
roles/wordpress/tasks/install.yml
View file

@ -11,6 +11,33 @@
# and security enhancements using timestamps under /library/wordpress, as these
# can arise without warning when WordPress is online, since WordPress ~4.8
# 2021-06-29: PHP modules, covering "RECOMMENDED" and "OPTIONAL" sections here:
# https://make.wordpress.org/hosting/handbook/server-environment/
- name: Install libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify)
package:
name:
- libsodium23 # Likewise installed in nginx/tasks/install.yml via php{{ php_version }}-fpm AND httpd/tasks/install.yml via libapache2-mod-php{{ php_version }} AND moodle/tasks/install.yml -- it can ALSO be auto-installed by phpX.Y-cgi OR phpX.Y-cli as confirmed by 'apt rdepends libsodium23' -- VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"'
- php{{ php_version }}-bcmath # OPTIONAL: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
#- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
- php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
- php-imagick # BUT drags in Apache's libapache2-mod-phpX.Y etc, as confirmed by 'apt depends php-imagick' -- while php{{ php_version }}-imagick installs (despite not being shown within 'apt list "php*imagick"') it's no better -- and 'apt depends phpX.Y-imagick' mysteriously does NOT show its deps. Likewise installed in nextcloud/tasks/install.yml
- php{{ php_version }}-intl # OPTIONAL: Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml
#- php{{ php_version }}-json # See stanza just below
- php{{ php_version }}-mbstring # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
- php{{ php_version }}-mysql # Likewise installed in mysql/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
- php{{ php_version }}-xml # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter}
- php{{ php_version }}-zip # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
state: present
# For PHP >= 8.0: phpX.Y-json is baked into PHP itself.
# For PHP < 8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json
#
#- name: Install php{{ php_version }}-json if PHP < 8.0
# package:
# name: php{{ php_version }}-json
# state: present
# when: php_version is version('8.0', '<')
- name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }}
get_url:
url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}"

37
roles/www_base/tasks/main.yml
View file

@ -1,23 +1,26 @@
# Role "www_base" runs here, probably in 3-BASE-SERVER.
# Role "www_options" runs later, likely in 4-SERVER-OPTIONS.
- name: 'Install ~10 PHP packages (debuntu)'
package:
name:
# - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC
- php{{ php_version }}-common # 2020-05-21: @jvonau suggests this to avoid Apache above. Or its superset php{{ php_version }}-cli if absolutely nec?
- php{{ php_version }}-curl
- php{{ php_version }}-gd
- php{{ php_version }}-imap
- php{{ php_version }}-ldap
- php{{ php_version }}-mysql
- php{{ php_version }}-odbc
- php-pear
# - php{{ php_version }}-sqlite3 # 2020-07-10: Experimentally install this within roles/osm-vector-maps/tasks/install.yml only, as part of OSM fix PR #2464 for #2461.
- php{{ php_version }}-xml # Was below
- php{{ php_version }}-xmlrpc
state: present
when: is_debuntu
# 2021-06-27: Antifragile roles can become less brittle by fully declaring
# their own dependencies (i.e. for modularity, separation-of-concerns,
# encapsulation, compartmentalization, scope sanity, etc).
#
#- name: Install 10 PHP packages (run 'php -m' or 'php -i' to verify)
# package:
# name:
# - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this unfortunately forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC
# - php{{ php_version }}-common # 2021-06-27: @jvonau suggested this (2020-05-21) to avoid Apache packages dragged in above. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
# - php{{ php_version }}-curl # 2021-06-30: Installed in moodle/tasks/main.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/main.yml
# - php{{ php_version }}-gd # 2021-06-30: Installed in moodle/tasks/main.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
# - php{{ php_version }}-imap # 2021-06-27: Installed in pbx/tasks/freepbx_dependencies.yml
# - php{{ php_version }}-ldap # 2021-06-27: Experimentally remove
# - php{{ php_version }}-mysql # 2021-06-30: Installed in mysql/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/main.yml
# - php{{ php_version }}-odbc # 2021-06-27: Experimentally remove
# - php-pear # 2021-06-27: REQUIRED BY ADMIN CONSOLE https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19
# - php{{ php_version }}-sqlite3 # 2020-07-10: Installed in osm-vector-maps/tasks/install.yml as part of OSM fix PR #2464 for #2461
# - php{{ php_version }}-xml # 2021-06-30: Installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/main.yml
# - php{{ php_version }}-xmlrpc # 2021-06-27: Experimentally remove -- SEE EXPLANATION IN moodle/tasks/main.yml
# state: present
- name: Using html.yml
include_tasks: html.yml

70
roles/www_options/tasks/main.yml
View file

@ -49,17 +49,17 @@
when:
lxde_present.stat.exists and chromium_present.stat.exists
- debug:
msg: 'THE 3 ANSIBLE STANZAS BELOW ONLY RUN... when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled'
msg: 'THE 5 ANSIBLE STANZAS BELOW ONLY RUN... when: moodle_install or nextcloud_install or pbx_install or wordpress_install'
- block: # 3-STANZA BLOCK BEGINS
- block: # 5-STANZA BLOCK BEGINS
# FYI roles/nginx has already installed package php-fpm, in 3-base-server
# roles/nginx has installed pkg 'php{{ php_version }}-fpm' in 3-base-server
- name: Raise 2+2 PHP default values in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/Moodle/PBX (allow photos/docs up to 100MB, 100s timeouts, but preserve PHP's 128MB RAM limit)
- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)"
lineinfile:
path: "/etc/php/{{ php_version }}/fpm/php.ini"
#path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini"
path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
@ -68,20 +68,38 @@
- { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' }
- { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' }
- { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' }
- { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requests 5000' }
when: not nginx_high_php_limits # REMINDER: THIS ENTIRE 3-STANZA BLOCK IS ONLY INVOKED... when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled
- { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' }
when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install
# 2020-03-08: IIAB does not support uninstalling apps, so a 3rd clause
# (to reset/restore PHP's defaults) is not necessary at this time.
- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)"
lineinfile:
path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
- { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 100M ; default is 2M' }
- { regexp: '^post_max_size', line: 'post_max_size = 100M ; default is 8M' }
- { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' }
- { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' }
- { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' }
- { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' }
when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install
# COMPARE apache_allow_sudo further below.
# 2020-03-08: IIAB DOES NOT SUPPORT UNINSTALLING APPS, so additional
# clauses (to reset/restore PHP's defaults) are not necessary at this time.
# 2021-06-28: WITH PHP 8, MOODLE'S CLI INSTALLER UNFORTUNATELY *REQUIRES*
# editing /etc/php/{{ php_version }}/cli/php.ini (below) -- even though during
# regular operation it instead uses .../apache2/php.ini or .../fpm/php.ini
#
# SEE ALSO roles/moodle/tasks/install.yml WHERE SIMILAR SURGERY'S DONE TO
# /etc/php/{{ php_version }}/apache2/php.ini UNTIL MOODLE'S PORTED TO NGINX!
# WARNING: This might cause excess use of RAM/disk or other resources!
# The 5 values below were chosen by @ericnitschke and @kananigit in ~2018.
- name: Enact nginx_high_php_limits in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Nextcloud/Moodle/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, 512MB RAM limit)
# The 5 first values below were chosen by @ericnitschke and @kananigit in ~2018.
- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)"
lineinfile:
path: "/etc/php/{{ php_version }}/fpm/php.ini"
#path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini"
path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
@ -90,15 +108,29 @@
- { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' }
- { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' }
- { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' }
- { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requests 5000' }
when: nginx_high_php_limits # REMINDER: THIS ENTIRE 3-STANZA BLOCK IS ONLY INVOKED... when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled
- { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' }
when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install
- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)"
lineinfile:
path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
- { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' }
- { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' }
- { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' }
- { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' }
- { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' }
- { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' }
when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install
- name: Restart 'php{{ php_version }}-fpm' systemd service
systemd:
name: "php{{ php_version }}-fpm"
name: php{{ php_version }}-fpm
state: restarted
when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled # 3-STANZA BLOCK ENDS
when: moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE apache_allow_sudo conditionals below.
# 'Is a "Rapid Power Off" button possible for low-electricity environments?'

73
scripts/ansible
View file

@ -9,31 +9,32 @@
APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint
CURR_VER=undefined # Ansible version you currently have installed
GOOD_VER=2.11.0 # Orig for 'yum install [rpm]' & XO laptops (pip install)
GOOD_VER=2.11.2 # Orig for 'yum install [rpm]' & XO laptops (pip install)
# 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and
# .gpg key etc) are commented out with ### below. Associated guidance/comments
# are intentionally preserved.
# 2021-05-19 PR #2743: As a result of Ansible / Red Hat / IBM's extensive
# delays in publishing the PPA (.deb installer files) for ansible-core, this
# file bypasses the apt approach (and associated PPA source) in favor of:
#
# pip3 install ansible-core
#
# What the future holds for 2022+ is not yet clear. So the apt approach (with
# PPA source in /etc/apt/sources.list.d and .gpg key etc) and much associated
# guidance/comments below are NOT being commented out or deleted at this time.
# pip3 install --upgrade ansible-core
# We install the latest 'ansible-core' from PPA, using an OS 'CODENAME' below:
# https://launchpad.net/~ansible/+archive/ubuntu/ansible
# 2021-02-25: Latest 'ansible-base' was being installed from PPA, using either
# OS 'CODENAME' below: https://launchpad.net/~ansible/+archive/ubuntu/ansible
# 'lsb_release -sc' gives Mint 20 codename 'ulyana' etc: (TOO FINE-GRAINED)
if grep -q buster /etc/os-release /etc/debian_version; then
CODENAME=bionic # Debian 10, RaspiOS 10 & Buster-like distros
else
CODENAME=focal # Debian 11+, RaspiOS 11+, Ubuntu 20.04+, Mint 20+ (ETC)
fi
###if grep -q buster /etc/os-release /etc/debian_version; then
### CODENAME=bionic # Debian 10, RaspiOS 10 & Buster-like distros
###else
### CODENAME=focal # Debian 11+, RaspiOS 11+, Ubuntu 20.04+, Mint 20+ (ETC)
###fi
# APRIL 2021 - ansible-base (2.10) was renamed to ansible-core (2.11+):
# https://www.ansible.com/blog/ansible-3.0.0-qa
# https://github.com/ansible/ansible/releases
# https://github.com/ansible/ansible/commits/stable-2.11
# https://pypi.org/project/ansible-base/
# https://pypi.org/project/ansible-core/
# https://releases.ansible.com/ansible-base/
@ -47,25 +48,24 @@ fi
# https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/roadmap/ROADMAP_2_10.rst
# https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/roadmap/ROADMAP_2_11.rst
# FYI .travis.yml installs ansible-core in a slightly different way (PRs #2689, #2742 or #2743 ?)
# FYI .travis.yml installs ansible-core in a slightly different way (PRs #2689 & #2743)
# IIAB implementers might instead consider these 4 GENERAL TECHNIQUES below
# ("in an emergency!") e.g. if apt fails & you need a newer/older Ansible:
# TEMPORARILY USE pip3 to install the latest ansible-core as listed at
# https://pypi.org/project/ansible-core/ (REMOVE W/ "pip3 uninstall ansible-core")
#apt install python3-pip
#pip3 install ansible-core # Then start a new shell, so /usr/local/bin works
#apt install python3-pymysql python3-psycopg2 python3-passlib python3-pip python3-setuptools python3-packaging python3-venv virtualenv
#pip3 install --upgrade ansible-core # Then start a new shell, so /usr/local/bin works
#ansible-galaxy collection install -r collections.yml
# TEMPORARILY USE ansible-base 2.10.9 (REMOVE W/ "pip3 uninstall ansible-base")
# TEMPORARILY USE ansible-base 2.10.11 (REMOVE W/ "pip3 uninstall ansible-base")
#apt install python3-pip
#pip3 install ansible-base==2.10.9 # Start new shell, so /usr/local/bin works
#pip3 install ansible-base==2.10.11 # Start new shell, so /usr/local/bin works
# TEMPORARILY USE ANSIBLE 2.9.21 (REMOVE IT WITH "pip uninstall ansible")
# TEMPORARILY USE ANSIBLE 2.9.23 (REMOVE IT WITH "pip3 uninstall ansible")
#apt install python3-pip
#pip3 install ansible==2.9.21
#pip3 install ansible==2.9.23
# TEMPORARILY USE ANSIBLE 2.4.2 DUE TO 2.4.3 MEMORY BUG. Details: iiab/iiab#669
#echo "Install http://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb"
@ -77,7 +77,7 @@ export DEBIAN_FRONTEND=noninteractive
# Why 'noninteractive' appears needed:
# https://github.com/iiab/iiab/issues/564#issuecomment-347264985
echo -e "\n\nYOU ARE RUNNING: /opt/iiab/iiab/scripts/ansible (TO INSTALL ANSIBLE)\n"
echo -e "\n\nYOU ARE RUNNING: /opt/iiab/iiab/scripts/ansible (TO INSTALL ANSIBLE ETC)\n"
#echo -e 'Alternative: /opt/iiab/iiab/scripts/ansible-2.9.x ("Slow Food")\n'
echo -e "RECOMMENDED PREREQUISITES:"
@ -121,8 +121,8 @@ fi
#$APT_PATH/apt update
#$APT_PATH/apt -y install dirmngr
#echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \
echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \
> /etc/apt/sources.list.d/iiab-ansible.list
###echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \
### > /etc/apt/sources.list.d/iiab-ansible.list
# In future we might instead consider 'add-apt-repository ppa:ansible/ansible'
# or 'apt-add-repository ppa:ansible/bionic/ansible' etc, e.g. for streamlined
@ -140,25 +140,26 @@ echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.la
# 2021-04-26: JV & @holta WIP: (see above)
#echo -e '\nIF YOU FACE ERROR "signatures couldn'"'"'t be verified because the public key is not available" THEN REPEATEDLY RE-RUN "sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367"\n'
#apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367
cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg
###cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg
#chmod 644 /usr/share/keyrings/iiab-ansible-keyring.gpg
echo -e 'PPA source "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu '$CODENAME' main"'
echo -e "successfully saved to /etc/apt/sources.list.d/iiab-ansible.list\n"
echo -e "IF *OTHER* ANSIBLE SOURCES APPEAR BELOW, PLEASE MANUALLY REMOVE THEM TO"
echo -e 'ENSURE ANSIBLE UPDATES CLEANLY: (then re-run this script to be sure!)\n'
grep '^deb .*ansible' /etc/apt/sources.list /etc/apt/sources.list.d/*.list | grep -v '^/etc/apt/sources.list.d/iiab-ansible.list:' || true # Override bash -e (instead of aborting at 1st error)
###echo -e 'PPA source "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu '$CODENAME' main"'
###echo -e "successfully saved to /etc/apt/sources.list.d/iiab-ansible.list\n"
###echo -e "IF *OTHER* ANSIBLE SOURCES APPEAR BELOW, PLEASE MANUALLY REMOVE THEM TO"
###echo -e 'ENSURE ANSIBLE UPDATES CLEANLY: (then re-run this script to be sure!)\n'
###grep '^deb .*ansible' /etc/apt/sources.list /etc/apt/sources.list.d/*.list | grep -v '^/etc/apt/sources.list.d/iiab-ansible.list:' || true # Override bash -e (instead of aborting at 1st error)
echo -e "\napt update; apt install ansible-core and python3 dependencies explained at:"
echo -e "\napt update; apt install of python3-* / virtualenv packages explained at:"
echo -e "https://github.com/iiab/iiab/blob/master/scripts/ansible.md\n"
$APT_PATH/apt update
$APT_PATH/apt -y install python3-pip
pip3 install ansible-core
#$APT_PATH/apt -y --allow-downgrades install ansible-core \
$APT_PATH/apt -y --allow-downgrades install \
$APT_PATH/apt -y install \
python3-pymysql python3-psycopg2 python3-passlib python3-pip \
python3-setuptools python3-packaging python3-venv virtualenv
echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n"
pip3 install --upgrade ansible-core
# (Re)running collection installs appears safe, with --force-with-deps to force
# upgrade of collection and dependencies it pulls in. Note Ansible may support
# explicit upgrading of collections (--upgrade / -U flag) in version "2.11"
@ -178,7 +179,9 @@ ansible-galaxy collection install --force-with-deps \
#mkdir -p /etc/ansible # LIKELY REDUNDANT, due to above installation of Ansible
#echo -e '[local]\nlocalhost\n' > /etc/ansible/hosts # LIKELY REDUNDANT, due to https://github.com/iiab/iiab/blob/master/ansible_hosts
echo -e "SUCCESS INSTALLING ANSIBLE! PLEASE VERIFY WITH COMMANDS LIKE:"
echo -e "\n\nSUCCESS! PLEASE VERIFY ANSIBLE WITH COMMANDS LIKE:\n"
echo -e " ansible --version"
echo -e " pip show ansible-core"
echo -e " apt -a list ansible-core\n\n"
echo -e ' apt -a list "ansible*"'
echo -e " ansible-galaxy collection list\n"
echo -e "WARNING: Start a new Linux shell, if it changed from /usr/bin to /usr/local/bin\n\n"

2
scripts/ansible.md
View file

@ -7,7 +7,7 @@ Starting in November 2019, IIAB's Ansible installer ([/opt/iiab/iiab/scripts/ans
1. Ansible module: [pip](https://docs.ansible.com/ansible/latest/modules/pip_module.html)
IIAB installs apt packages:
- **python3-pip** (for IIAB's [Admin Console](https://github.com/iiab/iiab-admin-console))
- **python3-pip** (for `pip3 install ansible-core` & IIAB's [Admin Console](https://github.com/iiab/iiab-admin-console))
- **python3-setuptools**
- **virtualenv** (is Python 3 only, for [roles/kalite](https://github.com/iiab/iiab/tree/master/roles/kalite) & [roles/calibre-web](https://github.com/iiab/iiab/tree/master/roles/calibre-web) ?) and pulls in additional packages... (`apt show virtualenv` shows "Depends: python3, python3-virtualenv")
- **python3-virtualenv** and pulls in additional package... (`apt show python3-virtualenv` shows "Depends: python-pip-whl (>= 8.1.1-2), python3, python3-distutils, python3-pkg-resources")

8
scripts/local_facts.fact
View file

@ -60,8 +60,9 @@ OS_VER=$OS-$VERSION_ID
# 2020-10-21: Debian 11 (Bullseye) not yet supported but adding this line to
# its /etc/os-release can help testing this unreleased OS: VERSION_ID="11"
# 2020-11-14: Ubuntu 21.04 (Hirsute Hippo) not yet supported but this
# unreleased OS can help testing.
# 2021-06-19: Ubuntu 21.10 (Impish Indri) not yet supported but this
# unreleased OS can help testing. For now this means MANUALLY changing
# php_version: 7.4 to 8.0 in /opt/iiab/iiab/vars/ubuntu-21.yml
case $OS_VER in
"debian-10" | \
@ -69,7 +70,8 @@ case $OS_VER in
"ubuntu-20" | \
"ubuntu-21" | \
"linuxmint-20" | \
"raspbian-10")
"raspbian-10" | \
"raspbian-11")
;;
*) OS_VER="OS_not_supported"
;;

4
vars/debian-10.yml
View file

@ -1,5 +1,7 @@
# Every is_<OS> var is initially set to 'False' at the bottom of
# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that:
is_debuntu: True
is_debian: True
is_debian: True # Opposite of is_ubuntu for now
is_debian_10: True
# 2019-01-31: These apply if-only-if named_install and/or dhcpd_install are True

4
vars/debian-11.yml
View file

@ -1,5 +1,7 @@
# Every is_<OS> var is initially set to 'False' at the bottom of
# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that:
is_debuntu: True
is_debian: True
is_debian: True # Opposite of is_ubuntu for now
is_debian_11: True
# 2019-01-31: These apply if-only-if named_install and/or dhcpd_install are True

24
vars/default_vars.yml
View file

@ -265,9 +265,10 @@ nginx_log_dir: /var/log/nginx
# For schools that use WordPress/Nextcloud/Moodle/PBX intensively:
nginx_high_php_limits: False
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!
# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS...
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L52-L66
# ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php/<VERSION>/fpm/php.ini
# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True'
# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS...
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133
# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini
# Make this False to disable http://box/common/services/power_off.php button:
apache_allow_sudo: True
@ -392,6 +393,7 @@ lokole_enabled: False
# lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf'
# Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35
lokole_sim_type: LocalOnly
lokole_client_id: None
mediawiki_install: False
mediawiki_enabled: False
@ -401,13 +403,12 @@ mosquitto_install: False
mosquitto_enabled: False
mosquitto_port: 1883
# 2020-09-24: BOTH VALUES BELOW ARE IGNORED as Node.js is installed on demand
# as a dependency -- by Node-RED, Sugarizer &/or Internet Archive
# 2021-06-17: BOTH VALUES BELOW ARE INITIALLY IGNORED as Node.js is installed
# on demand as a dependency by 4 roles -- internetarchive (Internet Archive),
# nodered (Node-RED), pbx (Asterix, FreePBX) &/or Sugarizer:
nodejs_install: False
nodejs_enabled: False
# Node.js version used by roles/nodejs/tasks/main.yml for 3 roles:
# nodered (Node-RED), pbx (Asterix, FreePBX) & sugarizer (Sugarizer)
nodejs_version: 14.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29
nodejs_version: 16.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17
# Flow-based visual programming for wiring together IoT hardware devices etc
nodered_install: False
@ -432,7 +433,8 @@ nextcloud_enabled: False
# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3.
# Untested since Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi.
# If using PBX intensively, set nginx_high_php_limits further above.
pbx_install: False
pbx_enabled: False
asterisk_chan_dongle: False
@ -456,7 +458,7 @@ kalite_root: "{{ content_base }}/ka-lite" # /library/ka-lite
kolibri_install: False
kolibri_enabled: False
kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu
kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py
kolibri_http_port: 8009
# kiwix_install: True is REQUIRED, if you install IIAB's Admin Console
@ -473,6 +475,7 @@ kiwix_apk_src: https://download.kiwix.org/release/kiwix-android/kiwix.apk
postgresql_install: False
postgresql_enabled: False
# Warning: Moodle is a serious LMS, that takes a while to install.
moodle_install: False
moodle_enabled: False
# If using Moodle intensively, set nginx_high_php_limits further above.
@ -719,6 +722,7 @@ is_debian_9: False
is_debian_8: False
is_raspbian: False # Covers both: RPi HW + non-RPi HW versions of Raspberry Pi OS (Raspbian)
is_raspbian_11: False
is_raspbian_10: False
is_raspbian_9: False
is_raspbian_8: False

4
vars/linuxmint-20.yml
View file

@ -1,5 +1,7 @@
# Every is_<OS> var is initially set to 'False' at the bottom of
# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that:
is_debuntu: True
is_ubuntu: True
is_ubuntu: True # Opposite of is_debian for now
is_ubuntu_20: True
is_linuxmint: True
is_linuxmint_20: True

17
vars/local_vars_big.yml
View file

@ -168,9 +168,10 @@ pi_swap_file_size: 1024
# For schools that use WordPress/Nextcloud/Moodle/PBX intensively:
nginx_high_php_limits: False
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!
# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS...
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L52-L66
# ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php/<VERSION>/fpm/php.ini
# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True'
# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS...
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133
# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini
# See also Apache vars {default_language, language_priority} @ top of this file
#
@ -260,9 +261,6 @@ jupyterhub_enabled: True
# Lokole (email for rural communities) from https://ascoderu.ca
lokole_install: True
lokole_enabled: True
# lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf'
# Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35
lokole_sim_type: LocalOnly
mediawiki_install: True
mediawiki_enabled: True
@ -292,7 +290,8 @@ nextcloud_enabled: True
# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3.
# Untested since Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi.
# If using PBX intensively, set nginx_high_php_limits further above.
pbx_install: False
pbx_enabled: False
asterisk_chan_dongle: False
@ -310,7 +309,7 @@ kalite_enabled: True
kolibri_install: True
kolibri_enabled: True
kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu
kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans
# kiwix_install: True is REQUIRED, if you install IIAB's Admin Console
kiwix_install: True
@ -409,4 +408,4 @@ calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019)
calibreweb_url1: /books # For SHORT URL http://box/books (English)
calibreweb_url2: /libros # For SHORT URL http://box/libros (Spanish)
calibreweb_url3: /livres # For SHORT URL http://box/livres (French)
calibreweb_home: "{{ content_base }}/calibre-web" # /library/calibre-web
calibreweb_home: /library/calibre-web # default_vars.yml uses: "{{ content_base }}/calibre-web"

17
vars/local_vars_medium.yml
View file

@ -168,9 +168,10 @@ pi_swap_file_size: 1024
# For schools that use WordPress/Nextcloud/Moodle/PBX intensively:
nginx_high_php_limits: False
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!
# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS...
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L52-L66
# ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php/<VERSION>/fpm/php.ini
# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True'
# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS...
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133
# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini
# See also Apache vars {default_language, language_priority} @ top of this file
#
@ -260,9 +261,6 @@ jupyterhub_enabled: False
# Lokole (email for rural communities) from https://ascoderu.ca
lokole_install: False
lokole_enabled: False
# lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf'
# Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35
lokole_sim_type: LocalOnly
mediawiki_install: False
mediawiki_enabled: False
@ -292,7 +290,8 @@ nextcloud_enabled: True
# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3.
# Untested since Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi.
# If using PBX intensively, set nginx_high_php_limits further above.
pbx_install: False
pbx_enabled: False
asterisk_chan_dongle: False
@ -310,7 +309,7 @@ kalite_enabled: True
kolibri_install: False
kolibri_enabled: False
kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu
kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans
# kiwix_install: True is REQUIRED, if you install IIAB's Admin Console
kiwix_install: True
@ -409,4 +408,4 @@ calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019)
calibreweb_url1: /books # For SHORT URL http://box/books (English)
calibreweb_url2: /libros # For SHORT URL http://box/libros (Spanish)
calibreweb_url3: /livres # For SHORT URL http://box/livres (French)
calibreweb_home: "{{ content_base }}/calibre-web" # /library/calibre-web
calibreweb_home: /library/calibre-web # default_vars.yml uses: "{{ content_base }}/calibre-web"

17
vars/local_vars_min.yml
View file

@ -168,9 +168,10 @@ pi_swap_file_size: 1024
# For schools that use WordPress/Nextcloud/Moodle/PBX intensively:
nginx_high_php_limits: False
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!
# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS...
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L52-L66
# ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php/<VERSION>/fpm/php.ini
# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True'
# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS...
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133
# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini
# See also Apache vars {default_language, language_priority} @ top of this file
#
@ -260,9 +261,6 @@ jupyterhub_enabled: False
# Lokole (email for rural communities) from https://ascoderu.ca
lokole_install: False
lokole_enabled: False
# lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf'
# Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35
lokole_sim_type: LocalOnly
mediawiki_install: False
mediawiki_enabled: False
@ -292,7 +290,8 @@ nextcloud_enabled: False
# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3.
# Untested since Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi.
# If using PBX intensively, set nginx_high_php_limits further above.
pbx_install: False
pbx_enabled: False
asterisk_chan_dongle: False
@ -310,7 +309,7 @@ kalite_enabled: True
kolibri_install: False
kolibri_enabled: False
kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu
kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans
# kiwix_install: True is REQUIRED, if you install IIAB's Admin Console
kiwix_install: True
@ -409,4 +408,4 @@ calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019)
calibreweb_url1: /books # For SHORT URL http://box/books (English)
calibreweb_url2: /libros # For SHORT URL http://box/libros (Spanish)
calibreweb_url3: /livres # For SHORT URL http://box/livres (French)
calibreweb_home: "{{ content_base }}/calibre-web" # /library/calibre-web
calibreweb_home: /library/calibre-web # default_vars.yml uses: "{{ content_base }}/calibre-web"

4
vars/raspbian-10.yml
View file

@ -1,5 +1,7 @@
# Every is_<OS> var is initially set to 'False' at the bottom of
# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that:
is_debuntu: True
is_debian: True
is_debian: True # Opposite of is_ubuntu for now
is_debian_10: True
is_raspbian: True
is_raspbian_10: True

40
vars/raspbian-11.yml Normal file
View file

@ -0,0 +1,40 @@
# Every is_<OS> var is initially set to 'False' at the bottom of
# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that:
is_debuntu: True
is_debian: True # Opposite of is_ubuntu for now
is_debian_11: True
is_raspbian: True
is_raspbian_11: True
# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True
# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True)
dns_service: bind9
dns_user: bind
dhcp_service: isc-dhcp-server
proxy: squid
proxy_user: proxy
apache_service: apache2
apache_conf_dir: apache2/sites-available
apache_user: www-data
apache_log_dir: /var/log/apache2
smb_service: smbd
nmb_service: nmbd
systemctl_program: /bin/systemctl
mysql_service: mariadb
apache_log: /var/log/apache2/access.log
sshd_package: ssh
sshd_service: ssh
php_version: 7.4
postgresql_version: 13
systemd_location: /lib/systemd/system
python_ver: 3.9
# Minetest for RPi
minetest_server_bin: /library/games/minetest/bin/minetestserver
minetest_working_dir: /library/games/minetest
minetest_game_dir: /library/games/minetest/games/minetest_game
minetest_rpi_src_tar: minetest.5.1.1.tar.gz
#minetest_rpi_src_url: "http://www.nathansalapat.com/downloads/{{ minetest_rpi_src_tar }}"
minetest_rpi_src_url: "http://d.iiab.io/packages/{{ minetest_rpi_src_tar }}"
minetest_rpi_src_untarred: Minetest

0
vars/shaper.yml → vars/shaper.yml.unused
View file

4
vars/ubuntu-20.yml
View file

@ -1,5 +1,7 @@
# Every is_<OS> var is initially set to 'False' at the bottom of
# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that:
is_debuntu: True
is_ubuntu: True
is_ubuntu: True # Opposite of is_debian for now
is_ubuntu_20: True
# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True

4
vars/ubuntu-21.yml
View file

@ -1,5 +1,7 @@
# Every is_<OS> var is initially set to 'False' at the bottom of
# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that:
is_debuntu: True
is_ubuntu: True
is_ubuntu: True # Opposite of is_debian for now
is_ubuntu_21: True
# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True