From a32539ae818bf7c46324ca9016962152c1d0cbd2 Mon Sep 17 00:00:00 2001
From: Jerry Vonau <jvonau3@gmail.com>
Date: Mon, 12 Apr 2021 00:00:50 -0500
Subject: [PATCH 1/5] Don't load legacy modules

---
 roles/network/templates/gateway/iiab-gen-iptables | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables
index f7ee6c7c9..80f7b60a5 100755
--- a/roles/network/templates/gateway/iiab-gen-iptables
+++ b/roles/network/templates/gateway/iiab-gen-iptables
@@ -86,14 +86,6 @@ elif [ "$ports_externally_visible" -lt 0 ] || [ "$ports_externally_visible" -gt
     exit 1
 fi
 
-#if [ "$wan" != "none" ] && [ "$network_mode" != "Appliance" ]; then
-# Load iptables kernel modules
-/sbin/modprobe ip_tables
-/sbin/modprobe iptable_filter
-/sbin/modprobe ip_conntrack
-/sbin/modprobe iptable_nat
-#fi
-
 # Delete all existing firewall rules
 $IPTABLES -F
 $IPTABLES -t nat -F

From 742405b1d37d724d6c7fccdf1f5e42dd5d7b9217 Mon Sep 17 00:00:00 2001
From: Jerry Vonau <jvonau3@gmail.com>
Date: Mon, 12 Apr 2021 09:21:51 -0500
Subject: [PATCH 2/5] use iiab.env as reference for state of
 iiab_gateway_enabled

Opens up the posibility of gateway-on|off scripts like hotspot-on|off
---
 roles/network/templates/gateway/iiab-gen-iptables | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables
index 80f7b60a5..1175157af 100755
--- a/roles/network/templates/gateway/iiab-gen-iptables
+++ b/roles/network/templates/gateway/iiab-gen-iptables
@@ -37,6 +37,7 @@ IPTABLES_DATA=/etc/sysconfig/iptables
 source {{ iiab_env_file }}
 lan=$IIAB_LAN_DEVICE
 wan=$IIAB_WAN_DEVICE
+iiab_gateway_enabled=$IIAB_GATEWAY_ENABLED
 echo -e "\nLAN: $lan"
 echo -e "WAN: $wan\n"
 #network_mode=`grep iiab_network_mode_applied {{ iiab_ini_file }} | gawk '{print $3}'`
@@ -49,7 +50,6 @@ gw_block_https={{ gw_block_https }}
 sshd_port={{ sshd_port }}
 #gui_wan= [no longer needed]
 gui_port={{ gui_port }}
-iiab_gateway_enabled={{ iiab_gateway_enabled }}
 block_DNS={{ block_DNS }}
 
 azuracast_ports="{{ azuracast_port_range_prefix }}000:{{ azuracast_port_range_prefix }}100"

From 1b8e6e4958850096ee1dbace22aa844a8718badc Mon Sep 17 00:00:00 2001
From: Jerry Vonau <jvonau3@gmail.com>
Date: Mon, 12 Apr 2021 10:31:23 -0500
Subject: [PATCH 3/5] move to runtime option from install time (via 1-prep)

---
 roles/network/tasks/restart.yml | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml
index e169714d0..d70999290 100644
--- a/roles/network/tasks/restart.yml
+++ b/roles/network/tasks/restart.yml
@@ -53,11 +53,12 @@
     name: avahi-daemon
     state: restarted
 
-- name: Create gateway flag
-  shell: echo 1 > /etc/sysconfig/olpc-scripts/setup.d/installed/gateway
-  args:
-    creates: /etc/sysconfig/olpc-scripts/setup.d/installed/gateway
-  when: iiab_network_mode == "Gateway"
+- name: Record 'IIAB_GATEWAY_ENABLED={{ iiab_gateway_enabled }}' in {{ iiab_env_file }}
+  lineinfile:
+    path: "{{ iiab_env_file }}"
+    regexp: '^IIAB_GATEWAY_ENABLED=*'
+    line: 'IIAB_GATEWAY_ENABLED={{ iiab_gateway_enabled }}'
+    state: present
 
 #netplan de-configures pre-created bridged interfaces 
 #- name: Reload netplan when Wifi is not gateway on Ubuntu 18+

From df5618c3a4d3b70b6445a61098db7f6d4bc071e8 Mon Sep 17 00:00:00 2001
From: Jerry Vonau <jvonau3@gmail.com>
Date: Mon, 12 Apr 2021 10:45:31 -0500
Subject: [PATCH 4/5] grouping

---
 roles/network/tasks/computed_network.yml | 7 +++++++
 roles/network/tasks/restart.yml          | 7 -------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/roles/network/tasks/computed_network.yml b/roles/network/tasks/computed_network.yml
index 61dda59ce..94f70833b 100644
--- a/roles/network/tasks/computed_network.yml
+++ b/roles/network/tasks/computed_network.yml
@@ -141,6 +141,13 @@
     line: 'IIAB_LAN_DEVICE={{ iiab_lan_iface }}'
     state: present
 
+- name: Record 'IIAB_GATEWAY_ENABLED={{ iiab_gateway_enabled }}' in {{ iiab_env_file }}
+  lineinfile:
+    path: "{{ iiab_env_file }}"
+    regexp: '^IIAB_GATEWAY_ENABLED=*'
+    line: 'IIAB_GATEWAY_ENABLED={{ iiab_gateway_enabled }}'
+    state: present
+
 - name: Add 'computed_network' variable values to {{ iiab_ini_file }}
   ini_file:
     dest: "{{ iiab_ini_file }}"
diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml
index d70999290..3c1e1c793 100644
--- a/roles/network/tasks/restart.yml
+++ b/roles/network/tasks/restart.yml
@@ -53,13 +53,6 @@
     name: avahi-daemon
     state: restarted
 
-- name: Record 'IIAB_GATEWAY_ENABLED={{ iiab_gateway_enabled }}' in {{ iiab_env_file }}
-  lineinfile:
-    path: "{{ iiab_env_file }}"
-    regexp: '^IIAB_GATEWAY_ENABLED=*'
-    line: 'IIAB_GATEWAY_ENABLED={{ iiab_gateway_enabled }}'
-    state: present
-
 #netplan de-configures pre-created bridged interfaces 
 #- name: Reload netplan when Wifi is not gateway on Ubuntu 18+
 #  shell: netplan apply

From 6aeaeed6ab512323421dda80d65d1299482d734f Mon Sep 17 00:00:00 2001
From: Jerry Vonau <jvonau3@gmail.com>
Date: Mon, 12 Apr 2021 12:10:45 -0500
Subject: [PATCH 5/5] helper scripts

---
 roles/network/tasks/enable_services.yml           | 11 +++++++++++
 roles/network/templates/gateway/iiab-internet-off |  3 +++
 roles/network/templates/gateway/iiab-internet-on  |  3 +++
 3 files changed, 17 insertions(+)
 create mode 100644 roles/network/templates/gateway/iiab-internet-off
 create mode 100644 roles/network/templates/gateway/iiab-internet-on

diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml
index 1ce2e06bf..d083e4690 100644
--- a/roles/network/tasks/enable_services.yml
+++ b/roles/network/tasks/enable_services.yml
@@ -205,6 +205,17 @@
     group: root
     mode: 0755
 
+- name: Install iiab-internet-on|off
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: root
+    group: root
+    mode: 0755
+  with_items:
+    - { src: 'gateway/iiab-internet-on', dest: '/usr/bin/iiab-internet-on' }
+    - { src: 'gateway/iiab-internet-off', dest: '/usr/bin/iiab-internet-off' }
+
 - name: Add 'squid' variable values to {{ iiab_ini_file }}
   ini_file:
     path: "{{ iiab_ini_file }}"
diff --git a/roles/network/templates/gateway/iiab-internet-off b/roles/network/templates/gateway/iiab-internet-off
new file mode 100644
index 000000000..1ed48ae64
--- /dev/null
+++ b/roles/network/templates/gateway/iiab-internet-off
@@ -0,0 +1,3 @@
+#!/bin/bash
+sed -i -e "s/^IIAB_GATEWAY_ENABLED.*/IIAB_GATEWAY_ENABLED=False/" {{ iiab_env_file }}
+/usr/bin/iiab-gen-iptables
diff --git a/roles/network/templates/gateway/iiab-internet-on b/roles/network/templates/gateway/iiab-internet-on
new file mode 100644
index 000000000..63e7ac3ff
--- /dev/null
+++ b/roles/network/templates/gateway/iiab-internet-on
@@ -0,0 +1,3 @@
+#!/bin/bash
+sed -i -e "s/^IIAB_GATEWAY_ENABLED.*/IIAB_GATEWAY_ENABLED=True/" {{ iiab_env_file }}
+/usr/bin/iiab-gen-iptables