Deprecate DansGuardian, Squid, WonderShaper

roles/0-init/tasks/validate_vars.yml

@@ -63,7 +63,7 @@
 #
 # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc
 
-- name: Set vars_checklist for 44 + 44 + 40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked
+- name: Set vars_checklist for 42 + 42 + 38 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked
   set_fact:
     vars_checklist:
       - hostapd
@@ -78,8 +78,8 @@
       #- nginx              # MANDATORY
       #- apache             # Unmaintained - former dependency
       #- mysql              # MANDATORY
-      - squid
-      - dansguardian
+      #- squid              # Unmaintained
+      #- dansguardian       # Unmaintained
       - cups
       - samba
       - usb_lib

roles/4-server-options/tasks/main.yml

@@ -35,9 +35,9 @@
   when: dhcpd_install is defined and dhcpd_install
 
 # UNMAINTAINED
-- name: Install Squid (and DansGuardian if dansguardian_install)
-  include_tasks: roles/network/tasks/squid.yml
-  when: squid_install is defined and squid_install
+# - name: Install Squid (and DansGuardian if dansguardian_install)
+#   include_tasks: roles/network/tasks/squid.yml
+#   when: squid_install is defined and squid_install
 
 
 - name: Install Bluetooth - only on Raspberry Pi

roles/network/defaults/main.yml

@@ -85,8 +85,8 @@ systemd_networkd_active: False
 # The values here are default local variables
 gui_wan_iface: unset
 gui_static_wan_ip: unset
-wondershaper_dspeed: 4096
-wondershaper_upspeed: 1024
+# wondershaper_dspeed: 4096
+# wondershaper_upspeed: 1024
 
 # netplan
 fix_dispatcher: True

roles/network/tasks/computed_services.yml

@@ -1,17 +1,17 @@
 - name: No LAN configured - 'Appliance' mode
   set_fact:
-    dansguardian_enabled: False
-    squid_enabled: False
-    wondershaper_enabled: False
+    # dansguardian_enabled: False
+    # squid_enabled: False
+    # wondershaper_enabled: False
     hostapd_enabled: False
     iiab_network_mode: "Appliance"
   when: iiab_lan_iface == "none" or user_lan_iface == "none"
 
 - name: LAN configured - 'LanController' mode
   set_fact:
-    dansguardian_enabled: False
-    squid_enabled: False
-    wondershaper_enabled: False
+    # dansguardian_enabled: False
+    # squid_enabled: False
+    # wondershaper_enabled: False
     iiab_network_mode: "LanController"
   when: iiab_lan_iface != "none" and iiab_wan_iface == "none"
 

roles/network/tasks/enable_services.yml

@@ -122,136 +122,136 @@
     enabled: no
   when: dnsmasq_install and not dnsmasq_enabled
 
-- name: Enable DansGuardian systemd service, if dansguardian_enabled
-  systemd:
-    name: dansguardian
-    enabled: yes
-  when: dansguardian_install and dansguardian_enabled
+# - name: Enable DansGuardian systemd service, if dansguardian_enabled
+#   systemd:
+#     name: dansguardian
+#     enabled: yes
+#   when: dansguardian_install and dansguardian_enabled
 
-- name: Disable DansGuardian, if not dansguardian_enabled
-  systemd:
-    name: dansguardian
-    enabled: no
-  when: (dansguardian_install or dansguardian_installed is defined) and not dansguardian_enabled
+# - name: Disable DansGuardian, if not dansguardian_enabled
+#   systemd:
+#     name: dansguardian
+#     enabled: no
+#   when: (dansguardian_install or dansguardian_installed is defined) and not dansguardian_enabled
 
-- name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }}, if squid_enabled
-  lineinfile:
-    path: "{{ iiab_env_file }}"
-    regexp: '^HTTPCACHE_ON=*'
-    line: 'HTTPCACHE_ON=True'
-    state: present
-  when: squid_install and squid_enabled
+# - name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }}, if squid_enabled
+#   lineinfile:
+#     path: "{{ iiab_env_file }}"
+#     regexp: '^HTTPCACHE_ON=*'
+#     line: 'HTTPCACHE_ON=True'
+#     state: present
+#   when: squid_install and squid_enabled
 
-- name: Enable Squid systemd service ({{ proxy }}) if squid_enabled
-  systemd:
-    name: "{{ proxy }}"
-    enabled: yes
-  when: squid_install and squid_enabled
+# - name: Enable Squid systemd service ({{ proxy }}) if squid_enabled
+#   systemd:
+#     name: "{{ proxy }}"
+#     enabled: yes
+#   when: squid_install and squid_enabled
 
-- name: Install /etc/{{ proxy }}/squid-iiab.conf from template, owned by {{ proxy_user }}:{{ proxy_user }}
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: "{{ item.owner }}"
-    group: "{{ item.group }}"
-    mode: "{{ item.mode }}"
-  with_items:
-    - src: squid/squid-iiab.conf.j2
-      dest: "/etc/{{ proxy }}/squid-iiab.conf"
-      owner: "{{ proxy_user }}"
-      group: "{{ proxy_user }}"
-      mode: 0644
-  when: squid_install and squid_enabled
+# - name: Install /etc/{{ proxy }}/squid-iiab.conf from template, owned by {{ proxy_user }}:{{ proxy_user }}
+#   template:
+#     src: "{{ item.src }}"
+#     dest: "{{ item.dest }}"
+#     owner: "{{ item.owner }}"
+#     group: "{{ item.group }}"
+#     mode: "{{ item.mode }}"
+#   with_items:
+#     - src: squid/squid-iiab.conf.j2
+#       dest: "/etc/{{ proxy }}/squid-iiab.conf"
+#       owner: "{{ proxy_user }}"
+#       group: "{{ proxy_user }}"
+#       mode: 0644
+#   when: squid_install and squid_enabled
 
-- name: Point to Squid config file from startup file, if squid_enabled (debuntu)
-  lineinfile:
-    regexp: '^CONFIG'
-    line: "CONFIG=/etc/{{ proxy }}/squid-iiab.conf"
-    path: "/etc/init.d/{{ proxy }}"
-  when: squid_install and squid_enabled and is_debuntu
+# - name: Point to Squid config file from startup file, if squid_enabled (debuntu)
+#   lineinfile:
+#     regexp: '^CONFIG'
+#     line: "CONFIG=/etc/{{ proxy }}/squid-iiab.conf"
+#     path: "/etc/init.d/{{ proxy }}"
+#   when: squid_install and squid_enabled and is_debuntu
 
-- name: Disable Squid service, if not squid_enabled
-  systemd:
-    name: "{{ proxy }}"
-    enabled: no
-  when: (squid_install or squid_installed is defined) and not squid_enabled
+# - name: Disable Squid service, if not squid_enabled
+#   systemd:
+#     name: "{{ proxy }}"
+#     enabled: no
+#   when: (squid_install or squid_installed is defined) and not squid_enabled
 
-- name: Revert to 'HTTPCACHE_ON=False' if not squid_enabled
-  lineinfile:
-    path: "{{ iiab_env_file }}"
-    regexp: '^HTTPCACHE_ON=*'
-    line: 'HTTPCACHE_ON=False'
-    state: present
-  when: squid_install and not squid_enabled
+# - name: Revert to 'HTTPCACHE_ON=False' if not squid_enabled
+#   lineinfile:
+#     path: "{{ iiab_env_file }}"
+#     regexp: '^HTTPCACHE_ON=*'
+#     line: 'HTTPCACHE_ON=False'
+#     state: present
+#   when: squid_install and not squid_enabled
 
-- name: Enable Wondershaper service, if wondershaper_enabled
-  systemd:
-    name: wondershaper
-    enabled: yes
-  when: wondershaper_install and wondershaper_enabled
+# - name: Enable Wondershaper service, if wondershaper_enabled
+#   systemd:
+#     name: wondershaper
+#     enabled: yes
+#   when: wondershaper_install and wondershaper_enabled
 
-- name: Disable Wondershaper service, if not wondershaper_enabled
-  systemd:
-    name: wondershaper
-    enabled: no
-  when: (wondershaper_install or wondershaper_installed is defined) and not wondershaper_enabled
+# - name: Disable Wondershaper service, if not wondershaper_enabled
+#   systemd:
+#     name: wondershaper
+#     enabled: no
+#   when: (wondershaper_install or wondershaper_installed is defined) and not wondershaper_enabled
 
 # check-LAN should be iptables.yml remove later
-- name: Install clean copy of /usr/bin/iiab-gen-iptables from template
+- name: Install clean copy of /usr/bin/iiab-gen-iptables from template (root:root by default)
   template:
     src: gateway/iiab-gen-iptables
     dest: /usr/bin/iiab-gen-iptables
-    owner: root
-    group: root
+    # owner: root
+    # group: root
     mode: 0755
 
-- name: Install iiab-internet-on|off
+- name: Install iiab-internet-on|off (root:root by default)
   template:
     src: "{{ item }}"
     dest: /usr/bin/
-    owner: root
-    group: root
+    # owner: root
+    # group: root
     mode: 0755
   with_items:
     - gateway/iiab-internet-on
     - gateway/iiab-internet-off
 
 
-- name: Add 'squid' variable values to {{ iiab_ini_file }}
-  ini_file:
-    path: "{{ iiab_ini_file }}"
-    section: squid
-    option: "{{ item.option }}"
-    value: "{{ item.value | string }}"
-  with_items:
-    - option: squid_install
-      value: "{{ squid_install }}"
-    - option: squid_enabled
-      value: "{{ squid_enabled }}"
-  when: squid_installed is defined
+# - name: Add 'squid' variable values to {{ iiab_ini_file }}
+#   ini_file:
+#     path: "{{ iiab_ini_file }}"
+#     section: squid
+#     option: "{{ item.option }}"
+#     value: "{{ item.value | string }}"
+#   with_items:
+#     - option: squid_install
+#       value: "{{ squid_install }}"
+#     - option: squid_enabled
+#       value: "{{ squid_enabled }}"
+#   when: squid_installed is defined
 
-- name: Add 'dansguardian' variable values to {{ iiab_ini_file }}
-  ini_file:
-    path: "{{ iiab_ini_file }}"
-    section: dansguardian
-    option: "{{ item.option }}"
-    value: "{{ item.value | string }}"
-  with_items:
-    - option: dansguardian_install
-      value: "{{ dansguardian_install }}"
-    - option: dansguardian_enabled
-      value: "{{ dansguardian_enabled }}"
-  when: dansguardian_installed is defined
+# - name: Add 'dansguardian' variable values to {{ iiab_ini_file }}
+#   ini_file:
+#     path: "{{ iiab_ini_file }}"
+#     section: dansguardian
+#     option: "{{ item.option }}"
+#     value: "{{ item.value | string }}"
+#   with_items:
+#     - option: dansguardian_install
+#       value: "{{ dansguardian_install }}"
+#     - option: dansguardian_enabled
+#       value: "{{ dansguardian_enabled }}"
+#   when: dansguardian_installed is defined
 
-- name: Add 'wondershaper' variable values to {{ iiab_ini_file }}
-  ini_file:
-    path: "{{ iiab_ini_file }}"
-    section: wondershaper
-    option: "{{ item.option }}"
-    value: "{{ item.value | string }}"
-  with_items:
-    - option: wondershaper_install
-      value: "{{ wondershaper_install }}"
-    - option: wondershaper_enabled
-      value: "{{ wondershaper_enabled }}"
-  when: wondershaper_installed is defined
+# - name: Add 'wondershaper' variable values to {{ iiab_ini_file }}
+#   ini_file:
+#     path: "{{ iiab_ini_file }}"
+#     section: wondershaper
+#     option: "{{ item.option }}"
+#     value: "{{ item.value | string }}"
+#   with_items:
+#     - option: wondershaper_install
+#       value: "{{ wondershaper_install }}"
+#     - option: wondershaper_enabled
+#       value: "{{ wondershaper_enabled }}"
+#   when: wondershaper_installed is defined

roles/network/tasks/main.yml

@@ -21,9 +21,9 @@
 - name: computed_network
   include_tasks: computed_network.yml
 
-- name: Configure wondershaper
-  include_tasks: wondershaper.yml
-  when: wondershaper_install or wondershaper_installed is defined
+# - name: Configure wondershaper
+#   include_tasks: wondershaper.yml
+#   when: wondershaper_install or wondershaper_installed is defined
 
 - name: (Re)Install named
   include_tasks: named.yml
@@ -33,9 +33,9 @@
   include_tasks: dhcpd.yml
   when: dhcpd_install and FQDN_changed and iiab_stage|int == 9
 
-- name: (Re)Install Squid
-  include_tasks: squid.yml
-  when: squid_install and FQDN_changed and iiab_stage|int == 9
+# - name: (Re)Install Squid
+#   include_tasks: squid.yml
+#   when: squid_install and FQDN_changed and iiab_stage|int == 9
 
 #preprep for backends
 - name: Netplan in use on Ubuntu 18.04+

roles/network/tasks/restart.yml

@@ -16,37 +16,37 @@
     state: restarted
   when: named_enabled and named_install
 
-- name: Stop Squid service
-  systemd:
-    name: "{{ proxy }}"
-    state: stopped
-  async: 120
-  when: squid_install or squid_installed is defined
+# - name: Stop Squid service
+#   systemd:
+#     name: "{{ proxy }}"
+#     state: stopped
+#   async: 120
+#   when: squid_install or squid_installed is defined
 
-- name: Stop DansGuardian
-  systemd:
-    name: dansguardian
-    state: stopped
-  when: dansguardian_install or dansguardian_installed is defined
+# - name: Stop DansGuardian
+#   systemd:
+#     name: dansguardian
+#     state: stopped
+#   when: dansguardian_install or dansguardian_installed is defined
 
-- name: Restart DansGuardian service (dansguardian) except Ubuntu which needs reboot to activate
-  systemd:
-    name: dansguardian
-    state: restarted
-  when: dansguardian_enabled and dansguardian_install and ( not is_ubuntu and iiab_stage|int < 4 )
+# - name: Restart DansGuardian service (dansguardian) except Ubuntu which needs reboot to activate
+#   systemd:
+#     name: dansguardian
+#     state: restarted
+#   when: dansguardian_enabled and dansguardian_install and ( not is_ubuntu and iiab_stage|int < 4 )
 
-# Squid get re-loaded with dispatcher.d
-- name: Restart Squid service ({{ proxy }})
-  systemd:
-    name: "{{ proxy }}"
-    state: restarted
-  when: squid_enabled and squid_install
+# # Squid get re-loaded with dispatcher.d
+# - name: Restart Squid service ({{ proxy }})
+#   systemd:
+#     name: "{{ proxy }}"
+#     state: restarted
+#   when: squid_enabled and squid_install
 
-- name: Restart Wondershaper service (wondershaper)
-  systemd:
-    name: wondershaper
-    state: restarted
-  when: wondershaper_enabled
+# - name: Restart Wondershaper service (wondershaper)
+#   systemd:
+#     name: wondershaper
+#     state: restarted
+#   when: wondershaper_enabled
 
 - name: Restart Avahi service (avahi-daemon)
   systemd:

vars/default_vars.yml

@@ -123,7 +123,7 @@ wifi_up_down: True    # Creates a 2nd virtual WiFi adapter for upstream WiFi
 
 # Set True if client machines should have "passthrough" access to WAN/Internet:
 iiab_gateway_enabled: False
-gw_squid_whitelist: False
+# gw_squid_whitelist: False
 gw_block_https: False
 
 # Gateway mode
@@ -185,8 +185,8 @@ block_DNS: False
 dns_jail_enabled: False
 
 # UNMAINTAINED as of October 2017: https://github.com/iiab/iiab/pull/382
-wondershaper_install: False
-wondershaper_enabled: False
+# wondershaper_install: False
+# wondershaper_enabled: False
 
 
 # 1-PREP
@@ -258,14 +258,14 @@ nginx_log_dir: /var/log/nginx
 # DNS prep (named &/or dhcpd) used to run here.  See dnsmasq in 1-PREP above.
 
 # UNMAINTAINED as of July 2021
-squid_install: False
-squid_enabled: False
+# squid_install: False
+# squid_enabled: False
 
 # UNMAINTAINED as of July 2021
 # DansGuardian REQUIRES Squid (above) be installed & enabled.
 # DansGuardian is NO LONGER AVAILABLE in Debian Buster i.e. since June 2019.
-dansguardian_install: False
-dansguardian_enabled: False
+# dansguardian_install: False
+# dansguardian_enabled: False
 
 # Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
 bluetooth_install: True