Merge branch '10.10' of https://github.com/georgejhunt/iiab into 10.10

2025-02-12 11:12:06 +00:00 · 2022-07-08 20:32:53 -04:00 · 2022-07-08 20:32:53 -04:00 · 56b854fcaf
commit 56b854fcaf
parent e04325eeb2 d7d7270e21
15 changed files with 68 additions and 41 deletions
--- a/roles/captiveportal/templates/iiab-divert-to-nginx
+++ b/roles/captiveportal/templates/iiab-divert-to-nginx
@ -1,4 +1,4 @@
 #!/bin/bash -x
-awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
+awk '{print("address=/" $1 "/{{ lan_ip }}")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
 echo "#following tells windows 7 that captive portal is active" >> /etc/dnsmasq.d/capture
 echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture
--- a/roles/cups/tasks/install.yml
+++ b/roles/cups/tasks/install.yml
@ -76,14 +76,14 @@
    name: cups
    state: started

-# - name: "Authorize Nearby IP Addresses: Run 'cupsctl --remote-admin --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://172.18.96.1:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf"
+# - name: "Authorize Nearby IP Addresses: Run 'cupsctl --remote-admin --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://{{ lan_ip }}:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf"
 #   command: cupsctl --remote-admin --share-printers --user-cancel-any

 # 2021-07-11: BOTH FLAGS *CANNOT* BE USED TOGETHER -- CHOOSE ONE OR THE OTHER:
 # (1) '--remote-admin' AS ABOVE, OR (2) '--remote-any' AS BELOW.
 # (RUN 'cupsctl' WITHOUT PARAMETERS TO CONFIRM THIS!)

- name: "Authorize All IP Addresses: Run 'cupsctl --remote-any --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://172.18.96.1:631 AND http://10.8.0.y:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf"
+- name: "Authorize All IP Addresses: Run 'cupsctl --remote-any --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://{{ lan_ip }}:631 AND http://10.8.0.y:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf"
  command: cupsctl --remote-any --share-printers --user-cancel-any

 # 2021-07-11: In theory 'cupsctl' stanzas could be put in enable-or-disable.yml
@ -96,7 +96,7 @@
 #   command: cupsctl --no-remote-admin --no-remote-any --no-share-printers --no-user-cancel-any --no-debug-logging
 #   when: not cups_enabled

-# - name: "2021-07-14: EXPERIMENTALLY ADD DIRECTIVES TO /etc/cups/cupsd.conf followed by 'systemctl restart cups'.  As should no longer be nec thanks to NEW cups/templates/cups.conf for /etc/nginx/conf.d/cups.conf (followed by 'systemctl restart nginx').  Which FIXED URL'S LIKE: http://box/print, http://box.lan/print, http://192.168.0.x/print, http://172.18.96.1/print and http://10.8.0.x/print (WITH OR WITHOUT THE TRAILING SLASH!)  RECAP: (1) So be it that these 2 URL'S STILL DON'T WORK: http://box:631, http://box.lan:631 (due to CUPS' internal web server's overly stringent hostname checks, i.e. '400 Bad Request' and 'Request from \"localhost\" using invalid Host: field \"box[.lan]:631\".' in /var/log/cups/error_log) -- (2) While these 2 URL'S STILL DO WORK: http://localhost:631, http://127.0.0.1:631 -- (3) Whereas these 3 URL'S MAY WORK, DEPENDING ON 'cupsctl' COMMAND(S) ABOVE: http://192.168.0.x:631, http://172.18.96.1:631, http://10.8.0.x:631"
+# - name: "2021-07-14: EXPERIMENTALLY ADD DIRECTIVES TO /etc/cups/cupsd.conf followed by 'systemctl restart cups'.  As should no longer be nec thanks to NEW cups/templates/cups.conf for /etc/nginx/conf.d/cups.conf (followed by 'systemctl restart nginx').  Which FIXED URL'S LIKE: http://box/print, http://box.lan/print, http://192.168.0.x/print, http://{{ lan_ip }}/print and http://10.8.0.x/print (WITH OR WITHOUT THE TRAILING SLASH!)  RECAP: (1) So be it that these 2 URL'S STILL DON'T WORK: http://box:631, http://box.lan:631 (due to CUPS' internal web server's overly stringent hostname checks, i.e. '400 Bad Request' and 'Request from \"localhost\" using invalid Host: field \"box[.lan]:631\".' in /var/log/cups/error_log) -- (2) While these 2 URL'S STILL DO WORK: http://localhost:631, http://127.0.0.1:631 -- (3) Whereas these 3 URL'S MAY WORK, DEPENDING ON 'cupsctl' COMMAND(S) ABOVE: http://192.168.0.x:631, http://{{ lan_ip }}:631, http://10.8.0.x:631"
 #   lineinfile:
 #     path: /etc/cups/cupsd.conf
 #     line: "{{ item }}"
@ -105,7 +105,7 @@
 #     - "HostNameLookups On"    # More False Leads: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530027
 #     - "ServerAlias *"
 #     - "#ServerName {{ iiab_hostname }}.{{ iiab_domain }}"    # box.lan
-#     - "#Listen {{ lan_ip }}:631"    # 172.18.96.1
+#     - "#Listen {{ lan_ip }}:631"    # {{ lan_ip }}
 #     - "#Listen 127.0.0.1:631"
 #     - "#Listen 0.0.0.0:631"
 #     - "#Listen *:631"
--- a/roles/cups/templates/cups.conf.j2
+++ b/roles/cups/templates/cups.conf.j2
@ -21,7 +21,7 @@ location ~ ^/print(|/.*)$ {    # '~' -> '~*' for case-insensitive regex
        return 301 http://localhost:631;
    }

-    return 301 http://$host:631;   # For 192.168.0.x, 172.18.96.1, 10.8.0.y ETC
+    return 301 http://$host:631;   # For {{ lan_ip }}, 172.18.96.1, 10.8.0.y ETC
 }


--- a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2
+++ b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2
@ -5,15 +5,22 @@ ddns-update-style interim;
 #ignore client-updates;

 option domain-name "{{ iiab_domain }}";
-option domain-name-servers      172.18.96.1;
-option ntp-servers		172.18.96.1;
+option domain-name-servers      {{ lan_ip }};
+option ntp-servers		{{ lan_ip }};

 subnet 172.18.96.0 netmask 255.255.224.0 {
 	{% if iiab_network_mode == "Gateway" %}
-	option routers			172.18.96.1;
+	option routers			{{ lan_ip }};
 	{% endif %}
-	option subnet-mask		255.255.224.0;
-	option broadcast-address	172.18.127.255;
+	{% if network_172 %}
+   	option subnet-mask		255.255.224.0;
+	   option broadcast-address	172.18.127.255;
+	{% else %}
+	   option subnet-mask		255.255.255.0;
+	   option broadcast-address	10.10.10.255;
+	{% endif %}
+
+   # Description of network allocations in old OLPC school server
 	# this is the whole range we have available - 8K addresses
 	# range                           172.18.96.2 172.18.127.254;
 	# instead, we'll save 510 addresses for later. 
--- a/roles/network/templates/gateway/iiab-gen-iptables
+++ b/roles/network/templates/gateway/iiab-gen-iptables
@ -64,7 +64,7 @@ echo "iiab_gateway_enabled: $iiab_gateway_enabled"
 echo
 #network_mode=`grep iiab_network_mode_applied /etc/iiab/iiab.ini | gawk '{print $3}'`
 #echo -e "Network Mode: $network_mode\n"
-lan_ip=$(iiab_var_value lan_ip)    # 172.18.96.1
+lan_ip=$(iiab_var_value lan_ip)    # {{ lan_ip }}

 ports_externally_visible=$(iiab_var_value ports_externally_visible)
 gw_block_https=$(iiab_var_value gw_block_https)
--- a/roles/network/templates/named/school.internal.zone.db
+++ b/roles/network/templates/named/school.internal.zone.db
@ -1,19 +1,19 @@
@ in soa localhost. root 1 3H 15M 1W 1D
  ns localhost.

-{{ iiab_hostname }}	IN	A	172.18.96.1
-schoolserver	IN	A	172.18.96.1
-school		IN	A	172.18.96.1
-www		IN	A	172.18.96.1
-ntp		IN	A	172.18.96.1
-time		IN	A	172.18.96.1
-presence	IN	A	172.18.96.1
-xs		IN	A	172.18.96.1
-library		IN	A	172.18.96.1
-box		IN	A	172.18.96.1
+{{ iiab_hostname }}	IN	A	{{ lan_ip }}
+schoolserver	IN	A	{{ lan_ip }}
+school		IN	A	{{ lan_ip }}
+www		IN	A	{{ lan_ip }}
+ntp		IN	A	{{ lan_ip }}
+time		IN	A	{{ lan_ip }}
+presence	IN	A	{{ lan_ip }}
+xs		IN	A	{{ lan_ip }}
+library		IN	A	{{ lan_ip }}
+box		IN	A	{{ lan_ip }}


-conference.schoolserver	IN	A	172.18.96.1
+conference.schoolserver	IN	A	{{ lan_ip }}


 ; translations of school - in plain latin script
--- a/roles/network/templates/named/school.local.zone.db
+++ b/roles/network/templates/named/school.local.zone.db
@ -3,18 +3,18 @@
@ in soa localhost. root 1 3H 15M 1W 1D
  ns localhost.

-{{ iiab_hostname }}	IN	A	172.18.96.1
-schoolserver	IN	A	172.18.96.1
-school		IN	A	172.18.96.1
-www		IN	A	172.18.96.1
-ntp		IN	A	172.18.96.1
-time		IN	A	172.18.96.1
-presence	IN	A	172.18.96.1
-xs		IN	A	172.18.96.1
-library		IN	A	172.18.96.1
-box		IN	A	172.18.96.1
+{{ iiab_hostname }}	IN	A	{{ lan_ip }}
+schoolserver	IN	A	{{ lan_ip }}
+school		IN	A	{{ lan_ip }}
+www		IN	A	{{ lan_ip }}
+ntp		IN	A	{{ lan_ip }}
+time		IN	A	{{ lan_ip }}
+presence	IN	A	{{ lan_ip }}
+xs		IN	A	{{ lan_ip }}
+library		IN	A	{{ lan_ip }}
+box		IN	A	{{ lan_ip }}

-conference.schoolserver	IN	A	172.18.96.1
+conference.schoolserver	IN	A	{{ lan_ip }}


 ; translations of school - in plain latin script
--- a/roles/network/templates/network/bridge-br0
+++ b/roles/network/templates/network/bridge-br0
@ -6,7 +6,11 @@ interface-name=br0
 permissions=

 [ipv4]
+{% if network_172 %}
 address1={{ lan_ip }}/19
+{% else %}
+address1={{ lan_ip }}/24
+{% endif %}
 dns-search={{ iiab_domain }}
 method=manual

--- a/roles/network/templates/network/dhcpcd.conf.j2
+++ b/roles/network/templates/network/dhcpcd.conf.j2
@ -58,7 +58,11 @@ denyinterfaces {{ iiab_wired_lan_iface }}

 {% if dhcpcd_result == "enabled" and iiab_lan_iface != "none" %}
 interface {{ iiab_lan_iface }}
+{% if network_172 %}
 static ip_address={{ lan_ip }}/19
+{% else %}
+static ip_address={{ lan_ip }}/24
+{% endif %}
 static domain_name_servers=127.0.0.1
 {% endif %}

--- a/roles/network/templates/network/dnsmasq.conf.j2
+++ b/roles/network/templates/network/dnsmasq.conf.j2
@ -18,7 +18,12 @@ addn-hosts=/etc/hosts.dnsmasq
 expand-hosts

 # Specify the range of IP addresses the DHCP server will lease out to devices, and the duration of the lease
-dhcp-range=172.18.100.1,172.18.126.254,1h
+{% if network_172 %}
+	dhcp-range=172.18.100.1,172.18.126.254,1h
+{% else %}
+	dhcp-range=10.10.10.21,10.10.10.253,1h
+{% endif %}
+
 # Specify the default route
 dhcp-option=3,{{ lan_ip }}
 # Specify the DNS server address
--- a/roles/network/templates/network/systemd-br0-network.j2
+++ b/roles/network/templates/network/systemd-br0-network.j2
@ -3,7 +3,11 @@
 Name=br0

 [Network]
+{% if network_172 %}
 Address={{ lan_ip }}/19
+{% else %}
+Address={{ lan_ip }}/24
+{% endif %}
 LinkLocalAddressing=no
 ConfigureWithoutCarrier=yes
 RequiredForOnline=degraded-carrier
--- a/roles/nextcloud/README.md
+++ b/roles/nextcloud/README.md
@ -43,7 +43,7 @@ Useful PHP recommendations for these settings (while largely tailored to WordPre

 ## Using It

-Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://172.18.96.1/nextcloud (or similar) using:
+Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://{{ lan_ip }}/nextcloud (or similar) using:

    Username: Admin
    Password: changeme
--- a/roles/samba/templates/smb.conf.j2
+++ b/roles/samba/templates/smb.conf.j2
@ -92,7 +92,7 @@
 ;	netbios name = MYSERVER

 ;	interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
-	hosts allow = 127. 172.18.
+	hosts allow = 127. 172.18. 10.10.

 ;	max protocol = SMB2

--- a/roles/transmission/defaults/main.yml
+++ b/roles/transmission/defaults/main.yml
@ -12,7 +12,7 @@
 # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme
 # transmission_http_port: 9091
 # transmission_url: /transmission/
-# transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*
+# transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*,10.10.10.*
 # transmission_whitelist_enabled: "false"  # LOWERCASE STRING for settings.json
 # transmission_peer_port: 51413

--- a/vars/default_vars.yml
+++ b/vars/default_vars.yml
@ -99,8 +99,11 @@ js_menu_install: True

 iiab_hostname: box
 iiab_domain: lan
-lan_ip: 172.18.96.1
-lan_netmask: 255.255.224.0
+lan_ip: 10.10.10.10
+network_172: False
+#lan_ip: 172.18.96.1 # Use this ip for compatibility with older network systems
+lan_netmask: 255.255.255.0
+#lan_netmask: 255.255.224.0 # Older networks were larger

 # Internal Wi-Fi Access Point
 # Values are used if there is an internal Wi-Fi adapter and hostapd is enabled.
@ -541,7 +544,7 @@ transmission_group: debian-transmission
 # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme
 transmission_http_port: 9091
 transmission_url: /transmission/
-transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*
+transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*,10.10.10,*
 transmission_whitelist_enabled: "false"    # LOWERCASE STRING for settings.json
 transmission_peer_port: 51413