external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-02-12 19:22:24 +00:00
Code Issues Releases Wiki Activity

Merge branch '10.10' of https://github.com/georgejhunt/iiab into 10.10

Browse source
This commit is contained in:
root 2022-07-08 20:32:53 -04:00
commit 56b854fcaf
15 changed files with 68 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
roles/captiveportal/templates/iiab-divert-to-nginx
View file

@ -1,4 +1,4 @@
#!/bin/bash -x #!/bin/bash -x
awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture awk '{print("address=/" $1 "/{{ lan_ip }}")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
echo "#following tells windows 7 that captive portal is active" >> /etc/dnsmasq.d/capture echo "#following tells windows 7 that captive portal is active" >> /etc/dnsmasq.d/capture
echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture

8
roles/cups/tasks/install.yml
View file

@ -76,14 +76,14 @@
name: cups name: cups
state: started state: started
# - name: "Authorize Nearby IP Addresses: Run 'cupsctl --remote-admin --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://172.18.96.1:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf" # - name: "Authorize Nearby IP Addresses: Run 'cupsctl --remote-admin --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://{{ lan_ip }}:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf"
# command: cupsctl --remote-admin --share-printers --user-cancel-any # command: cupsctl --remote-admin --share-printers --user-cancel-any
# 2021-07-11: BOTH FLAGS *CANNOT* BE USED TOGETHER -- CHOOSE ONE OR THE OTHER: # 2021-07-11: BOTH FLAGS *CANNOT* BE USED TOGETHER -- CHOOSE ONE OR THE OTHER:
# (1) '--remote-admin' AS ABOVE, OR (2) '--remote-any' AS BELOW. # (1) '--remote-admin' AS ABOVE, OR (2) '--remote-any' AS BELOW.
# (RUN 'cupsctl' WITHOUT PARAMETERS TO CONFIRM THIS!) # (RUN 'cupsctl' WITHOUT PARAMETERS TO CONFIRM THIS!)
- name: "Authorize All IP Addresses: Run 'cupsctl --remote-any --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://172.18.96.1:631 AND http://10.8.0.y:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf" - name: "Authorize All IP Addresses: Run 'cupsctl --remote-any --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://{{ lan_ip }}:631 AND http://10.8.0.y:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf"
command: cupsctl --remote-any --share-printers --user-cancel-any command: cupsctl --remote-any --share-printers --user-cancel-any
# 2021-07-11: In theory 'cupsctl' stanzas could be put in enable-or-disable.yml # 2021-07-11: In theory 'cupsctl' stanzas could be put in enable-or-disable.yml
@ -96,7 +96,7 @@
# command: cupsctl --no-remote-admin --no-remote-any --no-share-printers --no-user-cancel-any --no-debug-logging # command: cupsctl --no-remote-admin --no-remote-any --no-share-printers --no-user-cancel-any --no-debug-logging
# when: not cups_enabled # when: not cups_enabled
# - name: "2021-07-14: EXPERIMENTALLY ADD DIRECTIVES TO /etc/cups/cupsd.conf followed by 'systemctl restart cups'. As should no longer be nec thanks to NEW cups/templates/cups.conf for /etc/nginx/conf.d/cups.conf (followed by 'systemctl restart nginx'). Which FIXED URL'S LIKE: http://box/print, http://box.lan/print, http://192.168.0.x/print, http://172.18.96.1/print and http://10.8.0.x/print (WITH OR WITHOUT THE TRAILING SLASH!) RECAP: (1) So be it that these 2 URL'S STILL DON'T WORK: http://box:631, http://box.lan:631 (due to CUPS' internal web server's overly stringent hostname checks, i.e. '400 Bad Request' and 'Request from \"localhost\" using invalid Host: field \"box[.lan]:631\".' in /var/log/cups/error_log) -- (2) While these 2 URL'S STILL DO WORK: http://localhost:631, http://127.0.0.1:631 -- (3) Whereas these 3 URL'S MAY WORK, DEPENDING ON 'cupsctl' COMMAND(S) ABOVE: http://192.168.0.x:631, http://172.18.96.1:631, http://10.8.0.x:631" # - name: "2021-07-14: EXPERIMENTALLY ADD DIRECTIVES TO /etc/cups/cupsd.conf followed by 'systemctl restart cups'. As should no longer be nec thanks to NEW cups/templates/cups.conf for /etc/nginx/conf.d/cups.conf (followed by 'systemctl restart nginx'). Which FIXED URL'S LIKE: http://box/print, http://box.lan/print, http://192.168.0.x/print, http://{{ lan_ip }}/print and http://10.8.0.x/print (WITH OR WITHOUT THE TRAILING SLASH!) RECAP: (1) So be it that these 2 URL'S STILL DON'T WORK: http://box:631, http://box.lan:631 (due to CUPS' internal web server's overly stringent hostname checks, i.e. '400 Bad Request' and 'Request from \"localhost\" using invalid Host: field \"box[.lan]:631\".' in /var/log/cups/error_log) -- (2) While these 2 URL'S STILL DO WORK: http://localhost:631, http://127.0.0.1:631 -- (3) Whereas these 3 URL'S MAY WORK, DEPENDING ON 'cupsctl' COMMAND(S) ABOVE: http://192.168.0.x:631, http://{{ lan_ip }}:631, http://10.8.0.x:631"
# lineinfile: # lineinfile:
# path: /etc/cups/cupsd.conf # path: /etc/cups/cupsd.conf
# line: "{{ item }}" # line: "{{ item }}"
@ -105,7 +105,7 @@
# - "HostNameLookups On" # More False Leads: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530027 # - "HostNameLookups On" # More False Leads: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530027
# - "ServerAlias *" # - "ServerAlias *"
# - "#ServerName {{ iiab_hostname }}.{{ iiab_domain }}" # box.lan # - "#ServerName {{ iiab_hostname }}.{{ iiab_domain }}" # box.lan
# - "#Listen {{ lan_ip }}:631" # 172.18.96.1 # - "#Listen {{ lan_ip }}:631" # {{ lan_ip }}
# - "#Listen 127.0.0.1:631" # - "#Listen 127.0.0.1:631"
# - "#Listen 0.0.0.0:631" # - "#Listen 0.0.0.0:631"
# - "#Listen *:631" # - "#Listen *:631"

2
roles/cups/templates/cups.conf.j2
View file

@ -21,7 +21,7 @@ location ~ ^/print(|/.*)$ { # '~' -> '~*' for case-insensitive regex
return 301 http://localhost:631; return 301 http://localhost:631;
} }
return 301 http://$host:631; # For 192.168.0.x, 172.18.96.1, 10.8.0.y ETC return 301 http://$host:631; # For {{ lan_ip }}, 172.18.96.1, 10.8.0.y ETC
} }

17
roles/network/templates/dhcp/dhcpd-iiab.conf.j2
View file

@ -5,15 +5,22 @@ ddns-update-style interim;
#ignore client-updates; #ignore client-updates;
option domain-name "{{ iiab_domain }}"; option domain-name "{{ iiab_domain }}";
option domain-name-servers 172.18.96.1; option domain-name-servers {{ lan_ip }};
option ntp-servers 172.18.96.1; option ntp-servers {{ lan_ip }};
subnet 172.18.96.0 netmask 255.255.224.0 { subnet 172.18.96.0 netmask 255.255.224.0 {
{% if iiab_network_mode == "Gateway" %} {% if iiab_network_mode == "Gateway" %}
option routers 172.18.96.1; option routers {{ lan_ip }};
{% endif %} {% endif %}
option subnet-mask 255.255.224.0; {% if network_172 %}
option broadcast-address 172.18.127.255; option subnet-mask 255.255.224.0;
option broadcast-address 172.18.127.255;
{% else %}
option subnet-mask 255.255.255.0;
option broadcast-address 10.10.10.255;
{% endif %}
# Description of network allocations in old OLPC school server
# this is the whole range we have available - 8K addresses # this is the whole range we have available - 8K addresses
# range 172.18.96.2 172.18.127.254; # range 172.18.96.2 172.18.127.254;
# instead, we'll save 510 addresses for later. # instead, we'll save 510 addresses for later.

2
roles/network/templates/gateway/iiab-gen-iptables
View file

@ -64,7 +64,7 @@ echo "iiab_gateway_enabled: $iiab_gateway_enabled"
echo echo
#network_mode=`grep iiab_network_mode_applied /etc/iiab/iiab.ini | gawk '{print $3}'` #network_mode=`grep iiab_network_mode_applied /etc/iiab/iiab.ini | gawk '{print $3}'`
#echo -e "Network Mode: $network_mode\n" #echo -e "Network Mode: $network_mode\n"
lan_ip=$(iiab_var_value lan_ip) # 172.18.96.1 lan_ip=$(iiab_var_value lan_ip) # {{ lan_ip }}
ports_externally_visible=$(iiab_var_value ports_externally_visible) ports_externally_visible=$(iiab_var_value ports_externally_visible)
gw_block_https=$(iiab_var_value gw_block_https) gw_block_https=$(iiab_var_value gw_block_https)

22
roles/network/templates/named/school.internal.zone.db
View file

@ -1,19 +1,19 @@
@ in soa localhost. root 1 3H 15M 1W 1D @ in soa localhost. root 1 3H 15M 1W 1D
ns localhost. ns localhost.
{{ iiab_hostname }} IN A 172.18.96.1 {{ iiab_hostname }} IN A {{ lan_ip }}
schoolserver IN A 172.18.96.1 schoolserver IN A {{ lan_ip }}
school IN A 172.18.96.1 school IN A {{ lan_ip }}
www IN A 172.18.96.1 www IN A {{ lan_ip }}
ntp IN A 172.18.96.1 ntp IN A {{ lan_ip }}
time IN A 172.18.96.1 time IN A {{ lan_ip }}
presence IN A 172.18.96.1 presence IN A {{ lan_ip }}
xs IN A 172.18.96.1 xs IN A {{ lan_ip }}
library IN A 172.18.96.1 library IN A {{ lan_ip }}
box IN A 172.18.96.1 box IN A {{ lan_ip }}
conference.schoolserver IN A 172.18.96.1 conference.schoolserver IN A {{ lan_ip }}
; translations of school - in plain latin script ; translations of school - in plain latin script

22
roles/network/templates/named/school.local.zone.db
View file

@ -3,18 +3,18 @@
@ in soa localhost. root 1 3H 15M 1W 1D @ in soa localhost. root 1 3H 15M 1W 1D
ns localhost. ns localhost.
{{ iiab_hostname }} IN A 172.18.96.1 {{ iiab_hostname }} IN A {{ lan_ip }}
schoolserver IN A 172.18.96.1 schoolserver IN A {{ lan_ip }}
school IN A 172.18.96.1 school IN A {{ lan_ip }}
www IN A 172.18.96.1 www IN A {{ lan_ip }}
ntp IN A 172.18.96.1 ntp IN A {{ lan_ip }}
time IN A 172.18.96.1 time IN A {{ lan_ip }}
presence IN A 172.18.96.1 presence IN A {{ lan_ip }}
xs IN A 172.18.96.1 xs IN A {{ lan_ip }}
library IN A 172.18.96.1 library IN A {{ lan_ip }}
box IN A 172.18.96.1 box IN A {{ lan_ip }}
conference.schoolserver IN A 172.18.96.1 conference.schoolserver IN A {{ lan_ip }}
; translations of school - in plain latin script ; translations of school - in plain latin script

4
roles/network/templates/network/bridge-br0
View file

@ -6,7 +6,11 @@ interface-name=br0
permissions= permissions=
[ipv4] [ipv4]
{% if network_172 %}
address1={{ lan_ip }}/19 address1={{ lan_ip }}/19
{% else %}
address1={{ lan_ip }}/24
{% endif %}
dns-search={{ iiab_domain }} dns-search={{ iiab_domain }}
method=manual method=manual

4
roles/network/templates/network/dhcpcd.conf.j2
View file

@ -58,7 +58,11 @@ denyinterfaces {{ iiab_wired_lan_iface }}
{% if dhcpcd_result == "enabled" and iiab_lan_iface != "none" %} {% if dhcpcd_result == "enabled" and iiab_lan_iface != "none" %}
interface {{ iiab_lan_iface }} interface {{ iiab_lan_iface }}
{% if network_172 %}
static ip_address={{ lan_ip }}/19 static ip_address={{ lan_ip }}/19
{% else %}
static ip_address={{ lan_ip }}/24
{% endif %}
static domain_name_servers=127.0.0.1 static domain_name_servers=127.0.0.1
{% endif %} {% endif %}

7
roles/network/templates/network/dnsmasq.conf.j2
View file

@ -18,7 +18,12 @@ addn-hosts=/etc/hosts.dnsmasq
expand-hosts expand-hosts
# Specify the range of IP addresses the DHCP server will lease out to devices, and the duration of the lease # Specify the range of IP addresses the DHCP server will lease out to devices, and the duration of the lease
dhcp-range=172.18.100.1,172.18.126.254,1h {% if network_172 %}
dhcp-range=172.18.100.1,172.18.126.254,1h
{% else %}
dhcp-range=10.10.10.21,10.10.10.253,1h
{% endif %}
# Specify the default route # Specify the default route
dhcp-option=3,{{ lan_ip }} dhcp-option=3,{{ lan_ip }}
# Specify the DNS server address # Specify the DNS server address

4
roles/network/templates/network/systemd-br0-network.j2
View file

@ -3,7 +3,11 @@
Name=br0 Name=br0
[Network] [Network]
{% if network_172 %}
Address={{ lan_ip }}/19 Address={{ lan_ip }}/19
{% else %}
Address={{ lan_ip }}/24
{% endif %}
LinkLocalAddressing=no LinkLocalAddressing=no
ConfigureWithoutCarrier=yes ConfigureWithoutCarrier=yes
RequiredForOnline=degraded-carrier RequiredForOnline=degraded-carrier

2
roles/nextcloud/README.md
View file

@ -43,7 +43,7 @@ Useful PHP recommendations for these settings (while largely tailored to WordPre
## Using It ## Using It
Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://172.18.96.1/nextcloud (or similar) using: Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://{{ lan_ip }}/nextcloud (or similar) using:
Username: Admin Username: Admin
Password: changeme Password: changeme

2
roles/samba/templates/smb.conf.j2
View file

@ -92,7 +92,7 @@
; netbios name = MYSERVER ; netbios name = MYSERVER
; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
hosts allow = 127. 172.18. hosts allow = 127. 172.18. 10.10.
; max protocol = SMB2 ; max protocol = SMB2

2
roles/transmission/defaults/main.yml
View file

@ -12,7 +12,7 @@
# Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme
# transmission_http_port: 9091 # transmission_http_port: 9091
# transmission_url: /transmission/ # transmission_url: /transmission/
# transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.* # transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*,10.10.10.*
# transmission_whitelist_enabled: "false" # LOWERCASE STRING for settings.json # transmission_whitelist_enabled: "false" # LOWERCASE STRING for settings.json
# transmission_peer_port: 51413 # transmission_peer_port: 51413

9
vars/default_vars.yml
View file

@ -99,8 +99,11 @@ js_menu_install: True
iiab_hostname: box iiab_hostname: box
iiab_domain: lan iiab_domain: lan
lan_ip: 172.18.96.1 lan_ip: 10.10.10.10
lan_netmask: 255.255.224.0 network_172: False
#lan_ip: 172.18.96.1 # Use this ip for compatibility with older network systems
lan_netmask: 255.255.255.0
#lan_netmask: 255.255.224.0 # Older networks were larger
# Internal Wi-Fi Access Point # Internal Wi-Fi Access Point
# Values are used if there is an internal Wi-Fi adapter and hostapd is enabled. # Values are used if there is an internal Wi-Fi adapter and hostapd is enabled.
@ -541,7 +544,7 @@ transmission_group: debian-transmission
# Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme
transmission_http_port: 9091 transmission_http_port: 9091
transmission_url: /transmission/ transmission_url: /transmission/
transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.* transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*,10.10.10,*
transmission_whitelist_enabled: "false" # LOWERCASE STRING for settings.json transmission_whitelist_enabled: "false" # LOWERCASE STRING for settings.json
transmission_peer_port: 51413 transmission_peer_port: 51413