From 0484ea38f15e27bb38cc57aaa58186028f2615d9 Mon Sep 17 00:00:00 2001
From: root <holta@users.noreply.github.com>
Date: Mon, 21 Sep 2020 10:21:48 -0400
Subject: [PATCH 1/6] Samba role standardized/modularized, for runrole etc

---
 roles/nginx/README.md                   |  5 +-
 roles/samba/tasks/enable-or-disable.yml | 19 ++++++
 roles/samba/tasks/install.yml           | 41 ++++++++++++
 roles/samba/tasks/main.yml              | 83 ++++++-------------------
 4 files changed, 83 insertions(+), 65 deletions(-)
 create mode 100644 roles/samba/tasks/enable-or-disable.yml
 create mode 100644 roles/samba/tasks/install.yml

diff --git a/roles/nginx/README.md b/roles/nginx/README.md
index 381397476..471414938 100644
--- a/roles/nginx/README.md
+++ b/roles/nginx/README.md
@@ -10,7 +10,7 @@
 
 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX.
 
-3. Current state of IIAB App/Service migrations as of 2020-09-12:
+3. Current state of IIAB App/Service migrations as of 2020-09-21:
 
    1. These support "Native" NGINX but ***NOT*** Apache
       * Admin Console
@@ -47,6 +47,7 @@
       * openvpn
       * pbx [*, requires Apache for now, as in Section iii.]
       * phpmyadmin [*, requires Apache for now, as in Section iii.]
+      * samba
       * transmission [*]
 
-[*] The 6 above starred roles could use improvement, as of 2020-09-12.
+[*] The 6 above starred roles could use improvement, as of 2020-09-21.
diff --git a/roles/samba/tasks/enable-or-disable.yml b/roles/samba/tasks/enable-or-disable.yml
new file mode 100644
index 000000000..607142bde
--- /dev/null
+++ b/roles/samba/tasks/enable-or-disable.yml
@@ -0,0 +1,19 @@
+- name: Enable & Start Samba service ({{ smb_service }}) and NetBIOS name service ({{ nmb_service }}) if samba_enabled
+  systemd:
+    name: "{{ item }}"
+    state: started
+    enabled: yes
+  when: samba_enabled | bool
+  with_items:
+    - "{{ smb_service }}"
+    - "{{ nmb_service }}"
+
+- name: Disable & Stop Samba service ({{ smb_service }}) and NetBIOS name service ({{ nmb_service }}) if not samba_enabled
+  systemd:
+    name: "{{ item }}"
+    state: stopped
+    enabled: no
+  when: not samba_enabled
+  with_items:
+    - "{{ smb_service }}"
+    - "{{ nmb_service }}"
diff --git a/roles/samba/tasks/install.yml b/roles/samba/tasks/install.yml
new file mode 100644
index 000000000..7af2d645a
--- /dev/null
+++ b/roles/samba/tasks/install.yml
@@ -0,0 +1,41 @@
+- name: "Create smb user: {{ smbuser }}"
+  user:
+    name: "{{ smbuser }}"
+    shell: /sbin/nologin
+    password: "{{ smbpassword }}"
+
+- name: "Create public folder: {{ shared_dir }}"
+  file:
+    path: "{{ shared_dir }}"
+    owner: "{{ smbuser }}"
+    group: "{{ smbuser }}"
+    mode: '0777'
+    state: directory
+
+# Install and configure samba server (requires ports 137, 138, 139, 445 open).
+- name: "Install 4 packages: samba, samba-client, samba-common, cifs-client"
+  package:
+    name:
+      - samba
+      - samba-client
+      - samba-common
+      - cifs-utils
+    state: present
+
+- name: Install /etc/samba/smb.conf from template
+  template:
+    src: smb.conf.j2
+    dest: /etc/samba/smb.conf
+
+
+# RECORD Samba AS INSTALLED
+
+- name: "Set 'samba_installed: True'"
+  set_fact:
+    samba_installed: True
+
+- name: "Add 'samba_installed: True' to {{ iiab_state_file }}"
+  lineinfile:
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    regexp: '^samba_installed'
+    line: 'samba_installed: True'
diff --git a/roles/samba/tasks/main.yml b/roles/samba/tasks/main.yml
index 613db11e2..d43fb7366 100755
--- a/roles/samba/tasks/main.yml
+++ b/roles/samba/tasks/main.yml
@@ -1,73 +1,30 @@
-- name: "Create smb user: {{ smbuser }}"
-  user:
-    name: "{{ smbuser }}"
-    shell: /sbin/nologin
-    password: "{{ smbpassword }}"
+# "How do i fail a task in Ansible if the variable contains a boolean value?
+# I want to perform input validation for Ansible playbooks"
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
 
-- name: "Create public folder: {{ shared_dir }}"
-  file:
-    path: "{{ shared_dir }}"
-    owner: "{{ smbuser }}"
-    group: "{{ smbuser }}"
-    mode: '0777'
-    state: directory
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
 
-# Install and configure samba server (requires ports 137, 138, 139, 445 open).
-- name: "Install 4 packages: samba, samba-client, samba-common, cifs-client"
-  package:
-    name:
-      - samba
-      - samba-client
-      - samba-common
-      - cifs-utils
-    state: present
+- name: Assert that "samba_install is sameas true" (boolean not string etc)
+  assert:
+    that: samba_install is sameas true
+    fail_msg: "PLEASE SET 'samba_install: True' e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
 
-- name: Install /etc/samba/smb.conf from template
-  template:
-    src: smb.conf.j2
-    dest: /etc/samba/smb.conf
+- name: Assert that "samba_enabled | type_debug == 'bool'" (boolean not string etc)
+  assert:
+    that: samba_enabled | type_debug == 'bool'
+    fail_msg: "PLEASE GIVE VARIABLE 'samba_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
 
 
-# RECORD Samba AS INSTALLED
-
-- name: "Set 'samba_installed: True'"
-  set_fact:
-    samba_installed: True
-
-- name: "Add 'samba_installed: True' to {{ iiab_state_file }}"
-  lineinfile:
-    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
-    regexp: '^samba_installed'
-    line: 'samba_installed: True'
+- name: Install Samba if 'samba_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
+  include_tasks: install.yml
+  when: samba_installed is undefined
 
 
-- name: Enable & Start Samba systemd service ({{ smb_service }}) if samba_enabled
-  service:
-    name: "{{ smb_service }}"
-    state: started
-    enabled: yes
-  when: samba_enabled | bool
-
-- name: Enable & Start NetBIOS name service ({{ nmb_service }}) if samba_enabled
-  service:
-    name: "{{ nmb_service }}"
-    state: started
-    enabled: yes
-  when: samba_enabled | bool
-
-- name: Disable & Stop Samba systemd service ({{ smb_service }}) if not samba_enabled
-  systemd:
-    name: "{{ smb_service }}"
-    state: stopped
-    enabled: no
-  when: not samba_enabled
-
-- name: Disable & Stop NetBIOS name service ({{ nmb_service }}) if not samba_enabled
-  systemd:
-    name: "{{ nmb_service }}"
-    state: stopped
-    enabled: no
-  when: not samba_enabled
+- include_tasks: enable-or-disable.yml
 
 
 - name: Add 'samba' variable values to {{ iiab_ini_file }}

From 0b10373b84b568c8100329e6993068bc1e1309fe Mon Sep 17 00:00:00 2001
From: root <holta@users.noreply.github.com>
Date: Mon, 21 Sep 2020 10:34:46 -0400
Subject: [PATCH 2/6] Clarify shared_dir is /library/public

---
 roles/samba/tasks/install.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/samba/tasks/install.yml b/roles/samba/tasks/install.yml
index 7af2d645a..5dfb5f5f3 100644
--- a/roles/samba/tasks/install.yml
+++ b/roles/samba/tasks/install.yml
@@ -4,7 +4,7 @@
     shell: /sbin/nologin
     password: "{{ smbpassword }}"
 
-- name: "Create public folder: {{ shared_dir }}"
+- name: "Create public folder: {{ shared_dir }}"    # /library/public
   file:
     path: "{{ shared_dir }}"
     owner: "{{ smbuser }}"

From 1370115e23ade0a1ca1dbd9bdc6c05e935e64fb3 Mon Sep 17 00:00:00 2001
From: root <holta@users.noreply.github.com>
Date: Mon, 21 Sep 2020 14:25:08 -0400
Subject: [PATCH 3/6] Clean tasks/main.yml in stages 1, 3, 4, 6

---
 roles/1-prep/tasks/main.yml           |  4 ++--
 roles/3-base-server/tasks/main.yml    |  1 +
 roles/4-server-options/tasks/main.yml | 21 +++++++++++++--------
 roles/6-generic-apps/tasks/main.yml   |  3 ++-
 4 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml
index bbb87c8cb..1bd10c76b 100644
--- a/roles/1-prep/tasks/main.yml
+++ b/roles/1-prep/tasks/main.yml
@@ -78,12 +78,12 @@
 - name: SSHD
   include_role:
     name: sshd
-  # has no "when: XXXXX_install" flag
+  #when: sshd_install | bool    # Flag might be created in future?
 
 - name: IIAB-ADMIN
   include_role:
     name: iiab-admin
-  # has no "when: XXXXX_install" flag
+  #when: iiab-admin_install | bool    # Flag might be created in future?
 
 - name: OPENVPN
   include_role:
diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml
index b38511a13..96bd8cf3f 100644
--- a/roles/3-base-server/tasks/main.yml
+++ b/roles/3-base-server/tasks/main.yml
@@ -27,6 +27,7 @@
 - name: WWW_BASE (WWW_OPTIONS should be installed later)
   include_role:
     name: www_base
+  #when: www_base_install | bool    # Flag might be created in future?
 
 - name: Recording STAGE 3 HAS COMPLETED =====================
   lineinfile:
diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml
index 5cdd03e99..2ede8689d 100644
--- a/roles/4-server-options/tasks/main.yml
+++ b/roles/4-server-options/tasks/main.yml
@@ -1,19 +1,25 @@
 # Server Options
 
 - name: ...IS BEGINNING ==================================
-  file:
-    path: "{{ iiab_state_file }}"
-    state: touch
+  stat:
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+  register: iiab_state_file_check
 
-- name: Install IIAB's python libs
+# STRICT CHECK in case {iiab-stages.yml, run-one-role.yml, etc} omit this:
+- name: ENFORCE precondition that {{ iiab_state_file }} MUST exist
+  assert:
+    that: iiab_state_file_check.stat.exists
+
+- name: Install pylibs (IIAB's python libs)
   include_role:
     name: pylibs
+  #when: pylibs_install | bool    # Flag might be created in future?
 
 - name: Install named / BIND
   include_tasks: roles/network/tasks/named.yml
   when: named_install | bool
 
-- name: Installing dhcpd
+- name: Install dhcpd
   include_tasks: roles/network/tasks/dhcpd.yml
   when: dhcpd_install | bool
 
@@ -24,7 +30,7 @@
 - name: Install Bluetooth - only on Raspberry Pi
   include_role:
     name: bluetooth
-  when: rpi_model != "none" and bluetooth_install
+  when: bluetooth_install and rpi_model != "none"
 
 - name: USB_LIB
   include_role:
@@ -48,8 +54,7 @@
 - name: WWW_OPTIONS (WWW_BASE should have been installed earlier)
   include_role:
     name: www_options
-  #when: www_options_install | bool
-  #when: apache_install or nginx_install
+  #when: www_options_install | bool    # Flag might be created in future?
 
 - name: Recording STAGE 4 HAS COMPLETED ==================
   lineinfile:
diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml
index 25fe4602c..ae66208b4 100644
--- a/roles/6-generic-apps/tasks/main.yml
+++ b/roles/6-generic-apps/tasks/main.yml
@@ -3,10 +3,11 @@
 - name: ...IS BEGINNING ====================================
   command: echo
 
+# UNMAINTAINED
 - name: AZURACAST
   include_role:
     name: azuracast
-  when: azuracast_install | bool
+  when: azuracast_install is defined and azuracast_install
 
 # UNMAINTAINED
 - name: DOKUWIKI

From 91e76b38ea12f14dfc88a16e7533f783bc157651 Mon Sep 17 00:00:00 2001
From: root <holta@users.noreply.github.com>
Date: Mon, 21 Sep 2020 15:30:44 -0400
Subject: [PATCH 4/6] Clarifying comment in samba/tasks/main.yml

---
 roles/samba/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/samba/tasks/main.yml b/roles/samba/tasks/main.yml
index d43fb7366..78b10ddcf 100755
--- a/roles/samba/tasks/main.yml
+++ b/roles/samba/tasks/main.yml
@@ -29,7 +29,7 @@
 
 - name: Add 'samba' variable values to {{ iiab_ini_file }}
   ini_file:
-    path: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
     section: samba
     option: "{{ item.option }}"
     value: "{{ item.value | string }}"

From fe9f058d86d58333916652ec45c19513d5c7c408 Mon Sep 17 00:00:00 2001
From: root <holta@users.noreply.github.com>
Date: Mon, 21 Sep 2020 16:05:03 -0400
Subject: [PATCH 5/6] Add Mosquitto & vnStat to roles/nginx/README.md

---
 roles/nginx/README.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/roles/nginx/README.md b/roles/nginx/README.md
index 471414938..fcca7f07c 100644
--- a/roles/nginx/README.md
+++ b/roles/nginx/README.md
@@ -45,9 +45,11 @@
       * kalite (menu goes directly to ports 8006-8008)
       * minetest [*]
       * openvpn
+      * mosquitto [*]
       * pbx [*, requires Apache for now, as in Section iii.]
       * phpmyadmin [*, requires Apache for now, as in Section iii.]
       * samba
       * transmission [*]
+      * vnstat [*]
 
-[*] The 6 above starred roles could use improvement, as of 2020-09-21.
+[*] The 8 above starred roles could use improvement, as of 2020-09-21.

From 1d3627510573f343fa140b96a166669bf47e87d0 Mon Sep 17 00:00:00 2001
From: root <holta@users.noreply.github.com>
Date: Mon, 21 Sep 2020 16:41:20 -0400
Subject: [PATCH 6/6] Why is checking for iiab_state.yml in Stage 4?

---
 roles/4-server-options/tasks/main.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml
index 2ede8689d..dd581f84a 100644
--- a/roles/4-server-options/tasks/main.yml
+++ b/roles/4-server-options/tasks/main.yml
@@ -5,7 +5,10 @@
     path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
   register: iiab_state_file_check
 
-# STRICT CHECK in case {iiab-stages.yml, run-one-role.yml, etc} omit this:
+# 2020-09-21: Why is checking for iiab_state.yml in Stage 4 out of curiosity?
+# Possibly move this to Stage 0?  Either way...this is a STRICT CHECK in case
+# {iiab-stages.yml, run-one-role.yml, etc} omit the file from "vars_files:"
+
 - name: ENFORCE precondition that {{ iiab_state_file }} MUST exist
   assert:
     that: iiab_state_file_check.stat.exists