From d87821d2666adb620db36646d4fdcdb064f9760a Mon Sep 17 00:00:00 2001
From: root <holta@users.noreply.github.com>
Date: Tue, 22 Sep 2020 01:04:06 -0400
Subject: [PATCH 1/7] 9 core roles check their vars + 3 roles record to
 iiab_state.yml

---
 .../{enable.yml => enable-or-disable.yml}     |   0
 roles/azuracast/tasks/install.yml             |   8 +-
 roles/azuracast/tasks/main.yml                |  49 ++++++--
 roles/bluetooth/tasks/enable.yml              |  50 +++-----
 roles/bluetooth/tasks/main.yml                |  46 +++++++-
 roles/cups/tasks/enable-or-disable.yml        |  51 ++++++++
 roles/cups/tasks/install.yml                  |  37 ++++++
 roles/cups/tasks/main.yml                     | 111 ++++--------------
 roles/firmware/tasks/main.yml                 |  15 +++
 roles/iiab-admin/tasks/main.yml               |  13 ++
 roles/minetest/tasks/enable.yml               |  22 +---
 roles/minetest/tasks/main.yml                 |  51 +++++++-
 roles/monit/tasks/enable-or-disable.yml       |  22 ++++
 roles/monit/tasks/install.yml                 |  36 ++----
 roles/monit/tasks/main.yml                    |  49 +++++++-
 roles/mosquitto/tasks/enable-or-disable.yml   |  15 +++
 roles/mosquitto/tasks/enable.yml              |  21 ----
 roles/mosquitto/tasks/install.yml             |   4 +-
 roles/mosquitto/tasks/main.yml                |  45 ++++++-
 roles/nginx/README.md                         |  13 +-
 roles/phpmyadmin/tasks/enable-or-disable.yml  |   9 ++
 roles/phpmyadmin/tasks/install.yml            |  75 ++++++++++++
 roles/phpmyadmin/tasks/main.yml               | 103 ++++------------
 roles/pylibs/tasks/main.yml                   |  13 ++
 roles/samba/tasks/enable-or-disable.yml       |   4 +
 roles/sugarizer/tasks/main.yml                |   7 +-
 roles/sugarizer/tasks/main2.yml               |   1 +
 .../transmission/tasks/enable-or-disable.yml  |  25 ++++
 roles/transmission/tasks/install.yml          |  41 +++++++
 roles/transmission/tasks/main.yml             |  83 ++++---------
 roles/vnstat/tasks/enable-or-disable.yml      |  15 +++
 roles/vnstat/tasks/install.yml                |  32 +++++
 roles/vnstat/tasks/main.yml                   |  56 ++++-----
 vars/default_vars.yml                         |  10 +-
 vars/local_vars_big.yml                       |   7 +-
 vars/local_vars_medium.yml                    |   7 +-
 vars/local_vars_min.yml                       |   7 +-
 37 files changed, 737 insertions(+), 416 deletions(-)
 rename roles/azuracast/tasks/{enable.yml => enable-or-disable.yml} (100%)
 create mode 100644 roles/cups/tasks/enable-or-disable.yml
 create mode 100644 roles/cups/tasks/install.yml
 create mode 100644 roles/monit/tasks/enable-or-disable.yml
 create mode 100644 roles/mosquitto/tasks/enable-or-disable.yml
 delete mode 100644 roles/mosquitto/tasks/enable.yml
 create mode 100644 roles/phpmyadmin/tasks/enable-or-disable.yml
 create mode 100644 roles/phpmyadmin/tasks/install.yml
 create mode 100644 roles/transmission/tasks/enable-or-disable.yml
 create mode 100644 roles/transmission/tasks/install.yml
 create mode 100644 roles/vnstat/tasks/enable-or-disable.yml
 create mode 100644 roles/vnstat/tasks/install.yml

diff --git a/roles/azuracast/tasks/enable.yml b/roles/azuracast/tasks/enable-or-disable.yml
similarity index 100%
rename from roles/azuracast/tasks/enable.yml
rename to roles/azuracast/tasks/enable-or-disable.yml
diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml
index 7a19c6a14..73f02d099 100644
--- a/roles/azuracast/tasks/install.yml
+++ b/roles/azuracast/tasks/install.yml
@@ -7,16 +7,16 @@
   template:
     src: env.j2
     dest: "{{ azuracast_host_dir }}/.env"
-    owner: root
-    group: root
+    #owner: root
+    #group: root
     mode: 0644
 
 - name: AzuraCast - Install {{ azuracast_host_dir }}/docker-compose.override.yml from template
   template:
     src: docker-compose.override.yml.j2
     dest: "{{ azuracast_host_dir }}/docker-compose.override.yml"
-    owner: root
-    group: root
+    #owner: root
+    #group: root
     mode: 0644
 
 - name: AzuraCast - Download {{ docker_sh_url }} to {{ azuracast_host_dir }}
diff --git a/roles/azuracast/tasks/main.yml b/roles/azuracast/tasks/main.yml
index 6b3fb0d5f..ef9c28914 100644
--- a/roles/azuracast/tasks/main.yml
+++ b/roles/azuracast/tasks/main.yml
@@ -1,8 +1,43 @@
-- name: Install AzuraCast if azuracast_install
-  include_tasks: install.yml
-  when: azuracast_install and not azuracast_installed is defined | bool
+# "How do i fail a task in Ansible if the variable contains a boolean value?
+# I want to perform input validation for Ansible playbooks"
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
 
-# TODO figure out what to turn off for azuracast
-#- name: Enable AzuraCast
-#  include_tasks: enable.yml
-#  when: azuracast_install or azuracast_installed is defined | bool
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
+
+- name: Assert that "azuracast_install is sameas true" (boolean not string etc)
+  assert:
+    that: azuracast_install is sameas true
+    fail_msg: "PLEASE SET 'azuracast_install: True' e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+- name: Assert that "azuracast_enabled | type_debug == 'bool'" (boolean not string etc)
+  assert:
+    that: azuracast_enabled | type_debug == 'bool'
+    fail_msg: "PLEASE GIVE VARIABLE 'azuracast_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+
+- name: Install AzuraCast if 'azuracast_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
+  include_tasks: install.yml
+  when: azuracast_installed is undefined
+
+
+# TODO figure out what to turn off/on for AzuraCast
+# - include_tasks: enable-or-disable.yml
+
+
+- name: Add 'azuracast' variable values to {{ iiab_ini_file }}
+  ini_file:
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
+    section: azuracast
+    option: "{{ item.option }}"
+    value: "{{ item.value | string }}"
+  with_items:
+    - option: name
+      value: azuracast
+    - option: description
+      value: '"AzuraCast is a self-hosted, all-in-one radio station platform.  Use AzuraCast to schedule podcasts, music, and even do live streaming of audio content.  A variety of streaming formats are supported."'
+    - option: enabled
+      value: "{{ azuracast_enabled }}"
diff --git a/roles/bluetooth/tasks/enable.yml b/roles/bluetooth/tasks/enable.yml
index afb3edf3b..93f2af88f 100644
--- a/roles/bluetooth/tasks/enable.yml
+++ b/roles/bluetooth/tasks/enable.yml
@@ -1,31 +1,33 @@
-- name: Enable & Restart 'bt-agent' service
+- name: systemd daemon-reload
   systemd:
     daemon_reload: yes
-    name: bluetooth
-    enabled: yes
-    state: restarted
 
-# enable or disable bt-agent
-- name: Enable & Restart 'bt-agent' service
+
+# enable or disable both... bluetooth and bt-agent
+- name: 'Enable & Restart 2 services: bluetooth, bt-agent'
   systemd:
-    daemon_reload: yes
-    name: bt-agent
+    name: "{{ item }}"
     enabled: yes
     state: restarted
+  with_items:
+    - bluetooth
+    - bt-agent
   when: bluetooth_enabled or bluetooth_term_enabled
 
-- name: Disable 'bt-agent' service
+- name: 'Disable 2 services: bluetooth, bt-agent'
   systemd:
-    daemon_reload: yes
-    name: bt-agent
+    name: "{{ item }}"
     enabled: no
     state: stopped
+  with_items:
+    - bluetooth
+    - bt-agent
   when: not bluetooth_enabled and not bluetooth_term_enabled
 
+
 # enable or disable bt-pan
 - name: Enable & Restart 'bt-pan' service
   systemd:
-    daemon_reload: yes
     name: bt-pan
     enabled: yes
     state: restarted
@@ -33,16 +35,15 @@
 
 - name: Disable 'bt-pan' service
   systemd:
-    daemon_reload: yes
     name: bt-pan
     enabled: no
     state: stopped
-  when: not bluetooth_enabled | bool
+  when: not bluetooth_enabled
+
 
 # enable or disable bt-term
 - name: Enable & Restart 'bt-term' service
   systemd:
-    daemon_reload: yes
     name: bt-term
     enabled: yes
     state: restarted
@@ -50,24 +51,7 @@
 
 - name: Disable 'bt-term' service
   systemd:
-    daemon_reload: yes
     name: bt-term
     enabled: no
     state: stopped
-  when: not bluetooth_term_enabled | bool
-
-- name: Add 'bluetooth' variable values to {{ iiab_ini_file }}
-  ini_file:
-    path: "{{ iiab_ini_file }}"
-    section: bluetooth
-    option: "{{ item.option }}"
-    value: "{{ item.value | string }}"
-  with_items:
-    - option: name
-      value: Bluetooth
-    - option: description
-      value: '"Bluetooth services for pan and terminal."'
-    - option: bluetooth_enabled
-      value: "{{ bluetooth_enabled }}"
-    - option: bluetooth_term_enabled
-      value: "{{ bluetooth_term_enabled }}"
+  when: not bluetooth_term_enabled
diff --git a/roles/bluetooth/tasks/main.yml b/roles/bluetooth/tasks/main.yml
index 25953ddeb..271df9531 100644
--- a/roles/bluetooth/tasks/main.yml
+++ b/roles/bluetooth/tasks/main.yml
@@ -1,6 +1,44 @@
-- include_tasks: install.yml
-  when: bluetooth_install and not bluetooth_installed is defined
+# "How do i fail a task in Ansible if the variable contains a boolean value?
+# I want to perform input validation for Ansible playbooks"
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
 
-- include_tasks: enable.yml
-  when: bluetooth_install or bluetooth_installed is defined
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
 
+- name: Assert that "bluetooth_install is sameas true" (boolean not string etc)
+  assert:
+    that: bluetooth_install is sameas true
+    fail_msg: "PLEASE SET 'bluetooth_install: True' e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+- name: Assert that "bluetooth_enabled | type_debug == 'bool'" (boolean not string etc)
+  assert:
+    that: bluetooth_enabled | type_debug == 'bool'
+    fail_msg: "PLEASE GIVE VARIABLE 'bluetooth_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+
+- name: Install Bluetooth if 'bluetooth_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
+  include_tasks: install.yml
+  when: bluetooth_installed is undefined
+
+
+- include_tasks: enable.yml    # i.e. enable-or-disable.yml in other roles
+
+
+- name: Add 'bluetooth' variable values to {{ iiab_ini_file }}
+  ini_file:
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
+    section: bluetooth
+    option: "{{ item.option }}"
+    value: "{{ item.value | string }}"
+  with_items:
+    - option: name
+      value: Bluetooth
+    - option: description
+      value: '"Bluetooth services for pan and terminal."'
+    - option: bluetooth_enabled
+      value: "{{ bluetooth_enabled }}"
+    - option: bluetooth_term_enabled
+      value: "{{ bluetooth_term_enabled }}"
diff --git a/roles/cups/tasks/enable-or-disable.yml b/roles/cups/tasks/enable-or-disable.yml
new file mode 100644
index 000000000..970ec9e85
--- /dev/null
+++ b/roles/cups/tasks/enable-or-disable.yml
@@ -0,0 +1,51 @@
+- name: Enable http://box/cups via Apache (MIGHT NOT WORK?)
+  command: a2ensite cups.conf
+  when: cups_enabled | bool
+
+- name: Disable http://box/cups via Apache
+  command: a2dissite cups.conf
+  when: not cups_enabled
+
+- name: systemd daemon-reload
+  systemd:
+    daemon_reload: yes
+
+- name: Enable & (Re)Start 'cups' and 'cups-browsed' systemd services (OS's other than Fedora 18)
+  systemd:
+    name: "{{ item }}"
+    enabled: yes
+    state: restarted
+  with_items:
+    - cups
+    - cups-browsed
+  when: cups_enabled | bool
+  #when: cups_enabled and not is_F18
+
+# - name: Enable & Start 'cups' systemd service (Fedora 18, for XO laptops)
+#   systemd:
+#     name: cups
+#     state: started
+#     enabled: yes
+#   when: cups_enabled and is_F18
+
+- name: Permit headless admin of CUPS -- only works when CUPS daemon is running (if cups_enabled)
+  shell: "cupsctl --remote-admin"
+  when: cups_enabled | bool
+
+- name: Disable & Stop 'cups' & 'cups-browsed' systemd services (OS's other than Fedora 18)
+  systemd:
+    name: "{{ item }}"
+    enabled: no
+    state: stopped
+  with_items:
+    - cups
+    - cups-browsed
+  when: not cups_enabled
+  #when: not cups_enabled and not is_F18
+
+# - name: Disable & Stop 'cups' systemd service (Fedora 18, for XO laptops)
+#   systemd:
+#     name: cups
+#     enabled: no
+#     state: stopped
+#   when: not cups_enabled and is_F18
diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml
new file mode 100644
index 000000000..dd17420ba
--- /dev/null
+++ b/roles/cups/tasks/install.yml
@@ -0,0 +1,37 @@
+- name: "Set 'apache_install: True' and 'apache_enabled: True'"
+  set_fact:
+    apache_install: True
+    apache_enabled: True
+
+- name: APACHE - run 'httpd' role
+  include_role:
+    name: httpd
+
+
+- name: Install 'cups' package
+  package:
+    name: cups
+    state: present
+
+- name: Install our own /etc/cups/cupsd.conf from template, to permit local LAN admin
+  template:
+    src: cupsd.conf
+    dest: /etc/cups/cupsd.conf
+
+- name: Install /etc/{{ apache_conf_dir }}/cups.conf from template
+  template:
+    src: cups.conf
+    dest: "/etc/{{ apache_conf_dir }}/"
+
+
+# RECORD CUPS AS INSTALLED
+
+- name: "Set 'cups_installed: True'"
+  set_fact:
+    cups_installed: True
+
+- name: "Add 'cups_installed: True' to {{ iiab_state_file }}"
+  lineinfile:
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    regexp: '^cups_installed'
+    line: 'cups_installed: True'
diff --git a/roles/cups/tasks/main.yml b/roles/cups/tasks/main.yml
index 3a4beda15..80426c98b 100644
--- a/roles/cups/tasks/main.yml
+++ b/roles/cups/tasks/main.yml
@@ -2,102 +2,43 @@
 # Above URL does NOT work over OpenVPN (ANYONE KNOW WHY?)
 
 # TO DO:
-# - validate input vars + prereqs
-# - move ~7 top stanzas into install.yml
-# - move ~7 next stanzas into enable-or-disable.yml
-#   - create /etc/nginx/conf.d/cups-nginx.conf as SHIM to Apache on port 8090 ?
-#   - deprecate ~2 F18 stanzas?
+#
+# - CREATE /etc/nginx/conf.d/cups-nginx.conf as SHIM to Apache on port 8090.
+#   SEE OTHERS @ https://github.com/iiab/iiab/blob/master/roles/nginx/README.md
 
 
-- name: "Set 'apache_install: True' and 'apache_enabled: True'"
-  set_fact:
-    apache_install: True
-    apache_enabled: True
+# "How do i fail a task in Ansible if the variable contains a boolean value?
+# I want to perform input validation for Ansible playbooks"
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
 
-- name: APACHE - run 'httpd' role
-  include_role:
-    name: httpd
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
+
+- name: Assert that "cups_install is sameas true" (boolean not string etc)
+  assert:
+    that: cups_install is sameas true
+    fail_msg: "PLEASE SET 'cups_install: True' e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+- name: Assert that "cups_enabled | type_debug == 'bool'" (boolean not string etc)
+  assert:
+    that: cups_enabled | type_debug == 'bool'
+    fail_msg: "PLEASE GIVE VARIABLE 'cups_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
 
 
-- name: Install 'cups' package
-  package:
-    name: cups
-    state: present
-
-- name: Install our own /etc/cups/cupsd.conf from template, to permit local LAN admin
-  template:
-    src: cupsd.conf
-    dest: /etc/cups/cupsd.conf
-
-- name: Install /etc/{{ apache_conf_dir }}/cups.conf from template
-  template:
-    src: cups.conf
-    dest: "/etc/{{ apache_conf_dir }}/"
+- name: Install CUPS if 'cups_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
+  include_tasks: install.yml
+  when: cups_installed is undefined
 
 
-# RECORD CUPS AS INSTALLED
-
-- name: "Set 'cups_installed: True'"
-  set_fact:
-    cups_installed: True
-
-- name: "Add 'cups_installed: True' to {{ iiab_state_file }}"
-  lineinfile:
-    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
-    regexp: '^cups_installed'
-    line: 'cups_installed: True'
-
-
-- name: Enable http://box/cups via Apache (MIGHT NOT WORK?)
-  command: a2ensite cups.conf
-  when: cups_enabled | bool
-
-- name: Disable http://box/cups via Apache
-  command: a2dissite cups.conf
-  when: not cups_enabled
-
-- name: Enable & Start 'cups' and 'cups-browsed' systemd services (OS's other than Fedora 18)
-  service:
-    name: "{{ item }}"
-    state: started
-    enabled: yes
-  with_items:
-    - cups
-    - cups-browsed
-  when: cups_enabled and not is_F18
-
-- name: Enable & Start 'cups' systemd service (Fedora 18, for XO laptops)
-  systemd:
-    name: cups
-    state: started
-    enabled: yes
-  when: cups_enabled and is_F18
-
-- name: Permit headless admin of CUPS -- only works when CUPS daemon is running (if cups_enabled)
-  shell: "cupsctl --remote-admin"
-  when: cups_enabled | bool
-
-- name: Disable & Stop 'cups' & 'cups-browsed' systemd services (OS's other than Fedora 18)
-  systemd:
-    name: "{{ item }}"
-    enabled: no
-    state: stopped
-  with_items:
-    - cups
-    - cups-browsed
-  when: not cups_enabled and not is_F18
-
-- name: Disable & Stop 'cups' systemd service (Fedora 18, for XO laptops)
-  systemd:
-    name: cups
-    enabled: no
-    state: stopped
-  when: not cups_enabled and is_F18
+- include_tasks: enable-or-disable.yml
 
 
 - name: Add 'cups' variable values to {{ iiab_ini_file }}
   ini_file:
-    path: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
     section: cups
     option: "{{ item.option }}"
     value: "{{ item.value | string }}"
diff --git a/roles/firmware/tasks/main.yml b/roles/firmware/tasks/main.yml
index 0cec498d6..7ee645607 100644
--- a/roles/firmware/tasks/main.yml
+++ b/roles/firmware/tasks/main.yml
@@ -18,3 +18,18 @@
     daemon_reload: yes
     state: restarted
     enabled: yes
+
+
+
+
+# RECORD firmware AS INSTALLED
+
+- name: "Set 'firmware_installed: True'"
+  set_fact:
+    firmware_installed: True
+
+- name: "Add 'firmware_installed: True' to {{ iiab_state_file }}"
+  lineinfile:
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    regexp: '^firmware_installed'
+    line: 'firmware_installed: True'
diff --git a/roles/iiab-admin/tasks/main.yml b/roles/iiab-admin/tasks/main.yml
index 407711a15..10d9e1a6c 100644
--- a/roles/iiab-admin/tasks/main.yml
+++ b/roles/iiab-admin/tasks/main.yml
@@ -48,3 +48,16 @@
     path: /etc/xdg/lxsession/LXDE-pi/autostart
     line: "@/etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh"
   when: lx.stat.isdir is defined and lx.stat.isdir and is_raspbian and is_debuntu
+
+
+# RECORD iiab-admin AS INSTALLED
+
+- name: "Set 'iiab-admin_installed: True'"
+  set_fact:
+    iiab-admin_installed: True
+
+- name: "Add 'iiab-admin_installed: True' to {{ iiab_state_file }}"
+  lineinfile:
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    regexp: '^iiab-admin_installed'
+    line: 'iiab-admin_installed: True'
diff --git a/roles/minetest/tasks/enable.yml b/roles/minetest/tasks/enable.yml
index 9dfd0693b..c69e1ac79 100644
--- a/roles/minetest/tasks/enable.yml
+++ b/roles/minetest/tasks/enable.yml
@@ -7,30 +7,10 @@
     state: restarted
   when: minetest_enabled | bool
 
-- name: Disable 'minetest-server' service
+- name: Disable & Stop 'minetest-server' service
   systemd:
     daemon_reload: yes
     name: minetest-server
     enabled: no
     state: stopped
   when: not minetest_enabled
-
-- name: Add 'minetest' variable values to {{ iiab_ini_file }}
-  ini_file:
-    path: "{{ iiab_ini_file }}"
-    section: minetest
-    option: "{{ item.option }}"
-    value: "{{ item.value | string }}"
-  with_items:
-    - option: name
-      value: Minetest Server
-    - option: description
-      value: '"Minetest is an open source clone of the Minecraft building blocks game."'
-    - option: minetest_world_dir
-      value: "{{ minetest_world_dir }}"
-    - option: minetest_port
-      value: "{{ minetest_port }}"
-    - option: minetest_enabled
-      value: "{{ minetest_enabled }}"
-    - option: minetest_world_dir
-      value: "{{ minetest_world_dir }}"
diff --git a/roles/minetest/tasks/main.yml b/roles/minetest/tasks/main.yml
index 320079d06..de61fd992 100644
--- a/roles/minetest/tasks/main.yml
+++ b/roles/minetest/tasks/main.yml
@@ -1,5 +1,48 @@
-- include_tasks: provision.yml
-  when: minetest_install and not minetest_installed is defined
+# "How do i fail a task in Ansible if the variable contains a boolean value?
+# I want to perform input validation for Ansible playbooks"
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
 
-- include_tasks: enable.yml
-  when: minetest_install or minetest_installed is defined
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
+
+- name: Assert that "minetest_install is sameas true" (boolean not string etc)
+  assert:
+    that: minetest_install is sameas true
+    fail_msg: "PLEASE SET 'minetest_install: True' e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+- name: Assert that "minetest_enabled | type_debug == 'bool'" (boolean not string etc)
+  assert:
+    that: minetest_enabled | type_debug == 'bool'
+    fail_msg: "PLEASE GIVE VARIABLE 'minetest_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+
+- name: Install Minetest if 'minetest_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
+  include_tasks: provision.yml    # i.e. install.yml in other roles
+  when: minetest_installed is undefined
+
+
+- include_tasks: enable.yml    # i.e. enable-or-disable.yml in other roles
+
+
+- name: Add 'minetest' variable values to {{ iiab_ini_file }}
+  ini_file:
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
+    section: minetest
+    option: "{{ item.option }}"
+    value: "{{ item.value | string }}"
+  with_items:
+    - option: name
+      value: Minetest Server
+    - option: description
+      value: '"Minetest is an open source clone of the Minecraft building blocks game."'
+    - option: minetest_world_dir
+      value: "{{ minetest_world_dir }}"
+    - option: minetest_port
+      value: "{{ minetest_port }}"
+    - option: minetest_enabled
+      value: "{{ minetest_enabled }}"
+    - option: minetest_world_dir
+      value: "{{ minetest_world_dir }}"
diff --git a/roles/monit/tasks/enable-or-disable.yml b/roles/monit/tasks/enable-or-disable.yml
new file mode 100644
index 000000000..c5996710a
--- /dev/null
+++ b/roles/monit/tasks/enable-or-disable.yml
@@ -0,0 +1,22 @@
+#- name: Enable 'monit' service (chkconfig monit on)
+#  command: chkconfig monit on
+#  when: is_debian and ansible_local.local_facts.os_ver == "debian-8"
+
+#- name: Restart monit service
+#  command: service monit restart
+
+- name: Enable & (Re)Start 'monit' systemd service, if monit_enabled
+  systemd:
+    daemon_reload: yes
+    name: monit
+    enabled: yes
+    state: restarted
+  when: monit_enabled | bool
+
+- name: Disable & Stop 'monit' service, if not monit_enabled
+  systemd:
+    daemon_reload: yes
+    name: monit
+    enabled: no
+    state: stopped
+  when: not monit_enabled
diff --git a/roles/monit/tasks/install.yml b/roles/monit/tasks/install.yml
index 96addc26e..271f6e074 100644
--- a/roles/monit/tasks/install.yml
+++ b/roles/monit/tasks/install.yml
@@ -3,19 +3,19 @@
     name: monit
     state: present
 
-- name: Install chkconfig package (debian-8)
-  package:
-    name: chkconfig
-    state: present
-  when: is_debian and ansible_distribution_major_version == "8"
+# - name: Install chkconfig package (debian-8)
+#   package:
+#     name: chkconfig
+#     state: present
+#   when: is_debian and ansible_distribution_major_version == "8"
 
 - name: Install /etc/monitrc from template
   template:
     backup: yes
     src: monitrc
     dest: /etc/monitrc
-    owner: root
-    group: root
+    #owner: root
+    #group: root
     mode: '0600'
 
 # - name: Install config file /etc/monit.d/watchdog from template (NEVER RUNS, WHY?)
@@ -32,28 +32,6 @@
 #  retries: 5
 #  delay: 1
 
-#TODO: create systemd script
-- name: Enable 'monit' service (chkconfig monit on)
-  command: chkconfig monit on
-  when: is_debian and ansible_local.local_facts.os_ver == "debian-8"
-
-#- name: Restart monit service
-#  command: service monit restart
-
-- name: Add 'monit' variable values to {{ iiab_ini_file }}
-  ini_file:
-    path: "{{ iiab_ini_file }}"
-    section: monit
-    option: "{{ item.option }}"
-    value: "{{ item.value | string }}"
-  with_items:
-    - option: name
-      value: Monit
-    - option: description
-      value: '"Monit is a background service monitor which can correct problems, send email, restart services."'
-    - option: enabled
-      value: "{{ monit_enabled }}"
-
 
 # RECORD Monit AS INSTALLED
 
diff --git a/roles/monit/tasks/main.yml b/roles/monit/tasks/main.yml
index 4b6d849c9..978a27c27 100644
--- a/roles/monit/tasks/main.yml
+++ b/roles/monit/tasks/main.yml
@@ -1,3 +1,24 @@
+# "How do i fail a task in Ansible if the variable contains a boolean value?
+# I want to perform input validation for Ansible playbooks"
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
+
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
+
+- name: Assert that "monit_install is sameas true" (boolean not string etc)
+  assert:
+    that: monit_install is sameas true
+    fail_msg: "PLEASE SET 'monit_install: True' e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+- name: Assert that "monit_enabled | type_debug == 'bool'" (boolean not string etc)
+  assert:
+    that: monit_enabled | type_debug == 'bool'
+    fail_msg: "PLEASE GIVE VARIABLE 'monit_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+
 # 2019-07-06: The 'monit' package was suddenly removed from Debian 10.0.0
 # "Buster" during the very final days prior to release, as confirmed by the
 # sudden disappearance of these 2 pages:
@@ -9,6 +30,30 @@
 # be is_debian_10 in vars/raspbian-10.yml for now!) still provides 'monit' via
 # apt -- so eliminating "Debian 10+" requires this funky conditional:
 
-- name: Install 'monit' if monit_install and not Debian 10+
+# 2020-09-21: The 'monit' package appears to be returning to Debian 11, per:
+#
+#   https://packages.debian.org/bullseye/monit
+#   https://packages.debian.org/source/bullseye/monit
+
+- name: Install Monit if 'monit_installed' not defined, e.g. in {{ iiab_state_file }} AND not Debian 10    # /etc/iiab/iiab_state.yml
   include_tasks: install.yml
-  when: monit_install and not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9))
+  when: monit_installed is undefined and not (is_debian_10 and not is_raspbian)
+  #when: monit_installed is undefined and not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9))
+
+
+- include_tasks: enable-or-disable.yml
+
+
+- name: Add 'monit' variable values to {{ iiab_ini_file }}
+  ini_file:
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
+    section: monit
+    option: "{{ item.option }}"
+    value: "{{ item.value | string }}"
+  with_items:
+    - option: name
+      value: Monit
+    - option: description
+      value: '"Monit is a background service monitor which can correct problems, send email, restart services."'
+    - option: enabled
+      value: "{{ monit_enabled }}"
diff --git a/roles/mosquitto/tasks/enable-or-disable.yml b/roles/mosquitto/tasks/enable-or-disable.yml
new file mode 100644
index 000000000..7aacfffbb
--- /dev/null
+++ b/roles/mosquitto/tasks/enable-or-disable.yml
@@ -0,0 +1,15 @@
+- name: Enable & (Re)Start 'mosquitto' systemd service, if mosquitto_enabled
+  systemd:
+    daemon_reload: yes
+    name: mosquitto
+    enabled: yes
+    state: restarted
+  when: mosquitto_enabled | bool
+
+- name: Disable & Stop 'mosquitto' systemd service, if not mosquitto_enabled
+  systemd:
+    daemon_reload: yes
+    name: mosquitto
+    enabled: no
+    state: stopped
+  when: not mosquitto_enabled
diff --git a/roles/mosquitto/tasks/enable.yml b/roles/mosquitto/tasks/enable.yml
deleted file mode 100644
index 5fc96f38e..000000000
--- a/roles/mosquitto/tasks/enable.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-- name: Enable & Start 'mosquitto' service
-  systemd:
-    daemon_reload: yes
-    name: mosquitto
-    enabled: yes
-    state: started
-  when: mosquitto_enabled | bool
-
-- name: Add 'mosquitto' variable values to {{ iiab_ini_file }}
-  ini_file:
-    path: "{{ iiab_ini_file }}"
-    section: mosquitto
-    option: "{{ item.option }}"
-    value: "{{ item.value | string }}"
-  with_items:
-    - option: name
-      value: Mosquitto service
-    - option: description
-      value: Mosquitto service
-    - option: mosquitto_enabled
-      value: "{{ mosquitto_enabled }}"
diff --git a/roles/mosquitto/tasks/install.yml b/roles/mosquitto/tasks/install.yml
index 1df4b78f4..6ba7fd0d0 100644
--- a/roles/mosquitto/tasks/install.yml
+++ b/roles/mosquitto/tasks/install.yml
@@ -25,8 +25,8 @@
   template:
     src: websockets.conf.j2
     dest: /etc/mosquitto/conf.d/websockets.conf
-    owner: root
-    group: root
+    #owner: root
+    #group: root
     mode: '0755'
 
 
diff --git a/roles/mosquitto/tasks/main.yml b/roles/mosquitto/tasks/main.yml
index 61bcf25e9..37f344d8e 100644
--- a/roles/mosquitto/tasks/main.yml
+++ b/roles/mosquitto/tasks/main.yml
@@ -1,5 +1,42 @@
-- include_tasks: install.yml
-  when: mosquitto_install and not mosquitto_installed is defined
+# "How do i fail a task in Ansible if the variable contains a boolean value?
+# I want to perform input validation for Ansible playbooks"
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
 
-- include_tasks: enable.yml
-  when: mosquitto_install or mosquitto_installed is defined
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
+
+- name: Assert that "mosquitto_install is sameas true" (boolean not string etc)
+  assert:
+    that: mosquitto_install is sameas true
+    fail_msg: "PLEASE SET 'mosquitto_install: True' e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+- name: Assert that "mosquitto_enabled | type_debug == 'bool'" (boolean not string etc)
+  assert:
+    that: mosquitto_enabled | type_debug == 'bool'
+    fail_msg: "PLEASE GIVE VARIABLE 'mosquitto_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+
+- name: Install Mosquitto if 'mosquitto_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
+  include_tasks: install.yml
+  when: mosquitto_installed is undefined
+
+
+- include_tasks: enable-or-disable.yml
+
+
+- name: Add 'mosquitto' variable values to {{ iiab_ini_file }}
+  ini_file:
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
+    section: mosquitto
+    option: "{{ item.option }}"
+    value: "{{ item.value | string }}"
+  with_items:
+    - option: name
+      value: Mosquitto service
+    - option: description
+      value: '"Mosquitto (uses the MQTT protocol) is a pub-sub broker for electronics projects and educational Internet of Things (IoT) experiments.  It''s designed for TCP/IP with remote locations where a ''small code footprint'' is required or bandwidth is limited.  See also: Node-RED"'
+    - option: mosquitto_enabled
+      value: "{{ mosquitto_enabled }}"
diff --git a/roles/nginx/README.md b/roles/nginx/README.md
index fcca7f07c..a93996f53 100644
--- a/roles/nginx/README.md
+++ b/roles/nginx/README.md
@@ -40,16 +40,17 @@
       * nodered
 
    4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations).  In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite)
+      * bluetooth
       * calibre (menu goes directly to port 8080)
       * internetarchive (menu goes directly to port 4244, [PR #2120](https://github.com/iiab/iiab/pull/2120)) [*]
       * kalite (menu goes directly to ports 8006-8008)
-      * minetest [*]
+      * minetest
+      * mosquitto
       * openvpn
-      * mosquitto [*]
       * pbx [*, requires Apache for now, as in Section iii.]
-      * phpmyadmin [*, requires Apache for now, as in Section iii.]
+      * phpmyadmin [requires Apache for now, as in Section iii.]
       * samba
-      * transmission [*]
-      * vnstat [*]
+      * transmission
+      * vnstat
 
-[*] The 8 above starred roles could use improvement, as of 2020-09-21.
+[*] The 3 above starred roles could use improvement, as of 2020-09-21.
diff --git a/roles/phpmyadmin/tasks/enable-or-disable.yml b/roles/phpmyadmin/tasks/enable-or-disable.yml
new file mode 100644
index 000000000..79c47a8de
--- /dev/null
+++ b/roles/phpmyadmin/tasks/enable-or-disable.yml
@@ -0,0 +1,9 @@
+- name: Enable phpMyAdmin via Apache, if phpmyadmin_enabled
+  command: a2ensite phpmyadmin.conf
+  when: phpmyadmin_enabled | bool
+  #when: apache_installed is defined and phpmyadmin_enabled
+
+- name: Disable phpMyAdmin via Apache, if not phpmyadmin_enabled
+  command: a2dissite phpmyadmin.conf
+  when: not phpmyadmin_enabled
+  #when: apache_installed is defined and not phpmyadmin_enabled
diff --git a/roles/phpmyadmin/tasks/install.yml b/roles/phpmyadmin/tasks/install.yml
new file mode 100644
index 000000000..75813d414
--- /dev/null
+++ b/roles/phpmyadmin/tasks/install.yml
@@ -0,0 +1,75 @@
+- name: "Set 'apache_install: True' and 'apache_enabled: True'"
+  set_fact:
+    apache_install: True
+    apache_enabled: True
+
+- name: APACHE - run 'httpd' role
+  include_role:
+    name: httpd
+
+
+- name: Download {{ iiab_download_url }}/{{ phpmyadmin_name_zip }} to {{ downloads_dir }}
+  get_url:
+    url: "{{ iiab_download_url }}/{{ phpmyadmin_name_zip }}"
+    dest: "{{ downloads_dir }}"
+    timeout: "{{ download_timeout }}"
+  when: internet_available | bool
+
+- name: Does {{ downloads_dir }}/{{ phpmyadmin_name_zip }} exist?    # e.g. /opt/iiab/downloads/phpMyAdmin-5.0.2-all-languages.zip
+  stat:
+    path: "{{ downloads_dir }}/{{ phpmyadmin_name_zip }}"
+  register: phpmyadmin_dl
+
+- name: FAIL (force Ansible to exit) IF /opt/iiab/downloads/{{ phpmyadmin_name_zip }} doesn't exist
+  fail:
+    msg: "{{ downloads_dir }}/{{ phpmyadmin_name_zip }} is REQUIRED in order to install phpMyAdmin."
+  when: not phpmyadmin_dl.stat.exists
+
+- name: Unzip to permanent location /opt/{{ phpmyadmin_name }}, owned by {{ apache_user }}
+  unarchive:
+    src: "{{ downloads_dir }}/{{ phpmyadmin_name_zip }}"
+    dest: /opt
+    owner: "{{ apache_user }}"
+
+- name: Symlink /opt/phpmyadmin -> {{ phpmyadmin_name }}
+  file:
+    src: "{{ phpmyadmin_name }}"
+    path: /opt/phpmyadmin
+    owner: "{{ apache_user }}"    # Some Linux's ignore symlink owners?
+    state: link
+
+- name: Install /opt/phpmyadmin/config.inc.php owned by {{ apache_user }}, from template
+  template:
+    src: config.inc.php
+    dest: /opt/phpmyadmin/config.inc.php
+    owner: "{{ apache_user }}"
+
+# Above 3 stanzas set link/tree/contents ownership to {{ apache_user }}:root
+# OOPS: CHOWN BELOW CHANGED LINK ALONE (TREE/CONTENTS REMAINED root:root)
+
+# - name: Change the owner of the PHP tree to Apache
+#   shell: "chown -R {{ apache_user }} /opt/phpmyadmin"
+#   #file:
+#   #  path: "/opt/{{ phpmyadmin_name_zip }}"
+#   #  owner: "{{ apache_user }}"
+#   #  recurse: yes
+#   #  state: directory
+
+- name: Install /etc/{{ apache_conf_dir }}/phpmyadmin.conf from template, if phpmyadmin_enabled
+  template:
+    src: phpmyadmin.j2
+    dest: "/etc/{{ apache_conf_dir }}/phpmyadmin.conf"
+  when: apache_installed is defined
+
+
+# RECORD phpMyAdmin AS INSTALLED
+
+- name: "Set 'phpmyadmin_installed: True'"
+  set_fact:
+    phpmyadmin_installed: True
+
+- name: "Add 'phpmyadmin_installed: True' to {{ iiab_state_file }}"
+  lineinfile:
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    regexp: '^phpmyadmin_installed'
+    line: 'phpmyadmin_installed: True'
diff --git a/roles/phpmyadmin/tasks/main.yml b/roles/phpmyadmin/tasks/main.yml
index e5911c92c..7ca8b15b8 100644
--- a/roles/phpmyadmin/tasks/main.yml
+++ b/roles/phpmyadmin/tasks/main.yml
@@ -1,92 +1,35 @@
-- name: "Set 'apache_install: True' and 'apache_enabled: True'"
-  set_fact:
-    apache_install: True
-    apache_enabled: True
+# "How do i fail a task in Ansible if the variable contains a boolean value?
+# I want to perform input validation for Ansible playbooks"
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
 
-- name: APACHE - run 'httpd' role
-  include_role:
-    name: httpd
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
+
+- name: Assert that "phpmyadmin_install is sameas true" (boolean not string etc)
+  assert:
+    that: phpmyadmin_install is sameas true
+    fail_msg: "PLEASE SET 'phpmyadmin_install: True' e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+- name: Assert that "phpmyadmin_enabled | type_debug == 'bool'" (boolean not string etc)
+  assert:
+    that: phpmyadmin_enabled | type_debug == 'bool'
+    fail_msg: "PLEASE GIVE VARIABLE 'phpmyadmin_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
 
 
-- name: Download {{ iiab_download_url }}/{{ phpmyadmin_name_zip }} to {{ downloads_dir }}
-  get_url:
-    url: "{{ iiab_download_url }}/{{ phpmyadmin_name_zip }}"
-    dest: "{{ downloads_dir }}"
-    timeout: "{{ download_timeout }}"
-  when: internet_available | bool
-
-- name: Does {{ downloads_dir }}/{{ phpmyadmin_name_zip }} exist?    # e.g. /opt/iiab/downloads/phpMyAdmin-4.8.3-all-languages.zip
-  stat:
-    path: "{{ downloads_dir }}/{{ phpmyadmin_name_zip }}"
-  register: phpmyadmin_dl
-
-- name: FAIL (force Ansible to exit) IF /opt/iiab/downloads/{{ phpmyadmin_name_zip }} doesn't exist
-  fail:
-    msg: "{{ downloads_dir }}/{{ phpmyadmin_name_zip }} is REQUIRED in order to install phpMyAdmin."
-  when: not phpmyadmin_dl.stat.exists
-
-- name: Unzip to permanent location /opt/{{ phpmyadmin_name }}, owned by {{ apache_user }}
-  unarchive:
-    src: "{{ downloads_dir }}/{{ phpmyadmin_name_zip }}"
-    dest: /opt
-    owner: "{{ apache_user }}"
-
-- name: Symlink /opt/phpmyadmin -> {{ phpmyadmin_name }}
-  file:
-    src: "{{ phpmyadmin_name }}"
-    path: /opt/phpmyadmin
-    owner: "{{ apache_user }}"    # Some Linux's ignore symlink owners?
-    state: link
-
-- name: Install /opt/phpmyadmin/config.inc.php owned by {{ apache_user }}, from template
-  template:
-    src: config.inc.php
-    dest: /opt/phpmyadmin/config.inc.php
-    owner: "{{ apache_user }}"
-
-# Above 3 stanzas set link/tree/contents ownership to {{ apache_user }}:root
-# OOPS: CHOWN BELOW CHANGED LINK ALONE (TREE/CONTENTS REMAINED root:root)
-
-# - name: Change the owner of the PHP tree to Apache
-#   shell: "chown -R {{ apache_user }} /opt/phpmyadmin"
-#   #file:
-#   #  path: "/opt/{{ phpmyadmin_name_zip }}"
-#   #  owner: "{{ apache_user }}"
-#   #  recurse: yes
-#   #  state: directory
-
-- name: Install /etc/{{ apache_conf_dir }}/phpmyadmin.conf from template, if phpmyadmin_enabled
-  template:
-    src: phpmyadmin.j2
-    dest: "/etc/{{ apache_conf_dir }}/phpmyadmin.conf"
-  when: apache_installed is defined
+- name: Install phpMyAdmin if 'phpmyadmin_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
+  include_tasks: install.yml
+  when: phpmyadmin_installed is undefined
 
 
-# RECORD phpMyAdmin AS INSTALLED
-
-- name: "Set 'phpmyadmin_installed: True'"
-  set_fact:
-    phpmyadmin_installed: True
-
-- name: "Add 'phpmyadmin_installed: True' to {{ iiab_state_file }}"
-  lineinfile:
-    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
-    regexp: '^phpmyadmin_installed'
-    line: 'phpmyadmin_installed: True'
-
-
-- name: Enable phpMyAdmin via Apache, if phpmyadmin_enabled
-  command: a2ensite phpmyadmin.conf
-  when: apache_installed is defined and phpmyadmin_enabled
-
-- name: Disable phpMyAdmin via Apache, if not phpmyadmin_enabled
-  command: a2dissite phpmyadmin.conf
-  when: apache_installed is defined and not phpmyadmin_enabled
+- include_tasks: enable-or-disable.yml
 
 
 - name: Add 'phpmyadmin' variable values to {{ iiab_ini_file }}
   ini_file:
-    path: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
     section: phpmyadmin
     option: "{{ item.option }}"
     value: "{{ item.value | string }}"
diff --git a/roles/pylibs/tasks/main.yml b/roles/pylibs/tasks/main.yml
index 47b870f95..f7ffa0f1d 100644
--- a/roles/pylibs/tasks/main.yml
+++ b/roles/pylibs/tasks/main.yml
@@ -9,3 +9,16 @@
     - { src: 'iiab_const.py.j2', dest: '{{ py3_dist_path }}/iiab/iiab_const.py' }
     - { src: 'iiab_lib.py', dest: '{{ py3_dist_path }}/iiab/iiab_lib.py' }
     - { src: 'iiab_env.py.j2', dest: '{{ iiab_etc_path }}/iiab_env.py' }
+
+
+# RECORD pylibs AS INSTALLED
+
+- name: "Set 'pylibs_installed: True'"
+  set_fact:
+    pylibs_installed: True
+
+- name: "Add 'pylibs_installed: True' to {{ iiab_state_file }}"
+  lineinfile:
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    regexp: '^pylibs_installed'
+    line: 'pylibs_installed: True'
diff --git a/roles/samba/tasks/enable-or-disable.yml b/roles/samba/tasks/enable-or-disable.yml
index 607142bde..a586ff7de 100644
--- a/roles/samba/tasks/enable-or-disable.yml
+++ b/roles/samba/tasks/enable-or-disable.yml
@@ -1,3 +1,7 @@
+- name: systemd daemon-reload
+  systemd:
+    daemon_reload: yes
+
 - name: Enable & Start Samba service ({{ smb_service }}) and NetBIOS name service ({{ nmb_service }}) if samba_enabled
   systemd:
     name: "{{ item }}"
diff --git a/roles/sugarizer/tasks/main.yml b/roles/sugarizer/tasks/main.yml
index a99758b90..733aff167 100644
--- a/roles/sugarizer/tasks/main.yml
+++ b/roles/sugarizer/tasks/main.yml
@@ -27,11 +27,12 @@
   set_fact:
     mongodb_install: True
 
-# auto started by sugarizer.service just to record that mongodb should be running
+# MongoDB auto-started by sugarizer.service - let's set 'mongodb_enabled: True'
+# regardless - anticipating that MongoDB (should!) run on demand:
 - name: "Set 'mongodb_enabled: True' when sugarizer_enabled"
   set_fact:
     mongodb_enabled: True
-  when: sugarizer_enabled
+  when: sugarizer_enabled | bool
 
 - name: MONGODB - run 'mongodb' role (attempt to install MongoDB)
   include_role:
@@ -39,7 +40,7 @@
 
 - name: EXIT 'sugarizer' ROLE & CONTINUE, IF 'mongodb_installed is undefined'
   fail:    # FORCE IT RED THIS ONCE!
-    msg: MongoDB INSTALLATION FAILED, likely because your OS is Debian.  Nevertheless IIAB will continue (consider this a warning!)
+    msg: MongoDB INSTALLATION FAILED, perhaps because your OS is Debian 10 on aarch64?  Nevertheless IIAB will continue (consider this a warning!)
   when: mongodb_installed is undefined
   ignore_errors: yes
 
diff --git a/roles/sugarizer/tasks/main2.yml b/roles/sugarizer/tasks/main2.yml
index 8de4160fc..123031c30 100644
--- a/roles/sugarizer/tasks/main2.yml
+++ b/roles/sugarizer/tasks/main2.yml
@@ -4,6 +4,7 @@
 
 - block:    # 2 STANZAS BELOW, CONDITIONED ON 'when: sugarizer_enabled | bool'
 
+  # LIKELY UNNEC: THIS SAME CODE IS IN main.yml (LINES 32-35, ALREADY RUN)
   # sugarizer.service line 'Requires=mongodb.service' auto-starts MongoDB (but record that in var too)
   - name: "Set 'mongodb_enabled: True' if sugarizer_enabled"
     set_fact:
diff --git a/roles/transmission/tasks/enable-or-disable.yml b/roles/transmission/tasks/enable-or-disable.yml
new file mode 100644
index 000000000..11cb4a496
--- /dev/null
+++ b/roles/transmission/tasks/enable-or-disable.yml
@@ -0,0 +1,25 @@
+- name: Enable & (Re)Start 'transmission-daemon' systemd service, if transmission_enabled
+  systemd:
+    daemon_reload: yes
+    name: transmission-daemon
+    enabled: yes
+    state: restarted
+  when: transmission_enabled | bool
+
+- name: Add PAUSED KA Lite torrent(s) to transmission-daemon's queue
+  shell: >
+    /usr/bin/transmission-remote
+    --start-paused
+    -n {{ transmission_username }}:{{ transmission_password }}
+    -a http://pantry.learningequality.org/downloads/ka-lite/{{ transmission_kalite_version }}/content/ka-lite-0.17-resized-videos-{{ item }}.torrent
+  with_items: "{{ transmission_kalite_languages }}"
+  when: transmission_enabled and transmission_provision and transmission_kalite_languages is defined and transmission_kalite_languages is not none
+  ignore_errors: yes
+
+- name: Disable & Stop 'transmission-daemon' service, if not transmission_enabled
+  systemd:
+    daemon_reload: yes
+    name: transmission-daemon
+    enabled: no
+    state: stopped
+  when: not transmission_enabled
diff --git a/roles/transmission/tasks/install.yml b/roles/transmission/tasks/install.yml
new file mode 100644
index 000000000..684b3fe14
--- /dev/null
+++ b/roles/transmission/tasks/install.yml
@@ -0,0 +1,41 @@
+- name: "Install BitTorrent packages: transmission-daemon, transmission-cli"
+  package:
+    name:
+      - transmission-daemon
+      - transmission-cli
+    state: present
+
+- name: Create download dir {{ transmission_download_dir }}, owned by {{ transmission_user }}:{{ transmission_group }}
+  file:
+    state: directory
+    path: "{{ transmission_download_dir }}"    # /library/transmission
+    owner: "{{ transmission_user }}"    # debian-transmission
+    group: "{{ transmission_group }}"    # root
+    # mode: '0755'
+
+- name: Stop 'transmission-daemon' systemd service, before modifying its settings
+  systemd:
+    name: transmission-daemon
+    state: stopped
+  ignore_errors: yes
+
+- name: Install /etc/transmission-daemon/settings.json from template
+  template:
+    src: settings.json.j2
+    dest: /etc/transmission-daemon/settings.json
+    owner: "{{ transmission_user }}"    # debian-transmission
+    group: "{{ transmission_group }}"    # root
+    # mode: '0644'
+
+
+# RECORD Transmission AS INSTALLED
+
+- name: "Set 'transmission_installed: True'"
+  set_fact:
+    transmission_installed: True
+
+- name: "Add 'transmission_installed: True' to {{ iiab_state_file }}"
+  lineinfile:
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    regexp: '^transmission_installed'
+    line: 'transmission_installed: True'
diff --git a/roles/transmission/tasks/main.yml b/roles/transmission/tasks/main.yml
index 24258f981..c2f599628 100644
--- a/roles/transmission/tasks/main.yml
+++ b/roles/transmission/tasks/main.yml
@@ -1,76 +1,35 @@
-- name: "Install BitTorrent packages: transmission-daemon, transmission-cli"
-  package:
-    name:
-      - transmission-daemon
-      - transmission-cli
-    state: present
+# "How do i fail a task in Ansible if the variable contains a boolean value?
+# I want to perform input validation for Ansible playbooks"
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
 
-- name: Create download dir {{ transmission_download_dir }}, owned by {{ transmission_user }}:{{ transmission_group }}
-  file:
-    state: directory
-    path: "{{ transmission_download_dir }}"    # /library/transmission
-    owner: "{{ transmission_user }}"    # debian-transmission
-    group: "{{ transmission_group }}"    # root
-    # mode: '0755'
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
 
-- name: Stop 'transmission-daemon' systemd service, before modifying its settings
-  systemd:
-    name: transmission-daemon
-    state: stopped
-  ignore_errors: yes
+- name: Assert that "transmission_install is sameas true" (boolean not string etc)
+  assert:
+    that: transmission_install is sameas true
+    fail_msg: "PLEASE SET 'transmission_install: True' e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
 
-- name: Install /etc/transmission-daemon/settings.json from template
-  template:
-    src: settings.json.j2
-    dest: /etc/transmission-daemon/settings.json
-    owner: "{{ transmission_user }}"    # debian-transmission
-    group: "{{ transmission_group }}"    # root
-    # mode: '0644'
+- name: Assert that "transmission_enabled | type_debug == 'bool'" (boolean not string etc)
+  assert:
+    that: transmission_enabled | type_debug == 'bool'
+    fail_msg: "PLEASE GIVE VARIABLE 'transmission_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
 
 
-# RECORD Transmission AS INSTALLED
-
-- name: "Set 'transmission_installed: True'"
-  set_fact:
-    transmission_installed: True
-
-- name: "Add 'transmission_installed: True' to {{ iiab_state_file }}"
-  lineinfile:
-    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
-    regexp: '^transmission_installed'
-    line: 'transmission_installed: True'
+- name: Install Transmission if 'transmission_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
+  include_tasks: install.yml
+  when: transmission_installed is undefined
 
 
-- name: Enable & Restart 'transmission-daemon' systemd service, incl daemon-reload
-  systemd:
-    name: transmission-daemon
-    daemon_reload: yes
-    enabled: yes
-    state: restarted
-  when: transmission_enabled | bool
-
-- name: Add PAUSED KA Lite torrent(s) to transmission-daemon's queue
-  shell: >
-    /usr/bin/transmission-remote
-    --start-paused
-    -n {{ transmission_username }}:{{ transmission_password }}
-    -a http://pantry.learningequality.org/downloads/ka-lite/{{ transmission_kalite_version }}/content/ka-lite-0.17-resized-videos-{{ item }}.torrent
-  with_items: "{{ transmission_kalite_languages }}"
-  when: transmission_enabled and transmission_provision and transmission_kalite_languages is defined and transmission_kalite_languages is not none
-  ignore_errors: yes
-
-- name: Disable & Stop 'transmission-daemon' service, if not transmission_enabled
-  systemd:
-    name: transmission-daemon
-    daemon_reload: yes
-    enabled: no
-    state: stopped
-  when: not transmission_enabled
+- include_tasks: enable-or-disable.yml
 
 
 - name: Add 'transmission' variable values to {{ iiab_ini_file }}
   ini_file:
-    path: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
     section: transmission
     option: "{{ item.option }}"
     value: "{{ item.value | string }}"
diff --git a/roles/vnstat/tasks/enable-or-disable.yml b/roles/vnstat/tasks/enable-or-disable.yml
new file mode 100644
index 000000000..ae9c413f4
--- /dev/null
+++ b/roles/vnstat/tasks/enable-or-disable.yml
@@ -0,0 +1,15 @@
+- name: Enable & (Re)Start 'vnstat' systemd service, if vnstat_enabled
+  systemd:
+    daemon_reload: yes
+    name: vnstat
+    enabled: yes
+    state: restarted
+  when: vnstat_enabled | bool
+
+- name: Disable & Stop 'vnstat' systemd service, if not vnstat_enabled
+  systemd:
+    daemon_reload: yes
+    name: vnstat
+    enabled: no
+    state: stopped
+  when: not vnstat_enabled
diff --git a/roles/vnstat/tasks/install.yml b/roles/vnstat/tasks/install.yml
new file mode 100644
index 000000000..d015385bf
--- /dev/null
+++ b/roles/vnstat/tasks/install.yml
@@ -0,0 +1,32 @@
+- name: Install 'vnstat' package
+  package:
+    name: vnstat
+    state: present
+
+- name: Install /etc/vnstat.conf from template
+  template:
+    src: vnstat.conf.j2
+    dest: /etc/vnstat.conf
+    # owner: root
+    # group: root
+    mode: '0744'
+
+- name: Create database for WAN to collect vnStat data
+  shell: /usr/bin/vnstat -i {{ iiab_wan_iface }}
+
+- name: Create database for LAN to collect vnStat data if not appliance config
+  shell: /usr/bin/vnstat -i {{ iiab_lan_iface }}
+  when: iiab_lan_iface is defined and iiab_lan_iface != "none"
+
+
+# RECORD vnStat AS INSTALLED
+
+- name: "Set 'vnstat_installed: True'"
+  set_fact:
+    vnstat_installed: True
+
+- name: "Add 'vnstat_installed: True' to {{ iiab_state_file }}"
+  lineinfile:
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    regexp: '^vnstat_installed'
+    line: 'vnstat_installed: True'
diff --git a/roles/vnstat/tasks/main.yml b/roles/vnstat/tasks/main.yml
index f3a7f36e1..c7d29b4bd 100644
--- a/roles/vnstat/tasks/main.yml
+++ b/roles/vnstat/tasks/main.yml
@@ -1,49 +1,35 @@
-- name: Install 'vnstat' package
-  package:
-    name: vnstat
-    state: present
+# "How do i fail a task in Ansible if the variable contains a boolean value?
+# I want to perform input validation for Ansible playbooks"
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
 
-- name: Install /etc/vnstat.conf from template
-  template:
-    src: vnstat.conf.j2
-    dest: /etc/vnstat.conf
-    # owner: root
-    # group: root
-    mode: '0744'
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
 
-- name: Create database for WAN to collect vnStat data
-  shell: /usr/bin/vnstat -i {{ iiab_wan_iface }}
+- name: Assert that "vnstat_install is sameas true" (boolean not string etc)
+  assert:
+    that: vnstat_install is sameas true
+    fail_msg: "PLEASE SET 'vnstat_install: True' e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
 
-- name: Create database for LAN to collect vnStat data if not appliance config
-  shell: /usr/bin/vnstat -i {{ iiab_lan_iface }}
-  when: iiab_lan_iface is defined and iiab_lan_iface != "none"
+- name: Assert that "vnstat_enabled | type_debug == 'bool'" (boolean not string etc)
+  assert:
+    that: vnstat_enabled | type_debug == 'bool'
+    fail_msg: "PLEASE GIVE VARIABLE 'vnstat_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
 
 
-# RECORD vnStat AS INSTALLED
-
-- name: "Set 'vnstat_installed: True'"
-  set_fact:
-    vnstat_installed: True
-
-- name: "Add 'vnstat_installed: True' to {{ iiab_state_file }}"
-  lineinfile:
-    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
-    regexp: '^vnstat_installed'
-    line: 'vnstat_installed: True'
+- name: Install vnStat if 'vnstat_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
+  include_tasks: install.yml
+  when: vnstat_installed is undefined
 
 
-- name: Enable & (Re)Start 'vnstat' systemd service, if vnstat_enabled
-  systemd:
-    name: vnstat
-    daemon_reload: yes
-    enabled: yes
-    state: restarted
-  when: vnstat_enabled | bool
+- include_tasks: enable-or-disable.yml
 
 
 - name: Add 'vnstat' variable values to {{ iiab_ini_file }}
   ini_file:
-    path: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
     section: vnstat
     option: "{{ item.option }}"
     value: "{{ item.value | string }}"
diff --git a/vars/default_vars.yml b/vars/default_vars.yml
index 195677283..5e030f2a4 100644
--- a/vars/default_vars.yml
+++ b/vars/default_vars.yml
@@ -349,12 +349,12 @@ idmgr_enabled: False    # 2020-01-23: UNUSED
 
 # 6-GENERIC-APPS
 
+# UNMAINTAINED as of September 2020
 azuracast_install: False
-azuracast_enabled: False
-
+azuracast_enabled: False    # This var is currently IGNORED.
 azuracast_http_port: 10080
 azuracast_https_port: 10443
-
+#
 # AzuraCast needs many ports in the 8000:8100 range by default, but IIAB
 # services conflict with those ports so this variable below sets a sane prefix.
 # e.g. setting the below variable to 10 will result in port ranges 10000-10100
@@ -492,7 +492,7 @@ vector_map_path: "{{ content_base }}/www/osm-vector-maps"    # /library/www/osm-
 # roles/sugarizer/meta/main.yml auto-invokes 2 above prereqs: mongodb & nodejs
 # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879
 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957
-# 2019-07-08 WARNING: both vars are IGNORED on Debian 10+ due to MongoDB: github.com/iiab/iiab/issues/1437
+# 2020-09-22: Both vars WERE IGNORED on Deb 10 (MongoDB) but no longer?  #1437
 sugarizer_install: False
 sugarizer_enabled: False
 sugarizer_port: 8089
@@ -540,7 +540,7 @@ transmission_kalite_languages:
 awstats_install: True
 awstats_enabled: True
 
-# 2019-07-08 WARNING: both vars are IGNORED on Debian 10+ due to: github.com/iiab/iiab/issues/1849
+# 2020-09-21 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849
 monit_install: False
 monit_enabled: False
 watchdog:
diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml
index ee6cc5fbe..c3b91460c 100644
--- a/vars/local_vars_big.yml
+++ b/vars/local_vars_big.yml
@@ -219,8 +219,9 @@ iiab_usb_lib_show_all: True
 
 # 6-GENERIC-APPS
 
+# UNMAINTAINED as of September 2020
 azuracast_install: False
-azuracast_enabled: False
+azuracast_enabled: False    # This var is currently IGNORED.
 
 # UNMAINTAINED as of January 2020: https://github.com/iiab/iiab/issues/2056
 # dokuwiki_install: False
@@ -305,7 +306,7 @@ osm_vector_maps_enabled: True
 
 # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879
 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957
-# 2019-07-08 WARNING: both vars are IGNORED on Debian 10+ due to MongoDB: github.com/iiab/iiab/issues/1437
+# 2020-09-22: Both vars WERE IGNORED on Deb 10 (MongoDB) but no longer?  #1437
 sugarizer_install: True
 sugarizer_enabled: True
 
@@ -336,7 +337,7 @@ transmission_kalite_languages:
 awstats_install: True
 awstats_enabled: True
 
-# 2019-07-08 WARNING: both vars are IGNORED on Debian 10+ due to: github.com/iiab/iiab/issues/1849
+# 2020-09-21 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849
 monit_install: False
 monit_enabled: False
 
diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml
index 766d67fca..aa799548a 100644
--- a/vars/local_vars_medium.yml
+++ b/vars/local_vars_medium.yml
@@ -219,8 +219,9 @@ iiab_usb_lib_show_all: True
 
 # 6-GENERIC-APPS
 
+# UNMAINTAINED as of September 2020
 azuracast_install: False
-azuracast_enabled: False
+azuracast_enabled: False    # This var is currently IGNORED.
 
 # UNMAINTAINED as of January 2020: https://github.com/iiab/iiab/issues/2056
 # dokuwiki_install: False
@@ -305,7 +306,7 @@ osm_vector_maps_enabled: True
 
 # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879
 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957
-# 2019-07-08 WARNING: both vars are IGNORED on Debian 10+ due to MongoDB: github.com/iiab/iiab/issues/1437
+# 2020-09-22: Both vars WERE IGNORED on Deb 10 (MongoDB) but no longer?  #1437
 sugarizer_install: True
 sugarizer_enabled: True
 
@@ -336,7 +337,7 @@ transmission_kalite_languages:
 awstats_install: True
 awstats_enabled: True
 
-# 2019-07-08 WARNING: both vars are IGNORED on Debian 10+ due to: github.com/iiab/iiab/issues/1849
+# 2020-09-21 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849
 monit_install: False
 monit_enabled: False
 
diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml
index 988c834e0..58c363b20 100644
--- a/vars/local_vars_min.yml
+++ b/vars/local_vars_min.yml
@@ -219,8 +219,9 @@ iiab_usb_lib_show_all: True
 
 # 6-GENERIC-APPS
 
+# UNMAINTAINED as of September 2020
 azuracast_install: False
-azuracast_enabled: False
+azuracast_enabled: False    # This var is currently IGNORED.
 
 # UNMAINTAINED as of January 2020: https://github.com/iiab/iiab/issues/2056
 # dokuwiki_install: False
@@ -305,7 +306,7 @@ osm_vector_maps_enabled: True
 
 # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879
 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957
-# 2019-07-08 WARNING: both vars are IGNORED on Debian 10+ due to MongoDB: github.com/iiab/iiab/issues/1437
+# 2020-09-22: Both vars WERE IGNORED on Deb 10 (MongoDB) but no longer?  #1437
 sugarizer_install: False
 sugarizer_enabled: False
 
@@ -336,7 +337,7 @@ transmission_kalite_languages:
 awstats_install: True
 awstats_enabled: True
 
-# 2019-07-08 WARNING: both vars are IGNORED on Debian 10+ due to: github.com/iiab/iiab/issues/1849
+# 2020-09-21 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849
 monit_install: False
 monit_enabled: False
 

From 30185545c1c10c37b4685c98cdee94732c4d966b Mon Sep 17 00:00:00 2001
From: root <holta@users.noreply.github.com>
Date: Tue, 22 Sep 2020 01:10:23 -0400
Subject: [PATCH 2/7] Today's date added to roles/nginx/README.md

---
 roles/nginx/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/nginx/README.md b/roles/nginx/README.md
index a93996f53..5cc1c3d99 100644
--- a/roles/nginx/README.md
+++ b/roles/nginx/README.md
@@ -10,7 +10,7 @@
 
 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX.
 
-3. Current state of IIAB App/Service migrations as of 2020-09-21:
+3. Current state of IIAB App/Service migrations as of 2020-09-22:
 
    1. These support "Native" NGINX but ***NOT*** Apache
       * Admin Console
@@ -53,4 +53,4 @@
       * transmission
       * vnstat
 
-[*] The 3 above starred roles could use improvement, as of 2020-09-21.
+[*] The 3 above starred roles could use improvement, as of 2020-09-22.

From 85d7a0dbe85ea13485f09bacf81b9a3fbf630dfa Mon Sep 17 00:00:00 2001
From: root <holta@users.noreply.github.com>
Date: Tue, 22 Sep 2020 01:41:24 -0400
Subject: [PATCH 3/7] monit/tasks/main.yml: Mention Monit-on-Debian issue #1849

---
 roles/monit/tasks/main.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/monit/tasks/main.yml b/roles/monit/tasks/main.yml
index 978a27c27..23340644d 100644
--- a/roles/monit/tasks/main.yml
+++ b/roles/monit/tasks/main.yml
@@ -34,6 +34,8 @@
 #
 #   https://packages.debian.org/bullseye/monit
 #   https://packages.debian.org/source/bullseye/monit
+#
+# SEE iiab/iiab#1849 re: "Debian 10 Buster no longer includes Monit" etc.
 
 - name: Install Monit if 'monit_installed' not defined, e.g. in {{ iiab_state_file }} AND not Debian 10    # /etc/iiab/iiab_state.yml
   include_tasks: install.yml

From 30f27dc13427714183d46f3d37445455c0c1f8f8 Mon Sep 17 00:00:00 2001
From: root <holta@users.noreply.github.com>
Date: Tue, 22 Sep 2020 01:53:19 -0400
Subject: [PATCH 4/7] Use 2020-09-22 in default_vars.yml & local_vars.yml

---
 vars/default_vars.yml      | 2 +-
 vars/local_vars_big.yml    | 2 +-
 vars/local_vars_medium.yml | 2 +-
 vars/local_vars_min.yml    | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/vars/default_vars.yml b/vars/default_vars.yml
index 5e030f2a4..0e0a1e044 100644
--- a/vars/default_vars.yml
+++ b/vars/default_vars.yml
@@ -540,7 +540,7 @@ transmission_kalite_languages:
 awstats_install: True
 awstats_enabled: True
 
-# 2020-09-21 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849
+# 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849
 monit_install: False
 monit_enabled: False
 watchdog:
diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml
index c3b91460c..ae1d80df0 100644
--- a/vars/local_vars_big.yml
+++ b/vars/local_vars_big.yml
@@ -337,7 +337,7 @@ transmission_kalite_languages:
 awstats_install: True
 awstats_enabled: True
 
-# 2020-09-21 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849
+# 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849
 monit_install: False
 monit_enabled: False
 
diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml
index aa799548a..aa7d4157e 100644
--- a/vars/local_vars_medium.yml
+++ b/vars/local_vars_medium.yml
@@ -337,7 +337,7 @@ transmission_kalite_languages:
 awstats_install: True
 awstats_enabled: True
 
-# 2020-09-21 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849
+# 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849
 monit_install: False
 monit_enabled: False
 
diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml
index 58c363b20..d0394b364 100644
--- a/vars/local_vars_min.yml
+++ b/vars/local_vars_min.yml
@@ -337,7 +337,7 @@ transmission_kalite_languages:
 awstats_install: True
 awstats_enabled: True
 
-# 2020-09-21 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849
+# 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849
 monit_install: False
 monit_enabled: False
 

From 8279f64a2625c86349e561d7e5cb0e339a90984e Mon Sep 17 00:00:00 2001
From: root <holta@users.noreply.github.com>
Date: Tue, 22 Sep 2020 02:12:20 -0400
Subject: [PATCH 5/7] iiab-admin/tasks/main.yml: fix iiab-admin_installed ->
 iiab_admin_installed

---
 roles/iiab-admin/tasks/main.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/roles/iiab-admin/tasks/main.yml b/roles/iiab-admin/tasks/main.yml
index 10d9e1a6c..8ccc64068 100644
--- a/roles/iiab-admin/tasks/main.yml
+++ b/roles/iiab-admin/tasks/main.yml
@@ -52,12 +52,12 @@
 
 # RECORD iiab-admin AS INSTALLED
 
-- name: "Set 'iiab-admin_installed: True'"
+- name: "Set 'iiab_admin_installed: True'"
   set_fact:
-    iiab-admin_installed: True
+    iiab_admin_installed: True
 
-- name: "Add 'iiab-admin_installed: True' to {{ iiab_state_file }}"
+- name: "Add 'iiab_admin_installed: True' to {{ iiab_state_file }}"
   lineinfile:
     path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
-    regexp: '^iiab-admin_installed'
-    line: 'iiab-admin_installed: True'
+    regexp: '^iiab_admin_installed'
+    line: 'iiab_admin_installed: True'

From 1a3f386065a35cf0adfc41a4f3b2ed59d8fbf146 Mon Sep 17 00:00:00 2001
From: root <holta@users.noreply.github.com>
Date: Tue, 22 Sep 2020 13:17:34 -0400
Subject: [PATCH 6/7] WiFi firmware fixing w/o local_vars, cleaner w/
 explanations

---
 roles/1-prep/tasks/main.yml                   |  2 +-
 roles/firmware/tasks/download.yml             | 33 +++++++++++
 roles/firmware/tasks/install.yml              | 47 ++++++++-------
 roles/firmware/tasks/main.yml                 | 48 +++++----------
 .../firmware/templates/check-firmware.service |  2 +-
 roles/firmware/templates/check-firmware.sh    | 47 ---------------
 roles/firmware/templates/fw_warn.sh           |  8 +--
 roles/firmware/templates/iiab-check-firmware  | 59 +++++++++++++++++++
 8 files changed, 138 insertions(+), 108 deletions(-)
 create mode 100644 roles/firmware/tasks/download.yml
 delete mode 100644 roles/firmware/templates/check-firmware.sh
 create mode 100644 roles/firmware/templates/iiab-check-firmware

diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml
index 1bd10c76b..276babab0 100644
--- a/roles/1-prep/tasks/main.yml
+++ b/roles/1-prep/tasks/main.yml
@@ -83,7 +83,7 @@
 - name: IIAB-ADMIN
   include_role:
     name: iiab-admin
-  #when: iiab-admin_install | bool    # Flag might be created in future?
+  #when: iiab_admin_install | bool    # Flag might be created in future?
 
 - name: OPENVPN
   include_role:
diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml
new file mode 100644
index 000000000..2a817a391
--- /dev/null
+++ b/roles/firmware/tasks/download.yml
@@ -0,0 +1,33 @@
+- name: Back up original e.g. OS-provided firmware (for RPi internal WiFi)
+  copy:
+    src: "/lib/firmware/brcm/{{ item }}"
+    dest: "/lib/firmware/brcm/{{ item }}.orig"
+  with_items:
+    - brcmfmac43430-sdio.bin
+    - brcmfmac43455-sdio.bin
+    - brcmfmac43455-sdio.clm_blob
+
+- name: Download high-capacity older firmware (for RPi internal WiFi, per https://github.com/iiab/iiab/issues/823#issuecomment-662285202)
+  get_url:
+    url: "{{ item.url }}"
+    dest: "{{ item.dest }}"
+  with_items:
+    - { url: 'http://d.iiab.io/packages/brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65', dest: '/lib/firmware/brcm/brcmfmac43430-sdio.bin.iiab' }
+    - { url: 'http://d.iiab.io/packages/brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65', dest: '/lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.iiab' }
+    - { url: 'http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1', dest: '/lib/firmware/brcm/brcmfmac43455-sdio.bin.iiab' }
+    - { url: 'http://d.iiab.io/packages/brcmfmac43455-sdio.clm_blob_2018-02-26_rpi', dest: '/lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.iiab' }
+
+
+# RECORD firmware AS DOWNLOADED
+
+- name: "Set 'firmware_downloaded: True'"
+  set_fact:
+    firmware_downloaded: True
+
+- name: "Add 'firmware_downloaded: True' to {{ iiab_state_file }}"
+  lineinfile:
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    regexp: '^firmware_downloaded'
+    line: 'firmware_downloaded: True'
+
+# SEE ALSO firmware_installed in install.yml
diff --git a/roles/firmware/tasks/install.yml b/roles/firmware/tasks/install.yml
index 508d9d7b3..94c219d5c 100644
--- a/roles/firmware/tasks/install.yml
+++ b/roles/firmware/tasks/install.yml
@@ -1,32 +1,35 @@
-# check the timestamps, might want to preserve the old ones
-- name: Back up OS-provided firmware (for RPi's internal WiFi)
-  copy:
-    src: "/lib/firmware/brcm/{{ item }}"
-    dest: "/lib/firmware/brcm/{{ item }}.orig"
-  with_items:
-    - brcmfmac43430-sdio.bin
-    - brcmfmac43455-sdio.bin
-    - brcmfmac43455-sdio.clm_blob
+- name: Back up originals then download firmware (for RPi internal WiFi)
+  include_tasks: download.yml
+  when: firmware_downloaded is undefined    # SEE ALSO firmware_installed below
 
-- name: Download older firmware (for RPi high-capacity internal WiFi)
-  get_url:
-    url: "{{ item.url }}"
+- name: 'Install from template: check-firmware.service, iiab-check-firmware & fw_warn.sh'
+  template:
+    src: "{{ item.src }}"
     dest: "{{ item.dest }}"
+    mode: "{{ item.mode }}"
   with_items:
-    - { url: 'http://d.iiab.io/packages/brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65', dest: '/lib/firmware/brcm/brcmfmac43430-sdio.bin.iiab' }
-    - { url: 'http://d.iiab.io/packages/brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65', dest: '/lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.iiab' }
-    - { url: 'http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1', dest: '/lib/firmware/brcm/brcmfmac43455-sdio.bin.iiab' }
-    - { url: 'http://d.iiab.io/packages/brcmfmac43455-sdio.clm_blob_2018-02-26_rpi', dest: '/lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.iiab' }
+    - { src: 'check-firmware.service', dest: '/etc/systemd/system/', mode: '0644' }
+    - { src: 'iiab-check-firmware', dest: '/usr/sbin/', mode: '0755' }
+    - { src: 'fw_warn.sh', dest: '/etc/profile.d/', mode: '0644' }
+
+- name: Enable & (Re)Start check-firmware.service (also runs on each boot)
+  systemd:
+    name: check-firmware.service
+    daemon_reload: yes
+    state: restarted
+    enabled: yes
 
 
-# RECORD RPi Firmware AS DOWNLOADED
+# RECORD firmware AS INSTALLED
 
-- name: "Set 'rpi_firmware_downloaded: True'"
+- name: "Set 'firmware_installed: True'"
   set_fact:
-    rpi_firmware_downloaded: True
+    firmware_installed: True
 
-- name: "Add 'firmware_retrieved: True' to {{ iiab_state_file }}"
+- name: "Add 'firmware_installed: True' to {{ iiab_state_file }}"
   lineinfile:
     path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
-    regexp: '^rpi_firmware_downloaded'
-    line: 'rpi_firmware_downloaded: True'
+    regexp: '^firmware_installed'
+    line: 'firmware_installed: True'
+
+# SEE ALSO firmware_downloaded above & in download.yml
diff --git a/roles/firmware/tasks/main.yml b/roles/firmware/tasks/main.yml
index 7ee645607..81783c916 100644
--- a/roles/firmware/tasks/main.yml
+++ b/roles/firmware/tasks/main.yml
@@ -1,35 +1,17 @@
-- name: Back up/Download firmware (for RPi internal WiFi)
+# Please set 'wifi_hotspot_capacity_rpi_fix: True' in /etc/iiab/local_vars.yml
+# to restores support for 30-32 WiFi client devices on any Raspberry Pi that
+# has internal WiFi.  This installs firmware 7.45.18.0 for Zero W and RPi 3
+# and firmware 7.45.98.65 for RPi 3 B+ and RPi 4.  Capacity testing writeup:
+# https://github.com/iiab/iiab/issues/823#issuecomment-662285202
+
+- name: Install firmware (for RPi internal WiFi)
   include_tasks: install.yml
-  when: rpi_firmware_downloaded is undefined
+  #when: firmware_installed is undefined
 
-- name: 'Install from template: check-firmware.service, check-firmware.sh & fw_warn.sh'
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    mode: "{{ item.mode }}"
-  with_items:
-    - { src: 'check-firmware.service', dest: '/etc/systemd/system/', mode: '0644' }
-    - { src: 'check-firmware.sh', dest: '/usr/sbin/', mode: '0755' }
-    - { src: 'fw_warn.sh', dest: '/etc/profile.d/', mode: '0644' }
-
-- name: Enable & (Re)start check-firmware.service
-  systemd:
-    name: check-firmware.service
-    daemon_reload: yes
-    state: restarted
-    enabled: yes
-
-
-
-
-# RECORD firmware AS INSTALLED
-
-- name: "Set 'firmware_installed: True'"
-  set_fact:
-    firmware_installed: True
-
-- name: "Add 'firmware_installed: True' to {{ iiab_state_file }}"
-  lineinfile:
-    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
-    regexp: '^firmware_installed'
-    line: 'firmware_installed: True'
+# Two variable are placed in /etc/iiab/iiab_state.yml:
+#
+# - firmware_downloaded (set in download.yml) is used in install.yml
+#
+# - firmware_installed (set in install.yml) isn't acted upon programmatically.
+#   It serves as a very helpful rapid reminder in iiab_state.yml in the same
+#   way as roles like: sshd, iiab-admin, pylibs, www_base, www_options.
diff --git a/roles/firmware/templates/check-firmware.service b/roles/firmware/templates/check-firmware.service
index 077e3ab8a..43c7adf8c 100644
--- a/roles/firmware/templates/check-firmware.service
+++ b/roles/firmware/templates/check-firmware.service
@@ -4,7 +4,7 @@ Before=clone-wifi.service
 
 [Service]
 Type=oneshot
-ExecStart=/usr/sbin/check-firmware.sh
+ExecStart=/usr/sbin/iiab-check-firmware
 
 [Install]
 WantedBy=multi-user.target
diff --git a/roles/firmware/templates/check-firmware.sh b/roles/firmware/templates/check-firmware.sh
deleted file mode 100644
index e83d7756e..000000000
--- a/roles/firmware/templates/check-firmware.sh
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/bin/bash
-FW_MODE=$(grep wifi_hotspot_capacity_rpi_fix /etc/iiab/local_vars.yml| grep True)
-WARN=0
-DATE=$(date +%F-%T)
-if [ -z "$FW_MODE" ]; then
-    echo "FW marker not found"
-else
-    echo "$FW_MODE"
-    if ! $(diff -q /lib/firmware/brcm/brcmfmac43455-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43455-sdio.bin); then
-        mv /lib/firmware/brcm/brcmfmac43455-sdio.bin /lib/firmware/brcm/brcmfmac43455-sdio.bin.$DATE
-        cp /lib/firmware/brcm/brcmfmac43455-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43455-sdio.bin
-        echo "replacing firmware"
-        WARN=1
-    fi
-    if ! $(diff -q /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob); then
-        mv /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.$DATE
-        cp /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob
-        echo "replacing firmware"
-        WARN=1
-    fi
-    if ! $(diff -q /lib/firmware/brcm/brcmfmac43430-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43430-sdio.bin); then
-        mv /lib/firmware/brcm/brcmfmac43430-sdio.bin /lib/firmware/brcm/brcmfmac43430-sdio.bin.$DATE
-        cp /lib/firmware/brcm/brcmfmac43430-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43430-sdio.bin
-        cp /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob
-        echo "replacing firmware"
-        WARN=1
-    fi
-    if ! $(diff -q /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob); then
-        mv /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.$DATE
-        cp /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob
-        echo "replacing firmware"
-        WARN=1
-    fi
-fi
-if [ "$WARN" = "1" ]; then
-    echo -e " \033[31;5mFirmware has been replaced\033[0m"
-    echo -e " \033[31;5mReboot is required to activate\033[0m"
-    touch /.fw_replaced
-    #echo "rebooting..."
-    #reboot
-else
-    echo -e " Firmware check \033[32;5mPASSED\033[0m"
-    if [ -f /.fw_replaced ]; then
-        rm /.fw_replaced
-    fi
-fi
-exit 0
diff --git a/roles/firmware/templates/fw_warn.sh b/roles/firmware/templates/fw_warn.sh
index c6a6e2bfe..5b1ba00df 100644
--- a/roles/firmware/templates/fw_warn.sh
+++ b/roles/firmware/templates/fw_warn.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
-if [ -f /.fw_replaced ]; then
-    echo -e " \033[31;5mFirmware has been replaced\033[0m"
-    echo -e " \033[31;5mReboot is required to activate\033[0m"
-fi
 
+if [ -f /.fw_replaced ]; then
+    echo -e "\n \033[31;5mWiFi Firmware has been replaced, per iiab/iiab#823.\033[0m"
+    echo -e " \033[31;5mReboot is required to activate.\033[0m\n"
+fi
diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware
new file mode 100644
index 000000000..951d143e6
--- /dev/null
+++ b/roles/firmware/templates/iiab-check-firmware
@@ -0,0 +1,59 @@
+#!/bin/bash
+
+WARN=0
+DATE=$(date +%F-%T)
+
+if grep -q '^wifi_hotspot_capacity_rpi_fix: False' /etc/iiab/local_vars.yml ; then
+    echo "'wifi_hotspot_capacity_rpi_fix: False' found in /etc/iiab/local_vars.yml"
+    echo "...so WiFi firmware will NOT be checked or replaced."
+
+    exit 0
+fi
+
+echo -e "'wifi_hotspot_capacity_rpi_fix: True' presumed..."
+echo -e "...in /etc/iiab/local_vars.yml (or /opt/iiab/iiab/vars/default_vars.yml ?)\n"
+
+if ! $(diff -q /lib/firmware/brcm/brcmfmac43455-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43455-sdio.bin); then
+    mv /lib/firmware/brcm/brcmfmac43455-sdio.bin /lib/firmware/brcm/brcmfmac43455-sdio.bin.$DATE
+    cp /lib/firmware/brcm/brcmfmac43455-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43455-sdio.bin
+    echo "Replacing /lib/firmware/brcm/brcmfmac43455-sdio.bin"
+    WARN=1
+fi
+
+if ! $(diff -q /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob); then
+    mv /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.$DATE
+    cp /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob
+    echo "Replacing /lib/firmware/brcm/brcmfmac43455-sdio.clm_blob"
+    WARN=1
+fi
+
+if ! $(diff -q /lib/firmware/brcm/brcmfmac43430-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43430-sdio.bin); then
+    mv /lib/firmware/brcm/brcmfmac43430-sdio.bin /lib/firmware/brcm/brcmfmac43430-sdio.bin.$DATE
+    cp /lib/firmware/brcm/brcmfmac43430-sdio.bin.iiab /lib/firmware/brcm/brcmfmac43430-sdio.bin
+    cp /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob
+    echo "Replacing /lib/firmware/brcm/brcmfmac43430-sdio.bin"
+    WARN=1
+fi
+
+if ! $(diff -q /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob); then
+    mv /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.$DATE
+    cp /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob.iiab /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob
+    echo "Replacing /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob"
+    WARN=1
+fi
+
+if [ "$WARN" = "1" ]; then
+    echo -e "\n \033[31;5mWiFi Firmware has been replaced, per iiab/iiab#823.\033[0m"
+    echo -e " \033[31;5mReboot is required to activate.\033[0m\n"
+    touch /.fw_replaced
+    #echo "rebooting..."
+    #reboot
+else
+    echo -e " WiFi Firmware check \033[32;5mPASSED\033[0m, per iiab/iiab#823."
+    echo -e " (Assuming you've rebooted since it was replaced!)\n"
+    if [ -f /.fw_replaced ]; then
+        rm /.fw_replaced
+    fi
+fi
+
+# exit 0

From 45abe7c660ceffec6780c9f199198df0906d6c4c Mon Sep 17 00:00:00 2001
From: root <holta@users.noreply.github.com>
Date: Tue, 22 Sep 2020 13:22:24 -0400
Subject: [PATCH 7/7] firmware/tasks/main.yml: typo in explanation

---
 roles/firmware/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/firmware/tasks/main.yml b/roles/firmware/tasks/main.yml
index 81783c916..6b4a5c497 100644
--- a/roles/firmware/tasks/main.yml
+++ b/roles/firmware/tasks/main.yml
@@ -1,5 +1,5 @@
 # Please set 'wifi_hotspot_capacity_rpi_fix: True' in /etc/iiab/local_vars.yml
-# to restores support for 30-32 WiFi client devices on any Raspberry Pi that
+# to restore support for 30-32 WiFi client devices on any Raspberry Pi that
 # has internal WiFi.  This installs firmware 7.45.18.0 for Zero W and RPi 3
 # and firmware 7.45.98.65 for RPi 3 B+ and RPi 4.  Capacity testing writeup:
 # https://github.com/iiab/iiab/issues/823#issuecomment-662285202