diff --git a/iiab-install b/iiab-install index 867472a36..42eebef69 100755 --- a/iiab-install +++ b/iiab-install @@ -120,12 +120,12 @@ fi if [ ! -f ./vars/local_vars.yml ]; then case $OS in OLPC | fedora) - cp ./vars/olpc.localvars ./vars/local_vars.yml - echo -e "\nvars/local_vars.yml created from olpc.localvars defaults." + cp ./vars/local_vars_olpc.yml ./vars/local_vars.yml + echo -e "\nvars/local_vars.yml created from local_vars_olpc.yml defaults." ;; centos | debian | ubuntu | raspbian) - cp ./vars/medium.localvars ./vars/local_vars.yml - echo -e "\nvars/local_vars.yml created from medium.localvars defaults." + cp ./vars/local_vars_medium.yml ./vars/local_vars.yml + echo -e "\nvars/local_vars.yml created from local_vars_medium.yml defaults." echo "See MIN/MEDIUM/BIG options @ http://wiki.iiab.io/local_vars.yml" ;; *) diff --git a/runansible b/runansible index a559ae4e3..ef7afb58b 100755 --- a/runansible +++ b/runansible @@ -14,10 +14,10 @@ if [ ! -f ./vars/local_vars.yml ]; then case $OS in OLPC | fedora) - cp ./vars/olpc.localvars ./vars/local_vars.yml + cp ./vars/local_vars_olpc.yml ./vars/local_vars.yml ;; centos | debian | ubuntu | raspbian) - cp ./vars/medium.localvars ./vars/local_vars.yml + cp ./vars/local_vars_medium.yml ./vars/local_vars.yml ;; *) echo "IIAB supports raspbian, debian, ubuntu, centos, and OLPC - exiting now..." diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml new file mode 100644 index 000000000..bf319ce2a --- /dev/null +++ b/vars/local_vars_big.yml @@ -0,0 +1,222 @@ +# This is local_vars_big.yml -- copy it to local_vars.yml then... + +# Put variables herein to override /opt/iiab/iiab/vars/default_vars.yml + +# PLEASE READ http://wiki.iiab.io/local_vars.yml + +# Orig Idea: branch github.com/xsce/xsce-local for your deployment/community + + +# Ansible's default timeout for "get_url:" downloads (10 seconds) often fails +download_timeout: 200 + +# Users and Passwords + +iiab_admin_user: iiab-admin +# Obtain a password hash with: +# python -c 'import crypt; print crypt.crypt("", "$6$<salt>")' +# iiab_admin_passw_hash: +admin_install: True + +# Set admin_install: False if you don't want iiab_admin_user & wheel group +# auto-created in roles/iiab-admin/tasks/main.yml, thereby disabling sudo-based +# warnings on use of published passwords like pi/raspberry & iiab-admin/g0adm1n + +# If admin_install: False, set iiab_admin_user (above) to an existing Linux +# user that has sudo access, so you can login to Admin Console http://box/admin + +iiab_hostname: box +iiab_domain: lan + +# Set to /home or /wordpress or /mediawiki or /wiki (for DokuWiki) +iiab_home_url: /home + +# Raspbian requires WiFi country since March 2018. Please set it here: +host_country_code: US +host_ssid: "Internet in a Box" +host_wifi_mode: g +host_channel: 6 +hostapd_secure: False +hostapd_password: changeme + +dns_jail_enabled: False + +# Enables "campus access" to kiwix (3000), kalite (8008) & calibre (8010 or +# 8080) on WAN side of server. See network/templates/gateway/iiab-gen-iptables +# within github.com/iiab/iiab/blob/master/roles/ +services_externally_visible: True + +# Make this True if client machines should have access to WAN/Internet: +iiab_gateway_enabled: False + +# Make this False to disable http://box/common/services/power_off.php button: +allow_apache_sudo: True + +# Stages 3 & 4 must be run (using iiab-install or runtags) if changing these: +squid_install: True +squid_enabled: True + +dansguardian_install: True +dansguardian_enabled: True + +# Unmaintained as of October 2017: https://github.com/iiab/iiab/pull/382 +# wondershaper_install: False +# wondershaper_enabled: False + +# 1-PREP + +# 2-COMMON + +# 3-BASE-SERVER + +# roles/mysql runs here (mandatory) + +# 4-SERVER-OPTIONS + +# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security +openvpn_install: True +openvpn_enabled: False +# The following seems necessary on CentOS: +# openvpn_cron_enabled: True +# If changing the above, remember to run "cd /opt/iiab/iiab; ./runtags openvpn" + +# roles/network runs here (MANY SETTINGS ABOVE) + +# PostgreSQL - auto-installed by Moodle and/or Pathagar - no need to touch! +postgresql_install: False +postgresql_enabled: False + +# Unmaintained +# authserver_install: False +# authserver_enabled: False + +# Common UNIX Printing System +cups_install: True +cups_enabled: True + +# At Your Own Risk: take a security audit seriously before deploying this +samba_install: True +samba_enabled: False + +# Show entire contents of USB sticks/drives (at http://box/usb) +iiab_usb_lib_show_all: True + +# 5-XO-SERVICES + +# Lesser-supported XO services need additional testing. Please contact +# http://lists.laptop.org/pipermail/server-devel/ if you're able to help test. + +# xo_services_install: False +# xo_services_enabled: False + +# activity_server_install: False +# activity_server_enabled: False + +# Change calibre_port from 8080 to 8010 below, if you enable idmgr +# idmgr_install: False +# idmgr_enabled: False + +# ejabberd_xs_install: False +# ejabberd_xs_enabled: False + +# 6-GENERIC-APPS + +# WARNING: CALIBRE REQUIRES X WINDOWS / OPENGL LIBRARIES. Consider installing +# an OS that includes a GUI (desktop) environment if you need Calibre E-Books. + +calibre_install: True +calibre_enabled: True +# Try .deb upgrade of Calibre (like vars/raspbian-9.yml already does) +# calibre_via_debs: True +calibre_unstable_debs: False +# Try python x86_64 upgrade of Calibre (like vars/<most-OS's>.yml already do) +# calibre_via_python: True +# Change calibre_port to 8010 if you're using XO laptops needing above idmgr +calibre_port: 8080 +# Change calibre to XYZ to add your own mnemonic URL like: http://box/XYZ +calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 +# In addition to: http://box/books box/libros box/livres box/livros box/liv + +dokuwiki_install: True +dokuwiki_enabled: True + +mediawiki_install: True +mediawiki_enabled: True + +elgg_install: True +elgg_enabled: True + +ejabberd_install: True +ejabberd_enabled: False + +nextcloud_install: True +nextcloud_enabled: True + +wordpress_install: True +wordpress_enabled: True + +# 7-EDU-APPS + +kalite_install: True +kalite_enabled: True +kalite_cron_enabled: True + +kiwix_install: True +kiwix_enabled: True + +# Warning: Moodle is a serious LMS, that takes a while to install +moodle_install: True +moodle_enabled: True + +# OpenStreetMap: renamed from {iiab_install, iiab_enabled} in June 2017 +osm_install: True +osm_enabled: True + +# Similar to Calibre, but unmaintained +pathagar_install: False +pathagar_enabled: False + +# Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 +sugarizer_install: True +sugarizer_enabled: True +# sugarizer_enabled is currently IGNORED as basic Sugarizer works w/o Journal! +# https://github.com/iiab/iiab/issues/193 Subsequent "./runtags sugarizer" fail +# https://github.com/iiab/iiab/issues/240 Sugarizer 0.8 to 0.9 ongoing issues + +# 8-MGMT-TOOLS + +awstats_install: True +awstats_enabled: True + +monit_install: True +monit_enabled: True + +munin_install: True +munin_enabled: True + +# Handy for maintaining tables, but DANGEROUS if not locked down +phpmyadmin_install: True +phpmyadmin_enabled: False + +# Unmaintained (better to install from http://teamviewer.com) +teamviewer_install: False +teamviewer_enabled: False + +vnstat_install: True +vnstat_enabled: True + +# Unmaintained +# sugar_stats_install: False +# sugar_stats_enabled: False + +# Unmaintained +# xovis_install: False +# xovis_enabled: False + +# Unmaintained +# schooltool_install: False +# schooltool_enabled: False + +# Unmaintained +# debian_schooltool_install: False +# debian_schooltool_enabled: False diff --git a/vars/local_vars_big_vpn.yml b/vars/local_vars_big_vpn.yml new file mode 100644 index 000000000..ad2ee5d15 --- /dev/null +++ b/vars/local_vars_big_vpn.yml @@ -0,0 +1,222 @@ +# This is local_vars_big_vpn.yml -- copy it to local_vars.yml then... + +# Put variables herein to override /opt/iiab/iiab/vars/default_vars.yml + +# PLEASE READ http://wiki.iiab.io/local_vars.yml + +# Orig Idea: branch github.com/xsce/xsce-local for your deployment/community + + +# Ansible's default timeout for "get_url:" downloads (10 seconds) often fails +download_timeout: 200 + +# Users and Passwords + +iiab_admin_user: iiab-admin +# Obtain a password hash with: +# python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")' +# iiab_admin_passw_hash: +admin_install: True + +# Set admin_install: False if you don't want iiab_admin_user & wheel group +# auto-created in roles/iiab-admin/tasks/main.yml, thereby disabling sudo-based +# warnings on use of published passwords like pi/raspberry & iiab-admin/g0adm1n + +# If admin_install: False, set iiab_admin_user (above) to an existing Linux +# user that has sudo access, so you can login to Admin Console http://box/admin + +iiab_hostname: box +iiab_domain: lan + +# Set to /home or /wordpress or /mediawiki or /wiki (for DokuWiki) +iiab_home_url: /home + +# Raspbian requires WiFi country since March 2018. Please set it here: +host_country_code: US +host_ssid: "Internet in a Box" +host_wifi_mode: g +host_channel: 6 +hostapd_secure: False +hostapd_password: changeme + +dns_jail_enabled: False + +# Enables "campus access" to kiwix (3000), kalite (8008) & calibre (8010 or +# 8080) on WAN side of server. See network/templates/gateway/iiab-gen-iptables +# within github.com/iiab/iiab/blob/master/roles/ +services_externally_visible: True + +# Make this True if client machines should have access to WAN/Internet: +iiab_gateway_enabled: False + +# Make this False to disable http://box/common/services/power_off.php button: +allow_apache_sudo: True + +# Stages 3 & 4 must be run (using iiab-install or runtags) if changing these: +squid_install: True +squid_enabled: True + +dansguardian_install: True +dansguardian_enabled: True + +# Unmaintained as of October 2017: https://github.com/iiab/iiab/pull/382 +# wondershaper_install: False +# wondershaper_enabled: False + +# 1-PREP + +# 2-COMMON + +# 3-BASE-SERVER + +# roles/mysql runs here (mandatory) + +# 4-SERVER-OPTIONS + +# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security +openvpn_install: True +openvpn_enabled: True +# The following seems necessary on CentOS: +# openvpn_cron_enabled: True +# If changing the above, remember to run "cd /opt/iiab/iiab; ./runtags openvpn" + +# roles/network runs here (MANY SETTINGS ABOVE) + +# PostgreSQL - auto-installed by Moodle and/or Pathagar - no need to touch! +postgresql_install: False +postgresql_enabled: False + +# Unmaintained +# authserver_install: False +# authserver_enabled: False + +# Common UNIX Printing System +cups_install: True +cups_enabled: True + +# At Your Own Risk: take a security audit seriously before deploying this +samba_install: True +samba_enabled: False + +# Show entire contents of USB sticks/drives (at http://box/usb) +iiab_usb_lib_show_all: True + +# 5-XO-SERVICES + +# Lesser-supported XO services need additional testing. Please contact +# http://lists.laptop.org/pipermail/server-devel/ if you're able to help test. + +# xo_services_install: False +# xo_services_enabled: False + +# activity_server_install: False +# activity_server_enabled: False + +# Change calibre_port from 8080 to 8010 below, if you enable idmgr +# idmgr_install: False +# idmgr_enabled: False + +# ejabberd_xs_install: False +# ejabberd_xs_enabled: False + +# 6-GENERIC-APPS + +# WARNING: CALIBRE REQUIRES X WINDOWS / OPENGL LIBRARIES. Consider installing +# an OS that includes a GUI (desktop) environment if you need Calibre E-Books. + +calibre_install: True +calibre_enabled: True +# Try .deb upgrade of Calibre (like vars/raspbian-9.yml already does) +# calibre_via_debs: True +calibre_unstable_debs: False +# Try python x86_64 upgrade of Calibre (like vars/<most-OS's>.yml already do) +# calibre_via_python: True +# Change calibre_port to 8010 if you're using XO laptops needing above idmgr +calibre_port: 8080 +# Change calibre to XYZ to add your own mnemonic URL like: http://box/XYZ +calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 +# In addition to: http://box/books box/libros box/livres box/livros box/liv + +dokuwiki_install: True +dokuwiki_enabled: True + +mediawiki_install: True +mediawiki_enabled: True + +elgg_install: True +elgg_enabled: True + +ejabberd_install: True +ejabberd_enabled: False + +nextcloud_install: True +nextcloud_enabled: True + +wordpress_install: True +wordpress_enabled: True + +# 7-EDU-APPS + +kalite_install: True +kalite_enabled: True +kalite_cron_enabled: True + +kiwix_install: True +kiwix_enabled: True + +# Warning: Moodle is a serious LMS, that takes a while to install +moodle_install: True +moodle_enabled: True + +# OpenStreetMap: renamed from {iiab_install, iiab_enabled} in June 2017 +osm_install: True +osm_enabled: True + +# Similar to Calibre, but unmaintained +pathagar_install: False +pathagar_enabled: False + +# Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 +sugarizer_install: True +sugarizer_enabled: True +# sugarizer_enabled is currently IGNORED as basic Sugarizer works w/o Journal! +# https://github.com/iiab/iiab/issues/193 Subsequent "./runtags sugarizer" fail +# https://github.com/iiab/iiab/issues/240 Sugarizer 0.8 to 0.9 ongoing issues + +# 8-MGMT-TOOLS + +awstats_install: True +awstats_enabled: True + +monit_install: True +monit_enabled: True + +munin_install: True +munin_enabled: True + +# Handy for maintaining tables, but DANGEROUS if not locked down +phpmyadmin_install: True +phpmyadmin_enabled: False + +# Unmaintained (better to install from http://teamviewer.com) +teamviewer_install: False +teamviewer_enabled: False + +vnstat_install: True +vnstat_enabled: True + +# Unmaintained +# sugar_stats_install: False +# sugar_stats_enabled: False + +# Unmaintained +# xovis_install: False +# xovis_enabled: False + +# Unmaintained +# schooltool_install: False +# schooltool_enabled: False + +# Unmaintained +# debian_schooltool_install: False +# debian_schooltool_enabled: False diff --git a/vars/medium.localvars b/vars/local_vars_medium.yml similarity index 94% rename from vars/medium.localvars rename to vars/local_vars_medium.yml index 3077cfba5..a747a48f0 100644 --- a/vars/medium.localvars +++ b/vars/local_vars_medium.yml @@ -1,11 +1,12 @@ -# Put variables here to override /opt/iiab/iiab/vars/default_vars.yml +# This is local_vars_medium.yml -- copy it to local_vars.yml then... -# PLEASE READ http://wiki.laptop.org/go/IIAB/local_vars.yml -# SEE EXAMPLE http://download.iiab.io/6.5/rpi/local_vars_big.yml -# SEE EXAMPLE http://download.iiab.io/6.5/rpi/local_vars_min.yml +# Put variables herein to override /opt/iiab/iiab/vars/default_vars.yml + +# PLEASE READ http://wiki.iiab.io/local_vars.yml # Orig Idea: branch github.com/xsce/xsce-local for your deployment/community + # Ansible's default timeout for "get_url:" downloads (10 seconds) often fails download_timeout: 200 @@ -132,7 +133,7 @@ calibre_unstable_debs: False # calibre_via_python: True # Change calibre_port to 8010 if you're using XO laptops needing above idmgr calibre_port: 8080 -# Change calibre to XYZ add your own mnemonic URL like: http://box/XYZ +# Change calibre to XYZ to add your own mnemonic URL like: http://box/XYZ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # In addition to: http://box/books box/libros box/livres box/livros box/liv diff --git a/vars/local_vars_medium_vpn.yml b/vars/local_vars_medium_vpn.yml new file mode 100644 index 000000000..f1235170f --- /dev/null +++ b/vars/local_vars_medium_vpn.yml @@ -0,0 +1,222 @@ +# This is local_vars_medium_vpn.yml -- copy it to local_vars.yml then... + +# Put variables herein to override /opt/iiab/iiab/vars/default_vars.yml + +# PLEASE READ http://wiki.iiab.io/local_vars.yml + +# Orig Idea: branch github.com/xsce/xsce-local for your deployment/community + + +# Ansible's default timeout for "get_url:" downloads (10 seconds) often fails +download_timeout: 200 + +# Users and Passwords + +iiab_admin_user: iiab-admin +# Obtain a password hash with: +# python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")' +# iiab_admin_passw_hash: +admin_install: True + +# Set admin_install: False if you don't want iiab_admin_user & wheel group +# auto-created in roles/iiab-admin/tasks/main.yml, thereby disabling sudo-based +# warnings on use of published passwords like pi/raspberry & iiab-admin/g0adm1n + +# If admin_install: False, set iiab_admin_user (above) to an existing Linux +# user that has sudo access, so you can login to Admin Console http://box/admin + +iiab_hostname: box +iiab_domain: lan + +# Set to /home or /wordpress or /mediawiki or /wiki (for DokuWiki) +iiab_home_url: /home + +# Raspbian requires WiFi country since March 2018. Please set it here: +host_country_code: US +host_ssid: "Internet in a Box" +host_wifi_mode: g +host_channel: 6 +hostapd_secure: False +hostapd_password: changeme + +dns_jail_enabled: False + +# Enables "campus access" to kiwix (3000), kalite (8008) & calibre (8010 or +# 8080) on WAN side of server. See network/templates/gateway/iiab-gen-iptables +# within github.com/iiab/iiab/blob/master/roles/ +services_externally_visible: True + +# Make this True if client machines should have access to WAN/Internet: +iiab_gateway_enabled: False + +# Make this False to disable http://box/common/services/power_off.php button: +allow_apache_sudo: True + +# Stages 3 & 4 must be run (using iiab-install or runtags) if changing these: +squid_install: False +squid_enabled: False + +dansguardian_install: False +dansguardian_enabled: False + +# Unmaintained as of October 2017: https://github.com/iiab/iiab/pull/382 +# wondershaper_install: False +# wondershaper_enabled: False + +# 1-PREP + +# 2-COMMON + +# 3-BASE-SERVER + +# roles/mysql runs here (mandatory) + +# 4-SERVER-OPTIONS + +# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security +openvpn_install: True +openvpn_enabled: True +# The following seems necessary on CentOS: +# openvpn_cron_enabled: True +# If changing the above, remember to run "cd /opt/iiab/iiab; ./runtags openvpn" + +# roles/network runs here (MANY SETTINGS ABOVE) + +# PostgreSQL - auto-installed by Moodle and/or Pathagar - no need to touch! +postgresql_install: False +postgresql_enabled: False + +# Unmaintained +# authserver_install: False +# authserver_enabled: False + +# Common UNIX Printing System +cups_install: True +cups_enabled: False + +# At Your Own Risk: take a security audit seriously before deploying this +samba_install: False +samba_enabled: False + +# Show entire contents of USB sticks/drives (at http://box/usb) +iiab_usb_lib_show_all: True + +# 5-XO-SERVICES + +# Lesser-supported XO services need additional testing. Please contact +# http://lists.laptop.org/pipermail/server-devel/ if you're able to help test. + +# xo_services_install: False +# xo_services_enabled: False + +# activity_server_install: False +# activity_server_enabled: False + +# Change calibre_port from 8080 to 8010 below, if you enable idmgr +# idmgr_install: False +# idmgr_enabled: False + +# ejabberd_xs_install: False +# ejabberd_xs_enabled: False + +# 6-GENERIC-APPS + +# WARNING: CALIBRE REQUIRES X WINDOWS / OPENGL LIBRARIES. Consider installing +# an OS that includes a GUI (desktop) environment if you need Calibre E-Books. + +calibre_install: True +calibre_enabled: True +# Try .deb upgrade of Calibre (like vars/raspbian-9.yml already does) +# calibre_via_debs: True +calibre_unstable_debs: False +# Try python x86_64 upgrade of Calibre (like vars/<most-OS's>.yml already do) +# calibre_via_python: True +# Change calibre_port to 8010 if you're using XO laptops needing above idmgr +calibre_port: 8080 +# Change calibre to XYZ to add your own mnemonic URL like: http://box/XYZ +calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 +# In addition to: http://box/books box/libros box/livres box/livros box/liv + +dokuwiki_install: False +dokuwiki_enabled: False + +mediawiki_install: False +mediawiki_enabled: False + +elgg_install: True +elgg_enabled: True + +ejabberd_install: False +ejabberd_enabled: False + +nextcloud_install: True +nextcloud_enabled: True + +wordpress_install: True +wordpress_enabled: True + +# 7-EDU-APPS + +kalite_install: True +kalite_enabled: True +kalite_cron_enabled: True + +kiwix_install: True +kiwix_enabled: True + +# Warning: Moodle is a serious LMS, that takes a while to install +moodle_install: False +moodle_enabled: False + +# OpenStreetMap: renamed from {iiab_install, iiab_enabled} in June 2017 +osm_install: True +osm_enabled: True + +# Similar to Calibre, but unmaintained +pathagar_install: False +pathagar_enabled: False + +# Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 +sugarizer_install: True +sugarizer_enabled: True +# sugarizer_enabled is currently IGNORED as basic Sugarizer works w/o Journal! +# https://github.com/iiab/iiab/issues/193 Subsequent "./runtags sugarizer" fail +# https://github.com/iiab/iiab/issues/240 Sugarizer 0.8 to 0.9 ongoing issues + +# 8-MGMT-TOOLS + +awstats_install: True +awstats_enabled: True + +monit_install: False +monit_enabled: False + +munin_install: True +munin_enabled: True + +# Handy for maintaining tables, but DANGEROUS if not locked down +phpmyadmin_install: False +phpmyadmin_enabled: False + +# Unmaintained (better to install from http://teamviewer.com) +teamviewer_install: False +teamviewer_enabled: False + +vnstat_install: True +vnstat_enabled: True + +# Unmaintained +# sugar_stats_install: False +# sugar_stats_enabled: False + +# Unmaintained +# xovis_install: False +# xovis_enabled: False + +# Unmaintained +# schooltool_install: False +# schooltool_enabled: False + +# Unmaintained +# debian_schooltool_install: False +# debian_schooltool_enabled: False diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml new file mode 100644 index 000000000..644c54c90 --- /dev/null +++ b/vars/local_vars_min.yml @@ -0,0 +1,222 @@ +# This is local_vars_min.yml -- copy it to local_vars.yml then... + +# Put variables herein to override /opt/iiab/iiab/vars/default_vars.yml + +# PLEASE READ http://wiki.iiab.io/local_vars.yml + +# Orig Idea: branch github.com/xsce/xsce-local for your deployment/community + + +# Ansible's default timeout for "get_url:" downloads (10 seconds) often fails +download_timeout: 200 + +# Users and Passwords + +iiab_admin_user: iiab-admin +# Obtain a password hash with: +# python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")' +# iiab_admin_passw_hash: +admin_install: True + +# Set admin_install: False if you don't want iiab_admin_user & wheel group +# auto-created in roles/iiab-admin/tasks/main.yml, thereby disabling sudo-based +# warnings on use of published passwords like pi/raspberry & iiab-admin/g0adm1n + +# If admin_install: False, set iiab_admin_user (above) to an existing Linux +# user that has sudo access, so you can login to Admin Console http://box/admin + +iiab_hostname: box +iiab_domain: lan + +# Set to /home or /wordpress or /mediawiki or /wiki (for DokuWiki) +iiab_home_url: /home + +# Raspbian requires WiFi country since March 2018. Please set it here: +host_country_code: US +host_ssid: "Internet in a Box" +host_wifi_mode: g +host_channel: 6 +hostapd_secure: False +hostapd_password: changeme + +dns_jail_enabled: False + +# Enables "campus access" to kiwix (3000), kalite (8008) & calibre (8010 or +# 8080) on WAN side of server. See network/templates/gateway/iiab-gen-iptables +# within github.com/iiab/iiab/blob/master/roles/ +services_externally_visible: True + +# Make this True if client machines should have access to WAN/Internet: +iiab_gateway_enabled: False + +# Make this False to disable http://box/common/services/power_off.php button: +allow_apache_sudo: True + +# Stages 3 & 4 must be run (using iiab-install or runtags) if changing these: +squid_install: False +squid_enabled: False + +dansguardian_install: False +dansguardian_enabled: False + +# Unmaintained as of October 2017: https://github.com/iiab/iiab/pull/382 +# wondershaper_install: False +# wondershaper_enabled: False + +# 1-PREP + +# 2-COMMON + +# 3-BASE-SERVER + +# roles/mysql runs here (mandatory) + +# 4-SERVER-OPTIONS + +# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security +openvpn_install: True +openvpn_enabled: False +# The following seems necessary on CentOS: +# openvpn_cron_enabled: True +# If changing the above, remember to run "cd /opt/iiab/iiab; ./runtags openvpn" + +# roles/network runs here (MANY SETTINGS ABOVE) + +# PostgreSQL - auto-installed by Moodle and/or Pathagar - no need to touch! +postgresql_install: False +postgresql_enabled: False + +# Unmaintained +# authserver_install: False +# authserver_enabled: False + +# Common UNIX Printing System +cups_install: False +cups_enabled: False + +# At Your Own Risk: take a security audit seriously before deploying this +samba_install: False +samba_enabled: False + +# Show entire contents of USB sticks/drives (at http://box/usb) +iiab_usb_lib_show_all: True + +# 5-XO-SERVICES + +# Lesser-supported XO services need additional testing. Please contact +# http://lists.laptop.org/pipermail/server-devel/ if you're able to help test. + +# xo_services_install: False +# xo_services_enabled: False + +# activity_server_install: False +# activity_server_enabled: False + +# Change calibre_port from 8080 to 8010 below, if you enable idmgr +# idmgr_install: False +# idmgr_enabled: False + +# ejabberd_xs_install: False +# ejabberd_xs_enabled: False + +# 6-GENERIC-APPS + +# WARNING: CALIBRE REQUIRES X WINDOWS / OPENGL LIBRARIES. Consider installing +# an OS that includes a GUI (desktop) environment if you need Calibre E-Books. + +calibre_install: False +calibre_enabled: False +# Try .deb upgrade of Calibre (like vars/raspbian-9.yml already does) +# calibre_via_debs: True +calibre_unstable_debs: False +# Try python x86_64 upgrade of Calibre (like vars/<most-OS's>.yml already do) +# calibre_via_python: True +# Change calibre_port to 8010 if you're using XO laptops needing above idmgr +calibre_port: 8080 +# Change calibre to XYZ to add your own mnemonic URL like: http://box/XYZ +calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 +# In addition to: http://box/books box/libros box/livres box/livros box/liv + +dokuwiki_install: False +dokuwiki_enabled: False + +mediawiki_install: False +mediawiki_enabled: False + +elgg_install: False +elgg_enabled: False + +ejabberd_install: False +ejabberd_enabled: False + +nextcloud_install: False +nextcloud_enabled: False + +wordpress_install: False +wordpress_enabled: False + +# 7-EDU-APPS + +kalite_install: True +kalite_enabled: True +kalite_cron_enabled: True + +kiwix_install: True +kiwix_enabled: True + +# Warning: Moodle is a serious LMS, that takes a while to install +moodle_install: False +moodle_enabled: False + +# OpenStreetMap: renamed from {iiab_install, iiab_enabled} in June 2017 +osm_install: False +osm_enabled: False + +# Similar to Calibre, but unmaintained +pathagar_install: False +pathagar_enabled: False + +# Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 +sugarizer_install: False +sugarizer_enabled: False +# sugarizer_enabled is currently IGNORED as basic Sugarizer works w/o Journal! +# https://github.com/iiab/iiab/issues/193 Subsequent "./runtags sugarizer" fail +# https://github.com/iiab/iiab/issues/240 Sugarizer 0.8 to 0.9 ongoing issues + +# 8-MGMT-TOOLS + +awstats_install: True +awstats_enabled: True + +monit_install: False +monit_enabled: False + +munin_install: True +munin_enabled: True + +# Handy for maintaining tables, but DANGEROUS if not locked down +phpmyadmin_install: False +phpmyadmin_enabled: False + +# Unmaintained (better to install from http://teamviewer.com) +teamviewer_install: False +teamviewer_enabled: False + +vnstat_install: True +vnstat_enabled: True + +# Unmaintained +# sugar_stats_install: False +# sugar_stats_enabled: False + +# Unmaintained +# xovis_install: False +# xovis_enabled: False + +# Unmaintained +# schooltool_install: False +# schooltool_enabled: False + +# Unmaintained +# debian_schooltool_install: False +# debian_schooltool_enabled: False diff --git a/vars/local_vars_min_vpn.yml b/vars/local_vars_min_vpn.yml new file mode 100644 index 000000000..199607ae0 --- /dev/null +++ b/vars/local_vars_min_vpn.yml @@ -0,0 +1,222 @@ +# This is local_vars_min_vpn.yml -- copy it to local_vars.yml then... + +# Put variables herein to override /opt/iiab/iiab/vars/default_vars.yml + +# PLEASE READ http://wiki.iiab.io/local_vars.yml + +# Orig Idea: branch github.com/xsce/xsce-local for your deployment/community + + +# Ansible's default timeout for "get_url:" downloads (10 seconds) often fails +download_timeout: 200 + +# Users and Passwords + +iiab_admin_user: iiab-admin +# Obtain a password hash with: +# python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")' +# iiab_admin_passw_hash: +admin_install: True + +# Set admin_install: False if you don't want iiab_admin_user & wheel group +# auto-created in roles/iiab-admin/tasks/main.yml, thereby disabling sudo-based +# warnings on use of published passwords like pi/raspberry & iiab-admin/g0adm1n + +# If admin_install: False, set iiab_admin_user (above) to an existing Linux +# user that has sudo access, so you can login to Admin Console http://box/admin + +iiab_hostname: box +iiab_domain: lan + +# Set to /home or /wordpress or /mediawiki or /wiki (for DokuWiki) +iiab_home_url: /home + +# Raspbian requires WiFi country since March 2018. Please set it here: +host_country_code: US +host_ssid: "Internet in a Box" +host_wifi_mode: g +host_channel: 6 +hostapd_secure: False +hostapd_password: changeme + +dns_jail_enabled: False + +# Enables "campus access" to kiwix (3000), kalite (8008) & calibre (8010 or +# 8080) on WAN side of server. See network/templates/gateway/iiab-gen-iptables +# within github.com/iiab/iiab/blob/master/roles/ +services_externally_visible: True + +# Make this True if client machines should have access to WAN/Internet: +iiab_gateway_enabled: False + +# Make this False to disable http://box/common/services/power_off.php button: +allow_apache_sudo: True + +# Stages 3 & 4 must be run (using iiab-install or runtags) if changing these: +squid_install: False +squid_enabled: False + +dansguardian_install: False +dansguardian_enabled: False + +# Unmaintained as of October 2017: https://github.com/iiab/iiab/pull/382 +# wondershaper_install: False +# wondershaper_enabled: False + +# 1-PREP + +# 2-COMMON + +# 3-BASE-SERVER + +# roles/mysql runs here (mandatory) + +# 4-SERVER-OPTIONS + +# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security +openvpn_install: True +openvpn_enabled: True +# The following seems necessary on CentOS: +# openvpn_cron_enabled: True +# If changing the above, remember to run "cd /opt/iiab/iiab; ./runtags openvpn" + +# roles/network runs here (MANY SETTINGS ABOVE) + +# PostgreSQL - auto-installed by Moodle and/or Pathagar - no need to touch! +postgresql_install: False +postgresql_enabled: False + +# Unmaintained +# authserver_install: False +# authserver_enabled: False + +# Common UNIX Printing System +cups_install: False +cups_enabled: False + +# At Your Own Risk: take a security audit seriously before deploying this +samba_install: False +samba_enabled: False + +# Show entire contents of USB sticks/drives (at http://box/usb) +iiab_usb_lib_show_all: True + +# 5-XO-SERVICES + +# Lesser-supported XO services need additional testing. Please contact +# http://lists.laptop.org/pipermail/server-devel/ if you're able to help test. + +# xo_services_install: False +# xo_services_enabled: False + +# activity_server_install: False +# activity_server_enabled: False + +# Change calibre_port from 8080 to 8010 below, if you enable idmgr +# idmgr_install: False +# idmgr_enabled: False + +# ejabberd_xs_install: False +# ejabberd_xs_enabled: False + +# 6-GENERIC-APPS + +# WARNING: CALIBRE REQUIRES X WINDOWS / OPENGL LIBRARIES. Consider installing +# an OS that includes a GUI (desktop) environment if you need Calibre E-Books. + +calibre_install: False +calibre_enabled: False +# Try .deb upgrade of Calibre (like vars/raspbian-9.yml already does) +# calibre_via_debs: True +calibre_unstable_debs: False +# Try python x86_64 upgrade of Calibre (like vars/<most-OS's>.yml already do) +# calibre_via_python: True +# Change calibre_port to 8010 if you're using XO laptops needing above idmgr +calibre_port: 8080 +# Change calibre to XYZ to add your own mnemonic URL like: http://box/XYZ +calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 +# In addition to: http://box/books box/libros box/livres box/livros box/liv + +dokuwiki_install: False +dokuwiki_enabled: False + +mediawiki_install: False +mediawiki_enabled: False + +elgg_install: False +elgg_enabled: False + +ejabberd_install: False +ejabberd_enabled: False + +nextcloud_install: False +nextcloud_enabled: False + +wordpress_install: False +wordpress_enabled: False + +# 7-EDU-APPS + +kalite_install: True +kalite_enabled: True +kalite_cron_enabled: True + +kiwix_install: True +kiwix_enabled: True + +# Warning: Moodle is a serious LMS, that takes a while to install +moodle_install: False +moodle_enabled: False + +# OpenStreetMap: renamed from {iiab_install, iiab_enabled} in June 2017 +osm_install: False +osm_enabled: False + +# Similar to Calibre, but unmaintained +pathagar_install: False +pathagar_enabled: False + +# Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 +sugarizer_install: False +sugarizer_enabled: False +# sugarizer_enabled is currently IGNORED as basic Sugarizer works w/o Journal! +# https://github.com/iiab/iiab/issues/193 Subsequent "./runtags sugarizer" fail +# https://github.com/iiab/iiab/issues/240 Sugarizer 0.8 to 0.9 ongoing issues + +# 8-MGMT-TOOLS + +awstats_install: True +awstats_enabled: True + +monit_install: False +monit_enabled: False + +munin_install: True +munin_enabled: True + +# Handy for maintaining tables, but DANGEROUS if not locked down +phpmyadmin_install: False +phpmyadmin_enabled: False + +# Unmaintained (better to install from http://teamviewer.com) +teamviewer_install: False +teamviewer_enabled: False + +vnstat_install: True +vnstat_enabled: True + +# Unmaintained +# sugar_stats_install: False +# sugar_stats_enabled: False + +# Unmaintained +# xovis_install: False +# xovis_enabled: False + +# Unmaintained +# schooltool_install: False +# schooltool_enabled: False + +# Unmaintained +# debian_schooltool_install: False +# debian_schooltool_enabled: False diff --git a/vars/olpc.localvars b/vars/local_vars_olpc.yml similarity index 100% rename from vars/olpc.localvars rename to vars/local_vars_olpc.yml