external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Merge pull request #2929 from holta/apache_cleanup

Browse source 
Cleaner filesystem when Apache is not installed, using roles/pbx/tasks/apache.yml + local_vars_unittest.yml
This commit is contained in:
A Holt 2021-08-09 09:18:08 -04:00 committed by GitHub
commit 877e3e5117
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 489 additions and 95 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
roles/nginx/tasks/install.yml
View file

@ -42,7 +42,7 @@
path: /etc/nginx/sites-enabled/default
state: absent
- name: 'Install 4 (of 5) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/nginx/mime.types, /etc/{{ apache_service }}/ports.conf'
- name: 'Install 3 (of 5) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/nginx/mime.types'
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
@ -50,7 +50,7 @@
- { src: 'server.conf.j2', dest: '/etc/nginx/server.conf' }
- { src: 'nginx.conf.j2', dest: '/etc/nginx/nginx.conf' }
- { src: 'mime.types.j2', dest: '/etc/nginx/mime.types' }
- { src: 'apache-ports.conf', dest: '/etc/{{ apache_service }}/ports.conf' } # 2021-08-08: Restored from enable-or-disable.yml
# - { src: 'ports.conf', dest: '/etc/{{ apache_service }}/ports.conf' } # 2021-08-09: Restored from enable-or-disable.yml then moved to roles/pbx/tasks/apache.yml
# - { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" } # Moved into homepage.yml, invoked later by roles/www_options/tasks/main.yml (see below!)
- debug:

41
roles/pbx/tasks/apache.yml Normal file
View file

@ -0,0 +1,41 @@
# Must happen before install of Apache, or it'll collide with NGINX port 80.
# 2021-08-09: Used to be done by roles/nginx/tasks/install.yml
- name: "FreePBX - Install from template: /etc/{{ apache_service }}/ports.conf containing 'Listen {{ pbx_http_port }}'" # i.e. port 83
template:
src: ports.conf
dest: /etc/{{ apache_service }}/
- name: "FreePBX - Install Apache packages: {{ apache_service }}, libapache2-mod-php, libapache2-mpm-itk"
package:
name:
- "{{ apache_service }}" # 2021-08-07: Install apache2 directly, as we prepare to deprecate roles/httpd
- libapache2-mod-php # NOTE duplication: roles/httpd/tasks.install.yml installed libapache2-mod-php{{ php_version }} ostensibly for "Elgg, Moodle, etc"
- libapache2-mpm-itk # To serve FreePBX through a VirtualHost as asterisk user (#2914: Is this possible via NGINX?)
- name: 'FreePBX - Enable Apache module, as with "a2enmod" command: rewrite'
apache2_module:
name: rewrite
# Legacy code from roles/httpd/tasks/install.yml
# - name: 'Enable 5 Apache modules, as with "a2enmod" command: headers, proxy, proxy_html, proxy_http, rewrite (for http://box/kiwix, http://box/kolibri, http://box/nodered, etc)'
# apache2_module:
# name: "{{ item }}"
# with_items:
# - headers
# - proxy
# - proxy_html
# - proxy_http
# - rewrite
# 2021-08-08: Security risks? But official install doc recommends this:
# https://wiki.freepbx.org/display/FOP/Installing+FreePBX+16+on+Debian+10.9
# (lineinfile doesn't quite do the job, as all instances are replaced)
- name: FreePBX - Run "sed -i 's/AllowOverride None/AllowOverride All/' /etc/apache2/apache2.conf"
command: sed -i 's/AllowOverride None/AllowOverride All/' /etc/apache2/apache2.conf
- name: FreePBX - Install /etc/{{ apache_service }}/sites-available/freepbx.conf from template ({{ apache_user }}:{{ apache_user }}, 0644 by default)
template:
src: freepbx.conf.j2
dest: /etc/{{ apache_service }}/sites-available/freepbx.conf # apache2
owner: "{{ apache_user }}" # www-data
group: "{{ apache_user }}"

2
roles/pbx/tasks/asterisk.yml
View file

@ -1,6 +1,6 @@
# 2021-08-05: Asterisk's own install_prereq (below) handles essentially all of these
# - name: Asterisk - Install dependencies
# include: asterisk_dependencies.yml
# include_tasks: asterisk_dependencies.yml
# BEWARE: 'systemctl is-active asterix' falsely reports 'inactive' even when systemd
# is compiled in below! FWIW: /opt/iiab/asterisk/contrib/systemd/asterisk.service

144
roles/pbx/tasks/freepbx.yml
View file

@ -3,8 +3,65 @@
# RPi: http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html
# 2012-2017: http://www.raspberry-asterisk.org
- name: FreePBX - Install dependencies
include: freepbx_dependencies.yml
# 2021-08-04: systemd service 'asterisk' is Enabled but Not Active at this point -- LET'S EXPERIMENT
# - name: FreePBX - Disable & Stop 'asterisk' systemd service
# systemd:
# daemon_reload: yes
# name: asterisk
# enabled: no
# state: stopped
# 2021-08-05: Asterisk's systemd / systemctl support is getting there but Very
# Imperfect (even when compiled in, as a result of package 'libsystemd-dev' at
# top of asterisk.tml) so let's follow these "official" instructions for now:
- name: FreePBX - Run 'update-rc.d -f asterisk remove' similar to 'systemctl disable asterisk' giving FreePBX full control during boot - not strictly required but recommended by https://wiki.freepbx.org/display/FOP/Installing+FreePBX+16+on+Debian+10.9
command: update-rc.d -f asterisk remove
- name: FreePBX - Install wget, git, unixodbc, sudo, net-tools, cron, sox + ~12 PHP dependencies (run 'php -m' or 'php -i' to verify PHP modules)
package:
name:
- wget
- git
- unixodbc # For Asterisk CDR (Call Detail Records)
- sudo # Required by FreePBX install script
- net-tools # Required by FWConsole (command-line utility, that controls FreePBX)
- cron # Required by FreePBX UCP package (User Control Panel)
- sox # Required for CDR web-playback
# - php{{ php_version }} # Basically drags in phpX.Y-cgi (already below!)
- php{{ php_version }}-bcmath # Likewise installed in nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php{{ php_version }}-cgi
# - php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
- php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php{{ php_version }}-fpm # Likewise installed in nginx/tasks/install.yml
# - php{{ php_version }}-gettext
- php{{ php_version }}-gd # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml
- php{{ php_version }}-imap
# - php{{ php_version }}-json # See stanza just below
- php{{ php_version }}-mbstring # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
# - python-mysqldb # https://github.com/Yannik/ansible-role-freepbx/blob/master/tasks/freepbx.yml#L33
- php{{ php_version }}-mysql # Likewise installed in mysql/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php-pear # Likewise installed for ADMIN CONSOLE https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19
- php{{ php_version }}-snmp
- php{{ php_version }}-xml # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter}
- php{{ php_version }}-zip # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
state: latest
# For PHP >= 8.0: phpX.Y-json is baked into PHP itself.
# For PHP < 8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json
#
# - name: Install php{{ php_version }}-json if PHP < 8.0
# package:
# name: php{{ php_version }}-json
# state: present
# when: php_version is version('8.0', '<')
- name: FreePBX - Install and configure Apache - if not pbx_try_nginx
include_tasks: apache.yml
when: not pbx_try_nginx
- name: FreePBX - Download {{ freepbx_url }}/{{ freepbx_src_file }} to {{ downloads_dir }}
get_url:
@ -49,27 +106,17 @@
# src: roles/pbx/templates/pbx.patch
# dest: "{{ freepbx_src_dir }}/amp_conf/htdocs/admin/libraries/Composer/vendor/neitanod/forceutf8/src/ForceUTF8/Encoding.php"
# 2021-08-04: systemd service 'asterisk' is Enabled but Not Active at this point -- LET'S EXPERIMENT
# - name: FreePBX - Disable & Stop 'asterisk' systemd service
# systemd:
# daemon_reload: yes
# name: asterisk
# enabled: no
# state: stopped
# 2021-08-05: Asterisk's systemd / systemctl support is getting there but Very
# Imperfect (even when compiled in, as a result of package 'libsystemd-dev' at
# top of asterisk.tml) so let's follow these "official" instructions for now:
- name: FreePBX - Run 'update-rc.d -f asterisk remove' similar to 'systemctl disable asterisk' giving FreePBX full control during boot - not strictly required but recommended by https://wiki.freepbx.org/display/FOP/Installing+FreePBX+16+on+Debian+10.9
command: update-rc.d -f asterisk remove
# 2021-08-04: FreePBX 16 no longer needs this FreePBX 15 patch
# - name: FreePBX - Patch FreePBX source - disable get_magic_quotes_gpc()
# patch:
# src: roles/pbx/templates/pbx2.patch
# dest: "{{ freepbx_install_dir }}/admin/libraries/view.functions.php"
- name: FreePBX - Add MySQL user ({{ asterisk_db_user }})
mysql_user:
name: "{{ asterisk_db_user }}"
password: "{{ asterisk_db_password }}"
name: "{{ asterisk_db_user }}" # asterisk
password: "{{ asterisk_db_password }}" # asterisk
priv: "{{ asterisk_db_dbname }}.*:ALL/{{ asterisk_db_cdrdbname }}.*:ALL"
# login_host: "{{ asterisk_db_host }}"
# login_user: root
@ -79,7 +126,7 @@
- name: FreePBX - Add MySQL db ({{ asterisk_db_dbname }})
mysql_db:
name: "{{ asterisk_db_dbname }}"
name: "{{ asterisk_db_dbname }}" # asterisk
encoding: utf8
collation: utf8_general_ci
# login_host: "{{ asterisk_db_host }}"
@ -89,12 +136,13 @@
- name: FreePBX - Add cdr MySQL db ({{ asterisk_db_cdrdbname }})
mysql_db:
name: "{{ asterisk_db_cdrdbname }}"
name: "{{ asterisk_db_cdrdbname }}" # asteriskcdrdb
encoding: utf8
collation: utf8_general_ci
login_host: "{{ asterisk_db_host }}"
state: present
- name: FreePBX - Create new php sessions dir /var/lib/php/asterisk_sessions/ - SEE 'php_value session.save_path /var/lib/php/asterisk_sessions/' IN pbx/templates/freepbx.conf.j2
file:
path: /var/lib/php/asterisk_sessions/
@ -107,7 +155,7 @@
group: asterisk
recurse: yes
- name: "FreePBX - Populate /etc/asterisk/freepbx_chown.conf to prevent 'fwconsole chown' takeover of /var/lib/php/sessions - and possibly later /etc/freepbx.conf, /var/log/asterisk/freepbx.log, /var/spool/asterisk/cache"
- name: "FreePBX - Populate /etc/asterisk/freepbx_chown.conf to prevent 'fwconsole chown' takeover of /var/lib/php/sessions" # And possibly later /etc/freepbx.conf, /var/log/asterisk/freepbx.log, /var/spool/asterisk/cache
blockinfile:
content: |
[blacklist]
@ -118,14 +166,8 @@
group: asterisk
create: yes
# 2021-08-04: FreePBX 16 no longer needs this FreePBX 15 patch
# - name: FreePBX - Patch FreePBX source - disable get_magic_quotes_gpc()
# patch:
# src: roles/pbx/templates/pbx2.patch
# dest: "{{ freepbx_install_dir }}/admin/libraries/view.functions.php"
- name: FreePBX - 2-step install (just run once) - CAN TAKE 3-12 MIN OR LONGER!
- name: FreePBX - 2-step install - won't run if {{ freepbx_install_dir }} already exists - CAN TAKE 3-12 MIN OR LONGER!
command: "{{ item }}"
args:
chdir: "{{ freepbx_src_dir }}"
@ -151,7 +193,6 @@
# - fwconsole restart
ignore_errors: yes # 2021-08-08: For things like 'killall -9 safe_asterisk' that fail when process doesn't exist
# 2021-08-06: This stanza works, but above is more graceful. (FYI PRs #2908,
# #2912, #2913 didn't quite work -- whereas this PR #2915 at least worked!)
# - name: FreePBX - Run 'systemctl restart freepbx' TWICE (THIS IS 1 OF 2) to get past 'systemctl status freepbx' glitch "Unable to run Pre-Asterisk hooks, because Asterisk is already running"
@ -161,6 +202,18 @@
# enabled: yes
# state: restarted
- name: FreePBX - Install /etc/odbc.ini from template (root:root, 0644 by default) for CDR 'asteriskcdrdb' - in future consider compiling ODBC driver for aarch64 per http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html ?
template:
src: odbc.ini
dest: /etc/
- name: FreePBX - Install /etc/systemd/system/freepbx.service from template (root:root, 0644 by default)
template:
src: freepbx.service
dest: /etc/systemd/system/
# - name: 'FreePBX - fix file permissions for NGINX: /etc/freepbx.conf (0644), /var/log/asterisk/freepbx.log (0666)'
# file:
# #state: file
@ -169,6 +222,7 @@
# with_items:
# - { path: '/etc/freepbx.conf', mode: u=rw,g=r,o=r } # 2021-08-04: LATER ENDS UP AS 0660
# - { path: '/var/log/asterisk/freepbx.log', mode: u=rw,g=rw,o=rw } # 2021-08-04: LATER ENDS UP AS 0664
# when: pbx_try_nginx
# - name: 'FreePBX - fix dir permissions for NGINX: /var/spool/asterisk/cache (0777)'
# file:
@ -179,17 +233,7 @@
# with_items:
# # - /var/www/html/freepbx/admin/assets/less/cache
# - /var/spool/asterisk/cache
- name: FreePBX - Install /etc/odbc.ini from template (root:root, 0644 by default) - in future consider compiling ODBC driver for aarch64 per http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html ?
template:
src: odbc.ini
dest: /etc/
- name: FreePBX - Install /etc/systemd/system/freepbx.service from template (root:root, 0644 by default)
template:
src: freepbx.service
dest: /etc/systemd/system/
# when: pbx_try_nginx
# For 'pbx_try_nginx: True' -- FreePBX's initial page (Admin user registration)
# tries to set up a cron job but fails:
@ -202,21 +246,3 @@
# insertafter: '^<\?php$' # Match exact line '<?php'
# line: "$amp_conf['AMPASTERISKWEBUSER'] = 'www-data';"
# when: pbx_try_nginx
- block:
- name: FreePBX - Install /etc/{{ apache_service }}/sites-available/freepbx.conf from template ({{ apache_user }}:{{ apache_user }}, 0644 by default)
template:
src: freepbx.conf.j2
dest: /etc/{{ apache_service }}/sites-available/freepbx.conf # apache2
owner: "{{ apache_user }}" # www-data
group: "{{ apache_user }}"
- name: FreePBX - Add directive "Listen {{ pbx_http_port }}" to /etc/{{ apache_service }}/ports.conf
lineinfile:
path: /etc/{{ apache_service }}/ports.conf
line: "Listen {{ pbx_http_port }}"
# insertafter: Listen 80
when: not pbx_try_nginx

31
roles/pbx/tasks/freepbx_dependencies.yml → roles/pbx/tasks/freepbx_dependencies.yml.unused
View file

@ -35,34 +35,3 @@
# name: php{{ php_version }}-json
# state: present
# when: php_version is version('8.0', '<')
- block:
- name: "FreePBX - Install Apache packages: {{ apache_service }}, libapache2-mod-php, libapache2-mpm-itk - if not pbx_try_nginx"
package:
name:
- "{{ apache_service }}" # 2021-08-07: Install apache2 directly, as we prepare to deprecate roles/httpd
- libapache2-mod-php # NOTE duplication: roles/httpd/tasks.install.yml installed libapache2-mod-php{{ php_version }} ostensibly for "Elgg, Moodle, etc"
- libapache2-mpm-itk # To serve FreePBX through a VirtualHost as asterisk user (#2914: Is this possible via NGINX?)
- name: 'Enable Apache module, as with "a2enmod" command: rewrite'
apache2_module:
name: rewrite
# - name: 'Enable 5 Apache modules, as with "a2enmod" command: headers, proxy, proxy_html, proxy_http, rewrite (for http://box/kiwix, http://box/kolibri, http://box/nodered, etc)'
# apache2_module:
# name: "{{ item }}"
# with_items:
# - headers
# - proxy
# - proxy_html
# - proxy_http
# - rewrite
# 2021-08-08: Security risks? But official install doc recommends this:
# https://wiki.freepbx.org/display/FOP/Installing+FreePBX+16+on+Debian+10.9
- name: Run "sed -i 's/AllowOverride None/AllowOverride All/' /etc/apache2/apache2.conf"
command: sed -i 's/AllowOverride None/AllowOverride All/' /etc/apache2/apache2.conf
when: not pbx_try_nginx

2
roles/pbx/tasks/install.yml
View file

@ -22,7 +22,7 @@
# when: nodejs_version != "12.x"
# 2021-08-07: Moved to roles/pbx/tasks/freepbx_dependencies.yml
# 2021-08-09: Moved to roles/pbx/tasks/apache.yml
# - name: "Set 'apache_install: True' and 'apache_enabled: True'"
# set_fact:

4
roles/nginx/templates/apache-ports.conf → roles/pbx/templates/ports.conf
View file

@ -8,6 +8,9 @@
# IIAB NGINX proxying to legacy svcs (Dec 2019 - Aug 2021)
#Listen 127.0.0.1:8090
# IIAB FreePBX for Asterisk
Listen {{ pbx_http_port }}
#<IfModule ssl_module>
# Listen 443
#</IfModule>
@ -17,4 +20,3 @@
#</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

356
vars/local_vars_unittest.yml Normal file
View file

@ -0,0 +1,356 @@
# This is local_vars_min.yml -- copy it to /etc/iiab/local_vars.yml then...
# modify variables below, to override /opt/iiab/iiab/vars/default_vars.yml
# PLZ READ http://wiki.laptop.org/go/IIAB/local_vars.yml AND http://FAQ.IIAB.IO
# Orig Idea: branch github.com/xsce/xsce-local for your deployment/community
# IIAB does NOT currently support uninstalling apps! So: if any IIAB app is
# installed with 'APP_XYZ_install: True' below, do NOT later change that.
# WARNING: IF YOU CONNECT YOUR IIAB'S INTERNAL WIFI TO THE INTERNET OVER 5 GHz,
# YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM
# CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below.
# Ansible's default timeout for "get_url:" downloads (10 seconds) often fails
download_timeout: 200
# Real-time clock: set RTC chip family here. Future auto-detection plausible?
rtc_id: none # Or ds3231 ?
# Please read more about the 'iiab-admin' Linux user, for login to IIAB's
# Admin Console (http://box.lan/admin) AND to help you at the command-line:
# https://github.com/iiab/iiab/tree/master/roles/iiab-admin
# https://github.com/iiab/iiab-admin-console/blob/master/Authentication.md
#
iiab_admin_user: iiab-admin # Some prefer to reuse 'pi' or 'ubuntu' etc.
# Set iiab_admin_user_install: False if you don't want iiab_admin_user auto-
# configured e.g. by IIAB's 1-line installer & iiab-admin/tasks/admin-user.yml
iiab_admin_user_install: True # If False, THE SETTING BELOW WILL BE IGNORED.
iiab_admin_can_sudo: True # For /usr/bin/iiab-* support commands. Optional.
# Set these to False if you do not want to install/enable IIAB Admin Console
admin_console_install: False
admin_console_enabled: False
#
# Set to "False" if you do not want to use the latest js-menus, either because
# you use WordPress or another home page, or if you prefer the older
# https://github.com/iiab/iiab-menu (no longer maintained)
js_menu_install: True
# IIAB Networking README: https://github.com/iiab/iiab/tree/master/roles/network
# IIAB Networking Doc: https://github.com/iiab/iiab/wiki/IIAB-Networking
# Read it offline too: http://box/info > "IIAB Networking"
iiab_hostname: box
iiab_domain: lan
# Homepage: set to /home or /wordpress or /wiki (for MediaWiki)
iiab_home_url: /home
# You might also want to set captiveportal_splash_page (below!)
# WARNING: IF YOU CONNECT YOUR IIAB'S INTERNAL WIFI TO THE INTERNET OVER 5 GHz,
# YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM
# CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below.
#
# Raspberry Pi OS requires Wi-Fi country since March 2018. Please set it here:
host_country_code: US
host_ssid: unittest
host_wifi_mode: g
host_channel: 6
hostapd_secure: False # 2021-03-02 #2696 WiFi EAPOL fails if hotspot passwords,
hostapd_password: changeme # eg if firmware wifi_hotspot_capacity_rpi_fix: True
wifi_hotspot_capacity_rpi_fix: True # Restores the ability of RPi internal
# WiFi hotspots to service 30-to-32 client devices. Background explanation:
# https://github.com/iiab/iiab/issues/823#issuecomment-662285202 and PR #2472.
wifi_up_down: True # Creates a 2nd virtual WiFi adapter for upstream WiFi
# (e.g. to Internet) in addition to downstream WiFi (e.g. classroom hotspot).
# You can set iiab_gateway_enabled below, to enable "passthrough" to Internet.
# See "How do I set a static IP address?" for Ethernet, in http://FAQ.IIAB.IO
wan_ip: dhcp # wan_ip: 192.168.1.99
wan_netmask: # wan_netmask: 255.255.255.0
wan_gateway: # wan_gateway: 192.168.1.254
# If nec wan_nameserver can override ISP-provided DNS servers via dnsmasq:
# /etc/resolv.conf dictates which backend is used for the machine itself, so
# 127.0.0.1 means you get dnsmasq (so it works right away on RaspiOS) while
# 127.0.0.53 gives you systemd-networkd (so Ubuntu itself does NOT use this
# dnsmasq-specified upstream DNS [e.g. wan_nameserver] but its LAN clients do!)
wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1
wan_try_dhcp_before_static_ip: True # Facilitate field updates w/ cablemodems
# Enable "campus access" to ~10 common IIAB services like Kiwix (3000), KA Lite
# (8008) and Calibre (8010 or 8080) etc, on the WAN side of your IIAB server.
# Only 1 of the 6 lines below should be uncommented:
#
#ports_externally_visible: 0 # none
#ports_externally_visible: 1 # ssh only
#ports_externally_visible: 2 # ssh + http-or-https (for Admin Console's box.lan/admin too)
ports_externally_visible: 3 # ssh + http-or-https + common IIAB services
#ports_externally_visible: 4 # ssh + http-or-https + common IIAB services + Samba
#ports_externally_visible: 5 # all but databases
#
# Or further customize your iptables firewall by editing:
# /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables
# And then run: cd /opt/iiab/iiab; ./iiab-network
# Set True if client machines should have "passthrough" access to WAN/Internet:
iiab_gateway_enabled: False
# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network"
dns_jail_enabled: False
# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
bluetooth_install: False
bluetooth_enabled: False
bluetooth_term_enabled: False
# 1-PREP
# SSHD runs here & also below in 4-SERVER-OPTIONS
sshd_install: True # Required by OpenVPN
sshd_enabled: True
# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security
openvpn_install: True
openvpn_enabled: True
# Set /etc/iiab/openvpn_handle in advance here:
openvpn_handle: unittest
# IIAB-ADMIN runs here - see its vars near top of this file:
# e.g. iiab_admin_user_install, iiab_admin_user, iiab_admin_pwd_hash
# Some prefer 512MB for Zero W, others prefer 2048MB or higher for RPi 3 and 4.
# Please see recommendations at: https://itsfoss.com/swap-size/
pi_swap_file_size: 1024
# 2-COMMON
# /usr/libexec/iiab-startup.sh is much like autoexec.bat & /etc/rc.local
# It's put in place by 2-common/tasks/iiab-startup.yml at the end of Stage 2.
# 3-BASE-SERVER
# roles/mysql runs here (mandatory)
# For schools that use WordPress/Nextcloud/Moodle/PBX intensively:
nginx_high_php_limits: False
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!
# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True'
# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS...
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133
# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini
# Make this False to disable http://box/common/services/power_off.php button:
apache_allow_sudo: True
# 4-SERVER-OPTIONS
# SSHD runs here & also above in 1-PREP
# DNS prep (dnsmasq, named &/or dhcpd) run here. The full network stage runs
# after 9-LOCAL-ADDONS (or manually run "cd /opt/iiab/iiab; ./iiab-network")
# Common UNIX Printing System (CUPS)
cups_install: False
cups_enabled: False
# At Your Own Risk: take a security audit seriously before deploying this
samba_install: False
samba_enabled: False
# Show entire contents of USB sticks/drives (at http://box/usb)
iiab_usb_lib_show_all: True
# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so
# Kolibri can export & import channels to USB sticks/drive:
usb_lib_umask0000_for_kolibri: True
# 5-XO-SERVICES
# Lesser-supported XO services need additional testing. Please contact
# http://lists.laptop.org/pipermail/server-devel/ if you're able to help test.
# 6-GENERIC-APPS
azuracast_install: False
azuracast_enabled: False # This var is currently IGNORED.
# Gitea (lightweight self-hosted "GitHub") from https://gitea.io
gitea_install: False
gitea_enabled: False
# JupyterHub programming environment with student Notebooks
jupyterhub_install: False
jupyterhub_enabled: False
# Lokole (email for rural communities) from https://ascoderu.ca
lokole_install: False
lokole_enabled: False
mediawiki_install: False
mediawiki_enabled: False
# MQTT pub-sub broker for IoT on Raspberry Pi etc
mosquitto_install: False
mosquitto_enabled: False
# Flow-based visual programming for wiring together IoT hardware devices etc
nodered_install: False
nodered_enabled: False
# Store your docs, calendar, contacts & photos on your local server not cloud!
# If using Nextcloud intensively, set nginx_high_php_limits further above.
nextcloud_install: False
nextcloud_enabled: False
#
# 2020-02-15: UNUSED at this time. Legacy remains from Apache:
# nextcloud_allow_public_ips: True
#
# Configuration tips for IPv4 access controls and tuning RAM/resources:
# https://github.com/iiab/iiab/blob/master/roles/nextcloud/README.md
#
# 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle
# you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112).
# Uncomment the following line to end that: (might install an older Nextcloud!)
# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2
# If using WordPress intensively, set nginx_high_php_limits further above.
wordpress_install: False
wordpress_enabled: False
# 7-EDU-APPS
# KA Lite - SEE THE "Transmission" BITTORRENT DOWNLOADER FURTHER BELOW, TO INSTALL THOUSANDS OF VIDEOS
kalite_install: False
kalite_enabled: False
kolibri_install: False
kolibri_enabled: False
kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans
# kiwix_install: True is REQUIRED, if you install IIAB's Admin Console
kiwix_install: False
kiwix_enabled: False
# Warning: Moodle is a serious LMS, that takes a while to install.
moodle_install: False
moodle_enabled: False
# If using Moodle intensively, set nginx_high_php_limits further above.
# Regional OSM vector maps use far less disk space than bitmap/raster versions.
# Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps
osm_vector_maps_install: False
osm_vector_maps_enabled: False
# Set to "True" to download .mbtiles files from Archive.org (might be slow!)
maps_from_internet_archive: False
# Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879
# Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957
# 2020-09-22: Both vars WERE IGNORED on Deb 10 (MongoDB) but no longer? #1437
sugarizer_install: False
sugarizer_enabled: False
# 8-MGMT-TOOLS
# BitTorrent downloader for large Content Packs etc
transmission_install: False
transmission_enabled: False
# A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission
# using http://pantry.learningequality.org/downloads/ka-lite/0.17/content/
transmission_kalite_languages:
#- english
#- french
#- hindi
#- portugal-portuguese
#- brazilian-portuguese
#- spanish
#- swahili
# B. Monitor BitTorrent downloads at http://box:9091 using Admin/changeme
# until the download is confirmed complete (can take hours if not days!)
# C. Carefully move all videos/thumbnails into /library/ka-lite/content
# (DO NOT OVERWRITE SUBFOLDERS assessment, locale, srt !)
# D. Log in to KA Lite at http://box:8008/updates/videos/ using Admin/changeme
# then click "Scan content folder for videos" (can take many minutes!)
# E. READ "KA Lite Administration: What tips & tricks exist?" AT http://FAQ.IIAB.IO
awstats_install: False
awstats_enabled: False
# 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849
monit_install: False
monit_enabled: False
munin_install: False
munin_enabled: False
# UNMAINTAINED as of July 2021
# Handy for maintaining tables, but DANGEROUS if not locked down
phpmyadmin_install: False
phpmyadmin_enabled: False
vnstat_install: False
vnstat_enabled: False
# 9-LOCAL-ADDONS
# Python-based Captive Portal, that @m-anish & @jvonau experimented with in
# July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
# extensively later refined (PRs #1179, #1300, #1327, #2070).
captiveportal_install: False
captiveportal_enabled: False
captiveportal_splash_page: /
# You might also want to set iiab_home_url (above!)
# In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
# Internet Archive Decentralized Web - create your own offline version box:4244
# (or http://box/archive) arising from digital library https://dweb.archive.org
internetarchive_install: False
internetarchive_enabled: False
# Minetest is an open source clone of the Minecraft building blocks game
minetest_install: False
minetest_enabled: False
# Calibre-Web E-Book Library -- Alternative to Calibre, offers a clean/modern UX
calibreweb_install: False
calibreweb_enabled: False
calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019)
# http://box/books works. Add {box/libros, box/livres, box/livros, box/liv} etc?
calibreweb_url1: /books # For SHORT URL http://box/books (English)
calibreweb_url2: /libros # For SHORT URL http://box/libros (Spanish)
calibreweb_url3: /livres # For SHORT URL http://box/livres (French)
calibreweb_home: /library/calibre-web # default_vars.yml uses: "{{ content_base }}/calibre-web"
# SUGGESTION: Calibre-Web can use Calibre's /usr/bin/ebook-convert program, so
# ALSO CONSIDER installing Calibre (below, if its graphical bloat is tolerable!)
# Calibre E-Book Library -- https://calibre-ebook.com
# WARNING: CALIBRE INSTALLS GRAPHICAL LIBRARIES SIMILAR TO X WINDOWS & OPENGL
# ON (HEADLESS, SERVER, LITE) OS'S THAT DON'T ALREADY HAVE THESE INSTALLED.
calibre_install: False
calibre_enabled: False
# Change calibre_port to 8010 if you're using XO laptops needing above idmgr ?
calibre_port: 8080
# Change calibre to XYZ to add your own mnemonic URL like: http://box/XYZ
calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529
# Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below!
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
# REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work.
# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#pbx-readme
# If using PBX intensively, investigate nginx_high_php_limits further above.
pbx_install: False
pbx_enabled: False
pbx_try_nginx: False # 2021-08-07: PLEASE TRY NGINX INSTEAD OF APACHE,
# AFTER READING https://github.com/iiab/iiab/issues/2914 AND #2916, THX !
asterisk_chan_dongle: False