external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Merge branch 'iiab:master' into maps7.3

Browse source
This commit is contained in:
georgejhunt 2022-03-26 19:02:14 -07:00 committed by GitHub
commit 87bd0195de
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
35 changed files with 266 additions and 206 deletions
Download patch file Download diff file Expand all files Collapse all files

15
roles/1-prep/README.adoc
View file

@ -14,17 +14,16 @@ username and group, to log into Admin Console
* Ubermix (distro) needs /etc/tmpfiles.d/iiab.conf to create essential
/var/log subdirs on each boot
* *_Hardware actions:_*
** link:tasks/install-expand-rootfs.yml[*_install-expand-rootfs.yml_*]:
*** Install https://en.wikipedia.org/wiki/APT_(software)[apt] packages parted (reveals last partition) and cloud-guest-utils (for growpart)
*** Install link:templates/iiab-expand-rootfs[/usr/sbin/iiab-expand-rootfs] that acts on flag flag `/.expand-rootfs`
*** Enable iiab-expand-rootfs.service so this can happen during any future boot-up
** link:tasks/raspberry_pi.yml[*_raspberry_pi.yml_*]:
*** RTC (real-time clock): install udev rule, configure, enable
*** *_Install packages related to:_*
**** growpart
**** swapfile
**** fake-hwclock (as RTC is often missing or dead!)
**** Wi-Fi
*** Increase swap file size
*** https://github.com/iiab/iiab/blob/master/roles/1-prep/templates/iiab-rpi-max-rootfs.sh[rootfs
auto-resizing]
*** Install apt packages fake-hwclock (as above RTC is often missing or dead!) and dphys-swapfile (for swap file below)
*** Increase swap file size (to `pi_swap_file_size`)
** NUC 6 Wi-Fi firmware
** Check for WiFi devices (if so, set `has_wifi_device`)
Recap: Similar to 0-init, 2-common, 3-base-server, 4 server-options and
5-xo-services — this 1st stage installs core server infra (that is not

27
roles/1-prep/tasks/hardware.yml
View file

@ -1,17 +1,36 @@
## DISCOVER PLATFORMS ######
# Put conditional actions for hardware platforms here
- include_tasks: install-expand-rootfs.yml
# Conditional hardware actions below:
- include_tasks: raspberry_pi.yml
when: first_run and rpi_model != "none"
- name: Check if the identifier for Intel's NUC6 built-in WiFi is present
shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'"
register: usb_NUC6
ignore_errors: True
- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 # iiab_download_url is http://download.iiab.io/packages
- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6
get_url:
url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode"
url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode" # http://download.iiab.io/packages
dest: /lib/firmware
timeout: "{{ download_timeout }}"
when: usb_NUC6.stdout|int > 0
- name: "Look for any WiFi devices present: ls -la /sys/class/net/*/phy80211 | cut -d/ -f5"
shell: ls -la /sys/class/net/*/phy80211 | cut -d/ -f5
register: wifi_devices
ignore_errors: True
changed_when: False
- name: "Set has_wifi_device: True, if output (from above) shows device(s) here: {{ wifi_devices.stdout_lines }}"
set_fact:
has_wifi_device: True
when: wifi_devices is defined and wifi_devices.stdout_lines | length > 0
# when: wifi_devices is defined and wifi_devices.stdout | trim != ""
- debug:
var: has_wifi_device

20
roles/1-prep/tasks/install-expand-rootfs.yml Normal file
View file

@ -0,0 +1,20 @@
- name: Install packages 'parted' and 'cloud-guest-utils' (for /usr/bin/growpart, though raspi-config uses fdisk)
package:
name:
- parted # 2022-03-15: RasPiOS and Ubuntu install this regardless -- so rarely nec, but just in case.
- cloud-guest-utils # 2022-03-15: For growpart command -- though RasPiOS currently doesn't need this, as raspi-config's do_expand_rootfs() instead uses fdisk. Ubuntu pre-installs cloud-guest-utils, for use with cloud-init.
state: present
- name: "Install from templates: /usr/sbin/iiab-expand-rootfs, /etc/systemd/system/iiab-expand-rootfs.service"
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
with_items:
- { src: 'iiab-expand-rootfs', dest: '/usr/sbin/', mode: '0755' }
- { src: 'iiab-expand-rootfs.service', dest: '/etc/systemd/system/', mode: '0644' }
- name: Enable iiab-expand-rootfs.service
systemd:
name: iiab-expand-rootfs
enabled: yes

4
roles/1-prep/tasks/main.yml
View file

@ -29,7 +29,9 @@
- include_tasks: uuid.yml
- include_tasks: ubermix.yml
- include_tasks: hardware.yml # Can run raspberry_pi.yml
- name: install-expand-rootfs.yml, raspberry_pi.yml, NUC6 WiFi firmware, check for WiFi devices
include_tasks: hardware.yml
# Debian 10 "Buster" is apparently enabling AppArmor in 2019:

55
roles/1-prep/tasks/raspberry_pi.yml
View file

@ -4,9 +4,6 @@
template:
src: 92-rtc-i2c.rules
dest: /etc/udev/rules.d/92-rtc-i2c.rules
#owner: root
#group: root
#mode: 0644
when: rtc_id is defined and rtc_id != "none"
# RTC requires a change to the device tree (and reboot)
@ -24,39 +21,14 @@
state: present
when: rtc_id is defined and rtc_id != "none" and is_ubuntu # CLARIF: Ubuntu runs increasingly well on RPi hardware, starting in 2020 especially
#- name: Enable bluetooth in /boot/firmware/syscfg.txt on Ubuntu (needs reboot)
# lineinfile:
# path: /boot/firmware/syscfg.txt
# regexp: '^include*'
# line: 'include btcfg.txt'
# when: is_ubuntu
- name: '2021-07-27: SEE ALSO ~4 networking packages LATER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/packages.yml'
meta: noop
- name: '2021-07-27: SEE ALSO 4-5 networking packages LATER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/network.yml'
meta: noop
# 2021-07-27 explanation from @jvonau: The 3 BELOW (iw, rfkill, wireless-tools)
# are provided by RaspiOS. Ubuntu|Debian on the other hand are hit or miss:
# desktops might have some/all 3 preinstalled, while servers tend not to have
# these present at all, but are needed to be installed if you want to take full
# advantage of WiFi on Ubuntu and friends -- but it's only enforced on RPi
# hardware where we know in advance of the likelihood of WiFi being present.
- name: 'Install packages: cloud-guest-utils, dphys-swapfile, fake-hwclock, iw, rfkill, wireless-tools'
- name: 'Install packages: fake-hwclock, dphys-swapfile'
package:
name:
- cloud-guest-utils # Contains 'growpart' for resizing a partition during boot, which is normally done with the aid of cloud-init
- dphys-swapfile # 2021-07-27: RaspiOS installs this regardless -- autogenerate and use a swap file
- fake-hwclock # 2021-07-27: RaspiOS installs this regardless -- save/restore system clock on machines without working RTC hardware
- iw # 2021-07-27: RaspiOS installs this regardless -- configure Linux wireless devices -- hard dependence for ap0 creation, SEE https://github.com/iiab/iiab/blob/master/roles/network/templates/hostapd/iiab-clone-wifi.service.j2
- rfkill # 2021-07-27: RaspiOS installs this regardless -- enable & disable wireless devices
- wireless-tools # 2021-07-27: RaspiOS installs this regardless -- manipulate Linux Wireless Extensions
- fake-hwclock # 2021-03-15: Missing on Ubuntu etc. RasPiOS installs this regardless -- to save/restore system clock on machines w/o working RTC (above).
- dphys-swapfile # 2021-03-15: Missing on Ubuntu etc. RasPiOS installs this regardless -- to autogenerate and use a swap file (below).
state: present
- name: Increase swap file size (to CONF_SWAPSIZE={{ pi_swap_file_size }} in /etc/dphys-swapfile) as kalite pip download fails
lineinfile:
path: /etc/dphys-swapfile
@ -70,18 +42,9 @@
state: restarted
- name: Install RPi rootfs resizing (/usr/sbin/iiab-rpi-max-rootfs.sh) and its systemd service (/etc/systemd/system/iiab-rpi-root-resize.service), from templates (root:root by default)
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
#owner: root
#group: root
mode: "{{ item.mode }}"
with_items:
- { src: 'iiab-rpi-max-rootfs.sh', dest: '/usr/sbin/', mode: '0755' }
- { src: 'iiab-rpi-root-resize.service', dest: '/etc/systemd/system/', mode: '0644' }
- name: Enable RPi rootfs resizing (systemd service iiab-rpi-root-resize.service)
systemd:
name: iiab-rpi-root-resize
enabled: yes
#- name: Enable bluetooth in /boot/firmware/syscfg.txt on Ubuntu (needs reboot)
# lineinfile:
# path: /boot/firmware/syscfg.txt
# regexp: '^include*'
# line: 'include btcfg.txt'
# when: is_ubuntu

59
roles/1-prep/templates/iiab-expand-rootfs Normal file
View file

@ -0,0 +1,59 @@
#!/bin/bash -x
# Expand rootfs partition to its maximum size, if /.expand-rootfs exists.
# Used by /etc/systemd/system/iiab-expand-rootfs.service on IIAB boot.
# Should work with all Linux OS's boot disks -- regardless whether Raspberry Pi
# microSD cards, external USB drives, internal spinning disks or SSD's, etc.
# Verifies that rootfs is the last partition.
if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then
echo "$0: Expanding rootfs partition"
if [ -x /usr/bin/raspi-config ]; then # Raspberry Pi OS
# 2022-02-17: Uses do_expand_rootfs() from:
# https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config
raspi-config --expand-rootfs
else # Other Linux OS's
# 2022-03-15: Borrows from above raspi-config URL's do_expand_rootfs()
ROOT_PART="$(findmnt / -o SOURCE -n)" # e.g. /dev/sda2 or /dev/mmcblk0p2
ROOT_DEV="/dev/$(lsblk -no pkname "$ROOT_PART")" # e.g. /dev/sda or /dev/mmcblk0
ROOT_PART_NUM="$(echo "$ROOT_PART" | grep -o "[[:digit:]]*$")" # e.g. 2
# SLOW (~10 seconds) but it works!
LAST_PART_NUM=$(parted "$ROOT_DEV" -ms unit s p | tail -n 1 | cut -f 1 -d:)
if [ $ROOT_PART_NUM -ne $LAST_PART_NUM ]; then
echo "ERROR: $ROOT_PART partition ($ROOT_PART_NUM) is not the last partition ($LAST_PART_NUM). Don't know how to expand."
exit 1
fi
# Expand partition
growpart $ROOT_DEV $ROOT_PART_NUM # raspi-config instead uses fdisk
resize2fs $ROOT_PART
# 2022-03-15: Legacy code below worked with Raspberry Pi microSD cards
# but *not* with USB boot drives, internal spinning disks/SSD's, etc.
# # ASSUMES SD CARD STYLE PARTITION NAME LIKE <device>p<partition number>
# # e.g. /dev/mmcblk0p2 mounts at / (typical RasPiOS microSD)
# # BUT /dev/sda2 mounts at /media/usb1 (RasPiOS USB boot disk...
# # ...WON'T WORK BELOW; recap @ PR #3121)
# # Calculate root partition
# root_part=`lsblk -aP -o NAME,MOUNTPOINT | grep 'MOUNTPOINT="/"' | awk -F\" '{ print $2 }'` # e.g. mmcblk0p2
# root_dev=${root_part:0:-2} # e.g. mmcblk0
# # bash substring expansion: "negative offset [below, but not above]
# # must be separated from the colon by at least one space to avoid
# # being confused with the :- expansion"
# # https://www.gnu.org/software/bash/manual/html_node/Shell-Parameter-Expansion.html
# root_part_no=${root_part: -1} # e.g. 2
# # Resize partition
# growpart /dev/$root_dev $root_part_no
# resize2fs /dev/$root_part
fi
rm -f /.expand-rootfs /.resize-rootfs
fi

14
roles/1-prep/templates/iiab-expand-rootfs.service Normal file
View file

@ -0,0 +1,14 @@
[Unit]
Description=Root Filesystem Auto-Expander
[Service]
Environment=TERM=linux
Type=oneshot
ExecStart=/usr/sbin/iiab-expand-rootfs
# "Standard output type syslog is obsolete"
# StandardError=syslog
# WHEREAS StandardError=journal is the default, per https://www.freedesktop.org/software/systemd/man/systemd.exec.html#StandardOutput=
RemainAfterExit=no
[Install]
WantedBy=multi-user.target

20
roles/1-prep/templates/iiab-rpi-max-rootfs.sh
View file

@ -1,20 +0,0 @@
#!/bin/bash -x
# Resize rootfs and its partition on the rpi SD card to maximum size
# To be used by systemd service on boot
# Only resizes if /.resize-rootfs exists
# Assumes root is last partition
# Only works on F22 + where resizepart command exists
# Assumes sd card style partition name like <device>p<partition number>
if [ -f /.resize-rootfs ];then
echo "$0: maximizing rootfs partion"
# Calculate root partition
root_part=`lsblk -aP -o NAME,MOUNTPOINT|grep 'MOUNTPOINT="/"' |awk -F\" '{ print $2 }'`
root_dev=${root_part:0:-2}
root_part_no=${root_part: (-1)}
# Resize partition
growpart /dev/$root_dev $root_part_no
resize2fs /dev/$root_part
rm /.resize-rootfs
fi

12
roles/1-prep/templates/iiab-rpi-root-resize.service
View file

@ -1,12 +0,0 @@
[Unit]
Description=Root Filesystem Auto-Resizer
[Service]
Environment=TERM=linux
Type=oneshot
ExecStart=/usr/sbin/iiab-rpi-max-rootfs.sh
StandardError=syslog
RemainAfterExit=no
[Install]
WantedBy=multi-user.target

6
roles/2-common/README.adoc
View file

@ -9,10 +9,8 @@ https://internet-in-a-box.org/[Internet-in-a-Box (IIAB)] server.
These are (partially) put in place:
* IIAB directory structure (link:tasks/fl.yml[file layout])
* Common https://en.wikipedia.org/wiki/APT_(software)[apt] software
packages
* Networking (including the
https://en.wikipedia.org/wiki/Iptables[iptables] firewall)
* Common https://en.wikipedia.org/wiki/APT_(software)[apt] software packages
* Networking apt packages (including many WiFi tools, and also iptables-persistent for the https://en.wikipedia.org/wiki/Iptables[iptables] firewall)
* link:tasks/iiab-startup.yml[/usr/libexec/iiab-startup.sh] similar to
AUTOEXEC.BAT and /etc/rc.local, in order to run jobs on boot

2
roles/2-common/tasks/main.yml
View file

@ -8,7 +8,7 @@
- include_tasks: packages.yml
- name: "Network prep, including partial setup of iptables (firewall) -- SEE ALSO: 1-prep/tasks/raspberry_pi.yml"
- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall)
include_tasks: network.yml
- include_tasks: iiab-startup.yml

38
roles/2-common/tasks/network.yml
View file

@ -1,22 +1,37 @@
- name: '2021-07-27: SEE ALSO ~3 networking packages EARLIER installed by https://github.com/iiab/iiab/blob/master/roles/1-prep/tasks/raspberry_pi.yml'
meta: noop
- name: '2021-07-27: SEE ALSO ~4 networking packages EARLIER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/packages.yml'
meta: noop
# 2022-03-16: 'apt show <pkg> | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop.
- name: Install package networkd-dispatcher (OS's other than RaspiOS)
package:
name: networkd-dispatcher # Dispatcher service for systemd-networkd connection status changes
name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes
state: present
when: not is_raspbian
- name: 'Install network packages: hostapd, iproute2, iptables-persistent, netmask -- later used by https://github.com/iiab/iiab/tree/master/roles/network'
# 2021-07-27 from @jvonau: 3 apt packages BELOW (iw, rfkill, wireless-tools)
# are provided by RasPiOS. Ubuntu|Debian on the other hand are hit or miss:
# desktops might have some/all 3 preinstalled, while servers tend not to have
# these present at all, but need to be installed if you want to take full
# advantage of WiFi on Ubuntu and friends.
#
# 2022-03-16 update: Let's make these 3 mandatory as they're only 300kB (grand
# total download size) and they can help IIAB field operators with BOTH
# (1) internal WiFi AND (2) USB WiFi devices inserted anytime/later.
- name: 'Install 11 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, rfkill, wpasupplicant, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network'
package:
name:
- hostapd # IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator -- has its service masked out of the box, and only used when IIAB's network roles detects the presence of WiFi and an AP is desired
- iproute2 # 2021-07-27: RaspiOS installs this regardless -- the new networking and traffic control tools, meant to replace net-tools
- iptables-persistent # Boot-time loader for netfilter rules, iptables (firewall) plugin -- however Netfilter / nftables is ever moving forward so keep an eye on it!
- netmask # Handy utility -- helps determine network masks
- avahi-daemon # 97kB download: RaspiOS (and package libnss-mnds, below) install this regardless -- holdover from the XO days and used to advertise ssh/admin-console being available via avahi-daemon -- used with https://github.com/iiab/iiab/blob/master/roles/network/tasks/avahi.yml
#- avahi-discover # 46kB download: 2021-07-27: Commented out long ago
- hostapd # 764kB download: IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator -- has its service masked out of the box, and only used when IIAB's network roles detects the presence of WiFi and an AP is desired
#- inetutils-syslogd # 240kB download: 2021-07-27: Error logging facility -- holdover from the XO days, journalctl has replaced this in newer distros
- iproute2 # 902kB download: RaspiOS installs this regardless -- the new networking and traffic control tools, meant to replace net-tools
- iptables-persistent # 12kB download: Boot-time loader for netfilter rules, iptables (firewall) plugin -- however Netfilter / nftables is ever moving forward so keep an eye on it!
- iw # 97kB download: RasPiOS installs this regardless -- configure Linux wireless devices -- hard dependence for ap0 creation, SEE https://github.com/iiab/iiab/blob/master/roles/network/templates/hostapd/iiab-clone-wifi.service.j2
- libnss-mdns # 27kB download: RaspiOS (and package avahi-daemon, above) install this regardless -- client-side library -- provides name resolution via mDNS (Multicast DNS) using Zeroconf/Bonjour e.g. Avahi
- netmask # 25kB download: Handy utility -- helps determine network masks
- net-tools # 248kB download: RaspiOS installs this regardless -- @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output?
- rfkill # 87kB download: RasPiOS installs this regardless -- enable & disable wireless devices
- wireless-tools # 112kB download: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions
- wpasupplicant # 1188kB download: RasPiOS installs this regardless -- client library for connections to a WiFi AP
state: present
# 2021-08-17: Debian ignores this, according to 2013 post:
@ -27,6 +42,7 @@
# dest: /etc/network/if-pre-up.d/iptables
# mode: '0755'
# Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes:
- name: "Use 'sysctl' to set 'kernel.core_uses_pid: 1' + 4 network settings in /etc/sysctl.conf -- e.g. disabling IPv6 (this might be overkill, as IPv6 should really only be disabled on the LAN side, i.e. br0)"
sysctl: # Places these settings in /etc/sysctl.conf, to survive reboot

71
roles/2-common/tasks/packages.yml
View file

@ -1,47 +1,36 @@
- name: '2021-07-27: SEE ALSO ~3 networking packages EARLIER installed by https://github.com/iiab/iiab/blob/master/roles/1-prep/tasks/raspberry_pi.yml'
meta: noop
# 2022-03-16: 'apt show <pkg> | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop.
- name: '2021-07-27: SEE ALSO 4-5 networking packages LATER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/network.yml'
meta: noop
- name: "Install 20 common packages: acpid, avahi-daemon, bzip2, curl, gawk, htop, i2c-tools, libnss-mdns, logrotate, mlocate, net-tools, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget, wpasupplicant"
- name: "Install 16 common packages: acpid, bzip2, curl, gawk, htop, i2c-tools, logrotate, mlocate, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget"
package:
name:
- acpid # Daemon for ACPI (power mgmt) events
- avahi-daemon # 2021-07-27: RaspiOS (and package libnss-mnds, below) install this regardless -- holdover from the XO days and used to advertise ssh/admin-console being available via avahi-daemon -- used with https://github.com/iiab/iiab/blob/master/roles/network/tasks/avahi.yml
#- avahi-discover # 2021-07-27: Commented out long ago
- bzip2 # 2021-04-26: Prob not used, but can't hurt?
- curl # Used to install roles/nodejs and roles/nodered
#- etckeeper # "nobody is really using etckeeper and it's bloating the filesystem every time apt runs" per @jvonau at https://github.com/iiab/iiab/issues/1146
#- exfat-fuse # 2021-07-27: Should no longer be nec with 5.4+ kernels, so let's try commenting it out
#- exfat-utils # Ditto! See also 'ntfs-3g' below
- gawk
- htop
- i2c-tools # Low-level bus/chip/register/EEPROM tools e.g. for RTC
#- inetutils-syslogd # 2021-07-27: Error logging facility -- holdover from the XO days, journalctl has replaced this in newer distros
#- iproute2 # Installed by roles/2-common/tasks/network.yml
- logrotate
- libnss-mdns # 2021-07-27: RaspiOS (and package avahi-daemon, above) install this regardless -- client-side library -- provides name resolution via mDNS (Multicast DNS) using Zeroconf/Bonjour e.g. Avahi
#- lynx # Installed by 1-prep's roles/iiab-admin/tasks/access.yml
#- make # 2021-07-27: Currently used by roles/pbx and no other roles
- mlocate
- net-tools # 2021-04-26: @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output?
#- ntfs-3g # 2021-07-31: RaspiOS installs this regardless -- but this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g -- and upcoming kernel 5.15 improvements: https://www.phoronix.com/scan.php?page=news_item&px=New-NTFS-Likely-For-Linux-5.15
#- openssh-server # ssh (Raspbian) or openssh-server (other OS's) already installed by 1-prep's roles/sshd/tasks/main.yml
- pandoc # For /usr/bin/iiab-refresh-wiki-docs
- pastebinit # For /usr/bin/iiab-diagnostics
#- python3-pip # 2021-07-29: Already installed by /opt/iiab/iiab/scripts/ansible -- this auto-installs 'python3-setuptools' and 'python3' etc
#- python3-venv # 2021-07-30: For Ansible module 'pip' used in roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves. FYI: Debian 11 auto-installs 'python3-venv' when you install 'python3' -- whereas Ubuntu (e.g. 20.04 & 21.10) and RaspiOS 10 do not.
- rsync
#- screen # Installed by 1-prep's roles/iiab-admin/tasks/access.yml
- sqlite3
#- sudo # (1) Should be installed prior to installing IIAB, (2) Can also be installed by roles/1-prep's roles/openvpn/tasks/install.yml, (3) Is definitely installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml
- tar
- unzip
#- usbmount # Moved to roles/usb_lib/tasks/install.yml
- usbutils # 2021-07-27: RaspiOS installs this regardless -- move to roles/usb_lib/tasks/install.yml ?
- wget
- wpasupplicant # 2021-07-27: RaspiOS installs this regardless -- client library for connections to a WiFi AP
- acpid # 55kB download: Daemon for ACPI (power mgmt) events
- bzip2 # 47kB download: RasPiOS installs this regardless -- 2021-04-26: Prob not used, but can't hurt?
- curl # 254kB download: RasPiOS installs this regardless -- Used to install roles/nodejs and roles/nodered
#- etckeeper # 54kB download: "nobody is really using etckeeper and it's bloating the filesystem every time apt runs" per @jvonau at https://github.com/iiab/iiab/issues/1146
#- exfat-fuse # 28kB download: 2021-07-27: Should no longer be nec with 5.4+ kernels, so let's try commenting it out
#- exfat-utils # 41kB download: Ditto! See also 'ntfs-3g' below
- gawk # 533kB download
- htop # 109kB download: RasPiOS installs this regardless
- i2c-tools # 78kB download: RasPiOS installs this regardless -- Low-level bus/chip/register/EEPROM tools e.g. for RTC
- logrotate # 67kB download: RasPiOS installs this regardless
#- lynx # 505kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml
#- make # 376kB download: 2021-07-27: Currently used by roles/pbx and no other roles
- mlocate # 92kB download
#- ntfs-3g # 379kB download: RaspiOS installs this regardless -- 2021-07-31: But this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g -- and upcoming kernel 5.15 improvements: https://www.phoronix.com/scan.php?page=news_item&px=New-NTFS-Likely-For-Linux-5.15
#- openssh-server # 318kB download: RasPiOS installs this regardless -- this is also installed by 1-prep's roles/sshd/tasks/main.yml to cover all OS's
- pandoc # 19kB download: For /usr/bin/iiab-refresh-wiki-docs
- pastebinit # 47kB download: For /usr/bin/iiab-diagnostics
#- python3-pip # 337kB download: RasPiOS installs this regardless -- 2021-07-29: And already installed by /opt/iiab/iiab/scripts/ansible -- this auto-installs 'python3-setuptools' and 'python3' etc
#- python3-venv # 1188kB download: RasPiOS installs this regardless -- 2021-07-30: For Ansible module 'pip' used in roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves. FYI: Debian 11 auto-installs 'python3-venv' when you install 'python3' -- whereas Ubuntu (e.g. 20.04 & 21.10) and RaspiOS 10 did not.
- rsync # 351kB download: RasPiOS installs this regardless
#- screen # 551kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml
- sqlite3 # 1054kB download
#- sudo # 991kB download: RasPiOS installs this regardless -- (2) Can also be installed by roles/1-prep's roles/openvpn/tasks/install.yml, (3) Is definitely installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml
- tar # 799kB download: RasPiOS installs this regardless
- unzip # 151kB download: RasPiOS installs this regardless
#- usbmount # 18kB download: Moved to roles/usb_lib/tasks/install.yml
- usbutils # 67kB download: RasPiOS installs this regardless -- 2021-07-27: move to roles/usb_lib/tasks/install.yml ?
- wget # 922kB download: RasPiOS installs this regardless
state: present
#- name: "Install 10 yum/dnf packages: avahi, avahi-tools, createrepo, linux-firmware, nss-mdns, openssl, syslog, wpa_supplicant, xml-common, yum-utils (redhat)"

23
roles/calibre-web/README.rst
View file

@ -74,7 +74,7 @@ See also::
/library/calibre-web/metadata_db_prefs_backup.json
See the official docs on Calibre-Web's `Runtime Configuration Options <https://github.com/janeczku/calibre-web/wiki/Configuration>`_.
Finally, take note of Calibre-Web's `FAQ <https://github.com/janeczku/calibre-web/wiki/FAQ>`_ and official docs on its `Runtime Configuration Options <https://github.com/janeczku/calibre-web/wiki/Configuration>`_ and `Command Line Interface <https://github.com/janeczku/calibre-web/wiki/Command-Line-Interface>`_.
Back Up Everything
------------------
@ -90,24 +90,25 @@ Internet-in-a-Box (IIAB) is online.
But first: back up your content **and** settings, as explained above.
**Then move your /library/calibre-web/metadata.db out of the way, if you're
sure you want to (re)install bare/minimal metadata, and force all Calibre-Web
settings to the default. Then run**::
**Also move your /library/calibre-web/config/app.db AND/OR
/library/calibre-web/metadata.db out of the way — if you're sure you want to
fully reset your Calibre-Web settings (to install defaults) AND/OR remove all
e-book metadata! Then run**::
cd /opt/iiab/iiab
./runrole calibre-web
Or, to reinstall all of IIAB::
cd /opt/iiab/iiab
./iiab-install --reinstall
./runrole --reinstall calibre-web
Or, if you just want to upgrade Calibre-Web code alone, prior to proceeding
manually::
cd /opt/iiab/calibre-web
cd /usr/local/calibre-web-py3
git pull
This older way *is no longer recommended*::
cd /opt/iiab/iiab
./iiab-install --reinstall # OR: ./iiab-configure
Known Issues
------------

15
roles/calibre-web/defaults/main.yml
View file

@ -19,18 +19,19 @@ calibreweb_version: master # WAS: master, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8,
calibreweb_venv_path: /usr/local/calibre-web-py3
calibreweb_exec_path: "{{ calibreweb_venv_path }}/cps.py"
# Config files put in:
# Config files (in reality just app.db) put in:
calibreweb_config: "{{ calibreweb_home }}/config"
# Calibre-Web will be provisioned with default administrative account,
# metadata.db and language if /library/calibre-web/metadata.db does not exist.
# NOT CURRENTLY IN USE: calibreweb_provision: True
calibreweb_settings_database: app.db
calibreweb_database: metadata.db
# 2022-03-07: Calibre-Web will be reset to default settings if (re)installed
# when /library/calibre-web/config/app.db doesn't exist:
calibreweb_settings_database: app.db # /library/calibre-web/config/app.db
# UNUSED var as of 2022-03-07:
# calibreweb_database: metadata.db # /library/calibre-web/metadata.db
# Files owned by:
calibreweb_user: root
# UNUSED variables, as of March 2019:
# UNUSED vars, as of March 2019:
# calibreweb_admin_user: Admin
# calibreweb_admin_password: changeme

18
roles/calibre-web/tasks/install.yml
View file

@ -19,7 +19,6 @@
path: "{{ item }}"
owner: "{{ calibreweb_user }}" # root
group: "{{ apache_user }}" # www-data on debuntu
#mode: '0755'
with_items:
- "{{ calibreweb_home }}" # /library/calibre-web
- "{{ calibreweb_config }}" # /library/calibre-web/config
@ -29,10 +28,10 @@
- name: Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from https://github.com/janeczku/calibre-web.git to {{ calibreweb_venv_path }} (~94 MB initially, ~115+ MB later)
git:
repo: https://github.com/janeczku/calibre-web.git
dest: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web
dest: "{{ calibreweb_venv_path }}"
force: yes
depth: 1
version: "{{ calibreweb_version }}" # e.g. master, 0.6.5
version: "{{ calibreweb_version }}" # e.g. master, 0.6.17
## Ansible Pip Bug: Cannot use 'chdir' with 'env' https://github.com/ansible/ansible/issues/37912 (Patch landed)
#- name: Download calibre-web dependencies into vendor subdirectory.
@ -66,24 +65,25 @@
dest: "{{ calibreweb_home }}" # /library/calibre-web
owner: "{{ calibreweb_user }}" # root
group: "{{ apache_user }}" # www-data on debuntu
#mode: '0644'
backup: yes
with_items:
- roles/calibre-web/files/metadata.db
- roles/calibre-web/files/metadata_db_prefs_backup.json
when: not metadatadb.stat.exists
#when: calibreweb_provision
- name: Provision/Copy default admin settings to {{ calibreweb_config }}/app.db IF metadata.db did not exist
- name: Does /library/calibre-web/config/app.db exist?
stat:
path: /library/calibre-web/config/app.db
register: appdb
- name: Provision/Copy default admin settings to {{ calibreweb_config }}/app.db IF it did not exist
copy:
src: roles/calibre-web/files/app.db
dest: "{{ calibreweb_config }}" # /library/calibre-web/config
owner: "{{ calibreweb_user }}" # root
group: "{{ apache_user }}" # www-data on debuntu
#mode: '0644'
backup: yes
when: not metadatadb.stat.exists
#when: calibreweb_provision
when: not appdb.stat.exists
# RECORD Calibre-Web AS INSTALLED

4
roles/calibre-web/tasks/main.yml
View file

@ -70,5 +70,5 @@
value: "{{ calibreweb_home }}"
- option: calibreweb_port
value: "{{ calibreweb_port }}"
- option: calibreweb_database
value: "{{ calibreweb_database }}"
- option: calibreweb_settings_database
value: "{{ calibreweb_settings_database }}"

6
roles/iiab-admin/tasks/access.yml
View file

@ -1,6 +0,0 @@
- name: "Install text mode packages, useful during remote access: screen, lynx"
package:
name:
- lynx
- screen
state: present

6
roles/iiab-admin/tasks/access.yml.unused Normal file
View file

@ -0,0 +1,6 @@
- name: "Install text-mode packages, useful during remote access: lynx, screen"
package:
name:
- lynx
- screen
state: present

8
roles/iiab-admin/tasks/main.yml
View file

@ -2,8 +2,12 @@
# https://github.com/iiab/iiab/blob/master/roles/iiab-admin/README.rst
- name: Install lynx, screen
include_tasks: access.yml
- name: "Install text-mode packages, useful during remote access: lynx, screen"
package:
name:
- lynx
- screen
state: present
- name: Install sudo & /etc/sudoers with logging to /var/log/sudo.log
include_tasks: sudo-prereqs.yml

4
roles/internetarchive/tasks/install.yml
View file

@ -42,8 +42,8 @@
state: absent
path: "{{ internetarchive_dir }}/node_modules"
- name: Run 'yarn add @internetarchive/dweb-mirror' to download/populate {{ internetarchive_dir }}/node_modules (CAN TAKE ~5 MINUTES)
shell: yarn config set child-concurrency 1 && yarn add @internetarchive/dweb-mirror
- name: Run 'yarn add https://github.com/internetarchive/dweb-mirror' to download/populate {{ internetarchive_dir }}/node_modules (CAN TAKE ~5 MINUTES)
shell: yarn config set child-concurrency 1 && yarn add https://github.com/internetarchive/dweb-mirror
args:
chdir: "{{ internetarchive_dir }}"
creates: "{{ internetarchive_dir }}/node_modules/@internetarchive/dweb-mirror/internetarchive"

6
roles/kiwix/defaults/main.yml
View file

@ -26,9 +26,9 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml"
# http://download.kiwix.org/release/kiwix-tools/ ...or sometimes...
# http://download.kiwix.org/nightly/
kiwix_version_armhf: kiwix-tools_linux-armhf-3.2.0-1
kiwix_version_linux64: kiwix-tools_linux-x86_64-3.2.0-1
kiwix_version_i686: kiwix-tools_linux-i586-3.2.0-1
kiwix_version_armhf: kiwix-tools_linux-armhf-3.2.0-2
kiwix_version_linux64: kiwix-tools_linux-x86_64-3.2.0-2
kiwix_version_i686: kiwix-tools_linux-i586-3.2.0-2
# kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2"
# v0.9 for i686 published May 2014 ("use it to test legacy ZIM content")

2
roles/lokole/README.rst
View file

@ -95,4 +95,4 @@ For further usage information and troubleshooting, refer to the `Lokole user man
Known Issues
------------
For an up-to-date list of open issues, please see the `Lokole project's issue tracker <https://github.com/ascoderu/lokole/issues>`_. See also `IIAB's issue tracker <https://github.com/iiab/iiab/issues>`_.
For an up-to-date list of open issues, please see the `Lokole project's issue tracker <https://github.com/ascoderu/lokole/issues>`_. See also `IIAB's issue tracker <https://github.com/iiab/iiab/search?q=lokole&type=issues>`_.

2
roles/nextcloud/tasks/install.yml
View file

@ -91,7 +91,7 @@
state: directory
path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud
- name: Unarchive {{ nextcloud_dl_url }} (~132 MB) to {{ nextcloud_root_dir }} (~474 MB initially, 496+ MB later, {{ apache_user }}:{{ apache_user }})
- name: Unarchive {{ nextcloud_dl_url }} (~133 MB) to {{ nextcloud_root_dir }} (~476 MB initially, 498+ MB later, {{ apache_user }}:{{ apache_user }})
unarchive:
remote_src: yes # Overwrite even if "already exists on the target"
src: "{{ nextcloud_dl_url }}"

2
roles/phpmyadmin/defaults/main.yml
View file

@ -4,7 +4,7 @@
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
phpmyadmin_version: 5.1.2
phpmyadmin_version: 5.1.3
phpmyadmin_name: "phpMyAdmin-{{ phpmyadmin_version }}-all-languages"
phpmyadmin_dl_url: "https://files.phpmyadmin.net/phpMyAdmin/{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz"
phpmyadmin_name_zip: "{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz"

2
roles/remoteit/defaults/main.yml
View file

@ -12,7 +12,7 @@
# - Debian Linux (x86_64)
# - Pi OS (ARM)
# - Pi OS (ARM64)
remoteit_version: 4.13.7
remoteit_version: 4.14.1
# See https://docs.remote.it/device-package/installation to refine URL below:
device_suffixes:

4
roles/sugarizer/tasks/install.yml
View file

@ -29,7 +29,7 @@
# 2. DOWNLOAD+LINK /opt/iiab/sugarizer
- name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~717 MB)
- name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~740 MB)
git:
repo: https://github.com/llaske/sugarizer
dest: "{{ iiab_base }}/{{ sugarizer_dir_version }}"
@ -61,7 +61,7 @@
# CLARIF: during repeat runs of "./runrole sugarizer", this git sync shows
# "changed" (whereas above git sync shows "ok"). Reason: "npm install"
# (below) modifies /opt/iiab/sugarizer-server/node_modules
- name: Clone llaske/sugarizer-server ({{ sugarizer_server_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_server_dir_version }} (~9 MB initially, ~193+ MB later)
- name: Clone llaske/sugarizer-server ({{ sugarizer_server_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_server_dir_version }} (~9 MB initially, ~195+ MB later)
git:
repo: https://github.com/llaske/sugarizer-server
dest: "{{ iiab_base }}/{{ sugarizer_server_dir_version }}"

4
roles/transmission/README.rst
View file

@ -38,7 +38,9 @@ Log in to Transmission's web interface http://box:9091 using administrative acco
Username: Admin
Password: changeme
If you prefer the command-line, you can instead run `transmission-remote <https://linux.die.net/man/1/transmission-remote>`_ commands.
Change the above password by editing ``rpc-password`` in ``/etc/transmission-daemon/settings.json`` (your plaintext will be hashed to conceal it, the next time Transmission is started).
Finally if you prefer the command-line, you can instead run `transmission-remote <https://linux.die.net/man/1/transmission-remote>`_ commands.
Configuration
-------------

2
scripts/ansible
View file

@ -8,7 +8,7 @@
APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint
CURR_VER=undefined # Ansible version you currently have installed
GOOD_VER=2.12.2 # Orig for 'yum install [rpm]' & XO laptops (pip install)
GOOD_VER=2.12.3 # Orig for 'yum install [rpm]' & XO laptops (pip install)
# 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and
# .gpg key etc) are commented out with ### below. Associated guidance/comments

4
scripts/iiab-diagnostics.README.md
View file

@ -1,10 +1,10 @@
## Objective
To streamline troubleshooting of remote Internet-in-a-Box (IIAB) installations, we bundle up common machine/software diagnostics, all together in 1 human-readable small file, that can be easily circulated online AND offline.
To streamline troubleshooting of remote Internet-in-a-Box (IIAB) installations, we bundle up common machine/software diagnostics, all together in 1 human-readable small file, that can be easily circulated online AND offline. Just FYI Raspberry Pi OS's [/usr/bin/raspinfo](https://github.com/raspberrypi/utils/blob/master/raspinfo/raspinfo) serves a very similar purpose, but we do not include that program's 700-to-800 line output at present.
Passwords (including Wi-Fi passwords) are auto-redacted from this file, to protect your community confidentiality.
The ``pastebinit`` command can then be used to auto-upload this file, creating a short URL that makes it much easier to circulate among [volunteers](http://internet-in-a-box.org/pages/contributing.html).
Finally, the ``pastebinit`` command can then be used to auto-upload this file, creating a short URL that makes it much easier to circulate among [volunteers](http://internet-in-a-box.org/pages/contributing.html).
But first off, the file is compiled by harvesting 1 + 6 kinds of things:

1
vars/default_vars.yml
View file

@ -323,6 +323,7 @@ nginx_high_php_limits: False
# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS...
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133
# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini
# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf
# Make this True to enable http://box/js-menu/menu-files/services/power_off.php
apache_allow_sudo: False

5
vars/local_vars_large.yml
View file

@ -203,6 +203,7 @@ nginx_high_php_limits: False
# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS...
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133
# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini
# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf
# Make this True to enable http://box/js-menu/menu-files/services/power_off.php
apache_allow_sudo: False
@ -232,8 +233,8 @@ jupyterhub_install: True
jupyterhub_enabled: True
# Lokole (email for rural communities) from https://ascoderu.ca
lokole_install: True
lokole_enabled: True
lokole_install: False # 2022-03-13: Needs work with Python 3.9+
lokole_enabled: False # https://github.com/iiab/iiab/issues/3132
# Wikipedia's community editing platform - from MediaWiki.org
mediawiki_install: True

5
vars/local_vars_medium.yml
View file

@ -203,6 +203,7 @@ nginx_high_php_limits: False
# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS...
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133
# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini
# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf
# Make this True to enable http://box/js-menu/menu-files/services/power_off.php
apache_allow_sudo: False
@ -232,8 +233,8 @@ jupyterhub_install: False
jupyterhub_enabled: False
# Lokole (email for rural communities) from https://ascoderu.ca
lokole_install: False
lokole_enabled: False
lokole_install: False # 2022-03-13: Needs work with Python 3.9+
lokole_enabled: False # https://github.com/iiab/iiab/issues/3132
# Wikipedia's community editing platform - from MediaWiki.org
mediawiki_install: False

5
vars/local_vars_small.yml
View file

@ -203,6 +203,7 @@ nginx_high_php_limits: False
# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS...
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133
# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini
# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf
# Make this True to enable http://box/js-menu/menu-files/services/power_off.php
apache_allow_sudo: False
@ -232,8 +233,8 @@ jupyterhub_install: False
jupyterhub_enabled: False
# Lokole (email for rural communities) from https://ascoderu.ca
lokole_install: False
lokole_enabled: False
lokole_install: False # 2022-03-13: Needs work with Python 3.9+
lokole_enabled: False # https://github.com/iiab/iiab/issues/3132
# Wikipedia's community editing platform - from MediaWiki.org
mediawiki_install: False

1
vars/local_vars_unittest.yml
View file

@ -203,6 +203,7 @@ nginx_high_php_limits: False
# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS...
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133
# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini
# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf
# Make this True to enable http://box/js-menu/menu-files/services/power_off.php
apache_allow_sudo: False