external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Merge branch 'master' into less-apache

Browse source
This commit is contained in:
A Holt 2021-08-04 10:11:47 -04:00 committed by GitHub
commit 9676a9a03e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
45 changed files with 463 additions and 353 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

55
roles/0-init/defaults/main.yml
View file

@ -1,31 +1,54 @@
# adm_cons_force_ssl: False
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
# SEE ALSO /opt/iiab/iiab/roles/1-prep/defaults/main.yml
# 2021-07-30: Primarily for Admin Console: later change to 443 for #2811 HTTPS?
gui_port: 80
#is_F18: False # 2021-07-30: No longer used
# (PRE-)release version number, for {{ iiab_env_file }} = /etc/iiab/iiab.env
# iiab_base_ver: 7.1
# iiab_base_ver: 8.0
# iiab_revision: 0
# ABOVE MOVED TO /opt/iiab/iiab/vars/default_vars.yml
# ABOVE 3 LINES MOVED TO /opt/iiab/iiab/vars/default_vars.yml
# These entries should never be changed in this file.
# These are defaults for boolean routines.
# 2021-07-30: This variable (first_run) is still used in 2 places:
# (1) roles/1-prep/tasks/main.yml for raspberry_pi.yml
# (2) roles/network/tasks/named.yml
# ...after it is set in 0-init/tasks/main.yml
first_run: False
rpi_model: none
xo_model: none
rpi_model: none # 2021-07-30: Broadly used!
#xo_model: none # 2021-07-30: No longer used
# 2021-07-30: Recorded to /etc/iiab/iiab.ini but not used programmatically:
gw_active: False
# 2021-07-30: Broadly used, but not in an organized way -- most all IIAB
# outfitting/provisioning happens online -- in situations where connectivity
# failures should be reported to the operator, rather than papered over:
internet_available: False
discovered_wan_iface: none
discovered_wan_iface: none # 2021-07-30: Very broadly used!
# Old defs
gui_port: 80
is_F18: False
# 2021-07-30: Barely used -- for {named, dhcpd, squid} in
# roles/network/tasks/main.yml -- after being set in 0-init/tasks/network.yml
FQDN_changed: False
# Set default 1-prep discovered hardware
rtc_id: none
NUC6_firmware_needed: False
#rtc_id: none # 2021-07-30: Moved to 1-prep/defaults/main.yml
#NUC6_firmware_needed: False # 2021-07-30: Apparently never used
# Used in 2-common/tasks/xo.yml
wifi_id: none
#wifi_id: none # 2021-07-30: Had been used in 2-common/tasks/xo.yml
# Used in 2-common, 3-base-server and roles/network
# 2021-07-30: roles/network/tasks/squid.yml#L16 to stop Squid
# ("when: not installing") is the only non-Fedora use of this var.
# Earlier, this var HAD also been used in 2-common and 3-base-server.
installing: False
# Network
# 2021-07-30: Broadly used across roles/network/tasks/*.yml -- but things might
# possibly change if roles/network becomes optional per PR #2876 ?
no_net_restart: False
no_NM_reload: False
#no_NM_reload: False # 2021-07-30: Was used in roles/network/tasks/fedora/*

4
roles/0-init/tasks/create_iiab_ini.yml
View file

@ -35,7 +35,7 @@
value: "{{ ansible_local.local_facts.iiab_commit }}"
- option: install_date
value: "{{ ansible_date_time.iso8601 }}"
- option: xo_model
value: "{{ xo_model }}"
#- option: xo_model
# value: "{{ xo_model }}"
- option: rpi_model
value: "{{ rpi_model }}"

28
roles/0-init/tasks/main.yml
View file

@ -7,12 +7,17 @@
# Higher-level purpose explained at the bottom of:
# https://github.com/iiab/iiab/blob/master/vars/default_vars.yml
- name: "Ansible just ran /etc/ansible/facts.d/local_facts.fact to set 11 vars -- here we extract 3 of those -- rpi_model: {{ ansible_local.local_facts.rpi_model }}, xo_model: {{ ansible_local.local_facts.xo_model }}, iiab_stage: {{ ansible_local.local_facts.stage }}"
- name: "Ansible just ran /etc/ansible/facts.d/local_facts.fact to set 10 vars -- here we extract 2 of those -- rpi_model: {{ ansible_local.local_facts.rpi_model }}, iiab_stage: {{ ansible_local.local_facts.stage }}"
set_fact:
rpi_model: "{{ ansible_local.local_facts.rpi_model }}"
xo_model: "{{ ansible_local.local_facts.xo_model }}"
#xo_model: "{{ ansible_local.local_facts.xo_model }}"
iiab_stage: "{{ ansible_local.local_facts.stage }}"
# 2020-10-29: Appears no longer nec (see 3 above ansible_local.local_facts.*)
#- name: Re-read local_facts.facts from /etc/ansible/facts.d
# setup:
# filter: ansible_local
# Initialize /etc/iiab/iiab.ini writing the 'location' and 'version' sections
# once and only once, to preserve the install date and git hash.
- name: Create {{ iiab_ini_file }}, if it doesn't exist
@ -29,11 +34,6 @@
first_run: True
when: not iiab_ini_test.stat.exists
# 2020-10-29: Appears no longer nec (see 3 above ansible_local.local_facts.*)
#- name: Re-read local_facts.facts from /etc/ansible/facts.d
# setup:
# filter: ansible_local
# Copies the latest/known version of iiab-diagnostics into /usr/bin (so it can
# be run even if local source tree /opt/iiab/iiab is deleted to conserve disk).
@ -56,7 +56,7 @@
- name: "Time Zone / TZ: Set symlink /etc/localtime to UTC if it doesn't exist?"
include_tasks: tz.yml
- name: Test Gateway + Test Internet + Set new hostname if nec + Set 'gui_port' to 80 or 443 for Admin Console
- name: Test Gateway + Test Internet + Set new hostname/domain (hostname.yml) if nec + Set 'gui_port' to 80 or 443 for Admin Console
include_tasks: network.yml
@ -95,14 +95,14 @@
value: "{{ rpi_model }}"
- option: first_run
value: "{{ first_run }}"
- option: local_tz # e.g. EDT after Ansible interprets /etc/localtime below
- option: local_tz # e.g. 'EDT' (summer) or 'EST' (winter) after Ansible interprets symlink /etc/localtime -- or 'UTC' if /etc/localtime doesn't exist
value: "{{ local_tz }}"
- option: etc_localtime.stdout # e.g. America/New_York
- option: etc_localtime.stdout # e.g. 'America/New_York' direct from symlink /etc/localtime -- or '' if /etc/localtime doesn't exist
value: "{{ etc_localtime.stdout }}"
- option: no_NM_reload
value: "{{ no_NM_reload }}"
- option: is_F18
value: "{{ is_F18 }}"
#- option: no_NM_reload
# value: "{{ no_NM_reload }}"
#- option: is_F18
# value: "{{ is_F18 }}"
- option: FQDN_changed
value: "{{ FQDN_changed }}"

13
roles/0-init/tasks/network.yml
View file

@ -46,15 +46,18 @@
iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}"
FQDN_changed: False
- name: "Set 'FQDN_changed: True' when iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }})"
- name: Set hostname / domain (etc) in various places -- if iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }})
include_tasks: hostname.yml
when: iiab_fqdn != ansible_fqdn
# 2021-07-30: FQDN_changed isn't used as in the past -- its remaining use is
# for {named, dhcpd, squid} in roles/network/tasks/main.yml -- possibly it
# should be reconsidered? See PR #2876: roles/network might become optional?
- name: "Also set 'FQDN_changed: True' -- if iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }})"
set_fact:
FQDN_changed: True
when: iiab_fqdn != ansible_fqdn
- name: Set hostname if FQDN_changed
include_tasks: hostname.yml
when: FQDN_changed
- name: "Set 'gui_port: 80' for Admin Console if not adm_cons_force_ssl"
set_fact:

2
roles/0-init/tasks/tz.yml
View file

@ -11,7 +11,7 @@
register: etc_localtime
- name: "/etc/localtime now specifies: {{ etc_localtime.stdout }}"
command: echo # 'meta: noop' is not enough to force var instantiation above
command: echo # 'meta: noop' is not enough to force instantiation of 'name: {{ var }}' just above
#- name: Check for a /etc/localtime symlink to TZ - NEVER FAILS DUE TO PIPE

35
roles/1-prep/README.rst
View file

@ -2,21 +2,24 @@
1-prep README
=============
This 1st `stage <https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible>`_ (1-prep) is primarily hardware-focused, prior to OS
additions/mods — but also includes critical pieces sometimes needed for
remote support:
This 1st `stage <https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible>`_ (1-prep) arranges low-level things like remote support infra, DNS prep, hardware, low-level OS quirks, and basic security:
- dnsmasq
- /etc/iiab/uuid
- Customizing /var/log/* for Ubermix on each boot, using /etc/tmpfiles.d
- SSH
- `iiab-admin <https://github.com/iiab/iiab/tree/master/roles/iiab-admin>`_ username and group to log into Admin Console
- OpenVPN software if/as needed later for remote support
- `raspberry_pi.yml <tasks/raspberry_pi.yml>`_ including RTC, essential packages, and networking basics
- SSHD
- OpenVPN if/as needed later for remote support
- `iiab-admin <https://github.com/iiab/iiab/tree/master/roles/iiab-admin#iiab-admin-readme>`_ username and group, to log into Admin Console
- dnsmasq (install now, configure later!)
- Universally unique identifier: /etc/iiab/uuid
- Ubermix (distro) needs /etc/tmpfiles.d/iiab.conf to create essential /var/log subdirs on each boot
- Hardware actions:
- `raspberry_pi.yml <tasks/raspberry_pi.yml>`_:
- RTC (real-time clock): install udev rule, configure, enable
- Install packages related to:
- growpart
- swapfile
- fake-hwclock (as RTC is often missing or dead!)
- Wi-Fi
- Increase swap file size
- `rootfs auto-resizing <https://github.com/iiab/iiab/blob/master/roles/1-prep/templates/iiab-rpi-max-rootfs.sh>`_
- NUC 6 Wi-Fi firmware
Traditionally 1-prep also included preliminaries like hostname and
hardware-oriented things specific to a particular platform (such as
One Laptop Per Child's XO laptop) i.e. critical setup prior to the
bulk of IIAB's software install.
Recap: Similar to 0-init, 2-common, 3-base-server, 4 server-options and 5-xo-services ⁠— this 1st stage installs core server infra (that is not user-facing).
Recap: Similar to 0-init, 2-common, 3-base-server, 4 server-options and 5-xo-services — this 1st stage installs core server infra (that is not user-facing).

11
roles/1-prep/defaults/main.yml Normal file
View file

@ -0,0 +1,11 @@
# Real-time clock: RTC chip family. Future auto-detection plausible?
# rtc_id: none # Or ds3231 ? Used in 1-prep/tasks/raspberry_pi.yml
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
# SEE ALSO /opt/iiab/iiab/roles/0-init/defaults/main.yml
#NUC6_firmware_needed: False # 2021-07-30: Apparently never used

17
roles/1-prep/tasks/hardware.yml Normal file
View file

@ -0,0 +1,17 @@
## DISCOVER PLATFORMS ######
# Put conditional actions for hardware platforms here
- include_tasks: raspberry_pi.yml
when: first_run and rpi_model != "none"
- name: Check if the identifier for Intel's NUC6 built-in WiFi is present
shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'"
register: usb_NUC6
ignore_errors: True
- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 # iiab_download_url is http://download.iiab.io/packages
get_url:
url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode"
dest: /lib/firmware
timeout: "{{ download_timeout }}"
when: internet_available and usb_NUC6.stdout|int > 0

101
roles/1-prep/tasks/main.yml
View file

@ -1,85 +1,31 @@
# Preparations (Hardware Level)
# Preparations (low-level e.g. remote support, DNS prep, HW/OS, basic security)
- name: ...IS BEGINNING ============================================
meta: noop
- name: dnsmasq (install now, configure LATER in 'network', after Stage 9)
include_tasks: roles/network/tasks/dnsmasq.yml
#when: dnsmasq_install # Flag might be used in future?
- name: 'Install packages: sudo, uuid-runtime'
package:
name:
- sudo
- uuid-runtime
state: present
- name: Does /etc/iiab/uuid exist?
stat:
path: /etc/iiab/uuid
register: uuid_file
- name: If not, run 'uuidgen' to create a uuid, in register uuid_response
command: uuidgen
register: uuid_response
when: not uuid_file.stat.exists
- name: Save it to /etc/iiab/uuid
shell: echo {{ uuid_response.stdout_lines[0] }} > /etc/iiab/uuid
when: not uuid_file.stat.exists
- name: Load /etc/iiab/uuid, into register stored_uuid
command: cat /etc/iiab/uuid
register: stored_uuid
- name: Store it in Ansible variable 'uuid'
set_fact:
uuid: "{{ stored_uuid.stdout_lines[0] }}"
- name: Does 'ubermix' exist in /etc/lsb-release?
shell: grep -i ubermix /etc/lsb-release # Pipe to cat to avoid red errors?
register: grep_ubermix
failed_when: False # Universal way to hide alarmist red errors!
#ignore_errors: True
#check_mode: no
- name: If so, install /etc/tmpfiles.d/iiab.conf to create /var/log subdirs on each boot, so {Apache, MongoDB, Munin} run on Ubermix
copy:
src: roles/1-prep/files/iiab.conf
dest: /etc/tmpfiles.d/
# owner: root
# group: root
# mode: '0644'
force: yes
when: grep_ubermix.rc == 0 # 1 if absent in file, 2 if file doesn't exist
# 2020-03-19: for KA Lite, but moved from roles/kalite/tasks/install.yml
# This effectively does nothing at all on Ubuntu & Raspbian, where libgeos-*
# pkgs are not installed FWIW. But it's included to safeguard us across all
# OS's, in case others OS's like Ubermix later appear. See #1382 for details.
# Removing pkgs libgeos-3.6.2 & libgeos-c1v5 fixed the situation on Ubermix!
- name: Remove libgeos-* pkgs, avoiding KA Lite Django failure on Ubermix
shell: apt -y remove "libgeos-*"
when: grep_ubermix.rc == 0 # 1 if absent in file, 2 if file doesn't exist
- name: SSHD -- required by OpenVPN below -- also run by roles/4-server-options/tasks/main.yml
include_role:
name: sshd
when: sshd_install
- name: IIAB-ADMIN
include_role:
name: iiab-admin
#when: iiab_admin_install # Flag might be created in future?
- name: OPENVPN
include_role:
name: openvpn
when: openvpn_install
- name: IIAB-ADMIN -- includes roles/iiab-admin/tasks/access.yml
include_role:
name: iiab-admin
#when: iiab_admin_install # Flag might be created in future?
- name: Install dnsmasq -- configure LATER in 'network', after Stage 9
include_tasks: roles/network/tasks/dnsmasq.yml
#when: dnsmasq_install # Flag might be used in future?
- include_tasks: uuid.yml
- include_tasks: ubermix.yml
- include_tasks: hardware.yml # Can run raspberry_pi.yml
# Debian 10 "Buster" is apparently enabling AppArmor in 2019:
# https://wiki.debian.org/AppArmor/Progress
@ -109,25 +55,6 @@
# when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed
## DISCOVER PLATFORMS ######
# Put conditional actions for hardware platforms here
- include_tasks: raspberry_pi.yml
when: first_run and rpi_model != "none"
- name: Check if the identifier for Intel's NUC6 built-in WiFi is present
shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'"
register: usb_NUC6
ignore_errors: True
- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 # iiab_download_url is http://download.iiab.io/packages
get_url:
url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode"
dest: /lib/firmware
timeout: "{{ download_timeout }}"
when: internet_available and usb_NUC6.stdout|int > 0
- name: Recording STAGE 1 HAS COMPLETED ============================
template:
src: roles/1-prep/templates/iiab.env.j2

3
roles/1-prep/tasks/raspberry_pi.yml
View file

@ -31,6 +31,7 @@
# line: 'include btcfg.txt'
# when: is_ubuntu
- name: '2021-07-27: SEE ALSO ~4 networking packages LATER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/packages.yml'
meta: noop
@ -55,6 +56,7 @@
- wireless-tools # 2021-07-27: RaspiOS installs this regardless -- manipulate Linux Wireless Extensions
state: present
- name: Increase swap file size (to CONF_SWAPSIZE={{ pi_swap_file_size }} in /etc/dphys-swapfile) as kalite pip download fails
lineinfile:
path: /etc/dphys-swapfile
@ -67,6 +69,7 @@
name: dphys-swapfile
state: restarted
- name: Install RPi rootfs resizing (/usr/sbin/iiab-rpi-max-rootfs.sh) and its systemd service (/etc/systemd/system/iiab-rpi-root-resize.service), from templates (root:root by default)
template:
src: "{{ item.src }}"

25
roles/1-prep/tasks/ubermix.yml Normal file
View file

@ -0,0 +1,25 @@
- name: Does 'ubermix' exist in /etc/lsb-release?
shell: grep -i ubermix /etc/lsb-release # Pipe to cat to avoid red errors?
register: grep_ubermix
failed_when: False # Universal way to hide alarmist red errors!
#ignore_errors: True
#check_mode: no
- name: If so, install /etc/tmpfiles.d/iiab.conf to create /var/log subdirs on each boot, so {Apache, MongoDB, Munin} run on Ubermix (root:root, 0644 by default)
copy:
src: roles/1-prep/files/iiab.conf
dest: /etc/tmpfiles.d/
# owner: root
# group: root
# mode: 0644
force: yes
when: grep_ubermix.rc == 0 # 1 if absent in file, 2 if file doesn't exist
# 2020-03-19: for KA Lite, but moved from roles/kalite/tasks/install.yml
# This effectively does nothing at all on Ubuntu & Raspbian, where libgeos-*
# pkgs are not installed FWIW. But it's included to safeguard us across all
# OS's, in case others OS's like Ubermix later appear. See #1382 for details.
# Removing pkgs libgeos-3.6.2 & libgeos-c1v5 fixed the situation on Ubermix!
- name: Remove libgeos-* pkgs, avoiding KA Lite Django failure on Ubermix
shell: apt -y remove "libgeos-*"
when: grep_ubermix.rc == 0 # 1 if absent in file, 2 if file doesn't exist

26
roles/1-prep/tasks/uuid.yml Normal file
View file

@ -0,0 +1,26 @@
- name: "Install packages: uuid-runtime"
package:
name: uuid-runtime
state: present
- name: Does /etc/iiab/uuid exist?
stat:
path: /etc/iiab/uuid
register: uuid_file
- name: If not, run 'uuidgen' to create a uuid, in register uuid_response
command: uuidgen
register: uuid_response
when: not uuid_file.stat.exists
- name: Save it to /etc/iiab/uuid
shell: echo {{ uuid_response.stdout_lines[0] }} > /etc/iiab/uuid
when: not uuid_file.stat.exists
- name: Load /etc/iiab/uuid, into register stored_uuid
command: cat /etc/iiab/uuid
register: stored_uuid
- name: Store it in Ansible variable 'uuid'
set_fact:
uuid: "{{ stored_uuid.stdout_lines[0] }}"

0
roles/1-prep/templates/chrony.conf.j2 → roles/1-prep/templates/chrony.conf.j2.unused
View file

4
roles/2-common/tasks/main.yml
View file

@ -8,11 +8,12 @@
- include_tasks: packages.yml
- name: 'Network prep, including partial setup of iptables (firewall) -- SEE ALSO: 1-prep/tasks/raspberry_pi.yml'
- name: "Network prep, including partial setup of iptables (firewall) -- SEE ALSO: 1-prep/tasks/raspberry_pi.yml"
include_tasks: network.yml
- include_tasks: iiab-startup.yml
# UNMAINTAINED
#- include_tasks: centos.yml
# when: ansible_distribution == "CentOS"
@ -39,6 +40,7 @@
# dest: /etc/profile.d/zzz_iiab.sh
# src: zzz_iiab.sh
- name: Recording STAGE 2 HAS COMPLETED ==========================
lineinfile:
path: "{{ iiab_env_file }}"

4
roles/2-common/tasks/packages.yml
View file

@ -26,14 +26,14 @@
#- make # 2021-07-27: Currently used by roles/pbx and no other roles
- mlocate
- net-tools # 2021-04-26: @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output?
#- ntfs-3g # 2021-07-27: RaspiOS installs this regardless -- but this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g
#- ntfs-3g # 2021-07-31: RaspiOS installs this regardless -- but this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g -- and upcoming kernel 5.15 improvements: https://www.phoronix.com/scan.php?page=news_item&px=New-NTFS-Likely-For-Linux-5.15
#- openssh-server # ssh (Raspbian) or openssh-server (other OS's) already installed by 1-prep's roles/sshd/tasks/main.yml
- pandoc # For /usr/bin/iiab-refresh-wiki-docs
- pastebinit # For /usr/bin/iiab-diagnostics
- rsync
#- screen # Installed by 1-prep's roles/iiab-admin/tasks/access.yml
- sqlite3
#- sudo # Installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml
#- sudo # (1) Should be installed prior to installing IIAB, (2) Can also be installed by roles/1-prep's roles/openvpn/tasks/install.yml, (3) Is definitely installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml
- tar
- unzip
#- usbmount # Moved to roles/usb_lib/tasks/install.yml

3
roles/4-server-options/tasks/main.yml
View file

@ -23,6 +23,7 @@
name: sshd
when: sshd_install
# UNMAINTAINED
- name: Install named / BIND
include_tasks: roles/network/tasks/named.yml
@ -38,6 +39,7 @@
include_tasks: roles/network/tasks/squid.yml
when: squid_install is defined and squid_install
- name: Install Bluetooth - only on Raspberry Pi
include_role:
name: bluetooth
@ -69,6 +71,7 @@
name: www_options
#when: www_options_install # Flag might be created in future?
- name: Recording STAGE 4 HAS COMPLETED ==================
lineinfile:
path: "{{ iiab_env_file }}"

5
roles/6-generic-apps/tasks/main.yml
View file

@ -62,11 +62,6 @@
name: nextcloud
when: nextcloud_install
- name: PBX
include_role:
name: pbx
when: pbx_install
- name: WORDPRESS
include_role:
name: wordpress

25
roles/9-local-addons/tasks/main.yml
View file

@ -3,32 +3,39 @@
- name: ...IS BEGINNING ====================================
meta: noop
- name: INTERNETARCHIVE
include_role:
name: internetarchive
when: internetarchive_install
# Is porting to Python 3 complete, and if so does this belong elsewhere?
- name: CAPTIVE PORTAL
include_role:
name: captiveportal
when: captiveportal_install
- name: INTERNETARCHIVE
include_role:
name: internetarchive
when: internetarchive_install
- name: MINETEST
include_role:
name: minetest
when: minetest_install
# KEEP AT THE END as this installs dependencies from Debian's 'testing' branch!
- name: CALIBRE-WEB
include_role:
name: calibre-web
when: calibreweb_install
# KEEP NEAR THE VERY END as this installs dependencies from Debian's 'testing' branch!
- name: CALIBRE
include_role:
name: calibre
when: calibre_install
- name: CALIBRE-WEB
# Pulls in a large number of devel packages, via asterisk.yml -> 'install_prereq install'
# https://github.com/asterisk/asterisk/blob/master/contrib/scripts/install_prereq#L21-L35
- name: PBX - Asterisk & FreePBX
include_role:
name: calibre-web
when: calibreweb_install
name: pbx
when: pbx_install
- name: "2021-06-27 TEMPORARY CODE TO INSTALL 'php-pear' UNTIL ADMIN CONSOLE DECLARES ITS OWN DEPENDENCY FOR: https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19"
package:

3
roles/iiab-admin/tasks/sudo-prereqs.yml
View file

@ -1,7 +1,6 @@
# roles/2-common/tasks/packages.yml also installed sudo, but that's too late
- name: 'Install package: sudo'
package:
name: sudo
name: sudo # (1) Should be installed prior to installing IIAB, (2) Can also be installed by roles/1-prep's roles/openvpn/tasks/install.yml, (3) Is definitely installed by 1-prep here, (4) Used to be installed by roles/2-common/tasks/packages.yml (but that's too late!)
- name: Temporarily make file /etc/sudoers editable (0640)
file:

9
roles/jupyterhub/tasks/enable-or-disable.yml
View file

@ -1,17 +1,14 @@
- name: systemd daemon-reload
systemd:
daemon_reload: yes
- name: Enable & Restart jupyterhub.service
systemd:
daemon_reload: yes
name: jupyterhub
enabled: yes
state: restarted
when: jupyterhub_enabled
- name: Disable jupyterhub.service
- name: Disable & Stop jupyterhub.service
systemd:
daemon_reload: yes
name: jupyterhub
enabled: no
state: stopped

0
roles/mysql/tasks/centos.yml → roles/mysql/tasks/centos.yml.unused
View file

0
roles/mysql/tasks/fedora.yml → roles/mysql/tasks/fedora.yml.unused
View file

8
roles/mysql/tasks/install.yml
View file

@ -1,8 +1,8 @@
# Stanzas as of 2020-05-21:
# Stanzas as of 2021-08-02:
#
# - 1 base install
# - 6 double timeout for slow CPUs
# - 7 DB config
# - 2 DB config
# - 2 record as installed
- name: 'Install MySQL packages: mariadb-server, mariadb-client, php{{ php_version }}-mysql'
@ -98,7 +98,7 @@
when: mariadb_unit_file.stat.exists
# 7 STANZAS BELOW...could later be put into setup.yml or config.yml or or provision.yml ?
# 2 STANZAS BELOW...could later be put into setup.yml or config.yml or or provision.yml ?
# Name of MySQL service varies by OS, so hardcoded in /opt/iiab/iiab/vars/<OS>.yml (formerly in roles/0-init/tasks/main.yml)
- name: Start MySQL systemd service ({{ mysql_service }}) to permit configuration
@ -107,7 +107,7 @@
daemon_reload: yes
state: restarted
- name: Install /root/.my.cnf file from template, with root password credentials
- name: "Install /root/.my.cnf file from template -- used to contain root password credential, prior to 2020-08-24: https://github.com/iiab/iiab/pull/2488"
template:
src: my.cnf.j2
dest: /root/.my.cnf

19
roles/network/tasks/computed_network.yml
View file

@ -1,15 +1,18 @@
# just lie about active gateway present on XOs to suppress ifcfg-WAN
# auto-creation/moving with XOs using NM/system-connections/ via keyfile.
# ifcfg-rh acts on /etc/sys*/net*/ifcfg-* where we search for devices.
- name: Setting XO has WiFi gateway
set_fact:
user_wan_iface: "{{ discovered_wan_iface }}"
when: not (discovered_wan_iface == "none") and not (xo_model == "none") and has_ifcfg_gw == "none"
- name: XO laptop wants USB WiFi interface as AP mode
set_fact:
iiab_wireless_lan_iface: "{{ discovered_lan_iface }}"
when: num_wifi_interfaces >= "2" and not (xo_model == "none") and not (discovered_wan_iface == "none") and discovered_wireless_iface == "eth0"
# 2021-07-30: Var 'xo_model' is being deprecated
#- name: Setting XO has WiFi gateway
# set_fact:
# user_wan_iface: "{{ discovered_wan_iface }}"
# when: not (discovered_wan_iface == "none") and not (xo_model == "none") and has_ifcfg_gw == "none"
# 2021-07-30: Var 'xo_model' is being deprecated
#- name: XO laptop wants USB WiFi interface as AP mode
# set_fact:
# iiab_wireless_lan_iface: "{{ discovered_lan_iface }}"
# when: num_wifi_interfaces >= "2" and not (xo_model == "none") and not (discovered_wan_iface == "none") and discovered_wireless_iface == "eth0"
# static backout suppy new template file
- name: gui-static-wan

2
roles/nextcloud/README.md
View file

@ -1,4 +1,4 @@
# Nextcloud
# Nextcloud README
Students and teachers can store their documents, calendars, contacts and photos locally within [Nextcloud](https://nextcloud.com), which is much like having a (local) version of Dropbox or Google Drive on your very own [Internet-in-a-Box](http://internet-in-a-box.org).

7
roles/nginx/templates/server.conf.j2
View file

@ -20,9 +20,10 @@ server {
include fastcgi_params;
}
location /cgi-bin {
root /usr/lib;
}
# 2021-07-30: Security risk identified by @tim-moody
#location /cgi-bin {
# root /usr/lib;
#}
# if you don't like seeing all the errors for missing favicon.ico in root
location = /favicon.ico { access_log off; log_not_found off; }

5
roles/openvpn/tasks/install.yml
View file

@ -1,8 +1,9 @@
- name: Install OpenVPN and Nmap packages
- name: "Install packages: nmap, openvpn, sudo"
package:
name:
- openvpn
- nmap
- openvpn
- sudo # (1) Should be installed prior to installing IIAB, (2) Can also be installed by 1-prep here, (3) Is definitely installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml, (4) Used to be installed by roles/2-common/tasks/packages.yml (but that's too late!)
state: present
# Newer versions of NMap do not include NCat, needed to announce /etc/iiab/openvpn_handle

33
roles/pbx/README.rst
View file

@ -1,10 +1,27 @@
.. |ss| raw:: html
<strike>
.. |se| raw:: html
</strike>
.. |nbsp| unicode:: 0xA0
:trim:
==========
PBX README
==========
This 'pbx' playbook adds `Asterisk <https://asterisk.org/>`_ and `FreePBX <https://freepbx.org/>`_ to Internet-in-a-Box (IIAB) for VoIP and SIP functionality e.g. for rural telephony.
This "pbx" playbook adds `Asterisk <https://asterisk.org/>`_ and `FreePBX <https://freepbx.org/>`_ to Internet-in-a-Box (IIAB) for VoIP and SIP functionality e.g. for rural telephony.
This initial release (for IIAB 6.7 in February 2019) supports Ubuntu 18.04, Debian 9 "Stretch" — and experimentally supports Raspberry Pi: `#1467 <https://github.com/iiab/iiab/issues/1467>`_
The initial release (for IIAB 6.7 in February 2019) supported Ubuntu 18.04, Debian 9 "Stretch" — and experimentally, Raspberry Pi: `#1467 <https://github.com/iiab/iiab/issues/1467>`_
*2021-08-02 GOOD NEWS: IIAB has upgraded from Asterisk 16.x (released 2018-10-09) to 18.x (released 2020-10-20*, `docs <https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation>`_): `PR #2896 <https://github.com/iiab/iiab/pull/2896>`_
*2021-08-02 WORK IN PROGRESS: The latest versions of Ubuntu (20.04, 20.10, 21.04), Debian 11 "Bullseye" and the imminent Raspberry Pi OS 11 "Bullseye" all include PHP 7.4 — which does not work with FreePBX 15 — so IIAB is making the transition to* `FreePBX 16 Beta <https://www.freepbx.org/freepbx-16-beta-is-here/>`_ *which emerged on 2021-06-21:* `PR #2899 <https://github.com/iiab/iiab/pull/2899>`_
*PLEASE UNDERSTAND THIS MEANS THAT: IIAB no longer supports FreePBX 15 (i.e. Linux distros with PHP <= 7.3, e.g. on Raspberry Pi OS 10 "Buster"). Thank you for your understanding, as we look to the future together!*
What Asterisk & FreePBX Do
--------------------------
@ -31,19 +48,21 @@ You can monitor the FreePBX service with command::
systemctl status freepbx
Raspberry Pi Known Issue
------------------------
Raspberry Pi Known Issues
-------------------------
As of 2019-02-14, "systemctl restart freepbx" fails more than 50% of the time when run on a `BIG-sized <http://wiki.laptop.org/go/IIAB/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation.3F>`_ install of IIAB 6.7 on RPi 3 or RPi 3 B+.
|ss| As of 2019-02-14, "systemctl restart freepbx" failed more than 50% of the time when run on a `BIG-sized <http://wiki.laptop.org/go/IIAB/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation.3F>`_ install of IIAB 6.7 on RPi 3 or RPi 3 B+.
It is possible that FreePBX restarts much more reliably when run on a MIN-sized install of IIAB? Please `contact us <http://wiki.laptop.org/go/IIAB/FAQ#What_are_the_best_places_for_community_support.3F>`_ if you can assist here in any way: `#1493 <https://github.com/iiab/iiab/issues/1493>`_
It is possible that FreePBX restarts much more reliably when run on a MIN-sized install of IIAB? Please `contact us <http://wiki.laptop.org/go/IIAB/FAQ#What_are_the_best_places_for_community_support.3F>`_ if you can assist here in any way: `#1493 <https://github.com/iiab/iiab/issues/1493>`_ |se|
Raspberry Pi Zero W Warning
---------------------------
Node.js applications like Asterisk/FreePBX, Node-RED and Sugarizer won't work on Raspberry Pi Zero W (ARMv6) if you installed Node.js while on RPi 3, 3 B+ (ARMv7) or RPi 4 (ARMv8). If necessary, run ``apt remove nodejs`` or ``apt purge nodejs`` then ``rm /etc/apt/sources.list.d/nodesource.list; apt update`` then (`attempt! <https://nodered.org/docs/hardware/raspberrypi#swapping-sd-cards>`_) to `install Node.js <https://github.com/iiab/iiab/blob/master/roles/nodejs/tasks/main.yml>`_ *on the Raspberry Pi Zero W itself* (a better approach than "cd /opt/iiab/iiab; ./runrole nodejs" is to try ``apt install nodejs`` or try installing the tar file mentioned at `#2082 <https://github.com/iiab/iiab/issues/2082#issuecomment-569344617>`_). You might also need ``apt install npm``. Whatever versions of Node.js and npm you install, make sure ``/etc/iiab/iiab_state.yml`` contains the line ``nodejs_installed: True`` (add it if nec!) Finally, proceed to install Asterisk/FreePBX, Node-RED and/or Sugarizer. `#1799 <https://github.com/iiab/iiab/issues/1799>`_
Please also check the "Known Issues" at the bottom of `IIAB's latest release notes <https://github.com/iiab/iiab/wiki#our-evolution>`_.
Attribution
-----------
This 'pbx' playbook was heavily inspired by Yannik Sembritzki's `Asterisk <https://github.com/Yannik/ansible-role-asterisk>`_ and `FreePBX <https://github.com/Yannik/ansible-role-freepbx>`_ Ansible work, Thank You!
This "pbx" playbook was heavily inspired by Yannik Sembritzki's `Asterisk <https://github.com/Yannik/ansible-role-asterisk>`_ and `FreePBX <https://github.com/Yannik/ansible-role-freepbx>`_ Ansible work, Thank You!

11
roles/pbx/defaults/main.yml
View file

@ -1,5 +1,6 @@
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3.
# 2019: Worked on Ubuntu 18.04, Debian 9 w/ Node.js 10.x, and seemingly RPi 3+.
# 2021-08-03: Attempts FreePBX 16 Beta -- as required w/ PHP 7.4 OS's for #2897
# pbx_install: False
# pbx_enabled: False
@ -14,14 +15,12 @@
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
#pbx_installed: False
asterisk_url: http://downloads.asterisk.org/pub/telephony/asterisk/
asterisk_src_file: asterisk-16-current.tar.gz
asterisk_src_file: asterisk-18-current.tar.gz
asterisk_src_dir: /opt/iiab/asterisk
freepbx_url: http://mirror.freepbx.org/modules/packages/freepbx/
freepbx_src_file: freepbx-15.0-latest.tgz
freepbx_url: http://mirror.freepbx.org/modules/packages/freepbx/7.4/
freepbx_src_file: freepbx-16.0-latest.tgz # Beta as of 2021-06-21 but looking great! Does NOT support PHP < 7.4 (you've been warned!) Please review https://github.com/iiab/iiab/blob/master/roles/pbx/README.rst
freepbx_src_dir: /opt/iiab/freepbx
freepbx_install_dir: /var/www/html/freepbx

80
roles/pbx/tasks/asterisk.yml
View file

@ -1,30 +1,31 @@
- name: Asterisk - Install dependencies
include: asterisk_dependencies.yml
# 2021-08-03: Asterisk's own install_prereq (below) handles these?
#- name: Asterisk - Install dependencies
# include: asterisk_dependencies.yml
- name: Asterisk - Download software to /opt/iiab/downloads
- name: Asterisk - Download software to {{ downloads_dir }}
get_url:
url: "{{ asterisk_url }}/{{ asterisk_src_file }}"
dest: "{{ downloads_dir }}/{{ asterisk_src_file }}"
dest: "{{ downloads_dir }}/{{ asterisk_src_file }}" # e.g. /opt/iiab/downloads/asterisk-18-current.tar.gz
timeout: "{{ download_timeout }}"
when: internet_available
- name: Asterisk - Check for /opt/iiab/downloads/{{ asterisk_src_file }}
- name: Asterisk - Check for {{ downloads_dir }}/{{ asterisk_src_file }}
stat:
path: "{{ downloads_dir }}/{{ asterisk_src_file }}"
register: asterisk_src
- name: Asterisk - FAIL (force Ansible to exit) IF /opt/iiab/downloads/{{ asterisk_src_file }} doesn't exist
- name: Asterisk - FAIL (force Ansible to exit) IF {{ downloads_dir }}/{{ asterisk_src_file }} doesn't exist
fail:
msg: "{ downloads_dir }}/{{ asterisk_src_file }} is REQUIRED in order to install."
msg: "{{ downloads_dir }}/{{ asterisk_src_file }} is REQUIRED in order to install."
when: not asterisk_src.stat.exists
- name: Asterisk - Create install source directory
file:
path: "{{ asterisk_src_dir }}"
- name: Asterisk - Create install source dir {{ asterisk_src_dir }}
file:
path: "{{ asterisk_src_dir }}" # /opt/iiab/asterisk
state: directory
- name: Asterisk - Extract source
unarchive:
unarchive:
src: "{{ downloads_dir }}/{{ asterisk_src_file }}"
dest: "{{ asterisk_src_dir }}"
owner: root
@ -32,53 +33,58 @@
extra_opts: [--strip-components=1]
creates: "{{ asterisk_src_dir }}/Makefile"
# 2021-08-03: Asterisk's install_prereq script (stanza just below) installs
# 'aptitude' regardless, within handle_debian() here:
# https://github.com/asterisk/asterisk/blob/master/contrib/scripts/install_prereq#L262-L271
#
#- name: Asterisk - Install aptitude (otherwise install_prereq fails?)
# package:
# name: aptitude
# state: latest
- name: Asterisk - Run 'install_prereq install' for dependencies - CAN TAKE 5 MIN OR LONGER!
shell: export DEBIAN_FRONTEND=noninteractive && ./contrib/scripts/install_prereq install
args:
chdir: "{{ asterisk_src_dir }}"
# 2021-08-03: Requires subversion (installed just above)
- name: Asterisk - Download mp3 decoder library into source tree
command: "./contrib/scripts/get_mp3_source.sh"
args:
chdir: "{{ asterisk_src_dir }}"
creates: "addons/mp3/mpg123.h"
- name: Asterisk - Install aptitude (otherwise install_prereq fails?)
package:
name: aptitude
state: latest
- name: Asterisk - Ensure all dependencies are resolved - CAN TAKE 5 MIN OR LONGER!
shell: export DEBIAN_FRONTEND=noninteractive && ./contrib/scripts/install_prereq install
command: ./contrib/scripts/get_mp3_source.sh
args:
chdir: "{{ asterisk_src_dir }}"
creates: addons/mp3/mpg123.h
- name: Asterisk - Run the configure script
command: "./configure --with-jansson-bundled"
command: ./configure --with-jansson-bundled
args:
chdir: "{{ asterisk_src_dir }}"
- name: Asterisk - Run make menuselect.makeopts
command: "make menuselect.makeopts"
- name: Asterisk - Run 'make menuselect.makeopts'
command: make menuselect.makeopts
args:
chdir: "{{ asterisk_src_dir }}"
creates: "menuselect.makeopts"
creates: menuselect.makeopts
- name: Asterisk - Do a bit of menuselect configuration
command: >
menuselect/menuselect --enable app_macro --enable format_mp3
--enable CORE-SOUNDS-EN-WAV --enable CORE-SOUNDS-EN-G722
--enable EXTRA-SOUNDS-EN-WAV --enable EXTRA-SOUNDS-EN-G722 --enable EXTRA-SOUNDS-EN-GSM
--disable-category MENUSELECT_MOH
--disable-category MENUSELECT_MOH
args:
chdir: "{{ asterisk_src_dir }}"
- name: Asterisk - Run 'make' - CAN TAKE 30 MIN OR LONGER!
command: make
command: make
args:
chdir: "{{ asterisk_src_dir }}"
creates: "defaults.h"
creates: defaults.h
- name: Asterisk - Run 'make install' - CAN TAKE 2 MIN OR LONGER!
command: make install
args:
chdir: "{{ asterisk_src_dir }}"
creates: "/usr/sbin/asterisk"
creates: /usr/sbin/asterisk
- name: Asterisk - Run 'make config'
command: make config
@ -100,19 +106,19 @@
name: asterisk
state: present
- name: Asterisk - Ensure user 'asterisk' exists, and belongs to the required groups
- name: "Asterisk - Ensure user 'asterisk' exists, and belongs to groups: audio,dialout"
user:
name: asterisk
group: asterisk
groups: audio,dialout
home: "/var/lib/asterisk"
home: /var/lib/asterisk
system: yes
append: yes
- name: 'Asterisk - Set ownership of 5 directories: /etc/asterisk, /var/lib/asterisk, /var/log/asterisk, /var/spool/asterisk, /usr/lib/asterisk'
file:
dest: "{{ item }}"
owner: asterisk
- name: "Asterisk - Set ownership (asterisk:asterisk) for 5 directories: /etc/asterisk, /var/lib/asterisk, /var/log/asterisk, /var/spool/asterisk, /usr/lib/asterisk"
file:
dest: "{{ item }}"
owner: asterisk
group: asterisk
recurse: yes
with_items:

0
roles/pbx/tasks/asterisk_dependencies.yml → roles/pbx/tasks/asterisk_dependencies.yml.unused
View file

44
roles/pbx/tasks/enable-or-disable.yml Normal file
View file

@ -0,0 +1,44 @@
- name: Enable & (Re)start 'asterisk' systemd service (if pbx_enabled)
systemd:
daemon_reload: yes
name: asterisk
enabled: yes
state: restarted
when: pbx_enabled
- name: Disable & Stop 'asterisk' systemd service (if not pbx_enabled)
systemd:
daemon_reload: yes
name: asterisk
enabled: no
state: stopped
when: not pbx_enabled
- name: Enable & (Re)start 'freepbx' systemd service (if pbx_enabled)
systemd:
name: freepbx
enabled: yes
state: restarted
when: pbx_enabled
- name: Disable & Stop 'freepbx' systemd service (if not pbx_enabled)
systemd:
name: freepbx
enabled: no
state: stopped
when: not pbx_enabled
- name: Enable http://box:{{ pbx_http_port }}/freepbx via Apache, if pbx_enabled # http://box:83/freepbx
command: a2ensite freepbx.conf
when: pbx_enabled
- name: Disable http://box:{{ pbx_http_port }}/freepbx via Apache, if not pbx_enabled
command: a2dissite freepbx.conf
when: not pbx_enabled
- name: Restart Apache service ({{ apache_service }})
systemd:
name: "{{ apache_service }}" # httpd or apache2
state: restarted

78
roles/pbx/tasks/freepbx.yml
View file

@ -1,10 +1,10 @@
- name: FreePBX - Install dependencies
include: freepbx_dependencies.yml
- name: FreePBX - Download software to /opt/iiab/downloads
- name: FreePBX - Download software to {{ downloads_dir }}/{{ freepbx_src_file }}
get_url:
url: "{{ freepbx_url }}/{{ freepbx_src_file }}"
dest: "{{ downloads_dir }}/{{ freepbx_src_file }}"
dest: "{{ downloads_dir }}/{{ freepbx_src_file }}" # e.g. /opt/iiab/downloads/freepbx-16.0-latest.tgz
timeout: "{{ download_timeout }}"
when: internet_available
@ -18,13 +18,13 @@
msg: "{ downloads_dir }}/{{ freepbx_src_file }} is REQUIRED in order to install."
when: not freepbx_src.stat.exists
- name: FreePBX - Create install source directory
file:
path: "{{ freepbx_src_dir }}"
- name: FreePBX - Create install source dir {{ freepbx_src_dir }}
file:
path: "{{ freepbx_src_dir }}" # /opt/iiab/freepbx
state: directory
- name: FreePBX - Extract source
unarchive:
unarchive:
src: "{{ downloads_dir }}/{{ freepbx_src_file }}"
dest: "{{ freepbx_src_dir }}"
owner: root
@ -34,43 +34,43 @@
- name: FreePBX - Patch FreePBX source - IIAB Bug 1685
patch:
src: "roles/pbx/templates/71-freepbx-framework.patch"
src: roles/pbx/templates/71-freepbx-framework.patch
dest: "{{ freepbx_src_dir }}/amp_conf/htdocs/admin/libraries/BMO/Framework.class.php"
- name: FreePBX - Patch FreePBX source - wants [] not {}
patch:
src: "roles/pbx/templates/pbx.patch"
src: roles/pbx/templates/pbx.patch
dest: "{{ freepbx_src_dir }}/amp_conf/htdocs/admin/libraries/Composer/vendor/neitanod/forceutf8/src/ForceUTF8/Encoding.php"
- name: FreePBX - Disable & Stop asterisk service
- name: FreePBX - Disable & Stop 'asterisk' systemd service
systemd:
daemon_reload: yes
name: asterisk
enabled: no
state: stopped
- name: FreePBX - Add mysql user
- name: FreePBX - Add MySQL user ({{ asterisk_db_user }})
mysql_user:
name: "{{ asterisk_db_user }}"
password: "{{ asterisk_db_password }}"
priv: "{{ asterisk_db_dbname }}.*:ALL/{{ asterisk_db_cdrdbname }}.*:ALL"
# login_host: "{{ asterisk_db_host }}"
# login_user: "root"
# login_password: "{{ mysql_root_password }}"
# login_host: "{{ asterisk_db_host }}"
# login_user: root
# login_password: "{{ mysql_root_password }}"
host: "{{ (asterisk_db_host == 'localhost') | ternary('localhost', ansible_default_ipv4.address) }}"
state: present
- name: FreePBX - Add mysql db
- name: FreePBX - Add MySQL db ({{ asterisk_db_dbname }})
mysql_db:
name: "{{ asterisk_db_dbname }}"
encoding: utf8
collation: utf8_general_ci
# login_host: "{{ asterisk_db_host }}"
# login_user: "root"
# login_password: "{{ mysql_root_password }}"
# login_host: "{{ asterisk_db_host }}"
# login_user: root
# login_password: "{{ mysql_root_password }}"
state: present
- name: FreePBX - Add cdr mysql db
- name: FreePBX - Add cdr MySQL db ({{ asterisk_db_cdrdbname }})
mysql_db:
name: "{{ asterisk_db_cdrdbname }}"
encoding: utf8
@ -78,7 +78,7 @@
login_host: "{{ asterisk_db_host }}"
state: present
- name: FreePBX - Don't let freepbx take over the php sessions dir
- name: FreePBX - Prevent /etc/asterisk/freepbx_chown.conf take over of /var/lib/php/sessions
blockinfile:
content: |
[blacklist]
@ -89,18 +89,18 @@
group: asterisk
create: yes
- name: FreePBX - Create php sessions directory
file:
path: "/var/lib/php/asterisk_sessions/"
- name: FreePBX - Create new php sessions dir /var/lib/php/asterisk_sessions/
file:
path: /var/lib/php/asterisk_sessions/
state: directory
- name: FreePBX - Set ownership for php sessions directory
file:
dest: "/var/lib/php/asterisk_sessions/"
owner: asterisk
- name: FreePBX - Set ownership for new php sessions dir (asterisk:asterisk)
file:
dest: /var/lib/php/asterisk_sessions/
owner: asterisk
group: asterisk
recurse: yes
- name: FreePBX - Install (just run once) - CAN TAKE 12 MIN OR LONGER!
command: ./start_asterisk start
args:
@ -113,35 +113,31 @@
chdir: "{{ freepbx_src_dir }}"
creates: "{{ freepbx_install_dir }}"
- name: FreePBX - Patch FreePBX source - disable get_magic_quotes_gpc()
patch:
src: "roles/pbx/templates/pbx2.patch"
dest: "{{ freepbx_install_dir }}/admin/libraries/view.functions.php"
# 2021-08-02: FreePBX 16 seems to no longer need this FreePBX 15 patch?
# - name: FreePBX - Patch FreePBX source - disable get_magic_quotes_gpc()
# patch:
# src: roles/pbx/templates/pbx2.patch
# dest: "{{ freepbx_install_dir }}/admin/libraries/view.functions.php"
- name: FreePBX - Create /etc/odbc.ini
- name: FreePBX - Install /etc/odbc.ini from template (root:root, 0644 by default)
template:
src: odbc.ini.j2
dest: /etc/odbc.ini
# owner: root
# group: root
# mode: '0644'
- name: FreePBX - Install Apache's sites-available/freepbx.conf from template
- name: FreePBX - Install /etc/apache2/sites-available/freepbx.conf from template ({{ apache_user }}:{{ apache_user }}, 0644 by default)
template:
src: freepbx.conf.j2
dest: /etc/apache2/sites-available/freepbx.conf
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
mode: '0644'
- name: FreePBX - Add {{ pbx_http_port }} as a Listen directive to apache ports.conf
- name: FreePBX - Add directive "Listen {{ pbx_http_port }}" to /etc/apache2/ports.conf
lineinfile:
path: /etc/apache2/ports.conf
line: "Listen {{ pbx_http_port }}"
insertafter: Listen 80
# insertafter: Listen 80
- name: FreePBX - Install /etc/systemd/system/freepbx.service systemd unit file from template
- name: FreePBX - Install /etc/systemd/system/freepbx.service systemd unit file from template (root:root, 0644 by default)
template:
src: freepbx.service.j2
dest: /etc/systemd/system/freepbx.service
# mode: '0755' # Let's go with '0644' per unit file norms

26
roles/pbx/tasks/freepbx_dependencies.yml
View file

@ -8,24 +8,24 @@
- net-tools # required by FWConsole (command-line utility, that controls FreePBX)
- cron # required by FreePBX UCP package (User Control Panel)
- sox # required for CDR web-playback
#- php{{ php_version }} # Basically drags in phpX.Y-cgi (already below!)
- php{{ php_version }}-bcmath # Likewise installed in nextcloud/tasks/install.yml, wordpress/tasks/install.yml
#- php{{ php_version }} # Basically drags in phpX.Y-cgi (already below!)
- php{{ php_version }}-bcmath # Likewise installed in nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php{{ php_version }}-cgi
#- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
- php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php{{ php_version }}-fpm # Likewise installed in nginx/tasks/install.yml
#- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
- php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php{{ php_version }}-fpm # Likewise installed in nginx/tasks/install.yml
#- php{{ php_version }}-gettext
- php{{ php_version }}-gd # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml
- php{{ php_version }}-gd # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml
- php{{ php_version }}-imap
#- php{{ php_version }}-json # See stanza just below
- php{{ php_version }}-mbstring # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php{{ php_version }}-mysql # Likewise installed in mysql/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php-pear # Likewise installed for ADMIN CONSOLE https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19
#- php{{ php_version }}-json # See stanza just below
- php{{ php_version }}-mbstring # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php{{ php_version }}-mysql # Likewise installed in mysql/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php-pear # Likewise installed for ADMIN CONSOLE https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19
- php{{ php_version }}-snmp
- php{{ php_version }}-xml # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter}
- php{{ php_version }}-zip # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php{{ php_version }}-xml # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter}
- php{{ php_version }}-zip # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- libapache2-mod-php
#- python-mysqldb # https://github.com/Yannik/ansible-role-freepbx/blob/master/tasks/freepbx.yml#L33
#- python-mysqldb # https://github.com/Yannik/ansible-role-freepbx/blob/master/tasks/freepbx.yml#L33
- libapache2-mpm-itk # To serve FreePBX through a VirtualHost as asterisk user
state: latest

28
roles/pbx/tasks/freepbx_enable.yml
View file

@ -1,28 +0,0 @@
- name: FreePBX - Enable & (Re)start 'freepbx' systemd service (if pbx_enabled)
systemd:
daemon_reload: yes
name: freepbx
enabled: yes
state: restarted
when: pbx_enabled
- name: FreePBX - Disable & Stop 'freepbx' systemd service (if not pbx_enabled)
systemd:
daemon_reload: yes
name: freepbx
enabled: no
state: stopped
when: not pbx_enabled
- name: FreePBX - Enable http://box:{{ pbx_http_port }} via Apache, if pbx_enabled # http://box:83
command: a2ensite freepbx.conf
when: pbx_enabled
- name: FreePBX - Disable http://box:{{ pbx_http_port }} via Apache, if not pbx_enabled # http://box:83
command: a2dissite freepbx.conf
when: not pbx_enabled
- name: FreePBX - Restart Apache service ({{ apache_service }})
systemd:
name: "{{ apache_service }}" # httpd or apache2
state: restarted

20
roles/pbx/tasks/install.yml
View file

@ -1,10 +1,5 @@
- debug: # Crazy spacing below is tuned for 80-column screens
msg: >-
####################################################################WARNING:
ONLY UBUNTU 18.04, DEBIAN 9 & RASPBIAN ARE SUPPORTED AS OF FEB 2019. Please
assist Internet-in-a-Box communities worldwide if you can make
Asterisk and FreePBX work on other OS's / distros, Thank
You! http://FAQ.IIAB.IO ###############################################################################
- name: "ONLY PHP 7.4 IS SUPPORTED AS OF AUG 2021 -- PLEASE READ: https://github.com/iiab/iiab/tree/master/roles/pbx/#pbx-readme"
meta: noop
- name: "Set 'nodejs_install: True' and 'nodejs_enabled: True'"
@ -37,7 +32,7 @@
name: httpd
# 2021-07-27: taken care of by main.yml
# 2021-07-27: Taken care of by main.yml
#- name: TODO: Check if asterisk and freepbx are already installed
#
#- name: Check if /etc/systemd/system/freepbx.service is already installed
@ -50,10 +45,11 @@
# FreePBX already installed. Reinstall shall be skipped
# when: freepbx_installed.stat.exists
- name: Install 'make' package
package:
name: make
state: present
# 2021-08-03: Taken care of by asterisk.yml's scripts/install_prereq
#- name: Install 'make' package
# package:
# name: make
# state: present
- name: Install Asterisk
include_tasks: asterisk.yml

6
roles/pbx/tasks/main.yml
View file

@ -23,14 +23,14 @@
include_tasks: install.yml
when: pbx_installed is undefined
- name: Enable FreePBX (debuntu)
include_tasks: freepbx_enable.yml
when: pbx_installed is defined
- include_tasks: enable-or-disable.yml
- name: Asterisk - Install chan_dongle
include: chan_dongle.yml
when: asterisk_chan_dongle
- name: Add 'pbx' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini

0
roles/pbx/templates/pbx2.patch → roles/pbx/templates/pbx2.patch.unused
View file

14
roles/www_options/tasks/main.yml
View file

@ -85,18 +85,18 @@
- { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' }
when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install
# WARNING: This might cause excess use of RAM/disk or other resources!
# The first 5 values below were chosen by @ericnitschke and @kananigit on
# 2018-09-19: https://github.com/iiab/iiab/issues/1147
# 2020-03-08: IIAB DOES NOT SUPPORT UNINSTALLING APPS, so additional
# clauses (to reset/restore PHP's defaults) are not necessary at this time.
# 2021-06-28: WITH PHP 8, MOODLE'S CLI INSTALLER UNFORTUNATELY *REQUIRES*
# editing /etc/php/{{ php_version }}/cli/php.ini (below) -- even though during
# regular operation it instead uses .../apache2/php.ini or .../fpm/php.ini
#
# SEE ALSO roles/moodle/tasks/install.yml WHERE SIMILAR SURGERY'S DONE TO
# /etc/php/{{ php_version }}/apache2/php.ini UNTIL MOODLE'S PORTED TO NGINX!
# editing /etc/php/{{ php_version }}/cli/php.ini (below) -- though during
# regular operation it uses: .../fpm/php.ini
# And in the past it used: .../apache2/php.ini
# WARNING: This might cause excess use of RAM/disk or other resources!
# The 5 first values below were chosen by @ericnitschke and @kananigit in ~2018.
- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)"
lineinfile:
path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini

22
scripts/local_facts.fact
View file

@ -3,7 +3,7 @@
# Higher-level purpose explained at the bottom of:
# https://github.com/iiab/iiab/blob/master/vars/default_vars.yml
# 2020-10-27: Most of the 11 variables require a command[*] to be run to
# 2020-10-27: Most of the 10 variables require a command[*] to be run to
# establish the var's value. WE DISPLAY ALL ERRORS / DIAGNOSTICS AND CONTINUE.
#
# [*] DOESN'T MATTER WHAT COMMAND: so long as it fails with Return Code != 0
@ -14,7 +14,7 @@ OS="none"
VERSION_ID="none" # This var's combined with the above, before being output
IIAB_BRANCH="none"
IIAB_COMMIT="none"
XO_MODEL="none"
#XO_MODEL="none"
RPI_MODEL="none"
ANSIBLE_VERSION="none"
DHCPCD="none" # The last 3 conditioned on string output not RC. SEE BELOW.
@ -52,6 +52,7 @@ OS_VER=$OS-$VERSION_ID
#"fedora-22" | \
#"debian-8" | \
#"debian-9" | \
#"debian-10" | \
#"ubuntu-16" | \
#"ubuntu-17" | \
#"ubuntu-18" | \
@ -60,23 +61,23 @@ OS_VER=$OS-$VERSION_ID
#"raspbian-8" | \
#"raspbian-9" | \
# 2020-10-21: Debian 11 (Bullseye) not yet supported but adding this line to
# its /etc/os-release can help testing this unreleased OS: VERSION_ID="11"
# 2021-06-19: Ubuntu 21.10 (Impish Indri) not yet supported but this
# unreleased OS can help testing. For now this means MANUALLY changing
# php_version: 7.4 to 8.0 in /opt/iiab/iiab/vars/ubuntu-21.yml
# 2020-07-31: Debian 12 (Bookworm) not yet supported but adding this line
# to its /etc/os-release can help testing this upcoming OS: VERSION_ID="12"
case $OS_VER in
"debian-10" | \
"debian-11" | \
"debian-12" | \
"ubuntu-20" | \
"ubuntu-21" | \
"linuxmint-20" | \
"raspbian-10" | \
"raspbian-11")
;;
*) OS_VER="OS_not_supported"
*) OS_VER="OS Not Supported -- Plz Read: https://github.com/iiab/iiab/wiki/IIAB-Platforms"
;;
esac
@ -87,8 +88,8 @@ tmp=$(git rev-parse --abbrev-ref HEAD) &&
tmp=$(git rev-parse --verify HEAD) &&
IIAB_COMMIT=$tmp
tmp=$(cat /proc/device-tree/mfg-data/MN) &&
XO_MODEL=$tmp
#tmp=$(cat /proc/device-tree/mfg-data/MN) &&
# XO_MODEL=$tmp
tmp=$(cat /proc/device-tree/model) &&
RPI_MODEL=$tmp
@ -128,9 +129,10 @@ cat <<EOF
"systemd_networkd" : "$SYSTEMD_NETWORKD",
"iiab_branch" : "$IIAB_BRANCH",
"iiab_commit" : "$IIAB_COMMIT",
"xo_model" : "$XO_MODEL",
"rpi_model" : "$RPI_MODEL",
"ansible_version" : "$ANSIBLE_VERSION",
"os" : "$OS",
"os_ver" : "$OS_VER"}
EOF
#"xo_model" : "$XO_MODEL",

29
vars/debian-12.yml Normal file
View file

@ -0,0 +1,29 @@
# Every is_<OS> var is initially set to 'False' at the bottom of
# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that:
is_debuntu: True
is_debian: True # Opposite of is_ubuntu for now
is_debian_12: True
# 2019-01-31: These apply if-only-if named_install and/or dhcpd_install are True
# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True)
dns_service: bind9
dhcp_service: isc-dhcp-server
dns_user: bind
proxy: squid
proxy_user: proxy
apache_service: apache2
apache_conf_dir: apache2/sites-available
apache_user: www-data
apache_log_dir: /var/log/apache2
smb_service: smbd
nmb_service: nmbd
systemctl_program: /bin/systemctl
mysql_service: mariadb
apache_log: /var/log/apache2/access.log
sshd_package: openssh-server
sshd_service: ssh
php_version: 8.0
postgresql_version: 13
systemd_location: /lib/systemd/system
python_ver: 3.9

5
vars/default_vars.yml
View file

@ -43,8 +43,8 @@ py3_dist_path: /usr/lib/python3/dist-packages
# Ansible's default timeout for "get_url:" downloads (10 seconds) often fails
download_timeout: 200
# Real-time clock: set RTC chip family here. Future auto-detection plausible?
# rtc_id: ds3231
# Real-time clock: RTC chip family. Future auto-detection plausible?
rtc_id: none # Or ds3231 ? Used in 1-prep/tasks/raspberry_pi.yml
# Please read more about the 'iiab-admin' Linux user, for login to IIAB's
# Admin Console (http://box.lan/admin) AND to help you at the command-line:
@ -706,6 +706,7 @@ is_linuxmint: False # Subset of is_ubuntu
is_linuxmint_20: False
is_debian: False # Covers both: Debian, Raspberry Pi OS (Raspbian)
is_debian_12: False
is_debian_11: False
is_debian_10: False
is_debian_9: False

2
vars/local_vars_big.yml
View file

@ -16,7 +16,7 @@
download_timeout: 200
# Real-time clock: set RTC chip family here. Future auto-detection plausible?
# rtc_id: ds3231
rtc_id: none # Or ds3231 ?
# Please read more about the 'iiab-admin' Linux user, for login to IIAB's
# Admin Console (http://box.lan/admin) AND to help you at the command-line:

2
vars/local_vars_medium.yml
View file

@ -16,7 +16,7 @@
download_timeout: 200
# Real-time clock: set RTC chip family here. Future auto-detection plausible?
# rtc_id: ds3231
rtc_id: none # Or ds3231 ?
# Please read more about the 'iiab-admin' Linux user, for login to IIAB's
# Admin Console (http://box.lan/admin) AND to help you at the command-line:

2
vars/local_vars_min.yml
View file

@ -16,7 +16,7 @@
download_timeout: 200
# Real-time clock: set RTC chip family here. Future auto-detection plausible?
# rtc_id: ds3231
rtc_id: none # Or ds3231 ?
# Please read more about the 'iiab-admin' Linux user, for login to IIAB's
# Admin Console (http://box.lan/admin) AND to help you at the command-line: