external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-02-13 03:32:12 +00:00
Code Issues Releases Wiki Activity

Merge pull request #337 from iiab/master

Browse source 
sync from iiab:master
This commit is contained in:
A Holt 2020-01-13 09:32:06 -05:00 committed by GitHub
commit 9b45e3ba79
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
64 changed files with 467 additions and 438 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
roles/0-init/tasks/main.yml
View file

@ -105,6 +105,12 @@
gui_port: 443
when: adm_cons_force_ssl | bool
# SEE: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md
- name: Enable Apache if any of {DokuWiki, Elgg, Lokole, Moodle, Nextcloud, Node-RED} are set to install
set_fact:
apache_enabled: True
when: dokuwiki_install or elgg_install or lokole_install or moodle_install or nextcloud_install or nodered_install
- name: Turn on both vars for MySQL (mandatory in Stage 3!)
set_fact:
mysql_install: True

5
roles/awstats/tasks/install.yml
View file

@ -76,9 +76,8 @@
shell: /usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=schoolserver -update
# when: awstats_enabled | bool
- name: "Add 'awstats_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'awstats_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^awstats_installed'
line: 'awstats_installed: True'
state: present

5
roles/azuracast/tasks/install.yml
View file

@ -64,9 +64,8 @@
args:
chdir: "{{ azuracast_host_dir }}"
- name: "Add 'azuracast_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'azuracast_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^azuracast_installed'
line: 'azuracast_installed: True'
state: present

5
roles/bluetooth/tasks/install.yml
View file

@ -55,9 +55,8 @@
regexp: '^#DiscoverableTimeout'
line: 'DiscoverableTimeout = 0'
- name: "Add 'bluetooth_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'bluetooth_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^bluetooth_installed'
line: 'bluetooth_installed: True'
state: present

5
roles/calibre-web/tasks/install.yml
View file

@ -102,9 +102,8 @@
when: not metadatadb.stat.exists
#when: calibreweb_provision | bool
- name: "Add 'calibreweb_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'calibreweb_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^calibreweb_installed'
line: 'calibreweb_installed: True'
state: present

7
roles/calibre/tasks/install.yml
View file

@ -79,9 +79,8 @@
include_tasks: create-db.yml
when: not calibre_db.stat.exists
- name: "Add 'calibre_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'calibre_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
regexp: '^calibreweb_installed'
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^calibre_installed'
line: 'calibre_installed: True'
state: present

6
roles/captiveportal/tasks/main.yml
View file

@ -88,12 +88,11 @@
state: absent
when: not captiveportal_enabled
- name: "Add 'captiveportal_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'captiveportal_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^captiveportal_installed'
line: 'captiveportal_installed: True'
state: present
#- name: Restart dnsmasq
# systemd:
@ -114,4 +113,3 @@
name: dnsmasq
state: started
when: dnsmasq_enabled | bool

22
roles/cups/tasks/main.yml
View file

@ -7,13 +7,6 @@
tags:
- download
- name: "Add 'cups_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
lineinfile:
dest: "{{ iiab_state_file }}"
regexp: '^cups_installed'
line: 'cups_installed: True'
state: present
- name: Install our own /etc/cups/cupsd.conf from template, to permit local LAN admin
template:
src: cupsd.conf
@ -24,12 +17,15 @@
src: cups.conf
dest: "/etc/{{ apache_config_dir }}/"
- name: Create symlink cups.conf from sites-enabled to sites-available (debuntu)
file:
src: /etc/apache2/sites-available/cups.conf
dest: /etc/apache2/sites-enabled/cups.conf
state: link
when: cups_enabled and is_debuntu
- name: "Add 'cups_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^cups_installed'
line: 'cups_installed: True'
- name: Enable http://box/cups via Apache (MIGHT NOT WORK?)
command: a2ensite cups.conf
when: cups_enabled
- name: Enable & Start services 'cups' and 'cups-browsed' (OS's other than Fedora 18)
service:

3
roles/dokuwiki/defaults/main.yml
View file

@ -1,8 +1,9 @@
# dokuwiki_install: False
# dokuwiki_enabled: False
# dokuwiki_url: /dokuwiki
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
dokuwiki_version: "dokuwiki-2018-04-22b"
dokuwiki_url: /wiki

45
roles/dokuwiki/tasks/enable.yml
View file

@ -1,21 +1,39 @@
- name: Symlink /etc/apache2/sites-enabled/dokuwiki.conf to /etc/apache2/sites-available/dokuwiki.conf if dokuwiki_enabled (debuntu)
file:
src: /etc/apache2/sites-available/dokuwiki.conf
path: /etc/apache2/sites-enabled/dokuwiki.conf
state: link
when: dokuwiki_enabled and is_debuntu
# Apache
- name: Remove symlink /etc/apache2/sites-enabled/dokuwiki.conf if not dokuwiki_enabled (debuntu)
file:
path: /etc/apache2/sites-enabled/dokuwiki.conf
state: absent
when: not dokuwiki_enabled and is_debuntu
- name: Enable http://box{{ dokuwiki_url }} via Apache # http://box/dokuwiki
command: a2ensite dokuwiki.conf
when: apache_install and dokuwiki_enabled
- name: Restart Apache ({{ apache_service }}) to enable/disable DokuWiki's http://box/wiki
- name: Disable http://box{{ dokuwiki_url }} via Apache # http://box/dokuwiki
command: a2dissite dokuwiki.conf
when: apache_install and not dokuwiki_enabled
- name: Restart Apache systemd service ({{ apache_service }})
systemd:
name: "{{ apache_service }}"
daemon_reload: yes
state: restarted
when: apache_enabled | bool
# NGINX
- name: "SHIM: Enable http://box{{ dokuwiki_url }} via NGINX, by installing {{ nginx_config_dir }}/dokuwiki-nginx.conf from template" # http://box/dokuwiki
template:
src: dokuwiki-nginx.conf.j2
dest: "{{ nginx_config_dir }}/dokuwiki-nginx.conf"
when: nginx_install and dokuwiki_enabled
- name: "SHIM: Disable http://box{{ dokuwiki_url }} via NGINX, by removing {{ nginx_config_dir }}/dokuwiki-nginx.conf" # http://box/dokuwiki
file:
path: "{{ nginx_config_dir }}/dokuwiki-nginx.conf"
state: absent
when: nginx_install and not dokuwiki_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted
when: nginx_enabled | bool
- name: Add 'dokuwiki' variable values to {{ iiab_ini_file }}
ini_file:
@ -32,4 +50,3 @@
value: "{{ dokuwiki_install }}"
- option: enabled
value: "{{ dokuwiki_enabled }}"

50
roles/dokuwiki/tasks/install.yml
View file

@ -11,7 +11,15 @@
dest: /library
creates: "/library/{{ dokuwiki_version }}/VERSION"
- name: Symlink /library/dokuwiki to /library/{{ dokuwiki_version }}
- name: Ensure dir /library/{{ dokuwiki_version }} is owned by {{ apache_user }} with 644/755 permissions
file:
path: "/library/{{ dokuwiki_version }}"
owner: "{{ apache_user }}"
mode: u+rw,go+r,go-w # '0755' had forced 'x' bits for non-dirs
state: directory
recurse: yes
- name: Symlink /library/dokuwiki -> /library/{{ dokuwiki_version }}
#shell: if [ ! -d /library/dokuwiki ]; then ln -sf /library/{{ dokuwiki_version }} /library/dokuwiki; fi
#shell: ln -sf /library/{{ dokuwiki_version }} /library/dokuwiki
#BOTH LINES ABOVE FAIL TO UPDATE LINK; Ansible approach below works
@ -21,36 +29,26 @@
state: link
force: yes
- name: Install /etc/{{ apache_config_dir }}/dokuwiki.conf from template, for DokuWiki's http://box/wiki
- name: Install /etc/{{ apache_config_dir }}/dokuwiki.conf from template, for DokuWiki's http://box{{ dokuwiki_url }}
template:
src: dokuwiki.conf.j2
dest: "/etc/{{ apache_config_dir }}/dokuwiki.conf"
when: dokuwiki_enabled | bool
- name: Symlink /etc/apache2/sites-enabled/dokuwiki.conf to /etc/apache2/sites-available/dokuwiki.conf if dokuwiki_enabled (debuntu)
file:
src: /etc/apache2/sites-available/dokuwiki.conf
path: /etc/apache2/sites-enabled/dokuwiki.conf
state: link
when: dokuwiki_enabled and is_debuntu
# - name: Symlink /etc/apache2/sites-enabled/dokuwiki.conf to /etc/apache2/sites-available/dokuwiki.conf if dokuwiki_enabled (debuntu)
# file:
# src: /etc/apache2/sites-available/dokuwiki.conf
# path: /etc/apache2/sites-enabled/dokuwiki.conf
# state: link
# when: dokuwiki_enabled and is_debuntu
#
# - name: Remove symlink /etc/apache2/sites-enabled/dokuwiki.conf if not dokuwiki_enabled (debuntu)
# file:
# path: /etc/apache2/sites-enabled/dokuwiki.conf
# state: absent
# when: not dokuwiki_enabled and is_debuntu
- name: Remove symlink /etc/apache2/sites-enabled/dokuwiki.conf if not dokuwiki_enabled (debuntu)
file:
path: /etc/apache2/sites-enabled/dokuwiki.conf
state: absent
when: not dokuwiki_enabled and is_debuntu
- name: Set /library/{{ dokuwiki_version }} owner to {{ apache_user }} and permissions to 0755 (recursively)
file:
path: "/library/{{ dokuwiki_version }}"
owner: "{{ apache_user }}"
mode: 0755
state: directory
recurse: yes
- name: "Add 'dokuwiki_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'dokuwiki_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^dokuwiki_installed'
line: 'dokuwiki_installed: True'
state: present

3
roles/dokuwiki/templates/dokuwiki-nginx.conf.j2 Normal file
View file

@ -0,0 +1,3 @@
location {{ dokuwiki_url }}/ {
proxy_pass http://127.0.0.1:{{ apache_port }}{{ dokuwiki_url }}/;
}

49
roles/elgg/tasks/enable.yml
View file

@ -1,26 +1,39 @@
- name: Create symlink elgg.conf from sites-enabled to sites-available (debuntu, not nec for redhat)
file:
src: /etc/apache2/sites-available/elgg.conf
path: /etc/apache2/sites-enabled/elgg.conf
state: link
when: elgg_enabled and is_debuntu
# Apache
- name: Remove symlink /etc/apache2/sites-enabled/elgg.conf (debuntu)
file:
path: /etc/apache2/sites-enabled/elgg.conf
state: absent
when: not elgg_enabled and is_debuntu
- name: Enable http://box{{ elgg_url }} via Apache # http://box/elgg
command: a2ensite elgg.conf
when: apache_install and elgg_enabled
- name: Remove Apache's elgg.conf (redhat)
file:
dest: "/etc/{{ apache_config_dir }}/elgg.conf"
state: absent
when: not elgg_enabled and is_redhat
- name: Disable http://box{{ elgg_url }} via Apache # http://box/elgg
command: a2dissite elgg.conf
when: apache_install and not elgg_enabled
- name: Restart Apache ({{ apache_service }}) to enable/disable http://box/elgg
service:
- name: Restart Apache systemd service ({{ apache_service }})
systemd:
name: "{{ apache_service }}"
state: restarted
when: apache_enabled | bool
# NGINX
- name: "SHIM: Enable http://box{{ elgg_url }} via NGINX, by installing {{ nginx_config_dir }}/elgg-nginx.conf from template" # http://box/elgg
template:
src: elgg-nginx.conf.j2
dest: "{{ nginx_config_dir }}/elgg-nginx.conf"
when: nginx_install and elgg_enabled
- name: "SHIM: Disable http://box{{ elgg_url }} via NGINX, by removing {{ nginx_config_dir }}/elgg-nginx.conf" # http://box/elgg
file:
path: "{{ nginx_config_dir }}/elgg-nginx.conf"
state: absent
when: nginx_install and not elgg_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted
when: nginx_enabled | bool
- name: Add 'elgg' variable values to {{ iiab_ini_file }}
ini_file:

10
roles/elgg/tasks/install.yml
View file

@ -53,7 +53,7 @@
group: "{{ apache_user }}"
#regexp='^#RewriteBase'
- name: Change .htaccess to include RewriteBase for http://box/elgg
- name: Change .htaccess to include RewriteBase for http://box{{ elgg_url }} # http://box/elgg
lineinfile:
backup: no
path: "/opt/{{ elgg_xx }}/.htaccess"
@ -82,15 +82,13 @@
state: directory
owner: "{{ apache_user }}"
- name: Install /etc/{{ apache_config_dir }}/elgg.conf from template, for http://box/elgg
- name: Install /etc/{{ apache_config_dir }}/elgg.conf from template, for http://box{{ elgg_url }} # http://box/elgg
template:
src: elgg.conf
dest: "/etc/{{ apache_config_dir }}/elgg.conf"
- name: "Add 'elgg_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'elgg_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^elgg_installed'
line: 'elgg_installed: True'
state: present

8
roles/elgg/tasks/setup.yml
View file

@ -3,7 +3,7 @@
name: "{{ dbname }}"
register: create_elgg_database
- name: Create user/password to access Elgg database - can be run more than once
- name: Create MySQL user {{ dbuser }} and password to access Elgg database - can be run more than once
mysql_user:
name: "{{ dbuser }}"
host: "{{ item }}"
@ -16,8 +16,8 @@
- name: Create /tmp/elggdb.sql from template, to load database
template:
src: "elggdb.sql.j2"
dest: "/tmp/elggdb.sql"
src: elggdb.sql.j2
dest: /tmp/elggdb.sql
# elggdb.sql obtained with mysqldump --skip-add-drop-table elggdb > elggdb.sql
# tar up a mysqldump of freshly installed database and use it in the install to avoid the startup
@ -28,7 +28,7 @@
name: "{{ dbname }}"
state: import
target: /tmp/elggdb.sql
when: create_elgg_database.changed
when: create_elgg_database.changed | bool
- name: Remove database dump /tmp/elggdb.sql
file:

3
roles/elgg/templates/elgg-nginx.conf.j2 Normal file
View file

@ -0,0 +1,3 @@
location {{ elgg_url }}/ {
proxy_pass http://127.0.0.1:{{ apache_port }}{{ elgg_url }}/;
}

2
roles/elgg/templates/elggdb.sql.j2
View file

@ -541,7 +541,7 @@ CREATE TABLE `elgg_sites_entity` (
LOCK TABLES `elgg_sites_entity` WRITE;
/*!40000 ALTER TABLE `elgg_sites_entity` DISABLE KEYS */;
INSERT INTO `elgg_sites_entity` VALUES (1,'My New Community','','http://box/elgg/');
INSERT INTO `elgg_sites_entity` VALUES (1,'My New Community','','http://box{{ elgg_url }}/');
/*!40000 ALTER TABLE `elgg_sites_entity` ENABLE KEYS */;
UNLOCK TABLES;

5
roles/gitea/tasks/install.yml
View file

@ -124,9 +124,8 @@
- { src: 'gitea.service.j2', dest: '/etc/systemd/system/gitea.service' }
- { src: 'gitea.conf.j2', dest: "/etc/{{ apache_config_dir }}/gitea.conf" }
- name: "Add 'gitea_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'gitea_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^gitea_installed'
line: 'gitea_installed: True'
state: present

12
roles/httpd/tasks/install.yml
View file

@ -107,9 +107,9 @@
- name: Create Apache's pid dir /var/run/{{ apache_user }}
file:
path: "/var/run/{{ apache_user }}"
mode: 0755
owner: root
group: root
mode: '0755'
state: directory
- name: 'Create group: admin'
@ -127,9 +127,9 @@
- name: Create Apache dir /var/log/{{ apache_service }}
file:
path: "/var/log/{{ apache_service }}"
mode: 0755
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
mode: '0755'
state: directory
- name: Enable Apache systemd service ({{ apache_service }})
@ -141,7 +141,13 @@
- name: Create /library/www/html/info directory for http://box/info offline docs
file:
path: "{{ doc_root }}/info"
mode: 0755
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
mode: '0755'
state: directory
- name: "Add 'apache_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^apache_installed'
line: 'apache_installed: True'

5
roles/internetarchive/tasks/install.yml
View file

@ -45,9 +45,8 @@
- { src: 'internetarchive.service.j2', dest: '/etc/systemd/system/internetarchive.service' }
- { src: 'internetarchive.conf', dest: '/etc/apache2/sites-available/internetarchive.conf' }
- name: "Add 'internetarchive_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'internetarchive_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^internetarchive_installed'
line: 'internetarchive_installed: True'
state: present

7
roles/kalite/tasks/install.yml
View file

@ -81,3 +81,10 @@
path: /usr/local/kalite/venv/local/lib/python2.7/site-packages/kalite/packages/dist/ifcfg/parser.py
regexp: 'a-zA-Z0-9'
replace: 'a-zA-Z0-9\-'
# SHOULD REALLY BE HERE...but for now this runs in kalite/tasks/setup.yml
# - name: "Add 'kalite_installed: True' to {{ iiab_state_file }}"
# lineinfile:
# dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
# regexp: '^kalite_installed'
# line: 'kalite_installed: True'

12
roles/kalite/tasks/setup.yml
View file

@ -3,9 +3,9 @@
- name: Create {{ kalite_root }} directory
file:
path: "{{ kalite_root }}/httpsrv/static" # /library/ka-lite
owner: root
group: root
mode: 0755
# owner: root
# group: root
# mode: 0755
state: directory
- name: Run the setup using 'kalite manage'
@ -15,9 +15,9 @@
async: 1800
poll: 10
- name: "Add 'kalite_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
# CAN WE MOVE THIS TO THE END OF kalite/tasks/install.yml (HENCE ITS FILENAME!)
- name: "Add 'kalite_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^kalite_installed'
line: 'kalite_installed: True'
state: present

5
roles/kiwix/tasks/install.yml
View file

@ -83,9 +83,8 @@
# 5. RECORD KIWIX AS INSTALLED IN /etc/iiab/iiab_state.yml
- name: "Add 'kiwix_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'kiwix_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^kiwix_installed'
line: 'kiwix_installed: True'
state: present

5
roles/kolibri/tasks/install.yml
View file

@ -113,9 +113,8 @@
# apache2_module:
# name: proxy_http
- name: "Add 'kolibri_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'kolibri_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^kolibri_installed'
line: 'kolibri_installed: True'
state: present

60
roles/lokole/tasks/enable.yml
View file

@ -1,48 +1,54 @@
- name: Enable & Restart 'lokole' systemd service, with daemon_reload, if lokole_enabled
- name: Enable & Restart 'lokole' systemd service
systemd:
daemon_reload: yes
name: lokole
daemon_reload: yes
enabled: yes
state: restarted
when: lokole_enabled | bool
- name: Disable 'lokole' service, if not lokole_enabled
- name: Disable & Stop 'lokole' systemd service
systemd:
daemon_reload: yes
name: lokole
enabled: no
state: stopped
when: not lokole_enabled
- name: Install /etc/{{ apache_config_dir }}/lokole.conf from template, for http://box/lokole
template:
src: lokole.conf.j2
dest: "/etc/{{ apache_config_dir }}/lokole.conf"
# Apache
- name: Symlink /etc/apache2/sites-enabled/lokole.conf to /etc/{{ apache_config_dir }}/lokole.conf, if lokole_enabled (debuntu)
file:
src: "/etc/{{ apache_config_dir }}/lokole.conf"
path: /etc/apache2/sites-enabled/lokole.conf
state: link
when: lokole_enabled and is_debuntu
- name: Enable http://box{{ lokole_url }} via Apache # http://box/lokole
command: a2ensite lokole.conf
when: apache_install and lokole_enabled
- name: Remove /etc/apache2/sites-enabled/lokole.conf, if not lokole_enabled (debuntu)
file:
path: /etc/apache2/sites-enabled/lokole.conf
state: absent
when: not lokole_enabled and is_debuntu
- name: Disable http://box{{ lokole_url }} via Apache # http://box/lokole
command: a2dissite lokole.conf
when: apache_install and not lokole_enabled
- name: Remove /etc/{{ apache_config_dir }}/lokole.conf, if not lokole_enabled (OS's other than debuntu)
file:
path: "/etc/{{ apache_config_dir }}/lokole.conf"
state: absent
when: (not lokole_enabled) and (not is_debuntu)
- name: Restart Apache ({{ apache_service }}) to enable/disable http://box/lokole
- name: Restart Apache systemd service ({{ apache_service }})
systemd:
daemon_reload: yes
name: "{{ apache_service }}"
state: restarted
when: apache_enabled | bool
# NGINX
- name: "SHIM: Enable http://box{{ lokole_url }} via NGINX, by installing {{ nginx_config_dir }}/lokole-nginx.conf from template" # http://box/lokole
template:
src: lokole-nginx.conf.j2
dest: "{{ nginx_config_dir }}/lokole-nginx.conf"
when: nginx_install and lokole_enabled
- name: "SHIM: Disable http://box{{ lokole_url }} via NGINX, by removing {{ nginx_config_dir }}/lokole-nginx.conf" # http://box/lokole
file:
path: "{{ nginx_config_dir }}/lokole-nginx.conf"
state: absent
when: nginx_install and not lokole_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted
when: nginx_enabled | bool
- name: Add 'lokole' variable values to {{ iiab_ini_file }}
ini_file:

45
roles/lokole/tasks/install.yml
View file

@ -13,8 +13,6 @@
#- bcrypt does not exist on Ubuntu 19.10
- python3-bcrypt # 2019-10-14: should work across modern Linux OS's
state: present
tags:
- install
- name: pip install opwen_email_client (Lokole) {{ lokole_version }} from PyPI to {{ lokole_venv }}
pip:
@ -23,8 +21,6 @@
virtualenv: "{{ lokole_venv }}"
virtualenv_command: python3 -m venv "{{ lokole_venv }}"
extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/
tags:
- install
when:
- internet_available | bool
- lokole_commit is undefined
@ -39,8 +35,6 @@
virtualenv: "{{ lokole_venv }}"
virtualenv_command: python3 -m venv "{{ lokole_venv }}"
extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/
tags:
- install
when:
- internet_available | bool
- lokole_commit is defined
@ -51,56 +45,49 @@
{{ lokole_venv }}/bin/pybabel compile -d {{ item }}/translations
with_items:
- "{{ lokole_venv }}/lib/python${python_version}/site-packages/opwen_email_client/webapp"
tags:
- install
- name: Create dir {{ lokole_run_directory }}
file:
path: "{{ lokole_run_directory }}"
state: directory
tags:
- configure
- name: Install {{ lokole_run_directory }}/webapp_secrets.sh from template, to configure Lokole
template:
src: webapp_secrets.sh.j2
dest: "{{ lokole_run_directory }}/webapp_secrets.sh"
tags:
- configure
- name: Install {{ lokole_run_directory }}/webapp.sh from template, to configure Gunicorn
template:
src: webapp.sh.j2
dest: "{{ lokole_run_directory }}/webapp.sh"
mode: a+x
tags:
- configure
- name: Create admin user
shell: |
. {{ lokole_run_directory }}/webapp_secrets.sh
{{ lokole_venv }}/bin/manage.py createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}'
tags:
- configure
- name: Install unit file /etc/systemd/system/lokole.service from template
- name: Install /etc/{{ apache_config_dir }}/lokole.conf from template, for http://box{{ lokole_url }} via Apache # http://box/lokole
template:
src: lokole.conf.j2
dest: "/etc/{{ apache_config_dir }}/lokole.conf"
when: apache_install | bool
- name: Install /etc/systemd/system/lokole.service unit file from template
template:
src: lokole.service.j2
dest: /etc/systemd/system/lokole.service
tags:
- systemd
- name: Enable & Restart 'lokole' systemd service, with daemon_reload, if lokole_enabled
systemd:
daemon_reload: yes
name: lokole
enabled: yes
state: restarted
when: lokole_enabled | bool
# - name: Enable & Restart 'lokole' systemd service, with daemon_reload, if lokole_enabled
# systemd:
# daemon_reload: yes
# name: lokole
# enabled: yes
# state: restarted
# when: lokole_enabled | bool
- name: "Add 'lokole_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'lokole_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^lokole_installed'
line: 'lokole_installed: True'
state: present

3
roles/lokole/templates/lokole-nginx.conf.j2 Normal file
View file

@ -0,0 +1,3 @@
location {{ lokole_url }}/ {
proxy_pass http://127.0.0.1:{{ apache_port }}{{ lokole_url }}/;
}

5
roles/mediawiki/tasks/install.yml
View file

@ -85,9 +85,8 @@
# Install {{ nginx_config_dir }}/mediawiki-nginx.conf from template in enable.yml
- name: "Add 'mediawiki_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'mediawiki_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^mediawiki_installed'
line: 'mediawiki_installed: True'
state: present

18
roles/minetest/tasks/provision.yml
View file

@ -9,12 +9,10 @@
- name: Create /library/games
file:
state: directory
path: "{{ item }}"
owner: root
group: root
mode: 0755
with_items:
- /library/games
path: /library/games
# owner: root
# group: root
# mode: 0755
# rpi only
- include_tasks: rpi_minetest_install.yml
@ -37,7 +35,7 @@
recurse: yes
owner: "{{ minetest_runas_user }}"
group: "{{ minetest_runas_group }}"
mode: 0755
# mode: 0755
when: minetest_default_game == "carbone-ng"
# Install games
@ -71,10 +69,8 @@
path: "{{ minetest_game_dir }}/mods/name_restrictions"
when: minetest_default_game == "carbone-ng"
- name: "Add 'minetest_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'minetest_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^minetest_installed'
line: 'minetest_installed: True'
state: present

5
roles/mongodb/tasks/install.yml
View file

@ -128,9 +128,8 @@
- { src: 'mongodb.service.j2', dest: '/etc/systemd/system/mongodb.service', mode: '0644' }
- { src: 'iiab-mongodb-repair-if-no-lock.j2', dest: '/usr/bin/iiab-mongodb-repair-if-no-lock', mode: '0755' }
- name: "Add 'mongodb_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'mongodb_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^mongodb_installed'
line: 'mongodb_installed: True'
state: present

6
roles/monit/tasks/install.yml
View file

@ -57,3 +57,9 @@
value: '"Monit is a background service monitor which can correct problems, send email, restart services."'
- option: enabled
value: "{{ monit_enabled }}"
- name: "Add 'monit_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^monit_installed'
line: 'monit_installed: True'

46
roles/moodle/tasks/enable.yml
View file

@ -1,21 +1,39 @@
- name: Create symlink 022-moodle.conf from sites-enabled to sites-available, if moodle_enabled (debuntu)
file:
src: /etc/apache2/sites-available/022-moodle.conf
dest: /etc/apache2/sites-enabled/022-moodle.conf
state: link
when: moodle_enabled and is_debuntu
# Apache
- name: Remove symlink 022-moodle.conf, if not moodle_enabled (debuntu)
file:
path: /etc/apache2/sites-enabled/022-moodle.conf
state: absent
when: not moodle_enabled and is_debuntu
- name: Enable http://box/moodle via Apache
command: a2ensite 022-moodle.conf
when: apache_install and moodle_enabled
- name: Restart Apache service ({{ apache_service }})
- name: Disable http://box/moodle via Apache
command: a2dissite 022-moodle.conf
when: apache_install and not moodle_enabled
- name: Restart Apache systemd service ({{ apache_service }})
systemd:
name: "{{ apache_service }}"
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted
daemon-reload: yes
when: apache_enabled | bool
# NGINX
- name: Enable http://box/moodle via NGINX, by installing {{ nginx_config_dir }}/moodle-nginx.conf from template
template:
src: moodle-nginx.conf.j2
dest: "{{ nginx_config_dir }}/moodle-nginx.conf"
when: nginx_install and moodle_enabled
- name: Disable http://box/moodle via NGINX, by removing {{ nginx_config_dir }}/moodle-nginx.conf
file:
path: "{{ nginx_config_dir }}/moodle-nginx.conf"
state: absent
when: nginx_install and not moodle_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted
when: nginx_enabled | bool
- name: Add 'moodle' variable values to {{ iiab_ini_file }}
ini_file:

23
roles/moodle/tasks/install.yml
View file

@ -52,11 +52,11 @@
recurse: yes
state: directory
- name: Create dir {{ content_base }}/dbdata/moodle owned by {{ apache_user }} with write permission 0755
- name: Create dir {{ content_base }}/dbdata/moodle owned by {{ apache_user }}
file:
path: "{{ content_base }}/dbdata/moodle"
owner: "{{ apache_user }}"
mode: 0755
# mode: '0755'
state: directory
- name: Create dir {{ moodle_data }} owned by {{ apache_user }}:{{ apache_user }} with write permission 0770 # /library/moodle
@ -64,7 +64,7 @@
path: "{{ moodle_data }}"
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
mode: 0770
mode: '0770'
state: directory
- name: Remove Apache's stock moodle.conf
@ -76,9 +76,9 @@
template:
src: 022-moodle.j2
dest: "/etc/{{ apache_config_dir }}/022-moodle.conf"
owner: root
group: root
mode: 0644
# owner: root
# group: root
# mode: '0644'
- name: Restart postgresql-iiab
service:
@ -109,7 +109,7 @@
template:
src: moodle_installer
dest: "{{ moodle_base }}"
mode: 0755
mode: '0755'
- name: Enable & Restart postgresql-iiab
service:
@ -118,7 +118,7 @@
enabled: yes
when: moodle_enabled | bool
- name: Restart Apache service ({{ apache_service }})
- name: Restart Apache systemd service ({{ apache_service }})
service:
name: "{{ apache_service }}"
state: restarted
@ -136,11 +136,10 @@
#command: chown -R {{ apache_user }} {{ moodle_base }}
file:
path: "{{ moodle_base }}/config.php"
mode: 0644
mode: '0644'
- name: "Add 'moodle_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'moodle_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^moodle_installed'
line: 'moodle_installed: True'
state: present

2
roles/nginx/templates/moodle-nginx.conf.j2 → roles/moodle/templates/moodle-nginx.conf.j2
View file

@ -4,10 +4,10 @@ location /moodle {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:{{ apache_port }};
}
location ~ ^/moodle.*\.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:{{ apache_port }};
}

5
roles/mosquitto/tasks/install.yml
View file

@ -30,9 +30,8 @@
group: root
mode: 0755
- name: "Add 'mosquitto_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'mosquitto_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^mosquitto_installed'
line: 'mosquitto_installed: True'
state: present

5
roles/munin/tasks/install.yml
View file

@ -40,9 +40,8 @@
create: yes
state: present
- name: "Add 'munin_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'munin_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^munin_installed'
line: 'munin_installed: True'
state: present

15
roles/network/tasks/dansguardian.yml
View file

@ -11,7 +11,7 @@
dest: /etc/dansguardian/dansguardian.conf
owner: dansguardian
group: dansguardian
mode: 0640
mode: '0640'
when: ansible_distribution == "Fedora"
- name: Install /etc/dansguardian/dansguardian.conf from template (debuntu)
@ -20,7 +20,7 @@
dest: /etc/dansguardian/dansguardian.conf
owner: dansguardian
group: dansguardian
mode: 0640
mode: '0640'
when: is_debuntu | bool
- name: Install /etc/dansguardian/dansguardian.conf from template (CentOS)
@ -29,7 +29,7 @@
dest: /etc/dansguardian/dansguardian.conf
owner: dansguardian
group: vscan
mode: 0640
mode: '0640'
when: ansible_distribution == "CentOS"
- name: Create directory /var/log/dansguardian (OS's other than CentOS)
@ -37,7 +37,7 @@
path: /var/log/dansguardian
owner: dansguardian
group: dansguardian
mode: 0750
mode: '0750'
state: directory
when: ansible_distribution != "CentOS"
@ -46,13 +46,12 @@
path: /var/log/dansguardian
owner: dansguardian
group: vscan
mode: 0750
mode: '0750'
state: directory
when: ansible_distribution == "CentOS"
- name: "Add 'dansguardian_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'dansguardian_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^dansguardian_installed'
line: 'dansguardian_installed: True'
state: present

25
roles/network/tasks/dhcpd.yml
View file

@ -3,16 +3,12 @@
name: isc-dhcp-server
state: present
when: is_debuntu | bool
tags:
- download
- name: Install dhcp package (not debuntu)
package:
name: dhcp
state: present
when: not is_debuntu
tags:
- download
- name: Create non-privileged user 'dhcpd' (debuntu)
user:
@ -37,13 +33,11 @@
- name: Install systemd unit file to /etc/systemd/system/dhcpd.service
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
with_items:
- { src: 'roles/network/templates/dhcp/dhcpd.service', dest: '/etc/systemd/system/dhcpd.service', mode: '0644' }
src: roles/network/templates/dhcp/dhcpd.service
dest: /etc/systemd/system/dhcpd.service
# owner: root
# group: root
# mode: '0644'
- name: Create file /var/lib/dhcpd/dhcpd.leases (redhat)
command: touch /var/lib/dhcpd/dhcpd.leases
@ -56,13 +50,12 @@
path: /var/lib/dhcpd/dhcpd.leases
owner: dhcpd
group: dhcpd
mode: 0644
state: file
mode: '0644'
# state: file
when: is_redhat | bool
- name: "Add 'dhcpd_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'dhcpd_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^dhcpd_installed'
line: 'dhcpd_installed: True'
state: present

40
roles/network/tasks/named.yml
View file

@ -5,8 +5,6 @@
- bind9utils
state: present
when: is_debuntu | bool
tags:
- download
- name: "Install named packages: bind, bind-utils (OS's other than debuntu)"
package:
@ -15,8 +13,6 @@
- bind-utils
state: present
when: not is_debuntu
tags:
- download
# or we have to change the serial number in the config files.
- name: Stop named before copying files (if first_run and debuntu)
@ -30,7 +26,7 @@
path: "{{ item }}"
owner: "{{ dns_user }}"
group: root
mode: 0755
mode: '0755'
state: directory
with_items:
- /var/named-iiab
@ -72,7 +68,7 @@
template:
src: "roles/network/templates/named/{{ dns_service }}.service"
dest: "/etc/systemd/system/{{ dns_service }}.service"
mode: 0644
mode: '0644'
- name: "Install /etc/{{ apache_config_dir }}/dns-jail.conf from template: dns-jail redirect requires the named.blackhole, disabling recursion (if dns_jail_enabled)"
# in named-iiab.conf, and the redirection of 404 error documents to /
@ -81,31 +77,19 @@
dest: "/etc/{{ apache_config_dir }}/"
when: dns_jail_enabled | bool
- name: Create symlink dns-jail.conf from sites-enabled to sites-available (if debuntu and dns_jail_enabled)
file:
src: "/etc/{{ apache_config_dir }}/dns-jail.conf"
path: "/etc/{{ apache_service }}/sites-enabled/dns-jail.conf"
state: link
when: is_debuntu and dns_jail_enabled
- name: Remove symlink /etc/{{ apache_service }}/sites-enabled/dns-jail.conf (if debuntu and not dns_jail_enabled)
file:
path: "/etc/{{ apache_service }}/sites-enabled/dns-jail.conf"
state: absent
when: is_debuntu and not dns_jail_enabled
- name: Remove symlink /etc/{{ apache_config_dir }}/dns-jail.conf (if not debuntu and not dns_jail_enabled)
file:
path: "/etc/{{ apache_config_dir }}/dns-jail.conf"
state: absent
when: not is_debuntu and not dns_jail_enabled
- name: "Add 'named_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'named_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^named_installed'
line: 'named_installed: True'
state: present
- name: Enable dns-jail.conf via Apache
command: a2ensite dns-jail.conf
when: dns_jail_enabled | bool
- name: Disable dns-jail.conf via Apache
command: a2dissite: dns-jail.conf
when: not dns_jail_enabled
- name: Start named systemd service
systemd:

11
roles/network/tasks/squid.yml
View file

@ -4,8 +4,6 @@
- "{{ proxy }}"
- cadaver
state: present
tags:
- download
- name: "Bigger hammer for Ubuntu, run: /etc/init.d/squid stop"
command: /etc/init.d/squid stop
@ -68,7 +66,7 @@
path: /library/cache
owner: "{{ proxy_user }}"
group: "{{ proxy_user }}"
mode: 0750
mode: '0750'
state: directory
- name: Create Squid directory /var/log/{{ proxy }}
@ -76,18 +74,17 @@
path: "/var/log/{{ proxy }}"
owner: "{{ proxy_user }}"
group: "{{ proxy_user }}"
mode: 0750
mode: '0750'
state: directory
- include_tasks: roles/network/tasks/dansguardian.yml
when: dansguardian_install | bool
- name: "Add 'squid_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'squid_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^squid_installed'
line: 'squid_installed: True'
state: present
# {{ proxy }} is normally "squid", but is "squid3" on raspbian-8 & debian-8
- name: Add '{{ proxy }}' variable values to {{ iiab_ini_file }}

31
roles/network/tasks/wondershaper.yml
View file

@ -3,47 +3,46 @@
backup: yes
src: roles/network/templates/wondershaper/wondershaper.service
dest: /etc/systemd/system/wondershaper.service
mode: 0644
# mode: '0644'
- name: Install /usr/bin/wondershaper from template
template:
backup: yes
src: roles/network/templates/wondershaper/wondershaper.j2
dest: /usr/bin/wondershaper
owner: root
group: root
mode: 0744
# owner: root
# group: root
mode: '0744'
- name: Create conf.d directory
file:
path: /etc/conf.d
owner: root
group: root
mode: 0755
# owner: root
# group: root
# mode: '0755'
state: directory
- name: Install /etc/conf.d/wondershaper.conf from template
template:
src: roles/network/templates/wondershaper/wondershaper.conf
dest: /etc/conf.d/wondershaper.conf
owner: root
group: root
mode: 0600
# owner: root
# group: root
mode: '0600'
- name: Create fact (link) for /etc/conf.d/wondershaper.conf
- name: Create fact (symlink) /etc/ansible/facts.d/wondershaper.fact -> /etc/conf.d/wondershaper.conf
file:
src: /etc/conf.d/wondershaper.conf
dest: /etc/ansible/facts.d/wondershaper.fact
owner: root
group: root
# owner: root
# group: root
state: link
- name: "Add 'wondershaper_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'wondershaper_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^wondershaper_installed'
line: 'wondershaper_installed: True'
state: present
- name: Add 'wondershaper' variable values to {{ iiab_ini_file }}
ini_file:

54
roles/nextcloud/tasks/enable.yml
View file

@ -1,33 +1,39 @@
# This should go in computed_network.yml, but here for now
#- name: Compute Nextcloud listen ip addr for nextcloud.conf
# set_fact:
# nextcloud_required_ip: "{{ ansible_default_ipv4.network }}/{{ ansible_default_ipv4.netmask }}"
# when: ansible_default_ipv4.network is defined
# Apache
- name: Create symlink nextcloud.conf from sites-enabled to sites-available for http://box/nextcloud (debuntu)
file:
src: "/etc/{{ apache_config_dir }}/nextcloud.conf"
path: /etc/apache2/sites-enabled/nextcloud.conf
state: link
when: nextcloud_enabled and is_debuntu
- name: Enable http://box{{ nextcloud_url }} via Apache # http://box/nextcloud
command: a2ensite nextcloud.conf
when: apache_install and nextcloud_enabled
- name: Remove symlink nextcloud.conf from /etc/apache2/sites-enabled if not nextcloud_enabled (debuntu)
file:
path: /etc/apache2/sites-enabled/nextcloud.conf
state: absent
when: not nextcloud_enabled and is_debuntu
- name: Disable http://box{{ nextcloud_url }} via Apache # http://box/nextcloud
command: a2dissite nextcloud.conf
when: apache_install and not nextcloud_enabled
- name: Remove sites-available/nextcloud.conf if not nextcloud_enabled (redhat)
file:
path: "/etc/{{ apache_config_dir }}/nextcloud.conf"
state: absent
when: not nextcloud_enabled and is_redhat
- name: Restart {{ apache_service }}, enabling/disabling http://box/nextcloud
- name: Restart Apache systemd service ({{ apache_service }})
systemd:
name: "{{ apache_service }}"
daemon-reload: yes
state: restarted
when: apache_enabled | bool
# NGINX
- name: "SHIM: Enable http://box{{ nextcloud_url }} via NGINX, by installing {{ nginx_config_dir }}/nextcloud-nginx.conf from template" # http://box/nextcloud
template:
src: nextcloud-nginx.conf.j2
dest: "{{ nginx_config_dir }}/nextcloud-nginx.conf"
when: nginx_install and nextcloud_enabled
- name: "SHIM: Disable http://box{{ nextcloud_url }} via NGINX, by removing {{ nginx_config_dir }}/nextcloud-nginx.conf" # http://box/nextcloud
file:
path: "{{ nginx_config_dir }}/nextcloud-nginx.conf"
state: absent
when: nginx_install and not nextcloud_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted
when: nginx_enabled | bool
- name: Add 'nextcloud' variable values to {{ iiab_ini_file }}
ini_file:

16
roles/nextcloud/tasks/install.yml
View file

@ -49,8 +49,6 @@
#validate_certs: False # TEMPORARY ON/AFTER 2018-07-22 AS download.nextcloud.com CERT EXPIRED: https://github.com/iiab/iiab/issues/954
#async: 1800
#poll: 10
tags:
- download
when: internet_available and not php_new
#when: internet_available and nextcloud_force_install and (is_debian_9 or is_raspbian_9 or is_ubuntu_16)
@ -63,8 +61,6 @@
#validate_certs: False # TEMPORARY ON/AFTER 2018-07-22 AS download.nextcloud.com CERT EXPIRED: https://github.com/iiab/iiab/issues/954
#async: 1800
#poll: 10
tags:
- download
when: internet_available and php_new
#when: internet_available and nextcloud_force_install and not (is_debian_9 or is_raspbian_9 or is_ubuntu_16)
@ -155,7 +151,7 @@
dest: "{{ nextcloud_prefix }}/nextcloud/config/autoconfig.php"
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
mode: 0640
mode: '0640'
when: is_centos | bool
- name: chown -R {{ apache_user }}:{{ apache_user }} {{ nextcloud_prefix }}/nextcloud
@ -171,20 +167,16 @@
path: "{{ nextcloud_data_dir }}"
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
mode: 0750
mode: '0750'
state: directory
- name: Install Apache's nextcloud.conf from template, for http://box/nextcloud
template:
src: nextcloud.conf.j2
dest: "/etc/{{ apache_config_dir }}/nextcloud.conf"
owner: root
group: root
mode: 0644
- name: "Add 'nextcloud_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'nextcloud_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^nextcloud_installed'
line: 'nextcloud_installed: True'
state: present

7
roles/nginx/templates/nextcloud-nginx.conf → roles/nextcloud/templates/nextcloud-nginx.conf.j2
View file

@ -1,11 +1,10 @@
location /nextcloud {
proxy_pass http://127.0.0.1:{{ apache_port }}/nextcloud;
location {{ nextcloud_url }} {
proxy_pass http://127.0.0.1:{{ apache_port }}{{ nextcloud_url }};
}
location ~ /nextcloud/.*\.php$ {
location ~ {{ nextcloud_url }}/.*\.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:{{ apache_port }};
}

6
roles/nginx/README.md
View file

@ -8,13 +8,13 @@
1. Principal functions migrated to NGINX
* Admin Console
* kalite -- goes directly to port 8009
* kalite -- goes directly to ports 8006-8008
* mediawiki
* osm-vector-maps
* usb-lib
* wordpress
2. Dual support, see https://github.com/iiab/iiab/blob/master/roles/nginx/tasks/only_nginx.yml
2. Dual support, see [roles/nginx/tasks/only_nginx.yml](tasks/only_nginx.yml)
* awstats ([#2124](https://github.com/iiab/iiab/issues/2124))
* calibre-web
* gitea
@ -22,7 +22,7 @@
* kolibri
* sugarizer
3. Still proxied to Apache, see [PR #2131](https://github.com/iiab/iiab/pull/2131) & https://github.com/iiab/iiab/blob/master/roles/nginx/tasks/uses_apache.yml
3. Still proxied to Apache, see [roles/0-init/tasks/main.yml#L108-L112](../0-init/tasks/main.yml#L108-L112) & [roles/nginx/tasks/uses_apache.yml](tasks/uses_apache.yml)
* dokuwiki ([#2056](https://github.com/iiab/iiab/issues/2056))
* elgg
* lokole

6
roles/nginx/tasks/install.yml
View file

@ -34,3 +34,9 @@
path: /var/log/uwsgi/app
state: directory
owner: "{{ apache_user }}"
- name: "Add 'nginx_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^nginx_installed'
line: 'nginx_installed: True'

51
roles/nginx/tasks/main.yml
View file

@ -1,18 +1,7 @@
- name: "Install from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/{{ apache_service }}/ports.conf, {{ nginx_config_dir }}/iiab.conf"
template:
src: "{{ item.src}}"
dest: "{{ item.dest }}"
with_items:
- { src: "server.conf", dest: "/etc/nginx/" }
- { src: "nginx.conf", dest: "/etc/nginx/" }
- { src: "ports.conf", dest: "/etc/{{ apache_service }}/" }
- { src: "iiab.conf.j2", dest: "{{ nginx_config_dir }}/iiab.conf" }
when: nginx_enabled | bool
- name: Remove stale files (usb-lib.conf, modules.conf) from {{ nginx_config_dir }}
file:
state: absent
path: "{{ item.path }}"
path: "{{ item.path }}"
state: absent
with_items:
- { path: "{{ nginx_config_dir }}/usb-lib.conf" }
- { path: "{{ nginx_config_dir }}/modules.conf" }
@ -22,37 +11,47 @@
name: "{{ apache_service }}"
state: stopped
- name: "Install from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/{{ apache_service }}/ports.conf, {{ nginx_config_dir }}/iiab.conf"
template:
src: "{{ item.src}}"
dest: "{{ item.dest }}"
with_items:
- { src: 'server.conf', dest: '/etc/nginx/' }
- { src: 'nginx.conf', dest: '/etc/nginx/' }
- { src: 'ports.conf', dest: "/etc/{{ apache_service }}/" }
- { src: 'iiab.conf.j2', dest: "{{ nginx_config_dir }}/iiab.conf" }
when: nginx_enabled | bool
# the below slides in nginx's proxypass config files for apache on localhost
# via the ports.conf file installed above
- name: Install proxpass to Apache running on localhost port {{ apache_port }}
include_tasks: uses_apache.yml
when: nginx_enabled | bool
#- name: Install proxpass to Apache running on localhost port {{ apache_port }}
# include_tasks: uses_apache.yml
# when: apache_enabled | bool
# the below task contains the same logic contained in the playbooks to enable
# 'runrole nginx' to do the right thing but with the 'src' path set to role's
# templates path ie roles/<rolename>/template/
#- name: Install proxpass to other services 'dual mode' roles
# include_tasks: only_nginx.yml
# when: nginx_enabled | bool
- name: Install proxpass to other services 'dual mode' roles
include_tasks: only_nginx.yml
when: nginx_enabled | bool
- name: Stop and disable NGINX when not nginx_enabled
- name: Stop & Disable 'nginx' systemd service, when not nginx_enabled
systemd:
name: nginx
state: stopped
enabled: false
when: not nginx_enabled
- name: Disable Apache port {{ apache_port }} localhost only
- name: Disable Apache port {{ apache_port }} localhost only, when not nginx_enabled
template:
dest: /etc/{{ apache_service }}/ports.conf
src: stock-apache-ports.conf
when: not nginx_enabled
# should have the logic to handle both modes in the playbook
- name: Enable Apache (a2ensite) for 'dual mode' for the role when NGINX is disabled
include_tasks: disable.yml
when: not nginx_enabled
#- name: Enable Apache (a2ensite) for 'dual mode' for the role when NGINX is disabled
# include_tasks: disable.yml
# when: not nginx_enabled
- name: Enable & Restart Apache, since we stopped it ({{ apache_service }})
systemd:
@ -60,7 +59,7 @@
daemon_reload: yes
state: restarted
enabled: true
when: apache_enabled | bool
when: apache_enabled or not nginx_enabled
- name: Enable & Restart NGINX, to pick up the config files installed
systemd:

2
roles/nginx/tasks/only_nginx.yml
View file

@ -1,4 +1,4 @@
# The ~100 lines of code below is near-identical to what's in tasks/enable.yml
# The ~100 lines of code below are near-identical to what's in tasks/enable.yml
# for these 6 playbooks. Any way we can consolidate / reduce duplication?

3
roles/nginx/templates/elgg-nginx.conf
View file

@ -1,3 +0,0 @@
location /elgg {
proxy_pass http://127.0.0.1:{{ apache_port }}/elgg;
}

3
roles/nginx/templates/lokole-nginx.conf.j2
View file

@ -1,3 +0,0 @@
location /lokole {
proxy_pass http://127.0.0.1:{{ apache_port }}/lokole;
}

3
roles/nginx/templates/nodered-nginx.conf.j2
View file

@ -1,3 +0,0 @@
location /nodered {
proxy_pass http://127.0.0.1:{{ apache_port }}/nodered;
}

62
roles/nodered/tasks/enable.yml
View file

@ -1,39 +1,55 @@
- name: Create symlink nodered.conf from sites-enabled to sites-available, for short URL http://box/nodered (if nodered_enabled)
file:
src: /etc/apache2/sites-available/nodered.conf
dest: /etc/apache2/sites-enabled/nodered.conf
owner: root
group: root
state: link
when: nodered_enabled | bool
- name: Remove symlink /etc/apache2/sites-enabled/nodered.conf (if not nodered_enabled)
file:
path: /etc/apache2/sites-enabled/nodered.conf
state: absent
when: not nodered_enabled
- name: Enable & (Re)start 'nodered' systemd service (if nodered_enabled)
- name: Enable & (Re)start 'nodered' systemd service
systemd:
daemon_reload: yes
name: nodered
daemon_reload: yes
enabled: yes
state: restarted
when: nodered_enabled | bool
when: nodered_enabled
- name: Disable & Stop 'nodered' systemd service (if not nodered_enabled)
- name: Disable & Stop 'nodered' systemd service
systemd:
daemon_reload: yes
name: nodered
enabled: no
state: stopped
when: not nodered_enabled
- name: Restart Apache service ({{ apache_service }}) to enable/disable http://box/nodered (not just http://box:{{ nodered_port }}/nodered)
# Apache
- name: Enable http://box/nodered via Apache
command: a2ensite nodered.conf
when: apache_install and nodered_enabled
- name: Disable http://box/nodered via Apache
command: a2dissite nodered.conf
when: apache_install and not nodered_enabled
- name: Restart Apache systemd service ({{ apache_service }})
systemd:
name: "{{ apache_service }}" # httpd or apache2
name: "{{ apache_service }}"
state: restarted
when: nodered_install | bool
when: apache_enabled | bool
# NGINX
- name: "SHIM: Enable http://box/nodered_url via NGINX, by installing {{ nginx_config_dir }}/nodered-nginx.conf from template"
template:
src: nodered-nginx.conf.j2
dest: "{{ nginx_config_dir }}/nodered-nginx.conf"
# mode: '0666'
when: nginx_install and nodered_enabled
- name: "SHIM: Disable http://box/nodered_url via NGINX, by removing {{ nginx_config_dir }}/nodered-nginx.conf"
file:
path: "{{ nginx_config_dir }}/nodered-nginx.conf"
state: absent
when: nginx_install and not nodered_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted
when: nginx_enabled | bool
- name: Add 'nodered' variable values to {{ iiab_ini_file }}
ini_file:

18
roles/nodered/tasks/install.yml
View file

@ -78,18 +78,14 @@
backup: yes
src: nodered.service.j2
dest: /etc/systemd/system/nodered.service
owner: root
group: root
mode: 0666
# mode: '0666'
- name: Install Apache's sites-available/nodered.conf from template
- name: Install /etc/{{ apache_config_dir }}/nodered.conf from template
template:
backup: yes
src: nodered.conf.j2
dest: /etc/apache2/sites-available/nodered.conf
owner: root
group: root
mode: 0666
dest: "/etc/{{ apache_config_dir }}/nodered.conf"
# mode: '0666'
# SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml
- name: Enable proxy_wstunnel apache2 module
@ -97,10 +93,8 @@
state: present
name: proxy_wstunnel
- name: "Add 'nodered_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'nodered_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^nodered_installed'
line: 'nodered_installed: True'
state: present

3
roles/nodered/templates/nodered-nginx.conf.j2 Normal file
View file

@ -0,0 +1,3 @@
location /nodered/ {
proxy_pass http://127.0.0.1:{{ apache_port }}/nodered/;
}

2
roles/pbx/defaults/main.yml
View file

@ -1,5 +1,5 @@
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
# Works on Ubuntu 18.04, Debian 9. Experimental on Rasp/RPi 3. Uses Node.js 10.x
# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3.
# pbx_install: False
# pbx_enabled: False

5
roles/samba/tasks/main.yml
View file

@ -30,12 +30,11 @@
src: smb.conf.j2
dest: /etc/samba/smb.conf
- name: "Add 'samba_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'samba_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^samba_installed'
line: 'samba_installed: True'
state: present
- name: Enable & Start Samba systemd service
service:

5
roles/sugarizer/tasks/install.yml
View file

@ -215,9 +215,8 @@
# # Use this instead, if tabs are truly nec:
# # block: "\tvar pathPrefix = '/sugarizer';\n\tapp.use(pathPrefix, require('path-prefix-proxy')(pathPrefix));"
- name: "Add 'sugarizer_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'sugarizer_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^sugarizer_installed'
line: 'sugarizer_installed: True'
state: present

6
roles/teamviewer/tasks/install.yml
View file

@ -49,3 +49,9 @@
with_items:
- teamviewer*
when: teamviewer_install and xo_model == "none" and ansible_distribution_version >= "22"
- name: "Add 'teamviewer_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^teamviewer_installed'
line: 'teamviewer_installed: True'

8
roles/wordpress/tasks/enable.yml
View file

@ -1,10 +1,10 @@
# Apache
- name: "Enable http://box{{ wp_url }} via Apache"
- name: Enable http://box{{ wp_url }} via Apache
command: a2ensite wordpress.conf
when: apache_install and wordpress_enabled
- name: "Disable http://box{{ wp_url }} via Apache"
- name: Disable http://box{{ wp_url }} via Apache
command: a2dissite wordpress.conf
when: apache_install and not wordpress_enabled
@ -16,13 +16,13 @@
# NGINX
- name: "Enable http://box{{ wp_url }} via NGINX, by installing {{ nginx_config_dir }}/wordpress-nginx.conf from template"
- name: Enable http://box{{ wp_url }} via NGINX, by installing {{ nginx_config_dir }}/wordpress-nginx.conf from template
template:
src: wordpress-nginx.conf.j2
dest: "{{ nginx_config_dir }}/wordpress-nginx.conf"
when: nginx_install and wordpress_enabled
- name: "Disable http://box{{ wp_url }} via NGINX, by removing {{ nginx_config_dir }}/wordpress-nginx.conf"
- name: Disable http://box{{ wp_url }} via NGINX, by removing {{ nginx_config_dir }}/wordpress-nginx.conf
file:
path: "{{ nginx_config_dir }}/wordpress-nginx.conf"
state: absent

5
roles/wordpress/tasks/install.yml
View file

@ -90,9 +90,8 @@
dest: "/etc/{{ apache_config_dir }}/wordpress.conf"
when: apache_enabled | bool
- name: "Add 'wordpress_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
- name: "Add 'wordpress_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^wordpress_installed'
line: 'wordpress_installed: True'
state: present

4
vars/default_vars.yml
View file

@ -232,7 +232,7 @@ admin_console_enabled: True
# variables related to introduction of nginx
# apache
apache_install: True
apache_enabled: True
apache_enabled: False
apache_port: "8090"
apache_interface: "127.0.0.1"
# The following variable, if True, allows Admin Console to poweroff IIAB
@ -394,7 +394,7 @@ nextcloud_allow_public_ips: False
# nextcloud_dl_url: http://d.iiab.io/packages
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
# Works on Ubuntu 18.04, Debian 9. Experimental on Rasp/RPi 3. Uses Node.js 10.x
# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3.
pbx_install: False
pbx_enabled: False
asterisk_chan_dongle: False

2
vars/local_vars_big.yml
View file

@ -250,7 +250,7 @@ nextcloud_allow_public_ips: False
# nextcloud_dl_url: http://d.iiab.io/packages
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
# Works on Ubuntu 18.04, Debian 9. Experimental on Rasp/RPi 3. Uses Node.js 10.x
# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3.
pbx_install: False
pbx_enabled: False
asterisk_chan_dongle: False

2
vars/local_vars_medium.yml
View file

@ -250,7 +250,7 @@ nextcloud_allow_public_ips: False
# nextcloud_dl_url: http://d.iiab.io/packages
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
# Works on Ubuntu 18.04, Debian 9. Experimental on Rasp/RPi 3. Uses Node.js 10.x
# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3.
pbx_install: False
pbx_enabled: False
asterisk_chan_dongle: False

2
vars/local_vars_min.yml
View file

@ -250,7 +250,7 @@ nextcloud_allow_public_ips: False
# nextcloud_dl_url: http://d.iiab.io/packages
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
# Works on Ubuntu 18.04, Debian 9. Experimental on Rasp/RPi 3. Uses Node.js 10.x
# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3.
pbx_install: False
pbx_enabled: False
asterisk_chan_dongle: False