external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Merge pull request #173 from iiab/master

Browse source 
sync from iiab/iiab
This commit is contained in:
A Holt 2018-10-19 10:59:52 -04:00 committed by GitHub
commit 9f0182f972
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
105 changed files with 580 additions and 826 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
.travis.yml
View file

@ -6,32 +6,22 @@ python: "2.7"
dist: trusty
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible, ansible-lint and ansible-review
# Install ansible
- pip install ansible
- pip install ansible-review
# Create ansible.cfg with correct roles_path and local_tmp
- "{ echo '[defaults]'; echo 'roles_path = ../'; echo 'local_tmp = ~/.ansible/tmp'; } >> ansible.cfg"
# Check ansible, version
- ansible --version
- ansible-lint --version
- ansible-review --version
- "{ echo '[defaults]'; echo 'roles_path = ./roles/'; } >> ansible.cfg"
script:
# Continuous integration: syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check -vvv
# Continous integration: ansible-list
- ansible-lint -p *yml
# Continous integration: ansible code review
#- git ls-files *yml roles/ vars/ tests/ | xargs ansible-review
# Continouse integration: ansible code review of changes between master and current branch
#- git diff master | ansible-review
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
#notifications:
# webhooks:
# webhooks: https://galaxy.ansible.com/api/v1/notifications/

0
COPYING → LICENSE
View file

16
LICENSE.md
View file

@ -1,16 +0,0 @@
COPYRIGHT and LICENSE
Many files in this repository have an explicit copyright notice and terms of license in the file.
Authors contributing to this repository are encouraged to provide a copyright notice and to license their work
under the terms of the GNU Library General Public License as published by the Free Software Foundation;
either version 2 of the License, or (at your option) any later version.
This license is contained in the file named COPYING. The simplest way to do this is to include
the following two lines at the top of the file:
# Copyright (C) 20xx <your name>
# Licensed under the terms of the GNU GPL v2 or later; see COPYING for details.
All files not containing an explicit copyright notice or terms of license in the file are Copyright © 2015, Unleash Kids,
and are licensed under the terms of the GPLv2 license in the file named COPYING in the root of the repository.

20
LICENSING.md Normal file
View file

@ -0,0 +1,20 @@
COPYRIGHT and LICENSE
Many files in this repository have an explicit copyright notice and terms of
license in the file.
Authors contributing to this repository are encouraged to provide a copyright
notice and to license their work under the terms of the GNU Library General
Public License as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This license is contained in the file named LICENSE. The simplest way to do
this is to include the following two lines at the top of the file:
Copyright (C) 20xx <your name>
Licensed under the terms of the GNU GPL v2 or later; see LICENSE for details.
All files not containing an explicit copyright notice or terms of license in
the file are Copyright © 2015-2018, Unleash Kids, and are licensed under the
terms of the GPLv2 license in the file named LICENSE in the root of the
repository.

41
README.md.deprecated
View file

@ -1,41 +0,0 @@
======================================
School Server Community Edition (XSCE)
======================================
Welcome to the Git repository of the XSCE project. XSCE is a community-based
project developed and supported by volunteers from around the world. It
provides communication, networking, content, and maintenance to schools and
classrooms. In everyday usage the school server provides services which extend
capabilities of the connected laptops while being transparent to the
user. These services include:
* Classroom connectivity Similar to what you would find in an advanced home router.
* Internet gateway If available, an internet connection is made available to laptops.
* Content Tools to make instructional media available to their schools and classrooms.
* Maintenance Tools to keep laptop updated and running smoothly.
All of our server code resides in this repository. We are using ansible_ as the
underlying technology to install, deploy, configure and manage the various
server components.
Documentation has recently moved to the wiki of this repo
Please see the `XSCE wiki`_
Installation procedures are in the process of being reworked to include:
* Offline install on bare metal from a usb stick
* Offline install with an iso file
* Manual install of all or part of the server in combination with either of the above
Full installation instructions are in the wiki of this repo:
Please read the `installation`_ documentation.
See the `XSCE project`_ for more information about the project.
.. _XSCE wiki: https://github.com/XSCE/xsce/wiki
.. _installation: https://github.com/XSCE/xsce/wiki/XSCE-Installation
.. _ansible: http://www.ansibleworks.com/
.. _ansible documentation: http://www.ansibleworks.com/docs/
.. _XSCE project: http://schoolserver.org/

2
ansible.cfg
View file

@ -3,5 +3,3 @@
[defaults]
squash_actions = apk, apt, dnf, homebrew, openbsd_pkg, pacman, pkgng, yum, zypper, package
remote_tmp = /root/.ansible/tmp
local_tmp = /root/.ansible/tmp

194
ansible.cfg.deprecated
View file

@ -1,194 +0,0 @@
# config file for ansible -- http://ansible.com/
# ==============================================
# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first
[defaults]
# some basic default values...
hostfile = /etc/ansible/hosts
library = /usr/share/ansible
remote_tmp = /opt/iiab/iiab/.ansible/tmp
local_tmp = /opt/iiab/iiab/.ansible/tmp
pattern = *
forks = 5
poll_interval = 15
sudo_user = root
#ask_sudo_pass = True
#ask_pass = True
transport = smart
remote_port = 22
module_lang = C
# plays will gather facts by default, which contain information about
# the remote system.
#
# smart - gather by default, but don't regather if already gathered
# implicit - gather by default, turn off with gather_facts: False
# explicit - do not gather by default, must say gather_facts: True
gathering = implicit
# additional paths to search for roles in, colon separated
#roles_path = /etc/ansible/roles
# uncomment this to disable SSH key host checking
#host_key_checking = False
# change this for alternative sudo implementations
sudo_exe = sudo
# what flags to pass to sudo
#sudo_flags = -H
# SSH timeout
timeout = 10
# default user to use for playbooks if user is not specified
# (/usr/bin/ansible will use current user as default)
#remote_user = root
# logging is off by default unless this path is defined
# if so defined, consider logrotate
#log_path = /var/log/ansible.log
# default module name for /usr/bin/ansible
#module_name = command
# use this shell for commands executed under sudo
# you may need to change this to bin/bash in rare instances
# if sudo is constrained
#executable = /bin/sh
# if inventory variables overlap, does the higher precedence one win
# or are hash values merged together? The default is 'replace' but
# this can also be set to 'merge'.
#hash_behaviour = replace
# list any Jinja2 extensions to enable here:
#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
# if set, always use this private key file for authentication, same as
# if passing --private-key to ansible or ansible-playbook
#private_key_file = /path/to/file
# format of string {{ ansible_managed }} available within Jinja2
# templates indicates to users editing templates files will be replaced.
# replacing {file}, {host} and {uid} and strftime codes with proper values.
ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
# by default, ansible-playbook will display "Skipping [host]" if it determines a task
# should not be run on a host. Set this to "False" if you don't want to see these "Skipping"
# messages. NOTE: the task header will still be shown regardless of whether or not the
# task is skipped.
#display_skipped_hosts = True
# by default (as of 1.3), Ansible will raise errors when attempting to dereference
# Jinja2 variables that are not set in templates or action lines. Uncomment this line
# to revert the behavior to pre-1.3.
#error_on_undefined_vars = False
# by default (as of 1.6), Ansible may display warnings based on the configuration of the
# system running ansible itself. This may include warnings about 3rd party packages or
# other conditions that should be resolved if possible.
# to disable these warnings, set the following value to False:
system_warnings = False
# by default (as of 1.4), Ansible may display deprecation warnings for language
# features that should no longer be used and will be removed in future versions.
# to disable these warnings, set the following value to False:
deprecation_warnings = False
# set plugin path directories here, separate with colons
action_plugins = /usr/share/ansible_plugins/action_plugins
callback_plugins = /usr/share/ansible_plugins/callback_plugins
connection_plugins = /usr/share/ansible_plugins/connection_plugins
lookup_plugins = /usr/share/ansible_plugins/lookup_plugins
vars_plugins = /usr/share/ansible_plugins/vars_plugins
filter_plugins = /usr/share/ansible_plugins/filter_plugins
# don't like cows? that's unfortunate.
# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1
#nocows = 1
# don't like colors either?
# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
#nocolor = 1
# the CA certificate path used for validating SSL certs. This path
# should exist on the controlling node, not the target nodes
# common locations:
# RHEL/CentOS: /etc/pki/tls/certs/ca-bundle.crt
# Fedora : /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Ubuntu : /usr/share/ca-certificates/cacert.org/cacert.org.crt
#ca_file_path =
# the http user-agent string to use when fetching urls. Some web server
# operators block the default urllib user agent as it is frequently used
# by malicious attacks/scripts, so we set it to something unique to
# avoid issues.
#http_user_agent = ansible-agent
[paramiko_connection]
# uncomment this line to cause the paramiko connection plugin to not record new host
# keys encountered. Increases performance on new host additions. Setting works independently of the
# host key checking setting above.
#record_host_keys=False
# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
# line to disable this behaviour.
#pty=False
[ssh_connection]
# ssh arguments to use
# Leaving off ControlPersist will result in poor performance, so use
# paramiko on older platforms rather than removing it
#ssh_args = -o ControlMaster=auto -o ControlPersist=60s
# The path to use for the ControlPath sockets. This defaults to
# "%(directory)s/ansible-ssh-%%h-%%p-%%r", however on some systems with
# very long hostnames or very long path names (caused by long user names or
# deeply nested home directories) this can exceed the character limit on
# file socket names (108 characters for most platforms). In that case, you
# may wish to shorten the string below.
#
# Example:
# control_path = %(directory)s/%%h-%%r
#control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r
# Enabling pipelining reduces the number of SSH operations required to
# execute a module on the remote server. This can result in a significant
# performance improvement when enabled, however when using "sudo:" you must
# first disable 'requiretty' in /etc/sudoers
#
# By default, this option is disabled to preserve compatibility with
# sudoers configurations that have requiretty (the default on many distros).
#
#pipelining = False
# if True, make ansible use scp if the connection type is ssh
# (default is sftp)
#scp_if_ssh = True
[accelerate]
accelerate_port = 5099
accelerate_timeout = 30
accelerate_connect_timeout = 5.0
# The daemon timeout is measured in minutes. This time is measured
# from the last activity to the accelerate daemon.
accelerate_daemon_timeout = 30
# If set to yes, accelerate_multi_key will allow multiple
# private keys to be uploaded to it, though each user must
# have access to the system via SSH to add a new key. The default
# is "no".
#accelerate_multi_key = yes
command_warnings = False

22
iiab.yml.deprecated
View file

@ -1,22 +0,0 @@
---
- hosts: all
become: yes
vars_files:
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- /etc/iiab/local_vars.yml
- /etc/iiab/config_vars.yml
roles:
- { role: 0-init, tags: ['0-init'] }
- { role: 1-prep, tags: ['1-prep','platform','base'] }
- { role: 2-common, tags: ['2-common','base'] }
- { role: 3-base-server, tags: ['3-base-server','base'] }
- { role: 4-server-options, tags: ['4-server-options'] }
- { role: 5-xo-services, tags: ['5-xo-services'] }
- { role: 6-generic-apps, tags: ['6-generic-apps'] }
- { role: 7-edu-apps, tags: ['7-edu-apps'] }
- { role: 8-mgmt-tools, tags: ['8-mgmt-tools'] }
- { role: 9-local-addons, tags: ['9-local-addons'] }
- { role: network, tags: ['network'] }

2
roles/0-init/defaults/main.yml
View file

@ -1,4 +1,4 @@
# Use these to tag a release at a point in time, for /etc/iiab/iiab.env
# Use these to tag a release at a point in time, for {{ iiab_env_file }}
iiab_base_ver: 6.7
iiab_revision: 0

6
roles/0-init/tasks/fl.yml
View file

@ -27,3 +27,9 @@
- "{{ doc_root }}/common/services"
- /etc/sysconfig/olpc-scripts/
- /etc/sysconfig/olpc-scripts/setup.d/installed/
- name: Create symlink from webfonts to fonts
file:
src: "{{ doc_root }}/common/fonts"
path: "{{ doc_root }}/common/webfonts"
state: link

12
roles/0-init/tasks/iiab_ini.yml
View file

@ -1,12 +1,12 @@
# workaround for fact that auto create does not work on ini_file
- name: Create /etc/iiab/iiab.ini (iiab_config_file)
# workaround for fact that auto create does not work on iiab_ini_file (/etc/iiab/iiab.ini)
- name: Create {{ iiab_ini_file }}
file:
dest: "{{ iiab_config_file }}"
dest: "{{ iiab_ini_file }}"
state: touch
- name: Add location section to config file
ini_file:
dest: "{{ iiab_config_file }}"
dest: "{{ iiab_ini_file }}"
section: location
option: "{{ item.option }}"
value: "{{ item.value }}"
@ -16,9 +16,9 @@
- option: iiab_dir
value: "{{ iiab_dir }}"
- name: Add version section
- name: Add 'version' variable values to {{ iiab_ini_file }}
ini_file:
dest: "{{ iiab_config_file }}"
dest: "{{ iiab_ini_file }}"
section: version
option: "{{ item.option }}"
value: "{{ item.value }}"

17
roles/0-init/tasks/main.yml
View file

@ -2,7 +2,7 @@
- name: ...IS BEGINNING ============================================
stat:
path: /etc/iiab/iiab.env
path: "{{ iiab_env_file }}"
register: NewInstall
- name: Setting first run flag
@ -165,9 +165,9 @@
include_tasks: hostname.yml
when: FQDN_changed
- name: Add 'runtime' section alongside list of services at /etc/iiab/iiab.ini
- name: Add 'runtime' variable values to {{ iiab_ini_file }}
ini_file:
dest: "{{ iiab_config_file }}"
dest: "{{ iiab_ini_file }}"
section: runtime
option: "{{ item.option }}"
value: "{{ item.value }}"
@ -209,13 +209,9 @@
- option: FQDN_changed
value: "{{ FQDN_changed }}"
#- name: Now changing FQDN
# include_tasks: hostname.yml
# when: FQDN_changed
- name: STAGE 0 HAS COMPLETED ======================================
- name: Add 'runtime' variable 'is_VM' value if defined, to {{ iiab_ini_file }}
ini_file:
dest: "{{ iiab_config_file }}"
dest: "{{ iiab_ini_file }}"
section: runtime
option: "{{ item.option }}"
value: "{{ item.value }}"
@ -223,3 +219,6 @@
- option: is_VM
value: "yes"
when: is_VM is defined
- name: STAGE 0 HAS COMPLETED ======================================
meta: noop

2
roles/1-prep/tasks/main.yml
View file

@ -111,7 +111,7 @@
- name: Recording STAGE 1 HAS COMPLETED ============================
template:
src: roles/1-prep/templates/iiab.env.j2
dest: /etc/iiab/iiab.env
dest: "{{ iiab_env_file }}"
owner: root
group: root
mode: 0644

4
roles/1-prep/templates/iiab-network-reset
View file

@ -38,8 +38,8 @@ echo "/etc/resolv.conf"
cat /etc/resolv.conf
echo
echo "=========================================================="
echo "cat /etc/iiab/iiab.ini"
cat /etc/iiab/iiab.ini
echo "cat {{ iiab_ini_file }}"
cat {{ iiab_ini_file }}
echo
echo "=========================================================="
echo "routing table"

2
roles/1-prep/templates/iiab_env.py.j2
View file

@ -4,7 +4,7 @@
def get_iiab_env(name):
""" read iiab.env file for a value, return "" if does not exist"""
try:
fd = open("/etc/iiab/iiab.env","r")
fd = open("{{ iiab_env_file }}","r")
for line in fd:
line = line.lstrip()
line = line.rstrip('\n')

2
roles/2-common/tasks/main.yml
View file

@ -89,7 +89,7 @@
- name: Recording STAGE 2 HAS COMPLETED ==========================
lineinfile:
dest: /etc/iiab/iiab.env
dest: "{{ iiab_env_file }}"
regexp: '^STAGE=*'
line: 'STAGE=2'
state: present

2
roles/2-common/templates/iiab-startup.sh
View file

@ -15,7 +15,7 @@ fi
if [[ $(grep -i raspbian /etc/*release) &&
#($(grep "hostapd_enabled = False" /etc/iiab/config_vars.yml) ||
#((! $(grep "hostapd_enabled = True" /etc/iiab/config_vars.yml)) &&
! $(grep "^HOSTAPD_ENABLED=True" /etc/iiab/iiab.env) ]];
! $(grep "^HOSTAPD_ENABLED=True" {{ iiab_env_file }}) ]];
# NEGATED LOGIC HELPS FORCE PROMISCUOUS MODE EARLY IN INSTALL
# (when network/tasks/main.yml hasn't yet populated iiab.env)

4
roles/3-base-server/tasks/main.yml
View file

@ -3,7 +3,7 @@
- name: ...IS BEGINNING =====================================
command: echo
- name: HTTPD
- name: HTTPD (APACHE)
include_role:
name: httpd
# has no "when: XXXXX_install" flag
@ -23,7 +23,7 @@
- name: Recording STAGE 3 HAS COMPLETED =====================
lineinfile:
dest: /etc/iiab/iiab.env
dest: "{{ iiab_env_file }}"
regexp: '^STAGE=*'
line: 'STAGE=3'
state: present

2
roles/4-server-options/tasks/main.yml
View file

@ -78,7 +78,7 @@
- name: Recording STAGE 4 HAS COMPLETED ==================
lineinfile:
dest: /etc/iiab/iiab.env
dest: "{{ iiab_env_file }}"
regexp: '^STAGE=*'
line: 'STAGE=4'
state: present

2
roles/5-xo-services/tasks/main.yml
View file

@ -23,7 +23,7 @@
- name: Recording STAGE 5 HAS COMPLETED =====================
lineinfile:
dest: /etc/iiab/iiab.env
dest: "{{ iiab_env_file }}"
regexp: '^STAGE=*'
line: 'STAGE=5'
state: present

2
roles/6-generic-apps/tasks/main.yml
View file

@ -47,7 +47,7 @@
- name: Recording STAGE 6 HAS COMPLETED ====================
lineinfile:
dest: /etc/iiab/iiab.env
dest: "{{ iiab_env_file }}"
regexp: '^STAGE=*'
line: 'STAGE=6'
state: present

2
roles/7-edu-apps/tasks/main.yml
View file

@ -47,7 +47,7 @@
- name: Recording STAGE 7 HAS COMPLETED ========================
lineinfile:
dest: /etc/iiab/iiab.env
dest: "{{ iiab_env_file }}"
regexp: '^STAGE=*'
line: 'STAGE=7'
state: present

2
roles/8-mgmt-tools/tasks/main.yml
View file

@ -59,7 +59,7 @@
- name: Recording STAGE 8 HAS COMPLETED ======================
lineinfile:
dest: /etc/iiab/iiab.env
dest: "{{ iiab_env_file }}"
regexp: '^STAGE=*'
line: 'STAGE=8'
state: present

2
roles/9-local-addons/tasks/main.yml
View file

@ -17,7 +17,7 @@
- name: Recording STAGE 9 HAS COMPLETED ====================
lineinfile:
dest: /etc/iiab/iiab.env
dest: "{{ iiab_env_file }}"
regexp: '^STAGE=*'
line: 'STAGE=9'
state: present

2
roles/activity-server/tasks/main.yml
View file

@ -117,7 +117,7 @@
state=restarted
- name: add xs-activity-server to service list
ini_file: dest='{{ service_filelist }}'
ini_file: dest='{{ iiab_ini_file }}'
section=activity-server
option='{{ item.option }}'
value='{{ item.value }}'

2
roles/ajenti/tasks/main.yml
View file

@ -48,7 +48,7 @@
when: ajenti_enabled
- name: Add ajenti to service list
ini_file: dest='{{ service_filelist }}'
ini_file: dest='{{ iiab_ini_file }}'
section=ajenti
option='{{ item.option }}'
value='{{ item.value }}'

2
roles/authserver/tasks/main.yml
View file

@ -51,7 +51,7 @@
when: authserver_enabled
- name: add xs-authserver to service list
ini_file: dest='{{ service_filelist }}'
ini_file: dest='{{ iiab_ini_file }}'
section=xs-authserver
option='{{ item.option }}'
value='{{ item.value }}'

4
roles/awstats/tasks/main.yml
View file

@ -1,9 +1,9 @@
- include_tasks: install.yml
when: awstats_install
- name: Add 'awstats' to list of services at /etc/iiab/iiab.ini
- name: Add 'awstats' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: awstats
option: "{{ item.option }}"
value: "{{ item.value }}"

4
roles/calibre-web/tasks/main.yml
View file

@ -122,9 +122,9 @@
name: "{{ apache_service }}" # httpd or apache2
state: restarted
- name: Add 'calibre-web' to list of services at /etc/iiab/iiab.ini
- name: Add 'calibre-web' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: calibre-web
option: "{{ item.option }}"
value: "{{ item.value }}"

4
roles/calibre/tasks/main.yml
View file

@ -132,9 +132,9 @@
name: "{{ apache_service }}"
state: reloaded
- name: Add 'calibre' to list of services at /etc/iiab/iiab.ini
- name: Add 'calibre' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: calibre
option: "{{ item.option }}"
value: "{{ item.value }}"

4
roles/cups/tasks/main.yml
View file

@ -64,9 +64,9 @@
enabled: no
when: not cups_enabled and is_F18
- name: Add 'cups' to list of services at /etc/iiab/iiab.ini
- name: Add 'cups' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: cups
option: "{{ item.option }}"
value: "{{ item.value }}"

2
roles/docker/tasks/main.yml
View file

@ -41,7 +41,7 @@
when: not docker_enabled
- name: add docker to service list
ini_file: dest='{{ service_filelist }}'
ini_file: dest='{{ iiab_ini_file }}'
section=docker
option='{{ item.option }}'
value='{{ item.value }}'

4
roles/dokuwiki/tasks/main.yml
View file

@ -2,9 +2,9 @@
include_tasks: install.yml
when: dokuwiki_install
- name: Add 'dokuwiki' to list of services at /etc/iiab/iiab.ini
- name: Add 'dokuwiki' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: dokuwiki
option: "{{ item.option }}"
value: "{{ item.value }}"

4
roles/elgg/tasks/main.yml
View file

@ -138,9 +138,9 @@
state: absent
when: not elgg_enabled and is_redhat
- name: Add 'elgg' to list of services at /etc/iiab/iiab.ini
- name: Add 'elgg' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: elgg
option: "{{ item.option }}"
value: "{{ item.value }}"

5
roles/httpd/files/html/css/fa.all.min.css vendored Normal file
View file

File diff suppressed because one or more lines are too long

28
roles/httpd/files/html/css/open-sans.css Normal file
View file

@ -0,0 +1,28 @@
/* open-sans-regular - latin */
@font-face {
font-family: 'Open Sans';
font-style: normal;
font-weight: 400;
src: local('Open Sans Regular'), local('OpenSans-Regular'),
url('/common/fonts/open-sans-v15-latin-regular.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
url('/common/fonts/open-sans-v15-latin-regular.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
}
/* open-sans-600 - latin */
@font-face {
font-family: 'Open Sans';
font-style: normal;
font-weight: 600;
src: local('Open Sans SemiBold'), local('OpenSans-SemiBold'),
url('/common/fonts/open-sans-v15-latin-600.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
url('/common/fonts/open-sans-v15-latin-600.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
}
/* open-sans-700 - latin */
@font-face {
font-family: 'Open Sans';
font-style: normal;
font-weight: 700;
src: local('Open Sans Bold'), local('OpenSans-Bold'),
url('/common/fonts/open-sans-v15-latin-700.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
url('/common/fonts/open-sans-v15-latin-700.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
}

BIN
roles/httpd/files/html/fonts/fa-solid-900.woff Normal file
View file

Binary file not shown.

BIN
roles/httpd/files/html/fonts/fa-solid-900.woff2 Normal file
View file

Binary file not shown.

BIN
roles/httpd/files/html/fonts/open-sans-v15-latin-600.woff Normal file
View file

Binary file not shown.

BIN
roles/httpd/files/html/fonts/open-sans-v15-latin-600.woff2 Normal file
View file

Binary file not shown.

BIN
roles/httpd/files/html/fonts/open-sans-v15-latin-700.woff Normal file
View file

Binary file not shown.

BIN
roles/httpd/files/html/fonts/open-sans-v15-latin-700.woff2 Normal file
View file

Binary file not shown.

BIN
roles/httpd/files/html/fonts/open-sans-v15-latin-regular.woff Normal file
View file

Binary file not shown.

BIN
roles/httpd/files/html/fonts/open-sans-v15-latin-regular.woff2 Normal file
View file

Binary file not shown.

4
roles/httpd/tasks/html.yml
View file

@ -59,9 +59,9 @@
with_fileglob:
- html/services/*
- name: Create symlink from assets to /etc/iiab/iiab.ini
- name: Create symlink from assets to {{ iiab_ini_file }}
file:
src: "/etc/iiab/iiab.ini"
src: "{{ iiab_ini_file }}"
dest: "{{ doc_root }}/common/assets/iiab.ini"
owner: root
group: root

2
roles/httpd/templates/refresh-wiki-docs.sh
View file

@ -3,7 +3,7 @@
# Pull down repo's entire wiki (and similar) to create offline docs
set -e
source /etc/iiab/iiab.env
source {{ iiab_env_file }}
INPUT=/tmp/iiab-wiki
OUTPUT=/tmp/iiab-wiki.out
DESTPATH=/library/www/html/info

2
roles/idmgr/tasks/main.yml
View file

@ -80,7 +80,7 @@
line=allowsftp
- name: Add idmgr to service list
ini_file: dest='{{ service_filelist }}'
ini_file: dest='{{ iiab_ini_file }}'
section=idmgr
option='{{ item.option }}'
value='{{ item.value }}'

22
roles/iiab-admin/defaults/main.yml
View file

@ -1,5 +1,21 @@
---
# must keep roles/0-once/defaults/main.yml sync'd
# The values here are defaults.
# Must keep roles/0-init/defaults/main.yml sync'd ? (Seems no longer true as of 2018-10-15)
# Set iiab_admin_user_install: False if you don't want iiab_admin_user & wheel
# group auto-created in roles/iiab-admin/tasks/main.yml (hence disabling sudo-
# checks/warnings of published passwds like pi/raspberry & iiab-admin/g0adm1n).
iiab_admin_user_install: True
# If iiab_admin_user_install: False, set iiab_admin_user (below) to an existing
# Linux user that has sudo access, for login to Admin Console http://box/admin
# ODDLY THIS IS ALSO USED BY roles/usb-lib/tasks/main.yml TO SET GROUP PERM FOR /library/www/html/local_content (ISN'T {{ apache_user }} MORE APPROPRIATE?)
iiab_admin_user: iiab-admin
# For live checks/alerts of published pwds
iiab_admin_published_pwd: g0adm1n
# Password hash to override above, if Ansible creates above user:
iiab_admin_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop.
# Obtain a password hash - NEW MORE SECURE WAY:
# python3 -c 'import crypt; print(crypt.crypt("<plaintext>", crypt.mksalt(crypt.METHOD_SHA512)))'
# Obtain a password hash - OLD WAY:
# python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")'

6
roles/iiab-admin/tasks/admin-user.yml
View file

@ -1,7 +1,7 @@
- name: Create iiab-admin user and password
- name: Create user {{ iiab_admin_user }} for Admin Console; set password from hardcoded hash if newly creating account
user:
name: "{{ iiab_admin_user }}"
password: "{{ iiab_admin_passw_hash }}"
password: "{{ iiab_admin_pwd_hash }}"
update_password: on_create
shell: /bin/bash
@ -16,7 +16,7 @@
state: present
when: is_redhat
- name: Add user to wheel group
- name: 'Add user {{ iiab_admin_user }} to groups: wheel, sudo'
user:
name: "{{ iiab_admin_user }}"
groups: wheel,sudo

6
roles/iiab-admin/tasks/main.yml
View file

@ -1,15 +1,15 @@
- include_tasks: admin-user.yml
tags:
- base
when: admin_install
when: iiab_admin_user_install
- include_tasks: access.yml
tags:
- base
- name: Add 'iiab-admin' to list at /etc/iiab/iiab.ini
- name: Add 'iiab-admin' to list at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: iiab-admin
option: "{{ item.option }}"
value: "{{ item.value }}"

38
roles/iiab-admin/templates/lxde_ssh_warn.sh
View file

@ -1,22 +1,32 @@
#!/bin/bash
function check_user_pwd() {
# $meth (hashing method) is typically '6' which implies 5000 rounds
# of SHA-512 per /etc/login.defs -> /etc/pam.d/common-password
meth=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2 | cut -d$ -f2)
salt=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2 | cut -d$ -f3)
hash=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2 | cut -d$ -f4)
[ $(python3 -c "import crypt; print(crypt.crypt('$2', '\$$meth\$$salt'))") == "\$$meth\$$salt\$$hash" ]
}
# credit to the folks at raspberry pi foundatioon
check_hash ()
{
check_hash () {
if ! id -u iiab-admin > /dev/null 2>&1 ; then return 0 ; fi
if grep -q "^PasswordAuthentication\s*no" /etc/ssh/sshd_config ; then return 0 ; fi
test -x /usr/bin/mkpasswd || return 0
SHADOW="$(sudo -n grep -E '^iiab-admin:' /etc/shadow 2>/dev/null)"
test -n "${SHADOW}" || return 0
if echo $SHADOW | grep -q "iiab-admin:!" ; then return 0 ; fi
SHADOW_PW=$(echo $SHADOW | cut -d: -f2)
if [ "$SHADOW_PW" != "\$6\$iiab51\$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop." ]; then return 0 ; fi
if echo "${SHADOW}" | grep -q "${HASH}"; then
zenity --warning --text="SSH is enabled and the default password for the 'iiab-admin' user has not been changed.\nThis is a security risk - please go to the iiab-console and use utilities-> change password to set a new password."
#test -x /usr/bin/mkpasswd || return 0
#SHADOW="$(sudo -n grep -E '^iiab-admin:' /etc/shadow 2>/dev/null)"
#test -n "${SHADOW}" || return 0
#if echo $SHADOW | grep -q "iiab-admin:!" ; then return 0 ; fi
#SHADOW_PW=$(echo $SHADOW | cut -d: -f2)
#if [ "$SHADOW_PW" != "\$6\$iiab51\$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop." ]; then return 0 ; fi
#if echo "${SHADOW}" | grep -q "${HASH}"; then
if check_user_pwd "iiab-admin" "{{ iiab_admin_published_pwd }}"; then
zenity --warning --text="SSH is enabled and the published password for user 'iiab-admin' is in use.\nTHIS IS A SECURITY RISK - please change its password using IIAB's Admin Console (http://box/admin) -> Utilities -> Change Password."
fi
}
if service ssh status | grep -q running; then
check_hash
fi
#if service ssh status | grep -q running; then
# check_hash
#fi
systemctl is-active {{ sshd_service }} > /dev/null && check_hash
unset check_hash

37
roles/iiab-admin/templates/profile_ssh_warn.sh
View file

@ -1,19 +1,28 @@
#!/bin/bash
# credit to the folks at raspberry pi foundatioon
check_hash ()
{
if ! id -u iiab-admin > /dev/null 2>&1 ; then return 0 ; fi
if grep -q "^PasswordAuthentication\s*no" /etc/ssh/sshd_config ; then return 0 ; fi
SHADOW="$(sudo -n grep -E '^iiab-admin:' /etc/shadow 2>/dev/null)"
test -n "${SHADOW}" || return 0
if echo $SHADOW | grep -q "iiab-admin:!" ; then return 0 ; fi
SHADOW_PW=$(echo $SHADOW | cut -d: -f2)
if [ "$SHADOW_PW" != '{{ iiab_admin_passw_hash }}' ]; then return 0 ; fi
echo
echo "SSH is enabled and the default password for the 'iiab-admin' user is unchanged."
echo "This is a security risk - please login as the 'iiab-admin' user and type 'passwd' to change password."
echo
function check_user_pwd() {
# $meth (hashing method) is typically '6' which implies 5000 rounds
# of SHA-512 per /etc/login.defs -> /etc/pam.d/common-password
meth=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2 | cut -d$ -f2)
salt=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2 | cut -d$ -f3)
hash=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2 | cut -d$ -f4)
[ $(python3 -c "import crypt; print(crypt.crypt('$2', '\$$meth\$$salt'))") == "\$$meth\$$salt\$$hash" ]
}
# credit to the folks at raspberry pi foundatioon
check_hash () {
if ! id -u iiab-admin > /dev/null 2>&1 ; then return 0 ; fi
if grep -q "^PasswordAuthentication\s*no" /etc/ssh/sshd_config ; then return 0 ; fi
#SHADOW="$(sudo -n grep -E '^iiab-admin:' /etc/shadow 2>/dev/null)"
#test -n "${SHADOW}" || return 0
#if echo $SHADOW | grep -q "iiab-admin:!" ; then return 0 ; fi
#SHADOW_PW=$(echo $SHADOW | cut -d: -f2)
#if [ "$SHADOW_PW" != '{{ iiab_admin_pwd_hash }}' ]; then return 0 ; fi
if check_user_pwd "iiab-admin" "{{ iiab_admin_published_pwd }}"; then
echo -e "\nSSH is enabled and the published password for user 'iiab-admin' is in use."
echo -e "THIS IS A SECURITY RISK - please log in as user 'iiab-admin' and run 'passwd'"
echo -e "to change its password.\n"
fi
}
systemctl is-active {{ sshd_service }} > /dev/null && check_hash

4
roles/kalite/tasks/main.yml
View file

@ -36,9 +36,9 @@
- include_tasks: enable.yml
- name: Add 'kalite' to list of services at /etc/iiab/iiab.ini
- name: Add 'kalite' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: kalite
option: "{{ item.option }}"
value: "{{ item.value }}"

0
roles/kalite/templates/settings.py.j2 → roles/kalite/templates/settings.py.j2.deprecated
View file

4
roles/kiwix/tasks/kiwix_install.yml
View file

@ -149,9 +149,9 @@
# 5. FINALIZE
- name: Add 'kiwix' to list of services at /etc/iiab/iiab.ini
- name: Add 'kiwix' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: kiwix
option: "{{ item.option }}"
value: "{{ item.value }}"

10
roles/kiwix/templates/iiab-make-kiwix-lib.py
View file

@ -29,13 +29,13 @@ if not IIAB_PATH in sys.path:
from iiab_env import get_iiab_env
# Config Files
# iiab_config_file should be in /etc/iiab/iiab.env
iiab_config_file = "{{ iiab_config_file }}" # nominally /etc/iiab/iiab.ini
# iiab_config_file = "/etc/iiab/iiab.ini" # comment out after testing
# iiab_ini_file should be in {{ iiab_env_file }} (/etc/iiab/iiab.env) ?
iiab_ini_file = "{{ iiab_ini_file }}" # nominally /etc/iiab/iiab.ini
# iiab_ini_file = "/etc/iiab/iiab.ini" # comment out after testing
IIAB_INI = get_iiab_env('IIAB_INI') # future
if IIAB_INI:
iiab_config_file = IIAB_INI
iiab_ini_file = IIAB_INI
# Variables that should be read from config file
# All of these variables will be read from config files and recomputed in init()
@ -187,7 +187,7 @@ def init():
global kiwix_manage
config = ConfigParser.SafeConfigParser()
config.read(iiab_config_file)
config.read(iiab_ini_file)
iiab_base_path = config.get('location','iiab_base')
zim_path = config.get('kiwix','iiab_zim_path')
kiwix_library_xml = config.get('kiwix','kiwix_library_xml')

4
roles/kolibri/tasks/main.yml
View file

@ -80,9 +80,9 @@
state: stopped
when: not kolibri_enabled
- name: Add 'kolibri' to list of services at /etc/iiab/iiab.ini
- name: Add 'kolibri' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: kolibri
option: "{{ item.option }}"
value: "{{ item.value }}"

4
roles/mediawiki/tasks/install.yml
View file

@ -85,9 +85,9 @@
name: "{{ apache_service }}"
state: restarted
- name: Add 'mediawiki' to list of services at /etc/iiab/iiab.ini
- name: Add 'mediawiki' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: mediawiki
option: "{{ item.option }}"
value: "{{ item.value }}"

4
roles/mongodb/tasks/main.yml
View file

@ -60,9 +60,9 @@
# state: stopped
# when: not mongodb_enabled
- name: Add 'mongodb' to list of services at /etc/iiab/iiab.ini
- name: Add 'mongodb' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: mongodb
option: "{{ item.option }}"
value: "{{ item.value }}"

4
roles/monit/tasks/main.yml
View file

@ -45,9 +45,9 @@
#- name: Restart monit service
# command: service monit restart
- name: Add 'monit' to list of services at /etc/iiab/iiab.ini
- name: Add 'monit' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: monit
option: "{{ item.option }}"
value: "{{ item.value }}"

2
roles/moodle-1.9/moodle/tasks/main.yml
View file

@ -76,7 +76,7 @@
register: moodlepw
- name: add moodle to service list
ini_file: dest='{{ service_filelist }}'
ini_file: dest='{{ iiab_ini_file }}'
section=moodle
option='{{ item.option }}'
value='{{ item.value }}'

4
roles/moodle/tasks/main.yml
View file

@ -155,9 +155,9 @@
path: "{{ moodle_base }}/config.php"
mode: 0644
- name: Add 'moodle' to list of services at /etc/iiab/iiab.ini
- name: Add 'moodle' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: moodle
option: "{{ item.option }}"
value: "{{ item.value }}"

4
roles/munin/tasks/main.yml
View file

@ -84,9 +84,9 @@
- /usr/share/munin/plugins/mysql_threads
when: mysql_enabled
- name: Add 'munin' to list of services at /etc/iiab/iiab.ini
- name: Add 'munin' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: munin
option: "{{ item.option }}"
value: "{{ item.value }}"

4
roles/mysql/tasks/main.yml
View file

@ -133,9 +133,9 @@
state: stopped
when: not mysql_enabled
- name: Add 'mysql' to list of services at /etc/iiab/iiab.ini
- name: Add 'mysql' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: mysql
option: "{{ item.option }}"
value: "{{ item.value }}"

12
roles/network/tasks/computed_network.yml
View file

@ -172,9 +172,9 @@
iiab_wan_iface: "none"
when: adapter_count.stdout|int >= "5" and device_gw == "none" and gui_wan_iface == "unset" and gui_static_wan is defined
- name: Record IIAB_WAN_DEVICE to /etc/iiab/iiab.env
- name: Record IIAB_WAN_DEVICE to {{ iiab_env_file }}
lineinfile:
dest: /etc/iiab/iiab.env
dest: "{{ iiab_env_file }}"
regexp: '^IIAB_WAN_DEVICE=*'
line: 'IIAB_WAN_DEVICE="{{ iiab_wan_iface }}"'
state: present
@ -182,9 +182,9 @@
tags:
- network
- name: Record IIAB_LAN_DEVICE to /etc/iiab/iiab.env
- name: Record IIAB_LAN_DEVICE to {{ iiab_env_file }}
lineinfile:
dest: /etc/iiab/iiab.env
dest: "{{ iiab_env_file }}"
regexp: '^IIAB_LAN_DEVICE=*'
line: 'IIAB_LAN_DEVICE="{{ iiab_lan_iface }}"'
state: present
@ -192,9 +192,9 @@
tags:
- network
- name: Add 'computed_network' variable values to /etc/iiab/iiab.ini
- name: Add 'computed_network' variable values to {{ iiab_ini_file }}
ini_file:
dest: "{{ iiab_config_file }}"
dest: "{{ iiab_ini_file }}"
section: computed_network
option: "{{ item.option }}"
value: "{{ item.value }}"

4
roles/network/tasks/computed_services.yml
View file

@ -49,9 +49,9 @@
dhcp_service2: "dnsmasq disabled"
when: dnsmasq_install and iiab_network_mode == "Appliance"
- name: Add 'network' variable values (from computed_services.yml) to /etc/iiab/iiab.ini
- name: Add 'network' variable values (from computed_services.yml) to {{ iiab_ini_file }}
ini_file:
dest: "{{ iiab_config_file }}"
dest: "{{ iiab_ini_file }}"
section: network
option: "{{ item.option }}"
value: "{{ item.value }}"

6
roles/network/tasks/detected_network.yml
View file

@ -1,5 +1,5 @@
- name: iiab_wan_device
shell: grep IIAB_WAN_DEVICE /etc/iiab/iiab.env | awk -F "=" '{print $2}'
shell: grep IIAB_WAN_DEVICE {{ iiab_env_file }} | awk -F "=" '{print $2}'
when: iiab_stage|int > 4
register: prior_gw
@ -188,9 +188,9 @@
gui_wan_iface: "{{ device_gw }}"
when: user_wan_iface == "auto" and device_gw != "none" and discovered_wan_iface == "none"
- name: Add 'detected_network' variable values to /etc/iiab/iiab.ini
- name: Add 'detected_network' variable values to {{ iiab_ini_file }}
ini_file:
dest: "{{ iiab_config_file }}"
dest: "{{ iiab_ini_file }}"
section: detected_network
option: "{{ item.option }}"
value: "{{ item.value }}"

16
roles/network/tasks/enable_services.yml
View file

@ -79,7 +79,7 @@
- name: Create xs_httpcache flag
lineinfile:
dest: /etc/iiab/iiab.env
dest: "{{ iiab_env_file }}"
regexp: '^HTTPCACHE_ON=*'
line: 'HTTPCACHE_ON=True'
state: present
@ -121,7 +121,7 @@
- name: Remove xs_httpcache flag
lineinfile:
dest: /etc/iiab/iiab.env
dest: "{{ iiab_env_file }}"
regexp: '^HTTPCACHE_ON=*'
line: 'HTTPCACHE_ON=False'
state: present
@ -150,9 +150,9 @@
with_items:
- { 0: 'gateway/iiab-gen-iptables', 1: '/usr/bin/iiab-gen-iptables' }
- name: Add 'squid' to list of services at /etc/iiab/iiab.ini
- name: Add 'squid' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: squid
option: "{{ item.option }}"
value: "{{ item.value }}"
@ -160,9 +160,9 @@
- option: enabled
value: "{{ squid_enabled }}"
- name: Add 'dansguardian' to list of services at /etc/iiab/iiab.ini
- name: Add 'dansguardian' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: dansguardian
option: "{{ item.option }}"
value: "{{ item.value }}"
@ -170,9 +170,9 @@
- option: enabled
value: "{{ dansguardian_enabled }}"
- name: Add 'wondershaper' to list of services at /etc/iiab/iiab.ini
- name: Add 'wondershaper' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: wondershaper
option: "{{ item.option }}"
value: "{{ item.value }}"

4
roles/network/tasks/hostapd.yml
View file

@ -55,9 +55,9 @@
enabled: yes
when: hostapd_enabled and iiab_wireless_lan_iface is defined and iiab_network_mode != "Appliance"
- name: Record HOSTAPD_ENABLED to /etc/iiab/iiab.env
- name: Record HOSTAPD_ENABLED to {{ iiab_env_file }}
lineinfile:
dest: /etc/iiab/iiab.env
dest: "{{ iiab_env_file }}"
regexp: '^HOSTAPD_ENABLED=*'
line: 'HOSTAPD_ENABLED={{ hostapd_enabled }}'
state: present

2
roles/network/tasks/main.yml
View file

@ -11,7 +11,7 @@
no_net_restart: True # used below in (1) sysd-netd-debian.yml,
# (2) debian.yml, (3) rpi_debian.yml
when: discovered_wireless_iface == iiab_wan_iface and not reboot_to_AP
# EITHER WAY: hostapd_enabled's state is RECORDED into /etc/iiab/iiab.env
# EITHER WAY: hostapd_enabled's state is RECORDED into {{ iiab_env_file }}
# in hostapd.yml for later use by...
# /usr/libexec/iiab-startup.sh, iiab-hotspot-off & iiab-hotspot-on
#

8
roles/network/tasks/squid.yml
View file

@ -83,9 +83,9 @@
when: dansguardian_install
# {{ proxy }} is normally "squid", but is "squid3" on raspbian-8 & debian-8
- name: Add '{{ proxy }}' to list of services at /etc/iiab/iiab.ini
- name: Add '{{ proxy }}' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: "{{ proxy }}"
option: "{{ item.option }}"
value: "{{ item.value }}"
@ -97,9 +97,9 @@
- option: enabled
value: "{{ squid_enabled }}"
- name: Add 'dansguardian' variable values to /etc/iiab/iiab.ini
- name: Add 'dansguardian' variable values to {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: dansguardian
option: "{{ item.option }}"
value: "{{ item.value }}"

4
roles/network/tasks/wondershaper.yml
View file

@ -38,9 +38,9 @@
group: root
state: link
- name: Add 'wondershaper' variable values to /etc/iiab/iiab.ini
- name: Add 'wondershaper' variable values to {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: wondershaper
option: "{{ item.option }}"
value: "{{ item.value }}"

4
roles/network/templates/gateway/iiab-gen-iptables
View file

@ -1,5 +1,5 @@
#!/bin/bash -x
source /etc/iiab/iiab.env
source {{ iiab_env_file }}
{% if is_debuntu %}
IPTABLES=/sbin/iptables
IPTABLES_DATA=/etc/iptables.up.rules
@ -9,7 +9,7 @@ IPTABLES_DATA=/etc/sysconfig/iptables
{% endif %}
LANIF=$IIAB_LAN_DEVICE
WANIF=$IIAB_WAN_DEVICE
MODE=`grep iiab_network_mode_applied /etc/iiab/iiab.ini | gawk '{print $3}'`
MODE=`grep iiab_network_mode_applied {{ iiab_ini_file }} | gawk '{print $3}'`
clear_fw() {
$IPTABLES -F

2
roles/network/templates/network/iiab-hotspot-off
View file

@ -16,4 +16,4 @@ if grep -qi raspbian /etc/*release; then
ip link set dev wlan0 promisc on
fi
sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=False/" /etc/iiab/iiab.env
sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=False/" {{ iiab_env_file }}

2
roles/network/templates/network/iiab-hotspot-on
View file

@ -17,6 +17,6 @@ if grep -qi raspbian /etc/*release; then
ip link set dev wlan0 promisc off
fi
sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" /etc/iiab/iiab.env
sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }}
echo -e "\nPlease consider rebooting now.\n"

4
roles/nextcloud/tasks/main.yml
View file

@ -162,9 +162,9 @@
# following enables and disables
- include_tasks: nextcloud_enabled.yml
- name: Add 'nextcloud' to list of services at /etc/iiab/iiab.ini
- name: Add 'nextcloud' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: Nextcloud
option: "{{ item.option }}"
value: "{{ item.value }}"

4
roles/nodogsplash/tasks/rpi.yml
View file

@ -52,9 +52,9 @@
state: stopped
when: not nodogsplash_enabled
- name: Add 'nodogsplash' to list of services at /etc/iiab/iiab.ini
- name: Add 'nodogsplash' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: nodogsplash
option: "{{ item.option }}"
value: "{{ item.value }}"

4
roles/openvpn/tasks/main.yml
View file

@ -206,9 +206,9 @@
# when: not openvpn_enabled and not installing
- name: Add 'openvpn' to list of services at /etc/iiab/iiab.ini
- name: Add 'openvpn' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: openvpn
option: "{{ item.option }}"
value: "{{ item.value }}"

6
roles/openvpn/templates/announcer.j2
View file

@ -19,10 +19,10 @@ if [ -f /etc/iiab/openvpn_handle ]; then
#else
# # Option #3: Dangerous to invoke hypothetical variables :(
# source /etc/iiab/iiab.env
# # Option #4: CAUSED FAILURES IN AUGUST 2018, invoking stale variable from /etc/iiab/iiab.ini, but safer now that relegated to #4 ?
# source {{ iiab_env_file }}
# # Option #4: CAUSED FAILURES IN AUGUST 2018, invoking stale variable from {{ iiab_ini_file }}, but safer now that relegated to #4 ?
# if [ -z "$HANDLE" ]; then
# HANDLE=`cat /etc/iiab/iiab.ini | gawk \
# HANDLE=`cat {{ iiab_ini_file }} | gawk \
# '{ if((toupper($1) == "HANDLE") && ($2 == "=")) { print $3;}}'`
# fi
fi

4
roles/osm/tasks/main.yml
View file

@ -174,9 +174,9 @@
name: "{{ apache_service }}"
state: restarted
- name: Add 'osm' to list of services at /etc/iiab/iiab.ini
- name: Add 'osm' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: osm
option: "{{ item.option }}"
value: "{{ item.value }}"

2
roles/owncloud/tasks/main.yml
View file

@ -106,7 +106,7 @@
when: owncloud_enabled
- name: Add owncloud to service list
ini_file: dest='{{ service_filelist }}'
ini_file: dest='{{ iiab_ini_file }}'
section=owncloud
option='{{ item.option }}'
value='{{ item.value }}'

4
roles/pathagar/tasks/main.yml
View file

@ -193,9 +193,9 @@
name: "{{ apache_service }}"
state: reloaded
- name: Add 'pathagar' to list of services at /etc/iiab/iiab.ini
- name: Add 'pathagar' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: pathagar
option: "{{ item.option }}"
value: "{{ item.value }}"

4
roles/phpmyadmin/tasks/main.yml
View file

@ -65,9 +65,9 @@
state: absent
when: not phpmyadmin_enabled and is_debuntu
- name: Add 'phpmyadmin' to list of services at /etc/iiab/iiab.ini
- name: Add 'phpmyadmin' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: phpmyadmin
option: "{{ item.option }}"
value: "{{ item.value }}"

4
roles/postgresql/tasks/main.yml
View file

@ -93,9 +93,9 @@
enabled: no
when: not postgresql_enabled
- name: Add 'postgresql' to list of services at /etc/iiab/iiab.ini
- name: Add 'postgresql' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: postgresql
option: "{{ item.option }}"
value: "{{ item.value }}"

2
roles/rachel/tasks/main.yml
View file

@ -24,7 +24,7 @@
when: rachel_enabled and rachel_content_found
- name: Add rachel to service list
ini_file: dest='{{ service_filelist }}'
ini_file: dest='{{ iiab_ini_file }}'
section=rachel
option='{{ item.option }}'
value='{{ item.value }}'

4
roles/samba/tasks/main.yml
View file

@ -71,9 +71,9 @@
- samba
when : not samba_enabled
- name: Add 'samba' to list of services at /etc/iiab/iiab.ini
- name: Add 'samba' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: samba
option: "{{ item.option }}"
value: "{{ item.value }}"

2
roles/schooltool/tasks/main.yml
View file

@ -56,7 +56,7 @@
when: not schooltool_enabled
- name: add schooltool to service list
ini_file: dest='{{ service_filelist }}'
ini_file: dest='{{ iiab_ini_file }}'
section=schooltool
option='{{ item.option }}'
value='{{ item.value }}'

2
roles/sugar-stats/tasks/main.yml
View file

@ -41,7 +41,7 @@
- include_tasks: statistics-consolidation.yml
- name: Add sugar-stats to service list
ini_file: dest='{{ service_filelist }}'
ini_file: dest='{{ iiab_ini_file }}'
section=sugar_stats
option='{{ item.option }}'
value='{{ item.value }}'

4
roles/sugarizer/tasks/main.yml
View file

@ -228,9 +228,9 @@
# state: stopped
# when: not sugarizer_enabled
- name: Add 'sugarizer' to list of services at /etc/iiab/iiab.ini
- name: Add 'sugarizer' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: sugarizer
option: "{{ item.option }}"
value: "{{ item.value }}"

2
roles/teamviewer/tasks/main.yml
View file

@ -9,7 +9,7 @@
when: teamviewer_install
- name: Add teamviewer to service list
ini_file: dest='{{ service_filelist }}'
ini_file: dest='{{ iiab_ini_file }}'
section=teamviewer
option='{{ item.option }}'
value='{{ item.value }}'

4
roles/transmission/tasks/main.yml
View file

@ -54,9 +54,9 @@
state: stopped
when: not transmission_enabled
- name: Add transmission to list of services at /etc/iiab/iiab.ini
- name: Add transmission to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: transmission
option: "{{ item.option }}"
value: "{{ item.value }}"

6
roles/usb-lib/tasks/main.yml
View file

@ -3,7 +3,7 @@
dest: "{{ doc_root }}/local_content"
state: directory
owner: "{{ apache_user }}"
group: "{{ iiab_admin_user }}"
group: "{{ iiab_admin_user }}" # ISN'T "{{ apache_user }}" MORE APPROPRIATE?
mode: 0775
- name: Copy mount file to usbmount when enabled
@ -55,7 +55,7 @@
- name: Put variable in iiab.env that enables display of content at root of USB
lineinfile:
dest: /etc/iiab/iiab.env
dest: "{{ iiab_env_file }}"
regexp: "^IIAB_USB_LIB_SHOW_ALL.*"
line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}"
@ -87,7 +87,7 @@
- name: Add usb-lib to service list
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: usb-lib
option: "{{ item.option }}"
value: "{{ item.value }}"

2
roles/usb-lib/templates/iiab-usb-lib-show-all-off
View file

@ -1,5 +1,5 @@
#!/bin/bash
# turn on the flag which registers new USB sticks at root directory
sed -i -e's/^IIAB_USB_LIB_SHOW_ALL.*/IIAB_USB_LIB_SHOW_ALL=False/' /etc/iiab/iiab.env
sed -i -e's/^IIAB_USB_LIB_SHOW_ALL.*/IIAB_USB_LIB_SHOW_ALL=False/' {{ iiab_env_file }}

2
roles/usb-lib/templates/iiab-usb-lib-show-all-on
View file

@ -1,5 +1,5 @@
#!/bin/bash
# turn on the flag which registers new USB sticks at root directory
sed -i -e's/^IIAB_USB_LIB_SHOW_ALL.*/IIAB_USB_LIB_SHOW_ALL=True/' /etc/iiab/iiab.env
sed -i -e's/^IIAB_USB_LIB_SHOW_ALL.*/IIAB_USB_LIB_SHOW_ALL=True/' {{ iiab_env_file }}

2
roles/usb-lib/templates/mount.d/70-usb-library
View file

@ -9,7 +9,7 @@
#
# by Tim Moody tim@timmoody.com
source /etc/iiab/iiab.env
source {{ iiab_env_file }}
case $IIAB_USB_LIB_SHOW_ALL in
'True'|'true'|'TRUE')
logger -p user.notice -t "70-usb-library" -- "Displaying root directory on $UM_MOUNTPOINT."

4
roles/vnstat/tasks/main.yml
View file

@ -29,9 +29,9 @@
enabled: yes
state: started
- name: Add 'vnstat' to list of services at /etc/iiab/iiab.ini
- name: Add 'vnstat' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: vnstat
option: "{{ item.option }}"
value: "{{ item.value }}"

4
roles/wordpress/tasks/install.yml
View file

@ -135,9 +135,9 @@
name: "{{ apache_service }}"
state: restarted
- name: Add 'wordpress' to list of services at /etc/iiab/iiab.ini
- name: Add 'wordpress' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ service_filelist }}"
dest: "{{ iiab_ini_file }}"
section: wordpress
option: "{{ item.option }}"
value: "{{ item.value }}"

2
roles/xovis/tasks/main.yml
View file

@ -82,7 +82,7 @@
when: xovis_enabled
- name: Add xovis to service list
ini_file: dest='{{ service_filelist }}'
ini_file: dest='{{ iiab_ini_file }}'
section=xovis
option='{{ item.option }}'
value='{{ item.value }}'

68
runansible.deprecated
View file

@ -1,68 +0,0 @@
#!/bin/bash -e
echo "Please consider ./iiab-install instead of the lesser-supported ./runansible"
PLAYBOOK="iiab.yml"
INVENTORY="ansible_hosts"
# Pass cmdline options for ansible
ARGS="$@"
# if vars/local_vars.yml is missing, put a default one in place - First Run
if [ ! -f ./vars/local_vars.yml ]; then
OS=`grep ^ID= /etc/*release|cut -d= -f2`
OS=${OS//\"/}
case $OS in
OLPC | fedora)
cp ./vars/local_vars_olpc.yml ./vars/local_vars.yml
;;
centos | debian | ubuntu | raspbian)
cp ./vars/local_vars_medium.yml ./vars/local_vars.yml
;;
*)
echo "IIAB supports raspbian, debian, ubuntu, centos, and OLPC - exiting now..."
exit 1
;;
esac
fi
# copy var files to /etc/iiab for subsequent use
# If iiab.env exists, on second or upgrade run, check for stale variables
# iiab.env gets created at the end of stage-4 on First Run
if [ -f /etc/iiab/iiab.env ]
then
OLD=`grep XSCE /etc/iiab/iiab.env | wc -l`
if [ "$OLD" -gt 0 ]
then
rm /etc/iiab/iiab.env
else
. /etc/iiab/iiab.env
cd $IIAB_DIR
fi
else
mkdir -p /etc/iiab
echo "{}" > /etc/iiab/config_vars.yml
fi
CWD=`pwd`
if [ ! -f $PLAYBOOK ]
then
echo "IIAB Playbook not found."
echo "Please run this command from the top level of the git repo."
echo "Exiting."
exit 1
fi
if [ ! -f /etc/ansible/facts.d/local_facts.fact ]; then
mkdir -p /etc/ansible/facts.d
fi
cp ./scripts/local_facts.fact /etc/ansible/facts.d/local_facts.fact
echo "Running local playbooks! "
export ANSIBLE_LOG_PATH="$CWD/iiab-install.log"
ansible -m setup -i $INVENTORY localhost --connection=local >> /dev/null
ansible-playbook -i $INVENTORY $PLAYBOOK ${ARGS} --connection=local

47
runtags.deprecated
View file

@ -1,47 +0,0 @@
#!/bin/bash
INVENTORY="ansible_hosts"
PLAYBOOK="iiab.yml"
#PLAYBOOK="iiab-stages.yml"
CWD=`pwd`
export ANSIBLE_LOG_PATH="$CWD/iiab-debug.log"
if [ ! -f $PLAYBOOK ]; then
echo "Exiting: IIAB Playbook not found."
echo "Please run this in /opt/iiab/iiab (top level of the git repo)."
exit 1
fi
# Is the following stanza nec?
if [ ! -f /etc/iiab/config_vars.yml ]; then
mkdir -p /etc/iiab
echo "{}" > /etc/iiab/config_vars.yml
fi
tags=$(echo $1 | tr "," "\n")
if [ "$tags" == "" ]; then
echo " usage: ./runtags <tagname>"
echo " usage: ./runtags <tagname1>,<tagname2>,<tagname3>"
echo " Can take a single value or a comma-separated list (no spaces within the list!)"
echo " Now retrieving a list of possible Ansible playbook and tagname values..."
ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local --list-tags
exit 0
fi
found="N"
for tag in $tags; do
if [ "$tag" == "0-init" ]; then
found="Y"
fi
done
taglist=$1
if [ "$found" == "N" ]; then
taglist="0-init,"$taglist
fi
ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local --tags=$taglist

Some files were not shown because too many files have changed in this diff Show more