diff --git a/.travis.yml b/.travis.yml index f62a2649f..83c627442 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,32 +6,22 @@ python: "2.7" dist: trusty sudo: false +# Install ansible +addons: + apt: + packages: + - python-pip + install: - # Install ansible, ansible-lint and ansible-review + # Install ansible - pip install ansible - - pip install ansible-review # Create ansible.cfg with correct roles_path and local_tmp - - "{ echo '[defaults]'; echo 'roles_path = ../'; echo 'local_tmp = ~/.ansible/tmp'; } >> ansible.cfg" - - # Check ansible, version - - ansible --version - - ansible-lint --version - - ansible-review --version + - "{ echo '[defaults]'; echo 'roles_path = ./roles/'; } >> ansible.cfg" script: - # Continuous integration: syntax check - - ansible-playbook tests/test.yml -i tests/inventory --syntax-check -vvv - - # Continous integration: ansible-list - - ansible-lint -p *yml - - # Continous integration: ansible code review - #- git ls-files *yml roles/ vars/ tests/ | xargs ansible-review - - # Continouse integration: ansible code review of changes between master and current branch - #- git diff master | ansible-review - + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check #notifications: -# webhooks: +# webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/COPYING b/LICENSE similarity index 100% rename from COPYING rename to LICENSE diff --git a/LICENSE.md b/LICENSE.md deleted file mode 100644 index a85c1571d..000000000 --- a/LICENSE.md +++ /dev/null @@ -1,16 +0,0 @@ -COPYRIGHT and LICENSE - -Many files in this repository have an explicit copyright notice and terms of license in the file. - -Authors contributing to this repository are encouraged to provide a copyright notice and to license their work -under the terms of the GNU Library General Public License as published by the Free Software Foundation; -either version 2 of the License, or (at your option) any later version. - -This license is contained in the file named COPYING. The simplest way to do this is to include -the following two lines at the top of the file: - -# Copyright (C) 20xx -# Licensed under the terms of the GNU GPL v2 or later; see COPYING for details. - -All files not containing an explicit copyright notice or terms of license in the file are Copyright © 2015, Unleash Kids, -and are licensed under the terms of the GPLv2 license in the file named COPYING in the root of the repository. diff --git a/LICENSING.md b/LICENSING.md new file mode 100644 index 000000000..5eafebd34 --- /dev/null +++ b/LICENSING.md @@ -0,0 +1,20 @@ +COPYRIGHT and LICENSE + +Many files in this repository have an explicit copyright notice and terms of +license in the file. + +Authors contributing to this repository are encouraged to provide a copyright +notice and to license their work under the terms of the GNU Library General +Public License as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This license is contained in the file named LICENSE. The simplest way to do +this is to include the following two lines at the top of the file: + + Copyright (C) 20xx + Licensed under the terms of the GNU GPL v2 or later; see LICENSE for details. + +All files not containing an explicit copyright notice or terms of license in +the file are Copyright © 2015-2018, Unleash Kids, and are licensed under the +terms of the GPLv2 license in the file named LICENSE in the root of the +repository. diff --git a/README.md.deprecated b/README.md.deprecated deleted file mode 100644 index f1da871b1..000000000 --- a/README.md.deprecated +++ /dev/null @@ -1,41 +0,0 @@ -====================================== -School Server Community Edition (XSCE) -====================================== - -Welcome to the Git repository of the XSCE project. XSCE is a community-based -project developed and supported by volunteers from around the world. It -provides communication, networking, content, and maintenance to schools and -classrooms. In everyday usage the school server provides services which extend -capabilities of the connected laptops while being transparent to the -user. These services include: - -* Classroom connectivity – Similar to what you would find in an advanced home router. -* Internet gateway – If available, an internet connection is made available to laptops. -* Content – Tools to make instructional media available to their schools and classrooms. -* Maintenance – Tools to keep laptop updated and running smoothly. - -All of our server code resides in this repository. We are using ansible_ as the -underlying technology to install, deploy, configure and manage the various -server components. - -Documentation has recently moved to the wiki of this repo - -Please see the `XSCE wiki`_ - -Installation procedures are in the process of being reworked to include: - -* Offline install on bare metal from a usb stick -* Offline install with an iso file -* Manual install of all or part of the server in combination with either of the above - -Full installation instructions are in the wiki of this repo: - -Please read the `installation`_ documentation. - -See the `XSCE project`_ for more information about the project. - -.. _XSCE wiki: https://github.com/XSCE/xsce/wiki -.. _installation: https://github.com/XSCE/xsce/wiki/XSCE-Installation -.. _ansible: http://www.ansibleworks.com/ -.. _ansible documentation: http://www.ansibleworks.com/docs/ -.. _XSCE project: http://schoolserver.org/ diff --git a/ansible.cfg b/ansible.cfg index c683b3cf4..a2b8d84f7 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -3,5 +3,3 @@ [defaults] squash_actions = apk, apt, dnf, homebrew, openbsd_pkg, pacman, pkgng, yum, zypper, package -remote_tmp = /root/.ansible/tmp -local_tmp = /root/.ansible/tmp diff --git a/ansible.cfg.deprecated b/ansible.cfg.deprecated deleted file mode 100644 index 3e0caabbd..000000000 --- a/ansible.cfg.deprecated +++ /dev/null @@ -1,194 +0,0 @@ -# config file for ansible -- http://ansible.com/ -# ============================================== - -# nearly all parameters can be overridden in ansible-playbook -# or with command line flags. ansible will read ANSIBLE_CONFIG, -# ansible.cfg in the current working directory, .ansible.cfg in -# the home directory or /etc/ansible/ansible.cfg, whichever it -# finds first - -[defaults] - -# some basic default values... - -hostfile = /etc/ansible/hosts -library = /usr/share/ansible -remote_tmp = /opt/iiab/iiab/.ansible/tmp -local_tmp = /opt/iiab/iiab/.ansible/tmp -pattern = * -forks = 5 -poll_interval = 15 -sudo_user = root -#ask_sudo_pass = True -#ask_pass = True -transport = smart -remote_port = 22 -module_lang = C - -# plays will gather facts by default, which contain information about -# the remote system. -# -# smart - gather by default, but don't regather if already gathered -# implicit - gather by default, turn off with gather_facts: False -# explicit - do not gather by default, must say gather_facts: True -gathering = implicit - -# additional paths to search for roles in, colon separated -#roles_path = /etc/ansible/roles - -# uncomment this to disable SSH key host checking -#host_key_checking = False - -# change this for alternative sudo implementations -sudo_exe = sudo - -# what flags to pass to sudo -#sudo_flags = -H - -# SSH timeout -timeout = 10 - -# default user to use for playbooks if user is not specified -# (/usr/bin/ansible will use current user as default) -#remote_user = root - -# logging is off by default unless this path is defined -# if so defined, consider logrotate -#log_path = /var/log/ansible.log - -# default module name for /usr/bin/ansible -#module_name = command - -# use this shell for commands executed under sudo -# you may need to change this to bin/bash in rare instances -# if sudo is constrained -#executable = /bin/sh - -# if inventory variables overlap, does the higher precedence one win -# or are hash values merged together? The default is 'replace' but -# this can also be set to 'merge'. -#hash_behaviour = replace - -# list any Jinja2 extensions to enable here: -#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n - -# if set, always use this private key file for authentication, same as -# if passing --private-key to ansible or ansible-playbook -#private_key_file = /path/to/file - -# format of string {{ ansible_managed }} available within Jinja2 -# templates indicates to users editing templates files will be replaced. -# replacing {file}, {host} and {uid} and strftime codes with proper values. -ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host} - -# by default, ansible-playbook will display "Skipping [host]" if it determines a task -# should not be run on a host. Set this to "False" if you don't want to see these "Skipping" -# messages. NOTE: the task header will still be shown regardless of whether or not the -# task is skipped. -#display_skipped_hosts = True - -# by default (as of 1.3), Ansible will raise errors when attempting to dereference -# Jinja2 variables that are not set in templates or action lines. Uncomment this line -# to revert the behavior to pre-1.3. -#error_on_undefined_vars = False - -# by default (as of 1.6), Ansible may display warnings based on the configuration of the -# system running ansible itself. This may include warnings about 3rd party packages or -# other conditions that should be resolved if possible. -# to disable these warnings, set the following value to False: -system_warnings = False - -# by default (as of 1.4), Ansible may display deprecation warnings for language -# features that should no longer be used and will be removed in future versions. -# to disable these warnings, set the following value to False: -deprecation_warnings = False - -# set plugin path directories here, separate with colons -action_plugins = /usr/share/ansible_plugins/action_plugins -callback_plugins = /usr/share/ansible_plugins/callback_plugins -connection_plugins = /usr/share/ansible_plugins/connection_plugins -lookup_plugins = /usr/share/ansible_plugins/lookup_plugins -vars_plugins = /usr/share/ansible_plugins/vars_plugins -filter_plugins = /usr/share/ansible_plugins/filter_plugins - -# don't like cows? that's unfortunate. -# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1 -#nocows = 1 - -# don't like colors either? -# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1 -#nocolor = 1 - -# the CA certificate path used for validating SSL certs. This path -# should exist on the controlling node, not the target nodes -# common locations: -# RHEL/CentOS: /etc/pki/tls/certs/ca-bundle.crt -# Fedora : /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem -# Ubuntu : /usr/share/ca-certificates/cacert.org/cacert.org.crt -#ca_file_path = - -# the http user-agent string to use when fetching urls. Some web server -# operators block the default urllib user agent as it is frequently used -# by malicious attacks/scripts, so we set it to something unique to -# avoid issues. -#http_user_agent = ansible-agent - -[paramiko_connection] - -# uncomment this line to cause the paramiko connection plugin to not record new host -# keys encountered. Increases performance on new host additions. Setting works independently of the -# host key checking setting above. -#record_host_keys=False - -# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this -# line to disable this behaviour. -#pty=False - -[ssh_connection] - -# ssh arguments to use -# Leaving off ControlPersist will result in poor performance, so use -# paramiko on older platforms rather than removing it -#ssh_args = -o ControlMaster=auto -o ControlPersist=60s - -# The path to use for the ControlPath sockets. This defaults to -# "%(directory)s/ansible-ssh-%%h-%%p-%%r", however on some systems with -# very long hostnames or very long path names (caused by long user names or -# deeply nested home directories) this can exceed the character limit on -# file socket names (108 characters for most platforms). In that case, you -# may wish to shorten the string below. -# -# Example: -# control_path = %(directory)s/%%h-%%r -#control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r - -# Enabling pipelining reduces the number of SSH operations required to -# execute a module on the remote server. This can result in a significant -# performance improvement when enabled, however when using "sudo:" you must -# first disable 'requiretty' in /etc/sudoers -# -# By default, this option is disabled to preserve compatibility with -# sudoers configurations that have requiretty (the default on many distros). -# -#pipelining = False - -# if True, make ansible use scp if the connection type is ssh -# (default is sftp) -#scp_if_ssh = True - -[accelerate] -accelerate_port = 5099 -accelerate_timeout = 30 -accelerate_connect_timeout = 5.0 - -# The daemon timeout is measured in minutes. This time is measured -# from the last activity to the accelerate daemon. -accelerate_daemon_timeout = 30 - -# If set to yes, accelerate_multi_key will allow multiple -# private keys to be uploaded to it, though each user must -# have access to the system via SSH to add a new key. The default -# is "no". -#accelerate_multi_key = yes - -command_warnings = False diff --git a/iiab.yml.deprecated b/iiab.yml.deprecated deleted file mode 100644 index d387a1d7c..000000000 --- a/iiab.yml.deprecated +++ /dev/null @@ -1,22 +0,0 @@ ---- -- hosts: all - become: yes - - vars_files: - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml - - /etc/iiab/config_vars.yml - - roles: - - { role: 0-init, tags: ['0-init'] } - - { role: 1-prep, tags: ['1-prep','platform','base'] } - - { role: 2-common, tags: ['2-common','base'] } - - { role: 3-base-server, tags: ['3-base-server','base'] } - - { role: 4-server-options, tags: ['4-server-options'] } - - { role: 5-xo-services, tags: ['5-xo-services'] } - - { role: 6-generic-apps, tags: ['6-generic-apps'] } - - { role: 7-edu-apps, tags: ['7-edu-apps'] } - - { role: 8-mgmt-tools, tags: ['8-mgmt-tools'] } - - { role: 9-local-addons, tags: ['9-local-addons'] } - - { role: network, tags: ['network'] } diff --git a/roles/0-init/defaults/main.yml b/roles/0-init/defaults/main.yml index 8901ff7eb..ccdfd58e0 100644 --- a/roles/0-init/defaults/main.yml +++ b/roles/0-init/defaults/main.yml @@ -1,4 +1,4 @@ -# Use these to tag a release at a point in time, for /etc/iiab/iiab.env +# Use these to tag a release at a point in time, for {{ iiab_env_file }} iiab_base_ver: 6.7 iiab_revision: 0 diff --git a/roles/0-init/tasks/fl.yml b/roles/0-init/tasks/fl.yml index 8d0c1b01a..f8d93144c 100644 --- a/roles/0-init/tasks/fl.yml +++ b/roles/0-init/tasks/fl.yml @@ -27,3 +27,9 @@ - "{{ doc_root }}/common/services" - /etc/sysconfig/olpc-scripts/ - /etc/sysconfig/olpc-scripts/setup.d/installed/ + +- name: Create symlink from webfonts to fonts + file: + src: "{{ doc_root }}/common/fonts" + path: "{{ doc_root }}/common/webfonts" + state: link diff --git a/roles/0-init/tasks/iiab_ini.yml b/roles/0-init/tasks/iiab_ini.yml index 3475ec764..dcd7b06a3 100644 --- a/roles/0-init/tasks/iiab_ini.yml +++ b/roles/0-init/tasks/iiab_ini.yml @@ -1,12 +1,12 @@ -# workaround for fact that auto create does not work on ini_file -- name: Create /etc/iiab/iiab.ini (iiab_config_file) +# workaround for fact that auto create does not work on iiab_ini_file (/etc/iiab/iiab.ini) +- name: Create {{ iiab_ini_file }} file: - dest: "{{ iiab_config_file }}" + dest: "{{ iiab_ini_file }}" state: touch - name: Add location section to config file ini_file: - dest: "{{ iiab_config_file }}" + dest: "{{ iiab_ini_file }}" section: location option: "{{ item.option }}" value: "{{ item.value }}" @@ -16,9 +16,9 @@ - option: iiab_dir value: "{{ iiab_dir }}" -- name: Add version section +- name: Add 'version' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_config_file }}" + dest: "{{ iiab_ini_file }}" section: version option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index ae246e1de..d4903c189 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -2,7 +2,7 @@ - name: ...IS BEGINNING ============================================ stat: - path: /etc/iiab/iiab.env + path: "{{ iiab_env_file }}" register: NewInstall - name: Setting first run flag @@ -165,9 +165,9 @@ include_tasks: hostname.yml when: FQDN_changed -- name: Add 'runtime' section alongside list of services at /etc/iiab/iiab.ini +- name: Add 'runtime' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_config_file }}" + dest: "{{ iiab_ini_file }}" section: runtime option: "{{ item.option }}" value: "{{ item.value }}" @@ -209,13 +209,9 @@ - option: FQDN_changed value: "{{ FQDN_changed }}" -#- name: Now changing FQDN -# include_tasks: hostname.yml -# when: FQDN_changed - -- name: STAGE 0 HAS COMPLETED ====================================== +- name: Add 'runtime' variable 'is_VM' value if defined, to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_config_file }}" + dest: "{{ iiab_ini_file }}" section: runtime option: "{{ item.option }}" value: "{{ item.value }}" @@ -223,3 +219,6 @@ - option: is_VM value: "yes" when: is_VM is defined + +- name: STAGE 0 HAS COMPLETED ====================================== + meta: noop diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 4fc6da152..40dabc96d 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -111,7 +111,7 @@ - name: Recording STAGE 1 HAS COMPLETED ============================ template: src: roles/1-prep/templates/iiab.env.j2 - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" owner: root group: root mode: 0644 diff --git a/roles/1-prep/templates/iiab-network-reset b/roles/1-prep/templates/iiab-network-reset index fd0d10f3b..e17fe7add 100755 --- a/roles/1-prep/templates/iiab-network-reset +++ b/roles/1-prep/templates/iiab-network-reset @@ -38,8 +38,8 @@ echo "/etc/resolv.conf" cat /etc/resolv.conf echo echo "==========================================================" -echo "cat /etc/iiab/iiab.ini" -cat /etc/iiab/iiab.ini +echo "cat {{ iiab_ini_file }}" +cat {{ iiab_ini_file }} echo echo "==========================================================" echo "routing table" diff --git a/roles/1-prep/templates/iiab_env.py.j2 b/roles/1-prep/templates/iiab_env.py.j2 index e3484e08e..78c4869be 100644 --- a/roles/1-prep/templates/iiab_env.py.j2 +++ b/roles/1-prep/templates/iiab_env.py.j2 @@ -4,7 +4,7 @@ def get_iiab_env(name): """ read iiab.env file for a value, return "" if does not exist""" try: - fd = open("/etc/iiab/iiab.env","r") + fd = open("{{ iiab_env_file }}","r") for line in fd: line = line.lstrip() line = line.rstrip('\n') diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index 95a14be16..48a072231 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -89,7 +89,7 @@ - name: Recording STAGE 2 HAS COMPLETED ========================== lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=2' state: present diff --git a/roles/2-common/templates/iiab-startup.sh b/roles/2-common/templates/iiab-startup.sh index b2bfeb397..b563b908d 100644 --- a/roles/2-common/templates/iiab-startup.sh +++ b/roles/2-common/templates/iiab-startup.sh @@ -15,7 +15,7 @@ fi if [[ $(grep -i raspbian /etc/*release) && #($(grep "hostapd_enabled = False" /etc/iiab/config_vars.yml) || #((! $(grep "hostapd_enabled = True" /etc/iiab/config_vars.yml)) && - ! $(grep "^HOSTAPD_ENABLED=True" /etc/iiab/iiab.env) ]]; + ! $(grep "^HOSTAPD_ENABLED=True" {{ iiab_env_file }}) ]]; # NEGATED LOGIC HELPS FORCE PROMISCUOUS MODE EARLY IN INSTALL # (when network/tasks/main.yml hasn't yet populated iiab.env) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 7efb55682..5d07b28af 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -3,7 +3,7 @@ - name: ...IS BEGINNING ===================================== command: echo -- name: HTTPD +- name: HTTPD (APACHE) include_role: name: httpd # has no "when: XXXXX_install" flag @@ -23,7 +23,7 @@ - name: Recording STAGE 3 HAS COMPLETED ===================== lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=3' state: present diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 3dc010450..5b70af543 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -78,7 +78,7 @@ - name: Recording STAGE 4 HAS COMPLETED ================== lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=4' state: present diff --git a/roles/5-xo-services/tasks/main.yml b/roles/5-xo-services/tasks/main.yml index 95cc1a3dc..c1645d5be 100644 --- a/roles/5-xo-services/tasks/main.yml +++ b/roles/5-xo-services/tasks/main.yml @@ -23,7 +23,7 @@ - name: Recording STAGE 5 HAS COMPLETED ===================== lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=5' state: present diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index 40a432e5d..01fcd7340 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -47,7 +47,7 @@ - name: Recording STAGE 6 HAS COMPLETED ==================== lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=6' state: present diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index e9eced3ac..04b2ed8c6 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -47,7 +47,7 @@ - name: Recording STAGE 7 HAS COMPLETED ======================== lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=7' state: present diff --git a/roles/8-mgmt-tools/tasks/main.yml b/roles/8-mgmt-tools/tasks/main.yml index b94404814..14766ddd2 100644 --- a/roles/8-mgmt-tools/tasks/main.yml +++ b/roles/8-mgmt-tools/tasks/main.yml @@ -59,7 +59,7 @@ - name: Recording STAGE 8 HAS COMPLETED ====================== lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=8' state: present diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 317c54d38..674245bc6 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -17,7 +17,7 @@ - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=9' state: present diff --git a/roles/activity-server/tasks/main.yml b/roles/activity-server/tasks/main.yml index 29183b146..8be5c0805 100644 --- a/roles/activity-server/tasks/main.yml +++ b/roles/activity-server/tasks/main.yml @@ -117,7 +117,7 @@ state=restarted - name: add xs-activity-server to service list - ini_file: dest='{{ service_filelist }}' + ini_file: dest='{{ iiab_ini_file }}' section=activity-server option='{{ item.option }}' value='{{ item.value }}' diff --git a/roles/ajenti/tasks/main.yml b/roles/ajenti/tasks/main.yml index 789afbf31..045403d93 100644 --- a/roles/ajenti/tasks/main.yml +++ b/roles/ajenti/tasks/main.yml @@ -48,7 +48,7 @@ when: ajenti_enabled - name: Add ajenti to service list - ini_file: dest='{{ service_filelist }}' + ini_file: dest='{{ iiab_ini_file }}' section=ajenti option='{{ item.option }}' value='{{ item.value }}' diff --git a/roles/authserver/tasks/main.yml b/roles/authserver/tasks/main.yml index 304c72392..817068d0f 100644 --- a/roles/authserver/tasks/main.yml +++ b/roles/authserver/tasks/main.yml @@ -51,7 +51,7 @@ when: authserver_enabled - name: add xs-authserver to service list - ini_file: dest='{{ service_filelist }}' + ini_file: dest='{{ iiab_ini_file }}' section=xs-authserver option='{{ item.option }}' value='{{ item.value }}' diff --git a/roles/awstats/tasks/main.yml b/roles/awstats/tasks/main.yml index e368ae8cf..eba3828b0 100644 --- a/roles/awstats/tasks/main.yml +++ b/roles/awstats/tasks/main.yml @@ -1,9 +1,9 @@ - include_tasks: install.yml when: awstats_install -- name: Add 'awstats' to list of services at /etc/iiab/iiab.ini +- name: Add 'awstats' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: awstats option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/calibre-web/tasks/main.yml b/roles/calibre-web/tasks/main.yml index 507bee572..0347aef79 100644 --- a/roles/calibre-web/tasks/main.yml +++ b/roles/calibre-web/tasks/main.yml @@ -122,9 +122,9 @@ name: "{{ apache_service }}" # httpd or apache2 state: restarted -- name: Add 'calibre-web' to list of services at /etc/iiab/iiab.ini +- name: Add 'calibre-web' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: calibre-web option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/calibre/tasks/main.yml b/roles/calibre/tasks/main.yml index f2adfef0d..48e5ff470 100644 --- a/roles/calibre/tasks/main.yml +++ b/roles/calibre/tasks/main.yml @@ -132,9 +132,9 @@ name: "{{ apache_service }}" state: reloaded -- name: Add 'calibre' to list of services at /etc/iiab/iiab.ini +- name: Add 'calibre' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: calibre option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/cups/tasks/main.yml b/roles/cups/tasks/main.yml index d765c4908..690d0f697 100644 --- a/roles/cups/tasks/main.yml +++ b/roles/cups/tasks/main.yml @@ -64,9 +64,9 @@ enabled: no when: not cups_enabled and is_F18 -- name: Add 'cups' to list of services at /etc/iiab/iiab.ini +- name: Add 'cups' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: cups option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 6e9cf96cc..1692b1613 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -41,7 +41,7 @@ when: not docker_enabled - name: add docker to service list - ini_file: dest='{{ service_filelist }}' + ini_file: dest='{{ iiab_ini_file }}' section=docker option='{{ item.option }}' value='{{ item.value }}' diff --git a/roles/dokuwiki/tasks/main.yml b/roles/dokuwiki/tasks/main.yml index c1cca0d1a..f1dc4ea6e 100644 --- a/roles/dokuwiki/tasks/main.yml +++ b/roles/dokuwiki/tasks/main.yml @@ -2,9 +2,9 @@ include_tasks: install.yml when: dokuwiki_install -- name: Add 'dokuwiki' to list of services at /etc/iiab/iiab.ini +- name: Add 'dokuwiki' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: dokuwiki option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/elgg/tasks/main.yml b/roles/elgg/tasks/main.yml index 555850615..5d36b6ad2 100644 --- a/roles/elgg/tasks/main.yml +++ b/roles/elgg/tasks/main.yml @@ -138,9 +138,9 @@ state: absent when: not elgg_enabled and is_redhat -- name: Add 'elgg' to list of services at /etc/iiab/iiab.ini +- name: Add 'elgg' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: elgg option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/httpd/files/html/css/fa.all.min.css b/roles/httpd/files/html/css/fa.all.min.css new file mode 100644 index 000000000..03c0a79f4 --- /dev/null +++ b/roles/httpd/files/html/css/fa.all.min.css @@ -0,0 +1,5 @@ +/*! + * Font Awesome Free 5.3.1 by @fontawesome - https://fontawesome.com + * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) + */ +.fa,.fab,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pull-left{float:left}.fa-pull-right{float:right}.fa.fa-pull-left,.fab.fa-pull-left,.fal.fa-pull-left,.far.fa-pull-left,.fas.fa-pull-left{margin-right:.3em}.fa.fa-pull-right,.fab.fa-pull-right,.fal.fa-pull-right,.far.fa-pull-right,.fas.fa-pull-right{margin-left:.3em}.fa-spin{animation:fa-spin 2s infinite linear}.fa-pulse{animation:fa-spin 1s infinite steps(8)}@keyframes fa-spin{0%{transform:rotate(0deg)}to{transform:rotate(1turn)}}.fa-rotate-90{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=1)";transform:rotate(90deg)}.fa-rotate-180{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2)";transform:rotate(180deg)}.fa-rotate-270{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=3)";transform:rotate(270deg)}.fa-flip-horizontal{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=0, mirror=1)";transform:scaleX(-1)}.fa-flip-vertical{transform:scaleY(-1)}.fa-flip-horizontal.fa-flip-vertical,.fa-flip-vertical{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2, mirror=1)"}.fa-flip-horizontal.fa-flip-vertical{transform:scale(-1)}:root .fa-flip-horizontal,:root .fa-flip-vertical,:root .fa-rotate-90,:root .fa-rotate-180,:root .fa-rotate-270{-webkit-filter:none;filter:none}.fa-stack{display:inline-block;height:2em;line-height:2em;position:relative;vertical-align:middle;width:2em}.fa-stack-1x,.fa-stack-2x{left:0;position:absolute;text-align:center;width:100%}.fa-stack-1x{line-height:inherit}.fa-stack-2x{font-size:2em}.fa-inverse{color:#fff}.fa-500px:before{content:"\f26e"}.fa-accessible-icon:before{content:"\f368"}.fa-accusoft:before{content:"\f369"}.fa-ad:before{content:"\f641"}.fa-address-book:before{content:"\f2b9"}.fa-address-card:before{content:"\f2bb"}.fa-adjust:before{content:"\f042"}.fa-adn:before{content:"\f170"}.fa-adversal:before{content:"\f36a"}.fa-affiliatetheme:before{content:"\f36b"}.fa-air-freshener:before{content:"\f5d0"}.fa-algolia:before{content:"\f36c"}.fa-align-center:before{content:"\f037"}.fa-align-justify:before{content:"\f039"}.fa-align-left:before{content:"\f036"}.fa-align-right:before{content:"\f038"}.fa-alipay:before{content:"\f642"}.fa-allergies:before{content:"\f461"}.fa-amazon:before{content:"\f270"}.fa-amazon-pay:before{content:"\f42c"}.fa-ambulance:before{content:"\f0f9"}.fa-american-sign-language-interpreting:before{content:"\f2a3"}.fa-amilia:before{content:"\f36d"}.fa-anchor:before{content:"\f13d"}.fa-android:before{content:"\f17b"}.fa-angellist:before{content:"\f209"}.fa-angle-double-down:before{content:"\f103"}.fa-angle-double-left:before{content:"\f100"}.fa-angle-double-right:before{content:"\f101"}.fa-angle-double-up:before{content:"\f102"}.fa-angle-down:before{content:"\f107"}.fa-angle-left:before{content:"\f104"}.fa-angle-right:before{content:"\f105"}.fa-angle-up:before{content:"\f106"}.fa-angry:before{content:"\f556"}.fa-angrycreative:before{content:"\f36e"}.fa-angular:before{content:"\f420"}.fa-ankh:before{content:"\f644"}.fa-app-store:before{content:"\f36f"}.fa-app-store-ios:before{content:"\f370"}.fa-apper:before{content:"\f371"}.fa-apple:before{content:"\f179"}.fa-apple-alt:before{content:"\f5d1"}.fa-apple-pay:before{content:"\f415"}.fa-archive:before{content:"\f187"}.fa-archway:before{content:"\f557"}.fa-arrow-alt-circle-down:before{content:"\f358"}.fa-arrow-alt-circle-left:before{content:"\f359"}.fa-arrow-alt-circle-right:before{content:"\f35a"}.fa-arrow-alt-circle-up:before{content:"\f35b"}.fa-arrow-circle-down:before{content:"\f0ab"}.fa-arrow-circle-left:before{content:"\f0a8"}.fa-arrow-circle-right:before{content:"\f0a9"}.fa-arrow-circle-up:before{content:"\f0aa"}.fa-arrow-down:before{content:"\f063"}.fa-arrow-left:before{content:"\f060"}.fa-arrow-right:before{content:"\f061"}.fa-arrow-up:before{content:"\f062"}.fa-arrows-alt:before{content:"\f0b2"}.fa-arrows-alt-h:before{content:"\f337"}.fa-arrows-alt-v:before{content:"\f338"}.fa-assistive-listening-systems:before{content:"\f2a2"}.fa-asterisk:before{content:"\f069"}.fa-asymmetrik:before{content:"\f372"}.fa-at:before{content:"\f1fa"}.fa-atlas:before{content:"\f558"}.fa-atom:before{content:"\f5d2"}.fa-audible:before{content:"\f373"}.fa-audio-description:before{content:"\f29e"}.fa-autoprefixer:before{content:"\f41c"}.fa-avianex:before{content:"\f374"}.fa-aviato:before{content:"\f421"}.fa-award:before{content:"\f559"}.fa-aws:before{content:"\f375"}.fa-backspace:before{content:"\f55a"}.fa-backward:before{content:"\f04a"}.fa-balance-scale:before{content:"\f24e"}.fa-ban:before{content:"\f05e"}.fa-band-aid:before{content:"\f462"}.fa-bandcamp:before{content:"\f2d5"}.fa-barcode:before{content:"\f02a"}.fa-bars:before{content:"\f0c9"}.fa-baseball-ball:before{content:"\f433"}.fa-basketball-ball:before{content:"\f434"}.fa-bath:before{content:"\f2cd"}.fa-battery-empty:before{content:"\f244"}.fa-battery-full:before{content:"\f240"}.fa-battery-half:before{content:"\f242"}.fa-battery-quarter:before{content:"\f243"}.fa-battery-three-quarters:before{content:"\f241"}.fa-bed:before{content:"\f236"}.fa-beer:before{content:"\f0fc"}.fa-behance:before{content:"\f1b4"}.fa-behance-square:before{content:"\f1b5"}.fa-bell:before{content:"\f0f3"}.fa-bell-slash:before{content:"\f1f6"}.fa-bezier-curve:before{content:"\f55b"}.fa-bible:before{content:"\f647"}.fa-bicycle:before{content:"\f206"}.fa-bimobject:before{content:"\f378"}.fa-binoculars:before{content:"\f1e5"}.fa-birthday-cake:before{content:"\f1fd"}.fa-bitbucket:before{content:"\f171"}.fa-bitcoin:before{content:"\f379"}.fa-bity:before{content:"\f37a"}.fa-black-tie:before{content:"\f27e"}.fa-blackberry:before{content:"\f37b"}.fa-blender:before{content:"\f517"}.fa-blind:before{content:"\f29d"}.fa-blogger:before{content:"\f37c"}.fa-blogger-b:before{content:"\f37d"}.fa-bluetooth:before{content:"\f293"}.fa-bluetooth-b:before{content:"\f294"}.fa-bold:before{content:"\f032"}.fa-bolt:before{content:"\f0e7"}.fa-bomb:before{content:"\f1e2"}.fa-bone:before{content:"\f5d7"}.fa-bong:before{content:"\f55c"}.fa-book:before{content:"\f02d"}.fa-book-open:before{content:"\f518"}.fa-book-reader:before{content:"\f5da"}.fa-bookmark:before{content:"\f02e"}.fa-bowling-ball:before{content:"\f436"}.fa-box:before{content:"\f466"}.fa-box-open:before{content:"\f49e"}.fa-boxes:before{content:"\f468"}.fa-braille:before{content:"\f2a1"}.fa-brain:before{content:"\f5dc"}.fa-briefcase:before{content:"\f0b1"}.fa-briefcase-medical:before{content:"\f469"}.fa-broadcast-tower:before{content:"\f519"}.fa-broom:before{content:"\f51a"}.fa-brush:before{content:"\f55d"}.fa-btc:before{content:"\f15a"}.fa-bug:before{content:"\f188"}.fa-building:before{content:"\f1ad"}.fa-bullhorn:before{content:"\f0a1"}.fa-bullseye:before{content:"\f140"}.fa-burn:before{content:"\f46a"}.fa-buromobelexperte:before{content:"\f37f"}.fa-bus:before{content:"\f207"}.fa-bus-alt:before{content:"\f55e"}.fa-business-time:before{content:"\f64a"}.fa-buysellads:before{content:"\f20d"}.fa-calculator:before{content:"\f1ec"}.fa-calendar:before{content:"\f133"}.fa-calendar-alt:before{content:"\f073"}.fa-calendar-check:before{content:"\f274"}.fa-calendar-minus:before{content:"\f272"}.fa-calendar-plus:before{content:"\f271"}.fa-calendar-times:before{content:"\f273"}.fa-camera:before{content:"\f030"}.fa-camera-retro:before{content:"\f083"}.fa-cannabis:before{content:"\f55f"}.fa-capsules:before{content:"\f46b"}.fa-car:before{content:"\f1b9"}.fa-car-alt:before{content:"\f5de"}.fa-car-battery:before{content:"\f5df"}.fa-car-crash:before{content:"\f5e1"}.fa-car-side:before{content:"\f5e4"}.fa-caret-down:before{content:"\f0d7"}.fa-caret-left:before{content:"\f0d9"}.fa-caret-right:before{content:"\f0da"}.fa-caret-square-down:before{content:"\f150"}.fa-caret-square-left:before{content:"\f191"}.fa-caret-square-right:before{content:"\f152"}.fa-caret-square-up:before{content:"\f151"}.fa-caret-up:before{content:"\f0d8"}.fa-cart-arrow-down:before{content:"\f218"}.fa-cart-plus:before{content:"\f217"}.fa-cc-amazon-pay:before{content:"\f42d"}.fa-cc-amex:before{content:"\f1f3"}.fa-cc-apple-pay:before{content:"\f416"}.fa-cc-diners-club:before{content:"\f24c"}.fa-cc-discover:before{content:"\f1f2"}.fa-cc-jcb:before{content:"\f24b"}.fa-cc-mastercard:before{content:"\f1f1"}.fa-cc-paypal:before{content:"\f1f4"}.fa-cc-stripe:before{content:"\f1f5"}.fa-cc-visa:before{content:"\f1f0"}.fa-centercode:before{content:"\f380"}.fa-certificate:before{content:"\f0a3"}.fa-chalkboard:before{content:"\f51b"}.fa-chalkboard-teacher:before{content:"\f51c"}.fa-charging-station:before{content:"\f5e7"}.fa-chart-area:before{content:"\f1fe"}.fa-chart-bar:before{content:"\f080"}.fa-chart-line:before{content:"\f201"}.fa-chart-pie:before{content:"\f200"}.fa-check:before{content:"\f00c"}.fa-check-circle:before{content:"\f058"}.fa-check-double:before{content:"\f560"}.fa-check-square:before{content:"\f14a"}.fa-chess:before{content:"\f439"}.fa-chess-bishop:before{content:"\f43a"}.fa-chess-board:before{content:"\f43c"}.fa-chess-king:before{content:"\f43f"}.fa-chess-knight:before{content:"\f441"}.fa-chess-pawn:before{content:"\f443"}.fa-chess-queen:before{content:"\f445"}.fa-chess-rook:before{content:"\f447"}.fa-chevron-circle-down:before{content:"\f13a"}.fa-chevron-circle-left:before{content:"\f137"}.fa-chevron-circle-right:before{content:"\f138"}.fa-chevron-circle-up:before{content:"\f139"}.fa-chevron-down:before{content:"\f078"}.fa-chevron-left:before{content:"\f053"}.fa-chevron-right:before{content:"\f054"}.fa-chevron-up:before{content:"\f077"}.fa-child:before{content:"\f1ae"}.fa-chrome:before{content:"\f268"}.fa-church:before{content:"\f51d"}.fa-circle:before{content:"\f111"}.fa-circle-notch:before{content:"\f1ce"}.fa-city:before{content:"\f64f"}.fa-clipboard:before{content:"\f328"}.fa-clipboard-check:before{content:"\f46c"}.fa-clipboard-list:before{content:"\f46d"}.fa-clock:before{content:"\f017"}.fa-clone:before{content:"\f24d"}.fa-closed-captioning:before{content:"\f20a"}.fa-cloud:before{content:"\f0c2"}.fa-cloud-download-alt:before{content:"\f381"}.fa-cloud-upload-alt:before{content:"\f382"}.fa-cloudscale:before{content:"\f383"}.fa-cloudsmith:before{content:"\f384"}.fa-cloudversify:before{content:"\f385"}.fa-cocktail:before{content:"\f561"}.fa-code:before{content:"\f121"}.fa-code-branch:before{content:"\f126"}.fa-codepen:before{content:"\f1cb"}.fa-codiepie:before{content:"\f284"}.fa-coffee:before{content:"\f0f4"}.fa-cog:before{content:"\f013"}.fa-cogs:before{content:"\f085"}.fa-coins:before{content:"\f51e"}.fa-columns:before{content:"\f0db"}.fa-comment:before{content:"\f075"}.fa-comment-alt:before{content:"\f27a"}.fa-comment-dollar:before{content:"\f651"}.fa-comment-dots:before{content:"\f4ad"}.fa-comment-slash:before{content:"\f4b3"}.fa-comments:before{content:"\f086"}.fa-comments-dollar:before{content:"\f653"}.fa-compact-disc:before{content:"\f51f"}.fa-compass:before{content:"\f14e"}.fa-compress:before{content:"\f066"}.fa-concierge-bell:before{content:"\f562"}.fa-connectdevelop:before{content:"\f20e"}.fa-contao:before{content:"\f26d"}.fa-cookie:before{content:"\f563"}.fa-cookie-bite:before{content:"\f564"}.fa-copy:before{content:"\f0c5"}.fa-copyright:before{content:"\f1f9"}.fa-couch:before{content:"\f4b8"}.fa-cpanel:before{content:"\f388"}.fa-creative-commons:before{content:"\f25e"}.fa-creative-commons-by:before{content:"\f4e7"}.fa-creative-commons-nc:before{content:"\f4e8"}.fa-creative-commons-nc-eu:before{content:"\f4e9"}.fa-creative-commons-nc-jp:before{content:"\f4ea"}.fa-creative-commons-nd:before{content:"\f4eb"}.fa-creative-commons-pd:before{content:"\f4ec"}.fa-creative-commons-pd-alt:before{content:"\f4ed"}.fa-creative-commons-remix:before{content:"\f4ee"}.fa-creative-commons-sa:before{content:"\f4ef"}.fa-creative-commons-sampling:before{content:"\f4f0"}.fa-creative-commons-sampling-plus:before{content:"\f4f1"}.fa-creative-commons-share:before{content:"\f4f2"}.fa-credit-card:before{content:"\f09d"}.fa-crop:before{content:"\f125"}.fa-crop-alt:before{content:"\f565"}.fa-cross:before{content:"\f654"}.fa-crosshairs:before{content:"\f05b"}.fa-crow:before{content:"\f520"}.fa-crown:before{content:"\f521"}.fa-css3:before{content:"\f13c"}.fa-css3-alt:before{content:"\f38b"}.fa-cube:before{content:"\f1b2"}.fa-cubes:before{content:"\f1b3"}.fa-cut:before{content:"\f0c4"}.fa-cuttlefish:before{content:"\f38c"}.fa-d-and-d:before{content:"\f38d"}.fa-dashcube:before{content:"\f210"}.fa-database:before{content:"\f1c0"}.fa-deaf:before{content:"\f2a4"}.fa-delicious:before{content:"\f1a5"}.fa-deploydog:before{content:"\f38e"}.fa-deskpro:before{content:"\f38f"}.fa-desktop:before{content:"\f108"}.fa-deviantart:before{content:"\f1bd"}.fa-dharmachakra:before{content:"\f655"}.fa-diagnoses:before{content:"\f470"}.fa-dice:before{content:"\f522"}.fa-dice-five:before{content:"\f523"}.fa-dice-four:before{content:"\f524"}.fa-dice-one:before{content:"\f525"}.fa-dice-six:before{content:"\f526"}.fa-dice-three:before{content:"\f527"}.fa-dice-two:before{content:"\f528"}.fa-digg:before{content:"\f1a6"}.fa-digital-ocean:before{content:"\f391"}.fa-digital-tachograph:before{content:"\f566"}.fa-directions:before{content:"\f5eb"}.fa-discord:before{content:"\f392"}.fa-discourse:before{content:"\f393"}.fa-divide:before{content:"\f529"}.fa-dizzy:before{content:"\f567"}.fa-dna:before{content:"\f471"}.fa-dochub:before{content:"\f394"}.fa-docker:before{content:"\f395"}.fa-dollar-sign:before{content:"\f155"}.fa-dolly:before{content:"\f472"}.fa-dolly-flatbed:before{content:"\f474"}.fa-donate:before{content:"\f4b9"}.fa-door-closed:before{content:"\f52a"}.fa-door-open:before{content:"\f52b"}.fa-dot-circle:before{content:"\f192"}.fa-dove:before{content:"\f4ba"}.fa-download:before{content:"\f019"}.fa-draft2digital:before{content:"\f396"}.fa-drafting-compass:before{content:"\f568"}.fa-draw-polygon:before{content:"\f5ee"}.fa-dribbble:before{content:"\f17d"}.fa-dribbble-square:before{content:"\f397"}.fa-dropbox:before{content:"\f16b"}.fa-drum:before{content:"\f569"}.fa-drum-steelpan:before{content:"\f56a"}.fa-drupal:before{content:"\f1a9"}.fa-dumbbell:before{content:"\f44b"}.fa-dyalog:before{content:"\f399"}.fa-earlybirds:before{content:"\f39a"}.fa-ebay:before{content:"\f4f4"}.fa-edge:before{content:"\f282"}.fa-edit:before{content:"\f044"}.fa-eject:before{content:"\f052"}.fa-elementor:before{content:"\f430"}.fa-ellipsis-h:before{content:"\f141"}.fa-ellipsis-v:before{content:"\f142"}.fa-ello:before{content:"\f5f1"}.fa-ember:before{content:"\f423"}.fa-empire:before{content:"\f1d1"}.fa-envelope:before{content:"\f0e0"}.fa-envelope-open:before{content:"\f2b6"}.fa-envelope-open-text:before{content:"\f658"}.fa-envelope-square:before{content:"\f199"}.fa-envira:before{content:"\f299"}.fa-equals:before{content:"\f52c"}.fa-eraser:before{content:"\f12d"}.fa-erlang:before{content:"\f39d"}.fa-ethereum:before{content:"\f42e"}.fa-etsy:before{content:"\f2d7"}.fa-euro-sign:before{content:"\f153"}.fa-exchange-alt:before{content:"\f362"}.fa-exclamation:before{content:"\f12a"}.fa-exclamation-circle:before{content:"\f06a"}.fa-exclamation-triangle:before{content:"\f071"}.fa-expand:before{content:"\f065"}.fa-expand-arrows-alt:before{content:"\f31e"}.fa-expeditedssl:before{content:"\f23e"}.fa-external-link-alt:before{content:"\f35d"}.fa-external-link-square-alt:before{content:"\f360"}.fa-eye:before{content:"\f06e"}.fa-eye-dropper:before{content:"\f1fb"}.fa-eye-slash:before{content:"\f070"}.fa-facebook:before{content:"\f09a"}.fa-facebook-f:before{content:"\f39e"}.fa-facebook-messenger:before{content:"\f39f"}.fa-facebook-square:before{content:"\f082"}.fa-fast-backward:before{content:"\f049"}.fa-fast-forward:before{content:"\f050"}.fa-fax:before{content:"\f1ac"}.fa-feather:before{content:"\f52d"}.fa-feather-alt:before{content:"\f56b"}.fa-female:before{content:"\f182"}.fa-fighter-jet:before{content:"\f0fb"}.fa-file:before{content:"\f15b"}.fa-file-alt:before{content:"\f15c"}.fa-file-archive:before{content:"\f1c6"}.fa-file-audio:before{content:"\f1c7"}.fa-file-code:before{content:"\f1c9"}.fa-file-contract:before{content:"\f56c"}.fa-file-download:before{content:"\f56d"}.fa-file-excel:before{content:"\f1c3"}.fa-file-export:before{content:"\f56e"}.fa-file-image:before{content:"\f1c5"}.fa-file-import:before{content:"\f56f"}.fa-file-invoice:before{content:"\f570"}.fa-file-invoice-dollar:before{content:"\f571"}.fa-file-medical:before{content:"\f477"}.fa-file-medical-alt:before{content:"\f478"}.fa-file-pdf:before{content:"\f1c1"}.fa-file-powerpoint:before{content:"\f1c4"}.fa-file-prescription:before{content:"\f572"}.fa-file-signature:before{content:"\f573"}.fa-file-upload:before{content:"\f574"}.fa-file-video:before{content:"\f1c8"}.fa-file-word:before{content:"\f1c2"}.fa-fill:before{content:"\f575"}.fa-fill-drip:before{content:"\f576"}.fa-film:before{content:"\f008"}.fa-filter:before{content:"\f0b0"}.fa-fingerprint:before{content:"\f577"}.fa-fire:before{content:"\f06d"}.fa-fire-extinguisher:before{content:"\f134"}.fa-firefox:before{content:"\f269"}.fa-first-aid:before{content:"\f479"}.fa-first-order:before{content:"\f2b0"}.fa-first-order-alt:before{content:"\f50a"}.fa-firstdraft:before{content:"\f3a1"}.fa-fish:before{content:"\f578"}.fa-flag:before{content:"\f024"}.fa-flag-checkered:before{content:"\f11e"}.fa-flask:before{content:"\f0c3"}.fa-flickr:before{content:"\f16e"}.fa-flipboard:before{content:"\f44d"}.fa-flushed:before{content:"\f579"}.fa-fly:before{content:"\f417"}.fa-folder:before{content:"\f07b"}.fa-folder-minus:before{content:"\f65d"}.fa-folder-open:before{content:"\f07c"}.fa-folder-plus:before{content:"\f65e"}.fa-font:before{content:"\f031"}.fa-font-awesome:before{content:"\f2b4"}.fa-font-awesome-alt:before{content:"\f35c"}.fa-font-awesome-flag:before{content:"\f425"}.fa-font-awesome-logo-full:before{content:"\f4e6"}.fa-fonticons:before{content:"\f280"}.fa-fonticons-fi:before{content:"\f3a2"}.fa-football-ball:before{content:"\f44e"}.fa-fort-awesome:before{content:"\f286"}.fa-fort-awesome-alt:before{content:"\f3a3"}.fa-forumbee:before{content:"\f211"}.fa-forward:before{content:"\f04e"}.fa-foursquare:before{content:"\f180"}.fa-free-code-camp:before{content:"\f2c5"}.fa-freebsd:before{content:"\f3a4"}.fa-frog:before{content:"\f52e"}.fa-frown:before{content:"\f119"}.fa-frown-open:before{content:"\f57a"}.fa-fulcrum:before{content:"\f50b"}.fa-funnel-dollar:before{content:"\f662"}.fa-futbol:before{content:"\f1e3"}.fa-galactic-republic:before{content:"\f50c"}.fa-galactic-senate:before{content:"\f50d"}.fa-gamepad:before{content:"\f11b"}.fa-gas-pump:before{content:"\f52f"}.fa-gavel:before{content:"\f0e3"}.fa-gem:before{content:"\f3a5"}.fa-genderless:before{content:"\f22d"}.fa-get-pocket:before{content:"\f265"}.fa-gg:before{content:"\f260"}.fa-gg-circle:before{content:"\f261"}.fa-gift:before{content:"\f06b"}.fa-git:before{content:"\f1d3"}.fa-git-square:before{content:"\f1d2"}.fa-github:before{content:"\f09b"}.fa-github-alt:before{content:"\f113"}.fa-github-square:before{content:"\f092"}.fa-gitkraken:before{content:"\f3a6"}.fa-gitlab:before{content:"\f296"}.fa-gitter:before{content:"\f426"}.fa-glass-martini:before{content:"\f000"}.fa-glass-martini-alt:before{content:"\f57b"}.fa-glasses:before{content:"\f530"}.fa-glide:before{content:"\f2a5"}.fa-glide-g:before{content:"\f2a6"}.fa-globe:before{content:"\f0ac"}.fa-globe-africa:before{content:"\f57c"}.fa-globe-americas:before{content:"\f57d"}.fa-globe-asia:before{content:"\f57e"}.fa-gofore:before{content:"\f3a7"}.fa-golf-ball:before{content:"\f450"}.fa-goodreads:before{content:"\f3a8"}.fa-goodreads-g:before{content:"\f3a9"}.fa-google:before{content:"\f1a0"}.fa-google-drive:before{content:"\f3aa"}.fa-google-play:before{content:"\f3ab"}.fa-google-plus:before{content:"\f2b3"}.fa-google-plus-g:before{content:"\f0d5"}.fa-google-plus-square:before{content:"\f0d4"}.fa-google-wallet:before{content:"\f1ee"}.fa-gopuram:before{content:"\f664"}.fa-graduation-cap:before{content:"\f19d"}.fa-gratipay:before{content:"\f184"}.fa-grav:before{content:"\f2d6"}.fa-greater-than:before{content:"\f531"}.fa-greater-than-equal:before{content:"\f532"}.fa-grimace:before{content:"\f57f"}.fa-grin:before{content:"\f580"}.fa-grin-alt:before{content:"\f581"}.fa-grin-beam:before{content:"\f582"}.fa-grin-beam-sweat:before{content:"\f583"}.fa-grin-hearts:before{content:"\f584"}.fa-grin-squint:before{content:"\f585"}.fa-grin-squint-tears:before{content:"\f586"}.fa-grin-stars:before{content:"\f587"}.fa-grin-tears:before{content:"\f588"}.fa-grin-tongue:before{content:"\f589"}.fa-grin-tongue-squint:before{content:"\f58a"}.fa-grin-tongue-wink:before{content:"\f58b"}.fa-grin-wink:before{content:"\f58c"}.fa-grip-horizontal:before{content:"\f58d"}.fa-grip-vertical:before{content:"\f58e"}.fa-gripfire:before{content:"\f3ac"}.fa-grunt:before{content:"\f3ad"}.fa-gulp:before{content:"\f3ae"}.fa-h-square:before{content:"\f0fd"}.fa-hacker-news:before{content:"\f1d4"}.fa-hacker-news-square:before{content:"\f3af"}.fa-hackerrank:before{content:"\f5f7"}.fa-hamsa:before{content:"\f665"}.fa-hand-holding:before{content:"\f4bd"}.fa-hand-holding-heart:before{content:"\f4be"}.fa-hand-holding-usd:before{content:"\f4c0"}.fa-hand-lizard:before{content:"\f258"}.fa-hand-paper:before{content:"\f256"}.fa-hand-peace:before{content:"\f25b"}.fa-hand-point-down:before{content:"\f0a7"}.fa-hand-point-left:before{content:"\f0a5"}.fa-hand-point-right:before{content:"\f0a4"}.fa-hand-point-up:before{content:"\f0a6"}.fa-hand-pointer:before{content:"\f25a"}.fa-hand-rock:before{content:"\f255"}.fa-hand-scissors:before{content:"\f257"}.fa-hand-spock:before{content:"\f259"}.fa-hands:before{content:"\f4c2"}.fa-hands-helping:before{content:"\f4c4"}.fa-handshake:before{content:"\f2b5"}.fa-hashtag:before{content:"\f292"}.fa-haykal:before{content:"\f666"}.fa-hdd:before{content:"\f0a0"}.fa-heading:before{content:"\f1dc"}.fa-headphones:before{content:"\f025"}.fa-headphones-alt:before{content:"\f58f"}.fa-headset:before{content:"\f590"}.fa-heart:before{content:"\f004"}.fa-heartbeat:before{content:"\f21e"}.fa-helicopter:before{content:"\f533"}.fa-highlighter:before{content:"\f591"}.fa-hips:before{content:"\f452"}.fa-hire-a-helper:before{content:"\f3b0"}.fa-history:before{content:"\f1da"}.fa-hockey-puck:before{content:"\f453"}.fa-home:before{content:"\f015"}.fa-hooli:before{content:"\f427"}.fa-hornbill:before{content:"\f592"}.fa-hospital:before{content:"\f0f8"}.fa-hospital-alt:before{content:"\f47d"}.fa-hospital-symbol:before{content:"\f47e"}.fa-hot-tub:before{content:"\f593"}.fa-hotel:before{content:"\f594"}.fa-hotjar:before{content:"\f3b1"}.fa-hourglass:before{content:"\f254"}.fa-hourglass-end:before{content:"\f253"}.fa-hourglass-half:before{content:"\f252"}.fa-hourglass-start:before{content:"\f251"}.fa-houzz:before{content:"\f27c"}.fa-html5:before{content:"\f13b"}.fa-hubspot:before{content:"\f3b2"}.fa-i-cursor:before{content:"\f246"}.fa-id-badge:before{content:"\f2c1"}.fa-id-card:before{content:"\f2c2"}.fa-id-card-alt:before{content:"\f47f"}.fa-image:before{content:"\f03e"}.fa-images:before{content:"\f302"}.fa-imdb:before{content:"\f2d8"}.fa-inbox:before{content:"\f01c"}.fa-indent:before{content:"\f03c"}.fa-industry:before{content:"\f275"}.fa-infinity:before{content:"\f534"}.fa-info:before{content:"\f129"}.fa-info-circle:before{content:"\f05a"}.fa-instagram:before{content:"\f16d"}.fa-internet-explorer:before{content:"\f26b"}.fa-ioxhost:before{content:"\f208"}.fa-italic:before{content:"\f033"}.fa-itunes:before{content:"\f3b4"}.fa-itunes-note:before{content:"\f3b5"}.fa-java:before{content:"\f4e4"}.fa-jedi:before{content:"\f669"}.fa-jedi-order:before{content:"\f50e"}.fa-jenkins:before{content:"\f3b6"}.fa-joget:before{content:"\f3b7"}.fa-joint:before{content:"\f595"}.fa-joomla:before{content:"\f1aa"}.fa-journal-whills:before{content:"\f66a"}.fa-js:before{content:"\f3b8"}.fa-js-square:before{content:"\f3b9"}.fa-jsfiddle:before{content:"\f1cc"}.fa-kaaba:before{content:"\f66b"}.fa-kaggle:before{content:"\f5fa"}.fa-key:before{content:"\f084"}.fa-keybase:before{content:"\f4f5"}.fa-keyboard:before{content:"\f11c"}.fa-keycdn:before{content:"\f3ba"}.fa-khanda:before{content:"\f66d"}.fa-kickstarter:before{content:"\f3bb"}.fa-kickstarter-k:before{content:"\f3bc"}.fa-kiss:before{content:"\f596"}.fa-kiss-beam:before{content:"\f597"}.fa-kiss-wink-heart:before{content:"\f598"}.fa-kiwi-bird:before{content:"\f535"}.fa-korvue:before{content:"\f42f"}.fa-landmark:before{content:"\f66f"}.fa-language:before{content:"\f1ab"}.fa-laptop:before{content:"\f109"}.fa-laptop-code:before{content:"\f5fc"}.fa-laravel:before{content:"\f3bd"}.fa-lastfm:before{content:"\f202"}.fa-lastfm-square:before{content:"\f203"}.fa-laugh:before{content:"\f599"}.fa-laugh-beam:before{content:"\f59a"}.fa-laugh-squint:before{content:"\f59b"}.fa-laugh-wink:before{content:"\f59c"}.fa-layer-group:before{content:"\f5fd"}.fa-leaf:before{content:"\f06c"}.fa-leanpub:before{content:"\f212"}.fa-lemon:before{content:"\f094"}.fa-less:before{content:"\f41d"}.fa-less-than:before{content:"\f536"}.fa-less-than-equal:before{content:"\f537"}.fa-level-down-alt:before{content:"\f3be"}.fa-level-up-alt:before{content:"\f3bf"}.fa-life-ring:before{content:"\f1cd"}.fa-lightbulb:before{content:"\f0eb"}.fa-line:before{content:"\f3c0"}.fa-link:before{content:"\f0c1"}.fa-linkedin:before{content:"\f08c"}.fa-linkedin-in:before{content:"\f0e1"}.fa-linode:before{content:"\f2b8"}.fa-linux:before{content:"\f17c"}.fa-lira-sign:before{content:"\f195"}.fa-list:before{content:"\f03a"}.fa-list-alt:before{content:"\f022"}.fa-list-ol:before{content:"\f0cb"}.fa-list-ul:before{content:"\f0ca"}.fa-location-arrow:before{content:"\f124"}.fa-lock:before{content:"\f023"}.fa-lock-open:before{content:"\f3c1"}.fa-long-arrow-alt-down:before{content:"\f309"}.fa-long-arrow-alt-left:before{content:"\f30a"}.fa-long-arrow-alt-right:before{content:"\f30b"}.fa-long-arrow-alt-up:before{content:"\f30c"}.fa-low-vision:before{content:"\f2a8"}.fa-luggage-cart:before{content:"\f59d"}.fa-lyft:before{content:"\f3c3"}.fa-magento:before{content:"\f3c4"}.fa-magic:before{content:"\f0d0"}.fa-magnet:before{content:"\f076"}.fa-mail-bulk:before{content:"\f674"}.fa-mailchimp:before{content:"\f59e"}.fa-male:before{content:"\f183"}.fa-mandalorian:before{content:"\f50f"}.fa-map:before{content:"\f279"}.fa-map-marked:before{content:"\f59f"}.fa-map-marked-alt:before{content:"\f5a0"}.fa-map-marker:before{content:"\f041"}.fa-map-marker-alt:before{content:"\f3c5"}.fa-map-pin:before{content:"\f276"}.fa-map-signs:before{content:"\f277"}.fa-markdown:before{content:"\f60f"}.fa-marker:before{content:"\f5a1"}.fa-mars:before{content:"\f222"}.fa-mars-double:before{content:"\f227"}.fa-mars-stroke:before{content:"\f229"}.fa-mars-stroke-h:before{content:"\f22b"}.fa-mars-stroke-v:before{content:"\f22a"}.fa-mastodon:before{content:"\f4f6"}.fa-maxcdn:before{content:"\f136"}.fa-medal:before{content:"\f5a2"}.fa-medapps:before{content:"\f3c6"}.fa-medium:before{content:"\f23a"}.fa-medium-m:before{content:"\f3c7"}.fa-medkit:before{content:"\f0fa"}.fa-medrt:before{content:"\f3c8"}.fa-meetup:before{content:"\f2e0"}.fa-megaport:before{content:"\f5a3"}.fa-meh:before{content:"\f11a"}.fa-meh-blank:before{content:"\f5a4"}.fa-meh-rolling-eyes:before{content:"\f5a5"}.fa-memory:before{content:"\f538"}.fa-menorah:before{content:"\f676"}.fa-mercury:before{content:"\f223"}.fa-microchip:before{content:"\f2db"}.fa-microphone:before{content:"\f130"}.fa-microphone-alt:before{content:"\f3c9"}.fa-microphone-alt-slash:before{content:"\f539"}.fa-microphone-slash:before{content:"\f131"}.fa-microscope:before{content:"\f610"}.fa-microsoft:before{content:"\f3ca"}.fa-minus:before{content:"\f068"}.fa-minus-circle:before{content:"\f056"}.fa-minus-square:before{content:"\f146"}.fa-mix:before{content:"\f3cb"}.fa-mixcloud:before{content:"\f289"}.fa-mizuni:before{content:"\f3cc"}.fa-mobile:before{content:"\f10b"}.fa-mobile-alt:before{content:"\f3cd"}.fa-modx:before{content:"\f285"}.fa-monero:before{content:"\f3d0"}.fa-money-bill:before{content:"\f0d6"}.fa-money-bill-alt:before{content:"\f3d1"}.fa-money-bill-wave:before{content:"\f53a"}.fa-money-bill-wave-alt:before{content:"\f53b"}.fa-money-check:before{content:"\f53c"}.fa-money-check-alt:before{content:"\f53d"}.fa-monument:before{content:"\f5a6"}.fa-moon:before{content:"\f186"}.fa-mortar-pestle:before{content:"\f5a7"}.fa-mosque:before{content:"\f678"}.fa-motorcycle:before{content:"\f21c"}.fa-mouse-pointer:before{content:"\f245"}.fa-music:before{content:"\f001"}.fa-napster:before{content:"\f3d2"}.fa-neos:before{content:"\f612"}.fa-neuter:before{content:"\f22c"}.fa-newspaper:before{content:"\f1ea"}.fa-nimblr:before{content:"\f5a8"}.fa-nintendo-switch:before{content:"\f418"}.fa-node:before{content:"\f419"}.fa-node-js:before{content:"\f3d3"}.fa-not-equal:before{content:"\f53e"}.fa-notes-medical:before{content:"\f481"}.fa-npm:before{content:"\f3d4"}.fa-ns8:before{content:"\f3d5"}.fa-nutritionix:before{content:"\f3d6"}.fa-object-group:before{content:"\f247"}.fa-object-ungroup:before{content:"\f248"}.fa-odnoklassniki:before{content:"\f263"}.fa-odnoklassniki-square:before{content:"\f264"}.fa-oil-can:before{content:"\f613"}.fa-old-republic:before{content:"\f510"}.fa-om:before{content:"\f679"}.fa-opencart:before{content:"\f23d"}.fa-openid:before{content:"\f19b"}.fa-opera:before{content:"\f26a"}.fa-optin-monster:before{content:"\f23c"}.fa-osi:before{content:"\f41a"}.fa-outdent:before{content:"\f03b"}.fa-page4:before{content:"\f3d7"}.fa-pagelines:before{content:"\f18c"}.fa-paint-brush:before{content:"\f1fc"}.fa-paint-roller:before{content:"\f5aa"}.fa-palette:before{content:"\f53f"}.fa-palfed:before{content:"\f3d8"}.fa-pallet:before{content:"\f482"}.fa-paper-plane:before{content:"\f1d8"}.fa-paperclip:before{content:"\f0c6"}.fa-parachute-box:before{content:"\f4cd"}.fa-paragraph:before{content:"\f1dd"}.fa-parking:before{content:"\f540"}.fa-passport:before{content:"\f5ab"}.fa-pastafarianism:before{content:"\f67b"}.fa-paste:before{content:"\f0ea"}.fa-patreon:before{content:"\f3d9"}.fa-pause:before{content:"\f04c"}.fa-pause-circle:before{content:"\f28b"}.fa-paw:before{content:"\f1b0"}.fa-paypal:before{content:"\f1ed"}.fa-peace:before{content:"\f67c"}.fa-pen:before{content:"\f304"}.fa-pen-alt:before{content:"\f305"}.fa-pen-fancy:before{content:"\f5ac"}.fa-pen-nib:before{content:"\f5ad"}.fa-pen-square:before{content:"\f14b"}.fa-pencil-alt:before{content:"\f303"}.fa-pencil-ruler:before{content:"\f5ae"}.fa-people-carry:before{content:"\f4ce"}.fa-percent:before{content:"\f295"}.fa-percentage:before{content:"\f541"}.fa-periscope:before{content:"\f3da"}.fa-phabricator:before{content:"\f3db"}.fa-phoenix-framework:before{content:"\f3dc"}.fa-phoenix-squadron:before{content:"\f511"}.fa-phone:before{content:"\f095"}.fa-phone-slash:before{content:"\f3dd"}.fa-phone-square:before{content:"\f098"}.fa-phone-volume:before{content:"\f2a0"}.fa-php:before{content:"\f457"}.fa-pied-piper:before{content:"\f2ae"}.fa-pied-piper-alt:before{content:"\f1a8"}.fa-pied-piper-hat:before{content:"\f4e5"}.fa-pied-piper-pp:before{content:"\f1a7"}.fa-piggy-bank:before{content:"\f4d3"}.fa-pills:before{content:"\f484"}.fa-pinterest:before{content:"\f0d2"}.fa-pinterest-p:before{content:"\f231"}.fa-pinterest-square:before{content:"\f0d3"}.fa-place-of-worship:before{content:"\f67f"}.fa-plane:before{content:"\f072"}.fa-plane-arrival:before{content:"\f5af"}.fa-plane-departure:before{content:"\f5b0"}.fa-play:before{content:"\f04b"}.fa-play-circle:before{content:"\f144"}.fa-playstation:before{content:"\f3df"}.fa-plug:before{content:"\f1e6"}.fa-plus:before{content:"\f067"}.fa-plus-circle:before{content:"\f055"}.fa-plus-square:before{content:"\f0fe"}.fa-podcast:before{content:"\f2ce"}.fa-poll:before{content:"\f681"}.fa-poll-h:before{content:"\f682"}.fa-poo:before{content:"\f2fe"}.fa-poop:before{content:"\f619"}.fa-portrait:before{content:"\f3e0"}.fa-pound-sign:before{content:"\f154"}.fa-power-off:before{content:"\f011"}.fa-pray:before{content:"\f683"}.fa-praying-hands:before{content:"\f684"}.fa-prescription:before{content:"\f5b1"}.fa-prescription-bottle:before{content:"\f485"}.fa-prescription-bottle-alt:before{content:"\f486"}.fa-print:before{content:"\f02f"}.fa-procedures:before{content:"\f487"}.fa-product-hunt:before{content:"\f288"}.fa-project-diagram:before{content:"\f542"}.fa-pushed:before{content:"\f3e1"}.fa-puzzle-piece:before{content:"\f12e"}.fa-python:before{content:"\f3e2"}.fa-qq:before{content:"\f1d6"}.fa-qrcode:before{content:"\f029"}.fa-question:before{content:"\f128"}.fa-question-circle:before{content:"\f059"}.fa-quidditch:before{content:"\f458"}.fa-quinscape:before{content:"\f459"}.fa-quora:before{content:"\f2c4"}.fa-quote-left:before{content:"\f10d"}.fa-quote-right:before{content:"\f10e"}.fa-quran:before{content:"\f687"}.fa-r-project:before{content:"\f4f7"}.fa-random:before{content:"\f074"}.fa-ravelry:before{content:"\f2d9"}.fa-react:before{content:"\f41b"}.fa-readme:before{content:"\f4d5"}.fa-rebel:before{content:"\f1d0"}.fa-receipt:before{content:"\f543"}.fa-recycle:before{content:"\f1b8"}.fa-red-river:before{content:"\f3e3"}.fa-reddit:before{content:"\f1a1"}.fa-reddit-alien:before{content:"\f281"}.fa-reddit-square:before{content:"\f1a2"}.fa-redo:before{content:"\f01e"}.fa-redo-alt:before{content:"\f2f9"}.fa-registered:before{content:"\f25d"}.fa-rendact:before{content:"\f3e4"}.fa-renren:before{content:"\f18b"}.fa-reply:before{content:"\f3e5"}.fa-reply-all:before{content:"\f122"}.fa-replyd:before{content:"\f3e6"}.fa-researchgate:before{content:"\f4f8"}.fa-resolving:before{content:"\f3e7"}.fa-retweet:before{content:"\f079"}.fa-rev:before{content:"\f5b2"}.fa-ribbon:before{content:"\f4d6"}.fa-road:before{content:"\f018"}.fa-robot:before{content:"\f544"}.fa-rocket:before{content:"\f135"}.fa-rocketchat:before{content:"\f3e8"}.fa-rockrms:before{content:"\f3e9"}.fa-route:before{content:"\f4d7"}.fa-rss:before{content:"\f09e"}.fa-rss-square:before{content:"\f143"}.fa-ruble-sign:before{content:"\f158"}.fa-ruler:before{content:"\f545"}.fa-ruler-combined:before{content:"\f546"}.fa-ruler-horizontal:before{content:"\f547"}.fa-ruler-vertical:before{content:"\f548"}.fa-rupee-sign:before{content:"\f156"}.fa-sad-cry:before{content:"\f5b3"}.fa-sad-tear:before{content:"\f5b4"}.fa-safari:before{content:"\f267"}.fa-sass:before{content:"\f41e"}.fa-save:before{content:"\f0c7"}.fa-schlix:before{content:"\f3ea"}.fa-school:before{content:"\f549"}.fa-screwdriver:before{content:"\f54a"}.fa-scribd:before{content:"\f28a"}.fa-search:before{content:"\f002"}.fa-search-dollar:before{content:"\f688"}.fa-search-location:before{content:"\f689"}.fa-search-minus:before{content:"\f010"}.fa-search-plus:before{content:"\f00e"}.fa-searchengin:before{content:"\f3eb"}.fa-seedling:before{content:"\f4d8"}.fa-sellcast:before{content:"\f2da"}.fa-sellsy:before{content:"\f213"}.fa-server:before{content:"\f233"}.fa-servicestack:before{content:"\f3ec"}.fa-shapes:before{content:"\f61f"}.fa-share:before{content:"\f064"}.fa-share-alt:before{content:"\f1e0"}.fa-share-alt-square:before{content:"\f1e1"}.fa-share-square:before{content:"\f14d"}.fa-shekel-sign:before{content:"\f20b"}.fa-shield-alt:before{content:"\f3ed"}.fa-ship:before{content:"\f21a"}.fa-shipping-fast:before{content:"\f48b"}.fa-shirtsinbulk:before{content:"\f214"}.fa-shoe-prints:before{content:"\f54b"}.fa-shopping-bag:before{content:"\f290"}.fa-shopping-basket:before{content:"\f291"}.fa-shopping-cart:before{content:"\f07a"}.fa-shopware:before{content:"\f5b5"}.fa-shower:before{content:"\f2cc"}.fa-shuttle-van:before{content:"\f5b6"}.fa-sign:before{content:"\f4d9"}.fa-sign-in-alt:before{content:"\f2f6"}.fa-sign-language:before{content:"\f2a7"}.fa-sign-out-alt:before{content:"\f2f5"}.fa-signal:before{content:"\f012"}.fa-signature:before{content:"\f5b7"}.fa-simplybuilt:before{content:"\f215"}.fa-sistrix:before{content:"\f3ee"}.fa-sitemap:before{content:"\f0e8"}.fa-sith:before{content:"\f512"}.fa-skull:before{content:"\f54c"}.fa-skyatlas:before{content:"\f216"}.fa-skype:before{content:"\f17e"}.fa-slack:before{content:"\f198"}.fa-slack-hash:before{content:"\f3ef"}.fa-sliders-h:before{content:"\f1de"}.fa-slideshare:before{content:"\f1e7"}.fa-smile:before{content:"\f118"}.fa-smile-beam:before{content:"\f5b8"}.fa-smile-wink:before{content:"\f4da"}.fa-smoking:before{content:"\f48d"}.fa-smoking-ban:before{content:"\f54d"}.fa-snapchat:before{content:"\f2ab"}.fa-snapchat-ghost:before{content:"\f2ac"}.fa-snapchat-square:before{content:"\f2ad"}.fa-snowflake:before{content:"\f2dc"}.fa-socks:before{content:"\f696"}.fa-solar-panel:before{content:"\f5ba"}.fa-sort:before{content:"\f0dc"}.fa-sort-alpha-down:before{content:"\f15d"}.fa-sort-alpha-up:before{content:"\f15e"}.fa-sort-amount-down:before{content:"\f160"}.fa-sort-amount-up:before{content:"\f161"}.fa-sort-down:before{content:"\f0dd"}.fa-sort-numeric-down:before{content:"\f162"}.fa-sort-numeric-up:before{content:"\f163"}.fa-sort-up:before{content:"\f0de"}.fa-soundcloud:before{content:"\f1be"}.fa-spa:before{content:"\f5bb"}.fa-space-shuttle:before{content:"\f197"}.fa-speakap:before{content:"\f3f3"}.fa-spinner:before{content:"\f110"}.fa-splotch:before{content:"\f5bc"}.fa-spotify:before{content:"\f1bc"}.fa-spray-can:before{content:"\f5bd"}.fa-square:before{content:"\f0c8"}.fa-square-full:before{content:"\f45c"}.fa-square-root-alt:before{content:"\f698"}.fa-squarespace:before{content:"\f5be"}.fa-stack-exchange:before{content:"\f18d"}.fa-stack-overflow:before{content:"\f16c"}.fa-stamp:before{content:"\f5bf"}.fa-star:before{content:"\f005"}.fa-star-and-crescent:before{content:"\f699"}.fa-star-half:before{content:"\f089"}.fa-star-half-alt:before{content:"\f5c0"}.fa-star-of-david:before{content:"\f69a"}.fa-star-of-life:before{content:"\f621"}.fa-staylinked:before{content:"\f3f5"}.fa-steam:before{content:"\f1b6"}.fa-steam-square:before{content:"\f1b7"}.fa-steam-symbol:before{content:"\f3f6"}.fa-step-backward:before{content:"\f048"}.fa-step-forward:before{content:"\f051"}.fa-stethoscope:before{content:"\f0f1"}.fa-sticker-mule:before{content:"\f3f7"}.fa-sticky-note:before{content:"\f249"}.fa-stop:before{content:"\f04d"}.fa-stop-circle:before{content:"\f28d"}.fa-stopwatch:before{content:"\f2f2"}.fa-store:before{content:"\f54e"}.fa-store-alt:before{content:"\f54f"}.fa-strava:before{content:"\f428"}.fa-stream:before{content:"\f550"}.fa-street-view:before{content:"\f21d"}.fa-strikethrough:before{content:"\f0cc"}.fa-stripe:before{content:"\f429"}.fa-stripe-s:before{content:"\f42a"}.fa-stroopwafel:before{content:"\f551"}.fa-studiovinari:before{content:"\f3f8"}.fa-stumbleupon:before{content:"\f1a4"}.fa-stumbleupon-circle:before{content:"\f1a3"}.fa-subscript:before{content:"\f12c"}.fa-subway:before{content:"\f239"}.fa-suitcase:before{content:"\f0f2"}.fa-suitcase-rolling:before{content:"\f5c1"}.fa-sun:before{content:"\f185"}.fa-superpowers:before{content:"\f2dd"}.fa-superscript:before{content:"\f12b"}.fa-supple:before{content:"\f3f9"}.fa-surprise:before{content:"\f5c2"}.fa-swatchbook:before{content:"\f5c3"}.fa-swimmer:before{content:"\f5c4"}.fa-swimming-pool:before{content:"\f5c5"}.fa-synagogue:before{content:"\f69b"}.fa-sync:before{content:"\f021"}.fa-sync-alt:before{content:"\f2f1"}.fa-syringe:before{content:"\f48e"}.fa-table:before{content:"\f0ce"}.fa-table-tennis:before{content:"\f45d"}.fa-tablet:before{content:"\f10a"}.fa-tablet-alt:before{content:"\f3fa"}.fa-tablets:before{content:"\f490"}.fa-tachometer-alt:before{content:"\f3fd"}.fa-tag:before{content:"\f02b"}.fa-tags:before{content:"\f02c"}.fa-tape:before{content:"\f4db"}.fa-tasks:before{content:"\f0ae"}.fa-taxi:before{content:"\f1ba"}.fa-teamspeak:before{content:"\f4f9"}.fa-teeth:before{content:"\f62e"}.fa-teeth-open:before{content:"\f62f"}.fa-telegram:before{content:"\f2c6"}.fa-telegram-plane:before{content:"\f3fe"}.fa-tencent-weibo:before{content:"\f1d5"}.fa-terminal:before{content:"\f120"}.fa-text-height:before{content:"\f034"}.fa-text-width:before{content:"\f035"}.fa-th:before{content:"\f00a"}.fa-th-large:before{content:"\f009"}.fa-th-list:before{content:"\f00b"}.fa-the-red-yeti:before{content:"\f69d"}.fa-theater-masks:before{content:"\f630"}.fa-themeco:before{content:"\f5c6"}.fa-themeisle:before{content:"\f2b2"}.fa-thermometer:before{content:"\f491"}.fa-thermometer-empty:before{content:"\f2cb"}.fa-thermometer-full:before{content:"\f2c7"}.fa-thermometer-half:before{content:"\f2c9"}.fa-thermometer-quarter:before{content:"\f2ca"}.fa-thermometer-three-quarters:before{content:"\f2c8"}.fa-thumbs-down:before{content:"\f165"}.fa-thumbs-up:before{content:"\f164"}.fa-thumbtack:before{content:"\f08d"}.fa-ticket-alt:before{content:"\f3ff"}.fa-times:before{content:"\f00d"}.fa-times-circle:before{content:"\f057"}.fa-tint:before{content:"\f043"}.fa-tint-slash:before{content:"\f5c7"}.fa-tired:before{content:"\f5c8"}.fa-toggle-off:before{content:"\f204"}.fa-toggle-on:before{content:"\f205"}.fa-toolbox:before{content:"\f552"}.fa-tooth:before{content:"\f5c9"}.fa-torah:before{content:"\f6a0"}.fa-torii-gate:before{content:"\f6a1"}.fa-trade-federation:before{content:"\f513"}.fa-trademark:before{content:"\f25c"}.fa-traffic-light:before{content:"\f637"}.fa-train:before{content:"\f238"}.fa-transgender:before{content:"\f224"}.fa-transgender-alt:before{content:"\f225"}.fa-trash:before{content:"\f1f8"}.fa-trash-alt:before{content:"\f2ed"}.fa-tree:before{content:"\f1bb"}.fa-trello:before{content:"\f181"}.fa-tripadvisor:before{content:"\f262"}.fa-trophy:before{content:"\f091"}.fa-truck:before{content:"\f0d1"}.fa-truck-loading:before{content:"\f4de"}.fa-truck-monster:before{content:"\f63b"}.fa-truck-moving:before{content:"\f4df"}.fa-truck-pickup:before{content:"\f63c"}.fa-tshirt:before{content:"\f553"}.fa-tty:before{content:"\f1e4"}.fa-tumblr:before{content:"\f173"}.fa-tumblr-square:before{content:"\f174"}.fa-tv:before{content:"\f26c"}.fa-twitch:before{content:"\f1e8"}.fa-twitter:before{content:"\f099"}.fa-twitter-square:before{content:"\f081"}.fa-typo3:before{content:"\f42b"}.fa-uber:before{content:"\f402"}.fa-uikit:before{content:"\f403"}.fa-umbrella:before{content:"\f0e9"}.fa-umbrella-beach:before{content:"\f5ca"}.fa-underline:before{content:"\f0cd"}.fa-undo:before{content:"\f0e2"}.fa-undo-alt:before{content:"\f2ea"}.fa-uniregistry:before{content:"\f404"}.fa-universal-access:before{content:"\f29a"}.fa-university:before{content:"\f19c"}.fa-unlink:before{content:"\f127"}.fa-unlock:before{content:"\f09c"}.fa-unlock-alt:before{content:"\f13e"}.fa-untappd:before{content:"\f405"}.fa-upload:before{content:"\f093"}.fa-usb:before{content:"\f287"}.fa-user:before{content:"\f007"}.fa-user-alt:before{content:"\f406"}.fa-user-alt-slash:before{content:"\f4fa"}.fa-user-astronaut:before{content:"\f4fb"}.fa-user-check:before{content:"\f4fc"}.fa-user-circle:before{content:"\f2bd"}.fa-user-clock:before{content:"\f4fd"}.fa-user-cog:before{content:"\f4fe"}.fa-user-edit:before{content:"\f4ff"}.fa-user-friends:before{content:"\f500"}.fa-user-graduate:before{content:"\f501"}.fa-user-lock:before{content:"\f502"}.fa-user-md:before{content:"\f0f0"}.fa-user-minus:before{content:"\f503"}.fa-user-ninja:before{content:"\f504"}.fa-user-plus:before{content:"\f234"}.fa-user-secret:before{content:"\f21b"}.fa-user-shield:before{content:"\f505"}.fa-user-slash:before{content:"\f506"}.fa-user-tag:before{content:"\f507"}.fa-user-tie:before{content:"\f508"}.fa-user-times:before{content:"\f235"}.fa-users:before{content:"\f0c0"}.fa-users-cog:before{content:"\f509"}.fa-ussunnah:before{content:"\f407"}.fa-utensil-spoon:before{content:"\f2e5"}.fa-utensils:before{content:"\f2e7"}.fa-vaadin:before{content:"\f408"}.fa-vector-square:before{content:"\f5cb"}.fa-venus:before{content:"\f221"}.fa-venus-double:before{content:"\f226"}.fa-venus-mars:before{content:"\f228"}.fa-viacoin:before{content:"\f237"}.fa-viadeo:before{content:"\f2a9"}.fa-viadeo-square:before{content:"\f2aa"}.fa-vial:before{content:"\f492"}.fa-vials:before{content:"\f493"}.fa-viber:before{content:"\f409"}.fa-video:before{content:"\f03d"}.fa-video-slash:before{content:"\f4e2"}.fa-vihara:before{content:"\f6a7"}.fa-vimeo:before{content:"\f40a"}.fa-vimeo-square:before{content:"\f194"}.fa-vimeo-v:before{content:"\f27d"}.fa-vine:before{content:"\f1ca"}.fa-vk:before{content:"\f189"}.fa-vnv:before{content:"\f40b"}.fa-volleyball-ball:before{content:"\f45f"}.fa-volume-down:before{content:"\f027"}.fa-volume-off:before{content:"\f026"}.fa-volume-up:before{content:"\f028"}.fa-vuejs:before{content:"\f41f"}.fa-walking:before{content:"\f554"}.fa-wallet:before{content:"\f555"}.fa-warehouse:before{content:"\f494"}.fa-weebly:before{content:"\f5cc"}.fa-weibo:before{content:"\f18a"}.fa-weight:before{content:"\f496"}.fa-weight-hanging:before{content:"\f5cd"}.fa-weixin:before{content:"\f1d7"}.fa-whatsapp:before{content:"\f232"}.fa-whatsapp-square:before{content:"\f40c"}.fa-wheelchair:before{content:"\f193"}.fa-whmcs:before{content:"\f40d"}.fa-wifi:before{content:"\f1eb"}.fa-wikipedia-w:before{content:"\f266"}.fa-window-close:before{content:"\f410"}.fa-window-maximize:before{content:"\f2d0"}.fa-window-minimize:before{content:"\f2d1"}.fa-window-restore:before{content:"\f2d2"}.fa-windows:before{content:"\f17a"}.fa-wine-glass:before{content:"\f4e3"}.fa-wine-glass-alt:before{content:"\f5ce"}.fa-wix:before{content:"\f5cf"}.fa-wolf-pack-battalion:before{content:"\f514"}.fa-won-sign:before{content:"\f159"}.fa-wordpress:before{content:"\f19a"}.fa-wordpress-simple:before{content:"\f411"}.fa-wpbeginner:before{content:"\f297"}.fa-wpexplorer:before{content:"\f2de"}.fa-wpforms:before{content:"\f298"}.fa-wrench:before{content:"\f0ad"}.fa-x-ray:before{content:"\f497"}.fa-xbox:before{content:"\f412"}.fa-xing:before{content:"\f168"}.fa-xing-square:before{content:"\f169"}.fa-y-combinator:before{content:"\f23b"}.fa-yahoo:before{content:"\f19e"}.fa-yandex:before{content:"\f413"}.fa-yandex-international:before{content:"\f414"}.fa-yelp:before{content:"\f1e9"}.fa-yen-sign:before{content:"\f157"}.fa-yin-yang:before{content:"\f6ad"}.fa-yoast:before{content:"\f2b1"}.fa-youtube:before{content:"\f167"}.fa-youtube-square:before{content:"\f431"}.fa-zhihu:before{content:"\f63f"}.sr-only{border:0;clip:rect(0,0,0,0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px}.sr-only-focusable:active,.sr-only-focusable:focus{clip:auto;height:auto;margin:0;overflow:visible;position:static;width:auto}@font-face{font-family:"Font Awesome 5 Brands";font-style:normal;font-weight:normal;src:url(../webfonts/fa-brands-400.eot);src:url(../webfonts/fa-brands-400.eot?#iefix) format("embedded-opentype"),url(../webfonts/fa-brands-400.woff2) format("woff2"),url(../webfonts/fa-brands-400.woff) format("woff"),url(../webfonts/fa-brands-400.ttf) format("truetype"),url(../webfonts/fa-brands-400.svg#fontawesome) format("svg")}.fab{font-family:"Font Awesome 5 Brands"}@font-face{font-family:"Font Awesome 5 Free";font-style:normal;font-weight:400;src:url(../webfonts/fa-regular-400.eot);src:url(../webfonts/fa-regular-400.eot?#iefix) format("embedded-opentype"),url(../webfonts/fa-regular-400.woff2) format("woff2"),url(../webfonts/fa-regular-400.woff) format("woff"),url(../webfonts/fa-regular-400.ttf) format("truetype"),url(../webfonts/fa-regular-400.svg#fontawesome) format("svg")}.far{font-weight:400}@font-face{font-family:"Font Awesome 5 Free";font-style:normal;font-weight:900;src:url(../webfonts/fa-solid-900.eot);src:url(../webfonts/fa-solid-900.eot?#iefix) format("embedded-opentype"),url(../webfonts/fa-solid-900.woff2) format("woff2"),url(../webfonts/fa-solid-900.woff) format("woff"),url(../webfonts/fa-solid-900.ttf) format("truetype"),url(../webfonts/fa-solid-900.svg#fontawesome) format("svg")}.fa,.far,.fas{font-family:"Font Awesome 5 Free"}.fa,.fas{font-weight:900} \ No newline at end of file diff --git a/roles/httpd/files/html/css/open-sans.css b/roles/httpd/files/html/css/open-sans.css new file mode 100644 index 000000000..285f17245 --- /dev/null +++ b/roles/httpd/files/html/css/open-sans.css @@ -0,0 +1,28 @@ + +/* open-sans-regular - latin */ +@font-face { + font-family: 'Open Sans'; + font-style: normal; + font-weight: 400; + src: local('Open Sans Regular'), local('OpenSans-Regular'), + url('/common/fonts/open-sans-v15-latin-regular.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */ + url('/common/fonts/open-sans-v15-latin-regular.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */ +} +/* open-sans-600 - latin */ +@font-face { + font-family: 'Open Sans'; + font-style: normal; + font-weight: 600; + src: local('Open Sans SemiBold'), local('OpenSans-SemiBold'), + url('/common/fonts/open-sans-v15-latin-600.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */ + url('/common/fonts/open-sans-v15-latin-600.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */ +} +/* open-sans-700 - latin */ +@font-face { + font-family: 'Open Sans'; + font-style: normal; + font-weight: 700; + src: local('Open Sans Bold'), local('OpenSans-Bold'), + url('/common/fonts/open-sans-v15-latin-700.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */ + url('/common/fonts/open-sans-v15-latin-700.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */ +} diff --git a/roles/httpd/files/html/fonts/fa-solid-900.woff b/roles/httpd/files/html/fonts/fa-solid-900.woff new file mode 100644 index 000000000..839528cca Binary files /dev/null and b/roles/httpd/files/html/fonts/fa-solid-900.woff differ diff --git a/roles/httpd/files/html/fonts/fa-solid-900.woff2 b/roles/httpd/files/html/fonts/fa-solid-900.woff2 new file mode 100644 index 000000000..3aae386a6 Binary files /dev/null and b/roles/httpd/files/html/fonts/fa-solid-900.woff2 differ diff --git a/roles/httpd/files/html/fonts/open-sans-v15-latin-600.woff b/roles/httpd/files/html/fonts/open-sans-v15-latin-600.woff new file mode 100644 index 000000000..5a604b3a0 Binary files /dev/null and b/roles/httpd/files/html/fonts/open-sans-v15-latin-600.woff differ diff --git a/roles/httpd/files/html/fonts/open-sans-v15-latin-600.woff2 b/roles/httpd/files/html/fonts/open-sans-v15-latin-600.woff2 new file mode 100644 index 000000000..a0965b7a8 Binary files /dev/null and b/roles/httpd/files/html/fonts/open-sans-v15-latin-600.woff2 differ diff --git a/roles/httpd/files/html/fonts/open-sans-v15-latin-700.woff b/roles/httpd/files/html/fonts/open-sans-v15-latin-700.woff new file mode 100644 index 000000000..2523e953c Binary files /dev/null and b/roles/httpd/files/html/fonts/open-sans-v15-latin-700.woff differ diff --git a/roles/httpd/files/html/fonts/open-sans-v15-latin-700.woff2 b/roles/httpd/files/html/fonts/open-sans-v15-latin-700.woff2 new file mode 100644 index 000000000..2b04b15bb Binary files /dev/null and b/roles/httpd/files/html/fonts/open-sans-v15-latin-700.woff2 differ diff --git a/roles/httpd/files/html/fonts/open-sans-v15-latin-regular.woff b/roles/httpd/files/html/fonts/open-sans-v15-latin-regular.woff new file mode 100644 index 000000000..e495e6f01 Binary files /dev/null and b/roles/httpd/files/html/fonts/open-sans-v15-latin-regular.woff differ diff --git a/roles/httpd/files/html/fonts/open-sans-v15-latin-regular.woff2 b/roles/httpd/files/html/fonts/open-sans-v15-latin-regular.woff2 new file mode 100644 index 000000000..c8050c25f Binary files /dev/null and b/roles/httpd/files/html/fonts/open-sans-v15-latin-regular.woff2 differ diff --git a/roles/httpd/tasks/html.yml b/roles/httpd/tasks/html.yml index df00e4266..459441df1 100644 --- a/roles/httpd/tasks/html.yml +++ b/roles/httpd/tasks/html.yml @@ -59,9 +59,9 @@ with_fileglob: - html/services/* -- name: Create symlink from assets to /etc/iiab/iiab.ini +- name: Create symlink from assets to {{ iiab_ini_file }} file: - src: "/etc/iiab/iiab.ini" + src: "{{ iiab_ini_file }}" dest: "{{ doc_root }}/common/assets/iiab.ini" owner: root group: root diff --git a/roles/httpd/templates/refresh-wiki-docs.sh b/roles/httpd/templates/refresh-wiki-docs.sh index f1124c714..1d6bb20b8 100755 --- a/roles/httpd/templates/refresh-wiki-docs.sh +++ b/roles/httpd/templates/refresh-wiki-docs.sh @@ -3,7 +3,7 @@ # Pull down repo's entire wiki (and similar) to create offline docs set -e -source /etc/iiab/iiab.env +source {{ iiab_env_file }} INPUT=/tmp/iiab-wiki OUTPUT=/tmp/iiab-wiki.out DESTPATH=/library/www/html/info diff --git a/roles/idmgr/tasks/main.yml b/roles/idmgr/tasks/main.yml index 1140ca947..5b49d3f76 100644 --- a/roles/idmgr/tasks/main.yml +++ b/roles/idmgr/tasks/main.yml @@ -80,7 +80,7 @@ line=allowsftp - name: Add idmgr to service list - ini_file: dest='{{ service_filelist }}' + ini_file: dest='{{ iiab_ini_file }}' section=idmgr option='{{ item.option }}' value='{{ item.value }}' diff --git a/roles/iiab-admin/defaults/main.yml b/roles/iiab-admin/defaults/main.yml index 10c2940e5..f58901620 100644 --- a/roles/iiab-admin/defaults/main.yml +++ b/roles/iiab-admin/defaults/main.yml @@ -1,5 +1,21 @@ ---- -# must keep roles/0-once/defaults/main.yml sync'd -# The values here are defaults. +# Must keep roles/0-init/defaults/main.yml sync'd ? (Seems no longer true as of 2018-10-15) +# Set iiab_admin_user_install: False if you don't want iiab_admin_user & wheel +# group auto-created in roles/iiab-admin/tasks/main.yml (hence disabling sudo- +# checks/warnings of published passwds like pi/raspberry & iiab-admin/g0adm1n). +iiab_admin_user_install: True +# If iiab_admin_user_install: False, set iiab_admin_user (below) to an existing +# Linux user that has sudo access, for login to Admin Console http://box/admin + +# ODDLY THIS IS ALSO USED BY roles/usb-lib/tasks/main.yml TO SET GROUP PERM FOR /library/www/html/local_content (ISN'T {{ apache_user }} MORE APPROPRIATE?) iiab_admin_user: iiab-admin + +# For live checks/alerts of published pwds +iiab_admin_published_pwd: g0adm1n + +# Password hash to override above, if Ansible creates above user: +iiab_admin_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. +# Obtain a password hash - NEW MORE SECURE WAY: +# python3 -c 'import crypt; print(crypt.crypt("", crypt.mksalt(crypt.METHOD_SHA512)))' +# Obtain a password hash - OLD WAY: +# python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")' diff --git a/roles/iiab-admin/tasks/admin-user.yml b/roles/iiab-admin/tasks/admin-user.yml index 7fa6ff147..9542881c3 100644 --- a/roles/iiab-admin/tasks/admin-user.yml +++ b/roles/iiab-admin/tasks/admin-user.yml @@ -1,7 +1,7 @@ -- name: Create iiab-admin user and password +- name: Create user {{ iiab_admin_user }} for Admin Console; set password from hardcoded hash if newly creating account user: name: "{{ iiab_admin_user }}" - password: "{{ iiab_admin_passw_hash }}" + password: "{{ iiab_admin_pwd_hash }}" update_password: on_create shell: /bin/bash @@ -16,7 +16,7 @@ state: present when: is_redhat -- name: Add user to wheel group +- name: 'Add user {{ iiab_admin_user }} to groups: wheel, sudo' user: name: "{{ iiab_admin_user }}" groups: wheel,sudo diff --git a/roles/iiab-admin/tasks/main.yml b/roles/iiab-admin/tasks/main.yml index 5267c18fe..d0e05db90 100644 --- a/roles/iiab-admin/tasks/main.yml +++ b/roles/iiab-admin/tasks/main.yml @@ -1,15 +1,15 @@ - include_tasks: admin-user.yml tags: - base - when: admin_install + when: iiab_admin_user_install - include_tasks: access.yml tags: - base -- name: Add 'iiab-admin' to list at /etc/iiab/iiab.ini +- name: Add 'iiab-admin' to list at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: iiab-admin option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/iiab-admin/templates/lxde_ssh_warn.sh b/roles/iiab-admin/templates/lxde_ssh_warn.sh index 4f1fcf1b8..96180e07c 100755 --- a/roles/iiab-admin/templates/lxde_ssh_warn.sh +++ b/roles/iiab-admin/templates/lxde_ssh_warn.sh @@ -1,22 +1,32 @@ #!/bin/bash + +function check_user_pwd() { + # $meth (hashing method) is typically '6' which implies 5000 rounds + # of SHA-512 per /etc/login.defs -> /etc/pam.d/common-password + meth=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2 | cut -d$ -f2) + salt=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2 | cut -d$ -f3) + hash=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2 | cut -d$ -f4) + [ $(python3 -c "import crypt; print(crypt.crypt('$2', '\$$meth\$$salt'))") == "\$$meth\$$salt\$$hash" ] +} + # credit to the folks at raspberry pi foundatioon -check_hash () -{ +check_hash () { if ! id -u iiab-admin > /dev/null 2>&1 ; then return 0 ; fi if grep -q "^PasswordAuthentication\s*no" /etc/ssh/sshd_config ; then return 0 ; fi - test -x /usr/bin/mkpasswd || return 0 - SHADOW="$(sudo -n grep -E '^iiab-admin:' /etc/shadow 2>/dev/null)" - test -n "${SHADOW}" || return 0 - if echo $SHADOW | grep -q "iiab-admin:!" ; then return 0 ; fi - SHADOW_PW=$(echo $SHADOW | cut -d: -f2) - if [ "$SHADOW_PW" != "\$6\$iiab51\$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop." ]; then return 0 ; fi - - if echo "${SHADOW}" | grep -q "${HASH}"; then - zenity --warning --text="SSH is enabled and the default password for the 'iiab-admin' user has not been changed.\nThis is a security risk - please go to the iiab-console and use utilities-> change password to set a new password." + #test -x /usr/bin/mkpasswd || return 0 + #SHADOW="$(sudo -n grep -E '^iiab-admin:' /etc/shadow 2>/dev/null)" + #test -n "${SHADOW}" || return 0 + #if echo $SHADOW | grep -q "iiab-admin:!" ; then return 0 ; fi + #SHADOW_PW=$(echo $SHADOW | cut -d: -f2) + #if [ "$SHADOW_PW" != "\$6\$iiab51\$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop." ]; then return 0 ; fi + #if echo "${SHADOW}" | grep -q "${HASH}"; then + if check_user_pwd "iiab-admin" "{{ iiab_admin_published_pwd }}"; then + zenity --warning --text="SSH is enabled and the published password for user 'iiab-admin' is in use.\nTHIS IS A SECURITY RISK - please change its password using IIAB's Admin Console (http://box/admin) -> Utilities -> Change Password." fi } -if service ssh status | grep -q running; then - check_hash -fi +#if service ssh status | grep -q running; then +# check_hash +#fi +systemctl is-active {{ sshd_service }} > /dev/null && check_hash unset check_hash diff --git a/roles/iiab-admin/templates/profile_ssh_warn.sh b/roles/iiab-admin/templates/profile_ssh_warn.sh index 4e93769f7..9f18e40be 100755 --- a/roles/iiab-admin/templates/profile_ssh_warn.sh +++ b/roles/iiab-admin/templates/profile_ssh_warn.sh @@ -1,19 +1,28 @@ #!/bin/bash -# credit to the folks at raspberry pi foundatioon -check_hash () -{ - if ! id -u iiab-admin > /dev/null 2>&1 ; then return 0 ; fi - if grep -q "^PasswordAuthentication\s*no" /etc/ssh/sshd_config ; then return 0 ; fi - SHADOW="$(sudo -n grep -E '^iiab-admin:' /etc/shadow 2>/dev/null)" - test -n "${SHADOW}" || return 0 - if echo $SHADOW | grep -q "iiab-admin:!" ; then return 0 ; fi - SHADOW_PW=$(echo $SHADOW | cut -d: -f2) - if [ "$SHADOW_PW" != '{{ iiab_admin_passw_hash }}' ]; then return 0 ; fi - echo - echo "SSH is enabled and the default password for the 'iiab-admin' user is unchanged." - echo "This is a security risk - please login as the 'iiab-admin' user and type 'passwd' to change password." - echo +function check_user_pwd() { + # $meth (hashing method) is typically '6' which implies 5000 rounds + # of SHA-512 per /etc/login.defs -> /etc/pam.d/common-password + meth=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2 | cut -d$ -f2) + salt=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2 | cut -d$ -f3) + hash=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2 | cut -d$ -f4) + [ $(python3 -c "import crypt; print(crypt.crypt('$2', '\$$meth\$$salt'))") == "\$$meth\$$salt\$$hash" ] +} + +# credit to the folks at raspberry pi foundatioon +check_hash () { + if ! id -u iiab-admin > /dev/null 2>&1 ; then return 0 ; fi + if grep -q "^PasswordAuthentication\s*no" /etc/ssh/sshd_config ; then return 0 ; fi + #SHADOW="$(sudo -n grep -E '^iiab-admin:' /etc/shadow 2>/dev/null)" + #test -n "${SHADOW}" || return 0 + #if echo $SHADOW | grep -q "iiab-admin:!" ; then return 0 ; fi + #SHADOW_PW=$(echo $SHADOW | cut -d: -f2) + #if [ "$SHADOW_PW" != '{{ iiab_admin_pwd_hash }}' ]; then return 0 ; fi + if check_user_pwd "iiab-admin" "{{ iiab_admin_published_pwd }}"; then + echo -e "\nSSH is enabled and the published password for user 'iiab-admin' is in use." + echo -e "THIS IS A SECURITY RISK - please log in as user 'iiab-admin' and run 'passwd'" + echo -e "to change its password.\n" + fi } systemctl is-active {{ sshd_service }} > /dev/null && check_hash diff --git a/roles/kalite/tasks/main.yml b/roles/kalite/tasks/main.yml index 07c965d68..900ce6db3 100644 --- a/roles/kalite/tasks/main.yml +++ b/roles/kalite/tasks/main.yml @@ -36,9 +36,9 @@ - include_tasks: enable.yml -- name: Add 'kalite' to list of services at /etc/iiab/iiab.ini +- name: Add 'kalite' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: kalite option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/kalite/templates/settings.py.j2 b/roles/kalite/templates/settings.py.j2.deprecated similarity index 100% rename from roles/kalite/templates/settings.py.j2 rename to roles/kalite/templates/settings.py.j2.deprecated diff --git a/roles/kiwix/tasks/kiwix_install.yml b/roles/kiwix/tasks/kiwix_install.yml index 40b19a002..71e4fc7ad 100644 --- a/roles/kiwix/tasks/kiwix_install.yml +++ b/roles/kiwix/tasks/kiwix_install.yml @@ -149,9 +149,9 @@ # 5. FINALIZE -- name: Add 'kiwix' to list of services at /etc/iiab/iiab.ini +- name: Add 'kiwix' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: kiwix option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/kiwix/templates/iiab-make-kiwix-lib.py b/roles/kiwix/templates/iiab-make-kiwix-lib.py index 8f993c0cb..29b2a4a68 100644 --- a/roles/kiwix/templates/iiab-make-kiwix-lib.py +++ b/roles/kiwix/templates/iiab-make-kiwix-lib.py @@ -29,13 +29,13 @@ if not IIAB_PATH in sys.path: from iiab_env import get_iiab_env # Config Files -# iiab_config_file should be in /etc/iiab/iiab.env -iiab_config_file = "{{ iiab_config_file }}" # nominally /etc/iiab/iiab.ini -# iiab_config_file = "/etc/iiab/iiab.ini" # comment out after testing +# iiab_ini_file should be in {{ iiab_env_file }} (/etc/iiab/iiab.env) ? +iiab_ini_file = "{{ iiab_ini_file }}" # nominally /etc/iiab/iiab.ini +# iiab_ini_file = "/etc/iiab/iiab.ini" # comment out after testing IIAB_INI = get_iiab_env('IIAB_INI') # future if IIAB_INI: - iiab_config_file = IIAB_INI + iiab_ini_file = IIAB_INI # Variables that should be read from config file # All of these variables will be read from config files and recomputed in init() @@ -187,7 +187,7 @@ def init(): global kiwix_manage config = ConfigParser.SafeConfigParser() - config.read(iiab_config_file) + config.read(iiab_ini_file) iiab_base_path = config.get('location','iiab_base') zim_path = config.get('kiwix','iiab_zim_path') kiwix_library_xml = config.get('kiwix','kiwix_library_xml') diff --git a/roles/kolibri/tasks/main.yml b/roles/kolibri/tasks/main.yml index ab04f2832..e7f7cd8ec 100644 --- a/roles/kolibri/tasks/main.yml +++ b/roles/kolibri/tasks/main.yml @@ -80,9 +80,9 @@ state: stopped when: not kolibri_enabled -- name: Add 'kolibri' to list of services at /etc/iiab/iiab.ini +- name: Add 'kolibri' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: kolibri option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index bba5386da..e217e7e37 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -85,9 +85,9 @@ name: "{{ apache_service }}" state: restarted -- name: Add 'mediawiki' to list of services at /etc/iiab/iiab.ini +- name: Add 'mediawiki' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: mediawiki option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index e52e10360..e29e852a9 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -60,9 +60,9 @@ # state: stopped # when: not mongodb_enabled -- name: Add 'mongodb' to list of services at /etc/iiab/iiab.ini +- name: Add 'mongodb' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: mongodb option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/monit/tasks/main.yml b/roles/monit/tasks/main.yml index 0f3b96658..512030f14 100644 --- a/roles/monit/tasks/main.yml +++ b/roles/monit/tasks/main.yml @@ -45,9 +45,9 @@ #- name: Restart monit service # command: service monit restart -- name: Add 'monit' to list of services at /etc/iiab/iiab.ini +- name: Add 'monit' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: monit option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/moodle-1.9/moodle/tasks/main.yml b/roles/moodle-1.9/moodle/tasks/main.yml index 8c355b9a4..0f1cb82be 100644 --- a/roles/moodle-1.9/moodle/tasks/main.yml +++ b/roles/moodle-1.9/moodle/tasks/main.yml @@ -76,7 +76,7 @@ register: moodlepw - name: add moodle to service list - ini_file: dest='{{ service_filelist }}' + ini_file: dest='{{ iiab_ini_file }}' section=moodle option='{{ item.option }}' value='{{ item.value }}' diff --git a/roles/moodle/tasks/main.yml b/roles/moodle/tasks/main.yml index 7374ae31e..a13013c21 100644 --- a/roles/moodle/tasks/main.yml +++ b/roles/moodle/tasks/main.yml @@ -155,9 +155,9 @@ path: "{{ moodle_base }}/config.php" mode: 0644 -- name: Add 'moodle' to list of services at /etc/iiab/iiab.ini +- name: Add 'moodle' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: moodle option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/munin/tasks/main.yml b/roles/munin/tasks/main.yml index 6becb81cf..9d983770f 100644 --- a/roles/munin/tasks/main.yml +++ b/roles/munin/tasks/main.yml @@ -84,9 +84,9 @@ - /usr/share/munin/plugins/mysql_threads when: mysql_enabled -- name: Add 'munin' to list of services at /etc/iiab/iiab.ini +- name: Add 'munin' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: munin option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/mysql/tasks/main.yml b/roles/mysql/tasks/main.yml index 3fad2b357..8fccfaf09 100644 --- a/roles/mysql/tasks/main.yml +++ b/roles/mysql/tasks/main.yml @@ -133,9 +133,9 @@ state: stopped when: not mysql_enabled - - name: Add 'mysql' to list of services at /etc/iiab/iiab.ini + - name: Add 'mysql' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: mysql option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/network/tasks/computed_network.yml b/roles/network/tasks/computed_network.yml index 5e1bcebe6..57b48ba06 100644 --- a/roles/network/tasks/computed_network.yml +++ b/roles/network/tasks/computed_network.yml @@ -172,9 +172,9 @@ iiab_wan_iface: "none" when: adapter_count.stdout|int >= "5" and device_gw == "none" and gui_wan_iface == "unset" and gui_static_wan is defined -- name: Record IIAB_WAN_DEVICE to /etc/iiab/iiab.env +- name: Record IIAB_WAN_DEVICE to {{ iiab_env_file }} lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^IIAB_WAN_DEVICE=*' line: 'IIAB_WAN_DEVICE="{{ iiab_wan_iface }}"' state: present @@ -182,9 +182,9 @@ tags: - network -- name: Record IIAB_LAN_DEVICE to /etc/iiab/iiab.env +- name: Record IIAB_LAN_DEVICE to {{ iiab_env_file }} lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^IIAB_LAN_DEVICE=*' line: 'IIAB_LAN_DEVICE="{{ iiab_lan_iface }}"' state: present @@ -192,9 +192,9 @@ tags: - network -- name: Add 'computed_network' variable values to /etc/iiab/iiab.ini +- name: Add 'computed_network' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_config_file }}" + dest: "{{ iiab_ini_file }}" section: computed_network option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/network/tasks/computed_services.yml b/roles/network/tasks/computed_services.yml index 73f9cfa61..de67c7c97 100644 --- a/roles/network/tasks/computed_services.yml +++ b/roles/network/tasks/computed_services.yml @@ -49,9 +49,9 @@ dhcp_service2: "dnsmasq disabled" when: dnsmasq_install and iiab_network_mode == "Appliance" -- name: Add 'network' variable values (from computed_services.yml) to /etc/iiab/iiab.ini +- name: Add 'network' variable values (from computed_services.yml) to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_config_file }}" + dest: "{{ iiab_ini_file }}" section: network option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 4c9ea455c..8374de92f 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -1,5 +1,5 @@ - name: iiab_wan_device - shell: grep IIAB_WAN_DEVICE /etc/iiab/iiab.env | awk -F "=" '{print $2}' + shell: grep IIAB_WAN_DEVICE {{ iiab_env_file }} | awk -F "=" '{print $2}' when: iiab_stage|int > 4 register: prior_gw @@ -188,9 +188,9 @@ gui_wan_iface: "{{ device_gw }}" when: user_wan_iface == "auto" and device_gw != "none" and discovered_wan_iface == "none" -- name: Add 'detected_network' variable values to /etc/iiab/iiab.ini +- name: Add 'detected_network' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_config_file }}" + dest: "{{ iiab_ini_file }}" section: detected_network option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index c4b2fac76..1eb1d18d1 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -79,7 +79,7 @@ - name: Create xs_httpcache flag lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^HTTPCACHE_ON=*' line: 'HTTPCACHE_ON=True' state: present @@ -121,7 +121,7 @@ - name: Remove xs_httpcache flag lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^HTTPCACHE_ON=*' line: 'HTTPCACHE_ON=False' state: present @@ -150,9 +150,9 @@ with_items: - { 0: 'gateway/iiab-gen-iptables', 1: '/usr/bin/iiab-gen-iptables' } -- name: Add 'squid' to list of services at /etc/iiab/iiab.ini +- name: Add 'squid' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: squid option: "{{ item.option }}" value: "{{ item.value }}" @@ -160,9 +160,9 @@ - option: enabled value: "{{ squid_enabled }}" -- name: Add 'dansguardian' to list of services at /etc/iiab/iiab.ini +- name: Add 'dansguardian' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: dansguardian option: "{{ item.option }}" value: "{{ item.value }}" @@ -170,9 +170,9 @@ - option: enabled value: "{{ dansguardian_enabled }}" -- name: Add 'wondershaper' to list of services at /etc/iiab/iiab.ini +- name: Add 'wondershaper' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: wondershaper option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index f27e60470..f44cce108 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -55,9 +55,9 @@ enabled: yes when: hostapd_enabled and iiab_wireless_lan_iface is defined and iiab_network_mode != "Appliance" -- name: Record HOSTAPD_ENABLED to /etc/iiab/iiab.env +- name: Record HOSTAPD_ENABLED to {{ iiab_env_file }} lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^HOSTAPD_ENABLED=*' line: 'HOSTAPD_ENABLED={{ hostapd_enabled }}' state: present diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index d5736714d..8dde0ad30 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -11,7 +11,7 @@ no_net_restart: True # used below in (1) sysd-netd-debian.yml, # (2) debian.yml, (3) rpi_debian.yml when: discovered_wireless_iface == iiab_wan_iface and not reboot_to_AP -# EITHER WAY: hostapd_enabled's state is RECORDED into /etc/iiab/iiab.env +# EITHER WAY: hostapd_enabled's state is RECORDED into {{ iiab_env_file }} # in hostapd.yml for later use by... # /usr/libexec/iiab-startup.sh, iiab-hotspot-off & iiab-hotspot-on # diff --git a/roles/network/tasks/squid.yml b/roles/network/tasks/squid.yml index e4f504f32..311339056 100644 --- a/roles/network/tasks/squid.yml +++ b/roles/network/tasks/squid.yml @@ -83,9 +83,9 @@ when: dansguardian_install # {{ proxy }} is normally "squid", but is "squid3" on raspbian-8 & debian-8 -- name: Add '{{ proxy }}' to list of services at /etc/iiab/iiab.ini +- name: Add '{{ proxy }}' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: "{{ proxy }}" option: "{{ item.option }}" value: "{{ item.value }}" @@ -97,9 +97,9 @@ - option: enabled value: "{{ squid_enabled }}" -- name: Add 'dansguardian' variable values to /etc/iiab/iiab.ini +- name: Add 'dansguardian' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: dansguardian option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/network/tasks/wondershaper.yml b/roles/network/tasks/wondershaper.yml index 43c6cd89c..6f62922af 100644 --- a/roles/network/tasks/wondershaper.yml +++ b/roles/network/tasks/wondershaper.yml @@ -38,9 +38,9 @@ group: root state: link -- name: Add 'wondershaper' variable values to /etc/iiab/iiab.ini +- name: Add 'wondershaper' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: wondershaper option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 1494a2bee..4c77847a0 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -1,5 +1,5 @@ #!/bin/bash -x -source /etc/iiab/iiab.env +source {{ iiab_env_file }} {% if is_debuntu %} IPTABLES=/sbin/iptables IPTABLES_DATA=/etc/iptables.up.rules @@ -9,7 +9,7 @@ IPTABLES_DATA=/etc/sysconfig/iptables {% endif %} LANIF=$IIAB_LAN_DEVICE WANIF=$IIAB_WAN_DEVICE -MODE=`grep iiab_network_mode_applied /etc/iiab/iiab.ini | gawk '{print $3}'` +MODE=`grep iiab_network_mode_applied {{ iiab_ini_file }} | gawk '{print $3}'` clear_fw() { $IPTABLES -F diff --git a/roles/network/templates/network/iiab-hotspot-off b/roles/network/templates/network/iiab-hotspot-off index 31b1d5ffc..0bb81e8f2 100755 --- a/roles/network/templates/network/iiab-hotspot-off +++ b/roles/network/templates/network/iiab-hotspot-off @@ -16,4 +16,4 @@ if grep -qi raspbian /etc/*release; then ip link set dev wlan0 promisc on fi -sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=False/" /etc/iiab/iiab.env +sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=False/" {{ iiab_env_file }} diff --git a/roles/network/templates/network/iiab-hotspot-on b/roles/network/templates/network/iiab-hotspot-on index bb264ca92..5d225abeb 100755 --- a/roles/network/templates/network/iiab-hotspot-on +++ b/roles/network/templates/network/iiab-hotspot-on @@ -17,6 +17,6 @@ if grep -qi raspbian /etc/*release; then ip link set dev wlan0 promisc off fi -sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" /etc/iiab/iiab.env +sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }} echo -e "\nPlease consider rebooting now.\n" diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index d95bd15ff..af2930de5 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -162,9 +162,9 @@ # following enables and disables - include_tasks: nextcloud_enabled.yml -- name: Add 'nextcloud' to list of services at /etc/iiab/iiab.ini +- name: Add 'nextcloud' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: Nextcloud option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/nodogsplash/tasks/rpi.yml b/roles/nodogsplash/tasks/rpi.yml index b43838118..2bf76b9e2 100644 --- a/roles/nodogsplash/tasks/rpi.yml +++ b/roles/nodogsplash/tasks/rpi.yml @@ -52,9 +52,9 @@ state: stopped when: not nodogsplash_enabled -- name: Add 'nodogsplash' to list of services at /etc/iiab/iiab.ini +- name: Add 'nodogsplash' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: nodogsplash option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 6efc9cb9b..06263d4de 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -206,9 +206,9 @@ # when: not openvpn_enabled and not installing -- name: Add 'openvpn' to list of services at /etc/iiab/iiab.ini +- name: Add 'openvpn' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: openvpn option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/openvpn/templates/announcer.j2 b/roles/openvpn/templates/announcer.j2 index f453abf24..bc71bb6c7 100755 --- a/roles/openvpn/templates/announcer.j2 +++ b/roles/openvpn/templates/announcer.j2 @@ -19,10 +19,10 @@ if [ -f /etc/iiab/openvpn_handle ]; then #else # # Option #3: Dangerous to invoke hypothetical variables :( -# source /etc/iiab/iiab.env -# # Option #4: CAUSED FAILURES IN AUGUST 2018, invoking stale variable from /etc/iiab/iiab.ini, but safer now that relegated to #4 ? +# source {{ iiab_env_file }} +# # Option #4: CAUSED FAILURES IN AUGUST 2018, invoking stale variable from {{ iiab_ini_file }}, but safer now that relegated to #4 ? # if [ -z "$HANDLE" ]; then -# HANDLE=`cat /etc/iiab/iiab.ini | gawk \ +# HANDLE=`cat {{ iiab_ini_file }} | gawk \ # '{ if((toupper($1) == "HANDLE") && ($2 == "=")) { print $3;}}'` # fi fi diff --git a/roles/osm/tasks/main.yml b/roles/osm/tasks/main.yml index 83a2840c4..984b8ebd1 100644 --- a/roles/osm/tasks/main.yml +++ b/roles/osm/tasks/main.yml @@ -174,9 +174,9 @@ name: "{{ apache_service }}" state: restarted -- name: Add 'osm' to list of services at /etc/iiab/iiab.ini +- name: Add 'osm' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: osm option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/owncloud/tasks/main.yml b/roles/owncloud/tasks/main.yml index 12bcbdcc8..e01b79149 100644 --- a/roles/owncloud/tasks/main.yml +++ b/roles/owncloud/tasks/main.yml @@ -106,7 +106,7 @@ when: owncloud_enabled - name: Add owncloud to service list - ini_file: dest='{{ service_filelist }}' + ini_file: dest='{{ iiab_ini_file }}' section=owncloud option='{{ item.option }}' value='{{ item.value }}' diff --git a/roles/pathagar/tasks/main.yml b/roles/pathagar/tasks/main.yml index 059285172..f50e042f7 100644 --- a/roles/pathagar/tasks/main.yml +++ b/roles/pathagar/tasks/main.yml @@ -193,9 +193,9 @@ name: "{{ apache_service }}" state: reloaded -- name: Add 'pathagar' to list of services at /etc/iiab/iiab.ini +- name: Add 'pathagar' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: pathagar option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/phpmyadmin/tasks/main.yml b/roles/phpmyadmin/tasks/main.yml index a66a13a83..fabe8fd94 100644 --- a/roles/phpmyadmin/tasks/main.yml +++ b/roles/phpmyadmin/tasks/main.yml @@ -65,9 +65,9 @@ state: absent when: not phpmyadmin_enabled and is_debuntu -- name: Add 'phpmyadmin' to list of services at /etc/iiab/iiab.ini +- name: Add 'phpmyadmin' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: phpmyadmin option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml index 57eab26bc..e425f1439 100644 --- a/roles/postgresql/tasks/main.yml +++ b/roles/postgresql/tasks/main.yml @@ -93,9 +93,9 @@ enabled: no when: not postgresql_enabled -- name: Add 'postgresql' to list of services at /etc/iiab/iiab.ini +- name: Add 'postgresql' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: postgresql option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/rachel/tasks/main.yml b/roles/rachel/tasks/main.yml index f37843250..98c45c26f 100644 --- a/roles/rachel/tasks/main.yml +++ b/roles/rachel/tasks/main.yml @@ -24,7 +24,7 @@ when: rachel_enabled and rachel_content_found - name: Add rachel to service list - ini_file: dest='{{ service_filelist }}' + ini_file: dest='{{ iiab_ini_file }}' section=rachel option='{{ item.option }}' value='{{ item.value }}' diff --git a/roles/samba/tasks/main.yml b/roles/samba/tasks/main.yml index fe8e646a5..e0ca97901 100755 --- a/roles/samba/tasks/main.yml +++ b/roles/samba/tasks/main.yml @@ -71,9 +71,9 @@ - samba when : not samba_enabled -- name: Add 'samba' to list of services at /etc/iiab/iiab.ini +- name: Add 'samba' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: samba option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/schooltool/tasks/main.yml b/roles/schooltool/tasks/main.yml index f29f2c0f2..36a79d977 100644 --- a/roles/schooltool/tasks/main.yml +++ b/roles/schooltool/tasks/main.yml @@ -56,7 +56,7 @@ when: not schooltool_enabled - name: add schooltool to service list - ini_file: dest='{{ service_filelist }}' + ini_file: dest='{{ iiab_ini_file }}' section=schooltool option='{{ item.option }}' value='{{ item.value }}' diff --git a/roles/sugar-stats/tasks/main.yml b/roles/sugar-stats/tasks/main.yml index 6f9f708dc..2dd60cd8e 100644 --- a/roles/sugar-stats/tasks/main.yml +++ b/roles/sugar-stats/tasks/main.yml @@ -41,7 +41,7 @@ - include_tasks: statistics-consolidation.yml - name: Add sugar-stats to service list - ini_file: dest='{{ service_filelist }}' + ini_file: dest='{{ iiab_ini_file }}' section=sugar_stats option='{{ item.option }}' value='{{ item.value }}' diff --git a/roles/sugarizer/tasks/main.yml b/roles/sugarizer/tasks/main.yml index df2ce5cab..c8bf1cb57 100644 --- a/roles/sugarizer/tasks/main.yml +++ b/roles/sugarizer/tasks/main.yml @@ -228,9 +228,9 @@ # state: stopped # when: not sugarizer_enabled -- name: Add 'sugarizer' to list of services at /etc/iiab/iiab.ini +- name: Add 'sugarizer' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: sugarizer option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/teamviewer/tasks/main.yml b/roles/teamviewer/tasks/main.yml index 7ea48de93..8fcede986 100644 --- a/roles/teamviewer/tasks/main.yml +++ b/roles/teamviewer/tasks/main.yml @@ -9,7 +9,7 @@ when: teamviewer_install - name: Add teamviewer to service list - ini_file: dest='{{ service_filelist }}' + ini_file: dest='{{ iiab_ini_file }}' section=teamviewer option='{{ item.option }}' value='{{ item.value }}' diff --git a/roles/transmission/tasks/main.yml b/roles/transmission/tasks/main.yml index 2836816dc..93096c8c1 100644 --- a/roles/transmission/tasks/main.yml +++ b/roles/transmission/tasks/main.yml @@ -54,9 +54,9 @@ state: stopped when: not transmission_enabled -- name: Add transmission to list of services at /etc/iiab/iiab.ini +- name: Add transmission to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: transmission option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/usb-lib/tasks/main.yml b/roles/usb-lib/tasks/main.yml index e146ecf90..4fa46ca42 100644 --- a/roles/usb-lib/tasks/main.yml +++ b/roles/usb-lib/tasks/main.yml @@ -3,7 +3,7 @@ dest: "{{ doc_root }}/local_content" state: directory owner: "{{ apache_user }}" - group: "{{ iiab_admin_user }}" + group: "{{ iiab_admin_user }}" # ISN'T "{{ apache_user }}" MORE APPROPRIATE? mode: 0775 - name: Copy mount file to usbmount when enabled @@ -55,7 +55,7 @@ - name: Put variable in iiab.env that enables display of content at root of USB lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: "^IIAB_USB_LIB_SHOW_ALL.*" line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}" @@ -87,7 +87,7 @@ - name: Add usb-lib to service list ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: usb-lib option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/usb-lib/templates/iiab-usb-lib-show-all-off b/roles/usb-lib/templates/iiab-usb-lib-show-all-off index adeff4c81..06f36ba70 100644 --- a/roles/usb-lib/templates/iiab-usb-lib-show-all-off +++ b/roles/usb-lib/templates/iiab-usb-lib-show-all-off @@ -1,5 +1,5 @@ #!/bin/bash # turn on the flag which registers new USB sticks at root directory -sed -i -e's/^IIAB_USB_LIB_SHOW_ALL.*/IIAB_USB_LIB_SHOW_ALL=False/' /etc/iiab/iiab.env +sed -i -e's/^IIAB_USB_LIB_SHOW_ALL.*/IIAB_USB_LIB_SHOW_ALL=False/' {{ iiab_env_file }} diff --git a/roles/usb-lib/templates/iiab-usb-lib-show-all-on b/roles/usb-lib/templates/iiab-usb-lib-show-all-on index 297f37025..83a03f225 100644 --- a/roles/usb-lib/templates/iiab-usb-lib-show-all-on +++ b/roles/usb-lib/templates/iiab-usb-lib-show-all-on @@ -1,5 +1,5 @@ #!/bin/bash # turn on the flag which registers new USB sticks at root directory -sed -i -e's/^IIAB_USB_LIB_SHOW_ALL.*/IIAB_USB_LIB_SHOW_ALL=True/' /etc/iiab/iiab.env +sed -i -e's/^IIAB_USB_LIB_SHOW_ALL.*/IIAB_USB_LIB_SHOW_ALL=True/' {{ iiab_env_file }} diff --git a/roles/usb-lib/templates/mount.d/70-usb-library b/roles/usb-lib/templates/mount.d/70-usb-library index 02328339d..11358220d 100644 --- a/roles/usb-lib/templates/mount.d/70-usb-library +++ b/roles/usb-lib/templates/mount.d/70-usb-library @@ -9,7 +9,7 @@ # # by Tim Moody tim@timmoody.com -source /etc/iiab/iiab.env +source {{ iiab_env_file }} case $IIAB_USB_LIB_SHOW_ALL in 'True'|'true'|'TRUE') logger -p user.notice -t "70-usb-library" -- "Displaying root directory on $UM_MOUNTPOINT." diff --git a/roles/vnstat/tasks/main.yml b/roles/vnstat/tasks/main.yml index 63fcbad7c..2a50284f5 100644 --- a/roles/vnstat/tasks/main.yml +++ b/roles/vnstat/tasks/main.yml @@ -29,9 +29,9 @@ enabled: yes state: started -- name: Add 'vnstat' to list of services at /etc/iiab/iiab.ini +- name: Add 'vnstat' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: vnstat option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index 9a51aa587..6ad6ea2e9 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -135,9 +135,9 @@ name: "{{ apache_service }}" state: restarted -- name: Add 'wordpress' to list of services at /etc/iiab/iiab.ini +- name: Add 'wordpress' to list of services at {{ iiab_ini_file }} ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: wordpress option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/xovis/tasks/main.yml b/roles/xovis/tasks/main.yml index 38f4469db..e200239c0 100644 --- a/roles/xovis/tasks/main.yml +++ b/roles/xovis/tasks/main.yml @@ -82,7 +82,7 @@ when: xovis_enabled - name: Add xovis to service list - ini_file: dest='{{ service_filelist }}' + ini_file: dest='{{ iiab_ini_file }}' section=xovis option='{{ item.option }}' value='{{ item.value }}' diff --git a/runansible.deprecated b/runansible.deprecated deleted file mode 100755 index ef7afb58b..000000000 --- a/runansible.deprecated +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash -e - -echo "Please consider ./iiab-install instead of the lesser-supported ./runansible" - -PLAYBOOK="iiab.yml" -INVENTORY="ansible_hosts" -# Pass cmdline options for ansible -ARGS="$@" - -# if vars/local_vars.yml is missing, put a default one in place - First Run -if [ ! -f ./vars/local_vars.yml ]; then - OS=`grep ^ID= /etc/*release|cut -d= -f2` - OS=${OS//\"/} - - case $OS in - OLPC | fedora) - cp ./vars/local_vars_olpc.yml ./vars/local_vars.yml - ;; - centos | debian | ubuntu | raspbian) - cp ./vars/local_vars_medium.yml ./vars/local_vars.yml - ;; - *) - echo "IIAB supports raspbian, debian, ubuntu, centos, and OLPC - exiting now..." - exit 1 - ;; - esac -fi - -# copy var files to /etc/iiab for subsequent use -# If iiab.env exists, on second or upgrade run, check for stale variables -# iiab.env gets created at the end of stage-4 on First Run -if [ -f /etc/iiab/iiab.env ] -then - OLD=`grep XSCE /etc/iiab/iiab.env | wc -l` - if [ "$OLD" -gt 0 ] - then - rm /etc/iiab/iiab.env - else - . /etc/iiab/iiab.env - cd $IIAB_DIR - fi -else - mkdir -p /etc/iiab - echo "{}" > /etc/iiab/config_vars.yml -fi - -CWD=`pwd` - -if [ ! -f $PLAYBOOK ] -then - echo "IIAB Playbook not found." - echo "Please run this command from the top level of the git repo." - echo "Exiting." - exit 1 -fi - -if [ ! -f /etc/ansible/facts.d/local_facts.fact ]; then - mkdir -p /etc/ansible/facts.d -fi -cp ./scripts/local_facts.fact /etc/ansible/facts.d/local_facts.fact - -echo "Running local playbooks! " - - -export ANSIBLE_LOG_PATH="$CWD/iiab-install.log" -ansible -m setup -i $INVENTORY localhost --connection=local >> /dev/null - -ansible-playbook -i $INVENTORY $PLAYBOOK ${ARGS} --connection=local diff --git a/runtags.deprecated b/runtags.deprecated deleted file mode 100755 index 2c6e3f7c4..000000000 --- a/runtags.deprecated +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash - -INVENTORY="ansible_hosts" -PLAYBOOK="iiab.yml" -#PLAYBOOK="iiab-stages.yml" -CWD=`pwd` - -export ANSIBLE_LOG_PATH="$CWD/iiab-debug.log" - -if [ ! -f $PLAYBOOK ]; then - echo "Exiting: IIAB Playbook not found." - echo "Please run this in /opt/iiab/iiab (top level of the git repo)." - exit 1 -fi - -# Is the following stanza nec? -if [ ! -f /etc/iiab/config_vars.yml ]; then - mkdir -p /etc/iiab - echo "{}" > /etc/iiab/config_vars.yml -fi - -tags=$(echo $1 | tr "," "\n") - -if [ "$tags" == "" ]; then - echo " usage: ./runtags <tagname>" - echo " usage: ./runtags <tagname1>,<tagname2>,<tagname3>" - echo " Can take a single value or a comma-separated list (no spaces within the list!)" - echo " Now retrieving a list of possible Ansible playbook and tagname values..." - ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local --list-tags - exit 0 -fi - -found="N" - -for tag in $tags; do - if [ "$tag" == "0-init" ]; then - found="Y" - fi -done - -taglist=$1 - -if [ "$found" == "N" ]; then - taglist="0-init,"$taglist -fi - -ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local --tags=$taglist diff --git a/tests/test.yml b/tests/test.yml index b1a6d5521..3d858cc75 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -1,61 +1,65 @@ --- - hosts: localhost remote_user: root - # TODO: Making a anisble-iiab roles for ansible-galaxy - # roles: - # - iiab - # For now hardcoding all the roles manually with ls -l roles/ | cut -d " " -f 10 roles: - - ../roles/1-prep - - ../roles/2-common - - ../roles/3-base-server - - ../roles/4-server-options - - ../roles/5-xo-services - - ../roles/6-generic-apps - - ../roles/7-edu-apps - - ../roles/8-mgmt-tools - - ../roles/9-local-addons - - ../roles/activity-server - - ../roles/ajenti - - ../roles/authserver - - ../roles/awstats - - ../roles/calibre - - ../roles/cups - - ../roles/debian_schooltool - - ../roles/docker - - ../roles/dokuwiki - - ../roles/ejabberd - - ../roles/ejabberd_xs - - ../roles/elgg - # Disabling gateway doesn't contain any tasks? - #- ../roles/gateway - - ../roles/httpd - - ../roles/idmgr - - ../roles/iiab-admin - - ../roles/kalite - - ../roles/kiwix - - ../roles/mongodb - - ../roles/monit - - ../roles/moodle - - ../roles/moodle-1.9 - - ../roles/munin - - ../roles/mysql - - ../roles/network - - ../roles/nextcloud - - ../roles/openvpn - - ../roles/osm - - ../roles/owncloud - - ../roles/pathagar - - ../roles/phpmyadmin - - ../roles/postgresql - - ../roles/rachel - - ../roles/samba - - ../roles/schooltool - - ../roles/sshd - - ../roles/sugarizer - - ../roles/sugar-stats - - ../roles/teamviewer - - ../roles/usb-lib - - ../roles/vnstat - - ../roles/wordpress - - ../roles/xovis + - { role: 0-init } + - { role: 1-prep } + - { role: 2-common } + - { role: 3-base-server } + - { role: 4-server-options } + - { role: 5-xo-services } + - { role: 6-generic-apps } + - { role: 7-edu-apps } + - { role: 8-mgmt-tools } + - { role: 9-local-addons } + #- { role: activity-server + #- { role: ajenti } + #- { role: authserver } + - { role: awstats } + - { role: calibre } + - { role: calibre-web } + - { role: cups } + #- { role: debian_schooltool } + #- { role: docker } + - { role: dokuwiki } + - { role: ejabberd } + #- { role: ejabberd_xs } + - { role: elgg } + - { role: homepage } + - { role: httpd } + #- { role: idmgr } + - { role: iiab-admin } + - { role: kalite } + - { role: kiwix } + - { role: kolibri } + - { role: mediawiki } + - { role: mongodb } + - { role: monit } + - { role: moodle } + #- { role: moodle-1.9 } + - { role: munin } + - { role: mysql } + - { role: network } + - { role: nextcloud } + #- { role: nodogsplash } + - { role: openvpn } + - { role: osm } + #- { role: owncloud } + #- { role: pathagar } + - { role: phpmyadmin } + - { role: postgresql } + #- { role: rachel } + - { role: samba } + #- { role: schooltool } + - { role: sshd } + - { role: sugarizer } + #- { role: sugar-stats } + - { role: teamviewer } + - { role: transmission } + - { role: usb-lib } + - { role: vnstat } + - { role: wordpress } + #- { roles: xovis } + +# Let's try to keep the above list synchronized with: +# https://github.com/iiab/iiab/blob/master/unmaintained-roles.txt diff --git a/vars/default_vars.yml b/vars/default_vars.yml index e2912ecef..2bbd8fe7b 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -5,11 +5,12 @@ # By convention we use True/False to indicate boolean constants. -# Installation Constants -content_base: "/library" -#doc_base: "/var" -doc_base: "{{ content_base }}/www" -doc_root: "{{ doc_base }}/html" +# Configuration Files +iiab_local_vars_file: /etc/iiab/local_vars.yml +iiab_env_file: /etc/iiab/iiab.env +iiab_ini_file: /etc/iiab/iiab.ini +#iiab_config_file: "{{ iiab_ini_file }}" # Legacy support / let's phase this out eventually +#service_filelist: "{{ iiab_ini_file }}" # Legacy support / let's phase this out eventually iiab_base: /opt/iiab iiab_dir: "{{ iiab_base }}/iiab" @@ -17,35 +18,32 @@ pip_packages_dir: "{{ iiab_base }}/pip-packages" yum_packages_dir: "{{ iiab_base }}/yum-packages" downloads_dir: "{{ iiab_base }}/downloads" iiab_download_url: http://download.iiab.io/packages + +content_base: "/library" +doc_base: "{{ content_base }}/www" +doc_root: "{{ doc_base }}/html" + # Ansible's default timeout for "get_url:" downloads (10 seconds) often fails download_timeout: 200 -# Configuration File(s) -iiab_config_file: /etc/iiab/iiab.ini -iiab_local_vars_file: /etc/iiab/local_vars.yml -service_filelist: "{{ iiab_config_file }}" - -# The following variable may be useful in debugging -disregard_network: False # use cache or error out if cache does not exist - -# Users and Passwords - -iiab_admin_user: iiab-admin -# Obtain a password hash with: -# python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")' -iiab_admin_passw_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. -admin_install: True - -# Set admin_install: False if you don't want iiab_admin_user & wheel group -# auto-created in roles/iiab-admin/tasks/main.yml, thereby disabling sudo-based -# warnings on use of published passwords like pi/raspberry & iiab-admin/g0adm1n - -# If admin_install: False, set iiab_admin_user (above) to an existing Linux -# user that has sudo access, so you can login to Admin Console http://box/admin - -# Languages +# Languages (for Apache) default_language: en -language_priority: en es +language_priority: en es fr + +# Set iiab_admin_user_install: False if you don't want iiab_admin_user & wheel +# group auto-created in roles/iiab-admin/tasks/main.yml (hence disabling sudo- +# checks/warnings of published passwds like pi/raspberry & iiab-admin/g0adm1n). +iiab_admin_user_install: True +# If iiab_admin_user_install: False, set iiab_admin_user (below) to an existing +# Linux user that has sudo access, for login to Admin Console http://box/admin +iiab_admin_user: iiab-admin +iiab_admin_published_pwd: g0adm1n # For live checks/alerts of published pwds +# Password hash to override above, if Ansible creates above user: +iiab_admin_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. +# Obtain a password hash - NEW MORE SECURE WAY: +# python3 -c 'import crypt; print(crypt.crypt("<plaintext>", crypt.mksalt(crypt.METHOD_SHA512)))' +# Obtain a password hash - OLD WAY: +# python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")' # Time Zone (php needs timezone to be set) local_tz: "{{ ansible_date_time.tz }}" @@ -53,10 +51,13 @@ local_tz: "{{ ansible_date_time.tz }}" # Read https://github.com/iiab/iiab/wiki/IIAB-Networking # Also readable offline @ http://box/info/IIAB-Networking.html -# NETWORK PARAMETERS FOLLOW ACROSS THE NEXT 65 LINES, as enabled by Ansible's +# NETWORK PARAMETERS FOLLOW ACROSS THE NEXT 100 LINES, as enabled by Ansible's # NETWORK role (/opt/iiab/iiab/roles/network/*) in 4-SERVER-OPTIONS below. # SEE ALSO: /opt/iiab/iiab/roles/network/defaults/main.yml +# The following variable may be useful in debugging +disregard_network: False # use cache or error out if cache does not exist + iiab_hostname: box iiab_domain: lan lan_ip: 172.18.96.1 @@ -125,14 +126,6 @@ py_captive_portal_enabled: True # captive_portal_install: False # captive_portal_enabled: False -# Squid -squid_install: False -squid_enabled: False - -# DansGuardian -dansguardian_install: False -dansguardian_enabled: False - # Wonder Shaper # Unmaintained as of October 2017: https://github.com/iiab/iiab/pull/382 wondershaper_install: False @@ -146,34 +139,58 @@ wan_ip: dhcp wan_netmask: wan_gateway: wan_nameserver: -# exFAT is auto-enabled for all "debuntu" OS's as of Nov 2017, in roles/2-common/tasks/packages.yml#L35-L36 -# exFAT_enabled: True -# Parameters by Aggregate Roles -# Each Role must have the following variables which are either True or False: + +# Parameters for Aggregate Roles +# Each Role should have the following variables which are either True or False: # <role-name>_install # <role-name>_enabled -# Our past convention was to install everything in all aggregates +# Past convention had been to install everything in all aggregate roles (stages) # And to enable everything in 1-PREP, 2-COMMON, and 3-BASE-SERVER # 1-PREP +# sshd +sshd_enabled: True + +# roles/iiab-admin runs here +# SEE IIAB-ADMIN VARIABLES NEAR TOP OF THIS FILE: e.g. iiab_admin_user_install, +# iiab_admin_user, iiab_admin_published_pwd, iiab_admin_pwd_hash + +# OpenVPN +openvpn_install: True +openvpn_enabled: False +# For /etc/iiab/openvpn_handle +openvpn_handle: "" +# cron seems necessary on CentOS: +openvpn_cron_enabled: False +# General OpenVPN settings +openvpn_server: xscenet.net +openvpn_server_virtual_ip: 10.8.0.1 +openvpn_server_port: 1194 + + # 2-COMMON +# Auto-enabled in roles/2-common/tasks/packages.yml as set in +# 0-init/defaults/main.yml AND 0-init/tasks/main.yml : +exFAT_enabled: True + +# /usr/libexec/iiab-startup.sh is much like autoexec.bat & /etc/rc.local +# It's put in place by 2-common/tasks/iiab-startup.yml at the end of Stage 2. + + # 3-BASE-SERVER -# roles/httpd (Apache configuration) runs here - +# httpd (Apache) # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True - -# For schools that use WordPress and/or Moodle intensively. See iiab/iiab #1147 +# For schools that use WordPress and/or Moodle intensively, see iiab/iiab #1147 # WARNING: Enabling this (might) cause excess use of RAM or other resources? apache_high_php_limits: False - -# roles/iiab-admin runs here +# SEE ALSO VARIABLES NEAR TOP OF THIS FILE: default_language, language_priority # MySQL MANDATORY - THESE SETTINGS HAVE NO EFFECT - SEE roles/1-prep/tasks/computed_vars.yml, roles/mysql/tasks/main.yml mysql_install: True @@ -184,24 +201,16 @@ mysql_root_password: fixmysql # 4-SERVER-OPTIONS -# sshd -sshd_enabled: True +# DNS prep (dnsmasq, named &/or dhcpd) run here. The full network stage runs +# after 9-LOCAL-ADDONS (or manually run "cd /opt/iiab/iiab; ./iiab-network") -# OpenVPN -openvpn_install: True -openvpn_enabled: False +# Squid +squid_install: False +squid_enabled: False -# For /etc/iiab/openvpn_handle -openvpn_handle: "" - -# cron seems necessary on CentOS: -openvpn_cron_enabled: False - -openvpn_server: xscenet.net -openvpn_server_virtual_ip: 10.8.0.1 -openvpn_server_port: 1194 - -# roles/network runs here (MANY SETTINGS ABOVE) +# DansGuardian +dansguardian_install: False +dansguardian_enabled: False # Homepage iiab_home_url: /home @@ -234,6 +243,7 @@ samba_enabled: False # usb-lib usb_lib_install: True usb_lib_enabled: True +# Show entire contents of USB sticks/drives (at http://box/usb) iiab_usb_lib_show_all: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) @@ -248,15 +258,14 @@ nodocs: False xo_services_install: False xo_services_enabled: False -# activity-server activity_server_install: False activity_server_enabled: False -# ejabberd-xs +# Please instead consider 'ejabberd' in Stage 6-GENERIC-APPS below ejabberd_xs_install: False ejabberd_xs_enabled: False -# idmgr +# Change calibre_port from 8080 to 8010 below, if you enable idmgr idmgr_install: False idmgr_enables: False @@ -288,7 +297,7 @@ nextcloud_enabled: False # WordPress wordpress_install: True wordpress_enabled: False -# If using WordPress intensively, consider setting apache_high_php_limits above +# If using WordPress intensively, set apache_high_php_limits in 3-BASE-SERVER # 7-EDU-APPS @@ -318,7 +327,7 @@ iiab_zim_path: /library/zims # Moodle moodle_install: False moodle_enabled: False -# If using Moodle intensively, consider setting apache_high_php_limits above +# If using Moodle intensively, set apache_high_php_limits in 3-BASE-SERVER # Sugarizer # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index a8b9194d1..5548682bb 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -8,20 +8,23 @@ # Ansible's default timeout for "get_url:" downloads (10 seconds) often fails download_timeout: 200 -# Users and Passwords +# Languages (for Apache) +default_language: en +language_priority: en es fr +# Set iiab_admin_user_install: False if you don't want iiab_admin_user & wheel +# group auto-created in roles/iiab-admin/tasks/main.yml (hence disabling sudo- +# checks/warnings of published passwds like pi/raspberry & iiab-admin/g0adm1n). +iiab_admin_user_install: True +# If iiab_admin_user_install: False, set iiab_admin_user (below) to an existing +# Linux user that has sudo access, for login to Admin Console http://box/admin iiab_admin_user: iiab-admin -# Obtain a password hash with: +# Password hash to be used if Ansible creates the above user: +iiab_admin_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. +# Obtain a password hash - NEW MORE SECURE WAY: +# python3 -c 'import crypt; print(crypt.crypt("<plaintext>", crypt.mksalt(crypt.METHOD_SHA512)))' +# Obtain a password hash - OLD WAY: # python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")' -# iiab_admin_passw_hash: -admin_install: True - -# Set admin_install: False if you don't want iiab_admin_user & wheel group -# auto-created in roles/iiab-admin/tasks/main.yml, thereby disabling sudo-based -# warnings on use of published passwords like pi/raspberry & iiab-admin/g0adm1n - -# If admin_install: False, set iiab_admin_user (above) to an existing Linux -# user that has sudo access, so you can login to Admin Console http://box/admin iiab_hostname: box iiab_domain: lan @@ -59,13 +62,6 @@ py_captive_portal_install: True py_captive_portal_enabled: True # In a pinch, disable it by running: systemctl disable py-captive-portal -# Stages 3 & 4 must be run (using iiab-install or runrole) if changing these: -squid_install: True -squid_enabled: True - -dansguardian_install: True -dansguardian_enabled: True - # Unmaintained as of October 2017: https://github.com/iiab/iiab/pull/382 # wondershaper_install: False # wondershaper_enabled: False @@ -73,33 +69,52 @@ dansguardian_enabled: True # 1-PREP +# roles/sshd & roles/iiab-admin run here +# SEE IIAB-ADMIN VARIABLES NEAR TOP OF THIS FILE: +# e.g. iiab_admin_user_install, iiab_admin_user, iiab_admin_pwd_hash + +# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security +openvpn_install: True +openvpn_enabled: False +# Set /etc/iiab/openvpn_handle in advance here: +openvpn_handle: "" +# The following seems necessary on CentOS: +# openvpn_cron_enabled: True + + # 2-COMMON +# exFAT_enabled: True is auto-enabled in roles/2-common/tasks/packages.yml +# as set in 0-init/defaults/main.yml AND 0-init/tasks/main.yml + +# /usr/libexec/iiab-startup.sh is much like autoexec.bat & /etc/rc.local +# It's put in place by 2-common/tasks/iiab-startup.yml at the end of Stage 2. + + # 3-BASE-SERVER # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True - -# For schools that use WordPress and/or Moodle intensively. See iiab/iiab #1147 +# For schools that use WordPress and/or Moodle intensively, see iiab/iiab #1147 # WARNING: Enabling this (might) cause excess use of RAM or other resources? apache_high_php_limits: False +# SEE ALSO VARIABLES NEAR TOP OF THIS FILE: default_language, language_priority # roles/mysql runs here (mandatory) # 4-SERVER-OPTIONS -# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security -openvpn_install: True -openvpn_enabled: False +# DNS prep (dnsmasq, named &/or dhcpd) run here. The full network stage runs +# after 9-LOCAL-ADDONS (or manually run "cd /opt/iiab/iiab; ./iiab-network") -# Set /etc/iiab/openvpn_handle in advance here: -openvpn_handle: "" +# Squid +squid_install: True +squid_enabled: True -# The following seems necessary on CentOS: -# openvpn_cron_enabled: True - -# roles/network runs here (MANY SETTINGS ABOVE) +# DansGuardian +dansguardian_install: True +dansguardian_enabled: True # PostgreSQL - auto-installed by Moodle and/or Pathagar - no need to touch! postgresql_install: False @@ -109,7 +124,7 @@ postgresql_enabled: False # authserver_install: False # authserver_enabled: False -# Common UNIX Printing System +# Common UNIX Printing System (CUPS) cups_install: True cups_enabled: True @@ -132,13 +147,14 @@ iiab_usb_lib_show_all: True # activity_server_install: False # activity_server_enabled: False +# Please instead consider 'ejabberd' in Stage 6-GENERIC-APPS below +# ejabberd_xs_install: False +# ejabberd_xs_enabled: False + # Change calibre_port from 8080 to 8010 below, if you enable idmgr # idmgr_install: False # idmgr_enabled: False -# ejabberd_xs_install: False -# ejabberd_xs_enabled: False - # 6-GENERIC-APPS @@ -157,9 +173,9 @@ ejabberd_enabled: False nextcloud_install: True nextcloud_enabled: True +# If using WordPress intensively, set apache_high_php_limits in 3-BASE-SERVER wordpress_install: True wordpress_enabled: True -# If using WordPress intensively, consider setting apache_high_php_limits above # 7-EDU-APPS @@ -179,7 +195,7 @@ kiwix_enabled: True # Warning: Moodle is a serious LMS, that takes a while to install moodle_install: True moodle_enabled: True -# If using Moodle intensively, consider setting apache_high_php_limits above +# If using Moodle intensively, set apache_high_php_limits in 3-BASE-SERVER # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957 diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 42d98329d..26e3e3b0d 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -8,20 +8,23 @@ # Ansible's default timeout for "get_url:" downloads (10 seconds) often fails download_timeout: 200 -# Users and Passwords +# Languages (for Apache) +default_language: en +language_priority: en es fr +# Set iiab_admin_user_install: False if you don't want iiab_admin_user & wheel +# group auto-created in roles/iiab-admin/tasks/main.yml (hence disabling sudo- +# checks/warnings of published passwds like pi/raspberry & iiab-admin/g0adm1n). +iiab_admin_user_install: True +# If iiab_admin_user_install: False, set iiab_admin_user (below) to an existing +# Linux user that has sudo access, for login to Admin Console http://box/admin iiab_admin_user: iiab-admin -# Obtain a password hash with: +# Password hash to be used if Ansible creates the above user: +iiab_admin_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. +# Obtain a password hash - NEW MORE SECURE WAY: +# python3 -c 'import crypt; print(crypt.crypt("<plaintext>", crypt.mksalt(crypt.METHOD_SHA512)))' +# Obtain a password hash - OLD WAY: # python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")' -# iiab_admin_passw_hash: -admin_install: True - -# Set admin_install: False if you don't want iiab_admin_user & wheel group -# auto-created in roles/iiab-admin/tasks/main.yml, thereby disabling sudo-based -# warnings on use of published passwords like pi/raspberry & iiab-admin/g0adm1n - -# If admin_install: False, set iiab_admin_user (above) to an existing Linux -# user that has sudo access, so you can login to Admin Console http://box/admin iiab_hostname: box iiab_domain: lan @@ -59,13 +62,6 @@ py_captive_portal_install: True py_captive_portal_enabled: True # In a pinch, disable it by running: systemctl disable py-captive-portal -# Stages 3 & 4 must be run (using iiab-install or runrole) if changing these: -squid_install: False -squid_enabled: False - -dansguardian_install: False -dansguardian_enabled: False - # Unmaintained as of October 2017: https://github.com/iiab/iiab/pull/382 # wondershaper_install: False # wondershaper_enabled: False @@ -73,33 +69,52 @@ dansguardian_enabled: False # 1-PREP +# roles/sshd & roles/iiab-admin run here +# SEE IIAB-ADMIN VARIABLES NEAR TOP OF THIS FILE: +# e.g. iiab_admin_user_install, iiab_admin_user, iiab_admin_pwd_hash + +# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security +openvpn_install: True +openvpn_enabled: False +# Set /etc/iiab/openvpn_handle in advance here: +openvpn_handle: "" +# The following seems necessary on CentOS: +# openvpn_cron_enabled: True + + # 2-COMMON +# exFAT_enabled: True is auto-enabled in roles/2-common/tasks/packages.yml +# as set in 0-init/defaults/main.yml AND 0-init/tasks/main.yml + +# /usr/libexec/iiab-startup.sh is much like autoexec.bat & /etc/rc.local +# It's put in place by 2-common/tasks/iiab-startup.yml at the end of Stage 2. + + # 3-BASE-SERVER # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True - -# For schools that use WordPress and/or Moodle intensively. See iiab/iiab #1147 +# For schools that use WordPress and/or Moodle intensively, see iiab/iiab #1147 # WARNING: Enabling this (might) cause excess use of RAM or other resources? apache_high_php_limits: False +# SEE ALSO VARIABLES NEAR TOP OF THIS FILE: default_language, language_priority # roles/mysql runs here (mandatory) # 4-SERVER-OPTIONS -# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security -openvpn_install: True -openvpn_enabled: False +# DNS prep (dnsmasq, named &/or dhcpd) run here. The full network stage runs +# after 9-LOCAL-ADDONS (or manually run "cd /opt/iiab/iiab; ./iiab-network") -# Set /etc/iiab/openvpn_handle in advance here: -openvpn_handle: "" +# Squid +squid_install: False +squid_enabled: False -# The following seems necessary on CentOS: -# openvpn_cron_enabled: True - -# roles/network runs here (MANY SETTINGS ABOVE) +# DansGuardian +dansguardian_install: False +dansguardian_enabled: False # PostgreSQL - auto-installed by Moodle and/or Pathagar - no need to touch! postgresql_install: False @@ -109,7 +124,7 @@ postgresql_enabled: False # authserver_install: False # authserver_enabled: False -# Common UNIX Printing System +# Common UNIX Printing System (CUPS) cups_install: True cups_enabled: False @@ -132,13 +147,14 @@ iiab_usb_lib_show_all: True # activity_server_install: False # activity_server_enabled: False +# Please instead consider 'ejabberd' in Stage 6-GENERIC-APPS below +# ejabberd_xs_install: False +# ejabberd_xs_enabled: False + # Change calibre_port from 8080 to 8010 below, if you enable idmgr # idmgr_install: False # idmgr_enabled: False -# ejabberd_xs_install: False -# ejabberd_xs_enabled: False - # 6-GENERIC-APPS @@ -157,9 +173,9 @@ ejabberd_enabled: False nextcloud_install: True nextcloud_enabled: True +# If using WordPress intensively, set apache_high_php_limits in 3-BASE-SERVER wordpress_install: True wordpress_enabled: True -# If using WordPress intensively, consider setting apache_high_php_limits above # 7-EDU-APPS @@ -179,7 +195,7 @@ kiwix_enabled: True # Warning: Moodle is a serious LMS, that takes a while to install moodle_install: False moodle_enabled: False -# If using Moodle intensively, consider setting apache_high_php_limits above +# If using Moodle intensively, set apache_high_php_limits in 3-BASE-SERVER # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957 diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 46b500224..71d10826f 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -8,20 +8,23 @@ # Ansible's default timeout for "get_url:" downloads (10 seconds) often fails download_timeout: 200 -# Users and Passwords +# Languages (for Apache) +default_language: en +language_priority: en es fr +# Set iiab_admin_user_install: False if you don't want iiab_admin_user & wheel +# group auto-created in roles/iiab-admin/tasks/main.yml (hence disabling sudo- +# checks/warnings of published passwds like pi/raspberry & iiab-admin/g0adm1n). +iiab_admin_user_install: True +# If iiab_admin_user_install: False, set iiab_admin_user (below) to an existing +# Linux user that has sudo access, for login to Admin Console http://box/admin iiab_admin_user: iiab-admin -# Obtain a password hash with: +# Password hash to be used if Ansible creates the above user: +iiab_admin_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. +# Obtain a password hash - NEW MORE SECURE WAY: +# python3 -c 'import crypt; print(crypt.crypt("<plaintext>", crypt.mksalt(crypt.METHOD_SHA512)))' +# Obtain a password hash - OLD WAY: # python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")' -# iiab_admin_passw_hash: -admin_install: True - -# Set admin_install: False if you don't want iiab_admin_user & wheel group -# auto-created in roles/iiab-admin/tasks/main.yml, thereby disabling sudo-based -# warnings on use of published passwords like pi/raspberry & iiab-admin/g0adm1n - -# If admin_install: False, set iiab_admin_user (above) to an existing Linux -# user that has sudo access, so you can login to Admin Console http://box/admin iiab_hostname: box iiab_domain: lan @@ -59,13 +62,6 @@ py_captive_portal_install: True py_captive_portal_enabled: True # In a pinch, disable it by running: systemctl disable py-captive-portal -# Stages 3 & 4 must be run (using iiab-install or runrole) if changing these: -squid_install: False -squid_enabled: False - -dansguardian_install: False -dansguardian_enabled: False - # Unmaintained as of October 2017: https://github.com/iiab/iiab/pull/382 # wondershaper_install: False # wondershaper_enabled: False @@ -73,33 +69,52 @@ dansguardian_enabled: False # 1-PREP +# roles/sshd & roles/iiab-admin run here +# SEE IIAB-ADMIN VARIABLES NEAR TOP OF THIS FILE: +# e.g. iiab_admin_user_install, iiab_admin_user, iiab_admin_pwd_hash + +# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security +openvpn_install: True +openvpn_enabled: False +# Set /etc/iiab/openvpn_handle in advance here: +openvpn_handle: "" +# The following seems necessary on CentOS: +# openvpn_cron_enabled: True + + # 2-COMMON +# exFAT_enabled: True is auto-enabled in roles/2-common/tasks/packages.yml +# as set in 0-init/defaults/main.yml AND 0-init/tasks/main.yml + +# /usr/libexec/iiab-startup.sh is much like autoexec.bat & /etc/rc.local +# It's put in place by 2-common/tasks/iiab-startup.yml at the end of Stage 2. + + # 3-BASE-SERVER # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True - -# For schools that use WordPress and/or Moodle intensively. See iiab/iiab #1147 +# For schools that use WordPress and/or Moodle intensively, see iiab/iiab #1147 # WARNING: Enabling this (might) cause excess use of RAM or other resources? apache_high_php_limits: False +# SEE ALSO VARIABLES NEAR TOP OF THIS FILE: default_language, language_priority # roles/mysql runs here (mandatory) # 4-SERVER-OPTIONS -# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security -openvpn_install: True -openvpn_enabled: False +# DNS prep (dnsmasq, named &/or dhcpd) run here. The full network stage runs +# after 9-LOCAL-ADDONS (or manually run "cd /opt/iiab/iiab; ./iiab-network") -# Set /etc/iiab/openvpn_handle in advance here: -openvpn_handle: "" +# Squid +squid_install: False +squid_enabled: False -# The following seems necessary on CentOS: -# openvpn_cron_enabled: True - -# roles/network runs here (MANY SETTINGS ABOVE) +# DansGuardian +dansguardian_install: False +dansguardian_enabled: False # PostgreSQL - auto-installed by Moodle and/or Pathagar - no need to touch! postgresql_install: False @@ -109,7 +124,7 @@ postgresql_enabled: False # authserver_install: False # authserver_enabled: False -# Common UNIX Printing System +# Common UNIX Printing System (CUPS) cups_install: False cups_enabled: False @@ -132,13 +147,14 @@ iiab_usb_lib_show_all: True # activity_server_install: False # activity_server_enabled: False +# Please instead consider 'ejabberd' in Stage 6-GENERIC-APPS below +# ejabberd_xs_install: False +# ejabberd_xs_enabled: False + # Change calibre_port from 8080 to 8010 below, if you enable idmgr # idmgr_install: False # idmgr_enabled: False -# ejabberd_xs_install: False -# ejabberd_xs_enabled: False - # 6-GENERIC-APPS @@ -157,9 +173,9 @@ ejabberd_enabled: False nextcloud_install: False nextcloud_enabled: False +# If using WordPress intensively, set apache_high_php_limits in 3-BASE-SERVER wordpress_install: False wordpress_enabled: False -# If using WordPress intensively, consider setting apache_high_php_limits above # 7-EDU-APPS @@ -179,7 +195,7 @@ kiwix_enabled: True # Warning: Moodle is a serious LMS, that takes a while to install moodle_install: False moodle_enabled: False -# If using Moodle intensively, consider setting apache_high_php_limits above +# If using Moodle intensively, set apache_high_php_limits in 3-BASE-SERVER # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957