external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Merge pull request #467 from holta/master

Browse source 
cleaner Ansible output & README's
This commit is contained in:
A Holt 2017-10-27 14:21:28 -04:00 committed by GitHub
commit a1ec2f2f65
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
48 changed files with 252 additions and 253 deletions
Download patch file Download diff file Expand all files Collapse all files

20
roles/1-prep/tasks/main.yml
View file

@ -3,12 +3,12 @@
- name: ...IS BEGINNING ============================================
command: echo
- name: get the uuidgen program
- name: Get the uuidgen program
package: name=uuid-runtime
state=present
when: is_debuntu
- name: Test for UUID file
- name: Test for /etc/iiab/uuid file
stat: path=/etc/iiab/uuid
register: uuid_file
@ -25,11 +25,11 @@
shell: echo {{ uuid_response.stdout_lines[0] }} > /etc/iiab/uuid
when: not uuid_file.stat.exists
- name: get the uuid
- name: Get the uuid
command: cat /etc/iiab/uuid
register: stored_uuid
- name: get the value into a variable
- name: Get the value into a variable
set_fact:
uuid={{ stored_uuid.stdout_lines[0] }}
@ -48,22 +48,22 @@
dest=/etc/chrony.conf
src=chrony.conf.j2
- name: Disable apparmor -- on by default in ubuntu
- name: Disable AppArmor -- on by default in Ubuntu
service: name=apparmor enabled=False state=stopped
when: first_run and is_ubuntu
ignore_errors: true
- name: Disable selinux on next boot
- name: Disable SELinux on next boot
selinux: state=disabled
register: selinux_disabled
when: first_run and not is_debuntu
- name: Disable selinux for this session (if needed)
- name: Disable SELinux for this session (if needed)
command: setenforce Permissive
when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed
## DISCOVER PLATFORMS ######
- name: Discover if this is a rpi -- assume if so it is running raspbian
- name: Discover if this is an rpi -- assume it is running Raspbian if so
set_fact:
rpi_model: "rpi"
is_rpi: "True"
@ -77,13 +77,13 @@
- include: raspberry_pi_2.yml
when: first_run and rpi_model != "none"
- name: Check if the identifier for intel's NUC6 builtin wifi is present
- name: Check if the identifier for Intel's NUC6 builtin WiFi is present
shell: "lsusb | grep 8087:0a2b | wc |awk '{print $1}'"
register: usb_NUC6
ignore_errors: true
when: first_run
- name: download the firmware for built in wifi on NUC6
- name: Download the firmware for built-in WiFi on NUC6
get_url: dest=/lib/firmware
url={{ iiab_download_url }}/iwlwifi-8000C-13.ucode
when: first_run and usb_NUC6.stdout|int > 0

2
roles/2-common/tasks/main.yml
View file

@ -32,7 +32,7 @@
- sysctl: name=net.ipv6.conf.default.disable_ipv6 value=1 state=present
- sysctl: name=net.ipv6.conf.lo.disable_ipv6 value=1 state=present
- name: Set default Timezone
- name: Set default Time Zone
shell: ln -sf /usr/share/zoneinfo/{{ iiab_TZ }} /etc/localtime
when: iiab_TZ is defined and iiab_TZ != ""

8
roles/2-common/tasks/packages.yml
View file

@ -19,7 +19,7 @@
shell: createrepo {{ yum_packages_dir }}
when: is_redhat
- name: Install local repo file.
- name: Install local repo file
template: dest=/etc/yum.repos.d/iiab-local.repo
src=local.repo
owner=root
@ -91,7 +91,7 @@
#- name: Run the install script for pip
# command: python {{ downloads_dir }}/get-pip.py
- name: Install Common python packages
- name: Install common Python packages
package: name={{ item }}
state=present
with_items:
@ -99,7 +99,7 @@
- python-setuptools
- python-virtualenv
- name: Update common packages (not debian
- name: Update common packages (not Debian)
package: name={{ item }}
state=latest
with_items:
@ -109,7 +109,7 @@
- iptables
when: is_redhat
- name: Update common packages (debian)
- name: Update common packages (Debian)
package: name={{ item }}
state=latest
with_items:

6
roles/4-server-options/tasks/main.yml
View file

@ -51,7 +51,7 @@
when: usb_lib_install
tags: usb-lib
# this script can be sourced to get iiab location
# this script can be sourced to get IIAB location
- name: Create iiab.env file
template: src=roles/1-prep/templates/iiab.env.j2
dest=/etc/iiab/iiab.env
@ -59,11 +59,11 @@
group=root
mode=0644
- name: put a python interface to iiab.env
- name: Put a Python interface to iiab.env
template: src=roles/1-prep/templates/iiab_env.py.j2
dest=/etc/iiab/iiab_env.py
- name: generate the offline documents
- name: Generate the offline documents
command: /usr/bin/iiab-refresh-wiki-docs
when: not nodocs

8
roles/dokuwiki/README.rst
View file

@ -1,5 +1,5 @@
===============
Dokuwiki README
DokuWiki README
===============
DokuWiki is a simple to use and highly versatile Open Source wiki software that
@ -10,12 +10,12 @@ make DokuWiki especially useful in the enterprise context and the large number o
plugins contributed by its vibrant community allow for a broad range of use cases
beyond a traditional wiki.
http://dokuwiki.org/
http://dokuwiki.org
After Installation
------------------
Head to http://schoolserver.lan/wiki. The webpage will probably throw up an error
Head to http://box.lan/wiki. The webpage will probably throw up an error
saying you haven't run install.php yet, with a link to it. Click the link to be
taken to the install page which does the initial configuration of the wiki. After
this, you should be all set!
@ -33,4 +33,4 @@ None yet other than the basic enabled/disabled. Haven't really tested if they wo
Todo
----
* Preinstall some popular plugins.
* Additional XSCE customizations.
* Additional IIAB customizations.

12
roles/dokuwiki/tasks/install.yml
View file

@ -1,4 +1,4 @@
- name: Get the Dokuwiki software
- name: Get the DokuWiki software
get_url: url="{{ iiab_download_url }}/{{ dokuwiki_version }}.tgz" dest={{ downloads_dir }}/
when: internet_available
@ -8,24 +8,24 @@
- name: Symlink /library/dokuwiki* to /library/dokuwiki
shell: if [ ! -d /library/dokuwiki ]; then ln -sf /library/{{ dokuwiki_version }} /library/dokuwiki; fi
- name: Install config file for dokuwiki in Apache
- name: Install config file for DokuWiki in Apache
template: src=dokuwiki.conf.j2 dest=/etc/{{ apache_config_dir }}/dokuwiki.conf
when: dokuwiki_enabled
- name: enable the dokuwiki
- name: Enable the DokuWiki
file: path=/etc/apache2/sites-enabled/dokuwiki.conf
src=/etc/apache2/sites-available/dokuwiki.conf
state=link
when: dokuwiki_enabled and is_debuntu
- name: disable the dokuwiki
- name: Disable the DokuWiki
file: path=/etc/apache2/sites-enabled/dokuwiki.conf
state=absent
when: not dokuwiki_enabled and is_debuntu
- name: Change permissions on engine directory so apache can write
- name: Change permissions on engine directory so Apache can write
file: path=/library/{{ dokuwiki_version }} owner={{ apache_user }} mode=0755 state=directory recurse=yes
- name: Restart apache, so it picks up the new aliases
- name: Restart Apache, so it picks up the new aliases
service: name={{ apache_service }} state=restarted

2
roles/dokuwiki/tasks/main.yml
View file

@ -2,7 +2,7 @@
include: install.yml
when: dokuwiki_install
- name: Add dokuwiki to service list
- name: Add DokuWiki to service list
ini_file: dest='{{ service_filelist }}'
section=dokuwiki
option='{{ item.option }}'

22
roles/elgg/tasks/main.yml
View file

@ -1,7 +1,7 @@
# Assume we only get here if elgg_install: True
# Assume mysql is running
- name: download current version from our copy
- name: Download current version from our copy
shell: wget {{ iiab_download_url }}/elgg-{{ elgg_version }}.zip -c -P {{ downloads_dir }}
creates={{ downloads_dir }}/elgg-{{ elgg_version }}.zip
when: internet_available
@ -18,7 +18,7 @@
shell: "/usr/bin/unzip -o {{ downloads_dir }}/elgg-{{ elgg_version }}.zip -d /opt"
when: elgg.stat.exists is defined and not elgg.stat.exists
- name: Create a link to the versioned elgg folder
- name: Create a link to the versioned elgg-* folder
file: src=./elgg-{{ elgg_version }}
dest=/opt/elgg
owner={{ apache_user }}
@ -36,7 +36,7 @@
group={{ apache_user }}
# The name of this file changed from 1.9 to 1.10.
- name: Copy default .htaccess to the root directory of elgg tree
- name: Copy default .htaccess to the root directory of Elgg tree
copy: src="/opt/{{ elgg_xx }}/vendor/elgg/elgg/install/config/htaccess.dist"
dest="/opt/{{ elgg_xx }}/.htaccess"
mode=0644
@ -51,24 +51,24 @@
insertafter='^#RewriteBase'
line="RewriteBase {{ elgg_url }}/"
- name: Change permissions on engine directory so apache can write
- name: Change permissions on engine directory so Apache can write
file: path=/opt/elgg/engine/ owner={{ apache_user }} mode=0755 state=directory
- name: Create an upload directory that Apache can write in or elgg
file: path={{ elgg_upload_path }} state=directory owner={{ apache_user }}
- name: change ownership
- name: Change ownership
file: path=/opt/elgg-{{ elgg_version }}
owner={{ apache_user }}
group={{ apache_user }}
recurse=yes
state=directory
- name: Create a mysql database for elgg - can be run more than once
- name: Create a MySQL database for Elgg - can be run more than once
mysql_db: name={{ dbname }}
register: create_elgg_database
- name: Create a user to access the elgg database - can be run more than once
- name: Create a user to access the Elgg database - can be run more than once
mysql_user: name={{ dbuser }} host={{ item }} password={{ dbpassword }} priv={{ dbname }}.*:ALL
with_items:
- 127.0.0.1
@ -95,23 +95,23 @@
- name: Install config file for elgg in Apache
template: src=elgg.conf dest=/etc/{{ apache_config_dir }}/elgg.conf
- name: Enable elgg for debuntu (will already be enabled above for Redhat)
- name: Enable Elgg for debuntu (will already be enabled above for Redhat)
file: path=/etc/apache2/sites-enabled/elgg.conf
src=/etc/apache2/sites-available/elgg.conf
state=link
when: elgg_enabled and is_debuntu
- name: Disable elgg for debuntu
- name: Disable Elgg for debuntu
file: path=/etc/apache2/sites-enabled/elgg.conf
state=absent
when: not elgg_enabled and is_debuntu
- name: Disable elgg for Redhat - remove config file for elgg in Apache
- name: Disable Elgg for Redhat - remove config file for Elgg in Apache
file: dest=/etc/{{ apache_config_dir }}/elgg.conf
state=absent
when: not elgg_enabled and is_redhat
- name: add elgg to service list
- name: Add Elgg to service list
ini_file: dest='{{ service_filelist }}'
section=elgg
option='{{ item.option }}'

12
roles/httpd/tasks/main.yml
View file

@ -40,7 +40,7 @@
- download
when: is_redhat
- name: remove the default apache2 config file
- name: Remove the default apache2 config file
file: path=/etc/apache2/sites-enabled/000-default.conf
src=/etc/apache2/sites-available/000-default.conf
state=absent
@ -67,7 +67,7 @@
- mpm_event.load
when: is_debuntu
- name: create symlinks for mpm-prefork
- name: Create symlinks for mpm-prefork
file: path=/etc/apache2/mods-enabled/{{ item }}
src=/etc/apache2/mods-available/{{ item }}
state=link
@ -76,7 +76,7 @@
- mpm_prefork.load
when: is_debuntu
- name: turn on mod_proxy
- name: Turn on mod_proxy
command: a2enmod {{ item }}
with_items:
- proxy
@ -85,7 +85,7 @@
- rewrite
when: is_debuntu
- name: create symlinks for enabling our site
- name: Create symlinks for enabling our site
file: path=/etc/apache2/sites-enabled/{{ item }}
src=/etc/apache2/sites-available/{{ item }}
state=link
@ -105,7 +105,7 @@
group=root
state=directory
- name: create admin group
- name: Create admin group
group: name=admin
state=present
@ -146,7 +146,7 @@
tags:
- base
- name: place the script to generate homepages
- name: Place the script to generate homepages
template: src=refresh-wiki-docs.sh
dest=/usr/bin/iiab-refresh-wiki-docs
mode=0755

4
roles/iiab-admin/README.rst
View file

@ -1,5 +1,5 @@
=================
XSCE Admin README
IIAB Admin README
=================
This role is home to a number of administrative playbooks. Those implemented are:
@ -22,4 +22,4 @@ Add Packages for Remote Access
Admin Console
-------------
Has been moved to a separate git repo
Has been moved to separate git repo: https://github.com/iiab/iiab-admin-console

10
roles/iiab-admin/tasks/admin-user.yml
View file

@ -32,24 +32,24 @@
# backup=yes
- name: edit the sudoers file--first make it editable
- name: Edit the sudoers file -- first make it editable
shell: chmod 0640 /etc/sudoers
- name: have sudo log all commands it handles
- name: Have sudo log all commands it handles
lineinfile: regexp=logfile
line='Defaults logfile = /var/log/sudo.log'
state=present
dest=/etc/sudoers
- name: lets wheel sudo without password
- name: Lets wheel sudo without password
lineinfile:
line: "%wheel ALL= NOPASSWD: ALL"
dest: /etc/sudoers
- name: remove the line which requires tty
- name: Remove the line which requires tty
lineinfile: regexp=requiretty
state=absent
dest=/etc/sudoers
- name: end editing the sudoers file-- protect it again
- name: End editing the sudoers file -- protect it again
shell: chmod 0440 /etc/sudoers

4
roles/iiab-admin/tasks/main.yml
View file

@ -28,12 +28,12 @@
stat: path=/home/pi/.config/lxsession
register: lx
- name: Do the same if running on raspbian
- name: Do the same if running on Raspbian
template: src=lxde_ssh_warn.sh
dest=/home/pi/.config/lxsession/LXDE-pi/
when: lx.stat.isdir is defined and lx.stat.isdir and is_rpi and is_debuntu
- name: put a autostart line to check for default password in LXDE
- name: Put an autostart line to check for default password in LXDE
lineinfile: line=@/home/pi/.config/lxsession/LXDE-pi/lxde_ssh_warn.sh
dest=/home/pi/.config/lxsession/LXDE-pi/autostart
when: lx.stat.isdir is defined and lx.stat.isdir and is_rpi and is_debuntu

10
roles/kalite/README.rst
View file

@ -1,13 +1,13 @@
==============
KA-Lite README
KA Lite README
==============
This role installs KA-Lite, an offline version of the Khan Academy (https://www.khanacademy.org/),
This role installs KA Lite, an offline version of the Khan Academy (https://www.khanacademy.org/),
written by Learning Equality (https://learningequality.org/ka-lite/).
KA Lite has two servers, a light httpd server that serves KA videos, and a cron server that sets
up cron jobs to download language packs and KA videos from the internet. There are separate flags
to enable these two servers.
KA Lite has two servers, a light httpd server that serves Khan Academy videos, and a cron server
that sets up cron jobs to download language packs and KA videos from the internet. There are
separate flags to enable these two servers.
Access
------

4
roles/kalite/tasks/enable.yml
View file

@ -1,12 +1,12 @@
# By the time we get here we should have ka-lite of some version
# And the systemd unit files should be defined
- name: Enable kalite server
- name: Enable kalite-serve service
service: name=kalite-serve
enabled=yes
state=started
- name: Disable kalite server
- name: Disable kalite-serve service
service: name=kalite-serve
enabled=no
state=stopped

2
roles/kalite/tasks/main.yml
View file

@ -22,7 +22,7 @@
- include: install.yml
when: kalite_installed is defined and not kalite_installed.stat.exists and not is_F18
- name: ask systemd to reread the unit files
- name: Ask systemd to reread the unit files
shell: systemctl daemon-reload
when: not kalite_installed.stat.exists

10
roles/kiwix/tasks/kiwix_install.yml
View file

@ -1,4 +1,4 @@
- name: Create various directories for zims
- name: Create various directories for ZIM files
file: path={{ item }}
owner=root
group=root
@ -18,7 +18,7 @@
kiwix_first_pass: True
when: kiwix_bin.stat.exists is defined and not kiwix_bin.stat.exists
- name: Copy kiwix library file if needed
- name: Copy Kiwix library file if needed
template: src={{ item }}
dest="{{ kiwix_library_xml }}"
mode=0644
@ -54,7 +54,7 @@
mode=0755
state=directory
- name: enable the mods which permit apache to proxy
- name: Enable the mods which permit Apache to proxy
apache2_module: name={{ item }}
with_items:
- proxy
@ -71,7 +71,7 @@
when: kiwix_src_bin_only and kiwix_first_pass
# workaround because unarchive does not set ownership properly
- name: Set kiwix ownership
- name: Set kiwix ownership to root [WARNING chown -R across all of /opt/iiab]
command: "chown -R root:root {{ iiab_base }}"
# workaround because kiwix-serve does not stay running
@ -105,7 +105,7 @@
- { src: 'iiab-make-apache-config.py', dest: '/usr/bin/iiab-make-apache-config.py', mode: '0755'}
- name: add kiwix to service list
- name: Add kiwix-serve to list of services
ini_file: dest='{{ service_filelist }}'
section=kiwix-serve
option='{{ item.option }}'

2
roles/kiwix/tasks/main.yml
View file

@ -16,7 +16,7 @@
kiwix_src_bin_only: True
when: ansible_machine == "armv7l" or ansible_machine == "armv6l"
- name: Get the kiwix software
- name: Get the Kiwix software
get_url: url="{{ iiab_download_url }}/{{ kiwix_src_file }}" dest="{{ downloads_dir }}/{{ kiwix_src_file }}"
when: internet_available

32
roles/moodle/tasks/main.yml
View file

@ -1,5 +1,5 @@
---
- name: Install moodle required packages
- name: Install Moodle required packages
package: name={{ item }}
state=present
with_items:
@ -7,7 +7,7 @@
- php-pgsql
when: not is_debuntu
- name: Install moodle required packages
- name: Install Moodle required packages
package: name={{ item }}
state=present
with_items:
@ -29,11 +29,11 @@
package: name=php-pclzip
when: is_debian_8
- name: Determine if moodle is already downloaded
- name: Determine if Moodle is already downloaded
stat: path={{ moodle_base }}/config-dist.php
register: moodle
- name: Download the latest moodle repo
- name: Download the latest Moodle repo
git: repo={{ moodle_repo_url }}
dest={{ moodle_base }}
depth=1
@ -42,30 +42,30 @@
# ignore_errors: yes
when: internet_available and moodle.stat.exists is defined and not moodle.stat.exists
- name: Prepare the downloaded directory so apache can install config file
- name: Prepare the downloaded directory so Apache can install config file
file: path={{ moodle_base }}
owner={{ apache_user }}
recurse=yes
state=directory
- name: Give apache permission to write moodle data directory
- name: Give Apache permission to write Moodle data directory
file: path={{ content_base }}/dbdata/moodle
owner={{ apache_user }}
mode=0755
state=directory
- name: Create a moodle data dir with apache permission to write
- name: Create a Moodle data dir with Apache permission to write
file: path={{ moodle_data }}
owner={{ apache_user }}
group={{ apache_user }}
mode=0770
state=directory
- name: Remove stock moodle conf
- name: Remove stock Moodle conf
file: path='/etc/{{ apache_config_dir }}/moodle.conf'
state=absent
- name: Put moodle config file in place
- name: Put Moodle config file in place
template: src=022-moodle.j2
dest=/etc/{{ apache_config_dir }}/022-moodle.conf
owner=root
@ -73,13 +73,13 @@
mode=0644
when: moodle_enabled
- name: Enable moodle
- name: Enable Moodle
file: path=/etc/apache2/sites-enabled/022-moodle.conf
src=/etc/apache2/sites-available/022-moodle.conf
state=link
when: moodle_enabled and is_debuntu
- name: Disable moodle
- name: Disable Moodle
file: path=/etc/apache2/sites-enabled/022-moodle.conf
state=absent
when: not moodle_enabled and is_debuntu
@ -116,24 +116,24 @@
enabled=yes
when: moodle_enabled
- name: Restart apache
- name: Restart Apache
service: name={{ apache_service }}
state=restarted
- name: see if the config.php file exists
- name: See if the config.php file exists
stat: path='{{ moodle_base }}/config.php'
register: config
- name: Execute moodle startup script
- name: Execute Moodle startup script
shell: '{{ moodle_base }}/moodle_installer'
when: config.stat.exists is defined and not config.stat.exists
- name: Give apache permission to read config file
- name: Give Apache permission to read config file
# command: chown -R {{ apache_user }} {{ moodle_base }}
file: path={{ moodle_base }}/config.php
mode=0644
- name: add moodle to service list
- name: Add Moodle to service list
ini_file: dest='{{ service_filelist }}'
section=moodle
option='{{ item.option }}'

13
roles/munin/tasks/main.yml
View file

@ -1,4 +1,4 @@
- name: Install munin package
- name: Install Munin package
package: name={{ item }}
state=present
with_items:
@ -11,7 +11,7 @@
- download
when: is_debuntu
- name: Install munin package
- name: Install Munin package
package: name={{ item }}
state=present
with_items:
@ -21,7 +21,7 @@
- download
when: not is_debuntu
- name: Copy munin config file
- name: Copy Munin config file
template: src={{ item.src }}
dest={{ item.dest }}
owner=root
@ -44,13 +44,13 @@
state=started
when: munin_enabled
- name: Enable apache lookup
- name: Enable Apache lookup
file: src=/etc/apache2/sites-available/munin24.conf
dest=/etc/apache2/sites-enabled/munin24.conf
state=link
when: munin_enabled and is_debuntu
- name: disable apache lookup
- name: Disable Apache lookup
file: src=/etc/apache2/sites-available/munin24.conf
dest=/etc/apache2/sites-enabled/munin24.conf
state=absent
@ -62,7 +62,7 @@
state=stopped
when: not munin_enabled
- name: If mysql is enabled, let munin monitor it
- name: If MySQL is enabled, let Munin monitor it
copy: dest=/etc/munin/plugins/
src={{ item }}
with_items:
@ -89,4 +89,3 @@
value: "{{ munin_install }}"
- option: enabled
value: "{{ munin_enabled }}"

16
roles/mysql/tasks/main.yml
View file

@ -68,17 +68,17 @@
# 'localhost' needs to be the last item for idempotency, see
# http://ansible.cc/docs/modules.html#mysql-user
# unfortunately it still doesn't work
- name: update mysql root password for localhost root accounts
- name: Update MySQL root password for localhost root accounts
mysql_user: name=root host={{ item }} password={{ mysql_root_password }} priv=*.*:ALL,GRANT
with_items:
- localhost
when: mysql_enabled
- name: copy .my.cnf file with root password credentials
- name: Copy .my.cnf file with root password credentials
template: src=my.cnf.j2 dest=/root/.my.cnf owner=root mode=0600
when: mysql_enabled
- name: update mysql root password for all remaining root accounts
- name: Update mysql root password for all remaining root accounts
mysql_user: name=root host={{ item }} password={{ mysql_root_password }} priv=*.*:ALL,GRANT
with_items:
# - "{{ iiab_hostname }}.{{ iiab_domain }}"
@ -86,15 +86,15 @@
- ::1
when: mysql_enabled
- name: delete anonymous MySQL server user for {{ ansible_hostname }}
- name: Delete anonymous MySQL server user for {{ ansible_hostname }}
mysql_user: user="" host="{{ ansible_hostname }}" state="absent"
when: mysql_enabled
- name: delete anonymous MySQL server user for localhost
- name: Delete anonymous MySQL server user for localhost
mysql_user: user="" state="absent"
when: mysql_enabled
- name: remove the MySQL test database
- name: Remove the MySQL test database
mysql_db: db=test state=absent
when: mysql_enabled
@ -106,7 +106,7 @@
when: not mysql_enabled
- name: add mysql to service list
- name: Add mysql to service list
ini_file: dest='{{ service_filelist }}'
section=mysql
option='{{ item.option }}'
@ -115,6 +115,6 @@
- option: name
value: mysql-database
- option: description
value: '"mySQL is a widely used database service on the Internet which runs on many platforms, and is often offered and available at hosting Internet Service Providers"'
value: '"MySQL is a widely used database service on the Internet which runs on many platforms, and is often offered and available at hosting Internet Service Providers"'
- option: enabled
value: "{{ mysql_enabled }}"

2
roles/network/tasks/NM.yml
View file

@ -1,4 +1,4 @@
- name: restart NetworkManager services
- name: Restart NetworkManager services
service: name=NetworkManager
enabled=yes
state=stopped

2
roles/network/tasks/avahi.yml
View file

@ -50,7 +50,7 @@
dest='/etc/avahi/services/'
when: is_debuntu
- name: set ssh port for avahi
- name: Set ssh port for avahi
lineinfile: dest=/etc/avahi/services/ssh.service
regexp='</port>$'
line=' <port>{{ ssh_port }}</port>'

28
roles/network/tasks/computed_network.yml
View file

@ -1,7 +1,7 @@
# just lie about active gateway present on XOs to suppress ifcfg-WAN
# auto-creation/moving with XOs using NM/system-connections/ via keyfile.
# ifcfg-rh acts on /etc/sys*/net*/ifcfg-* where we search for devices.
- name: Setting XO has wifi gateway
- name: Setting XO has WiFi gateway
set_fact:
user_wan_iface: "{{ discovered_wan_iface }}"
when: discovered_wan_iface != "none" and xo_model != "none" and has_ifcfg_gw == "none"
@ -20,7 +20,7 @@
iiab_demo_mode: True
when: teamviewer_install and not strict_networking
- name: XO wants usb wifi interface as AP mode
- name: XO laptop wants USB WiFi interface as AP mode
set_fact:
iiab_wireless_lan_iface: "{{ discovered_lan_iface }}"
when: num_wifi_interfaces >= "2" and xo_model != "none" and discovered_wan_iface != "none" and discovered_wireless_iface == "eth0"
@ -32,7 +32,7 @@
gui_static_wan_ip: undefined
when: gui_static_wan_ip != "unset" and not gui_static_wan
- name: undo gui-static-wan by requesting new template file
- name: Undo gui-static-wan by requesting new template file
set_fact:
has_WAN: False
when: gui_static_wan_ip != "unset" and not gui_static_wan
@ -64,7 +64,7 @@
# gui wants LanController # keeps ifcfg-WAN but onboot=no
# the change over might be a little bumpy ATM.
- name: Setting GUI wants LanController
- name: Setting GUI wants 'LanController'
set_fact:
device_gw: "none"
user_wan_iface: "none"
@ -75,13 +75,13 @@
# single interface vars/ users would need to set iiab_wan_enabled False as above, to disable the WAN
# and set user_lan_iface = <device> to suppress the auto detection for the same effect.
- name: Setting user_lan_iface for LanController for single interface
- name: Setting user_lan_iface for 'LanController' for single interface
set_fact:
user_lan_iface: "{{ discovered_wan_iface }}"
when: discovered_wan_iface != "none" and num_lan_interfaces == "0" and gui_desired_network_role is defined and gui_desired_network_role == "LanController"
# override with user_wan_iface setting if no longer in auto
- name: setting user WAN fact
- name: Setting user WAN fact
set_fact:
iiab_wan_iface: "{{ user_wan_iface }}"
when: user_wan_iface != "auto"
@ -93,14 +93,14 @@
when: 'not iiab_lan_enabled'
# gui wants Appliance Note: could of used iiab_lan_enabled false
- name: Setting GUI wants Appliance
- name: Setting GUI wants 'Appliance'
set_fact:
user_lan_iface: "none"
iiab_gateway_enabled: "False"
when: gui_desired_network_role is defined and gui_desired_network_role == "Appliance"
# gui wants Gateway
- name: Setting GUI wants and has active Gateway
- name: Setting GUI wants and has active 'Gateway'
set_fact:
user_lan_iface: "auto"
user_wan_iface: "{{ iiab_wan_iface }}"
@ -114,17 +114,17 @@
user_wan_iface: "{{ discovered_lan_iface }}"
when: num_lan_interfaces == "1" and user_lan_iface == "auto" and user_wan_iface == "auto"
- name: No LAN configured - Appliance mode
- name: No LAN configured - 'Appliance' mode
set_fact:
iiab_network_mode: "Appliance"
when: iiab_lan_iface == "none"
- name: LAN configured - LanController mode
- name: LAN configured - 'LanController' mode
set_fact:
iiab_network_mode: "LanController"
when: iiab_lan_iface != "" and iiab_wan_iface == "none"
- name: LAN configured - Gateway mode
- name: LAN configured - 'Gateway' mode
set_fact:
iiab_network_mode: "Gateway"
when: iiab_lan_iface != "none" and iiab_wan_iface != "none"
@ -136,17 +136,17 @@
when: 'user_lan_iface != "auto"'
# so this works
- name: interface count
- name: Interface count
shell: ls /sys/class/net | grep -v -e lo | wc | awk '{print $1}'
register: adapter_count
# well if there ever was a point to tell the user thing are FUBAR this is it.
# well if there ever was a point to tell the user things are FUBAR this is it.
- name: We're hosed no work interfaces
set_fact:
iiab_network_mode: "No_network_found"
when: adapter_count.stdout|int == "0"
# well if there ever was a point to tell the user thing are FUBAR this is it.
# well if there ever was a point to tell the user things are FUBAR this is it.
- name: I'm not guessing declare gateway please
set_fact:
iiab_network_mode: "Undetectable_use_local_vars"

6
roles/network/tasks/computed_services.yml
View file

@ -1,4 +1,4 @@
- name: No LAN configured - Appliance mode
- name: No LAN configured - 'Appliance' mode
set_fact:
dansguardian_enabled: False
squid_enabled: False
@ -8,7 +8,7 @@
iiab_network_mode: "Appliance"
when: iiab_lan_iface == "none" or user_lan_iface == "none"
- name: LAN configured - LanController mode
- name: LAN configured - 'LanController' mode
set_fact:
named_enabled: True
dhcpd_enabled: True
@ -18,7 +18,7 @@
iiab_network_mode: "LanController"
when: iiab_lan_iface != "" and iiab_wan_iface == "none"
- name: LAN configured - Gateway mode
- name: LAN configured - 'Gateway' mode
set_fact:
named_enabled: True
dhcpd_enabled: True

12
roles/network/tasks/dansguardian.yml
View file

@ -1,4 +1,4 @@
- name: Install dansguardian packages
- name: Install DansGuardian packages
package: name={{ item }}
state=present
with_items:
@ -6,7 +6,7 @@
tags:
- download
- name: Copy dansguardian config file
- name: Copy DansGuardian config file
template: src=squid/dansguardian.conf.j2
dest=/etc/dansguardian/dansguardian.conf
owner=dansguardian
@ -14,7 +14,7 @@
mode=0640
when: ansible_distribution == "Fedora"
- name: Copy dansguardian config file
- name: Copy DansGuardian config file
template: src=squid/dansguardian.conf.debian.j2
dest=/etc/dansguardian/dansguardian.conf
owner=dansguardian
@ -22,7 +22,7 @@
mode=0640
when: is_debuntu
- name: Copy dansguardian config file for CentOS
- name: Copy DansGuardian config file for CentOS
template: src=squid/dansguardian.conf.centos.j2
dest=/etc/dansguardian/dansguardian.conf
owner=dansguardian
@ -30,7 +30,7 @@
mode=0640
when: ansible_distribution == "CentOS"
- name: Create dansguardian log directory
- name: Create 'dansguardian' log directory
file: path=/var/log/dansguardian
owner=dansguardian
group=dansguardian
@ -38,7 +38,7 @@
state=directory
when: ansible_distribution != "CentOS"
- name: Create dansguardian log directory for CentOS
- name: Create DansGuardian log directory for CentOS
file: path=/var/log/dansguardian
owner=dansguardian
group=vscan

14
roles/network/tasks/debian.yml
View file

@ -10,21 +10,21 @@
# 5. In gateway: eth0 is wan, and wlan0 is under br0 (only one adapter under br0)
# 6. As a slight concess to auto config, if eth1 exists, make it wan, and force gateway
- name: in upgrade from earlier 6.2, delete the resolvconf
- name: In upgrade from earlier IIAB 6.2, delete the resolvconf
package: name=resolvconf
state=absent
enabled=False
ignore_errors: True
- name: Get the dhcp client daemon used in recent raspbian
- name: Get the dhcp client daemon used in recent Raspbian
package: name=dhcpcd5
state=present
- name: for upgrades from earlier 6.2, remove br0 file
- name: For upgrades from earlier IIAB 6.2, remove br0 file
file: path=/etc/network/interfaces.d/br0
state=absent
- name: default to lan controller
- name: Default to 'lan_controller'
set_fact:
gui_desired_network_role: "lan_controller"
when: not gui_desired_network_role is defined
@ -38,7 +38,7 @@
src=network/iiab.j2
register: interface
- name: start up the dhcpcd service
- name: Start up the dhcpcd service
service: name=dhcpcd
enabled=True
state=started
@ -51,11 +51,11 @@
service: name=bind9 state=stopped
when: interface.changed
- name: restart the networking service
- name: Restart the networking service
service: name=networking state=restarted
when: interface.changed
- name: start up hostapd again
- name: Start up hostapd again
service: name=hostapd state=started
when: interface.changed

26
roles/network/tasks/detected_network.yml
View file

@ -20,13 +20,13 @@
device_gw2: "{{ prior_gw.stdout }}"
when: not first_run and prior_gw is defined and prior_gw.stdout != ""
- name: Setting wan if detected
- name: Setting WAN if detected
set_fact:
iiab_wan_iface: "{{ discovered_wan_iface }}"
device_gw: "{{ discovered_wan_iface }}"
when: discovered_wan_iface != "none"
- name: RedHat Network detection
- name: RedHat network detection
include: detected_redhat.yml
when: is_redhat
@ -46,14 +46,14 @@
- "{{ wireless_list1.stdout_lines }}"
# WIRELESS -- Sigh... Not all drivers update /proc/net/wireless correctly
- name: Look for any wireless interfaces take 2
- name: Look for any wireless interfaces (take 2)
shell: "ls -la /sys/class/net/*/phy80211 | awk -F / '{print $5}'"
register: wireless_list2
ignore_errors: True
changed_when: False
# Last device is used
- name: Set the discovered wireless, if found take 2
- name: Set the discovered wireless, if found (take 2)
set_fact:
wifi2: "{{ item|trim }}"
discovered_wireless_iface: "{{ item|trim }}"
@ -61,30 +61,30 @@
with_items:
- "{{ wireless_list2.stdout_lines }}"
- name: Count Wifi ifaces
- name: Count WiFi ifaces
shell: "ls -la /sys/class/net/*/phy80211 | awk -F / '{print $5}' | wc -l"
register: count_wifi_interfaces
- name: Remember number of Wifi devices
- name: Remember number of WiFi devices
set_fact:
num_wifi_interfaces: "{{ count_wifi_interfaces.stdout|int }}"
# XO hack here ap_device would not be active therefore not set with
# wired as gw use ap_device to exclude eth0 from network calulations
- name: XO override 2 wifi on LAN
- name: XO laptop override 2 WiFi on LAN
set_fact:
ap_device: "eth0"
when: iiab_wan_iface != "eth0" and discovered_wireless_iface != "none" and xo_model == "XO-1.5"
# takes adapter name
- name: Blacklisted wifi adapter
- name: Blacklisted WiFi adapter
set_fact:
ap_device: "{{ blacklist_wifi }}"
when: blacklist_wifi is defined and discovered_wireless_iface != iiab_wan_iface and num_wifi_interfaces >= "2"
# LAN - pick non WAN's
- name: Create list of LAN (non wan) ifaces
- name: Create list of LAN (non WAN) ifaces
shell: ls /sys/class/net | grep -v -e wwlan -e ppp -e lo -e br0 -e tun -e {{ device_gw }} -e {{ ap_device }}
register: lan_list_result
ignore_errors: True
@ -92,7 +92,7 @@
# Select an adapter that is not WAN and not wireless
# if there is more than one the last one wins
- name: Set iiab discovered lan fact
- name: Set IIAB discovered_lan_iface fact
set_fact:
discovered_lan_iface: "{{ item|trim }}"
when: item|trim != discovered_wireless_iface and item|trim != discovered_wan_iface
@ -118,7 +118,7 @@
# num_lan_interfaces: "1"
# when: iiab_lan_enabled and iiab_wan_enabled and num_lan_interfaces == "2" and discovered_wireless_iface != "none" and iiab_wan_iface == "none"
- name: Set the variable for wireless_iface if present
- name: Set variable discovered_wireless_iface if present
set_fact:
iiab_wireless_lan_iface: "{{ discovered_wireless_iface }}"
when: discovered_wireless_iface != "none" and discovered_wireless_iface != iiab_wan_iface
@ -128,12 +128,12 @@
# moved to detected_redhat
# use value only if present
- name: Setting detected lan
- name: Setting detected LAN
set_fact:
iiab_lan_iface: "{{ discovered_lan_iface }}"
when: 'discovered_lan_iface != "none" and num_lan_interfaces == "1"'
- name: for debian, always use bridging
- name: For Debian, always use bridging
set_fact:
iiab_lan_iface: br0
when: 'discovered_lan_iface != "none" and num_lan_interfaces >= "1" and is_debuntu'

8
roles/network/tasks/detected_redhat.yml
View file

@ -42,13 +42,13 @@
ignore_errors: True
changed_when: False
- name: Set has ifcfg gw based on on macaddress if found
- name: Set has ifcfg gw based on macaddress if found
set_fact:
has_ifcfg_gw: "{{ ifcfg_gw_mac.stdout|trim }}"
when: ifcfg_gw_mac is defined and ifcfg_gw_mac.changed and ifcfg_gw_mac.stdout != ""
# could use something else - Can Fail
- name: Find wifi gateway config if present - Can Fail
- name: Find WiFi gateway config if present - Can Fail
shell: egrep -rn ESSID /etc/sysconfig/network-scripts/ifcfg* | gawk -F ':' '{print $1}' | gawk -F '/' '{print $5}'
register: ifcfg_WAN_wifi
ignore_errors: True
@ -61,13 +61,13 @@
with_items:
- "{{ ifcfg_WAN_wifi.stdout_lines }}"
- name: Finding device for wifi AP gateway - Can Fail
- name: Finding device for WiFi AP gateway - Can Fail
shell: egrep -rn DEVICE /etc/sysconfig/network-scripts/{{ has_wifi_gw }} | gawk -F '=' '{print $2}'
when: has_wifi_gw != "none" and has_ifcfg_gw != "none"
register: AP_device
ignore_errors: True
- name: Setting wifi device
- name: Setting WiFi device
set_fact:
ap_device: "{{ AP_device.stdout }}"
when: AP_device.stdout is defined and AP_device.stdout != ""

2
roles/network/tasks/dhcpd.yml
View file

@ -31,7 +31,7 @@
creates=/var/lib/dhcpd/dhcpd.leases
when: is_redhat
- name: Check leases permissions
- name: Check lease's permissions
file: path=/var/lib/dhcpd/dhcpd.leases
owner=dhcpd
group=dhcpd

6
roles/network/tasks/edit_ifcfg.yml
View file

@ -1,4 +1,4 @@
- name: Turn off isp nameservers
- name: Turn off ISP nameservers
lineinfile: state=present
backrefs=yes
regexp='^PEERDNS'
@ -34,9 +34,9 @@
dest={{ has_ifcfg_gw }}
when: iiab_wan_iface != "none" and has_wifi_gw == "none"
- name: add marker
- name: Add marker
lineinfile: state=present
line="# Modified by XSCE"
line="# Modified by IIAB"
dest={{ has_ifcfg_gw }}
- name: Rename supplied gateway ifcfg file to WAN if present

20
roles/network/tasks/enable_services.yml
View file

@ -39,12 +39,12 @@
enabled=no
when: not named_enabled
- name: Enable dansguardian
- name: Enable DansGuardian
service: name=dansguardian
enabled=yes
when: dansguardian_enabled and dansguardian_install
- name: Disable dansguardian
- name: Disable DansGuardian
service: name=dansguardian
enabled=no
when: not dansguardian_enabled and dansguardian_install
@ -54,7 +54,7 @@
creates=/etc/sysconfig/xs_httpcache_on
when: squid_enabled
- name: Enable squid service
- name: Enable Squid service
service: name={{ proxy }}
enabled=yes
when: squid_enabled and squid_install
@ -73,13 +73,13 @@
mode: '0644'
when: squid_enabled and squid_install
- name: point to Squid config file from startup file
- name: Point to Squid config file from startup file
lineinfile: regexp='^CONFIG'
line='CONFIG=/etc/{{ proxy }}/squid-iiab.conf'
dest=/etc/init.d/{{ proxy }}
when: squid_enabled and squid_install and is_debuntu
- name: Disable squid service
- name: Disable Squid service
service: name={{ proxy }}
enabled=no
when: not squid_enabled and squid_install
@ -89,12 +89,12 @@
state=absent
when: not squid_enabled
- name: Enable wondershaper service
- name: Enable Wondershaper service
service: name=wondershaper
enabled=yes
when: wondershaper_enabled and wondershaper_install
- name: Disable wondershaper service
- name: Disable Wondershaper service
service: name=wondershaper
enabled=no
when: not wondershaper_enabled and wondershaper_install
@ -113,7 +113,7 @@
- name: Execute the script that sets up userspace firewall
shell: iiab-gen-iptables
- name: Add squid to service list
- name: Add 'squid' to service list
ini_file: dest='{{ service_filelist }}'
section=squid
option='{{ item.option }}'
@ -122,7 +122,7 @@
- option: enabled
value: "{{ squid_enabled }}"
- name: Add dansguardian to service list
- name: Add 'dansguardian' to service list
ini_file: dest='{{ service_filelist }}'
section=dansguardian
option='{{ item.option }}'
@ -131,7 +131,7 @@
- option: enabled
value: "{{ dansguardian_enabled }}"
- name: Add wondershaper to service list
- name: Add 'wondershaper' to service list
ini_file: dest='{{ service_filelist }}'
section=wondershaper
option='{{ item.option }}'

6
roles/network/tasks/hostapd.yml
View file

@ -6,7 +6,7 @@
mode=0644
when: iiab_wireless_lan_iface != "none"
- name: Disable the Access Point Hostapd program
- name: Disable the Access Point hostapd program
service: enabled=no
name=hostapd.service
state=stopped
@ -19,10 +19,10 @@
group=root
mode=0644
- name: ask systemd to reread the unit files for hostapd
- name: Ask systemd to reread the unit files for hostapd
shell: systemctl daemon-reload
- name: Enable the Access Point Hostapd program
- name: Enable the Access Point hostapd program
service: enabled=yes
name=hostapd.service
state=restarted

2
roles/network/tasks/ifcfg_mods.yml
View file

@ -1,4 +1,4 @@
- name: Stop the Access Point Hostapd program
- name: Stop the Access Point hostapd program
service: name=hostapd.service
state=stopped
when: iiab_wireless_lan_iface != "none"

2
roles/network/tasks/iptables.yml
View file

@ -50,7 +50,7 @@
- { 0: 'gateway/iptables-config', 1: '/etc/sysconfig/iptables-config', 2: '0644' }
- { 0: 'gateway/check-LAN', 1: '/usr/bin/check-LAN', 2: '0755' }
- name: Install debian config
- name: Install Debian config
template: src=gateway/iptables dest=/etc/network/if-pre-up.d/iptables
mode=0755
when: is_debuntu

4
roles/network/tasks/main.yml
View file

@ -80,7 +80,7 @@
tags:
- network
- name: ask systemd to reread the unit files, picks up changes done
- name: Ask systemd to reread the unit files, picks up changes done
shell: systemctl daemon-reload
when: not installing
@ -99,7 +99,7 @@
- network
when: is_debuntu and is_rpi and not installing
- name: Create iiab network flags
- name: Create IIAB network flags
template: src=network/{{ item }}.j2
dest=/etc/sysconfig/{{ item }}
mode=0644

12
roles/network/tasks/named.yml
View file

@ -1,4 +1,4 @@
- name: Install named packages
- name: Install named packages for Debian/Debuntu
package: name={{ item }}
state=present
with_items:
@ -8,7 +8,7 @@
tags:
- download
- name: Install named packages
- name: Install named packages for non Debian/Debuntu
package: name={{ item }}
state=present
with_items:
@ -64,7 +64,7 @@
- { src: 'named/dummy', dest: '/var/named-iiab/data/dummy' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/named.blackhole', dest: '/var/named-iiab/named.blackhole' , owner: "{{ dns_user }}" , mode: '0644'}
- name: substitute our unit file which uses $OPTIONS from sysconfig
- name: Substitute our unit file which uses $OPTIONS from sysconfig
template: src=named/{{ dns_service }}.service
dest=/etc/systemd/system/{{ dns_service }}.service
mode=0644
@ -74,19 +74,19 @@
template: src=named/dns-jail.conf dest=/etc/{{ apache_config_dir }}/
when: dns_jail_enabled
- name: Separate enabling required for debian
- name: Separate enabling required for Debian
file: src=/etc/{{ apache_config_dir }}/dns-jail.conf
path=/etc/{{ apache_service }}/sites-enabled/dns-jail.conf
state=link
when: is_debuntu and dns_jail_enabled
- name: Separate enabling/disabling required for debian
- name: Separate enabling/disabling required for Debian
file: src=/etc/{{ apache_config_dir }}/dns-jail.conf
path=/etc/{{ apache_service }}/sites-enabled/dns-jail.conf
state=absent
when: is_debuntu and not dns_jail_enabled
- name: Separate enabling/disabling required for non debian
- name: Separate enabling/disabling required for non Debian
file: path=/etc/{{ apache_config_dir }}/dns-jail.conf
state=absent
when: not is_debuntu and not dns_jail_enabled

10
roles/network/tasks/redetect.yml
View file

@ -27,12 +27,12 @@
debug: msg="NO WAN known"
when: not has_WAN
- name: Finding connection name for wifi AP gateway first
- name: Finding connection name for WiFi AP gateway first
shell: egrep -rn NAME /etc/sysconfig/network-scripts/{{ has_wifi_gw }} | gawk -F '=' '{print $2}'
register: ap_name
when: has_wifi_gw != "none" and has_ifcfg_gw != "none"
- name: Trying wifi first
- name: Trying WiFi first
shell: nmcli conn up id {{ ap_name.stdout }}
register: try_wifi
ignore_errors: yes
@ -44,7 +44,7 @@
when: try_wifi is defined and try_wifi.changed
# We have the DEVICE?
- name: Now setting iiab_wan_iface based on wifi
- name: Now setting iiab_wan_iface based on WiFi
set_fact:
iiab_wan_iface: "{{ dhcp_wifi_results.stdout }}"
dhcp_good: True
@ -69,7 +69,7 @@
has_WAN: False
when: dhcp_WAN is defined and dhcp_WAN|failed and wan_ip == "dhcp"
- name: interface list
- name: Interface list
shell: ls /sys/class/net | grep -v -e lo -e br -e tun
register: adapter_list
@ -134,7 +134,7 @@
### keep at end.
### If dhcp fails the single interface will become LAN again because we didn't prevent the creation
# Now disable LAN if single interface
- name: DHCP found on Single interface forcing LAN disabled.
- name: DHCP found on Single interface forcing LAN disabled
set_fact:
iiab_lan_iface: "none"
when: dhcp_good and adapter_count.stdout|int == "1"

10
roles/network/tasks/restart.yml
View file

@ -16,28 +16,28 @@
when: named_enabled
register: dns_started
- name: Stop dansguardian
- name: Stop DansGuardian
service: name=dansguardian
state=stopped
when: not dansguardian_enabled and dansguardian_install
- name: Restart dansguardian
- name: Restart DansGuardian
service: name=dansguardian
state=restarted
when: dansguardian_enabled and dansguardian_install
- name: Stop squid service
- name: Stop Squid service
service: name={{ proxy }}
state=stopped
when: not squid_enabled and squid_install
# Squid get re-loaded with dispatcher.d
- name: Restart squid service
- name: Restart Squid service
service: name={{ proxy }}
state=started
when: squid_enabled and squid_install
- name: Restart wondershaper service
- name: Restart Wondershaper service
service: name=wondershaper
state=restarted
when: wondershaper_enabled

14
roles/network/tasks/rpi_debian.yml
View file

@ -10,7 +10,7 @@
# 5. In gateway: eth0 is wan, and wlan0 is under br0 (only one adapter under br0)
# 6. As a slight concess to auto config, if eth1 exists, make it wan, and force gateway
- name: Raspbian stock has openresolv which is not available in debian, off it
- name: Raspbian stock has openresolv which is not available in Debian, off it
package: name=openresolv
state=absent
@ -18,11 +18,11 @@
package: name=resolvconf
state=absent
- name: on upgrade from earlier iiab versions, remove /etc/network/interfaces.d/br0
- name: On upgrade from earlier IIAB versions, remove /etc/network/interfaces.d/br0
file: path=/etc/network/interfaces.d/br0
state=absent
- name: default to lan controller
- name: Default to 'LanController'
set_fact:
gui_desired_network_role: "LanController"
when: not gui_desired_network_role is defined
@ -53,21 +53,21 @@
ignore_errors: True
when: interface.changed
- name: and remove the device
- name: And remove the device
command: brctl delbr br0
ignore_errors: True
when: interface.changed
- name: reset the eth0 interface
- name: Reset the eth0 interface
command: ifdown eth0
ignore_errors: True
when: interface.changed
- name: restart the networking service
- name: Restart the networking service
service: name=networking state=restarted
when: interface.changed
- name: start up hostapd again
- name: Start up hostapd again
service: name=hostapd state=started
when: interface.changed

14
roles/network/tasks/squid.yml
View file

@ -1,4 +1,4 @@
- name: Install squid packages
- name: Install Squid packages
package: name={{ item }}
state=present
with_items:
@ -7,7 +7,7 @@
tags:
- download
- name: Create the squid user
- name: Create the Squid user
user: name={{ proxy_user }}
createhome=False
shell=/bin/false
@ -50,14 +50,14 @@
group: 'root'
mode: '0755'
- name: Create squid cache directory
- name: Create Squid cache directory
file: path=/library/cache
owner={{ proxy_user }}
group={{ proxy_user }}
mode=0750
state=directory
- name: Create squid log directory
- name: Create Squid log directory
file: path=/var/log/{{ proxy }}
owner={{ proxy_user }}
group={{ proxy_user }}
@ -73,7 +73,7 @@
ignore_errors: yes
when: not installing
- name: Add squid to service list
- name: Add Squid to service list
ini_file: dest='{{ service_filelist }}'
section={{ proxy }}
option='{{ item.option }}'
@ -86,7 +86,7 @@
- option: enabled
value: "{{ squid_enabled }}"
- name: Add dansguardian to service list
- name: Add 'dansguardian' to service list
ini_file: dest='{{ service_filelist }}'
section=dansguardian
option='{{ item.option }}'
@ -95,6 +95,6 @@
- option: name
value: dansguardian
- option: description
value: '"Dansguardian searches web content for sexual references and denies access when found"'
value: '"DansGuardian searches web content for obectionable references and denies access when found."'
- option: enabled
value: "{{ dansguardian_enabled }}"

4
roles/network/tasks/static.yml
View file

@ -1,6 +1,6 @@
# supply an ifcfg if no gateway detected but wan_ip is set
# set user_wan_iface: <device> and use wan_* for static info
- name: Supply wan interface file
- name: Supply WAN interface file
template: src=network/ifcfg-WAN.j2
dest=/etc/sysconfig/network-scripts/ifcfg-WAN
@ -12,7 +12,7 @@
ignore_errors: yes
when: 'ansible_distribution_version >= "21" and wan_ip != "dhcp"'
- name: use upstream nameserver until named is installed
- name: Use upstream nameserver until named is installed
lineinfile: dest=/etc/resolv.conf
line='nameserver {{ wan_nameserver }}'
create=yes

14
roles/network/tasks/wondershaper.yml
View file

@ -1,10 +1,10 @@
- name: copy wshaper service script
- name: Copy Wondershaper service script
template: backup=yes
src=wondershaper/wondershaper.service
dest=/etc/systemd/system/wondershaper.service
mode=0644
- name: copy wshaper script
- name: Copy Wondershaper script
template: backup=yes
src=wondershaper/wondershaper.j2
dest=/usr/bin/wondershaper
@ -12,28 +12,28 @@
group=root
mode=0744
- name: create conf.d directory
- name: Create conf.d directory
file: path=/etc/conf.d
owner=root
group=root
mode=0755
state=directory
- name: copy wshaper config script
- name: Copy Wondershaper config script
template: src=wondershaper/wondershaper.conf
dest=/etc/conf.d/wondershaper.conf
owner=root
group=root
mode=0600
- name: create fact for wondershaper config file
- name: Create fact for Wondershaper config file
file: src=/etc/conf.d/wondershaper.conf
dest=/etc/ansible/facts.d/wondershaper.fact
owner=root
group=root
state=link
- name: Add wondershaper to service list
- name: Add 'wondershaper' to service list
ini_file: dest='{{ service_filelist }}'
section=wondershaper
option='{{ item.option }}'
@ -42,6 +42,6 @@
- option: name
value: wondershaper
- option: description
value: '"Wondershaper is a command line tool to set maximum transfer rates for network adapters"'
value: '"Wondershaper is a command line tool to set maximum transfer rates for network adapters."'
- option: enabled
value: "{{ wondershaper_enabled }}"

20
roles/nextcloud/tasks/main.yml
View file

@ -1,14 +1,14 @@
# we need to install the rpm in order to get the dependencies
# but we only need to do this the first time
- name: See if the nextcloud startup page exists
- name: See if the Nextcloud startup page exists
stat: path={{ nextcloud_prefix }}/nextcloud/index.php
register: nextcloud_page
# but we use the tar file to get the latest version
- name: Get the nextcloud software
- name: Get the Nextcloud software
get_url: url={{ nextcloud_dl_url }}/{{ nextcloud_src_file }} dest={{ downloads_dir }}/{{ nextcloud_src_file }}
when: internet_available
async: 900
@ -16,7 +16,7 @@
tags:
- download
- name: ubuntu and debian treat names differently
- name: Ubuntu and Debian treat names differently
package: name={{ item }} state=present
with_items:
- libapache2-mod-php{{ php_version }}
@ -24,7 +24,7 @@
- php{{ php_version }}-zip
when: is_debian
- name: ubuntu and debian treat names differently
- name: Ubuntu and Debian treat names differently
package: name={{ item }} state=present
with_items:
- libapache2-mod-php
@ -70,7 +70,7 @@
dest={{ nextcloud_prefix }}
when: is_F18
- name: in Centos, the following config dir is symlink to /etc/nextcloud
- name: In CentOS, the following config dir is symlink to /etc/nextcloud
file: path=/etc/nextcloud
state=directory
when: is_centos
@ -83,7 +83,7 @@
mode=0640
when: is_centos
- name: Make apache owner
- name: Make Apache owner
file: path={{ nextcloud_prefix }}/nextcloud
owner={{ apache_user }}
group={{ apache_user }}
@ -99,11 +99,11 @@
with_items:
- "{{ nextcloud_data_dir }}"
- name: Create a mysql database for nextcloud
- name: Create a MySQL database for Nextcloud
mysql_db: name={{ nextcloud_dbname }}
when: mysql_enabled and nextcloud_enabled
- name: Create a user to access the nextcloud database
- name: Create a user to access the Nextcloud database
mysql_user: name={{ nextcloud_dbuser }} host={{ item }} password={{ nextcloud_dbpassword }} priv={{ nextcloud_dbname }}.*:ALL,GRANT
with_items:
- "{{ nextcloud_dbhost }}"
@ -113,7 +113,7 @@
when: mysql_enabled and nextcloud_enabled
- name: Restart apache, so it picks up the new aliases
- name: Restart Apache, so it picks up the new aliases
service: name={{ apache_service }} state=restarted
when: not nextcloud_enabled
@ -122,7 +122,7 @@
# following enables and disables
- include: nextcloud_enabled.yml
- name: Add nextcloud to service list
- name: Add Nextcloud to service list
ini_file: dest='{{ service_filelist }}'
section=nextcloud
option='{{ item.option }}'

14
roles/phpmyadmin/tasks/main.yml
View file

@ -1,24 +1,24 @@
- name: Get the phpmyadmin software
- name: Get the phpMyAdmin software
get_url: url="{{ iiab_download_url }}/{{ phpMyAdmin }}" dest="{{ downloads_dir }}/phpMyAdmin.zip"
when: internet_available
- name: Copy it to permanent location /opt
unarchive: src={{ downloads_dir }}/phpMyAdmin.zip dest=/opt/
- name: Create a symbolic link to the folder of the current version phpmyadmin
- name: Create a symbolic link to the folder of the current version phpMyAdmin
file: path=/opt/phpmyadmin src=phpMyAdmin-4.7.5-all-languages state=link
- name: Copy the phpmyadmin config file into place
- name: Copy the phpMyAdmin config file into place
template: src=config.inc.php dest=/opt/phpmyadmin/config.inc.php
- name: Change the owner of the php tree to apache
- name: Change the owner of the PHP tree to Apache
shell: "chown -R {{ apache_user }} /opt/phpmyadmin"
- name: Put the alias into Apache config when enabled
template: src=phpmyadmin.j2 dest=/etc/{{ apache_config_dir }}/phpmyadmin.conf
when: phpmyadmin_enabled
- name: Enable phpmyadmin
- name: Enable phpMyAdmin
file: path=/etc/apache2/sites-enabled/phpmyadmin.conf
src=/etc/apache2/sites-available/phpmyadmin.conf
state=link
@ -29,7 +29,7 @@
state=absent
when: not phpmyadmin_enabled and is_debuntu
- name: add phpmyadmin to service list
- name: Add phpmyadmin to service list
ini_file: dest='{{ service_filelist }}'
section=phpmyadmin
option='{{ item.option }}'
@ -38,7 +38,7 @@
- option: name
value: phpMyAdmin
- option: description
value: '"phpMyAdmin is an interface with a mysql database written in php, and available to administer the database engine locally or across the network"'
value: '"phpMyAdmin is an interface with a MySQL database written in PHP, and available to administer the database engine locally or across the network."'
- option: path
value: /opt/phpmyadmin
- option: enabled

14
roles/postgresql/tasks/main.yml
View file

@ -1,4 +1,4 @@
- name: Install postgresql packages
- name: Install PostgreSQL packages
package: name={{ item }}
state=present
with_items:
@ -6,13 +6,13 @@
tags:
- download
- name: Install postgresql for debian
- name: Install PostgreSQL for Debian
package: name=postgresql-client
when: is_debuntu
tags:
- download
- name: Install postgresql for fedora
- name: Install PostgreSQL for Fedora
package: name=postgresql-server
when: not is_debuntu
tags:
@ -32,12 +32,12 @@
mode=0700
state=directory
- name: make sure that the en_US locale is enabled
- name: Make sure that the en_US locale is enabled
lineinfile: dest=/etc/locale.gen
line="{{ postgresql_locale }} UTF-8"
when: is_debuntu
- name: generate the selected locales
- name: Generate the selected locales
command: /usr/sbin/locale-gen
when: is_debuntu
@ -56,7 +56,7 @@
creates=/library/pgsql-iiab/pg_hba.conf
when: not is_debuntu
- name: Configure postgres
- name: Configure PostgreSQL
template: backup=yes
src=postgresql.conf.j2
dest=/library/pgsql-iiab/postgresql.conf
@ -80,7 +80,7 @@
enabled=yes
when: postgresql_enabled
- name: Stop and disable postgresql-iiab service
- name: Stop and disable postgresql service if not postgresql_enabled
service: name=postgresql
state=stopped
enabled=no

16
roles/sugarizer/tasks/main.yml
View file

@ -1,4 +1,4 @@
- name: Download the latest stable version of sugarizer from location under our control
- name: Download the latest stable version of Sugarizer from location under our control
get_url: url={{ iiab_download_url }}/{{ sugarizer_version }}.tar.gz
dest={{ downloads_dir }}/{{ sugarizer_version }}.tar.gz
@ -29,12 +29,12 @@
- nodejs
- npm
# attempting to reinstall npm is broken on raspbian 9
- name: check for sugarizer already installed
# attempting to reinstall npm is broken on Raspbian 9
- name: Check for Sugarizer already installed
stat: path={{ sugarizer_location }}/sugarizer/server/node_modules
register: npm
- name: set a flag to abort second attempt to install
- name: Set a flag to abort second attempt to install
set_fact:
npm_exists: True
when: npm.stat.exists is defined and npm.stat.exists
@ -68,7 +68,7 @@
chdir: "{{ sugarizer_location }}/sugarizer/server"
when: is_F18 and not npm_exists
- name: enable services - All
- name: Enable services - All
service: name={{ item.name }}
enabled=yes
state=restarted
@ -76,7 +76,7 @@
- { name: sugarizer }
when: sugarizer_enabled
- name: disable services - All
- name: Disable services - All
service: name={{ item.name }}
enabled=no
state=stopped
@ -84,7 +84,7 @@
- { name: sugarizer }
when: not sugarizer_enabled
- name: add sugarizer to service list
- name: Add Sugarizer to service list
ini_file: dest='{{ service_filelist }}'
section=sugarizer
option='{{ item.option }}'
@ -93,6 +93,6 @@
- option: name
value: Sugarizer
- option: description
value: '"The Sugar Learning Platform is a leading learning platform that began in the famous One Laptop Per Child project. Sugarizer is a web implementation of that platform"'
value: '"The Sugar Learning Platform is a leading learning platform that began in the famous One Laptop Per Child project. Sugarizer is a web implementation of that platform."'
- option: enabled
value: "{{ sugarizer_enabled }}"

10
roles/usb-lib/tasks/main.yml
View file

@ -31,24 +31,24 @@
state=absent
when: not usb_lib_enabled
- name: Add apache config for content directory
- name: Add Apache config for content directory
template: src=content_dir.conf
dest=/etc/{{ apache_config_dir }}
when: usb_lib_enabled
- name: create the link to enable for debian
- name: Create the link to enable for Debian
file: src=/etc/{{ apache_config_dir }}/content_dir.conf
dest=/etc/apache2/sites-enabled/content_dir.conf
state=link
when: is_debuntu
- name: remove the link that enables in debian
- name: Remove the link that enables in Debian
file: src=/etc/{{ apache_config_dir }}/content_dir.conf
dest=/etc/apache2/sites-enabled/content_dir.conf
state=absent
when: is_debuntu and not usb_lib_enabled
- name: remove apache config for content directory
- name: Remove Apache config for content directory
file: name=/etc/{{ apache_config_dir }}/content_dir.conf
state=absent
when: not usb_lib_enabled
@ -62,6 +62,6 @@
- option: name
value: usb-lib
- option: description
value: '"usb-lib automounts a usb drive with and links to library content."'
value: '"usb-lib automounts a USB drives and links to library content."'
- option: enabled
value: "{{ usb_lib_enabled }}"

10
roles/vnstat/tasks/main.yml
View file

@ -7,24 +7,24 @@
tags:
- download
- name: put the config file in place
- name: Put the config file in place
template: src=vnstat.conf.j2
dest=/etc/vnstat.conf
mode=0744
owner=root
group=root
- name: create database for wan to collect vnstat data
- name: Create database for WAN to collect vnStat data
shell: /usr/bin/vnstat -i {{ iiab_wan_iface }}
- name: create database for lan to collect vnstat data if not appliace config
- name: Create database for LAN to collect vnStat data if not appliance config
shell: /usr/bin/vnstat -i {{ iiab_lan_iface }}
when: not iiab_lan_iface == ""
- name: start vnstat daemon via systemd
- name: Start vnStat daemon via systemd
service: name=vnstat enabled=yes state=started
- name: Add vnstat to service list
- name: Add vnStat to service list
ini_file: dest='{{ service_filelist }}'
section=vnstat
option='{{ item.option }}'