Merge branch 'master' into wifi_info

2025-02-13 03:32:12 +00:00 · 2021-04-30 11:30:31 -05:00 · 2021-04-30 11:30:31 -05:00 · a643df2595
commit a643df2595
parent b10f2f9f14 eeb9ea1589
51 changed files with 243 additions and 184 deletions
--- a/4
+++ b/4
@ -73,7 +73,7 @@ if [[ `command -v nmcli` ]]; then        # "command -v" is POSIX compliant; it c
 fi

 ip r >> iiab-network.log
-brctl show >> iiab-network.log
+bridge -d link >> iiab-network.log
 echo >> iiab-network.log
 echo "iiab-network run start: $Start" >> iiab-network.log
 echo "iiab-network run end: $End" >> iiab-network.log
@ -88,7 +88,7 @@ if [[ `command -v nmcli` ]]; then
    nmcli c
 fi
 ip r
-brctl show
+bridge -d link
 echo
 echo "iiab-network run start: $Start"
 echo "iiab-network run end: $End"
--- a/roles/2-common/tasks/iptables.yml
+++ b/roles/2-common/tasks/iptables.yml
@ -1,54 +0,0 @@
- name: Disable firewalld service (OS's other than debuntu)
-  service:
-    name: firewalld
-    enabled: no
-  when: not is_debuntu
-
-# Likely no longer nec as of 2019
- name: Use larger hammer -- systemctl disable firewalld -- 2 symbolic links involved (OS's other than debuntu)
-  shell: systemctl disable firewalld.service
-  when: not is_debuntu
-
- name: Mask firewalld service (OS's other than debuntu)
-  shell: systemctl mask firewalld
-  ignore_errors: yes
-  when: not installing and not is_debuntu
-
- name: Stop firewalld service (OS's other than debuntu)
-  service:
-    name: firewalld
-    state: stopped
-  ignore_errors: yes
-  when: not installing and not is_debuntu
-
- name: Remove /etc/systemd/system/iptables.service
-  file:
-    path: /etc/systemd/system/iptables.service
-    state: absent
-
- name: Install package iptables-persistent (debuntu)
-  package:
-    name: iptables-persistent
-    state: present
-  when: is_debuntu
-
- name: Install package iptables-services (OS's other than debuntu)
-  package:
-    name: iptables-services
-    state: present
-  when: not is_debuntu
-
- name: Install /etc/sysconfig/iptables-config from template
-  template:
-    src: iptables-config
-    dest: /etc/sysconfig/iptables-config
-    # owner: root
-    # group: root
-    # mode: '0644'
-
- name: Install /etc/network/if-pre-up.d/iptables from template (debuntu)
-  template:
-    src: iptables
-    dest: /etc/network/if-pre-up.d/iptables
-    mode: '0755'
-  when: is_debuntu
--- a/roles/2-common/tasks/main.yml
+++ b/roles/2-common/tasks/main.yml
@ -19,7 +19,7 @@
  when: xo_model != "none" or osbuilder is defined

 - include_tasks: packages.yml
- include_tasks: iptables.yml
+- include_tasks: network.yml

 # Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes:
 - name: Use 'sysctl' to set 5 network/kernel settings, turning off IPv6 if possible
--- a/roles/2-common/tasks/network.yml
+++ b/roles/2-common/tasks/network.yml
@ -0,0 +1,23 @@
+- name: Install package networkd-dispatcher (OS's other than RaspOS)
+  package:
+    name: networkd-dispatcher
+    state: present
+  when: not is_raspbian
+
+# used in the network role
+- name: Install network related packages (debuntu)
+  package:
+    name:
+      - iproute2
+      - iptables-persistent
+      - hostapd
+      - netmask
+    state: present
+  when: is_debuntu
+
+- name: Install /etc/network/if-pre-up.d/iptables from template (debuntu)
+  template:
+    src: iptables
+    dest: /etc/network/if-pre-up.d/iptables
+    mode: '0755'
+  when: is_debuntu
--- a/roles/2-common/tasks/packages.yml
+++ b/roles/2-common/tasks/packages.yml
@ -27,23 +27,21 @@
    state: present
  when: is_debuntu

- name: "Install 22 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget"
+- name: "Install 20 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget"
  package:
    name:
      - acpid         # Daemon for ACPI (power mgmt) events
-      - bridge-utils    # DEPRECATED according to https://wiki.linuxfoundation.org/networking/bridge SEE PR #2752
      - bzip2         # 2021-04-26: Prob not used, but can't hurt?
      - curl          # Used to install roles/nodejs and roles/nodered
      #- etckeeper    # "nobody is really using etckeeper and it's bloating the filesystem every time apt runs" per @jvonau at https://github.com/iiab/iiab/issues/1146
      - gawk
-      - hostapd
      - htop
      - i2c-tools     # Low-level bus/chip/register/EEPROM tools e.g. for RTC
+      - iproute2
      - logrotate
      #- lynx         # Installed by 1-prep's roles/iiab-admin/tasks/access.yml
      - make          # 2021-04-26: What roles (if any) truly still use this?
      - mlocate
-      - netmask
      - net-tools     # 2021-04-26: @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output?
      - ntfs-3g       # Possibly no longer nec, similar to exfat packages above?
      #- openssh-server    # ssh (Raspbian) or openssh-server (other OS's) already installed by 1-prep's roles/sshd/tasks/main.yml
--- a/roles/awstats/tasks/main.yml
+++ b/roles/awstats/tasks/main.yml
@ -44,7 +44,7 @@
      value: AWStats
    - option: description
      value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."'
-    - option: install
+    - option: awstats_install
      value: "{{ awstats_install }}"
-    - option: enabled
+    - option: awstats_enabled
      value: "{{ awstats_enabled }}"
--- a/roles/bluetooth/tasks/enable-or-disable.yml
+++ b/roles/bluetooth/tasks/enable-or-disable.yml
--- a/roles/bluetooth/tasks/main.yml
+++ b/roles/bluetooth/tasks/main.yml
@ -24,7 +24,7 @@
  when: bluetooth_installed is undefined


- include_tasks: enable.yml    # i.e. enable-or-disable.yml in other roles
+- include_tasks: enable-or-disable.yml


 - name: Add 'bluetooth' variable values to {{ iiab_ini_file }}
@ -38,6 +38,8 @@
      value: Bluetooth
    - option: description
      value: '"Bluetooth services for pan and terminal."'
+    - option: bluetooth_install
+      value: "{{ bluetooth_install }}"
    - option: bluetooth_enabled
      value: "{{ bluetooth_enabled }}"
    - option: bluetooth_term_enabled
--- a/roles/calibre-web/tasks/main.yml
+++ b/roles/calibre-web/tasks/main.yml
@ -59,6 +59,10 @@
      value: Calibre-Web
    - option: description
      value: '"Calibre-Web is a web app providing a clean interface for browsing, reading and downloading e-books."'
+    - option: calibreweb_install
+      value: "{{ calibreweb_install }}"
+    - option: calibreweb_enabled
+      value: "{{ calibreweb_enabled }}"
    - option: calibreweb_url1
      value: "{{ calibreweb_url1 }}"
    - option: calibreweb_url2
@ -73,5 +77,3 @@
      value: "{{ calibreweb_port }}"
    - option: calibreweb_database
      value: "{{ calibreweb_database }}"
-    - option: calibreweb_enabled
-      value: "{{ calibreweb_enabled }}"
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@ -39,7 +39,7 @@
      value: Captive Portal
    - option: description
      value: '"Captive Portal tries to open the browser automatically, so users don''t have to type in URL''s like http://box.lan in support of kiosk-like situations, in multilingual and less literate communities."'
-    - option: install
+    - option: captiveportal_install
      value: "{{ captiveportal_install }}"
-    - option: enabled
+    - option: captiveportal_enabled
      value: "{{ captiveportal_enabled }}"
--- a/roles/cups/tasks/enable-or-disable.yml
+++ b/roles/cups/tasks/enable-or-disable.yml
@ -1,11 +1,3 @@
- name: Enable http://box/cups via Apache (MIGHT NOT WORK?)
-  command: a2ensite cups.conf
-  when: cups_enabled
-
- name: Disable http://box/cups via Apache
-  command: a2dissite cups.conf
-  when: not cups_enabled
-
 - name: systemd daemon-reload
  systemd:
    daemon_reload: yes
--- a/roles/cups/tasks/install.yml
+++ b/roles/cups/tasks/install.yml
@ -1,13 +1,3 @@
- name: "Set 'apache_install: True' and 'apache_enabled: True'"
-  set_fact:
-    apache_install: True
-    apache_enabled: True
-
- name: APACHE - run 'httpd' role
-  include_role:
-    name: httpd
-
-
 - name: Install 'cups' package
  package:
    name: cups
@ -18,11 +8,6 @@
    src: cupsd.conf
    dest: /etc/cups/cupsd.conf

- name: Install /etc/{{ apache_conf_dir }}/cups.conf from template
-  template:
-    src: cups.conf
-    dest: "/etc/{{ apache_conf_dir }}/"
-

 # RECORD CUPS AS INSTALLED

--- a/roles/cups/tasks/main.yml
+++ b/roles/cups/tasks/main.yml
@ -47,7 +47,7 @@
      value: CUPS
    - option: description
      value: '"CUPS (Common UNIX Printing System) is a modular printing system that allows a computer to act as a print server.  A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer."'
-    - option: install
+    - option: cups_install
      value: "{{ cups_install }}"
-    - option: enabled
+    - option: cups_enabled
      value: "{{ cups_enabled }}"
--- a/roles/elgg/tasks/main.yml
+++ b/roles/elgg/tasks/main.yml
@ -45,7 +45,9 @@
      value: Elgg
    - option: description
      value: '"Elgg is an award-winning social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured social networks and applications."'
-    - option: path
-      value: /opt/elgg
+    - option: elgg_install
+      value: "{{ elgg_install }}"
    - option: elgg_enabled
      value: "{{ elgg_enabled }}"
+    - option: path
+      value: /opt/elgg
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@ -59,9 +59,11 @@
      value: Gitea
    - option: description
      value: '"Gitea is like GitHub for more offline communities: Git with a cup of tea"'
+    - option: gitea_install
+      value: "{{ gitea_install }}"
+    - option: gitea_enabled
+      value: "{{ gitea_enabled }}"
    - option: gitea_run_directory
      value: "{{ gitea_run_directory }}"
    - option: gitea_url
      value: "{{ gitea_url }}"
-    - option: gitea_enabled
-      value: "{{ gitea_enabled }}"
--- a/roles/kalite/tasks/main.yml
+++ b/roles/kalite/tasks/main.yml
@ -51,9 +51,11 @@
    value: "KA Lite"
  - option: description
    value: '"KA Lite downloads Khan Academy videos for offline use, with exercises and accounts if students want to track their own progress."'
+  - option: kalite_install
+    value: "{{ kalite_install }}"
+  - option: kalite_enabled
+    value: "{{ kalite_enabled }}"
  - option: path
    value: "{{ kalite_root }}"
  - option: port
    value: "{{ kalite_server_port }}"
-  - option: kalite_enabled
-    value: "{{ kalite_enabled }}"
--- a/roles/kiwix/tasks/main.yml
+++ b/roles/kiwix/tasks/main.yml
@ -38,6 +38,10 @@
    value: Kiwix
  - option: description
    value: '"Part of https://github.com/kiwix/kiwix-tools/ -- kiwix-serve is the most used web server for ZIM files."'
+  - option: kiwix_install
+    value: "{{ kiwix_install }}"
+  - option: kiwix_enabled
+    value: "{{ kiwix_enabled }}"
  - option: kiwix_url
    value: "{{ kiwix_url }}"
  - option: kiwix_url_plus_slash
@ -50,5 +54,3 @@
    value: "{{ iiab_zim_path }}"
  - option: kiwix_library_xml
    value: "{{ kiwix_library_xml }}"
-  - option: kiwix_enabled
-    value: "{{ kiwix_enabled }}"
--- a/roles/kolibri/tasks/main.yml
+++ b/roles/kolibri/tasks/main.yml
@ -64,11 +64,13 @@
      value: Kolibri
    - option: description
      value: '"Kolibri is an open-source educational platform specially designed to provide offline access to a wide range of quality, openly licensed educational contents in low-resource contexts like rural schools, refugee camps, orphanages, and also in non-formal school programs."'
+    - option: kolibri_install
+      value: "{{ kolibri_install }}"
+    - option: kolibri_enabled
+      value: "{{ kolibri_enabled }}"
    - option: kolibri_url
      value: "{{ kolibri_url }}"
    - option: kolibri_path
      value: "{{ kolibri_exec_path }}"
    - option: kolibri_port
      value: "{{ kolibri_http_port }}"
-    - option: kolibri_enabled
-      value: "{{ kolibri_enabled }}"
--- a/roles/lokole/tasks/main.yml
+++ b/roles/lokole/tasks/main.yml
@ -73,13 +73,15 @@
    - option: name
      value: Lokole
    - option: description
-      value: '"Lokole is an email service that works offline, for rural communities.  With a 3G/4G modem, you can arrange to batch-upload / batch-download emails once per night — for almost no cost at all — depending on mobile data plans in your country."'
+      value: '"Lokole is an email service that works offline, for rural communities.  With a 3G/4G modem, you can arrange to batch-upload / batch-download emails once per night -- for almost no cost at all -- depending on mobile data plans in your country."'
      #value: '"Lokole is an email service that works offline, for rural communities.  In some cases, emails can also be transmitted to/from the Internet, taking advantage of discounted mobile data rates."'
+    - option: lokole_install
+      value: "{{ lokole_install }}"
+    - option: lokole_enabled
+      value: "{{ lokole_enabled }}"
    - option: lokole_run_directory
      value: "{{ lokole_run_directory }}"
    - option: lokole_url
      value: "{{ lokole_url }}"
    - option: lokole_full_url
      value: "{{ lokole_full_url }}"
-    - option: lokole_enabled
-      value: "{{ lokole_enabled }}"
--- a/roles/mediawiki/tasks/main.yml
+++ b/roles/mediawiki/tasks/main.yml
@ -44,6 +44,10 @@
      value: MediaWiki
    - option: description
      value: '"MediaWiki is a blog and web site management application, from the people who create Wikipedia."'
+    - option: mediawiki_install
+      value: "{{ mediawiki_install }}"
+    - option: mediawiki_enabled
+      value: "{{ mediawiki_enabled }}"
    - option: mediawiki_src
      value: "{{ mediawiki_src }}"
    - option: mediawiki_abs_path
@ -56,5 +60,3 @@
      value: "{{ mediawiki_url }}"
    - option: mediawiki_full_url
      value: "{{ mediawiki_full_url }}"
-    - option: mediawiki_enabled
-      value: "{{ mediawiki_enabled }}"
--- a/roles/minetest/tasks/enable-or-disable.yml
+++ b/roles/minetest/tasks/enable-or-disable.yml
--- a/roles/minetest/tasks/main.yml
+++ b/roles/minetest/tasks/main.yml
@ -24,7 +24,7 @@
  when: minetest_installed is undefined


- include_tasks: enable.yml    # i.e. enable-or-disable.yml in other roles
+- include_tasks: enable-or-disable.yml


 - name: Add 'minetest' variable values to {{ iiab_ini_file }}
@ -38,11 +38,13 @@
      value: Minetest Server
    - option: description
      value: '"Minetest is an open source clone of the Minecraft building blocks game."'
-    - option: minetest_world_dir
-      value: "{{ minetest_world_dir }}"
-    - option: minetest_port
-      value: "{{ minetest_port }}"
+    - option: minetest_install
+      value: "{{ minetest_install }}"
    - option: minetest_enabled
      value: "{{ minetest_enabled }}"
    - option: minetest_world_dir
      value: "{{ minetest_world_dir }}"
+    - option: minetest_port
+      value: "{{ minetest_port }}"
+    - option: minetest_world_dir
+      value: "{{ minetest_world_dir }}"
--- a/roles/mongodb/tasks/main.yml
+++ b/roles/mongodb/tasks/main.yml
@ -65,5 +65,7 @@
      value: MongoDB
    - option: description
      value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."'
-    - option: enabled
+    - option: mongodb_install
+      value: "{{ mongodb_install }}"
+    - option: mongodb_enabled
      value: "{{ mongodb_enabled }}"
--- a/roles/moodle/tasks/main.yml
+++ b/roles/moodle/tasks/main.yml
@ -57,7 +57,9 @@
      value: Moodle
    - option: description
      value: '"Access the Moodle learning management system."'
-    - option: moodle_base
-      value: "{{ moodle_base }}"
+    - option: moodle_install
+      value: "{{ moodle_install }}"
    - option: moodle_enabled
      value: "{{ moodle_enabled }}"
+    - option: moodle_base
+      value: "{{ moodle_base }}"
--- a/roles/mosquitto/tasks/main.yml
+++ b/roles/mosquitto/tasks/main.yml
@ -38,5 +38,7 @@
      value: Mosquitto service
    - option: description
      value: '"Mosquitto (uses the MQTT protocol) is a pub-sub broker for electronics projects and educational Internet of Things (IoT) experiments.  It''s designed for TCP/IP with remote locations where a ''small code footprint'' is required or bandwidth is limited.  See also: Node-RED"'
+    - option: mosquitto_install
+      value: "{{ mosquitto_install }}"
    - option: mosquitto_enabled
      value: "{{ mosquitto_enabled }}"
--- a/roles/munin/tasks/main.yml
+++ b/roles/munin/tasks/main.yml
@ -59,7 +59,7 @@
      value: Munin
    - option: description
      value: '"Munin is a networked resource monitoring tool that can help analyze resource trends and ''what just happened to kill our performance?'' problems."'
-    - option: install
+    - option: munin_install
      value: "{{ munin_install }}"
-    - option: enabled
+    - option: munin_enabled
      value: "{{ munin_enabled }}"
--- a/roles/mysql/tasks/main.yml
+++ b/roles/mysql/tasks/main.yml
@ -59,5 +59,7 @@
      value: MySQL
    - option: description
      value: '"MySQL is a widely used free and open source (GPLv2) database, offered by most web hosting services, on a diversity of platforms."'
-    - option: enabled
+    - option: mysql_install
+      value: "{{ mysql_install }}"
+    - option: mysql_enabled
      value: "{{ mysql_enabled }}"
--- a/roles/network/tasks/NM-debian.yml
+++ b/roles/network/tasks/NM-debian.yml
@ -70,9 +70,14 @@
    mode: 0600
  when: wan_ip != "dhcp"

+- name: Use systemd-networkd to handle br0
+  include_tasks: sysd-netd-debian.yml
+  when: iiab_lan_iface == "br0" and not systemd_networkd_active
+
 - name: Reload systemd
  systemd:
    daemon_reload: yes
+  when: not iiab_lan_iface == "br0"

 - name: Restart the NetworkManager service
  systemd:
--- a/roles/network/tasks/computed_services.yml
+++ b/roles/network/tasks/computed_services.yml
@ -57,33 +57,39 @@
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
-  - option: dansguardian_enabled
-    value: "{{ dansguardian_enabled }}"
-  - option: squid_enabled
-    value: "{{ squid_enabled }}"
-  - option: wondershaper_enabled
-    value: "{{ wondershaper_enabled }}"
-  - option: iiab_network_mode_applied
-    value: "{{ iiab_network_mode }}"
-  - option: dhcpd_enabled
-    value: "{{ dhcpd_enabled }}"
-  - option: dhcp_service2
-    value: "{{ dhcp_service2 }}"
-  - option: named_enabled
-    value: "{{ named_enabled }}"
-  - option: dnsmasq_enabled
-    value: "{{ dnsmasq_enabled }}"
-  - option: no_net_restart
-    value: "{{ no_net_restart }}"
-  - option: hostapd_enabled
-    value: "{{ hostapd_enabled }}"
-  - option: host_ssid
-    value: "{{ host_ssid }}"
-  - option: host_wifi_mode
-    value: "{{ host_wifi_mode }}"
-  - option: host_channel
-    value: "{{ host_channel }}"
-
+    #- option: squid_install
+    #  value: "{{ squid_install }}"
+    #- option: squid_enabled
+    #  value: "{{ squid_enabled }}"
+    #- option: dansguardian_install
+    #  value: "{{ dansguardian_install }}"
+    #- option: dansguardian_enabled
+    #  value: "{{ dansguardian_enabled }}"
+    #- option: wondershaper_install
+    #  value: "{{ wondershaper_install }}"
+    #- option: wondershaper_enabled
+    #  value: "{{ wondershaper_enabled }}"
+    - option: iiab_network_mode_applied
+      value: "{{ iiab_network_mode }}"
+    - option: dhcpd_enabled
+      value: "{{ dhcpd_enabled }}"
+    - option: dhcp_service2
+      value: "{{ dhcp_service2 }}"
+    - option: named_enabled
+      value: "{{ named_enabled }}"
+    - option: dnsmasq_enabled
+      value: "{{ dnsmasq_enabled }}"
+    - option: no_net_restart
+      value: "{{ no_net_restart }}"
+    - option: hostapd_enabled
+      value: "{{ hostapd_enabled }}"
+    - option: host_ssid
+      value: "{{ host_ssid }}"
+    - option: host_wifi_mode
+      value: "{{ host_wifi_mode }}"
+    - option: host_channel
+      value: "{{ host_channel }}"
+     
 - name: Add 'network' variable 'current_client_channel' value if defined, to {{ iiab_ini_file }}
  ini_file:
    dest: "{{ iiab_ini_file }}"
@ -93,4 +99,4 @@
  with_items:
    - option: client_wifi_channel
      value: "{{ current_client_channel.stdout }}"
-  when: current_client_channel.stdout is defined
+  when: current_client_channel.stdout is defined
--- a/roles/network/tasks/dansguardian.yml
+++ b/roles/network/tasks/dansguardian.yml
@ -48,6 +48,13 @@
    state: directory
  when: ansible_distribution == "CentOS"

+
+# RECORD DansGuardian AS INSTALLED
+
+- name: "Set 'dansguardian_installed: True'"
+  set_fact:
+    dansguardian_installed: True
+
 - name: "Add 'dansguardian_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
--- a/roles/network/tasks/enable_services.yml
+++ b/roles/network/tasks/enable_services.yml
@ -216,6 +216,7 @@
    - gateway/iiab-internet-on
    - gateway/iiab-internet-off

+
 - name: Add 'squid' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
@ -223,8 +224,11 @@
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
-    - option: enabled
+    - option: squid_install
+      value: "{{ squid_install }}"
+    - option: squid_enabled
      value: "{{ squid_enabled }}"
+  when: squid_installed is defined

 - name: Add 'dansguardian' variable values to {{ iiab_ini_file }}
  ini_file:
@ -233,8 +237,11 @@
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
-    - option: enabled
+    - option: dansguardian_install
+      value: "{{ dansguardian_install }}"
+    - option: dansguardian_enabled
      value: "{{ dansguardian_enabled }}"
+  when: dansguardian_installed is defined

 - name: Add 'wondershaper' variable values to {{ iiab_ini_file }}
  ini_file:
@ -243,5 +250,8 @@
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
-    - option: enabled
+    - option: wondershaper_install
+      value: "{{ wondershaper_install }}"
+    - option: wondershaper_enabled
      value: "{{ wondershaper_enabled }}"
+  when: wondershaper_installed is defined
--- a/roles/network/tasks/netplan.yml
+++ b/roles/network/tasks/netplan.yml
@ -23,17 +23,19 @@
    - systemd-networkd-wait-online
  when: systemd_networkd_active

- name: Unmask and enable the systemd-networkd service for br0
-  systemd:
-    name: systemd-networkd
-    enabled: yes
-    masked: no
-  when: network_manager_active and iiab_lan_iface == "br0"
+# Moved to NM-debian.yml 2020-12-07
+#- name: Unmask and enable the systemd-networkd service for br0
+#  systemd:
+#    name: systemd-networkd
+#    enabled: yes
+#    masked: no
+#  when: network_manager_active and iiab_lan_iface == "br0"

- name: Ensure systemd-networkd gets enabled for br0
-  set_fact:
-    systemd_networkd_active: True
-  when: network_manager_active and iiab_lan_iface == "br0"
+# Moved to NM-debian.yml 2020-12-07
+#- name: Ensure systemd-networkd gets enabled for br0
+#  set_fact:
+#    systemd_networkd_active: True
+#  when: network_manager_active and iiab_lan_iface == "br0"

 # ICO will always set gui_static_wan_ip away from the default of 'unset' while
 # gui_static_wan turns dhcp on/off through wan_ip in computed_network and
--- a/roles/network/tasks/restart.yml
+++ b/roles/network/tasks/restart.yml
@ -65,7 +65,7 @@
  command: /usr/bin/iiab-gen-iptables

 - name: Checking if WiFi slave is active
-  shell: brctl show br0 | grep {{ iiab_wireless_lan_iface }} | wc -l
+  shell: bridge -d link | grep {{ iiab_wireless_lan_iface }} | wc -l
 #  when: hostapd_enabled and discovered_wireless_iface != iiab_wan_iface and iiab_lan_iface == "br0"
  when: hostapd_enabled and iiab_lan_iface == "br0"
  register: wifi_slave
--- a/roles/network/tasks/squid.yml
+++ b/roles/network/tasks/squid.yml
@ -77,15 +77,24 @@
    mode: '0750'
    state: directory

+
 - include_tasks: roles/network/tasks/dansguardian.yml
  when: dansguardian_install

+
+# RECORD Squid AS INSTALLED
+
+- name: "Set 'squid_installed: True'"
+  set_fact:
+    squid_installed: True
+
 - name: "Add 'squid_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^squid_installed'
    line: 'squid_installed: True'

+
 # {{ proxy }} is normally "squid", but is "squid3" on raspbian-8 & debian-8
 - name: Add '{{ proxy }}' variable values to {{ iiab_ini_file }}
  ini_file:
@ -98,7 +107,9 @@
      value: Squid
    - option: description
      value: '"Squid caches web pages the first time they are accessed, and pulls them from the cache thereafter."'
-    - option: enabled
+    - option: squid_install
+      value: "{{ squid_install }}"
+    - option: squid_enabled
      value: "{{ squid_enabled }}"

 - name: Add 'dansguardian' variable values to {{ iiab_ini_file }}
@ -112,5 +123,7 @@
      value: DansGuardian
    - option: description
      value: '"DansGuardian searches web content for objectionable references and denies access when found."'
-    - option: enabled
+    - option: dansguardian_install
+      value: "{{ dansguardian_install }}"
+    - option: dansguardian_enabled
      value: "{{ dansguardian_enabled }}"
--- a/roles/network/tasks/sysd-netd-debian.yml
+++ b/roles/network/tasks/sysd-netd-debian.yml
@ -57,10 +57,19 @@
    state: started
  when: wifi_up_down and discovered_wireless_iface != "none"

- name: Restart the systemd-networkd service
+- name: Enable & Restart systemd-networkd.service
  systemd:
    name: systemd-networkd
    state: restarted
+    enabled: yes
+    masked: no
+
+- name: Enable & Restart networkd-dispatcher.service
+  systemd:
+    name: networkd-dispatcher
+    state: restarted
+    enabled: yes
+    masked: no

 - name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False
  systemd:
--- a/roles/network/tasks/wondershaper.yml
+++ b/roles/network/tasks/wondershaper.yml
@ -38,12 +38,20 @@
    # group: root
    state: link

+
+# RECORD Wondershaper AS INSTALLED
+
+- name: "Set 'wondershaper_installed: True'"
+  set_fact:
+    wondershaper_installed: True
+
 - name: "Add 'wondershaper_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^wondershaper_installed'
    line: 'wondershaper_installed: True'

+
 - name: Add 'wondershaper' variable values to {{ iiab_ini_file }}
  ini_file:
    dest: "{{ iiab_ini_file }}"
@ -55,5 +63,7 @@
      value: wondershaper
    - option: description
      value: '"Wondershaper is a command line tool to set maximum transfer rates for network adapters."'
-    - option: enabled
+    - option: wondershaper_install
+      value: "{{ wondershaper_install }}"
+    - option: wondershaper_enabled
      value: "{{ wondershaper_enabled }}"
--- a/roles/network/templates/network/br0.j2.deprecated
+++ b/roles/network/templates/network/br0.j2.deprecated
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@ -44,6 +44,10 @@
      value: Nextcloud
    - option: description
      value: '"Nextcloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."'
+    - option: nextcloud_install
+      value: "{{ nextcloud_install }}"
+    - option: nextcloud_enabled
+      value: "{{ nextcloud_enabled }}"
    - option: nextcloud_dl_url
      value: "{{ nextcloud_dl_url }}"
    - option: nextcloud_url
@ -54,5 +58,3 @@
      value: "{{ nextcloud_root_dir }}"
    - option: nextcloud_data_dir
      value: "{{ nextcloud_data_dir }}"
-    - option: nextcloud_enabled
-      value: "{{ nextcloud_enabled }}"
--- a/roles/nginx/README.md
+++ b/roles/nginx/README.md
@ -34,7 +34,6 @@
      * wordpress

   3. These support Apache but ***NOT*** "Native" NGINX.  They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090.  See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of IIAB Apps/Services that auto-enable Apache.
-      * cups [*, shim not yet in place.]
      * elgg
      * lokole
      * moodle
@ -43,6 +42,7 @@
   4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations).  In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite)
      * bluetooth
      * calibre (menu goes directly to port 8080)
+      * cups [(available on port 631) * shim not yet in place.]
      * internetarchive (menu goes directly to port 4244, [PR #2120](https://github.com/iiab/iiab/pull/2120)) [*]
      * kalite (menu goes directly to ports 8006-8008)
      * minetest
--- a/roles/openvpn/tasks/main.yml
+++ b/roles/openvpn/tasks/main.yml
@ -43,6 +43,10 @@
  - option: description
    value: '"OpenVPN enables live/remote support by connecting machines anywhere on the Internet, via a middleman server, using Virtual Private Network (VPN) techniques to create secure connections."'
 # openvpn_handle variable can no longer be left completely undefined of August 2018 (EMPTY STRING "" IS TOLERATED, in which case OpenVPN server should use /etc/iiab/uuid in lieu of the handle)
+  - option: openvpn_install
+    value: "{{ openvpn_install }}"
+  - option: openvpn_enabled
+    value: "{{ openvpn_enabled }}"
  - option: openvpn_handle
    value: "{{ openvpn_handle }}"
  - option: openvpn_cron_enabled
@ -53,5 +57,3 @@
    value: "{{ openvpn_server_virtual_ip }}"
  - option: openvpn_server_port
    value: "{{ openvpn_server_port }}"
-  - option: openvpn_enabled
-    value: "{{ openvpn_enabled }}"
--- a/roles/osm-vector-maps/tasks/main.yml
+++ b/roles/osm-vector-maps/tasks/main.yml
@ -32,7 +32,7 @@
      value: OSM Vector Maps
    - option: description
      value: '"OpenStreetMap is like Google Maps but better, for schools especially, as it works offline and avoids all the advertising.  Download detailed ''vector maps'' for an entire continent, or the entire world!  Also includes 10+ zoom levels of satellite imagery!"'
-    - option: install
+    - option: osm_vector_maps_install
      value: "{{ osm_vector_maps_install }}"
-    - option: enabled
+    - option: osm_vector_maps_enabled
      value: "{{ osm_vector_maps_enabled }}"
--- a/roles/phpmyadmin/tasks/main.yml
+++ b/roles/phpmyadmin/tasks/main.yml
@ -38,7 +38,9 @@
      value: phpMyAdmin
    - option: description
      value: '"phpMyAdmin is an interface with a MySQL database written in PHP, and available to administer the database engine locally or across the network."'
+    - option: phpmyadmin_install
+      value: "{{ phpmyadmin_install }}"
+    - option: phpmyadmin_enabled
+      value: "{{ phpmyadmin_enabled }}"
    - option: path
      value: /opt/phpmyadmin
-    - option: enabled
-      value: "{{ phpmyadmin_enabled }}"
--- a/roles/postgresql/tasks/main.yml
+++ b/roles/postgresql/tasks/main.yml
@ -58,7 +58,7 @@
      value: PostgreSQL
    - option: description
      value: '"PostgreSQL is a powerful, open source object-relational database system."'
-    - option: install
+    - option: postgresql_install
      value: "{{ postgresql_install }}"
-    - option: enabled
+    - option: postgresql_enabled
      value: "{{ postgresql_enabled }}"
--- a/roles/samba/tasks/main.yml
+++ b/roles/samba/tasks/main.yml
@ -38,5 +38,7 @@
      value: Samba
    - option: description
      value: '"Samba is a Microsoft-compatible network file system that re-implements SMB/CIFS (Common Internet File System)."'
-    - option: enabled
+    - option: samba_install
+      value: "{{ samba_install }}"
+    - option: samba_enabled
      value: "{{ samba_enabled }}"
--- a/roles/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
@ -38,7 +38,9 @@
    value: sshd
  - option: description
    value: '"Secure Shell daemon (typically implemented by openssh-server) for remote login using the ''ssh'' low-level protocol."'
-  - option: sshd_port
-    value: "{{ sshd_port }}"
+  - option: sshd_install
+    value: "{{ sshd_install }}"
  - option: sshd_enabled
    value: "{{ sshd_enabled }}"
+  - option: sshd_port
+    value: "{{ sshd_port }}"
--- a/roles/sugarizer/tasks/main2.yml
+++ b/roles/sugarizer/tasks/main2.yml
@ -17,5 +17,7 @@
      value: Sugarizer
    - option: description
      value: '"The Sugar Learning Platform began with the famous One Laptop Per Child project, written in Python.  Sugarizer is the new HTML/JavaScript implementation of Sugar, usable in most all browsers."'
+    - option: sugarizer_install
+      value: "{{ sugarizer_install }}"
    - option: sugarizer_enabled
      value: "{{ sugarizer_enabled }}"
--- a/roles/usb_lib/tasks/install.yml
+++ b/roles/usb_lib/tasks/install.yml
@ -76,6 +76,11 @@
    line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"'
    path: /etc/usbmount/usbmount.conf

+- name: Remove /etc/usbmount/mount.d/00_create_model_symlink
+  file:
+    path: /etc/usbmount/mount.d/00_create_model_symlink
+    state: absent
+
 # 2021-03-25: Consider removing this stanza & all of this role's Apache logic!
 - name: Install /etc/{{ apache_conf_dir }}/content_dir.conf from template
  template:
--- a/roles/usb_lib/tasks/main.yml
+++ b/roles/usb_lib/tasks/main.yml
@ -64,6 +64,11 @@
  include_tasks: nginx.yml
  when: nginx_enabled

+# 2021-04-29: Clean up here to catch the already installed users, remove for the next release (PR #2760)
+- name: Remove /etc/usbmount/mount.d/00_create_model_symlink
+  file:
+    path: /etc/usbmount/mount.d/00_create_model_symlink
+    state: absent

 - name: Put variable in iiab.env that enables display of content at root of USB
  lineinfile:
@ -71,6 +76,7 @@
    regexp: "^IIAB_USB_LIB_SHOW_ALL.*"
    line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}"

+
 - name: Add 'usb_lib' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
--- a/roles/vnstat/tasks/main.yml
+++ b/roles/vnstat/tasks/main.yml
@ -38,7 +38,7 @@
      value: vnStat
    - option: description
      value: '"vnStat is a console-based network traffic monitor for Linux and BSD that keeps a log of network traffic for the selected interface(s)."'
-    - option: install
+    - option: vnstat_install
      value: "{{ vnstat_install }}"
-    - option: enabled
+    - option: vnstat_enabled
      value: "{{ vnstat_enabled }}"
--- a/roles/wordpress/tasks/main.yml
+++ b/roles/wordpress/tasks/main.yml
@ -50,6 +50,10 @@
      value: WordPress
    - option: description
      value: '"WordPress is a blog and web site management application."'
+    - option: wordpress_install
+      value: "{{ wordpress_install }}"
+    - option: wordpress_enabled
+      value: "{{ wordpress_enabled }}"
    - option: wordpress_src
      value: "{{ wordpress_src }}"
    - option: wp_abs_path
@ -62,5 +66,3 @@
      value: "{{ wp_url }}"
    - option: wp_full_url
      value: "{{ wp_full_url }}"
-    - option: wordpress_enabled
-      value: "{{ wordpress_enabled }}"
--- a/scripts/iiab-diagnostics
+++ b/scripts/iiab-diagnostics
@ -189,7 +189,7 @@ cat_cmd 'ip addr' 'Network interfaces'
 cat_cmd 'ifconfig' 'Network interfaces (old view)'
 cat_cmd 'ip route' 'Routing table'
 cat_cmd 'netstat -rn' 'Routing table (old view)'
-cat_cmd 'brctl show' 'Bridge for LAN side'
+cat_cmd 'bridge -d link' 'Bridge for LAN side'
 cat_cmd 'sudo netstat -natp' 'Ports/Services in use'
 cat_cmd 'systemctl status dnsmasq' 'Is dnsmasq running?'
 cat_cmd 'sudo journalctl -b 0 -u dnsmasq' 'dnsmasq log'