diff --git a/iiab-network b/iiab-network index 30c16b4f9..6ff4b5cd3 100755 --- a/iiab-network +++ b/iiab-network @@ -73,7 +73,7 @@ if [[ `command -v nmcli` ]]; then # "command -v" is POSIX compliant; it c fi ip r >> iiab-network.log -brctl show >> iiab-network.log +bridge -d link >> iiab-network.log echo >> iiab-network.log echo "iiab-network run start: $Start" >> iiab-network.log echo "iiab-network run end: $End" >> iiab-network.log @@ -88,7 +88,7 @@ if [[ `command -v nmcli` ]]; then nmcli c fi ip r -brctl show +bridge -d link echo echo "iiab-network run start: $Start" echo "iiab-network run end: $End" diff --git a/roles/2-common/tasks/iptables.yml b/roles/2-common/tasks/iptables.yml deleted file mode 100644 index 94c1ff003..000000000 --- a/roles/2-common/tasks/iptables.yml +++ /dev/null @@ -1,54 +0,0 @@ -- name: Disable firewalld service (OS's other than debuntu) - service: - name: firewalld - enabled: no - when: not is_debuntu - -# Likely no longer nec as of 2019 -- name: Use larger hammer -- systemctl disable firewalld -- 2 symbolic links involved (OS's other than debuntu) - shell: systemctl disable firewalld.service - when: not is_debuntu - -- name: Mask firewalld service (OS's other than debuntu) - shell: systemctl mask firewalld - ignore_errors: yes - when: not installing and not is_debuntu - -- name: Stop firewalld service (OS's other than debuntu) - service: - name: firewalld - state: stopped - ignore_errors: yes - when: not installing and not is_debuntu - -- name: Remove /etc/systemd/system/iptables.service - file: - path: /etc/systemd/system/iptables.service - state: absent - -- name: Install package iptables-persistent (debuntu) - package: - name: iptables-persistent - state: present - when: is_debuntu - -- name: Install package iptables-services (OS's other than debuntu) - package: - name: iptables-services - state: present - when: not is_debuntu - -- name: Install /etc/sysconfig/iptables-config from template - template: - src: iptables-config - dest: /etc/sysconfig/iptables-config - # owner: root - # group: root - # mode: '0644' - -- name: Install /etc/network/if-pre-up.d/iptables from template (debuntu) - template: - src: iptables - dest: /etc/network/if-pre-up.d/iptables - mode: '0755' - when: is_debuntu diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index 66fedacd4..e55d12c05 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -19,7 +19,7 @@ when: xo_model != "none" or osbuilder is defined - include_tasks: packages.yml -- include_tasks: iptables.yml +- include_tasks: network.yml # Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes: - name: Use 'sysctl' to set 5 network/kernel settings, turning off IPv6 if possible diff --git a/roles/2-common/tasks/network.yml b/roles/2-common/tasks/network.yml new file mode 100644 index 000000000..3056e98fb --- /dev/null +++ b/roles/2-common/tasks/network.yml @@ -0,0 +1,23 @@ +- name: Install package networkd-dispatcher (OS's other than RaspOS) + package: + name: networkd-dispatcher + state: present + when: not is_raspbian + +# used in the network role +- name: Install network related packages (debuntu) + package: + name: + - iproute2 + - iptables-persistent + - hostapd + - netmask + state: present + when: is_debuntu + +- name: Install /etc/network/if-pre-up.d/iptables from template (debuntu) + template: + src: iptables + dest: /etc/network/if-pre-up.d/iptables + mode: '0755' + when: is_debuntu diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index 4d38c665a..3b76d7beb 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -27,23 +27,21 @@ state: present when: is_debuntu -- name: "Install 22 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget" +- name: "Install 20 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget" package: name: - acpid # Daemon for ACPI (power mgmt) events - - bridge-utils # DEPRECATED according to https://wiki.linuxfoundation.org/networking/bridge SEE PR #2752 - bzip2 # 2021-04-26: Prob not used, but can't hurt? - curl # Used to install roles/nodejs and roles/nodered #- etckeeper # "nobody is really using etckeeper and it's bloating the filesystem every time apt runs" per @jvonau at https://github.com/iiab/iiab/issues/1146 - gawk - - hostapd - htop - i2c-tools # Low-level bus/chip/register/EEPROM tools e.g. for RTC + - iproute2 - logrotate #- lynx # Installed by 1-prep's roles/iiab-admin/tasks/access.yml - make # 2021-04-26: What roles (if any) truly still use this? - mlocate - - netmask - net-tools # 2021-04-26: @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output? - ntfs-3g # Possibly no longer nec, similar to exfat packages above? #- openssh-server # ssh (Raspbian) or openssh-server (other OS's) already installed by 1-prep's roles/sshd/tasks/main.yml diff --git a/roles/awstats/tasks/main.yml b/roles/awstats/tasks/main.yml index 19f92905e..f2de349ca 100644 --- a/roles/awstats/tasks/main.yml +++ b/roles/awstats/tasks/main.yml @@ -44,7 +44,7 @@ value: AWStats - option: description value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."' - - option: install + - option: awstats_install value: "{{ awstats_install }}" - - option: enabled + - option: awstats_enabled value: "{{ awstats_enabled }}" diff --git a/roles/bluetooth/tasks/enable.yml b/roles/bluetooth/tasks/enable-or-disable.yml similarity index 100% rename from roles/bluetooth/tasks/enable.yml rename to roles/bluetooth/tasks/enable-or-disable.yml diff --git a/roles/bluetooth/tasks/main.yml b/roles/bluetooth/tasks/main.yml index 271df9531..e1b75743c 100644 --- a/roles/bluetooth/tasks/main.yml +++ b/roles/bluetooth/tasks/main.yml @@ -24,7 +24,7 @@ when: bluetooth_installed is undefined -- include_tasks: enable.yml # i.e. enable-or-disable.yml in other roles +- include_tasks: enable-or-disable.yml - name: Add 'bluetooth' variable values to {{ iiab_ini_file }} @@ -38,6 +38,8 @@ value: Bluetooth - option: description value: '"Bluetooth services for pan and terminal."' + - option: bluetooth_install + value: "{{ bluetooth_install }}" - option: bluetooth_enabled value: "{{ bluetooth_enabled }}" - option: bluetooth_term_enabled diff --git a/roles/calibre-web/tasks/main.yml b/roles/calibre-web/tasks/main.yml index eebc0e0b5..20e9b62e4 100644 --- a/roles/calibre-web/tasks/main.yml +++ b/roles/calibre-web/tasks/main.yml @@ -59,6 +59,10 @@ value: Calibre-Web - option: description value: '"Calibre-Web is a web app providing a clean interface for browsing, reading and downloading e-books."' + - option: calibreweb_install + value: "{{ calibreweb_install }}" + - option: calibreweb_enabled + value: "{{ calibreweb_enabled }}" - option: calibreweb_url1 value: "{{ calibreweb_url1 }}" - option: calibreweb_url2 @@ -73,5 +77,3 @@ value: "{{ calibreweb_port }}" - option: calibreweb_database value: "{{ calibreweb_database }}" - - option: calibreweb_enabled - value: "{{ calibreweb_enabled }}" diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml index c1a4a0140..0b3408b75 100644 --- a/roles/captiveportal/tasks/main.yml +++ b/roles/captiveportal/tasks/main.yml @@ -39,7 +39,7 @@ value: Captive Portal - option: description value: '"Captive Portal tries to open the browser automatically, so users don''t have to type in URL''s like http://box.lan in support of kiosk-like situations, in multilingual and less literate communities."' - - option: install + - option: captiveportal_install value: "{{ captiveportal_install }}" - - option: enabled + - option: captiveportal_enabled value: "{{ captiveportal_enabled }}" diff --git a/roles/cups/tasks/enable-or-disable.yml b/roles/cups/tasks/enable-or-disable.yml index 866536c97..74a9ee702 100644 --- a/roles/cups/tasks/enable-or-disable.yml +++ b/roles/cups/tasks/enable-or-disable.yml @@ -1,11 +1,3 @@ -- name: Enable http://box/cups via Apache (MIGHT NOT WORK?) - command: a2ensite cups.conf - when: cups_enabled - -- name: Disable http://box/cups via Apache - command: a2dissite cups.conf - when: not cups_enabled - - name: systemd daemon-reload systemd: daemon_reload: yes diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index dd17420ba..91655f789 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -1,13 +1,3 @@ -- name: "Set 'apache_install: True' and 'apache_enabled: True'" - set_fact: - apache_install: True - apache_enabled: True - -- name: APACHE - run 'httpd' role - include_role: - name: httpd - - - name: Install 'cups' package package: name: cups @@ -18,11 +8,6 @@ src: cupsd.conf dest: /etc/cups/cupsd.conf -- name: Install /etc/{{ apache_conf_dir }}/cups.conf from template - template: - src: cups.conf - dest: "/etc/{{ apache_conf_dir }}/" - # RECORD CUPS AS INSTALLED diff --git a/roles/cups/tasks/main.yml b/roles/cups/tasks/main.yml index 80426c98b..32e65e4e6 100644 --- a/roles/cups/tasks/main.yml +++ b/roles/cups/tasks/main.yml @@ -47,7 +47,7 @@ value: CUPS - option: description value: '"CUPS (Common UNIX Printing System) is a modular printing system that allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer."' - - option: install + - option: cups_install value: "{{ cups_install }}" - - option: enabled + - option: cups_enabled value: "{{ cups_enabled }}" diff --git a/roles/elgg/tasks/main.yml b/roles/elgg/tasks/main.yml index 1e873879b..b0fb38239 100644 --- a/roles/elgg/tasks/main.yml +++ b/roles/elgg/tasks/main.yml @@ -45,7 +45,9 @@ value: Elgg - option: description value: '"Elgg is an award-winning social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured social networks and applications."' - - option: path - value: /opt/elgg + - option: elgg_install + value: "{{ elgg_install }}" - option: elgg_enabled value: "{{ elgg_enabled }}" + - option: path + value: /opt/elgg diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml index c40297a23..69f9ed42e 100644 --- a/roles/gitea/tasks/main.yml +++ b/roles/gitea/tasks/main.yml @@ -59,9 +59,11 @@ value: Gitea - option: description value: '"Gitea is like GitHub for more offline communities: Git with a cup of tea"' + - option: gitea_install + value: "{{ gitea_install }}" + - option: gitea_enabled + value: "{{ gitea_enabled }}" - option: gitea_run_directory value: "{{ gitea_run_directory }}" - option: gitea_url value: "{{ gitea_url }}" - - option: gitea_enabled - value: "{{ gitea_enabled }}" diff --git a/roles/kalite/tasks/main.yml b/roles/kalite/tasks/main.yml index 7335cafbe..817895f07 100644 --- a/roles/kalite/tasks/main.yml +++ b/roles/kalite/tasks/main.yml @@ -51,9 +51,11 @@ value: "KA Lite" - option: description value: '"KA Lite downloads Khan Academy videos for offline use, with exercises and accounts if students want to track their own progress."' + - option: kalite_install + value: "{{ kalite_install }}" + - option: kalite_enabled + value: "{{ kalite_enabled }}" - option: path value: "{{ kalite_root }}" - option: port value: "{{ kalite_server_port }}" - - option: kalite_enabled - value: "{{ kalite_enabled }}" diff --git a/roles/kiwix/tasks/main.yml b/roles/kiwix/tasks/main.yml index de744d8b0..742e698d9 100644 --- a/roles/kiwix/tasks/main.yml +++ b/roles/kiwix/tasks/main.yml @@ -38,6 +38,10 @@ value: Kiwix - option: description value: '"Part of https://github.com/kiwix/kiwix-tools/ -- kiwix-serve is the most used web server for ZIM files."' + - option: kiwix_install + value: "{{ kiwix_install }}" + - option: kiwix_enabled + value: "{{ kiwix_enabled }}" - option: kiwix_url value: "{{ kiwix_url }}" - option: kiwix_url_plus_slash @@ -50,5 +54,3 @@ value: "{{ iiab_zim_path }}" - option: kiwix_library_xml value: "{{ kiwix_library_xml }}" - - option: kiwix_enabled - value: "{{ kiwix_enabled }}" diff --git a/roles/kolibri/tasks/main.yml b/roles/kolibri/tasks/main.yml index 999adbd40..7b006836e 100644 --- a/roles/kolibri/tasks/main.yml +++ b/roles/kolibri/tasks/main.yml @@ -64,11 +64,13 @@ value: Kolibri - option: description value: '"Kolibri is an open-source educational platform specially designed to provide offline access to a wide range of quality, openly licensed educational contents in low-resource contexts like rural schools, refugee camps, orphanages, and also in non-formal school programs."' + - option: kolibri_install + value: "{{ kolibri_install }}" + - option: kolibri_enabled + value: "{{ kolibri_enabled }}" - option: kolibri_url value: "{{ kolibri_url }}" - option: kolibri_path value: "{{ kolibri_exec_path }}" - option: kolibri_port value: "{{ kolibri_http_port }}" - - option: kolibri_enabled - value: "{{ kolibri_enabled }}" diff --git a/roles/lokole/tasks/main.yml b/roles/lokole/tasks/main.yml index aaccc44e5..81ad6cfe2 100644 --- a/roles/lokole/tasks/main.yml +++ b/roles/lokole/tasks/main.yml @@ -73,13 +73,15 @@ - option: name value: Lokole - option: description - value: '"Lokole is an email service that works offline, for rural communities. With a 3G/4G modem, you can arrange to batch-upload / batch-download emails once per night — for almost no cost at all — depending on mobile data plans in your country."' + value: '"Lokole is an email service that works offline, for rural communities. With a 3G/4G modem, you can arrange to batch-upload / batch-download emails once per night -- for almost no cost at all -- depending on mobile data plans in your country."' #value: '"Lokole is an email service that works offline, for rural communities. In some cases, emails can also be transmitted to/from the Internet, taking advantage of discounted mobile data rates."' + - option: lokole_install + value: "{{ lokole_install }}" + - option: lokole_enabled + value: "{{ lokole_enabled }}" - option: lokole_run_directory value: "{{ lokole_run_directory }}" - option: lokole_url value: "{{ lokole_url }}" - option: lokole_full_url value: "{{ lokole_full_url }}" - - option: lokole_enabled - value: "{{ lokole_enabled }}" diff --git a/roles/mediawiki/tasks/main.yml b/roles/mediawiki/tasks/main.yml index f7b494da9..c3f2d66d2 100644 --- a/roles/mediawiki/tasks/main.yml +++ b/roles/mediawiki/tasks/main.yml @@ -44,6 +44,10 @@ value: MediaWiki - option: description value: '"MediaWiki is a blog and web site management application, from the people who create Wikipedia."' + - option: mediawiki_install + value: "{{ mediawiki_install }}" + - option: mediawiki_enabled + value: "{{ mediawiki_enabled }}" - option: mediawiki_src value: "{{ mediawiki_src }}" - option: mediawiki_abs_path @@ -56,5 +60,3 @@ value: "{{ mediawiki_url }}" - option: mediawiki_full_url value: "{{ mediawiki_full_url }}" - - option: mediawiki_enabled - value: "{{ mediawiki_enabled }}" diff --git a/roles/minetest/tasks/enable.yml b/roles/minetest/tasks/enable-or-disable.yml similarity index 100% rename from roles/minetest/tasks/enable.yml rename to roles/minetest/tasks/enable-or-disable.yml diff --git a/roles/minetest/tasks/main.yml b/roles/minetest/tasks/main.yml index de61fd992..a07d640c7 100644 --- a/roles/minetest/tasks/main.yml +++ b/roles/minetest/tasks/main.yml @@ -24,7 +24,7 @@ when: minetest_installed is undefined -- include_tasks: enable.yml # i.e. enable-or-disable.yml in other roles +- include_tasks: enable-or-disable.yml - name: Add 'minetest' variable values to {{ iiab_ini_file }} @@ -38,11 +38,13 @@ value: Minetest Server - option: description value: '"Minetest is an open source clone of the Minecraft building blocks game."' - - option: minetest_world_dir - value: "{{ minetest_world_dir }}" - - option: minetest_port - value: "{{ minetest_port }}" + - option: minetest_install + value: "{{ minetest_install }}" - option: minetest_enabled value: "{{ minetest_enabled }}" - option: minetest_world_dir value: "{{ minetest_world_dir }}" + - option: minetest_port + value: "{{ minetest_port }}" + - option: minetest_world_dir + value: "{{ minetest_world_dir }}" diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index 37148a63c..e5e2f20ba 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -65,5 +65,7 @@ value: MongoDB - option: description value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."' - - option: enabled + - option: mongodb_install + value: "{{ mongodb_install }}" + - option: mongodb_enabled value: "{{ mongodb_enabled }}" diff --git a/roles/moodle/tasks/main.yml b/roles/moodle/tasks/main.yml index 701dc3210..621e30fb4 100644 --- a/roles/moodle/tasks/main.yml +++ b/roles/moodle/tasks/main.yml @@ -57,7 +57,9 @@ value: Moodle - option: description value: '"Access the Moodle learning management system."' - - option: moodle_base - value: "{{ moodle_base }}" + - option: moodle_install + value: "{{ moodle_install }}" - option: moodle_enabled value: "{{ moodle_enabled }}" + - option: moodle_base + value: "{{ moodle_base }}" diff --git a/roles/mosquitto/tasks/main.yml b/roles/mosquitto/tasks/main.yml index 37f344d8e..dd953d37a 100644 --- a/roles/mosquitto/tasks/main.yml +++ b/roles/mosquitto/tasks/main.yml @@ -38,5 +38,7 @@ value: Mosquitto service - option: description value: '"Mosquitto (uses the MQTT protocol) is a pub-sub broker for electronics projects and educational Internet of Things (IoT) experiments. It''s designed for TCP/IP with remote locations where a ''small code footprint'' is required or bandwidth is limited. See also: Node-RED"' + - option: mosquitto_install + value: "{{ mosquitto_install }}" - option: mosquitto_enabled value: "{{ mosquitto_enabled }}" diff --git a/roles/munin/tasks/main.yml b/roles/munin/tasks/main.yml index 29447f1b3..8a67d221e 100644 --- a/roles/munin/tasks/main.yml +++ b/roles/munin/tasks/main.yml @@ -59,7 +59,7 @@ value: Munin - option: description value: '"Munin is a networked resource monitoring tool that can help analyze resource trends and ''what just happened to kill our performance?'' problems."' - - option: install + - option: munin_install value: "{{ munin_install }}" - - option: enabled + - option: munin_enabled value: "{{ munin_enabled }}" diff --git a/roles/mysql/tasks/main.yml b/roles/mysql/tasks/main.yml index 196be1c67..789d406c1 100644 --- a/roles/mysql/tasks/main.yml +++ b/roles/mysql/tasks/main.yml @@ -59,5 +59,7 @@ value: MySQL - option: description value: '"MySQL is a widely used free and open source (GPLv2) database, offered by most web hosting services, on a diversity of platforms."' - - option: enabled + - option: mysql_install + value: "{{ mysql_install }}" + - option: mysql_enabled value: "{{ mysql_enabled }}" diff --git a/roles/network/tasks/NM-debian.yml b/roles/network/tasks/NM-debian.yml index ece7fa8cd..8cf977c8a 100644 --- a/roles/network/tasks/NM-debian.yml +++ b/roles/network/tasks/NM-debian.yml @@ -70,9 +70,14 @@ mode: 0600 when: wan_ip != "dhcp" +- name: Use systemd-networkd to handle br0 + include_tasks: sysd-netd-debian.yml + when: iiab_lan_iface == "br0" and not systemd_networkd_active + - name: Reload systemd systemd: daemon_reload: yes + when: not iiab_lan_iface == "br0" - name: Restart the NetworkManager service systemd: diff --git a/roles/network/tasks/computed_services.yml b/roles/network/tasks/computed_services.yml index 07925134f..62546460b 100644 --- a/roles/network/tasks/computed_services.yml +++ b/roles/network/tasks/computed_services.yml @@ -57,33 +57,39 @@ option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: - - option: dansguardian_enabled - value: "{{ dansguardian_enabled }}" - - option: squid_enabled - value: "{{ squid_enabled }}" - - option: wondershaper_enabled - value: "{{ wondershaper_enabled }}" - - option: iiab_network_mode_applied - value: "{{ iiab_network_mode }}" - - option: dhcpd_enabled - value: "{{ dhcpd_enabled }}" - - option: dhcp_service2 - value: "{{ dhcp_service2 }}" - - option: named_enabled - value: "{{ named_enabled }}" - - option: dnsmasq_enabled - value: "{{ dnsmasq_enabled }}" - - option: no_net_restart - value: "{{ no_net_restart }}" - - option: hostapd_enabled - value: "{{ hostapd_enabled }}" - - option: host_ssid - value: "{{ host_ssid }}" - - option: host_wifi_mode - value: "{{ host_wifi_mode }}" - - option: host_channel - value: "{{ host_channel }}" - + #- option: squid_install + # value: "{{ squid_install }}" + #- option: squid_enabled + # value: "{{ squid_enabled }}" + #- option: dansguardian_install + # value: "{{ dansguardian_install }}" + #- option: dansguardian_enabled + # value: "{{ dansguardian_enabled }}" + #- option: wondershaper_install + # value: "{{ wondershaper_install }}" + #- option: wondershaper_enabled + # value: "{{ wondershaper_enabled }}" + - option: iiab_network_mode_applied + value: "{{ iiab_network_mode }}" + - option: dhcpd_enabled + value: "{{ dhcpd_enabled }}" + - option: dhcp_service2 + value: "{{ dhcp_service2 }}" + - option: named_enabled + value: "{{ named_enabled }}" + - option: dnsmasq_enabled + value: "{{ dnsmasq_enabled }}" + - option: no_net_restart + value: "{{ no_net_restart }}" + - option: hostapd_enabled + value: "{{ hostapd_enabled }}" + - option: host_ssid + value: "{{ host_ssid }}" + - option: host_wifi_mode + value: "{{ host_wifi_mode }}" + - option: host_channel + value: "{{ host_channel }}" + - name: Add 'network' variable 'current_client_channel' value if defined, to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" @@ -93,4 +99,4 @@ with_items: - option: client_wifi_channel value: "{{ current_client_channel.stdout }}" - when: current_client_channel.stdout is defined + when: current_client_channel.stdout is defined \ No newline at end of file diff --git a/roles/network/tasks/dansguardian.yml b/roles/network/tasks/dansguardian.yml index 5384ab528..cdf457e55 100644 --- a/roles/network/tasks/dansguardian.yml +++ b/roles/network/tasks/dansguardian.yml @@ -48,6 +48,13 @@ state: directory when: ansible_distribution == "CentOS" + +# RECORD DansGuardian AS INSTALLED + +- name: "Set 'dansguardian_installed: True'" + set_fact: + dansguardian_installed: True + - name: "Add 'dansguardian_installed: True' to {{ iiab_state_file }}" lineinfile: path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index f6a1ac116..71bd1798e 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -216,6 +216,7 @@ - gateway/iiab-internet-on - gateway/iiab-internet-off + - name: Add 'squid' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" @@ -223,8 +224,11 @@ option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: - - option: enabled + - option: squid_install + value: "{{ squid_install }}" + - option: squid_enabled value: "{{ squid_enabled }}" + when: squid_installed is defined - name: Add 'dansguardian' variable values to {{ iiab_ini_file }} ini_file: @@ -233,8 +237,11 @@ option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: - - option: enabled + - option: dansguardian_install + value: "{{ dansguardian_install }}" + - option: dansguardian_enabled value: "{{ dansguardian_enabled }}" + when: dansguardian_installed is defined - name: Add 'wondershaper' variable values to {{ iiab_ini_file }} ini_file: @@ -243,5 +250,8 @@ option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: - - option: enabled + - option: wondershaper_install + value: "{{ wondershaper_install }}" + - option: wondershaper_enabled value: "{{ wondershaper_enabled }}" + when: wondershaper_installed is defined diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index b103f3331..afa33c3ce 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -23,17 +23,19 @@ - systemd-networkd-wait-online when: systemd_networkd_active -- name: Unmask and enable the systemd-networkd service for br0 - systemd: - name: systemd-networkd - enabled: yes - masked: no - when: network_manager_active and iiab_lan_iface == "br0" +# Moved to NM-debian.yml 2020-12-07 +#- name: Unmask and enable the systemd-networkd service for br0 +# systemd: +# name: systemd-networkd +# enabled: yes +# masked: no +# when: network_manager_active and iiab_lan_iface == "br0" -- name: Ensure systemd-networkd gets enabled for br0 - set_fact: - systemd_networkd_active: True - when: network_manager_active and iiab_lan_iface == "br0" +# Moved to NM-debian.yml 2020-12-07 +#- name: Ensure systemd-networkd gets enabled for br0 +# set_fact: +# systemd_networkd_active: True +# when: network_manager_active and iiab_lan_iface == "br0" # ICO will always set gui_static_wan_ip away from the default of 'unset' while # gui_static_wan turns dhcp on/off through wan_ip in computed_network and diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 3c1e1c793..d1573dd5e 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -65,7 +65,7 @@ command: /usr/bin/iiab-gen-iptables - name: Checking if WiFi slave is active - shell: brctl show br0 | grep {{ iiab_wireless_lan_iface }} | wc -l + shell: bridge -d link | grep {{ iiab_wireless_lan_iface }} | wc -l # when: hostapd_enabled and discovered_wireless_iface != iiab_wan_iface and iiab_lan_iface == "br0" when: hostapd_enabled and iiab_lan_iface == "br0" register: wifi_slave diff --git a/roles/network/tasks/squid.yml b/roles/network/tasks/squid.yml index 398718648..586e0a5be 100644 --- a/roles/network/tasks/squid.yml +++ b/roles/network/tasks/squid.yml @@ -77,15 +77,24 @@ mode: '0750' state: directory + - include_tasks: roles/network/tasks/dansguardian.yml when: dansguardian_install + +# RECORD Squid AS INSTALLED + +- name: "Set 'squid_installed: True'" + set_fact: + squid_installed: True + - name: "Add 'squid_installed: True' to {{ iiab_state_file }}" lineinfile: path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml regexp: '^squid_installed' line: 'squid_installed: True' + # {{ proxy }} is normally "squid", but is "squid3" on raspbian-8 & debian-8 - name: Add '{{ proxy }}' variable values to {{ iiab_ini_file }} ini_file: @@ -98,7 +107,9 @@ value: Squid - option: description value: '"Squid caches web pages the first time they are accessed, and pulls them from the cache thereafter."' - - option: enabled + - option: squid_install + value: "{{ squid_install }}" + - option: squid_enabled value: "{{ squid_enabled }}" - name: Add 'dansguardian' variable values to {{ iiab_ini_file }} @@ -112,5 +123,7 @@ value: DansGuardian - option: description value: '"DansGuardian searches web content for objectionable references and denies access when found."' - - option: enabled + - option: dansguardian_install + value: "{{ dansguardian_install }}" + - option: dansguardian_enabled value: "{{ dansguardian_enabled }}" diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index c334d6688..622663462 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -57,10 +57,19 @@ state: started when: wifi_up_down and discovered_wireless_iface != "none" -- name: Restart the systemd-networkd service +- name: Enable & Restart systemd-networkd.service systemd: name: systemd-networkd state: restarted + enabled: yes + masked: no + +- name: Enable & Restart networkd-dispatcher.service + systemd: + name: networkd-dispatcher + state: restarted + enabled: yes + masked: no - name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False systemd: diff --git a/roles/network/tasks/wondershaper.yml b/roles/network/tasks/wondershaper.yml index ce96c79b7..7a6fd9646 100644 --- a/roles/network/tasks/wondershaper.yml +++ b/roles/network/tasks/wondershaper.yml @@ -38,12 +38,20 @@ # group: root state: link + +# RECORD Wondershaper AS INSTALLED + +- name: "Set 'wondershaper_installed: True'" + set_fact: + wondershaper_installed: True + - name: "Add 'wondershaper_installed: True' to {{ iiab_state_file }}" lineinfile: path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml regexp: '^wondershaper_installed' line: 'wondershaper_installed: True' + - name: Add 'wondershaper' variable values to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" @@ -55,5 +63,7 @@ value: wondershaper - option: description value: '"Wondershaper is a command line tool to set maximum transfer rates for network adapters."' - - option: enabled + - option: wondershaper_install + value: "{{ wondershaper_install }}" + - option: wondershaper_enabled value: "{{ wondershaper_enabled }}" diff --git a/roles/network/templates/network/br0.j2 b/roles/network/templates/network/br0.j2.deprecated similarity index 100% rename from roles/network/templates/network/br0.j2 rename to roles/network/templates/network/br0.j2.deprecated diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index b3461b9fe..dbf65c297 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -44,6 +44,10 @@ value: Nextcloud - option: description value: '"Nextcloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."' + - option: nextcloud_install + value: "{{ nextcloud_install }}" + - option: nextcloud_enabled + value: "{{ nextcloud_enabled }}" - option: nextcloud_dl_url value: "{{ nextcloud_dl_url }}" - option: nextcloud_url @@ -54,5 +58,3 @@ value: "{{ nextcloud_root_dir }}" - option: nextcloud_data_dir value: "{{ nextcloud_data_dir }}" - - option: nextcloud_enabled - value: "{{ nextcloud_enabled }}" diff --git a/roles/nginx/README.md b/roles/nginx/README.md index 79f62cfcb..d3d462628 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -34,7 +34,6 @@ * wordpress 3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of IIAB Apps/Services that auto-enable Apache. - * cups [*, shim not yet in place.] * elgg * lokole * moodle @@ -43,6 +42,7 @@ 4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations). In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite) * bluetooth * calibre (menu goes directly to port 8080) + * cups [(available on port 631) * shim not yet in place.] * internetarchive (menu goes directly to port 4244, [PR #2120](https://github.com/iiab/iiab/pull/2120)) [*] * kalite (menu goes directly to ports 8006-8008) * minetest diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 2c880b464..576ce225a 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -43,6 +43,10 @@ - option: description value: '"OpenVPN enables live/remote support by connecting machines anywhere on the Internet, via a middleman server, using Virtual Private Network (VPN) techniques to create secure connections."' # openvpn_handle variable can no longer be left completely undefined of August 2018 (EMPTY STRING "" IS TOLERATED, in which case OpenVPN server should use /etc/iiab/uuid in lieu of the handle) + - option: openvpn_install + value: "{{ openvpn_install }}" + - option: openvpn_enabled + value: "{{ openvpn_enabled }}" - option: openvpn_handle value: "{{ openvpn_handle }}" - option: openvpn_cron_enabled @@ -53,5 +57,3 @@ value: "{{ openvpn_server_virtual_ip }}" - option: openvpn_server_port value: "{{ openvpn_server_port }}" - - option: openvpn_enabled - value: "{{ openvpn_enabled }}" diff --git a/roles/osm-vector-maps/tasks/main.yml b/roles/osm-vector-maps/tasks/main.yml index 39f1ff7b2..a16cfcd34 100644 --- a/roles/osm-vector-maps/tasks/main.yml +++ b/roles/osm-vector-maps/tasks/main.yml @@ -32,7 +32,7 @@ value: OSM Vector Maps - option: description value: '"OpenStreetMap is like Google Maps but better, for schools especially, as it works offline and avoids all the advertising. Download detailed ''vector maps'' for an entire continent, or the entire world! Also includes 10+ zoom levels of satellite imagery!"' - - option: install + - option: osm_vector_maps_install value: "{{ osm_vector_maps_install }}" - - option: enabled + - option: osm_vector_maps_enabled value: "{{ osm_vector_maps_enabled }}" diff --git a/roles/phpmyadmin/tasks/main.yml b/roles/phpmyadmin/tasks/main.yml index 7ca8b15b8..5df581694 100644 --- a/roles/phpmyadmin/tasks/main.yml +++ b/roles/phpmyadmin/tasks/main.yml @@ -38,7 +38,9 @@ value: phpMyAdmin - option: description value: '"phpMyAdmin is an interface with a MySQL database written in PHP, and available to administer the database engine locally or across the network."' + - option: phpmyadmin_install + value: "{{ phpmyadmin_install }}" + - option: phpmyadmin_enabled + value: "{{ phpmyadmin_enabled }}" - option: path value: /opt/phpmyadmin - - option: enabled - value: "{{ phpmyadmin_enabled }}" diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml index 2ab61433e..2043e2427 100644 --- a/roles/postgresql/tasks/main.yml +++ b/roles/postgresql/tasks/main.yml @@ -58,7 +58,7 @@ value: PostgreSQL - option: description value: '"PostgreSQL is a powerful, open source object-relational database system."' - - option: install + - option: postgresql_install value: "{{ postgresql_install }}" - - option: enabled + - option: postgresql_enabled value: "{{ postgresql_enabled }}" diff --git a/roles/samba/tasks/main.yml b/roles/samba/tasks/main.yml index 78b10ddcf..801d725f4 100755 --- a/roles/samba/tasks/main.yml +++ b/roles/samba/tasks/main.yml @@ -38,5 +38,7 @@ value: Samba - option: description value: '"Samba is a Microsoft-compatible network file system that re-implements SMB/CIFS (Common Internet File System)."' - - option: enabled + - option: samba_install + value: "{{ samba_install }}" + - option: samba_enabled value: "{{ samba_enabled }}" diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index 5d66608c9..dccb4cd10 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -38,7 +38,9 @@ value: sshd - option: description value: '"Secure Shell daemon (typically implemented by openssh-server) for remote login using the ''ssh'' low-level protocol."' - - option: sshd_port - value: "{{ sshd_port }}" + - option: sshd_install + value: "{{ sshd_install }}" - option: sshd_enabled value: "{{ sshd_enabled }}" + - option: sshd_port + value: "{{ sshd_port }}" diff --git a/roles/sugarizer/tasks/main2.yml b/roles/sugarizer/tasks/main2.yml index bf175a3a4..5a719e233 100644 --- a/roles/sugarizer/tasks/main2.yml +++ b/roles/sugarizer/tasks/main2.yml @@ -17,5 +17,7 @@ value: Sugarizer - option: description value: '"The Sugar Learning Platform began with the famous One Laptop Per Child project, written in Python. Sugarizer is the new HTML/JavaScript implementation of Sugar, usable in most all browsers."' + - option: sugarizer_install + value: "{{ sugarizer_install }}" - option: sugarizer_enabled value: "{{ sugarizer_enabled }}" diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 25b671f06..3304a0f16 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -76,6 +76,11 @@ line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"' path: /etc/usbmount/usbmount.conf +- name: Remove /etc/usbmount/mount.d/00_create_model_symlink + file: + path: /etc/usbmount/mount.d/00_create_model_symlink + state: absent + # 2021-03-25: Consider removing this stanza & all of this role's Apache logic! - name: Install /etc/{{ apache_conf_dir }}/content_dir.conf from template template: diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index da1bd6c12..75cd8e4e7 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -64,6 +64,11 @@ include_tasks: nginx.yml when: nginx_enabled +# 2021-04-29: Clean up here to catch the already installed users, remove for the next release (PR #2760) +- name: Remove /etc/usbmount/mount.d/00_create_model_symlink + file: + path: /etc/usbmount/mount.d/00_create_model_symlink + state: absent - name: Put variable in iiab.env that enables display of content at root of USB lineinfile: @@ -71,6 +76,7 @@ regexp: "^IIAB_USB_LIB_SHOW_ALL.*" line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}" + - name: Add 'usb_lib' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini diff --git a/roles/vnstat/tasks/main.yml b/roles/vnstat/tasks/main.yml index c7d29b4bd..5e28f26aa 100644 --- a/roles/vnstat/tasks/main.yml +++ b/roles/vnstat/tasks/main.yml @@ -38,7 +38,7 @@ value: vnStat - option: description value: '"vnStat is a console-based network traffic monitor for Linux and BSD that keeps a log of network traffic for the selected interface(s)."' - - option: install + - option: vnstat_install value: "{{ vnstat_install }}" - - option: enabled + - option: vnstat_enabled value: "{{ vnstat_enabled }}" diff --git a/roles/wordpress/tasks/main.yml b/roles/wordpress/tasks/main.yml index 7e4bc8a72..f3b973f33 100644 --- a/roles/wordpress/tasks/main.yml +++ b/roles/wordpress/tasks/main.yml @@ -50,6 +50,10 @@ value: WordPress - option: description value: '"WordPress is a blog and web site management application."' + - option: wordpress_install + value: "{{ wordpress_install }}" + - option: wordpress_enabled + value: "{{ wordpress_enabled }}" - option: wordpress_src value: "{{ wordpress_src }}" - option: wp_abs_path @@ -62,5 +66,3 @@ value: "{{ wp_url }}" - option: wp_full_url value: "{{ wp_full_url }}" - - option: wordpress_enabled - value: "{{ wordpress_enabled }}" diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 242fc8b60..35b4965b2 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -189,7 +189,7 @@ cat_cmd 'ip addr' 'Network interfaces' cat_cmd 'ifconfig' 'Network interfaces (old view)' cat_cmd 'ip route' 'Routing table' cat_cmd 'netstat -rn' 'Routing table (old view)' -cat_cmd 'brctl show' 'Bridge for LAN side' +cat_cmd 'bridge -d link' 'Bridge for LAN side' cat_cmd 'sudo netstat -natp' 'Ports/Services in use' cat_cmd 'systemctl status dnsmasq' 'Is dnsmasq running?' cat_cmd 'sudo journalctl -b 0 -u dnsmasq' 'dnsmasq log'