Merge branch 'iiab:master' into less-apache

roles/0-init/README.rst

@@ -2,8 +2,10 @@
 0-init README
 =============
 
-For a higher-level view, please see `IIAB Installation <https://github.com/iiab/iiab/wiki/IIAB-Installation>`_ and http://FAQ.IIAB.IO
+For a higher-level view of `Internet-in-a-Box (IIAB) <https://internet-in-a-box.org/>`_, please see http://FAQ.IIAB.IO and  `IIAB Installation <https://github.com/iiab/iiab/wiki/IIAB-Installation>`_.
 
-This 0th stage literally sets the stage for Internet-in-a-Box (IIAB) installation, prior to Ansible running `Stages 1-to-9 <.>`_ and then the `network <../network>`_ stage.
+This 0th `stage <https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible>`_ literally sets the stage for IIAB installation, prior to Ansible running Stages 1-to-9, which are typically then followed by the `network <../network>`_ stage.
 
-This serves to confirm low-level Ansible facts from the OS — e.g. for housekeeping tasks related to TZ (time zone), hostname, FQDN (fully-qualified domain name), unusual systemwide dependencies etc — and whether Internet is live so that IIAB installation can proceed.
+But first: This 0th stage (0-init) serves to confirm low-level Ansible facts from the OS — e.g. for housekeeping tasks related to TZ (time zone), hostname, FQDN (fully-qualified domain name), unusual systemwide dependencies etc (and whether Internet is live) — so that IIAB installation can get underway.
+
+Recap: Similar to 1-prep, 2-common, 3-base-server, 4-server-options and 5-xo-services ⁠— this 0th stage installs core server infra (that is not user-facing).

roles/1-prep/README.rst

@@ -2,15 +2,21 @@
 1-prep README
 =============
 
-This 1st stage (1-prep) is primarily hardware-focused, prior to OS
+This 1st `stage <https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible>`_ (1-prep) is primarily hardware-focused, prior to OS
-additions/mods, but also includes critical pieces sometimes needed for
+additions/mods — but also includes critical pieces sometimes needed for
 remote support:
 
+- dnsmasq
+- /etc/iiab/uuid
+- Customizing /var/log/* for Ubermix on each boot, using /etc/tmpfiles.d
 - SSH
 - `iiab-admin <https://github.com/iiab/iiab/tree/master/roles/iiab-admin>`_ username and group to log into Admin Console
 - OpenVPN software if/as needed later for remote support
+- `raspberry_pi.yml <tasks/raspberry_pi.yml>`_ including RTC, essential packages, and networking basics
 
 Traditionally 1-prep also included preliminaries like hostname and
 hardware-oriented things specific to a particular platform (such as
 One Laptop Per Child's XO laptop) i.e. critical setup prior to the
 bulk of IIAB's software install.
+
+Recap: Similar to 0-init, 2-common, 3-base-server, 4 server-options and 5-xo-services ⁠— this 1st stage installs core server infra (that is not user-facing).

roles/1-prep/tasks/raspberry_pi.yml

@@ -1,12 +1,12 @@
 # Specific to Raspberry Pi
 
-- name: Install udev rule /etc/udev/rules.d/92-rtc-i2c.rules from template, to transfer hwclock to system clock at dev creation, if rtc_id is defined and rtc_id != "none"
+- name: Install udev rule /etc/udev/rules.d/92-rtc-i2c.rules from template, to transfer hwclock to system clock at dev creation, if rtc_id is defined and rtc_id != "none" (root:root, 0644 by default)
   template:
     src: 92-rtc-i2c.rules
     dest: /etc/udev/rules.d/92-rtc-i2c.rules
-    owner: root
+    #owner: root
-    group: root
+    #group: root
-    mode: 0644
+    #mode: 0644
   when: rtc_id is defined and rtc_id != "none"
 
 # RTC requires a change to the device tree (and reboot)
@@ -50,7 +50,7 @@
       - cloud-guest-utils    # Contains 'growpart' for resizing a partition during boot, which is normally done with the aid of cloud-init
       - dphys-swapfile       # 2021-07-27: RaspiOS installs this regardless -- autogenerate and use a swap file
       - fake-hwclock         # 2021-07-27: RaspiOS installs this regardless -- save/restore system clock on machines without working RTC hardware
-      - iw                # 2021-07-27: RaspiOS installs this regardless -- configure Linux wireless devices -- hard dependence for ap0 creation, SEE https://github.com/iiab/iiab/blob/master/roles/network/templates/hostapd/clone-wifi.service.j2
+      - iw                # 2021-07-27: RaspiOS installs this regardless -- configure Linux wireless devices -- hard dependence for ap0 creation, SEE https://github.com/iiab/iiab/blob/master/roles/network/templates/hostapd/iiab-clone-wifi.service.j2
       - rfkill            # 2021-07-27: RaspiOS installs this regardless -- enable & disable wireless devices
       - wireless-tools    # 2021-07-27: RaspiOS installs this regardless -- manipulate Linux Wireless Extensions
     state: present
@@ -67,15 +67,15 @@
     name: dphys-swapfile
     state: restarted
 
-- name: Install RPi rootfs resizing (iiab-rpi-max-rootfs.sh) and its systemd service (iiab-rpi-root-resize.service), from templates
+- name: Install RPi rootfs resizing (/usr/sbin/iiab-rpi-max-rootfs.sh) and its systemd service (/etc/systemd/system/iiab-rpi-root-resize.service), from templates (root:root by default)
   template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
-    owner: root
+    #owner: root
-    group: root
+    #group: root
     mode: "{{ item.mode }}"
   with_items:
-    - { src: 'iiab-rpi-max-rootfs.sh', dest: '/usr/sbin/iiab-rpi-max-rootfs.sh', mode: '0755'}
+    - { src: 'iiab-rpi-max-rootfs.sh', dest: '/usr/sbin/', mode: '0755'}
     - { src: 'iiab-rpi-root-resize.service', dest: '/etc/systemd/system/iiab-rpi-root-resize.service', mode: '0644'}
 
 - name: Enable RPi rootfs resizing (systemd service iiab-rpi-root-resize.service)

roles/2-common/README.rst

@@ -2,7 +2,13 @@
 2-common README
 ===============
 
-This 2nd stage is for OS-level roles/packages/tasks *common* to all platforms,
+This 2nd `stage <https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible>`_ is for OS-level basics *common* to all platforms, i.e. core prerequisites to building up a functioning `Internet-in-a-Box (IIAB) <https://internet-in-a-box.org/>`_ server.
-prerequisites to building up a functioning server.
 
-As in the case of 3-base-server, 4-server-options and 5-xo-services: this stage installs core server infra, that is not user-facing.
+These are (partially) put in place:
+
+- IIAB directory structure (`file layout <tasks/fl.yml>`_)
+- Common `apt <https://en.wikipedia.org/wiki/APT_(software)>`_ software packages
+- Networking (including the `iptables <https://en.wikipedia.org/wiki/Iptables>`_ firewall)
+- `/usr/libexec/iiab-startup.sh <tasks/iiab-startup.yml>`_ similar to AUTOEXEC.BAT and /etc/rc.local, in order to run jobs on boot
+
+Recap: As with 0-init, 1-prep, 3-base-server, 4-server-options and 5-xo-services — this 2nd stage installs core server infra (that is not user-facing).

roles/2-common/tasks/main.yml

@@ -1,59 +1,44 @@
 # Common OS-Level Additions & Mods (that only need to be performed once)
 
 - name: ...IS BEGINNING ==========================================
-  command: echo
+  meta: noop
 
 - name: Create IIAB directory structure ("file layout")
   include_tasks: fl.yml
 
-# UNMAINTAINED
-- include_tasks: centos.yml
-  when: ansible_distribution == "CentOS"
-
-# UNMAINTAINED
-- include_tasks: fedora.yml
-  when: ansible_distribution == "Fedora"
-
-# UNMAINTAINED
-- include_tasks: prep.yml
-  when: not is_debuntu
-
-# UNMAINTAINED
-- include_tasks: xo.yml
-  when: xo_model != "none" or osbuilder is defined
-
 - include_tasks: packages.yml
-- include_tasks: network.yml
 
-# Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes:
+- name: 'Network prep, including partial setup of iptables (firewall) -- SEE ALSO: 1-prep/tasks/raspberry_pi.yml'
-- name: Use 'sysctl' to set 5 network/kernel settings, turning off IPv6 if possible
+  include_tasks: network.yml
-  sysctl:    # Places these settings in /etc/sysctl.conf, to survive reboot
-    name: "{{ item.name }}"
-    value: "{{ item.value }}"
-  with_items:
-    - { name: 'net.ipv4.ip_forward', value: '1' }  # Masquerading LAN->Internet
-    - { name: 'net.ipv4.conf.default.rp_filter', value: '1' }
-    - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' }
-    #- { name: 'kernel.sysrq', value: '1' }             # OS values differ, Ok?
-    - { name: 'kernel.core_uses_pid', value: '1' }
-    #- { name: 'net.ipv4.tcp_syncookies', value: '1' }  # Very standard in 2020
-    #- { name: 'kernel.shmmax', value: '268435456' }    # OS values differ, Ok?
-    - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' }    # IPv6 disabled
-    #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' }    # AUTO-SET
-    #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' }         # BY ABOVE
-
-# UNMAINTAINED
-- name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH
-  template:
-    dest: /etc/profile.d/zzz_iiab.sh
-    src: zzz_iiab.sh
-
-# UNMAINTAINED
-- include_tasks: net_mods.yml
-  when: not is_debuntu and not is_F18
 
 - include_tasks: iiab-startup.yml
 
+# UNMAINTAINED
+#- include_tasks: centos.yml
+#  when: ansible_distribution == "CentOS"
+
+# UNMAINTAINED
+#- include_tasks: fedora.yml
+#  when: ansible_distribution == "Fedora"
+
+# UNMAINTAINED
+#- include_tasks: prep.yml
+#  when: not is_debuntu
+
+# UNMAINTAINED
+#- include_tasks: xo.yml
+#  when: xo_model != "none" or osbuilder is defined
+
+# UNMAINTAINED
+#- include_tasks: net_mods.yml
+#  when: not is_debuntu and not is_F18
+
+# UNMAINTAINED
+#- name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH
+#  template:
+#    dest: /etc/profile.d/zzz_iiab.sh
+#    src: zzz_iiab.sh
+
 - name: Recording STAGE 2 HAS COMPLETED ==========================
   lineinfile:
     path: "{{ iiab_env_file }}"

roles/2-common/tasks/network.yml

@@ -24,3 +24,20 @@
     src: iptables
     dest: /etc/network/if-pre-up.d/iptables
     mode: '0755'
+
+# Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes:
+- name: Use 'sysctl' to set 5 network/kernel settings, turning off IPv6 if possible
+  sysctl:    # Places these settings in /etc/sysctl.conf, to survive reboot
+    name: "{{ item.name }}"
+    value: "{{ item.value }}"
+  with_items:
+    - { name: 'net.ipv4.ip_forward', value: '1' }  # Masquerading LAN->Internet
+    - { name: 'net.ipv4.conf.default.rp_filter', value: '1' }
+    - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' }
+    #- { name: 'kernel.sysrq', value: '1' }             # OS values differ, Ok?
+    - { name: 'kernel.core_uses_pid', value: '1' }
+    #- { name: 'net.ipv4.tcp_syncookies', value: '1' }  # Very standard in 2020
+    #- { name: 'kernel.shmmax', value: '268435456' }    # OS values differ, Ok?
+    - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' }    # IPv6 disabled
+    #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' }    # AUTO-SET
+    #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' }         # BY ABOVE

roles/2-common/tasks/packages.yml

@@ -1,19 +1,3 @@
-#- name: "Install 10 yum/dnf packages: avahi, avahi-tools, createrepo, linux-firmware, nss-mdns, openssl, syslog, wpa_supplicant, xml-common, yum-utils (redhat)"
-#  package:
-#    name:
-#      - avahi
-#      - avahi-tools
-#      - createrepo
-#      - linux-firmware
-#      - nss-mdns
-#      - openssl    # FC 18 does not supply, but pear requires
-#      - syslog
-#      - wpa_supplicant
-#      - xml-common
-#      - yum-utils
-#    state: present
-#  when: is_redhat
-
 - name: '2021-07-27: SEE ALSO ~3 networking packages EARLIER installed by https://github.com/iiab/iiab/blob/master/roles/1-prep/tasks/raspberry_pi.yml'
   meta: noop
 
@@ -42,7 +26,7 @@
       #- make              # 2021-07-27: Currently used by roles/pbx and no other roles
       - mlocate
       - net-tools          # 2021-04-26: @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output?
-      #- ntfs-3g           # 2021-07-27: Should no longer be nec, similar to exfat packages above -- but see this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g
+      #- ntfs-3g           # 2021-07-27: RaspiOS installs this regardless -- but this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g
       #- openssh-server    # ssh (Raspbian) or openssh-server (other OS's) already installed by 1-prep's roles/sshd/tasks/main.yml
       - pandoc             # For /usr/bin/iiab-refresh-wiki-docs
       - pastebinit         # For /usr/bin/iiab-diagnostics
@@ -57,3 +41,19 @@
       - wget
       - wpasupplicant      # 2021-07-27: RaspiOS installs this regardless -- client library for connections to a WiFi AP
     state: present
+
+#- name: "Install 10 yum/dnf packages: avahi, avahi-tools, createrepo, linux-firmware, nss-mdns, openssl, syslog, wpa_supplicant, xml-common, yum-utils (redhat)"
+#  package:
+#    name:
+#      - avahi
+#      - avahi-tools
+#      - createrepo
+#      - linux-firmware
+#      - nss-mdns
+#      - openssl    # FC 18 does not supply, but pear requires
+#      - syslog
+#      - wpa_supplicant
+#      - xml-common
+#      - yum-utils
+#    state: present
+#  when: is_redhat

roles/2-common/templates/iiab-extra.repo.unused

@@ -13,4 +13,3 @@ baseurl=http://download.iiab.io/repos/xsce-extra/
 enabled=1
 metadata_expire=1d
 gpgcheck=0
-

roles/2-common/templates/li.nux.ro.repo.unused

@@ -4,5 +4,3 @@ baseurl=http://li.nux.ro/download/nux/dextop/el7/x86_64/
 enabled=0
 gpgcheck=1
 gpgkey=http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
-
-

roles/2-common/templates/rpmfusion-free-updates.repo.unused

@@ -21,4 +21,3 @@ mirrorlist=http://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-updates-rele
 enabled=0
 gpgcheck=1
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-$releasever
-

roles/3-base-server/README.rst

@@ -2,7 +2,7 @@
 3-base-server README
 ====================
 
-This 3rd stage installs base server infra that Internet-in-a-Box requires, including:
+This 3rd `stage <https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible>`_ installs base server infra that `Internet-in-a-Box (IIAB) <https://internet-in-a-box.org/>`_ requires, including:
 
 - `MySQL <https://github.com/iiab/iiab/blob/master/roles/mysql>`_ (database underlying many/most user-facing apps).  This IIAB role also installs apt package:
    - **php{{ php_version }}-mysql** — which forcibly installs **php{{ php_version }}-common**
@@ -10,6 +10,6 @@ This 3rd stage installs base server infra that Internet-in-a-Box requires, inclu
    - **php{{ php_version }}-fpm** — which forcibly installs **php{{ php_version }}-cli**, **php{{ php_version }}-common** and **libsodium23**
 - `www_base <https://github.com/iiab/iiab/blob/master/roles/www_base>`_ (similar to `www_options <https://github.com/iiab/iiab/blob/master/roles/www_options>`_ which runs later in 4-server-options)
 
-Recap: as with 2-common, 4-server-options and 5-xo-services, this 3rd stage installs core server infra (that is not user-facing).
+Recap: As with 0-init, 1-prep, 2-common, 4-server-options and 5-xo-services — this 3rd stage installs core server infra (that is not user-facing).
 
 The next stage (4-server-options) brings more diverse/optional server infra functionality.

roles/4-server-options/README.rst

@@ -2,8 +2,18 @@
 4-server-options README
 =======================
 
-Whereas 3-base-server installs critical packages needed by all, this 4th stage installs a broad array of *options* -- depending on which server apps will be installed in later stages -- as specified in /etc/iiab/local_vars.yml
+Whereas 3-base-server installs critical packages needed by all, this 4th `stage <https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible>`_ installs a broad array of *options* ⁠— depending on which server apps will be installed in later stages ⁠— as specified in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_
 
-This includes some networking fundamentals, before they're configured later on.
+This includes more networking fundamentals, that may further be configured later on.
 
-As in the case of 2-common, 3-base-server and 5-xo-services: this stage installs core server infra, that is not user-facing.
+Specifically, these might be installed:
+
+- Python libraries
+- SSH daemon
+- Bluetooth for Raspberry Pi
+- Instant-sharing of `USB stick content <https://wiki.iiab.io/go/FAQ#Can_teachers_display_their_own_content.3F>`_
+- CUPS Printing
+- Samba for Windows filesystems
+- `www_options <https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml>`_
+
+Recap: As with 0-init, 1-prep, 2-common, 3-base-server and 5-xo-services ⁠— this 4th stage installs core server infra (that is not user-facing).

roles/4-server-options/tasks/main.yml

@@ -18,7 +18,7 @@
     name: pylibs
   #when: pylibs_install    # Flag might be created in future?
 
-- name: SSHD - also run by roles/1-prep/tasks/main.yml as required by OpenVPN
+- name: SSHD -- also run by roles/1-prep/tasks/main.yml as required by OpenVPN
   include_role:
     name: sshd
   when: sshd_install

roles/5-xo-services/README.rst

@@ -2,6 +2,6 @@
 5-xo-services README
 ====================
 
-This 5th stage provides underlying services for One Laptop Per Child's XO laptops.
+This 5th `stage <https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible>`_ provides underlying services for One Laptop Per Child's XO laptops.
 
-As in the case of 2-common, 3-base-server and 4-server-options: this stage installs core server infra, that is not user-facing.
+Recap: As with 0-init, 1-prep, 2-common, 3-base-server and 4-server-options — this 5th stage installs core server infra (that is not user-facing).

roles/captiveportal/tasks/enable-or-disable.yml

@@ -36,8 +36,8 @@
     state: absent
   when: not captiveportal_enabled
 
-- name: Run iiab-divert-to-nginx to generate diversion lists for NGINX
+- name: Run /usr/sbin/iiab-divert-to-nginx to generate diversion lists for NGINX
-  shell: /usr/sbin/iiab-divert-to-nginx
+  command: /usr/sbin/iiab-divert-to-nginx
   when: captiveportal_enabled
 
 - name: Delete /etc/dnsmasq.d/capture to make sure dnsmasq is not diverting (if not captiveportal_enabled)

roles/captiveportal/tasks/install.yml

@@ -43,7 +43,7 @@
     - simple.template
     - mac.template
 
-- name: Run iiab-make-cp-servers.py to generate NGINX servers from /opt/iiab/captiveportal/checkurls input list (creates /etc/nginx/sites-available/capture.conf)
+- name: Run /usr/sbin/iiab-make-cp-servers.py to generate NGINX servers from /opt/iiab/captiveportal/checkurls input list (creates /etc/nginx/sites-available/capture.conf)
   command: /usr/sbin/iiab-make-cp-servers.py
   args:
     creates: /etc/nginx/sites-available/capture.conf

roles/firmware/tasks/install.yml

@@ -2,19 +2,19 @@
   include_tasks: download.yml
   when: firmware_downloaded is undefined    # SEE ALSO firmware_installed below
 
-- name: 'Install from template: check-firmware.service, iiab-check-firmware & fw_warn.sh'
+- name: 'Install from template: /usr/bin/iiab-check-firmware, /etc/systemd/system/iiab-check-firmware.service & /etc/profile.d/iiab-firmware-warn.sh'
   template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     mode: "{{ item.mode }}"
   with_items:
-    - { src: 'check-firmware.service', dest: '/etc/systemd/system/', mode: '0644' }
+    - { src: 'iiab-check-firmware', dest: '/usr/bin/', mode: '0755' }
-    - { src: 'iiab-check-firmware', dest: '/usr/sbin/', mode: '0755' }
+    - { src: 'iiab-check-firmware.service', dest: '/etc/systemd/system/', mode: '0644' }
-    - { src: 'fw_warn.sh', dest: '/etc/profile.d/', mode: '0644' }
+    - { src: 'iiab-firmware-warn.sh', dest: '/etc/profile.d/', mode: '0644' }
 
-- name: Enable & (Re)Start check-firmware.service (also runs on each boot)
+- name: Enable & (Re)Start iiab-check-firmware.service (also runs on each boot)
   systemd:
-    name: check-firmware.service
+    name: iiab-check-firmware.service
     daemon_reload: yes
     state: restarted
     enabled: yes

roles/firmware/templates/iiab-check-firmware.service

@@ -1,11 +1,10 @@
 [Unit]
 Description=Check Firmware service
-Before=clone-wifi.service
+Before=iiab-clone-wifi.service
 
 [Service]
 Type=oneshot
-ExecStart=/usr/sbin/iiab-check-firmware
+ExecStart=/usr/bin/iiab-check-firmware
 
 [Install]
 WantedBy=multi-user.target
-

roles/iiab-admin/tasks/admin-user.yml

@@ -14,7 +14,7 @@
     name: "{{ admin_console_group }}"
     state: present
 
-- name: Configure user '{{ iiab_admin_user }}' with group '{{ admin_console_group }}' for login to IIAB's Admin Console (http://box.lan/admin) AND for IIAB community support commands (/usr/bin/iiab-* and /usr/sbin/iiab-*) at the command-line
+- name: Configure user '{{ iiab_admin_user }}' with group '{{ admin_console_group }}' for login to IIAB's Admin Console (http://box.lan/admin) AND for IIAB community support commands (/usr/bin/iiab-*) at the command-line
   user:
     name: "{{ iiab_admin_user }}"
     #group: "{{ iiab_admin_user }}"    # Not nec.  Anyway this happens during account creation b/c 'USERGROUPS_ENAB yes' is set in any modern /etc/login.defs
@@ -34,7 +34,7 @@
 
 # sudo-prereqs.yml needs to have been run!
 
-- name: Add user {{ iiab_admin_user }} to group sudo, for IIAB community support commands like {iiab-diagnostics, iiab-hotspot-on, iiab-check-firmware}, if iiab_admin_can_sudo
+- name: Add user {{ iiab_admin_user }} to group sudo, for IIAB community support commands in /usr/bin like {iiab-diagnostics, iiab-hotspot-on, iiab-check-firmware}, if iiab_admin_can_sudo
   #command: "gpasswd -a {{ iiab_admin_user | quote }} sudo"
   user:
     name: "{{ iiab_admin_user }}"

roles/network/tasks/hostapd.yml

@@ -39,7 +39,7 @@
   set_fact:
     ap0_mac_addr: "{{ ap0_mac.stdout }}"
 
-- name: Use custom 'hostapd' systemd service unit file using ap0
+- name: "Use custom 'hostapd' systemd service unit file using ap0 -- install from template: /etc/systemd/system/hostapd.service, /etc/systemd/system/iiab-clone-wifi.service, /etc/systemd/system/iiab-wifi-test.service, /usr/sbin/iiab-test-wifi"
   template:
     owner: root
     group: root
@@ -48,9 +48,9 @@
     mode: "{{ item.mode  }}"
   with_items:
     - { src: 'hostapd/hostapd.service.j2', dest: '/etc/systemd/system/hostapd.service', mode: '0644' }
-    - { src: 'hostapd/clone-wifi.service.j2', dest: '/etc/systemd/system/clone-wifi.service', mode: '0644' }
+    - { src: 'hostapd/iiab-clone-wifi.service.j2', dest: '/etc/systemd/system/iiab-clone-wifi.service', mode: '0644' }
-    - { src: 'hostapd/wifi-test.service.j2', dest: '/etc/systemd/system/wifi-test.service', mode: '0644'}
+    - { src: 'hostapd/iiab-wifi-test.service.j2', dest: '/etc/systemd/system/iiab-wifi-test.service', mode: '0644'}
-    - { src: 'hostapd/test-wifi', dest: '/sbin/test-wifi', mode: '0755' }
+    - { src: 'hostapd/iiab-test-wifi.j2', dest: '/usr/sbin/iiab-test-wifi', mode: '0755' }
   when: discovered_wireless_iface != "none"
 
 - name: Use custom 'hostapd' systemd service unit file for {{ discovered_wireless_iface }} when not wifi_up_down
@@ -145,8 +145,8 @@
     enabled: no
     daemon_reload: yes    
   with_items:
-    - clone-wifi.service
+    - iiab-clone-wifi.service
-    - wifi-test.service
+    - iiab-wifi-test.service
   when: not wifi_up_down
 
 - name: Enable the Access Point 'hostapd' and ap0 related services
@@ -156,8 +156,8 @@
     daemon_reload: yes
   with_items:
     - hostapd.service
-    - clone-wifi.service
+    - iiab-clone-wifi.service
-    - wifi-test.service
+    - iiab-wifi-test.service
   when: hostapd_enabled and wifi_up_down
 
 - name: Record HOSTAPD_ENABLED to {{ iiab_env_file }}

roles/network/tasks/rpi_debian.yml

@@ -58,7 +58,7 @@
 
 - name: Clone wifi if needed
   systemd:
-    name: clone-wifi
+    name: iiab-clone-wifi
     state: started
   when: discovered_wireless_iface != "none"
   # Whereas sysd-netd-debian.yml uses...

roles/network/tasks/sysd-netd-debian.yml

@@ -53,7 +53,7 @@
 
 - name: Clone wifi if needed
   systemd:
-    name: clone-wifi
+    name: iiab-clone-wifi
     state: started
   when: wifi_up_down and discovered_wireless_iface != "none"
 

roles/network/templates/hostapd/README.ap0

@@ -1,8 +1,8 @@
 start up order
 # network-pre bridge is created
-clone-wifi
+iiab-clone-wifi
 wpa_supplicant #--dbus version does not start the interface directly
-test-wifi  # uses dbus to scan the network grabbing the channel alters hostapd.conf if needed
+iiab-test-wifi  # uses dbus to scan the network grabbing the channel alters hostapd.conf if needed
 hostapd
 
 # network

roles/network/templates/hostapd/hostapd.service.j2

@@ -2,8 +2,8 @@
 Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
 Wants=network-pre.target
 After=network-pre.target
-After=clone-wifi.service
+After=iiab-clone-wifi.service
-Requires=clone-wifi.service
+Requires=iiab-clone-wifi.service
 Before=dhcpcd.service
 Before=wpa_supplicant@{{ discovered_wireless_iface }}.service
 Before=NetworkManager.service

roles/network/templates/hostapd/iiab-test-wifi.j2

@@ -5,7 +5,7 @@ NETPLAN=0
 SSID="NA"
 # when we get here br0 should be available and dbus wpa_supplicant was started if enabled. None
 # of the backends that use wpa_supplicant should be active yet based on the Before= After= lines
-# in the wifi-test.service unit file.
+# in the iiab-wifi-test.service unit file.
 
 # covers systemd-networkd
 if [ -f /etc/wpa_supplicant/wpa_supplicant-$IFACE.conf ]; then

roles/network/templates/hostapd/iiab-wifi-test.service.j2

@@ -12,7 +12,7 @@ Before=network.target
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=/sbin/test-wifi
+ExecStart=/usr/sbin/iiab-test-wifi
 
 [Install]
 WantedBy=multi-user.target

roles/network/templates/network/iiab-hotspot-off

@@ -3,9 +3,9 @@ sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=False/" {{ iiab_env_file }}
 systemctl disable hostapd
 systemctl stop hostapd
 {% if wifi_up_down %}
-systemctl disable clone-wifi.service
+systemctl disable iiab-clone-wifi.service
-systemctl disable wifi-test.service
+systemctl disable iiab-wifi-test.service
-systemctl stop clone-wifi.service
+systemctl stop iiab-clone-wifi.service
 echo " IIAB hotspot access point Disabled"
 exit 0
 {% else %}

roles/network/templates/network/iiab-hotspot-on

@@ -1,9 +1,9 @@
 #!/bin/bash
 sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }}
 {% if wifi_up_down %}
-systemctl enable clone-wifi.service
+systemctl enable iiab-clone-wifi.service
 systemctl enable hostapd
-systemctl enable wifi-test.service
+systemctl enable iiab-wifi-test.service
 echo -e "\nPlease reboot to activate hostapd feature.\n"
 exit 0
 {% else %}

roles/usb_lib/tasks/install.yml

@@ -55,14 +55,14 @@
     group: "{{ apache_user }}"    # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222)
     mode: 0775
 
-- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off'
+- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off, /usr/sbin/iiab-clean-usb.sh'
   template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     mode: "{{ item.mode }}"
   with_items:
-    - { src: 'usbmount@.service.j2', dest: '/etc/systemd/system/usbmount@.service', mode: '0644' }
     - { src: 'usbmount.rules.j2', dest: '/etc/udev/rules.d/usbmount.rules', mode: '0644' }
+    - { src: 'usbmount@.service.j2', dest: '/etc/systemd/system/usbmount@.service', mode: '0644' }
     - { src: 'iiab-usb_lib-show-all-on', dest: '/usr/bin/', mode: '0755' }
     - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' }
     - { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' }

scripts/iiab-diagnostics.README.md

@@ -8,7 +8,7 @@ The ``pastebinit`` command can then be used to auto-upload this file, creating a
 
 But first off, the file is compiled by harvesting 1 + 6 kinds of things:
 
-0. Filename Header + Git Hashes + Raspberry Pi Model + OS
+0. Filename Header + Git Hashes + Raspberry Pi Model + OS + CPU Architecture(s)
 
 1. Files specially requested (if you run ``sudo iiab-diagnostics PATH/FILE1 PATH/FILE2``)
 
@@ -62,4 +62,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things:
 
 ## Source Code
 
-Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 106-222 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible.
+Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 106-224 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible.