Introduce roles/tailscale w/ /usr/bin/iiab-vpn etc

vars/default_vars.yml

@@ -219,8 +219,8 @@ dns_jail_enabled: False
 
 # 1-PREP
 
-# SSHD runs here & also below in 4-SERVER-OPTIONS
-sshd_install: True    # Required by OpenVPN
+# OPENSSH-SERVER
+sshd_install: True
 sshd_enabled: True
 sshd_port: 22    # Not fully functional.  SEE: roles/sshd/tasks/install.yml
 
@@ -232,17 +232,9 @@ remoteit_enabled: False
 # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6
 
 # SECURITY WARNING: https://wiki.iiab.io/go/Security
-openvpn_install: True
-openvpn_enabled: False
-openvpn_handle: ""    # Empty string on purpose since ~2016, for /etc/iiab/uuid
-# SEE https://github.com/iiab/iiab/blob/master/roles/openvpn/tasks/main.yml#L5-L20
-# cron seemed necessary on CentOS:
-openvpn_cron_enabled: False
-# General OpenVPN settings
-openvpn_server: xscenet.net
-openvpn_server_real_ip: 3.89.148.185
-openvpn_server_virtual_ip: 10.8.0.1
-openvpn_server_port: 1194
+# New VPN replaced OpenVPN in Sept 2024:
+tailscale_install: True
+tailscale_enabled: False    # Stub var, doesn't yet do anything!
 
 # IIAB-ADMIN runs here - see its vars near top of this file:
 # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo,
@@ -289,8 +281,6 @@ nginx_log_dir: /var/log/nginx
 
 # 4-SERVER-OPTIONS
 
-# SSHD runs here & also above in 1-PREP
-
 # DNS prep (named &/or dhcpd) used to run here.  See dnsmasq in 1-PREP above.
 
 # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists)

vars/local_vars_large.yml

@@ -132,8 +132,8 @@ dns_jail_enabled: False
 
 # 1-PREP
 
-# SSHD runs here & also below in 4-SERVER-OPTIONS
-sshd_install: True    # Required by OpenVPN
+# OPENSSH-SERVER
+sshd_install: True
 sshd_enabled: True
 
 # https://remote.it can help you remotely maintain an IIAB.
@@ -144,10 +144,9 @@ remoteit_enabled: False
 # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6
 
 # SECURITY WARNING: https://wiki.iiab.io/go/Security
-openvpn_install: True
-openvpn_enabled: False
-# 2021-08-18 SSOT: Please set it here, no longer in /etc/iiab/openvpn_handle
-openvpn_handle: LARGE - Put Your Name Here
+# New VPN replaced OpenVPN in Sept 2024:
+tailscale_install: True
+tailscale_enabled: False    # Stub var, doesn't yet do anything!
 
 # IIAB-ADMIN runs here - see its vars near top of this file:
 # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo
@@ -178,8 +177,6 @@ pi_swap_file_size: 1024
 
 # 4-SERVER-OPTIONS
 
-# SSHD runs here & also above in 1-PREP
-
 # DNS prep (named &/or dhcpd) used to run here.  See dnsmasq in 1-PREP above.
 
 # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists)

vars/local_vars_medical.yml

@@ -12,7 +12,6 @@ munin_install: True
 munin_enabled: True
 vnstat_install: True
 vnstat_enabled: True
-openvpn_handle: "MEDICAL - Put Your Name Here"
 usb_lib_umask0000_for_kolibri: False
 apache_allow_sudo: True
 # By default

vars/local_vars_medium.yml

@@ -132,8 +132,8 @@ dns_jail_enabled: False
 
 # 1-PREP
 
-# SSHD runs here & also below in 4-SERVER-OPTIONS
-sshd_install: True    # Required by OpenVPN
+# OPENSSH-SERVER
+sshd_install: True
 sshd_enabled: True
 
 # https://remote.it can help you remotely maintain an IIAB.
@@ -144,10 +144,9 @@ remoteit_enabled: False
 # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6
 
 # SECURITY WARNING: https://wiki.iiab.io/go/Security
-openvpn_install: True
-openvpn_enabled: False
-# 2021-08-18 SSOT: Please set it here, no longer in /etc/iiab/openvpn_handle
-openvpn_handle: MEDIUM-sized - Put Your Name Here
+# New VPN replaced OpenVPN in Sept 2024:
+tailscale_install: True
+tailscale_enabled: False    # Stub var, doesn't yet do anything!
 
 # IIAB-ADMIN runs here - see its vars near top of this file:
 # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo
@@ -178,8 +177,6 @@ pi_swap_file_size: 1024
 
 # 4-SERVER-OPTIONS
 
-# SSHD runs here & also above in 1-PREP
-
 # DNS prep (named &/or dhcpd) used to run here.  See dnsmasq in 1-PREP above.
 
 # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists)

vars/local_vars_none.yml

@@ -1,6 +1,6 @@
 # turn off defaults
 remoteit_install: False
-openvpn_install: False
+tailscale_install: False
 kolibri_install: False
 kolibri_enabled: False
 kiwix_install: False

vars/local_vars_small.yml

@@ -132,8 +132,8 @@ dns_jail_enabled: False
 
 # 1-PREP
 
-# SSHD runs here & also below in 4-SERVER-OPTIONS
-sshd_install: True    # Required by OpenVPN
+# OPENSSH-SERVER
+sshd_install: True
 sshd_enabled: True
 
 # https://remote.it can help you remotely maintain an IIAB.
@@ -144,10 +144,9 @@ remoteit_enabled: False
 # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6
 
 # SECURITY WARNING: https://wiki.iiab.io/go/Security
-openvpn_install: True
-openvpn_enabled: False
-# 2021-08-18 SSOT: Please set it here, no longer in /etc/iiab/openvpn_handle
-openvpn_handle: SMALL - Put Your Name Here
+# New VPN replaced OpenVPN in Sept 2024:
+tailscale_install: True
+tailscale_enabled: False    # Stub var, doesn't yet do anything!
 
 # IIAB-ADMIN runs here - see its vars near top of this file:
 # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo
@@ -178,8 +177,6 @@ pi_swap_file_size: 1024
 
 # 4-SERVER-OPTIONS
 
-# SSHD runs here & also above in 1-PREP
-
 # DNS prep (named &/or dhcpd) used to run here.  See dnsmasq in 1-PREP above.
 
 # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists)

vars/local_vars_unittest.yml

@@ -132,8 +132,8 @@ dns_jail_enabled: False
 
 # 1-PREP
 
-# SSHD runs here & also below in 4-SERVER-OPTIONS
-sshd_install: True    # Required by OpenVPN
+# OPENSSH-SERVER
+sshd_install: True
 sshd_enabled: True
 
 # https://remote.it can help you remotely maintain an IIAB.
@@ -144,10 +144,9 @@ remoteit_enabled: False
 # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6
 
 # SECURITY WARNING: https://wiki.iiab.io/go/Security
-openvpn_install: True
-openvpn_enabled: True
-# 2021-08-18 SSOT: Please set it here, no longer in /etc/iiab/openvpn_handle
-openvpn_handle: UNITTEST - Put Your Name Here
+# New VPN replaced OpenVPN in Sept 2024:
+tailscale_install: True
+tailscale_enabled: False    # Stub var, doesn't yet do anything!
 
 # IIAB-ADMIN runs here - see its vars near top of this file:
 # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo
@@ -178,8 +177,6 @@ pi_swap_file_size: 1024
 
 # 4-SERVER-OPTIONS
 
-# SSHD runs here & also above in 1-PREP
-
 # DNS prep (named &/or dhcpd) used to run here.  See dnsmasq in 1-PREP above.
 
 # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists)