Prepare for 10.10.10.10, by evolving PR #3281

roles/captiveportal/tasks/install.yml

@@ -26,7 +26,7 @@
     mode: "{{ item.mode }}"
   with_items:
     - { src: roles/captiveportal/templates/checkurls, dest: /opt/iiab/captiveportal/, mode: '0644' }
-    - { src: roles/captiveportal/templates/iiab-divert-to-nginx, dest: /usr/sbin/, mode: '0755' }
+    - { src: roles/captiveportal/templates/iiab-divert-to-nginx.j2, dest: /usr/sbin/iiab-divert-to-nginx, mode: '0755' }
     - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, dest: /usr/sbin/, mode: '0755' }
 
 - name: Install /opt/iiab/captiveportal/capture-wsgi.py from template, mode '0755' (creates the server)

roles/cups/tasks/install.yml

@@ -105,7 +105,7 @@
 #     - "HostNameLookups On"    # More False Leads: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530027
 #     - "ServerAlias *"
 #     - "#ServerName {{ iiab_hostname }}.{{ iiab_domain }}"    # box.lan
-#     - "#Listen {{ lan_ip }}:631"    # {{ lan_ip }}
+#     - "#Listen {{ lan_ip }}:631"    # e.g. 10.10.10.10
 #     - "#Listen 127.0.0.1:631"
 #     - "#Listen 0.0.0.0:631"
 #     - "#Listen *:631"

roles/cups/templates/cups.conf.j2

@@ -21,7 +21,7 @@ location ~ ^/print(|/.*)$ {    # '~' -> '~*' for case-insensitive regex
         return 301 http://localhost:631;
     }
 
-    return 301 http://$host:631;   # For {{ lan_ip }}, 172.18.96.1, 10.8.0.y ETC
+    return 301 http://$host:631;   # For 192.168.0.x, 10.10.10.10, 172.18.96.1, 10.8.0.y ETC
 }
 
 

roles/network/tasks/enable_services.yml

@@ -32,8 +32,8 @@
     # mode: "{{ item.mode }}"
   with_items:
    - { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf' }
-   - { src: 'named/school.local.zone.db', dest: '/var/named-iiab/' }
-   - { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/' }
+   - { src: 'named/school.local.zone.db.j2', dest: '/var/named-iiab/school.local.zone.db' }
+   - { src: 'named/school.internal.zone.db.j2', dest: '/var/named-iiab/school.internal.zone.db' }
   when: named_install and named_enabled
 
 - name: Enable named service ({{ dns_service }}) if named_enabled

roles/network/tasks/named.yml

@@ -58,8 +58,8 @@
     - { src: 'roles/network/templates/named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
     - { src: 'roles/network/templates/named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
 # the following two files are not writeable by named, but bind 9.4 cannot discover that fact correctly
-    - { src: 'roles/network/templates/named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db', owner: "root", mode: '0644' }
-    - { src: 'roles/network/templates/named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db', owner: "root", mode: '0644' }
+    - { src: 'roles/network/templates/named/school.internal.zone.db.j2', dest: '/var/named-iiab/school.internal.zone.db', owner: "root", mode: '0644' }
+    - { src: 'roles/network/templates/named/school.local.zone.db.j2', dest: '/var/named-iiab/school.local.zone.db', owner: "root", mode: '0644' }
     - { src: 'roles/network/templates/named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
     - { src: 'roles/network/templates/named/dummy', dest: '/var/named-iiab/data/dummy', owner: "{{ dns_user }}", mode: '0644' }
     - { src: 'roles/network/templates/named/named.blackhole', dest: '/var/named-iiab/named.blackhole', owner: "{{ dns_user }}", mode: '0644' }

roles/network/templates/dhcp/dhcpd-iiab.conf.j2

@@ -6,33 +6,43 @@ ddns-update-style interim;
 
 option domain-name "{{ iiab_domain }}";
 option domain-name-servers      {{ lan_ip }};
-option ntp-servers		{{ lan_ip }};
+option ntp-servers              {{ lan_ip }};
 
+{% if network_172 %}
 subnet 172.18.96.0 netmask 255.255.224.0 {
-	{% if iiab_network_mode == "Gateway" %}
-	option routers			{{ lan_ip }};
-	{% endif %}
-	{% if network_172 %}
-   	option subnet-mask		255.255.224.0;
-	   option broadcast-address	172.18.127.255;
-	{% else %}
-	   option subnet-mask		255.255.255.0;
-	   option broadcast-address	10.10.10.255;
-	{% endif %}
+    {% if iiab_network_mode == "Gateway" %}
+    option routers               {{ lan_ip }};
+    {% endif %}
+    option subnet-mask           255.255.224.0;
+    option broadcast-address     172.18.127.255;
+    # Description of network allocations in old OLPC school server
+    # this is the whole range we have available - 8K addresses
+    # range                      172.18.96.2 172.18.127.254;
+    # instead, we'll save 510 addresses for later.
+    range                        172.18.96.2 172.18.125.254;
+    # the other /24s:
+    # -> 172.18.126.0/24 for static IP addresses
+    #    for printers, AP management consoles, etc.
+    # -> 172.18.127.0/24 for temporary addresses for
+    #    XO activation
 
-   # Description of network allocations in old OLPC school server
-	# this is the whole range we have available - 8K addresses
-	# range                           172.18.96.2 172.18.127.254;
-	# instead, we'll save 510 addresses for later. 
-	range                           172.18.96.2 172.18.125.254;
-	# the other /24s:
-	# -> 172.18.126.0/24 for static IP addresses
-	#    for printers, AP management consoles, etc.
-	# -> 172.18.127.0/24 for temporary addresses for 
-	#    XO activation
-	
-        # As this subnet is wired or wifi a/b/g, these lease 
-	#    times are on the long side
-	default-lease-time 	10800;
-	max-lease-time 		21600;
+    # As this subnet is wired or wifi a/b/g, these lease
+    #    times are on the long side
+    default-lease-time      10800;
+    max-lease-time          21600;
 }
+{% else %}
+subnet 10.10.10.0 netmask 255.255.255.0 {
+    {% if iiab_network_mode == "Gateway" %}
+    option routers               {{ lan_ip }};
+    {% endif %}
+    option subnet-mask           255.255.255.0;
+    option broadcast-address     10.10.10.255;
+    range                        10.10.10.2 10.10.10.254;
+
+    # As this subnet is wired or wifi a/b/g, these lease
+    #    times are on the long side
+    default-lease-time      10800;
+    max-lease-time          21600;
+}
+{% endif %}

roles/network/templates/gateway/iiab-gen-iptables

@@ -64,7 +64,7 @@ echo "iiab_gateway_enabled: $iiab_gateway_enabled"
 echo
 #network_mode=`grep iiab_network_mode_applied /etc/iiab/iiab.ini | gawk '{print $3}'`
 #echo -e "Network Mode: $network_mode\n"
-lan_ip=$(iiab_var_value lan_ip)    # {{ lan_ip }}
+lan_ip=$(iiab_var_value lan_ip)    # e.g. 10.10.10.10
 
 ports_externally_visible=$(iiab_var_value ports_externally_visible)
 gw_block_https=$(iiab_var_value gw_block_https)

roles/network/templates/network/dnsmasq.conf.j2

@@ -19,9 +19,9 @@ expand-hosts
 
 # Specify the range of IP addresses the DHCP server will lease out to devices, and the duration of the lease
 {% if network_172 %}
-	dhcp-range=172.18.100.1,172.18.126.254,1h
+dhcp-range=172.18.100.1,172.18.126.254,1h
 {% else %}
-	dhcp-range=10.10.10.21,10.10.10.253,1h
+dhcp-range=10.10.10.11,10.10.10.254,1h
 {% endif %}
 
 # Specify the default route

roles/nextcloud/README.md

@@ -43,7 +43,7 @@ Useful PHP recommendations for these settings (while largely tailored to WordPre
 
 ## Using It
 
-Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://{{ lan_ip }}/nextcloud (or similar) using:
+Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://10.10.10.10/nextcloud (or similar) using:
 
     Username: Admin
     Password: changeme

roles/samba/templates/smb.conf.j2

@@ -92,7 +92,12 @@
 ;	netbios name = MYSERVER
 
 ;	interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
-	hosts allow = 127. 172.18. 10.10.
+
+{% if network_172 %}
+	hosts allow = 127. 172.18.
+{% else %}
+	hosts allow = 10.10.10.
+{% endif %}
 
 ;	max protocol = SMB2
 

roles/transmission/defaults/main.yml

@@ -12,7 +12,7 @@
 # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme
 # transmission_http_port: 9091
 # transmission_url: /transmission/
-# transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*,10.10.10.*
+# transmission_whitelist: 127.0.0.1,::1,192.168.*.*,10.10.10.*,172.18.96.*,10.8.0.*
 # transmission_whitelist_enabled: "false"  # LOWERCASE STRING for settings.json
 # transmission_peer_port: 51413
 

vars/default_vars.yml

@@ -100,10 +100,8 @@ js_menu_install: True
 iiab_hostname: box
 iiab_domain: lan
 lan_ip: 10.10.10.10
-network_172: False
-#lan_ip: 172.18.96.1 # Use this ip for compatibility with older network systems
-lan_netmask: 255.255.255.0
-#lan_netmask: 255.255.224.0 # Older networks were larger
+network_172: False    # Change to True if you set the above to 172.18.96.1
+lan_netmask: 255.255.255.0    # Change to 255.255.224.0 if using 172.18.96.1
 
 # Internal Wi-Fi Access Point
 # Values are used if there is an internal Wi-Fi adapter and hostapd is enabled.
@@ -544,7 +542,7 @@ transmission_group: debian-transmission
 # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme
 transmission_http_port: 9091
 transmission_url: /transmission/
-transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*,10.10.10,*
+transmission_whitelist: 127.0.0.1,::1,192.168.*.*,10.10.10,*,172.18.96.*,10.8.0.*
 transmission_whitelist_enabled: "false"    # LOWERCASE STRING for settings.json
 transmission_peer_port: 51413