Prepare for 10.10.10.10, by evolving PR #3281

2025-03-09 15:40:17 +00:00 · 2022-07-08 22:00:03 -04:00 · 2022-07-08 22:00:03 -04:00 · d12546c98d
commit d12546c98d
parent 56b854fcaf
15 changed files with 57 additions and 44 deletions
--- a/roles/captiveportal/tasks/install.yml
+++ b/roles/captiveportal/tasks/install.yml
@ -26,7 +26,7 @@
    mode: "{{ item.mode }}"
  with_items:
    - { src: roles/captiveportal/templates/checkurls, dest: /opt/iiab/captiveportal/, mode: '0644' }
-    - { src: roles/captiveportal/templates/iiab-divert-to-nginx, dest: /usr/sbin/, mode: '0755' }
+    - { src: roles/captiveportal/templates/iiab-divert-to-nginx.j2, dest: /usr/sbin/iiab-divert-to-nginx, mode: '0755' }
    - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, dest: /usr/sbin/, mode: '0755' }
 - name: Install /opt/iiab/captiveportal/capture-wsgi.py from template, mode '0755' (creates the server)
--- a/roles/captiveportal/templates/iiab-divert-to-nginx.j2
+++ b/roles/captiveportal/templates/iiab-divert-to-nginx.j2
--- a/roles/cups/tasks/install.yml
+++ b/roles/cups/tasks/install.yml
@ -105,7 +105,7 @@
 #     - "HostNameLookups On"    # More False Leads: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530027
 #     - "ServerAlias *"
 #     - "#ServerName {{ iiab_hostname }}.{{ iiab_domain }}"    # box.lan
-#     - "#Listen {{ lan_ip }}:631"    # {{ lan_ip }}
+#     - "#Listen {{ lan_ip }}:631"    # e.g. 10.10.10.10
 #     - "#Listen 127.0.0.1:631"
 #     - "#Listen 0.0.0.0:631"
 #     - "#Listen *:631"
--- a/roles/cups/templates/cups.conf.j2
+++ b/roles/cups/templates/cups.conf.j2
@ -21,7 +21,7 @@ location ~ ^/print(|/.*)$ {    # '~' -> '~*' for case-insensitive regex
        return 301 http://localhost:631;
    }
-    return 301 http://$host:631;   # For {{ lan_ip }}, 172.18.96.1, 10.8.0.y ETC
+    return 301 http://$host:631;   # For 192.168.0.x, 10.10.10.10, 172.18.96.1, 10.8.0.y ETC
 }
--- a/roles/network/tasks/enable_services.yml
+++ b/roles/network/tasks/enable_services.yml
@ -32,8 +32,8 @@
    # mode: "{{ item.mode }}"
  with_items:
   - { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf' }
-   - { src: 'named/school.local.zone.db', dest: '/var/named-iiab/' }
+   - { src: 'named/school.local.zone.db.j2', dest: '/var/named-iiab/school.local.zone.db' }
-   - { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/' }
+   - { src: 'named/school.internal.zone.db.j2', dest: '/var/named-iiab/school.internal.zone.db' }
  when: named_install and named_enabled
 - name: Enable named service ({{ dns_service }}) if named_enabled
--- a/roles/network/tasks/named.yml
+++ b/roles/network/tasks/named.yml
@ -58,8 +58,8 @@
    - { src: 'roles/network/templates/named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
 # the following two files are not writeable by named, but bind 9.4 cannot discover that fact correctly
-    - { src: 'roles/network/templates/named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db', owner: "root", mode: '0644' }
+    - { src: 'roles/network/templates/named/school.internal.zone.db.j2', dest: '/var/named-iiab/school.internal.zone.db', owner: "root", mode: '0644' }
-    - { src: 'roles/network/templates/named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db', owner: "root", mode: '0644' }
+    - { src: 'roles/network/templates/named/school.local.zone.db.j2', dest: '/var/named-iiab/school.local.zone.db', owner: "root", mode: '0644' }
    - { src: 'roles/network/templates/named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/dummy', dest: '/var/named-iiab/data/dummy', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/named.blackhole', dest: '/var/named-iiab/named.blackhole', owner: "{{ dns_user }}", mode: '0644' }
--- a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2
+++ b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2
@ -8,18 +8,13 @@ option domain-name "{{ iiab_domain }}";
 option domain-name-servers      {{ lan_ip }};
 option ntp-servers              {{ lan_ip }};
 {% if network_172 %}
 subnet 172.18.96.0 netmask 255.255.224.0 {
    {% if iiab_network_mode == "Gateway" %}
    option routers               {{ lan_ip }};
    {% endif %}
 	{% if network_172 %}
    option subnet-mask           255.255.224.0;
    option broadcast-address     172.18.127.255;
 	{% else %}
 	   option subnet-mask		255.255.255.0;
 	   option broadcast-address	10.10.10.255;
 	{% endif %}
    # Description of network allocations in old OLPC school server
    # this is the whole range we have available - 8K addresses
    # range                      172.18.96.2 172.18.127.254;
@ -36,3 +31,18 @@ subnet 172.18.96.0 netmask 255.255.224.0 {
    default-lease-time      10800;
    max-lease-time          21600;
 }
 {% else %}
 subnet 10.10.10.0 netmask 255.255.255.0 {
    {% if iiab_network_mode == "Gateway" %}
    option routers               {{ lan_ip }};
    {% endif %}
    option subnet-mask           255.255.255.0;
    option broadcast-address     10.10.10.255;
    range                        10.10.10.2 10.10.10.254;
    # As this subnet is wired or wifi a/b/g, these lease
    #    times are on the long side
    default-lease-time      10800;
    max-lease-time          21600;
 }
 {% endif %}
--- a/roles/network/templates/gateway/iiab-gen-iptables
+++ b/roles/network/templates/gateway/iiab-gen-iptables
@ -64,7 +64,7 @@ echo "iiab_gateway_enabled: $iiab_gateway_enabled"
 echo
 #network_mode=`grep iiab_network_mode_applied /etc/iiab/iiab.ini | gawk '{print $3}'`
 #echo -e "Network Mode: $network_mode\n"
-lan_ip=$(iiab_var_value lan_ip)    # {{ lan_ip }}
+lan_ip=$(iiab_var_value lan_ip)    # e.g. 10.10.10.10
 ports_externally_visible=$(iiab_var_value ports_externally_visible)
 gw_block_https=$(iiab_var_value gw_block_https)
--- a/roles/network/templates/named/school.internal.zone.db.j2
+++ b/roles/network/templates/named/school.internal.zone.db.j2
--- a/roles/network/templates/named/school.local.zone.db.j2
+++ b/roles/network/templates/named/school.local.zone.db.j2
--- a/roles/network/templates/network/dnsmasq.conf.j2
+++ b/roles/network/templates/network/dnsmasq.conf.j2
@ -19,9 +19,9 @@ expand-hosts
 # Specify the range of IP addresses the DHCP server will lease out to devices, and the duration of the lease
 {% if network_172 %}
-	dhcp-range=172.18.100.1,172.18.126.254,1h
+dhcp-range=172.18.100.1,172.18.126.254,1h
 {% else %}
-	dhcp-range=10.10.10.21,10.10.10.253,1h
+dhcp-range=10.10.10.11,10.10.10.254,1h
 {% endif %}
 # Specify the default route
--- a/roles/nextcloud/README.md
+++ b/roles/nextcloud/README.md
@ -43,7 +43,7 @@ Useful PHP recommendations for these settings (while largely tailored to WordPre
 ## Using It
-Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://{{ lan_ip }}/nextcloud (or similar) using:
+Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://10.10.10.10/nextcloud (or similar) using:
    Username: Admin
    Password: changeme
--- a/roles/samba/templates/smb.conf.j2
+++ b/roles/samba/templates/smb.conf.j2
@ -92,7 +92,12 @@
 ;	netbios name = MYSERVER
 ;	interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
-	hosts allow = 127. 172.18. 10.10.
+
 {% if network_172 %}
 	hosts allow = 127. 172.18.
 {% else %}
 	hosts allow = 10.10.10.
 {% endif %}
 ;	max protocol = SMB2
--- a/roles/transmission/defaults/main.yml
+++ b/roles/transmission/defaults/main.yml
@ -12,7 +12,7 @@
 # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme
 # transmission_http_port: 9091
 # transmission_url: /transmission/
-# transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*,10.10.10.*
+# transmission_whitelist: 127.0.0.1,::1,192.168.*.*,10.10.10.*,172.18.96.*,10.8.0.*
 # transmission_whitelist_enabled: "false"  # LOWERCASE STRING for settings.json
 # transmission_peer_port: 51413
--- a/vars/default_vars.yml
+++ b/vars/default_vars.yml
@ -100,10 +100,8 @@ js_menu_install: True
 iiab_hostname: box
 iiab_domain: lan
 lan_ip: 10.10.10.10
-network_172: False
+network_172: False    # Change to True if you set the above to 172.18.96.1
-#lan_ip: 172.18.96.1 # Use this ip for compatibility with older network systems
+lan_netmask: 255.255.255.0    # Change to 255.255.224.0 if using 172.18.96.1
 lan_netmask: 255.255.255.0
 #lan_netmask: 255.255.224.0 # Older networks were larger
 # Internal Wi-Fi Access Point
 # Values are used if there is an internal Wi-Fi adapter and hostapd is enabled.
@ -544,7 +542,7 @@ transmission_group: debian-transmission
 # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme
 transmission_http_port: 9091
 transmission_url: /transmission/
-transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*,10.10.10,*
+transmission_whitelist: 127.0.0.1,::1,192.168.*.*,10.10.10,*,172.18.96.*,10.8.0.*
 transmission_whitelist_enabled: "false"    # LOWERCASE STRING for settings.json
 transmission_peer_port: 51413