Merge pull request #330 from iiab/master

sync from iiab:master
2025-02-13 11:42:08 +00:00 · 2020-01-11 22:58:07 -05:00 · 2020-01-11 22:58:07 -05:00 · d9a34ff16a
commit d9a34ff16a
parent 9e0aea211d c80e21ade6
76 changed files with 607 additions and 685 deletions
--- a/roles/0-init/tasks/iiab_ini.yml
+++ b/roles/0-init/tasks/iiab_ini.yml
@ -9,7 +9,7 @@
    path: "{{ iiab_ini_file }}"
    section: location
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: iiab_base
      value: "{{ iiab_base }}"
@ -21,7 +21,7 @@
    path: "{{ iiab_ini_file }}"
    section: version
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: distribution
      value: "{{ ansible_distribution }}"
--- a/roles/0-init/tasks/main.yml
+++ b/roles/0-init/tasks/main.yml
@ -189,7 +189,7 @@
    dest: "{{ iiab_ini_file }}"
    section: runtime
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: iiab_stage
      value: "{{ iiab_stage }}"
@ -237,7 +237,7 @@
    dest: "{{ iiab_ini_file }}"
    section: runtime
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: is_VM
      value: "yes"
--- a/roles/2-common/tasks/main.yml
+++ b/roles/2-common/tasks/main.yml
@ -20,76 +20,70 @@
 - include_tasks: xo.yml
  when: xo_model != "none" or osbuilder is defined
 # the following installs common packages for both debian and fedora
 - include_tasks: packages.yml
 - include_tasks: iptables.yml
 - sysctl:
    name: net.ipv4.ip_forward
-    value: 1
+    value: '1'
    state: present
 - sysctl:
    name: net.ipv4.conf.default.rp_filter
-    value: 1
+    value: '1'
    state: present
 - sysctl:
    name: net.ipv4.conf.default.accept_source_route
-    value: 0
+    value: '0'
    state: present
 - sysctl:
    name: kernel.sysrq
-    value: 1
+    value: '1'
    state: present
 - sysctl:
    name: kernel.core_uses_pid
-    value: 1
+    value: '1'
    state: present
 - sysctl:
    name: net.ipv4.tcp_syncookies
-    value: 1
+    value: '1'
    state: present
 - sysctl:
    name: kernel.shmmax
-    value: 268435456
+    value: '268435456'
    state: present
 # IPv6 disabled
 - sysctl:
    name: net.ipv6.conf.all.disable_ipv6
-    value: 1
+    value: '1'
    state: present
 - sysctl:
    name: net.ipv6.conf.default.disable_ipv6
-    value: 1
+    value: '1'
    state: present
 - sysctl:
    name: net.ipv6.conf.lo.disable_ipv6
-    value: 1
+    value: '1'
    state: present
- name: Install custom /etc/profile.d/zzz_iiab.sh from template
+- name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH
  template:
    dest: /etc/profile.d/zzz_iiab.sh
    src: zzz_iiab.sh
    owner: root
    mode: 0644
    backup: no
 - include_tasks: net_mods.yml
  when: not is_debuntu and not is_F18
 - include_tasks: udev.yml
 - include_tasks: iiab-startup.yml
 - name: Recording STAGE 2 HAS COMPLETED ==========================
--- a/roles/2-common/tasks/xo.yml
+++ b/roles/2-common/tasks/xo.yml
@ -60,9 +60,9 @@
    dest: /etc/NetworkManager/system-connections/"Sugar Modem Connection"
    section: ppp
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value }}"    # "{{ item.value | string }}" not nec, as they're already strings.
    backup: yes
-    mode: 0600
+    mode: '0600'
  with_items:
    - { option: 'lcp-echo-failure', value: '5' }
    - { option: 'lcp-echo-interval', value: '30' }
--- a/roles/activity-server/tasks/main.yml
+++ b/roles/activity-server/tasks/main.yml
@ -122,7 +122,7 @@
    path: "{{ iiab_ini_file }}"
    section: activity-server
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: "Activity Server"
--- a/roles/ajenti/tasks/main.yml
+++ b/roles/ajenti/tasks/main.yml
@ -52,7 +52,7 @@
    path: "{{ iiab_ini_file }}"
    section: ajenti
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: ajenti
--- a/roles/authserver/tasks/main.yml
+++ b/roles/authserver/tasks/main.yml
@ -55,7 +55,7 @@
    path: "{{ iiab_ini_file }}"
    section: authserver
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: XS-authserver
--- a/roles/awstats/tasks/enable.yml
+++ b/roles/awstats/tasks/enable.yml
@ -1,52 +1,49 @@
- name: Create symlink awstats.conf from sites-enabled to sites-available (Apache)
+# Apache
  file:
    src: /etc/apache2/sites-available/awstats.conf
    path: /etc/apache2/sites-enabled/awstats.conf
    state: link
  when: awstats_enabled and not nginx_enabled
- name: Remove symlink from sites-enabled, to disable AWStats (Apache)
+- name: Enable http://box/awstats and/or http://box/awstats/awstats.pl via Apache
-  file:
+  command: a2ensite awstats.conf
-    path: /etc/apache2/sites-enabled/awstats.conf
+  when: apache_install and awstats_enabled
    state: absent
  when: not awstats_enabled or nginx_enabled
- name: Install nginx's files from template
+- name: Disable http://box/awstats and/or http://box/awstats/awstats.pl via Apache
  command: a2dissite awstats.conf
  when: apache_install and not awstats_enabled
 - name: Restart Apache systemd service ({{ apache_service }})
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
    state: restarted
  when: apache_enabled | bool
 # NGINX
 - name: Enable http://box/awstats via NGINX, by installing /etc/nginx/cgi-bin.php & {{ nginx_config_dir }}/awstats-nginx.conf from template
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: root
    group: root
    mode: 0644
  with_items:
-     - { src: "awstats-nginx.conf", dest: "/etc/nginx/conf.d/" }
+    - { src: "awstats-nginx.conf", dest: "{{ nginx_config_dir }}/" }
    - { src: "cgi-bin.php", dest: "/etc/nginx/" }
-  when: awstats_enabled and nginx_enabled
+  when: nginx_install and awstats_enabled
- name: Remove /etc/nginx/conf.d/awstats-nginx.conf
+- name: Disable http://box/awstats_url via NGINX, by removing {{ nginx_config_dir }}/awstats-nginx.conf
  file:
-    path: /etc/nginx/conf.d/awstats-nginx.conf
+    path: "{{ nginx_config_dir }}/awstats-nginx.conf"
    state: absent
-  when: not awstats_enabled
+  when: nginx_install and not awstats_enabled
- name: Restart Apache service ({{ apache_service }})
+- name: Restart 'nginx' systemd service
  systemd:
    name: "{{ apache_service }}"
    state: restarted
  when: awstats_enabled and not nginx_enabled
 - name: Restart nginx service
  systemd:
    name: nginx
    state: restarted
-  when: awstats_enabled and nginx_enabled
+  when: nginx_enabled | bool
 - name: Add 'awstats' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
    section: awstats
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: AWStats
--- a/roles/awstats/tasks/install.yml
+++ b/roles/awstats/tasks/install.yml
@ -5,29 +5,23 @@
      - pwauth
      - openssl
    state: present
  tags:
    - download
- name: 'Install 2 packages: apache2-utils, libapache2-mod-authnz-external (debuntu)'
+- name: 'Install 2 packages: apache2-utils, libapache2-mod-authnz-external'
  package:
    name:
      - libapache2-mod-authnz-external
      - apache2-utils
    state: present
  when: is_debuntu | bool
  tags:
    - download
- name: Enable cgi execution (debuntu)
+- name: Enable cgi execution via Apache
  command: a2enmod cgi
  when: is_debuntu | bool
 - name: 'Mandate {{ apache_user }}:{{ apache_user }} perm 0750 dirs: {{ awstats_data_dir }} (intermediate summary storage) & {{ apache_log_dir }}'    # /library/awstats & /var/log/apache2 typically
  file:
    path: "{{ item }}"
    mode: 0750
    owner: "{{ apache_user }}"
    group: "{{ apache_user }}"
    mode: '0750'
    state: directory
    recurse: yes
    force: yes
@ -36,26 +30,17 @@
    - "{{ apache_log_dir }}"
    - /usr/lib/cgi-bin/awstats    # create backward compatible path for awstats
- name: Install Apache's awstats.conf from template (debuntu)
+- name: Install /etc/{{ apache_config_dir }}/awstats.conf from template
  template:
-    src: "{{ item.src }}"
+    src: apache-awstats.conf
-    dest: "{{ item.dest }}"
+    dest: "/etc/{{ apache_config_dir }}/awstats.conf"
    owner: root
    group: root
    mode: 0644
  with_items:
 #     - { src: "awstats-nginx.conf", dest: "/etc/nginx/conf.d/" }
 #     - { src: "cgi-bin.php", dest: "/etc/nginx/" }
     - { src: "apache-awstats.conf", dest: "/etc/{{ apache_config_dir }}/awstats.conf" }
  when: awstats_enabled and is_debuntu
- name: Ensure logrotate doesn't make logs unreadable (debuntu)
+- name: Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable
  template:
    src: logrotate.d.apache2
    dest: /etc/logrotate.d/apache2
  when: is_debuntu | bool
- name: Check if package installed /etc/awstats/awstats.conf
+- name: Does /etc/awstats/awstats.conf exist?
  stat:
    path: /etc/awstats/awstats.conf
  register: awstats
@ -64,37 +49,34 @@
  command: mv /etc/awstats/awstats.conf /etc/awstats/awstats.conf.dist
  when: awstats.stat.islnk is defined and not awstats.stat.islnk
- name: Create symlink for awstats.pl from cgi-bin/awstats/awstats.pl to ../ so that the old apache links to awstats will work after change to nginx
+- name: Symlink /usr/lib/cgi-bin/awstats/awstats.pl -> /usr/lib/cgi-bin/awstats.pl so old Apache links to awstats will work after change to NGINX
  file:
    src: /usr/lib/cgi-bin/awstats.pl
    path: /usr/lib/cgi-bin/awstats/awstats.pl
    state: link
- name: Install /etc/awstats/awstats.schoolserver.conf
+- name: Install /etc/awstats/awstats.schoolserver.conf from template
  template:
    src: awstats.schoolserver.conf.j2
    dest: /etc/awstats/awstats.schoolserver.conf
-    owner: root
+  # when: awstats_enabled | bool
    group: root
    mode: 0644
  when: awstats_enabled | bool
- name: Create a symlink /etc/awstats/awstats.conf for access by IP address
+- name: Symlink /etc/awstats/awstats.conf -> /etc/awstats/awstats.schoolserver.conf for access by IP address
  file:
    src: /etc/awstats/awstats.schoolserver.conf
    path: /etc/awstats/awstats.conf
    state: link
-  when: awstats_enabled | bool
+  # when: awstats_enabled | bool
- name: On first enabling of AWStats, summarize httpd logs up to now (OS's other than debuntu)
+# - name: On first enabling of AWStats, summarize httpd logs up to now (OS's other than debuntu)
-  shell: /bin/perl /usr/share/awstats/wwwroot/cgi-bin/awstats.pl -config=schoolserver -update
+#   shell: /bin/perl /usr/share/awstats/wwwroot/cgi-bin/awstats.pl -config=schoolserver -update
-  when: awstats_enabled and not is_debuntu
+#   when: awstats_enabled and not is_debuntu
- name: On first enabling of AWStats, summarize httpd logs up to now (debuntu)
+- name: On first enabling of AWStats, summarize httpd logs up to now
  shell: /usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=schoolserver -update
-  when: awstats_enabled and is_debuntu
+  # when: awstats_enabled | bool
- name: Add 'awstats_installed' variable values to {{ iiab_state_file }}
+- name: "Add 'awstats_installed: True' to {{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
  lineinfile:
    dest: "{{ iiab_state_file }}"
    regexp: '^awstats_installed'
--- a/roles/awstats/templates/cron.d.awstats.deprecated
+++ b/roles/awstats/templates/cron.d.awstats.deprecated
--- a/roles/bluetooth/tasks/enable.yml
+++ b/roles/bluetooth/tasks/enable.yml
@ -61,7 +61,7 @@
    path: "{{ iiab_ini_file }}"
    section: bluetooth
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Bluetooth
--- a/roles/calibre-web/tasks/enable.yml
+++ b/roles/calibre-web/tasks/enable.yml
@ -6,61 +6,62 @@
    state: restarted
  when: calibreweb_enabled | bool
-# Default: http://box/books
+- name: Disable & Stop 'calibre-web' systemd service
 # SEE ALSO: https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy
 - name: Enable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} with Apache
  command: a2ensite calibre-web.conf
  when: calibreweb_enabled | bool
 #- name: Restart Apache after enabling calibre-web httpd2 site
 #  command: apachectl -k graceful
 #  when: calibreweb_enabled | bool
 - name: Disable 'calibre-web' systemd service
  systemd:
    name: calibre-web
    daemon_reload: yes
    enabled: no
    state: stopped
  when: not calibreweb_enabled
- name: Disable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} with Apache
+# SEE ALSO: https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy
 # Apache
 # i.e. http://box/books, http://box/libros, http://box/livres
 - name: Enable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} via Apache
  command: a2ensite calibre-web.conf
  when: apache_install and calibreweb_enabled
 - name: Disable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} via Apache
  command: a2dissite calibre-web.conf
-  when: not calibreweb_enabled or nginx_enabled | bool
+  when: apache_install and not calibreweb_enabled
 #- name: Restart Apache after disabling calibre-web httpd2 site
 #  command: apachectl -k graceful
 #  when: not calibreweb_enabled
 - name: Install /etc/nginx/conf.d/calibre-web-nginx.conf
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: "{{ item.mode }}"
    owner: root
    group: root
  with_items:
    - { src: 'calibre-web-nginx.conf.j2', dest: '/etc/nginx/conf.d/calibre-web-nginx.conf', mode: '0644' }
  when: calibreweb_enabled | bool and nginx_enabled | bool
 - name: Restart nginx systemd service
  systemd:
    name: nginx
    state: restarted
  when: calibreweb_enabled | bool and nginx_enabled | bool
 - name: Restart Apache systemd service ({{ apache_service }})
  systemd:
-    name: "{{ apache_service }}"    # httpd or apache2
+    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
    state: restarted
-  when: not nginx_enabled | bool
+  when: apache_enabled | bool
 # NGINX
 # TO DO: restore http://box/libros & http://box/livres, along English (http://box/books)
 - name: Enable http://box{{ calibreweb_url1 }} via NGINX, by installing {{ nginx_config_dir }}/calibre-web-nginx.conf from template
  template:
    src: calibre-web-nginx.conf.j2
    dest: "{{ nginx_config_dir }}/calibre-web-nginx.conf"
  when: nginx_install and calibreweb_enabled
 - name: Disable http://box{{ calibreweb_url1 }} via NGINX, by removing {{ nginx_config_dir }}/calibre-web-nginx.conf
  file:
    path: "{{ nginx_config_dir }}/calibre-web-nginx.conf"
    state: absent
  when: nginx_install and not calibreweb_enabled
 - name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    state: restarted
  when: nginx_enabled | bool
 - name: Add 'calibre-web' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
    section: calibre-web
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: calibre-web
@ -82,5 +83,3 @@
      value: "{{ calibreweb_database }}"
    - option: calibreweb_enabled
      value: "{{ calibreweb_enabled }}"
 #   - option: calibreweb_provision
 #     value: "{{ calibreweb_provision }}"
--- a/roles/calibre-web/templates/calibre-web-nginx.conf.j2
+++ b/roles/calibre-web/templates/calibre-web-nginx.conf.j2
@ -1,7 +1,7 @@
-location /books/ {
+location {{ calibreweb_url1 }}/ {
    proxy_set_header        Host            $http_host;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Scheme        $scheme;
-    proxy_set_header        X-Script-Name   /books;
+    proxy_set_header        X-Script-Name   {{ calibreweb_url1 }};
    proxy_pass http://127.0.0.1:8083;
 }
--- a/roles/calibre/tasks/enable.yml
+++ b/roles/calibre/tasks/enable.yml
@ -38,7 +38,7 @@
    path: "{{ iiab_ini_file }}"
    section: calibre
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
  - option: name
    value: Calibre
--- a/roles/cups/tasks/main.yml
+++ b/roles/cups/tasks/main.yml
@ -74,7 +74,7 @@
    path: "{{ iiab_ini_file }}"
    section: cups
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: CUPS
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@ -45,7 +45,7 @@
    path: "{{ iiab_ini_file }}"
    section: docker
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Docker Container
--- a/roles/dokuwiki/tasks/enable.yml
+++ b/roles/dokuwiki/tasks/enable.yml
@ -22,7 +22,7 @@
    path: "{{ iiab_ini_file }}"
    section: dokuwiki
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: DokuWiki
--- a/roles/elgg/tasks/enable.yml
+++ b/roles/elgg/tasks/enable.yml
@ -27,7 +27,7 @@
    path: "{{ iiab_ini_file }}"
    section: elgg
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Elgg
--- a/roles/gitea/tasks/enable.yml
+++ b/roles/gitea/tasks/enable.yml
@ -1,67 +1,61 @@
- name: Enable 'gitea' service
+- name: Enable & Restart 'gitea' systemd service
  systemd:
    daemon_reload: yes
    name: gitea
    daemon_reload: yes
    enabled: yes
    state: restarted
  when: gitea_enabled | bool
- name: Disable 'gitea' service
+- name: Disable & Restart 'gitea' systemd service
  systemd:
    daemon_reload: yes
    name: gitea
    enabled: no
    state: stopped
  when: not gitea_enabled
-# Configure HTTPD
+# Apache
- name: Copy gitea httpd conf file
+- name: Enable http://box{{ gitea_url }} via Apache    # i.e. http://box/gitea
-  template:
+  command: a2ensite gitea.conf
-    src: gitea.conf.j2
+  when: apache_install and gitea_enabled
    dest: "/etc/{{ apache_config_dir }}/gitea.conf"
- name: Enable httpd conf file (apache)
+- name: Disable http://box{{ gitea_url }} via Apache
-  file:
+  command: a2dissite gitea.conf
-    src: /etc/{{ apache_config_dir }}/gitea.conf
+  when: apache_install and not gitea_enabled
    dest: /etc/apache2/sites-enabled/gitea.conf
    state: link
  when: gitea_enabled and is_debuntu
- name: Remove apache httpd conf file (OS's other than debuntu)
+- name: Restart Apache systemd service ({{ apache_service }})
-  file:
+  systemd:
-    path: /etc/apache2/sites-enabled/gitea.conf
+    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
-    state: absent
+    state: restarted
-  when: not gitea_enabled or nginx_enabled
+  when: apache_enabled | bool
- name: Remove nginx httpd conf file
+# NGINX
  file:
    path: /etc/nginx/conf.d/gitea-nginx.conf
    state: absent
  when: not gitea_enabled
- name: Enable nginx httpd conf file
+- name: Enable http://box{{ gitea_url }} via NGINX, by installing {{ nginx_config_dir }}/gitea-nginx.conf from template
  template:
    src: gitea-nginx.conf.j2
-    dest: /etc/nginx/conf.d/gitea-nginx.conf
+    dest: "{{ nginx_config_dir }}/gitea-nginx.conf"
-  when: gitea_enabled and nginx_enabled
+  when: nginx_install and gitea_enabled
- name: >-
+- name: Disable http://box{{ gitea_url }} via NGINX, by removing {{ nginx_config_dir }}/gitea-nginx.conf
-    Restart Apache ({{ apache_service }}) to {% if gitea_enabled %}enable{% 
+  file:
-    else %}disable{% endif %} http://box/gitea
+    path: "{{ nginx_config_dir }}/gitea-nginx.conf"
    state: absent
  when: nginx_install and not gitea_enabled
 - name: Restart 'nginx' systemd service
  systemd:
-    name: "{{ apache_service }}"
+    name: nginx
    daemon_reload: yes
    state: restarted
  when: nginx_enabled | bool
 # Add Gitea to registry
 - name: Add 'gitea' to list of services at {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: gitea
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: gitea
--- a/roles/gitea/tasks/install.yml
+++ b/roles/gitea/tasks/install.yml
@ -113,19 +113,18 @@
    owner: root
    group: gitea
    mode: 0664
  tags:
    - config
-# Create systemd service
+# Create systemd service & prepare Apache for http://box/gitea
- name: Create 'gitea' service
+- name: "Install from templates: /etc/systemd/system/gitea.service, /etc/apache2/sites-available/gitea.conf"
  template:
-    src: gitea.service.j2
+    src: "{{ item.src }}"
-    dest: "/etc/systemd/system/gitea.service"
+    dest: "{{ item.dest }}"
-  tags:
+  with_items:
-    - systemd
+    - { src: 'gitea.service.j2', dest: '/etc/systemd/system/gitea.service' }
    - { src: 'gitea.conf.j2', dest: "/etc/{{ apache_config_dir }}/gitea.conf" }
- name: Add 'gitea_installed' variable values to {{ iiab_state_file }}
+- name: "Add 'gitea_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"
    regexp: '^gitea_installed'
--- a/roles/idmgr/tasks/main.yml
+++ b/roles/idmgr/tasks/main.yml
@ -84,7 +84,7 @@
    path: "{{ iiab_ini_file }}"
    section: idmgr
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: idmgr
--- a/roles/iiab-admin/tasks/main.yml
+++ b/roles/iiab-admin/tasks/main.yml
@ -12,7 +12,7 @@
    dest: "{{ iiab_ini_file }}"
    section: iiab-admin
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: iiab-admin
--- a/roles/internetarchive/tasks/enable.yml
+++ b/roles/internetarchive/tasks/enable.yml
@ -37,7 +37,7 @@
    path: "{{ iiab_ini_file }}"
    section: internetarchive
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Internet Archive Offline
--- a/roles/kalite/tasks/enable.yml
+++ b/roles/kalite/tasks/enable.yml
@ -43,7 +43,7 @@
    path: "{{ iiab_ini_file }}"
    section: kalite
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
  - option: name
    value: "KA Lite"
--- a/roles/kiwix/defaults/main.yml
+++ b/roles/kiwix/defaults/main.yml
@ -30,9 +30,11 @@ kiwix_path: "{{ iiab_base }}/kiwix"            # /opt/iiab/kiwix
 # /library/zims contains 3 important things:
 # - library.xml
-# - content directory for all *.zim's
+# - content = directory for all *.zim's
-# - index directory for legacy *.zim.idx's
+# - index = directory for legacy *.zim.idx's
 kiwix_library_xml: "{{ iiab_zim_path }}/library.xml"
-# MOVE FILE /opt/iiab/kiwix/bin/kiwix-serve TO FORCE A REINSTALL OF kiwix-tools
+# INSTRUCTIONS TO REINSTALL kiwix (1) VERIFY ITS VARS IN /etc/iiab/local_vars.yml (2) THEN RUN EITHER BELOW...
 # - NEW WAY: cd /opt/iiab/iiab; ./runrole --reinstall kiwix
 # - OLD WAY: rm /opt/iiab/kiwix/bin/kiwix-serve; cd /opt/iiab/iiab; ./runrole kiwix
 kiwix_force_install: False
--- a/roles/kiwix/tasks/kiwix_install.yml
+++ b/roles/kiwix/tasks/kiwix_install.yml
@ -1,4 +1,5 @@
 # 1. CREATE/VERIFY CRITICAL DIRECTORIES & FILES ARE IN PLACE
 - name: Download Kiwix software to /opt/iiab/downloads
  get_url:
    url: "{{ iiab_download_url }}/{{ kiwix_src_file }}"
@ -14,9 +15,6 @@
 - name: Create directory {{ iiab_zim_path }} and subdirs {content, index} for Kiwix ZIM files
  file:
    path: "{{ item }}"
    owner: root
    group: root
    mode: 0755
    state: directory
  with_items:
    - "{{ iiab_zim_path }}"
@ -28,47 +26,33 @@
    path: "{{ kiwix_library_xml }}"
  register: kiwix_xml
- name: Install a stub /library/zims/library.xml if one doesn't exist
+- name: Install stub /library/zims/library.xml from template, if one doesn't exist
  template:
    src: library.xml
    dest: "{{ kiwix_library_xml }}"
    mode: 0644
    owner: root
    group: root
    force: no
  when: not kiwix_xml.stat.exists
- name: Install {{ iiab_zim_path }}/content/test.zim if kiwix_force_install
+- name: Install {{ iiab_zim_path }}/content/test.zim
  copy:
    src: test.zim
    dest: "{{ iiab_zim_path }}/content/test.zim"
    mode: 0644
    owner: root
    group: root
    force: no
  when: kiwix_force_install | bool
 - name: Create {{ kiwix_path }}/bin directory    # /opt/iiab/kiwix/bin
  file:
    path: "{{ kiwix_path }}/bin"
    owner: root
    group: root
    mode: 0755
    state: directory
-# 2. INSTALL KIWIX-TOOLS EXECUTABLES IF kiwix_force_install
+# 2. INSTALL KIWIX-TOOLS EXECUTABLES
 - name: Unarchive {{ kiwix_src_file }} to /tmp    # e.g. kiwix-tools_linux-armhf-0.6.1-1.tar.gz
  unarchive:
    src: "{{ downloads_dir }}/{{ kiwix_src_file }}"
    dest: /tmp
    owner: root
    group: root
  when: kiwix_force_install | bool
 - name: Move /tmp/{{ kiwix_src_dir }}/* to permanent location /opt/iiab/kiwix/bin (armhf & linux64 & i686)
  shell: "mv /tmp/{{ kiwix_src_dir }}/* {{ kiwix_path }}/bin/"
  when: kiwix_force_install | bool
 # 3. ENABLE MODS FOR APACHE PROXY IF DEBUNTU
@ -84,23 +68,22 @@
 #    - rewrite
 #  when: is_debuntu | bool
-# 4. CREATE/ENABLE/RESTART (OR DISABLE) KIWIX SERVICE & ITS CRON JOB
+# 4. INSTALL iiab-make-kiwix-lib*, kiwix-serve.service, kiwix.conf for Apache
 - name: 'Install from templates: kiwix-serve.service, iiab-make-kiwix-lib, iiab-make-kiwix-lib.py, kiwix.conf'
  template:
    backup: no
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: root
    group: root
    mode: "{{ item.mode }}"
  with_items:
-    - { src: 'kiwix-serve.service.j2', dest: '/etc/systemd/system/kiwix-serve.service', mode: '0644'}
+    - { src: 'kiwix-serve.service.j2', dest: '/etc/systemd/system/kiwix-serve.service', mode: '0644' }
-    - { src: 'iiab-make-kiwix-lib', dest: '/usr/bin/iiab-make-kiwix-lib', mode: '0755'}
+    - { src: 'iiab-make-kiwix-lib', dest: '/usr/bin/iiab-make-kiwix-lib', mode: '0755' }
-    - { src: 'iiab-make-kiwix-lib3.py', dest: '/usr/bin/iiab-make-kiwix-lib.py', mode: '0755'}
+    - { src: 'iiab-make-kiwix-lib3.py', dest: '/usr/bin/iiab-make-kiwix-lib.py', mode: '0755' }
-    - { src: 'kiwix.conf.j2', dest: '/etc/{{ apache_config_dir }}/kiwix.conf', mode: '0644'}
+    - { src: 'kiwix.conf.j2', dest: '/etc/{{ apache_config_dir }}/kiwix.conf', mode: '0644' }
- name: Add 'kiwix_installed' variable values to {{ iiab_state_file }}
+# 5. RECORD KIWIX AS INSTALLED IN /etc/iiab/iiab_state.yml
 - name: "Add 'kiwix_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"
    regexp: '^kiwix_installed'
--- a/roles/kiwix/tasks/kiwix_enable.yml
+++ b/roles/kiwix/tasks/kiwix_enable.yml
@ -1,43 +1,19 @@
- name: Create softlink kiwix.conf from sites-enabled to sites-available - for Kiwix Proxy in Apache - is disabled by turning off service kiwix-serve (debuntu)
+- name: Enable & Restart 'kiwix-serve' systemd service
  file:
    src: /etc/apache2/sites-available/kiwix.conf
    path: /etc/apache2/sites-enabled/kiwix.conf
    state: link
  when: kiwix_enabled | bool and not nginx_enabled | bool
 - name: Install nginx support
  template:
    backup: no
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: root
    group: root
    mode: "{{ item.mode }}"
  with_items:
    - { src: 'kiwix-nginx.conf', dest: '/etc/nginx/conf.d/kiwix-nginx.conf', mode: '0644' }
  when: kiwix_enabled | bool and nginx_enabled | bool
 - name: Remove symlink /etc/apache2/sites-enabled/kiwix.conf
  file:
    path: /etc/apache2/sites-enabled/kiwix.conf
    state: absent
  when: not kiwix_enabled | bool or nginx_enabled | bool
 - name: Enable & Restart 'kiwix-serve' service
  systemd:
    daemon_reload: yes
    name: kiwix-serve
    daemon_reload: yes
    enabled: yes
    state: restarted
  when: kiwix_enabled | bool
- name: Disable 'kiwix-serve' service
+- name: Disable & Stop 'kiwix-serve' systemd service
  systemd:
    name: kiwix-serve
    enabled: no
    state: stopped
  when: not kiwix_enabled
-# IN THEORY: BOTH CRON ENTRIES BELOW *SHOULD* BE DELETED "when: not kiwix_enabled"
+
 # TO DO: BOTH CRON ENTRIES BELOW *SHOULD* BE DELETED "when: not kiwix_enabled"
 # In the past kiwix-serve did not stay running, so we'd been doing this hourly.
 # @mgautierfr & others suggest kiwix-serve might be auto-restarted w/o cron in
@ -58,19 +34,50 @@
    dest: /etc/crontab
  when: kiwix_enabled and is_redhat
- name: Restart Apache, so it picks up kiwix.conf
+# Apache
-  service:
+
-    name: "{{ apache_service }}"
+- name: Enable http://box{{ kiwix_url_without_slash }} via Apache
-    state: restarted
+  command: a2ensite kiwix.conf
  when: apache_install and kiwix_enabled
 - name: Disable http://box{{ kiwix_url_without_slash }} via Apache
  command: a2dissite kiwix.conf
  when: apache_install and not kiwix_enabled
 - name: Restart Apache systemd service ({{ apache_service }})
  systemd:
    name: "{{ apache_service }}"
    daemon-reload: yes
    state: restarted
  when: apache_enabled | bool
 # NGINX
 - name: Enable http://box{{ kiwix_url_without_slash }} via NGINX, by installing {{ nginx_config_dir }}/kiwix-nginx.conf from template
  template:
    src: kiwix-nginx.conf
    dest: "{{ nginx_config_dir }}/kiwix-nginx.conf"
  when: nginx_install and kiwix_enabled
 - name: Disable http://box{{ kiwix_url_without_slash }} via NGINX, by removing {{ nginx_config_dir }}/kiwix-nginx.conf
  file:
    path: "{{ nginx_config_dir }}/kiwix-nginx.conf"
    state: absent
  when: nginx_install and not kiwix_enabled
 - name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    state: restarted
  when: nginx_enabled | bool
 # 5. FINALIZE
 - name: Add 'kiwix' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
    section: kiwix
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
  - option: name
    value: Kiwix
--- a/roles/kiwix/tasks/main.yml
+++ b/roles/kiwix/tasks/main.yml
@ -33,12 +33,8 @@
    kiwix_force_install: True
  when: not kiwix_bin.stat.exists or reinstall is defined
- include_tasks: kiwix_install.yml
+- include_tasks: install.yml
-  when: (kiwix_install | bool and not kiwix_installed is defined) or kiwix_force_install | bool
+  when: (kiwix_install and not kiwix_installed is defined) or kiwix_force_install
  tags:
    - kiwix
- include_tasks: kiwix_enable.yml
+- include_tasks: enable.yml
-  when: kiwix_install | bool or kiwix_installed is defined
+  when: kiwix_enabled    # or kiwix_installed is defined
  tags:
    - kiwix
--- a/roles/kolibri/tasks/enable.yml
+++ b/roles/kolibri/tasks/enable.yml
@ -1,58 +1,61 @@
- name: Start 'kolibri' systemd service, if kolibri_enabled
+- name: Enable & Start 'kolibri' systemd service
  systemd:
    name: kolibri
-    state: started
+    daemon_reload: yes
    enabled: yes
    state: started
  when: kolibri_enabled | bool
- name: Enable http://box{{ kolibri_url }} with Apache (a2ensite) if kolibri_enabled    # i.e. http://box/kolibri
+- name: Disable & Stop 'kolibri' systemd service
  command: a2ensite kolibri.conf
  when: kolibri_enabled | bool and not nginx_enabled | bool
 - name: Disable & Stop 'kolibri' systemd service if not kolibri_enabled
  systemd:
    name: kolibri
    enabled: no
    state: stopped
  when: not kolibri_enabled
- name: Disable http://box{{ kolibri_url }} with Apache (a2dissite) if not kolibri_enabled
+  # Apache
 - name: Enable http://box{{ kolibri_url }} via Apache    # i.e. http://box/kolibri
  command: a2ensite kolibri.conf
  when: apache_install and kolibri_enabled
 - name: Disable http://box{{ kolibri_url }} via Apache
  command: a2dissite kolibri.conf
-  when: not kolibri_enabled or nginx_enabled | bool
+  when: apache_install and not kolibri_enabled
- name: Supply /etc/nginx/conf.d/kolibri-nginx.conf when nginx_enabled
+- name: Restart Apache systemd service ({{ apache_service }})
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: "{{ item.mode }}"
    owner: root
    group: root
  with_items:
    - { src: 'kolibri-nginx.conf.j2', dest: '/etc/nginx/conf.d/kolibri-nginx.conf', mode: '0644' }
  when: kolibri_enabled | bool and nginx_enabled | bool
 - name: Disable http://box{{ kolibri_url }} with Apache (a2dissite) if not kolibri_enabled
  command: a2dissite kolibri.conf
  when: not kolibri_enabled or nginx_enabled | bool
 - name: Restart Apache service ({{ apache_service }})    # e.g. apache2
  systemd:
-    name: "{{ apache_service }}"
+    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
    state: restarted
-  when: not nginx_enabled | bool
+  when: apache_enabled | bool
- name: Restart nginx service
+# NGINX
 - name: Enable http://box{{ kolibri_url }} via NGINX, by installing {{ nginx_config_dir }}/kolibri-nginx.conf from template
  template:
    src: kolibri-nginx.conf.j2
    dest: "{{ nginx_config_dir }}/kolibri-nginx.conf"
  when: nginx_install and kolibri_enabled
 - name: Disable http://box{{ kolibri_url }} via NGINX, by removing {{ nginx_config_dir }}/kolibri-nginx.conf
  file:
    path: "{{ nginx_config_dir }}/kolibri-nginx.conf"
    state: absent
  when: nginx_install and not kolibri_enabled
 - name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    state: restarted
  when: nginx_enabled | bool
 - name: Add 'kolibri' variable values to {{ iiab_ini_file }}    # /etc/iiab/iiab.ini
  ini_file:
    path: "{{ iiab_ini_file }}"
    section: kolibri
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: kolibri
--- a/roles/lokole/tasks/enable.yml
+++ b/roles/lokole/tasks/enable.yml
@ -49,7 +49,7 @@
    path: "{{ iiab_ini_file }}"
    section: lokole
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: lokole
--- a/roles/mediawiki/tasks/enable.yml
+++ b/roles/mediawiki/tasks/enable.yml
@ -1,46 +1,47 @@
- name: Create softlink mediawiki.conf from sites-enabled to sites-available, if mediawiki_enabled (debuntu)
+# Apache
  file:
    src: /etc/apache2/sites-available/mediawiki.conf
    dest: /etc/apache2/sites-enabled/mediawiki.conf
    state: link
  when: mediawiki_enabled and is_debuntu
- name: Remove mediawiki.conf if not mediawiki_enabled (debuntu)
+- name: Enable http://box{{ mediawiki_url }} via Apache    # i.e. http://box/mediawiki
-  file:
+  command: a2ensite mediawiki.conf
-    path: /etc/apache2/sites-enabled/mediawiki.conf
+  when: apache_install and mediawiki_enabled
    state: absent
  when: not mediawiki_enabled and is_debuntu
- name: Restart Apache service ({{ apache_service }}) to enable/disable http://box{{ mediawiki_url }}
+- name: Disable http://box{{ mediawiki_url }} via Apache
  command: a2dissite mediawiki.conf
  when: apache_install and not mediawiki_enabled
 - name: Restart Apache systemd service ({{ apache_service }})
  systemd:
-    name: "{{ apache_service }}"
+    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
    daemon_reload: yes
    state: restarted
  when: apache_enabled | bool
- name: Install {{ nginx_config_dir }}/mediawiki-nginx.conf from template, for http://box{{ mediawiki_url }}
+
 # NGINX
 - name: Enable http://box{{ mediawiki_url }} via NGINX, by installing {{ nginx_config_dir }}/mediawiki-nginx.conf from template
  template:
    src: mediawiki-nginx.conf.j2
    dest: "{{ nginx_config_dir }}/mediawiki-nginx.conf"
-  when: mediawiki_enabled
+  when: nginx_install and mediawiki_enabled
- name: Remove mediawiki-nginx.conf if not mediawiki_enabled (debuntu)
+- name: Disable http://box{{ mediawiki_url }} via NGINX, by removing {{ nginx_config_dir }}/mediawiki-nginx.conf
  file:
    path: "{{ nginx_config_dir }}/mediawiki-nginx.conf"
    state: absent
-  when: not mediawiki_enabled and is_debuntu
+  when: nginx_install and not mediawiki_enabled
- name: Restart nginx service to enable/disable http://box{{ mediawiki_url }}
+- name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    daemon_reload: yes
    state: restarted
  when: nginx_enabled | bool
 - name: Add 'mediawiki' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
    section: mediawiki
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: mediawiki
--- a/roles/minetest/tasks/enable.yml
+++ b/roles/minetest/tasks/enable.yml
@ -20,7 +20,7 @@
    path: "{{ iiab_ini_file }}"
    section: minetest
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Minetest Server
--- a/roles/mongodb/tasks/enable.yml
+++ b/roles/mongodb/tasks/enable.yml
@ -27,7 +27,7 @@
    path: "{{ iiab_ini_file }}"
    section: mongodb
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: MongoDB
--- a/roles/monit/tasks/install.yml
+++ b/roles/monit/tasks/install.yml
@ -49,7 +49,7 @@
    path: "{{ iiab_ini_file }}"
    section: monit
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Monit
--- a/roles/moodle-1.9/moodle/tasks/main.yml
+++ b/roles/moodle-1.9/moodle/tasks/main.yml
@ -80,7 +80,7 @@
    path: "{{ iiab_ini_file }}"
    section: moodle
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Moodle
--- a/roles/moodle/tasks/enable.yml
+++ b/roles/moodle/tasks/enable.yml
@ -22,7 +22,7 @@
    path: "{{ iiab_ini_file }}"
    section: moodle
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Moodle
--- a/roles/mosquitto/tasks/enable.yml
+++ b/roles/mosquitto/tasks/enable.yml
@ -11,7 +11,7 @@
    path: "{{ iiab_ini_file }}"
    section: mosquitto
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Mosquitto service
--- a/roles/munin/tasks/enable.yml
+++ b/roles/munin/tasks/enable.yml
@ -55,7 +55,7 @@
    path: "{{ iiab_ini_file }}"
    section: munin
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Munin
--- a/roles/mysql/tasks/main.yml
+++ b/roles/mysql/tasks/main.yml
@ -187,7 +187,7 @@
    path: "{{ iiab_ini_file }}"
    section: mysql
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: MySQL
--- a/roles/network/tasks/computed_network.yml
+++ b/roles/network/tasks/computed_network.yml
@ -197,7 +197,7 @@
    dest: "{{ iiab_ini_file }}"
    section: computed_network
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
  - option: iiab_wan_enabled
    value: "{{ iiab_wan_enabled }}"
--- a/roles/network/tasks/computed_services.yml
+++ b/roles/network/tasks/computed_services.yml
@ -54,7 +54,7 @@
    dest: "{{ iiab_ini_file }}"
    section: network
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
  - option: dansguardian_enabled
    value: "{{ dansguardian_enabled }}"
--- a/roles/network/tasks/detected_network.yml
+++ b/roles/network/tasks/detected_network.yml
@ -193,7 +193,7 @@
    dest: "{{ iiab_ini_file }}"
    section: detected_network
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
  - option: has_ifcfg_gw
    value: "{{ has_ifcfg_gw }}"
--- a/roles/network/tasks/enable_services.yml
+++ b/roles/network/tasks/enable_services.yml
@ -206,7 +206,7 @@
    path: "{{ iiab_ini_file }}"
    section: squid
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: enabled
      value: "{{ squid_enabled }}"
@ -216,7 +216,7 @@
    path: "{{ iiab_ini_file }}"
    section: dansguardian
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: enabled
      value: "{{ dansguardian_enabled }}"
@ -226,7 +226,7 @@
    path: "{{ iiab_ini_file }}"
    section: wondershaper
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: enabled
      value: "{{ wondershaper_enabled }}"
--- a/roles/network/tasks/squid.yml
+++ b/roles/network/tasks/squid.yml
@ -95,7 +95,7 @@
    dest: "{{ iiab_ini_file }}"
    section: "{{ proxy }}"
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Squid
@ -109,7 +109,7 @@
    dest: "{{ iiab_ini_file }}"
    section: dansguardian
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: DansGuardian
--- a/roles/network/tasks/wondershaper.yml
+++ b/roles/network/tasks/wondershaper.yml
@ -50,7 +50,7 @@
    dest: "{{ iiab_ini_file }}"
    section: wondershaper
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: wondershaper
--- a/roles/nextcloud/tasks/enable_or_disable.yml
+++ b/roles/nextcloud/tasks/enable_or_disable.yml
@ -34,7 +34,7 @@
    path: "{{ iiab_ini_file }}"
    section: Nextcloud
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Nextcloud
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@ -14,5 +14,5 @@
  when: nextcloud_install and not installing
 - name: Enable or disable Nextcloud
-  include_tasks: enable_or_disable.yml
+  include_tasks: enable.yml
  when: nextcloud_install or nextcloud_installed is defined
--- a/roles/nginx/README.md
+++ b/roles/nginx/README.md
@ -1,24 +1,28 @@
 ### Transition to NGINX
-1. Initial testing strategy is to move nginx to port 80, and proxy everything to apache on port 8090-- creating a shim.
+
-2. Without php available via fastcgi, any function at all for php based applications validates nginx.
+1. Initial testing strategy is to move nginx to port 80, and proxy everything to Apache on port 8090 -- creating a shim.
-3. Current state (10/16/19)
+2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX.
-    1. Principal functions migrated to nginx.
+3. Current state (2020-01-11)
   1. Principal functions migrated to NGINX
      * Admin Console
         * Awstats
      * kalite -- goes directly to port 8009
      * mediawiki
      * osm-vector-maps
      * usb-lib
-         * maps
+      * wordpress
-    2. Dual support
+   2. Dual support, see: https://github.com/iiab/iiab/blob/master/roles/nginx/tasks/only_nginx.yml
-         * kiwix -- goes directly to port 3000
+      * awstats ([#2124](https://github.com/iiab/iiab/issues/2124))
      * calibre-web
      * gitea
      * kiwix -- goes directly to port 3000
      * kolibri
      * sugarizer
-    3. Still proxied to Apache
+   3. Still proxied to Apache, see: https://github.com/iiab/iiab/blob/master/roles/nginx/tasks/uses_apache.yml
-         * mediawiki
+      * dokuwiki ([#2056](https://github.com/iiab/iiab/issues/2056))
      * elgg
-         * nodered
+      * lokole
         * nextcloud
         * wordpress
      * moodle
-    4. Not dealt with yet
+      * nodered
-         * archive.org
+      * nextcloud ([PR #2119](https://github.com/iiab/iiab/pull/2119))
   4. Not yet dealt with
      * internetarchive ([#2120](https://github.com/iiab/iiab/pull/2120))
--- a/roles/nginx/tasks/install.yml
+++ b/roles/nginx/tasks/install.yml
@ -1,5 +1,7 @@
- name: Install nginx required and helper packages
+- name: Install NGINX required and helper packages
-  package: name={{ item }} state=present
+  package:
    name: "{{ item }}"
    state: present
  with_items:
    - nginx-extras
    - uwsgi
@ -12,24 +14,23 @@
    name: "{{ apache_user }}"
    groups: shadow
- name: Remove the nginx default config
+- name: Remove NGINX default config /etc/nginx/sites-enabled/default
  file:
    path: /etc/nginx/sites-enabled/default
    state: absent
- name: Put config files in place (2 into /etc/nginx, 1 into /etc/{{ apache_service }})
+- name: 'Install 4 files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/{{ apache_service }}/ports.conf, /etc/systemd/system/uwsgi.service'
  template:
-      src: '{{ item.src}}'
+    src: "{{ item.src }}"
-      dest: '{{ item.dest }}'
+    dest: "{{ item.dest }}"
  with_items:
-    - { src: "roles/nginx/templates/server.conf", dest: "/etc/nginx/" }
+    - { src: 'roles/nginx/templates/server.conf', dest: '/etc/nginx/' }
-    - { src: "roles/nginx/templates/nginx.conf", dest: "/etc/nginx/" }
+    - { src: 'roles/nginx/templates/nginx.conf', dest: '/etc/nginx/' }
-    - { src: 'roles/nginx/templates/ports.conf', dest: '/etc/{{ apache_service }}/' , mode: '0644' }
+    - { src: 'roles/nginx/templates/ports.conf', dest: '/etc/{{ apache_service }}/' }
-    - { src: 'roles/nginx/templates/uwsgi.service', dest: '/etc/systemd/system/' , mode: '0644' }
+    - { src: 'roles/nginx/templates/uwsgi.service', dest: '/etc/systemd/system/' }
- name: Let uwsgi running as {{ apache_user }} write log files
+- name: Let uwsgi (running as {{ apache_user }}) write log files
  file: 
    path: /var/log/uwsgi/app
    state: directory
    owner: "{{ apache_user }}"
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@ -1,32 +1,32 @@
- name: Put the config file in place
+- name: "Install from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/{{ apache_service }}/ports.conf, {{ nginx_config_dir }}/iiab.conf"
  template:
-      src: '{{ item.src}}'
+      src: "{{ item.src}}"
-      dest: '{{ item.dest }}'
+      dest: "{{ item.dest }}"
  with_items:
-    - { src: "server.conf",dest: "/etc/nginx/" }
+    - { src: "server.conf", dest: "/etc/nginx/" }
-    - { src: "nginx.conf",dest: "/etc/nginx/" }
+    - { src: "nginx.conf", dest: "/etc/nginx/" }
-    - { src: "ports.conf" , dest: "/etc/{{ apache_service }}/" }
+    - { src: "ports.conf", dest: "/etc/{{ apache_service }}/" }
-    - { src: "iiab.conf.j2",dest: "/etc/nginx/conf.d/iiab.conf" }
+    - { src: "iiab.conf.j2", dest: "{{ nginx_config_dir }}/iiab.conf" }
-  when: nginx_enabled
+  when: nginx_enabled | bool
- name: Clean stale config files
+- name: Remove stale files (usb-lib.conf, modules.conf) from {{ nginx_config_dir }}
  file:
      state: absent
-      path: '{{ item.path }}'
+      path: "{{ item.path }}"
  with_items:
-    - { path: "/etc/nginx/conf.d/usb-lib.conf" }
+    - { path: "{{ nginx_config_dir }}/usb-lib.conf" }
-    - { path: "/etc/nginx/conf.d/modules.conf" }
+    - { path: "{{ nginx_config_dir }}/modules.conf" }
- name: Insure that apache2 is not running -- we may need port swap
+- name: Ensure that Apache (({{ apache_service }})) is not running -- we may need port swap
  systemd:
-    name: apache2
+    name: "{{ apache_service }}"
    state: stopped
 # the below slides in nginx's proxypass config files for apache on localhost
 # via the ports.conf file installed above
- name: Install proxpass to apache running on localhost port {{ apache_port }}
+- name: Install proxpass to Apache running on localhost port {{ apache_port }}
  include_tasks: uses_apache.yml
-  when: nginx_enabled
+  when: nginx_enabled | bool
 # the below task contains the same logic contained in the playbooks to enable
 # 'runrole nginx' to do the right thing but with the 'src' path set to role's
@ -34,9 +34,9 @@
 - name: Install proxpass to other services 'dual mode' roles
  include_tasks: only_nginx.yml
-  when: nginx_enabled
+  when: nginx_enabled | bool
- name: Stop and disable nginx when not nginx_enabled
+- name: Stop and disable NGINX when not nginx_enabled
  systemd:
    name: nginx
    state: stopped
@ -50,21 +50,21 @@
  when: not nginx_enabled
 # should have the logic to handle both modes in the playbook
- name: Enable Apache (a2ensite) for 'dual mode' for the role when NGINX is diabled
+- name: Enable Apache (a2ensite) for 'dual mode' for the role when NGINX is disabled
  include_tasks: disable.yml
  when: not nginx_enabled
- name: Since we stopped apache2, start it again
+- name: Enable & Restart Apache, since we stopped it ({{ apache_service }})
  systemd:
-    name: apache2
+    name: "{{ apache_service }}"
    daemon_reload: yes
    state: restarted
    enabled: true
-    daemon_reload: yes
+  when: apache_enabled | bool
  when: apache_enabled
- name: Restart nginx to pick up the config files installed
+- name: Enable & Restart NGINX, to pick up the config files installed
  systemd:
    name: nginx
    state: restarted
    enabled: true
-  when: nginx_enabled
+  when: nginx_enabled | bool
--- a/roles/nginx/tasks/only_nginx.yml
+++ b/roles/nginx/tasks/only_nginx.yml
@ -3,131 +3,122 @@
    path: /etc/apache2/sites-enabled/awstats.conf
    state: absent
- name: Install nginx support for awstats if awstats_enabled
+- name: Install /etc/nginx/conf.d/awstats-nginx.conf from template, if awstats_enabled
-  copy:
+  template:
-    backup: no
+    src: roles/awstats/templates/awstats-nginx.conf
-    src: "{{ item.src }}"
+    dest: /etc/nginx/conf.d/awstats-nginx.conf
-    dest: "{{ item.dest }}"
+    # owner: root
-    mode: "{{ item.mode }}"
+    # group: root
-    owner: root
+    # mode: '0644'
-    group: root
+  when: awstats_enabled | bool
  with_items:
    - { src: 'roles/awstats/templates/awstats-nginx.conf', dest: '/etc/nginx/conf.d/kiwix-nginx.conf' , mode: '0644' }
  when: awstats_enabled
- name: Remove nginx support for AWStats
+- name: Remove NGINX support for AWStats, if not awstats_enabled
  file:
    path: /etc/nginx/conf.d/awstats-nginx.conf
    state: absent
  when: not awstats_enabled
 - name: Remove symlink /etc/apache2/sites-enabled/kiwix.conf
  file:
    path: /etc/apache2/sites-enabled/kiwix.conf
    state: absent
 - name: Install nginx support for kiwix if kiwix_enabled
  copy:
    backup: no
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: "{{ item.mode }}"
    owner: root
    group: root
  with_items:
    - { src: 'roles/kiwix/templates/kiwix-nginx.conf', dest: '/etc/nginx/conf.d/kiwix-nginx.conf' , mode: '0644' }
  when: kiwix_enabled | bool
 - name: Remove nginx support for kiwix
  file:
    path: /etc/nginx/conf.d/kiwix-nginx.conf
    state: absent
  when: not kiwix_enabled | bool
 - name: Remove symlink /etc/apache2/sites-enabled/sugarizer.conf
  file:
    path: /etc/apache2/sites-enabled/sugarizer.conf
    state: absent
 - name: "Install sugarizer-nginx.conf (nginx) if sugarizer_enabled"
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: "{{ item.mode }}"
    owner: root
    group: root
  with_items:
    - { src: 'roles/sugarizer/templates/sugarizer-nginx.conf', dest: '/etc/nginx/conf.d/sugarizer-nginx.conf', mode: '0644' }
  when: sugarizer_enabled | bool
 - name: Remove nginx support for sugarizer
  file:
    path: /etc/nginx/conf.d/sugarizer-nginx.conf
    state: absent
  when: not sugarizer_enabled | bool
 - name: Remove /etc/apache2/sites-enabled/kolibri.conf
  file:
    path: /etc/apache2/sites-enabled/kolibri.conf
    state: absent
 - name: Supply /etc/nginx/conf.d/kolibri-nginx.conf when kolibri_enabled
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: "{{ item.mode }}"
    owner: root
    group: root
  with_items:
    - { src: 'roles/kolibri/templates/kolibri-nginx.conf.j2', dest: '/etc/nginx/conf.d/kolibri-nginx.conf', mode: '0644' }
  when: kolibri_enabled | bool
 - name: Remove nginx support for kolibri when not kolibri_enabled
  file:
    path: /etc/nginx/conf.d/kolibri-nginx.conf
    state: absent
  when: not kolibri_enabled | bool
 - name: Remove symlink /etc/apache2/sites-enabled/calibre-web.conf
  file:
    path: /etc/apache2/sites-enabled/calibre-web.conf
    state: absent
- name: Install /etc/nginx/conf.d/calibre-web-nginx.conf
+- name: Install /etc/nginx/conf.d/calibre-web-nginx.conf from template, if calibreweb_enabled
  template:
-    src: "{{ item.src }}"
+    src: roles/calibre-web/templates/calibre-web-nginx.conf.j2
-    dest: "{{ item.dest }}"
+    dest: /etc/nginx/conf.d/calibre-web-nginx.conf
-    owner: root
+    # owner: root
-    group: root
+    # group: root
-    mode: "{{ item.mode }}"
+    # mode: '0644'
-  with_items:
+  when: calibreweb_enabled | bool
    - { src: 'roles/calibre-web/templates/calibre-web-nginx.conf.j2', dest: '/etc/nginx/conf.d/calibre-web-nginx.conf', mode: '0644' }
  when: calibreweb_enabled
- name: Remove nginx support for Calibre-Web
+- name: Remove NGINX support for Calibre-Web, if not calibreweb_enabled
  file:
    path: /etc/nginx/conf.d/calibre-web-nginx.conf
    state: absent
  when: not calibreweb_enabled
 - name: Remove symlink /etc/apache2/sites-enabled/gitea.conf
  file:
    path: /etc/apache2/sites-enabled/gitea.conf
    state: absent
- name: Install /etc/nginx/conf.d/gitea-nginx.conf
+- name: Install /etc/nginx/conf.d/gitea-nginx.conf from template, if gitea_enabled
  template:
-    src: "{{ item.src }}"
+    src: roles/gitea/templates/gitea-nginx.conf.j2
-    dest: "{{ item.dest }}"
+    dest: /etc/nginx/conf.d/gitea-nginx.conf
-    owner: root
+    # owner: root
-    group: root
+    # group: root
-    mode: "{{ item.mode }}"
+    # mode: '0644'
-  with_items:
+  when: gitea_enabled | bool
    - { src: 'roles/gitea/templates/gitea-nginx.conf.j2', dest: '/etc/nginx/conf.d/gitea-nginx.conf', mode: '0644' }
  when: gitea_enabled
- name: Remove nginx support for Gitea
+- name: Remove NGINX support for Gitea, if not gitea_enabled
  file:
    path: /etc/nginx/conf.d/gitea-nginx.conf
    state: absent
  when: not gitea_enabled
 - name: Remove symlink /etc/apache2/sites-enabled/kiwix.conf
  file:
    path: /etc/apache2/sites-enabled/kiwix.conf
    state: absent
 - name: Install /etc/nginx/conf.d/kiwix-nginx.conf from template, if kiwix_enabled
  template:
    src: roles/kiwix/templates/kiwix-nginx.conf
    dest: /etc/nginx/conf.d/kiwix-nginx.conf
    # owner: root
    # group: root
    # mode: '0644'
  when: kiwix_enabled | bool
 - name: Remove NGINX support for Kiwix, if not kiwix_enabled
  file:
    path: /etc/nginx/conf.d/kiwix-nginx.conf
    state: absent
  when: not kiwix_enabled
 - name: Remove symlink /etc/apache2/sites-enabled/kolibri.conf
  file:
    path: /etc/apache2/sites-enabled/kolibri.conf
    state: absent
 - name: Install /etc/nginx/conf.d/kolibri-nginx.conf from template, if kolibri_enabled
  template:
    src: roles/kolibri/templates/kolibri-nginx.conf.j2
    dest: /etc/nginx/conf.d/kolibri-nginx.conf
    # owner: root
    # group: root
    # mode: '0644'
  when: kolibri_enabled | bool
 - name: Remove NGINX support for Kolibri, if not kolibri_enabled
  file:
    path: /etc/nginx/conf.d/kolibri-nginx.conf
    state: absent
  when: not kolibri_enabled
 - name: Remove symlink /etc/apache2/sites-enabled/sugarizer.conf
  file:
    path: /etc/apache2/sites-enabled/sugarizer.conf
    state: absent
 - name: Install /etc/nginx/conf.d/sugarizer-nginx.conf from template, if sugarizer_enabled
  template:
    src: roles/sugarizer/templates/sugarizer-nginx.conf
    dest: /etc/nginx/conf.d/sugarizer-nginx.conf
    # owner: root
    # group: root
    # mode: '0644'
  when: sugarizer_enabled | bool
 - name: Remove NGINX support for Sugarizer, if not sugarizer_enabled
  file:
    path: /etc/nginx/conf.d/sugarizer-nginx.conf
    state: absent
  when: not sugarizer_enabled
--- a/roles/nginx/tasks/uses_apache.yml
+++ b/roles/nginx/tasks/uses_apache.yml
@ -1,29 +1,39 @@
- name: Install nginx's config file from template, if moodle_enabled
+- name: Install /etc/nginx/conf.d/dokuwiki-nginx.conf from template, if dokuwiki_enabled
  template:
    src: moodle-nginx.conf.j2
    dest: "/etc/nginx/conf.d/moodle-nginx.conf"
    owner: root
    group: root
    mode: 0644
  when: moodle_enabled
 - name: Install /etc/nginx/conf.d/dokuwiki-nginx.conf from template
  template:
    src: dokuwiki-nginx.conf
    dest: /etc/nginx/conf.d/dokuwiki-nginx.conf
-  when: dokuwiki_enabled
+  when: dokuwiki_enabled | bool
- name: Install /etc/nginx/conf.d/elgg-nginx.conf from template
+- name: Install /etc/nginx/conf.d/elgg-nginx.conf from template, if elgg_enabled
  template:
    src: elgg-nginx.conf
-    dest: "/etc/nginx/conf.d/elgg-nginx.conf"
+    dest: /etc/nginx/conf.d/elgg-nginx.conf
-  when: elgg_enabled
+  when: elgg_enabled | bool
- name: Install /etc/nginx/lokole-nginx.conf from template
+- name: Install /etc/nginx/conf.d/lokole-nginx.conf from template, if lokole_enabled
  template:
    src: lokole-nginx.conf.j2
-    dest: "/etc/nginx/conf.d/lokole-nginx.conf"
+    dest: /etc/nginx/conf.d/lokole-nginx.conf
-  when: lokole_enabled
+  when: lokole_enabled | bool
 - name: Install /etc/nginx/conf.d/moodle-nginx.conf from template, if moodle_enabled
  template:
    src: moodle-nginx.conf.j2
    dest: /etc/nginx/conf.d/moodle-nginx.conf
  when: moodle_enabled | bool
 - name: Install /etc/nginx/conf.d/nextcloud-nginx.conf from template, if nextcloud_enabled
  template:
    src: nextcloud-nginx.conf
    dest: /etc/nginx/conf.d/nextcloud-nginx.conf
  when: nextcloud_enabled | bool
 - name: Install /etc/nginx/conf.d/nodered-nginx.conf from template, if nodered_enabled
  template:
    src: nodered-nginx.conf.j2
    dest: /etc/nginx/conf.d/nodered-nginx.conf
    # mode: '0666'
  when: nodered_enabled | bool
 # mediawiki and wordpress are no longer proxied
@ -39,20 +49,4 @@
 #      dest: /etc/nginx/conf.d/
 #  when: wordpress_enabled
 - name: Install Nextcloud's nginx conf.d file from template
  template:
       src: nextcloud-nginx.conf
       dest: /etc/nginx/conf.d/nextcloud-nginx.conf
  when: nextcloud_enabled
 - name: Install NodeRed's nginx conf.d file from template
  template:
    src: nodered-nginx.conf.j2
    dest: /etc/nginx/conf.d/nodered-nginx.conf
    owner: root
    group: root
    mode: 0666
  when: nodered_enabled
 #- name: Install proxpass to apache running on localhost
--- a/roles/nginx/templates/dokuwiki-nginx.conf
+++ b/roles/nginx/templates/dokuwiki-nginx.conf
@ -1,3 +1,3 @@
 location {{ dokuwiki_url }} {
-  proxy_pass http://127.0.0.1:{{ apache_port }}/{{ dokuwiki_url }};
+  proxy_pass http://127.0.0.1:{{ apache_port }}{{ dokuwiki_url }};
 }
--- a/roles/nginx/templates/server.conf
+++ b/roles/nginx/templates/server.conf
@ -10,7 +10,7 @@ server {
      index  index.php index.html index.htm;
      # let individual services drop location blocks in conf.d
-      include /etc/nginx/conf.d/*;
+      include {{ nginx_config_dir }}/*;
      location ~ .*\.php$ {
          proxy_set_header X-Real-IP  $remote_addr;
--- a/roles/nodered/tasks/enable.yml
+++ b/roles/nodered/tasks/enable.yml
@ -40,7 +40,7 @@
    path: "{{ iiab_ini_file }}"
    section: nodered
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Node-RED
--- a/roles/nodogsplash/tasks/rpi.yml
+++ b/roles/nodogsplash/tasks/rpi.yml
@ -57,7 +57,7 @@
    path: "{{ iiab_ini_file }}"
    section: nodogsplash
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: nodogsplash
--- a/roles/openvpn/tasks/main.yml
+++ b/roles/openvpn/tasks/main.yml
@ -204,7 +204,7 @@
    path: "{{ iiab_ini_file }}"
    section: openvpn
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
  - option: name
    value: OpenVPN
--- a/roles/osm-vector-maps/tasks/main.yml
+++ b/roles/osm-vector-maps/tasks/main.yml
@ -1,15 +1,15 @@
 - name: Ensure directory {{ vector_map_path }}/maplist/assets exists
  file:
-    path: '{{ vector_map_path }}/maplist/assets'
+    path: "{{ vector_map_path }}/maplist/assets"
    state: directory
-    owner: '{{ apache_user }}'
+    owner: "{{ apache_user }}"
-    group: '{{ apache_user }}'
+    group: "{{ apache_user }}"
    mode: '0755'
 - name: Download map catalog {{ iiab_map_url }}/assets/regions.json to {{ vector_map_path }}/maplist/assets/
  get_url:
    url: "{{ iiab_map_url }}/assets/regions.json"
-    dest: '{{ vector_map_path }}/maplist/assets/'
+    dest: "{{ vector_map_path }}/maplist/assets/"
 - name: Symlink catalog {{ doc_root }}/common/assets/regions.json -> {{ vector_map_path }}/maplist/assets/regions.json
  file:
@ -20,19 +20,19 @@
 - name: Download the JavaScript bundle with OpenLayers (main.js) for test page http://box/maps/maplist
  get_url:
    url: "{{ iiab_map_url }}/../main.js"
-    dest: '{{ vector_map_path }}/maplist/'
+    dest: "{{ vector_map_path }}/maplist/"
 - name: Install {{ vector_map_path }}/maplist/index.html from template, for test page http://box/maps/maplist
  template:
-    src: "index.html"
+    src: index.html
-    dest: '{{ vector_map_path }}/maplist/index.html'
+    dest: "{{ vector_map_path }}/maplist/index.html"
 # Bboxes (bounding boxes) are currently square.  But geofabrik has non-rectangular bboxes.
 # So bring the bounding box definition from cloud (bboxes.geojson is big)
 - name: Download bounding box definitions (bboxes.geojson) to {{ vector_map_path }}/maplist/assets/
  get_url:
    url: "{{ iiab_map_url }}/assets/bboxes.geojson"
-    dest: '{{ vector_map_path }}/maplist/assets/'
+    dest: "{{ vector_map_path }}/maplist/assets/"
 # REMOVE this stanza once the transition to Python 3 is confirmed
 #- name: Install python-geojson package (OS's prior to Ubuntu 19.10)
@ -48,11 +48,11 @@
 #    name: python3-geojson    # 2019-10-19: available across most/all recent
 #    state: present           # OS's, but not yet used by osm-vector-maps code?
- name: Install /usr/bin/iiab-update-map for updating of Map Pack catalog & descriptions
+- name: Install /usr/bin/iiab-update-map from template, for updating of Map Pack catalog & descriptions
  template:
    src: iiab-update-map
    dest: /usr/bin/iiab-update-map
-    mode: "0755"
+    mode: '0755'
 # This depends on iiab-admin-console which is not yet installed
 #- name: Run the script that does osm-vector-maps housekeeping
@ -61,25 +61,25 @@
 - name: Copy countries.json (geojson) to {{ vector_map_path }}/maplist/assets
  copy:
    src: countries.json
-    dest: '{{ vector_map_path }}/maplist/assets'
+    dest: "{{ vector_map_path }}/maplist/assets"
 #  It is too complicated to use a single file for both iiab and admin-console
 - name: Copy the duplicated JavaScript (map_functions.js) to {{ vector_map_path }}/maplist/assets
  copy:
    src: map_functions.js
-    dest: '{{ vector_map_path }}/maplist/assets'
+    dest: "{{ vector_map_path }}/maplist/assets"
- name: Install /etc/nginx/conf.d/osm-vector-maps.conf from template
+- name: Install {{ nginx_config_dir }}/osm-vector-maps.conf from template
  template:
    src: osm-vector-maps-nginx.conf
-    dest: "/etc/nginx/conf.d/osm-vector-maps-nginx.conf"
+    dest: "{{ nginx_config_dir }}/osm-vector-maps-nginx.conf"
  when: osm_vector_maps_enabled | bool
- name: Remove config /etc/nginx/conf,d/osm-vector-maps.conf (debuntu)
+- name: Remove {{ nginx_config_dir }}/osm-vector-maps.conf
  file:
-    path: /etc/nginx/conf.d/osm-vector-maps-nginx.conf
+    path: "{{ nginx_config_dir }}/osm-vector-maps-nginx.conf"
    state: absent
-  when: not osm_vector_maps_enabled | bool
+  when: not osm_vector_maps_enabled
 #- name: Does the {{ vector_map_path }}/index.html redirect already exist?
 #  stat:
@ -94,7 +94,7 @@
    dest: "{{ vector_map_path }}/index.html"
  #when: not osm_redirect.stat.exists
- name: Reload Apache service ({{ apache_service }})    # e.g. apache2
+- name: Reload 'nginx' systemd service
  systemd:
-    name: "{{ apache_service }}"
+    name: nginx
    state: reloaded
--- a/roles/osm/tasks/main.yml
+++ b/roles/osm/tasks/main.yml
@ -177,7 +177,7 @@
    path: "{{ iiab_ini_file }}"
    section: osm
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
  - option: name
    value: OpenStreetMap
--- a/roles/owncloud/tasks/main.yml
+++ b/roles/owncloud/tasks/main.yml
@ -110,7 +110,7 @@
    path: "{{ iiab_ini_file }}"
    section: owncloud
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: owncloud
--- a/roles/pathagar/tasks/main.yml
+++ b/roles/pathagar/tasks/main.yml
@ -198,7 +198,7 @@
    path: "{{ iiab_ini_file }}"
    section: pathagar
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: pathagar
--- a/roles/phpmyadmin/tasks/main.yml
+++ b/roles/phpmyadmin/tasks/main.yml
@ -70,7 +70,7 @@
    path: "{{ iiab_ini_file }}"
    section: phpmyadmin
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: phpMyAdmin
--- a/roles/postgresql/tasks/main.yml
+++ b/roles/postgresql/tasks/main.yml
@ -105,7 +105,7 @@
    path: "{{ iiab_ini_file }}"
    section: postgresql
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: PostgreSQL
--- a/roles/rachel/tasks/main.yml
+++ b/roles/rachel/tasks/main.yml
@ -28,7 +28,7 @@
    path: "{{ iiab_ini_file }}"
    section: rachel
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: rachel
--- a/roles/samba/tasks/main.yml
+++ b/roles/samba/tasks/main.yml
@ -78,7 +78,7 @@
    path: "{{ iiab_ini_file }}"
    section: samba
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Samba
--- a/roles/schooltool/tasks/main.yml
+++ b/roles/schooltool/tasks/main.yml
@ -60,7 +60,7 @@
    path: "{{ iiab_ini_file }}"
    section: schooltool
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Schooltool
--- a/roles/sugar-stats/tasks/main.yml
+++ b/roles/sugar-stats/tasks/main.yml
@ -45,7 +45,7 @@
    path: "{{ iiab_ini_file }}"
    section: sugar_stats
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: sugar_stats
--- a/roles/sugarizer/tasks/enable.yml
+++ b/roles/sugarizer/tasks/enable.yml
@ -1,82 +1,61 @@
- name: Create symlink sugarizer.conf from sites-enabled to sites-available, for short URLs http://box/sugar & http://box/sugarizer (if sugarizer_enabled)
+- name: Enable & Restart 'sugarizer' systemd service
  file:
    src: /etc/apache2/sites-available/sugarizer.conf
    path: /etc/apache2/sites-enabled/sugarizer.conf
    state: link
  when: sugarizer_enabled | bool and not nginx_enabled | bool
 - name: Remove symlink /etc/apache2/sites-enabled/sugarizer.conf (if not sugarizer_enabled)
  file:
    path: /etc/apache2/sites-enabled/sugarizer.conf
    state: absent
  when: not sugarizer_enabled | bool  or nginx_enabled | bool
 - name: "Install sugarizer-nginx.conf (nginx)"
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: "{{ item.mode }}"
    owner: root
    group: root
  with_items:
    - { src: 'sugarizer-nginx.conf', dest: '/etc/nginx/conf.d/sugarizer-nginx.conf' , mode: '0644' }
  when: sugarizer_enabled | bool and nginx_enabled | bool
 # 6. RESTART/STOP SYSTEMD SERVICE
 # with "systemctl daemon-reload" in case mongodb.service changed, etc
 - name: Enable & Restart 'sugarizer' systemd service (if sugarizer_enabled)
  systemd:
    name: sugarizer
-    daemon_reload: yes
+    daemon_reload: yes    # in case mongodb.service changed, etc
    enabled: yes
    state: restarted
  when: sugarizer_enabled | bool
- name: Disable & Stop 'sugarizer' systemd service (if not sugarizer_enabled)
+- name: Disable & Stop 'sugarizer' systemd service
  systemd:
    name: sugarizer
    daemon_reload: yes
    enabled: no
    state: stopped
  when: not sugarizer_enabled
-#- name: Enable services (all OS's)
+# Apache
 #  service:
 #    name: "{{ item.name }}"
 #    enabled: yes
 #    state: restarted
 #  with_items:
 ##   - { name: mongodb }    # 2018-07-14: NICE TRY, but still doesn't bring http://box:8089 to life reliably, as a reboot usually does!  (Is a "systemctl daemon-reload" or some such nec?)
 #    - { name: sugarizer }
 #  when: sugarizer_enabled | bool
-#- name: Disable service (all OS's)
+- name: Enable http://box/sugarizer & http://box/sugar via Apache
-#  service:
+  command: a2ensite sugarizer.conf
-#    name: sugarizer
+  when: apache_install and sugarizer_enabled
 #    enabled: no
 #    state: stopped
 #  when: not sugarizer_enabled
- name: Restart Apache service ({{ apache_service }}) to enable/disable http://box/sugarizer (not just http://box:{{ sugarizer_port }})
+- name: Disable http://box/sugarizer & http://box/sugar via Apache
  command: a2dissite sugarizer.conf
  when: apache_install and not sugarizer_enabled
 - name: Restart Apache systemd service ({{ apache_service }})
  systemd:
-    name: "{{ apache_service }}"    # httpd or apache2
+    name: "{{ apache_service }}"
    state: restarted
-  when: sugarizer_enabled | bool and not nginx_enabled | bool
+  when: apache_enabled | bool
- name: Restart nginx when enabled
+# NGINX
 - name: Enable http://box/sugarizer via NGINX, by installing {{ nginx_config_dir }}/sugarizer-nginx.conf from template
  template:
    src: sugarizer-nginx.conf
    dest: "{{ nginx_config_dir }}/sugarizer-nginx.conf"
  when: nginx_install and sugarizer_enabled
 - name: Disable http://box/sugarizer via NGINX, by removing {{ nginx_config_dir }}/sugarizer-nginx.conf
  file:
    path: "{{ nginx_config_dir }}/sugarizer-nginx.conf"
    state: absent
  when: nginx_install and not sugarizer_enabled
 - name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    state: restarted
-    daemon_reload: yes
+  when: nginx_enabled | bool
-  when: sugarizer_enabled and nginx_enabled
+
 - name: Add 'sugarizer' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
    section: sugarizer
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Sugarizer
--- a/roles/sugarizer/tasks/install.yml
+++ b/roles/sugarizer/tasks/install.yml
@ -120,12 +120,6 @@
 # when: internet_available and git_sug_server_output.changed    # OLD WAY 3
 # when: internet_available and not is_F18 and not node_modules_exists    # OLD WAY 1
 #- name: Create the express framework for Node.js (Fedora 18)
 #  shell: npm install
 #  args:
 #    chdir: "{{ iiab_base }}/sugarizer/server"
 #  when: internet_available and is_F18 and not node_modules_exists
 # Add a Node.js Express function that appends a prefix to URLs.
 # SEE "AUTO-INSERTED BY IIAB" ~61 LINES BELOW: as those two "pathPrefix" lines
 # MUST be added to /opt/iiab/sugarizer-server/sugarizer.js
@ -138,16 +132,16 @@
 # 5. CONFIG FILES
- name: "Install from templates: sugarizer.service (systemd), sugarizer-nginx.conf (nginx)"
+- name: "Install from templates: /etc/systemd/system/sugarizer.service, /etc/apache2/sites-available/sugarizer.conf"
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
-    mode: 0644
+    # owner: root
-    owner: root
+    # group: root
-    group: root
+    # mode: '0644'
  with_items:
    - { src: 'sugarizer.service', dest: '/etc/systemd/system/sugarizer.service' }
-    - { src: 'sugarizer.conf.j2', dest: '/etc/apache2/sites-available/sugarizer.conf' }
+    - { src: 'sugarizer.conf.j2', dest: "/etc/{{ apache_config_dir }}/sugarizer.conf" }
    #- { src: 'sugarizer.ini.j2', dest: '{{ iiab_base }}/sugarizer-server/env/sugarizer.ini' }
    #- { src: 'sugarizer.js', dest: '{{ iiab_base }}/sugarizer-server' }
@ -221,7 +215,7 @@
 #    # Use this instead, if tabs are truly nec:
 #    # block: "\tvar pathPrefix = '/sugarizer';\n\tapp.use(pathPrefix, require('path-prefix-proxy')(pathPrefix));"
- name: Add 'sugarizer_installed' variable values to {{ iiab_state_file }}
+- name: "Add 'sugarizer_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"
    regexp: '^sugarizer_installed'
--- a/roles/teamviewer/tasks/main.yml
+++ b/roles/teamviewer/tasks/main.yml
@ -13,7 +13,7 @@
    path: "{{ iiab_ini_file }}"
    section: teamviewer
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: teamviewer
--- a/roles/transmission/tasks/main.yml
+++ b/roles/transmission/tasks/main.yml
@ -58,7 +58,7 @@
    path: "{{ iiab_ini_file }}"
    section: transmission
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: transmission
--- a/roles/usb-lib/tasks/main.yml
+++ b/roles/usb-lib/tasks/main.yml
@ -89,7 +89,7 @@
    path: "{{ iiab_ini_file }}"
    section: usb-lib
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: usb-lib
--- a/roles/vnstat/tasks/main.yml
+++ b/roles/vnstat/tasks/main.yml
@ -31,7 +31,7 @@
    path: "{{ iiab_ini_file }}"
    section: vnstat
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: vnStat
--- a/roles/wordpress/tasks/enable.yml
+++ b/roles/wordpress/tasks/enable.yml
@ -1,27 +1,46 @@
- name: Create symlink wordpress.conf from sites-enabled to sites-available, if wordpress_enabled (debuntu)
+# Apache
  file:
    src: /etc/apache2/sites-available/wordpress.conf
    path: /etc/apache2/sites-enabled/wordpress.conf
    state: link
  when: wordpress_enabled and is_debuntu
- name: Remove /etc/apache2/sites-enabled/wordpress.conf if not wordpress_enabled (debuntu)
+- name: "Enable http://box{{ wp_url }} via Apache"
-  file:
+  command: a2ensite wordpress.conf
-    path: /etc/apache2/sites-enabled/wordpress.conf
+  when: apache_install and wordpress_enabled
    state: absent
  when: not wordpress_enabled and is_debuntu
- name: Restart Apache service ({{ apache_service }}) to enable/disable http://box{{ wp_url }}
+- name: "Disable http://box{{ wp_url }} via Apache"
  command: a2dissite wordpress.conf
  when: apache_install and not wordpress_enabled
 - name: Restart Apache systemd service ({{ apache_service }})
  systemd:
-    name: "{{ apache_service }}"
+    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
    state: restarted
  when: apache_enabled | bool
 # NGINX
 - name: "Enable http://box{{ wp_url }} via NGINX, by installing {{ nginx_config_dir }}/wordpress-nginx.conf from template"
  template:
    src: wordpress-nginx.conf.j2
    dest: "{{ nginx_config_dir }}/wordpress-nginx.conf"
  when: nginx_install and wordpress_enabled
 - name: "Disable http://box{{ wp_url }} via NGINX, by removing {{ nginx_config_dir }}/wordpress-nginx.conf"
  file:
    path: "{{ nginx_config_dir }}/wordpress-nginx.conf"
    state: absent
  when: nginx_install and not wordpress_enabled
 - name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    state: restarted
  when: nginx_enabled | bool
 - name: Add 'wordpress' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
    section: wordpress
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: WordPress
--- a/roles/wordpress/tasks/install.yml
+++ b/roles/wordpress/tasks/install.yml
@ -16,24 +16,24 @@
    url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}"
    dest: "{{ downloads_dir }}"
    timeout: "{{ download_timeout }}"
-#   force: yes
+    # force: yes
-#   backup: yes
+    # backup: yes
  register: wp_download_output
  when: internet_available | bool
- name: Create symlink from /opt/iiab/downloads/wordpress.tar.gz to {{ wp_download_output.dest }}
+- name: Symlink {{ downloads_dir }}/wordpress.tar.gz -> {{ wp_download_output.dest }}
  file:
    src: "{{ wp_download_output.dest }}"
-    path: "{{ downloads_dir }}/wordpress.tar.gz"
+    path: "{{ downloads_dir }}/wordpress.tar.gz"    # /opt/iiab/downloads
    state: link
  when: wp_download_output.dest is defined
- name: Does /opt/iiab/downloads/wordpress.tar.gz link exist?
+- name: Does {{ downloads_dir }}/wordpress.tar.gz link exist?
  stat:
-    path: "{{ downloads_dir }}/wordpress.tar.gz"
+    path: "{{ downloads_dir }}/wordpress.tar.gz"    # /opt/iiab/downloads
  register: wp_link
- name: FAIL (force Ansible to exit) IF /opt/iiab/downloads/wordpress.tar.gz doesn't exist
+- name: FAIL (force Ansible to exit) IF {{ downloads_dir }}/wordpress.tar.gz doesn't exist
  fail:
    msg: "{{ downloads_dir }}/wordpress.tar.gz is REQUIRED in order to install WordPress."
  when: not wp_link.stat.exists
@ -42,22 +42,11 @@
  unarchive:
    src: "{{ downloads_dir }}/wordpress.tar.gz"
    dest: "{{ wp_install_path }}"
-    owner: root
+    # owner: root
-    group: "{{ apache_user }}"
+    group: "{{ apache_user }}"    # DO WE REALLY STILL WANT THIS FOR NGINX?
-    mode: 0664
+    mode: '0664'
    keep_newer: yes
 # - name: Rename /library/wordpress* to /library/wordpress
 #   shell: if [ ! -d {{ wp_abs_path }} ]; then mv {{ wp_abs_path }}* {{ wp_abs_path }}; fi
 #- name: Make Apache owner and group, 1st pass permissions set to 0664
 #  file: path={{ wp_abs_path }}
 #        recurse=yes
 #        owner=root
 #        group={{ apache_user }}
 #        mode=0664
 #        state=directory
 - name: Make /library/wordpress directories 775 so Apache can traverse and write (most files remain 0664)
  command: "/usr/bin/find {{ wp_abs_path }} -type d -exec chmod 775 {} +"
@ -65,9 +54,9 @@
  copy:
    src: wp-keys.php.BAK
    dest: "{{ wp_abs_path }}/wp-keys.php.BAK"
-    owner: root
+    # owner: root
-    group: "{{ apache_user }}"
+    group: "{{ apache_user }}"    # DO WE REALLY STILL WANT THIS FOR NGINX?
-    mode: 0640
+    mode: '0640'
 # Fetch random salts for WordPress config into wp-keys.php file by generating script and running
@ -75,9 +64,9 @@
  template:
    src: get-iiab-wp-salts.j2
    dest: /tmp/get-iiab-wp-salts
-    owner: root
+    # owner: root
-    group: root
+    # group: root
-    mode: 0700
+    mode: '0700'
 - name: Run /tmp/get-iiab-wp-salts to create /library/wordpress/wp-keys.php
  command: /tmp/get-iiab-wp-salts
@ -91,23 +80,17 @@
  template:
    src: wp-config.php.j2
    dest: "{{ wp_abs_path }}/wp-config.php"
-    owner: root
+    # owner: root
-    group: "{{ apache_user }}"
+    group: "{{ apache_user }}"    # DO WE REALLY STILL WANT THIS FOR NGINX?
-    mode: 0660
+    mode: '0660'
 - name: Install etc/{{ apache_config_dir }}/wordpress.conf from template, for http://box{{ wp_url }}
  template:
    src: wordpress.conf.j2
    dest: "/etc/{{ apache_config_dir }}/wordpress.conf"
-  when: apache_enabled
+  when: apache_enabled | bool
- name: Install {{ nginx_config_dir }}/wordpress-nginx.conf from template, for http://box{{ wp_url }}
+- name: "Add 'wordpress_installed: True' to {{ iiab_state_file }}"
  template:
    src: wordpress-nginx.conf.j2
    dest: "{{ nginx_config_dir }}/wordpress-nginx.conf"
  when: nginx_enabled
 - name: Add 'wordpress_installed' variable values to {{ iiab_state_file }}
  lineinfile:
    dest: "{{ iiab_state_file }}"
    regexp: '^wordpress_installed'
--- a/roles/xovis/tasks/main.yml
+++ b/roles/xovis/tasks/main.yml
@ -86,7 +86,7 @@
    path: "{{ iiab_ini_file }}"
    section: xovis
    option: "{{ item.option }}"
-    value: "{{ item.value }}"
+    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: xovis