external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Merge pull request #2 from iiab/master

Browse source 
Pull in master
This commit is contained in:
cwivagg 2022-08-31 06:35:37 -04:00 committed by GitHub
commit de9e699571
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
258 changed files with 3811 additions and 2217 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
LICENSING.md
View file

@ -15,6 +15,6 @@ this is to include the following two lines at the top of the file:
Licensed under the terms of the GNU GPL v2 or later; see LICENSE for details.
All files not containing an explicit copyright notice or terms of license in
the file are Copyright © 2015-2021, Unleash Kids, and are licensed under the
the file are Copyright © 2015-2022, Unleash Kids, and are licensed under the
terms of the GPLv2 license in the file named LICENSE in the root of the
repository.

10
README.md
View file

@ -21,7 +21,7 @@ Install Internet-in-a-Box (IIAB) from [download.iiab.io](https://download.iiab.i
Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way, as you put together the <!--digital--> "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB:
- Our [1-line installer](https://download.iiab.io/) gets you the very latest, typically within about an hour, on [different Linux distributions](https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems).
- [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images:-Summary) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi.
- [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images:-Summary#iiab-images-for-raspberry-pi) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi.
Our [HOW-TO videos](https://www.youtube.com/channel/UC0cBGCxr_WPBPa3IqPVEe3g) can be very helpful and the [Installation](https://github.com/iiab/iiab/wiki/IIAB-Installation) wiki page has more intricate details e.g. if you're trying to install Internet-in-a-Box (IIAB) onto a [another Linux](https://github.com/iiab/iiab/wiki/IIAB-Platforms) that has not yet been tried.
@ -33,9 +33,11 @@ Finally, you can [customize your Internet-in-a-Box home page](https://wiki.iiab.
## Community
Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) of all kinds!
Global community updates and videos are regularly posted to: **[@internet_in_box](https://twitter.com/internet_in_box)**
If you would like to volunteer, please [make contact](https://internet-in-a-box.org/pages/contributing.html) after looking over "[How can I help?](https://wiki.iiab.io/go/FAQ#How_can_I_help.3F)" at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ)
_Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) of all kinds!_
If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over "[How can I help?](https://wiki.iiab.io/go/FAQ#How_can_I_help.3F)" at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ)
<!-- To learn about our software architecture, check out our [Contributors Guide](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide).-->
@ -52,4 +54,4 @@ Install our latest pre-release using the 1-line installer at: [**download.iiab.i
You can also consider <!--latest Internet-in-a-Box (IIAB)--> earlier official releases at: [github.com/iiab/iiab/releases](https://github.com/iiab/iiab/releases)
For much older versions, see: [github.com/xsce](http://github.com/xsce), [schoolserver.org](http://schoolserver.org)
For much older versions, see: [github.com/xsce](https://github.com/xsce), [schoolserver.org](http://schoolserver.org)

8
iiab-from-cmdline.yml
View file

@ -3,10 +3,10 @@
become: yes
vars_files:
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- /etc/iiab/local_vars.yml
- /etc/iiab/iiab_state.yml
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- /etc/iiab/local_vars.yml
- /etc/iiab/iiab_state.yml
roles:
- { role: 0-init }

8
iiab-from-console.yml
View file

@ -3,10 +3,10 @@
become: yes
vars_files:
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- /etc/iiab/local_vars.yml
- /etc/iiab/iiab_state.yml
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- /etc/iiab/local_vars.yml
- /etc/iiab/iiab_state.yml
roles:
- { role: 0-init }

88
iiab-install
View file

@ -1,17 +1,57 @@
#!/bin/bash -e
# Running from a git repo
# Add cmdline options for passing to ansible
# Todo add proper shift to gobble up --debug --reinstall
PLAYBOOK=iiab-stages.yml
INVENTORY=ansible_hosts
IIAB_STATE_FILE=/etc/iiab/iiab_state.yml
ARGS=""
ARGS="--extra-vars {" # Needs boolean not string so use JSON list. bash forces {...} to '{...}' for Ansible
CWD=`pwd`
OS=`grep ^ID= /etc/os-release | cut -d= -f2`
OS=${OS//\"/}
OS=${OS//\"/} # Remove all '"'
MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993
MIN_ANSIBLE_VER=2.11.6 # Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB.
MIN_ANSIBLE_VER=2.12.7 # Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB.
REINSTALL=false
DEBUG=false
SKIP_ROLE_ON_ERROR=false
usage() {
echo -e "\n\e[1mUse './iiab-install' for regular installs, or to continue an install."
echo -e "Use './iiab-install --risky' to force 'skip_role_on_error: True'"
echo -e "Use './iiab-install --reinstall' to force running all Stages 0-9, followed by the Network Role."
echo -e "Use './iiab-install --debug' to run Stage 0, followed by Stages 3-9, followed by the Network Role."
echo -e "Use './iiab-configure' to run Stage 0, followed by Stages 4-9."
echo -e "Use './runrole' to run Stage 0, followed by a single Stage or Role."
echo -e "Use './iiab-network' to run Stage 0, followed by the Network Role.\e[0m\n"
}
# https://stackoverflow.com/questions/192249/how-do-i-parse-command-line-arguments-in-bash/14203146#14203146
while [[ $# -gt 0 ]]; do
case $1 in
--reinstall)
REINSTALL=true
shift
;;
--debug)
DEBUG=true
shift
;;
-r|--risky)
SKIP_ROLE_ON_ERROR=true
shift
;;
*)
usage
exit 1
;;
esac
done
ARGS="$ARGS\"skip_role_on_error\":$SKIP_ROLE_ON_ERROR" # Needs boolean not
# string so use JSON list. Ansible permits these boolean values: (refresher)
# https://github.com/iiab/iiab/blob/master/roles/0-init/tasks/validate_vars.yml#L19-L43
if [ ! -f /etc/iiab/local_vars.yml ]; then
@ -27,11 +67,11 @@ if [ ! -f /etc/iiab/local_vars.yml ]; then
echo -e "\nEXITING: /opt/iiab/iiab/iiab-install REQUIRES /etc/iiab/local_vars.yml\n" >&2
echo -e "(1) Please read http://wiki.laptop.org/go/IIAB/local_vars.yml to learn more" >&2
echo -e "(2) MIN/MEDIUM/BIG samples are included in /opt/iiab/iiab/vars" >&2
echo -e "(1) See http://FAQ.IIAB.IO -> What is local_vars.yml and how do I customize it?" >&2
echo -e "(2) SMALL/MEDIUM/LARGE samples are included in /opt/iiab/iiab/vars" >&2
echo -e "(3) NO TIME FOR DETAILS? RUN INTERNET-IN-A-BOX'S FRIENDLY 1-LINE INSTALLER:\n" >&2
echo -e ' http://download.iiab.io\n' >&2
echo -e ' https://download.iiab.io\n' >&2
exit 1
fi
@ -57,16 +97,6 @@ if [ ! -f $PLAYBOOK ]; then
exit 1
fi
if [ "$1" != "--debug" ] && [ "$1" != "--reinstall" ] && [ "$1" != "" ]; then
echo "Use './iiab-install' for regular installs, or to continue an install."
echo "Use './iiab-install --reinstall' to force running all Stages 0-9, followed by the Network Role."
echo "Use './iiab-install --debug' to run Stage 0, followed by Stages 3-9, followed by the Network Role."
echo "Use './iiab-configure' to run Stage 0, followed by Stages 4-9."
echo "Use './runrole' to run Stage 0, followed by a single Stage or Role."
echo "Use './iiab-network' to run Stage 0, followed by the Network Role."
exit 1
fi
# Subroutine compares software version numbers. Generates rare false positives
# like "1.0 > 1" and "2.4.0 > 2.4". Avoid risks by structuring conditionals w/
# a consistent # of decimal points e.g. "if version_gt w.x.y.z a.b.c.d; then"
@ -125,27 +155,23 @@ if [ -f /etc/iiab/iiab.env ]; then
fi
fi
if [ "$1" == "--reinstall" ]; then
if $($REINSTALL); then
STAGE=0
ARGS="$ARGS"" --extra-vars reinstall=True"
#ARGS="$ARGS"" --extra-vars reinstall=True"
ARGS="$ARGS,\"reinstall\":True" # Needs boolean not string so use JSON list
sed -i 's/^STAGE=.*/STAGE=0/' /etc/iiab/iiab.env
echo "Wrote STAGE=0 (counter) to /etc/iiab/iiab.env"
elif [ "$STAGE" -ge 2 ] && [ "$1" == "--debug" ]; then
elif [ "$STAGE" -ge 2 ] && $($DEBUG); then
STAGE=2
sed -i 's/^STAGE=.*/STAGE=2/' /etc/iiab/iiab.env
echo "Wrote STAGE=2 (counter) to /etc/iiab/iiab.env"
elif [ "$STAGE" -eq 9 ]; then
echo -e "\nEXITING: STAGE (counter) in /etc/iiab/iiab.env shows Stage 9 Is Already Done."
echo -e "Use './iiab-install --reinstall' to force running all Stages 0-9, followed by the Network Role."
echo -e "Use './iiab-install --debug' to run Stage 0, followed by Stages 3-9, followed by the Network Role."
echo -e "Use './iiab-configure' to run Stage 0, followed by Stages 4-9."
echo -e "Use './runrole' to run Stage 0, followed by a single Stage or Role."
echo -e "Use './iiab-network' to run Stage 0, followed by the Network Role.\n\n"
exit 0 # Allows rerunning http://download.iiab.io/install.txt
echo -e "\n\e[1mEXITING: STAGE (counter) in /etc/iiab/iiab.env shows Stage 9 Is Already Done.\e[0m"
usage
exit 0 # Allows rerunning https://download.iiab.io/install.txt
fi
fi
if [ "$STAGE" -lt 2 ] && [ "$1" == "--debug" ]; then
if [ "$STAGE" -lt 2 ] && $($DEBUG); then
echo -e "\n'--debug' *ignored* as STAGE (counter) < 2."
fi
@ -168,6 +194,8 @@ export ANSIBLE_LOG_PATH="$CWD""/iiab-install.log"
ansible -m setup -i $INVENTORY localhost --connection=local | grep python
ansible -m setup -i $INVENTORY localhost --connection=local >> /dev/null # So vars are recorded in /opt/iiab/iiab/iiab-install.log
ansible-playbook -i $INVENTORY $PLAYBOOK ${ARGS} --connection=local
ARGS="$ARGS}"
echo -e "\nNOW RUN: ansible-playbook -i $INVENTORY $PLAYBOOK $ARGS --connection=local\n"
ansible-playbook -i $INVENTORY $PLAYBOOK $ARGS --connection=local
echo -e "./iiab-install $* COMPLETED IN $CWD\n\n"

35
iiab-network
View file

@ -4,11 +4,14 @@
CWD=`pwd`
export ANSIBLE_LOG_PATH="$CWD/iiab-network.log"
if [ ! -f iiab-network.yml ]; then
echo "iiab-network.yml not found in current directory."
echo "Please rerun this command from the top level of the git repo."
echo "Exiting."
exit_error() {
echo -e "\nEXITING: "$@ | tee -a /opt/iiab/iiab/iiab-network.log
exit 1
}
if [ ! -f iiab-network.yml ]; then
exit_error "iiab-network.yml not found in current directory." \
"Please rerun this command from the top level of the git repo."
fi
OS="unknown" # will be overridden below, if /etc/iiab/iiab.env is legit
@ -19,26 +22,21 @@ if [ -f /etc/iiab/iiab.env ]; then
if grep -q STAGE= /etc/iiab/iiab.env ; then
echo -e "\nExtracted STAGE=$STAGE (counter) from /etc/iiab/iiab.env"
if ! [ "$STAGE" -eq "$STAGE" ] 2> /dev/null; then
echo -e "\nEXITING: STAGE (counter) value == ""$STAGE"" is non-integer"
exit 1
exit_error "STAGE (counter) value == ""$STAGE"" is non-integer"
elif [ "$STAGE" -lt 0 ] || [ "$STAGE" -gt 9 ]; then
echo -e "\nEXITING: STAGE (counter) value == ""$STAGE"" is out-of-range"
exit 1
exit_error "STAGE (counter) value == ""$STAGE"" is out-of-range"
elif [ "$STAGE" -lt 3 ]; then
echo -e "\nEXITING: STAGE (counter) value == ""$STAGE"
echo -e "\nIIAB Stage 3 not complete."
echo -e "\nPlease run: ./iiab-install"
exit 1
exit_error "STAGE (counter) value == ""$STAGE" \
"\nIIAB Stage 3 not complete." \
"\nPlease run: ./iiab-install"
fi
else
echo -e "\nEXITING: STAGE (counter) not found"
echo -e "\nIIAB not installed."
echo -e "\nPlease run: ./iiab-install"
exit 1
exit_error "STAGE (counter) not found" \
"\nIIAB not installed." \
"\nPlease run: ./iiab-install"
fi
else
echo -e "\nEXITING: /etc/iiab/iiab.env not found"
exit 1
exit_error "/etc/iiab/iiab.env not found"
fi
echo "Ansible will now run iiab-network.yml -- log file is iiab-network.log"
@ -94,3 +92,4 @@ echo "iiab-network run start: $Start"
echo "iiab-network run end: $End"
echo
echo "Please REBOOT to fully verify your network -- graphical desktops MUST reboot!"
exit 0

8
iiab-network.yml
View file

@ -3,10 +3,10 @@
become: yes
vars_files:
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- /etc/iiab/local_vars.yml
- /etc/iiab/iiab_state.yml
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- /etc/iiab/local_vars.yml
- /etc/iiab/iiab_state.yml
roles:
- { role: 0-init }

10
iiab-stages.yml
View file

@ -3,11 +3,11 @@
become: yes
vars_files:
- roles/0-init/defaults/main.yml
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- /etc/iiab/local_vars.yml
- /etc/iiab/iiab_state.yml
- roles/0-init/defaults/main.yml
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- /etc/iiab/local_vars.yml
- /etc/iiab/iiab_state.yml
tasks:

6
install-support.yml → install-support.yml.unused
View file

@ -2,9 +2,9 @@
become: yes
vars_files:
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- /etc/iiab/local_vars.yml
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- /etc/iiab/local_vars.yml
roles:
- { role: 0-init }

8
roles/0-init/defaults/main.yml
View file

@ -23,14 +23,6 @@
# ...after it is set in 0-init/tasks/main.yml
first_run: False
rpi_model: none # 2021-07-30: Broadly used!
#xo_model: none # 2021-07-30: No longer used
# 2021-07-30: Recorded to /etc/iiab/iiab.ini but not used programmatically:
gw_active: False
# 2021-07-30: Broadly used, but not in an organized way -- most all IIAB
# outfitting/provisioning happens online -- in situations where connectivity
# failures should be reported to the operator, rather than papered over:
internet_available: False
discovered_wan_iface: none # 2021-07-30: Very broadly used!
# 2021-07-30: Barely used -- for {named, dhcpd, squid} in
# roles/network/tasks/main.yml -- after being set in 0-init/tasks/network.yml

6
roles/0-init/tasks/create_iiab_ini.yml
View file

@ -29,14 +29,16 @@
value: "{{ ansible_architecture }}"
- option: iiab_base_ver
value: "{{ iiab_base_ver }}"
- option: iiab_remote_url
value: "{{ ansible_local.local_facts.iiab_remote_url }}"
- option: iiab_branch
value: "{{ ansible_local.local_facts.iiab_branch }}"
- option: iiab_commit
value: "{{ ansible_local.local_facts.iiab_commit }}"
- option: iiab_recent_tag
value: "{{ ansible_local.local_facts.iiab_recent_tag }}"
- option: install_date
value: "{{ ansible_date_time.iso8601 }}"
#- option: xo_model
# value: "{{ xo_model }}"
- option: rpi_model
value: "{{ rpi_model }}"
- option: devicetree_model

27
roles/0-init/tasks/hostname.yml
View file

@ -1,3 +1,8 @@
- name: "Set 'iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}'"
set_fact:
iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}"
FQDN_changed: False
- name: Does /etc/cloud/cloud.cfg exist e.g. is this Ubuntu Server 18+ ?
stat:
path: /etc/cloud/cloud.cfg
@ -17,16 +22,10 @@
# 2021-08-31: Periods in /etc/hostname fail with some WiFi routers (#2904)
# command: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}"
#- name: Install /etc/sysconfig/network from template (redhat)
# template:
# src: roles/network/templates/network/sysconfig.network.j2
# dest: /etc/sysconfig/network
# owner: root
# group: root
# mode: 0644
# when: is_redhat
# roles/network/tasks/hosts.yml [no longer in use] ALSO did this:
# 2022-07-11: Should the first entry match just hostname and domain move to
# after localhost? See PR's #1 & #8 -- with discussion on #3302 -- and also:
# 1. /etc/hosts -- #1815 solved by PR #1847
# 2. /etc/hostname -- #2904 solved by PR #2973
- name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan"'
lineinfile:
path: /etc/hosts
@ -36,6 +35,14 @@
#group: root
#mode: 0644
# 2021-07-30: FQDN_changed isn't used as in the past -- its remaining use is
# for {named, dhcpd, squid} in roles/network/tasks/main.yml -- possibly it
# should be reconsidered? See PR #2876: roles/network might become optional?
- name: "Also set 'FQDN_changed: True' -- if iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }})"
set_fact:
FQDN_changed: True
when: iiab_fqdn != ansible_fqdn
#- name: Re-configuring httpd - not initial install
# include_tasks: roles/httpd/tasks/main.yml
# when: iiab_stage|int > 3

34
roles/0-init/tasks/main.yml
View file

@ -11,14 +11,8 @@
set_fact:
rpi_model: "{{ ansible_local.local_facts.rpi_model }}"
devicetree_model: "{{ ansible_local.local_facts.devicetree_model }}"
#xo_model: "{{ ansible_local.local_facts.xo_model }}"
iiab_stage: "{{ ansible_local.local_facts.stage }}"
# 2020-10-29: Appears no longer nec (see 3 above ansible_local.local_facts.*)
#- name: Re-read local_facts.facts from /etc/ansible/facts.d
# setup:
# filter: ansible_local
# Initialize /etc/iiab/iiab.ini writing the 'location' and 'version' sections
# once and only once, to preserve the install date and git hash.
- name: Create {{ iiab_ini_file }}, if it doesn't exist
@ -27,9 +21,9 @@
# 2021-07-30: The 'first_run' flag isn't much used anymore. In theory it's
# still used in these 2 places:
# (1) roles/1-prep/tasks/main.yml for raspberry_pi.yml
# (1) roles/1-prep/tasks/hardware.yml for raspberry_pi.yml
# (2) roles/network/tasks/named.yml for "Stop named before copying files"
# In practice however, it's no longer important, and might be reconsidered?
# This needs to be reworked for 0-init speed, and overall understandability.
- name: Set first_run flag
set_fact:
first_run: True
@ -38,11 +32,14 @@
# Copies the latest/known version of iiab-diagnostics into /usr/bin (so it can
# be run even if local source tree /opt/iiab/iiab is deleted to conserve disk).
- name: Copy /opt/iiab/iiab/scripts/iiab-diagnostics to /usr/bin/iiab-diagnostics
- name: Copy iiab-summary & iiab-diagnostics from /opt/iiab/iiab/scripts/ to /usr/bin/
copy:
src: "{{ iiab_dir }}/scripts/iiab-diagnostics"
src: "{{ iiab_dir }}/scripts/{{ item }}"
dest: /usr/bin/
mode: '0755'
with_items:
- iiab-summary
- iiab-diagnostics
- name: Create globally-writable directory /etc/iiab/diag (0777) so non-root users can run 'iiab-diagnostics'
file:
@ -57,9 +54,8 @@
- name: "Time Zone / TZ: Set symlink /etc/localtime to UTC if it doesn't exist?"
include_tasks: tz.yml
- name: Test Gateway + Test Internet + Set new hostname/domain (hostname.yml) if nec + Set 'gui_port' to 80 or 443 for Admin Console
include_tasks: network.yml
- name: Set hostname / domain (etc) in various places
include_tasks: hostname.yml
- name: Add 'runtime' variable values to {{ iiab_ini_file }}
ini_file:
@ -74,10 +70,14 @@
value: "{{ iiab_base_ver }}"
- option: iiab_revision
value: "{{ iiab_revision }}"
- option: iiab_remote_url
value: "{{ ansible_local.local_facts.iiab_remote_url }}"
- option: runtime_branch
value: "{{ ansible_local.local_facts.iiab_branch }}"
- option: runtime_commit
value: "{{ ansible_local.local_facts.iiab_commit }}"
- option: iiab_recent_tag
value: "{{ ansible_local.local_facts.iiab_recent_tag }}"
- option: runtime_date
value: "{{ ansible_date_time.iso8601 }}"
- option: ansible_version
@ -88,10 +88,6 @@
value: "{{ ansible_memtotal_mb }}"
- option: swap_mb
value: "{{ ansible_swaptotal_mb }}"
- option: gw_active
value: "{{ gw_active }}"
- option: internet_available
value: "{{ internet_available }}"
- option: rpi_model
value: "{{ rpi_model }}"
- option: devicetree_model
@ -102,10 +98,6 @@
value: "{{ local_tz }}"
- option: etc_localtime.stdout # e.g. 'America/New_York' direct from symlink /etc/localtime -- or '' if /etc/localtime doesn't exist
value: "{{ etc_localtime.stdout }}"
#- option: no_NM_reload
# value: "{{ no_NM_reload }}"
#- option: is_F18
# value: "{{ is_F18 }}"
- option: FQDN_changed
value: "{{ FQDN_changed }}"

74
roles/0-init/tasks/network.yml
View file

@ -1,74 +0,0 @@
- name: Do we have a gateway? If 'ip route' specifies a default route, Ansible parses details here...
debug:
var: ansible_default_ipv4
- name: "If above ansible_default_ipv4.gateway is defined, set WAN candidate 'discovered_wan_iface: {{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias"
set_fact:
discovered_wan_iface: "{{ ansible_default_ipv4.alias }}"
when: ansible_default_ipv4.gateway is defined
- name: "Verify gateway active: ping -c4 {{ ansible_default_ipv4.gateway }} -- using ansible_default_ipv4.gateway"
shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" | grep icmp_seq=4 | wc -l
register: gw_active_test
when: discovered_wan_iface != "none"
- name: "If gateway responded, set 'gw_active: True' and 'iiab_wan_iface: {{ discovered_wan_iface }}' -- using discovered_wan_iface"
set_fact:
iiab_wan_iface: "{{ discovered_wan_iface }}"
gw_active: True
when: discovered_wan_iface != "none" and gw_active_test.stdout == "1"
- name: 'Test for Internet access, using: {{ iiab_download_url }}/heart-beat.txt'
get_url:
url: "{{ iiab_download_url }}/heart-beat.txt"
dest: /tmp/heart-beat.txt
#timeout: "{{ download_timeout }}"
# @jvonau recommends: 100sec is too much (keep 10sec default)
ignore_errors: True
#async: 10
#poll: 2
register: internet_access_test
- name: "Set 'internet_available: True' if above download succeeded AND not disregard_network"
set_fact:
internet_available: True # Initialized to 'False' in 0-init/defaults/main.yml
when: not internet_access_test.failed and not disregard_network
- name: Remove downloaded Internet test file /tmp/heart-beat.txt
file:
path: /tmp/heart-beat.txt
state: absent
- name: "Set 'iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}'"
set_fact:
iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}"
FQDN_changed: False
- name: Set hostname / domain (etc) in various places -- if iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }})
include_tasks: hostname.yml
when: iiab_fqdn != ansible_fqdn
# 2021-07-30: FQDN_changed isn't used as in the past -- its remaining use is
# for {named, dhcpd, squid} in roles/network/tasks/main.yml -- possibly it
# should be reconsidered? See PR #2876: roles/network might become optional?
- name: "Also set 'FQDN_changed: True' -- if iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }})"
set_fact:
FQDN_changed: True
when: iiab_fqdn != ansible_fqdn
# 2021-08-17: (1) iiab-gen-iptables works better if gui_port is set directly in
# default_vars.yml and/or local_vars.yml (2) Admin Console's iiab-admin.yml
# and js-menu.yml set 'adm_cons_force_ssl: False'
# - name: "Set 'gui_port: 80' for Admin Console if not adm_cons_force_ssl"
# set_fact:
# gui_port: 80
# when: not adm_cons_force_ssl
# - name: "Set 'gui_port: 443' for Admin Console if adm_cons_force_ssl"
# set_fact:
# gui_port: 443
# when: adm_cons_force_ssl

32
roles/0-init/tasks/validate_vars.yml
View file

@ -63,15 +63,13 @@
#
# 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc
- name: Set vars_checklist for 44 + 44 + 40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked
set_fact:
vars_checklist:
- hostapd
- dhcpd
- named
- dnsmasq
- bluetooth
#- wondershaper # Unmaintained
- sshd
- openvpn
- remoteit
@ -80,18 +78,10 @@
#- apache # Unmaintained - former dependency
#- mysql # MANDATORY
- squid
#- dansguardian # Unmaintained
- cups
- samba
- usb_lib
#- xo_services # Unmaintained
#- activity_server # Unmaintained
#- ejabberd_xs # Unmaintained
#- idmgr # Unmaintained
- azuracast
#- dokuwiki # Unmaintained
#- ejabberd # Unmaintained
#- elgg # Unmaintained
- gitea
- jupyterhub
- lokole
@ -111,6 +101,7 @@
- osm_vector_maps
- transmission
- awstats
- matomo
- monit
- munin
- phpmyadmin
@ -122,6 +113,7 @@
- calibreweb
- calibre
- pbx
- network
- name: Assert that {{ vars_checklist | length }} "XYZ_install" vars are all... defined
assert:
@ -165,3 +157,21 @@
quiet: yes
when: item != 'nodejs' and item != 'postgresql' and item != 'mongodb' and item != 'yarn' # Exclude auto-installed dependencies
loop: "{{ vars_checklist }}"
- name: 'DISALLOW "XYZ_install: True" if deprecated'
assert:
that: "{{ item }}_install is undefined or not {{ item }}_install"
fail_msg: "DISALLOWED: '{{ item }}_install: True' (e.g. in /etc/iiab/local_vars.yml)"
quiet: yes
with_items:
- dhcpd # Deprecated
- named # Deprecated
- wondershaper # Deprecated
- dansguardian # Deprecated
#- xo_services # Unmaintained
#- activity_server # Unmaintained
#- ejabberd_xs # Unmaintained
#- idmgr # Unmaintained
#- dokuwiki # Unmaintained
#- ejabberd # Unmaintained
#- elgg # Unmaintained

2
roles/1-prep/tasks/hardware.yml
View file

@ -14,7 +14,7 @@
- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6
get_url:
url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode" # http://download.iiab.io/packages
url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode" # https://download.iiab.io/packages
dest: /lib/firmware
timeout: "{{ download_timeout }}"
when: usb_NUC6.stdout|int > 0

25
roles/1-prep/tasks/main.yml
View file

@ -23,9 +23,21 @@
name: iiab-admin
#when: iiab_admin_install # Flag might be created in future?
- name: Install dnsmasq -- configure LATER in 'network', after Stage 9
include_tasks: roles/network/tasks/dnsmasq.yml
#when: dnsmasq_install # Flag might be used in future?
- name: Copy iiab-apps-to-be-installed from {{ iiab_dir }}/scripts to /usr/bin/
copy:
src: "{{ iiab_dir }}/scripts/iiab-apps-to-be-installed" # /opt/iiab/iiab
dest: /usr/bin/
mode: '0755'
- name: Copy iiab-network from {{ iiab_dir }}/scripts to /usr/local/bin/
copy:
src: "{{ iiab_dir }}/scripts/iiab-network"
dest: /usr/local/bin/
mode: '0755'
- name: Install ~12 network/wifi/related packages + Squid if necessary + configure /etc/sysctl.conf -- full configuration LATER in 'network', after Stage 9
include_tasks: roles/network/tasks/install.yml
when: network_install and network_installed is undefined
- include_tasks: uuid.yml
- include_tasks: ubermix.yml
@ -62,7 +74,10 @@
# when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed
- name: Recording STAGE 1 HAS COMPLETED ============================
- name: Install {{ iiab_env_file }} from template -- FYI this file can be run as a script if absolutely nec -- e.g. 'source /etc/iiab/iiab.env && echo $WWWROOT'
template:
src: roles/1-prep/templates/iiab.env.j2
dest: "{{ iiab_env_file }}" # Can also be run as a script if absolutely nec, e.g. 'source /etc/iiab/iiab.env && echo $WWWROOT'
dest: "{{ iiab_env_file }}"
- name: Recording STAGE 1 HAS COMPLETED ============================
meta: noop

12
roles/1-prep/templates/iiab-expand-rootfs
View file

@ -11,11 +11,11 @@
if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then
echo "$0: Expanding rootfs partition"
# if [ -x /usr/bin/raspi-config ]; then # Raspberry Pi OS
# # 2022-02-17: Uses do_expand_rootfs() from:
# # https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config
# raspi-config --expand-rootfs # REQUIRES A REBOOT
# else # REQUIRES NO REBOOT; works on all OS's
if [ -x /usr/bin/raspi-config ]; then # Raspberry Pi OS
# 2022-02-17: Uses do_expand_rootfs() from:
# https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config
raspi-config --expand-rootfs # REQUIRES A REBOOT
else # REQUIRES NO REBOOT; BEWARE iiab-expand-rootfs.service RACE CONDITION WITH fsck (PR #2522 & #3325)
# 2022-03-15: Borrows from above raspi-config URL's do_expand_rootfs()
ROOT_PART="$(findmnt / -o SOURCE -n)" # e.g. /dev/sda2 or /dev/mmcblk0p2
ROOT_DEV="/dev/$(lsblk -no pkname "$ROOT_PART")" # e.g. /dev/sda or /dev/mmcblk0
@ -53,7 +53,7 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then
# # Resize partition
# growpart /dev/$root_dev $root_part_no
# resize2fs /dev/$root_part
# fi
fi
rm -f /.expand-rootfs /.resize-rootfs
fi

6
roles/2-common/tasks/fl.yml
View file

@ -1,6 +1,6 @@
# fl.yml signifies "file layout"
- name: "File Layout - Create directories: 1 in /etc, 1 in {{ py3_dist_path }}, 3 in {{ iiab_base }}, 17 in {{ content_base }}" # iiab_base: /opt/iiab
- name: "File Layout - Create directories: 1 in {{ py3_dist_path }}, 2 in {{ iiab_base }}, 17 in {{ content_base }}" # iiab_base: /opt/iiab
file:
path: "{{ item }}"
# owner: root
@ -8,9 +8,9 @@
# mode: '0755'
state: directory
with_items:
- /etc/sysconfig/olpc-scripts/setup.d/installed/
#- /etc/sysconfig/olpc-scripts/setup.d/installed/
- "{{ py3_dist_path }}/iiab" # /usr/lib/python3/dist-packages
- "{{ yum_packages_dir }}" # /opt/iiab/yum-packages
#- "{{ yum_packages_dir }}" # /opt/iiab/yum-packages
- "{{ pip_packages_dir }}" # /opt/iiab/pip-packages
- "{{ downloads_dir }}" # /opt/iiab/downloads
#- "{{ content_base }}/downloads" # /library/downloads auto-created just below

10
roles/2-common/tasks/main.yml
View file

@ -8,8 +8,14 @@
- include_tasks: packages.yml
- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall)
include_tasks: network.yml
- name: "Use 'sysctl' to set 'kernel.core_uses_pid: 1' in /etc/sysctl.conf"
sysctl: # Places these settings in /etc/sysctl.conf, to survive reboot
name: "{{ item.name }}"
value: "{{ item.value }}"
with_items:
#- { name: 'kernel.sysrq', value: '1' } # OS values differ, Ok?
- { name: 'kernel.core_uses_pid', value: '1' }
#- { name: 'kernel.shmmax', value: '268435456' } # OS values differ, Ok?
- include_tasks: iiab-startup.yml

4
roles/2-common/tasks/packages.yml
View file

@ -16,12 +16,12 @@
#- lynx # 505kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml
#- make # 376kB download: 2021-07-27: Currently used by roles/pbx and no other roles
- mlocate # 92kB download
#- ntfs-3g # 379kB download: RaspiOS installs this regardless -- 2021-07-31: But this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g -- and upcoming kernel 5.15 improvements: https://www.phoronix.com/scan.php?page=news_item&px=New-NTFS-Likely-For-Linux-5.15
#- ntfs-3g # 379kB download: RasPiOS installs this regardless -- 2021-07-31: But this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g -- and upcoming kernel 5.15 improvements: https://www.phoronix.com/scan.php?page=news_item&px=New-NTFS-Likely-For-Linux-5.15
#- openssh-server # 318kB download: RasPiOS installs this regardless -- this is also installed by 1-prep's roles/sshd/tasks/main.yml to cover all OS's
- pandoc # 19kB download: For /usr/bin/iiab-refresh-wiki-docs
- pastebinit # 47kB download: For /usr/bin/iiab-diagnostics
#- python3-pip # 337kB download: RasPiOS installs this regardless -- 2021-07-29: And already installed by /opt/iiab/iiab/scripts/ansible -- this auto-installs 'python3-setuptools' and 'python3' etc
#- python3-venv # 1188kB download: RasPiOS installs this regardless -- 2021-07-30: For Ansible module 'pip' used in roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves. FYI: Debian 11 auto-installs 'python3-venv' when you install 'python3' -- whereas Ubuntu (e.g. 20.04 & 21.10) and RaspiOS 10 did not.
#- python3-venv # 1188kB download: RasPiOS installs this regardless -- 2021-07-30: For Ansible module 'pip' used in roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves. FYI: Debian 11 auto-installs 'python3-venv' when you install 'python3' -- whereas Ubuntu (e.g. 20.04 & 21.10) and RasPiOS 10 did not.
- rsync # 351kB download: RasPiOS installs this regardless
#- screen # 551kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml
- sqlite3 # 1054kB download

17
roles/4-server-options/tasks/main.yml
View file

@ -24,23 +24,6 @@
name: sshd
when: sshd_install
# UNMAINTAINED
- name: Install named / BIND
include_tasks: roles/network/tasks/named.yml
when: named_install is defined and named_install
# UNMAINTAINED
- name: Install dhcpd
include_tasks: roles/network/tasks/dhcpd.yml
when: dhcpd_install is defined and dhcpd_install
# LESS MAINTAINED
- name: Install Squid
include_tasks: roles/network/tasks/squid.yml
when: squid_install and squid_installed is undefined
- name: Install Bluetooth - only on Raspberry Pi
include_role:
name: bluetooth

6
roles/6-generic-apps/tasks/main.yml
View file

@ -3,6 +3,7 @@
- name: ...IS BEGINNING ====================================
meta: noop
# UNMAINTAINED
- name: AZURACAST
include_role:
name: azuracast
@ -36,10 +37,11 @@
name: jupyterhub
when: jupyterhub_install
# UNMAINTAINED
- name: LOKOLE
include_role:
name: lokole
when: lokole_install
when: lokole_install is defined and lokole_install
- name: MEDIAWIKI
include_role:
@ -59,7 +61,7 @@
- name: NEXTCLOUD
include_role:
name: nextcloud
when: nextcloud_install and not is_ubuntu_2204 # TEMPORARY
when: nextcloud_install
- name: WORDPRESS
include_role:

6
roles/7-edu-apps/tasks/main.yml
View file

@ -11,7 +11,7 @@
- name: KOLIBRI
include_role:
name: kolibri
when: kolibri_install and not is_ubuntu_2204 # TEMPORARY
when: kolibri_install
- name: KIWIX
include_role:
@ -21,7 +21,7 @@
- name: MOODLE
include_role:
name: moodle
when: moodle_install and not is_ubuntu_2204 # TEMPORARY
when: moodle_install and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY
- name: OSM-VECTOR-MAPS
include_role:
@ -43,7 +43,7 @@
- name: SUGARIZER
include_role:
name: sugarizer
when: sugarizer_install and not is_ubuntu_2204 # TEMPORARY
when: sugarizer_install and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY
- name: Recording STAGE 7 HAS COMPLETED ========================
lineinfile:

7
roles/8-mgmt-tools/tasks/main.yml
View file

@ -12,7 +12,12 @@
include_role:
name: awstats
when: awstats_install
- name: MATOMO
include_role:
name: matomo
when: matomo_install
- name: MONIT
include_role:
name: monit

47
roles/awstats/tasks/main.yml
View file

@ -19,27 +19,34 @@
quiet: yes
- name: Install AWStats if 'awstats_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: awstats_installed is undefined
- block:
- name: Install AWStats if 'awstats_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: awstats_installed is undefined
- name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml
- name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml
- name: Add 'awstats' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: awstats
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: AWStats
- option: description
value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."'
- option: awstats_install
value: "{{ awstats_install }}"
- option: awstats_enabled
value: "{{ awstats_enabled }}"
- name: Add 'awstats' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: awstats
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: AWStats
- option: description
value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."'
- option: awstats_install
value: "{{ awstats_install }}"
- option: awstats_enabled
value: "{{ awstats_enabled }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

2
roles/awstats/templates/awstats.schoolserver.conf.j2
View file

@ -261,7 +261,7 @@ AllowToUpdateStatsFromBrowser=1
# 3 - Possible on CLI and CGI
# Default: 2
#
AllowFullYearView=2
AllowFullYearView=3

6
roles/azuracast/README.rst
View file

@ -1,6 +1,6 @@
==========
================
AzuraCast README
==========
================
This playbook adds `AzuraCast <https://azuracast.com/>`_ to Internet-in-a-Box (IIAB) for network radio station functionality. With 'AzuraCast' you and your community can schedule podcasts, music, and even do live streaming of audio content. A variety of streaming formats are supported.
@ -11,7 +11,7 @@ As of 2019-08-04, this will only run on Ubuntu 18.04, and tentatively on Debian
Using It
--------
* Do a normal IIAB install (http://download.iiab.io), making sure to set both variables ``azuracast_install`` and ``azuracast_enabled`` to ``True`` when it prompts you to edit `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_, as you begin the installation.
* Do a normal IIAB install (https://download.iiab.io), making sure to set both variables ``azuracast_install`` and ``azuracast_enabled`` to ``True`` when it prompts you to edit `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_, as you begin the installation.
* When the IIAB software install completes, it will ask you to reboot, and AzuraCast's console will then be available at http://box.lan:10080
* This console site will prompt you to complete AzuraCast's initial setup: user accounts, managing stations, radio streams, etc.
* Finally, check out some `how-to videos <https://www.youtube.com/watch?v=b1Rxlu5P804>`_ to learn to manage your own radio station!

16
roles/calibre-web/tasks/nginx.yml → roles/calibre-web/tasks/enable-or-disable.yml
View file

@ -1,3 +1,19 @@
- name: Enable & Restart 'calibre-web' systemd service, if calibreweb_enabled
systemd:
name: calibre-web
daemon_reload: yes
enabled: yes
state: restarted
when: calibreweb_enabled
- name: Disable & Stop 'calibre-web' systemd service, if not calibreweb_enabled
systemd:
name: calibre-web
enabled: no
state: stopped
when: not calibreweb_enabled
# TO DO: restore http://box/libros & http://box/livres etc, alongside English (#2195)
# RELATED: https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy

2
roles/calibre-web/tasks/install.yml
View file

@ -51,7 +51,7 @@
# VIRTUALENV EXAMPLE COMMANDS:
# cd /usr/local/calibre-web-py3
# source bin/activate
# python3 -m pip list
# python3 -m pip list ('pip list' probably sufficient, likewise below)
# python3 -m pip freeze > /tmp/requirements.txt
# python3 -m pip install -r requirements.txt
# deactivate

87
roles/calibre-web/tasks/main.yml
View file

@ -19,56 +19,47 @@
quiet: yes
- name: Install Calibre-Web if 'calibreweb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: calibreweb_installed is undefined
- block:
- name: Install Calibre-Web if 'calibreweb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: calibreweb_installed is undefined
- name: Enable & Restart 'calibre-web' systemd service, if calibreweb_enabled
systemd:
name: calibre-web
daemon_reload: yes
enabled: yes
state: restarted
when: calibreweb_enabled
- include_tasks: enable-or-disable.yml
- name: Disable & Stop 'calibre-web' systemd service, if not calibreweb_enabled
systemd:
name: calibre-web
enabled: no
state: stopped
when: not calibreweb_enabled
- name: Add 'calibre-web' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: calibre-web
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Calibre-Web
- option: description
value: '"Calibre-Web is a web app providing a clean interface for browsing, reading and downloading e-books."'
- option: calibreweb_install
value: "{{ calibreweb_install }}"
- option: calibreweb_enabled
value: "{{ calibreweb_enabled }}"
- option: calibreweb_url1
value: "{{ calibreweb_url1 }}"
- option: calibreweb_url2
value: "{{ calibreweb_url2 }}"
- option: calibreweb_url3
value: "{{ calibreweb_url3 }}"
- option: calibreweb_path
value: "{{ calibreweb_venv_path }}"
- option: calibreweb_home
value: "{{ calibreweb_home }}"
- option: calibreweb_port
value: "{{ calibreweb_port }}"
- option: calibreweb_settings_database
value: "{{ calibreweb_settings_database }}"
- name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml
rescue:
- name: Add 'calibre-web' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: calibre-web
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Calibre-Web
- option: description
value: '"Calibre-Web is a web app providing a clean interface for browsing, reading and downloading e-books."'
- option: calibreweb_install
value: "{{ calibreweb_install }}"
- option: calibreweb_enabled
value: "{{ calibreweb_enabled }}"
- option: calibreweb_url1
value: "{{ calibreweb_url1 }}"
- option: calibreweb_url2
value: "{{ calibreweb_url2 }}"
- option: calibreweb_url3
value: "{{ calibreweb_url3 }}"
- option: calibreweb_path
value: "{{ calibreweb_venv_path }}"
- option: calibreweb_home
value: "{{ calibreweb_home }}"
- option: calibreweb_port
value: "{{ calibreweb_port }}"
- option: calibreweb_settings_database
value: "{{ calibreweb_settings_database }}"
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

4
roles/calibre/defaults/main.yml
View file

@ -34,11 +34,11 @@ calibre_userdb: "{{ calibre_dbpath }}/users.sqlite"
# calibre-server --manage-users --userdb /library/calibre/users.sqlite
calibre_sample_book: "Metamorphosis-jackson.epub"
# Must be downloadable from http://download.iiab.io/packages
# Must be downloadable from https://download.iiab.io/packages
calibre_src_url: "https://raw.githubusercontent.com/kovidgoyal/calibre/master/setup/linux-installer.py"
calibre_deb_url: "{{ iiab_download_url }}" # http://download.iiab.io/packages
calibre_deb_url: "{{ iiab_download_url }}" # https://download.iiab.io/packages
# Above URL must offer both .deb files below: (for scripts/calibre-install-pinned-rpi.sh to run)
calibre_deb_pin_version: 3.33.1+dfsg-1 # for calibre_3.33.1+dfsg-1_all.deb (24M, 2018-10-21)
calibre_bin_deb_pin_version: "{{ calibre_deb_pin_version }}" # for calibre-bin_3.33.1+dfsg-1_armhf.deb (706K, 2018-10-23)

29
roles/calibre/tasks/enable-or-disable.yml Normal file
View file

@ -0,0 +1,29 @@
# http://box:8080 & http://box:8080/mobile WORK BUT OTHER URL'S LIKE http://box/calibre ARE A MESS (BOOKS RARELY DISPLAY)
#
# 2018-08-27 POSSIBLE FIX...CONSIDER THIS ProxyPass / ProxyPassReverse TECHNIQUE:
# https://github.com/iiab/iiab/tree/master/roles/calibre-web/templates/calibre-web.conf.j2
# (anyway this works great for calibre-web, allowing http://box/books
# to work even better than http://box:8083 when box == 192.168.0.x !)
#
#- name: Attempt to enable http://box/calibre via Apache (UNTESTED)
# command: a2ensite calibre.conf
# when: apache_installed and calibre_enabled
#
#- name: Attempt to disable http://box/calibre via Apache (UNTESTED)
# command: a2dissite calibre.conf
# when: apache_installed and not calibre_enabled
- name: Enable & (Re)Start 'calibre-serve' service, if calibre_enabled
systemd:
daemon_reload: yes
name: calibre-serve
enabled: yes
state: restarted
when: calibre_enabled
- name: Disable & Stop 'calibre-serve' service, if not calibre_enabled
systemd:
name: calibre-serve
enabled: no
state: stopped
when: not calibre_enabled

86
roles/calibre/tasks/main.yml
View file

@ -19,65 +19,37 @@
quiet: yes
- name: Install Calibre if 'calibre_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: calibre_installed is undefined
- block:
# http://box:8080 & http://box:8080/mobile WORK BUT OTHER URL'S LIKE http://box/calibre ARE A MESS (BOOKS RARELY DISPLAY)
#
# 2018-08-27 POSSIBLE FIX...CONSIDER THIS ProxyPass / ProxyPassReverse TECHNIQUE:
# https://github.com/iiab/iiab/tree/master/roles/calibre-web/templates/calibre-web.conf.j2
# (anyway this works great for calibre-web, allowing http://box/books
# to work even better than http://box:8083 when box == 192.168.0.x !)
#
#- name: Attempt to enable http://box/calibre via Apache (UNTESTED)
# command: a2ensite calibre.conf
# when: apache_installed and calibre_enabled
#
#- name: Attempt to disable http://box/calibre via Apache (UNTESTED)
# command: a2dissite calibre.conf
# when: apache_installed and not calibre_enabled
- name: Install Calibre if 'calibre_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: calibre_installed is undefined
- name: Enable & (Re)Start 'calibre-serve' service, if calibre_enabled
systemd:
daemon_reload: yes
name: calibre-serve
enabled: yes
state: restarted
when: calibre_enabled
- include_tasks: enable-or-disable.yml
- name: Disable & Stop 'calibre-serve' service, if not calibre_enabled
systemd:
name: calibre-serve
enabled: no
state: stopped
when: not calibre_enabled
- name: Add 'calibre' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: calibre
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Calibre
- option: description
value: '"Calibre is an extremely popular personal library system for e-books."'
- option: calibre_src_url
value: "{{ calibre_src_url }}"
- option: calibre_dbpath
value: "{{ calibre_dbpath }}"
- option: calibre_port
value: "{{ calibre_port }}"
- option: calibre_enabled
value: "{{ calibre_enabled }}"
#- name: Enable/Disable/Restart Apache if primary
# include_tasks: apache.yml
# when: not nginx_enabled
#
#- name: Enable/Disable/Restart NGINX if primary
# include_tasks: nginx.yml
# when: nginx_enabled
rescue:
- name: Add 'calibre' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: calibre
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Calibre
- option: description
value: '"Calibre is an extremely popular personal library system for e-books."'
- option: calibre_src_url
value: "{{ calibre_src_url }}"
- option: calibre_dbpath
value: "{{ calibre_dbpath }}"
- option: calibre_port
value: "{{ calibre_port }}"
- option: calibre_enabled
value: "{{ calibre_enabled }}"
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

2
roles/captiveportal/README.md
View file

@ -1,4 +1,4 @@
_Please Also See: http://FAQ.IIAB.IO > ["Captive Portal Administration: What tips & tricks exist?"](http://wiki.laptop.org/go/IIAB/FAQ#Captive_Portal_Administration:_What_tips_.26_tricks_exist.3F)_
_Please Also See: http://FAQ.IIAB.IO > ["Captive Portal Administration: What tips & tricks exist?"](https://wiki.iiab.io/go/FAQ#Captive_Portal_Administration:_What_tips_&_tricks_exist%3F)_
## Theory of Operation

2
roles/captiveportal/tasks/install.yml
View file

@ -26,7 +26,7 @@
mode: "{{ item.mode }}"
with_items:
- { src: roles/captiveportal/templates/checkurls, dest: /opt/iiab/captiveportal/, mode: '0644' }
- { src: roles/captiveportal/templates/iiab-divert-to-nginx, dest: /usr/sbin/, mode: '0755' }
- { src: roles/captiveportal/templates/iiab-divert-to-nginx.j2, dest: /usr/sbin/iiab-divert-to-nginx, mode: '0755' }
- { src: roles/captiveportal/templates/iiab-make-cp-servers.py, dest: /usr/sbin/, mode: '0755' }
- name: Install /opt/iiab/captiveportal/capture-wsgi.py from template, mode '0755' (creates the server)

46
roles/captiveportal/tasks/main.yml
View file

@ -19,27 +19,33 @@
quiet: yes
- name: Install Captive Portal if 'captiveportal_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: captiveportal_installed is undefined
- block:
- name: Install Captive Portal if 'captiveportal_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: captiveportal_installed is undefined
- name: Enable or Disable Captive Portal
include_tasks: enable-or-disable.yml
- include_tasks: enable-or-disable.yml
- name: Add 'captiveportal' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: captiveportal
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Captive Portal
- option: description
value: '"Captive Portal tries to open the browser automatically, so users don''t have to type in URL''s like http://box.lan in support of kiosk-like situations, in multilingual and less literate communities."'
- option: captiveportal_install
value: "{{ captiveportal_install }}"
- option: captiveportal_enabled
value: "{{ captiveportal_enabled }}"
- name: Add 'captiveportal' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: captiveportal
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Captive Portal
- option: description
value: '"Captive Portal tries to open the browser automatically, so users don''t have to type in URL''s like http://box.lan in support of kiosk-like situations, in multilingual and less literate communities."'
- option: captiveportal_install
value: "{{ captiveportal_install }}"
- option: captiveportal_enabled
value: "{{ captiveportal_enabled }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

2
roles/captiveportal/templates/iiab-divert-to-nginx → roles/captiveportal/templates/iiab-divert-to-nginx.j2
View file

@ -1,4 +1,4 @@
#!/bin/bash -x
awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
awk '{print("address=/" $1 "/{{ lan_ip }}")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
echo "#following tells windows 7 that captive portal is active" >> /etc/dnsmasq.d/capture
echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture

2
roles/cups/README.md
View file

@ -2,7 +2,7 @@
[CUPS](https://en.wikipedia.org/wiki/CUPS) (also known as the "Common UNIX Printing System") is the standards-based, open source printing system for Linux and macOS.
It allows your [Internet-in-a-Box (IIAB)](http://internet-in-a-box.org) to act as a print server.
It allows your [Internet-in-a-Box (IIAB)](https://internet-in-a-box.org) to act as a print server.
This can be useful if a printer is attached to your IIAB &mdash; so student/teacher print jobs from client computers and phones can be processed &mdash; and then sent to the appropriate printer.

10
roles/cups/tasks/install.yml
View file

@ -49,7 +49,7 @@
blockinfile:
path: /etc/cups/cupsd.conf
insertafter: '^<Location /admin>$'
block: |2 # Indent with 2 spaces, and surround block with 2 comment lines: "# BEGIN ANSIBLE MANAGED BLOCK", "# END ANSIBLE MANAGED BLOCK"
block: |2 # |n MEANS: Set the block's left edge n CHARACTERS TO THE RIGHT of *this line's* indentation -- where n is {1..9} -- instead of setting its left edge to the 1st non-blank line's indentation below. Also surround block with comment lines: "# BEGIN ANSIBLE MANAGED BLOCK", "# END ANSIBLE MANAGED BLOCK"
AuthType Default
Require user @SYSTEM
@ -76,14 +76,14 @@
name: cups
state: started
# - name: "Authorize Nearby IP Addresses: Run 'cupsctl --remote-admin --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://172.18.96.1:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf"
# - name: "Authorize Nearby IP Addresses: Run 'cupsctl --remote-admin --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://{{ lan_ip }}:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf"
# command: cupsctl --remote-admin --share-printers --user-cancel-any
# 2021-07-11: BOTH FLAGS *CANNOT* BE USED TOGETHER -- CHOOSE ONE OR THE OTHER:
# (1) '--remote-admin' AS ABOVE, OR (2) '--remote-any' AS BELOW.
# (RUN 'cupsctl' WITHOUT PARAMETERS TO CONFIRM THIS!)
- name: "Authorize All IP Addresses: Run 'cupsctl --remote-any --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://172.18.96.1:631 AND http://10.8.0.y:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf"
- name: "Authorize All IP Addresses: Run 'cupsctl --remote-any --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://{{ lan_ip }}:631 AND http://10.8.0.y:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf"
command: cupsctl --remote-any --share-printers --user-cancel-any
# 2021-07-11: In theory 'cupsctl' stanzas could be put in enable-or-disable.yml
@ -96,7 +96,7 @@
# command: cupsctl --no-remote-admin --no-remote-any --no-share-printers --no-user-cancel-any --no-debug-logging
# when: not cups_enabled
# - name: "2021-07-14: EXPERIMENTALLY ADD DIRECTIVES TO /etc/cups/cupsd.conf followed by 'systemctl restart cups'. As should no longer be nec thanks to NEW cups/templates/cups.conf for /etc/nginx/conf.d/cups.conf (followed by 'systemctl restart nginx'). Which FIXED URL'S LIKE: http://box/print, http://box.lan/print, http://192.168.0.x/print, http://172.18.96.1/print and http://10.8.0.x/print (WITH OR WITHOUT THE TRAILING SLASH!) RECAP: (1) So be it that these 2 URL'S STILL DON'T WORK: http://box:631, http://box.lan:631 (due to CUPS' internal web server's overly stringent hostname checks, i.e. '400 Bad Request' and 'Request from \"localhost\" using invalid Host: field \"box[.lan]:631\".' in /var/log/cups/error_log) -- (2) While these 2 URL'S STILL DO WORK: http://localhost:631, http://127.0.0.1:631 -- (3) Whereas these 3 URL'S MAY WORK, DEPENDING ON 'cupsctl' COMMAND(S) ABOVE: http://192.168.0.x:631, http://172.18.96.1:631, http://10.8.0.x:631"
# - name: "2021-07-14: EXPERIMENTALLY ADD DIRECTIVES TO /etc/cups/cupsd.conf followed by 'systemctl restart cups'. As should no longer be nec thanks to NEW cups/templates/cups.conf for /etc/nginx/conf.d/cups.conf (followed by 'systemctl restart nginx'). Which FIXED URL'S LIKE: http://box/print, http://box.lan/print, http://192.168.0.x/print, http://{{ lan_ip }}/print and http://10.8.0.x/print (WITH OR WITHOUT THE TRAILING SLASH!) RECAP: (1) So be it that these 2 URL'S STILL DON'T WORK: http://box:631, http://box.lan:631 (due to CUPS' internal web server's overly stringent hostname checks, i.e. '400 Bad Request' and 'Request from \"localhost\" using invalid Host: field \"box[.lan]:631\".' in /var/log/cups/error_log) -- (2) While these 2 URL'S STILL DO WORK: http://localhost:631, http://127.0.0.1:631 -- (3) Whereas these 3 URL'S MAY WORK, DEPENDING ON 'cupsctl' COMMAND(S) ABOVE: http://192.168.0.x:631, http://{{ lan_ip }}:631, http://10.8.0.x:631"
# lineinfile:
# path: /etc/cups/cupsd.conf
# line: "{{ item }}"
@ -105,7 +105,7 @@
# - "HostNameLookups On" # More False Leads: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530027
# - "ServerAlias *"
# - "#ServerName {{ iiab_hostname }}.{{ iiab_domain }}" # box.lan
# - "#Listen {{ lan_ip }}:631" # 172.18.96.1
# - "#Listen {{ lan_ip }}:631" # e.g. 10.10.10.10
# - "#Listen 127.0.0.1:631"
# - "#Listen 0.0.0.0:631"
# - "#Listen *:631"

2
roles/cups/templates/cups.conf.j2
View file

@ -21,7 +21,7 @@ location ~ ^/print(|/.*)$ { # '~' -> '~*' for case-insensitive regex
return 301 http://localhost:631;
}
return 301 http://$host:631; # For 192.168.0.x, 172.18.96.1, 10.8.0.y ETC
return 301 http://$host:631; # For 192.168.0.x, 10.10.10.10, 172.18.96.1, 10.8.0.y ETC
}

18
roles/firmware/tasks/download.yml
View file

@ -9,19 +9,19 @@
- brcmfmac43455-sdio.clm_blob
ignore_errors: yes
- name: Download higher-capacity firmware (for RPi internal WiFi, per https://github.com/iiab/iiab/issues/823#issuecomment-662285202 and https://github.com/iiab/iiab/issues/2853)
- name: Download higher-capacity firmwares (for RPi internal WiFi, per https://github.com/iiab/iiab/issues/823#issuecomment-662285202 and https://github.com/iiab/iiab/issues/2853)
get_url:
url: "{{ item }}"
url: "{{ iiab_download_url }}/{{ item }}"
dest: /lib/firmware/brcm/
timeout: "{{ download_timeout }}"
with_items:
- http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2021-11-30_minimal # 19 -- from https://github.com/RPi-Distro/firmware-nonfree/blob/feeeda21e930c2e182484e8e1269b61cca2a8451/debian/config/brcm80211/cypress/cyfmac43455-sdio-minimal.bin
- http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2021-10-05_3rd-trial-minimal # 24 -- from https://github.com/iiab/iiab/issues/2853#issuecomment-934293015
- http://d.iiab.io/packages/brcmfmac43455-sdio.clm_blob_2021-11-17_rpi # Works w/ both above -- from https://github.com/RPi-Distro/firmware-nonfree/blob/dc406650e840705957f8403efeacf71d2d7543b3/debian/config/brcm80211/cypress/cyfmac43455-sdio.clm_blob
- http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1 # 32 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202
- http://d.iiab.io/packages/brcmfmac43455-sdio.clm_blob_2018-02-26_rpi
- http://d.iiab.io/packages/brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65 # 30 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202
- http://d.iiab.io/packages/brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65
- brcmfmac43455-sdio.bin_2021-11-30_minimal # 19 -- from https://github.com/RPi-Distro/firmware-nonfree/blob/feeeda21e930c2e182484e8e1269b61cca2a8451/debian/config/brcm80211/cypress/cyfmac43455-sdio-minimal.bin
- brcmfmac43455-sdio.bin_2021-10-05_3rd-trial-minimal # 24 -- from https://github.com/iiab/iiab/issues/2853#issuecomment-934293015
- brcmfmac43455-sdio.clm_blob_2021-11-17_rpi # Works w/ both above -- from https://github.com/RPi-Distro/firmware-nonfree/blob/dc406650e840705957f8403efeacf71d2d7543b3/debian/config/brcm80211/cypress/cyfmac43455-sdio.clm_blob
- brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1 # 32 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202
- brcmfmac43455-sdio.clm_blob_2018-02-26_rpi
- brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65 # 30 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202
- brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65
# RECORD firmware AS DOWNLOADED

2
roles/firmware/tasks/main.yml
View file

@ -18,7 +18,7 @@
- name: Install firmware (for RPi internal WiFi)
include_tasks: install.yml
#when: firmware_installed is undefined
when: firmware_installed is undefined
# Two variables are placed in /etc/iiab/iiab_state.yml:
#

9
roles/firmware/templates/iiab-check-firmware
View file

@ -44,10 +44,11 @@ else
echo -e "settings in /etc/iiab/local_vars.yml, please then run:"
echo
echo -e " cd /opt/iiab/iiab"
echo -e " sudo iiab-hotspot-off # Sometimes nec, eg to restore 'wifi_up_down: True'"
echo -e " sudo ./iiab-network # Or, 'sudo ./runrole firmware' is SOMETIMES enough"
echo -e " sudo iiab-hotspot-on # Sometimes nec, eg to restore 'wifi_up_down: True'"
echo -e " sudo poweroff\n"
echo -e " sudo iiab-hotspot-off # NO LONGER NEC? eg to restore 'wifi_up_down: True'"
echo -e " sudo ./runrole --reinstall firmware"
echo -e " sudo ./iiab-network # SOMETIMES NECESSARY"
echo -e " sudo iiab-hotspot-on # NO LONGER NEC? eg to restore 'wifi_up_down: True'"
echo -e " sudo reboot\n"
#echo
#echo -e "Disconnect your power cord before rebooting, for better WiFi firmware results.\n"
fi

2
roles/firmware/templates/iiab-firmware-warn.sh
View file

@ -3,7 +3,7 @@
if [ -f /tmp/.fw_modified ]; then
echo -e "\n\e[41;1mWiFi Firmware link(s) modified, per iiab/iiab#2853: PLEASE REBOOT!\e[0m"
echo
echo -e "If you want this warning to stop, run: sudo rm /tmp/.fw_modified\n"
echo -e "If you want this warning to stop, reboot to remove /tmp/.fw_modified\n"
fi
# \e[1m = bright white \e[100;1m = bright white, on gray \n\e[41;1m = bright white, on red

2
roles/gitea/defaults/main.yml
View file

@ -9,7 +9,7 @@
# Info needed to install Gitea:
gitea_version: 1.16 # 2022-01-30: Grabs latest point release from this branch. Rather than hardcoding (e.g. 1.14.5) every few weeks.
gitea_version: 1.17 # 2022-01-30: Grabs latest point release from this branch. Rather than hardcoding (e.g. 1.14.5) every few weeks.
iset_suffixes:
i386: 386
x86_64: amd64

16
roles/gitea/tasks/nginx.yml → roles/gitea/tasks/enable-or-disable.yml
View file

@ -1,3 +1,19 @@
- name: Enable & Restart 'gitea' systemd service, if gitea_enabled
systemd:
name: gitea
daemon_reload: yes
enabled: yes
state: restarted
when: gitea_enabled
- name: Disable & Stop 'gitea' systemd service, if not gitea_enabled
systemd:
name: gitea
enabled: no
state: stopped
when: not gitea_enabled
- name: Enable http://box{{ gitea_url }} via NGINX, by installing {{ nginx_conf_dir }}/gitea-nginx.conf from template
template:
src: gitea-nginx.conf.j2

2
roles/gitea/tasks/install.yml
View file

@ -43,7 +43,7 @@
msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\""
when: gitea_iset_suffix == "unknown"
- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~103 MB)
- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~100 MB, SLOW DOWNLOAD CAN TAKE ~15 MIN)
get_url:
url: "{{ gitea_download_url }}"
dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.16

67
roles/gitea/tasks/main.yml
View file

@ -19,46 +19,37 @@
quiet: yes
- name: Install Gitea {{ gitea_version }} if 'gitea_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: gitea_installed is undefined
- block:
- name: Install Gitea {{ gitea_version }} if 'gitea_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: gitea_installed is undefined
- name: Enable & Restart 'gitea' systemd service, if gitea_enabled
systemd:
name: gitea
daemon_reload: yes
enabled: yes
state: restarted
when: gitea_enabled
- include_tasks: enable-or-disable.yml
- name: Disable & Stop 'gitea' systemd service, if not gitea_enabled
systemd:
name: gitea
enabled: no
state: stopped
when: not gitea_enabled
- name: Add 'gitea' to list of services at {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: gitea
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Gitea
- option: description
value: '"Gitea is like GitHub for more offline communities: Git with a cup of tea"'
- option: gitea_install
value: "{{ gitea_install }}"
- option: gitea_enabled
value: "{{ gitea_enabled }}"
- option: gitea_run_directory
value: "{{ gitea_run_directory }}"
- option: gitea_url
value: "{{ gitea_url }}"
- name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml
rescue:
- name: Add 'gitea' to list of services at {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: gitea
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Gitea
- option: description
value: '"Gitea is like GitHub for more offline communities: Git with a cup of tea"'
- option: gitea_install
value: "{{ gitea_install }}"
- option: gitea_enabled
value: "{{ gitea_enabled }}"
- option: gitea_run_directory
value: "{{ gitea_run_directory }}"
- option: gitea_url
value: "{{ gitea_url }}"
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

10
roles/iiab-admin/README.rst
View file

@ -13,7 +13,7 @@
iiab-admin README
=================
`Internet-in-a-Box <http://internet-in-a-box.org>`_ (IIAB) encourages you to pay attention to the security of your learning community.
`Internet-in-a-Box <https://internet-in-a-box.org>`_ (IIAB) encourages you to pay attention to the security of your learning community.
This Ansible playbook is one of the very first that runs when you install IIAB, and we hope reading this helps you understand your choices:
@ -21,11 +21,11 @@ Configure user 'iiab-admin'
---------------------------
* `admin-user.yml <tasks/admin-user.yml>`_ configures a Linux user that will give you access to IIAB's Admin Console (http://box.lan/admin) after IIAB is installed — and can also help you at the command-line with IIAB community support commands like {iiab-diagnostics, iiab-hotspot-on, iiab-check-firmware, etc}.
* If initial creation of the user and password was somehow not already taken care of by IIAB's 1-line installer (http://download.iiab.io) or by your underlying OS, that too will be taken care of here.
* If initial creation of the user and password was somehow not already taken care of by IIAB's 1-line installer (https://download.iiab.io) or by your underlying OS, that too will be taken care of here.
* By default this user is ``iiab-admin`` with password ``g0adm1n``
* *Do change the default password if you haven't yet, by running:* **sudo passwd iiab-admin**
* After IIAB is installed, you can also change the password by logging into Admin Console (http://box.lan/admin) > Utilities > Change Password.
* If you prefer to use a pre-existing user like ``pi`` or ``ubuntu`` (or any other username) customize the variable ``iiab_admin_user`` in your `/etc/iiab/local_vars.yml <http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_ (preferably do this prior to installing IIAB!)
* If you prefer to use a pre-existing user like ``pi`` or ``ubuntu`` (or any other username) customize the variable ``iiab_admin_user`` in your `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ (preferably do this prior to installing IIAB!)
* You can set ``iiab_admin_can_sudo: False`` if you want a strict security lockdown (if you're really sure you won't need IIAB community support commands like `/usr/bin/iiab-diagnostics <../../scripts/iiab-diagnostics.README.md>`_, `/usr/bin/iiab-hotspot-on <../network/templates/network/iiab-hotspot-on>`_, `iiab-check-firmware <../firmware/templates/iiab-check-firmware>`_, etc!)
* You can also set ``iiab_admin_user_install: False`` if you're sure you know how to do all this `account and sudo configuration <tasks/admin-user.yml>`_ manually.
@ -36,14 +36,14 @@ Security
#. ``iiab-admin`` (specified by ``admin_console_group`` in `/opt/iiab/iiab/vars/default_vars.yml <../../vars/default_vars.yml>`_ and `/opt/iiab/iiab-admin-console/vars/default_vars.yml <https://github.com/iiab/iiab-admin-console/blob/master/vars/default_vars.yml>`_)
#. ``sudo``
* Please read much more about what escalated (root) actions are authorized when you log into IIAB's Admin Console, and how this works: https://github.com/iiab/iiab-admin-console/blob/master/Authentication.md
* If your IIAB includes OpenVPN, ``/root/.ssh/authorized_keys`` should be installed by `roles/openvpn/tasks/install.yml <../openvpn/tasks/install.yml>`_ to facilitate remote community support. Feel free to remove this as mentioned here: http://wiki.laptop.org/go/IIAB/Security
* If your IIAB includes OpenVPN, ``/root/.ssh/authorized_keys`` should be installed by `roles/openvpn/tasks/install.yml <../openvpn/tasks/install.yml>`_ to facilitate remote community support. Feel free to remove this as mentioned here: https://wiki.iiab.io/go/Security
* Auto-checking for the default/published password (as specified by ``iiab_admin_published_pwd`` in `/opt/iiab/iiab/vars/default_vars.yml <../../vars/default_vars.yml>`_) is implemented in `/etc/profile.d <templates/sshpwd-profile-iiab.sh>`_ (and `/etc/xdg/lxsession/LXDE-pi <templates/sshpwd-lxde-iiab.sh>`_ when it exists, i.e. on Raspberry Pi OS with desktop).
Example
=======
* If you later change your mind about ``sudo`` privileges for user 'iiab-admin' (as specified by ``iiab_admin_user``) then do this:
#. Go ahead and change the value of ``iiab_admin_can_sudo`` (to either True or False) in `/etc/iiab/local_vars.yml <http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_
#. Go ahead and change the value of ``iiab_admin_can_sudo`` (to either True or False) in `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_
#. Make sure that ``iiab_admin_user_install: True`` is also set.
#. Then re-run this Ansible playbook, by running ``cd /opt/iiab/iiab`` followed by ``sudo ./runrole --reinstall iiab-admin``

2
roles/iiab-admin/tasks/main.yml
View file

@ -23,7 +23,7 @@
# (1) by the OS installer
# (2) by the OS's graphical desktop tools
# (3) at the command-line: sudo passwd iiab-admin
# (4) by IIAB's 1-line installer: http://download.iiab.io
# (4) by IIAB's 1-line installer: https://download.iiab.io
# (5) by this role: roles/iiab-admin/tasks/admin-user.yml
# (6) by IIAB's Admin Console during installation
# ...and/or...

4
roles/iiab-admin/tasks/pwd-warnings.yml
View file

@ -1,3 +1,7 @@
# 2022-07-22: SIMILAR TO roles/www_options/tasks/main.yml FOR browser
# AND roles/network/tasks/netwarn.yml FOR iiab-network
- name: Install /etc/profile.d/sshpwd-profile-iiab.sh from template, to issue warnings (during shell/ssh logins) if iiab-admin password is the default
template:
src: sshpwd-profile-iiab.sh.j2

2
roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2
View file

@ -19,7 +19,7 @@ check_user_pwd() {
# enough when user does not exist. Or uncomment to FORCE ERROR CODE 2.
# Either way, overall bash script still returns exit code 0 ("success")
# sudo works below (unlike in sshpwd-profile-iiab.sh) b/c RaspiOS ships w/
# sudo works below (unlike in sshpwd-profile-iiab.sh) b/c RasPiOS ships w/
# /etc/sudoers.d/010_pi-nopasswd containing "pi ALL=(ALL) NOPASSWD: ALL"
# (read access to /etc/shadow is otherwise restricted to just root and
# group www-data i.e. Apache, NGINX get special access). SEE: #2431, #2561

4
roles/internetarchive/README.md
View file

@ -8,7 +8,7 @@ Access to our library of millions of books, journals, audio and video recordings
This Ansible role installs the Internet Archive's dweb-mirror project on
Internet-in-a-Box (IIAB). Use this to build up a dynamic offline library
arising from the materials you can explore at http://dweb.archive.org
arising from the materials you can explore at https://dweb.archive.org
The Offline Internet Archive server:
@ -248,7 +248,7 @@ and just checks the content is up to date.
## Managing collections on Internet Archive
You can create and manage your own collections on the [Internet Archive site](http://www.archive.org).
You can create and manage your own collections on the [Internet Archive site](https://www.archive.org).
Other people can then crawl those collections.
First get in touch with Mitra Ardron at `mitra@archive.org`, as processes may have changed since this is written.

16
roles/internetarchive/tasks/nginx.yml → roles/internetarchive/tasks/enable-or-disable.yml
View file

@ -1,3 +1,19 @@
- name: Enable & Restart 'internetarchive' systemd service, if internetarchive_enabled
systemd:
name: internetarchive
daemon_reload: yes
enabled: yes
state: restarted
when: internetarchive_enabled
- name: Disable & Stop 'internetarchive' systemd service, if not internetarchive_enabled
systemd:
name: internetarchive
enabled: no
state: stopped
when: not internetarchive_enabled
- name: Enable http://box/archive via NGINX, by installing {{ nginx_conf_dir }}/internetarchive-nginx.conf from template
template:
src: internetarchive-nginx.conf.j2 # TO DO: roles/internetarchive/templates/internetarchive-nginx.conf.j2

94
roles/internetarchive/tasks/main.yml
View file

@ -19,76 +19,60 @@
quiet: yes
# 2020-02-11: @mitra42 & @holta agree (#2247) that the following 2-stanza
# "UPDATE internetarchive" block should run whenever one isn't installing
# (or reinstalling) internetarchive, for now. We're aware this means slowness
# during "./runrole internetarchive" but that's very intentional for now -- as
# it leads to more testing of more recent versions of internetarchive, which
# is strongly desired. Finally, these current norms can and probably will be
# changed in future, when broader IIAB norms develop around "./runrole
# --upgrade internetarchive" or "./runrole --update internetarchive" or such,
# as may evolve @ https://github.com/iiab/iiab/pull/2238#discussion_r376168178
- block:
- block: # BEGIN 2-STANZA BLOCK
# 2020-02-11: @mitra42 & @holta agree (#2247) that the following 2-stanza
# "UPDATE internetarchive" portion should run whenever one isn't installing
# (or reinstalling) internetarchive, for now. We're aware this means slowness
# during "./runrole internetarchive" but that's very intentional for now -- as
# it leads to more testing of more recent versions of internetarchive, which
# is strongly desired. Finally, these current norms can and probably will be
# changed in future, when broader IIAB norms develop around "./runrole
# --upgrade internetarchive" or "./runrole --update internetarchive" or such,
# as may evolve @ https://github.com/iiab/iiab/pull/2238#discussion_r376168178
- name: "UPGRADE: Stop 'internetarchive' systemd service, if internetarchive_installed is defined"
systemd:
name: internetarchive
daemon_reload: yes
state: stopped
when: internetarchive_installed is defined
- name: "UPGRADE: Run 'yarn upgrade' in {{ internetarchive_dir }}, if internetarchive_installed is defined"
shell: yarn config set child-concurrency 1 && yarn install && yarn upgrade
args:
chdir: "{{ internetarchive_dir }}"
when: internetarchive_installed is defined
when: internetarchive_installed is defined # END 2-STANZA BLOCK
# "ELSE" INSTALL...
# "ELSE" INSTALL...
- name: Install Internet Archive if 'internetarchive_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: internetarchive_installed is undefined
- name: Install Internet Archive if 'internetarchive_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: internetarchive_installed is undefined
# ENABLE/DISABLE/RESTART SYSTEMD SERVICE & WEB SERVERS AS NEC ?
- name: Enable & Restart 'internetarchive' systemd service, if internetarchive_enabled
systemd:
name: internetarchive
daemon_reload: yes
enabled: yes
state: restarted
when: internetarchive_enabled
- name: Disable & Stop 'internetarchive' systemd service, if not internetarchive_enabled
systemd:
name: internetarchive
enabled: no
state: stopped
when: not internetarchive_enabled
# - name: Enable/Disable/Restart Apache if primary
# include_tasks: apache.yml
# when: apache_installed is defined and not nginx_enabled
- name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml
#when: nginx_enabled
- include_tasks: enable-or-disable.yml
- name: Add 'internetarchive' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: internetarchive
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Internet Archive
- option: description
value: '"Take the Internet Archive experience and materials offline, in a decentralized way!"'
- option: internetarchive_install
value: "{{ internetarchive_install }}"
- option: internetarchive_enabled
value: "{{ internetarchive_enabled }}"
- name: Add 'internetarchive' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: internetarchive
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Internet Archive
- option: description
value: '"Take the Internet Archive experience and materials offline, in a decentralized way!"'
- option: internetarchive_install
value: "{{ internetarchive_install }}"
- option: internetarchive_enabled
value: "{{ internetarchive_enabled }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

2
roles/jupyterhub/README.md
View file

@ -74,4 +74,4 @@ _WARNING: If on login users see "500 : Internal Server Error", you may need to r
While PAWS is a little bit off topic, if you have an interest in Wikipedia, please do see this 23m 42s video ["Intro to PAWS/Jupyter notebooks for Python beginners"](https://www.youtube.com/watch?v=AUZkioRI-aA&list=PLeoTcBlDanyNQXBqI1rVXUqUTSSiuSIXN&index=8) by Chico Venancio, from 2021-06-01.
He explains PAWS as a "powerful Python execution environment http://paws.wmcloud.org [allowing] ordinary folks to write interactive scripts to work with Wikimedia content."
He explains PAWS as a "powerful Python execution environment https://paws.wmcloud.org = https://wikitech.wikimedia.org/wiki/PAWS [allowing] ordinary folks to write interactive scripts to work with Wikimedia content."

53
roles/jupyterhub/tasks/install.yml
View file

@ -33,21 +33,33 @@
global: yes
state: latest
- name: "pip install 7 packages into virtual environment: {{ jupyterhub_venv }} (~229 MB)"
- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~304 MB total, after 2 Ansible calls)"
pip:
name:
- pip
- wheel
- ipywidgets
- jupyterhub
virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub
virtualenv_site_packages: no
virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below
#virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2)
extra_args: "--no-cache-dir" # 2021-11-30, 2022-07-07: The "--pre" flag had earlier been needed, for beta-like pre-releases of JupyterHub 2.0.0
# 2022-07-07: Attempting to "pip install" all 7 together (3 above + 4 below)
# fails on OS's like 64-bit RasPiOS (but interestingly works on Ubuntu 22.04!)
# https://github.com/iiab/iiab/issues/3283
- name: Break up jupyterhub/jupyterlab pip installs into 2 parts (3 packages above + 4 packages here) due to mutual dependency deadlock on some OS's
pip:
name:
- jupyterlab
- jupyterhub_firstuseauthenticator
- jupyterhub-systemdspawner
virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub
- ipywidgets
virtualenv: "{{ jupyterhub_venv }}"
virtualenv_site_packages: no
virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2021-07-29: This works on RaspiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below
#virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2)
extra_args: "--no-cache-dir --pre" # 2021-11-30: The "--pre" flag should likely be removed after JupyterHub 2.0.0 is released.
virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}"
extra_args: "--no-cache-dir"
- name: "Install from template: {{ jupyterhub_venv }}/etc/jupyterhub/jupyterhub_config.py"
template:
@ -59,20 +71,21 @@
src: jupyterhub.service.j2
dest: /etc/systemd/system/jupyterhub.service
- name: Install {{ jupyterhub_venv }}/bin/getsite.py from template, to fetch site_packages path, e.g. {{ jupyterhub_venv }}/lib/python{{ python_ver }}/site-packages
template:
src: getsite.py.j2
dest: "{{ jupyterhub_venv }}/bin/getsite.py"
mode: 0755
- name: Install patch_FUA.sh from template -- to (1) fix async password-changing page, and (2) force usernames to lowercase -- patching $SITE_PACKAGES/firstuseauthenticator/firstuseauthenticator.py
template:
src: patch_FUA.sh.j2
dest: "{{ jupyterhub_venv }}/bin/patch_FUA.sh"
mode: 0755
- name: "Run the above two, via: {{ jupyterhub_venv }}/bin/patch_FUA.sh"
command: "{{ jupyterhub_venv }}/bin/patch_FUA.sh"
# 2022-07-07: No longer needed, thx to upstream fixes
# - name: Install {{ jupyterhub_venv }}/bin/getsite.py from template, to fetch site_packages path, e.g. {{ jupyterhub_venv }}/lib/python{{ python_ver }}/site-packages
# template:
# src: getsite.py.j2
# dest: "{{ jupyterhub_venv }}/bin/getsite.py"
# mode: 0755
#
# - name: Install patch_FUA.sh from template -- to (1) fix async password-changing page, and (2) force usernames to lowercase -- patching $SITE_PACKAGES/firstuseauthenticator/firstuseauthenticator.py
# template:
# src: patch_FUA.sh.j2
# dest: "{{ jupyterhub_venv }}/bin/patch_FUA.sh"
# mode: 0755
#
# - name: "Run the above two, via: {{ jupyterhub_venv }}/bin/patch_FUA.sh"
# command: "{{ jupyterhub_venv }}/bin/patch_FUA.sh"
- name: Install patch_http-warning.sh from template, to turn off the warning about http insecurity, in {{ jupyterhub_venv }}/share/jupyterhub/templates/login.html
template:

45
roles/jupyterhub/tasks/main.yml
View file

@ -19,26 +19,33 @@
quiet: yes
- name: Install Jupyter if jupyterhub_installed not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: jupyterhub_installed is undefined
- block:
- name: Install Jupyter if jupyterhub_installed not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: jupyterhub_installed is undefined
- include_tasks: enable-or-disable.yml
- include_tasks: enable-or-disable.yml
- name: Add 'jupyterhub' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: jupyterhub
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: JupyterHub
- option: description
value: '"High Schools may want to consider JupyterHub to integrate coding with dynamic interactive graphing — A New Way to Think About Programming — allowing students to integrate science experiment results and program output within their notebook/document/blog."'
- option: jupyterhub_install
value: "{{ jupyterhub_install }}"
- option: jupyterhub_enabled
value: "{{ jupyterhub_enabled }}"
- name: Add 'jupyterhub' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: jupyterhub
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: JupyterHub
- option: description
value: '"High Schools may want to consider JupyterHub to integrate coding with dynamic interactive graphing — A New Way to Think About Programming — allowing students to integrate science experiment results and program output within their notebook/document/blog."'
- option: jupyterhub_install
value: "{{ jupyterhub_install }}"
- option: jupyterhub_enabled
value: "{{ jupyterhub_enabled }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

0
roles/jupyterhub/templates/getsite.py.j2 → roles/jupyterhub/templates/getsite.py.j2.unused
View file

0
roles/jupyterhub/templates/patch_FUA.sh.j2 → roles/jupyterhub/templates/patch_FUA.sh.j2.unused
View file

14
roles/kalite/tasks/enable-or-disable.yml Normal file
View file

@ -0,0 +1,14 @@
- name: Enable & (Re)Start 'kalite-serve' service, if kalite_enabled
systemd:
daemon_reload: yes
name: kalite-serve
enabled: yes
state: restarted
when: kalite_enabled
- name: Disable & Stop 'kalite-serve' service, if not kalite_enabled
systemd:
name: kalite-serve
enabled: no
state: stopped
when: not kalite_enabled

2
roles/kalite/tasks/install.yml
View file

@ -65,7 +65,7 @@
replace: 'a-zA-Z0-9\-'
when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19)
# 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already.
# JV: why not just is_ubuntu_20? AH: to make this work on Ubuntu 21+ and ideally Debian/RaspiOS 11+ too?
# JV: why not just is_ubuntu_20? AH: to make this work on Ubuntu 21+ and ideally Debian/RasPiOS 11+ too?
- name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes, if Raspbian/Debian < 11 or Ubuntu < 20
replace:

64
roles/kalite/tasks/main.yml
View file

@ -19,43 +19,37 @@
quiet: yes
- name: Install KA Lite if 'kalite_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: kalite_installed is undefined
- block:
- name: Install KA Lite if 'kalite_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: kalite_installed is undefined
- name: Enable & (Re)Start 'kalite-serve' service, if kalite_enabled
systemd:
daemon_reload: yes
name: kalite-serve
enabled: yes
state: restarted
when: kalite_enabled
- include_tasks: enable-or-disable.yml
- name: Disable & Stop 'kalite-serve' service, if not kalite_enabled
systemd:
name: kalite-serve
enabled: no
state: stopped
when: not kalite_enabled
- name: Add 'kalite' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: kalite
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: "KA Lite"
- option: description
value: '"KA Lite downloads Khan Academy videos for offline use, with exercises and accounts if students want to track their own progress."'
- option: kalite_install
value: "{{ kalite_install }}"
- option: kalite_enabled
value: "{{ kalite_enabled }}"
- option: path
value: "{{ kalite_root }}"
- option: port
value: "{{ kalite_server_port }}"
rescue:
- name: Add 'kalite' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: kalite
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: "KA Lite"
- option: description
value: '"KA Lite downloads Khan Academy videos for offline use, with exercises and accounts if students want to track their own progress."'
- option: kalite_install
value: "{{ kalite_install }}"
- option: kalite_enabled
value: "{{ kalite_enabled }}"
- option: path
value: "{{ kalite_root }}"
- option: port
value: "{{ kalite_server_port }}"
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

20
roles/kiwix/README.rst
View file

@ -3,21 +3,21 @@ Kiwix README
============
Kiwix develops ZIM file creation & rendering tools for offline action,
as summarized at: http://wiki.kiwix.org/wiki/Software
as summarized at: https://wiki.kiwix.org/wiki/Software
Internet-in-a-Box uses the kiwix-serve and kiwix-manage executables (in
/opt/iiab/kiwix/bin) to set up and render ZIM files such as Wikipedia, and
other educational materials: http://download.kiwix.org/zim/
Internet-in-a-Box uses `kiwix-tools <https://github.com/kiwix/kiwix-tools>`_ executables like kiwix-manage, kiwix-serve and kiwix-search (in
``/opt/iiab/kiwix/bin``) to set up and render ZIM files (such as Wikipedia, and
other educational materials) typically from https://download.kiwix.org/zim/
Locations
---------
- Your ZIM files go in /library/zims/content
- Your ZIM index files go in directories under /library/zims/index (these index files are increasingly no longer necessary, as most ZIM files produced since 2017 contain an internal search index instead!)
- Your ZIM files go in ``/library/zims/content``
- Your ZIM index files used to go in directories under ``/library/zims/index`` (these index files are increasingly no longer necessary, as most ZIM files produced since 2017 contain an internal search index instead!)
- The URL is http://box/kiwix or http://box.lan/kiwix (both proxied for AWStats)
- Use URL http://box:3000/kiwix/ if you want to avoid the proxy
- Use URL http://box:3000/kiwix if you want to avoid the proxy
Your local ZIM catalog (at /library/zims/library.xml) can be regenerated by running:
/usr/bin/iiab-make-kiwix-lib
Your ``/library/zims/library.xml`` (containing essential metadata for the ZIM files you've installed) can be regenerated if necessary, by running:
``/usr/bin/iiab-make-kiwix-lib``
See "How do I add ZIM files, like Wikipedia?" at http://FAQ.IIAB.IO
See also "How do I add ZIM files, like Wikipedia?" at http://FAQ.IIAB.IO

12
roles/kiwix/defaults/main.yml
View file

@ -22,13 +22,13 @@
kiwix_library_xml: "{{ iiab_zim_path }}/library.xml"
# 3 lines below specify which version(s) of kiwix-tools to download from...
# http://download.iiab.io/packages/ ...as originally obtained from...
# http://download.kiwix.org/release/kiwix-tools/ ...or sometimes...
# http://download.kiwix.org/nightly/
# https://download.iiab.io/packages/ ...as originally obtained from...
# https://download.kiwix.org/release/kiwix-tools/ ...or sometimes...
# https://download.kiwix.org/nightly/
kiwix_version_armhf: kiwix-tools_linux-armhf-3.2.0-3
kiwix_version_linux64: kiwix-tools_linux-x86_64-3.2.0-3
kiwix_version_i686: kiwix-tools_linux-i586-3.2.0-3
kiwix_version_armhf: kiwix-tools_linux-armhf-3.3.0-1
kiwix_version_linux64: kiwix-tools_linux-x86_64-3.3.0-1
kiwix_version_i686: kiwix-tools_linux-i586-3.3.0-1
# kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2"
# v0.9 for i686 published May 2014 ("use it to test legacy ZIM content")

2
roles/kiwix/tasks/install.yml
View file

@ -34,7 +34,7 @@
- name: Download {{ iiab_download_url }}/{{ kiwix_src_file }} to /opt/iiab/downloads
get_url:
url: "{{ iiab_download_url }}/{{ kiwix_src_file }}" # http://download.iiab.io/packages
url: "{{ iiab_download_url }}/{{ kiwix_src_file }}" # https://download.iiab.io/packages
dest: "{{ downloads_dir }}/{{ kiwix_src_file }}" # /opt/iiab/downloads
timeout: "{{ download_timeout }}"

4
roles/kiwix/tasks/kiwix-apk.yml
View file

@ -6,12 +6,12 @@
- name: Download kiwix.apk to {{ doc_root }}{{ kiwix_apk_url }}
get_url:
url: "{{ kiwix_apk_src }}" # https://download.kiwix.org/release/kiwix-android/kiwix.apk
url: "{{ kiwix_apk_src }}" # e.g. https://download.kiwix.org/release/kiwix-android/kiwix.apk formerly kiwix-3.5.0.apk
dest: "{{ doc_root }}{{ kiwix_apk_url }}"
timeout: "{{ download_timeout }}"
- name: Symlink {{ doc_root }}{{ kiwix_apk_url }}/zims -> {{ iiab_zim_path }}/content
file:
src: "{{ iiab_zim_path }}/content" # /library/zims/content
path: "{{ doc_root }}{{ kiwix_apk_url }}/zims" # /library/www/html/softare/kiwix/zims
path: "{{ doc_root }}{{ kiwix_apk_url }}/zims" # /library/www/html/software/kiwix/zims
state: link

69
roles/kiwix/tasks/main.yml
View file

@ -19,38 +19,45 @@
quiet: yes
- name: Install Kiwix if 'kiwix_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: kiwix_installed is undefined
- block:
- name: Install Kiwix if 'kiwix_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: kiwix_installed is undefined
- include_tasks: enable-or-disable.yml
- include_tasks: enable-or-disable.yml
- name: Add 'kiwix' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}"
section: kiwix
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Kiwix
- option: description
value: '"Part of https://github.com/kiwix/kiwix-tools/ -- kiwix-serve is the most used web server for ZIM files."'
- option: kiwix_install
value: "{{ kiwix_install }}"
- option: kiwix_enabled
value: "{{ kiwix_enabled }}"
- option: kiwix_url
value: "{{ kiwix_url }}"
- option: kiwix_url_plus_slash
value: "{{ kiwix_url_plus_slash }}"
- option: kiwix_path
value: "{{ kiwix_path }}"
- option: kiwix_port
value: "{{ kiwix_port }}"
- option: iiab_zim_path
value: "{{ iiab_zim_path }}"
- option: kiwix_library_xml
value: "{{ kiwix_library_xml }}"
- name: Add 'kiwix' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}"
section: kiwix
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Kiwix
- option: description
value: '"Part of https://github.com/kiwix/kiwix-tools/ -- kiwix-serve is the most used web server for ZIM files."'
- option: kiwix_install
value: "{{ kiwix_install }}"
- option: kiwix_enabled
value: "{{ kiwix_enabled }}"
- option: kiwix_url
value: "{{ kiwix_url }}"
- option: kiwix_url_plus_slash
value: "{{ kiwix_url_plus_slash }}"
- option: kiwix_path
value: "{{ kiwix_path }}"
- option: kiwix_port
value: "{{ kiwix_port }}"
- option: iiab_zim_path
value: "{{ iiab_zim_path }}"
- option: kiwix_library_xml
value: "{{ kiwix_library_xml }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

12
roles/kiwix/templates/iiab-make-kiwix-lib
View file

@ -19,10 +19,16 @@ if flock -n -e 200; then :
# write to {{ kiwix_library_xml }}.tmp to minimize kiwix down
# zim map could be out of sync for a few seconds
# using new version that does deltas
cp $KIWIXLIB $KIWIXLIB.tmp
/usr/bin/iiab-make-kiwix-lib.py
if [ -f $KIWIXLIB ]; then
cp $KIWIXLIB $KIWIXLIB.tmp
/usr/bin/iiab-make-kiwix-lib.py
else
/usr/bin/iiab-make-kiwix-lib.py -f # force rebuild of library.xml
fi
{{ systemctl_program }} stop kiwix-serve
rm $KIWIXLIB
if [ -f $KIWIXLIB ]; then
rm $KIWIXLIB
fi
mv $KIWIXLIB.tmp $KIWIXLIB
{{ systemctl_program }} start kiwix-serve
else

3
roles/kolibri/defaults/main.yml
View file

@ -16,7 +16,8 @@
# https://github.com/iiab/iiab/issues/1675
# https://github.com/learningequality/kolibri/issues/5664
kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest
# 2022-07-30: UNCOMMENT THE FOLLOWING LINE TO TEST A PARTICULAR .deb INSTALL
# kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest
# 2019-11-21 issue #2045 - above URL had redirected to this broken Kolibri 0.12.9 release:
# https://storage.googleapis.com/le-releases/downloads/kolibri/v0.12.9/kolibri_0.12.9-0ubuntu1_all.deb
#

16
roles/kolibri/tasks/nginx.yml → roles/kolibri/tasks/enable-or-disable.yml
View file

@ -1,3 +1,19 @@
- name: Enable & Start 'kolibri' systemd service, if kolibri_enabled
systemd:
name: kolibri
daemon_reload: yes
enabled: yes
state: started
when: kolibri_enabled
- name: Disable & Stop 'kolibri' systemd service, if not kolibri_enabled
systemd:
name: kolibri
enabled: no
state: stopped
when: not kolibri_enabled
- name: Enable http://box{{ kolibri_url }} via NGINX, by installing {{ nginx_conf_dir }}/kolibri-nginx.conf from template # http://box/kolibri
template:
src: kolibri-nginx.conf.j2

81
roles/kolibri/tasks/install.yml
View file

@ -35,8 +35,57 @@
apt:
deb: "{{ kolibri_deb_url }}" # https://learningequality.org/r/kolibri-deb-latest
environment:
KOLIBRI_HOME: "{{ kolibri_home }}" # these don't do a thing for now but
KOLIBRI_HOME: "{{ kolibri_home }}" # These don't do a thing for now but
KOLIBRI_USER: "{{ kolibri_user }}" # both can't hurt & Might Help Later
when: kolibri_deb_url is defined
- block: # ELSE...
# https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html says:
# "When you use the PPA installation method, upgrades to newer versions
# will be automatic, provided there is internet access available."
- name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' (if is_ubuntu and not is_linuxmint)
apt_repository:
repo: ppa:learningequality/kolibri
when: is_ubuntu and not is_linuxmint
# 2022-08-19: 'add-apt-repository ppa:learningequality/kolibri' works at CLI on
# Mint 21 (creating /etc/apt/sources.list.d/learningequality-kolibri-jammy.list)
# BUT equivalent Ansible command (STANZA ABOVE) failed with error...
# "Failed to update apt cache: E:The repository 'http://ppa.launchpad.net/learningequality/kolibri/ubuntu vanessa Release' does not have a Release file."
# ...so for now we special case Mint, similar to Debian (BOTH STANZAS BELOW!)
# 2022-08-19: https://github.com/learningequality/kolibri/issues/9647 also asks
# about the warning below, arising no matter if codename is 'focal' or 'jammy'
# with Kolibri 0.15.6 on Mint 21 -- if you run '/usr/bin/kolibri --version':
#
# /usr/lib/python3/dist-packages/pkg_resources/__init__.py:116: PkgResourcesDeprecationWarning: 0.1.43ubuntu1 is an invalid version and will not be supported in a future release
# warnings.warn(
# 2022-08-19: 'apt-key list' & 'apt-key del 3194 DD81' are useful if you also
# want to clear out Kolibri's key from the DEPRECATED /etc/apt/trusted.gpg
- name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'jammy' (if is_linuxmint_21)
apt_repository:
repo: ppa:learningequality/kolibri
codename: jammy # CONSOLIDATE THIS STANZA WITH UBUNTU ABOVE IN FUTURE?
when: is_linuxmint_21
- name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'focal' (if is_debian or is_linuxmint_20)
apt_repository:
repo: ppa:learningequality/kolibri
codename: focal # UPDATE THIS TO 'jammy' AFTER "RasPiOS Bookworm" (based on Debian 12) IS RELEASED! (ETA Q3 2023)
when: is_debian or is_linuxmint_20
- name: apt install kolibri (populates {{ kolibri_home }}, migrates database) # i.e. /library/kolibri
apt:
name: kolibri
environment:
KOLIBRI_HOME: "{{ kolibri_home }}" # These don't do a thing for now but
KOLIBRI_USER: "{{ kolibri_user }}" # both can't hurt & Might Help Later
when: kolibri_deb_url is undefined
- name: 'Install from template: /etc/systemd/system/kolibri.service'
template:
@ -52,20 +101,20 @@
# 2019-10-01: Should no longer be nec, thanks to /etc/kolibri/daemon.conf
# containing KOLIBRI_HOME="/library/kolibri" (above)
#- name: Run Kolibri migrations to begin populating {{ kolibri_home }} # i.e. /library/kolibri
# shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" manage migrate
# ignore_errors: yes
# become: yes
# become_user: "{{ kolibri_user }}"
# when: kolibri_provision
# - name: Run Kolibri migrations to begin populating {{ kolibri_home }} # i.e. /library/kolibri
# shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" manage migrate
# ignore_errors: yes
# become: yes
# become_user: "{{ kolibri_user }}"
# when: kolibri_provision
# 2020-01-05: Deprecated per https://github.com/iiab/iiab/issues/2103
#- name: Set Kolibri default language ({{ kolibri_language }})
# shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" language setdefault "{{ kolibri_language }}"
# ignore_errors: yes
# become: yes
# become_user: "{{ kolibri_user }}"
# when: kolibri_provision
# - name: Set Kolibri default language ({{ kolibri_language }})
# shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" language setdefault "{{ kolibri_language }}"
# ignore_errors: yes
# become: yes
# become_user: "{{ kolibri_user }}"
# when: kolibri_provision
- name: 'Provision Kolibri, while setting: facility name, admin acnt / password, preset type, and language'
shell: >
@ -91,9 +140,9 @@
# 2019-10-07: Moved to roles/httpd/tasks/main.yml
# 2019-09-29: roles/kiwix/tasks/kiwix_install.yml installs 4 Apache modules
# for similar purposes (not all nec?) Only 1 (proxy_http) is needed here.
#- name: Enable Apache module proxy_http for http://box{{ kolibri_url }} # i.e. http://box/kolibri
# apache2_module:
# name: proxy_http
# - name: Enable Apache module proxy_http for http://box{{ kolibri_url }} # i.e. http://box/kolibri
# apache2_module:
# name: proxy_http
# RECORD Kolibri AS INSTALLED

83
roles/kolibri/tasks/main.yml
View file

@ -19,53 +19,46 @@
quiet: yes
#- name: "Set 'kolibri_provision: False' for a more lightweight (re)install"
# set_fact:
# kolibri_provision: False
# when: ???
- block:
- name: Install Kolibri, if 'kolibri_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: kolibri_installed is undefined
#- name: "Set 'kolibri_provision: False' for a more lightweight (re)install"
# set_fact:
# kolibri_provision: False
# when: ???
- name: Install Kolibri, if 'kolibri_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: kolibri_installed is undefined
- name: Enable & Start 'kolibri' systemd service, if kolibri_enabled
systemd:
name: kolibri
daemon_reload: yes
enabled: yes
state: started
when: kolibri_enabled
- name: Disable & Stop 'kolibri' systemd service, if not kolibri_enabled
systemd:
name: kolibri
enabled: no
state: stopped
when: not kolibri_enabled
- name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml
- include_tasks: enable-or-disable.yml
- name: Add 'kolibri' variable values to {{ iiab_ini_file }} # /etc/iiab/iiab.ini
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: kolibri
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Kolibri
- option: description
value: '"Kolibri is an open-source educational platform specially designed to provide offline access to a wide range of quality, openly licensed educational contents in low-resource contexts like rural schools, refugee camps, orphanages, and also in non-formal school programs."'
- option: kolibri_install
value: "{{ kolibri_install }}"
- option: kolibri_enabled
value: "{{ kolibri_enabled }}"
- option: kolibri_url
value: "{{ kolibri_url }}"
- option: kolibri_path
value: "{{ kolibri_exec_path }}"
- option: kolibri_port
value: "{{ kolibri_http_port }}"
- name: Add 'kolibri' variable values to {{ iiab_ini_file }} # /etc/iiab/iiab.ini
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: kolibri
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Kolibri
- option: description
value: '"Kolibri is an open-source educational platform specially designed to provide offline access to a wide range of quality, openly licensed educational contents in low-resource contexts like rural schools, refugee camps, orphanages, and also in non-formal school programs."'
- option: kolibri_install
value: "{{ kolibri_install }}"
- option: kolibri_enabled
value: "{{ kolibri_enabled }}"
- option: kolibri_url
value: "{{ kolibri_url }}"
- option: kolibri_path
value: "{{ kolibri_exec_path }}"
- option: kolibri_port
value: "{{ kolibri_http_port }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

2
roles/kolibri/templates/kolibri.service.j2
View file

@ -10,7 +10,7 @@ Environment=KOLIBRI_HTTP_PORT={{ kolibri_http_port }}
Environment=KOLIBRI_URL_PATH_PREFIX={{ kolibri_url_without_slash }}
User={{ kolibri_user }}
Group={{ apache_user }}
# 2020-10-03: Kolibri was timing out on RaspiOS & Ubuntu 20 NUC: iiab/iiab#2555
# 2020-10-03: Kolibri was timing out on RasPiOS & Ubuntu 20 NUC: iiab/iiab#2555
TimeoutStartSec=1200
# The following is the systemd default, which is too much for most teachers in
# low-electricity environments (30-60 sec is about all they can handle before

6
roles/lokole/README.rst
View file

@ -17,9 +17,9 @@ For an up-to-date list of supported languages, refer to the `Lokole translations
Using It
--------
If your IIAB was `installed <http://wiki.laptop.org/go/IIAB/FAQ#Is_a_quick_installation_possible.3F>`_ with the Lokole web app[*] it can be accessed at http://box/lokole
If your IIAB was `installed <https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible%3F>`_ with the Lokole web app[*] it can be accessed at http://box/lokole
[*] If you're not sure, verify that your IIAB's `/etc/iiab/local_vars.yml <http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_ contains ``lokole_install: True`` and ``lokole_enabled: True``
[*] If you're not sure, verify that your IIAB's `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ contains ``lokole_install: True`` and ``lokole_enabled: True``
By default in an offline community, ``lokole_sim_type: LocalOnly`` is set (e.g. instead of ``lokole_sim_type: Ethernet``) and email addresses will look like:
@ -85,7 +85,7 @@ The Lokole software can be configured to access the Internet via USB modem, SIM
If configured to work with a USB modem or other form of Internet connection, Lokole will sync with the cloud server (operated by `Ascoderu <https://ascoderu.ca/>`_) on a nightly basis to deliver and receive emails globally. *However, arranging this is extremely complicated.* You would need a compatible form of connection and an Internet expert familiar with modem protocols, MX records, etc. Ask that person to read the `Lokole software README <https://github.com/ascoderu/lokole/blob/master/README.rst>`_ in its entirety, to help you understand whether this is realistic for your organization.
Lokole and Internet-in-a-Box would welcome a business plan (whether volunteer-based, grant-based or for-profit) from someone willing to operationalize this — making it relatively hassle-free for schools, clinics, libraries and orphanages around the world — that generally do not have access to technical experts. Please `contact us <http://wiki.laptop.org/go/IIAB/FAQ#What_are_the_best_places_for_community_support.3F>`_ if you have the capacity to help make such a social enterprise happen.
Lokole and Internet-in-a-Box would welcome a business plan (whether volunteer-based, grant-based or for-profit) from someone willing to operationalize this — making it relatively hassle-free for schools, clinics, libraries and orphanages around the world — that generally do not have access to technical experts. Please `contact us <https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support%3F>`_ if you have the capacity to help make such a social enterprise happen.
Troubleshooting
---------------

95
roles/lokole/tasks/main.yml
View file

@ -19,53 +19,62 @@
quiet: yes
- name: Install Lokole if lokole_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: lokole_installed is undefined
- block:
- name: Install Lokole if lokole_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: lokole_installed is undefined
- name: Do a 'systemctl daemon-reload'
systemd:
daemon_reload: yes
when: lokole_enabled
- name: Do a 'systemctl daemon-reload'
systemd:
daemon_reload: yes
when: lokole_enabled
- name: Enable & Restart supervisor systemd service, if lokole_enabled
systemd:
name: supervisor
enabled: yes
state: restarted
when: lokole_enabled
- name: Enable & Restart supervisor systemd service, if lokole_enabled
systemd:
name: supervisor
enabled: yes
state: restarted
when: lokole_enabled
- name: Disable & Stop supervisor systemd service, if not lokole_enabled
systemd:
name: supervisor
enabled: no
state: stopped
when: not lokole_enabled
- name: Disable & Stop supervisor systemd service, if not lokole_enabled
systemd:
name: supervisor
enabled: no
state: stopped
when: not lokole_enabled
- name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml
- name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml
- name: Add 'lokole' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: lokole
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Lokole
- option: description
value: '"Lokole is an email service that works offline, for rural communities. With a 3G/4G modem, you can arrange to batch-upload / batch-download emails once per night -- for almost no cost at all -- depending on mobile data plans in your country."'
#value: '"Lokole is an email service that works offline, for rural communities. In some cases, emails can also be transmitted to/from the Internet, taking advantage of discounted mobile data rates."'
- option: lokole_install
value: "{{ lokole_install }}"
- option: lokole_enabled
value: "{{ lokole_enabled }}"
- option: lokole_settings
value: "{{ lokole_settings }}"
- option: lokole_url
value: "{{ lokole_url }}"
- option: lokole_full_url
value: "{{ lokole_full_url }}"
- name: Add 'lokole' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: lokole
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Lokole
- option: description
value: '"Lokole is an email service that works offline, for rural communities. With a 3G/4G modem, you can arrange to batch-upload / batch-download emails once per night -- for almost no cost at all -- depending on mobile data plans in your country."'
#value: '"Lokole is an email service that works offline, for rural communities. In some cases, emails can also be transmitted to/from the Internet, taking advantage of discounted mobile data rates."'
- option: lokole_install
value: "{{ lokole_install }}"
- option: lokole_enabled
value: "{{ lokole_enabled }}"
- option: lokole_settings
value: "{{ lokole_settings }}"
- option: lokole_url
value: "{{ lokole_url }}"
- option: lokole_full_url
value: "{{ lokole_full_url }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

70
roles/matomo/README.adoc Normal file
View file

@ -0,0 +1,70 @@
= Matomo README
https://matomo.org/[Matomo] is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership, that you can use with https://internet-in-a-box.org[Internet-in-a-Box] (IIAB).
== Install it
Prior to installing Matomo with IIAB, the default URL (http://box.lan/matomo) can be customized in https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml]
One way to do that is by changing these 2 lines:
----
iiab_hostname: box
iiab_domain: lan
----
Or, you can change the Matomo URL by putting your IIAB IP Address in a line like:
----
matomo_host_url: http://192.168.0.199
----
Either way, consider setting a Matomo username and password using lines like:
----
matomo_db_user: Admin
matomo_db_pass: changeme
----
Also ensure that your `/etc/iiab/local_vars.yml` contains these lines:
----
matomo_install: True
matomo_enabled: True
----
_Finally, continue to https://download.iiab.io[install IIAB], e.g. by running `sudo iiab`, until software installation is complete._
== Use it
Log in to your IIAB's full Matomo URL, e.g. http://box.lan/matomo, as arranged above.
Take a look at Matomo's official guides to further set this up: https://matomo.org/guides/
WARNING: If your IIAB URL is *not* http://box.lan, you may run into a big orange warning from Matomo that it has been configured to run from a different address. Here are the steps to fix this problem.
1. Copy the IP address listed in the box below "How do I fix this problem and how do I log in again?" For example, I see `trusted_hosts[] = "192.168.64.10"`, so I copy `"192.168.64.10"`.
2. Run `sudo nano /library/www/matomo/config/config.ini.php` to edit Matomo's config file.
3. Paste or type the IP address from Step 1 to replace `"box.lan"` in the `trusted_hosts` line, which should be about line 13. When I'm done, my line 13 says `trusted_hosts[] = "192.168.64.10"` instead of `trusted_hosts[] = "box.lan"`.
4. Refresh the Matomo homepage and the warning should be gone.
5. Optionally, see the https://forum.matomo.org/t/trusted-hostname/11963[advanced tips] in https://forum.matomo.org/[Matomo's Forum].
WARNING: Matomo won't show any traffic statistics until after 1 day or reboot (which are the events that trigger the log scraper!)
=== Getting Started
Matomo is developed with commercial websites in mind. After navigating to http://box.lan/matomo and logging in with the user name and password you set above, you will see a variety of references to revenue, marketplaces, and other terms focused on commercialization and advertising. Don't worry about that.
The heart of Matomo's value for you is in the navigation bar on the left side of the page. Click on *Visitors* and then below *Visitors*, *Overview*, to see how many different users are visiting your site. The top of the page will show a graph of how many visits occur on each day (although your device can't keep track of time when it is off and has no connection to the Internet, so this graph might not be perfectly accurate). Below the graph, you'll see some overall statistics, like how many unique visitors you've had. Matomo thinks of visitors in terms of devices, so it won't know if two people are connecting to your Internet-in-a-Box using the same phone. There are several other interesting statistics here, like the average visit duration, or average time your visitors are spending using Internet-in-a-Box.
Below the *Visitors* button is a second button, *Behavior*. Click on the *Pages* button after clicking *Behavior* and you can see the various pages that have been visited by your users. You may not see activity from the most recent day, since Matomo only updates its records once per day.
=== IIAB Tips, Tricks, and Gotchas
1. If your Internet-in-a-Box setup is without power and Internet access, it will not be able to keep time correctly. This is okay! But it means that the time-of-visit information in Matomo will not be correct.
2. One thing Matomo can't track correctly is navigation within Khan Academy pages. If your users are spending a lot of time here, it won't be visible in the Matomo statistics.
== Credits
Carl Wivagg

18
roles/matomo/defaults/main.yml Normal file
View file

@ -0,0 +1,18 @@
# matomo_install: True
# matomo_enabled: True
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
matomo_dl_url: https://builds.matomo.org/matomo.tar.gz
matomo_path: "{{ doc_base }}" # e.g. /library/www
matomo_db_name: matomodb
matomo_db_user: Admin
matomo_db_pass: changeme
#matomo_host_url: http://{{ ansible_default_ipv4.address }}
matomo_host_url: http://{{ iiab_hostname }}.{{ iiab_domain }} # e.g. http://box.lan
matomo_full_url: "{{ matomo_host_url }}/matomo/"
matomo_cronjob: "sudo python3 {{ matomo_path }}/matomo/misc/log-analytics/import_logs.py --url={{ matomo_full_url }} --idsite=1 --recorders=4 --enable-http-errors --enable-http-redirects --enable-static --enable-bots /var/log/nginx/access.log"

196
roles/matomo/tasks/install.yml Normal file
View file

@ -0,0 +1,196 @@
# The sections of code interacting with the Matomo website are modified from code found at https://git.coop/webarch/matomo/. This code is distributed under
# Version 3 of the GNU General Public License. We modified this code and applied it here in April 2022. The derived sections correspond to the tasks running
# from "HTTP Get Welcome" through "Finish Matomo Setup", lines 45 through 156.
- name: "WARNING: './runrole --reinstall matomo' CAN FAIL AS OF 2022-06-15, e.g. if /library/www/matomo already exists"
meta: noop
# EXAMPLE OF ABOVE ERROR:
# TASK [matomo : HTTP Get Welcome] ***************************************************************************************************************************************
# fatal: [127.0.0.1]: FAILED! => {"cache_control": "private, no-cache, no-store", "changed": false, "connection": "close", "content_type": "text/html; charset=utf-8", "date": "Wed, 15 Jun 2022 05:07:41 GMT", "elapsed": 0, "expires": "Thu, 19 Nov 1981 08:52:00 GMT", "msg": "Status code was 500 and not [200]: HTTP Error 500: Internal Server Error", "pragma": "no-cache", "redirected": false, "server": "nginx/1.18.0 (Ubuntu)", "set_cookie": "MATOMO_SESSID=psak3aem27vrdrt8t2f016600f; path=/; HttpOnly; SameSite=Lax", "status": 500, "transfer_encoding": "chunked", "url": "http://box.lan/matomo/index.php?action=welcome", "x_matomo_request_id": "fbfd2"}
- name: Start MariaDB
#action: service name=mysql state=started
systemd:
name: "{{ mysql_service }}"
state: started
- name: Create MariaDB Database for Matomo
community.mysql.mysql_db:
name: "{{ matomo_db_name }}"
#login_unix_socket: /var/run/mysqld/mysqld.sock
- name: Add Admin User to MariaDB Database
community.mysql.mysql_user:
name: "{{ matomo_db_user }}"
password: "{{ matomo_db_pass }}"
update_password: on_create # OR SHOULD './runrole --reinstall matomo' FORCE A COMPLETELY CLEAN INSTALL?
priv: "{{ matomo_db_name }}.*:ALL"
#login_unix_socket: /var/run/mysqld/mysqld.sock
- name: Download and Extract Matomo (~1 min)
unarchive:
src: "{{ matomo_dl_url }}" # e.g. https://builds.matomo.org/matomo.tar.gz
dest: "{{ matomo_path }}" # e.g. /library/www
remote_src: yes
- name: Set Matomo Directory Permissions
file:
path: "{{ matomo_path }}/matomo"
recurse: yes
owner: "{{ apache_user }}" # e.g. www-data
group: "{{ apache_user }}"
- name: HTTP Get Welcome
uri:
url: "{{ matomo_full_url }}index.php?action=welcome" # e.g. http://box.lan/matomo
method: GET
status_code: 200
register: matomo_welcome
- debug:
var: matomo_welcome
- name: Set a variable for the MATOMO_SESSID cookie
set_fact:
matomo_session_cookie: "MATOMO_SESSID={{ cookie.value }}"
when: cookie.key == "MATOMO_SESSID"
loop: "{{ matomo_welcome.cookies | dict2items }}"
loop_control:
loop_var: cookie
- name: Get Matomo System Check
uri:
url: "{{ matomo_full_url }}index.php?action=systemCheck"
method: GET
headers:
Cookie: "{{ matomo_session_cookie }}"
return_content: true
timeout: 120
status_code: 200
register: matomo_system_check
- debug:
var: matomo_system_check
- name: Matomo Database Setup
uri:
url: "{{ matomo_full_url }}index.php?action=databaseSetup"
method: POST
headers:
Cookie: "{{ matomo_session_cookie }}"
body:
username: "{{ matomo_db_user }}"
password: "{{ matomo_db_pass }}"
dbname: "{{ matomo_db_name }}"
tables_prefix: "matomo_"
adapter: "PDO\\MYSQL"
body_format: form-urlencoded
status_code: 302
#register: matomo_database_setup
- name: Matomo Table Creation
uri:
url: "{{ matomo_full_url }}index.php?action=tablesCreation&module=Installation"
method: GET
status_code: 200
register: matomo_table_creation
- name: Set a variable for the MATOMO_SESSID cookie
set_fact:
matomo_session_cookie: "MATOMO_SESSID={{ cookie.value }}"
when:
- matomo_table_creation.cookies is defined
- matomo_table_creation.cookies | length > 0
- cookie.key == "MATOMO_SESSID"
loop: "{{ matomo_table_creation.cookies | dict2items }}"
loop_control:
loop_var: cookie
- debug:
var: matomo_table_creation
- name: Matomo User Setup
uri:
url: "{{ matomo_full_url }}index.php?action=setupSuperUser&module=Installation"
method: POST
headers:
Cookie: "{{ matomo_session_cookie }}"
body:
login: "{{ matomo_db_user }}"
password: "{{ matomo_db_pass }}"
password_bis: "{{ matomo_db_pass }}"
email: "nobody@dev.null"
subscribe_newsletter_piwikorg: 0
subscribe_newsletter_professionalservices: 0
body_format: form-urlencoded
status_code: 302
#register: matomo_setup_superuser
- name: Configure Matomo to track IIAB
uri:
url: "{{ matomo_full_url }}index.php?action=firstWebsiteSetup&module=Installation"
method: POST
headers:
Cookie: "{{ matomo_session_cookie }}"
body:
siteName: "IIAB"
url: "{{ matomo_host_url }}"
ecommerce: 0
body_format: form-urlencoded
status_code: 302
#register: matomo_first_website_setup
- name: Matomo Tracking Code
uri:
url: "{{ matomo_full_url }}index.php?action=trackingCode&module=Installation&site_idSite=1&site_name={{ matomo_host_url }}"
method: GET
headers:
Cookie: "{{ matomo_session_cookie }}"
return_content: true
status_code: 200
#register: matomo_tracking_code
- name: Finish Matomo Setup
uri:
url: "{{ matomo_full_url }}index.php?action=finished&module=Installation"
method: POST
headers:
Cookie: "{{ matomo_session_cookie }}"
body:
do_not_track: 1
anonymise_ip: 1
submit: "Continue to Matomo"
body_format: form-urlencoded
status_code: 302
- name: Start Collecting Matomo Data
cron:
name: "MatomoDataIngestionOnReboot"
special_time: reboot
job: "{{ matomo_cronjob }}"
user: root
cron_file: "matomo_reboot"
- name: Run Daily Job Collecting Matomo Data
cron:
name: "DailyMatomoDataIngestion"
minute: "0"
hour: "0"
job: "{{ matomo_cronjob }}"
user: root
cron_file: "matomo_daily"
# RECORD Matomo AS INSTALLED
- name: "Set 'matomo_installed: True'"
set_fact:
matomo_installed: True
- name: "Add 'matomo_installed: True' to {{ iiab_state_file }}"
lineinfile:
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^matomo_installed'
line: 'matomo_installed: True'

55
roles/matomo/tasks/main.yml Normal file
View file

@ -0,0 +1,55 @@
# "How do i fail a task in Ansible if the variable contains a boolean value?
# I want to perform input validation for Ansible playbooks"
# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
# to re-check whether vars are defined here. As Ansible vars cannot be unset:
# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
- name: Assert that "matomo_install is sameas true" (boolean not string etc)
assert:
that: matomo_install is sameas true
fail_msg: "PLEASE SET 'matomo_install: True' e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: Assert that "matomo_enabled | type_debug == 'bool'" (boolean not string etc)
assert:
that: matomo_enabled | type_debug == 'bool'
fail_msg: "PLEASE GIVE VARIABLE 'matomo_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- block:
- name: Enable/Disable/Reload NGINX for OSM, if nginx_enabled
include_tasks: nginx.yml
- name: Install Matomo if 'matomo_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: matomo_installed is undefined
# LET'S ADD THIS "ON/OFF SWITCH" IF POSS!
# - include_tasks: enable-or-disable.yml
- name: Add 'matomo' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: matomo
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Matomo
- option: description
value: '"Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership."'
- option: matomo_install
value: "{{ matomo_install }}"
- option: matomo_enabled
value: "{{ matomo_enabled }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

16
roles/matomo/tasks/nginx.yml Normal file
View file

@ -0,0 +1,16 @@
- name: Enable http://box/maps & http://box/matomo via NGINX, by installing {{ nginx_conf_dir }}/matomo-nginx.conf from template
template:
src: matomo-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/matomo-nginx.conf" # /etc/nginx/conf.d
when: matomo_enabled
- name: Disable http://box/maps & http://box/matomo via NGINX, by removing {{ nginx_conf_dir }}/matomo-nginx.conf
file:
path: "{{ nginx_conf_dir }}/matomo-nginx.conf" # /etc/nginx/conf.d
state: absent
when: not matomo_enabled
- name: Reload 'nginx' systemd service
systemd:
name: nginx
state: reloaded

17
roles/matomo/templates/matomo-nginx.conf.j2 Normal file
View file

@ -0,0 +1,17 @@
location ~ ^/matomo(.*)\.php(.*)$ {
alias /library/www/matomo$1.php$2; # /library/www/matomo
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
fastcgi_pass php;
fastcgi_index index.html;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $2;
}
location ~ ^/matomo/ {
root /library/www;
}

2
roles/mediawiki/defaults/main.yml
View file

@ -4,7 +4,7 @@
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
mediawiki_major_version: 1.37 # "1.35" also works
mediawiki_major_version: 1.38 # "1.35" also works
mediawiki_minor_version: 2
mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}"

71
roles/mediawiki/tasks/main.yml
View file

@ -19,39 +19,46 @@
quiet: yes
- name: Install MediaWiki {{ mediawiki_version }} if 'mediawiki_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: mediawiki_installed is undefined
- block:
- name: Install MediaWiki {{ mediawiki_version }} if 'mediawiki_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: mediawiki_installed is undefined
- name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml
- name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml
- name: Add 'mediawiki' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: mediawiki
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: MediaWiki
- option: description
value: '"MediaWiki is a blog and web site management application, from the people who create Wikipedia."'
- option: mediawiki_install
value: "{{ mediawiki_install }}"
- option: mediawiki_enabled
value: "{{ mediawiki_enabled }}"
- option: mediawiki_src
value: "{{ mediawiki_src }}"
- option: mediawiki_abs_path
value: "{{ mediawiki_abs_path }}"
- option: mediawiki_db_name
value: "{{ mediawiki_db_name }}"
- option: mediawiki_db_user
value: "{{ mediawiki_db_user }}"
- option: mediawiki_url
value: "{{ mediawiki_url }}"
- option: mediawiki_full_url
value: "{{ mediawiki_full_url }}"
- name: Add 'mediawiki' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: mediawiki
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: MediaWiki
- option: description
value: '"MediaWiki is a blog and web site management application, from the people who create Wikipedia."'
- option: mediawiki_install
value: "{{ mediawiki_install }}"
- option: mediawiki_enabled
value: "{{ mediawiki_enabled }}"
- option: mediawiki_src
value: "{{ mediawiki_src }}"
- option: mediawiki_abs_path
value: "{{ mediawiki_abs_path }}"
- option: mediawiki_db_name
value: "{{ mediawiki_db_name }}"
- option: mediawiki_db_user
value: "{{ mediawiki_db_user }}"
- option: mediawiki_url
value: "{{ mediawiki_url }}"
- option: mediawiki_full_url
value: "{{ mediawiki_full_url }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

2
roles/minetest/README.rst
View file

@ -23,7 +23,7 @@ No password is required.
Configurable Parameters
-----------------------
If changes are necessary, please edit `/etc/iiab/local_vars.yml <http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_ (adding any variables that you need) prior to installation if possible:
If changes are necessary, please edit `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ (adding any variables that you need) prior to installation if possible:
- ``minetest_install:`` set Minetest up to install; default is False
- ``minetest_enabled:`` set Minetest up to be enabled; default is False

57
roles/minetest/tasks/main.yml
View file

@ -19,32 +19,39 @@
quiet: yes
- name: Install Minetest if 'minetest_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: provision.yml # i.e. install.yml in other roles
when: minetest_installed is undefined
- block:
- name: Install Minetest if 'minetest_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: provision.yml # i.e. install.yml in other roles
when: minetest_installed is undefined
- include_tasks: enable-or-disable.yml
- include_tasks: enable-or-disable.yml
- name: Add 'minetest' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: minetest
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Minetest Server
- option: description
value: '"Minetest is an open source clone of the Minecraft building blocks game."'
- option: minetest_install
value: "{{ minetest_install }}"
- option: minetest_enabled
value: "{{ minetest_enabled }}"
- option: minetest_world_dir
value: "{{ minetest_world_dir }}"
- option: minetest_port
value: "{{ minetest_port }}"
- option: minetest_world_dir
value: "{{ minetest_world_dir }}"
- name: Add 'minetest' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: minetest
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Minetest Server
- option: description
value: '"Minetest is an open source clone of the Minecraft building blocks game."'
- option: minetest_install
value: "{{ minetest_install }}"
- option: minetest_enabled
value: "{{ minetest_enabled }}"
- option: minetest_world_dir
value: "{{ minetest_world_dir }}"
- option: minetest_port
value: "{{ minetest_port }}"
- option: minetest_world_dir
value: "{{ minetest_world_dir }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

6
roles/mongodb/defaults/main.yml
View file

@ -20,6 +20,12 @@
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
mongodb_64bit_version: 4.4 # 5.0 also works as of 2022-06-09, but can fail on
# "pre-2011" CPU's lacking AVX. VERIFY both X.Y versions exist (+ work!) below:
#
# 1) https://www.mongodb.org/static/pgp/server-X.Y.asc ~= https://pgp.mongodb.com
# 2) http://repo.mongodb.org/apt/debian &/OR https://repo.mongodb.org/apt/ubuntu
mongodb_conf: /etc/mongod.conf
mongodb_db_path: "{{ content_base }}/dbdata/mongodb" # /library/dbdata/mongodb
mongodb_db_lock_file: "{{ mongodb_db_path }}/mongod.lock"

1
roles/mongodb/tasks/enable-or-disable.yml
View file

@ -1,6 +1,7 @@
- name: Enable & (Re)Start 'mongodb.service' if mongodb_enabled
systemd:
name: mongodb
daemon_reload: yes
enabled: yes
state: restarted
when: mongodb_enabled

177
roles/mongodb/tasks/install.yml
View file

@ -1,11 +1,16 @@
# 1. INSTALL MongoDB PACKAGES OR BINARIES
# MongoDB Install Docs:
# https://www.mongodb.com/docs/manual/tutorial/install-mongodb-on-ubuntu/
# https://www.mongodb.com/docs/manual/installation/
# 1. INSTALL MongoDB PACKAGES AND/OR BINARIES
# 2019-02-02: Sugarizer with Node.js 10.x requires MongoDB 2.6+ so
# https://andyfelong.com/2017/08/mongodb-3-0-14-for-raspbian-stretch/ is
# being used on Raspbian, all I found! (Raspbian's apt pkg is MongoDB 2.4.14)
#
# mongodb_stretch_3_0_14_core.zip (20M) & mongodb_stretch_3_0_14_tools.zip (15M)
# were backed up from andyfelong.com to http://download.iiab.io/packages/
# were backed up from andyfelong.com to https://download.iiab.io/packages/
#
# CLARIF: mongodb_stretch_3_0_14_core.zip IS IN FACT 3.0.14 (core) BUT...
# mongodb_stretch_3_0_14_tools.zip IS REALLY 3.0.15 (tools)
@ -16,16 +21,16 @@
path: /tmp/mongodb-3.0.1x
state: directory
- name: Download & unzip 20MB http://download.iiab.io/packages/mongodb_stretch_3_0_14_core.zip to /tmp/mongodb-3.0.1x (aarch32)
- name: Download & unzip 20MB https://download.iiab.io/packages/mongodb_stretch_3_0_14_core.zip to /tmp/mongodb-3.0.1x (aarch32)
unarchive:
remote_src: yes
src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_core.zip" # http://download.iiab.io/packages
src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_core.zip" # https://download.iiab.io/packages
dest: /tmp/mongodb-3.0.1x
- name: Install (move) its 3 CORE binaries from /tmp/mongodb-3.0.1x/core to /usr/bin (aarch32)
shell: mv /tmp/mongodb-3.0.1x/core/* /usr/bin
- name: Download & unzip 15MB http://download.iiab.io/packages/mongodb_stretch_3_0_14_tools.zip [IN FACT THIS ONE'S 3.0.15] to /tmp/mongodb-3.0.1x (aarch32)
- name: Download & unzip 15MB https://download.iiab.io/packages/mongodb_stretch_3_0_14_tools.zip [IN FACT THIS ONE'S 3.0.15] to /tmp/mongodb-3.0.1x (aarch32)
unarchive:
remote_src: yes
src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_tools.zip"
@ -51,101 +56,161 @@
template:
src: mongod.conf.j2
dest: "{{ mongodb_conf }}" # /etc/mongod.conf
#owner: root
#group: root
#mode: 0644
- name: 'Create 2 dirs: /var/lib/mongodb, /var/log/mongodb (mongodb:mongodb)'
file:
state: directory
path: "{{ item }}"
owner: mongodb
group: mongodb
with_items:
- /var/lib/mongodb
- /var/log/mongodb
# end block
when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64")
# 32-bit OS's are handled above: this should handle aarch32 including 32-bit Ubuntu
# from https://ubuntu.com/download/raspberry-pi but Ubuntu 20.04 32-bit might fail
# untested, and 32-bit Intel might puke as this was orginally deployed for Raspbian.
# (Haven't seen bootable 32-bit Intel installers for a while now.)
# 64-bit OS's proceed below.
# 32-bit OS's are handled above: this should handle aarch32 including 32-bit
# Ubuntu from https://ubuntu.com/download/raspberry-pi but Ubuntu 20.04+ and
# 22.04+ 32-bit might fail untested, and 32-bit Intel might puke as this was
# orginally deployed for Raspbian. (Haven't seen bootable 32-bit Intel
# installers for a while now.) 64-bit OS's proceed below.
- block:
- name: Add mongodb.org signing key (only 64-bit support available)
shell: wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | apt-key add -
- name: Add mongodb.org signing key (only 64-bit support available) for MongoDB version {{ mongodb_64bit_version }}
shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | apt-key add -
#shell: wget -qO - https://pgp.mongodb.com/server-{{ mongodb_64bit_version }}.asc | apt-key add -
args:
warn: false
- name: Use mongodb-org's Debian repo for Debian (only amd64 support available)
- name: Install mongodb-org's Debian buster source/repo (we only use x86_64 i.e. arm64) for MongoDB version {{ mongodb_64bit_version }}
apt_repository:
# 2020-10-28: http://repo.mongodb.org/apt/debian/dists/ supports only
# {buster 10, stretch 9, jessie 8, wheezy 7}
# so Debian 11 "Bullseye" (testing branch) can revert to buster for now:
repo: deb http://repo.mongodb.org/apt/debian buster/mongodb-org/4.4 main
#repo: deb http://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main
# 2020-10-28 and 2022-06-09: https://repo.mongodb.org/apt/debian/dists/
# supports only {Buster 10, Stretch 9, Jessie 8, Wheezy 7}. So Bullseye
# 11 and Bookworm 12 (testing branch) revert to buster for now:
repo: deb https://repo.mongodb.org/apt/debian buster/mongodb-org/{{ mongodb_64bit_version }} main
#repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main
state: present
filename: mongodb-org
when: is_debian and (ansible_architecture == "x86_64")
when: is_debian and ansible_architecture == "x86_64"
# Debian 10 aarch64 might work below but is blocked in main.yml
- name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64
- name: Otherwise install mongodb-org's Ubuntu focal source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }}
apt_repository:
repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse
repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_64bit_version }} multiverse
state: present
filename: mongodb-org
when: is_raspbian and (ansible_architecture == "aarch64")
when: not (is_debian and ansible_architecture == "x86_64")
- name: Use mongodb-org's Ubuntu focal repo for Linux Mint - 64bit only
apt_repository:
repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse
state: present
filename: mongodb-org
when: is_linuxmint
# # Debian 10 aarch64 might work below but is blocked in main.yml
# - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64
# apt_repository:
# repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse
# state: present
# filename: mongodb-org
# when: is_raspbian and ansible_architecture == "aarch64"
- name: Use mongodb-org's Ubuntu repo for all non-Mint Ubuntu - 64bit only
apt_repository:
# 2020-10-27: https://repo.mongodb.org/apt/ubuntu/dists/ supports only
# {focal 20.04, bionic 18.04, xenial 16.04, trusty 14.04, precise 12.04}
# so other Ubuntu's like groovy 20.10 need to revert to recent LTS repo:
repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse
#repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/4.4 multiverse
state: present
filename: mongodb-org
when: is_ubuntu and not is_linuxmint
# - name: Use mongodb-org's Ubuntu focal repo for Linux Mint - 64bit only
# apt_repository:
# repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse
# state: present
# filename: mongodb-org
# when: is_linuxmint
# - name: Use mongodb-org's Ubuntu repo for all non-Mint Ubuntu - 64bit only
# apt_repository:
# # 2020-10-27: https://repo.mongodb.org/apt/ubuntu/dists/ supports only
# # {focal 20.04, bionic 18.04, xenial 16.04, trusty 14.04, precise 12.04}
# # so other Ubuntu's like groovy 20.10 need to revert to recent LTS repo:
# repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse
# #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/4.4 multiverse
# state: present
# filename: mongodb-org
# when: is_ubuntu and not is_linuxmint
- name: "Install packages: mongodb-org, mongodb-org-server"
package:
name:
- mongodb-org
- mongodb-org # Meta-package that's auto-installed anyway (SO PROB UNNEC HERE?)
- mongodb-org-server
state: present
- name: Establish {{ mongodb_conf }} port {{ mongodb_port }} (mongodb_conf) -- takes effect on next (re)start of the service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand
- name: Establish {{ mongodb_conf }} dbPath {{ mongodb_db_path }} -- instead of /var/lib/mongodb default -- takes effect on next (re)start of mongodb.service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand
lineinfile:
path: "{{ mongodb_conf }}"
regexp: '^\s*port:' # \s = any whitespace char. stackoverflow.com/a/38491899
#backrefs: yes
regexp: '^\s*dbPath:' # \s = any whitespace char. stackoverflow.com/a/38491899
line: " dbPath: {{ mongodb_db_path }}" # /library/dbdata/mongodb
# GRATUITOUS (port 27017 is already the default)
- name: Establish {{ mongodb_conf }} port {{ mongodb_port }} -- takes effect on next (re)start of mongodb.service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand
lineinfile:
path: "{{ mongodb_conf }}"
regexp: '^\s*port:'
line: " port: {{ mongodb_port }}" # 27017
# 2022-06-07 #3236 MongoDB 5.0.9 "Illegal instruction" on RPi 4...
# https://www.mongodb.com/community/forums/t/core-dump-on-mongodb-5-0-on-rpi-4/115291/14
# ...as ARM v8-A < ARM v8.2-A ...also reveals:
#
# (1) For Intel x86_64, MongoDB 5.x requires Sandy Bridge or later.
# For AMD x86_64, MongoDB 5.x requires Bulldozer or later.
# Roughly speaking, this means post-2011 CPUs with AVX instructions:
# https://github.com/docker-library/mongo/issues/485#issuecomment-891991814
# (2) dbPath needed fixing in /etc/mongod.conf (~16 lines above) from
# /var/lib/mongodb to /library/dbdata/mongodb
# (3) mongod.lock is effectively NO LONGER A LOCK FILE -- but rather a PID
# file (it may be zero bytes, but never goes away) as confirmed with
# MongoDB 4.4.14 on RPi 4 and 5.0.9 Ubuntu 22.04 on x86_64. And now
# 'mongod --repair --dbpath /library/dbdata/mongodb/' IGNORES mongod.lock
# (4) mongodb.service needed a more graceful way to shut down than
# 'killall mongod' (MongoDB 5+ shuts down w/ 15sec quiesce period).
# (5) MongoDB 6.0 is likely imminent; meantime a 2022-01-12 option (~12
# lines below) is MongoDB 5.0.5 compiled for 64-bit RPi 4 and RPi 400:
# https://andyfelong.com/downloads/raspbian_mongodb_5.0.5.gz
# https://andyfelong.com/2021/08/mongodb-4-4-under-raspberry-pi-os-64-bit-raspbian64/
- name: If hardware is Raspberry Pi and mongodb_64bit_version >= 5.0, run 'apt-mark hold mongodb-org mongodb-org-server' -- so MongoDB 5.0.5 binaries {mongo, mongod, mongos} can be installed without apt interfering in future
command: apt-mark hold mongodb-org mongodb-org-server
when: rpi_model != "none" and mongodb_64bit_version is version('5.0', '>=')
- name: If hardware is Raspberry Pi and mongodb_64bit_version >= 5.0, unarchive 76MB {{ iiab_download_url }}//packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin
unarchive:
remote_src: yes
src: "{{ iiab_download_url }}/raspbian_mongodb_5.0.5.gz"
dest: /usr/bin
when: rpi_model != "none" and mongodb_64bit_version is version('5.0', '>=')
# end block
when: (ansible_architecture == "aarch64") or (ansible_architecture == "x86_64")
when: ansible_architecture == "aarch64" or ansible_architecture == "x86_64"
# 2. CONFIGURE MongoDB FOR IIAB
- name: 'Create 3 dirs for MongoDB: /var/lib/mongodb, /var/log/mongodb, {{ mongodb_db_path }}'
# - name: 'Create 3 dirs for MongoDB: /var/lib/mongodb, /var/log/mongodb, {{ mongodb_db_path }}'
# file:
# state: directory
# path: "{{ item }}"
# owner: mongodb
# group: mongodb
# with_items:
# #- { path: '/var/run/mongodb' }
# - /var/lib/mongodb
# - /var/log/mongodb
# - "{{ mongodb_db_path }}" # /library/dbdata/mongodb
- name: 'Create dir {{ mongodb_db_path }} (mongodb:mongodb)'
file:
state: directory
path: "{{ item }}"
path: "{{ mongodb_db_path }}" # /library/dbdata/mongodb
owner: mongodb
group: mongodb
with_items:
#- { path: '/var/run/mongodb' }
- /var/lib/mongodb
- /var/log/mongodb
- "{{ mongodb_db_path }}" # /library/dbdata/mongodb
- name: Install mongodb.service, /usr/bin/iiab-mongodb-repair-if-no-lock from templates
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
#owner: root
#group: root
with_items:
- { src: 'mongodb.service.j2', dest: '/etc/systemd/system/mongodb.service', mode: '0644' }
- { src: 'iiab-mongodb-repair-if-no-lock.j2', dest: '/usr/bin/iiab-mongodb-repair-if-no-lock', mode: '0755' }

62
roles/mongodb/tasks/main.yml
View file

@ -35,37 +35,45 @@
- debug:
var: is_raspbian
# might be able to lift this once we know using bionic would work
- name: EXIT 'mongodb' ROLE & CONTINUE, IF 'is_debian_10 and aarch64 and not is_raspbian' i.e. TRUE DEBIAN with arch64
fail: # FORCE IT RED THIS ONCE!
msg: ATTEMPTED MongoDB INSTALLATION WITH (TRUE) DEBIAN aarch64, which is not supported upstream. Nevertheless IIAB will continue (consider this a warning!)
when: (ansible_architecture == "aarch64") and is_debian_10 and not is_raspbian
ignore_errors: yes
# # might be able to lift this once we know using bionic would work
# - name: EXIT 'mongodb' ROLE & CONTINUE, IF 'is_debian_10 and aarch64 and not is_raspbian' i.e. TRUE DEBIAN with arch64
# fail: # FORCE IT RED THIS ONCE!
# msg: ATTEMPTED MongoDB INSTALLATION WITH (TRUE) DEBIAN aarch64, which is not supported upstream. Nevertheless IIAB will continue (consider this a warning!)
# when: (ansible_architecture == "aarch64") and is_debian_10 and not is_raspbian
# ignore_errors: yes
# ELSE...
- name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: mongodb_installed is undefined and not (ansible_architecture == "aarch64" and is_debian_10 and not is_raspbian)
- block:
- name: Enable or Disable MongoDB, if mongodb_installed is defined (sugarizer.service auto-starts MongoDB as nec, so doesn't need this or care what happens here!)
include_tasks: enable-or-disable.yml
when: mongodb_installed is defined
- name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: mongodb_installed is undefined
# when: mongodb_installed is undefined and not (ansible_architecture == "aarch64" and is_debian_10 and not is_raspbian)
- name: Enable or Disable MongoDB (FYI sugarizer.service auto-starts MongoDB as nec, so doesn't need this or care what happens here!)
include_tasks: enable-or-disable.yml
- name: Add 'mongodb' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: mongodb
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: MongoDB
- option: description
value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."'
- option: mongodb_install
value: "{{ mongodb_install }}"
- option: mongodb_enabled
value: "{{ mongodb_enabled }}"
- name: Add 'mongodb' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: mongodb
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: MongoDB
- option: description
value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."'
- option: mongodb_install
value: "{{ mongodb_install }}"
- option: mongodb_enabled
value: "{{ mongodb_enabled }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

2
roles/mongodb/templates/iiab-mongodb-repair-if-no-lock.j2
View file

@ -1,5 +1,7 @@
#!/bin/bash
# 2022-06-07: 100% BOGUS+USELESS with MongoDB 4+ -- SEE mongodb.service & #3236
if [ -f {{ mongodb_db_lock_file }} ]; then
echo '"mongod --repair" cannot run when {{ mongodb_db_lock_file }} present.' >&2 # Output to STDERR but keep going, so /etc/systems/system/mongodb.service continues
else

52
roles/mongodb/templates/mongodb.service.j2
View file

@ -1,3 +1,40 @@
# 2022-06-07: IS MongoDB's OFFICIAL /lib/systemd/system/mongod.service USEFUL?
# [Unit]
# Description=MongoDB Database Server
# Documentation=https://docs.mongodb.org/manual
# After=network-online.target
# Wants=network-online.target
# [Service]
# User=mongodb
# Group=mongodb
# EnvironmentFile=-/etc/default/mongod
# ExecStart=/usr/bin/mongod --config /etc/mongod.conf
# PIDFile=/var/run/mongodb/mongod.pid
# # file size
# LimitFSIZE=infinity
# # cpu time
# LimitCPU=infinity
# # virtual memory size
# LimitAS=infinity
# # open files
# LimitNOFILE=64000
# # processes/threads
# LimitNPROC=64000
# # locked memory
# LimitMEMLOCK=infinity
# # total threads (user+kernel)
# TasksMax=infinity
# TasksAccounting=false
# # Recommended limits for mongod as specified in
# # https://docs.mongodb.com/manual/reference/ulimit/#recommended-ulimit-settings
# [Install]
# WantedBy=multi-user.target
[Unit]
Description=High-performance, schema-free document-oriented database
After=syslog.target network.target
@ -6,15 +43,22 @@ After=syslog.target network.target
Type=simple
User=mongodb
Group=mongodb
# FAILS (after power failures, etc) as --repair cannot run when lock file exists: (https://github.com/iiab/iiab/issues/942)
{% if not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") %}
# USED TO FAIL (after power failures, etc) as --repair cannot run when lock file exists: (https://github.com/iiab/iiab/issues/942)
#ExecStartPre=/usr/bin/mongod --repair --dbpath /library/dbdata/mongodb
# FAILS as systemd cannot run bash here:
#ExecStartPre=if [ ! -f /library/dbdata/mongodb/mongod.lock ]; then /usr/bin/mongod --repair --dbpath {{ mongodb_db_path }}; fi
# 2022-06-07: MIGHT STILL BE USEFUL for MongoDB 3.x (i.e. on 32-bit RasPiOS)
ExecStartPre=/usr/bin/iiab-mongodb-repair-if-no-lock
{% endif %}
ExecStart=/usr/bin/mongod -f {{ mongodb_conf }}
ExecStop=/usr/bin/killall mongod
# killall's SIGTERM (15) seems fine, to induce a graceful stop. This would work too:
#ExecStop=mongod --dbpath {{ mongodb_db_path }} --shutdown
#ExecStop=/usr/bin/killall mongod
# killall's SIGTERM (15) above no longer induces a graceful stop w/ MongoDB 5+
# https://www.mongodb.com/docs/manual/reference/method/db.shutdownServer/
# https://www.mongodb.com/docs/v5.0/reference/command/shutdown/
# https://www.mongodb.com/docs/v6.0/reference/command/shutdown/
ExecStop=/usr/bin/mongod -f {{ mongodb_conf }} --shutdown
#ExecStop=/usr/bin/mongod --dbpath {{ mongodb_db_path }} --shutdown
[Install]
WantedBy=multi-user.target

77
roles/monit/tasks/main.yml
View file

@ -19,43 +19,52 @@
quiet: yes
# 2019-07-06: The 'monit' package was suddenly removed from Debian 10.0.0
# "Buster" during the very final days prior to release, as confirmed by the
# sudden disappearance of these 2 pages:
#
# https://packages.debian.org/buster/monit
# https://packages.debian.org/source/buster/monit
#
# And yet Raspbian Buster (is_raspbian_10, which confusingly IIAB declares to
# be is_debian_10 in vars/raspbian-10.yml for now!) still provides 'monit' via
# apt -- so eliminating "Debian 10+" requires this funky conditional:
- block:
# 2020-09-21: The 'monit' package appears to be returning to Debian 11, per:
#
# https://packages.debian.org/bullseye/monit
# https://packages.debian.org/source/bullseye/monit
#
# SEE iiab/iiab#1849 re: "Debian 10 Buster no longer includes Monit" etc.
# 2019-07-06: The 'monit' package was suddenly removed from Debian 10.0.0
# "Buster" during the very final days prior to release, as confirmed by the
# sudden disappearance of these 2 pages:
#
# https://packages.debian.org/buster/monit
# https://packages.debian.org/source/buster/monit
#
# And yet Raspbian Buster (is_raspbian_10, which confusingly IIAB declares to
# be is_debian_10 in vars/raspbian-10.yml for now!) still provides 'monit' via
# apt -- so eliminating "Debian 10+" requires this funky conditional:
- name: Install Monit if 'monit_installed' not defined, e.g. in {{ iiab_state_file }} AND not Debian 10 # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: monit_installed is undefined and not (is_debian_10 and not is_raspbian)
#when: monit_installed is undefined and not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9))
# 2020-09-21: The 'monit' package appears to be returning to Debian 11, per:
#
# https://packages.debian.org/bullseye/monit
# https://packages.debian.org/source/bullseye/monit
#
# SEE iiab/iiab#1849 re: "Debian 10 Buster no longer includes Monit" etc.
- name: Install Monit if 'monit_installed' not defined, e.g. in {{ iiab_state_file }} AND not Debian 10 # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: monit_installed is undefined and not (is_debian_10 and not is_raspbian)
#when: monit_installed is undefined and not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9))
- include_tasks: enable-or-disable.yml
- include_tasks: enable-or-disable.yml
- name: Add 'monit' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: monit
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Monit
- option: description
value: '"Monit is a background service monitor which can correct problems, send email, restart services."'
- option: enabled
value: "{{ monit_enabled }}"
- name: Add 'monit' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: monit
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Monit
- option: description
value: '"Monit is a background service monitor which can correct problems, send email, restart services."'
- option: enabled
value: "{{ monit_enabled }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

2
roles/monit/templates/monitrc.unused
View file

@ -65,7 +65,7 @@ set daemon 300 # check services at 5-minute intervals
#
#
## Send status and events to M/Monit (for more informations about M/Monit
## see http://mmonit.com/). By default Monit registers credentials with
## see https://mmonit.com/). By default Monit registers credentials with
## M/Monit so M/Monit can smoothly communicate back to Monit and you don't
## have to register Monit credentials manually in M/Monit. It is possible to
## disable credential registration using the commented out option below.

15
roles/moodle/tasks/nginx.yml → roles/moodle/tasks/enable-or-disable.yml
View file

@ -1,3 +1,18 @@
- name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'"
set_fact:
postgresql_install: True
postgresql_enabled: True # Revert just below if...
- name: "Set 'postgresql_enabled: False' if not moodle_enabled"
set_fact:
postgresql_enabled: False
when: not moodle_enabled # and not (pathagar_enabled is defined and pathagar_enabled)
- name: POSTGRESQL - run 'postgresql' role (Enable&Start or Disable&Stop PostgreSQL)
include_role:
name: postgresql
- name: Enable http://box/moodle via NGINX, by installing {{ nginx_conf_dir }}/moodle-nginx.conf from template
template:
src: moodle-nginx.conf.j2

63
roles/moodle/tasks/main.yml
View file

@ -19,44 +19,35 @@
quiet: yes
- name: Install Moodle if 'moodle_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: moodle_installed is undefined
- block:
- name: Install Moodle if 'moodle_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: moodle_installed is undefined
- name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'"
set_fact:
postgresql_install: True
postgresql_enabled: True # Revert just below if...
- include_tasks: enable-or-disable.yml
- name: "Set 'postgresql_enabled: False' if not moodle_enabled"
set_fact:
postgresql_enabled: False
when: not moodle_enabled # and not (pathagar_enabled is defined and pathagar_enabled)
- name: Add 'moodle' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: moodle
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Moodle
- option: description
value: '"Access the Moodle learning management system."'
- option: moodle_install
value: "{{ moodle_install }}"
- option: moodle_enabled
value: "{{ moodle_enabled }}"
- option: moodle_base
value: "{{ moodle_base }}"
- name: POSTGRESQL - run 'postgresql' role (Enable&Start or Disable&Stop PostgreSQL)
include_role:
name: postgresql
rescue:
- name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml
- name: Add 'moodle' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: moodle
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Moodle
- option: description
value: '"Access the Moodle learning management system."'
- option: moodle_install
value: "{{ moodle_install }}"
- option: moodle_enabled
value: "{{ moodle_enabled }}"
- option: moodle_base
value: "{{ moodle_base }}"
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

2
roles/mosquitto/README.rst
View file

@ -9,7 +9,7 @@ Roughly follows this guide: https://www.digitalocean.com/community/tutorials/how
Using It
--------
Prior to installing IIAB, make sure your `/etc/iiab/local_vars.yml <http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_ contains::
Prior to installing IIAB, make sure your `/etc/iiab/local_vars.yml <https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it%3F>`_ contains::
mosquitto_install: True
mosquitto_enabled: True

45
roles/mosquitto/tasks/main.yml
View file

@ -19,26 +19,33 @@
quiet: yes
- name: Install Mosquitto if 'mosquitto_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: mosquitto_installed is undefined
- block:
- name: Install Mosquitto if 'mosquitto_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: mosquitto_installed is undefined
- include_tasks: enable-or-disable.yml
- include_tasks: enable-or-disable.yml
- name: Add 'mosquitto' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: mosquitto
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Mosquitto service
- option: description
value: '"Mosquitto (uses the MQTT protocol) is a pub-sub broker for electronics projects and educational Internet of Things (IoT) experiments. It''s designed for TCP/IP with remote locations where a ''small code footprint'' is required or bandwidth is limited. See also: Node-RED"'
- option: mosquitto_install
value: "{{ mosquitto_install }}"
- option: mosquitto_enabled
value: "{{ mosquitto_enabled }}"
- name: Add 'mosquitto' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: mosquitto
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Mosquitto service
- option: description
value: '"Mosquitto (uses the MQTT protocol) is a pub-sub broker for electronics projects and educational Internet of Things (IoT) experiments. It''s designed for TCP/IP with remote locations where a ''small code footprint'' is required or bandwidth is limited. See also: Node-RED"'
- option: mosquitto_install
value: "{{ mosquitto_install }}"
- option: mosquitto_enabled
value: "{{ mosquitto_enabled }}"
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error

16
roles/munin/tasks/nginx.yml → roles/munin/tasks/enable-or-disable.yml
View file

@ -1,3 +1,19 @@
- name: Enable & Start 'munin-node' systemd service
systemd:
name: munin-node
daemon_reload: yes
enabled: yes
state: started
when: munin_enabled
- name: Disable & Stop 'munin-node' systemd service
systemd:
name: munin-node
enabled: no
state: stopped
when: not munin_enabled
- name: Enable http://box/munin via NGINX, by installing {{ nginx_conf_dir }}/munin24-nginx.conf from template
template:
src: munin24-nginx.conf.j2

Some files were not shown because too many files have changed in this diff Show more