From 41a91bd0f546bd4fc4ddef5bbbec17aca1296509 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Thu, 23 Jun 2022 04:55:56 +0100 Subject: [PATCH 1/7] get lan_ip soft coded everywhere --- .../templates/iiab-divert-to-nginx | 2 +- roles/cups/tasks/install.yml | 8 +++---- .../network/templates/dhcp/dhcpd-iiab.conf.j2 | 17 +++++++++----- .../templates/gateway/iiab-gen-iptables | 2 +- .../templates/named/school.internal.zone.db | 22 +++++++++---------- .../templates/named/school.local.zone.db | 22 +++++++++---------- roles/nextcloud/README.md | 2 +- roles/samba/templates/smb.conf.j2 | 2 +- roles/transmission/defaults/main.yml | 2 +- vars/default_vars.yml | 9 +++++--- 10 files changed, 49 insertions(+), 39 deletions(-) diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx index c708de87a..8d6d06b2e 100755 --- a/roles/captiveportal/templates/iiab-divert-to-nginx +++ b/roles/captiveportal/templates/iiab-divert-to-nginx @@ -1,4 +1,4 @@ #!/bin/bash -x -awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture +awk '{print("address=/" $1 "/{{ lan_ip }}")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture echo "#following tells windows 7 that captive portal is active" >> /etc/dnsmasq.d/capture echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index d585b42e0..6b8971f34 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -76,14 +76,14 @@ name: cups state: started -# - name: "Authorize Nearby IP Addresses: Run 'cupsctl --remote-admin --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://172.18.96.1:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf" +# - name: "Authorize Nearby IP Addresses: Run 'cupsctl --remote-admin --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://{{ lan_ip }}:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf" # command: cupsctl --remote-admin --share-printers --user-cancel-any # 2021-07-11: BOTH FLAGS *CANNOT* BE USED TOGETHER -- CHOOSE ONE OR THE OTHER: # (1) '--remote-admin' AS ABOVE, OR (2) '--remote-any' AS BELOW. # (RUN 'cupsctl' WITHOUT PARAMETERS TO CONFIRM THIS!) -- name: "Authorize All IP Addresses: Run 'cupsctl --remote-any --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://172.18.96.1:631 AND http://10.8.0.y:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf" +- name: "Authorize All IP Addresses: Run 'cupsctl --remote-any --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://{{ lan_ip }}:631 AND http://10.8.0.y:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf" command: cupsctl --remote-any --share-printers --user-cancel-any # 2021-07-11: In theory 'cupsctl' stanzas could be put in enable-or-disable.yml @@ -96,7 +96,7 @@ # command: cupsctl --no-remote-admin --no-remote-any --no-share-printers --no-user-cancel-any --no-debug-logging # when: not cups_enabled -# - name: "2021-07-14: EXPERIMENTALLY ADD DIRECTIVES TO /etc/cups/cupsd.conf followed by 'systemctl restart cups'. As should no longer be nec thanks to NEW cups/templates/cups.conf for /etc/nginx/conf.d/cups.conf (followed by 'systemctl restart nginx'). Which FIXED URL'S LIKE: http://box/print, http://box.lan/print, http://192.168.0.x/print, http://172.18.96.1/print and http://10.8.0.x/print (WITH OR WITHOUT THE TRAILING SLASH!) RECAP: (1) So be it that these 2 URL'S STILL DON'T WORK: http://box:631, http://box.lan:631 (due to CUPS' internal web server's overly stringent hostname checks, i.e. '400 Bad Request' and 'Request from \"localhost\" using invalid Host: field \"box[.lan]:631\".' in /var/log/cups/error_log) -- (2) While these 2 URL'S STILL DO WORK: http://localhost:631, http://127.0.0.1:631 -- (3) Whereas these 3 URL'S MAY WORK, DEPENDING ON 'cupsctl' COMMAND(S) ABOVE: http://192.168.0.x:631, http://172.18.96.1:631, http://10.8.0.x:631" +# - name: "2021-07-14: EXPERIMENTALLY ADD DIRECTIVES TO /etc/cups/cupsd.conf followed by 'systemctl restart cups'. As should no longer be nec thanks to NEW cups/templates/cups.conf for /etc/nginx/conf.d/cups.conf (followed by 'systemctl restart nginx'). Which FIXED URL'S LIKE: http://box/print, http://box.lan/print, http://192.168.0.x/print, http://{{ lan_ip }}/print and http://10.8.0.x/print (WITH OR WITHOUT THE TRAILING SLASH!) RECAP: (1) So be it that these 2 URL'S STILL DON'T WORK: http://box:631, http://box.lan:631 (due to CUPS' internal web server's overly stringent hostname checks, i.e. '400 Bad Request' and 'Request from \"localhost\" using invalid Host: field \"box[.lan]:631\".' in /var/log/cups/error_log) -- (2) While these 2 URL'S STILL DO WORK: http://localhost:631, http://127.0.0.1:631 -- (3) Whereas these 3 URL'S MAY WORK, DEPENDING ON 'cupsctl' COMMAND(S) ABOVE: http://192.168.0.x:631, http://{{ lan_ip }}:631, http://10.8.0.x:631" # lineinfile: # path: /etc/cups/cupsd.conf # line: "{{ item }}" @@ -105,7 +105,7 @@ # - "HostNameLookups On" # More False Leads: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530027 # - "ServerAlias *" # - "#ServerName {{ iiab_hostname }}.{{ iiab_domain }}" # box.lan -# - "#Listen {{ lan_ip }}:631" # 172.18.96.1 +# - "#Listen {{ lan_ip }}:631" # {{ lan_ip }} # - "#Listen 127.0.0.1:631" # - "#Listen 0.0.0.0:631" # - "#Listen *:631" diff --git a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 index a3c844120..c6cdc6028 100644 --- a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 +++ b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 @@ -5,15 +5,22 @@ ddns-update-style interim; #ignore client-updates; option domain-name "{{ iiab_domain }}"; -option domain-name-servers 172.18.96.1; -option ntp-servers 172.18.96.1; +option domain-name-servers {{ lan_ip }}; +option ntp-servers {{ lan_ip }}; subnet 172.18.96.0 netmask 255.255.224.0 { {% if iiab_network_mode == "Gateway" %} - option routers 172.18.96.1; + option routers {{ lan_ip }}; {% endif %} - option subnet-mask 255.255.224.0; - option broadcast-address 172.18.127.255; + {% if 172_network %} + option subnet-mask 255.255.224.0; + option broadcast-address 172.18.127.255; + {% else %} + option subnet-mask 255.255.255.0; + option broadcast-address 10.10.10.255; + {% endif %} + + # Description of network allocations in old OLPC school server # this is the whole range we have available - 8K addresses # range 172.18.96.2 172.18.127.254; # instead, we'll save 510 addresses for later. diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 79a112b55..d784d38a9 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -64,7 +64,7 @@ echo "iiab_gateway_enabled: $iiab_gateway_enabled" echo #network_mode=`grep iiab_network_mode_applied /etc/iiab/iiab.ini | gawk '{print $3}'` #echo -e "Network Mode: $network_mode\n" -lan_ip=$(iiab_var_value lan_ip) # 172.18.96.1 +lan_ip=$(iiab_var_value lan_ip) # {{ lan_ip }} ports_externally_visible=$(iiab_var_value ports_externally_visible) gw_block_https=$(iiab_var_value gw_block_https) diff --git a/roles/network/templates/named/school.internal.zone.db b/roles/network/templates/named/school.internal.zone.db index 99a131aa2..ec930bee8 100644 --- a/roles/network/templates/named/school.internal.zone.db +++ b/roles/network/templates/named/school.internal.zone.db @@ -1,19 +1,19 @@ @ in soa localhost. root 1 3H 15M 1W 1D ns localhost. -{{ iiab_hostname }} IN A 172.18.96.1 -schoolserver IN A 172.18.96.1 -school IN A 172.18.96.1 -www IN A 172.18.96.1 -ntp IN A 172.18.96.1 -time IN A 172.18.96.1 -presence IN A 172.18.96.1 -xs IN A 172.18.96.1 -library IN A 172.18.96.1 -box IN A 172.18.96.1 +{{ iiab_hostname }} IN A {{ lan_ip }} +schoolserver IN A {{ lan_ip }} +school IN A {{ lan_ip }} +www IN A {{ lan_ip }} +ntp IN A {{ lan_ip }} +time IN A {{ lan_ip }} +presence IN A {{ lan_ip }} +xs IN A {{ lan_ip }} +library IN A {{ lan_ip }} +box IN A {{ lan_ip }} -conference.schoolserver IN A 172.18.96.1 +conference.schoolserver IN A {{ lan_ip }} ; translations of school - in plain latin script diff --git a/roles/network/templates/named/school.local.zone.db b/roles/network/templates/named/school.local.zone.db index 3d0619e96..8b4bc384e 100644 --- a/roles/network/templates/named/school.local.zone.db +++ b/roles/network/templates/named/school.local.zone.db @@ -3,18 +3,18 @@ @ in soa localhost. root 1 3H 15M 1W 1D ns localhost. -{{ iiab_hostname }} IN A 172.18.96.1 -schoolserver IN A 172.18.96.1 -school IN A 172.18.96.1 -www IN A 172.18.96.1 -ntp IN A 172.18.96.1 -time IN A 172.18.96.1 -presence IN A 172.18.96.1 -xs IN A 172.18.96.1 -library IN A 172.18.96.1 -box IN A 172.18.96.1 +{{ iiab_hostname }} IN A {{ lan_ip }} +schoolserver IN A {{ lan_ip }} +school IN A {{ lan_ip }} +www IN A {{ lan_ip }} +ntp IN A {{ lan_ip }} +time IN A {{ lan_ip }} +presence IN A {{ lan_ip }} +xs IN A {{ lan_ip }} +library IN A {{ lan_ip }} +box IN A {{ lan_ip }} -conference.schoolserver IN A 172.18.96.1 +conference.schoolserver IN A {{ lan_ip }} ; translations of school - in plain latin script diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 99cdc4b02..3759ad121 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -43,7 +43,7 @@ Useful PHP recommendations for these settings (while largely tailored to WordPre ## Using It -Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://172.18.96.1/nextcloud (or similar) using: +Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://{{ lan_ip }}/nextcloud (or similar) using: Username: Admin Password: changeme diff --git a/roles/samba/templates/smb.conf.j2 b/roles/samba/templates/smb.conf.j2 index acfc004a7..8dd667d05 100755 --- a/roles/samba/templates/smb.conf.j2 +++ b/roles/samba/templates/smb.conf.j2 @@ -92,7 +92,7 @@ ; netbios name = MYSERVER ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 - hosts allow = 127. 172.18. + hosts allow = 127. 172.18. 10.10. ; max protocol = SMB2 diff --git a/roles/transmission/defaults/main.yml b/roles/transmission/defaults/main.yml index 380ea6048..773ec65f4 100644 --- a/roles/transmission/defaults/main.yml +++ b/roles/transmission/defaults/main.yml @@ -12,7 +12,7 @@ # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme # transmission_http_port: 9091 # transmission_url: /transmission/ -# transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.* +# transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*,10.10.10.* # transmission_whitelist_enabled: "false" # LOWERCASE STRING for settings.json # transmission_peer_port: 51413 diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 22d000eac..9eac09d85 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -98,8 +98,11 @@ disregard_network: False # Use cache, or error out if cache does not exist. iiab_hostname: box iiab_domain: lan -lan_ip: 172.18.96.1 -lan_netmask: 255.255.224.0 +lan_ip: 10.10.10.10 +172_network: False +#lan_ip: 172.18.96.1 # Use this ip for compatibility with older network systems +lan_netmask: 255.255.255.0 +#lan_netmask: 255.255.224.0 # Older networks were larger # Internal Wi-Fi Access Point # Values are used if there is an internal Wi-Fi adapter and hostapd is enabled. @@ -540,7 +543,7 @@ transmission_group: debian-transmission # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme transmission_http_port: 9091 transmission_url: /transmission/ -transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.* +transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*,10.10.10,* transmission_whitelist_enabled: "false" # LOWERCASE STRING for settings.json transmission_peer_port: 51413 From 17aa26a4acb168c7a2c123d12c02ff5753500dfe Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sun, 26 Jun 2022 21:20:50 +0100 Subject: [PATCH 2/7] jinja2 variable must start with non-numeric --- roles/network/templates/dhcp/dhcpd-iiab.conf.j2 | 2 +- roles/network/templates/network/dnsmasq.conf.j2 | 7 ++++++- vars/default_vars.yml | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 index c6cdc6028..4b452a163 100644 --- a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 +++ b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 @@ -12,7 +12,7 @@ subnet 172.18.96.0 netmask 255.255.224.0 { {% if iiab_network_mode == "Gateway" %} option routers {{ lan_ip }}; {% endif %} - {% if 172_network %} + {% if network_172 %} option subnet-mask 255.255.224.0; option broadcast-address 172.18.127.255; {% else %} diff --git a/roles/network/templates/network/dnsmasq.conf.j2 b/roles/network/templates/network/dnsmasq.conf.j2 index 782f38049..056830267 100644 --- a/roles/network/templates/network/dnsmasq.conf.j2 +++ b/roles/network/templates/network/dnsmasq.conf.j2 @@ -18,7 +18,12 @@ addn-hosts=/etc/hosts.dnsmasq expand-hosts # Specify the range of IP addresses the DHCP server will lease out to devices, and the duration of the lease -dhcp-range=172.18.100.1,172.18.126.254,1h +{% if network_172 %} + dhcp-range=172.18.100.1,172.18.126.254,1h +{% else %} + dhcp-range=10.10.10.21,10.10.10.253,1h +{% endif %} + # Specify the default route dhcp-option=3,{{ lan_ip }} # Specify the DNS server address diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 9eac09d85..3b223320c 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -99,7 +99,7 @@ disregard_network: False # Use cache, or error out if cache does not exist. iiab_hostname: box iiab_domain: lan lan_ip: 10.10.10.10 -172_network: False +network_172: False #lan_ip: 172.18.96.1 # Use this ip for compatibility with older network systems lan_netmask: 255.255.255.0 #lan_netmask: 255.255.224.0 # Older networks were larger From 5faa5d0ca037921fe69246e31e98714627f7aa4d Mon Sep 17 00:00:00 2001 From: George Hunt Date: Fri, 1 Jul 2022 16:21:31 +0100 Subject: [PATCH 3/7] make local network mask correct for 256 --- roles/cups/templates/cups.conf.j2 | 2 +- roles/network/templates/network/bridge-br0 | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/cups/templates/cups.conf.j2 b/roles/cups/templates/cups.conf.j2 index abec5152d..a481aa0b1 100644 --- a/roles/cups/templates/cups.conf.j2 +++ b/roles/cups/templates/cups.conf.j2 @@ -21,7 +21,7 @@ location ~ ^/print(|/.*)$ { # '~' -> '~*' for case-insensitive regex return 301 http://localhost:631; } - return 301 http://$host:631; # For 192.168.0.x, 172.18.96.1, 10.8.0.y ETC + return 301 http://$host:631; # For {{ lan_ip }}, 172.18.96.1, 10.8.0.y ETC } diff --git a/roles/network/templates/network/bridge-br0 b/roles/network/templates/network/bridge-br0 index 8aaa27968..59d85db73 100644 --- a/roles/network/templates/network/bridge-br0 +++ b/roles/network/templates/network/bridge-br0 @@ -6,7 +6,11 @@ interface-name=br0 permissions= [ipv4] +{% if network_172 %} address1={{ lan_ip }}/19 +{% else %} +address1={{ lan_ip }}/24 +{% endif %} dns-search={{ iiab_domain }} method=manual From d7d7270e21daa6a9b6b026b7ea3c47b50c4fed1b Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sat, 2 Jul 2022 04:23:22 +0100 Subject: [PATCH 4/7] missed two changes to mask from 224 to 255 --- roles/network/templates/network/dhcpcd.conf.j2 | 4 ++++ roles/network/templates/network/systemd-br0-network.j2 | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/roles/network/templates/network/dhcpcd.conf.j2 b/roles/network/templates/network/dhcpcd.conf.j2 index b44eb297d..cebff6e51 100644 --- a/roles/network/templates/network/dhcpcd.conf.j2 +++ b/roles/network/templates/network/dhcpcd.conf.j2 @@ -58,7 +58,11 @@ denyinterfaces {{ iiab_wired_lan_iface }} {% if dhcpcd_result == "enabled" and iiab_lan_iface != "none" %} interface {{ iiab_lan_iface }} +{% if network_172 %} static ip_address={{ lan_ip }}/19 +{% else %} +static ip_address={{ lan_ip }}/24 +{% endif %} static domain_name_servers=127.0.0.1 {% endif %} diff --git a/roles/network/templates/network/systemd-br0-network.j2 b/roles/network/templates/network/systemd-br0-network.j2 index 619196b8b..07c5a1246 100644 --- a/roles/network/templates/network/systemd-br0-network.j2 +++ b/roles/network/templates/network/systemd-br0-network.j2 @@ -3,7 +3,11 @@ Name=br0 [Network] +{% if network_172 %} Address={{ lan_ip }}/19 +{% else %} +Address={{ lan_ip }}/24 +{% endif %} LinkLocalAddressing=no ConfigureWithoutCarrier=yes RequiredForOnline=degraded-carrier From d12546c98df55fd870163ad9d020e7307d17d9ec Mon Sep 17 00:00:00 2001 From: root Date: Fri, 8 Jul 2022 22:00:03 -0400 Subject: [PATCH 5/7] Prepare for 10.10.10.10, by evolving PR #3281 --- roles/captiveportal/tasks/install.yml | 2 +- ...ivert-to-nginx => iiab-divert-to-nginx.j2} | 0 roles/cups/tasks/install.yml | 2 +- roles/cups/templates/cups.conf.j2 | 2 +- roles/network/tasks/enable_services.yml | 4 +- roles/network/tasks/named.yml | 4 +- .../network/templates/dhcp/dhcpd-iiab.conf.j2 | 62 +++++++++++-------- .../templates/gateway/iiab-gen-iptables | 2 +- ...nal.zone.db => school.internal.zone.db.j2} | 0 ....local.zone.db => school.local.zone.db.j2} | 0 .../network/templates/network/dnsmasq.conf.j2 | 4 +- roles/nextcloud/README.md | 2 +- roles/samba/templates/smb.conf.j2 | 7 ++- roles/transmission/defaults/main.yml | 2 +- vars/default_vars.yml | 8 +-- 15 files changed, 57 insertions(+), 44 deletions(-) rename roles/captiveportal/templates/{iiab-divert-to-nginx => iiab-divert-to-nginx.j2} (100%) rename roles/network/templates/named/{school.internal.zone.db => school.internal.zone.db.j2} (100%) rename roles/network/templates/named/{school.local.zone.db => school.local.zone.db.j2} (100%) diff --git a/roles/captiveportal/tasks/install.yml b/roles/captiveportal/tasks/install.yml index af022f0e9..ab25d50b6 100644 --- a/roles/captiveportal/tasks/install.yml +++ b/roles/captiveportal/tasks/install.yml @@ -26,7 +26,7 @@ mode: "{{ item.mode }}" with_items: - { src: roles/captiveportal/templates/checkurls, dest: /opt/iiab/captiveportal/, mode: '0644' } - - { src: roles/captiveportal/templates/iiab-divert-to-nginx, dest: /usr/sbin/, mode: '0755' } + - { src: roles/captiveportal/templates/iiab-divert-to-nginx.j2, dest: /usr/sbin/iiab-divert-to-nginx, mode: '0755' } - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, dest: /usr/sbin/, mode: '0755' } - name: Install /opt/iiab/captiveportal/capture-wsgi.py from template, mode '0755' (creates the server) diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx.j2 similarity index 100% rename from roles/captiveportal/templates/iiab-divert-to-nginx rename to roles/captiveportal/templates/iiab-divert-to-nginx.j2 diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index 6b8971f34..12296cfe5 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -105,7 +105,7 @@ # - "HostNameLookups On" # More False Leads: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530027 # - "ServerAlias *" # - "#ServerName {{ iiab_hostname }}.{{ iiab_domain }}" # box.lan -# - "#Listen {{ lan_ip }}:631" # {{ lan_ip }} +# - "#Listen {{ lan_ip }}:631" # e.g. 10.10.10.10 # - "#Listen 127.0.0.1:631" # - "#Listen 0.0.0.0:631" # - "#Listen *:631" diff --git a/roles/cups/templates/cups.conf.j2 b/roles/cups/templates/cups.conf.j2 index a481aa0b1..3d4f4f53f 100644 --- a/roles/cups/templates/cups.conf.j2 +++ b/roles/cups/templates/cups.conf.j2 @@ -21,7 +21,7 @@ location ~ ^/print(|/.*)$ { # '~' -> '~*' for case-insensitive regex return 301 http://localhost:631; } - return 301 http://$host:631; # For {{ lan_ip }}, 172.18.96.1, 10.8.0.y ETC + return 301 http://$host:631; # For 192.168.0.x, 10.10.10.10, 172.18.96.1, 10.8.0.y ETC } diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index d87f9ab36..bf73f1f77 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -32,8 +32,8 @@ # mode: "{{ item.mode }}" with_items: - { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf' } - - { src: 'named/school.local.zone.db', dest: '/var/named-iiab/' } - - { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/' } + - { src: 'named/school.local.zone.db.j2', dest: '/var/named-iiab/school.local.zone.db' } + - { src: 'named/school.internal.zone.db.j2', dest: '/var/named-iiab/school.internal.zone.db' } when: named_install and named_enabled - name: Enable named service ({{ dns_service }}) if named_enabled diff --git a/roles/network/tasks/named.yml b/roles/network/tasks/named.yml index 9183242f9..0123ef03f 100644 --- a/roles/network/tasks/named.yml +++ b/roles/network/tasks/named.yml @@ -58,8 +58,8 @@ - { src: 'roles/network/templates/named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db', owner: "{{ dns_user }}", mode: '0644' } - { src: 'roles/network/templates/named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db', owner: "{{ dns_user }}", mode: '0644' } # the following two files are not writeable by named, but bind 9.4 cannot discover that fact correctly - - { src: 'roles/network/templates/named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db', owner: "root", mode: '0644' } - - { src: 'roles/network/templates/named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db', owner: "root", mode: '0644' } + - { src: 'roles/network/templates/named/school.internal.zone.db.j2', dest: '/var/named-iiab/school.internal.zone.db', owner: "root", mode: '0644' } + - { src: 'roles/network/templates/named/school.local.zone.db.j2', dest: '/var/named-iiab/school.local.zone.db', owner: "root", mode: '0644' } - { src: 'roles/network/templates/named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db', owner: "{{ dns_user }}", mode: '0644' } - { src: 'roles/network/templates/named/dummy', dest: '/var/named-iiab/data/dummy', owner: "{{ dns_user }}", mode: '0644' } - { src: 'roles/network/templates/named/named.blackhole', dest: '/var/named-iiab/named.blackhole', owner: "{{ dns_user }}", mode: '0644' } diff --git a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 index 4b452a163..95dbf32dc 100644 --- a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 +++ b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 @@ -6,33 +6,43 @@ ddns-update-style interim; option domain-name "{{ iiab_domain }}"; option domain-name-servers {{ lan_ip }}; -option ntp-servers {{ lan_ip }}; +option ntp-servers {{ lan_ip }}; +{% if network_172 %} subnet 172.18.96.0 netmask 255.255.224.0 { - {% if iiab_network_mode == "Gateway" %} - option routers {{ lan_ip }}; - {% endif %} - {% if network_172 %} - option subnet-mask 255.255.224.0; - option broadcast-address 172.18.127.255; - {% else %} - option subnet-mask 255.255.255.0; - option broadcast-address 10.10.10.255; - {% endif %} + {% if iiab_network_mode == "Gateway" %} + option routers {{ lan_ip }}; + {% endif %} + option subnet-mask 255.255.224.0; + option broadcast-address 172.18.127.255; + # Description of network allocations in old OLPC school server + # this is the whole range we have available - 8K addresses + # range 172.18.96.2 172.18.127.254; + # instead, we'll save 510 addresses for later. + range 172.18.96.2 172.18.125.254; + # the other /24s: + # -> 172.18.126.0/24 for static IP addresses + # for printers, AP management consoles, etc. + # -> 172.18.127.0/24 for temporary addresses for + # XO activation - # Description of network allocations in old OLPC school server - # this is the whole range we have available - 8K addresses - # range 172.18.96.2 172.18.127.254; - # instead, we'll save 510 addresses for later. - range 172.18.96.2 172.18.125.254; - # the other /24s: - # -> 172.18.126.0/24 for static IP addresses - # for printers, AP management consoles, etc. - # -> 172.18.127.0/24 for temporary addresses for - # XO activation - - # As this subnet is wired or wifi a/b/g, these lease - # times are on the long side - default-lease-time 10800; - max-lease-time 21600; + # As this subnet is wired or wifi a/b/g, these lease + # times are on the long side + default-lease-time 10800; + max-lease-time 21600; } +{% else %} +subnet 10.10.10.0 netmask 255.255.255.0 { + {% if iiab_network_mode == "Gateway" %} + option routers {{ lan_ip }}; + {% endif %} + option subnet-mask 255.255.255.0; + option broadcast-address 10.10.10.255; + range 10.10.10.2 10.10.10.254; + + # As this subnet is wired or wifi a/b/g, these lease + # times are on the long side + default-lease-time 10800; + max-lease-time 21600; +} +{% endif %} diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index d784d38a9..b11cd4fca 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -64,7 +64,7 @@ echo "iiab_gateway_enabled: $iiab_gateway_enabled" echo #network_mode=`grep iiab_network_mode_applied /etc/iiab/iiab.ini | gawk '{print $3}'` #echo -e "Network Mode: $network_mode\n" -lan_ip=$(iiab_var_value lan_ip) # {{ lan_ip }} +lan_ip=$(iiab_var_value lan_ip) # e.g. 10.10.10.10 ports_externally_visible=$(iiab_var_value ports_externally_visible) gw_block_https=$(iiab_var_value gw_block_https) diff --git a/roles/network/templates/named/school.internal.zone.db b/roles/network/templates/named/school.internal.zone.db.j2 similarity index 100% rename from roles/network/templates/named/school.internal.zone.db rename to roles/network/templates/named/school.internal.zone.db.j2 diff --git a/roles/network/templates/named/school.local.zone.db b/roles/network/templates/named/school.local.zone.db.j2 similarity index 100% rename from roles/network/templates/named/school.local.zone.db rename to roles/network/templates/named/school.local.zone.db.j2 diff --git a/roles/network/templates/network/dnsmasq.conf.j2 b/roles/network/templates/network/dnsmasq.conf.j2 index 056830267..152369cad 100644 --- a/roles/network/templates/network/dnsmasq.conf.j2 +++ b/roles/network/templates/network/dnsmasq.conf.j2 @@ -19,9 +19,9 @@ expand-hosts # Specify the range of IP addresses the DHCP server will lease out to devices, and the duration of the lease {% if network_172 %} - dhcp-range=172.18.100.1,172.18.126.254,1h +dhcp-range=172.18.100.1,172.18.126.254,1h {% else %} - dhcp-range=10.10.10.21,10.10.10.253,1h +dhcp-range=10.10.10.11,10.10.10.254,1h {% endif %} # Specify the default route diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 4117fd790..14af973e0 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -43,7 +43,7 @@ Useful PHP recommendations for these settings (while largely tailored to WordPre ## Using It -Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://{{ lan_ip }}/nextcloud (or similar) using: +Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://10.10.10.10/nextcloud (or similar) using: Username: Admin Password: changeme diff --git a/roles/samba/templates/smb.conf.j2 b/roles/samba/templates/smb.conf.j2 index df58ac824..f7e7c9457 100755 --- a/roles/samba/templates/smb.conf.j2 +++ b/roles/samba/templates/smb.conf.j2 @@ -92,7 +92,12 @@ ; netbios name = MYSERVER ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 - hosts allow = 127. 172.18. 10.10. + +{% if network_172 %} + hosts allow = 127. 172.18. +{% else %} + hosts allow = 10.10.10. +{% endif %} ; max protocol = SMB2 diff --git a/roles/transmission/defaults/main.yml b/roles/transmission/defaults/main.yml index 23cb52027..f6763f593 100644 --- a/roles/transmission/defaults/main.yml +++ b/roles/transmission/defaults/main.yml @@ -12,7 +12,7 @@ # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme # transmission_http_port: 9091 # transmission_url: /transmission/ -# transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*,10.10.10.* +# transmission_whitelist: 127.0.0.1,::1,192.168.*.*,10.10.10.*,172.18.96.*,10.8.0.* # transmission_whitelist_enabled: "false" # LOWERCASE STRING for settings.json # transmission_peer_port: 51413 diff --git a/vars/default_vars.yml b/vars/default_vars.yml index a4807a38e..796074a3b 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -100,10 +100,8 @@ js_menu_install: True iiab_hostname: box iiab_domain: lan lan_ip: 10.10.10.10 -network_172: False -#lan_ip: 172.18.96.1 # Use this ip for compatibility with older network systems -lan_netmask: 255.255.255.0 -#lan_netmask: 255.255.224.0 # Older networks were larger +network_172: False # Change to True if you set the above to 172.18.96.1 +lan_netmask: 255.255.255.0 # Change to 255.255.224.0 if using 172.18.96.1 # Internal Wi-Fi Access Point # Values are used if there is an internal Wi-Fi adapter and hostapd is enabled. @@ -544,7 +542,7 @@ transmission_group: debian-transmission # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme transmission_http_port: 9091 transmission_url: /transmission/ -transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*,10.10.10,* +transmission_whitelist: 127.0.0.1,::1,192.168.*.*,10.10.10,*,172.18.96.*,10.8.0.* transmission_whitelist_enabled: "false" # LOWERCASE STRING for settings.json transmission_peer_port: 51413 From ebbda467a676e4b1c9d4ed4d6b72c8ae7c8d5bc6 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 8 Jul 2022 22:08:53 -0400 Subject: [PATCH 6/7] dhcpd-iiab.conf.j2: range 10.10.10.11 10.10.10.254; --- roles/network/templates/dhcp/dhcpd-iiab.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 index 95dbf32dc..66cd3e706 100644 --- a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 +++ b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 @@ -38,7 +38,7 @@ subnet 10.10.10.0 netmask 255.255.255.0 { {% endif %} option subnet-mask 255.255.255.0; option broadcast-address 10.10.10.255; - range 10.10.10.2 10.10.10.254; + range 10.10.10.11 10.10.10.254; # As this subnet is wired or wifi a/b/g, these lease # times are on the long side From 47fda4d1739eb4d5fc1fab4400d4c5345c529572 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 8 Jul 2022 22:12:24 -0400 Subject: [PATCH 7/7] smb.conf.j2: hosts allow = 127. 10.10.10. --- roles/samba/templates/smb.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/samba/templates/smb.conf.j2 b/roles/samba/templates/smb.conf.j2 index f7e7c9457..9b60050d8 100755 --- a/roles/samba/templates/smb.conf.j2 +++ b/roles/samba/templates/smb.conf.j2 @@ -96,7 +96,7 @@ {% if network_172 %} hosts allow = 127. 172.18. {% else %} - hosts allow = 10.10.10. + hosts allow = 127. 10.10.10. {% endif %} ; max protocol = SMB2