external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-02-14 20:22:08 +00:00
Code Issues Releases Wiki Activity

Merge pull request #2217 from holta/iiab.ini-descriptions

Browse source 
Var cleanup, remove tags, /etc/iiab/iiab.ini, Sugarizer deps, Nextcloud, rename usb-lib to usb_lib
This commit is contained in:
A Holt 2020-01-30 10:06:47 -05:00 committed by GitHub
commit e68cb53eb8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
118 changed files with 1076 additions and 545 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
roles/0-DEPRECATED-ROLES/activity-server/tasks/main.yml
View file

@ -72,7 +72,7 @@
- name: Copy xs-activity-server config file
template: src=xs-activity-server.conf
dest=/etc/{{ apache_config_dir }}
dest=/etc/{{ apache_conf_dir }}
owner=root
group=root
mode=0644

1
roles/0-DEPRECATED-ROLES/docker/tasks/main.yml
View file

@ -5,7 +5,6 @@
- docker
- python-docker-py
when: docker_install | bool
#tags: download
- name: put the systemd startup file in place
template: src=docker.service

4
roles/0-DEPRECATED-ROLES/dokuwiki/tasks/install.yml
View file

@ -29,10 +29,10 @@
state: link
force: yes
- name: Install /etc/{{ apache_config_dir }}/dokuwiki.conf from template, for DokuWiki's http://box{{ dokuwiki_url }}
- name: Install /etc/{{ apache_conf_dir }}/dokuwiki.conf from template, for DokuWiki's http://box{{ dokuwiki_url }}
template:
src: dokuwiki.conf.j2
dest: "/etc/{{ apache_config_dir }}/dokuwiki.conf"
dest: "/etc/{{ apache_conf_dir }}/dokuwiki.conf"
# - name: Symlink /etc/apache2/sites-enabled/dokuwiki.conf to /etc/apache2/sites-available/dokuwiki.conf if dokuwiki_enabled (debuntu)
# file:

1
roles/0-DEPRECATED-ROLES/ejabberd/tasks/main.yml
View file

@ -2,7 +2,6 @@
package:
name: ejabberd
state: present
#tags: download
#- name: Configure ejabberd
# template:

1
roles/0-DEPRECATED-ROLES/ejabberd_xs/tasks/main.yml
View file

@ -3,7 +3,6 @@
state=present
with_items:
- ejabberd-2.1.11
#tags: download
when: not is_debuntu
# need to use lineinfile and better regexp

1
roles/0-DEPRECATED-ROLES/idmgr/tasks/main.yml
View file

@ -7,7 +7,6 @@
- xinetd
- xs-rsync
- incron
#tags: download
- name: Configure idmgr
template: backup=yes

4
roles/0-DEPRECATED-ROLES/moodle-1.9/moodle/tasks/main.yml
View file

@ -9,7 +9,7 @@
- download
- name: Remove stock moodle conf
file: path='/etc/{{ apache_config_dir }}/moodle.conf'
file: path='/etc/{{ apache_conf_dir }}/moodle.conf'
state=absent
- name: Configure moodle
@ -21,7 +21,7 @@
mode={{ item.mode }}
with_items:
- src: '020-iiab-moodle.conf.j2'
dest: '/etc/{{ apache_config_dir }}/020-iiab-moodle.conf'
dest: '/etc/{{ apache_conf_dir }}/020-iiab-moodle.conf'
mode: '0655'
- src: 'moodle-xs.service.j2'
dest: '/etc/systemd/system/moodle-xs.service'

10
roles/0-DEPRECATED-ROLES/osm/tasks/main.yml
View file

@ -102,10 +102,10 @@
line: "path_to_virtualenv = '/usr/local/osm'"
state: present
- name: Install /etc/{{ apache_config_dir }}/osm.conf from template
- name: Install /etc/{{ apache_conf_dir }}/osm.conf from template
template:
src: osm.conf.j2
dest: "/etc/{{ apache_config_dir }}/osm.conf"
dest: "/etc/{{ apache_conf_dir }}/osm.conf"
owner: root
group: root
mode: 0644
@ -114,7 +114,7 @@
- name: Create softlink osm.conf from sites-enabled to sites-available (debuntu)
file:
src: "/etc/{{ apache_config_dir }}/osm.conf"
src: "/etc/{{ apache_conf_dir }}/osm.conf"
path: /etc/apache2/sites-enabled/osm.conf
state: link
when: osm_enabled and is_debuntu
@ -125,9 +125,9 @@
state: absent
when: not osm_enabled and is_debuntu
- name: Remove /{{ apache_config_dir }}/osm.conf (redhat)
- name: Remove /{{ apache_conf_dir }}/osm.conf (redhat)
file:
path: "/{{ apache_config_dir }}/osm.conf"
path: "/{{ apache_conf_dir }}/osm.conf"
state: absent
when: not osm_enabled and is_redhat

2
roles/0-DEPRECATED-ROLES/owncloud/tasks/owncloud_enabled.yml
View file

@ -7,7 +7,7 @@
- name: Enable owncloud by copying template to httpd config
template: src=owncloud.conf.j2
dest=/etc/{{ apache_config_dir }}/owncloud.conf
dest=/etc/{{ apache_conf_dir }}/owncloud.conf
owner=root
group=root
mode=0644

4
roles/0-DEPRECATED-ROLES/pathagar/tasks/main.yml
View file

@ -179,11 +179,11 @@
# group: root
# mode: '0644'
- name: Install /etc/{{ apache_config_dir }}/pathagar.conf from template
- name: Install /etc/{{ apache_conf_dir }}/pathagar.conf from template
template:
src: pathagar.conf
backup: yes
dest: "/etc/{{ apache_config_dir }}/pathagar.conf"
dest: "/etc/{{ apache_conf_dir }}/pathagar.conf"
mode: 0644
- name: Enable Pathagar via Apache (debuntu)

2
roles/0-DEPRECATED-ROLES/rachel/tasks/rachel_enabled.yml
View file

@ -1,6 +1,6 @@
- name: Copy RACHEL httpd conf file
template: src=rachel.conf.j2
dest=/etc/{{ apache_config_dir }}/rachel.conf
dest=/etc/{{ apache_conf_dir }}/rachel.conf
- name: enable Rachel
file: path=/etc/apache2/sites-enabled/rachel.conf

2
roles/0-DEPRECATED-ROLES/schooltool/tasks/main.yml
View file

@ -18,7 +18,7 @@
- dest: '/etc/systemd/system/schooltool.service'
src: 'schooltool.service'
mode: '0644'
- dest: '/etc/{{ apache_config_dir }}/schooltool.conf'
- dest: '/etc/{{ apache_conf_dir }}/schooltool.conf'
src: 'schooltool.conf'
mode: '0644'

1
roles/0-DEPRECATED-ROLES/sugar-stats/tasks/main.yml
View file

@ -6,7 +6,6 @@
- active-document
- restful-document
- python-xappy
#tags: download
- name: Create sugar-stats directory tree
file: path={{ item }}

5
roles/0-DEPRECATED-ROLES/teamviewer/tasks/install.yml
View file

@ -2,22 +2,18 @@
- name: Install Xfce group of packages
shell: "yum groupinstall -y xfce"
when: xo_model == "none" and internet_available and ansible_distribution_version <= "20"
#tags: download
- name: Install X11 group of packages
shell: "yum groupinstall -y 'X Window system'"
when: xo_model == "none" and internet_available and ansible_distribution_version <= "20"
#tags: download
- name: Install Xfce group of packages
shell: yum groupinstall -y "Xfce Desktop" --exclude fedora-release\*
when: xo_model == "none" and internet_available and ansible_distribution_version >= "21"
#tags: download
- name: Install X Windows on CentOS
shell: yum groupinstall -y "Server with GUI"
when: internet_available and ansible_distribution == "CentOS"
#tags: download
- name: Download TeamViewer software
get_url:
@ -25,7 +21,6 @@
dest: "{{ yum_packages_dir }}/{{ teamviewer_rpm_file }}"
timeout: "{{ download_timeout }}"
when: internet_available | bool
#tags: download
# F22 has issues with yum localinstall exclude for now
- name: Do the install of TeamViewer, pulling in any required dependencies

2
roles/2-common/tasks/iptables.yml
View file

@ -31,14 +31,12 @@
name: iptables-persistent
state: present
when: is_debuntu | bool
#tags: download
- name: Install package iptables-services (OS's other than debuntu)
package:
name: iptables-services
state: present
when: not is_debuntu
#tags: download
- name: Install /etc/sysconfig/iptables-config from template
template:

1
roles/2-common/tasks/xo.yml
View file

@ -132,7 +132,6 @@
with_items:
- hostapd_8188_i386
when: wifi_id == "tplink_WM725M" and xo_model == "XO-1.5" and internet_available
#tags: xo
- name: Put the substitute in place
copy:

4
roles/4-server-options/tasks/main.yml
View file

@ -22,9 +22,9 @@
name: bluetooth
when: is_rpi and bluetooth_install # or bluetooth_installed is defined
- name: USB-LIB
- name: USB_LIB
include_role:
name: usb-lib
name: usb_lib
when: usb_lib_install | bool
# This is in Stage 4-SERVER-OPTIONS (rather than 3-BASE-SERVER) because var

1
roles/all-vars/tasks/main.yml
View file

@ -11,4 +11,3 @@
debug:
msg: "{{ msg.split('\n') }}"
#tags: debug_info

2
roles/awstats/tasks/enable.yml
View file

@ -49,7 +49,7 @@
value: AWStats
- option: description
value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."'
- option: installed
- option: install
value: "{{ awstats_install }}"
- option: enabled
value: "{{ awstats_enabled }}"

11
roles/awstats/tasks/install.yml
View file

@ -30,10 +30,10 @@
- "{{ apache_log_dir }}"
- /usr/lib/cgi-bin/awstats # create backward compatible path for awstats
- name: Install /etc/{{ apache_config_dir }}/awstats.conf from template
- name: Install /etc/{{ apache_conf_dir }}/awstats.conf from template
template:
src: apache-awstats.conf
dest: "/etc/{{ apache_config_dir }}/awstats.conf"
dest: "/etc/{{ apache_conf_dir }}/awstats.conf"
- name: Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable
template:
@ -76,6 +76,13 @@
shell: /usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=schoolserver -update
# when: awstats_enabled | bool
# RECORD AWStats AS INSTALLED
- name: "Set 'awstats_installed: True'"
set_fact:
awstats_installed: True
- name: "Add 'awstats_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

7
roles/azuracast/tasks/install.yml
View file

@ -64,6 +64,13 @@
args:
chdir: "{{ azuracast_host_dir }}"
# RECORD AzuraCast AS INSTALLED
- name: "Set 'azuracast_installed: True'"
set_fact:
azuracast_installed: True
- name: "Add 'azuracast_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

7
roles/bluetooth/tasks/install.yml
View file

@ -55,6 +55,13 @@
regexp: '^#DiscoverableTimeout'
line: 'DiscoverableTimeout = 0'
# RECORD Bluetooth AS INSTALLED
- name: "Set 'bluetooth_installed: True'"
set_fact:
bluetooth_installed: True
- name: "Add 'bluetooth_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

10
roles/calibre-web/tasks/enable.yml
View file

@ -35,17 +35,17 @@
# NGINX
# TO DO: restore http://box/libros & http://box/livres, along English (http://box/books)
# TO DO: restore http://box/libros & http://box/livres, alongside English (#2195)
- name: Enable http://box{{ calibreweb_url1 }} via NGINX, by installing {{ nginx_conf_dir }}/calibre-web-nginx.conf from template
- name: Enable http://box{{ calibreweb_url1 }} via NGINX, by installing {{ nginx_conf_dir }}/calibre-web-nginx.conf from template # http://box/books
template:
src: calibre-web-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/calibre-web-nginx.conf"
dest: "{{ nginx_conf_dir }}/calibre-web-nginx.conf" # /etc/nginx/conf.d
when: nginx_install and calibreweb_enabled
- name: Disable http://box{{ calibreweb_url1 }} via NGINX, by removing {{ nginx_conf_dir }}/calibre-web-nginx.conf
file:
path: "{{ nginx_conf_dir }}/calibre-web-nginx.conf"
path: "{{ nginx_conf_dir }}/calibre-web-nginx.conf" # /etc/nginx/conf.d
state: absent
when: nginx_install and not calibreweb_enabled
@ -64,7 +64,7 @@
value: "{{ item.value | string }}"
with_items:
- option: name
value: calibre-web
value: Calibre-Web
- option: description
value: '"Calibre-Web is a web app providing a clean interface for browsing, reading and downloading e-books."'
- option: calibreweb_url1

27
roles/calibre-web/tasks/install.yml
View file

@ -1,7 +1,6 @@
- name: Install ImageMagick (debuntu)
- name: Install ImageMagick package (debuntu)
package:
name:
- imagemagick
name: imagemagick
state: present
when: is_debuntu | bool
@ -14,12 +13,12 @@
state: present
when: is_debuntu | bool
- name: Create 3 Calibre-Web folders to store data and configuration files
- name: "Create 3 Calibre-Web folders to store data and configuration files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }}"
file:
path: "{{ item }}"
owner: "{{ calibreweb_user }}"
group: "{{ apache_user }}"
mode: 0755
mode: '0755'
state: directory
with_items:
- "{{ calibreweb_home }}"
@ -65,12 +64,13 @@
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: 0644
# owner: root
# group: root
# mode: '0644'
with_items:
- { src: 'calibre-web.service.j2', dest: '/etc/systemd/system/calibre-web.service' }
- { src: 'calibre-web.conf.j2', dest: '/etc/apache2/sites-available/calibre-web.conf' }
when: apache_install | bool
- name: Does /library/calibre-web/metadata.db exist?
stat:
@ -83,7 +83,7 @@
dest: "{{ calibreweb_home }}"
owner: "{{ calibreweb_user }}"
group: "{{ apache_user }}"
mode: 0644
mode: '0644'
backup: yes
with_items:
- roles/calibre-web/files/metadata.db
@ -97,11 +97,18 @@
dest: "{{ calibreweb_config }}"
owner: "{{ calibreweb_user }}"
group: "{{ apache_user }}"
mode: 0644
mode: '0644'
backup: yes
when: not metadatadb.stat.exists
#when: calibreweb_provision | bool
# RECORD Calibre-Web AS INSTALLED
- name: "Set 'calibreweb_installed: True'"
set_fact:
calibreweb_installed: True
- name: "Add 'calibreweb_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

14
roles/calibre/tasks/install.yml
View file

@ -31,6 +31,9 @@
# - run testing branch for Ubuntu 16.04: scripts/calibre-install-latest.sh
# - run unstable branch for Debian etc: scripts/calibre-install-unstable.sh
# 2. SYSTEMD SERVICES
- name: Create calibre-serve.service and calibre.conf (IF /usr/bin/calibre WAS MISSING)
template:
src: "{{ item.src }}"
@ -42,7 +45,7 @@
#register: calibre_config
with_items:
- { src: 'calibre-serve.service.j2', dest: '/etc/systemd/system/calibre-serve.service', mode: '0644'}
- { src: 'calibre.conf', dest: '/etc/{{ apache_config_dir }}', mode: '0644'}
- { src: 'calibre.conf', dest: '/etc/{{ apache_conf_dir }}', mode: '0644'}
when: (not calib_executable.stat.exists)
- name: Stop service 'calibre-serve' (/usr/bin/calibre-server by Kovid Goyal)
@ -51,6 +54,7 @@
state: stopped
daemon_reload: yes
# 3. CREATE USER DATABASE
- name: Create /library/calibre (mandatory since Calibre 3.x)
@ -68,6 +72,7 @@
mode: 0644
when: (not calib_executable.stat.exists)
# 4. CREATE CONTENT DATABASE WITH A SAMPLE BOOK (REQUIRED AS OF CALIBRE 3.x)
- name: Does /library/calibre/metadata.db exist?
@ -79,6 +84,13 @@
include_tasks: create-db.yml
when: not calibre_db.stat.exists
# 5. RECORD Calibre AS INSTALLED
- name: "Set 'calibre_installed: True'"
set_fact:
calibre_installed: True
- name: "Add 'calibre_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

7
roles/captiveportal/tasks/install.yml
View file

@ -52,6 +52,13 @@
args:
creates: /etc/nginx/sites-available/capture.conf
# RECORD Captive Portal AS INSTALLED
- name: "Set 'captiveportal_installed: True'"
set_fact:
captiveportal_installed: True
- name: "Add 'captiveportal_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

4
roles/captiveportal/tasks/main.yml
View file

@ -19,7 +19,7 @@
quiet: yes
- name: Install Captive Portal if 'captiveportal_installed' is not defined in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
- name: Install Captive Portal if 'captiveportal_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: captiveportal_installed is undefined
@ -39,7 +39,7 @@
value: Captive Portal
- option: description
value: '"Captive Portal tries to open the browser automatically, so users don''t have to type in URL''s like http://box.lan in support of kiosk-like situations, in multilingual and less literate communities."'
- option: installed
- option: install
value: "{{ captiveportal_install }}"
- option: enabled
value: "{{ captiveportal_enabled }}"

51
roles/cups/tasks/main.yml
View file

@ -1,20 +1,33 @@
# administer this service by browsing to localhost:631
# Administer CUPS at http://box:631
# Above URL does NOT work over OpenVPN (ANYONE KNOW WHY?)
# TO DO:
# - validate input vars + prereqs
# - move 5 top stanzas into install.yml
# - move 5-7 next stanzas into enable-or-disable.yml
- name: Install 'cups' package
package:
name: cups
state: present
when: cups_install | bool
#tags: download
- name: Install our own /etc/cups/cupsd.conf from template, to permit local LAN admin
template:
src: cupsd.conf
dest: /etc/cups/cupsd.conf
- name: Install /etc/{{ apache_config_dir }}/cups.conf from template
- name: Install /etc/{{ apache_conf_dir }}/cups.conf from template
template:
src: cups.conf
dest: "/etc/{{ apache_config_dir }}/"
dest: "/etc/{{ apache_conf_dir }}/"
# RECORD CUPS AS INSTALLED
- name: "Set 'cups_installed: True'"
set_fact:
cups_installed: True
- name: "Add 'cups_installed: True' to {{ iiab_state_file }}"
lineinfile:
@ -22,11 +35,16 @@
regexp: '^cups_installed'
line: 'cups_installed: True'
- name: Enable http://box/cups via Apache (MIGHT NOT WORK?)
command: a2ensite cups.conf
when: cups_enabled
when: cups_enabled | bool
- name: Enable & Start services 'cups' and 'cups-browsed' (OS's other than Fedora 18)
- name: Disable http://box/cups via Apache
command: a2dissite cups.conf
when: not cups_enabled
- name: Enable & Start 'cups' and 'cups-browsed' systemd services (OS's other than Fedora 18)
service:
name: "{{ item }}"
state: started
@ -36,34 +54,35 @@
- cups-browsed
when: cups_enabled and not is_F18
- name: Enable & Start service 'cups' (Fedora 18, for XO laptops)
- name: Enable & Start 'cups' systemd service (Fedora 18, for XO laptops)
systemd:
name: cups
state: started
enabled: yes
when: cups_enabled and is_F18
- name: Permit headless admin of CUPS -- only works when CUPS daemon is running
- name: Permit headless admin of CUPS -- only works when CUPS daemon is running (if cups_enabled)
shell: "cupsctl --remote-admin"
when: cups_enabled | bool
- name: Disable both CUPS services (OS's other than Fedora 18)
- name: Disable & Stop 'cups' & 'cups-browsed' systemd services (OS's other than Fedora 18)
systemd:
name: "{{ item }}"
state: stopped
enabled: no
state: stopped
with_items:
- cups
- cups-browsed
when: not cups_enabled and not is_F18
- name: Disable services for CUPS (Fedora 18, for XO laptops)
- name: Disable & Stop 'cups' systemd service (Fedora 18, for XO laptops)
systemd:
name: cups
state: stopped
enabled: no
state: stopped
when: not cups_enabled and is_F18
- name: Add 'cups' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}"
@ -74,8 +93,8 @@
- option: name
value: CUPS
- option: description
value: '"CUPS (Common UNIX Printing System) is a modular printing system that allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer."'
- option: installed
value: '"CUPS (Common UNIX Printing System) is a modular printing system that allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer."'
- option: install
value: "{{ cups_install }}"
- option: cups_enabled
- option: enabled
value: "{{ cups_enabled }}"

19
roles/elgg/tasks/install.yml
View file

@ -48,9 +48,9 @@
copy:
src: "/opt/{{ elgg_xx }}/vendor/elgg/elgg/install/config/htaccess.dist"
dest: "/opt/{{ elgg_xx }}/.htaccess"
mode: 0644
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
mode: '0644'
#regexp='^#RewriteBase'
- name: Change .htaccess to include RewriteBase for http://box{{ elgg_url }} # http://box/elgg
@ -63,18 +63,18 @@
- name: Set /opt/elgg/engine directory permissions to 0755 so Apache can write there
file:
state: directory
path: /opt/elgg/engine/
owner: "{{ apache_user }}"
mode: 0755
state: directory
mode: '0755'
- name: Change /opt/elgg-{{ elgg_version }} ownership to {{ apache_user }}:{{ apache_user }} (likely not nec, as unarchive & all do this above)
file:
state: directory # Overkill given recurse below?
path: "/opt/elgg-{{ elgg_version }}"
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
recurse: yes
state: directory
- name: Create upload directory {{ elgg_upload_path }} that Apache (and Elgg) can write to
file:
@ -82,10 +82,17 @@
state: directory
owner: "{{ apache_user }}"
- name: Install /etc/{{ apache_config_dir }}/elgg.conf from template, for http://box{{ elgg_url }} # http://box/elgg
- name: Install /etc/{{ apache_conf_dir }}/elgg.conf from template, for http://box{{ elgg_url }} # http://box/elgg
template:
src: elgg.conf
dest: "/etc/{{ apache_config_dir }}/elgg.conf"
dest: "/etc/{{ apache_conf_dir }}/elgg.conf"
# RECORD Elgg AS INSTALLED
- name: "Set 'elgg_installed: True'"
set_fact:
elgg_installed: True
- name: "Add 'elgg_installed: True' to {{ iiab_state_file }}"
lineinfile:

2
roles/gitea/tasks/enable.yml
View file

@ -58,7 +58,7 @@
value: "{{ item.value | string }}"
with_items:
- option: name
value: gitea
value: Gitea
- option: description
value: '"Gitea is like GitHub for more offline communities: Git with a cup of tea"'
- option: gitea_run_directory

25
roles/gitea/tasks/install.yml
View file

@ -4,14 +4,12 @@
systemd:
name: gitea
state: stopped
#tags: pre-install
ignore_errors: yes
- name: Ensure group gitea exists
group:
name: gitea
state: present
#tags: pre-install
- name: Create user gitea
user:
@ -19,7 +17,6 @@
comment: Gitea daemon account
groups: gitea
home: "{{ gitea_home }}"
#tags: pre-install
- name: Create Gitea directory structure
file:
@ -28,7 +25,6 @@
owner: gitea
group: gitea
with_items: "{{ gitea_subdirectories }}"
#tags: pre-install
- name: Make directories data, indexers, and log writable
file:
@ -38,7 +34,6 @@
- data
- indexers
- log
#tags: pre-install
# Download, verify, and link Gitea binary
@ -52,31 +47,27 @@
url: "{{ gitea_download_url }}"
dest: "{{ gitea_install_path }}"
mode: '0775'
#tags: install
when: internet_available | bool
- name: Download Gitea GPG signature
get_url:
url: "{{ gitea_integrity_url }}"
dest: "{{ gitea_checksum_path }}"
#tags: never, verify
when: internet_available | bool
- name: Verify Gitea binary with GPG signature
shell: |
gpg --keyserver pgp.mit.edu --recv {{ gitea_gpg_key }}
gpg --verify {{ gitea_checksum_path }} {{ gitea_install_path }}
#tags: never, verify
ignore_errors: yes
- name: Link Gitea
- name: Symlink {{ gitea_link_path }} -> {{ gitea_install_path }}
file:
src: "{{ gitea_install_path }}"
dest: "{{ gitea_link_path }}"
path: "{{ gitea_link_path }}"
owner: gitea
group: gitea
state: link
#tags: install
# Configure Gitea
@ -87,12 +78,11 @@
- name: Create Gitea config directory
file:
path: /etc/gitea
state: directory
path: /etc/gitea
owner: root
group: gitea
mode: '0770'
#tags: config
- name: Create app.ini
template:
@ -110,7 +100,14 @@
dest: "{{ item.dest }}"
with_items:
- { src: 'gitea.service.j2', dest: '/etc/systemd/system/gitea.service' }
- { src: 'gitea.conf.j2', dest: "/etc/{{ apache_config_dir }}/gitea.conf" }
- { src: 'gitea.conf.j2', dest: "/etc/{{ apache_conf_dir }}/gitea.conf" }
# RECORD Gitea AS INSTALLED
- name: "Set 'gitea_installed: True'"
set_fact:
gitea_installed: True
- name: "Add 'gitea_installed: True' to {{ iiab_state_file }}"
lineinfile:

8
roles/homepage/tasks/main.yml
View file

@ -6,14 +6,14 @@
mode: 0755
state: directory
- name: Install /etc/{{ apache_config_dir }}/iiab-homepage.conf from template, for http://box redirect to http://box/home/
- name: Install /etc/{{ apache_conf_dir }}/iiab-homepage.conf from template, for http://box redirect to http://box/home/
template:
src: iiab-homepage.conf
dest: "/etc/{{ apache_config_dir }}/iiab-homepage.conf"
dest: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf"
- name: Symlink /etc/apache2/sites-enabled/iiab-homepage.conf to /etc/{{ apache_config_dir }}/iiab-homepage.conf (debuntu)
- name: Symlink /etc/apache2/sites-enabled/iiab-homepage.conf to /etc/{{ apache_conf_dir }}/iiab-homepage.conf (debuntu)
file:
src: "/etc/{{ apache_config_dir }}/iiab-homepage.conf"
src: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf"
path: /etc/apache2/sites-enabled/iiab-homepage.conf
state: link
when: is_debuntu | bool

14
roles/httpd/tasks/enable.yml
View file

@ -21,29 +21,29 @@
# group: root
# mode: 0644
with_items:
- { src: 'roles/httpd/templates/010-iiab.conf.j2', dest: '/etc/{{ apache_config_dir }}/010-iiab.conf' }
- { src: 'roles/httpd/templates/proxy_ajp.conf.j2', dest: '/etc/{{ apache_config_dir }}/proxy_ajp.conf' }
- { src: 'roles/httpd/templates/010-iiab.conf.j2', dest: '/etc/{{ apache_conf_dir }}/010-iiab.conf' }
- { src: 'roles/httpd/templates/proxy_ajp.conf.j2', dest: '/etc/{{ apache_conf_dir }}/proxy_ajp.conf' }
- name: Enable our site, creating 010-iiab.conf symlink from sites-enabled to sites-available (debuntu)
file:
src: "/etc/{{ apache_config_dir }}/010-iiab.conf"
src: "/etc/{{ apache_conf_dir }}/010-iiab.conf"
path: /etc/apache2/sites-enabled/010-iiab.conf
state: link
when: is_debuntu | bool
# SEE https://github.com/iiab/iiab/issues/1143 as the old roles/osm playbook is rarely used as of late 2018 (if anybody still uses roles/osm, they can overwrite osm.conf using the original osm playbook, or in other ways)
- name: Install /etc/{{ apache_config_dir }}/osm.conf for http://box/maps (all OS's)
- name: Install /etc/{{ apache_conf_dir }}/osm.conf for http://box/maps (all OS's)
copy:
src: roles/httpd/files/osm.conf
dest: "/etc/{{ apache_config_dir }}"
dest: "/etc/{{ apache_conf_dir }}"
# owner: root
# group: root
# mode: 0644
when: osm_vector_maps_install | bool
- name: Symlink /etc/apache2/sites-enabled/osm.conf -> /etc/{{ apache_config_dir }}/osm.conf (debuntu)
- name: Symlink /etc/apache2/sites-enabled/osm.conf -> /etc/{{ apache_conf_dir }}/osm.conf (debuntu)
file:
src: "/etc/{{ apache_config_dir }}/osm.conf"
src: "/etc/{{ apache_conf_dir }}/osm.conf"
path: /etc/apache2/sites-enabled/osm.conf
state: link
when: is_debuntu and osm_vector_maps_enabled

10
roles/httpd/tasks/install.yml
View file

@ -8,7 +8,6 @@
- "php{{ php_version }}-curl"
state: present
when: is_debian | bool
#tags: download
- name: 'Install 2 packages: apache2, php (ubuntu)'
package:
@ -19,7 +18,6 @@
- php
state: present
when: is_ubuntu | bool
#tags: download
# 2019-05-30: It's interesting that http://box.lan/admin and everything seems
# to work even without php{{ php_version }}-sqlite3 as confirmed on Ubuntu
@ -50,7 +48,6 @@
- php-curl
state: present
when: is_redhat | bool
#tags: download
# remove symlinks for mpm-event, replace with mpm-prefork
- name: Remove both mpm_event symlinks from /etc/apache2/mods-enabled (debuntu)
@ -143,6 +140,13 @@
mode: '0755'
state: directory
# RECORD Apache AS INSTALLED
- name: "Set 'apache_installed: True'"
set_fact:
apache_installed: True
- name: "Add 'apache_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

1
roles/iiab-admin/tasks/access.yml
View file

@ -4,4 +4,3 @@
- screen
- lynx
state: present
#tags: download

2
roles/iiab-admin/tasks/main.yml
View file

@ -1,9 +1,7 @@
- include_tasks: admin-user.yml
#tags: base
when: iiab_admin_user_install | bool
- include_tasks: access.yml
#tags: base
- name: Add 'iiab-admin' variable values to {{ iiab_ini_file }}
ini_file:

4
roles/internetarchive/tasks/enable.yml
View file

@ -40,8 +40,8 @@
value: "{{ item.value | string }}"
with_items:
- option: name
value: Internet Archive Offline
value: Internet Archive
- option: description
value: '"Dweb-mirror is intended to make the Internet Archive experience and UI available offline."'
value: '"Take the Internet Archive experience and materials offline, in a decentralized way!"'
- option: internetarchive_enabled
value: "{{ internetarchive_enabled }}"

36
roles/internetarchive/tasks/install.yml
View file

@ -1,20 +1,33 @@
- name: Install NodeJS
# INSTALL 3 PREREQS
- name: "Set 'nodejs_install: True' and 'nodejs_enabled: True'"
set_fact:
nodejs_install: True
nodejs_enabled: True
- name: Install Node.JS
include_role:
name: nodejs
- name: "Set 'yarn_install: True' and 'yarn_enabled: True'"
set_fact:
yarn_install: True
yarn_enabled: True
- name: Install Yarn
include_role:
name: yarn
- name: Install packages needed by Internet Archive Offline
- name: Install package 'libsecret-1-dev'
package:
name:
- libsecret-1-dev
name: libsecret-1-dev
state: present
- name: Create directory {{ internetarchive_dir }}
# CREATE 2 DIRS & RUN YARN
- name: mkdir {{ internetarchive_dir }}
file:
path: "{{ internetarchive_dir }}"
path: "{{ internetarchive_dir }}" # /opt/iiab/internetarchive
state: directory
owner: "root"
@ -26,7 +39,7 @@
when: internet_available | bool
register: internetarchive_installing
- name: Create directory /library/archiveorg
- name: mkdir /library/archiveorg
file:
path: "/library/archiveorg"
state: directory
@ -38,13 +51,20 @@
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0644
mode: '0644'
owner: root
group: root
with_items:
- { src: 'internetarchive.service.j2', dest: '/etc/systemd/system/internetarchive.service' }
- { src: 'internetarchive.conf', dest: '/etc/apache2/sites-available/internetarchive.conf' }
# RECORD Internet Archive AS INSTALLED
- name: "Set 'internetarchive_installed: True'"
set_fact:
internetarchive_installed: True
- name: "Add 'internetarchive_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

13
roles/kalite/tasks/install.yml
View file

@ -80,7 +80,7 @@
with_items:
- { src: 'kalite.sh.j2', dest: '/usr/bin/kalite', mode: '0755'}
- { src: 'kalite-serve.service.j2', dest: '/etc/systemd/system/kalite-serve.service', mode: '0644'}
- { src: 'kalite.conf', dest: '/etc/{{ apache_config_dir }}', mode: '0644'}
- { src: 'kalite.conf', dest: '/etc/{{ apache_conf_dir }}', mode: '0644'}
- name: Fix KA Lite bug in regex parsing ifconfig output, for @m-anish's network names that contain dashes
replace:
@ -88,9 +88,8 @@
regexp: 'a-zA-Z0-9'
replace: 'a-zA-Z0-9\-'
# SHOULD REALLY BE HERE...but for now this runs in kalite/tasks/setup.yml
# - name: "Add 'kalite_installed: True' to {{ iiab_state_file }}"
# lineinfile:
# dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
# regexp: '^kalite_installed'
# line: 'kalite_installed: True'
# RECORD KA Lite AS INSTALLED
# TO DO: move the last 2 stanzas from setup.yml so they live right here,
# as any action named "install.yml" should do exactly what it says (install!)

11
roles/kalite/tasks/setup.yml
View file

@ -15,7 +15,16 @@
async: 1800
poll: 10
# CAN WE MOVE THIS TO THE END OF kalite/tasks/install.yml (HENCE ITS FILENAME!)
# RECORD KA Lite AS INSTALLED
# TO DO: move these last 2 stanzas to install.yml,
# as any action named "install.yml" should do exactly what it says (install!)
- name: "Set 'kalite_installed: True'"
set_fact:
kalite_installed: True
- name: "Add 'kalite_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

2
roles/kiwix/tasks/enable.yml
View file

@ -82,7 +82,7 @@
- option: name
value: Kiwix
- option: description
value: '"Part of https://github.com/kiwix/kiwix-tools/ - kiwix-serve is the most used web server for ZIM files."'
value: '"Part of https://github.com/kiwix/kiwix-tools/ -- kiwix-serve is the most used web server for ZIM files."'
- option: kiwix_url
value: "{{ kiwix_url }}"
- option: kiwix_path

12
roles/kiwix/tasks/install.yml
View file

@ -44,6 +44,7 @@
path: "{{ kiwix_path }}/bin"
state: directory
# 2. INSTALL KIWIX-TOOLS EXECUTABLES
- name: Unarchive {{ kiwix_src_file }} to /tmp # e.g. kiwix-tools_linux-armhf-0.6.1-1.tar.gz
@ -54,6 +55,7 @@
- name: Move /tmp/{{ kiwix_src_dir }}/* to permanent location /opt/iiab/kiwix/bin (armhf & linux64 & i686)
shell: "mv /tmp/{{ kiwix_src_dir }}/* {{ kiwix_path }}/bin/"
# 3. ENABLE MODS FOR APACHE PROXY IF DEBUNTU
# 2019-10-07: Moved to roles/httpd/tasks/main.yml
@ -68,6 +70,7 @@
# - rewrite
# when: is_debuntu | bool
# 4. INSTALL iiab-make-kiwix-lib*, kiwix-serve.service, kiwix.conf for Apache
- name: 'Install from templates: kiwix-serve.service, iiab-make-kiwix-lib, iiab-make-kiwix-lib.py, kiwix.conf'
@ -79,9 +82,14 @@
- { src: 'kiwix-serve.service.j2', dest: '/etc/systemd/system/kiwix-serve.service', mode: '0644' }
- { src: 'iiab-make-kiwix-lib', dest: '/usr/bin/iiab-make-kiwix-lib', mode: '0755' }
- { src: 'iiab-make-kiwix-lib3.py', dest: '/usr/bin/iiab-make-kiwix-lib.py', mode: '0755' }
- { src: 'kiwix.conf.j2', dest: '/etc/{{ apache_config_dir }}/kiwix.conf', mode: '0644' }
- { src: 'kiwix.conf.j2', dest: '/etc/{{ apache_conf_dir }}/kiwix.conf', mode: '0644' }
# 5. RECORD KIWIX AS INSTALLED IN /etc/iiab/iiab_state.yml
# 5. RECORD Kiwix AS INSTALLED
- name: "Set 'kiwix_installed: True'"
set_fact:
kiwix_installed: True
- name: "Add 'kiwix_installed: True' to {{ iiab_state_file }}"
lineinfile:

7
roles/kolibri/tasks/install.yml
View file

@ -113,6 +113,13 @@
# apache2_module:
# name: proxy_http
# RECORD Kolibri AS INSTALLED
- name: "Set 'kolibri_installed: True'"
set_fact:
kolibri_installed: True
- name: "Add 'kolibri_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

11
roles/lokole/tasks/install.yml
View file

@ -67,10 +67,10 @@
. {{ lokole_run_directory }}/webapp_secrets.sh
{{ lokole_venv }}/bin/manage.py createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}'
- name: Install /etc/{{ apache_config_dir }}/lokole.conf from template, for http://box{{ lokole_url }} via Apache # http://box/lokole
- name: Install /etc/{{ apache_conf_dir }}/lokole.conf from template, for http://box{{ lokole_url }} via Apache # http://box/lokole
template:
src: lokole.conf.j2
dest: "/etc/{{ apache_config_dir }}/lokole.conf"
dest: "/etc/{{ apache_conf_dir }}/lokole.conf"
when: apache_install | bool
- name: Install /etc/systemd/system/lokole.service unit file from template
@ -86,6 +86,13 @@
# state: restarted
# when: lokole_enabled | bool
# RECORD Lokole AS INSTALLED
- name: "Set 'lokole_installed: True'"
set_fact:
lokole_installed: True
- name: "Add 'lokole_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

2
roles/mediawiki/tasks/enable.yml
View file

@ -43,7 +43,7 @@
value: "{{ item.value | string }}"
with_items:
- option: name
value: mediawiki
value: MediaWiki
- option: description
value: '"MediaWiki is a blog and web site management application, from the people who create Wikipedia."'
- option: mediawiki_src

11
roles/mediawiki/tasks/install.yml
View file

@ -80,10 +80,17 @@
regexp: '^\$wgServer ='
line: '$wgServer = "//" . $_SERVER["HTTP_HOST"];'
- name: Install /etc/{{ apache_config_dir }}/mediawiki.conf from template, for http://box{{ mediawiki_url }} via Apache
- name: Install /etc/{{ apache_conf_dir }}/mediawiki.conf from template, for http://box{{ mediawiki_url }} via Apache
template:
src: mediawiki.conf.j2
dest: "/etc/{{ apache_config_dir }}/mediawiki.conf"
dest: "/etc/{{ apache_conf_dir }}/mediawiki.conf"
# RECORD MediaWiki AS INSTALLED
- name: "Set 'mediawiki_installed: True'"
set_fact:
mediawiki_installed: True
- name: "Add 'mediawiki_installed: True' to {{ iiab_state_file }}"
lineinfile:

15
roles/minetest/tasks/provision.yml
View file

@ -1,18 +1,18 @@
# Calculate local variables
- include_tasks: calc_vars.yml
- name: Check for minetest world file ({{ minetest_world_dir }}/world.mt)
- name: Check for Minetest world file ({{ minetest_world_dir }}/world.mt)
stat:
path: "{{ minetest_world_dir }}/world.mt"
register: minetest_world
- name: Create /library/games
- name: mkdir /library/games
file:
state: directory
path: /library/games
# owner: root
# group: root
# mode: 0755
# mode: '0755'
# rpi only
- include_tasks: rpi_minetest_install.yml
@ -28,7 +28,7 @@
depth: 1
when: not minetest_world.stat.exists and minetest_default_game == "carbone-ng"
- name: Give minetest user ownership of carbone-ng
- name: Give Minetest user ownership of carbone-ng
file:
state: directory
path: "{{ minetest_game_dir }}"
@ -69,6 +69,13 @@
path: "{{ minetest_game_dir }}/mods/name_restrictions"
when: minetest_default_game == "carbone-ng"
# RECORD Minetest AS INSTALLED
- name: "Set 'minetest_installed: True'"
set_fact:
minetest_installed: True
- name: "Add 'minetest_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

38
roles/mongodb/tasks/enable.yml
View file

@ -1,38 +0,0 @@
# 3. ENABLE/DISABLE
# 2019-07-08: mongodb_install is completely ignored. FYI mongodb_enabled: False
# works but is ineffective, as Sugarizer starts mongodb's systemd svc on its own
- name: Enable & Restart 'mongodb' systemd service if mongodb_enabled, incl daemon-reload (in case mongodb.service changed?)
systemd:
name: mongodb
daemon_reload: yes
enabled: yes
state: restarted
when: mongodb_enabled | bool
- name: Disable 'mongodb' service, if not mongodb_enabled
systemd:
name: mongodb
daemon_reload: yes
enabled: no
state: stopped
when: not mongodb_enabled
# 4. DOCUMENT IN /etc/iiab/iiab.ini
- name: Add 'mongodb' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}"
section: mongodb
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: MongoDB
- option: description
value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."'
- option: enabled
value: "{{ mongodb_enabled }}"

10
roles/mongodb/tasks/install.yml
View file

@ -7,7 +7,6 @@
- mongodb # 2019-01-31: this package does not exist on (cannot be installed on) Debian 10, SEE #1437
state: present
when: internet_available and not is_rpi
#tags: download
# 2019-02-02: Sugarizer with Node.js 10.x requires MongoDB 2.6+ so
# https://andyfelong.com/2017/08/mongodb-3-0-14-for-raspbian-stretch/
@ -101,7 +100,7 @@
when: is_rpi | bool
# 2. CONFIGURE FOR IIAB
# 2. CONFIGURE MongoDB FOR IIAB
- name: 'Create 3 dirs for MongoDB: /var/lib/mongodb, /var/log/mongodb, {{ mongodb_db_path }}'
file:
@ -127,6 +126,13 @@
- { src: 'mongodb.service.j2', dest: '/etc/systemd/system/mongodb.service', mode: '0644' }
- { src: 'iiab-mongodb-repair-if-no-lock.j2', dest: '/usr/bin/iiab-mongodb-repair-if-no-lock', mode: '0755' }
# 3. RECORD MongoDB AS INSTALLED
- name: "Set 'mongodb_installed: True'"
set_fact:
mongodb_installed: True
- name: "Add 'mongodb_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

62
roles/mongodb/tasks/main.yml
View file

@ -1,11 +1,59 @@
# 2019-07-08: mongodb_install is completely ignored. FYI mongodb_enabled: False
# works but is ineffective, as Sugarizer starts mongodb's systemd svc on its own
# "How do i fail a task in Ansible if the variable contains a boolean value?
# I want to perform input validation for Ansible playbooks"
# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
- name: Install 'mongodb' if not Debian 10+
# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
# to re-check whether vars are defined here. As Ansible vars cannot be unset:
# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
- name: Assert that "mongodb_install is sameas true" (boolean not string etc)
assert:
that: mongodb_install is sameas true
fail_msg: "PLEASE SET 'mongodb_install: True' e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: Assert that "mongodb_enabled | type_debug == 'bool'" (boolean not string etc)
assert:
that: mongodb_enabled | type_debug == 'bool'
fail_msg: "PLEASE GIVE VARIABLE 'mongodb_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: EXIT MONGODB PLAYBOOK, IF DEBIAN 10+ (where MongoDB doesn't exist)
meta: end_play
when: (is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)
- name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)) and not mongodb_installed is defined
when: mongodb_installed is undefined
- name: Enable 'mongodb' if not Debian 10+
include_tasks: enable.yml
when: not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)) or mongodb_installed is defined
- name: Enable & Restart 'mongodb' systemd service if mongodb_enabled, incl daemon-reload (in case mongodb.service changed?)
systemd:
name: mongodb
daemon_reload: yes
enabled: yes
state: restarted
when: mongodb_enabled | bool
- name: Disable 'mongodb' service, if not mongodb_enabled
systemd:
name: mongodb
enabled: no
state: stopped
when: not mongodb_enabled
- name: Add 'mongodb' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: mongodb
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: MongoDB
- option: description
value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."'
- option: enabled
value: "{{ mongodb_enabled }}"

9
roles/monit/tasks/install.yml
View file

@ -2,14 +2,12 @@
package:
name: monit
state: present
#tags: download
- name: Install chkconfig package (debian-8)
package:
name: chkconfig
state: present
when: is_debian and ansible_distribution_major_version == "8"
#tags: download
- name: Install /etc/monitrc from template
template:
@ -56,6 +54,13 @@
- option: enabled
value: "{{ monit_enabled }}"
# RECORD Monit AS INSTALLED
- name: "Set 'monit_installed: True'"
set_fact:
monit_installed: True
- name: "Add 'monit_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

20
roles/moodle/tasks/install.yml
View file

@ -1,4 +1,11 @@
- name: "Set PostgreSQL vars 'postgresql_install: True' and 'postgresql_enabled: True'"
- debug:
var: postgresql_install
- debug:
var: postgresql_enabled
- debug:
var: postgresql_installed
- name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'"
set_fact:
postgresql_install: True
postgresql_enabled: True
@ -78,13 +85,13 @@
- name: Remove Apache's stock moodle.conf
file:
path: "/etc/{{ apache_config_dir }}/moodle.conf"
path: "/etc/{{ apache_conf_dir }}/moodle.conf"
state: absent
- name: Install Apache's 022-moodle.conf from template, if moodle_enabled
template:
src: 022-moodle.j2
dest: "/etc/{{ apache_config_dir }}/022-moodle.conf"
dest: "/etc/{{ apache_conf_dir }}/022-moodle.conf"
# owner: root
# group: root
# mode: '0644'
@ -147,6 +154,13 @@
path: "{{ moodle_base }}/config.php"
mode: '0644'
# RECORD Moodle AS INSTALLED
- name: "Set 'moodle_installed: True'"
set_fact:
moodle_installed: True
- name: "Add 'moodle_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

8
roles/mosquitto/tasks/install.yml
View file

@ -5,7 +5,6 @@
with_items:
- mosquitto
- mosquitto-clients
#tags: download
- name: Disable & Stop 'mosquitto' service
systemd:
@ -30,6 +29,13 @@
group: root
mode: '0755'
# RECORD Mosquitto AS INSTALLED
- name: "Set 'mosquitto_installed: True'"
set_fact:
mosquitto_installed: True
- name: "Add 'mosquitto_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

2
roles/munin/tasks/apache.yml
View file

@ -1,6 +1,6 @@
- name: Enable http://box/munin via Apache
command: a2ensite munin24.conf
when: munin_enabled
when: munin_enabled | bool
- name: Disable http://box/munin via Apache
command: a2dissite munin24.conf

9
roles/munin/tasks/install.yml
View file

@ -26,7 +26,7 @@
# mode: 0644
with_items:
- { src: 'munin.conf.j2', dest: '/etc/munin/munin.conf' }
- { src: 'munin24.conf.j2', dest: '/etc/{{ apache_config_dir }}/munin24.conf' }
- { src: 'munin24.conf.j2', dest: '/etc/{{ apache_conf_dir }}/munin24.conf' }
- name: Establish username/password Admin/changeme in /etc/munin/munin-htpasswd
htpasswd:
@ -48,6 +48,13 @@
- /usr/share/munin/plugins/mysql_threads
when: mysql_enabled | bool
# RECORD Munin AS INSTALLED
- name: "Set 'munin_installed: True'"
set_fact:
munin_installed: True
- name: "Add 'munin_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

4
roles/munin/tasks/main.yml
View file

@ -19,7 +19,7 @@
quiet: yes
- name: Install Munin if 'munin_installed' is not defined in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
- name: Install Munin if 'munin_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: munin_installed is undefined
@ -59,7 +59,7 @@
value: Munin
- option: description
value: '"Munin is a networked resource monitoring tool that can help analyze resource trends and ''what just happened to kill our performance?'' problems."'
- option: installed
- option: install
value: "{{ munin_install }}"
- option: enabled
value: "{{ munin_enabled }}"

2
roles/munin/tasks/nginx.yml
View file

@ -2,7 +2,7 @@
template:
src: munin24-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/munin24-nginx.conf" # /etc/nginx/conf.d
when: munin_enabled
when: munin_enabled | bool
- name: Disable http://box/munin via NGINX, by installing {{ nginx_conf_dir }}/munin24-nginx.conf
file:

11
roles/mysql/tasks/main.yml
View file

@ -1,9 +1,9 @@
# TO DO:
# - Validate input vars mysql_install & mysql_enabled
# - Put ~12 stanzas just below into install.yml
# - Put ~13 stanzas just below into install.yml
# - Triggered by... 'when: mysql_installed is undefined'
# - Eliminate stale Fedora/CentOS code & gratuitous when: is_debuntu clauses?
# - Consider putting ~8 stanzas below that into enable.yml or similar?
# - Put ~8 stanzas below that into enable-or-disable.yml
- name: 'Install MySQL packages: mariadb-server, mariadb-client, and 8 php packages (debuntu)'
package:
@ -114,6 +114,13 @@
# line: "TimeoutStartSec=180"
when: mariadb_unit_file.stat.exists
# RECORD MySQL AS INSTALLED
- name: "Set 'mysql_installed: True'"
set_fact:
mysql_installed: True
- name: "Add 'mysql_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

2
roles/network/tasks/computed_network.yml
View file

@ -178,7 +178,6 @@
regexp: '^IIAB_WAN_DEVICE=*'
line: 'IIAB_WAN_DEVICE="{{ iiab_wan_iface }}"'
when: not installing #REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml
#tags: network
- name: Record IIAB_LAN_DEVICE to {{ iiab_env_file }}
lineinfile:
@ -187,7 +186,6 @@
line: 'IIAB_LAN_DEVICE="{{ iiab_lan_iface }}"'
state: present
when: not installing #REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml
#tags: network
- name: Add 'computed_network' variable values to {{ iiab_ini_file }}
ini_file:

1
roles/network/tasks/dansguardian.yml
View file

@ -2,7 +2,6 @@
package:
name: dansguardian
state: present
#tags: download
- name: Install /etc/dansguardian/dansguardian.conf from template (Fedora)
template:

1
roles/network/tasks/ifcfg_mods.yml
View file

@ -84,7 +84,6 @@
src: network/wifi-slave.j2
dest: "/etc/sysconfig/network-scripts/ifcfg-{{ iiab_wireless_lan_iface }}"
when: iiab_lan_iface == "br0" and iiab_wireless_lan_iface != "none"
#tags: network
- include_tasks: enable_wan.yml
when: not installing and not iiab_demo_mode

27
roles/network/tasks/main.yml
View file

@ -1,6 +1,5 @@
- include_tasks: detected_network.yml
when: not installing # REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml
#tags: network, network-discover # REMOVE SUCH LINES (BELOW TOO) AS WE'RE IN "network" ?
- name: IF WIFI IS PRIMARY GATEWAY, PLEASE RUN 'iiab-hotspot-on' MANUALLY
set_fact:
@ -27,10 +26,8 @@
- include_tasks: computed_network.yml
when: not installing #REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml
#tags: network, network-discover
- include_tasks: hostapd.yml
#tags: network, AP
#- name: RPi - don't reboot to AP post install - installed via wifi - don't blow away current network
# set_fact:
@ -44,12 +41,10 @@
##### End static ip address info
#- include_tasks: hosts.yml
# tags: network, hostname, domain
- name: Configure wondershaper
include_tasks: wondershaper.yml
when: wondershaper_install or wondershaper_installed is defined
#tags: network, wondershaper
- name: (Re)Install named
include_tasks: named.yml
@ -63,56 +58,48 @@
include_tasks: squid.yml
when: squid_install and FQDN_changed and iiab_stage|int == 9
#### start services
#### Start services
- include_tasks: avahi.yml
#tags: network
- include_tasks: computed_services.yml
#tags: network, named, dhcpd, dnsmasq, squid
- include_tasks: enable_services.yml
#tags: network, named, dhcpd, dnsmasq, squid
#### end services
#### End services
#### Start network layout
- name: Redhat networking
include_tasks: ifcfg_mods.yml
when: is_redhat | bool
#and not installing
#tags: network
- name: Netplan in use on Ubuntu 18.04+
include_tasks: netplan.yml
when: is_ubuntu and not is_ubuntu_16
#when: is_ubuntu_18 | bool
#and not installing
#tags: network
- name: NetworkManager in use
include_tasks: NM-debian.yml
when: is_debuntu and network_manager_active
#and not installing
#tags: network
- name: systemd-networkd in use
include_tasks: sysd-netd-debian.yml
when: is_debuntu and systemd_networkd_active
#and not installing
#tags: network
- name: RPi's have dhcpcd in use
include_tasks: rpi_debian.yml
when: is_debuntu and is_rpi
#and not installing
#tags: network
- name: Not RPi, Not NetworkManager, Not systemd-networkd in use
include_tasks: debian.yml
when: (not is_rpi and not network_manager_active and not systemd_networkd_active and is_debuntu) or is_ubuntu_16
#and not installing
#tags: network
#### end network layout
- include_tasks: restart.yml
when: not installing
#tags: network, named, dhcpd, dnsmasq, squid, AP
when: not installing # REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml

4
roles/network/tasks/named.yml
View file

@ -70,11 +70,11 @@
dest: "/etc/systemd/system/{{ dns_service }}.service"
mode: '0644'
- name: "Install /etc/{{ apache_config_dir }}/dns-jail.conf from template: dns-jail redirect requires the named.blackhole, disabling recursion (if dns_jail_enabled)"
- name: "Install /etc/{{ apache_conf_dir }}/dns-jail.conf from template: dns-jail redirect requires the named.blackhole, disabling recursion (if dns_jail_enabled)"
# in named-iiab.conf, and the redirection of 404 error documents to /
template:
src: roles/network/templates/named/dns-jail.conf
dest: "/etc/{{ apache_config_dir }}/"
dest: "/etc/{{ apache_conf_dir }}/"
when: dns_jail_enabled | bool
- name: "Add 'named_installed: True' to {{ iiab_state_file }}"

12
roles/nextcloud/tasks/apache.yml Normal file
View file

@ -0,0 +1,12 @@
- name: Enable http://box{{ nextcloud_url }} via Apache # http://box/nextcloud
command: a2ensite nextcloud.conf
when: nextcloud_enabled | bool
- name: Disable http://box{{ nextcloud_url }} via Apache # http://box/nextcloud
command: a2dissite nextcloud.conf
when: not nextcloud_enabled
- name: Restart '{{ apache_service }}' systemd service
systemd:
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted

58
roles/nextcloud/tasks/enable.yml
View file

@ -1,58 +0,0 @@
# Apache
- name: Enable http://box{{ nextcloud_url }} via Apache # http://box/nextcloud
command: a2ensite nextcloud.conf
when: apache_install and nextcloud_enabled
- name: Disable http://box{{ nextcloud_url }} via Apache # http://box/nextcloud
command: a2dissite nextcloud.conf
when: apache_install and not nextcloud_enabled
- name: Restart Apache systemd service ({{ apache_service }})
systemd:
name: "{{ apache_service }}"
state: restarted
when: apache_enabled | bool
# NGINX
- name: "SHIM: Enable http://box{{ nextcloud_url }} via NGINX, by installing {{ nginx_conf_dir }}/nextcloud-nginx.conf from template" # http://box/nextcloud
template:
src: nextcloud-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/nextcloud-nginx.conf"
when: nginx_install and nextcloud_enabled
- name: "SHIM: Disable http://box{{ nextcloud_url }} via NGINX, by removing {{ nginx_conf_dir }}/nextcloud-nginx.conf" # http://box/nextcloud
file:
path: "{{ nginx_conf_dir }}/nextcloud-nginx.conf"
state: absent
when: nginx_install and not nextcloud_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted
when: nginx_enabled | bool
- name: Add 'nextcloud' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}"
section: Nextcloud
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Nextcloud
- option: description
value: '"NextCloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."'
- option: path
value: "{{ nextcloud_prefix }}/nextcloud"
#- option: nextcloud_force_install
# value: "{{ nextcloud_force_install }}"
- option: nextcloud_orig_src_file
value: "{{ nextcloud_orig_src_file }}"
- option: nextcloud_src_file
value: "{{ nextcloud_src_file }}"
- option: nextcloud_enabled
value: "{{ nextcloud_enabled }}"

81
roles/nextcloud/tasks/install.yml
View file

@ -105,23 +105,23 @@
# NOT NEC TO TEST FOR is_raspbian_8 OR is_raspbian_9 AS /opt/iiab/iiab/vars/<OS>.yml
# DEFINES THESE AS SUBSETS OF is_debian_8 OR is_debian_9 (FOR NOW!)
# we need to install the rpm in order to get the dependencies
# but we only need to do this the first time
- name: Install 7 php packages (redhat)
package:
name:
- php
- php-gd
- php-json
- php-mysql
- php-curl
- php-intl
- php-mcrypt
# CentOS does not have a package for php-imagick
#- php-imagick
state: present
when: is_redhat | bool
## we need to install the rpm in order to get the dependencies
## but we only need to do this the first time
#
#- name: Install 7 php packages (redhat)
# package:
# name:
# - php
# - php-gd
# - php-json
# - php-mysql
# - php-curl
# - php-intl
# - php-mcrypt
# # CentOS does not have a package for php-imagick
# #- php-imagick
# state: present
# when: is_redhat | bool
- name: Unarchive {{ nextcloud_src_file_old }} to permanent location {{ nextcloud_prefix }}/nextcloud on older OS's lacking PHP 7.1+ # i.e. unpack nextcloud_latest-15.tar.bz2 to /opt/nextcloud
unarchive:
@ -139,32 +139,32 @@
when: php_new | bool
#when: nextcloud_force_install and not (is_debian_9 or is_raspbian_9 or is_ubuntu_16)
- name: Create dir /etc/nextcloud (centos) for a subsequent config dir that's symlinked to /etc/nextcloud ?
file:
path: /etc/nextcloud
state: directory
when: is_centos | bool
- name: Install {{ nextcloud_prefix }}/nextcloud/config/autoconfig.php from template (centos)
template:
src: autoconfig.php.j2
dest: "{{ nextcloud_prefix }}/nextcloud/config/autoconfig.php"
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
mode: '0640'
when: is_centos | bool
#- name: Create dir /etc/nextcloud (centos) for a subsequent config dir that's symlinked to /etc/nextcloud ?
# file:
# path: /etc/nextcloud
# state: directory
# when: is_centos | bool
#
#- name: Install {{ nextcloud_prefix }}/nextcloud/config/autoconfig.php from template (centos)
# template:
# src: autoconfig.php.j2
# dest: "{{ nextcloud_prefix }}/nextcloud/config/autoconfig.php"
# owner: "{{ apache_user }}"
# group: "{{ apache_user }}"
# mode: '0640'
# when: is_centos | bool
- name: chown -R {{ apache_user }}:{{ apache_user }} {{ nextcloud_prefix }}/nextcloud
file:
path: "{{ nextcloud_prefix }}/nextcloud"
path: "{{ nextcloud_prefix }}/nextcloud" # /opt
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
recurse: yes
state: directory
- name: Create data directory {{ nextcloud_data_dir }} # /opt/nextcloud/data
- name: Create data directory {{ nextcloud_data_dir }}
file:
path: "{{ nextcloud_data_dir }}"
path: "{{ nextcloud_data_dir }}" # /opt/nextcloud/data
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
mode: '0750'
@ -173,7 +173,18 @@
- name: Install Apache's nextcloud.conf from template, for http://box/nextcloud
template:
src: nextcloud.conf.j2
dest: "/etc/{{ apache_config_dir }}/nextcloud.conf"
dest: "/etc/{{ apache_conf_dir }}/nextcloud.conf"
- name: Provision Nextcloud's MySQL DB, run Nextcloud's install wizard etc
include_tasks: setup.yml
# RECORD Nextcloud AS INSTALLED
- name: "Set 'nextcloud_installed: True'"
set_fact:
nextcloud_installed: True
- name: "Add 'nextcloud_installed: True' to {{ iiab_state_file }}"
lineinfile:

67
roles/nextcloud/tasks/main.yml
View file

@ -1,18 +1,57 @@
- name: Does /opt/nextcloud/version.php exist?
stat:
path: "{{ nextcloud_prefix }}/nextcloud/version.php"
register: nextcloud_page
# "How do i fail a task in Ansible if the variable contains a boolean value?
# I want to perform input validation for Ansible playbooks"
# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
- name: FORCE INSTALL OR REINSTALL OR UPGRADE IF {{ nextcloud_prefix }}/nextcloud/version.php DOESN'T EXIST
#set_fact:
# nextcloud_force_install: True
# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
# to re-check whether vars are defined here. As Ansible vars cannot be unset:
# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
- name: Assert that "nextcloud_install is sameas true" (boolean not string etc)
assert:
that: nextcloud_install is sameas true
fail_msg: "PLEASE SET 'nextcloud_install: True' e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: Assert that "nextcloud_enabled | type_debug == 'bool'" (boolean not string etc)
assert:
that: nextcloud_enabled | type_debug == 'bool'
fail_msg: "PLEASE GIVE VARIABLE 'nextcloud_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: Install Nextcloud if 'nextcloud_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: nextcloud_install and (not nextcloud_installed is defined or not nextcloud_page.stat.exists)
when: nextcloud_installed is undefined
#
# ABOVE install.yml RUNS setup.yml
- name: Provision Nextcloud's MySQL DB, run Nextcloud's install wizard, etc
include_tasks: setup.yml
when: nextcloud_install and not installing
- name: Enable or disable Nextcloud
include_tasks: enable.yml
when: nextcloud_install or nextcloud_installed is defined
#- name: Enable/Disable/Restart Apache if primary
- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
include_tasks: apache.yml
#when: not nginx_enabled
- name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml
when: nginx_enabled | bool
- name: Add 'nextcloud' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: Nextcloud
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Nextcloud
- option: description
value: '"Nextcloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."'
- option: path
value: "{{ nextcloud_prefix }}/nextcloud"
- option: nextcloud_orig_src_file
value: "{{ nextcloud_orig_src_file }}"
- option: nextcloud_src_file
value: "{{ nextcloud_src_file }}"
- option: nextcloud_enabled
value: "{{ nextcloud_enabled }}"

16
roles/nextcloud/tasks/nginx.yml Normal file
View file

@ -0,0 +1,16 @@
- name: "SHIM: Enable http://box{{ nextcloud_url }} via NGINX, by installing {{ nginx_conf_dir }}/nextcloud-nginx.conf from template" # http://box/nextcloud
template:
src: nextcloud-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/nextcloud-nginx.conf" # /etc/nginx/conf.d
when: nextcloud_enabled | bool
- name: "SHIM: Disable http://box{{ nextcloud_url }} via NGINX, by removing {{ nginx_conf_dir }}/nextcloud-nginx.conf" # http://box/nextcloud
file:
path: "{{ nginx_conf_dir }}/nextcloud-nginx.conf" # /etc/nginx/conf.d
state: absent
when: not nextcloud_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted

7
roles/nginx/tasks/install.yml
View file

@ -43,6 +43,13 @@
state: restarted
when: nginx_enabled
# RECORD NGINX AS INSTALLED
- name: "Set 'nginx_installed: True'"
set_fact:
nginx_installed: True
- name: "Add 'nginx_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

7
roles/nodejs/tasks/main.yml
View file

@ -150,6 +150,13 @@
# thankfully; currently both offer Node.js 10.15.2
# 3. RECORD Node.js AS INSTALLED
- name: "Set 'nodejs_installed: True'"
set_fact:
nodejs_installed: True
- name: "Add 'nodejs_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

36
roles/nodered/tasks/install.yml
View file

@ -1,10 +1,33 @@
# 2019-01-16: @jvonau's PR #1403 moved installation of Node.js (8.x for now) &
# npm to roles/nodejs/tasks/main.yml
- debug:
var: nodejs_install
- debug:
var: nodejs_enabled
- debug:
var: nodejs_installed
- name: "Set 'nodejs_install: True' and 'nodejs_enabled: True'"
set_fact:
nodejs_install: True
nodejs_enabled: True
# 2020-01-04 no longer triggered by roles/nodered/meta/main.yml
- name: NODEJS - run the 'nodejs' role
include_role:
name: nodejs
# 2020-01-04 no longer triggered by roles/nodered/meta/main.yml
- name: FAIL (STOP THE INSTALL) IF nodejs_installed is undefined
fail:
msg: "Sugarizer install cannot proceed, as Node.js failed to install."
when: nodejs_installed is undefined
- name: FAIL (STOP THE INSTALL) IF nodejs_version != "12.x"
fail:
msg: "Sugarizer install cannot proceed, as it currently requires Node.js 12.x, and your nodejs_version appears to be {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml, /etc/iiab/local_vars.yml, /opt/iiab/iiab/roles/nodejs, etc!"
when: nodejs_version != "12.x"
# BRUTAL but ensures consistency across OS's / distros like Raspbian Desktop &
# Ubermix that often include an older version of Node-RED. Brutal, as this
@ -85,11 +108,11 @@
dest: /etc/systemd/system/nodered.service
# mode: '0666'
- name: Install /etc/{{ apache_config_dir }}/nodered.conf from template
- name: Install /etc/{{ apache_conf_dir }}/nodered.conf from template
template:
backup: yes
src: nodered.conf.j2
dest: "/etc/{{ apache_config_dir }}/nodered.conf"
dest: "/etc/{{ apache_conf_dir }}/nodered.conf"
# mode: '0666'
# SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml
@ -98,6 +121,13 @@
state: present
name: proxy_wstunnel
# RECORD Node-RED AS INSTALLED
- name: "Set 'nodered_installed: True'"
set_fact:
nodered_installed: True
- name: "Add 'nodered_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

13
roles/openvpn/tasks/main.yml
View file

@ -1,4 +1,4 @@
# TO DO: WRAP 11 OR 12 STANZAS BELOW INTO install.yml, conditioned by...
# TO DO: WRAP 12 OR 13 STANZAS BELOW INTO install.yml, conditioned by...
# 'when: openvpn_installed is undefined'
#
# BEWARE: 4th stanza (ssh pubkey deletions) is already conditioned by...
@ -107,6 +107,13 @@
path: /usr/bin/iiab-vpn-off
state: link
# RECORD OpenVPN AS INSTALLED
- name: "Set 'openvpn_installed: True'"
set_fact:
openvpn_installed: True
- name: "Add 'openvpn_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
@ -114,7 +121,7 @@
line: 'openvpn_installed: True'
# TO DO: WRAP COMMENTS + 4 ACTIVE STANZAS BELOW INTO enable.yml...
# TO DO: WRAP COMMENTS + 4 ACTIVE STANZAS BELOW INTO enable-or-disable.yml...
# FIXED SOMETIME PRIOR TO AUGUST 2018: earlier versions of Ansible had not
# been working with systemd service names that contained the "@" character.
@ -208,7 +215,7 @@
- option: name
value: OpenVPN
- option: description
value: "OpenVPN enables live/remote support by connecting machines anywhere on the Internet, via a middleman server, using Virtual Private Network (VPN) techniques to create secure connections."
value: '"OpenVPN enables live/remote support by connecting machines anywhere on the Internet, via a middleman server, using Virtual Private Network (VPN) techniques to create secure connections."'
- option: enabled
value: "{{ openvpn_enabled }}"
# openvpn_handle variable can no longer be left completely undefined of August 2018 (EMPTY STRING "" IS TOLERATED, in which case OpenVPN server should use /etc/iiab/uuid in lieu of the handle)

6
roles/osm-vector-maps/tasks/install.yml
View file

@ -67,6 +67,12 @@
dest: "{{ vector_map_path }}/index.html" # /library/www/osm-vector-maps
# RECORD OSM Vector Maps AS INSTALLED
- name: "Set 'osm_vector_maps_installed: True'"
set_fact:
osm_vector_maps_installed: True
- name: "Add 'osm_vector_maps_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

4
roles/osm-vector-maps/tasks/main.yml
View file

@ -19,7 +19,7 @@
quiet: yes
- name: Install OSM Vector Maps if 'osm_vector_maps_installed' is not defined in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
- name: Install OSM Vector Maps if 'osm_vector_maps_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: osm_vector_maps_installed is undefined
@ -43,7 +43,7 @@
value: OSM Vector Maps
- option: description
value: '"OpenStreetMap is like Google Maps but better, for schools especially, as it works offline and avoids all the advertising. Download detailed ''vector maps'' for an entire continent, or the entire world! Also includes 10+ zoom levels of satellite imagery!"'
- option: installed
- option: install
value: "{{ osm_vector_maps_install }}"
- option: enabled
value: "{{ osm_vector_maps_enabled }}"

4
roles/osm-vector-maps/tasks/nginx.yml
View file

@ -1,12 +1,12 @@
- name: Enable http://box/maps & http://box/osm-vector-maps via NGINX, by installing {{ nginx_conf_dir }}/osm-vector-maps-nginx.conf from template
template:
src: osm-vector-maps-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/osm-vector-maps-nginx.conf"
dest: "{{ nginx_conf_dir }}/osm-vector-maps-nginx.conf" # /etc/nginx/conf.d
when: osm_vector_maps_enabled | bool
- name: Disable http://box/maps & http://box/osm-vector-maps via NGINX, by removing {{ nginx_conf_dir }}/osm-vector-maps-nginx.conf
file:
path: "{{ nginx_conf_dir }}/osm-vector-maps-nginx.conf"
path: "{{ nginx_conf_dir }}/osm-vector-maps-nginx.conf" # /etc/nginx/conf.d
state: absent
when: not osm_vector_maps_enabled

30
roles/pbx/tasks/main.yml
View file

@ -1,7 +1,24 @@
- debug:
var: nodejs_install
- debug:
var: nodejs_enabled
- debug:
var: nodejs_installed
- name: "Set 'nodejs_install: True' and 'nodejs_enabled: True'"
set_fact:
nodejs_install: True
nodejs_enabled: True
- name: NODEJS - run the 'nodejs' role
include_role:
name: nodejs
- name: FAIL (STOP THE INSTALL) IF nodejs_installed is undefined
fail:
msg: "PBX install cannot proceed, as Node.js failed to install."
when: nodejs_installed is undefined
- name: Fail if nodejs_version is incorrect
fail:
msg: >-
@ -49,3 +66,16 @@
- name: Asterisk - Install chan_dongle
include: chan_dongle.yml
when: asterisk_chan_dongle | bool
# RECORD PBX AS INSTALLED
- name: "Set 'pbx_installed: True'"
set_fact:
pbx_installed: True
- name: "Add 'pbx_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^pbx_installed'
line: 'pbx_installed: True'

36
roles/phpmyadmin/tasks/main.yml
View file

@ -45,6 +45,19 @@
# # recurse: yes
# # state: directory
- name: Install /etc/{{ apache_conf_dir }}/phpmyadmin.conf from template, if phpmyadmin_enabled
template:
src: phpmyadmin.j2
dest: "/etc/{{ apache_conf_dir }}/phpmyadmin.conf"
when: apache_install | bool
# RECORD phpMyAdmin AS INSTALLED
- name: "Set 'phpmyadmin_installed: True'"
set_fact:
phpmyadmin_installed: True
- name: "Add 'phpmyadmin_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
@ -52,24 +65,13 @@
line: 'phpmyadmin_installed: True'
- name: Install /etc/{{ apache_config_dir }}/phpmyadmin.conf from template, if phpmyadmin_enabled
template:
src: phpmyadmin.j2
dest: "/etc/{{ apache_config_dir }}/phpmyadmin.conf"
when: phpmyadmin_enabled | bool
- name: Enable phpMyAdmin via Apache, if phpmyadmin_enabled
command: a2ensite phpmyadmin.conf
when: apache_install and phpmyadmin_enabled
- name: Create symlink phpmyadmin.conf from sites-enabled to sites-available (debuntu)
file:
src: /etc/apache2/sites-available/phpmyadmin.conf
path: /etc/apache2/sites-enabled/phpmyadmin.conf
state: link
when: phpmyadmin_enabled and is_debuntu
- name: Remove /etc/apache2/sites-enabled/phpmyadmin.conf, if not phpmyadmin_enabled (debuntu)
file:
path: /etc/apache2/sites-enabled/phpmyadmin.conf
state: absent
when: not phpmyadmin_enabled and is_debuntu
- name: Disable phpMyAdmin via Apache, if not phpmyadmin_enabled
command: a2dissite phpmyadmin.conf
when: apache_install and not phpmyadmin_enabled
- name: Add 'phpmyadmin' variable values to {{ iiab_ini_file }}

11
roles/postgresql/tasks/main.yml
View file

@ -1,6 +1,6 @@
# TO DO:
# - Validate input vars postgresql_install & postgresql_enabled
# - Put ~12 stanzas just below into install.yml
# - Put ~13 stanzas just below into install.yml
# - Triggered by... 'when: postgresql_installed is undefined'
- name: Install 'postgresql' package
@ -85,6 +85,13 @@
state: stopped
enabled: no
# RECORD PostgreSQL AS INSTALLED
- name: "Set 'postgresql_installed: True'"
set_fact:
postgresql_installed: True
- name: "Add 'postgresql_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
@ -118,7 +125,7 @@
value: PostgreSQL
- option: description
value: '"PostgreSQL is a powerful, open source object-relational database system."'
- option: installed
- option: install
value: "{{ postgresql_install }}"
- option: enabled
value: "{{ postgresql_enabled }}"

26
roles/samba/tasks/main.yml
View file

@ -21,51 +21,55 @@
- samba-common
- cifs-utils
state: present
#tags: samba, download
- name: Install /etc/samba/smb.conf from template
template:
src: smb.conf.j2
dest: /etc/samba/smb.conf
# RECORD Samba AS INSTALLED
- name: "Set 'samba_installed: True'"
set_fact:
samba_installed: True
- name: "Add 'samba_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^samba_installed'
line: 'samba_installed: True'
- name: Enable & Start Samba systemd service
- name: Enable & Start Samba systemd service ({{ smb_service }}) if samba_enabled
service:
name: "{{ smb_service }}"
state: started
enabled: yes
#tags: samba
when: samba_enabled | bool
- name: Enable & Start NetBIOS name server ({{ nmb_service }})
- name: Enable & Start NetBIOS name service ({{ nmb_service }}) if samba_enabled
service:
name: "{{ nmb_service }}"
state: started
enabled: yes
#tags: samba
when: samba_enabled | bool
- name: Disable Samba if not samba_enabled
service:
- name: Disable & Stop Samba systemd service ({{ smb_service }}) if not samba_enabled
systemd:
name: "{{ smb_service }}"
state: stopped
enabled: no
#tags: samba
when: not samba_enabled
- name: Disable NetBIOS name server ({{ nmb_service }}) if not samba_enabled
service:
- name: Disable & Stop NetBIOS name service ({{ nmb_service }}) if not samba_enabled
systemd:
name: "{{ nmb_service }}"
state: stopped
enabled: no
#tags: samba
when: not samba_enabled
- name: Add 'samba' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}"

40
roles/sshd/tasks/main.yml
View file

@ -2,25 +2,24 @@
package:
name: "{{ sshd_package }}"
state: present
when: sshd_enabled | bool
- name: Disable root login with password
- name: Disable password-based logins to root
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^PermitRootLogin'
line: 'PermitRootLogin without-password'
state: present
when: sshd_enabled | bool
#when: sshd_enabled | bool
#TODO: use handler to reload ssh
- name: Create root .ssh
- name: mkdir /root/.ssh
file:
state: directory
path: /root/.ssh
owner: root
group: root
mode: 0700
state: directory
when: sshd_enabled | bool
mode: '0700'
#when: sshd_enabled | bool
- name: Install dummy root keys as placeholder
copy:
@ -28,19 +27,34 @@
dest: /root/.ssh/authorized_keys
owner: root
group: root
mode: 0600
mode: '0600'
force: no
when: sshd_enabled | bool
#when: sshd_enabled | bool
- name: Enable & start ssh daemon
service:
# RECORD sshd AS INSTALLED
- name: "Set 'sshd_installed: True'"
set_fact:
sshd_installed: True
- name: "Add 'sshd_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^sshd_installed'
line: 'sshd_installed: True'
- name: Enable & Start ssh daemon ({{ sshd_service }}) if sshd_enabled
systemd:
name: "{{ sshd_service }}"
daemon_reload: yes
enabled: yes
state: started
when: sshd_enabled | bool
- name: Disable ssh daemon
service:
- name: Disable & Stop ssh daemon ({{ sshd_service }}) if not sshd_enabled
systemd:
name: "{{ sshd_service }}"
enabled: no
state: stopped

12
roles/sugarizer/tasks/apache.yml Normal file
View file

@ -0,0 +1,12 @@
- name: Enable http://box/sugarizer & http://box/sugar via Apache
command: a2ensite sugarizer.conf
when: sugarizer_enabled
- name: Disable http://box/sugarizer & http://box/sugar via Apache
command: a2dissite sugarizer.conf
when: not sugarizer_enabled
- name: Restart '{{ apache_service }}' systemd service
systemd:
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted

72
roles/sugarizer/tasks/enable.yml
View file

@ -1,72 +0,0 @@
# auto starts mongodb via the requires= line in unit file
- name: Enable & Restart 'sugarizer' systemd service
systemd:
name: sugarizer
daemon_reload: yes # in case mongodb.service changed, etc
enabled: yes
state: restarted
when: sugarizer_enabled | bool
# stops sugarizer but not mongodb
- name: Disable & Stop 'sugarizer' systemd service
systemd:
name: sugarizer
enabled: no
state: stopped
when: not sugarizer_enabled
# stops mongodb would of been called via meta/main.yml prior
- name: Run mongodb/tasks/enable.yml to stop MongoDB, if not sugarizer_enabled
include_tasks: roles/mongodb/tasks/enable.yml
when: not sugarizer_enabled
# Apache
- name: Enable http://box/sugarizer & http://box/sugar via Apache
command: a2ensite sugarizer.conf
when: apache_install and sugarizer_enabled
- name: Disable http://box/sugarizer & http://box/sugar via Apache
command: a2dissite sugarizer.conf
when: apache_install and not sugarizer_enabled
- name: Restart Apache systemd service ({{ apache_service }})
systemd:
name: "{{ apache_service }}"
state: restarted
when: apache_enabled | bool
# NGINX
- name: Enable http://box/sugarizer via NGINX, by installing {{ nginx_conf_dir }}/sugarizer-nginx.conf from template
template:
src: sugarizer-nginx.conf
dest: "{{ nginx_conf_dir }}/sugarizer-nginx.conf"
when: nginx_install and sugarizer_enabled
- name: Disable http://box/sugarizer via NGINX, by removing {{ nginx_conf_dir }}/sugarizer-nginx.conf
file:
path: "{{ nginx_conf_dir }}/sugarizer-nginx.conf"
state: absent
when: nginx_install and not sugarizer_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted
when: nginx_enabled | bool
- name: Add 'sugarizer' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}"
section: sugarizer
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Sugarizer
- option: description
value: '"The Sugar Learning Platform began with the famous One Laptop Per Child project, written in Python. Sugarizer is the new HTML/JavaScript implementation of Sugar, usable in most all browsers."'
- option: sugarizer_enabled
value: "{{ sugarizer_enabled }}"

67
roles/sugarizer/tasks/install.yml
View file

@ -1,15 +1,61 @@
- name: MONGODB - run the 'mongodb' role
include_role:
name: mongodb
# 0. ATTEMPT INSTALL-THEN-ASSERT OF (1) HARD PREREQ Node.js (2) SOFT PREREQ MongoDB
- debug:
var: nodejs_install
- debug:
var: nodejs_enabled
- debug:
var: nodejs_installed
- name: "Set 'nodejs_install: True' and 'nodejs_enabled: True'"
set_fact:
nodejs_install: True
nodejs_enabled: True
- name: NODEJS - run the 'nodejs' role
include_role:
name: nodejs
- name: FAIL (STOP INSTALLING) IF nodejs_version is not set to 12.x
- name: FAIL (STOP THE INSTALL) IF nodejs_installed is undefined
fail:
msg: "Sugarizer install cannot proceed, as it currently requires Node.js 12.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml"
when: sugarizer_install and (nodejs_version != "12.x")
msg: "Sugarizer install cannot proceed, as Node.js failed to install."
when: nodejs_installed is undefined
- name: FAIL (STOP THE INSTALL) IF nodejs_version != "12.x"
fail:
msg: "Sugarizer install cannot proceed, as it currently requires Node.js 12.x, and your nodejs_version appears to be {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml, /etc/iiab/local_vars.yml, /opt/iiab/iiab/roles/nodejs, etc!"
when: nodejs_version != "12.x"
- debug:
var: mongodb_install
- debug:
var: mongodb_enabled
- debug:
var: mongodb_installed
- name: "Set 'mongodb_install: True' and 'mongodb_enabled: True'"
set_fact:
mongodb_install: True
mongodb_enabled: True
- name: MONGODB - run the 'mongodb' role
include_role:
name: mongodb
# 2020-01-29: FOR NOW LET'S TRY A VERY SOFT (BEST EFFORT) PREREQ, AS Sugarizer
# TRADITIONALLY CAN WORK (?) EVEN WITHOUT MongoDB. IF LATER WE INSTEAD WANT TO
# ENFORCE MongoDB...AS A MEDIUM-STRENGTH PREREQ...OR AS A HARD (STRICT) PREREQ
# ...THEN UNCOMMENT EITHER BELOW:
#
#- name: EXIT SUGARIZER PLAYBOOK (BUT CONTINUE INSTALLING IIAB) IF mongodb_installed is undefined
# meta: end_play
# when: mongodb_installed is undefined
#
#- name: FAIL (STOP THE INSTALL) IF mongodb_installed is undefined
# fail:
# msg: "Sugarizer install cannot proceed, as MongoDB failed to install."
# when: mongodb_installed is undefined
# 1. DOWNLOAD+LINK /opt/iiab/sugarizer
@ -149,7 +195,7 @@
# mode: '0644'
with_items:
- { src: 'sugarizer.service', dest: '/etc/systemd/system/sugarizer.service' }
- { src: 'sugarizer.conf.j2', dest: "/etc/{{ apache_config_dir }}/sugarizer.conf" }
- { src: 'sugarizer.conf.j2', dest: "/etc/{{ apache_conf_dir }}/sugarizer.conf" }
#- { src: 'sugarizer.ini.j2', dest: '{{ iiab_base }}/sugarizer-server/env/sugarizer.ini' }
#- { src: 'sugarizer.js', dest: '{{ iiab_base }}/sugarizer-server' }
@ -223,6 +269,13 @@
# # Use this instead, if tabs are truly nec:
# # block: "\tvar pathPrefix = '/sugarizer';\n\tapp.use(pathPrefix, require('path-prefix-proxy')(pathPrefix));"
# 6. RECORD Sugarizer AS INSTALLED
- name: "Set 'sugarizer_installed: True'"
set_fact:
sugarizer_installed: True
- name: "Add 'sugarizer_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

75
roles/sugarizer/tasks/main.yml
View file

@ -1,7 +1,70 @@
- name: Install 'sugarizer' if sugarizer_install and not Debian 10+
include_tasks: install.yml
when: not sugarizer_installed is defined and sugarizer_install and not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9))
# "How do i fail a task in Ansible if the variable contains a boolean value?
# I want to perform input validation for Ansible playbooks"
# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
- name: Enable 'sugarizer' if sugarizer_enabled
include_tasks: enable.yml
when: (sugarizer_install or sugarizer_installed is defined) and not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9))
# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
# to re-check whether vars are defined here. As Ansible vars cannot be unset:
# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
- name: Assert that "sugarizer_install is sameas true" (boolean not string etc)
assert:
that: sugarizer_install is sameas true
fail_msg: "PLEASE SET 'sugarizer_install: True' e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: Assert that "sugarizer_enabled | type_debug == 'bool'" (boolean not string etc)
assert:
that: sugarizer_enabled | type_debug == 'bool'
fail_msg: "PLEASE GIVE VARIABLE 'sugarizer_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: Install Sugarizer if 'sugarizer_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: sugarizer_installed is undefined
# Auto-starts mongodb via the requires= line in unit file
- name: Enable & Restart 'sugarizer' systemd service, if sugarizer_enabled
systemd:
name: sugarizer
daemon_reload: yes # in case mongodb.service changed, etc
enabled: yes
state: restarted
when: sugarizer_enabled | bool
# Stops sugarizer but not mongodb
- name: Disable & Stop 'sugarizer' systemd service, if not sugarizer_enabled
systemd:
name: sugarizer
enabled: no
state: stopped
when: not sugarizer_enabled
# Stops mongodb (in the past this would've been called via meta/main.yml)
- name: Run mongodb/tasks/enable.yml to stop MongoDB, if not sugarizer_enabled
include_tasks: roles/mongodb/tasks/enable.yml
when: not sugarizer_enabled
- name: Enable/Disable/Restart Apache if primary
include_tasks: apache.yml
when: not nginx_enabled
- name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml
when: nginx_enabled | bool
- name: Add 'sugarizer' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: sugarizer
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Sugarizer
- option: description
value: '"The Sugar Learning Platform began with the famous One Laptop Per Child project, written in Python. Sugarizer is the new HTML/JavaScript implementation of Sugar, usable in most all browsers."'
- option: sugarizer_enabled
value: "{{ sugarizer_enabled }}"

16
roles/sugarizer/tasks/nginx.yml Normal file
View file

@ -0,0 +1,16 @@
- name: Enable http://box/sugarizer via NGINX, by installing {{ nginx_conf_dir }}/sugarizer-nginx.conf from template
template:
src: sugarizer-nginx.conf
dest: "{{ nginx_conf_dir }}/sugarizer-nginx.conf" # /etc/nginx/conf.d
when: sugarizer_enabled | bool
- name: Disable http://box/sugarizer via NGINX, by removing {{ nginx_conf_dir }}/sugarizer-nginx.conf
file:
path: "{{ nginx_conf_dir }}/sugarizer-nginx.conf" # /etc/nginx/conf.d
state: absent
when: not sugarizer_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted

13
roles/transmission/tasks/main.yml
View file

@ -7,11 +7,11 @@
- name: Create download dir {{ transmission_download_dir }}, owned by {{ transmission_user }}:{{ transmission_group }}
file:
state: directory
path: "{{ transmission_download_dir }}" # /library/transmission
owner: "{{ transmission_user }}" # debian-transmission
group: "{{ transmission_group }}" # root
# mode: '0755'
state: directory
- name: Stop 'transmission-daemon' systemd service, before modifying its settings
systemd:
@ -23,9 +23,16 @@
template:
src: settings.json.j2
dest: /etc/transmission-daemon/settings.json
# mode: '0644'
owner: "{{ transmission_user }}" # debian-transmission
group: "{{ transmission_group }}" # root
# mode: '0644'
# RECORD Transmission AS INSTALLED
- name: "Set 'transmission_installed: True'"
set_fact:
transmission_installed: True
- name: "Add 'transmission_installed: True' to {{ iiab_state_file }}"
lineinfile:
@ -69,7 +76,7 @@
value: "{{ item.value | string }}"
with_items:
- option: name
value: transmission
value: Transmission
- option: description
value: '"Transmission is a set of lightweight BitTorrent clients (in GUI, CLI and daemon form)."'
- option: transmission_install

0
roles/usb-lib/README.rst → roles/usb_lib/README.rst
View file

0
roles/usb-lib/defaults/main.yml → roles/usb_lib/defaults/main.yml
View file

109
roles/usb_lib/tasks/main.yml Normal file
View file

@ -0,0 +1,109 @@
# TO DO:
# - validate input vars + prereqs
# - move 6 top stanzas into install.yml
# - move 6 mid/lower stanzas into enable-or-disable.yml
# - verify analogous NGINX logic from roles/nginx/* -- then integrate as nec?
- name: Add dir {{ doc_root }}/local_content, where USB drive links can appear
file:
state: directory
path: "{{ doc_root }}/local_content"
owner: "{{ apache_user }}"
group: "{{ iiab_admin_user }}" # ISN'T "{{ apache_user }}" MORE APPROPRIATE?
mode: '0775'
- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off'
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
with_items:
- { src: 'usbmount@.service.j2' , dest: '/etc/systemd/system/usbmount@.service', mode: '0644' }
- { src: 'usbmount.rules.j2' , dest: '/etc/udev/rules.d/usbmount.rules', mode: '0644' }
- { src: 'iiab-usb_lib-show-all-on' , dest: '/usr/bin/', mode: '0755' }
- { src: 'iiab-usb_lib-show-all-off' , dest: '/usr/bin/', mode: '0755' }
- name: Enable exFAT and NTFS in /etc/usbmount/usbmount.conf
lineinfile:
regexp: '^FILESYSTEMS.*'
line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"'
path: /etc/usbmount/usbmount.conf
- name: Install /etc/{{ apache_conf_dir }}/content_dir.conf from template
template:
src: content_dir.conf
dest: "/etc/{{ apache_conf_dir }}"
when: apache_install
# RECORD usb_lib AS INSTALLED
- name: "Set 'usb_lib_installed: True'"
set_fact:
usb_lib_installed: True
- name: "Add 'usb_lib_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^usb_lib_installed'
line: 'usb_lib_installed: True'
- name: Install /etc/usbmount/mount.d/70-usb-library from template, if usb_lib_enabled
template:
src: mount.d/70-usb-library
dest: /etc/usbmount/mount.d/
owner: root
group: root
mode: '0751'
when: usb_lib_enabled | bool
- name: Install /etc/usbmount/umount.d/70-usb-library from template, if usb_lib_enabled
template:
src: umount.d/70-usb-library
dest: /etc/usbmount/umount.d
owner: root
group: root
mode: '0751'
when: usb_lib_enabled | bool
- name: Remove /etc/usbmount/mount.d/70-usb-library if not usb_lib_enabled
file:
path: /etc/usbmount/mount.d/70-usb-library
state: absent
when: not usb_lib_enabled
- name: Remove /etc/usbmount/umount.d/70-usb-library if not usb_lib_enabled
file:
path: /etc/usbmount/umount.d/70-usb-library
state: absent
when: not usb_lib_enabled
- name: Enable http://box/usb via Apache, if usb_lib_enabled
command: a2ensite content_dir.conf
when: apache_install and usb_lib_enabled
- name: Disable http://box/usb via Apache, if not usb_lib_enabled
command: a2dissite content_dir.conf
when: apache_install and not usb_lib_enabled
- name: Put variable in iiab.env that enables display of content at root of USB
lineinfile:
path: "{{ iiab_env_file }}"
regexp: "^IIAB_USB_LIB_SHOW_ALL.*"
line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}"
- name: Add 'usb_lib' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}"
section: usb_lib
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: usb_lib
- option: description
value: '"usb_lib automounts Teacher Content on USB drives to /library/www/html/local_content, so students can browse it almost immediately at http://box/usb"'
- option: enabled
value: "{{ usb_lib_enabled }}"

102
roles/usb-lib/tasks/main.yml → roles/usb_lib/tasks/main.yml~
View file

@ -1,21 +1,18 @@
# TO DO:
# - validate input vars + prereqs
# - move 6 top stanzas into install.yml
# - move 6 mid/lower stanzas into enable-or-disable.yml
# - verify analogous NGINX logic from roles/nginx/* -- then integrate as nec?
- name: Add dir {{ doc_root }}/local_content, where USB drive links can appear
file:
path: "{{ doc_root }}/local_content"
state: directory
path: "{{ doc_root }}/local_content"
owner: "{{ apache_user }}"
group: "{{ iiab_admin_user }}" # ISN'T "{{ apache_user }}" MORE APPROPRIATE?
mode: 0775
mode: '0775'
- name: Install /etc/usbmount/mount.d/70-usb-library from template
template:
src: mount.d/70-usb-library
dest: /etc/usbmount/mount.d/
owner: root
group: root
mode: 0751
when: usb_lib_enabled | bool
- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb-lib-show-all-on, /usr/bin/iiab-usb-lib-show-all-off'
- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off'
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
@ -23,22 +20,51 @@
with_items:
- { src: 'usbmount@.service.j2' , dest: '/etc/systemd/system/usbmount@.service', mode: '0644' }
- { src: 'usbmount.rules.j2' , dest: '/etc/udev/rules.d/usbmount.rules', mode: '0644' }
- { src: 'iiab-usb-lib-show-all-on' , dest: '/usr/bin/', mode: '0755' }
- { src: 'iiab-usb-lib-show-all-off' , dest: '/usr/bin/', mode: '0755' }
- { src: 'iiab-usb_lib-show-all-on' , dest: '/usr/bin/', mode: '0755' }
- { src: 'iiab-usb_lib-show-all-off' , dest: '/usr/bin/', mode: '0755' }
- name: Enable exFAT and NTFS in /etc/usbmount/usbmount.conf
lineinfile:
lineinfile:
regexp: '^FILESYSTEMS.*'
line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"'
path: /etc/usbmount/usbmount.conf
- name: Install /etc/usbmount/umount.d/70-usb-library from template
- name: Install /etc/{{ apache_conf_dir }}/content_dir.conf from template
template:
src: content_dir.conf
dest: "/etc/{{ apache_conf_dir }}"
when: apache_install
# RECORD usb_lib AS INSTALLED
- name: "Set 'usb_lib_installed: True'"
set_fact:
usb_lib_installed: True
- name: "Add 'usb_lib_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^usb_lib_installed'
line: 'usb_lib_installed: True'
- name: Install /etc/usbmount/mount.d/70-usb-library from template, if usb_lib_enabled
template:
src: mount.d/70-usb-library
dest: /etc/usbmount/mount.d/
owner: root
group: root
mode: '0751'
when: usb_lib_enabled | bool
- name: Install /etc/usbmount/umount.d/70-usb-library from template, if usb_lib_enabled
template:
src: umount.d/70-usb-library
dest: /etc/usbmount/umount.d
owner: root
group: root
mode: 0751
mode: '0751'
when: usb_lib_enabled | bool
- name: Remove /etc/usbmount/mount.d/70-usb-library if not usb_lib_enabled
@ -53,47 +79,31 @@
state: absent
when: not usb_lib_enabled
- name: Enable http://box/usb via Apache, if usb_lib_enabled
shell: a2ensite content_dir.conf
when: apache_install and usb_lib_enabled
- name: Disable http://box/usb via Apache, if not usb_lib_enabled
shell: a2dissite content_dir.conf
when: apache_install and not usb_lib_enabled
- name: Put variable in iiab.env that enables display of content at root of USB
lineinfile:
path: "{{ iiab_env_file }}"
regexp: "^IIAB_USB_LIB_SHOW_ALL.*"
line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}"
- name: Install /etc/{{ apache_config_dir }}/content_dir.conf from template
template:
src: content_dir.conf
dest: "/etc/{{ apache_config_dir }}"
when: usb_lib_enabled | bool
- name: Create symlink content_dir.conf from sites-enabled to sites-available (debuntu)
file:
src: "/etc/{{ apache_config_dir }}/content_dir.conf"
dest: /etc/apache2/sites-enabled/content_dir.conf
state: link
when: is_debuntu | bool
- name: Remove symlink content_dir.conf from /etc/apache2/sites-enabled (debuntu)
file:
dest: /etc/apache2/sites-enabled/content_dir.conf
state: absent
when: is_debuntu and not usb_lib_enabled
- name: Remove content_dir.conf from /etc/{{ apache_config_dir }}
file:
name: "/etc/{{ apache_config_dir }}/content_dir.conf"
state: absent
when: not usb_lib_enabled
- name: Add 'usb-lib' variable values to {{ iiab_ini_file }}
- name: Add 'usb_lib' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}"
section: usb-lib
section: usb_lib
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: usb-lib
value: usb_lib
- option: description
value: '"usb-lib automounts Teacher Content on USB drives to /library/www/html/local_content, so students can browse it almost immediately at http://box/usb"'
value: '"usb_lib automounts Teacher Content on USB drives to /library/www/html/local_content, so students can browse it almost immediately at http://box/usb"'
- option: enabled
value: "{{ usb_lib_enabled }}"

0
roles/usb-lib/templates/content_dir.conf → roles/usb_lib/templates/content_dir.conf
View file

0
roles/usb-lib/templates/iiab-usb-lib-show-all-off → roles/usb_lib/templates/iiab-usb_lib-show-all-off
View file

0
roles/usb-lib/templates/iiab-usb-lib-show-all-on → roles/usb_lib/templates/iiab-usb_lib-show-all-on
View file

0
roles/usb-lib/templates/mount.d/70-usb-library → roles/usb_lib/templates/mount.d/70-usb-library
View file

0
roles/usb-lib/templates/umount.d/70-usb-library → roles/usb_lib/templates/umount.d/70-usb-library
View file

0
roles/usb-lib/templates/usbmount.rules.j2 → roles/usb_lib/templates/usbmount.rules.j2
View file

0
roles/usb-lib/templates/usbmount@.service.j2 → roles/usb_lib/templates/usbmount@.service.j2
View file

12
roles/vnstat/tasks/main.yml
View file

@ -2,7 +2,6 @@
package:
name: vnstat
state: present
#tags: download
- name: Install /etc/vnstat.conf from template
template:
@ -19,6 +18,13 @@
shell: /usr/bin/vnstat -i {{ iiab_lan_iface }}
when: iiab_lan_iface is defined
# RECORD vnStat AS INSTALLED
- name: "Set 'vnstat_installed: True'"
set_fact:
vnstat_installed: True
- name: "Add 'vnstat_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
@ -26,7 +32,7 @@
line: 'vnstat_installed: True'
- name: Enable & Start vnStat's systemd service (vnstat)
- name: Enable & (Re)Start 'vnstat' systemd service, if vnstat_enabled
systemd:
name: vnstat
daemon_reload: yes
@ -46,7 +52,7 @@
value: vnStat
- option: description
value: '"vnStat is a console-based network traffic monitor for Linux and BSD that keeps a log of network traffic for the selected interface(s)."'
- option: installed
- option: install
value: "{{ vnstat_install }}"
- option: enabled
value: "{{ vnstat_enabled }}"

2
roles/wordpress/tasks/apache.yml
View file

@ -1,6 +1,6 @@
- name: Enable http://box{{ wp_url }} via Apache # http://box/wordpress
command: a2ensite wordpress.conf
when: wordpress_enabled
when: wordpress_enabled | bool
- name: Disable http://box{{ wp_url }} via Apache # http://box/wordpress
command: a2dissite wordpress.conf

11
roles/wordpress/tasks/install.yml
View file

@ -85,12 +85,19 @@
group: "{{ apache_user }}" # DO WE REALLY STILL WANT THIS FOR NGINX?
mode: '0660' # Others strongly recommend '0600' (or do PHP/Apache/NGINX really need group read & write permissions?)
- name: Install etc/{{ apache_config_dir }}/wordpress.conf from template, for http://box{{ wp_url }} via Apache
- name: Install etc/{{ apache_conf_dir }}/wordpress.conf from template, for http://box{{ wp_url }} via Apache
template:
src: wordpress.conf.j2
dest: "/etc/{{ apache_config_dir }}/wordpress.conf"
dest: "/etc/{{ apache_conf_dir }}/wordpress.conf"
when: apache_enabled | bool
# RECORD WordPress AS INSTALLED
- name: "Set 'wordpress_installed: True'"
set_fact:
wordpress_installed: True
- name: "Add 'wordpress_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

Some files were not shown because too many files have changed in this diff Show more