Merge pull request #2217 from holta/iiab.ini-descriptions

Var cleanup, remove tags, /etc/iiab/iiab.ini, Sugarizer deps, Nextcloud, rename usb-lib to usb_lib
2025-02-15 04:32:11 +00:00 · 2020-01-30 10:06:47 -05:00 · 2020-01-30 10:06:47 -05:00 · e68cb53eb8
commit e68cb53eb8
parent d8a45cdd9b bb0a7842d0
118 changed files with 1076 additions and 545 deletions
--- a/roles/0-DEPRECATED-ROLES/activity-server/tasks/main.yml
+++ b/roles/0-DEPRECATED-ROLES/activity-server/tasks/main.yml
@ -72,7 +72,7 @@
 - name: Copy xs-activity-server config file
  template: src=xs-activity-server.conf
-            dest=/etc/{{ apache_config_dir }}
+            dest=/etc/{{ apache_conf_dir }}
            owner=root
            group=root
            mode=0644
--- a/roles/0-DEPRECATED-ROLES/docker/tasks/main.yml
+++ b/roles/0-DEPRECATED-ROLES/docker/tasks/main.yml
@ -5,7 +5,6 @@
    - docker
    - python-docker-py
  when: docker_install | bool
  #tags: download
 - name: put the systemd startup file in place
  template: src=docker.service
--- a/roles/0-DEPRECATED-ROLES/dokuwiki/tasks/install.yml
+++ b/roles/0-DEPRECATED-ROLES/dokuwiki/tasks/install.yml
@ -29,10 +29,10 @@
    state: link
    force: yes
- name: Install /etc/{{ apache_config_dir }}/dokuwiki.conf from template, for DokuWiki's http://box{{ dokuwiki_url }}
+- name: Install /etc/{{ apache_conf_dir }}/dokuwiki.conf from template, for DokuWiki's http://box{{ dokuwiki_url }}
  template:
    src: dokuwiki.conf.j2
-    dest: "/etc/{{ apache_config_dir }}/dokuwiki.conf"
+    dest: "/etc/{{ apache_conf_dir }}/dokuwiki.conf"
 # - name: Symlink /etc/apache2/sites-enabled/dokuwiki.conf to /etc/apache2/sites-available/dokuwiki.conf if dokuwiki_enabled (debuntu)
 #   file:
--- a/roles/0-DEPRECATED-ROLES/ejabberd/tasks/main.yml
+++ b/roles/0-DEPRECATED-ROLES/ejabberd/tasks/main.yml
@ -2,7 +2,6 @@
  package:
    name: ejabberd
    state: present
  #tags: download
 #- name: Configure ejabberd
 #  template:
--- a/roles/0-DEPRECATED-ROLES/ejabberd_xs/tasks/main.yml
+++ b/roles/0-DEPRECATED-ROLES/ejabberd_xs/tasks/main.yml
@ -3,7 +3,6 @@
           state=present
  with_items:
   - ejabberd-2.1.11
  #tags: download
  when: not is_debuntu
 # need to use lineinfile and better regexp
--- a/roles/0-DEPRECATED-ROLES/idmgr/tasks/main.yml
+++ b/roles/0-DEPRECATED-ROLES/idmgr/tasks/main.yml
@ -7,7 +7,6 @@
   - xinetd
   - xs-rsync
   - incron
  #tags: download
 - name: Configure idmgr
  template: backup=yes
--- a/roles/0-DEPRECATED-ROLES/moodle-1.9/moodle/tasks/main.yml
+++ b/roles/0-DEPRECATED-ROLES/moodle-1.9/moodle/tasks/main.yml
@ -9,7 +9,7 @@
    - download
 - name: Remove stock moodle conf
-  file: path='/etc/{{ apache_config_dir }}/moodle.conf'
+  file: path='/etc/{{ apache_conf_dir }}/moodle.conf'
        state=absent
 - name: Configure moodle
@ -21,7 +21,7 @@
            mode={{ item.mode }}
  with_items:
    - src: '020-iiab-moodle.conf.j2'
-      dest: '/etc/{{ apache_config_dir }}/020-iiab-moodle.conf'
+      dest: '/etc/{{ apache_conf_dir }}/020-iiab-moodle.conf'
      mode: '0655'
    - src: 'moodle-xs.service.j2'
      dest: '/etc/systemd/system/moodle-xs.service'
--- a/roles/0-DEPRECATED-ROLES/osm/tasks/main.yml
+++ b/roles/0-DEPRECATED-ROLES/osm/tasks/main.yml
@ -102,10 +102,10 @@
    line: "path_to_virtualenv = '/usr/local/osm'"
    state: present
- name: Install /etc/{{ apache_config_dir }}/osm.conf from template
+- name: Install /etc/{{ apache_conf_dir }}/osm.conf from template
  template:
    src: osm.conf.j2
-    dest: "/etc/{{ apache_config_dir }}/osm.conf"
+    dest: "/etc/{{ apache_conf_dir }}/osm.conf"
    owner: root
    group: root
    mode: 0644
@ -114,7 +114,7 @@
 - name: Create softlink osm.conf from sites-enabled to sites-available (debuntu)
  file:
-    src: "/etc/{{ apache_config_dir }}/osm.conf"
+    src: "/etc/{{ apache_conf_dir }}/osm.conf"
    path: /etc/apache2/sites-enabled/osm.conf
    state: link
  when: osm_enabled and is_debuntu
@ -125,9 +125,9 @@
    state: absent
  when: not osm_enabled and is_debuntu
- name: Remove /{{ apache_config_dir }}/osm.conf (redhat)
+- name: Remove /{{ apache_conf_dir }}/osm.conf (redhat)
  file:
-    path: "/{{ apache_config_dir }}/osm.conf"
+    path: "/{{ apache_conf_dir }}/osm.conf"
    state: absent
  when: not osm_enabled and is_redhat
--- a/roles/0-DEPRECATED-ROLES/owncloud/tasks/owncloud_enabled.yml
+++ b/roles/0-DEPRECATED-ROLES/owncloud/tasks/owncloud_enabled.yml
@ -7,7 +7,7 @@
 - name: Enable owncloud by copying template to httpd config
  template: src=owncloud.conf.j2
-            dest=/etc/{{ apache_config_dir }}/owncloud.conf
+            dest=/etc/{{ apache_conf_dir }}/owncloud.conf
            owner=root
            group=root
            mode=0644
--- a/roles/0-DEPRECATED-ROLES/pathagar/tasks/main.yml
+++ b/roles/0-DEPRECATED-ROLES/pathagar/tasks/main.yml
@ -179,11 +179,11 @@
    # group: root
    # mode: '0644'
- name: Install /etc/{{ apache_config_dir }}/pathagar.conf from template
+- name: Install /etc/{{ apache_conf_dir }}/pathagar.conf from template
  template:
    src: pathagar.conf
    backup: yes
-    dest: "/etc/{{ apache_config_dir }}/pathagar.conf"
+    dest: "/etc/{{ apache_conf_dir }}/pathagar.conf"
    mode: 0644
 - name: Enable Pathagar via Apache (debuntu)
--- a/roles/0-DEPRECATED-ROLES/rachel/tasks/rachel_enabled.yml
+++ b/roles/0-DEPRECATED-ROLES/rachel/tasks/rachel_enabled.yml
@ -1,6 +1,6 @@
 - name: Copy RACHEL httpd conf file
  template: src=rachel.conf.j2
-            dest=/etc/{{ apache_config_dir }}/rachel.conf
+            dest=/etc/{{ apache_conf_dir }}/rachel.conf
 - name: enable Rachel
  file: path=/etc/apache2/sites-enabled/rachel.conf
--- a/roles/0-DEPRECATED-ROLES/schooltool/tasks/main.yml
+++ b/roles/0-DEPRECATED-ROLES/schooltool/tasks/main.yml
@ -18,7 +18,7 @@
    -  dest: '/etc/systemd/system/schooltool.service'
       src: 'schooltool.service'
       mode: '0644'
-    -  dest: '/etc/{{ apache_config_dir }}/schooltool.conf'
+    -  dest: '/etc/{{ apache_conf_dir }}/schooltool.conf'
       src:  'schooltool.conf'
       mode: '0644'
--- a/roles/0-DEPRECATED-ROLES/sugar-stats/tasks/main.yml
+++ b/roles/0-DEPRECATED-ROLES/sugar-stats/tasks/main.yml
@ -6,7 +6,6 @@
    - active-document
    - restful-document
    - python-xappy
  #tags: download
 - name: Create sugar-stats directory tree
  file: path={{ item }}
--- a/roles/0-DEPRECATED-ROLES/teamviewer/tasks/install.yml
+++ b/roles/0-DEPRECATED-ROLES/teamviewer/tasks/install.yml
@ -2,22 +2,18 @@
 - name: Install Xfce group of packages
  shell: "yum groupinstall -y xfce"
  when: xo_model == "none" and internet_available and ansible_distribution_version <= "20"
  #tags: download
 - name: Install X11 group of packages
  shell: "yum groupinstall -y 'X Window system'"
  when: xo_model == "none" and internet_available and ansible_distribution_version <= "20"
  #tags: download
 - name: Install Xfce group of packages
  shell: yum groupinstall -y "Xfce Desktop" --exclude fedora-release\*
  when: xo_model == "none" and internet_available and ansible_distribution_version >= "21"
  #tags: download
 - name: Install X Windows on CentOS
  shell: yum groupinstall -y "Server with GUI"
  when: internet_available and ansible_distribution == "CentOS"
  #tags: download
 - name: Download TeamViewer software
  get_url:
@ -25,7 +21,6 @@
    dest: "{{ yum_packages_dir }}/{{ teamviewer_rpm_file }}"
    timeout: "{{ download_timeout }}"
  when: internet_available | bool
  #tags: download
 # F22 has issues with yum localinstall exclude for now
 - name: Do the install of TeamViewer, pulling in any required dependencies
--- a/roles/2-common/tasks/iptables.yml
+++ b/roles/2-common/tasks/iptables.yml
@ -31,14 +31,12 @@
    name: iptables-persistent
    state: present
  when: is_debuntu | bool
  #tags: download
 - name: Install package iptables-services (OS's other than debuntu)
  package:
    name: iptables-services
    state: present
  when: not is_debuntu
  #tags: download
 - name: Install /etc/sysconfig/iptables-config from template
  template:
--- a/roles/2-common/tasks/xo.yml
+++ b/roles/2-common/tasks/xo.yml
@ -132,7 +132,6 @@
  with_items:
    - hostapd_8188_i386
  when: wifi_id == "tplink_WM725M" and xo_model == "XO-1.5" and internet_available
  #tags: xo
 - name: Put the substitute in place
  copy:
--- a/roles/4-server-options/tasks/main.yml
+++ b/roles/4-server-options/tasks/main.yml
@ -22,9 +22,9 @@
    name: bluetooth
  when: is_rpi and bluetooth_install    # or bluetooth_installed is defined
- name: USB-LIB
+- name: USB_LIB
  include_role:
-    name: usb-lib
+    name: usb_lib
  when: usb_lib_install | bool
 # This is in Stage 4-SERVER-OPTIONS (rather than 3-BASE-SERVER) because var
--- a/roles/all-vars/tasks/main.yml
+++ b/roles/all-vars/tasks/main.yml
@ -11,4 +11,3 @@
  debug: 
    msg: "{{ msg.split('\n') }}"       
  #tags: debug_info
--- a/roles/awstats/tasks/enable.yml
+++ b/roles/awstats/tasks/enable.yml
@ -49,7 +49,7 @@
      value: AWStats
    - option: description
      value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."'
-    - option: installed
+    - option: install
      value: "{{ awstats_install }}"
    - option: enabled
      value: "{{ awstats_enabled }}"
--- a/roles/awstats/tasks/install.yml
+++ b/roles/awstats/tasks/install.yml
@ -30,10 +30,10 @@
    - "{{ apache_log_dir }}"
    - /usr/lib/cgi-bin/awstats    # create backward compatible path for awstats
- name: Install /etc/{{ apache_config_dir }}/awstats.conf from template
+- name: Install /etc/{{ apache_conf_dir }}/awstats.conf from template
  template:
    src: apache-awstats.conf
-    dest: "/etc/{{ apache_config_dir }}/awstats.conf"
+    dest: "/etc/{{ apache_conf_dir }}/awstats.conf"
 - name: Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable
  template:
@ -76,6 +76,13 @@
  shell: /usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=schoolserver -update
  # when: awstats_enabled | bool
 # RECORD AWStats AS INSTALLED
 - name: "Set 'awstats_installed: True'"
  set_fact:
    awstats_installed: True
 - name: "Add 'awstats_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
--- a/roles/azuracast/tasks/install.yml
+++ b/roles/azuracast/tasks/install.yml
@ -64,6 +64,13 @@
  args:
    chdir: "{{ azuracast_host_dir }}"
 # RECORD AzuraCast AS INSTALLED
 - name: "Set 'azuracast_installed: True'"
  set_fact:
    azuracast_installed: True
 - name: "Add 'azuracast_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
--- a/roles/bluetooth/tasks/install.yml
+++ b/roles/bluetooth/tasks/install.yml
@ -55,6 +55,13 @@
    regexp: '^#DiscoverableTimeout'
    line: 'DiscoverableTimeout = 0'
 # RECORD Bluetooth AS INSTALLED
 - name: "Set 'bluetooth_installed: True'"
  set_fact:
    bluetooth_installed: True
 - name: "Add 'bluetooth_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
--- a/roles/calibre-web/tasks/enable.yml
+++ b/roles/calibre-web/tasks/enable.yml
@ -35,17 +35,17 @@
 # NGINX
-# TO DO: restore http://box/libros & http://box/livres, along English (http://box/books)
+# TO DO: restore http://box/libros & http://box/livres, alongside English (#2195)
- name: Enable http://box{{ calibreweb_url1 }} via NGINX, by installing {{ nginx_conf_dir }}/calibre-web-nginx.conf from template
+- name: Enable http://box{{ calibreweb_url1 }} via NGINX, by installing {{ nginx_conf_dir }}/calibre-web-nginx.conf from template    # http://box/books
  template:
    src: calibre-web-nginx.conf.j2
-    dest: "{{ nginx_conf_dir }}/calibre-web-nginx.conf"
+    dest: "{{ nginx_conf_dir }}/calibre-web-nginx.conf"    # /etc/nginx/conf.d
  when: nginx_install and calibreweb_enabled
 - name: Disable http://box{{ calibreweb_url1 }} via NGINX, by removing {{ nginx_conf_dir }}/calibre-web-nginx.conf
  file:
-    path: "{{ nginx_conf_dir }}/calibre-web-nginx.conf"
+    path: "{{ nginx_conf_dir }}/calibre-web-nginx.conf"    # /etc/nginx/conf.d
    state: absent
  when: nginx_install and not calibreweb_enabled
@ -64,7 +64,7 @@
    value: "{{ item.value | string }}"
  with_items:
    - option: name
-      value: calibre-web
+      value: Calibre-Web
    - option: description
      value: '"Calibre-Web is a web app providing a clean interface for browsing, reading and downloading e-books."'
    - option: calibreweb_url1
--- a/roles/calibre-web/tasks/install.yml
+++ b/roles/calibre-web/tasks/install.yml
@ -1,7 +1,6 @@
- name: Install ImageMagick (debuntu)
+- name: Install ImageMagick package (debuntu)
  package:
-    name:
+    name: imagemagick
      - imagemagick
    state: present
  when: is_debuntu | bool
@ -14,12 +13,12 @@
    state: present
  when: is_debuntu | bool
- name: Create 3 Calibre-Web folders to store data and configuration files
+- name: "Create 3 Calibre-Web folders to store data and configuration files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }}"
  file:
    path: "{{ item }}"
    owner: "{{ calibreweb_user }}"
    group: "{{ apache_user }}"
-    mode: 0755
+    mode: '0755'
    state: directory
  with_items:
    - "{{ calibreweb_home }}"
@ -65,12 +64,13 @@
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
-    owner: root
+    # owner: root
-    group: root
+    # group: root
-    mode: 0644
+    # mode: '0644'
  with_items:
    - { src: 'calibre-web.service.j2', dest: '/etc/systemd/system/calibre-web.service' }
    - { src: 'calibre-web.conf.j2', dest: '/etc/apache2/sites-available/calibre-web.conf' }
  when: apache_install | bool
 - name: Does /library/calibre-web/metadata.db exist?
  stat:
@ -83,7 +83,7 @@
    dest: "{{ calibreweb_home }}"
    owner: "{{ calibreweb_user }}"
    group: "{{ apache_user }}"
-    mode: 0644
+    mode: '0644'
    backup: yes
  with_items:
    - roles/calibre-web/files/metadata.db
@ -97,11 +97,18 @@
    dest: "{{ calibreweb_config }}"
    owner: "{{ calibreweb_user }}"
    group: "{{ apache_user }}"
-    mode: 0644
+    mode: '0644'
    backup: yes
  when: not metadatadb.stat.exists
  #when: calibreweb_provision | bool
 # RECORD Calibre-Web AS INSTALLED
 - name: "Set 'calibreweb_installed: True'"
  set_fact:
    calibreweb_installed: True
 - name: "Add 'calibreweb_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
--- a/roles/calibre/tasks/install.yml
+++ b/roles/calibre/tasks/install.yml
@ -31,6 +31,9 @@
 # - run testing branch for Ubuntu 16.04: scripts/calibre-install-latest.sh
 # - run unstable branch for Debian etc: scripts/calibre-install-unstable.sh
 # 2. SYSTEMD SERVICES
 - name: Create calibre-serve.service and calibre.conf (IF /usr/bin/calibre WAS MISSING)
  template:
    src: "{{ item.src }}"
@ -42,7 +45,7 @@
  #register: calibre_config
  with_items:
    - { src: 'calibre-serve.service.j2', dest: '/etc/systemd/system/calibre-serve.service', mode: '0644'}
-    - { src: 'calibre.conf', dest: '/etc/{{ apache_config_dir }}', mode: '0644'}
+    - { src: 'calibre.conf', dest: '/etc/{{ apache_conf_dir }}', mode: '0644'}
  when: (not calib_executable.stat.exists)
 - name: Stop service 'calibre-serve' (/usr/bin/calibre-server by Kovid Goyal)
@ -51,6 +54,7 @@
    state: stopped
    daemon_reload: yes
 # 3. CREATE USER DATABASE
 - name: Create /library/calibre (mandatory since Calibre 3.x)
@ -68,6 +72,7 @@
    mode: 0644
  when: (not calib_executable.stat.exists)
 # 4. CREATE CONTENT DATABASE WITH A SAMPLE BOOK (REQUIRED AS OF CALIBRE 3.x)
 - name: Does /library/calibre/metadata.db exist?
@ -79,6 +84,13 @@
  include_tasks: create-db.yml
  when: not calibre_db.stat.exists
 # 5. RECORD Calibre AS INSTALLED
 - name: "Set 'calibre_installed: True'"
  set_fact:
    calibre_installed: True
 - name: "Add 'calibre_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
--- a/roles/captiveportal/tasks/install.yml
+++ b/roles/captiveportal/tasks/install.yml
@ -52,6 +52,13 @@
  args:
    creates: /etc/nginx/sites-available/capture.conf
 # RECORD Captive Portal AS INSTALLED
 - name: "Set 'captiveportal_installed: True'"
  set_fact:
    captiveportal_installed: True
 - name: "Add 'captiveportal_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@ -19,7 +19,7 @@
    quiet: yes
- name: Install Captive Portal if 'captiveportal_installed' is not defined in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
+- name: Install Captive Portal if 'captiveportal_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
  include_tasks: install.yml
  when: captiveportal_installed is undefined
@ -39,7 +39,7 @@
      value: Captive Portal
    - option: description
      value: '"Captive Portal tries to open the browser automatically, so users don''t have to type in URL''s like http://box.lan in support of kiosk-like situations, in multilingual and less literate communities."'
-    - option: installed
+    - option: install
      value: "{{ captiveportal_install }}"
    - option: enabled
      value: "{{ captiveportal_enabled }}"
--- a/roles/cups/tasks/main.yml
+++ b/roles/cups/tasks/main.yml
@ -1,20 +1,33 @@
-# administer this service by browsing to localhost:631
+# Administer CUPS at http://box:631
 # Above URL does NOT work over OpenVPN (ANYONE KNOW WHY?)
 # TO DO:
 # - validate input vars + prereqs
 # - move 5 top stanzas into install.yml
 # - move 5-7 next stanzas into enable-or-disable.yml
 - name: Install 'cups' package
  package:
    name: cups
    state: present
  when: cups_install | bool
  #tags: download
 - name: Install our own /etc/cups/cupsd.conf from template, to permit local LAN admin
  template:
    src: cupsd.conf
    dest: /etc/cups/cupsd.conf
- name: Install /etc/{{ apache_config_dir }}/cups.conf from template
+- name: Install /etc/{{ apache_conf_dir }}/cups.conf from template
  template:
    src: cups.conf
-    dest: "/etc/{{ apache_config_dir }}/"
+    dest: "/etc/{{ apache_conf_dir }}/"
 # RECORD CUPS AS INSTALLED
 - name: "Set 'cups_installed: True'"
  set_fact:
    cups_installed: True
 - name: "Add 'cups_installed: True' to {{ iiab_state_file }}"
  lineinfile:
@ -22,11 +35,16 @@
    regexp: '^cups_installed'
    line: 'cups_installed: True'
 - name: Enable http://box/cups via Apache (MIGHT NOT WORK?)
  command: a2ensite cups.conf
-  when: cups_enabled
+  when: cups_enabled | bool
- name: Enable & Start services 'cups' and 'cups-browsed' (OS's other than Fedora 18)
+- name: Disable http://box/cups via Apache
  command: a2dissite cups.conf
  when: not cups_enabled
 - name: Enable & Start 'cups' and 'cups-browsed' systemd services (OS's other than Fedora 18)
  service:
    name: "{{ item }}"
    state: started
@ -36,34 +54,35 @@
    - cups-browsed
  when: cups_enabled and not is_F18
- name: Enable & Start service 'cups' (Fedora 18, for XO laptops)
+- name: Enable & Start 'cups' systemd service (Fedora 18, for XO laptops)
  systemd:
    name: cups
    state: started
    enabled: yes
  when: cups_enabled and is_F18
- name: Permit headless admin of CUPS -- only works when CUPS daemon is running
+- name: Permit headless admin of CUPS -- only works when CUPS daemon is running (if cups_enabled)
  shell: "cupsctl --remote-admin"
  when: cups_enabled | bool
- name: Disable both CUPS services (OS's other than Fedora 18)
+- name: Disable & Stop 'cups' & 'cups-browsed' systemd services (OS's other than Fedora 18)
  systemd:
    name: "{{ item }}"
    state: stopped
    enabled: no
    state: stopped
  with_items:
    - cups
    - cups-browsed
  when: not cups_enabled and not is_F18
- name: Disable services for CUPS (Fedora 18, for XO laptops)
+- name: Disable & Stop 'cups' systemd service (Fedora 18, for XO laptops)
  systemd:
    name: cups
    state: stopped
    enabled: no
    state: stopped
  when: not cups_enabled and is_F18
 - name: Add 'cups' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
@ -74,8 +93,8 @@
    - option: name
      value: CUPS
    - option: description
-      value: '"CUPS (Common UNIX Printing System) is a modular printing system that allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer."'
+      value: '"CUPS (Common UNIX Printing System) is a modular printing system that allows a computer to act as a print server.  A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer."'
-    - option: installed
+    - option: install
      value: "{{ cups_install }}"
-    - option: cups_enabled
+    - option: enabled
      value: "{{ cups_enabled }}"
--- a/roles/elgg/tasks/install.yml
+++ b/roles/elgg/tasks/install.yml
@ -48,9 +48,9 @@
  copy:
    src: "/opt/{{ elgg_xx }}/vendor/elgg/elgg/install/config/htaccess.dist"
    dest: "/opt/{{ elgg_xx }}/.htaccess"
    mode: 0644
    owner: "{{ apache_user }}"
    group: "{{ apache_user }}"
    mode: '0644'
 #regexp='^#RewriteBase'
 - name: Change .htaccess to include RewriteBase for http://box{{ elgg_url }}    # http://box/elgg
@ -63,18 +63,18 @@
 - name: Set /opt/elgg/engine directory permissions to 0755 so Apache can write there
  file:
    state: directory
    path: /opt/elgg/engine/
    owner: "{{ apache_user }}"
-    mode: 0755
+    mode: '0755'
    state: directory
 - name: Change /opt/elgg-{{ elgg_version }} ownership to {{ apache_user }}:{{ apache_user }} (likely not nec, as unarchive & all do this above)
  file:
    state: directory    # Overkill given recurse below?
    path: "/opt/elgg-{{ elgg_version }}"
    owner: "{{ apache_user }}"
    group: "{{ apache_user }}"
    recurse: yes
    state: directory
 - name: Create upload directory {{ elgg_upload_path }} that Apache (and Elgg) can write to
  file:
@ -82,10 +82,17 @@
    state: directory
    owner: "{{ apache_user }}"
- name: Install /etc/{{ apache_config_dir }}/elgg.conf from template, for http://box{{ elgg_url }}    # http://box/elgg
+- name: Install /etc/{{ apache_conf_dir }}/elgg.conf from template, for http://box{{ elgg_url }}    # http://box/elgg
  template:
    src: elgg.conf
-    dest: "/etc/{{ apache_config_dir }}/elgg.conf"
+    dest: "/etc/{{ apache_conf_dir }}/elgg.conf"
 # RECORD Elgg AS INSTALLED
 - name: "Set 'elgg_installed: True'"
  set_fact:
    elgg_installed: True
 - name: "Add 'elgg_installed: True' to {{ iiab_state_file }}"
  lineinfile:
--- a/roles/gitea/tasks/enable.yml
+++ b/roles/gitea/tasks/enable.yml
@ -58,7 +58,7 @@
    value: "{{ item.value | string }}"
  with_items:
    - option: name
-      value: gitea
+      value: Gitea
    - option: description
      value: '"Gitea is like GitHub for more offline communities: Git with a cup of tea"'
    - option: gitea_run_directory
--- a/roles/gitea/tasks/install.yml
+++ b/roles/gitea/tasks/install.yml
@ -4,14 +4,12 @@
  systemd:
    name: gitea
    state: stopped
  #tags: pre-install
  ignore_errors: yes
 - name: Ensure group gitea exists
  group:
    name: gitea
    state: present
  #tags: pre-install
 - name: Create user gitea
  user:
@ -19,7 +17,6 @@
    comment: Gitea daemon account
    groups: gitea
    home: "{{ gitea_home }}"
  #tags: pre-install
 - name: Create Gitea directory structure
  file:
@ -28,7 +25,6 @@
    owner: gitea
    group: gitea
  with_items: "{{ gitea_subdirectories }}"
  #tags: pre-install
 - name: Make directories data, indexers, and log writable
  file:
@ -38,7 +34,6 @@
    - data
    - indexers
    - log
  #tags: pre-install
 # Download, verify, and link Gitea binary
@ -52,31 +47,27 @@
    url: "{{ gitea_download_url }}"
    dest: "{{ gitea_install_path }}"
    mode: '0775'
  #tags: install
  when: internet_available | bool
 - name: Download Gitea GPG signature
  get_url:
    url: "{{ gitea_integrity_url }}"
    dest: "{{ gitea_checksum_path }}"
  #tags: never, verify
  when: internet_available | bool
 - name: Verify Gitea binary with GPG signature
  shell: |
    gpg --keyserver pgp.mit.edu --recv {{ gitea_gpg_key }}
    gpg --verify {{ gitea_checksum_path }} {{ gitea_install_path }}
  #tags: never, verify
  ignore_errors: yes
- name: Link Gitea
+- name: Symlink {{ gitea_link_path }} -> {{ gitea_install_path }}
  file:
    src: "{{ gitea_install_path }}"
-    dest: "{{ gitea_link_path }}"
+    path: "{{ gitea_link_path }}"
    owner: gitea
    group: gitea
    state: link
  #tags: install
 # Configure Gitea
@ -87,12 +78,11 @@
 - name: Create Gitea config directory
  file:
    path: /etc/gitea
    state: directory
    path: /etc/gitea
    owner: root
    group: gitea
    mode: '0770'
  #tags: config
 - name: Create app.ini
  template:
@ -110,7 +100,14 @@
    dest: "{{ item.dest }}"
  with_items:
    - { src: 'gitea.service.j2', dest: '/etc/systemd/system/gitea.service' }
-    - { src: 'gitea.conf.j2', dest: "/etc/{{ apache_config_dir }}/gitea.conf" }
+    - { src: 'gitea.conf.j2', dest: "/etc/{{ apache_conf_dir }}/gitea.conf" }
 # RECORD Gitea AS INSTALLED
 - name: "Set 'gitea_installed: True'"
  set_fact:
    gitea_installed: True
 - name: "Add 'gitea_installed: True' to {{ iiab_state_file }}"
  lineinfile:
--- a/roles/homepage/tasks/main.yml
+++ b/roles/homepage/tasks/main.yml
@ -6,14 +6,14 @@
    mode: 0755
    state: directory
- name: Install /etc/{{ apache_config_dir }}/iiab-homepage.conf from template, for http://box redirect to http://box/home/
+- name: Install /etc/{{ apache_conf_dir }}/iiab-homepage.conf from template, for http://box redirect to http://box/home/
  template:
    src: iiab-homepage.conf
-    dest: "/etc/{{ apache_config_dir }}/iiab-homepage.conf"
+    dest: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf"
- name: Symlink /etc/apache2/sites-enabled/iiab-homepage.conf to /etc/{{ apache_config_dir }}/iiab-homepage.conf (debuntu)
+- name: Symlink /etc/apache2/sites-enabled/iiab-homepage.conf to /etc/{{ apache_conf_dir }}/iiab-homepage.conf (debuntu)
  file:
-    src: "/etc/{{ apache_config_dir }}/iiab-homepage.conf"
+    src: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf"
    path: /etc/apache2/sites-enabled/iiab-homepage.conf
    state: link
  when: is_debuntu | bool
--- a/roles/httpd/tasks/enable.yml
+++ b/roles/httpd/tasks/enable.yml
@ -21,29 +21,29 @@
    # group: root
    # mode: 0644
  with_items:
-    - { src: 'roles/httpd/templates/010-iiab.conf.j2', dest: '/etc/{{ apache_config_dir }}/010-iiab.conf' }
+    - { src: 'roles/httpd/templates/010-iiab.conf.j2', dest: '/etc/{{ apache_conf_dir }}/010-iiab.conf' }
-    - { src: 'roles/httpd/templates/proxy_ajp.conf.j2', dest: '/etc/{{ apache_config_dir }}/proxy_ajp.conf' }
+    - { src: 'roles/httpd/templates/proxy_ajp.conf.j2', dest: '/etc/{{ apache_conf_dir }}/proxy_ajp.conf' }
 - name: Enable our site, creating 010-iiab.conf symlink from sites-enabled to sites-available (debuntu)
  file:
-    src: "/etc/{{ apache_config_dir }}/010-iiab.conf"
+    src: "/etc/{{ apache_conf_dir }}/010-iiab.conf"
    path: /etc/apache2/sites-enabled/010-iiab.conf
    state: link
  when: is_debuntu | bool
 # SEE https://github.com/iiab/iiab/issues/1143 as the old roles/osm playbook is rarely used as of late 2018 (if anybody still uses roles/osm, they can overwrite osm.conf using the original osm playbook, or in other ways)
- name: Install /etc/{{ apache_config_dir }}/osm.conf for http://box/maps (all OS's)
+- name: Install /etc/{{ apache_conf_dir }}/osm.conf for http://box/maps (all OS's)
  copy:
    src: roles/httpd/files/osm.conf
-    dest: "/etc/{{ apache_config_dir }}"
+    dest: "/etc/{{ apache_conf_dir }}"
    # owner: root
    # group: root
    # mode: 0644
  when: osm_vector_maps_install | bool
- name: Symlink /etc/apache2/sites-enabled/osm.conf -> /etc/{{ apache_config_dir }}/osm.conf (debuntu)
+- name: Symlink /etc/apache2/sites-enabled/osm.conf -> /etc/{{ apache_conf_dir }}/osm.conf (debuntu)
  file:
-    src: "/etc/{{ apache_config_dir }}/osm.conf"
+    src: "/etc/{{ apache_conf_dir }}/osm.conf"
    path: /etc/apache2/sites-enabled/osm.conf
    state: link
  when: is_debuntu and osm_vector_maps_enabled
--- a/roles/httpd/tasks/install.yml
+++ b/roles/httpd/tasks/install.yml
@ -8,7 +8,6 @@
      - "php{{ php_version }}-curl"
    state: present
  when: is_debian | bool
  #tags: download
 - name: 'Install 2 packages: apache2, php (ubuntu)'
  package:
@ -19,7 +18,6 @@
      - php
    state: present
  when: is_ubuntu | bool
  #tags: download
 # 2019-05-30: It's interesting that http://box.lan/admin and everything seems
 # to work even without php{{ php_version }}-sqlite3 as confirmed on Ubuntu
@ -50,7 +48,6 @@
      - php-curl
    state: present
  when: is_redhat | bool
  #tags: download
 # remove symlinks for mpm-event, replace with mpm-prefork
 - name: Remove both mpm_event symlinks from /etc/apache2/mods-enabled (debuntu)
@ -143,6 +140,13 @@
    mode: '0755'
    state: directory
 # RECORD Apache AS INSTALLED
 - name: "Set 'apache_installed: True'"
  set_fact:
    apache_installed: True
 - name: "Add 'apache_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
--- a/roles/iiab-admin/tasks/access.yml
+++ b/roles/iiab-admin/tasks/access.yml
@ -4,4 +4,3 @@
    - screen
    - lynx
    state: present
  #tags: download
--- a/roles/iiab-admin/tasks/main.yml
+++ b/roles/iiab-admin/tasks/main.yml
@ -1,9 +1,7 @@
 - include_tasks: admin-user.yml
  #tags: base
  when: iiab_admin_user_install | bool
 - include_tasks: access.yml
  #tags: base
 - name: Add 'iiab-admin' variable values to {{ iiab_ini_file }}
  ini_file:
--- a/roles/internetarchive/tasks/enable.yml
+++ b/roles/internetarchive/tasks/enable.yml
@ -40,8 +40,8 @@
    value: "{{ item.value | string }}"
  with_items:
    - option: name
-      value: Internet Archive Offline
+      value: Internet Archive
    - option: description
-      value: '"Dweb-mirror is intended to make the Internet Archive experience and UI available offline."'
+      value: '"Take the Internet Archive experience and materials offline, in a decentralized way!"'
    - option: internetarchive_enabled
      value: "{{ internetarchive_enabled }}"
--- a/roles/internetarchive/tasks/install.yml
+++ b/roles/internetarchive/tasks/install.yml
@ -1,20 +1,33 @@
- name: Install NodeJS
+# INSTALL 3 PREREQS
 - name: "Set 'nodejs_install: True' and 'nodejs_enabled: True'"
  set_fact:
    nodejs_install: True
    nodejs_enabled: True
 - name: Install Node.JS
  include_role:
    name: nodejs
 - name: "Set 'yarn_install: True' and 'yarn_enabled: True'"
  set_fact:
    yarn_install: True
    yarn_enabled: True
 - name: Install Yarn
  include_role:
    name: yarn
- name: Install packages needed by Internet Archive Offline
+- name: Install package 'libsecret-1-dev'
  package:
-    name:
+    name: libsecret-1-dev
      - libsecret-1-dev
    state: present
- name: Create directory {{ internetarchive_dir }}
+# CREATE 2 DIRS & RUN YARN
 - name: mkdir {{ internetarchive_dir }}
  file:
-    path: "{{ internetarchive_dir }}"
+    path: "{{ internetarchive_dir }}"    # /opt/iiab/internetarchive
    state: directory
    owner: "root"
@ -26,7 +39,7 @@
  when: internet_available | bool
  register: internetarchive_installing
- name: Create directory /library/archiveorg
+- name: mkdir /library/archiveorg
  file:
    path: "/library/archiveorg"
    state: directory
@ -38,13 +51,20 @@
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
-    mode: 0644
+    mode: '0644'
    owner: root
    group: root
  with_items:
    - { src: 'internetarchive.service.j2', dest: '/etc/systemd/system/internetarchive.service' }
    - { src: 'internetarchive.conf', dest: '/etc/apache2/sites-available/internetarchive.conf' }
 # RECORD Internet Archive AS INSTALLED
 - name: "Set 'internetarchive_installed: True'"
  set_fact:
    internetarchive_installed: True
 - name: "Add 'internetarchive_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
--- a/roles/kalite/tasks/install.yml
+++ b/roles/kalite/tasks/install.yml
@ -80,7 +80,7 @@
  with_items:
    - { src: 'kalite.sh.j2', dest: '/usr/bin/kalite', mode: '0755'}
    - { src: 'kalite-serve.service.j2', dest: '/etc/systemd/system/kalite-serve.service', mode: '0644'}
-    - { src: 'kalite.conf', dest: '/etc/{{ apache_config_dir }}', mode: '0644'}
+    - { src: 'kalite.conf', dest: '/etc/{{ apache_conf_dir }}', mode: '0644'}
 - name: Fix KA Lite bug in regex parsing ifconfig output, for @m-anish's network names that contain dashes
  replace:
@ -88,9 +88,8 @@
    regexp: 'a-zA-Z0-9'
    replace: 'a-zA-Z0-9\-'
-# SHOULD REALLY BE HERE...but for now this runs in kalite/tasks/setup.yml
+
-# - name: "Add 'kalite_installed: True' to {{ iiab_state_file }}"
+# RECORD KA Lite AS INSTALLED
-#   lineinfile:
+
-#     dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+# TO DO: move the last 2 stanzas from setup.yml so they live right here,
-#     regexp: '^kalite_installed'
+# as any action named "install.yml" should do exactly what it says (install!)
 #     line: 'kalite_installed: True'
--- a/roles/kalite/tasks/setup.yml
+++ b/roles/kalite/tasks/setup.yml
@ -15,7 +15,16 @@
  async: 1800
  poll: 10
-# CAN WE MOVE THIS TO THE END OF kalite/tasks/install.yml (HENCE ITS FILENAME!)
+
 # RECORD KA Lite AS INSTALLED
 # TO DO: move these last 2 stanzas to install.yml,
 # as any action named "install.yml" should do exactly what it says (install!)
 - name: "Set 'kalite_installed: True'"
  set_fact:
    kalite_installed: True
 - name: "Add 'kalite_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
--- a/roles/kiwix/tasks/enable.yml
+++ b/roles/kiwix/tasks/enable.yml
@ -82,7 +82,7 @@
  - option: name
    value: Kiwix
  - option: description
-    value: '"Part of https://github.com/kiwix/kiwix-tools/ - kiwix-serve is the most used web server for ZIM files."'
+    value: '"Part of https://github.com/kiwix/kiwix-tools/ -- kiwix-serve is the most used web server for ZIM files."'
  - option: kiwix_url
    value: "{{ kiwix_url }}"
  - option: kiwix_path
--- a/roles/kiwix/tasks/install.yml
+++ b/roles/kiwix/tasks/install.yml
@ -44,6 +44,7 @@
    path: "{{ kiwix_path }}/bin"
    state: directory
 # 2. INSTALL KIWIX-TOOLS EXECUTABLES
 - name: Unarchive {{ kiwix_src_file }} to /tmp    # e.g. kiwix-tools_linux-armhf-0.6.1-1.tar.gz
@ -54,6 +55,7 @@
 - name: Move /tmp/{{ kiwix_src_dir }}/* to permanent location /opt/iiab/kiwix/bin (armhf & linux64 & i686)
  shell: "mv /tmp/{{ kiwix_src_dir }}/* {{ kiwix_path }}/bin/"
 # 3. ENABLE MODS FOR APACHE PROXY IF DEBUNTU
 # 2019-10-07: Moved to roles/httpd/tasks/main.yml
@ -68,6 +70,7 @@
 #    - rewrite
 #  when: is_debuntu | bool
 # 4. INSTALL iiab-make-kiwix-lib*, kiwix-serve.service, kiwix.conf for Apache
 - name: 'Install from templates: kiwix-serve.service, iiab-make-kiwix-lib, iiab-make-kiwix-lib.py, kiwix.conf'
@ -79,9 +82,14 @@
    - { src: 'kiwix-serve.service.j2', dest: '/etc/systemd/system/kiwix-serve.service', mode: '0644' }
    - { src: 'iiab-make-kiwix-lib', dest: '/usr/bin/iiab-make-kiwix-lib', mode: '0755' }
    - { src: 'iiab-make-kiwix-lib3.py', dest: '/usr/bin/iiab-make-kiwix-lib.py', mode: '0755' }
-    - { src: 'kiwix.conf.j2', dest: '/etc/{{ apache_config_dir }}/kiwix.conf', mode: '0644' }
+    - { src: 'kiwix.conf.j2', dest: '/etc/{{ apache_conf_dir }}/kiwix.conf', mode: '0644' }
-# 5. RECORD KIWIX AS INSTALLED IN /etc/iiab/iiab_state.yml
+
 # 5. RECORD Kiwix AS INSTALLED
 - name: "Set 'kiwix_installed: True'"
  set_fact:
    kiwix_installed: True
 - name: "Add 'kiwix_installed: True' to {{ iiab_state_file }}"
  lineinfile:
--- a/roles/kolibri/tasks/install.yml
+++ b/roles/kolibri/tasks/install.yml
@ -113,6 +113,13 @@
 #  apache2_module:
 #    name: proxy_http
 # RECORD Kolibri AS INSTALLED
 - name: "Set 'kolibri_installed: True'"
  set_fact:
    kolibri_installed: True
 - name: "Add 'kolibri_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
--- a/roles/lokole/tasks/install.yml
+++ b/roles/lokole/tasks/install.yml
@ -67,10 +67,10 @@
    . {{ lokole_run_directory }}/webapp_secrets.sh
    {{ lokole_venv }}/bin/manage.py createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}'
- name: Install /etc/{{ apache_config_dir }}/lokole.conf from template, for http://box{{ lokole_url }} via Apache   # http://box/lokole
+- name: Install /etc/{{ apache_conf_dir }}/lokole.conf from template, for http://box{{ lokole_url }} via Apache   # http://box/lokole
  template:
    src: lokole.conf.j2
-    dest: "/etc/{{ apache_config_dir }}/lokole.conf"
+    dest: "/etc/{{ apache_conf_dir }}/lokole.conf"
  when: apache_install | bool
 - name: Install /etc/systemd/system/lokole.service unit file from template
@ -86,6 +86,13 @@
 #     state: restarted
 #   when: lokole_enabled | bool
 # RECORD Lokole AS INSTALLED
 - name: "Set 'lokole_installed: True'"
  set_fact:
    lokole_installed: True
 - name: "Add 'lokole_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
--- a/roles/mediawiki/tasks/enable.yml
+++ b/roles/mediawiki/tasks/enable.yml
@ -43,7 +43,7 @@
    value: "{{ item.value | string }}"
  with_items:
    - option: name
-      value: mediawiki
+      value: MediaWiki
    - option: description
      value: '"MediaWiki is a blog and web site management application, from the people who create Wikipedia."'
    - option: mediawiki_src
--- a/roles/mediawiki/tasks/install.yml
+++ b/roles/mediawiki/tasks/install.yml
@ -80,10 +80,17 @@
    regexp: '^\$wgServer ='
    line: '$wgServer = "//" . $_SERVER["HTTP_HOST"];'
- name: Install /etc/{{ apache_config_dir }}/mediawiki.conf from template, for http://box{{ mediawiki_url }} via Apache
+- name: Install /etc/{{ apache_conf_dir }}/mediawiki.conf from template, for http://box{{ mediawiki_url }} via Apache
  template:
    src: mediawiki.conf.j2
-    dest: "/etc/{{ apache_config_dir }}/mediawiki.conf"
+    dest: "/etc/{{ apache_conf_dir }}/mediawiki.conf"
 # RECORD MediaWiki AS INSTALLED
 - name: "Set 'mediawiki_installed: True'"
  set_fact:
    mediawiki_installed: True
 - name: "Add 'mediawiki_installed: True' to {{ iiab_state_file }}"
  lineinfile:
--- a/roles/minetest/tasks/provision.yml
+++ b/roles/minetest/tasks/provision.yml
@ -1,18 +1,18 @@
 # Calculate local variables
 - include_tasks: calc_vars.yml
- name: Check for minetest world file ({{ minetest_world_dir }}/world.mt)
+- name: Check for Minetest world file ({{ minetest_world_dir }}/world.mt)
  stat:
    path: "{{ minetest_world_dir }}/world.mt"
  register: minetest_world
- name: Create /library/games
+- name: mkdir /library/games
  file:
    state: directory
    path: /library/games
    # owner: root
    # group: root
-    # mode: 0755
+    # mode: '0755'
 # rpi only
 - include_tasks: rpi_minetest_install.yml
@ -28,7 +28,7 @@
    depth: 1
  when: not minetest_world.stat.exists and minetest_default_game == "carbone-ng"
- name: Give minetest user ownership of carbone-ng
+- name: Give Minetest user ownership of carbone-ng
  file:
    state: directory
    path: "{{ minetest_game_dir }}"
@ -69,6 +69,13 @@
    path: "{{ minetest_game_dir }}/mods/name_restrictions"
  when: minetest_default_game == "carbone-ng"
 # RECORD Minetest AS INSTALLED
 - name: "Set 'minetest_installed: True'"
  set_fact:
    minetest_installed: True
 - name: "Add 'minetest_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
--- a/roles/mongodb/tasks/enable.yml
+++ b/roles/mongodb/tasks/enable.yml
@ -1,38 +0,0 @@
 # 3. ENABLE/DISABLE
 # 2019-07-08: mongodb_install is completely ignored.  FYI mongodb_enabled: False
 # works but is ineffective, as Sugarizer starts mongodb's systemd svc on its own
 - name: Enable & Restart 'mongodb' systemd service if mongodb_enabled, incl daemon-reload (in case mongodb.service changed?)
  systemd:
    name: mongodb
    daemon_reload: yes
    enabled: yes
    state: restarted
  when: mongodb_enabled | bool
 - name: Disable 'mongodb' service, if not mongodb_enabled
  systemd:
    name: mongodb
    daemon_reload: yes
    enabled: no
    state: stopped
  when: not mongodb_enabled
 # 4. DOCUMENT IN /etc/iiab/iiab.ini
 - name: Add 'mongodb' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
    section: mongodb
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: MongoDB
    - option: description
      value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."'
    - option: enabled
      value: "{{ mongodb_enabled }}"
--- a/roles/mongodb/tasks/install.yml
+++ b/roles/mongodb/tasks/install.yml
@ -7,7 +7,6 @@
      - mongodb    # 2019-01-31: this package does not exist on (cannot be installed on) Debian 10, SEE #1437
    state: present
  when: internet_available and not is_rpi
  #tags: download
 # 2019-02-02: Sugarizer with Node.js 10.x requires MongoDB 2.6+ so
 # https://andyfelong.com/2017/08/mongodb-3-0-14-for-raspbian-stretch/
@ -101,7 +100,7 @@
  when: is_rpi | bool
-# 2. CONFIGURE FOR IIAB
+# 2. CONFIGURE MongoDB FOR IIAB
 - name: 'Create 3 dirs for MongoDB: /var/lib/mongodb, /var/log/mongodb, {{ mongodb_db_path }}'
  file:
@ -127,6 +126,13 @@
    - { src: 'mongodb.service.j2', dest: '/etc/systemd/system/mongodb.service', mode: '0644' }
    - { src: 'iiab-mongodb-repair-if-no-lock.j2', dest: '/usr/bin/iiab-mongodb-repair-if-no-lock', mode: '0755' }
 # 3. RECORD MongoDB AS INSTALLED
 - name: "Set 'mongodb_installed: True'"
  set_fact:
    mongodb_installed: True
 - name: "Add 'mongodb_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
--- a/roles/mongodb/tasks/main.yml
+++ b/roles/mongodb/tasks/main.yml
@ -1,11 +1,59 @@
-# 2019-07-08: mongodb_install is completely ignored.  FYI mongodb_enabled: False
+# "How do i fail a task in Ansible if the variable contains a boolean value?
-# works but is ineffective, as Sugarizer starts mongodb's systemd svc on its own
+# I want to perform input validation for Ansible playbooks"
 # https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
- name: Install 'mongodb' if not Debian 10+
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
 # to re-check whether vars are defined here.  As Ansible vars cannot be unset:
 # https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
 - name: Assert that "mongodb_install is sameas true" (boolean not string etc)
  assert:
    that: mongodb_install is sameas true
    fail_msg: "PLEASE SET 'mongodb_install: True' e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
 - name: Assert that "mongodb_enabled | type_debug == 'bool'" (boolean not string etc)
  assert:
    that: mongodb_enabled | type_debug == 'bool'
    fail_msg: "PLEASE GIVE VARIABLE 'mongodb_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
 - name: EXIT MONGODB PLAYBOOK, IF DEBIAN 10+ (where MongoDB doesn't exist)
  meta: end_play
  when: (is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)
 - name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
  include_tasks: install.yml
-  when: not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)) and not mongodb_installed is defined
+  when: mongodb_installed is undefined
 - name: Enable 'mongodb' if not Debian 10+
  include_tasks: enable.yml
  when: not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)) or mongodb_installed is defined
 - name: Enable & Restart 'mongodb' systemd service if mongodb_enabled, incl daemon-reload (in case mongodb.service changed?)
  systemd:
    name: mongodb
    daemon_reload: yes
    enabled: yes
    state: restarted
  when: mongodb_enabled | bool
 - name: Disable 'mongodb' service, if not mongodb_enabled
  systemd:
    name: mongodb
    enabled: no
    state: stopped
  when: not mongodb_enabled
 - name: Add 'mongodb' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
    section: mongodb
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: MongoDB
    - option: description
      value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."'
    - option: enabled
      value: "{{ mongodb_enabled }}"
--- a/roles/monit/tasks/install.yml
+++ b/roles/monit/tasks/install.yml
@ -2,14 +2,12 @@
  package:
    name: monit
    state: present
  #tags: download
 - name: Install chkconfig package (debian-8)
  package:
    name: chkconfig
    state: present
  when: is_debian and ansible_distribution_major_version == "8"
  #tags: download
 - name: Install /etc/monitrc from template
  template:
@ -56,6 +54,13 @@
    - option: enabled
      value: "{{ monit_enabled }}"
 # RECORD Monit AS INSTALLED
 - name: "Set 'monit_installed: True'"
  set_fact:
    monit_installed: True
 - name: "Add 'monit_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
--- a/roles/moodle/tasks/install.yml
+++ b/roles/moodle/tasks/install.yml
@ -1,4 +1,11 @@
- name: "Set PostgreSQL vars 'postgresql_install: True' and 'postgresql_enabled: True'"
+- debug:
    var: postgresql_install
 - debug:
    var: postgresql_enabled
 - debug:
    var: postgresql_installed
 - name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'"
  set_fact:
    postgresql_install: True
    postgresql_enabled: True
@ -78,13 +85,13 @@
 - name: Remove Apache's stock moodle.conf
  file:
-    path: "/etc/{{ apache_config_dir }}/moodle.conf"
+    path: "/etc/{{ apache_conf_dir }}/moodle.conf"
    state: absent
 - name: Install Apache's 022-moodle.conf from template, if moodle_enabled
  template:
    src: 022-moodle.j2
-    dest: "/etc/{{ apache_config_dir }}/022-moodle.conf"
+    dest: "/etc/{{ apache_conf_dir }}/022-moodle.conf"
    # owner: root
    # group: root
    # mode: '0644'
@ -147,6 +154,13 @@
    path: "{{ moodle_base }}/config.php"
    mode: '0644'
 # RECORD Moodle AS INSTALLED
 - name: "Set 'moodle_installed: True'"
  set_fact:
    moodle_installed: True
 - name: "Add 'moodle_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
--- a/roles/mosquitto/tasks/install.yml
+++ b/roles/mosquitto/tasks/install.yml
@ -5,7 +5,6 @@
  with_items:
    - mosquitto
    - mosquitto-clients
  #tags: download
 - name: Disable & Stop 'mosquitto' service
  systemd:
@ -30,6 +29,13 @@
    group: root
    mode: '0755'
 # RECORD Mosquitto AS INSTALLED
 - name: "Set 'mosquitto_installed: True'"
  set_fact:
    mosquitto_installed: True
 - name: "Add 'mosquitto_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
--- a/roles/munin/tasks/apache.yml
+++ b/roles/munin/tasks/apache.yml
@ -1,6 +1,6 @@
 - name: Enable http://box/munin via Apache
  command: a2ensite munin24.conf
-  when: munin_enabled
+  when: munin_enabled | bool
 - name: Disable http://box/munin via Apache
  command: a2dissite munin24.conf
--- a/roles/munin/tasks/install.yml
+++ b/roles/munin/tasks/install.yml
@ -26,7 +26,7 @@
    # mode: 0644
  with_items:
    - { src: 'munin.conf.j2', dest: '/etc/munin/munin.conf' }
-    - { src: 'munin24.conf.j2', dest: '/etc/{{ apache_config_dir }}/munin24.conf' }
+    - { src: 'munin24.conf.j2', dest: '/etc/{{ apache_conf_dir }}/munin24.conf' }
 - name: Establish username/password Admin/changeme in /etc/munin/munin-htpasswd
  htpasswd:
@ -48,6 +48,13 @@
    - /usr/share/munin/plugins/mysql_threads
  when: mysql_enabled | bool
 # RECORD Munin AS INSTALLED
 - name: "Set 'munin_installed: True'"
  set_fact:
    munin_installed: True
 - name: "Add 'munin_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
--- a/roles/munin/tasks/main.yml
+++ b/roles/munin/tasks/main.yml
@ -19,7 +19,7 @@
    quiet: yes
- name: Install Munin if 'munin_installed' is not defined in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
+- name: Install Munin if 'munin_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
  include_tasks: install.yml
  when: munin_installed is undefined
@ -59,7 +59,7 @@
      value: Munin
    - option: description
      value: '"Munin is a networked resource monitoring tool that can help analyze resource trends and ''what just happened to kill our performance?'' problems."'
-    - option: installed
+    - option: install
      value: "{{ munin_install }}"
    - option: enabled
      value: "{{ munin_enabled }}"
--- a/roles/munin/tasks/nginx.yml
+++ b/roles/munin/tasks/nginx.yml
@ -2,7 +2,7 @@
  template:
    src: munin24-nginx.conf.j2
    dest: "{{ nginx_conf_dir }}/munin24-nginx.conf"    # /etc/nginx/conf.d
-  when: munin_enabled
+  when: munin_enabled | bool
 - name: Disable http://box/munin via NGINX, by installing {{ nginx_conf_dir }}/munin24-nginx.conf
  file:
--- a/roles/mysql/tasks/main.yml
+++ b/roles/mysql/tasks/main.yml
@ -1,9 +1,9 @@
 # TO DO:
 # - Validate input vars mysql_install & mysql_enabled
-# - Put ~12 stanzas just below into install.yml
+# - Put ~13 stanzas just below into install.yml
 #   - Triggered by... 'when: mysql_installed is undefined'
 #   - Eliminate stale Fedora/CentOS code & gratuitous when: is_debuntu clauses?
-# - Consider putting ~8 stanzas below that into enable.yml or similar?
+# - Put ~8 stanzas below that into enable-or-disable.yml
 - name: 'Install MySQL packages: mariadb-server, mariadb-client, and 8 php packages (debuntu)'
  package:
@ -114,6 +114,13 @@
    # line: "TimeoutStartSec=180"
  when: mariadb_unit_file.stat.exists
 # RECORD MySQL AS INSTALLED
 - name: "Set 'mysql_installed: True'"
  set_fact:
    mysql_installed: True
 - name: "Add 'mysql_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
--- a/roles/network/tasks/computed_network.yml
+++ b/roles/network/tasks/computed_network.yml
@ -178,7 +178,6 @@
    regexp: '^IIAB_WAN_DEVICE=*'
    line: 'IIAB_WAN_DEVICE="{{ iiab_wan_iface }}"'
  when: not installing   #REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml
  #tags: network
 - name: Record IIAB_LAN_DEVICE to {{ iiab_env_file }}
  lineinfile:
@ -187,7 +186,6 @@
    line: 'IIAB_LAN_DEVICE="{{ iiab_lan_iface }}"'
    state: present
  when: not installing   #REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml
  #tags: network
 - name: Add 'computed_network' variable values to {{ iiab_ini_file }}
  ini_file:
--- a/roles/network/tasks/dansguardian.yml
+++ b/roles/network/tasks/dansguardian.yml
@ -2,7 +2,6 @@
  package:
    name: dansguardian
    state: present
  #tags: download
 - name: Install /etc/dansguardian/dansguardian.conf from template (Fedora)
  template:
--- a/roles/network/tasks/ifcfg_mods.yml
+++ b/roles/network/tasks/ifcfg_mods.yml
@ -84,7 +84,6 @@
    src: network/wifi-slave.j2
    dest: "/etc/sysconfig/network-scripts/ifcfg-{{ iiab_wireless_lan_iface }}"
  when: iiab_lan_iface == "br0" and iiab_wireless_lan_iface != "none"
  #tags: network
 - include_tasks: enable_wan.yml
  when: not installing and not iiab_demo_mode
--- a/roles/network/tasks/main.yml
+++ b/roles/network/tasks/main.yml
@ -1,6 +1,5 @@
 - include_tasks: detected_network.yml
  when: not installing    # REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml
  #tags: network, network-discover    # REMOVE SUCH LINES (BELOW TOO) AS WE'RE IN "network" ?
 - name: IF WIFI IS PRIMARY GATEWAY, PLEASE RUN 'iiab-hotspot-on' MANUALLY
  set_fact:
@ -27,10 +26,8 @@
 - include_tasks: computed_network.yml
  when: not installing   #REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml
  #tags: network, network-discover
 - include_tasks: hostapd.yml
  #tags: network, AP
 #- name: RPi - don't reboot to AP post install - installed via wifi - don't blow away current network
 #  set_fact:
@ -44,12 +41,10 @@
 ##### End static ip address info
 #- include_tasks: hosts.yml
 #  tags: network, hostname, domain
 - name: Configure wondershaper
  include_tasks: wondershaper.yml
  when: wondershaper_install or wondershaper_installed is defined
  #tags: network, wondershaper
 - name: (Re)Install named
  include_tasks: named.yml
@ -63,56 +58,48 @@
  include_tasks: squid.yml
  when: squid_install and FQDN_changed and iiab_stage|int == 9
-#### start services
+#### Start services
 - include_tasks: avahi.yml
  #tags: network
 - include_tasks: computed_services.yml
  #tags: network, named, dhcpd, dnsmasq, squid
 - include_tasks: enable_services.yml
  #tags: network, named, dhcpd, dnsmasq, squid
-#### end services
+#### End services
 #### Start network layout
 - name: Redhat networking
  include_tasks: ifcfg_mods.yml
  when: is_redhat | bool
  #and not installing
  #tags: network
 - name: Netplan in use on Ubuntu 18.04+
  include_tasks: netplan.yml
  when: is_ubuntu and not is_ubuntu_16
  #when: is_ubuntu_18 | bool
  #and not installing
  #tags: network
 - name: NetworkManager in use
  include_tasks: NM-debian.yml
  when: is_debuntu and network_manager_active
  #and not installing
  #tags: network
 - name: systemd-networkd in use
  include_tasks: sysd-netd-debian.yml
  when: is_debuntu and systemd_networkd_active
  #and not installing
  #tags: network
 - name: RPi's have dhcpcd in use
  include_tasks: rpi_debian.yml
  when: is_debuntu and is_rpi
  #and not installing
  #tags: network
 - name: Not RPi, Not NetworkManager, Not systemd-networkd in use
  include_tasks: debian.yml
  when: (not is_rpi and not network_manager_active and not systemd_networkd_active and is_debuntu) or is_ubuntu_16
  #and not installing
  #tags: network
 #### end network layout
 - include_tasks: restart.yml
-  when: not installing
+  when: not installing    # REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml
  #tags: network, named, dhcpd, dnsmasq, squid, AP
--- a/roles/network/tasks/named.yml
+++ b/roles/network/tasks/named.yml
@ -70,11 +70,11 @@
    dest: "/etc/systemd/system/{{ dns_service }}.service"
    mode: '0644'
- name: "Install /etc/{{ apache_config_dir }}/dns-jail.conf from template: dns-jail redirect requires the named.blackhole, disabling recursion (if dns_jail_enabled)"
+- name: "Install /etc/{{ apache_conf_dir }}/dns-jail.conf from template: dns-jail redirect requires the named.blackhole, disabling recursion (if dns_jail_enabled)"
 #        in named-iiab.conf, and the redirection of 404 error documents to /
  template:
    src: roles/network/templates/named/dns-jail.conf
-    dest: "/etc/{{ apache_config_dir }}/"
+    dest: "/etc/{{ apache_conf_dir }}/"
  when: dns_jail_enabled | bool
 - name: "Add 'named_installed: True' to {{ iiab_state_file }}"
--- a/roles/nextcloud/tasks/apache.yml
+++ b/roles/nextcloud/tasks/apache.yml
@ -0,0 +1,12 @@
 - name: Enable http://box{{ nextcloud_url }} via Apache    # http://box/nextcloud
  command: a2ensite nextcloud.conf
  when: nextcloud_enabled | bool
 - name: Disable http://box{{ nextcloud_url }} via Apache    # http://box/nextcloud
  command: a2dissite nextcloud.conf
  when: not nextcloud_enabled
 - name: Restart '{{ apache_service }}' systemd service
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
    state: restarted
--- a/roles/nextcloud/tasks/enable.yml
+++ b/roles/nextcloud/tasks/enable.yml
@ -1,58 +0,0 @@
 # Apache
 - name: Enable http://box{{ nextcloud_url }} via Apache    # http://box/nextcloud
  command: a2ensite nextcloud.conf
  when: apache_install and nextcloud_enabled
 - name: Disable http://box{{ nextcloud_url }} via Apache    # http://box/nextcloud
  command: a2dissite nextcloud.conf
  when: apache_install and not nextcloud_enabled
 - name: Restart Apache systemd service ({{ apache_service }})
  systemd:
    name: "{{ apache_service }}"
    state: restarted
  when: apache_enabled | bool
 # NGINX
 - name: "SHIM: Enable http://box{{ nextcloud_url }} via NGINX, by installing {{ nginx_conf_dir }}/nextcloud-nginx.conf from template"    # http://box/nextcloud
  template:
    src: nextcloud-nginx.conf.j2
    dest: "{{ nginx_conf_dir }}/nextcloud-nginx.conf"
  when: nginx_install and nextcloud_enabled
 - name: "SHIM: Disable http://box{{ nextcloud_url }} via NGINX, by removing {{ nginx_conf_dir }}/nextcloud-nginx.conf"    # http://box/nextcloud
  file:
    path: "{{ nginx_conf_dir }}/nextcloud-nginx.conf"
    state: absent
  when: nginx_install and not nextcloud_enabled
 - name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    state: restarted
  when: nginx_enabled | bool
 - name: Add 'nextcloud' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
    section: Nextcloud
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Nextcloud
    - option: description
      value: '"NextCloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."'
    - option: path
      value: "{{ nextcloud_prefix }}/nextcloud"
    #- option: nextcloud_force_install
    #  value: "{{ nextcloud_force_install }}"
    - option: nextcloud_orig_src_file
      value: "{{ nextcloud_orig_src_file }}"
    - option: nextcloud_src_file
      value: "{{ nextcloud_src_file }}"
    - option: nextcloud_enabled
      value: "{{ nextcloud_enabled }}"
--- a/roles/nextcloud/tasks/install.yml
+++ b/roles/nextcloud/tasks/install.yml
@ -105,23 +105,23 @@
  # NOT NEC TO TEST FOR is_raspbian_8 OR is_raspbian_9 AS /opt/iiab/iiab/vars/<OS>.yml
  # DEFINES THESE AS SUBSETS OF is_debian_8 OR is_debian_9 (FOR NOW!)
-# we need to install the rpm in order to get the dependencies
+## we need to install the rpm in order to get the dependencies
-# but we only need to do this the first time
+## but we only need to do this the first time
-
+#
- name: Install 7 php packages (redhat)
+#- name: Install 7 php packages (redhat)
-  package:
+#  package:
-    name:
+#    name:
-      - php
+#      - php
-      - php-gd
+#      - php-gd
-      - php-json
+#      - php-json
-      - php-mysql
+#      - php-mysql
-      - php-curl
+#      - php-curl
-      - php-intl
+#      - php-intl
-      - php-mcrypt
+#      - php-mcrypt
-      # CentOS does not have a package for php-imagick
+#      # CentOS does not have a package for php-imagick
-      #- php-imagick
+#      #- php-imagick
-    state: present
+#    state: present
-  when: is_redhat | bool
+#  when: is_redhat | bool
 - name: Unarchive {{ nextcloud_src_file_old }} to permanent location {{ nextcloud_prefix }}/nextcloud on older OS's lacking PHP 7.1+    # i.e. unpack nextcloud_latest-15.tar.bz2 to /opt/nextcloud
  unarchive:
@ -139,32 +139,32 @@
  when: php_new | bool
  #when: nextcloud_force_install and not (is_debian_9 or is_raspbian_9 or is_ubuntu_16)
- name: Create dir /etc/nextcloud (centos) for a subsequent config dir that's symlinked to /etc/nextcloud ?
+#- name: Create dir /etc/nextcloud (centos) for a subsequent config dir that's symlinked to /etc/nextcloud ?
-  file:
+#  file:
-    path: /etc/nextcloud
+#    path: /etc/nextcloud
-    state: directory
+#    state: directory
-  when: is_centos | bool
+#  when: is_centos | bool
-
+#
- name: Install {{ nextcloud_prefix }}/nextcloud/config/autoconfig.php from template (centos)
+#- name: Install {{ nextcloud_prefix }}/nextcloud/config/autoconfig.php from template (centos)
-  template:
+#  template:
-    src: autoconfig.php.j2
+#    src: autoconfig.php.j2
-    dest: "{{ nextcloud_prefix }}/nextcloud/config/autoconfig.php"
+#    dest: "{{ nextcloud_prefix }}/nextcloud/config/autoconfig.php"
-    owner: "{{ apache_user }}"
+#    owner: "{{ apache_user }}"
-    group: "{{ apache_user }}"
+#    group: "{{ apache_user }}"
-    mode: '0640'
+#    mode: '0640'
-  when: is_centos | bool
+#  when: is_centos | bool
 - name: chown -R {{ apache_user }}:{{ apache_user }} {{ nextcloud_prefix }}/nextcloud
  file:
-    path: "{{ nextcloud_prefix }}/nextcloud"
+    path: "{{ nextcloud_prefix }}/nextcloud"    # /opt
    owner: "{{ apache_user }}"
    group: "{{ apache_user }}"
    recurse: yes
    state: directory
- name: Create data directory {{ nextcloud_data_dir }}    # /opt/nextcloud/data
+- name: Create data directory {{ nextcloud_data_dir }}
  file:
-    path: "{{ nextcloud_data_dir }}"
+    path: "{{ nextcloud_data_dir }}"    # /opt/nextcloud/data
    owner: "{{ apache_user }}"
    group: "{{ apache_user }}"
    mode: '0750'
@ -173,7 +173,18 @@
 - name: Install Apache's nextcloud.conf from template, for http://box/nextcloud
  template:
    src: nextcloud.conf.j2
-    dest: "/etc/{{ apache_config_dir }}/nextcloud.conf"
+    dest: "/etc/{{ apache_conf_dir }}/nextcloud.conf"
 - name: Provision Nextcloud's MySQL DB, run Nextcloud's install wizard etc
  include_tasks: setup.yml
 # RECORD Nextcloud AS INSTALLED
 - name: "Set 'nextcloud_installed: True'"
  set_fact:
    nextcloud_installed: True
 - name: "Add 'nextcloud_installed: True' to {{ iiab_state_file }}"
  lineinfile:
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@ -1,18 +1,57 @@
- name: Does /opt/nextcloud/version.php exist?
+# "How do i fail a task in Ansible if the variable contains a boolean value?
-  stat:
+# I want to perform input validation for Ansible playbooks"
-    path: "{{ nextcloud_prefix }}/nextcloud/version.php"
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
  register: nextcloud_page
- name: FORCE INSTALL OR REINSTALL OR UPGRADE IF {{ nextcloud_prefix }}/nextcloud/version.php DOESN'T EXIST
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
-  #set_fact:
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
-  #  nextcloud_force_install: True
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
 - name: Assert that "nextcloud_install is sameas true" (boolean not string etc)
  assert:
    that: nextcloud_install is sameas true
    fail_msg: "PLEASE SET 'nextcloud_install: True' e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
 - name: Assert that "nextcloud_enabled | type_debug == 'bool'" (boolean not string etc)
  assert:
    that: nextcloud_enabled | type_debug == 'bool'
    fail_msg: "PLEASE GIVE VARIABLE 'nextcloud_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
 - name: Install Nextcloud if 'nextcloud_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
  include_tasks: install.yml
-  when: nextcloud_install and (not nextcloud_installed is defined or not nextcloud_page.stat.exists)
+  when: nextcloud_installed is undefined
 #
 # ABOVE install.yml RUNS setup.yml
 - name: Provision Nextcloud's MySQL DB, run Nextcloud's install wizard, etc
  include_tasks: setup.yml
  when: nextcloud_install and not installing
- name: Enable or disable Nextcloud
+#- name: Enable/Disable/Restart Apache if primary
-  include_tasks: enable.yml
+- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
-  when: nextcloud_install or nextcloud_installed is defined
+  include_tasks: apache.yml
  #when: not nginx_enabled
 - name: Enable/Disable/Restart NGINX if primary
  include_tasks: nginx.yml
  when: nginx_enabled | bool
 - name: Add 'nextcloud' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
    section: Nextcloud
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Nextcloud
    - option: description
      value: '"Nextcloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."'
    - option: path
      value: "{{ nextcloud_prefix }}/nextcloud"
    - option: nextcloud_orig_src_file
      value: "{{ nextcloud_orig_src_file }}"
    - option: nextcloud_src_file
      value: "{{ nextcloud_src_file }}"
    - option: nextcloud_enabled
      value: "{{ nextcloud_enabled }}"
--- a/roles/nextcloud/tasks/nginx.yml
+++ b/roles/nextcloud/tasks/nginx.yml
@ -0,0 +1,16 @@
 - name: "SHIM: Enable http://box{{ nextcloud_url }} via NGINX, by installing {{ nginx_conf_dir }}/nextcloud-nginx.conf from template"    # http://box/nextcloud
  template:
    src: nextcloud-nginx.conf.j2
    dest: "{{ nginx_conf_dir }}/nextcloud-nginx.conf"    # /etc/nginx/conf.d
  when: nextcloud_enabled | bool
 - name: "SHIM: Disable http://box{{ nextcloud_url }} via NGINX, by removing {{ nginx_conf_dir }}/nextcloud-nginx.conf"    # http://box/nextcloud
  file:
    path: "{{ nginx_conf_dir }}/nextcloud-nginx.conf"    # /etc/nginx/conf.d
    state: absent
  when: not nextcloud_enabled
 - name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    state: restarted
--- a/roles/nginx/tasks/install.yml
+++ b/roles/nginx/tasks/install.yml
@ -43,6 +43,13 @@
    state: restarted
  when: nginx_enabled
 # RECORD NGINX AS INSTALLED
 - name: "Set 'nginx_installed: True'"
  set_fact:
    nginx_installed: True
 - name: "Add 'nginx_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
--- a/roles/nodejs/tasks/main.yml
+++ b/roles/nodejs/tasks/main.yml
@ -150,6 +150,13 @@
 # thankfully; currently both offer Node.js 10.15.2
 # 3. RECORD Node.js AS INSTALLED
 - name: "Set 'nodejs_installed: True'"
  set_fact:
    nodejs_installed: True
 - name: "Add 'nodejs_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
--- a/roles/nodered/tasks/install.yml
+++ b/roles/nodered/tasks/install.yml
@ -1,10 +1,33 @@
 # 2019-01-16: @jvonau's PR #1403 moved installation of Node.js (8.x for now) &
 # npm to roles/nodejs/tasks/main.yml
 - debug:
    var: nodejs_install
 - debug:
    var: nodejs_enabled
 - debug:
    var: nodejs_installed
 - name: "Set 'nodejs_install: True' and 'nodejs_enabled: True'"
  set_fact:
    nodejs_install: True
    nodejs_enabled: True
 # 2020-01-04 no longer triggered by roles/nodered/meta/main.yml
 - name: NODEJS - run the 'nodejs' role
  include_role:
    name: nodejs
-# 2020-01-04 no longer triggered by roles/nodered/meta/main.yml
+
 - name: FAIL (STOP THE INSTALL) IF nodejs_installed is undefined
  fail:
    msg: "Sugarizer install cannot proceed, as Node.js failed to install."
  when: nodejs_installed is undefined
 - name: FAIL (STOP THE INSTALL) IF nodejs_version != "12.x"
  fail:
    msg: "Sugarizer install cannot proceed, as it currently requires Node.js 12.x, and your nodejs_version appears to be {{ nodejs_version }}.  Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml, /etc/iiab/local_vars.yml, /opt/iiab/iiab/roles/nodejs, etc!"
  when: nodejs_version != "12.x"
 # BRUTAL but ensures consistency across OS's / distros like Raspbian Desktop &
 # Ubermix that often include an older version of Node-RED.  Brutal, as this
@ -85,11 +108,11 @@
    dest: /etc/systemd/system/nodered.service
    # mode: '0666'
- name: Install /etc/{{ apache_config_dir }}/nodered.conf from template
+- name: Install /etc/{{ apache_conf_dir }}/nodered.conf from template
  template:
    backup: yes
    src: nodered.conf.j2
-    dest: "/etc/{{ apache_config_dir }}/nodered.conf"
+    dest: "/etc/{{ apache_conf_dir }}/nodered.conf"
    # mode: '0666'
 # SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml
@ -98,6 +121,13 @@
    state: present
    name: proxy_wstunnel
 # RECORD Node-RED AS INSTALLED
 - name: "Set 'nodered_installed: True'"
  set_fact:
    nodered_installed: True
 - name: "Add 'nodered_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
--- a/roles/openvpn/tasks/main.yml
+++ b/roles/openvpn/tasks/main.yml
@ -1,4 +1,4 @@
-# TO DO: WRAP 11 OR 12 STANZAS BELOW INTO install.yml, conditioned by...
+# TO DO: WRAP 12 OR 13 STANZAS BELOW INTO install.yml, conditioned by...
 # 'when: openvpn_installed is undefined'
 #
 # BEWARE: 4th stanza (ssh pubkey deletions) is already conditioned by...
@ -107,6 +107,13 @@
    path: /usr/bin/iiab-vpn-off
    state: link
 # RECORD OpenVPN AS INSTALLED
 - name: "Set 'openvpn_installed: True'"
  set_fact:
    openvpn_installed: True
 - name: "Add 'openvpn_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
@ -114,7 +121,7 @@
    line: 'openvpn_installed: True'
-# TO DO: WRAP COMMENTS + 4 ACTIVE STANZAS BELOW INTO enable.yml...
+# TO DO: WRAP COMMENTS + 4 ACTIVE STANZAS BELOW INTO enable-or-disable.yml...
 # FIXED SOMETIME PRIOR TO AUGUST 2018: earlier versions of Ansible had not
 # been working with systemd service names that contained the "@" character.
@ -208,7 +215,7 @@
  - option: name
    value: OpenVPN
  - option: description
-    value: "OpenVPN enables live/remote support by connecting machines anywhere on the Internet, via a middleman server, using Virtual Private Network (VPN) techniques to create secure connections."
+    value: '"OpenVPN enables live/remote support by connecting machines anywhere on the Internet, via a middleman server, using Virtual Private Network (VPN) techniques to create secure connections."'
  - option: enabled
    value: "{{ openvpn_enabled }}"
 # openvpn_handle variable can no longer be left completely undefined of August 2018 (EMPTY STRING "" IS TOLERATED, in which case OpenVPN server should use /etc/iiab/uuid in lieu of the handle)
--- a/roles/osm-vector-maps/tasks/install.yml
+++ b/roles/osm-vector-maps/tasks/install.yml
@ -67,6 +67,12 @@
    dest: "{{ vector_map_path }}/index.html"    # /library/www/osm-vector-maps
 # RECORD OSM Vector Maps AS INSTALLED
 - name: "Set 'osm_vector_maps_installed: True'"
  set_fact:
    osm_vector_maps_installed: True
 - name: "Add 'osm_vector_maps_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
--- a/roles/osm-vector-maps/tasks/main.yml
+++ b/roles/osm-vector-maps/tasks/main.yml
@ -19,7 +19,7 @@
    quiet: yes
- name: Install OSM Vector Maps if 'osm_vector_maps_installed' is not defined in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
+- name: Install OSM Vector Maps if 'osm_vector_maps_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
  include_tasks: install.yml
  when: osm_vector_maps_installed is undefined
@ -43,7 +43,7 @@
      value: OSM Vector Maps
    - option: description
      value: '"OpenStreetMap is like Google Maps but better, for schools especially, as it works offline and avoids all the advertising.  Download detailed ''vector maps'' for an entire continent, or the entire world!  Also includes 10+ zoom levels of satellite imagery!"'
-    - option: installed
+    - option: install
      value: "{{ osm_vector_maps_install }}"
    - option: enabled
      value: "{{ osm_vector_maps_enabled }}"
--- a/roles/osm-vector-maps/tasks/nginx.yml
+++ b/roles/osm-vector-maps/tasks/nginx.yml
@ -1,12 +1,12 @@
 - name: Enable http://box/maps & http://box/osm-vector-maps via NGINX, by installing {{ nginx_conf_dir }}/osm-vector-maps-nginx.conf from template
  template:
    src: osm-vector-maps-nginx.conf.j2
-    dest: "{{ nginx_conf_dir }}/osm-vector-maps-nginx.conf"
+    dest: "{{ nginx_conf_dir }}/osm-vector-maps-nginx.conf"    # /etc/nginx/conf.d
  when: osm_vector_maps_enabled | bool
 - name: Disable http://box/maps & http://box/osm-vector-maps via NGINX, by removing {{ nginx_conf_dir }}/osm-vector-maps-nginx.conf
  file:
-    path: "{{ nginx_conf_dir }}/osm-vector-maps-nginx.conf"
+    path: "{{ nginx_conf_dir }}/osm-vector-maps-nginx.conf"    # /etc/nginx/conf.d
    state: absent
  when: not osm_vector_maps_enabled
--- a/roles/pbx/tasks/main.yml
+++ b/roles/pbx/tasks/main.yml
@ -1,7 +1,24 @@
 - debug:
    var: nodejs_install
 - debug:
    var: nodejs_enabled
 - debug:
    var: nodejs_installed
 - name: "Set 'nodejs_install: True' and 'nodejs_enabled: True'"
  set_fact:
    nodejs_install: True
    nodejs_enabled: True
 - name: NODEJS - run the 'nodejs' role
  include_role:
    name: nodejs
 - name: FAIL (STOP THE INSTALL) IF nodejs_installed is undefined
  fail:
    msg: "PBX install cannot proceed, as Node.js failed to install."
  when: nodejs_installed is undefined
 - name: Fail if nodejs_version is incorrect
  fail:
    msg: >-
@ -49,3 +66,16 @@
 - name: Asterisk - Install chan_dongle
  include: chan_dongle.yml
  when: asterisk_chan_dongle | bool
 # RECORD PBX AS INSTALLED
 - name: "Set 'pbx_installed: True'"
  set_fact:
    pbx_installed: True
 - name: "Add 'pbx_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^pbx_installed'
    line: 'pbx_installed: True'
--- a/roles/phpmyadmin/tasks/main.yml
+++ b/roles/phpmyadmin/tasks/main.yml
@ -45,6 +45,19 @@
 #   #  recurse: yes
 #   #  state: directory
 - name: Install /etc/{{ apache_conf_dir }}/phpmyadmin.conf from template, if phpmyadmin_enabled
  template:
    src: phpmyadmin.j2
    dest: "/etc/{{ apache_conf_dir }}/phpmyadmin.conf"
  when: apache_install | bool
 # RECORD phpMyAdmin AS INSTALLED
 - name: "Set 'phpmyadmin_installed: True'"
  set_fact:
    phpmyadmin_installed: True
 - name: "Add 'phpmyadmin_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
@ -52,24 +65,13 @@
    line: 'phpmyadmin_installed: True'
- name: Install /etc/{{ apache_config_dir }}/phpmyadmin.conf from template, if phpmyadmin_enabled
+- name: Enable phpMyAdmin via Apache, if phpmyadmin_enabled
-  template:
+  command: a2ensite phpmyadmin.conf
-    src: phpmyadmin.j2
+  when: apache_install and phpmyadmin_enabled
    dest: "/etc/{{ apache_config_dir }}/phpmyadmin.conf"
  when: phpmyadmin_enabled | bool
- name: Create symlink phpmyadmin.conf from sites-enabled to sites-available (debuntu)
+- name: Disable phpMyAdmin via Apache, if not phpmyadmin_enabled
-  file:
+  command: a2dissite phpmyadmin.conf
-    src: /etc/apache2/sites-available/phpmyadmin.conf
+  when: apache_install and not phpmyadmin_enabled
    path: /etc/apache2/sites-enabled/phpmyadmin.conf
    state: link
  when: phpmyadmin_enabled and is_debuntu
 - name: Remove /etc/apache2/sites-enabled/phpmyadmin.conf, if not phpmyadmin_enabled (debuntu)
  file:
    path: /etc/apache2/sites-enabled/phpmyadmin.conf
    state: absent
  when: not phpmyadmin_enabled and is_debuntu
 - name: Add 'phpmyadmin' variable values to {{ iiab_ini_file }}
--- a/roles/postgresql/tasks/main.yml
+++ b/roles/postgresql/tasks/main.yml
@ -1,6 +1,6 @@
 # TO DO:
 # - Validate input vars postgresql_install & postgresql_enabled
-# - Put ~12 stanzas just below into install.yml
+# - Put ~13 stanzas just below into install.yml
 #   - Triggered by... 'when: postgresql_installed is undefined'
 - name: Install 'postgresql' package
@ -85,6 +85,13 @@
    state: stopped
    enabled: no
 # RECORD PostgreSQL AS INSTALLED
 - name: "Set 'postgresql_installed: True'"
  set_fact:
    postgresql_installed: True
 - name: "Add 'postgresql_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
@ -118,7 +125,7 @@
      value: PostgreSQL
    - option: description
      value: '"PostgreSQL is a powerful, open source object-relational database system."'
-    - option: installed
+    - option: install
      value: "{{ postgresql_install }}"
    - option: enabled
      value: "{{ postgresql_enabled }}"
--- a/roles/samba/tasks/main.yml
+++ b/roles/samba/tasks/main.yml
@ -21,51 +21,55 @@
      - samba-common
      - cifs-utils
    state: present
  #tags: samba, download
 - name: Install /etc/samba/smb.conf from template
  template:
    src: smb.conf.j2
    dest: /etc/samba/smb.conf
 # RECORD Samba AS INSTALLED
 - name: "Set 'samba_installed: True'"
  set_fact:
    samba_installed: True
 - name: "Add 'samba_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^samba_installed'
    line: 'samba_installed: True'
- name: Enable & Start Samba systemd service
+
 - name: Enable & Start Samba systemd service ({{ smb_service }}) if samba_enabled
  service:
    name: "{{ smb_service }}"
    state: started
    enabled: yes
  #tags: samba
  when: samba_enabled | bool
- name: Enable & Start NetBIOS name server ({{ nmb_service }})
+- name: Enable & Start NetBIOS name service ({{ nmb_service }}) if samba_enabled
  service:
    name: "{{ nmb_service }}"
    state: started
    enabled: yes
  #tags: samba
  when: samba_enabled | bool
- name: Disable Samba if not samba_enabled
+- name: Disable & Stop Samba systemd service ({{ smb_service }}) if not samba_enabled
-  service:
+  systemd:
    name: "{{ smb_service }}"
    state: stopped
    enabled: no
  #tags: samba
  when: not samba_enabled
- name: Disable NetBIOS name server ({{ nmb_service }}) if not samba_enabled
+- name: Disable & Stop NetBIOS name service ({{ nmb_service }}) if not samba_enabled
-  service:
+  systemd:
    name: "{{ nmb_service }}"
    state: stopped
    enabled: no
  #tags: samba
  when: not samba_enabled
 - name: Add 'samba' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
--- a/roles/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
@ -2,25 +2,24 @@
  package:
    name: "{{ sshd_package }}"
    state: present
  when: sshd_enabled | bool
- name: Disable root login with password
+- name: Disable password-based logins to root
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: '^PermitRootLogin'
    line: 'PermitRootLogin without-password'
    state: present
-  when: sshd_enabled | bool
+  #when: sshd_enabled | bool
 #TODO: use handler to reload ssh
- name: Create root .ssh
+- name: mkdir /root/.ssh
  file:
    state: directory
    path: /root/.ssh
    owner: root
    group: root
-    mode: 0700
+    mode: '0700'
-    state: directory
+  #when: sshd_enabled | bool
  when: sshd_enabled | bool
 - name: Install dummy root keys as placeholder
  copy:
@ -28,19 +27,34 @@
    dest: /root/.ssh/authorized_keys
    owner: root
    group: root
-    mode: 0600
+    mode: '0600'
    force: no
-  when: sshd_enabled | bool
+  #when: sshd_enabled | bool
- name: Enable & start ssh daemon
+
-  service:
+# RECORD sshd AS INSTALLED
 - name: "Set 'sshd_installed: True'"
  set_fact:
    sshd_installed: True
 - name: "Add 'sshd_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^sshd_installed'
    line: 'sshd_installed: True'
 - name: Enable & Start ssh daemon ({{ sshd_service }}) if sshd_enabled
  systemd:
    name: "{{ sshd_service }}"
    daemon_reload: yes
    enabled: yes
    state: started
  when: sshd_enabled | bool
- name: Disable ssh daemon
+- name: Disable & Stop ssh daemon ({{ sshd_service }}) if not sshd_enabled
-  service:
+  systemd:
    name: "{{ sshd_service }}"
    enabled: no
    state: stopped
--- a/roles/sugarizer/tasks/apache.yml
+++ b/roles/sugarizer/tasks/apache.yml
@ -0,0 +1,12 @@
 - name: Enable http://box/sugarizer & http://box/sugar via Apache
  command: a2ensite sugarizer.conf
  when: sugarizer_enabled
 - name: Disable http://box/sugarizer & http://box/sugar via Apache
  command: a2dissite sugarizer.conf
  when: not sugarizer_enabled
 - name: Restart '{{ apache_service }}' systemd service
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
    state: restarted
--- a/roles/sugarizer/tasks/enable.yml
+++ b/roles/sugarizer/tasks/enable.yml
@ -1,72 +0,0 @@
 # auto starts mongodb via the requires= line in unit file
 - name: Enable & Restart 'sugarizer' systemd service
  systemd:
    name: sugarizer
    daemon_reload: yes    # in case mongodb.service changed, etc
    enabled: yes
    state: restarted
  when: sugarizer_enabled | bool
 # stops sugarizer but not mongodb
 - name: Disable & Stop 'sugarizer' systemd service
  systemd:
    name: sugarizer
    enabled: no
    state: stopped
  when: not sugarizer_enabled
 # stops mongodb would of been called via meta/main.yml prior
 - name: Run mongodb/tasks/enable.yml to stop MongoDB, if not sugarizer_enabled
  include_tasks: roles/mongodb/tasks/enable.yml
  when: not sugarizer_enabled
 # Apache
 - name: Enable http://box/sugarizer & http://box/sugar via Apache
  command: a2ensite sugarizer.conf
  when: apache_install and sugarizer_enabled
 - name: Disable http://box/sugarizer & http://box/sugar via Apache
  command: a2dissite sugarizer.conf
  when: apache_install and not sugarizer_enabled
 - name: Restart Apache systemd service ({{ apache_service }})
  systemd:
    name: "{{ apache_service }}"
    state: restarted
  when: apache_enabled | bool
 # NGINX
 - name: Enable http://box/sugarizer via NGINX, by installing {{ nginx_conf_dir }}/sugarizer-nginx.conf from template
  template:
    src: sugarizer-nginx.conf
    dest: "{{ nginx_conf_dir }}/sugarizer-nginx.conf"
  when: nginx_install and sugarizer_enabled
 - name: Disable http://box/sugarizer via NGINX, by removing {{ nginx_conf_dir }}/sugarizer-nginx.conf
  file:
    path: "{{ nginx_conf_dir }}/sugarizer-nginx.conf"
    state: absent
  when: nginx_install and not sugarizer_enabled
 - name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    state: restarted
  when: nginx_enabled | bool
 - name: Add 'sugarizer' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
    section: sugarizer
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Sugarizer
    - option: description
      value: '"The Sugar Learning Platform began with the famous One Laptop Per Child project, written in Python. Sugarizer is the new HTML/JavaScript implementation of Sugar, usable in most all browsers."'
    - option: sugarizer_enabled
      value: "{{ sugarizer_enabled }}"
--- a/roles/sugarizer/tasks/install.yml
+++ b/roles/sugarizer/tasks/install.yml
@ -1,15 +1,61 @@
- name: MONGODB - run the 'mongodb' role
+# 0. ATTEMPT INSTALL-THEN-ASSERT OF (1) HARD PREREQ Node.js (2) SOFT PREREQ MongoDB 
-  include_role:
+
-    name: mongodb
+- debug:
    var: nodejs_install
 - debug:
    var: nodejs_enabled
 - debug:
    var: nodejs_installed
 - name: "Set 'nodejs_install: True' and 'nodejs_enabled: True'"
  set_fact:
    nodejs_install: True
    nodejs_enabled: True
 - name: NODEJS - run the 'nodejs' role
  include_role:
    name: nodejs
- name: FAIL (STOP INSTALLING) IF nodejs_version is not set to 12.x
+- name: FAIL (STOP THE INSTALL) IF nodejs_installed is undefined
  fail:
-    msg: "Sugarizer install cannot proceed, as it currently requires Node.js 12.x, and your nodejs_version is set to {{ nodejs_version }}.  Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml"
+    msg: "Sugarizer install cannot proceed, as Node.js failed to install."
-  when: sugarizer_install and (nodejs_version != "12.x")
+  when: nodejs_installed is undefined
 - name: FAIL (STOP THE INSTALL) IF nodejs_version != "12.x"
  fail:
    msg: "Sugarizer install cannot proceed, as it currently requires Node.js 12.x, and your nodejs_version appears to be {{ nodejs_version }}.  Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml, /etc/iiab/local_vars.yml, /opt/iiab/iiab/roles/nodejs, etc!"
  when: nodejs_version != "12.x"
 - debug:
    var: mongodb_install
 - debug:
    var: mongodb_enabled
 - debug:
    var: mongodb_installed
 - name: "Set 'mongodb_install: True' and 'mongodb_enabled: True'"
  set_fact:
    mongodb_install: True
    mongodb_enabled: True
 - name: MONGODB - run the 'mongodb' role
  include_role:
    name: mongodb
 # 2020-01-29: FOR NOW LET'S TRY A VERY SOFT (BEST EFFORT) PREREQ, AS Sugarizer
 # TRADITIONALLY CAN WORK (?) EVEN WITHOUT MongoDB.  IF LATER WE INSTEAD WANT TO
 # ENFORCE MongoDB...AS A MEDIUM-STRENGTH PREREQ...OR AS A HARD (STRICT) PREREQ
 # ...THEN UNCOMMENT EITHER BELOW:
 #
 #- name: EXIT SUGARIZER PLAYBOOK (BUT CONTINUE INSTALLING IIAB) IF mongodb_installed is undefined
 #  meta: end_play
 #  when: mongodb_installed is undefined
 #
 #- name: FAIL (STOP THE INSTALL) IF mongodb_installed is undefined
 #  fail:
 #    msg: "Sugarizer install cannot proceed, as MongoDB failed to install."
 #  when: mongodb_installed is undefined
 # 1. DOWNLOAD+LINK /opt/iiab/sugarizer
@ -149,7 +195,7 @@
    # mode: '0644'
  with_items:
    - { src: 'sugarizer.service', dest: '/etc/systemd/system/sugarizer.service' }
-    - { src: 'sugarizer.conf.j2', dest: "/etc/{{ apache_config_dir }}/sugarizer.conf" }
+    - { src: 'sugarizer.conf.j2', dest: "/etc/{{ apache_conf_dir }}/sugarizer.conf" }
    #- { src: 'sugarizer.ini.j2', dest: '{{ iiab_base }}/sugarizer-server/env/sugarizer.ini' }
    #- { src: 'sugarizer.js', dest: '{{ iiab_base }}/sugarizer-server' }
@ -223,6 +269,13 @@
 #    # Use this instead, if tabs are truly nec:
 #    # block: "\tvar pathPrefix = '/sugarizer';\n\tapp.use(pathPrefix, require('path-prefix-proxy')(pathPrefix));"
 # 6. RECORD Sugarizer AS INSTALLED
 - name: "Set 'sugarizer_installed: True'"
  set_fact:
    sugarizer_installed: True
 - name: "Add 'sugarizer_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
--- a/roles/sugarizer/tasks/main.yml
+++ b/roles/sugarizer/tasks/main.yml
@ -1,7 +1,70 @@
- name: Install 'sugarizer' if sugarizer_install and not Debian 10+
+# "How do i fail a task in Ansible if the variable contains a boolean value?
-  include_tasks: install.yml
+# I want to perform input validation for Ansible playbooks"
-  when: not sugarizer_installed is defined and sugarizer_install and not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9))
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
- name: Enable 'sugarizer' if sugarizer_enabled
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
-  include_tasks: enable.yml
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
-  when: (sugarizer_install or sugarizer_installed is defined) and not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9))
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
 - name: Assert that "sugarizer_install is sameas true" (boolean not string etc)
  assert:
    that: sugarizer_install is sameas true
    fail_msg: "PLEASE SET 'sugarizer_install: True' e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
 - name: Assert that "sugarizer_enabled | type_debug == 'bool'" (boolean not string etc)
  assert:
    that: sugarizer_enabled | type_debug == 'bool'
    fail_msg: "PLEASE GIVE VARIABLE 'sugarizer_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
    quiet: yes
 - name: Install Sugarizer if 'sugarizer_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
  include_tasks: install.yml
  when: sugarizer_installed is undefined
 # Auto-starts mongodb via the requires= line in unit file
 - name: Enable & Restart 'sugarizer' systemd service, if sugarizer_enabled
  systemd:
    name: sugarizer
    daemon_reload: yes    # in case mongodb.service changed, etc
    enabled: yes
    state: restarted
  when: sugarizer_enabled | bool
 # Stops sugarizer but not mongodb
 - name: Disable & Stop 'sugarizer' systemd service, if not sugarizer_enabled
  systemd:
    name: sugarizer
    enabled: no
    state: stopped
  when: not sugarizer_enabled
 # Stops mongodb (in the past this would've been called via meta/main.yml)
 - name: Run mongodb/tasks/enable.yml to stop MongoDB, if not sugarizer_enabled
  include_tasks: roles/mongodb/tasks/enable.yml
  when: not sugarizer_enabled
 - name: Enable/Disable/Restart Apache if primary
  include_tasks: apache.yml
  when: not nginx_enabled
 - name: Enable/Disable/Restart NGINX if primary
  include_tasks: nginx.yml
  when: nginx_enabled | bool
 - name: Add 'sugarizer' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
    section: sugarizer
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: Sugarizer
    - option: description
      value: '"The Sugar Learning Platform began with the famous One Laptop Per Child project, written in Python.  Sugarizer is the new HTML/JavaScript implementation of Sugar, usable in most all browsers."'
    - option: sugarizer_enabled
      value: "{{ sugarizer_enabled }}"
--- a/roles/sugarizer/tasks/nginx.yml
+++ b/roles/sugarizer/tasks/nginx.yml
@ -0,0 +1,16 @@
 - name: Enable http://box/sugarizer via NGINX, by installing {{ nginx_conf_dir }}/sugarizer-nginx.conf from template
  template:
    src: sugarizer-nginx.conf
    dest: "{{ nginx_conf_dir }}/sugarizer-nginx.conf"    # /etc/nginx/conf.d
  when: sugarizer_enabled | bool
 - name: Disable http://box/sugarizer via NGINX, by removing {{ nginx_conf_dir }}/sugarizer-nginx.conf
  file:
    path: "{{ nginx_conf_dir }}/sugarizer-nginx.conf"    # /etc/nginx/conf.d
    state: absent
  when: not sugarizer_enabled
 - name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    state: restarted
--- a/roles/transmission/tasks/main.yml
+++ b/roles/transmission/tasks/main.yml
@ -7,11 +7,11 @@
 - name: Create download dir {{ transmission_download_dir }}, owned by {{ transmission_user }}:{{ transmission_group }}
  file:
    state: directory
    path: "{{ transmission_download_dir }}"    # /library/transmission
    owner: "{{ transmission_user }}"    # debian-transmission
    group: "{{ transmission_group }}"    # root
    # mode: '0755'
    state: directory
 - name: Stop 'transmission-daemon' systemd service, before modifying its settings
  systemd:
@ -23,9 +23,16 @@
  template:
    src: settings.json.j2
    dest: /etc/transmission-daemon/settings.json
    # mode: '0644'
    owner: "{{ transmission_user }}"    # debian-transmission
    group: "{{ transmission_group }}"    # root
    # mode: '0644'
 # RECORD Transmission AS INSTALLED
 - name: "Set 'transmission_installed: True'"
  set_fact:
    transmission_installed: True
 - name: "Add 'transmission_installed: True' to {{ iiab_state_file }}"
  lineinfile:
@ -69,7 +76,7 @@
    value: "{{ item.value | string }}"
  with_items:
    - option: name
-      value: transmission
+      value: Transmission
    - option: description
      value: '"Transmission is a set of lightweight BitTorrent clients (in GUI, CLI and daemon form)."'
    - option: transmission_install
--- a/roles/usb_lib/README.rst
+++ b/roles/usb_lib/README.rst
--- a/roles/usb_lib/defaults/main.yml
+++ b/roles/usb_lib/defaults/main.yml
--- a/roles/usb_lib/tasks/main.yml
+++ b/roles/usb_lib/tasks/main.yml
@ -0,0 +1,109 @@
 # TO DO:
 # - validate input vars + prereqs
 # - move 6 top stanzas into install.yml
 # - move 6 mid/lower stanzas into enable-or-disable.yml
 # - verify analogous NGINX logic from roles/nginx/* -- then integrate as nec?
 - name: Add dir {{ doc_root }}/local_content, where USB drive links can appear
  file:
    state: directory
    path: "{{ doc_root }}/local_content"
    owner: "{{ apache_user }}"
    group: "{{ iiab_admin_user }}"    # ISN'T "{{ apache_user }}" MORE APPROPRIATE?
    mode: '0775'
 - name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off'
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: "{{ item.mode }}"
  with_items:
    - { src: 'usbmount@.service.j2' , dest: '/etc/systemd/system/usbmount@.service', mode: '0644' }
    - { src: 'usbmount.rules.j2' , dest: '/etc/udev/rules.d/usbmount.rules', mode: '0644' }
    - { src: 'iiab-usb_lib-show-all-on' , dest: '/usr/bin/', mode: '0755' }
    - { src: 'iiab-usb_lib-show-all-off' , dest: '/usr/bin/', mode: '0755' }
 - name: Enable exFAT and NTFS in /etc/usbmount/usbmount.conf
  lineinfile:
    regexp: '^FILESYSTEMS.*'
    line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"'
    path: /etc/usbmount/usbmount.conf
 - name: Install /etc/{{ apache_conf_dir }}/content_dir.conf from template
  template:
    src: content_dir.conf
    dest: "/etc/{{ apache_conf_dir }}"
  when: apache_install
 # RECORD usb_lib AS INSTALLED
 - name: "Set 'usb_lib_installed: True'"
  set_fact:
    usb_lib_installed: True
 - name: "Add 'usb_lib_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^usb_lib_installed'
    line: 'usb_lib_installed: True'
 - name: Install /etc/usbmount/mount.d/70-usb-library from template, if usb_lib_enabled
  template:
    src: mount.d/70-usb-library
    dest: /etc/usbmount/mount.d/
    owner: root
    group: root
    mode: '0751'
  when: usb_lib_enabled | bool
 - name: Install /etc/usbmount/umount.d/70-usb-library from template, if usb_lib_enabled
  template:
    src: umount.d/70-usb-library
    dest: /etc/usbmount/umount.d
    owner: root
    group: root
    mode: '0751'
  when: usb_lib_enabled | bool
 - name: Remove /etc/usbmount/mount.d/70-usb-library if not usb_lib_enabled
  file:
    path: /etc/usbmount/mount.d/70-usb-library
    state: absent
  when: not usb_lib_enabled
 - name: Remove /etc/usbmount/umount.d/70-usb-library if not usb_lib_enabled
  file:
    path: /etc/usbmount/umount.d/70-usb-library
    state: absent
  when: not usb_lib_enabled
 - name: Enable http://box/usb via Apache, if usb_lib_enabled
  command: a2ensite content_dir.conf
  when: apache_install and usb_lib_enabled
 - name: Disable http://box/usb via Apache, if not usb_lib_enabled
  command: a2dissite content_dir.conf
  when: apache_install and not usb_lib_enabled
 - name: Put variable in iiab.env that enables display of content at root of USB
  lineinfile:
    path: "{{ iiab_env_file }}"
    regexp: "^IIAB_USB_LIB_SHOW_ALL.*"
    line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}"
 - name: Add 'usb_lib' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
    section: usb_lib
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: usb_lib
    - option: description
      value: '"usb_lib automounts Teacher Content on USB drives to /library/www/html/local_content, so students can browse it almost immediately at http://box/usb"'
    - option: enabled
      value: "{{ usb_lib_enabled }}"
--- a/roles/usb_lib/tasks/main.yml~
+++ b/roles/usb_lib/tasks/main.yml~
@ -1,21 +1,18 @@
 # TO DO:
 # - validate input vars + prereqs
 # - move 6 top stanzas into install.yml
 # - move 6 mid/lower stanzas into enable-or-disable.yml
 # - verify analogous NGINX logic from roles/nginx/* -- then integrate as nec?
 - name: Add dir {{ doc_root }}/local_content, where USB drive links can appear
  file:
    path: "{{ doc_root }}/local_content"
    state: directory
    path: "{{ doc_root }}/local_content"
    owner: "{{ apache_user }}"
    group: "{{ iiab_admin_user }}"    # ISN'T "{{ apache_user }}" MORE APPROPRIATE?
-    mode: 0775
+    mode: '0775'
- name: Install /etc/usbmount/mount.d/70-usb-library from template
+- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off'
  template:
    src: mount.d/70-usb-library
    dest: /etc/usbmount/mount.d/
    owner: root
    group: root
    mode: 0751
  when: usb_lib_enabled | bool
 - name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb-lib-show-all-on, /usr/bin/iiab-usb-lib-show-all-off'
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
@ -23,22 +20,51 @@
  with_items:
    - { src: 'usbmount@.service.j2' , dest: '/etc/systemd/system/usbmount@.service', mode: '0644' }
    - { src: 'usbmount.rules.j2' , dest: '/etc/udev/rules.d/usbmount.rules', mode: '0644' }
-    - { src: 'iiab-usb-lib-show-all-on' , dest: '/usr/bin/', mode: '0755' }
+    - { src: 'iiab-usb_lib-show-all-on' , dest: '/usr/bin/', mode: '0755' }
-    - { src: 'iiab-usb-lib-show-all-off' , dest: '/usr/bin/', mode: '0755' }
+    - { src: 'iiab-usb_lib-show-all-off' , dest: '/usr/bin/', mode: '0755' }
 - name: Enable exFAT and NTFS in /etc/usbmount/usbmount.conf
-  lineinfile: 
+  lineinfile:
    regexp: '^FILESYSTEMS.*'
    line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"'
    path: /etc/usbmount/usbmount.conf
- name: Install /etc/usbmount/umount.d/70-usb-library from template
+- name: Install /etc/{{ apache_conf_dir }}/content_dir.conf from template
  template:
    src: content_dir.conf
    dest: "/etc/{{ apache_conf_dir }}"
  when: apache_install
 # RECORD usb_lib AS INSTALLED
 - name: "Set 'usb_lib_installed: True'"
  set_fact:
    usb_lib_installed: True
 - name: "Add 'usb_lib_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^usb_lib_installed'
    line: 'usb_lib_installed: True'
 - name: Install /etc/usbmount/mount.d/70-usb-library from template, if usb_lib_enabled
  template:
    src: mount.d/70-usb-library
    dest: /etc/usbmount/mount.d/
    owner: root
    group: root
    mode: '0751'
  when: usb_lib_enabled | bool
 - name: Install /etc/usbmount/umount.d/70-usb-library from template, if usb_lib_enabled
  template:
    src: umount.d/70-usb-library
    dest: /etc/usbmount/umount.d
    owner: root
    group: root
-    mode: 0751
+    mode: '0751'
  when: usb_lib_enabled | bool
 - name: Remove /etc/usbmount/mount.d/70-usb-library if not usb_lib_enabled
@ -53,47 +79,31 @@
    state: absent
  when: not usb_lib_enabled
 - name: Enable http://box/usb via Apache, if usb_lib_enabled
  shell: a2ensite content_dir.conf
  when: apache_install and usb_lib_enabled
 - name: Disable http://box/usb via Apache, if not usb_lib_enabled
  shell: a2dissite content_dir.conf
  when: apache_install and not usb_lib_enabled
 - name: Put variable in iiab.env that enables display of content at root of USB
  lineinfile:
    path: "{{ iiab_env_file }}"
    regexp: "^IIAB_USB_LIB_SHOW_ALL.*"
    line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}"
- name: Install /etc/{{ apache_config_dir }}/content_dir.conf from template
+- name: Add 'usb_lib' variable values to {{ iiab_ini_file }}
  template:
    src: content_dir.conf
    dest: "/etc/{{ apache_config_dir }}"
  when: usb_lib_enabled | bool
 - name: Create symlink content_dir.conf from sites-enabled to sites-available (debuntu)
  file:
    src: "/etc/{{ apache_config_dir }}/content_dir.conf"
    dest: /etc/apache2/sites-enabled/content_dir.conf
    state: link
  when: is_debuntu | bool
 - name: Remove symlink content_dir.conf from /etc/apache2/sites-enabled (debuntu)
  file:
    dest: /etc/apache2/sites-enabled/content_dir.conf
    state: absent
  when: is_debuntu and not usb_lib_enabled
 - name: Remove content_dir.conf from /etc/{{ apache_config_dir }}
  file:
    name: "/etc/{{ apache_config_dir }}/content_dir.conf"
    state: absent
  when: not usb_lib_enabled
 - name: Add 'usb-lib' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
-    section: usb-lib
+    section: usb_lib
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
-      value: usb-lib
+      value: usb_lib
    - option: description
-      value: '"usb-lib automounts Teacher Content on USB drives to /library/www/html/local_content, so students can browse it almost immediately at http://box/usb"'
+      value: '"usb_lib automounts Teacher Content on USB drives to /library/www/html/local_content, so students can browse it almost immediately at http://box/usb"'
    - option: enabled
      value: "{{ usb_lib_enabled }}"
--- a/roles/usb_lib/templates/content_dir.conf
+++ b/roles/usb_lib/templates/content_dir.conf
--- a/roles/usb_lib/templates/iiab-usb_lib-show-all-off
+++ b/roles/usb_lib/templates/iiab-usb_lib-show-all-off
--- a/roles/usb_lib/templates/iiab-usb_lib-show-all-on
+++ b/roles/usb_lib/templates/iiab-usb_lib-show-all-on
--- a/roles/usb_lib/templates/mount.d/70-usb-library
+++ b/roles/usb_lib/templates/mount.d/70-usb-library
--- a/roles/usb_lib/templates/umount.d/70-usb-library
+++ b/roles/usb_lib/templates/umount.d/70-usb-library
--- a/roles/usb_lib/templates/usbmount.rules.j2
+++ b/roles/usb_lib/templates/usbmount.rules.j2
--- a/roles/usb_lib/templates/usbmount@.service.j2
+++ b/roles/usb_lib/templates/usbmount@.service.j2
--- a/roles/vnstat/tasks/main.yml
+++ b/roles/vnstat/tasks/main.yml
@ -2,7 +2,6 @@
  package:
    name: vnstat
    state: present
  #tags: download
 - name: Install /etc/vnstat.conf from template
  template:
@ -19,6 +18,13 @@
  shell: /usr/bin/vnstat -i {{ iiab_lan_iface }}
  when: iiab_lan_iface is defined
 # RECORD vnStat AS INSTALLED
 - name: "Set 'vnstat_installed: True'"
  set_fact:
    vnstat_installed: True
 - name: "Add 'vnstat_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
@ -26,7 +32,7 @@
    line: 'vnstat_installed: True'
- name: Enable & Start vnStat's systemd service (vnstat)
+- name: Enable & (Re)Start 'vnstat' systemd service, if vnstat_enabled
  systemd:
    name: vnstat
    daemon_reload: yes
@ -46,7 +52,7 @@
      value: vnStat
    - option: description
      value: '"vnStat is a console-based network traffic monitor for Linux and BSD that keeps a log of network traffic for the selected interface(s)."'
-    - option: installed
+    - option: install
      value: "{{ vnstat_install }}"
    - option: enabled
      value: "{{ vnstat_enabled }}"
--- a/roles/wordpress/tasks/apache.yml
+++ b/roles/wordpress/tasks/apache.yml
@ -1,6 +1,6 @@
 - name: Enable http://box{{ wp_url }} via Apache    # http://box/wordpress
  command: a2ensite wordpress.conf
-  when: wordpress_enabled
+  when: wordpress_enabled | bool
 - name: Disable http://box{{ wp_url }} via Apache    # http://box/wordpress
  command: a2dissite wordpress.conf
--- a/roles/wordpress/tasks/install.yml
+++ b/roles/wordpress/tasks/install.yml
@ -85,12 +85,19 @@
    group: "{{ apache_user }}"    # DO WE REALLY STILL WANT THIS FOR NGINX?
    mode: '0660'    # Others strongly recommend '0600' (or do PHP/Apache/NGINX really need group read & write permissions?)
- name: Install etc/{{ apache_config_dir }}/wordpress.conf from template, for http://box{{ wp_url }} via Apache
+- name: Install etc/{{ apache_conf_dir }}/wordpress.conf from template, for http://box{{ wp_url }} via Apache
  template:
    src: wordpress.conf.j2
-    dest: "/etc/{{ apache_config_dir }}/wordpress.conf"
+    dest: "/etc/{{ apache_conf_dir }}/wordpress.conf"
  when: apache_enabled | bool
 # RECORD WordPress AS INSTALLED
 - name: "Set 'wordpress_installed: True'"
  set_fact:
    wordpress_installed: True
 - name: "Add 'wordpress_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
--- a/Show more
+++ b/Show more