diff --git a/roles/calibre-web/tasks/nginx.yml b/roles/calibre-web/tasks/enable-or-disable.yml similarity index 67% rename from roles/calibre-web/tasks/nginx.yml rename to roles/calibre-web/tasks/enable-or-disable.yml index 046bc65b8..b196176f9 100644 --- a/roles/calibre-web/tasks/nginx.yml +++ b/roles/calibre-web/tasks/enable-or-disable.yml @@ -1,3 +1,19 @@ +- name: Enable & Restart 'calibre-web' systemd service, if calibreweb_enabled + systemd: + name: calibre-web + daemon_reload: yes + enabled: yes + state: restarted + when: calibreweb_enabled + +- name: Disable & Stop 'calibre-web' systemd service, if not calibreweb_enabled + systemd: + name: calibre-web + enabled: no + state: stopped + when: not calibreweb_enabled + + # TO DO: restore http://box/libros & http://box/livres etc, alongside English (#2195) # RELATED: https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy diff --git a/roles/calibre-web/tasks/main.yml b/roles/calibre-web/tasks/main.yml index e8be74274..9d6e53333 100644 --- a/roles/calibre-web/tasks/main.yml +++ b/roles/calibre-web/tasks/main.yml @@ -24,23 +24,7 @@ when: calibreweb_installed is undefined -- name: Enable & Restart 'calibre-web' systemd service, if calibreweb_enabled - systemd: - name: calibre-web - daemon_reload: yes - enabled: yes - state: restarted - when: calibreweb_enabled - -- name: Disable & Stop 'calibre-web' systemd service, if not calibreweb_enabled - systemd: - name: calibre-web - enabled: no - state: stopped - when: not calibreweb_enabled - -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml +- include_tasks: enable-or-disable.yml - name: Add 'calibre-web' variable values to {{ iiab_ini_file }} diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index ea073de16..d585b42e0 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -49,7 +49,7 @@ blockinfile: path: /etc/cups/cupsd.conf insertafter: '^$' - block: |2 # Indent with 2 spaces, and surround block with 2 comment lines: "# BEGIN ANSIBLE MANAGED BLOCK", "# END ANSIBLE MANAGED BLOCK" + block: |2 # |n MEANS: Set the block's left edge n CHARACTERS TO THE RIGHT of *this line's* indentation -- where n is {1..9} -- instead of setting its left edge to the 1st non-blank line's indentation below. Also surround block with comment lines: "# BEGIN ANSIBLE MANAGED BLOCK", "# END ANSIBLE MANAGED BLOCK" AuthType Default Require user @SYSTEM diff --git a/roles/kolibri/tasks/nginx.yml b/roles/kolibri/tasks/enable-or-disable.yml similarity index 64% rename from roles/kolibri/tasks/nginx.yml rename to roles/kolibri/tasks/enable-or-disable.yml index 379339b68..8204b3aee 100644 --- a/roles/kolibri/tasks/nginx.yml +++ b/roles/kolibri/tasks/enable-or-disable.yml @@ -1,3 +1,19 @@ +- name: Enable & Start 'kolibri' systemd service, if kolibri_enabled + systemd: + name: kolibri + daemon_reload: yes + enabled: yes + state: started + when: kolibri_enabled + +- name: Disable & Stop 'kolibri' systemd service, if not kolibri_enabled + systemd: + name: kolibri + enabled: no + state: stopped + when: not kolibri_enabled + + - name: Enable http://box{{ kolibri_url }} via NGINX, by installing {{ nginx_conf_dir }}/kolibri-nginx.conf from template # http://box/kolibri template: src: kolibri-nginx.conf.j2 diff --git a/roles/kolibri/tasks/main.yml b/roles/kolibri/tasks/main.yml index aebecece9..680724179 100644 --- a/roles/kolibri/tasks/main.yml +++ b/roles/kolibri/tasks/main.yml @@ -29,23 +29,7 @@ when: kolibri_installed is undefined -- name: Enable & Start 'kolibri' systemd service, if kolibri_enabled - systemd: - name: kolibri - daemon_reload: yes - enabled: yes - state: started - when: kolibri_enabled - -- name: Disable & Stop 'kolibri' systemd service, if not kolibri_enabled - systemd: - name: kolibri - enabled: no - state: stopped - when: not kolibri_enabled - -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml +- include_tasks: enable-or-disable.yml - name: Add 'kolibri' variable values to {{ iiab_ini_file }} # /etc/iiab/iiab.ini diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 83877e92e..ae5587642 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -26,7 +26,6 @@ - name: Enable/Disable/Restart NGINX include_tasks: nginx.yml - when: nginx_enabled - name: Add 'nextcloud' variable values to {{ iiab_ini_file }} diff --git a/roles/nodered/defaults/main.yml b/roles/nodered/defaults/main.yml index f68a595d3..f7cf092a5 100644 --- a/roles/nodered/defaults/main.yml +++ b/roles/nodered/defaults/main.yml @@ -9,9 +9,10 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -nodered_user: Admin -nodered_password: changeme # REMOVE THIS PASSWORD REMINDER LINE AS NECESSARY -nodered_password_hash: $2b$08$oxgvoU9et3deSbXY8UNVTOWHSTQAyEASIal86RHVMqYQJhpPMNz7q +nodered_linux_user: nodered + +nodered_admin_user: Admin +nodered_admin_pwd_hash: $2b$08$oxgvoU9et3deSbXY8UNVTOWHSTQAyEASIal86RHVMqYQJhpPMNz7q # Password itself is "changeme" # TO GENERATE A NEW PASSWORD HASH, run 'node-red-admin hash-pw' and enter # the new password. Paste the resulting hash as above, but into your own: diff --git a/roles/nodered/tasks/apache.yml b/roles/nodered/tasks/apache.yml.unused similarity index 100% rename from roles/nodered/tasks/apache.yml rename to roles/nodered/tasks/apache.yml.unused diff --git a/roles/nodered/tasks/nginx.yml b/roles/nodered/tasks/enable-or-disable.yml similarity index 54% rename from roles/nodered/tasks/nginx.yml rename to roles/nodered/tasks/enable-or-disable.yml index e7affdab7..87a1c8d2a 100644 --- a/roles/nodered/tasks/nginx.yml +++ b/roles/nodered/tasks/enable-or-disable.yml @@ -1,3 +1,19 @@ +- name: Enable & (Re)start 'nodered' systemd service, if nodered_enabled + systemd: + name: nodered + daemon_reload: yes + enabled: yes + state: restarted + when: nodered_enabled + +- name: Disable & Stop 'nodered' systemd service, if not nodered_enabled + systemd: + name: nodered + enabled: no + state: stopped + when: not nodered_enabled + + - name: Enable http://box/nodered via NGINX, by installing {{ nginx_conf_dir }}/nodered-nginx.conf from template template: src: nodered-nginx.conf.j2 @@ -6,7 +22,7 @@ - name: Disable http://box/nodered via NGINX, by removing {{ nginx_conf_dir }}/nodered-nginx.conf file: - path: "{{ nginx_conf_dir }}/nodered-nginx.conf" # /etc/nginx/conf.d + path: "{{ nginx_conf_dir }}/nodered-nginx.conf" state: absent when: not nodered_enabled diff --git a/roles/nodered/tasks/group.yml b/roles/nodered/tasks/group.yml deleted file mode 100644 index ad4499023..000000000 --- a/roles/nodered/tasks/group.yml +++ /dev/null @@ -1,26 +0,0 @@ -- name: Ensure Linux group 'nodered' exists (if not rpi) - group: - name: nodered - state: present - -- name: Ensure Linux user 'nodered' exists and is added to group 'nodered' (if not rpi) - user: - name: nodered - group: nodered - -- name: Ensure directory /home/nodered/.node-red/ exists (if not rpi) - file: - path: /home/nodered/.node-red - state: directory - owner: nodered - group: nodered - mode: 0775 - -- name: Install /home/nodered/.node-red/settings.js from template, with authentication (if not rpi) - template: - backup: yes - src: settings.js.j2 - dest: /home/nodered/.node-red/settings.js - owner: nodered - group: nodered - mode: 0755 diff --git a/roles/nodered/tasks/install.yml b/roles/nodered/tasks/install.yml index 3c95f7408..7ee0a7d73 100644 --- a/roles/nodered/tasks/install.yml +++ b/roles/nodered/tasks/install.yml @@ -16,7 +16,7 @@ msg: "Node-RED install cannot proceed, as Node.js is not installed." when: nodejs_installed is undefined -# 2020-10-29: not really be nec as Node-RED supports recent Node.js versions +# 2020-10-29: not really nec as Node-RED supports recent Node.js versions #- name: FAIL (STOP THE INSTALL) IF 'nodejs_version != "12.x"' # fail: # msg: "Node-RED install cannot proceed, as it currently requires Node.js 12.x, whereas nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml, /etc/iiab/local_vars.yml, /opt/iiab/iiab/roles/nodejs, etc." @@ -36,7 +36,6 @@ package: name: nodered state: absent - when: nodered_install # 2019-02-13: the 6 RPi stanzas below recreate Raspbian Desktop's Node-RED # environment, inspired by: @@ -44,15 +43,22 @@ # https://github.com/node-red/raspbian-deb-package/blob/master/resources/update-nodejs-and-nodered # https://github.com/iiab/iiab/pull/1497 -- name: "Globally 'npm install' 3 Node-RED packages: node-red, node-red-admin, node-red-dashboard" - command: npm install -g --unsafe-perm node-red node-red-admin node-red-dashboard - #command: npm install -g --unsafe-perm node-red@latest node-red-admin@latest node-red-dashboard@latest - # Above "@latest" is recommended by https://nodered.org/docs/hardware/raspberrypi (SHOULD WE CONSIDER?) - when: nodered_install +# https://nodered.org/docs/user-guide/node-red-admin built in since Node-RED +# 1.1.0 (2020-06-30). Run it using: node-red admin +# If you install it separately, run: node-red-admin +# +#- name: "Globally 'npm install' 3 Node-RED packages: node-red, node-red-admin, node-red-dashboard" +- name: "Globally 'npm install' 2 Node-RED packages: node-red, node-red-dashboard" + #command: npm install -g --unsafe-perm node-red node-red-admin node-red-dashboard + command: npm install -g --unsafe-perm node-red@latest node-red-dashboard@latest + # Above "@latest" recommended by https://nodered.org/docs/hardware/raspberrypi back in 2019 -- name: "Globally 'npm install' 8 Node-RED learning examples for RPi: node-red-contrib-ibm-watson-iot, node-red-contrib-play-audio, node-red-node-ledborg, node-red-node-ping, node-red-node-pi-sense-hat, node-red-node-random, node-red-node-serialport, node-red-node-smooth" - command: npm install -g --unsafe-perm node-red-contrib-ibm-watson-iot node-red-contrib-play-audio node-red-node-ledborg node-red-node-ping node-red-node-pi-sense-hat node-red-node-random node-red-node-serialport node-red-node-smooth - when: nodered_install and is_raspbian +# 2022-06-08: New list copied from $EXTRANODES in https://github.com/node-red/linux-installers/blob/master/deb/update-nodejs-and-nodered +- name: "Globally 'npm install' 6 Node-RED learning examples IF Raspberry Pi hardware detected: node-red-node-pi-gpio, node-red-node-random, node-red-node-ping, node-red-contrib-play-audio, node-red-node-smooth, node-red-node-serialport" + #command: npm install -g --unsafe-perm node-red-contrib-ibm-watson-iot node-red-contrib-play-audio node-red-node-ledborg node-red-node-ping node-red-node-pi-sense-hat node-red-node-random node-red-node-serialport node-red-node-smooth + command: npm install -g --unsafe-perm node-red-node-pi-gpio@latest node-red-node-random@latest node-red-node-ping@latest node-red-contrib-play-audio@latest node-red-node-smooth@latest node-red-node-serialport@latest + #command: npm i --unsafe-perm --save --no-progress --no-update-notifier --no-audit --no-fund node-red-node-pi-gpio@latest node-red-node-random@latest node-red-node-ping@latest node-red-contrib-play-audio@latest node-red-node-smooth@latest node-red-node-serialport@latest 2>&1 + when: rpi_model != "none" ## To protect pre-installed packages within /usr/lib/node_modules in graphical ## desktop OS's like Raspbian Desktop & Ubermix, we now only install those that @@ -89,18 +95,39 @@ # creates: /usr/lib/node_modules/node-red-dashboard # when: nodered_install and internet_available -- include_tasks: group.yml - when: nodered_install and not is_raspbian +- include_tasks: settings.yml + #when: not is_raspbian -- include_tasks: rpi_desk.yml - when: nodered_install and is_raspbian +- include_tasks: os-integration.yml +#- include_tasks: rpi_desk.yml +# when: is_raspbian -- name: Install /etc/systemd/system/nodered.service systemd unit file from template - template: - backup: no - src: nodered.service.j2 +# 2022-06-08 OFFICIALLY RECOMMENDED /lib/systemd/system/nodered.service IS: +# https://github.com/node-red/linux-installers/blob/master/resources/nodered.service +# EXPLAINED AT https://nodered.org/docs/faq/customising-systemd-on-pi +# +# AS RECOMMENDED BY OFFICIAL INSTALLER SCRIPT: +# https://github.com/node-red/linux-installers/blob/master/deb/update-nodejs-and-nodered +# OFFICIAL INSTRUCTIONS: https://nodered.org/docs/getting-started/local +# https://nodered.org/docs/getting-started/raspberrypi +# +# Should /lib be considered instead of /etc ? +# - name: Install /etc/systemd/system/nodered.service systemd unit file from template +# template: +# src: nodered.service.j2 +# dest: /etc/systemd/system/nodered.service + +- name: Start by downloading https://github.com/node-red/linux-installers/blob/master/resources/nodered.service to /etc/systemd/system/nodered.service + get_url: + url: https://raw.githubusercontent.com/node-red/linux-installers/master/resources/nodered.service dest: /etc/systemd/system/nodered.service - # mode: '0666' + timeout: "{{ download_timeout }}" + +- name: Replace every '[=/]pi' with '[=/]{{ nodered_linux_user }}' (nodered_linux_user) in /etc/systemd/system/nodered.service + replace: + path: /etc/systemd/system/nodered.service + regexp: '([=/])pi' # e.g. nodered_linux_user: nodered + replace: '\1{{ nodered_linux_user }}' # \1 is a back-reference to above '=' or '/' -- like sed, but Ansible uses https://docs.python.org/3/library/re.html # SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml #- name: Enable proxy_wstunnel apache2 module diff --git a/roles/nodered/tasks/main.yml b/roles/nodered/tasks/main.yml index 2add807b2..2b5e3525b 100644 --- a/roles/nodered/tasks/main.yml +++ b/roles/nodered/tasks/main.yml @@ -24,23 +24,7 @@ when: nodered_installed is undefined -- name: Enable & (Re)start 'nodered' systemd service, if nodered_enabled - systemd: - name: nodered - daemon_reload: yes - enabled: yes - state: restarted - when: nodered_enabled - -- name: Disable & Stop 'nodered' systemd service, if not nodered_enabled - systemd: - name: nodered - enabled: no - state: stopped - when: not nodered_enabled - -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml +- include_tasks: enable-or-disable.yml - name: Add 'nodered' variable values to {{ iiab_ini_file }} diff --git a/roles/nodered/tasks/os-integration.yml b/roles/nodered/tasks/os-integration.yml new file mode 100644 index 000000000..c7b008da3 --- /dev/null +++ b/roles/nodered/tasks/os-integration.yml @@ -0,0 +1,68 @@ +# 2022-06-08: This file used to be rpi_desk.yml + +# 2022-06-09: Crucially, the 3 "dest" dirs (below) exist on all mainline OS's +- name: "Download 3 Node-RED enhancements: Node-RED icon, start menu item, /etc/logrotate.d/nodered" + get_url: + url: "{{ item.url }}" + dest: "{{ item.dest }}" + force: yes + timeout: "{{ download_timeout }}" + with_items: + - url: https://raw.githubusercontent.com/node-red/linux-installers/master/resources/node-red-icon.svg + dest: /usr/share/icons/hicolor/scalable/apps/node-red-icon.svg + - url: https://raw.githubusercontent.com/node-red/linux-installers/master/resources/Node-RED.desktop + dest: /usr/share/applications/Node-RED.desktop + - url: https://raw.githubusercontent.com/node-red/linux-installers/master/resources/nodered.rotate + dest: /etc/logrotate.d/nodered + # 2022-06-08: New versions above, pasted from https://github.com/node-red/linux-installers/blob/master/deb/update-nodejs-and-nodered + # - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-icon.svg + # dest: /usr/share/icons/hicolor/scalable/apps/node-red-icon.svg + # - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Node-RED.desktop + # dest: /usr/share/applications/Node-RED.desktop + # - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/nodered.rotate + # dest: /etc/logrotate.d/nodered + # - url: 'https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Pi%20cpu%20temperature.json' + # dest: '/usr/lib/node_modules/node-red-contrib-ibm-watson-iot/examples/Pi cpu temperature.json' + +#- name: Replace/Tweak "node-red-contrib-ibm-watson-iot/examples/Pi cpu temperature.json" (rpi) +# command: 'curl -sL -o /usr/lib/node_modules/node-red-contrib-ibm-watson-iot/examples/Pi\ cpu\ temperature.json https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Pi%20cpu%20temperature.json' +# when: nodered_install and internet_available and is_raspbian + +#- name: 'Download/Install 4 RPi executables to /usr/bin: node-red-start, node-red-stop, node-red-restart, node-red-log' +- name: 'Install 5 executables to /usr/bin: node-red-start, node-red-stop, node-red-restart, node-red-reload, node-red-log' + get_url: + url: "{{ item }}" + dest: /usr/bin + mode: a+x + force: yes + timeout: "{{ download_timeout }}" + with_items: + - https://raw.githubusercontent.com/node-red/linux-installers/master/resources/node-red-start + - https://raw.githubusercontent.com/node-red/linux-installers/master/resources/node-red-stop + - https://raw.githubusercontent.com/node-red/linux-installers/master/resources/node-red-restart + - https://raw.githubusercontent.com/node-red/linux-installers/master/resources/node-red-reload + - https://raw.githubusercontent.com/node-red/linux-installers/master/resources/node-red-log + # 2022-08-06: New versions above, pasted from https://github.com/node-red/linux-installers/blob/master/deb/update-nodejs-and-nodered + # - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-start + # - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-stop + # - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-restart + # - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-log + +# 2022-06-08 #3245: Raspberry Pi OS recently removed the 'pi' user. For now, +# until converging on a longer-term strategy, let's comment out both stanzas: + +# - name: Create /home/pi/.node-red/ directory (rpi) +# file: +# path: /home/pi/.node-red +# state: directory +# owner: pi +# group: pi +# mode: 0775 + +# - name: Install /home/pi/.node-red/settings.js from template, with authentication (rpi) +# template: +# src: settings.js.j2 +# dest: /home/pi/.node-red/settings.js +# owner: pi +# group: pi +# mode: 0755 diff --git a/roles/nodered/tasks/rpi_desk.yml b/roles/nodered/tasks/rpi_desk.yml deleted file mode 100644 index 1686994e8..000000000 --- a/roles/nodered/tasks/rpi_desk.yml +++ /dev/null @@ -1,50 +0,0 @@ -# TEST UNNEC ICON/MENU FILE PLACEMENT ON RASPIAN LITE TOO ! -- name: 'Download/Install 4 useful items for RPi: Node-RED icon, start menu item, /etc/logrotate.d/nodered, tweaked "Pi cpu temperature.json"' - get_url: - url: "{{ item.url }}" - dest: "{{ item.dest }}" - timeout: "{{ download_timeout }}" - with_items: - - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-icon.svg - dest: /usr/share/icons/hicolor/scalable/apps/node-red-icon.svg - - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Node-RED.desktop - dest: /usr/share/applications/Node-RED.desktop - - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/nodered.rotate - dest: /etc/logrotate.d/nodered - - url: 'https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Pi%20cpu%20temperature.json' - dest: '/usr/lib/node_modules/node-red-contrib-ibm-watson-iot/examples/Pi cpu temperature.json' - -#- name: Replace/Tweak "node-red-contrib-ibm-watson-iot/examples/Pi cpu temperature.json" (rpi) -# command: 'curl -sL -o /usr/lib/node_modules/node-red-contrib-ibm-watson-iot/examples/Pi\ cpu\ temperature.json https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Pi%20cpu%20temperature.json' -# when: nodered_install and internet_available and is_raspbian - -- name: 'Download/Install 4 RPi executables to /usr/bin: node-red-start, node-red-stop, node-red-restart, node-red-log' - get_url: - url: "{{ item }}" - dest: /usr/bin - mode: a+x - timeout: "{{ download_timeout }}" - with_items: - - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-start - - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-stop - - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-restart - - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-log - -# 2022-06-08 #3245: Raspberry Pi OS recently removed the 'pi' user. For now, -# until converging on a longer-term strategy, let's comment out both stanzas. - -# - name: Create /home/pi/.node-red/ directory (rpi) -# file: -# path: /home/pi/.node-red -# state: directory -# owner: pi -# group: pi -# mode: 0775 - -# - name: Install /home/pi/.node-red/settings.js from template, with authentication (rpi) -# template: -# src: settings.js.j2 -# dest: /home/pi/.node-red/settings.js -# owner: pi -# group: pi -# mode: 0755 diff --git a/roles/nodered/tasks/settings.yml b/roles/nodered/tasks/settings.yml new file mode 100644 index 000000000..22b2f33a6 --- /dev/null +++ b/roles/nodered/tasks/settings.yml @@ -0,0 +1,114 @@ +# 2022-06-09: This file used to be group.yml + +- name: Ensure Linux group '{{ nodered_linux_user }}' exists + group: + name: "{{ nodered_linux_user }}" + state: present + +- name: Ensure nodered_linux_user '{{ nodered_linux_user }}' exists and is added to group '{{ nodered_linux_user }}' + user: + name: "{{ nodered_linux_user }}" + group: "{{ nodered_linux_user }}" # Primary group + +- name: Ensure directory /home/{{ nodered_linux_user }}/.node-red/ exists + file: + path: /home/{{ nodered_linux_user }}/.node-red + state: directory + owner: "{{ nodered_linux_user }}" + group: "{{ nodered_linux_user }}" + mode: 0775 + + +# - name: Install /home/{{ nodered_linux_user }}/.node-red/settings.js from template, with authentication +# template: +# backup: yes +# src: settings.js.j2 +# dest: /home/{{ nodered_linux_user }}/.node-red/settings.js +# owner: "{{ nodered_linux_user }}" +# group: "{{ nodered_linux_user }}" +# mode: 0755 + +# 2022-06-08 some alternative options arising from official installer +# https://github.com/node-red/linux-installers/blob/master/deb/update-nodejs-and-nodered +# +# 1) User {{ nodered_linux_user }} run 'node-red admin init' to create /home/{{ NODERED_LINUX_USER }}/.node-red/settings.js +# 2) Copy /usr/lib/node_modules/node-red/settings.js to /home/{{ NODERED_LINUX_USER }}/.node-red/settings.js +# 3) https://github.com/node-red/node-red/blob/master/packages/node_modules/node-red/settings.js +# +# Approach 1) (THEIR VERY INTERACTIVE SCRIPT) can't be automated like this: +#- name: Run 'node-red admin init' as user '{{ nodered_linux_user }}' to create /home/{{ nodered_linux_user }}/.node-red/settings.js +# command: runuser -u {{ nodered_linux_user }} node-red admin init + +- name: Copy /usr/lib/node_modules/node-red/settings.js to /home/{{ nodered_linux_user }}/.node-red/settings.js + copy: + remote_src: yes + src: /usr/lib/node_modules/node-red/settings.js + dest: /home/{{ nodered_linux_user }}/.node-red/settings.js + owner: "{{ nodered_linux_user }}" + group: "{{ nodered_linux_user }}" + #mode: preserve # Implied (and required) w/ remote_src, since Ansible 2.6 + + +- name: Splice username and password into /home/{{ nodered_linux_user }}/.node-red/settings.js + blockinfile: + path: /home/{{ nodered_linux_user }}/.node-red/settings.js + block: |2 # |n MEANS: Set the block's left edge n CHARACTERS TO THE RIGHT of *this line's* indentation -- where n is {1..9} -- instead of setting its left edge to the 1st non-blank line's indentation below + adminAuth: { + type: "credentials", + users: [{ + username: "{{ nodered_admin_user }}", + password: "{{ nodered_admin_pwd_hash }}", + permissions: "*" + }] + }, + marker: "// {mark} ANSIBLE MANAGED BLOCK" # Surround block with comment lines: "// BEGIN ANSIBLE MANAGED BLOCK", "// END ANSIBLE MANAGED BLOCK" + insertafter: '^module.exports = {$' + #insertbefore: '^}$' + +# 2022-06-09: IF ABOVE SNIPPET ALREADY EXISTS *UNCOMMENTED* IN settings.js +# *WITHOUT* ANSIBLE MARKERS, THESE WOULD BE NEEDED INSTEAD OF blockinfile: + +# - name: Splice 'username: "{{ nodered_admin_user }}",' into /home/{{ nodered_linux_user }}/.node-red/settings.js +# lineinfile: +# path: /home/{{ nodered_linux_user }}/.node-red/settings.js +# regexp: 'username:' +# line: ' username: "{{ nodered_admin_user }}",' + +# - name: Splice 'password: "{{ nodered_admin_pwd_hash }}",' into /home/{{ nodered_linux_user }}/.node-red/settings.js +# lineinfile: +# path: /home/{{ nodered_linux_user }}/.node-red/settings.js +# regexp: 'password:' +# line: ' password: "{{ nodered_admin_pwd_hash }}",' + + +# 2022-06-09: httpRoot might be going away? Increasingly hidden from +# settings.js which used to say: "property can be used in place of +# 'httpAdminRoot' and 'httpNodeRoot', to apply the same root to both parts." +# +# "httpRoot sets the root url for both admin and node endpoints. +# It overrides the values set by httpAdminRoot and httpNodeRoot" +# https://nodered.org/docs/user-guide/runtime/configuration +# +# - name: Splice "httpRoot: '/{{ nodered_web_path }}'," into /home/{{ nodered_linux_user }}/.node-red/settings.js +# lineinfile: +# path: /home/{{ nodered_linux_user }}/.node-red/settings.js +# regexp: '^\s*httpRoot:' +# line: " httpRoot: '/{{ nodered_web_path }}'," +# insertafter: '^module.exports = {$' +# #insertbefore: '^}$' + +- name: 'Splice "httpNodeRoot: ''/{{ nodered_web_path }}''," into /home/{{ nodered_linux_user }}/.node-red/settings.js' + lineinfile: + path: /home/{{ nodered_linux_user }}/.node-red/settings.js + regexp: '^\s*httpNodeRoot:' + line: " httpNodeRoot: '/{{ nodered_web_path }}'," + insertafter: '^module.exports = {$' + #insertbefore: '^}$' + +- name: 'Splice "httpAdminRoot: ''/{{ nodered_web_path }}''," into /home/{{ nodered_linux_user }}/.node-red/settings.js' + lineinfile: + path: /home/{{ nodered_linux_user }}/.node-red/settings.js + regexp: '^\s*httpAdminRoot:' + line: " httpAdminRoot: '/{{ nodered_web_path }}'," + insertafter: '^module.exports = {$' + #insertbefore: '^}$' diff --git a/roles/nodered/templates/nodered.service.j2 b/roles/nodered/templates/nodered.service.j2.unused similarity index 100% rename from roles/nodered/templates/nodered.service.j2 rename to roles/nodered/templates/nodered.service.j2.unused diff --git a/roles/nodered/templates/settings.js.j2 b/roles/nodered/templates/settings.js.j2.unused similarity index 99% rename from roles/nodered/templates/settings.js.j2 rename to roles/nodered/templates/settings.js.j2.unused index 50923671c..c484a4bcb 100644 --- a/roles/nodered/templates/settings.js.j2 +++ b/roles/nodered/templates/settings.js.j2.unused @@ -118,8 +118,8 @@ module.exports = { adminAuth: { type: "credentials", users: [{ - username: "{{ nodered_user }}", - password: "{{ nodered_password_hash }}", + username: "{{ nodered_admin_user }}", + password: "{{ nodered_admin_pwd_hash }}", permissions: "*" }] }, diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 69d6eaf86..bbe5287d9 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -190,11 +190,11 @@ - name: "FreePBX - Populate /etc/asterisk/freepbx_chown.conf to prevent 'fwconsole chown' takeover of /var/lib/php/sessions" # And possibly later /etc/freepbx.conf, /var/log/asterisk/freepbx.log, /var/spool/asterisk/cache blockinfile: - content: | + path: /etc/asterisk/freepbx_chown.conf + block: | [blacklist] directory = /var/lib/php/sessions marker: "; {mark} ANSIBLE MANAGED BLOCK" - dest: /etc/asterisk/freepbx_chown.conf owner: asterisk group: asterisk create: yes diff --git a/roles/sugarizer/tasks/main2.yml b/roles/sugarizer/tasks/main2.yml index 88aa786f8..5a719e233 100644 --- a/roles/sugarizer/tasks/main2.yml +++ b/roles/sugarizer/tasks/main2.yml @@ -3,8 +3,7 @@ when: sugarizer_installed is undefined -- name: Enable/Disable/Restart NGINX - include_tasks: enable-or-disable.yml +- include_tasks: enable-or-disable.yml - name: Add 'sugarizer' variable values to {{ iiab_ini_file }}