external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Compare commits

base: external:master
Branches Tags
external:master
external:release-8.2
external:release-8.1
external:release-8.0
external:release-7.2
external:release-7.1
external:release-7.0
external:release-6.7
external:release-6.6
external:release-6.5
external:release-6.4
external:release-6.3
external:release-8.2
external:release-8.1
external:8.1-preview-3
external:8.1-preview-2
external:8.1-preview-1
external:release-8.0
external:8.0-preview-4
external:8.0-preview-3
external:8.0-preview-2
external:8.0-preview-1
external:8.0-beta-2
external:8.0-beta-1
external:release-7.2
external:7.2-preview-3
external:7.2-preview-2
external:7.2-preview-1
external:7.2-RC3
external:7.2-RC2
external:7.2-RC1
external:7.1.5-premap
external:release-7.1
external:7.1-RC4
external:7.1-RC3
external:7.1-RC2
external:7.1-RC1
external:7.1-preview-4
external:7.1-preview-3
external:7.1-preview-2
external:7.1-preview-1
external:v7.0.9
external:release-7.0
external:7.0-RC2
external:7.0-RC1
external:7.0-preview-3
external:7.0-preview-2
external:7.0-preview-1
external:release-6.7
external:6.7-RC2
external:6.7-RC1
external:6.7-preview-2
external:6.7-preview-1
external:release-6.6
external:6.6-RC4
external:6.6-RC3
external:6.6-RC2
external:6.6-RC1
external:6.6-preview-6
external:6.6-preview-5
external:6.6-preview-4
external:6.6-preview-3
external:6.6-preview-2
external:6.6-preview-1
external:release-6.5
external:6.5-RC6
external:6.5-RC5
external:6.5-RC4
external:6.5-RC3
external:6.5-RC2
external:6.5-RC1
external:6.5-preview-15
external:6.5-preview-14
external:6.5-preview-13
external:6.5-preview-12
external:6.5-preview-11
external:6.5-preview-10
external:6.5-preview-9
external:6.5-preview-8
external:6.5-preview-7
external:6.5-preview-6
external:6.5-preview-5
external:6.5-preview-4
external:6.5-preview-3
external:6.5-preview-2
external:6.5-preview-1
external:release-6.4
external:6.4-RC9
external:6.4-RC8
external:6.4-RC7
external:6.4-RC6
external:6.4-RC5
external:6.4-RC4
external:6.4-RC3
external:6.4-RC2
external:6.4-RC1
external:release-6.3
..
compare: external:8.1-preview-3
Branches Tags
external:master
external:release-8.2
external:release-8.1
external:release-8.0
external:release-7.2
external:release-7.1
external:release-7.0
external:release-6.7
external:release-6.6
external:release-6.5
external:release-6.4
external:release-6.3
external:release-8.2
external:release-8.1
external:8.1-preview-3
external:8.1-preview-2
external:8.1-preview-1
external:release-8.0
external:8.0-preview-4
external:8.0-preview-3
external:8.0-preview-2
external:8.0-preview-1
external:8.0-beta-2
external:8.0-beta-1
external:release-7.2
external:7.2-preview-3
external:7.2-preview-2
external:7.2-preview-1
external:7.2-RC3
external:7.2-RC2
external:7.2-RC1
external:7.1.5-premap
external:release-7.1
external:7.1-RC4
external:7.1-RC3
external:7.1-RC2
external:7.1-RC1
external:7.1-preview-4
external:7.1-preview-3
external:7.1-preview-2
external:7.1-preview-1
external:v7.0.9
external:release-7.0
external:7.0-RC2
external:7.0-RC1
external:7.0-preview-3
external:7.0-preview-2
external:7.0-preview-1
external:release-6.7
external:6.7-RC2
external:6.7-RC1
external:6.7-preview-2
external:6.7-preview-1
external:release-6.6
external:6.6-RC4
external:6.6-RC3
external:6.6-RC2
external:6.6-RC1
external:6.6-preview-6
external:6.6-preview-5
external:6.6-preview-4
external:6.6-preview-3
external:6.6-preview-2
external:6.6-preview-1
external:release-6.5
external:6.5-RC6
external:6.5-RC5
external:6.5-RC4
external:6.5-RC3
external:6.5-RC2
external:6.5-RC1
external:6.5-preview-15
external:6.5-preview-14
external:6.5-preview-13
external:6.5-preview-12
external:6.5-preview-11
external:6.5-preview-10
external:6.5-preview-9
external:6.5-preview-8
external:6.5-preview-7
external:6.5-preview-6
external:6.5-preview-5
external:6.5-preview-4
external:6.5-preview-3
external:6.5-preview-2
external:6.5-preview-1
external:release-6.4
external:6.4-RC9
external:6.4-RC8
external:6.4-RC7
external:6.4-RC6
external:6.4-RC5
external:6.4-RC4
external:6.4-RC3
external:6.4-RC2
external:6.4-RC1
external:release-6.3

No commits in common. "master" and "8.1-preview-3" have entirely different histories.
master ... 8.1-previe

170 changed files with 827 additions and 2448 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.github/workflows/10min-iiab-test-install.yml vendored
View file

@ -1,4 +1,4 @@
name: '"10 min" IIAB on Ubuntu 24.04 on x86-64'
name: '"10 min" IIAB test install'
# run-name: ${{ github.actor }} is testing out GitHub Actions 🚀
# https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html
@ -18,7 +18,7 @@ on: [push, pull_request, workflow_dispatch]
jobs:
test-install:
runs-on: ubuntu-24.04
runs-on: ubuntu-latest
steps:
- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
- run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
@ -27,7 +27,7 @@ jobs:
# GITHUB_CONTEXT: ${{ toJSON(github) }}
# run: echo "$GITHUB_CONTEXT"
- name: Check out repository code
uses: actions/checkout@v4
uses: actions/checkout@v3.1.0
- run: echo "🍏 This job's status is ${{ job.status }}."
- name: GitHub Actions "runner" environment
run: |

4
.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml vendored
View file

@ -1,4 +1,4 @@
name: '"30 min" IIAB on Debian 12 on RPi 3'
name: '"30 min" IIAB test install deb12 on rpi3'
# run-name: ${{ github.actor }} is testing out GitHub Actions 🚀
# https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html
@ -18,7 +18,7 @@ on: [push, pull_request, workflow_dispatch]
jobs:
test-install:
runs-on: ubuntu-22.04
runs-on: ubuntu-latest
strategy:
matrix:
arch: [debian12]

16
.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml → .github/workflows/30min-iiab-test-install-raspios.yml vendored
View file

@ -1,4 +1,4 @@
name: '"30 min" IIAB on RasPiOS on Zero 2 W'
name: '"30 min" IIAB test install raspios'
# run-name: ${{ github.actor }} is testing out GitHub Actions 🚀
# https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/ci-cd/github-actions/triggers.html
@ -18,7 +18,7 @@ on: [push, pull_request, workflow_dispatch]
jobs:
test-install:
runs-on: ubuntu-22.04
runs-on: ubuntu-latest
strategy:
matrix:
arch: [aarch64] #[zero_raspbian, zero_raspios, zero2_raspios, aarch64]
@ -65,13 +65,13 @@ jobs:
uname -a # uname -srm
whoami # Typically 'root' instead of 'runner'
pwd # /home/runner/work/iiab/iiab == $GITHUB_WORKSPACE == ${{ github.workspace }}
apt-get update -y --allow-releaseinfo-change
apt-get install --no-install-recommends -y git
sudo apt-get update -y --allow-releaseinfo-change
sudo apt-get install --no-install-recommends -y git
ls /opt/iiab/iiab
mkdir /etc/iiab
cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml
/opt/iiab/iiab/scripts/ansible
./iiab-install
sudo mkdir /etc/iiab
sudo cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml
sudo /opt/iiab/iiab/scripts/ansible
sudo ./iiab-install
cd /opt/iiab/iiab
iiab-summary
cat /etc/iiab/iiab_state.yml

2
CONTRIBUTING.md
View file

@ -1,3 +1,3 @@
# SEE THE NEW<br>[github.com/iiab/iiab/wiki/Contributors-Guide-(EN)](https://github.com/iiab/iiab/wiki/Contributors-Guide-(EN))
# SEE THE NEW<br>[github.com/iiab/iiab/wiki/Technical-Contributors-Guide](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide)
# THANKS!

2
LICENSING.md
View file

@ -15,6 +15,6 @@ this is to include the following two lines at the top of the file:
Licensed under the terms of the GNU GPL v2 or later; see LICENSE for details.
All files not containing an explicit copyright notice or terms of license in
the file are Copyright © 2015-2025, Unleash Kids, and are licensed under the
the file are Copyright © 2015-2022, Unleash Kids, and are licensed under the
terms of the GPLv2 license in the file named LICENSE in the root of the
repository.

6
README.md
View file

@ -9,7 +9,7 @@ You can build your own tiny, affordable server (an offline digital library) for
Internet-in-a-Box gives you the DIY tools to:
1. Download then drag-and-drop to arrange the [very best of the Worlds Free Knowledge](https://internet-in-a-box.org/#quality-content).
2. Choose among [30+ powerful educational apps](https://wiki.iiab.io/go/FAQ#What_services_%28IIAB_apps%29_are_suggested_during_installation%3F) for your school or learning/teaching community, optionally with a complete LMS (learning management system).
2. Choose among [30+ powerful educational apps](https://wiki.iiab.io/go/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation%3F) for your school or learning/teaching community, optionally with a complete LMS (learning management system).
3. Exchange local/indigenous knowledge with nearby communities, using our [Manage Content](https://github.com/iiab/iiab-admin-console/blob/master/roles/console/files/help/InstContent.rst#manage-content) interface and possible mesh networking.
FYI this [community product](https://en.wikipedia.org/wiki/Internet-in-a-Box) is enabled by professional volunteers working [side-by-side](https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support%3F) with schools, clinics and libraries around the world. *Thank you for being a part of our http://OFF.NETWORK grassroots technology [movement](https://meta.wikimedia.org/wiki/Internet-in-a-Box)!*
@ -18,7 +18,7 @@ FYI this [community product](https://en.wikipedia.org/wiki/Internet-in-a-Box) is
Install Internet-in-a-Box (IIAB) from: [**download.iiab.io**](https://download.iiab.io/)
Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 50+ questions and answers to help you along the way (e.g. [“Is a quick installation possible?”](https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible%3F)) as you put together the <!--digital--> “local learning hotspot” most suitable for your own teaching/learning community. Here are 2 ways to install IIAB:
Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way (e.g. [“Is a quick installation possible?”](https://wiki.iiab.io/go/FAQ#Is_a_quick_installation_possible%3F)) as you put together the <!--digital--> “local learning hotspot” most suitable for your own teaching/learning community. Here are 2 ways to install IIAB:
- Our [1-line installer](https://download.iiab.io/) gets you the very latest, typically within about an hour, on [different Linux distributions](https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems).
- [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images-~-Summary#iiab-images-for-raspberry-pi) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi.
@ -35,7 +35,7 @@ Finally, you can [customize your Internet-in-a-Box home page](https://wiki.iiab.
Global community updates and videos are regularly posted to: **[@internet_in_box](https://twitter.com/internet_in_box)**
_Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Contributors-Guide-(EN)) ([versión en español](https://github.com/iiab/iiab/wiki/Gu%C3%ADa-para-Contribuidores-(ES))) of all kinds!_
_Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) of all kinds!_
If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over [“How can I help?”](https://wiki.iiab.io/go/FAQ#How_can_I_help%3F) at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ)

2
ansible.cfg
View file

@ -5,4 +5,4 @@
# Disallowed by Ansible 2.11+ -- see https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.7.html#using-a-loop-on-a-package-module-via-squash-actions
#squash_actions = apk, apt, dnf, homebrew, openbsd_pkg, pacman, pkgng, yum, zypper, package
[defaults]
interpreter_python=/usr/local/ansible/bin/python3
interpreter_python=/usr/bin/python3

2
iiab-install
View file

@ -11,7 +11,7 @@ CWD=`pwd`
OS=`grep ^ID= /etc/os-release | cut -d= -f2`
OS=${OS//\"/} # Remove all '"'
MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993
MIN_ANSIBLE_VER=2.16.14 # 2024-11-08: ansible-core 2.15 EOL is November 2024 per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB.
MIN_ANSIBLE_VER=2.13.12 # 2023-05-22: ansible-core 2.12 EOL per https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix 2022-11-09: Raspberry Pi 3 (and 3 B+ etc?) apparently install (and require?) ansible-core 2.11 for now -- @deldesir can explain more on PR #3419. Historical: Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB.
REINSTALL=false
DEBUG=false

2
iiab-network
View file

@ -42,7 +42,7 @@ fi
echo "Ansible will now run iiab-network.yml -- log file is iiab-network.log"
Start=`date`
ansible -m setup -i ansible_hosts localhost --connection=local | grep python
ansible-playbook -i ansible_hosts iiab-network.yml --extra-vars "{\"skip_role_on_error\":false}" --connection=local
ansible-playbook -i ansible_hosts iiab-network.yml --connection=local
End=`date`

2
roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml
View file

@ -8,7 +8,7 @@
# apache_interface: 127.0.0.1
# Make this False to disable http://box/common/services/power_off.php button:
# allow_www_data_poweroff: False
# apache_allow_sudo: True
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!

11
roles/0-init/tasks/main.yml
View file

@ -34,23 +34,14 @@
# Copies the latest/known version of iiab-diagnostics into /usr/bin (so it can
# be run even if local source tree /opt/iiab/iiab is deleted to conserve disk).
- name: Copy iiab-update & iiab-summary & iiab-diagnostics & iiab-root-login from /opt/iiab/iiab/scripts/ to /usr/bin/
- name: Copy iiab-summary & iiab-diagnostics from /opt/iiab/iiab/scripts/ to /usr/bin/
copy:
src: "{{ iiab_dir }}/scripts/{{ item }}"
dest: /usr/bin/
mode: '0755'
with_items:
- iiab-update
- iiab-summary
- iiab-diagnostics
- iiab-root-login
- name: Symlink /usr/bin/iiab-upgrade -> /usr/bin/iiab-update
file:
src: /usr/bin/iiab-update
path: /usr/bin/iiab-upgrade
state: link
#force: yes
- name: Create globally-writable directory /etc/iiab/diag (0777) so non-root users can run 'iiab-diagnostics'
file:

51
roles/0-init/tasks/validate_vars.yml
View file

@ -64,19 +64,19 @@
# 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc
- name: Set vars_checklist for 45 + 45 + 40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked
- name: Set vars_checklist for 44 + 44 + 40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked
set_fact:
vars_checklist:
- hostapd
- dnsmasq
- bluetooth
- sshd
#- openvpn # Deprecated
- tailscale
- openvpn
- remoteit
- admin_console
#- nginx # MANDATORY
#- apache # Unmaintained - former dependency
#- mysql # MANDATORY
- squid
- cups
- samba
@ -85,7 +85,6 @@
- gitea
- jupyterhub
- lokole
- mysql # Dependency - excluded from _installed check below
- mediawiki
- mosquitto
- nodejs # Dependency - excluded from _installed check below
@ -156,41 +155,23 @@
that: "{{ item }}_install or {{ item }}_installed is undefined"
fail_msg: "DISALLOWED: '{{ item }}_install: False' (e.g. in /etc/iiab/local_vars.yml) WHEN '{{ item }}_installed' is defined (e.g. in /etc/iiab/iiab_state.yml) -- IIAB DOES NOT SUPPORT UNINSTALLS -- please verify those 2 files especially, and other places variables are defined?"
quiet: yes
when: item != 'mysql' and item != 'postgresql' and item != 'mongodb' and item != 'nodejs' and item != 'yarn' # Exclude auto-installed dependencies
when: item != 'nodejs' and item != 'postgresql' and item != 'mongodb' and item != 'yarn' # Exclude auto-installed dependencies
loop: "{{ vars_checklist }}"
- name: Set vars_deprecated_list for 4+ vars ("XYZ_install") to be checked
set_fact:
vars_deprecated_list:
- dhcpd # Deprecated
- named # Deprecated
- wondershaper # Deprecated
- dansguardian # Deprecated
#- xo_services # Unmaintained
#- activity_server # Unmaintained
#- ejabberd_xs # Unmaintained
#- idmgr # Unmaintained
#- dokuwiki # Unmaintained
#- ejabberd # Unmaintained
#- elgg # Unmaintained
- name: 'DISALLOW "XYZ_install: True" if deprecated'
assert:
that: "{{ item }}_install is undefined or not {{ item }}_install"
fail_msg: "DISALLOWED: '{{ item }}_install: True' (e.g. in /etc/iiab/local_vars.yml)"
quiet: yes
loop: "{{ vars_deprecated_list }}"
# 2023-12-04: ansible-core 2.16.1 suddenly no longer allows 'assert' with
# 'with_items' below (whereas 'loop' construct above works!) BACKGROUND:
#
# 'due to mitigation of security issue CVE-2023-5764 in ansible-core 2.16.1,
# conditional expressions with embedded template blocks can fail with the
# message “Conditional is marked as unsafe, and cannot be evaluated.”'
# https://docs.ansible.com/ansible-core/2.16/porting_guides/porting_guide_core_2.16.html#playbook
#
# with_items:
# - dhcpd # Deprecated
# - named # Deprecated
# - wondershaper # Deprecated
# - dansguardian # Deprecated
with_items:
- dhcpd # Deprecated
- named # Deprecated
- wondershaper # Deprecated
- dansguardian # Deprecated
#- xo_services # Unmaintained
#- activity_server # Unmaintained
#- ejabberd_xs # Unmaintained
#- idmgr # Unmaintained
#- dokuwiki # Unmaintained
#- ejabberd # Unmaintained
#- elgg # Unmaintained

2
roles/1-prep/README.adoc
View file

@ -6,7 +6,7 @@ https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible[stage]
hardware, low-level OS quirks, and basic security:
* SSHD
* Tailscale if/as needed later for remote support
* OpenVPN if/as needed later for remote support
* https://github.com/iiab/iiab/tree/master/roles/iiab-admin#iiab-admin-readme[iiab-admin]
username and group, to log into Admin Console
* dnsmasq (install now, configure later!)

23
roles/1-prep/tasks/hardware.yml
View file

@ -7,18 +7,17 @@
when: first_run and rpi_model != "none"
# 2024-02-09: Code below appears stale for Shanti's #3707 hardware
#- name: Check if the identifier for Intel's NUC6 built-in WiFi is present
# shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'"
# register: usb_NUC6
# ignore_errors: True
#
#- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6
# get_url:
# url: "{{ iiab_download_url }}/Old/iwlwifi-8000C-13.ucode" # https://download.iiab.io/packages
# dest: /lib/firmware
# timeout: "{{ download_timeout }}"
# when: usb_NUC6.stdout|int > 0
- name: Check if the identifier for Intel's NUC6 built-in WiFi is present
shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'"
register: usb_NUC6
ignore_errors: True
- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6
get_url:
url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode" # https://download.iiab.io/packages
dest: /lib/firmware
timeout: "{{ download_timeout }}"
when: usb_NUC6.stdout|int > 0
- name: "Look for any WiFi devices present: ls -la /sys/class/net/*/phy80211 | cut -d/ -f5"

10
roles/1-prep/tasks/main.yml
View file

@ -3,22 +3,22 @@
- name: ...IS BEGINNING ============================================
meta: noop
- name: SSHD
- name: SSHD -- required by OpenVPN below -- also run by roles/4-server-options/tasks/main.yml
include_role:
name: sshd
when: sshd_install
- name: TAILSCALE (VPN)
- name: OPENVPN
include_role:
name: tailscale
when: tailscale_install
name: openvpn
when: openvpn_install
- name: REMOTE.IT
include_role:
name: remoteit
when: remoteit_install
- name: IIAB-ADMIN -- includes {lynx, screen, sudo-prereqs.yml, admin-user.yml, pwd-warnings.yml}
- name: IIAB-ADMIN -- includes roles/iiab-admin/tasks/access.yml
include_role:
name: iiab-admin
#when: iiab_admin_install # Flag might be created in future?

13
roles/1-prep/templates/iiab-expand-rootfs
View file

@ -8,21 +8,12 @@
# Verifies that rootfs is the last partition.
# RELATED:
# 1. https://github.com/iiab/iiab-factory/blob/master/box/rpi/min-sd
# 2. https://github.com/iiab/iiab-factory/blob/master/box/rpi/cp-sd
# 3. https://github.com/iiab/iiab-factory/blob/master/box/rpi/xz-json-sd
# OR https://github.com/iiab/iiab-factory/blob/master/box/rpi/exp-sd
if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then
echo "$0: Expanding rootfs partition"
if [ -x /usr/bin/raspi-config ]; then # Raspberry Pi OS -- WARNING: their fdisk-centric approach of course FAILS with "Hybrid MBR" or GPT partition tables, as required by any drive > 2TB :/
if [ -x /usr/bin/raspi-config ]; then # Raspberry Pi OS
# 2022-02-17: Uses do_expand_rootfs() from:
# https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config
# 2023-10-05: Official new RPi instructions:
# sudo raspi-config nonint do_expand_rootfs
# https://www.raspberrypi.com/documentation/computers/configuration.html#expand-filesystem-nonint
raspi-config --expand-rootfs # REQUIRES A REBOOT
rm -f /.expand-rootfs /.resize-rootfs
reboot # In future, we might warn interactive users that a reboot is coming?
@ -41,7 +32,7 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then
fi
# Expand partition
growpart $ROOT_DEV $ROOT_PART_NUM || true # raspi-config instead uses fdisk (assuming MBR). They really should transition to gdisk, as required by any drive > 2TB. WARNING: growpart RC 2 is more severe than RC 1, and should possibly be handled separately in future?
growpart $ROOT_DEV $ROOT_PART_NUM || true # raspi-config instead uses fdisk. WARNING: growpart RC 2 is more severe than RC 1, and should possibly be handled separately in future?
rc=$? # Make Return Code visible, for 'bash -x'
resize2fs $ROOT_PART
rc=$? # Make RC visible (as above)

1
roles/2-common/tasks/packages.yml
View file

@ -29,6 +29,7 @@
- rsync # 351kB download: RasPiOS installs this regardless
#- screen # 551kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml
- sqlite3 # 1054kB download
#- sudo # 991kB download: RasPiOS installs this regardless -- (2) Can also be installed by roles/1-prep's roles/openvpn/tasks/install.yml, (3) Is definitely installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml
- tar # 799kB download: RasPiOS installs this regardless
- unzip # 151kB download: RasPiOS installs this regardless
#- usbmount # 18kB download: Moved to roles/usb_lib/tasks/install.yml

13
roles/3-base-server/README.rst
View file

@ -1,21 +1,10 @@
.. |ss| raw:: html
<strike>
.. |se| raw:: html
</strike>
.. |nbsp| unicode:: 0xA0
:trim:
====================
3-base-server README
====================
This 3rd `stage <https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible>`_ installs base server infra that `Internet-in-a-Box (IIAB) <https://internet-in-a-box.org/>`_ requires, including:
- |ss| `MySQL <https://github.com/iiab/iiab/blob/master/roles/mysql>`_ (database underlying many/most user-facing apps). |se| |nbsp| *As of 2023-11-05, MySQL / MariaDB is NO LONGER INSTALLED by 3-base-server — instead it's installed on-demand — as a dependency of Matomo, MediaWiki, Nextcloud, PBX (for FreePBX), WordPress &/or Admin Console.* This IIAB role (roles/mysql) also installs apt package:
- `MySQL <https://github.com/iiab/iiab/blob/master/roles/mysql>`_ (database underlying many/most user-facing apps). This IIAB role also installs apt package:
- **php{{ php_version }}-mysql** — which forcibly installs **php{{ php_version }}-common**
- `NGINX <https://github.com/iiab/iiab/blob/master/roles/nginx>`_ web server (with Apache in some lingering cases). This IIAB role also installs apt package:
- **php{{ php_version }}-fpm** — which forcibly installs **php{{ php_version }}-cli**, **php{{ php_version }}-common** and **libsodium23**

11
roles/3-base-server/tasks/main.yml
View file

@ -3,13 +3,10 @@
- name: ...IS BEGINNING =====================================
meta: noop
# 2023-11-05: MySQL (actually MariaDB) had been mandatory, installed on every
# IIAB by 3-base-server. Now installed on demand -- as a dependency of Matomo,
# MediaWiki, Nextcloud, PBX (for FreePBX), WordPress &/or Admin Console.
# - name: MYSQL + CORE PHP
# include_role:
# name: mysql
# #when: mysql_install
- name: MYSQL + CORE PHP
include_role:
name: mysql
#when: mysql_install
# 2021-05-21: Apache role 'httpd' is installed as nec by any of these 6 roles:
#

5
roles/4-server-options/tasks/main.yml
View file

@ -19,6 +19,11 @@
#when: pylibs_installed is undefined
#when: pylibs_install # Flag might be created in future?
- name: SSHD -- also run by roles/1-prep/tasks/main.yml as required by OpenVPN
include_role:
name: sshd
when: sshd_install
- name: Install Bluetooth - only on Raspberry Pi
include_role:
name: bluetooth

3
roles/7-edu-apps/tasks/main.yml
View file

@ -6,13 +6,12 @@
- name: KALITE
include_role:
name: kalite
when: kalite_install and (is_ubuntu_2204 or is_ubuntu_2310 or is_debian_12) # Also covers is_linuxmint_21 and is_raspbian_12
when: kalite_install
- name: KOLIBRI
include_role:
name: kolibri
when: kolibri_install
#when: kolibri_install and python_version is version('3.12', '<') # Debian 13 still uses Python 3.11 (for now!) so really this just avoids Ubuntu 24.04 and 24.10 pre-releases during initial iiab-install. CLARIF: This is all TEMPORARY until learningequality/kolibri#11316 brings Python 3.12 support to Kolibri 0.17 pre-releases (expected very soon).
- name: KIWIX
include_role:

7
roles/8-mgmt-tools/tasks/main.yml
View file

@ -6,7 +6,7 @@
- name: TRANSMISSION
include_role:
name: transmission
when: transmission_install and not (is_ubuntu_2404 or is_ubuntu_2410 or is_ubuntu_2504) # Also excludes is_linuxmint_22, for #3756 (whereas Debian 13 works great!)
when: transmission_install
- name: AWSTATS
include_role:
@ -23,6 +23,11 @@
name: monit
when: monit_install
- name: MUNIN
include_role:
name: munin
when: munin_install
- name: PHPMYADMIN
include_role:
name: phpmyadmin

40
roles/9-local-addons/tasks/main.yml
View file

@ -14,23 +14,10 @@
name: captiveportal
when: captiveportal_install
# WARNING: Since March 2023, 32-bit RasPiOS can act as 64-bit on RPi 4 and
# RPi 400 (unlike RPi 3!) SEE: https://github.com/iiab/iiab/pull/3516
- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NO LONGER enough!)
command: dpkg --print-architecture
register: dpkg_arch
when: internetarchive_install
- name: Explain bypassing of Internet Archive install if 32-bit OS
fail: # FORCE IT RED THIS ONCE!
msg: "BYPASSING INTERNET ARCHIVE PER https://github.com/iiab/iiab/issues/3641 -- 'dpkg --print-architecture' output for your OS: {{ dpkg_arch.stdout }}"
when: internetarchive_install and not dpkg_arch.stdout is search("64")
ignore_errors: True
- name: INTERNETARCHIVE
include_role:
name: internetarchive
when: internetarchive_install and dpkg_arch.stdout is search("64")
when: internetarchive_install
- name: MINETEST
include_role:
@ -55,31 +42,6 @@
name: pbx
when: pbx_install
- name: '2023-11-05 / TEMPORARY UNTIL ADMIN CONSOLE DECLARES ITS DEPENDENCY: Install MySQL (MariaDB) if admin_console_install (for setup-feedback and record_feedback.php)'
set_fact:
mysql_install: True
mysql_enabled: True
when: admin_console_install
- name: '2023-11-05 / TEMPORARY UNTIL ADMIN CONSOLE DECLARES ITS DEPENDENCY: Install MySQL (MariaDB) if admin_console_install (for setup-feedback and record_feedback.php)'
include_role:
name: mysql
when: admin_console_install
- name: '2023-11-05 / TEMPORARY UNTIL ADMIN CONSOLE DECLARES ITS DEPENDENCY: Install MySQL (MariaDB) if admin_console_install (for setup-feedback and record_feedback.php)'
fail:
msg: "Admin Console install cannot proceed, as MySQL / MariaDB is not installed."
when: admin_console_install and mysql_installed is undefined
# 2023-11-05: Moved from Stage 8, as it acts on mysql_installed (that might be set just above!)
- name: MUNIN
include_role:
name: munin
when: munin_install
- name: Read 'disk_used_a_priori' from /etc/iiab/iiab.ini
set_fact:
df1: "{{ lookup('ansible.builtin.ini', 'disk_used_a_priori', section='summary', file=iiab_ini_file) }}"

43
roles/calibre-web/README.rst
View file

@ -25,10 +25,6 @@ download e-books using a
Teachers upload e-books, adjust e-book metadata, and create custom "bookshelf"
collections — to help students build the best local community library!
**NEW AS OF JANUARY 2024:** `IIAB's experimental new version of Calibre-Web <https://github.com/iiab/calibre-web/wiki>`_
**also lets you add YouTube and Vimeo videos (and local videos, e.g. from
teachers' phones) to expand your indigenous/local/family learning library!**
.. image:: https://www.yankodesign.com/images/design_news/2019/05/221758/luo_beetle_library_8.jpg
🍒 GURU TIPS 🍒
@ -108,10 +104,6 @@ Whereas your e-book metadata is stored in a Calibre-style database::
/library/calibre-web/metadata.db
Videos' metadata is stored in database::
/library/calibre-web/xklb-metadata.db
See also::
/library/calibre-web/metadata_db_prefs_backup.json
@ -142,11 +134,7 @@ Errors and warnings can be seen if you run::
Log verbosity level can be
`adjusted <https://github.com/janeczku/calibre-web/wiki/Configuration#logfile-configuration>`_
within Calibre-Web's **Configuration > Basic Configuration > Logfile
Configuration**.
Finally, http://box/live/stats (Calibre-Web's **About** page) can be a very
useful list of ~42 `Calibre-Web dependencies <https://github.com/janeczku/calibre-web/wiki/Dependencies-in-Calibre-Web-Linux-and-Windows>`_
(mostly Python packages, and the version number of each that's installed).
Configuration** (details above).
Back Up Everything
------------------
@ -157,31 +145,26 @@ as it contains your Calibre-Web content **and** configuration settings!
Upgrading
---------
Please see our `new/automated upgrade technique (iiab-update) <https://github.com/iiab/calibre-web/wiki#upgrading>`_
introduced in July 2024.
"Reinstalling" Calibre-Web automatically installs the latest version — if your
Internet-in-a-Box (IIAB) is online.
But first: back up your content **and** configuration settings, as outlined
above!
But first: back up your content **and** configuration settings, as explained above.
**Conversely if you're sure you want to fully reset your Calibre-Web settings,
and remove all existing e-book/video/media metadata — then move your
/library/calibre-web/config/app.db, /library/calibre-web/metadata.db and
/library/calibre-web/xklb-metadata.db out of the way.**
RECAP: Either way, "reinstalling" Calibre-Web automatically installs the latest
version — so long as your Internet-in-a-Box (IIAB) is online. Most people
should stick with the new ``iiab-update`` technique above. However if you must
use the older/manual approach, you would need to run, as root::
**Also move your /library/calibre-web/config/app.db AND/OR
/library/calibre-web/metadata.db out of the way — if you're sure you want to
fully reset your Calibre-Web settings (to install defaults) AND/OR remove all
e-book metadata! Then run, as root**::
cd /opt/iiab/iiab
./runrole --reinstall calibre-web
Or, if there's a need to try updating Calibre-Web's code alone::
Or, if you just want to upgrade Calibre-Web code alone, prior to proceeding
manually::
cd /usr/local/calibre-web-py3
git pull
Finally, this much older way is *no longer recommended*::
This older way is *no longer recommended*::
cd /opt/iiab/iiab
./iiab-install --reinstall # OR: ./iiab-configure
@ -233,5 +216,5 @@ Known Issues
* |ss| Upload of not supported file formats gives no feedback to the user: `janeczku/calibre-web#828 <https://github.com/janeczku/calibre-web/issues/828>`_ |se| |nbsp| Fixed by `361a124 <https://github.com/janeczku/calibre-web/commit/361a1243d732116e6f520fabbaae017068b86037>`_ on 2019-02-27.
* *Please report serious issues here:*
https://github.com/iiab/calibre-web/issues
* *Please assist us in reporting serious issues here:*
https://github.com/janeczku/calibre-web/issues

3
roles/calibre-web/defaults/main.yml
View file

@ -14,10 +14,9 @@
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
calibreweb_repo_url: https://github.com/iiab/calibre-web # Or use upstream: https://github.com/janeczku/calibre-web
calibreweb_repo_url: https://github.com/janeczku/calibre-web
calibreweb_version: master # WAS: master, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9
calibreweb_venv_wipe: False # 2023-12-04: NEW default TDD (Test-Driven Dev!)
calibreweb_venv_path: /usr/local/calibre-web-py3
calibreweb_exec_path: "{{ calibreweb_venv_path }}/cps.py"

BIN
roles/calibre-web/files/app.db
View file

Binary file not shown.

19
roles/calibre-web/tasks/enable-or-disable.yml
View file

@ -23,29 +23,12 @@
dest: "{{ nginx_conf_dir }}/calibre-web-nginx.conf" # /etc/nginx/conf.d
when: calibreweb_enabled
- name: If enabling with Calibre-Web enhanced for large audio/video "books" too, also append onto calibre-web-nginx.conf AND symlink /library/www/html/calibre-web -> /library/calibre-web (WIP)
shell: |
if [ -f {{ calibreweb_venv_path }}/scripts/calibre-web-nginx.conf ]; then
cat {{ calibreweb_venv_path }}/scripts/calibre-web-nginx.conf >> {{ nginx_conf_dir }}/calibre-web-nginx.conf
# 2023-12-05: Not needed as a result of PR iiab/calibre-web#57
# ln -sf {{ calibreweb_home }} {{ doc_root }}/calibre-web
fi
when: calibreweb_enabled
- name: Disable http://box{{ calibreweb_url1 }} via NGINX, by removing {{ nginx_conf_dir }}/calibre-web-nginx.conf
file:
path: "{{ nginx_conf_dir }}/calibre-web-nginx.conf"
path: "{{ nginx_conf_dir }}/calibre-web-nginx.conf" # /etc/nginx/conf.d
state: absent
when: not calibreweb_enabled
- name: If disabling, also remove symlink /library/www/html/calibre-web (WIP)
file:
path: "{{ doc_root }}/calibre-web" # /library/www/html
state: absent
when: not calibreweb_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx

118
roles/calibre-web/tasks/install.yml
View file

@ -1,32 +1,14 @@
# Or try 'iiab-update -f' for a more rapid upgrade of IIAB Calibre-Web:
#
# https://wiki.iiab.io/go/FAQ#Can_I_upgrade_IIAB_software%3F
# https://github.com/iiab/calibre-web/wiki#upgrading
# https://github.com/iiab/iiab/blob/master/scripts/iiab-update
# https://github.com/iiab/iiab/tree/master/roles/calibre-web#upgrading
- name: Record (initial) disk space used
shell: df -B1 --output=used / | tail -1
register: df1
- name: Stop 'calibre-web' systemd service for safety (RED ERROR CAN BE IGNORED!)
systemd:
name: calibre-web
state: stopped
ignore_errors: True # Shows red errors, and continue...
#failed_when: False # Hides red errors, and continue...
# Official upstream instructions:
# apt install python3-pip python3-venv
# https://github.com/janeczku/calibre-web/wiki/Manual-installation
- name: "Install package: imagemagick"
- name: "Install packages: ffmpeg, imagemagick, python3-netifaces"
package:
name:
- ffmpeg # 2023-07-15: @deldesir requests this, so usability can be improved!
- imagemagick
#- python3-cryptography # Was needed on Raspberry Pi OS (SEE iiab/calibre-web#260, janeczku/calibre-web#3183)
#- python3-netifaces
- python3-netifaces
state: present
# https://github.com/iiab/iiab/pull/3496#issuecomment-1475094542
@ -38,13 +20,6 @@
# state: present
# when: python_version is version('3.10', '>=')
- name: Does /etc/ImageMagick-6/policy.xml exist?
stat:
path: /etc/ImageMagick-6/policy.xml
register: imagemagick6_policy_xml
# 2024-12-16: Debian 13 uses /etc/ImageMagick-7/policy.xml instead, which doesn't need this lineinfile surgery:
# https://stackoverflow.com/questions/52998331/imagemagick-security-policy-pdf-blocking-conversion
- name: Allow ImageMagick to read PDFs, per /etc/ImageMagick-6/policy.xml, to create book cover thumbnails
lineinfile:
path: /etc/ImageMagick-6/policy.xml
@ -52,9 +27,13 @@
backrefs: yes
line: ' <policy domain="coder" rights="read" pattern="PDF" />'
state: present
when: imagemagick6_policy_xml.stat.exists
- name: "Create 2 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_config }} (each set to {{ calibreweb_user }}:{{ apache_user }}, default to 0755)"
- name: Remove previous virtual environment {{ calibreweb_venv_path }}
file:
path: "{{ calibreweb_venv_path }}"
state: absent
- name: "Create 3 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }} (all set to {{ calibreweb_user }}:{{ apache_user }}) (default to 0755)"
file:
state: directory
path: "{{ item }}"
@ -63,6 +42,7 @@
with_items:
- "{{ calibreweb_home }}" # /library/calibre-web
- "{{ calibreweb_config }}" # /library/calibre-web/config
- "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3
# FYI since May 2021, Calibre-Web (major releases) can be installed with pip:
# https://pypi.org/project/calibreweb/
@ -71,86 +51,24 @@
# https://github.com/janeczku/calibre-web/pull/927
# https://github.com/janeczku/calibre-web/pull/1459
- name: "Remove previous virtual environment {{ calibreweb_venv_path }} -- if 'calibreweb_venv_wipe: True'"
file:
path: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3
state: absent
when: calibreweb_venv_wipe
- name: Does {{ calibreweb_venv_path }} exist?
stat:
path: "{{ calibreweb_venv_path }}"
register: calibreweb_venv
- name: git clone Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~122 MB initially, ~191+ or ~203+ MB later) -- if {{ calibreweb_venv_path }} doesns't exist
- name: Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from {{ calibreweb_repo_url }} to {{ calibreweb_venv_path }} (~94 MB initially, ~115+ MB later)
git:
repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/iiab/calibre-web or https://github.com/janeczku/calibre-web
repo: "{{ calibreweb_repo_url }}" # e.g. https://github.com/janeczku/calibre-web
dest: "{{ calibreweb_venv_path }}"
#force: True # CLAIM: "If true, any modified files in the working repository will be discarded" -- REALITY: even if `force: no`, Ansible destructively reclones (also removing all test branch commits etc!) -- unless a git credential is provided to Ansible?
#depth: 1 # 2023-11-04: Full clone for now, to help @deldesir & wider community testing
version: "{{ calibreweb_version }}" # e.g. master, 0.6.22
when: not calibreweb_venv.stat.exists
- name: cd {{ calibreweb_venv_path }} ; git pull {{ calibreweb_repo_url }} {{ calibreweb_version }} --no-rebase --no-edit -- if {{ calibreweb_venv_path }} exists
command: git pull "{{ calibreweb_repo_url }}" "{{ calibreweb_version }}" --no-rebase --no-edit
args:
chdir: "{{ calibreweb_venv_path }}"
when: calibreweb_venv.stat.exists
- debug:
msg:
- "NEED BETTER/EXPERIMENTAL YouTube SCRAPING? RUN THE NEXT LINE -- for the latest yt-dlp 'nightly' release:"
- sudo pipx inject --pip-args='--upgrade --pre' -f library yt-dlp[default]
- name: If Calibre-Web is being enhanced with audio/video "books" too, install/upgrade additional prereqs -- SEE https://github.com/iiab/calibre-web/wiki
shell: |
if [ -f {{ calibreweb_venv_path }}/scripts/lb-wrapper ]; then
apt install ffmpeg pipx -y
if lb --version; then
if pipx list | grep -q 'xklb'; then
pipx uninstall xklb
pipx install library
else
pipx reinstall library
fi
else
pipx install library
fi
ln -sf /root/.local/bin/lb /usr/local/bin/lb
if [ -f /root/.local/share/pipx/venvs/library/bin/yt-dlp ]; then
ln -sf /root/.local/share/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp
elif [ -f /root/.local/pipx/venvs/library/bin/yt-dlp ]; then
ln -sf /root/.local/pipx/venvs/library/bin/yt-dlp /usr/local/bin/yt-dlp
else
echo "ERROR: yt-dlp NOT FOUND"
fi
# NEED BETTER/EXPERIMENTAL YouTube SCRAPING? UNCOMMENT THE NEXT LINE -- for the latest yt-dlp "nightly" release:
# pipx inject --pip-args="--upgrade --pre" -f library yt-dlp[default]
#
# https://github.com/yt-dlp/yt-dlp-nightly-builds/releases
# https://pypi.org/project/yt-dlp/#history
cp {{ calibreweb_venv_path }}/scripts/lb-wrapper /usr/local/bin/
chmod a+x /usr/local/bin/lb-wrapper
fi
force: yes
depth: 1
version: "{{ calibreweb_version }}" # e.g. master, 0.6.20
- name: Download Calibre-Web dependencies from 'requirements.txt' into python3 virtual environment {{ calibreweb_venv_path }}
pip:
requirements: "{{ calibreweb_venv_path }}/requirements.txt"
virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3
#virtualenv_site_packages: no
#virtualenv_command: python3 -m venv --system-site-packages {{ calibreweb_venv_path }}
virtualenv_command: python3 -m venv {{ calibreweb_venv_path }}
extra_args: --prefer-binary # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560
# 2023-10-11: RasPiOS Bookworm doc for Python with venv (PEP 668 now enforced!)
# https://www.raspberrypi.com/documentation/computers/os.html#use-python-on-a-raspberry-pi
# https://www.raspberrypi.com/documentation/computers/os.html#install-python-packages-using-apt
# https://www.raspberrypi.com/documentation/computers/os.html#install-python-libraries-using-pip
virtualenv_site_packages: no
virtualenv_command: python3 -m venv --system-site-packages {{ calibreweb_venv_path }}
# VIRTUALENV EXAMPLE COMMANDS:
# python3 -m venv /usr/local/calibre-web-py3 (create venv)
# cd /usr/local/calibre-web-py3
# . bin/activate (or 'source bin/activate' -- this prepends '/usr/local/calibre-web-py3/bin' to yr PATH)
# source bin/activate (prepends '/usr/local/calibre-web-py3/bin' to yr PATH)
# python3 -m pip list ('pip list' sufficient *IF* path set above!)
# python3 -m pip freeze > /tmp/requirements.txt
# python3 -m pip install -r requirements.txt

19
roles/cups/tasks/install.yml
View file

@ -58,30 +58,15 @@
AuthType Default
Require user @SYSTEM
- name: "CUPS web administration: Create Linux username 'Admin' in Linux group 'lpadmin' (shell: /usr/sbin/nologin, create_home: no)"
- name: "CUPS web administration: Create Linux username 'Admin' with password 'changeme' in Linux group 'lpadmin' (shell: /usr/sbin/nologin, create_home: no)"
user:
name: Admin
append: yes # Don't clobber other groups, that other IIAB Apps might need.
groups: lpadmin
#password: "{{ 'changeme' | password_hash('sha512') }}" # Random salt. Presumably runs 5000 rounds of SHA-512 per /etc/login.defs & /etc/pam.d/common-password -- https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html#hashing-and-encrypting-strings-and-passwords
password: "{{ 'changeme' | password_hash('sha512') }}" # Random salt. Presumably runs 5000 rounds of SHA-512 per /etc/login.defs & /etc/pam.d/common-password -- https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#encrypting-and-checksumming-strings-and-passwords
create_home: no
shell: /usr/sbin/nologin # Debian/Ubuntu norm -- instead of /sbin/nologin, /bin/false
# 2024-05-01: Above password-setting approach no longer works w/ Ansible 2.17 RC1 (#3727).
# Ansible STOPS with this error...
#
# "[DEPRECATION WARNING]: Encryption using the Python crypt module is deprecated. The Python crypt module is
# deprecated and will be removed from Python 3.13. Install the passlib library for continued encryption
# functionality. This feature will be removed in version 2.17. Deprecation warnings can be disabled by
# setting deprecation_warnings=False in ansible.cfg."
#
# ...so we instead use Linux's "chpasswd" command (below!)
- name: Use chpasswd to set Linux username 'Admin' password to 'changeme'
command: chpasswd
args:
stdin: Admin:changeme
# - name: Add user '{{ iiab_admin_user }}' to Linux group 'lpadmin' -- for CUPS web administration (or modify default 'SystemGroup lpadmin' in /etc/cups/cups-files.conf -- in coordination with ~14 -> ~15 '@SYSTEM' lines in /etc/cups/cupsd.conf)
# #command: "gpasswd -a {{ iiab_admin_user | quote }} lpadmin"
# #command: "gpasswd -d {{ iiab_admin_user | quote }} lpadmin"

4
roles/firmware/templates/iiab-check-firmware
View file

@ -19,7 +19,7 @@
# https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L10-14
# https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52
# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L23-L39
# https://github.com/iiab/iiab/blob/master/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN
# https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN
iiab_var_value() {
v1=$(grep "^$1:\s" /opt/iiab/iiab/vars/default_vars.yml | tail -1 | sed "s/^$1:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/")
@ -60,7 +60,7 @@ else
echo -e " cd /opt/iiab/iiab"
echo -e " sudo iiab-hotspot-off # NO LONGER NEC? eg to restore 'wifi_up_down: True'"
echo -e " sudo ./runrole --reinstall firmware"
echo -e " sudo iiab-network # SOMETIMES NECESSARY"
echo -e " sudo ./iiab-network # SOMETIMES NECESSARY"
echo -e " sudo iiab-hotspot-on # NO LONGER NEC? eg to restore 'wifi_up_down: True'"
echo -e " sudo reboot\n"
#echo

2
roles/gitea/defaults/main.yml
View file

@ -9,7 +9,7 @@
# Info needed to install Gitea:
gitea_version: "1.22" # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. Quotes nec if trailing zero.
gitea_version: "1.20" # 2022-01-30: Grabs latest from this MAJOR/MINOR release branch. Rather than exhaustively hard-coding point releases (e.g. 1.14.5) every few weeks. Quotes nec if trailing zero.
iset_suffixes:
i386: 386
x86_64: amd64

4
roles/gitea/tasks/install.yml
View file

@ -48,10 +48,10 @@
msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\""
when: gitea_iset_suffix == "unknown"
- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~134 MB, SLOW DOWNLOAD CAN TAKE ~15 MIN)
- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~126 MB, SLOW DOWNLOAD CAN TAKE ~15 MIN)
get_url:
url: "{{ gitea_download_url }}"
dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.21
dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.20
mode: 0775
timeout: "{{ download_timeout }}"

8
roles/iiab-admin/README.rst
View file

@ -36,7 +36,7 @@ Security
#. ``iiab-admin`` (specified by ``admin_console_group`` in `/opt/iiab/iiab/vars/default_vars.yml <../../vars/default_vars.yml>`_ and `/opt/iiab/iiab-admin-console/vars/default_vars.yml <https://github.com/iiab/iiab-admin-console/blob/master/vars/default_vars.yml>`_)
#. ``sudo``
* Please read much more about what escalated (root) actions are authorized when you log into IIAB's Admin Console, and how this works: https://github.com/iiab/iiab-admin-console/blob/master/Authentication.md
* If your IIAB includes Tailscale (VPN), ``/root/.ssh/authorized_keys`` should be installed by `roles/tailscale/tasks/install.yml <../tailscale/tasks/install.yml>`_ to facilitate remote community support. Feel free to remove this as mentioned here: https://wiki.iiab.io/go/Security
* If your IIAB includes OpenVPN, ``/root/.ssh/authorized_keys`` should be installed by `roles/openvpn/tasks/install.yml <../openvpn/tasks/install.yml>`_ to facilitate remote community support. Feel free to remove this as mentioned here: https://wiki.iiab.io/go/Security
* Auto-checking for the default/published password (as specified by ``iiab_admin_published_pwd`` in `/opt/iiab/iiab/vars/default_vars.yml <../../vars/default_vars.yml>`_) is implemented in `/etc/profile.d <templates/sshpwd-profile-iiab.sh>`_ (and `/etc/xdg/lxsession/LXDE-pi <templates/sshpwd-lxde-iiab.sh>`_ when it exists, i.e. on Raspberry Pi OS with desktop).
Example
@ -56,16 +56,16 @@ Historical Notes
Remote Support Tools
--------------------
The `iiab-diagnostics <../../scripts/iiab-diagnostics.README.md>`_ and `Tailscale (VPN) <https://en.wikipedia.org/wiki/Tailscale>`_ options mentioned above can greatly help you empower your community, typically during the implementation phase of your project, even if Linux is new to you.
The `iiab-diagnostics <../../scripts/iiab-diagnostics.README.md>`_ and `OpenVPN <https://en.wikipedia.org/wiki/OpenVPN>`_ options mentioned above can greatly help you empower your community, typically during the implementation phase of your project, even if Linux is new to you.
Similarly, `tasks/main.yml <tasks/main.yml>`_ adds a couple text mode tools — extremely helpful over expensive / low-bandwidth connections:
Similarly, `access.yml <tasks/access.yml>`_ adds a couple text mode tools — extremely helpful over expensive / low-bandwidth connections:
* `lynx <https://en.wikipedia.org/wiki/Lynx_(web_browser)>`_
* `screen <https://linuxize.com/post/how-to-use-linux-screen/>`_
*More great tools to help you jumpstart community action at a distance:*
* `FAQ.IIAB.IO <https://wiki.iiab.io/go/FAQ>`_ > "How can I remotely manage my Internet-in-a-Box?"
* http://FAQ.IIAB.IO > "How can I remotely manage my Internet-in-a-Box?"
Admin Console
-------------

33
roles/iiab-admin/tasks/pwd-warnings.yml
View file

@ -2,35 +2,34 @@
# AND roles/network/tasks/netwarn.yml FOR iiab-network
- name: Install /etc/profile.d/iiab-pwdwarn-profile.sh from template, to issue warnings (during shell/ssh logins) if iiab-admin password is the default
- name: Install /etc/profile.d/sshpwd-profile-iiab.sh from template, to issue warnings (during shell/ssh logins) if iiab-admin password is the default
template:
src: iiab-pwdwarn-profile.sh.j2
dest: /etc/profile.d/iiab-pwdwarn-profile.sh
src: sshpwd-profile-iiab.sh.j2
dest: /etc/profile.d/sshpwd-profile-iiab.sh
mode: '0644'
- name: Does directory /home/{{ iiab_admin_user }}/.config/labwc/ exist?
- name: Is /etc/xdg/lxsession/LXDE-pi a directory?
stat:
path: /home/{{ iiab_admin_user }}/.config/labwc/
register: labwc_dir
path: /etc/xdg/lxsession/LXDE-pi
register: lx
- name: "If so, install from template: /usr/local/sbin/iiab-pwdwarn-labwc"
- name: "If so, install from template: /etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh"
template:
src: iiab-pwdwarn-labwc.j2
dest: /usr/local/sbin/iiab-pwdwarn-labwc
src: sshpwd-lxde-iiab.sh.j2
dest: /etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh
mode: '0755'
when: labwc_dir.stat.exists and labwc_dir.stat.isdir
when: lx.stat.isdir is defined and lx.stat.isdir # and is_raspbian
# 2019-03-07: This pop-up (/etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh) did
# 2019-03-07: This popup (/etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh) does
# not actually appear when triggered by /etc/xdg/autostart/pprompt-iiab.desktop
# (or pprompt.desktop as Raspbian has working since 2018-11-13!) Too bad as it
# would be really nice to standardize pop-ups across Ubermix & all distros...
# would be really nice to standardize this popup across Ubermix & all distros..
# Is this a permissions/security issue presumably? Official autostart spec is:
# https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html
# Raspbian's 2016-2018 evolution here: https://github.com/iiab/iiab/issues/1537
- name: ...and put a line in /home/{{ iiab_admin_user }}/.config/labwc/autostart to trigger iiab-pwdwarn-labwc (& pop-up as nec)
- name: ...and put a line in /etc/xdg/lxsession/LXDE-pi/autostart to trigger popups
lineinfile:
path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin
create: yes
line: '/usr/local/sbin/iiab-pwdwarn-labwc &'
when: labwc_dir.stat.exists and labwc_dir.stat.isdir
path: /etc/xdg/lxsession/LXDE-pi/autostart
line: "@/etc/xdg/lxsession/LXDE-pi/sshpwd-lxde-iiab.sh"
when: lx.stat.isdir is defined and lx.stat.isdir # and is_raspbian

2
roles/iiab-admin/tasks/sudo-prereqs.yml
View file

@ -1,6 +1,6 @@
- name: 'Install package: sudo'
package:
name: sudo # (1) Should be installed prior to installing IIAB, (2) Can be installed by 1-prep's roles/tailscale/tasks/install.yml, (3) Can be installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml here, (4) Used to be installed by roles/2-common/tasks/packages.yml (but that's too late!)
name: sudo # (1) Should be installed prior to installing IIAB, (2) Can also be installed by roles/1-prep's roles/openvpn/tasks/install.yml, (3) Is definitely installed by 1-prep here, (4) Used to be installed by roles/2-common/tasks/packages.yml (but that's too late!)
- name: Temporarily make file /etc/sudoers editable (0640)
file:

0
roles/iiab-admin/templates/iiab-pwdwarn-labwc.j2 → roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2
View file

0
roles/iiab-admin/templates/iiab-pwdwarn-profile.sh.j2 → roles/iiab-admin/templates/sshpwd-profile-iiab.sh.j2
View file

6
roles/internetarchive/tasks/install.yml
View file

@ -9,10 +9,10 @@
include_role:
name: nodejs
- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 22.x
- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 20.x
assert:
that: nodejs_version is version('10.x', '>=') and nodejs_version is version('22.x', '<=')
fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 22.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml"
that: nodejs_version is version('10.x', '>=') and nodejs_version is version('20.x', '<=')
fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 20.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml"
quiet: yes
- name: "Set 'yarn_install: True' and 'yarn_enabled: True'"

26
roles/jupyterhub/tasks/install.yml
View file

@ -17,11 +17,11 @@
shell: df -B1 --output=used / | tail -1
register: df1
# 2025-02-16
#- name: "Install package: python3-psutil"
# package:
# name: python3-psutil
# state: present
- name: "Install package: python3-psutil"
package:
name: python3-psutil
state: present
- name: Remove previous virtual environment {{ jupyterhub_venv }}
file:
@ -43,18 +43,17 @@
global: yes
state: latest
- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~316 MB total, after 2 Ansible calls)"
- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~326 MB total, after 2 Ansible calls)"
pip:
name:
- pip
- wheel
- jupyterhub
virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub
#virtualenv_site_packages: no
virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2025-02-16
#virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below
virtualenv_site_packages: no
virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below
#virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2)
extra_args: "--no-cache-dir --prefer-binary" # 2021-11-30, 2022-07-07: The "--pre" flag had earlier been needed, for beta-like pre-releases of JupyterHub 2.0.0
extra_args: "--no-cache-dir" # 2021-11-30, 2022-07-07: The "--pre" flag had earlier been needed, for beta-like pre-releases of JupyterHub 2.0.0
# 2022-07-07: Attempting to "pip install" all 7 together (3 above + 4 below)
# fails on OS's like 64-bit RasPiOS (but interestingly works on Ubuntu 22.04!)
@ -68,10 +67,9 @@
- jupyterhub-systemdspawner
- ipywidgets
virtualenv: "{{ jupyterhub_venv }}"
#virtualenv_site_packages: no
virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2025-02-16
#virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}"
extra_args: "--no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560
virtualenv_site_packages: no
virtualenv_command: python3 -m venv --system-site-packages "{{ jupyterhub_venv }}"
extra_args: "--no-cache-dir"
- name: "Install from template: {{ jupyterhub_venv }}/etc/jupyterhub/jupyterhub_config.py"
template:

54
roles/kalite/tasks/install.yml
View file

@ -15,20 +15,32 @@
# ignore_errors: yes
# when: is_raspbian
- name: 'Install packages: python2, python-setuptools, virtualenv (for Python 2) -- if Ubuntu 22.04 / Mint 21'
- name: 'Install packages: python2, python-setuptools, virtualenv (for Python 2)'
package:
name:
- python2
- python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2)
- virtualenv # Drags in 'python3-virtualenv' which in turn drags in 'python3-pip' -- for Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole}
state: present
when: is_ubuntu_2204 # Also covers is_linuxmint_21
when: is_debian_11 or is_ubuntu_2204 # Covers is_raspbian_11 and is_linuxmint_21, and is more future-proof than...
#when: not (is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310)
# 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already.
- name: Run scripts/install_python2.sh to install python2 and virtualenv -- if Debian 12 or RasPiOS 12
#- name: Install Ubuntu keyrings on Debian
# get_url:
# url:
# dest: /etc/apt/keyrings/
# mode: 0644
# timeout: "{{ download_timeout }}"
# when: is_debian_12
# use key retrieval from mongodb
- name: Use scripts/install_python2.sh to install python2 and virtualenv
command: "{{ iiab_dir }}/scripts/install_python2.sh"
when: is_debian_12 # Also covers is_raspbian_12
when: not (is_debian_11 or is_ubuntu_2204) # Also avoids is_raspbian_11 and is_linuxmint_21, and is more future-proof than...
#when: is_debian_12 or is_ubuntu_2304 or is_ubuntu_2310
- name: Use pip to pin setuptools to 44 in {{ kalite_venv }} -- if Ubuntu 22.04 / Mint 21, Ubuntu 23.10, Debian 12 or RasPiOS 12
- name: Use pip to pin setuptools to 44 in {{ kalite_venv }} # WAS: if Raspbian/Debian > 10 or Ubuntu > 19
pip:
name: setuptools==44
virtualenv: "{{ kalite_venv }}" # /usr/local/kalite/venv
@ -36,9 +48,10 @@
virtualenv_command: virtualenv # Traditionally /usr/bin/virtual/env -- but install_python2.sh (for Ubuntu 23.10+) sets up /usr/local/bin/virtualenv
virtualenv_python: python2.7
extra_args: "--no-use-pep517 --no-cache-dir --no-python-version-warning"
when: is_ubuntu_2204 or is_ubuntu_2310 or is_debian_12 # Also covers is_linuxmint_21 and is_raspbian_12
#when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19)
# long form of (is_debian_11+ or is_ubuntu_20+)
- name: Use pip to install ka-lite-static to {{ kalite_venv }} -- if Ubuntu 22.04 / Mint 21, Ubuntu 23.10, Debian 12 or RasPiOS 12
- name: Use pip to install ka-lite-static to {{ kalite_venv }}
pip:
name: ka-lite-static
version: "{{ kalite_version }}"
@ -47,14 +60,6 @@
virtualenv_command: virtualenv
virtualenv_python: python2.7
extra_args: "--no-cache-dir"
when: is_ubuntu_2204 or is_ubuntu_2310 or is_debian_12 # Also covers is_linuxmint_21 and is_raspbian_12
# 2024-04-30: Sadly no longer works with Ubuntu 24.04 LTS final release (#3731).
# So roles/kalite is OS-restricted during initial install, SEE: roles/7-edu-apps/tasks/main.yml
# CLARIF: If install_python2_kalite-venv_u2404.sh proves no longer useful, it will deprecated in coming months.
- name: Run scripts/install_python2_kalite-venv_u2404.sh -- if Ubuntu 24.04+ or Mint 22
command: bash "{{ iiab_dir }}/scripts/install_python2_kalite-venv_u2404.sh"
when: is_ubuntu and not is_linuxmint and os_ver is version('ubuntu-2404', '>=') or is_linuxmint_22
- name: "Install from templates: venv wrapper /usr/bin/kalite, unit file /etc/systemd/system/kalite-serve.service"
template:
@ -65,11 +70,30 @@
- { src: 'kalite.sh.j2', dest: '/usr/bin/kalite', mode: '0755' }
- { src: 'kalite-serve.service.j2', dest: '/etc/systemd/system/kalite-serve.service', mode: '0644' }
# Useless stanza, for 2 reasons: (1) http://box/kalite was never made to work
# (2) /etc/apache2/sites-available does not exist on many IIAB's w/o Apache
# - name: "Install from template: /etc/{{ apache_conf_dir }}/kalite.conf (useless, as http://box/kalite was never made to work)"
# template:
# src: kalite.conf
# dest: "/etc/{{ apache_conf_dir }}" # apache2/sites-available on debuntu
# when: apache_installed is defined
- name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes # WAS: if Raspbian/Debian > 10 or Ubuntu > 19
replace:
path: "{{ kalite_venv }}/lib/python2.7/site-packages/kalite/packages/dist/ifcfg/parser.py" # /usr/local/kalite/venv
regexp: 'a-zA-Z0-9'
replace: 'a-zA-Z0-9\-'
#when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19)
# 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already.
# JV: why not just is_ubuntu_20? AH: to make this work on Ubuntu 21+ and ideally Debian/RasPiOS 11+ too?
# - name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes, if Raspbian/Debian < 11 or Ubuntu < 20
# replace:
# path: "{{ kalite_venv }}/local/lib/python2.7/site-packages/kalite/packages/dist/ifcfg/parser.py"
# regexp: 'a-zA-Z0-9'
# replace: 'a-zA-Z0-9\-'
# when: is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19
# # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already.
- name: Create dir {{ kalite_root }}
file:

6
roles/kolibri/defaults/main.yml
View file

@ -26,12 +26,8 @@
# https://github.com/iiab/iiab/issues/1675
# https://github.com/learningequality/kolibri/issues/5664
# 2024-04-08: Kolibri 0.16.1+ restores install via apt
# https://github.com/learningequality/kolibri/issues/11892#issuecomment-2043073998
# 2022-07-30: UNCOMMENT ONE OF THE FOLLOWING LINES TO TEST A PARTICULAR .deb INSTALL
# 2022-07-30: UNCOMMENT THE FOLLOWING LINE TO TEST A PARTICULAR .deb INSTALL
# kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest
# 2024-02-17: https://github.com/learningequality/kolibri/issues/11892
# kolibri_deb_url: https://learningequality.org/r/kolibri-deb-next
# 2019-11-21 issue #2045 - above URL had redirected to this broken Kolibri 0.12.9 release:
# https://storage.googleapis.com/le-releases/downloads/kolibri/v0.12.9/kolibri_0.12.9-0ubuntu1_all.deb
#

28
roles/kolibri/tasks/install.yml
View file

@ -76,20 +76,17 @@
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81
gpg --yes --output /usr/share/keyrings/learningequality-kolibri.gpg --export DC5BAA93F9E4AE4F0411F97C74F88ADB3194DD81
# 2024-06-25: Strongly consider PPA "kolibri-proposed" in future...
# https://github.com/learningequality/kolibri/issues/11892
# https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html
- name: Add signed Kolibri PPA 'jammy'
- name: Add signed Kolibri PPA 'jammy' (if Ubuntu 22.04+ or Mint 21 or Debian 12)
apt_repository:
repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu jammy main"
# when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12
# #when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204
when: is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12
#when: is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12 # MINT 21 COVERED BY is_ubuntu_2204
# - name: Add signed Kolibri PPA 'focal' (if other/older OS's)
# apt_repository:
# repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu focal main"
# when: not (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12)
# #when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12)
- name: Add signed Kolibri PPA 'focal' (if other/older OS's)
apt_repository:
repo: "deb [signed-by=/usr/share/keyrings/learningequality-kolibri.gpg] http://ppa.launchpad.net/learningequality/kolibri/ubuntu focal main"
when: not (is_ubuntu and os_ver is version('ubuntu-2204', '>=') or is_linuxmint_21 or is_debian_12)
#when: not (is_ubuntu_2204 or is_ubuntu_2210 or is_debian_12)
# - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' (if is_ubuntu and not is_linuxmint)
# apt_repository:
@ -124,15 +121,6 @@
# codename: focal # UPDATE THIS TO 'jammy' AFTER "RasPiOS Bookworm" (based on Debian 12) IS RELEASED! (ETA Q3 2023)
# when: is_debian or is_linuxmint_20
# 2024-08-07: Hack no longer needed! As Kolibri 0.17.0 now installs via "kolibri" PPA (https://launchpad.net/~learningequality/+archive/ubuntu/kolibri).
# Hopefully "kolibri-proposed" PPA will install 0.18 pre-releases soon, on Python 3.13 too! https://github.com/learningequality/kolibri/issues/11892
# - name: '2024-06-25 TEMPORARY HACK: Hard code kolibri_deb_url to Kolibri 0.17.x (pre-release or final release) if Python >= 3.12 -- kolibri-proposed PPA should do this automatically in future!'
# set_fact:
# kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.17.0/kolibri_0.17.0-0ubuntu1_all.deb
# when: python_version is version('3.12', '>=') # For Ubuntu 24.04, Mint 22, pre-releases of Ubuntu 24.10, and Debian 13 (even if/when "Trixie" changes from Python 3.12 to 3.13!) Regarding PPA kolibri-proposed not quite being ready yet, see: learningequality/kolibri#11316 -> learningequality/kolibri#11892
- name: apt install kolibri (using apt source specified above, if kolibri_deb_url ISN'T defined)
apt:
name: kolibri

17
roles/matomo/tasks/install.yml
View file

@ -12,21 +12,6 @@
# fatal: [127.0.0.1]: FAILED! => {"cache_control": "private, no-cache, no-store", "changed": false, "connection": "close", "content_type": "text/html; charset=utf-8", "date": "Wed, 15 Jun 2022 05:07:41 GMT", "elapsed": 0, "expires": "Thu, 19 Nov 1981 08:52:00 GMT", "msg": "Status code was 500 and not [200]: HTTP Error 500: Internal Server Error", "pragma": "no-cache", "redirected": false, "server": "nginx/1.18.0 (Ubuntu)", "set_cookie": "MATOMO_SESSID=psak3aem27vrdrt8t2f016600f; path=/; HttpOnly; SameSite=Lax", "status": 500, "transfer_encoding": "chunked", "url": "http://box.lan/matomo/index.php?action=welcome", "x_matomo_request_id": "fbfd2"}
- name: "Set 'mysql_install: True' and 'mysql_enabled: True'"
set_fact:
mysql_install: True
mysql_enabled: True
- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB)
include_role:
name: mysql
- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined'
fail:
msg: "Matomo install cannot proceed, as MySQL / MariaDB is not installed."
when: mysql_installed is undefined
- name: Record (initial) disk space used
shell: df -B1 --output=used / | tail -1
register: df1
@ -67,7 +52,7 @@
priv: "{{ matomo_db_name }}.*:ALL"
#login_unix_socket: /var/run/mysqld/mysqld.sock
- name: Download and Extract Matomo (~3 min)
- name: Download and Extract Matomo (~1 min)
unarchive:
src: "{{ matomo_dl_url }}" # e.g. https://builds.matomo.org/matomo.tar.gz
dest: "{{ matomo_path }}" # e.g. /library/www

4
roles/mediawiki/defaults/main.yml
View file

@ -4,8 +4,8 @@
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
mediawiki_major_version: "1.43" # "1.40" quotes nec if trailing zero
mediawiki_minor_version: 0
mediawiki_major_version: "1.40" # "1.40" quotes nec if trailing zero
mediawiki_minor_version: 1
mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}"
mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}"

15
roles/mediawiki/tasks/install.yml
View file

@ -1,18 +1,3 @@
- name: "Set 'mysql_install: True' and 'mysql_enabled: True'"
set_fact:
mysql_install: True
mysql_enabled: True
- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB)
include_role:
name: mysql
- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined'
fail:
msg: "MediaWiki install cannot proceed, as MySQL / MariaDB is not installed."
when: mysql_installed is undefined
- name: Record (initial) disk space used
shell: df -B1 --output=used / | tail -1
register: df1

10
roles/moodle/defaults/main.yml
View file

@ -8,11 +8,11 @@
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
# October 2024: Currently testing Moodle's main branch is mandatory if your
# OS PHP >= 8.4, see moodle/tasks/install.yml for detail! OR, *IF* your
# OS PHP < 8.4, then {{ moodle_version }} will be attempted:
moodle_version: MOODLE_405_STABLE # Moodle 4.5
#moodle_version: main # e.g. to try Moodle's "weekly" 5.0dev pre-release *EVEN IF* OS PHP < 8.4
# 2023-04-25: Currently testing Moodle's master branch is mandatory if your
# OS PHP >= 8.3, see moodle/tasks/install.yml for detail! OR, *IF* your
# OS PHP < 8.3, then {{ moodle_version }} will be attempted:
moodle_version: MOODLE_402_STABLE # Moodle 4.2
#moodle_version: master # e.g. to try Moodle's "weekly" 4.2dev pre-release *EVEN IF* OS PHP < 8.2
moodle_repo_url: https://github.com/moodle/moodle
#moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow!

38
roles/moodle/tasks/install.yml
View file

@ -6,20 +6,6 @@
# 2021-06-28: This ALSO now happens in /etc/php/{{ php_version }}/cli/php.ini
# (as required by Moodle's CLI installer, DESPITE it using fpm/php.ini later!)
# 2023-12-17: Upgrade instructions via CLI
# https://docs.moodle.org/en/Administration_via_command_line
#
# EXAMPLE:
# cd /opt/iiab/moodle
# sudo -u www-data /usr/bin/php admin/cli/maintenance.php --enable
# cd /opt/iiab
# mv moodle moodle.bkp
# git clone https://github.com/moodle/moodle -b MOODLE_403_STABLE --depth 1 # As a regular 'git pull' will likely fail, due to original clone's '--depth 1' -- but no worries: total clone download is just ~100 MB, which expands to ~400 MB
# cp moodle.bkp/config.php moodle/
# cd moodle
# sudo -u www-data /usr/bin/php admin/cli/upgrade.php # Or later log in to Moodle, to complete the upgrade (i.e. click "Continue" 4-5 times)
# sudo -u www-data /usr/bin/php admin/cli/maintenance.php --disable
- name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'"
set_fact:
@ -85,32 +71,26 @@
when: opt_iiab_moodle.stat.exists
# WARNING: Since March 2023, 32-bit RasPiOS can act as 64-bit on RPi 4 and
# RPi 400 (unlike RPi 3!) SEE: https://github.com/iiab/iiab/pull/3516
- name: Run command 'dpkg --print-architecture' to identify OS architecture (CPU arch as revealed by ansible_architecture ~= ansible_machine is NO LONGER enough!)
command: dpkg --print-architecture
register: dpkg_arch
- name: "2023-04-30: MOODLE 4.2+ REQUIRES PHP 8 AND *FULL* 64-BIT OPERATION -- SO WE REVERT TO TRYING THE OLDER MOODLE 4.1 LTS WHEN NECESSARY -- NOTE PHP 7.x END-OF-LIFE WAS NOVEMBER 2022"
- name: "2023-04-30: MOODLE 4.2+ REQUIRES PHP 8 -- SO THIS TEMPORARY PATCH INSTALLS THE OLDER MOODLE 4.1 LTS ON OS's WITH PHP 7.x -- WHOSE END-OF-LIFE WAS NOVEMBER 2022"
set_fact:
moodle_version: MOODLE_401_STABLE # i.e. Moodle 4.1 LTS
when: php_version is version('8.0', '<') or not dpkg_arch.stdout is search("64")
when: php_version is version('8.0', '<')
- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~476 MB initially, ~504 MB later) if OS PHP {{ php_version }} < 8.4
- name: Download (clone) {{ moodle_repo_url }} branch '{{ moodle_version }}' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} < 8.3
git:
repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle
dest: "{{ moodle_base }}" # /opt/iiab/moodle
depth: 1
version: "{{ moodle_version }}" # e.g. MOODLE_404_STABLE (Moodle 4.4)
when: php_version is version('8.4', '<')
version: "{{ moodle_version }}" # e.g. MOODLE_402_STABLE (Moodle 4.2)
when: php_version is version('8.3', '<')
- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'main' to {{ moodle_base }} (~476 MB initially, ~504 MB later) if OS PHP {{ php_version }} >= 8.4"
- name: "MOODLE PRE-RELEASE TESTING: Download (clone) {{ moodle_repo_url }} branch 'master' to {{ moodle_base }} (~389 MB initially, ~416 MB later) if OS PHP {{ php_version }} >= 8.3"
git:
repo: "{{ moodle_repo_url }}"
dest: "{{ moodle_base }}"
depth: 1
version: main # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023, 4.4dev in Oct 2023, 4.5dev in Apr 2024, 5.0dev in Oct 2024)
when: php_version is version('8.4', '>=')
version: master # For "weekly" Moodle pre-releases: https://download.moodle.org/releases/development/ (e.g. 3.5beta+ in May 2018, 4.1dev in Sept 2022, 4.2dev in Dec 2022, 4.3dev in May 2023)
when: php_version is version('8.3', '>=')
- name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644)
file:
@ -188,7 +168,7 @@
# 2021-11-19: Resolves Moodle error https://github.com/iiab/iiab/issues/3024
- name: Set cron job to run /opt/iiab/moodle/admin/cli/cron.php every minute (* * * * *) in /var/spool/cron/crontabs/www-data -- per https://docs.moodle.org/310/en/Cron
cron:
name: https://docs.moodle.org/en/Cron
name: https://docs.moodle.org/310/en/Cron
user: www-data
job: "/usr/bin/php /opt/iiab/moodle/admin/cli/cron.php >/dev/null"

2
roles/moodle/templates/moodle-nginx.conf.j2
View file

@ -29,7 +29,7 @@ location ~ ^/moodle(.*)\.php(.*)$ {
# Uncomment to override /etc/php/<VERSION>/fpm/php.ini -- FYI Stage 4's
# roles/www_options/tasks/main.yml FORCES these same settings and more
# (equivalent to 'nginx_high_php_limits: True') when 'moodle_install: True'
#fastcgi_param PHP_VALUE "max_execution_time=300\n upload_max_filesize=10000M\n post_max_size=10000M\n max_input_vars=5000";
#fastcgi_param PHP_VALUE "max_execution_time=300\n upload_max_filesize=500M\n post_max_size=500M\n max_input_vars=5000";
}
location ~ ^/moodle {

17
roles/munin/tasks/install.yml
View file

@ -4,12 +4,12 @@
# SEE ALSO roles/network/tasks/install.yml
- name: "TEMPORARILY REVERT net.ipv6.conf.all.disable_ipv6 to 0 in /etc/sysctl.conf for #3434"
- name: TEMPORARILY REVERT net.ipv6.conf.all.disable_ipv6 to 0 in /etc/sysctl.conf for #3434
sysctl:
name: net.ipv6.conf.all.disable_ipv6
value: 0
- name: "Install 4 packages: libcgi-fast-perl, munin, munin-node, munin-plugins-extra"
- name: "Install 5 packages: libcgi-fast-perl, munin, munin-node, munin-plugins-extra, python3-passlib"
package:
name:
#- libapache2-mod-fcgid
@ -17,15 +17,9 @@
- munin
- munin-node
- munin-plugins-extra
#- python3-passlib # For Ansible module 'htpasswd' in Ansible collection community.general -- used just below
- python3-passlib # For Ansible module 'htpasswd' in Ansible collection community.general -- used just below
state: present
- name: pip install 'passlib' into venv /usr/local/ansible -- for Ansible module 'htpasswd' in Ansible collection community.general -- used just below
pip:
name: passlib
virtualenv: /usr/local/ansible
extra_args: "--upgrade --no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560
# SEE ALSO roles/network/tasks/install.yml
- name: RESTORE net.ipv6.conf.all.disable_ipv6 to 1 in /etc/sysctl.conf for #3434
sysctl:
@ -38,7 +32,7 @@
name: "{{ munin_username}}" # Admin
password: "{{ munin_password }}" # changeme
- name: If MySQL is installed, let Munin monitor it
- name: If MySQL is enabled, let Munin monitor it
copy:
src: "{{ item }}"
dest: /etc/munin/plugins/
@ -50,8 +44,7 @@
- /usr/share/munin/plugins/mysql_queries
- /usr/share/munin/plugins/mysql_slowqueries
- /usr/share/munin/plugins/mysql_threads
when: mysql_installed
#when: mysql_enabled
when: mysql_enabled
# RECORD Munin AS INSTALLED

15
roles/mysql/tasks/enable-or-disable.yml
View file

@ -1,15 +0,0 @@
- name: Enable & Start MySQL ({{ mysql_service }}) systemd service, if mysql_enabled
systemd:
name: "{{ mysql_service }}"
daemon_reload: yes
state: started
enabled: yes
when: mysql_enabled
# We had to start MySQL in order to configure it, now turn if off if not enabled
- name: Disable & Stop MySQL ({{ mysql_service }}) systemd service, if not mysql_enabled
systemd:
name: "{{ mysql_service }}"
enabled: no
state: stopped
when: not mysql_enabled

10
roles/mysql/tasks/install.yml
View file

@ -3,22 +3,16 @@
register: df1
- name: 'Install MySQL packages: mariadb-server, mariadb-client, php{{ php_version }}-mysql'
- name: 'Install MySQL packages: mariadb-server, mariadb-client, php{{ php_version }}-mysql, python3-pymysql'
package:
name:
- mariadb-server
- mariadb-client
#- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
- php{{ php_version }}-mysql # Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx.yml, wordpress/tasks/install.yml
#- python3-pymysql # For Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in MySQL roles {mediawiki, nextcloud, wordpress} and possibly {elgg, pbx}
- python3-pymysql # For Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in MySQL roles {mediawiki, nextcloud, wordpress} and possibly {elgg, pbx}
state: present
- name: pip install 'PyMySQL' into venv /usr/local/ansible -- for Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in roles {mediawiki, nextcloud, wordpress, matomo, pbx}
pip:
name: PyMySQL
virtualenv: /usr/local/ansible
extra_args: "--upgrade --no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560
# 2020-07-11: 10 PHP package installs moved to roles/www_base/tasks/main.yml
# php{{ php_version }}-sqlite3 install moved to roles/osm-vector-maps/tasks/install.yml

57
roles/mysql/tasks/main.yml
View file

@ -26,33 +26,40 @@
var: mysql_installed
- block:
- name: Install MySQL if 'mysql_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: mysql_installed is undefined
- name: Install MySQL if 'mysql_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: mysql_installed is undefined
- include_tasks: enable-or-disable.yml
- name: Enable & Start MySQL ({{ mysql_service }}) systemd service, if mysql_enabled
systemd:
name: "{{ mysql_service }}"
daemon_reload: yes
state: started
enabled: yes
when: mysql_enabled
- name: Add 'mysql' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: mysql
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: MySQL
- option: description
value: '"MySQL is a widely used free and open source (GPLv2) database, offered by most web hosting services, on a diversity of platforms."'
- option: mysql_install
value: "{{ mysql_install }}"
- option: mysql_enabled
value: "{{ mysql_enabled }}"
# We had to start MySQL in order to configure it, now turn if off if not enabled
- name: Disable & Stop MySQL ({{ mysql_service }}) systemd service, if not mysql_enabled
systemd:
name: "{{ mysql_service }}"
enabled: no
state: stopped
when: not mysql_enabled
rescue:
- name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
fail:
msg: ""
when: not skip_role_on_error
- name: Add 'mysql' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: mysql
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: MySQL
- option: description
value: '"MySQL is a widely used free and open source (GPLv2) database, offered by most web hosting services, on a diversity of platforms."'
- option: mysql_install
value: "{{ mysql_install }}"
- option: mysql_enabled
value: "{{ mysql_enabled }}"

4
roles/network/defaults/main.yml
View file

@ -55,7 +55,7 @@ strict_networking: False
iiab_demo_mode: False
gui_static_wan: False
wan_cidr: ""
virtual_network_devices: "-e wwlan -e ppp -e ap0 -e lo -e br0 -e tun -e br- -e docker -e bridge0 -e veth -e tailscale0"
virtual_network_devices: "-e wwlan -e ppp -e ap0 -e lo -e br0 -e tun -e br- -e docker -e bridge0 -e veth"
# Set defaults for discovery process as strings
wifi1: "not found-1"
@ -71,8 +71,6 @@ iiab_lan_iface: none
discovered_lan_iface: none
discovered_wired_iface: none
discovered_wireless_iface: none
# use the same case as what `iw reg get` would return with 00 present
host_country_code_found: UNSET
# Red Hat
#iiab_wired_lan_iface: "none"

2
roles/network/tasks/NM-debian.yml
View file

@ -78,7 +78,7 @@
- name: Reload systemd
systemd:
daemon_reload: yes
when: not no_net_restart or not iiab_lan_iface == "br0"
when: not iiab_lan_iface == "br0"
- name: Restart the NetworkManager service
systemd:

65
roles/network/tasks/detected_network.yml
View file

@ -239,41 +239,6 @@
iiab_lan_iface: "{{ iiab_wireless_lan_iface }}"
when: iiab_wireless_lan_iface is defined and nobridge is defined
- name: Detect WiFi country code in use
shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||"
register: REG_DOM
ignore_errors: True
- name: Set host_country_code_found
set_fact:
host_country_code_found: "{{ REG_DOM.stdout }}"
when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0
- name: Set Wifi Region country to {{ REG_DOM.stdout }} for hostapd when present
set_fact:
host_country_code: "{{ REG_DOM.stdout }}"
when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0 and wifi_up_down and can_be_ap and has_wifi_gateway is defined
- name: Detect current Wifi channel
shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2
register: current_client_channel
when: wifi_up_down and can_be_ap and has_wifi_gateway is defined
- name: Forcing wifi_up_down to False based on firmware selection "24"
set_fact:
wifi_up_down: False
when: rpi3bplus_rpi4_wifi_firmware == "24"
- name: Detect "Firmware rejected country setting" in dmesg (invert return code, for intentional red error)
shell: '! dmesg | grep ieee80211 | grep "Firmware rejected country setting"'
register: FW_rejected_country
ignore_errors: True
- name: Detect country code passed from cmdline in dmesg
shell: dmesg | grep -om1 'cfg80211\.ieee80211_regdom=\S*' | cut -d= -f2
register: cmdline_country_code
ignore_errors: True
- name: In VM disable LAN - needs local_vars entry to activate
set_fact:
iiab_lan_iface: none
@ -330,36 +295,6 @@
value: "{{ iiab_wan_iface }}"
- option: can_be_ap
value: "{{ can_be_ap }}"
- option: host_country_code_found
value: "{{ host_country_code_found }}"
- option: wifi_firmware_43430
value: "{{ rpizerow_rpi3_wifi_firmware }}"
- option: wifi_firmware_43455
value: "{{ rpi3bplus_rpi4_wifi_firmware }}"
- name: Add 'detected_network' variable 'current_client_channel_found' stdout value ({{ current_client_channel.stdout }}) if defined and non-empty, to {{ iiab_ini_file }}
ini_file:
dest: "{{ iiab_ini_file }}"
section: detected_network
option: client_wifi_channel_found
value: "{{ current_client_channel.stdout }}"
when: current_client_channel.stdout is defined and current_client_channel.stdout != ""
- name: Add 'detected_network' variable 'FW_rejected_country' stdout value ({{ FW_rejected_country.stdout }}) if defined and non-empty, to {{ iiab_ini_file }}
ini_file:
dest: "{{ iiab_ini_file }}"
section: detected_network
option: FW_rejected_country
value: "{{ FW_rejected_country.stdout }}"
when: FW_rejected_country.stdout is defined and FW_rejected_country.stdout != ""
- name: Add 'detected_network' variable 'cmdline_country_code' stdout value ({{ cmdline_country_code.stdout }}) if defined and non-empty, to {{ iiab_ini_file }}
ini_file:
dest: "{{ iiab_ini_file }}"
section: detected_network
option: cmdline_country_code
value: "{{ cmdline_country_code.stdout }}"
when: cmdline_country_code.stdout is defined and cmdline_country_code.stdout != ""
# well if there ever was a point to tell the user things are FUBAR this is it.
# limit 2 network adapters wifi wired

29
roles/network/tasks/hostapd.yml
View file

@ -3,12 +3,28 @@
hostapd_enabled: False
when: (not wifi_up_down and discovered_wireless_iface == iiab_wan_iface) or discovered_wireless_iface == "none" or not can_be_ap
- name: Disable the Access Point 'hostapd' service if hostapd_enabled False
- name: Disable the Access Point 'hostapd' service
systemd:
name: hostapd
enabled: no
when: not hostapd_enabled
- name: Detect WiFi country code in use
shell: iw reg get | grep country | grep -v UNSET | awk '{print $2}' | sed "s|:||"
register: REG_DOM
ignore_errors: True
when: wifi_up_down and can_be_ap and has_wifi_gateway is defined
- name: Set Wifi Region country code for hostapd when present
set_fact:
host_country_code: "{{ REG_DOM.stdout }}"
when: REG_DOM.stdout is defined and REG_DOM.stdout | length > 0
- name: Detect current Wifi channel
shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2
register: current_client_channel
when: wifi_up_down and can_be_ap and has_wifi_gateway is defined
- name: Setting WiFi channel to {{ current_client_channel.stdout }}
set_fact:
host_channel: "{{ current_client_channel.stdout }}"
@ -115,3 +131,14 @@
value: "{{ host_country_code }}"
- option: host_channel
value: "{{ host_channel }}"
- name: Add 'network' variable 'current_client_channel' value if defined, to {{ iiab_ini_file }}
ini_file:
dest: "{{ iiab_ini_file }}"
section: network
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: client_wifi_channel
value: "{{ current_client_channel.stdout }}"
when: current_client_channel.stdout is defined

15
roles/network/tasks/install.yml
View file

@ -18,7 +18,7 @@
# total download size) and they can help IIAB field operators with BOTH
# (1) internal WiFi AND (2) USB WiFi devices inserted anytime/later.
- name: 'Install 11 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, networkd-dispatcher, rfkill, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network'
- name: 'Install 12 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, networkd-dispatcher, rfkill, wireless-tools, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network'
package:
name:
- avahi-daemon # 97kB download: RasPiOS (and package libnss-mnds, below) install this regardless -- holdover from the XO days and used to advertise ssh/admin-console being available via avahi-daemon -- used with https://github.com/iiab/iiab/blob/master/roles/network/tasks/avahi.yml
@ -31,19 +31,12 @@
- libnss-mdns # 27kB download: RasPiOS (and package avahi-daemon, above) install this regardless -- client-side library -- provides name resolution via mDNS (Multicast DNS) using Zeroconf/Bonjour e.g. Avahi
- netmask # 25kB download: Handy utility -- helps determine network masks
- net-tools # 248kB download: RasPiOS installs this regardless -- @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output?
- networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes
- rfkill # 87kB download: RasPiOS installs this regardless -- enable & disable wireless devices
- wireless-tools # 112kB download: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions
- wpasupplicant # 1188kB download: RasPiOS installs this regardless -- client library for connections to a WiFi AP
state: present
# 2024-10-02: Legacy apt package 'wireless-tools' no longer offered by Ubuntu
# 24.10+ (#3805) but FYI: https://en.wikipedia.org/wiki/Wireless_tools_for_Linux
- name: "Install legacy apt package wireless-tools, if OS still supports it -- or intentionally show (HARMLESS!) red error -- helping to monitor Linux's evolution"
package:
name: wireless-tools # 112kB download: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions
state: present
ignore_errors: True # Intentionally show red error, and continue.
#failed_when: False # Hides red errors (stronger than 'ignore_errors: yes')
# 2021-08-17: Debian ignores this, according to 2013 post:
# https://serverfault.com/questions/511099/debian-ignores-etc-network-if-pre-up-d-iptables
# - name: Install /etc/network/if-pre-up.d/iptables from template (0755)
@ -107,7 +100,7 @@
- roles/network/templates/gateway/iiab-internet-on # Invoked by 1-prep (so full path needed)
- roles/network/templates/gateway/iiab-internet-off # Invoked by 1-prep (so full path needed)
- name: 'Install /usr/local/sbin/iiab-netwarn for pop-ups on boot, if iiab-network should be run'
- name: 'Install /usr/local/sbin/netwarn for pop-ups on boot, if iiab-network should be run'
include_tasks: roles/network/tasks/netwarn.yml # Invoked by 1-prep (so full path needed)

21
roles/network/tasks/main.yml
View file

@ -1,3 +1,8 @@
- name: Select RPi firmware mode
include_role:
name: firmware
when: rpi_model != "none"
- name: detected_network
include_tasks: detected_network.yml
@ -63,13 +68,6 @@
#### End services
#### Start network layout
# 2024-12-18: As `rfkill unblock wifi` formerly in rpi_debian.yml wasn't enough, especially with NM (NetworkManager)
- name: Run 'raspi-config nonint do_wifi_country {{ host_country_code }}' (using var host_country_code) to unblock WiFi, if RasPiOS
command: raspi-config nonint do_wifi_country {{ host_country_code }}
when: is_raspbian
#ignore_errors: True
#- name: Redhat networking
# include_tasks: ifcfg_mods.yml
# when: is_redhat
@ -77,13 +75,13 @@
- name: NetworkManager in use
include_tasks: NM-debian.yml
when: network_manager_active
#when: is_debuntu and network_manager_active
- name: systemd-networkd in use
include_tasks: sysd-netd-debian.yml
when: systemd_networkd_active
#when: systemd_networkd_active and not network_manager_active # 2023-10-11: NOT the right way to solve #3657 (systemd-resolved issue on RasPiOS 12+) as this would damage Ubuntu/Mint.
#when: is_debuntu and systemd_networkd_active
# 2023-10-11: Should rpi_debian.yml go away in future, now that RasPiOS Bookworm uses NetworkManager?
- name: Raspbian can use dhcpcd only with no N-M or SYS-NETD active
include_tasks: rpi_debian.yml
when: is_raspbian and not network_manager_active
@ -103,11 +101,6 @@
# end block
when: network_installed is defined and network_enabled
- name: Select RPi firmware mode
include_role:
name: firmware
when: rpi_model != "none"
- name: Create {{ iiab_etc_path }}/install-flags/iiab-network-complete on second pass of network role.
file:

26
roles/network/tasks/netwarn.yml
View file

@ -1,21 +1,21 @@
# 2022-07-22: SIMILAR TO roles/iiab-admin/tasks/pwd-warnings.yml FOR passwords
# AND roles/www_options/tasks/main.yml FOR browser
# 2022-07-22: An /etc/profile.d/ version like /etc/local/sbin/iiab-netwarn but for
# shell / ssh logins (across all OS's/distros/window managers) might also make sense?
# 2022-07-22: An /etc/profile.d/ version like /etc/local/sbin/netwarn but for
# ssh sessions (across all OS's/distros/window managers) might also make sense?
- name: Does directory /home/{{ iiab_admin_user }}/.config/labwc/ exist?
- name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist?
stat:
path: /home/{{ iiab_admin_user }}/.config/labwc/
register: labwc_dir
path: /etc/xdg/lxsession/LXDE-pi/autostart
register: lxde_pi_autostart_present
- name: If so, add '/usr/local/sbin/iiab-netwarn &' to /home/{{ iiab_admin_user }}/.config/labwc/autostart
- name: If so, add /usr/local/sbin/netwarn to /etc/xdg/lxsession/LXDE-pi/autostart
lineinfile:
path: /home/{{ iiab_admin_user }}/.config/labwc/autostart # iiab-admin
create: yes
line: '/usr/local/sbin/iiab-netwarn &'
when: labwc_dir.stat.exists and labwc_dir.stat.isdir
path: /etc/xdg/lxsession/LXDE-pi/autostart
regexp: '^/usr/local/sbin/netwarn$'
line: '/usr/local/sbin/netwarn'
when: lxde_pi_autostart_present.stat.exists
# mate desktop detection based on 'register: nd_dir' in enable_services
@ -39,9 +39,9 @@
# (Let's insert those here if so, and refine the 'when:' line below.)
- name: 'If a supported graphical OS is detected, install from template: /usr/local/sbin/iiab-netwarn'
- name: 'If a supported graphical OS is detected, install from template: /usr/local/sbin/netwarn'
template:
src: roles/network/templates/netwarn/iiab-netwarn # Invoked by 1-prep (so full path needed)
src: roles/network/templates/netwarn/netwarn # Invoked by 1-prep (so full path needed)
dest: /usr/local/sbin/
mode: 0755
when: (labwc_dir.stat.exists and labwc_dir.stat.isdir) or (mate_dir.stat.exists and mate_dir.stat.isdir)
when: lxde_pi_autostart_present or (mate_dir.stat.exists and mate_dir.stat.isdir)

12
roles/network/tasks/restart.yml
View file

@ -12,7 +12,7 @@
state: restarted
with_items:
- wpa_supplicant
when: wifi_up_down and hostapd_enabled and not network_manager_active
when: wifi_up_down and hostapd_enabled
- name: Enable & Restart networkd-dispatcher.service
systemd:
@ -28,16 +28,12 @@
state: restarted
when: wifi_up_down and can_be_ap and ansible_ap0 is undefined
- name: Waiting {{ hostapd_wait }} seconds for network to stabilize for ap0
shell: sleep {{ hostapd_wait }}
when: ansible_ap0 is undefined
- name: Restart hostapd when WiFi is present but not when using WiFi as gateway
- name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False
systemd:
name: hostapd
state: restarted
daemon_reload: yes
when: hostapd_enabled and not no_net_restart
when: hostapd_enabled and (wifi_up_down or not no_net_restart)
# 2022-07-22: @jvonau suggests commenting this out as: "we really don't touch
# any of the config files... netplan.yml renames one file if it's a container
@ -111,7 +107,7 @@
systemd:
name: hostapd
state: restarted
when: hostapd_enabled and not no_net_restart and wifi_slave.stdout is defined and wifi_slave.stdout == 0
when: hostapd_enabled and wifi_slave.stdout is defined and wifi_slave.stdout == 0
#both interfaces.d and systemd-networkd should have br0 available and Appliance lacks br0
#keep an eye on legacy wifi installs where br0 is present but not 'online' with an ip address

9
roles/network/tasks/rpi_debian.yml
View file

@ -53,11 +53,10 @@
line: country={{ host_country_code }}
when: country_code.stdout is defined and country_code.stdout | length == 0
# 2024-12-18: SEE 'raspi-config nonint do_wifi_country {{ host_country_code }}' in roles/network/tasks/main.yml
# # This should go away, should only be unblocked by raspi-config
# - name: Enable the WiFi with rfkill
# shell: rfkill unblock wifi
# ignore_errors: True
# This should go away, should only be unblocked by raspi-config
- name: Enable the WiFi with rfkill
shell: rfkill unblock 0
ignore_errors: True
- name: Copy the bridge script for RPi
template:

16
roles/network/tasks/sysd-netd-debian.yml
View file

@ -1,20 +1,4 @@
# sysd-netd-debian.yml
- name: Install networkd-dispatcher
package:
name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes
# 2023-10-14 #3657, #3658, #3659: New RasPiOS 12/Bookworm issue.
# FWIW Ubuntu >= 22.10 offers 'systemd-resolved' as a distinct apt package.
# Whereas Ubuntu <= 22.04 bundled the functionality within apt package 'systemd'
# Debian 12/Bookworm (like Ubuntu >= 22.10) offers it as a distinct package:
# https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#systemd-resolved
- name: Install systemd-resolved (or intentionally show red error then continue, if apt package not available)
package:
name: systemd-resolved # 278kB download: For RasPiOS 12/Bookworm
ignore_errors: yes
#shell: apt -y install systemd-resolved || true
#when: is_raspbian and os_ver is version('raspbian-12', '>=')
- name: Copy the bridge script - Creates br0
template:
dest: /etc/systemd/network/IIAB-Bridge.netdev

2
roles/network/templates/gateway/iiab-gen-iptables
View file

@ -39,7 +39,7 @@ IPTABLES_DATA=/etc/sysconfig/iptables
# https://github.com/iiab/iiab/blob/master/roles/firmware/templates/iiab-check-firmware#L10-14
# https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L52
# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region#L23-L39
# https://github.com/iiab/iiab/blob/master/roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN
# https://github.com/iiab/iiab/blob/master/roles/openvpn/templates/iiab-support READS AND WRITES, INCL NON-BOOLEAN
# "awk '{print $2}'" almost works, but: (1) Fails to remove outer quotes, and
# (2) Chops up Ansible vars containing multiple words w/o surrounding quotes.

4
roles/network/templates/hostapd/iiab-hotspot-off
View file

@ -14,7 +14,7 @@ echo " IIAB hotspot access point Disabled"
#exit 0
{% else %}
echo " IIAB hotspot access point Disabled"
{% if dhcpcd_result == "enabled" %}
{% if is_raspbian %}
# hotspot-off before ap0_updown
sed -i "s/^denyinterfaces/#denyinterfaces/" /etc/dhcpcd.conf
#systemctl disable dnsmasq
@ -37,7 +37,7 @@ fi
echo -e "\nIf you're enabling upstream WiFi, please reboot now.\n"
#exit 0
{% endif %}
#if dhcpcd_result == "enabled"
#is_raspbian
{% endif %}
#wifi_up_down
{% endif %}

4
roles/network/templates/hostapd/iiab-hotspot-on
View file

@ -16,7 +16,7 @@ systemctl enable hostapd
systemctl enable iiab-wifi-test.service
#exit 0
{% else %}
{% if dhcpcd_result == "enabled" %}
{% if is_raspbian %}
# just do what we have always done in hotspot-on
cp -f /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf
sed -i "s/^#denyinterfaces/denyinterfaces/" /etc/dhcpcd.conf
@ -44,7 +44,7 @@ fi
systemctl enable hostapd
#exit 0
{% endif %}
#if dhcpcd_result == "enabled"
#is_raspbian
{% endif %}
#wifi_up_down
{% endif %}

17
roles/network/templates/netwarn/iiab-netwarn → roles/network/templates/netwarn/netwarn
View file

@ -1,21 +1,14 @@
#!/bin/bash
# CONFUSING BUT FYI: Steps below run *strictly sequentially* when this script
# (/usr/local/sbin/iiab-netwarn) is run on boot, triggered by either autostart:
# https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html
# ...or by Wayland compositor's ~/.config/labwc/autostart in new RasPiOS 12+:
# https://forums.raspberrypi.com/viewtopic.php?t=379321
# (Prior to Dec 2024, RasPiOS compositor Wayfire did the same...)
# https://github.com/iiab/iiab/pull/3685
# https://github.com/WayfireWM/wayfire/wiki/Configuration#autostart
#
# This allows return codes ($rc) to be meaningful, at each successive step.
# CONFUSING BUT FYI: Commands below run *strictly sequentially* when this
# script (/usr/local/sbin/netwarn) is invoked by autostart during OS boot.
# This allows return codes to be meaningful, at each successive step.
# (As of July 2022, this is tested to work well with Ubuntu Mate and "Raspberry
# Pi OS with desktop" on Raspberry Pi 4!)
#
# IN CONTRAST: return codes below are NOT MEANINGFUL when this script is
# invoked manually after boot from a regular graphical desktop session -- so
# make sure to test (either kind of) "autostart" during actual OS boot-up!
# invoked from a regularly graphical desktop session -- so make sure to test
# during an actual OS boot-up, with autostart!
if [ -f /etc/iiab/install-flags/iiab-network-complete ]; then
exit

2
roles/network/templates/netwarn/netwarn-iiab-network.desktop
View file

@ -4,7 +4,7 @@ Comment[en_US]=iiab-network
Name[en_CA]=iiab-network
Comment[en_CA]=iiab-network
Type=Application
Exec=/usr/local/sbin/iiab-netwarn
Exec=/usr/local/sbin/netwarn
Hidden=false
Name=iiab-network
Comment=iiab-network

6
roles/nextcloud/README.md
View file

@ -25,7 +25,7 @@ The Nextcloud suite is divided into three main categories:
To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` _after_ it's created by this template: [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2)</strike>
(3) Be aware of `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, which allocates important RAM/resources to PHP, and is effectively auto-enabled for Nextcloud ([PR #3624](https://github.com/iiab/iiab/pull/3624)). Verify that your Internet-in-a-Box server has enough RAM and disk! And _after_ Nextcloud is installed, verify and evaluate these 6 settings in `/etc/php/[ACTUAL PHP VERSION]/fpm/php.ini` to be sure:
(3) Strongly consider also setting `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 6 settings in `/etc/php/[ACTUAL PHP VERSION]/fpm/php.ini` :
- upload_max_filesize
- post_max_size
@ -38,11 +38,11 @@ FYI IIAB will also update `/etc/php/[ACTUAL PHP VERSION]/cli/php.in` (as Moodle
Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/php-settings.yml#L55-L110](../www_options/tasks/php-settings.yml#L55-L110)
(4) Verify system requirements and recommendations for the [latest version Nextcloud](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule):
(4) If you're running [Nextcloud 22+](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule) in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs. In places like these:
- https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html
- https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
- https://docs.nextcloud.com/server/30/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
- https://docs.nextcloud.com/server/22/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
- https://github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml
## Using It

41
roles/nextcloud/tasks/install.yml
View file

@ -1,18 +1,3 @@
- name: "Set 'mysql_install: True' and 'mysql_enabled: True'"
set_fact:
mysql_install: True
mysql_enabled: True
- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB)
include_role:
name: mysql
- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined'
fail:
msg: "Nextcloud install cannot proceed, as MySQL / MariaDB is not installed."
when: mysql_installed is undefined
- name: Record (initial) disk space used
shell: df -B1 --output=used / | tail -1
register: df1
@ -61,18 +46,12 @@
# February 2020: See @m-anish's PR #2119 and follow-up PR #2258.
# December 2023: Check latest required AND recommended prereqs below!
# e.g. Nextcloud 26 works with PHP 8.2; Nextcloud 27 deprecates PHP 8.0; Nextcloud 28 works with PHP 8.3
# 2023-03-21 & 2023-06-15: Check latest required AND recommended prereqs below.
# e.g. Nextcloud 26 now works with PHP 8.2; Nextcloud 27 deprecates PHP 8.0
# https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html
# https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
# https://docs.nextcloud.com/server/latest/admin_manual/installation/php_configuration.html
# https://docs.nextcloud.com/server/28/admin_manual/installation/
# 2023-12-15: Lifesaver manual upgrade instructions below! As Nextcloud OFTEN
# gets badly stuck (PHP timeouts, leading to FALSE instructions erroneously
# asking you to wait) if its web-based upgrade process is attempted :/
# https://docs.nextcloud.com/server/latest/admin_manual/maintenance/manual_upgrade.html
# https://docs.nextcloud.com/server/27/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
# https://docs.nextcloud.com/server/26/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
- name: Install ffmpeg + libxml2 + 11 PHP packages (run 'php -m' or 'php -i' to verify)
package:
name:
@ -124,14 +103,12 @@
state: directory
path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud
# Nextcloud 25 EOL was 2023-10-01: https://endoflife.date/nextcloud
# https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule#eol-versions
#- name: "2023-03-24: NEXTCLOUD 26 REQUIRES PHP 8 -- SO THIS TEMPORARY PATCH INSTALLS THE OLDER NEXTCLOUD 25 ON OS's WITH PHP 7.x -- WHOSE END-OF-LIFE WAS NOVEMBER 2022"
# set_fact:
# nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2
# when: php_version is version('8.0', '<')
- name: "2023-03-24: NEXTCLOUD 26 REQUIRES PHP 8 -- SO THIS TEMPORARY PATCH INSTALLS THE OLDER NEXTCLOUD 25 ON OS's WITH PHP 7.x -- WHOSE END-OF-LIFE WAS NOVEMBER 2022"
set_fact:
nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2
when: php_version is version('8.0', '<')
- name: Unarchive {{ nextcloud_dl_url }} (~216 MB) to {{ nextcloud_root_dir }} (~844 MB initially, sometimes ~878 MB later, {{ apache_user }}:{{ apache_user }})
- name: Unarchive {{ nextcloud_dl_url }} (~172 MB) to {{ nextcloud_root_dir }} (~606 MB initially, sometimes ~642 MB later, {{ apache_user }}:{{ apache_user }})
unarchive:
remote_src: yes # Overwrite even if "already exists on the target"
src: "{{ nextcloud_dl_url }}"

6
roles/nextcloud/templates/nextcloud-nginx.conf.j2
View file

@ -59,7 +59,7 @@ location ^~ {{ nextcloud_url }} {
}
# set max upload size
client_max_body_size 10000M;
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
@ -85,7 +85,7 @@ location ^~ {{ nextcloud_url }} {
deny all;
}
location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+)\.php(?:$|\/) {
location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
@ -102,7 +102,7 @@ location ^~ {{ nextcloud_url }} {
fastcgi_request_buffering off;
}
location ~ ^\/nextcloud\/(?:updater|ocs-provider)(?:$|\/) {
location ~ ^\/nextcloud\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}

2
roles/nginx/README.md
View file

@ -52,11 +52,11 @@
* kalite (menu goes directly to ports 8006-8008)
* minetest
* mosquitto
* openvpn
* pbx [FreePBX is usable with _both_ NGINX and Apache as of 2021-08-18, thanks to PR [#2954](https://github.com/iiab/iiab/pull/2954)]
* phpmyadmin [*, requires Apache for now, as in Section iii.]
* samba [*, [PR #2923](https://github.com/iiab/iiab/pull/2923)]
* sshd
* tailscale
* transmission
* vnstat

15
roles/nginx/templates/iiab.conf.j2
View file

@ -5,25 +5,10 @@ location / {
location /usb {
alias /library/www/html/local_content/;
fancyindex on; # autoindex on;
add_before_body /upload2usb/button.html;
}
location ~ ^/upload2usb/(.*)\.php$ {
alias /library/www/html/upload2usb/$1.php;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
fastcgi_pass php;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
include fastcgi_params;
}
location /local_content/ {
fancyindex on; # autoindex on;
add_before_body /upload2usb/button.html;
}
location /info {

8
roles/nginx/templates/server.conf.j2
View file

@ -8,13 +8,13 @@ server {
index index.php index.html index.htm;
# NGINX's 1MB default is far too low for Calibre-Web and LMS-like apps.
# So IIAB sets this to 10000M, roughly aligning with similar settings...
# 1. 'upload_max_filesize = 10000M' and 'post_max_size = 10000M' are SOMETIMES set in:
# So IIAB sets this to 500M, roughly aligning with similar settings...
# 1. 'upload_max_filesize = 500M' and 'post_max_size = 500M' are SOMETIMES set in:
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml#L90-L91
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml#L104-L105
# 2. 'client_max_body_size 10000M;' is set in:
# 2. 'client_max_body_size 512M;' is set in:
# https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud-nginx.conf.j2#L62
client_max_body_size 10000M;
client_max_body_size 500M;
# let individual services drop location blocks in conf.d
include {{ nginx_conf_dir }}/*;

0
roles/0-DEPRECATED-ROLES/openvpn/defaults/main.yml → roles/openvpn/defaults/main.yml
View file

0
roles/0-DEPRECATED-ROLES/openvpn/tasks/enable-or-disable.yml → roles/openvpn/tasks/enable-or-disable.yml
View file

0
roles/0-DEPRECATED-ROLES/openvpn/tasks/install.yml → roles/openvpn/tasks/install.yml
View file

0
roles/0-DEPRECATED-ROLES/openvpn/tasks/main.yml → roles/openvpn/tasks/main.yml
View file

0
roles/0-DEPRECATED-ROLES/openvpn/templates/15-openvpn.unused → roles/openvpn/templates/15-openvpn.unused
View file

0
roles/0-DEPRECATED-ROLES/openvpn/templates/announce → roles/openvpn/templates/announce
View file

0
roles/0-DEPRECATED-ROLES/openvpn/templates/announcer → roles/openvpn/templates/announcer
View file

0
roles/0-DEPRECATED-ROLES/openvpn/templates/ca.crt → roles/openvpn/templates/ca.crt
View file

0
roles/0-DEPRECATED-ROLES/openvpn/templates/client1.crt → roles/openvpn/templates/client1.crt
View file

0
roles/0-DEPRECATED-ROLES/openvpn/templates/client1.key → roles/openvpn/templates/client1.key
View file

0
roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-remote-off → roles/openvpn/templates/iiab-remote-off
View file

0
roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-remote-on.j2 → roles/openvpn/templates/iiab-remote-on.j2
View file

0
roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support → roles/openvpn/templates/iiab-support
View file

0
roles/0-DEPRECATED-ROLES/openvpn/templates/iiab-support.older → roles/openvpn/templates/iiab-support.older
View file

0
roles/0-DEPRECATED-ROLES/openvpn/templates/openvpn_handle.j2.unused → roles/openvpn/templates/openvpn_handle.j2.unused
View file

0
roles/0-DEPRECATED-ROLES/openvpn/templates/silence → roles/openvpn/templates/silence
View file

0
roles/0-DEPRECATED-ROLES/openvpn/templates/xscenet.conf.j2 → roles/openvpn/templates/xscenet.conf.j2
View file

14
roles/pbx/README.adoc
View file

@ -4,11 +4,9 @@
https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony.
As of December 2024, IIAB supports https://www.asterisk.org/asterisk-news/asterisk-22-0-0-now-available/[Asterisk 22] and https://sangomakb.atlassian.net/wiki/spaces/FP/pages/222101505/FreePBX+17[FreePBX 17] (https://www.freepbx.org/freepbx-17-is-now-ga/[announcement]). A https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[modern OS with PHP 8.x] is required (https://github.com/iiab/iiab/pull/3675[PR #3675]).
As of March 2023, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+20+Documentation[Asterisk 20] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16].
////
*PHP 7.4 is unfortunately REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556], https://github.com/iiab/iiab/pull/3675[#3675]) &mdash; sadly this remains true as of 2024-01-13 with https://www.freepbx.org/freepbx-17-beta-release-and-debian-future/[FreePBX 17 BETA], and may remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so if you really must try to force an install onto dangerously EOL'd (end-of-life as of November 2022) PHP 7.4, consider an older OS like https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]). RECAP: IIAB does _NOT_ support such dangerous/older OS's!*
////
*PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/issues/3556[#3556]) &mdash; this remains true in 2023, and will likely remain true until https://github.com/FreePBX/framework/tree/release/17.0[FreePBX 17] is eventually released &mdash; so please consider installing on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Debian 11 "Bullseye", or 64-bit Raspberry Pi OS versions based on "Bullseye"] (https://github.com/iiab/iiab/pull/3523[PR #3523]).*
////
As of August 2021, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+18+Documentation[Asterisk 18] and https://www.freepbx.org/freepbx-16-beta-is-here/[FreePBX 16 Beta], as required by the latest PHP 7.4 Linux OS's (https://github.com/iiab/iiab/pull/2899[PR #2899]). Please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04+, Debian 11 — or the imminent Raspberry Pi OS 11 "Bullseye"].
@ -63,14 +61,12 @@ If using PBX intensively, please adjust `/etc/php/X.Y/apache2/php.ini`, `/etc/ph
nginx_high_php_limits: True
----
+
////
As of April 2023 (https://github.com/iiab/iiab/pull/3523[PR #3523]) IIAB will patch Asterisk automatically (https://github.com/asterisk/asterisk/pull/32[PR asterisk/asterisk#32]) so it can be run experimentally on Raspberry Pi, so long as you keep this default settings:
+
----
asterisk_rpi_patch: True
----
+
////
Optionally, you may want to enable https://github.com/wdoekes/asterisk-chan-dongle[chan_dongle], which is a channel driver for Huawei UMTS cards (e.g. 3G USB dongles) allowing regular voice calls over GSM mobile networks. You will need to configure a dongle post-install, for it to be recognized properly:
+
----
@ -357,10 +353,4 @@ In May 2022, installation of FreePBX was made more resilient in https://github.c
* Ron Raikes' routine to install FreePBX from GitHub: https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15
In 2024, see also the official:
* https://sangomakb.atlassian.net/wiki/spaces/FP/pages/222101505/FreePBX+17[FreePBX 17] Installation Script (for Debian 12): https://github.com/FreePBX/sng_freepbx_debian_install
* FreePBX 17 Installation: https://sangomakb.atlassian.net/wiki/spaces/FP/pages/230326391/FreePBX+17+Installation
* Step By Step Debian 12 Installation: https://sangomakb.atlassian.net/wiki/spaces/FP/pages/295403538/Step+By+Step+Debian+12+Installation
Thank you to _ALL_ who've contributed — including Lemuel D'Souza, Jerry Vonau, Adam Holt and Anish Mangal!

4
roles/pbx/defaults/main.yml
View file

@ -26,13 +26,13 @@
asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk
asterisk_src_file: asterisk-22-current.tar.gz
asterisk_src_file: asterisk-20-current.tar.gz
asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab
# freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4
# freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25 #3228: Filename has become bogus (as it's not really the latest!) Manually unpacking the latest .tar.gz for FreePBX 16.x from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx can work if absolutely nec.
freepbx_git_url: https://github.com/FreePBX/framework
freepbx_git_branch: release/17.0 # STILL IN FLUX AS OF FEB 2024: https://github.com/FreePBX/framework/tree/release/17.0
freepbx_git_branch: release/16.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0
freepbx_src_dir: "{{ iiab_base }}/freepbx"
freepbx_install_dir: /var/www/html/freepbx

4
roles/pbx/tasks/asterisk.yml
View file

@ -83,8 +83,8 @@
creates: menuselect.makeopts
- name: Asterisk - Do a bit of menuselect configuration
command: menuselect/menuselect --enable format_mp3 menuselect.makeopts
# 2021-08-06 & 2023-11-19: Let's standardize (ABOVE) if 7 others (BELOW) aren't needed?
command: menuselect/menuselect --enable app_macro --enable format_mp3 menuselect.makeopts
# 2021-08-06: Let's standardize (ABOVE) if 6 others (BELOW) aren't needed?
# command: >
# menuselect/menuselect --enable app_macro --enable format_mp3
# --enable CORE-SOUNDS-EN-WAV --enable CORE-SOUNDS-EN-G722

11
roles/pbx/tasks/freepbx.yml
View file

@ -256,22 +256,19 @@
args:
chdir: "{{ freepbx_src_dir }}"
#creates: "{{ freepbx_install_dir }}" # /var/www/html/freepbx
ignore_errors: yes # 2024-02-25: UGLY / TEMPORARY WORKAROUND #1 OF 2, to bypass "You have successfully installed FreePBX" w/ exit code 1 -- https://github.com/iiab/iiab/pull/3675#issuecomment-1890590227
# 2022-05-25 BACKGROUND: https://github.com/iiab/iiab/pull/3229#issuecomment-1138061460
- name: FreePBX - Revert the above just-installed FreePBX 'framework' module by a few weeks-or-so from GitHub's bleeding edge, to a more official version (which can help to install the ~15 modules below!)
command: fwconsole ma downloadinstall framework
# 2024-02-25: UGLY / TEMPORARY WORKAROUND #2 OF 2, to bypass... 'In DialplanHooks.class.php line 163: Undefined array key "DialplanHooks"' -- https://github.com/iiab/iiab/pull/3675#issuecomment-1890590227
## ERROR IF RUN BELOW: "Unable to connect to remote asterisk"
#- name: FreePBX - Run 'fwconsole reload' - as an additional precaution, per Ron Raikes @ https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15
# command: fwconsole reload
# ERROR IF RUN BELOW: "Unable to connect to remote asterisk"
- name: FreePBX - Run 'fwconsole reload' - as an additional precaution, per Ron Raikes @ https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15
command: fwconsole reload
# DEFAULT MODULE LIST AUG 2021: https://github.com/iiab/iiab/pull/2916#issuecomment-894601522
# YIELDS 2 MORE AS OF MAY 2022: https://github.com/iiab/iiab/pull/3229#issuecomment-1138566339
# NOTHING CHANGED (?) FEB 2024: https://github.com/iiab/iiab/pull/3675#issuecomment-1963081323
- name: FreePBX - Download + Install 15 additional FreePBX default modules (of about 70 total) as if we were installing freepbx-17.0-latest.tgz - THIS CAN TAKE SEVERAL MIN!
- name: FreePBX - Download + Install 15 additional FreePBX default modules (of about 70 total) as if we were installing freepbx-16.0-latest.tgz - THIS CAN TAKE SEVERAL MIN!
command: fwconsole ma downloadinstall callrecording cdr conferences core customappsreg dashboard featurecodeadmin infoservices logfiles music pm2 recordings sipsettings soundlang voicemail

15
roles/pbx/tasks/install.yml
View file

@ -22,21 +22,6 @@
# when: nodejs_version != "12.x"
- name: "Set 'mysql_install: True' and 'mysql_enabled: True'"
set_fact:
mysql_install: True
mysql_enabled: True
- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB)
include_role:
name: mysql
- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined'
fail:
msg: "PBX install cannot proceed, as MySQL / MariaDB is not installed."
when: mysql_installed is undefined
- name: Record (initial) disk space used
shell: df -B1 --output=used / | tail -1
register: df1

10
roles/postgresql/tasks/install.yml
View file

@ -3,20 +3,14 @@
register: df1
- name: 'Install packages: postgresql, postgresql-client'
- name: 'Install packages: postgresql, postgresql-client, python3-psycopg2'
package:
name:
- postgresql
- postgresql-client
#- python3-psycopg2 # For Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml
- python3-psycopg2 # For Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml
state: present
- name: pip install 'psycopg' (NEW Psycopg 3) into venv /usr/local/ansible -- for Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml
pip:
name: psycopg
virtualenv: /usr/local/ansible
extra_args: "--upgrade --no-cache-dir --prefer-binary" # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built! SEE #3560
- name: Run shell command "pg_config --version" to extract MAJOR version number -- strip off MINOR/PATCH version number(s)
shell: pg_config --version | sed 's/^[^0-9]*//; s/[^0-9].*//'
register: pg_config_version

17
roles/pylibs/templates/iiab_lib.py
View file

@ -6,7 +6,6 @@ import os
import json
import subprocess
import shlex
import re
import xml.etree.ElementTree as ET
import iiab.iiab_const as CONST
@ -47,17 +46,11 @@ def get_zim_list(path):
if filename in CONST.old_zim_map: # handle old names that don't parse
perma_ref = CONST.old_zim_map[filename]
else:
# handle various zim name patterns:
# 1. canonical zim ending in _YYYY-MM
# as of 10/16/2024 it looks like all Kiwix zims fit this pattern
# 2. otherwise assume no versioning and perma_ref = filename
match = re.search("_[0-5][0-9][0-5][0-9]-[0-5][0-9]$", filename)
if match:
perma_ref = filename[: match.span()[0]]
else:
perma_ref = filename
ulpos = filename.rfind("_")
# but old gutenberg and some other names are not canonical
if filename.rfind("-") < 0: # non-canonical name
ulpos = filename[:ulpos].rfind("_")
perma_ref = filename[:ulpos]
zim_info['file_name'] = filename
zim_versions[perma_ref] = zim_info # if there are multiples, last should win
return files_processed, zim_versions

2
roles/remoteit/README.md
View file

@ -2,7 +2,7 @@
Remote.it can be a [great way](https://docs.remote.it/introduction/get-started/readme) to remotely support an Internet-in-a-Box (IIAB).
As of [2024](https://remote.it/pricing/), 5 IIAB devices can be managed for free (their personal / non-commercial plan) and larger numbers for $10+/month.
As of [July 2023](https://remote.it/pricing/), 5 IIAB devices can be managed for free (their personal / non-commercial plan) and larger numbers for $10+/month.
For other approaches, please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) -> "How can I remotely manage my Internet-in-a-Box?"

2
roles/sshd/defaults/main.yml
View file

@ -1,4 +1,4 @@
# sshd_install: True
# sshd_install: True # Required by OpenVPN
# sshd_enabled: True
# sshd_port: 22 # Not fully functional. SEE: roles/sshd/tasks/install.yml

4
roles/sugarizer/defaults/main.yml
View file

@ -9,8 +9,8 @@
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
sugarizer_dir_version: sugarizer-1.8.0 # WAS: sugarizer-1.0, sugarizer-master, sugarizer-1.1.0, sugarizer-1.2.0, sugarizer-1.3.0, sugarizer-1.4.0, sugarizer-1.5.0, sugarizer-1.6.0, sugarizer-1.7.0
sugarizer_git_version: v1.8.0 # WAS: v1.0.1, master, v1.1.0, v1.2.0, v1.3.0, v1.4.0, v1.5.0, v1.6.0, v1.7.0
sugarizer_dir_version: sugarizer-1.7.0 # WAS: sugarizer-1.0, sugarizer-master, sugarizer-1.1.0, sugarizer-1.2.0, sugarizer-1.3.0, sugarizer-1.4.0, sugarizer-1.5.0, sugarizer-1.6.0
sugarizer_git_version: v1.7.0 # WAS: v1.0.1, master, v1.1.0, v1.2.0, v1.3.0, v1.4.0, v1.5.0, v1.6.0
# PLEASE HELP MONITOR https://github.com/llaske/sugarizer/releases
sugarizer_server_dir_version: sugarizer-server-1.5.0 # WAS: sugarizer-server-1.0, sugarizer-server-master, sugarizer-server-dev, sugarizer-server-1.1.0, sugarizer-server-1.1.1, sugarizer-server-1.2.0, sugarizer-server-1.3.0, sugarizer-server-1.4.0

Some files were not shown because too many files have changed in this diff Show more