# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN "git pull" IS RUN! # PUT YOUR CUSTOMIZATIONS HERE: /etc/iiab/local_vars.yml # READ "What is local_vars.yml and how do I customize it?" IN http://FAQ.IIAB.IO # Internet-in-a-Box (IIAB) uses True/False to indicate boolean values. # IIAB does NOT currently support uninstalling apps! So: if any IIAB app is # installed with 'APP_XYZ_install: True' below, do NOT later change that. # WARNING: IF YOU CONNECT YOUR IIAB'S INTERNAL WIFI TO THE INTERNET OVER 5 GHz, # YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM # CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below. # IIAB (PRE-)release version number, for {{ iiab_env_file }} iiab_base_ver: 8.1 iiab_revision: 0 # 2022-06-23: ./iiab-install (with 'sudo iiab') follow the traditional linear # install path, intentionally overriding this value, until "SOFTWARE INSTALL IS # COMPLETE". But you can run './iiab-install --risky' if you truly need # iiab-install to run with 'skip_role_on_error: True' (PRs #3255, #3256, #3262) skip_role_on_error: True iiab_etc_path: /etc/iiab # Main configuration file iiab_local_vars_file: "{{ iiab_etc_path }}/local_vars.yml" # Installation status files iiab_env_file: "{{ iiab_etc_path }}/iiab.env" iiab_ini_file: "{{ iiab_etc_path }}/iiab.ini" iiab_state_file: "{{ iiab_etc_path }}/iiab_state.yml" iiab_base: /opt/iiab iiab_dir: "{{ iiab_base }}/iiab" pip_packages_dir: "{{ iiab_base }}/pip-packages" yum_packages_dir: "{{ iiab_base }}/yum-packages" downloads_dir: "{{ iiab_base }}/downloads" iiab_download_url: https://download.iiab.io/packages content_base: /library doc_base: "{{ content_base }}/www" doc_root: "{{ doc_base }}/html" # Python 3 dist path py3_dist_path: /usr/lib/python3/dist-packages # Ansible's default timeout for "get_url:" downloads (10 seconds) often fails download_timeout: 100 # Real-time clock: RTC chip family. Future auto-detection plausible? rtc_id: none # Or ds3231 ? Used in 1-prep/tasks/raspberry_pi.yml # Please read more about the 'iiab-admin' Linux user, for login to IIAB's # Admin Console (http://box.lan/admin) AND to help you at the command-line: # https://github.com/iiab/iiab/tree/master/roles/iiab-admin # https://github.com/iiab/iiab-admin-console/blob/master/Authentication.md # iiab_admin_user: iiab-admin # Some prefer to reuse 'pi' or 'ubuntu' etc. # Set iiab_admin_user_install: False if you don't want iiab_admin_user auto- # configured e.g. by IIAB's 1-line installer & iiab-admin/tasks/admin-user.yml iiab_admin_user_install: True # If False, THE SETTING BELOW WILL BE IGNORED. iiab_admin_can_sudo: True # For /usr/bin/iiab-* support commands. Optional. iiab_admin_published_pwd: g0adm1n # Default password. For pwd warnings too. admin_console_group: iiab-admin # This group & sudo log in to Admin Console. # DEPRECATED - Password hash to override above, if Ansible creates above user: # iiab_admin_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. # Obtain a password hash - NEW MORE SECURE WAY: # python3 -c 'import crypt; print(crypt.crypt("", crypt.mksalt(crypt.METHOD_SHA512)))' # Obtain a password hash - OLD WAY: # python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")' # Set these to False if you do not want to install/enable IIAB Admin Console admin_console_install: True admin_console_enabled: True # # Homepage: set to /home or /wordpress or /wiki (for MediaWiki) iiab_home_url: /home # You might also want to set captiveportal_splash_page (below!) # # Set to "False" if you do not want to use the latest js-menus, either because # you use WordPress or another home page, or if you prefer the older # https://github.com/iiab/iiab-menu (no longer maintained) js_menu_install: True # IIAB Networking README: https://github.com/iiab/iiab/tree/master/roles/network # IIAB Networking Doc: https://github.com/iiab/iiab/wiki/IIAB-Networking # Read it offline too: http://box/info > "IIAB Networking" network_install: True network_enabled: True # NETWORK PARAMETERS FOLLOW ACROSS THE NEXT 100 LINES, as enabled by Ansible's # NETWORK role (/opt/iiab/iiab/roles/network). SEE ALSO: # https://github.com/iiab/iiab/blob/master/roles/network/defaults/main.yml iiab_hostname: box iiab_domain: lan lan_ip: 10.10.10.10 network_172: False # Change to True if you set the above to 172.18.96.1 lan_netmask: 255.255.255.0 # Change to 255.255.224.0 if using 172.18.96.1 # Internal Wi-Fi Access Point # Values are used if there is an internal Wi-Fi adapter and hostapd is enabled. # # WARNING: IF YOU CONNECT YOUR IIAB'S INTERNAL WIFI TO THE INTERNET OVER 5 GHz, # YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM # CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below. # # Raspberry Pi OS requires WiFi country since March 2018. # # If you're running Raspberry Pi OS, you may have already set the country code # in /etc/wpa_supplicant/wpa_supplicant.conf e.g. if you ran raspi-config or used # the Wi-Fi widget in the top-right of its graphical desktop. # # If so, this detected value will be considered authoritative, and will be used # to populate /etc/hostapd/hostapd.conf # # Finally, if IIAB does not detect a country code from your OS, the following # fallback variable will be used instead: (to populate /etc/hostapd/hostapd.conf) host_country_code: US host_ssid: Internet in a Box host_wifi_mode: g host_channel: 6 hostapd_secure: False # 2021-03-02 WiFi EAPOL fails if hotspot passwords, hostapd_password: changeme # espec if WiFi firmware patched below? #2696 hostapd_install: True # 2020-01-21: this var MIGHT be implemented in future. hostapd_enabled: True # Raspberry Pi 3 B+ and 4 OS's don't allow more than ~4 students to use the # internal WiFi hotspot. Increase this to 19 or 24 student WiFi devices (or # 32 on older OS's from 2020) using EXACTLY 1 of the 5 lines below: # #rpi3bplus_rpi4_wifi_firmware: os # Use your OS's WiFi firmware e.g. 7.45.241 #rpi3bplus_rpi4_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.234 rpi3bplus_rpi4_wifi_firmware: 19 # SEE: github.com/iiab/iiab/issues/2853 #rpi3bplus_rpi4_wifi_firmware: 24 # REQUIRES "wifi_up_down: False" BELOW! #rpi3bplus_rpi4_wifi_firmware: 32 # UNRELIABLE (INTERMITTENT) with 2021+ OS's # # BACKGROUND: https://github.com/iiab/iiab/issues/823#issuecomment-662285202 # # Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the # internal WiFi hotspot. Or try increasing this to 30 student WiFi devices: # rpizerow_rpi3_wifi_firmware: os # Use yr OS WiFi firmware e.g. 7.45.98 #rpizerow_rpi3_wifi_firmware: ub # Ubuntu-only OLD firmware e.g. 7.45.98.118 #rpizerow_rpi3_wifi_firmware: 30 # Or firmware 7.45.98.65 from 2018-09-28 wifi_up_down: True # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi # (e.g. to Internet) in addition to downstream WiFi (e.g. classroom hotspot). # Set True if client machines should have "passthrough" access to WAN/Internet: iiab_gateway_enabled: False # CAUTION: Setting 'squid_enabled: True' (BELOW) acts as a gateway for Port 80. # Gateway mode iiab_lan_enabled: True iiab_wan_enabled: True # Intended for developers: ONLY CHANGE THESE IF YOU KNOW WHAT YOU ARE DOING # The following 2 override the detection when not "auto" user_wan_iface: auto user_lan_iface: auto # See "How do I set a static IP address?" for Ethernet, in http://FAQ.IIAB.IO wan_ip: dhcp # wan_ip: 192.168.1.99 wan_netmask: # wan_netmask: 255.255.255.0 wan_gateway: # wan_gateway: 192.168.1.254 # If nec wan_nameserver can override ISP-provided DNS servers via dnsmasq: # /etc/resolv.conf dictates which backend is used for the machine itself, so # 127.0.0.1 means you get dnsmasq (so it works right away on RasPiOS) while # 127.0.0.53 gives you systemd-networkd (so Ubuntu itself does NOT use this # dnsmasq-specified upstream DNS [e.g. wan_nameserver] but its LAN clients do!) wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1 wan_try_dhcp_before_static_ip: True # Facilitate field updates w/ cablemodems # Details @ roles/network/templates/network/dhcpcd.conf.j2 for /etc/dhcpcd.conf gui_port: 80 # 2021-08-17: For iptables. And #2811 dreams of HTTPS/443 ? # adm_cons_force_ssl: False # Likewise: iiab-admin.yml & js-menu.yml set it. # Enable "campus access" to ~10 common IIAB services like Kiwix (3000), KA Lite # (8008) and Calibre (8010 or 8080) etc, on the WAN side of your IIAB server. # Only 1 of the 6 lines below should be uncommented: # #ports_externally_visible: 0 # none #ports_externally_visible: 1 # ssh only #ports_externally_visible: 2 # ssh + http-or-https (for Admin Console's box.lan/admin too) ports_externally_visible: 3 # ssh + http-or-https + common IIAB services #ports_externally_visible: 4 # ssh + http-or-https + common IIAB services + Samba #ports_externally_visible: 5 # all but databases # # Or further customize your iptables firewall by editing: # /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables # And then run: sudo iiab-network # dnsmasq - handles DHCP and DNS dnsmasq_install: True dnsmasq_enabled: True # UNMAINTAINED as of July 2021 #dhcpd_install: False #dhcpd_enabled: False # UNMAINTAINED as of July 2021 # named (BIND) #named_install: False #named_enabled: False block_DNS: False # Enable in local_vars.yml AFTER installing IIAB! Then run: sudo iiab-network dns_jail_enabled: False # UNMAINTAINED as of October 2017: https://github.com/iiab/iiab/pull/382 # wondershaper_install: False # wondershaper_enabled: False # 1-PREP # SSHD runs here & also below in 4-SERVER-OPTIONS sshd_install: True # Required by OpenVPN sshd_enabled: True sshd_port: 22 # Not fully functional. SEE: roles/sshd/tasks/install.yml # https://remote.it can help you remotely maintain an IIAB. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/remoteit remoteit_install: True remoteit_enabled: False # OPTION #1: Run 'sudo iiab-remoteit' later. OPTION #2: Set this now: # remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6 # SECURITY WARNING: https://wiki.iiab.io/go/Security openvpn_install: True openvpn_enabled: False openvpn_handle: "" # Empty string on purpose since ~2016, for /etc/iiab/uuid # SEE https://github.com/iiab/iiab/blob/master/roles/openvpn/tasks/main.yml#L5-L20 # cron seemed necessary on CentOS: openvpn_cron_enabled: False # General OpenVPN settings openvpn_server: xscenet.net openvpn_server_real_ip: 3.89.148.185 openvpn_server_virtual_ip: 10.8.0.1 openvpn_server_port: 1194 # IIAB-ADMIN runs here - see its vars near top of this file: # e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo, # iiab_admin_published_pwd, admin_console_group # dnsmasq is installed here -- configure LATER in 'network', after Stage 9. # (The full network stage runs after 9-LOCAL-ADDONS. Or manually run # "sudo iiab-network"). Design under discussion: #2876 # Some prefer 512MB for Zero W, others prefer 2048MB or higher for RPi 3 and 4. # Please see recommendations at: https://itsfoss.com/swap-size/ pi_swap_file_size: 1024 # 2-COMMON # /usr/libexec/iiab-startup.sh is much like autoexec.bat & /etc/rc.local # It's put in place by 2-common/tasks/iiab-startup.yml at the end of Stage 2. # 3-BASE-SERVER # 2023-11-05: MySQL (actually MariaDB) had been mandatory, installed on every # IIAB by 3-base-server. Now installed on demand -- as a dependency of Matomo, # MediaWiki, Nextcloud, PBX (for FreePBX), WordPress &/or Admin Console. # SO BOTH VALUES BELOW ARE INITIALLY IGNORED: mysql_install: False mysql_enabled: False mysql_service: mariadb # 2020-09-24: NGINX is MANDATORY but still evolving - please see: # https://github.com/iiab/iiab/blob/master/roles/nginx/README.md # THESE 2 LEGACY VARS ARE PRESERVED BUT HAVE NO EFFECT: nginx_install: True nginx_enabled: True nginx_port: 80 nginx_interface: 0.0.0.0 nginx_conf_dir: /etc/nginx/conf.d nginx_log_dir: /var/log/nginx # SEE BELOW: nginx_high_php_limits, apache_allow_sudo # roles/www_base runs here (mandatory) # 4-SERVER-OPTIONS # SSHD runs here & also above in 1-PREP # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. # Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists) # e.g. /opt/iiab/iiab/roles/network/templates/squid/allow_dst_domains # e.g. /opt/iiab/iiab/roles/network/templates/squid/allow_url_regexs squid_install: False squid_enabled: False # Enabling this ~= 'iiab_gateway_enabled: True' (ABOVE) gw_squid_whitelist: False # Works with HTTP sites, not HTTPS sites ! gw_block_https: False proxy: squid # Admin Console uses proxy_user: proxy # Could move to roles/network/defaults/main.yml # UNMAINTAINED as of July 2021 # DansGuardian REQUIRES Squid (above) be installed & enabled. # DansGuardian is NO LONGER AVAILABLE in Debian Buster i.e. since June 2019. # dansguardian_install: False # dansguardian_enabled: False # Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS bluetooth_install: True bluetooth_enabled: False bluetooth_term_enabled: False # USB_LIB usb_lib_install: True usb_lib_enabled: True # Show entire contents of USB sticks/drives (at http://box/usb) iiab_usb_lib_show_all: True # Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so # Kolibri can export & import channels to USB sticks/drive: usb_lib_umask0000_for_kolibri: True systemd_location: /lib/systemd/system # 2-common iiab-startup also uses # Common UNIX Printing System (CUPS) cups_install: False cups_enabled: False cups_port: 631 # Samba. Do a security audit seriously before deploying this. samba_install: False samba_enabled: False samba_udp_ports: 137:138 samba_tcp_mports: 139,445 shared_dir : "{{ content_base }}/public" # /library/public smb_service: smbd # Admin Console uses nmb_service: nmbd # Could move to roles/samba/defaults/main.yml # roles/www_options HANDLES THE 3 VARS BELOW: # Set to True if intensively using Matomo/PBX/WordPress: nginx_high_php_limits: False # SIMILARLY: 'moodle_install: True' and 'nextcloud_install: True' effectively # force this, via roles/www_options & roles/moodle & roles/nextcloud # WARNING: This might cause excess use of RAM/disk or other resources! # WARNING: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False apache_service: apache2 apache_user: www-data # Admin Console uses # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False # 5-XO-SERVICES # Lesser-supported XO services need additional testing. Please contact # http://lists.laptop.org/pipermail/server-devel/ if you're able to help test. # UNMAINTAINED since about 2012-2017 #xo_services_install: False # 2020-01-23: UNUSED #xo_services_enabled: False # 2020-01-23: Used in idmgr/tasks/main.yml & iiab-admin-console/roles/console/files/htmlf/20-configure.html # UNMAINTAINED since about 2012-2017 #activity_server_install: False # 2020-01-23: Used in 5-xo-services/tasks/main.yml (originally defined in activity-server/defaults/main.yml) #activity_server_enabled: False # 2020-01-23: Used in activity-server/tasks/main.yml (originally defined in activity-server/defaults/main.yml) # UNMAINTAINED since about 2012-2017: consider 'ejabberd' in Stage 6-GENERIC-APPS below? #ejabberd_xs_install: False # 2020-01-23: Used in 5-xo-services/tasks/main.yml & roles/ejabberd_xs/tasks/main.yml #ejabberd_xs_enabled: False # 2020-01-23: Used in roles/ejabberd_xs/tasks/main.yml # UNMAINTAINED since about 2012-2017: change calibre_port from 8080 to 8010 below, if you use idmgr #idmgr_install: False # 2020-01-23: Used in 5-xo-services/tasks/main.yml #idmgr_enabled: False # 2020-01-23: UNUSED # 6-GENERIC-APPS # Simple, Self-Hosted Web Radio - from AzuraCast.com azuracast_install: False azuracast_enabled: False # This var is currently IGNORED azuracast_http_port: 12080 azuracast_https_port: 12443 # # AzuraCast needs many ports in the 8000:8496 range by default, but IIAB # services conflict, so this variable below sets a sane prefix. # e.g. setting the below variable to 10 will result in port range 10000-10499 # being reserved for AzuraCast: azuracast_port_range_prefix: 10 # UNMAINTAINED as of January 2020: https://github.com/iiab/iiab/issues/2056 #dokuwiki_install: False #dokuwiki_enabled: False #dokuwiki_url: /dokuwiki # UNMAINTAINED as of November 2019 #ejabberd_install: False #ejabberd_enabled: False # UNMAINTAINED as of July 2021 #elgg_install: False #elgg_enabled: False # elgg_mysql_password: $6$iiab51$jeTwnATcbaa92xo0QBTgjLBU.5aVDDrbKeNyyC99R/TAWz6pvfzj.L7lfnOVVjD78nxqT.gkNn6XZmuRV0W3o1 elgg_mysql_password: elgg4kids # Gitea (lightweight self-hosted "GitHub") from https://gitea.io gitea_install: False gitea_enabled: False gitea_url: /gitea gitea_port: 61734 # JupyterHub programming environment with student Notebooks jupyterhub_install: False jupyterhub_enabled: False jupyterhub_venv: /opt/iiab/jupyterhub jupyterhub_port: 8000 # Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False # 2022-03-13: Python 3.9+ work lokole_enabled: False # https://github.com/iiab/iiab/issues/3132 # lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf' # Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35 lokole_sim_type: LocalOnly lokole_client_id: None # Wikipedia's community editing platform - from MediaWiki.org mediawiki_install: False mediawiki_enabled: False # MQTT pub-sub broker for IoT on Raspberry Pi etc mosquitto_install: False mosquitto_enabled: False mosquitto_port: 1883 # 2021-07-21: BOTH VALUES BELOW ARE INITIALLY IGNORED as Node.js is installed # on demand as a dependency by 5 roles -- internetarchive (Internet Archive), # JupyterHub, nodered (Node-RED), pbx (Asterix, FreePBX) &/or Sugarizer: nodejs_install: False nodejs_enabled: False nodejs_version: 20.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17, 16.x til 2022-04-20, 18.x til 2023-05-20 # Flow-based visual programming for wiring together IoT hardware devices etc nodered_install: False nodered_enabled: False nodered_port: 1880 nodered_web_path: nodered # Store your docs, calendar, contacts & photos on your local server not cloud! # If using Nextcloud intensively, set nginx_high_php_limits further above. nextcloud_install: False nextcloud_enabled: False # # 2020-02-15: UNUSED at this time. Legacy remains from Apache: # nextcloud_allow_public_ips: True # # Configuration tips for IPv4 access controls and tuning RAM/resources: # https://github.com/iiab/iiab/blob/master/roles/nextcloud/README.md # # 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle # you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112). # Uncomment the following line to end that: (might install an older Nextcloud!) # nextcloud_dl_url: https://d.iiab.io/packages/latest.tar.bz2 # If using WordPress intensively, set nginx_high_php_limits further above. wordpress_install: False wordpress_enabled: False # 7-EDU-APPS # KA Lite - SEE THE "Transmission" BITTORRENT DOWNLOADER FURTHER BELOW, TO INSTALL THOUSANDS OF VIDEOS kalite_install: True kalite_enabled: True kalite_server_port: 8008 kalite_root: "{{ content_base }}/ka-lite" # /library/ka-lite # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: False kolibri_enabled: False kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py kolibri_home: "{{ content_base }}/kolibri" # /library/kolibri kolibri_user: kolibri # WARNING: https://github.com/learningequality/kolibri-installer-debian/issues/115 kolibri_http_port: 8009 # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True kiwix_enabled: True kiwix_port: 3000 iiab_zim_path: "{{ content_base }}/zims" # /library/zims kiwix_incl_apk: False kiwix_apk_url: /software/kiwix kiwix_apk_src: https://download.kiwix.org/release/kiwix-android/kiwix.apk # 2020-09-24: BOTH VALUES BELOW ARE IGNORED as PostgreSQL is installed on # demand as a dependency -- by Moodle &/or Pathagar postgresql_install: False postgresql_enabled: False # Warning: Moodle is a serious LMS, that takes a while to install moodle_install: False moodle_enabled: False # FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle, # as auto-enacted by roles/www_options/tasks/php-settings.yml # Regional OSM vector maps use far less disk space than bitmap/raster versions. # Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps osm_vector_maps_install: True osm_vector_maps_enabled: False # Set to "True" to download .mbtiles files from Archive.org (might be slow!) maps_from_internet_archive: False vector_map_path: "{{ content_base }}/www/osm-vector-maps" # /library/www/osm-vector-maps # MongoDB (/library/dbdata/mongodb) greatly enhances the Sugarizer experience. # This role was formerly installed by roles/sugarizer/meta/main.yml # # 2020-09-24: BOTH VALUES BELOW ARE IGNORED as MongoDB is installed on demand # as a dependency -- by Sugarizer mongodb_install: False # 'mongodb_enabled: False' MAY work when Sugarizer is disabled. Required by # mongodb/tasks/enable.yml to shut down the service and log status, but that is # misleading as Sugarizer starts mongodb's systemd service on its own, due to # 'Requires=mongodb.service' within /etc/systemd/system/sugarizer.service mongodb_enabled: False mongodb_port: 27017 # roles/sugarizer/meta/main.yml auto-invokes 2 above prereqs: mongodb & nodejs # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957 # 2020-09-22: Both vars WERE IGNORED on Deb 10 (MongoDB) but no longer? #1437 sugarizer_install: False sugarizer_enabled: False sugarizer_port: 8089 # 8-MGMT-TOOLS # Transmission is a BitTorrent downloader for large Content Packs etc transmission_install: False transmission_enabled: False transmission_compile_latest: False transmission_username: Admin transmission_password: changeme # Transmission download directory & general owner/group transmission_download_dir: "{{ content_base }}/transmission/" # /library/transmission/ transmission_user: debian-transmission transmission_group: debian-transmission # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme transmission_http_port: 9091 transmission_url: /transmission/ transmission_whitelist: 127.0.0.1,::1,192.168.*.*,10.10.10,*,172.18.96.*,10.8.0.* transmission_whitelist_enabled: "false" # LOWERCASE STRING for settings.json transmission_peer_port: 51413 # Provision Transmission with torrent(s) from https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_provision: True transmission_kalite_version: 0.17 # A. UNCOMMENT LANGUAGE(S) IN /etc/iiab/local_vars.yml TO DOWNLOAD KA Lite VIDEOS TO /library/transmission transmission_kalite_languages: #- english #- french #- hindi #- portugal-portuguese #- brazilian-portuguese #- spanish #- swahili # B. Monitor BitTorrent downloads at http://box:9091 using Admin/changeme # until the download is confirmed complete (can take hours if not days!) # C. Carefully move all videos/thumbnails into /library/ka-lite/content # (DO NOT OVERWRITE SUBFOLDERS assessment, locale, srt !) # D. Log in to KA Lite at http://box:8008/updates/videos/ using Admin/changeme # then click "Scan content folder for videos" (can take many minutes!) # E. READ "KA Lite Administration: What tips & tricks exist?" AT http://FAQ.IIAB.IO # AWStats, originally known as Advanced Web Statistics - from https://awstats.sourceforge.io awstats_install: True awstats_enabled: True # Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. matomo_install: True matomo_enabled: True # If using Matomo intensively, investigate nginx_high_php_limits further above. # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 monit_install: False monit_enabled: False watchdog: - sshd #- idmgr #- ejabberd #- httpd - postgresql #- squid # Networked resource monitoring/graphing tool - from munin-monitoring.org munin_install: False munin_enabled: False # UNMAINTAINED as of July 2021 # Handy for maintaining tables, but DANGEROUS if not locked down phpmyadmin_install: False phpmyadmin_enabled: False # Network traffic monitor - from https://humdi.net/vnstat/ vnstat_install: False vnstat_enabled: False # 9-LOCAL-ADDONS # Python-based Captive Portal, that @m-anish & @jvonau experimented with in # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt # extensively later refined (PRs #1179, #1300, #1327, #2070). captiveportal_install: True captiveportal_enabled: False captiveportal_port: 9090 captiveportal_splash_page: / # You might also want to set iiab_home_url (above!) # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO # 2020-09-24: BOTH VALUES BELOW ARE IGNORED as Yarn is installed on demand as a # dependency -- by Internet Archive yarn_install: False yarn_enabled: False # Internet Archive Offline / Decentralized Web - create your own offline # version (http://box:4244 or later http://box/archive?) arising from digital # library https://dweb.archive.org internetarchive_install: False internetarchive_enabled: False internetarchive_port: 4244 # for http://box:4244 # Minetest is an open source clone of the Minecraft building blocks game minetest_install: False minetest_enabled: False minetest_port: 30000 minetest_working_dir: /usr/share/games/minetest minetest_server_admin: Admin # minetest_default_game: carbone-ng # carbone-ng is not longer compatible so not supported minetest_default_game: minetest # minetest_default_game: dreambuilder - after 5.6 minetest_game_dir: "{{ minetest_working_dir }}/games/{{ minetest_default_game }}_game" minetest_flat_world: False # Calibre-Web E-Book Library -- Alternative to Calibre, offers a clean/modern UX calibreweb_install: False calibreweb_enabled: False calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019) # http://box/books works. Add {box/libros, box/livres, box/livros, box/liv} etc? calibreweb_url1: /books # For SHORT URL http://box/books (English) calibreweb_url2: /libros # For SHORT URL http://box/libros (Spanish) calibreweb_url3: /livres # For SHORT URL http://box/livres (French) calibreweb_home: "{{ content_base }}/calibre-web" # /library/calibre-web # SUGGESTION: Calibre-Web can use Calibre's /usr/bin/ebook-convert program, so # ALSO CONSIDER installing Calibre (below, if its graphical bloat is tolerable!) # Calibre E-Book Library -- https://calibre-ebook.com # WARNING: CALIBRE INSTALLS GRAPHICAL LIBRARIES SIMILAR TO X WINDOWS & OPENGL # ON (HEADLESS, SERVER, LITE) OS'S THAT DON'T ALREADY HAVE THESE INSTALLED. calibre_install: False calibre_enabled: False # vars/raspbian-9.yml tries the .deb upgrade of Calibre, overriding this default: calibre_via_debs: False calibre_unstable_debs: False # vars/<most-OS's>.yml use Calibre's python installer/upgrader (x86_64), overriding this default: calibre_via_python: False # Change calibre_port to 8010 if you're using XO laptops needing above idmgr ? calibre_port: 8080 # http://box:8080 & http://box:8080/mobile WORK FOR NOW, but short/mnemonic # URL's like http://box/calibre DON'T YET WORK -- BOOKS RARELY DISPLAY: calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # REQUIRES PHP 7.4 e.g. Debian 11 Bullseye or 64-bit RasPiOS IF Bullseye-based. # INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False pbx_use_apache: False # 2023-04-03: Set to 'True' if nec -- please also pbx_use_nginx: True # read github.com/iiab/iiab/issues/2914 & #2916, THX! # 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523) asterisk_rpi_patch: False asterisk_chan_dongle: False pbx_signaling_ports_chan_sip: 5160:5161 pbx_signaling_ports_chan_pjsip: 5060 pbx_data_ports: 10000:20000 pbx_http_port: 83 # ============================================================================= # UNMAINTAINED LEGACY VARIABLES: YOU'RE TAKING BIG RISKS IF YOU USE ANY HERE... # Unmaintained # osm_install: False # osm_enabled: False # Changed in June 2017, from the original: # iiab_install: True # iiab_enabled: False # Unmaintained # docker_install: False # docker_enabled: False # Unmaintained # authserver_install: False # authserver_enabled: False # Unmaintained (better to install from https://teamviewer.com or prep scripts at https://download.iiab.io) # teamviewer_install: False # teamviewer_enabled: False # Unmaintained # schooltool_install: False # schooltool_enabled: False # Unmaintained # debian_schooltool_install: False # debian_schooltool_enabled: False # Unmaintained (consider Calibre or Calibre-Web above?) # pathagar_install: False # pathagar_enabled: False # Unmaintained # sugar_stats_install: False # sugar_stats_enabled: False # Unmaintained # xovis_install: False # xovis_enabled: False # xovis_target_host: "127.0.0.1:5984" # xovis_deployment_name: olpc # xovis_db_name: xovis # xovis_db_user: admin # xovis_db_password: admin # xovis_root: /opt/xovis # xovis_backup_dir: /library/users # xovis_chart_heading: "My School: Usage Data Visualization" # Unmaintained # owncloud_install: False # owncloud_enabled: False # Unmaintained # ajenti_install: False # ajenti_enabled: False # Unmaintained # rachel_install: False # rachel_enabled: False # rachel_content_found: False # #rachel_url: /rachel # rachel_doc_root: "{{ doc_root }}/modules" # ============================================================================= # OS-DEPENDENT VARS: TURN OFF ALL VARS BELOW AND THEN THE CORRECT # /opt/iiab/iiab/vars/<OS_VER>.yml WILL TURN ON WHAT'S APPROPRIATE. See # "How This Works" below, and https://github.com/iiab/iiab/wiki/IIAB-Platforms # Wide to narrow (insofar as poss) is_debuntu: False # Covers all 4: Ubuntu, Linux Mint, Debian, Raspberry Pi OS (Raspbian) is_ubuntu: False # Covers: Ubuntu, Linux Mint is_ubuntu_2404: False is_ubuntu_2310: False is_ubuntu_2304: False is_ubuntu_2210: False is_ubuntu_2204: False #is_ubuntu_2110: False #is_ubuntu_2104: False is_ubuntu_2004: False #is_ubuntu_19: False #is_ubuntu_18: False #is_ubuntu_17: False #is_ubuntu_16: False is_linuxmint: False # Subset of is_ubuntu is_linuxmint_21: False is_linuxmint_20: False is_debian: False # Covers both: Debian, Raspberry Pi OS (Raspbian) is_debian_13: False is_debian_12: False is_debian_11: False #is_debian_10: False #is_debian_9: False #is_debian_8: False is_raspbian: False # Covers both: RPi HW + non-RPi HW versions of Raspberry Pi OS (Raspbian) is_raspbian_12: False is_raspbian_11: False #is_raspbian_10: False #is_raspbian_9: False #is_raspbian_8: False #is_redhat: False # Unsupported as of 2019, see: https://github.com/iiab/iiab/issues/1434 #is_centos: False #is_centos_7: False #is_fedora: False #is_fedora_22: False #is_fedora_18: False # How This Works: # # 1. /opt/iiab/iiab/iiab-install copies /opt/iiab/iiab/scripts/local_facts.fact # to /etc/ansible/facts.d/local_facts.fact # 2. Ansible runs /etc/ansible/facts.d/local_facts.fact to identify the OS # 3. The correct /opt/iiab/iiab/vars/<OS>.yml is then invoked by any the # following high-level scripts in /opt/iiab/iiab for IIAB operators: # ./iiab-install (uses iiab-stages.yml) # ./iiab-network (uses iiab-network.yml) # ./runrole (uses run-one-role.yml) # 4. Likewise behind the scenes: # ./iiab-configure (uses iiab-from-cmdline.yml) # Admin Console (uses iiab-from-console.yml) # 5. roles/0-init/tasks/main.yml reads from /etc/ansible/facts.d file(s) # local_facts.facts (but not admin_facts.fact ?) # 6. /etc/iiab/iiab.env is created by roles/1-prep/templates/iiab.env.j2 # # More details, including Order of Execution and Precedence: # https://github.com/iiab/iiab/wiki/IIAB-Variables