# This is local_vars_big.yml -- copy it to /etc/iiab/local_vars.yml then... # modify variables below, to override /opt/iiab/iiab/vars/default_vars.yml # PLZ READ http://wiki.laptop.org/go/IIAB/local_vars.yml AND http://FAQ.IIAB.IO # Orig Idea: branch github.com/xsce/xsce-local for your deployment/community # Ansible's default timeout for "get_url:" downloads (10 seconds) often fails download_timeout: 200 # Languages (for Apache) default_language: en language_priority: en es fr # Set iiab_admin_user_install: False if you don't want iiab_admin_user & wheel # group auto-created in roles/iiab-admin/tasks/main.yml (hence disabling sudo- # checks/warnings of published passwds like pi/raspberry & iiab-admin/g0adm1n). iiab_admin_user_install: True # If iiab_admin_user_install: False, set iiab_admin_user (below) to an existing # Linux user that has sudo access, for login to Admin Console http://box/admin iiab_admin_user: iiab-admin # Password hash to be used if Ansible creates the above user: iiab_admin_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. # Obtain a password hash - NEW MORE SECURE WAY: # python3 -c 'import crypt; print(crypt.crypt("", crypt.mksalt(crypt.METHOD_SHA512)))' # Obtain a password hash - OLD WAY: # python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")' iiab_hostname: box iiab_domain: lan # Homepage: set to /home or /wordpress or /mediawiki or /wiki (for DokuWiki) iiab_home_url: /home # Raspbian requires WiFi country since March 2018. Please set it here: host_country_code: US host_ssid: "Internet in a Box" host_wifi_mode: g host_channel: 6 hostapd_secure: False hostapd_password: changeme # Enable "campus access" to ~10 common IIAB services like Kiwix (3000), KA Lite # (8008) and Calibre (8010 or 8080) etc, on the WAN side of your IIAB server. # Only 1 of the 6 lines below should be uncommented: # #ports_externally_visible: 0 # none #ports_externally_visible: 1 # ssh only #ports_externally_visible: 2 # ssh + http-or-https (for Admin Console's box.lan/admin too) ports_externally_visible: 3 # ssh + http-or-https + common IIAB services #ports_externally_visible: 4 # ssh + http-or-https + common IIAB services + Samba #ports_externally_visible: 5 # all but databases # # Or further customize your iptables firewall by editing: # /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables # And then run: cd /opt/iiab/iiab; ./iiab-network # Make this True if client machines should have access to WAN/Internet: iiab_gateway_enabled: False dhcpd_install: False dhcpd_enabled: False # named (BIND) named_install: False named_enabled: False # dnsmasq - handles DHCP and DNS dnsmasq_install: True dnsmasq_enabled: True # Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" dns_jail_enabled: False # Python-based Captive Portal, that @m-anish & @jvonau experimented with in # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt # extensively refined later in 2018 (PRs #1179, #1300, #1327). captive_portal_install: True captive_portal_enabled: True # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO # Set to "False" if you want to revert to the older Dynamic Menuing system # (prior to IIAB 6.7, this had used https://github.com/iiab/iiab-menu) js_menu_install: True # Unmaintained as of October 2017: https://github.com/iiab/iiab/pull/382 # wondershaper_install: False # wondershaper_enabled: False # 1-PREP # roles/sshd & roles/iiab-admin run here # SEE IIAB-ADMIN VARIABLES NEAR TOP OF THIS FILE: # e.g. iiab_admin_user_install, iiab_admin_user, iiab_admin_pwd_hash # SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security openvpn_install: True openvpn_enabled: False # Set /etc/iiab/openvpn_handle in advance here: openvpn_handle: # The following seems necessary on CentOS: # openvpn_cron_enabled: True # 2-COMMON # exFAT_enabled: True is auto-enabled in roles/2-common/tasks/packages.yml # as set in 0-init/defaults/main.yml AND 0-init/tasks/main.yml # /usr/libexec/iiab-startup.sh is much like autoexec.bat & /etc/rc.local # It's put in place by 2-common/tasks/iiab-startup.yml at the end of Stage 2. # 3-BASE-SERVER # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True # For schools that use WordPress and/or Moodle intensively, see iiab/iiab #1147 # WARNING: Enabling this might cause excess use of RAM/disk or other resources! apache_high_php_limits: False # SEE ALSO VARIABLES NEAR TOP OF THIS FILE: default_language, language_priority # roles/mysql runs here (mandatory) # 4-SERVER-OPTIONS # DNS prep (dnsmasq, named &/or dhcpd) run here. The full network stage runs # after 9-LOCAL-ADDONS (or manually run "cd /opt/iiab/iiab; ./iiab-network") squid_install: False squid_enabled: False # DansGuardian REQUIRES Squid (above) be installed & enabled dansguardian_install: False dansguardian_enabled: False # PostgreSQL - auto-installed by Moodle and/or Pathagar - no need to touch! postgresql_install: False postgresql_enabled: False # Unmaintained # authserver_install: False # authserver_enabled: False # Common UNIX Printing System (CUPS) cups_install: True cups_enabled: True # At Your Own Risk: take a security audit seriously before deploying this samba_install: True samba_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) iiab_usb_lib_show_all: True # 5-XO-SERVICES # Lesser-supported XO services need additional testing. Please contact # http://lists.laptop.org/pipermail/server-devel/ if you're able to help test. # xo_services_install: False # xo_services_enabled: False # activity_server_install: False # activity_server_enabled: False # Please instead consider 'ejabberd' in Stage 6-GENERIC-APPS below # ejabberd_xs_install: False # ejabberd_xs_enabled: False # Change calibre_port from 8080 to 8010 below, if you enable idmgr # idmgr_install: False # idmgr_enabled: False # 6-GENERIC-APPS azuracast_install: False azuracast_enabled: False dokuwiki_install: True dokuwiki_enabled: True mediawiki_install: True mediawiki_enabled: True ejabberd_install: False ejabberd_enabled: False elgg_install: True elgg_enabled: True # Gitea (lightweight self-hosted "GitHub") from https://gitea.io gitea_install: True gitea_enabled: True # Lokole (email for rural communities) from https://ascoderu.ca lokole_install: True lokole_enabled: True # MQTT pub-sub broker for IoT on Raspberry Pi etc mosquitto_install: True mosquitto_enabled: True # Flow-based visual programming for wiring together IoT hardware devices etc nodered_install: True nodered_enabled: True nextcloud_install: True nextcloud_enabled: True # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # Works on Ubuntu 18.04, Debian 9. Experimental on Rasp/RPi 3. Uses Node.js 10.x pbx_install: False pbx_enabled: False asterisk_chan_dongle: False # If using WordPress intensively, set apache_high_php_limits in 3-BASE-SERVER wordpress_install: True wordpress_enabled: True # 7-EDU-APPS # KA Lite - SEE THE "Transmission" BITTORRENT DOWNLOADER FURTHER BELOW, TO INSTALL THOUSANDS OF VIDEOS kalite_install: True kalite_enabled: True # Unused in 2018; but remains as placeholder for Fedora 18 legacy (XO laptops) kalite_cron_enabled: True kolibri_install: True kolibri_enabled: True # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True kiwix_enabled: True # Warning: Moodle is a serious LMS, that takes a while to install moodle_install: True moodle_enabled: True # If using Moodle intensively, set apache_high_php_limits in 3-BASE-SERVER # Regional OSM vector maps use much less disk space than bitmap/raster versions osm_vector_maps_install: True osm_vector_maps_enabled: True # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957 # 2019-07-08 WARNING: both vars are IGNORED on Debian 10+ due to MongoDB: github.com/iiab/iiab/issues/1437 sugarizer_install: True sugarizer_enabled: True # 8-MGMT-TOOLS # BitTorrent downloader for large Content Packs etc transmission_install: True transmission_enabled: True # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission # using http://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: #- english #- french #- hindi #- portugal-portuguese #- brazilian-portuguese #- spanish #- swahili # B. Monitor BitTorrent downloads at http://box:9091 using Admin/changeme # until the download is confirmed complete (can take hours if not days!) # C. Carefully move all videos/thumbnails into /library/ka-lite/content # (DO NOT OVERWRITE SUBFOLDERS assessment, locale, srt !) # D. Log in to KA Lite at http://box:8008/updates/videos/ using Admin/changeme # then click "Scan content folder for videos" (can take many minutes!) # E. READ "KA Lite Administration: What tips & tricks exist?" AT http://FAQ.IIAB.IO awstats_install: True awstats_enabled: True # 2019-07-08 WARNING: both vars are IGNORED on Debian 10+ due to: github.com/iiab/iiab/issues/1849 monit_install: True monit_enabled: True munin_install: True munin_enabled: True # Handy for maintaining tables, but DANGEROUS if not locked down phpmyadmin_install: True phpmyadmin_enabled: False vnstat_install: True vnstat_enabled: True # 9-LOCAL-ADDONS # Calibre E-Book Library # WARNING: CALIBRE INSTALLS GRAPHICAL LIBRARIES SIMILAR TO X WINDOWS & OPENGL # ON (HEADLESS, SERVER, LITE) OS'S THAT DON'T ALREADY HAVE THESE INSTALLED. calibre_install: False calibre_enabled: False # Change calibre_port to 8010 if you're using XO laptops needing above idmgr ? calibre_port: 8080 # Change calibre to XYZ to add your own mnemonic URL like: http://box/XYZ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below! # WARNING: Calibre-Web (below) depends on Calibre's own /usr/bin/ebook-convert # program, so we recommend you also install Calibre (above!) # Calibre-Web alternative to Calibre, offers a clean/modern UX calibreweb_install: True calibreweb_enabled: True calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019) # http://box/books works. Add {box/libros, box/livres, box/livros, box/liv} etc? calibreweb_url1: /books # For SHORT URL http://box/books (English) calibreweb_url2: /libros # For SHORT URL http://box/libros (Spanish) calibreweb_url3: /livres # For SHORT URL http://box/livres (French) calibreweb_home: "{{ content_base }}/calibre-web" # /library/calibre-web # Internet Archive Decentralized Web - create your own offline version box:4244 # (or http://box/archive) arising from digital library https://dweb.archive.org internetarchive_install: True internetarchive_enabled: True # Minetest is an open source clone of the Minecraft building blocks game minetest_install: True minetest_enabled: True # CONSIDER THESE 2 NEW OPENSTREETMAP (OSM) APPROACHES INSTEAD, AS OF 2018: # - http://download.iiab.io/content/OSM/vector-tiles/ # - http://oer2go.org/viewmod/en-worldmap-10 # # DOWNLOAD EITHER OSM MANUALLY, OR BETTER YET TRY IIAB'S ADMIN CONSOLE: # http://box/admin -> Install Content -> Get OER2GO(RACHEL) Modules # # Unmaintained # osm_install: False # osm_enabled: False # Unmaintained (better to install from http://teamviewer.com or prep scripts at http://download.iiab.io) # teamviewer_install: False # teamviewer_enabled: False # Unmaintained # docker_install: False # docker_enabled: False # Unmaintained # schooltool_install: False # schooltool_enabled: False # Unmaintained # debian_schooltool_install: False # debian_schooltool_enabled: False # Unmaintained (consider Calibre or Calibre-Web above?) # pathagar_install: False # pathagar_enabled: False # Unmaintained # sugar_stats_install: False # sugar_stats_enabled: False # Unmaintained # xovis_install: False # xovis_enabled: False