# This is local_vars_medium.yml -- copy it to /etc/iiab/local_vars.yml then...
# modify variables below, to override /opt/iiab/iiab/vars/default_vars.yml

# PLZ READ http://wiki.laptop.org/go/IIAB/local_vars.yml AND http://FAQ.IIAB.IO
# Orig Idea: branch github.com/xsce/xsce-local for your deployment/community


# Ansible's default timeout for "get_url:" downloads (10 seconds) often fails
download_timeout: 200

# Languages (for Apache)
default_language: en
language_priority: en es fr

# Set iiab_admin_user_install: False if you don't want iiab_admin_user & wheel
# group auto-created in roles/iiab-admin/tasks/main.yml (hence disabling sudo-
# checks/warnings of published passwds like pi/raspberry & iiab-admin/g0adm1n).
iiab_admin_user_install: True
# If iiab_admin_user_install: False, set iiab_admin_user (below) to an existing
# Linux user that has sudo access, for login to Admin Console http://box/admin
iiab_admin_user: iiab-admin
# Password hash to be used if Ansible creates the above user:
iiab_admin_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop.
# Obtain a password hash - NEW MORE SECURE WAY:
#    python3 -c 'import crypt; print(crypt.crypt("<plaintext>", crypt.mksalt(crypt.METHOD_SHA512)))'
# Obtain a password hash - OLD WAY:
#    python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")'

iiab_hostname: box
iiab_domain: lan

# Homepage: set to /home or /wordpress or /wiki (for MediaWiki)
iiab_home_url: /home
# You might also want to set captiveportal_splash_page (below!)

# Raspbian requires WiFi country since March 2018.  Please set it here:
host_country_code: US
host_ssid: "Internet in a Box"
host_wifi_mode: g
host_channel: 6
hostapd_secure: False
hostapd_password: changeme

# See "How do I set a static IP address?" for Ethernet, in http://FAQ.IIAB.IO
wan_ip: dhcp       # wan_ip: 192.168.1.99
wan_netmask:       # wan_netmask: 255.255.255.0
wan_gateway:       # wan_gateway: 192.168.1.254
wan_nameserver:    # wan_nameserver: 192.168.1.254
wan_try_dhcp_before_static_ip: True   # Facilitate field updates w/ cablemodems

# Enable "campus access" to ~10 common IIAB services like Kiwix (3000), KA Lite
# (8008) and Calibre (8010 or 8080) etc, on the WAN side of your IIAB server.
# Only 1 of the 6 lines below should be uncommented:
#
#ports_externally_visible: 0    # none
#ports_externally_visible: 1    # ssh only
#ports_externally_visible: 2    # ssh + http-or-https (for Admin Console's box.lan/admin too)
ports_externally_visible: 3     # ssh + http-or-https + common IIAB services
#ports_externally_visible: 4    # ssh + http-or-https + common IIAB services + Samba
#ports_externally_visible: 5    # all but databases
#
# Or further customize your iptables firewall by editing:
# /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables
# And then run: cd /opt/iiab/iiab; ./iiab-network

# Make this True if client machines should have access to WAN/Internet:
iiab_gateway_enabled: False

dhcpd_install: False
dhcpd_enabled: False

# named (BIND)
named_install: False
named_enabled: False

# dnsmasq - handles DHCP and DNS
dnsmasq_install: True
dnsmasq_enabled: True

# Enable AFTER installing IIAB!  Then run "cd /opt/iiab/iiab; ./iiab-network"
dns_jail_enabled: False

# Python-based Captive Portal, that @m-anish & @jvonau experimented with in
# July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
# extensively later refined (PRs #1179, #1300, #1327, #2070).
captiveportal_install: True
captiveportal_enabled: True
captiveportal_splash_page: /
# You might also want to set iiab_home_url (above!)
# In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO

# Bluetooth PAN access to IIAB server
bluetooth_install: True
bluetooth_enabled: False
bluetooth_term_enabled: False

# Set to "False" if you want to revert to the older Dynamic Menuing system
# (prior to IIAB 6.7, this had used https://github.com/iiab/iiab-menu)
js_menu_install: True

# Unmaintained as of October 2017: https://github.com/iiab/iiab/pull/382
# wondershaper_install: False
# wondershaper_enabled: False


# 1-PREP

# roles/sshd & roles/iiab-admin run here
# SEE IIAB-ADMIN VARIABLES NEAR TOP OF THIS FILE:
# e.g. iiab_admin_user_install, iiab_admin_user, iiab_admin_pwd_hash

# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security
openvpn_install: True
openvpn_enabled: False
# Set /etc/iiab/openvpn_handle in advance here:
openvpn_handle: 
# The following seems necessary on CentOS:
# openvpn_cron_enabled: True

# Some prefer 512MB for Zero W, others prefer 2048MB or higher for RPi 3 and 4.
# Please see recommendations at: https://itsfoss.com/swap-size/
pi_swap_file_size: 1024


# 2-COMMON

# exFAT_enabled: True is auto-enabled in roles/2-common/tasks/packages.yml
# as set in 0-init/defaults/main.yml AND 0-init/tasks/main.yml

# /usr/libexec/iiab-startup.sh is much like autoexec.bat & /etc/rc.local
# It's put in place by 2-common/tasks/iiab-startup.yml at the end of Stage 2.


# 3-BASE-SERVER

# See also Apache vars {default_language, language_priority} @ top of this file
#
# For schools that use WordPress/Nextcloud/Moodle intensively:  iiab/iiab#1147
apache_high_php_limits: False
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!
# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS...
# https://github.com/iiab/iiab/blob/master/roles/httpd/tasks/main.yml#L80-L84
# ...ARE SUITABLE FOR YOUR HARDWARE IN /etc/php/<VERSION>/apache2/php.ini
#
# Make this False to disable http://box/common/services/power_off.php button:
apache_allow_sudo: True

# roles/mysql runs here (mandatory)


# 4-SERVER-OPTIONS

# DNS prep (dnsmasq, named &/or dhcpd) run here.  The full network stage runs
# after 9-LOCAL-ADDONS (or manually run "cd /opt/iiab/iiab; ./iiab-network")

squid_install: False
squid_enabled: False

# DansGuardian REQUIRES Squid (above) be installed & enabled.
# DansGuardian is NO LONGER AVAILABLE in Debian Buster i.e. since June 2019.
dansguardian_install: False
dansguardian_enabled: False

# PostgreSQL - auto-installed by Moodle and/or Pathagar - no need to touch!
postgresql_install: False
postgresql_enabled: False

# Unmaintained
# authserver_install: False
# authserver_enabled: False

# Common UNIX Printing System (CUPS)
cups_install: False
cups_enabled: False

# At Your Own Risk: take a security audit seriously before deploying this
samba_install: False
samba_enabled: False

# Show entire contents of USB sticks/drives (at http://box/usb)
iiab_usb_lib_show_all: True


# 5-XO-SERVICES

# Lesser-supported XO services need additional testing.  Please contact
# http://lists.laptop.org/pipermail/server-devel/ if you're able to help test.

# xo_services_install: False
# xo_services_enabled: False

# activity_server_install: False
# activity_server_enabled: False

# Please instead consider 'ejabberd' in Stage 6-GENERIC-APPS below
# ejabberd_xs_install: False
# ejabberd_xs_enabled: False

# Change calibre_port from 8080 to 8010 below, if you enable idmgr
# idmgr_install: False
# idmgr_enabled: False


# 6-GENERIC-APPS

azuracast_install: False
azuracast_enabled: False

# Unmaintained as of January 2020: https://github.com/iiab/iiab/issues/2056
dokuwiki_install: False
dokuwiki_enabled: False

mediawiki_install: False
mediawiki_enabled: False

# Unmaintained as of November 2019
ejabberd_install: False
ejabberd_enabled: False

elgg_install: False
elgg_enabled: False

# Gitea (lightweight self-hosted "GitHub") from https://gitea.io
gitea_install: False
gitea_enabled: False

# Lokole (email for rural communities) from https://ascoderu.ca
lokole_install: False
lokole_enabled: False

# MQTT pub-sub broker for IoT on Raspberry Pi etc
mosquitto_install: False
mosquitto_enabled: False

# Flow-based visual programming for wiring together IoT hardware devices etc
nodered_install: False
nodered_enabled: False

# Store your docs, calendar, contacts & photos on your local server not cloud!
# If using WordPress intensively, set apache_high_php_limits in 3-BASE-SERVER
nextcloud_install: True
nextcloud_enabled: True
nextcloud_allow_public_ips: False
# Configuration tips for IPv4 access controls and tuning RAM/resources:
# https://github.com/iiab/iiab/blob/master/roles/nextcloud/README.md
#
# 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle
# you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112).
# Uncomment the following line to end that: (might install an older Nextcloud!)
# nextcloud_dl_url: http://d.iiab.io/packages

# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x.  Experimental on RPi 3.
pbx_install: False
pbx_enabled: False
asterisk_chan_dongle: False

# If using WordPress intensively, set apache_high_php_limits in 3-BASE-SERVER
wordpress_install: True
wordpress_enabled: True


# 7-EDU-APPS

# KA Lite - SEE THE "Transmission" BITTORRENT DOWNLOADER FURTHER BELOW, TO INSTALL THOUSANDS OF VIDEOS
kalite_install: True
kalite_enabled: True
# Unused in 2018; but remains as placeholder for Fedora 18 legacy (XO laptops)
kalite_cron_enabled: True

kolibri_install: False
kolibri_enabled: False
kolibri_language: en    # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu

# kiwix_install: True is REQUIRED, if you install IIAB's Admin Console
kiwix_install: True
kiwix_enabled: True

# Warning: Moodle is a serious LMS, that takes a while to install
moodle_install: False
moodle_enabled: False
# If using Moodle intensively, set apache_high_php_limits in 3-BASE-SERVER

# Regional OSM vector maps use far less disk space than bitmap/raster versions.
# Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps
osm_vector_maps_install: True
osm_vector_maps_enabled: True

# Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879
# Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957
# 2019-07-08 WARNING: both vars are IGNORED on Debian 10+ due to MongoDB: github.com/iiab/iiab/issues/1437
sugarizer_install: True
sugarizer_enabled: True


# 8-MGMT-TOOLS

# BitTorrent downloader for large Content Packs etc
transmission_install: True
transmission_enabled: True
# A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission
#    using http://pantry.learningequality.org/downloads/ka-lite/0.17/content/
transmission_kalite_languages:
  #- english
  #- french
  #- hindi
  #- portugal-portuguese
  #- brazilian-portuguese
  #- spanish
  #- swahili
# B. Monitor BitTorrent downloads at http://box:9091 using Admin/changeme
#    until the download is confirmed complete (can take hours if not days!)
# C. Carefully move all videos/thumbnails into /library/ka-lite/content
#    (DO NOT OVERWRITE SUBFOLDERS assessment, locale, srt !)
# D. Log in to KA Lite at http://box:8008/updates/videos/ using Admin/changeme
#    then click "Scan content folder for videos" (can take many minutes!)
# E. READ "KA Lite Administration: What tips & tricks exist?" AT http://FAQ.IIAB.IO

awstats_install: True
awstats_enabled: True

# 2019-07-08 WARNING: both vars are IGNORED on Debian 10+ due to: github.com/iiab/iiab/issues/1849
monit_install: False
monit_enabled: False

munin_install: True
munin_enabled: True

# Handy for maintaining tables, but DANGEROUS if not locked down
phpmyadmin_install: False
phpmyadmin_enabled: False

vnstat_install: True
vnstat_enabled: True


# 9-LOCAL-ADDONS

# Internet Archive Decentralized Web - create your own offline version box:4244
# (or http://box/archive) arising from digital library https://dweb.archive.org
internetarchive_install: False
internetarchive_enabled: False

# Minetest is an open source clone of the Minecraft building blocks game
minetest_install: False
minetest_enabled: False

# Calibre E-Book Library
# WARNING: CALIBRE INSTALLS GRAPHICAL LIBRARIES SIMILAR TO X WINDOWS & OPENGL
# ON (HEADLESS, SERVER, LITE) OS'S THAT DON'T ALREADY HAVE THESE INSTALLED.
calibre_install: False
calibre_enabled: False
# Change calibre_port to 8010 if you're using XO laptops needing above idmgr ?
calibre_port: 8080
# Change calibre to XYZ to add your own mnemonic URL like: http://box/XYZ
calibre_web_path: calibre  #NEEDS WORK: https://github.com/iiab/iiab/issues/529
# Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below!

# WARNING: Calibre-Web (below) depends on Calibre's own /usr/bin/ebook-convert
# program, so we recommend you also install Calibre (above!)

# Calibre-Web alternative to Calibre, offers a clean/modern UX
calibreweb_install: True
calibreweb_enabled: True
calibreweb_port: 8083       # PORT VARIABLE HAS NO EFFECT (as of January 2019)
# http://box/books works.  Add {box/libros, box/livres, box/livros, box/liv} etc?
calibreweb_url1: /books     # For SHORT URL http://box/books  (English)
calibreweb_url2: /libros    # For SHORT URL http://box/libros (Spanish)
calibreweb_url3: /livres    # For SHORT URL http://box/livres (French)
calibreweb_home: "{{ content_base }}/calibre-web"    # /library/calibre-web


# CONSIDER THESE NEW OPENSTREETMAP (OSM) APPROACHES INSTEAD:
#
# 2019: https://github.com/iiab/iiab/wiki/IIAB-Maps SEE ABOVE osm_vector_maps_*
# 2018: http://download.iiab.io/content/OSM/vector-tiles/
# 2017: http://oer2go.org/viewmod/en-worldmap-10
#
# Unmaintained
# osm_install: False
# osm_enabled: False

# Unmaintained
# docker_install: False
# docker_enabled: False