iiab/vars/local_vars_unittest.yml

# This is local_vars_unittest.yml -- copy it to /etc/iiab/local_vars.yml then...
# modify variables below, to override /opt/iiab/iiab/vars/default_vars.yml

# READ "What is local_vars.yml and how do I customize it?" AT http://FAQ.IIAB.IO
# Orig Idea: branch github.com/xsce/xsce-local for your deployment/community

# IIAB does NOT currently support uninstalling apps!  So: if any IIAB app is
# installed with 'APP_XYZ_install: True' below, do NOT later change that.

# WARNING: IF YOU CONNECT YOUR IIAB'S INTERNAL WIFI TO THE INTERNET OVER 5 GHz,
# YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM
# CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT.  See "wifi_up_down: True" below.


# We SKIP roles/network, for FASTER UNIT TESTING!  (so IF an internal hotspot
# is later desired, change these two lines to 'True', then run 'iiab-network')
network_install: False
network_enabled: False


# Ansible's default timeout for "get_url:" downloads (10 seconds) often fails
download_timeout: 100

# Real-time clock: set RTC chip family here.  Future auto-detection plausible?
rtc_id: none    # Or ds3231 ?

# Please read more about the 'iiab-admin' Linux user, for login to IIAB's
# Admin Console (http://box.lan/admin) AND to help you at the command-line:
# https://github.com/iiab/iiab/tree/master/roles/iiab-admin
# https://github.com/iiab/iiab-admin-console/blob/master/Authentication.md
#
iiab_admin_user: iiab-admin    # Some prefer to reuse 'pi' or 'ubuntu' etc.
# Set iiab_admin_user_install: False if you don't want iiab_admin_user auto-
# configured e.g. by IIAB's 1-line installer & iiab-admin/tasks/admin-user.yml
iiab_admin_user_install: True    # If False, THE SETTING BELOW WILL BE IGNORED.
iiab_admin_can_sudo: True    # For /usr/bin/iiab-* support commands.  Optional.

# Set these to False if you do not want to install/enable IIAB Admin Console
admin_console_install: False
admin_console_enabled: False
#
# Homepage: set to /home or /wordpress or /wiki (for MediaWiki)
iiab_home_url: /home
# You might also want to set captiveportal_splash_page (below!)
#
# Set to "False" if you do not want to use the latest js-menus, either because
# you use WordPress or another home page, or if you prefer the older
# https://github.com/iiab/iiab-menu (no longer maintained)
js_menu_install: True


# IIAB Networking README: https://github.com/iiab/iiab/tree/master/roles/network
# IIAB Networking Doc: https://github.com/iiab/iiab/wiki/IIAB-Networking
# Read it offline too: http://box/info > "IIAB Networking"

iiab_hostname: box
iiab_domain: lan

# WARNING: IF YOU CONNECT YOUR IIAB'S INTERNAL WIFI TO THE INTERNET OVER 5 GHz,
# YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM
# CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT.  See "wifi_up_down: True" below.
#
# Raspberry Pi OS requires WiFi country since March 2018.
#
# If you're running Raspberry Pi OS, you may have already set the country code
# in /etc/wpa_supplicant/wpa_supplicant.conf e.g. if you ran raspi-config or used
# the Wi-Fi widget in the top-right of its graphical desktop.
#
# If so, this detected value will be considered authoritative, and will be used
# to populate /etc/hostapd/hostapd.conf
#
# Finally, if IIAB does not detect a country code from your OS, the following
# fallback variable will be used instead: (to populate /etc/hostapd/hostapd.conf)
host_country_code: US
host_ssid: unittest
host_wifi_mode: g
host_channel: 6
hostapd_secure: False    # 2021-03-02 WiFi EAPOL fails if hotspot passwords,
hostapd_password: changeme    # espec if WiFi firmware patched below?  #2696

# Raspberry Pi 3 B+ and 4 OS's don't allow more than ~4 students to use the
# internal WiFi hotspot.  Increase this to 19 or 24 student WiFi devices (or
# 32 on older OS's from 2020) using EXACTLY 1 of the 5 lines below:
#
#rpi3bplus_rpi4_wifi_firmware: os    # Use your OS's WiFi firmware e.g. 7.45.241
#rpi3bplus_rpi4_wifi_firmware: ub    # Ubuntu-only OLD firmware e.g. 7.45.234
rpi3bplus_rpi4_wifi_firmware: 19     # SEE: github.com/iiab/iiab/issues/2853
#rpi3bplus_rpi4_wifi_firmware: 24    # REQUIRES "wifi_up_down: False" BELOW!
#rpi3bplus_rpi4_wifi_firmware: 32    # UNRELIABLE (INTERMITTENT) with 2021+ OS's
#
# BACKGROUND: https://github.com/iiab/iiab/issues/823#issuecomment-662285202
#
# Raspberry Pi Zero W and 3 OS's don't allow more than ~10 students to use the
# internal WiFi hotspot.  Or try increasing this to 30 student WiFi devices:
#
rpizerow_rpi3_wifi_firmware: os     # Use yr OS WiFi firmware e.g. 7.45.98
#rpizerow_rpi3_wifi_firmware: ub    # Ubuntu-only OLD firmware e.g. 7.45.98.118
#rpizerow_rpi3_wifi_firmware: 30    # Or firmware 7.45.98.65 from 2018-09-28

wifi_up_down: True    # AP+STA mode: Uses "ap0" WiFi adapter for upstream WiFi
# (e.g. to Internet) in addition to downstream WiFi (e.g. classroom hotspot).

# Set True if client machines should have "passthrough" access to WAN/Internet:
iiab_gateway_enabled: False
# CAUTION: Setting 'squid_enabled: True' (BELOW) acts as a gateway for Port 80.

# See "How do I set a static IP address?" for Ethernet, in http://FAQ.IIAB.IO
wan_ip: dhcp       # wan_ip: 192.168.1.99
wan_netmask:       # wan_netmask: 255.255.255.0
wan_gateway:       # wan_gateway: 192.168.1.254
# If nec wan_nameserver can override ISP-provided DNS servers via dnsmasq:
# /etc/resolv.conf dictates which backend is used for the machine itself, so
# 127.0.0.1 means you get dnsmasq (so it works right away on RasPiOS) while
# 127.0.0.53 gives you systemd-networkd (so Ubuntu itself does NOT use this
# dnsmasq-specified upstream DNS [e.g. wan_nameserver] but its LAN clients do!)
wan_nameserver:    # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1
wan_try_dhcp_before_static_ip: True   # Facilitate field updates w/ cablemodems
# Details @ roles/network/templates/network/dhcpcd.conf.j2 for /etc/dhcpcd.conf

# Enable "campus access" to ~10 common IIAB services like Kiwix (3000), KA Lite
# (8008) and Calibre (8010 or 8080) etc, on the WAN side of your IIAB server.
# Only 1 of the 6 lines below should be uncommented:
#
#ports_externally_visible: 0    # none
#ports_externally_visible: 1    # ssh only
#ports_externally_visible: 2    # ssh + http-or-https (for Admin Console's box.lan/admin too)
ports_externally_visible: 3     # ssh + http-or-https + common IIAB services
#ports_externally_visible: 4    # ssh + http-or-https + common IIAB services + Samba
#ports_externally_visible: 5    # all but databases
#
# Or further customize your iptables firewall by editing:
# /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables
# And then run: sudo iiab-network

# Enable AFTER installing IIAB!  Then run: sudo iiab-network
dns_jail_enabled: False


# 1-PREP

# OPENSSH-SERVER
sshd_install: True
sshd_enabled: True

# https://remote.it can help you remotely maintain an IIAB.
# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/remoteit
remoteit_install: True
remoteit_enabled: False
# OPTION #1: Run 'sudo iiab-remoteit' later.  OPTION #2: Set this now:
# remoteit_license_key: 592AA9BB-XXXX-YYYY-ZZZZ-6E27654C3DF6

# SECURITY WARNING: https://wiki.iiab.io/go/Security
# New VPN replaced OpenVPN in Sept 2024:
tailscale_install: True
tailscale_enabled: False    # Stub var, doesn't yet do anything!

# IIAB-ADMIN runs here - see its vars near top of this file:
# e.g. iiab_admin_user, iiab_admin_user_install, iiab_admin_can_sudo

# dnsmasq is installed here -- configure LATER in 'network', after Stage 9.
# (The full network stage runs after 9-LOCAL-ADDONS.  Or manually run
# "sudo iiab-network").  Design under discussion: #2876

# Some prefer 512MB for Zero W, others prefer 2048MB or higher for RPi 3 and 4.
# Please see recommendations at: https://itsfoss.com/swap-size/
pi_swap_file_size: 1024


# 2-COMMON

# /usr/libexec/iiab-startup.sh is much like autoexec.bat & /etc/rc.local
# It's put in place by 2-common/tasks/iiab-startup.yml at the end of Stage 2.


# 3-BASE-SERVER

# roles/mysql runs here (mandatory)
# roles/nginx runs here (mandatory)
# roles/www_base runs here (mandatory)

# SEE BELOW: nginx_high_php_limits, apache_allow_sudo


# 4-SERVER-OPTIONS

# DNS prep (named &/or dhcpd) used to run here.  See dnsmasq in 1-PREP above.

# Proxy Cache & basic site blocking using /etc/squid allowlists: (whitelists)
# e.g. /opt/iiab/iiab/roles/network/templates/squid/allow_dst_domains
# e.g. /opt/iiab/iiab/roles/network/templates/squid/allow_url_regexs
squid_install: False
squid_enabled: False    # Enabling this ~= 'iiab_gateway_enabled: True' (ABOVE)
gw_squid_whitelist: False    # Works with HTTP sites, not HTTPS sites !
gw_block_https: False

# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
bluetooth_install: False
bluetooth_enabled: False
bluetooth_term_enabled: False

# Show entire contents of USB sticks/drives (at http://box/usb)
iiab_usb_lib_show_all: True
# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so
# Kolibri can export & import channels to USB sticks/drive:
usb_lib_umask0000_for_kolibri: True

# Common UNIX Printing System (CUPS)
cups_install: False
cups_enabled: False

# At Your Own Risk: take a security audit seriously before deploying this
samba_install: False
samba_enabled: False

# roles/www_options HANDLES THE 3 VARS BELOW:

# Set to True if intensively using Matomo/PBX/WordPress:
nginx_high_php_limits: False
# SIMILARLY: 'moodle_install: True' and 'nextcloud_install: True' effectively
# force this, via roles/www_options & roles/moodle & roles/nextcloud
# WARNING: This might cause excess use of RAM/disk or other resources!
# WARNING: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS...
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml
# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini
# ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf

# Make this True to enable http://box/js-menu/menu-files/services/power_off.php
apache_allow_sudo: False

# Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info)
nodocs: True


# 5-XO-SERVICES

# Lesser-supported XO services need additional testing.  Please contact
# http://lists.laptop.org/pipermail/server-devel/ if you're able to help test.


# 6-GENERIC-APPS

# Gitea (lightweight self-hosted "GitHub") from https://gitea.io
gitea_install: False
gitea_enabled: False

# JupyterHub programming environment with student Notebooks
jupyterhub_install: False
jupyterhub_enabled: False

# UNMAINTAINED: Lokole (email for rural communities) from https://ascoderu.ca
lokole_install: False    # 2022-03-13: Python 3.9+ work
lokole_enabled: False    # https://github.com/iiab/iiab/issues/3132

# Wikipedia's community editing platform - from MediaWiki.org
mediawiki_install: False
mediawiki_enabled: False

# MQTT pub-sub broker for IoT on Raspberry Pi etc
mosquitto_install: False
mosquitto_enabled: False

# Flow-based visual programming for wiring together IoT hardware devices etc
nodered_install: False
nodered_enabled: False

# Store your docs, calendar, contacts & photos on your local server not cloud!
# If using Nextcloud intensively, set nginx_high_php_limits further above.
nextcloud_install: False
nextcloud_enabled: False
#
# 2020-02-15: UNUSED at this time.  Legacy remains from Apache:
# nextcloud_allow_public_ips: True
#
# Configuration tips for IPv4 access controls and tuning RAM/resources:
# https://github.com/iiab/iiab/blob/master/roles/nextcloud/README.md
#
# 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle
# you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112).
# Uncomment the following line to end that: (might install an older Nextcloud!)
# nextcloud_dl_url: https://d.iiab.io/packages/latest.tar.bz2

# If using WordPress intensively, set nginx_high_php_limits further above.
wordpress_install: False
wordpress_enabled: False


# 7-EDU-APPS

# KA Lite - SEE THE "Transmission" BITTORRENT DOWNLOADER FURTHER BELOW, TO INSTALL THOUSANDS OF VIDEOS
kalite_install: False
kalite_enabled: False

# Successor to KA Lite, for offline-first teaching and learning - from learningequality.org
kolibri_install: False
kolibri_enabled: False
kolibri_language: en    # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,ht,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans

# kiwix_install: True is REQUIRED, if you install IIAB's Admin Console
kiwix_install: False
kiwix_enabled: False

# Warning: Moodle is a serious LMS, that takes a while to install
moodle_install: False
moodle_enabled: False
# FYI 'nginx_high_php_limits: True' (explained above) is mandated with Moodle,
# as auto-enacted by roles/www_options/tasks/php-settings.yml

# Regional OSM vector maps use far less disk space than bitmap/raster versions.
# Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps
osm_vector_maps_install: False
osm_vector_maps_enabled: False
# Set to "True" to download .mbtiles files from Archive.org (might be slow!)
maps_from_internet_archive: False

# Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879
# Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957
# 2020-09-22: Both vars WERE IGNORED on Deb 10 (MongoDB) but no longer?  #1437
sugarizer_install: False
sugarizer_enabled: False


# 8-MGMT-TOOLS

# BitTorrent downloader for large Content Packs etc
transmission_install: False
transmission_enabled: False
transmission_compile_latest: False
# A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission
#    using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/
transmission_kalite_languages:
  #- english
  #- french
  #- hindi
  #- portugal-portuguese
  #- brazilian-portuguese
  #- spanish
  #- swahili
# B. Monitor BitTorrent downloads at http://box:9091 using Admin/changeme
#    until the download is confirmed complete (can take hours if not days!)
# C. Carefully move all videos/thumbnails into /library/ka-lite/content
#    (DO NOT OVERWRITE SUBFOLDERS assessment, locale, srt !)
# D. Log in to KA Lite at http://box:8008/updates/videos/ using Admin/changeme
#    then click "Scan content folder for videos" (can take many minutes!)
# E. READ "KA Lite Administration: What tips & tricks exist?" AT http://FAQ.IIAB.IO

# AWStats, originally known as Advanced Web Statistics - from https://awstats.sourceforge.io
awstats_install: False
awstats_enabled: False

# Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership.
matomo_install: False
matomo_enabled: False
# If using Matomo intensively, investigate nginx_high_php_limits further above.

# Process supervision tool - from https://mmonit.com/monit/
# 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849
monit_install: False
monit_enabled: False

# Networked resource monitoring/graphing tool - from munin-monitoring.org
munin_install: False
munin_enabled: False

# UNMAINTAINED as of July 2021
# Handy for maintaining tables, but DANGEROUS if not locked down
phpmyadmin_install: False
phpmyadmin_enabled: False

# Network traffic monitor - from https://humdi.net/vnstat/
vnstat_install: False
vnstat_enabled: False


# 9-LOCAL-ADDONS

# Simple, Self-Hosted Web Radio - from AzuraCast.com
azuracast_install: False
azuracast_enabled: False    # This var is currently IGNORED.

# Python-based Captive Portal, that @m-anish & @jvonau experimented with in
# July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
# extensively later refined (PRs #1179, #1300, #1327, #2070).
captiveportal_install: False
captiveportal_enabled: False
captiveportal_splash_page: /
# You might also want to set iiab_home_url (above!)
# In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO

# Internet Archive Decentralized Web - create your own offline version box:4244
# (or http://box/archive) arising from digital library https://dweb.archive.org
internetarchive_install: False
internetarchive_enabled: False

# Minetest is an open source clone of the Minecraft building blocks game
minetest_install: False
minetest_enabled: False

# Calibre-Web E-Book Library -- Alternative to Calibre, offers a clean/modern UX
calibreweb_install: False
calibreweb_enabled: False
calibreweb_port: 8083       # PORT VARIABLE HAS NO EFFECT (as of January 2019)
# http://box/books works.  Add {box/libros, box/livres, box/livros, box/liv} etc?
calibreweb_url1: /books     # For SHORT URL http://box/books  (English)
calibreweb_url2: /libros    # For SHORT URL http://box/libros (Spanish)
calibreweb_url3: /livres    # For SHORT URL http://box/livres (French)
calibreweb_home: /library/calibre-web    # default_vars.yml uses: "{{ content_base }}/calibre-web"

# SUGGESTION: Calibre-Web can use Calibre's /usr/bin/ebook-convert program, so
# ALSO CONSIDER installing Calibre (below, if its graphical bloat is tolerable!)

# Calibre E-Book Library -- https://calibre-ebook.com
# WARNING: CALIBRE INSTALLS GRAPHICAL LIBRARIES SIMILAR TO X WINDOWS & OPENGL
# ON (HEADLESS, SERVER, LITE) OS'S THAT DON'T ALREADY HAVE THESE INSTALLED.
calibre_install: False
calibre_enabled: False
# Change calibre_port to 8010 if you're using XO laptops needing above idmgr ?
calibre_port: 8080
# Change calibre to XYZ to add your own mnemonic URL like: http://box/XYZ
calibre_web_path: calibre  #NEEDS WORK: https://github.com/iiab/iiab/issues/529
# Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below!

# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme
# If using PBX intensively, investigate nginx_high_php_limits further above.
pbx_install: False
pbx_enabled: False
pbx_use_apache: False   # 2023-04-03: Set to 'True' if nec -- please also
pbx_use_nginx: True     # read github.com/iiab/iiab/issues/2914 & #2916, THX!
# 2023-04-03: For EXPERIMENTAL testing on Raspberry Pi... (#3489, PR #3523)
asterisk_rpi_patch: False
asterisk_chan_dongle: False