external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity
iiab/vars/local_vars_medium.yml
root fd31e42e07 local_vars.yml: Check your PHP limits
2021-06-28 22:55:35 +00:00

411 lines
15 KiB
YAML
Raw Blame History

# This is local_vars_medium.yml -- copy it to /etc/iiab/local_vars.yml then...
# modify variables below, to override /opt/iiab/iiab/vars/default_vars.yml
# PLZ READ http://wiki.laptop.org/go/IIAB/local_vars.yml AND http://FAQ.IIAB.IO
# Orig Idea: branch github.com/xsce/xsce-local for your deployment/community
# IIAB does NOT currently support uninstalling apps! So: if any IIAB app is
# installed with 'APP_XYZ_install: True' below, do NOT later change that.
# WARNING: IF YOU CONNECT YOUR IIAB'S INTERNAL WIFI TO THE INTERNET OVER 5 GHz,
# YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM
# CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below.
# Ansible's default timeout for "get_url:" downloads (10 seconds) often fails
download_timeout: 200
# Languages (for Apache)
default_language: en
language_priority: en es fr
# Real-time clock: set RTC chip family here. Future auto-detection plausible?
# rtc_id: ds3231
# Please read more about the 'iiab-admin' Linux user, for login to IIAB's
# Admin Console (http://box.lan/admin) AND to help you at the command-line:
# https://github.com/iiab/iiab/tree/master/roles/iiab-admin
# https://github.com/iiab/iiab-admin-console/blob/master/Authentication.md
#
iiab_admin_user: iiab-admin # Some prefer to reuse 'pi' or 'ubuntu' etc.
# Set iiab_admin_user_install: False if you don't want iiab_admin_user auto-
# configured e.g. by IIAB's 1-line installer & iiab-admin/tasks/admin-user.yml
iiab_admin_user_install: True # If False, THE SETTING BELOW WILL BE IGNORED.
iiab_admin_can_sudo: True # For /usr/bin/iiab-* support commands. Optional.
# Set these to False if you do not want to install/enable IIAB Admin Console
admin_console_install: True
admin_console_enabled: True
#
# Set to "False" if you do not want to use the latest js-menus, either because
# you use WordPress or another home page, or if you prefer the older
# https://github.com/iiab/iiab-menu (no longer maintained)
js_menu_install: True
# IIAB Networking README: https://github.com/iiab/iiab/tree/master/roles/network
# IIAB Networking Doc: https://github.com/iiab/iiab/wiki/IIAB-Networking
# Read it offline too: http://box/info > "IIAB Networking"
iiab_hostname: box
iiab_domain: lan
# Homepage: set to /home or /wordpress or /wiki (for MediaWiki)
iiab_home_url: /home
# You might also want to set captiveportal_splash_page (below!)
# WARNING: IF YOU CONNECT YOUR IIAB'S INTERNAL WIFI TO THE INTERNET OVER 5 GHz,
# YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM
# CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below.
#
# Raspberry Pi OS requires Wi-Fi country since March 2018. Please set it here:
host_country_code: US
host_ssid: Internet in a Box
host_wifi_mode: g
host_channel: 6
hostapd_secure: False # 2021-03-02 #2696 WiFi EAPOL fails if hotspot passwords,
hostapd_password: changeme # eg if firmware wifi_hotspot_capacity_rpi_fix: True
wifi_hotspot_capacity_rpi_fix: True # Restores the ability of RPi internal
# WiFi hotspots to service 30-to-32 client devices. Background explanation:
# https://github.com/iiab/iiab/issues/823#issuecomment-662285202 and PR #2472.
wifi_up_down: True # Creates a 2nd virtual WiFi adapter for upstream WiFi
# (e.g. to Internet) in addition to downstream WiFi (e.g. classroom hotspot).
# You can set iiab_gateway_enabled below, to enable "passthrough" to Internet.
# See "How do I set a static IP address?" for Ethernet, in http://FAQ.IIAB.IO
wan_ip: dhcp # wan_ip: 192.168.1.99
wan_netmask: # wan_netmask: 255.255.255.0
wan_gateway: # wan_gateway: 192.168.1.254
# If nec wan_nameserver can override ISP-provided DNS servers via dnsmasq:
# /etc/resolv.conf dictates which backend is used for the machine itself, so
# 127.0.0.1 means you get dnsmasq (so it works right away on RaspiOS) while
# 127.0.0.53 gives you systemd-networkd (so Ubuntu itself does NOT use this
# dnsmasq-specified upstream DNS [e.g. wan_nameserver] but its LAN clients do!)
wan_nameserver: # wan_nameserver: 192.168.1.254 or 8.8.8.8 or 1.1.1.1
wan_try_dhcp_before_static_ip: True # Facilitate field updates w/ cablemodems
# Enable "campus access" to ~10 common IIAB services like Kiwix (3000), KA Lite
# (8008) and Calibre (8010 or 8080) etc, on the WAN side of your IIAB server.
# Only 1 of the 6 lines below should be uncommented:
#
#ports_externally_visible: 0 # none
#ports_externally_visible: 1 # ssh only
#ports_externally_visible: 2 # ssh + http-or-https (for Admin Console's box.lan/admin too)
ports_externally_visible: 3 # ssh + http-or-https + common IIAB services
#ports_externally_visible: 4 # ssh + http-or-https + common IIAB services + Samba
#ports_externally_visible: 5 # all but databases
#
# Or further customize your iptables firewall by editing:
# /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables
# And then run: cd /opt/iiab/iiab; ./iiab-network
# Set True if client machines should have "passthrough" access to WAN/Internet:
iiab_gateway_enabled: False
dhcpd_install: False
dhcpd_enabled: False
# named (BIND)
named_install: False
named_enabled: False
# dnsmasq - handles DHCP and DNS
dnsmasq_install: True
dnsmasq_enabled: True
# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network"
dns_jail_enabled: False
# Python-based Captive Portal, that @m-anish & @jvonau experimented with in
# July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
# extensively later refined (PRs #1179, #1300, #1327, #2070).
captiveportal_install: True
captiveportal_enabled: False
captiveportal_splash_page: /
# You might also want to set iiab_home_url (above!)
# In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
# Bluetooth PAN access to IIAB server
bluetooth_install: True
bluetooth_enabled: False
bluetooth_term_enabled: False
# UNMAINTAINED as of October 2017: https://github.com/iiab/iiab/pull/382
# wondershaper_install: False
# wondershaper_enabled: False
# 1-PREP
# SSHD runs here & also below in 4-SERVER-OPTIONS
sshd_install: True # Required by OpenVPN
sshd_enabled: True
# IIAB-ADMIN runs here - see its vars near top of this file:
# e.g. iiab_admin_user_install, iiab_admin_user, iiab_admin_pwd_hash
# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security
openvpn_install: True
openvpn_enabled: False
# Set /etc/iiab/openvpn_handle in advance here:
openvpn_handle: MEDIUM-sized - Put Your Name Here
# Some prefer 512MB for Zero W, others prefer 2048MB or higher for RPi 3 and 4.
# Please see recommendations at: https://itsfoss.com/swap-size/
pi_swap_file_size: 1024
# 2-COMMON
# /usr/libexec/iiab-startup.sh is much like autoexec.bat & /etc/rc.local
# It's put in place by 2-common/tasks/iiab-startup.yml at the end of Stage 2.
# 3-BASE-SERVER
# roles/mysql runs here (mandatory)
# For schools that use WordPress/Nextcloud/Moodle/PBX intensively:
nginx_high_php_limits: False
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!
# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True'
# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS...
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133
# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini
# See also Apache vars {default_language, language_priority} @ top of this file
#
# Make this False to disable http://box/common/services/power_off.php button:
apache_allow_sudo: True
# 4-SERVER-OPTIONS
# SSHD runs here & also above in 1-PREP
# DNS prep (dnsmasq, named &/or dhcpd) run here. The full network stage runs
# after 9-LOCAL-ADDONS (or manually run "cd /opt/iiab/iiab; ./iiab-network")
squid_install: False
squid_enabled: False
# DansGuardian REQUIRES Squid (above) be installed & enabled.
# DansGuardian is NO LONGER AVAILABLE in Debian Buster i.e. since June 2019.
dansguardian_install: False
dansguardian_enabled: False
# Common UNIX Printing System (CUPS)
cups_install: False
cups_enabled: False
# At Your Own Risk: take a security audit seriously before deploying this
samba_install: False
samba_enabled: False
# Show entire contents of USB sticks/drives (at http://box/usb)
iiab_usb_lib_show_all: True
# Set umask=0000 for VFAT, NTFS and exFAT in /etc/usbmount/usbmount.conf so
# Kolibri can export & import channels to USB sticks/drive:
usb_lib_umask0000_for_kolibri: True
# 5-XO-SERVICES
# Lesser-supported XO services need additional testing. Please contact
# http://lists.laptop.org/pipermail/server-devel/ if you're able to help test.
# UNMAINTAINED
# xo_services_install: False
# xo_services_enabled: False
# UNMAINTAINED
# activity_server_install: False
# activity_server_enabled: False
# UNMAINTAINED
# Please instead consider 'ejabberd' in Stage 6-GENERIC-APPS below
# ejabberd_xs_install: False
# ejabberd_xs_enabled: False
# UNMAINTAINED
# Change calibre_port from 8080 to 8010 below, if you enable idmgr
# idmgr_install: False
# idmgr_enabled: False
# 6-GENERIC-APPS
# UNMAINTAINED as of September 2020
azuracast_install: False
azuracast_enabled: False # This var is currently IGNORED.
# UNMAINTAINED as of January 2020: https://github.com/iiab/iiab/issues/2056
# dokuwiki_install: False
# dokuwiki_enabled: False
# UNMAINTAINED as of November 2019
# ejabberd_install: False
# ejabberd_enabled: False
elgg_install: False
elgg_enabled: False
# Gitea (lightweight self-hosted "GitHub") from https://gitea.io
gitea_install: False
gitea_enabled: False
# JupyterHub programming environment with student Notebooks
jupyterhub_install: False
jupyterhub_enabled: False
# Lokole (email for rural communities) from https://ascoderu.ca
lokole_install: False
lokole_enabled: False
mediawiki_install: False
mediawiki_enabled: False
# MQTT pub-sub broker for IoT on Raspberry Pi etc
mosquitto_install: False
mosquitto_enabled: False
# Flow-based visual programming for wiring together IoT hardware devices etc
nodered_install: False
nodered_enabled: False
# Store your docs, calendar, contacts & photos on your local server not cloud!
# If using Nextcloud intensively, set nginx_high_php_limits further above.
nextcloud_install: True
nextcloud_enabled: True
#
# 2020-02-15: UNUSED at this time. Legacy remains from Apache:
# nextcloud_allow_public_ips: True
#
# Configuration tips for IPv4 access controls and tuning RAM/resources:
# https://github.com/iiab/iiab/blob/master/roles/nextcloud/README.md
#
# 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle
# you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112).
# Uncomment the following line to end that: (might install an older Nextcloud!)
# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
# Untested since Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi.
# If using PBX intensively, set nginx_high_php_limits further above.
pbx_install: False
pbx_enabled: False
asterisk_chan_dongle: False
# If using WordPress intensively, set nginx_high_php_limits further above.
wordpress_install: True
wordpress_enabled: True
# 7-EDU-APPS
# KA Lite - SEE THE "Transmission" BITTORRENT DOWNLOADER FURTHER BELOW, TO INSTALL THOUSANDS OF VIDEOS
kalite_install: True
kalite_enabled: True
kolibri_install: False
kolibri_enabled: False
kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans
# kiwix_install: True is REQUIRED, if you install IIAB's Admin Console
kiwix_install: True
kiwix_enabled: True
# Warning: Moodle is a serious LMS, that takes a while to install
moodle_install: False
moodle_enabled: False
# If using Moodle intensively, set nginx_high_php_limits further above.
# Regional OSM vector maps use far less disk space than bitmap/raster versions.
# Instructions: https://github.com/iiab/iiab/wiki/IIAB-Maps
osm_vector_maps_install: True
osm_vector_maps_enabled: True
# Set to "True" to download .mbtiles files from Archive.org (might be slow!)
maps_from_internet_archive: False
# Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879
# Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957
# 2020-09-22: Both vars WERE IGNORED on Deb 10 (MongoDB) but no longer? #1437
sugarizer_install: True
sugarizer_enabled: True
# 8-MGMT-TOOLS
# BitTorrent downloader for large Content Packs etc
transmission_install: True
transmission_enabled: True
# A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission
# using http://pantry.learningequality.org/downloads/ka-lite/0.17/content/
transmission_kalite_languages:
#- english
#- french
#- hindi
#- portugal-portuguese
#- brazilian-portuguese
#- spanish
#- swahili
# B. Monitor BitTorrent downloads at http://box:9091 using Admin/changeme
# until the download is confirmed complete (can take hours if not days!)
# C. Carefully move all videos/thumbnails into /library/ka-lite/content
# (DO NOT OVERWRITE SUBFOLDERS assessment, locale, srt !)
# D. Log in to KA Lite at http://box:8008/updates/videos/ using Admin/changeme
# then click "Scan content folder for videos" (can take many minutes!)
# E. READ "KA Lite Administration: What tips & tricks exist?" AT http://FAQ.IIAB.IO
awstats_install: True
awstats_enabled: True
# 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849
monit_install: False
monit_enabled: False
munin_install: False
munin_enabled: False
# Handy for maintaining tables, but DANGEROUS if not locked down
phpmyadmin_install: False
phpmyadmin_enabled: False
vnstat_install: False
vnstat_enabled: False
# 9-LOCAL-ADDONS
# Internet Archive Decentralized Web - create your own offline version box:4244
# (or http://box/archive) arising from digital library https://dweb.archive.org
internetarchive_install: False
internetarchive_enabled: False
# Minetest is an open source clone of the Minecraft building blocks game
minetest_install: False
minetest_enabled: False
# Calibre E-Book Library
# WARNING: CALIBRE INSTALLS GRAPHICAL LIBRARIES SIMILAR TO X WINDOWS & OPENGL
# ON (HEADLESS, SERVER, LITE) OS'S THAT DON'T ALREADY HAVE THESE INSTALLED.
calibre_install: False
calibre_enabled: False
# Change calibre_port to 8010 if you're using XO laptops needing above idmgr ?
calibre_port: 8080
# Change calibre to XYZ to add your own mnemonic URL like: http://box/XYZ
calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529
# Avoid URL collisions w/ calibreweb_url1, calibreweb_url2, calibreweb_url3 below!
# WARNING: Calibre-Web (below) depends on Calibre's own /usr/bin/ebook-convert
# program, so we recommend you also install Calibre (above!)
# Calibre-Web alternative to Calibre, offers a clean/modern UX
calibreweb_install: True
calibreweb_enabled: True
calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019)
# http://box/books works. Add {box/libros, box/livres, box/livros, box/liv} etc?
calibreweb_url1: /books # For SHORT URL http://box/books (English)
calibreweb_url2: /libros # For SHORT URL http://box/libros (Spanish)
calibreweb_url3: /livres # For SHORT URL http://box/livres (French)
calibreweb_home: /library/calibre-web # default_vars.yml uses: "{{ content_base }}/calibre-web"
Reference in a new issue View git blame Copy permalink