IIAB/local vars.yml
This IIAB XSCE content does not reflect the opinion of OLPC. These pages were created by members of a volunteer community supporting OLPC and deployments.
Below is an EXAMPLE /opt/iiab/iiab/vars/local_vars.yml including a suite of about a dozen Internet-in-a-Box (IIAB) server apps — that have been well-tested on Raspberry Pi 3 and similar computers.
The latest/default version is generally here: https://github.com/iiab/iiab/blob/master/vars/medium.localvars
WARNING: on small Internet-in-a-Box devices, it's common to want a "Rapid Power Off" button clickable by all users in a clinic or home. Conversely, schoolteachers commonly want to disable this Power Off button, changing the "allow_apache_sudo" flag below to "False".
COMPARE: local_vars_min.yml (~6 apps), local_vars_big.yml (~20 apps)
Please see FAQ.IIAB.IO, specifically: "What is local_vars.yml and how do I customize it?"
# This is local_vars_medium.yml -- copy it to local_vars.yml then... # Put variables herein to override /opt/iiab/iiab/vars/default_vars.yml # PLEASE READ http://wiki.iiab.io/local_vars.yml # Orig Idea: branch github.com/xsce/xsce-local for your deployment/community # Ansible's default timeout for "get_url:" downloads (10 seconds) often fails download_timeout: 200 # Users and Passwords iiab_admin_user: iiab-admin # Obtain a password hash with: # python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")' # iiab_admin_passw_hash: admin_install: True # Set admin_install: False if you don't want iiab_admin_user & wheel group # auto-created in roles/iiab-admin/tasks/main.yml, thereby disabling sudo-based # warnings on use of published passwords like pi/raspberry & iiab-admin/g0adm1n # If admin_install: False, set iiab_admin_user (above) to an existing Linux # user that has sudo access, so you can login to Admin Console http://box/admin iiab_hostname: box iiab_domain: lan # Set to /home or /wordpress or /mediawiki or /wiki (for DokuWiki) iiab_home_url: /home # Raspbian requires WiFi country since March 2018. Please set it here: host_country_code: US host_ssid: "Internet in a Box" host_wifi_mode: g host_channel: 6 hostapd_secure: False hostapd_password: changeme dns_jail_enabled: False # Enables "campus access" to kiwix (3000), kalite (8008) & calibre (8010 or # 8080) on WAN side of server. See network/templates/gateway/iiab-gen-iptables # within github.com/iiab/iiab/blob/master/roles/ services_externally_visible: True # Make this True if client machines should have access to WAN/Internet: iiab_gateway_enabled: False # Make this False to disable http://box/common/services/power_off.php button: allow_apache_sudo: True # Stages 3 & 4 must be run (using iiab-install or runtags) if changing these: squid_install: False squid_enabled: False dansguardian_install: False dansguardian_enabled: False # Unmaintained as of October 2017: https://github.com/iiab/iiab/pull/382 # wondershaper_install: False # wondershaper_enabled: False # 1-PREP # 2-COMMON # 3-BASE-SERVER # roles/mysql runs here (mandatory) # 4-SERVER-OPTIONS # SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security openvpn_install: True openvpn_enabled: False # The following seems necessary on CentOS: # openvpn_cron_enabled: True # If changing the above, remember to run "cd /opt/iiab/iiab; ./runtags openvpn" # roles/network runs here (MANY SETTINGS ABOVE) # PostgreSQL - auto-installed by Moodle and/or Pathagar - no need to touch! postgresql_install: False postgresql_enabled: False # Unmaintained # authserver_install: False # authserver_enabled: False # Common UNIX Printing System cups_install: True cups_enabled: False # At Your Own Risk: take a security audit seriously before deploying this samba_install: False samba_enabled: False # Show entire contents of USB sticks/drives (at http://box/usb) iiab_usb_lib_show_all: True # 5-XO-SERVICES # Lesser-supported XO services need additional testing. Please contact # http://lists.laptop.org/pipermail/server-devel/ if you're able to help test. # xo_services_install: False # xo_services_enabled: False # activity_server_install: False # activity_server_enabled: False # Change calibre_port from 8080 to 8010 below, if you enable idmgr # idmgr_install: False # idmgr_enabled: False # ejabberd_xs_install: False # ejabberd_xs_enabled: False # 6-GENERIC-APPS # WARNING: CALIBRE REQUIRES X WINDOWS / OPENGL LIBRARIES. Consider installing # an OS that includes a GUI (desktop) environment if you need Calibre E-Books. calibre_install: True calibre_enabled: True # Try .deb upgrade of Calibre (like vars/raspbian-9.yml already does) # calibre_via_debs: True calibre_unstable_debs: False # Try python x86_64 upgrade of Calibre (like vars/<most-OS's>.yml already do) # calibre_via_python: True # Change calibre_port to 8010 if you're using XO laptops needing above idmgr calibre_port: 8080 # Change calibre to XYZ to add your own mnemonic URL like: http://box/XYZ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # In addition to: http://box/books box/libros box/livres box/livros box/liv dokuwiki_install: False dokuwiki_enabled: False mediawiki_install: False mediawiki_enabled: False elgg_install: True elgg_enabled: True ejabberd_install: False ejabberd_enabled: False nextcloud_install: True nextcloud_enabled: True wordpress_install: True wordpress_enabled: True # 7-EDU-APPS kalite_install: True kalite_enabled: True kalite_cron_enabled: True kiwix_install: True kiwix_enabled: True # Warning: Moodle is a serious LMS, that takes a while to install moodle_install: False moodle_enabled: False # OpenStreetMap: renamed from {iiab_install, iiab_enabled} in June 2017 osm_install: True osm_enabled: True # Similar to Calibre, but unmaintained pathagar_install: False pathagar_enabled: False # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 sugarizer_install: True sugarizer_enabled: True # sugarizer_enabled is currently IGNORED as basic Sugarizer works w/o Journal! # https://github.com/iiab/iiab/issues/193 Subsequent "./runtags sugarizer" fail # https://github.com/iiab/iiab/issues/240 Sugarizer 0.8 to 0.9 ongoing issues # 8-MGMT-TOOLS awstats_install: True awstats_enabled: True monit_install: False monit_enabled: False munin_install: True munin_enabled: True # Handy for maintaining tables, but DANGEROUS if not locked down phpmyadmin_install: False phpmyadmin_enabled: False # Unmaintained (better to install from http://teamviewer.com) teamviewer_install: False teamviewer_enabled: False vnstat_install: True vnstat_enabled: True # Unmaintained # sugar_stats_install: False # sugar_stats_enabled: False # Unmaintained # xovis_install: False # xovis_enabled: False # Unmaintained # schooltool_install: False # schooltool_enabled: False # Unmaintained # debian_schooltool_install: False # debian_schooltool_enabled: False