IIAB/local vars.yml: Difference between revisions

From OLPC
Jump to navigation Jump to search
No edit summary
No edit summary
 
(6 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{xsce}}
{{xsce}}
Below is an example MEDIUM-sized <code>/etc/iiab/local_vars.yml</code> including a suite of about a dozen Internet-in-a-Box (IIAB) server apps &mdash; that have been well-tested on Raspberry Pi 3 and similar computers.


The latest/default version is generally here: https://github.com/iiab/iiab/blob/master/vars/local_vars_medium.yml
<br>
(Compare: MIN-sized with [[../local_vars_min.yml|local_vars_min.yml]] with ~6 apps, and BIG-sized with [[../local_vars_big.yml|local_vars_big.yml]] ~20 apps)


Please see [http://faq.iiab.io FAQ.IIAB.IO], specifically: [[../FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F|"What is local_vars.yml and how do I customize it?"]]
Please also see [http://faq.iiab.io FAQ.IIAB.IO], specifically: '''[[../FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F|"What is local_vars.yml and how do I customize it?"]]'''


WARNING: on small Internet-in-a-Box devices, it's common to want a [[IIAB/FAQ#Is_a_.22Rapid_Power_Off.22_button_possible_for_low-electricity_environments.3F|"Rapid Power Off" button]] clickable by '''''all''''' users in a clinic or home. Conversely, schoolteachers commonly want to disable this Power Off button, changing the "allow_apache_sudo" flag below to "False".


Here is an example MEDIUM-sized <code>/etc/iiab/local_vars.yml</code> including a suite of about a dozen Internet-in-a-Box (IIAB) server apps &mdash; that have been well-tested on Raspberry Pi 3 and similar computers: '''https://github.com/iiab/iiab/blob/master/vars/local_vars_medium.yml'''
<pre>
# This is local_vars_medium.yml -- copy it to /etc/iiab/local_vars.yml then...


# Put variables herein to override /opt/iiab/iiab/vars/default_vars.yml


(Compare: MIN-sized with [[../local_vars_min.yml|local_vars_min.yml]] with ~6 apps, and BIG-sized with [[../local_vars_big.yml|local_vars_big.yml]] ~20 apps ...using our '''[[../FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation.3F|new comparison table]]''')
# PLEASE READ http://wiki.iiab.io/local_vars.yml


# Orig Idea: branch github.com/xsce/xsce-local for your deployment/community


WARNING: on small Internet-in-a-Box devices, it's common to want a [[IIAB/FAQ#Is_a_.22Rapid_Power_Off.22_button_possible_for_low-electricity_environments.3F|"Rapid Power Off" button]] clickable by '''''all''''' users in a clinic or home. Conversely, schoolteachers commonly want to disable this Power Off button, changing the "allow_apache_sudo" flag to "False".

# Ansible's default timeout for "get_url:" downloads (10 seconds) often fails
download_timeout: 200

# Users and Passwords

iiab_admin_user: iiab-admin
# Obtain a password hash with:
# python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")'
# iiab_admin_passw_hash:
admin_install: True

# Set admin_install: False if you don't want iiab_admin_user & wheel group
# auto-created in roles/iiab-admin/tasks/main.yml, thereby disabling sudo-based
# warnings on use of published passwords like pi/raspberry & iiab-admin/g0adm1n

# If admin_install: False, set iiab_admin_user (above) to an existing Linux
# user that has sudo access, so you can login to Admin Console http://box/admin

iiab_hostname: box
iiab_domain: lan

# Set to /home or /wordpress or /mediawiki or /wiki (for DokuWiki)
iiab_home_url: /home

# Raspbian requires WiFi country since March 2018. Please set it here:
host_country_code: US
host_ssid: "Internet in a Box"
host_wifi_mode: g
host_channel: 6
hostapd_secure: False
hostapd_password: changeme

# Enables "campus access" to kiwix (3000), kalite (8008) & calibre (8010 or
# 8080) on WAN side of server. See network/templates/gateway/iiab-gen-iptables
# within github.com/iiab/iiab/blob/master/roles/
services_externally_visible: True

# Make this True if client machines should have access to WAN/Internet:
iiab_gateway_enabled: False

# dnsmasq
dnsmasq_install: True
dnsmasq_enabled: False

# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network"
dns_jail_enabled: False

# Simple python Captive Portal, that @m-anish & @jvonau are experimenting with in July 2018: github.com/iiab/iiab/pull/870
py_captive_portal_install: True
py_captive_portal_enabled: False

# Stages 3 & 4 must be run (using iiab-install or runrole) if changing these:
squid_install: False
squid_enabled: False

dansguardian_install: False
dansguardian_enabled: False

# Unmaintained as of October 2017: https://github.com/iiab/iiab/pull/382
# wondershaper_install: False
# wondershaper_enabled: False

# 1-PREP

# 2-COMMON

# 3-BASE-SERVER

# Make this False to disable http://box/common/services/power_off.php button:
allow_apache_sudo: True

# roles/mysql runs here (mandatory)

# 4-SERVER-OPTIONS

# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security
openvpn_install: True
openvpn_enabled: False

# Set /etc/iiab/openvpn_handle in advance here:
openvpn_handle: ""

# The following seems necessary on CentOS:
# openvpn_cron_enabled: True

# roles/network runs here (MANY SETTINGS ABOVE)

# PostgreSQL - auto-installed by Moodle and/or Pathagar - no need to touch!
postgresql_install: False
postgresql_enabled: False

# Unmaintained
# authserver_install: False
# authserver_enabled: False

# Common UNIX Printing System
cups_install: True
cups_enabled: False

# At Your Own Risk: take a security audit seriously before deploying this
samba_install: False
samba_enabled: False

# Show entire contents of USB sticks/drives (at http://box/usb)
iiab_usb_lib_show_all: True

# 5-XO-SERVICES

# Lesser-supported XO services need additional testing. Please contact
# http://lists.laptop.org/pipermail/server-devel/ if you're able to help test.

# xo_services_install: False
# xo_services_enabled: False

# activity_server_install: False
# activity_server_enabled: False

# Change calibre_port from 8080 to 8010 below, if you enable idmgr
# idmgr_install: False
# idmgr_enabled: False

# ejabberd_xs_install: False
# ejabberd_xs_enabled: False

# 6-GENERIC-APPS

# WARNING: CALIBRE REQUIRES X WINDOWS / OPENGL LIBRARIES. Consider installing
# an OS that includes a GUI (desktop) environment if you need Calibre E-Books.

calibre_install: True
calibre_enabled: True
# Try .deb upgrade of Calibre (like vars/raspbian-9.yml already does)
# calibre_via_debs: True
calibre_unstable_debs: False
# Try python x86_64 upgrade of Calibre (like vars/<most-OS's>.yml already do)
# calibre_via_python: True
# Change calibre_port to 8010 if you're using XO laptops needing above idmgr
calibre_port: 8080
# Change calibre to XYZ to add your own mnemonic URL like: http://box/XYZ
calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529
# In addition to: http://box/books box/libros box/livres box/livros box/liv

dokuwiki_install: False
dokuwiki_enabled: False

mediawiki_install: False
mediawiki_enabled: False

elgg_install: True
elgg_enabled: True

ejabberd_install: False
ejabberd_enabled: False

nextcloud_install: True
nextcloud_enabled: True

wordpress_install: True
wordpress_enabled: True

# 7-EDU-APPS

kalite_install: True
kalite_enabled: True
# Unused in 2018; but remains as placeholder for Fedora 18 legacy (XO laptops)
kalite_cron_enabled: True

kolibri_install: False
kolibri_enabled: False

kiwix_install: True
kiwix_enabled: True

# Warning: Moodle is a serious LMS, that takes a while to install
moodle_install: False
moodle_enabled: False

# OpenStreetMap: renamed from {iiab_install, iiab_enabled} in June 2017
osm_install: True
osm_enabled: True

# Similar to Calibre, but unmaintained
pathagar_install: False
pathagar_enabled: False

# Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879
# Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957
sugarizer_install: True
sugarizer_enabled: True

# 8-MGMT-TOOLS

awstats_install: True
awstats_enabled: True

monit_install: False
monit_enabled: False

munin_install: True
munin_enabled: True

# Handy for maintaining tables, but DANGEROUS if not locked down
phpmyadmin_install: False
phpmyadmin_enabled: False

# Unmaintained (better to install from http://teamviewer.com)
teamviewer_install: False
teamviewer_enabled: False

vnstat_install: True
vnstat_enabled: True

# Unmaintained
# sugar_stats_install: False
# sugar_stats_enabled: False

# Unmaintained
# xovis_install: False
# xovis_enabled: False

# Unmaintained
# schooltool_install: False
# schooltool_enabled: False

# Unmaintained
# debian_schooltool_install: False
# debian_schooltool_enabled: False
</pre>

Latest revision as of 18:03, 22 April 2019

This IIAB XSCE content does not reflect the opinion of OLPC. These pages were created by members of a volunteer community supporting OLPC and deployments.


Please also see FAQ.IIAB.IO, specifically: "What is local_vars.yml and how do I customize it?"


Here is an example MEDIUM-sized /etc/iiab/local_vars.yml including a suite of about a dozen Internet-in-a-Box (IIAB) server apps — that have been well-tested on Raspberry Pi 3 and similar computers: https://github.com/iiab/iiab/blob/master/vars/local_vars_medium.yml


(Compare: MIN-sized with local_vars_min.yml with ~6 apps, and BIG-sized with local_vars_big.yml ~20 apps ...using our new comparison table)


WARNING: on small Internet-in-a-Box devices, it's common to want a "Rapid Power Off" button clickable by all users in a clinic or home. Conversely, schoolteachers commonly want to disable this Power Off button, changing the "allow_apache_sudo" flag to "False".