IIAB/local vars.yml

From OLPC
< IIAB
Revision as of 01:34, 15 May 2018 by Holt (talk | contribs)
Jump to navigation Jump to search

This IIAB XSCE content does not reflect the opinion of OLPC. These pages were created by members of a volunteer community supporting OLPC and deployments.

Below is an EXAMPLE /opt/iiab/iiab/vars/local_vars.yml including a suite of about a dozen Internet-in-a-Box (IIAB) server apps — that have been well-tested on Raspberry Pi 3 and similar computers.

The latest/default version is generally here: https://github.com/iiab/iiab/blob/master/vars/medium.localvars

WARNING: on small Internet-in-a-Box devices, it's common to want a "Rapid Power Off" button clickable by all users in a clinic or home. Conversely, schoolteachers commonly want to disable this Power Off button, changing the "allow_apache_sudo" flag below to "False".

COMPARE: local_vars_min.yml (~6 apps), local_vars_big.yml (~20 apps)

Please see FAQ.IIAB.IO, specifically: "What is local_vars.yml and how do I customize it?"

# This is local_vars_medium.yml -- copy it to local_vars.yml then...

# Put variables herein to override /opt/iiab/iiab/vars/default_vars.yml

# PLEASE READ http://wiki.iiab.io/local_vars.yml

# Orig Idea: branch github.com/xsce/xsce-local for your deployment/community


# Ansible's default timeout for "get_url:" downloads (10 seconds) often fails
download_timeout: 200

# Users and Passwords

iiab_admin_user: iiab-admin
# Obtain a password hash with:
#    python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")'
# iiab_admin_passw_hash:
admin_install: True

# Set admin_install: False if you don't want iiab_admin_user & wheel group
# auto-created in roles/iiab-admin/tasks/main.yml, thereby disabling sudo-based
# warnings on use of published passwords like pi/raspberry & iiab-admin/g0adm1n

# If admin_install: False, set iiab_admin_user (above) to an existing Linux
# user that has sudo access, so you can login to Admin Console http://box/admin

iiab_hostname: box
iiab_domain: lan

# Set to /home or /wordpress or /mediawiki or /wiki (for DokuWiki)
iiab_home_url: /home

# Raspbian requires WiFi country since March 2018.  Please set it here:
host_country_code: US
host_ssid: "Internet in a Box"
host_wifi_mode: g
host_channel: 6
hostapd_secure: False
hostapd_password: changeme

dns_jail_enabled: False

# Enables "campus access" to kiwix (3000), kalite (8008) & calibre (8010 or
# 8080) on WAN side of server. See network/templates/gateway/iiab-gen-iptables
# within github.com/iiab/iiab/blob/master/roles/
services_externally_visible: True

# Make this True if client machines should have access to WAN/Internet:
iiab_gateway_enabled: False

# Make this False to disable http://box/common/services/power_off.php button:
allow_apache_sudo: True

# Stages 3 & 4 must be run (using iiab-install or runtags) if changing these:
squid_install: False
squid_enabled: False

dansguardian_install: False
dansguardian_enabled: False

# Unmaintained as of October 2017: https://github.com/iiab/iiab/pull/382
# wondershaper_install: False
# wondershaper_enabled: False

# 1-PREP

# 2-COMMON

# 3-BASE-SERVER

# roles/mysql runs here (mandatory)

# 4-SERVER-OPTIONS

# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security
openvpn_install: True
openvpn_enabled: False
# The following seems necessary on CentOS:
# openvpn_cron_enabled: True
# If changing the above, remember to run "cd /opt/iiab/iiab; ./runtags openvpn"

# roles/network runs here (MANY SETTINGS ABOVE)

# PostgreSQL - auto-installed by Moodle and/or Pathagar - no need to touch!
postgresql_install: False
postgresql_enabled: False

# Unmaintained
# authserver_install: False
# authserver_enabled: False

# Common UNIX Printing System
cups_install: True
cups_enabled: False

# At Your Own Risk: take a security audit seriously before deploying this
samba_install: False
samba_enabled: False

# Show entire contents of USB sticks/drives (at http://box/usb)
iiab_usb_lib_show_all: True

# 5-XO-SERVICES

# Lesser-supported XO services need additional testing.  Please contact
# http://lists.laptop.org/pipermail/server-devel/ if you're able to help test.

# xo_services_install: False
# xo_services_enabled: False

# activity_server_install: False
# activity_server_enabled: False

# Change calibre_port from 8080 to 8010 below, if you enable idmgr
# idmgr_install: False
# idmgr_enabled: False

# ejabberd_xs_install: False
# ejabberd_xs_enabled: False

# 6-GENERIC-APPS

# WARNING: CALIBRE REQUIRES X WINDOWS / OPENGL LIBRARIES.  Consider installing
# an OS that includes a GUI (desktop) environment if you need Calibre E-Books.

calibre_install: True
calibre_enabled: True
# Try .deb upgrade of Calibre (like vars/raspbian-9.yml already does)
# calibre_via_debs: True
calibre_unstable_debs: False
# Try python x86_64 upgrade of Calibre (like vars/<most-OS's>.yml already do)
# calibre_via_python: True
# Change calibre_port to 8010 if you're using XO laptops needing above idmgr
calibre_port: 8080
# Change calibre to XYZ to add your own mnemonic URL like: http://box/XYZ
calibre_web_path: calibre  #NEEDS WORK: https://github.com/iiab/iiab/issues/529
# In addition to: http://box/books box/libros box/livres box/livros box/liv

dokuwiki_install: False
dokuwiki_enabled: False

mediawiki_install: False
mediawiki_enabled: False

elgg_install: True
elgg_enabled: True

ejabberd_install: False
ejabberd_enabled: False

nextcloud_install: True
nextcloud_enabled: True

wordpress_install: True
wordpress_enabled: True

# 7-EDU-APPS

kalite_install: True
kalite_enabled: True
kalite_cron_enabled: True

kiwix_install: True
kiwix_enabled: True

# Warning: Moodle is a serious LMS, that takes a while to install
moodle_install: False
moodle_enabled: False

# OpenStreetMap: renamed from {iiab_install, iiab_enabled} in June 2017
osm_install: True
osm_enabled: True

# Similar to Calibre, but unmaintained
pathagar_install: False
pathagar_enabled: False

# Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879
sugarizer_install: True
sugarizer_enabled: True
# sugarizer_enabled is currently IGNORED as basic Sugarizer works w/o Journal!
# https://github.com/iiab/iiab/issues/193 Subsequent "./runtags sugarizer" fail
# https://github.com/iiab/iiab/issues/240 Sugarizer 0.8 to 0.9 ongoing issues

# 8-MGMT-TOOLS

awstats_install: True
awstats_enabled: True

monit_install: False
monit_enabled: False

munin_install: True
munin_enabled: True

# Handy for maintaining tables, but DANGEROUS if not locked down
phpmyadmin_install: False
phpmyadmin_enabled: False

# Unmaintained (better to install from http://teamviewer.com)
teamviewer_install: False
teamviewer_enabled: False

vnstat_install: True
vnstat_enabled: True

# Unmaintained
# sugar_stats_install: False
# sugar_stats_enabled: False

# Unmaintained
# xovis_install: False
# xovis_enabled: False

# Unmaintained
# schooltool_install: False
# schooltool_enabled: False

# Unmaintained
# debian_schooltool_install: False
# debian_schooltool_enabled: False