IIAB/local vars min.yml

From OLPC
< IIAB
Revision as of 17:09, 11 August 2018 by Holt (talk | contribs)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

This IIAB XSCE content does not reflect the opinion of OLPC. These pages were created by members of a volunteer community supporting OLPC and deployments.

Below is an example MIN-sized /etc/iiab/local_vars.yml including a very basic suite of a half-dozen Internet-in-a-Box (IIAB) server apps — to enable a rapid and compact install, e.g. on Raspberry Pi 3 and similar computers.

The latest/default version is generally here: https://github.com/iiab/iiab/blob/master/vars/local_vars_min.yml
(Compare: MEDIUM-sized local_vars.yml with ~12 apps, and BIG-sized local_vars_big.yml with ~20 apps)

Please see FAQ.IIAB.IO, specifically: "What is local_vars.yml and how do I customize it?"

WARNING: on small Internet-in-a-Box devices, it's common to want a "Rapid Power Off" button clickable by all users in a clinic or home. Conversely, schoolteachers commonly want to disable this Power Off button, changing the "allow_apache_sudo" flag below to "False". 

# This is local_vars_min.yml -- copy it to /etc/iiab/local_vars.yml then...

# Put variables herein to override /opt/iiab/iiab/vars/default_vars.yml

# PLEASE READ http://wiki.iiab.io/local_vars.yml

# Orig Idea: branch github.com/xsce/xsce-local for your deployment/community


# Ansible's default timeout for "get_url:" downloads (10 seconds) often fails
download_timeout: 200

# Users and Passwords

iiab_admin_user: iiab-admin
# Obtain a password hash with:
#    python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")'
# iiab_admin_passw_hash:
admin_install: True

# Set admin_install: False if you don't want iiab_admin_user & wheel group
# auto-created in roles/iiab-admin/tasks/main.yml, thereby disabling sudo-based
# warnings on use of published passwords like pi/raspberry & iiab-admin/g0adm1n

# If admin_install: False, set iiab_admin_user (above) to an existing Linux
# user that has sudo access, so you can login to Admin Console http://box/admin

iiab_hostname: box
iiab_domain: lan

# Set to /home or /wordpress or /mediawiki or /wiki (for DokuWiki)
iiab_home_url: /home

# Raspbian requires Wi-Fi country since March 2018.  Please set it here:
host_country_code: US
host_ssid: "Internet in a Box"
host_wifi_mode: g
host_channel: 6
hostapd_secure: False
hostapd_password: changeme

# Enables "campus access" to kiwix (3000), kalite (8008) & calibre (8010 or
# 8080) on WAN side of server. See network/templates/gateway/iiab-gen-iptables
# within github.com/iiab/iiab/blob/master/roles/
services_externally_visible: True

# Make this True if client machines should have access to WAN/Internet:
iiab_gateway_enabled: False

# dnsmasq
dnsmasq_install: True
dnsmasq_enabled: False

# Enable AFTER installing IIAB!  Then run "cd /opt/iiab/iiab; ./iiab-network"
dns_jail_enabled: False

# Simple python Captive Portal, that @m-anish & @jvonau are experimenting with in July 2018: github.com/iiab/iiab/pull/870
py_captive_portal_install: True
py_captive_portal_enabled: False

# Stages 3 & 4 must be run (using iiab-install or runrole) if changing these:
squid_install: False
squid_enabled: False

dansguardian_install: False
dansguardian_enabled: False

# Unmaintained as of October 2017: https://github.com/iiab/iiab/pull/382
# wondershaper_install: False
# wondershaper_enabled: False

# 1-PREP

# 2-COMMON

# 3-BASE-SERVER

# Make this False to disable http://box/common/services/power_off.php button:
allow_apache_sudo: True

# roles/mysql runs here (mandatory)

# 4-SERVER-OPTIONS

# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security
openvpn_install: True
openvpn_enabled: False
# The following seems necessary on CentOS:
# openvpn_cron_enabled: True
# If changing the above, remember to run "cd /opt/iiab/iiab; ./runrole openvpn"

# roles/network runs here (MANY SETTINGS ABOVE)

# PostgreSQL - auto-installed by Moodle and/or Pathagar - no need to touch!
postgresql_install: False
postgresql_enabled: False

# Unmaintained
# authserver_install: False
# authserver_enabled: False

# Common UNIX Printing System
cups_install: False
cups_enabled: False

# At Your Own Risk: take a security audit seriously before deploying this
samba_install: False
samba_enabled: False

# Show entire contents of USB sticks/drives (at http://box/usb)
iiab_usb_lib_show_all: True

# 5-XO-SERVICES

# Lesser-supported XO services need additional testing.  Please contact
# http://lists.laptop.org/pipermail/server-devel/ if you're able to help test.

# xo_services_install: False
# xo_services_enabled: False

# activity_server_install: False
# activity_server_enabled: False

# Change calibre_port from 8080 to 8010 below, if you enable idmgr
# idmgr_install: False
# idmgr_enabled: False

# ejabberd_xs_install: False
# ejabberd_xs_enabled: False

# 6-GENERIC-APPS

# WARNING: CALIBRE REQUIRES X WINDOWS / OPENGL LIBRARIES.  Consider installing
# an OS that includes a GUI (desktop) environment if you need Calibre E-Books.

calibre_install: False
calibre_enabled: False
# Try .deb upgrade of Calibre (like vars/raspbian-9.yml already does)
# calibre_via_debs: True
calibre_unstable_debs: False
# Try python x86_64 upgrade of Calibre (like vars/<most-OS's>.yml already do)
# calibre_via_python: True
# Change calibre_port to 8010 if you're using XO laptops needing above idmgr
calibre_port: 8080
# Change calibre to XYZ to add your own mnemonic URL like: http://box/XYZ
calibre_web_path: calibre  #NEEDS WORK: https://github.com/iiab/iiab/issues/529
# In addition to: http://box/books box/libros box/livres box/livros box/liv

dokuwiki_install: False
dokuwiki_enabled: False

mediawiki_install: False
mediawiki_enabled: False

elgg_install: False
elgg_enabled: False

ejabberd_install: False
ejabberd_enabled: False

nextcloud_install: False
nextcloud_enabled: False

wordpress_install: False
wordpress_enabled: False

# 7-EDU-APPS

kalite_install: True
kalite_enabled: True
# Unused in 2018; but remains as placeholder for Fedora 18 legacy (XO laptops)
kalite_cron_enabled: True

kolibri_install: False
kolibri_enabled: False

kiwix_install: True
kiwix_enabled: True

# Warning: Moodle is a serious LMS, that takes a while to install
moodle_install: False
moodle_enabled: False

# OpenStreetMap: renamed from {iiab_install, iiab_enabled} in June 2017
osm_install: False
osm_enabled: False

# Similar to Calibre, but unmaintained
pathagar_install: False
pathagar_enabled: False

# Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879
# Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957
sugarizer_install: False
sugarizer_enabled: False

# 8-MGMT-TOOLS

awstats_install: True
awstats_enabled: True

monit_install: False
monit_enabled: False

munin_install: True
munin_enabled: True

# Handy for maintaining tables, but DANGEROUS if not locked down
phpmyadmin_install: False
phpmyadmin_enabled: False

# Unmaintained (better to install from http://teamviewer.com)
teamviewer_install: False
teamviewer_enabled: False

vnstat_install: True
vnstat_enabled: True

# Unmaintained
# sugar_stats_install: False
# sugar_stats_enabled: False

# Unmaintained
# xovis_install: False
# xovis_enabled: False

# Unmaintained
# schooltool_install: False
# schooltool_enabled: False

# Unmaintained
# debian_schooltool_install: False
# debian_schooltool_enabled: False
Retrieved from "http://wiki.laptop.org/mediawiki/index.php?title=IIAB/local_vars_min.yml&oldid=301073"