Merge pull request #3299 from holta/10.10

Transition from 172.18.96.1 to 10.10.10.10 thanks to PR #3281
iiab · Jul 9, 2022 · e515143 · e515143
2 parents e04325e + 47fda4d
commit e515143
Show file tree

Hide file tree

Showing 19 changed files with 116 additions and 76 deletions.
diff --git a/roles/captiveportal/tasks/install.yml b/roles/captiveportal/tasks/install.yml
@@ -26,7 +26,7 @@
     mode: "{{ item.mode }}"
   with_items:
     - { src: roles/captiveportal/templates/checkurls, dest: /opt/iiab/captiveportal/, mode: '0644' }
-    - { src: roles/captiveportal/templates/iiab-divert-to-nginx, dest: /usr/sbin/, mode: '0755' }
+    - { src: roles/captiveportal/templates/iiab-divert-to-nginx.j2, dest: /usr/sbin/iiab-divert-to-nginx, mode: '0755' }
     - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, dest: /usr/sbin/, mode: '0755' }
 
 - name: Install /opt/iiab/captiveportal/capture-wsgi.py from template, mode '0755' (creates the server)

diff --git a/...tiveportal/templates/iiab-divert-to-nginx → ...eportal/templates/iiab-divert-to-nginx.j2 b/...tiveportal/templates/iiab-divert-to-nginx → ...eportal/templates/iiab-divert-to-nginx.j2
@@ -1,4 +1,4 @@
 #!/bin/bash -x
-awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
+awk '{print("address=/" $1 "/{{ lan_ip }}")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
 echo "#following tells windows 7 that captive portal is active" >> /etc/dnsmasq.d/capture
 echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture
diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml
@@ -76,14 +76,14 @@
     name: cups
     state: started
 
-# - name: "Authorize Nearby IP Addresses: Run 'cupsctl --remote-admin --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://172.18.96.1:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf"
+# - name: "Authorize Nearby IP Addresses: Run 'cupsctl --remote-admin --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://{{ lan_ip }}:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf"
 #   command: cupsctl --remote-admin --share-printers --user-cancel-any
 
 # 2021-07-11: BOTH FLAGS *CANNOT* BE USED TOGETHER -- CHOOSE ONE OR THE OTHER:
 # (1) '--remote-admin' AS ABOVE, OR (2) '--remote-any' AS BELOW.
 # (RUN 'cupsctl' WITHOUT PARAMETERS TO CONFIRM THIS!)
 
-- name: "Authorize All IP Addresses: Run 'cupsctl --remote-any --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://172.18.96.1:631 AND http://10.8.0.y:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf"
+- name: "Authorize All IP Addresses: Run 'cupsctl --remote-any --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://{{ lan_ip }}:631 AND http://10.8.0.y:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf"
   command: cupsctl --remote-any --share-printers --user-cancel-any
 
 # 2021-07-11: In theory 'cupsctl' stanzas could be put in enable-or-disable.yml
@@ -96,7 +96,7 @@
 #   command: cupsctl --no-remote-admin --no-remote-any --no-share-printers --no-user-cancel-any --no-debug-logging
 #   when: not cups_enabled
 
-# - name: "2021-07-14: EXPERIMENTALLY ADD DIRECTIVES TO /etc/cups/cupsd.conf followed by 'systemctl restart cups'.  As should no longer be nec thanks to NEW cups/templates/cups.conf for /etc/nginx/conf.d/cups.conf (followed by 'systemctl restart nginx').  Which FIXED URL'S LIKE: http://box/print, http://box.lan/print, http://192.168.0.x/print, http://172.18.96.1/print and http://10.8.0.x/print (WITH OR WITHOUT THE TRAILING SLASH!)  RECAP: (1) So be it that these 2 URL'S STILL DON'T WORK: http://box:631, http://box.lan:631 (due to CUPS' internal web server's overly stringent hostname checks, i.e. '400 Bad Request' and 'Request from \"localhost\" using invalid Host: field \"box[.lan]:631\".' in /var/log/cups/error_log) -- (2) While these 2 URL'S STILL DO WORK: http://localhost:631, http://127.0.0.1:631 -- (3) Whereas these 3 URL'S MAY WORK, DEPENDING ON 'cupsctl' COMMAND(S) ABOVE: http://192.168.0.x:631, http://172.18.96.1:631, http://10.8.0.x:631"
+# - name: "2021-07-14: EXPERIMENTALLY ADD DIRECTIVES TO /etc/cups/cupsd.conf followed by 'systemctl restart cups'.  As should no longer be nec thanks to NEW cups/templates/cups.conf for /etc/nginx/conf.d/cups.conf (followed by 'systemctl restart nginx').  Which FIXED URL'S LIKE: http://box/print, http://box.lan/print, http://192.168.0.x/print, http://{{ lan_ip }}/print and http://10.8.0.x/print (WITH OR WITHOUT THE TRAILING SLASH!)  RECAP: (1) So be it that these 2 URL'S STILL DON'T WORK: http://box:631, http://box.lan:631 (due to CUPS' internal web server's overly stringent hostname checks, i.e. '400 Bad Request' and 'Request from \"localhost\" using invalid Host: field \"box[.lan]:631\".' in /var/log/cups/error_log) -- (2) While these 2 URL'S STILL DO WORK: http://localhost:631, http://127.0.0.1:631 -- (3) Whereas these 3 URL'S MAY WORK, DEPENDING ON 'cupsctl' COMMAND(S) ABOVE: http://192.168.0.x:631, http://{{ lan_ip }}:631, http://10.8.0.x:631"
 #   lineinfile:
 #     path: /etc/cups/cupsd.conf
 #     line: "{{ item }}"
@@ -105,7 +105,7 @@
 #     - "HostNameLookups On"    # More False Leads: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530027
 #     - "ServerAlias *"
 #     - "#ServerName {{ iiab_hostname }}.{{ iiab_domain }}"    # box.lan
-#     - "#Listen {{ lan_ip }}:631"    # 172.18.96.1
+#     - "#Listen {{ lan_ip }}:631"    # e.g. 10.10.10.10
 #     - "#Listen 127.0.0.1:631"
 #     - "#Listen 0.0.0.0:631"
 #     - "#Listen *:631"

diff --git a/roles/cups/templates/cups.conf.j2 b/roles/cups/templates/cups.conf.j2
@@ -21,7 +21,7 @@ location ~ ^/print(|/.*)$ {    # '~' -> '~*' for case-insensitive regex
         return 301 http://localhost:631;
     }
 
-    return 301 http://$host:631;   # For 192.168.0.x, 172.18.96.1, 10.8.0.y ETC
+    return 301 http://$host:631;   # For 192.168.0.x, 10.10.10.10, 172.18.96.1, 10.8.0.y ETC
 }
 
 

diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml
@@ -32,8 +32,8 @@
     # mode: "{{ item.mode }}"
   with_items:
    - { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf' }
-   - { src: 'named/school.local.zone.db', dest: '/var/named-iiab/' }
-   - { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/' }
+   - { src: 'named/school.local.zone.db.j2', dest: '/var/named-iiab/school.local.zone.db' }
+   - { src: 'named/school.internal.zone.db.j2', dest: '/var/named-iiab/school.internal.zone.db' }
   when: named_install and named_enabled
 
 - name: Enable named service ({{ dns_service }}) if named_enabled

diff --git a/roles/network/tasks/named.yml b/roles/network/tasks/named.yml
@@ -58,8 +58,8 @@
     - { src: 'roles/network/templates/named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
     - { src: 'roles/network/templates/named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
 # the following two files are not writeable by named, but bind 9.4 cannot discover that fact correctly
-    - { src: 'roles/network/templates/named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db', owner: "root", mode: '0644' }
-    - { src: 'roles/network/templates/named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db', owner: "root", mode: '0644' }
+    - { src: 'roles/network/templates/named/school.internal.zone.db.j2', dest: '/var/named-iiab/school.internal.zone.db', owner: "root", mode: '0644' }
+    - { src: 'roles/network/templates/named/school.local.zone.db.j2', dest: '/var/named-iiab/school.local.zone.db', owner: "root", mode: '0644' }
     - { src: 'roles/network/templates/named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
     - { src: 'roles/network/templates/named/dummy', dest: '/var/named-iiab/data/dummy', owner: "{{ dns_user }}", mode: '0644' }
     - { src: 'roles/network/templates/named/named.blackhole', dest: '/var/named-iiab/named.blackhole', owner: "{{ dns_user }}", mode: '0644' }

diff --git a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2
@@ -5,27 +5,44 @@ ddns-update-style interim;
 #ignore client-updates;
 
 option domain-name "{{ iiab_domain }}";
-option domain-name-servers      172.18.96.1;
-option ntp-servers		172.18.96.1;
+option domain-name-servers      {{ lan_ip }};
+option ntp-servers              {{ lan_ip }};
 
+{% if network_172 %}
 subnet 172.18.96.0 netmask 255.255.224.0 {
-	{% if iiab_network_mode == "Gateway" %}
-	option routers			172.18.96.1;
-	{% endif %}
-	option subnet-mask		255.255.224.0;
-	option broadcast-address	172.18.127.255;
-	# this is the whole range we have available - 8K addresses
-	# range                           172.18.96.2 172.18.127.254;
-	# instead, we'll save 510 addresses for later. 
-	range                           172.18.96.2 172.18.125.254;
-	# the other /24s:
-	# -> 172.18.126.0/24 for static IP addresses
-	#    for printers, AP management consoles, etc.
-	# -> 172.18.127.0/24 for temporary addresses for 
-	#    XO activation
-
-        # As this subnet is wired or wifi a/b/g, these lease 
-	#    times are on the long side
-	default-lease-time 	10800;
-	max-lease-time 		21600;
+    {% if iiab_network_mode == "Gateway" %}
+    option routers               {{ lan_ip }};
+    {% endif %}
+    option subnet-mask           255.255.224.0;
+    option broadcast-address     172.18.127.255;
+    # Description of network allocations in old OLPC school server
+    # this is the whole range we have available - 8K addresses
+    # range                      172.18.96.2 172.18.127.254;
+    # instead, we'll save 510 addresses for later.
+    range                        172.18.96.2 172.18.125.254;
+    # the other /24s:
+    # -> 172.18.126.0/24 for static IP addresses
+    #    for printers, AP management consoles, etc.
+    # -> 172.18.127.0/24 for temporary addresses for
+    #    XO activation
+
+    # As this subnet is wired or wifi a/b/g, these lease
+    #    times are on the long side
+    default-lease-time      10800;
+    max-lease-time          21600;
+}
+{% else %}
+subnet 10.10.10.0 netmask 255.255.255.0 {
+    {% if iiab_network_mode == "Gateway" %}
+    option routers               {{ lan_ip }};
+    {% endif %}
+    option subnet-mask           255.255.255.0;
+    option broadcast-address     10.10.10.255;
+    range                        10.10.10.11 10.10.10.254;
+
+    # As this subnet is wired or wifi a/b/g, these lease
+    #    times are on the long side
+    default-lease-time      10800;
+    max-lease-time          21600;
 }
+{% endif %}
diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables
@@ -64,7 +64,7 @@ echo "iiab_gateway_enabled: $iiab_gateway_enabled"
 echo
 #network_mode=`grep iiab_network_mode_applied /etc/iiab/iiab.ini | gawk '{print $3}'`
 #echo -e "Network Mode: $network_mode\n"
-lan_ip=$(iiab_var_value lan_ip)    # 172.18.96.1
+lan_ip=$(iiab_var_value lan_ip)    # e.g. 10.10.10.10
 
 ports_externally_visible=$(iiab_var_value ports_externally_visible)
 gw_block_https=$(iiab_var_value gw_block_https)

diff --git a/roles/network/templates/named/school.internal.zone.db b/roles/network/templates/named/school.internal.zone.db
diff --git a/roles/network/templates/named/school.internal.zone.db.j2 b/roles/network/templates/named/school.internal.zone.db.j2
@@ -0,0 +1,27 @@
+@ in soa localhost. root 1 3H 15M 1W 1D
+  ns localhost.
+
+{{ iiab_hostname }}	IN	A	{{ lan_ip }}
+schoolserver	IN	A	{{ lan_ip }}
+school		IN	A	{{ lan_ip }}
+www		IN	A	{{ lan_ip }}
+ntp		IN	A	{{ lan_ip }}
+time		IN	A	{{ lan_ip }}
+presence	IN	A	{{ lan_ip }}
+xs		IN	A	{{ lan_ip }}
+library		IN	A	{{ lan_ip }}
+box		IN	A	{{ lan_ip }}
+
+
+conference.schoolserver	IN	A	{{ lan_ip }}
+
+
+; translations of school - in plain latin script
+; or un punycode of the utf-8 representation
+
+; es - escuela
+escuela         IN      CNAME       school
+
+; de - schule
+schule          IN      CNAME       school
+
diff --git a/...work/templates/named/school.local.zone.db → ...k/templates/named/school.local.zone.db.j2 b/...work/templates/named/school.local.zone.db → ...k/templates/named/school.local.zone.db.j2
@@ -3,18 +3,18 @@
 @ in soa localhost. root 1 3H 15M 1W 1D
   ns localhost.
 
-{{ iiab_hostname }}	IN	A	172.18.96.1
-schoolserver	IN	A	172.18.96.1
-school		IN	A	172.18.96.1
-www		IN	A	172.18.96.1
-ntp		IN	A	172.18.96.1
-time		IN	A	172.18.96.1
-presence	IN	A	172.18.96.1
-xs		IN	A	172.18.96.1
-library		IN	A	172.18.96.1
-box		IN	A	172.18.96.1
+{{ iiab_hostname }}	IN	A	{{ lan_ip }}
+schoolserver	IN	A	{{ lan_ip }}
+school		IN	A	{{ lan_ip }}
+www		IN	A	{{ lan_ip }}
+ntp		IN	A	{{ lan_ip }}
+time		IN	A	{{ lan_ip }}
+presence	IN	A	{{ lan_ip }}
+xs		IN	A	{{ lan_ip }}
+library		IN	A	{{ lan_ip }}
+box		IN	A	{{ lan_ip }}
 
-conference.schoolserver	IN	A	172.18.96.1
+conference.schoolserver	IN	A	{{ lan_ip }}
 
 
 ; translations of school - in plain latin script

diff --git a/roles/network/templates/network/bridge-br0 b/roles/network/templates/network/bridge-br0
@@ -6,7 +6,11 @@ interface-name=br0
 permissions=
 
 [ipv4]
+{% if network_172 %}
 address1={{ lan_ip }}/19
+{% else %}
+address1={{ lan_ip }}/24
+{% endif %}
 dns-search={{ iiab_domain }}
 method=manual
 

diff --git a/roles/network/templates/network/dhcpcd.conf.j2 b/roles/network/templates/network/dhcpcd.conf.j2
@@ -58,7 +58,11 @@ denyinterfaces {{ iiab_wired_lan_iface }}
 
 {% if dhcpcd_result == "enabled" and iiab_lan_iface != "none" %}
 interface {{ iiab_lan_iface }}
+{% if network_172 %}
 static ip_address={{ lan_ip }}/19
+{% else %}
+static ip_address={{ lan_ip }}/24
+{% endif %}
 static domain_name_servers=127.0.0.1
 {% endif %}
 

diff --git a/roles/network/templates/network/dnsmasq.conf.j2 b/roles/network/templates/network/dnsmasq.conf.j2
@@ -18,7 +18,12 @@ addn-hosts=/etc/hosts.dnsmasq
 expand-hosts
 
 # Specify the range of IP addresses the DHCP server will lease out to devices, and the duration of the lease
+{% if network_172 %}
 dhcp-range=172.18.100.1,172.18.126.254,1h
+{% else %}
+dhcp-range=10.10.10.11,10.10.10.254,1h
+{% endif %}
+
 # Specify the default route
 dhcp-option=3,{{ lan_ip }}
 # Specify the DNS server address

diff --git a/roles/network/templates/network/systemd-br0-network.j2 b/roles/network/templates/network/systemd-br0-network.j2
@@ -3,7 +3,11 @@
 Name=br0
 
 [Network]
+{% if network_172 %}
 Address={{ lan_ip }}/19
+{% else %}
+Address={{ lan_ip }}/24
+{% endif %}
 LinkLocalAddressing=no
 ConfigureWithoutCarrier=yes
 RequiredForOnline=degraded-carrier

diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md
@@ -43,7 +43,7 @@ Useful PHP recommendations for these settings (while largely tailored to WordPre
 
 ## Using It
 
-Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://172.18.96.1/nextcloud (or similar) using:
+Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://10.10.10.10/nextcloud (or similar) using:
 
     Username: Admin
     Password: changeme

diff --git a/roles/samba/templates/smb.conf.j2 b/roles/samba/templates/smb.conf.j2
@@ -92,7 +92,12 @@
 ;	netbios name = MYSERVER
 
 ;	interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
+
+{% if network_172 %}
 	hosts allow = 127. 172.18.
+{% else %}
+	hosts allow = 127. 10.10.10.
+{% endif %}
 
 ;	max protocol = SMB2
 

diff --git a/roles/transmission/defaults/main.yml b/roles/transmission/defaults/main.yml
@@ -12,7 +12,7 @@
 # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme
 # transmission_http_port: 9091
 # transmission_url: /transmission/
-# transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*
+# transmission_whitelist: 127.0.0.1,::1,192.168.*.*,10.10.10.*,172.18.96.*,10.8.0.*
 # transmission_whitelist_enabled: "false"  # LOWERCASE STRING for settings.json
 # transmission_peer_port: 51413
 

diff --git a/vars/default_vars.yml b/vars/default_vars.yml
@@ -99,8 +99,9 @@ js_menu_install: True
 
 iiab_hostname: box
 iiab_domain: lan
-lan_ip: 172.18.96.1
-lan_netmask: 255.255.224.0
+lan_ip: 10.10.10.10
+network_172: False    # Change to True if you set the above to 172.18.96.1
+lan_netmask: 255.255.255.0    # Change to 255.255.224.0 if using 172.18.96.1
 
 # Internal Wi-Fi Access Point
 # Values are used if there is an internal Wi-Fi adapter and hostapd is enabled.
@@ -541,7 +542,7 @@ transmission_group: debian-transmission
 # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme
 transmission_http_port: 9091
 transmission_url: /transmission/
-transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.*
+transmission_whitelist: 127.0.0.1,::1,192.168.*.*,10.10.10,*,172.18.96.*,10.8.0.*
 transmission_whitelist_enabled: "false"    # LOWERCASE STRING for settings.json
 transmission_peer_port: 51413