projects / Institute / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a37fb87)
Update README.html. main
authorMatt Birkholz <matt@birchwood-abbey.net>
Wed, 30 Oct 2024 04:35:45 +0000 (21:35 -0700)
committerMatt Birkholz <matt@birchwood-abbey.net>
Wed, 30 Oct 2024 04:35:45 +0000 (21:35 -0700)
README.html patch | blob | history

diff --git a/README.html b/README.html
index 720bf1b8cfa01303be473d166e2f764d53fd41c0..b92892eda2383e909b38e8860361c23cdd25c4d0 100644 (file)
--- a/README.html
+++ b/README.html
@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2024-09-03 Tue 08:43 -->
+<!-- 2024-10-29 Tue 21:35 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>A Small Institute</title>
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>A Small Institute</title>
@@ -48,7 +48,7 @@ connects to Front making the institute email, cloud, etc. available to
 members off campus.
 </p>
 
 members off campus.
 </p>
 
-<pre class="example" id="orgc59e2f6">
+<pre class="example" id="org42c266c">
                 =                                                   
               _|||_                                                 
         =-The-Institute-=                                           
                 =                                                   
               _|||_                                                 
         =-The-Institute-=                                           
@@ -1022,7 +1022,7 @@ example result follows the code.
 </pre>
 </div>
 
 </pre>
 </div>
 
-<div class="TEXT" id="orga0874e6">
+<div class="TEXT" id="org0dd8c3a">
 <p>
 =&gt; 10.62.17.0/24
 </p>
 <p>
 =&gt; 10.62.17.0/24
 </p>
@@ -1056,22 +1056,32 @@ e.g. <code>_net_and_mask</code> rather than <code>_net_cidr</code>.
 </p>
 
 <div class="org-src-container">
 </p>
 
 <div class="org-src-container">
-<a href="private/vars.yml"><q>private/vars.yml</q></a><pre class="src src-conf">private_net:             <span class="org-string">"{{ private_net_cidr | ipaddr('network') }}"</span>
-private_net_mask:        <span class="org-string">"{{ private_net_cidr | ipaddr('netmask') }}"</span>
-private_net_and_mask:      <span class="org-string">"{{ private_net }} {{ private_net_mask }}"</span>
-public_vpn_net:       <span class="org-string">"{{ public_vpn_net_cidr | ipaddr('network') }}"</span>
-public_vpn_net_mask:  <span class="org-string">"{{ public_vpn_net_cidr | ipaddr('netmask') }}"</span>
+<a href="private/vars.yml"><q>private/vars.yml</q></a><pre class="src src-conf">private_net:
+           <span class="org-string">"{{ private_net_cidr | ansible.utils.ipaddr('network') }}"</span>
+private_net_mask:
+           <span class="org-string">"{{ private_net_cidr | ansible.utils.ipaddr('netmask') }}"</span>
+private_net_and_mask:
+                           <span class="org-string">"{{ private_net }} {{ private_net_mask }}"</span>
+public_vpn_net:
+        <span class="org-string">"{{ public_vpn_net_cidr | ansible.utils.ipaddr('network') }}"</span>
+public_vpn_net_mask:
+        <span class="org-string">"{{ public_vpn_net_cidr | ansible.utils.ipaddr('netmask') }}"</span>
 public_vpn_net_and_mask:
                      <span class="org-string">"{{ public_vpn_net }} {{ public_vpn_net_mask }}"</span>
 public_vpn_net_and_mask:
                      <span class="org-string">"{{ public_vpn_net }} {{ public_vpn_net_mask }}"</span>
-campus_vpn_net:       <span class="org-string">"{{ campus_vpn_net_cidr | ipaddr('network') }}"</span>
-campus_vpn_net_mask:  <span class="org-string">"{{ campus_vpn_net_cidr | ipaddr('netmask') }}"</span>
+campus_vpn_net:
+        <span class="org-string">"{{ campus_vpn_net_cidr | ansible.utils.ipaddr('network') }}"</span>
+campus_vpn_net_mask:
+        <span class="org-string">"{{ campus_vpn_net_cidr | ansible.utils.ipaddr('netmask') }}"</span>
 campus_vpn_net_and_mask:
                      <span class="org-string">"{{ campus_vpn_net }} {{ campus_vpn_net_mask }}"</span>
 campus_vpn_net_and_mask:
                      <span class="org-string">"{{ campus_vpn_net }} {{ campus_vpn_net_mask }}"</span>
-gate_wifi_net:         <span class="org-string">"{{ gate_wifi_net_cidr | ipaddr('network') }}"</span>
-gate_wifi_net_mask:    <span class="org-string">"{{ gate_wifi_net_cidr | ipaddr('netmask') }}"</span>
+gate_wifi_net:
+         <span class="org-string">"{{ gate_wifi_net_cidr | ansible.utils.ipaddr('network') }}"</span>
+gate_wifi_net_mask:
+         <span class="org-string">"{{ gate_wifi_net_cidr | ansible.utils.ipaddr('netmask') }}"</span>
 gate_wifi_net_and_mask:
                        <span class="org-string">"{{ gate_wifi_net }} {{ gate_wifi_net_mask }}"</span>
 gate_wifi_net_and_mask:
                        <span class="org-string">"{{ gate_wifi_net }} {{ gate_wifi_net_mask }}"</span>
-gate_wifi_broadcast: <span class="org-string">"{{ gate_wifi_net_cidr | ipaddr('broadcast') }}"</span>
+gate_wifi_broadcast:
+       <span class="org-string">"{{ gate_wifi_net_cidr | ansible.utils.ipaddr('broadcast') }}"</span>
 </pre>
 </div>
 
 </pre>
 </div>
 
@@ -1107,18 +1117,23 @@ The following code block picks the obvious IP addresses for Core
 </p>
 
 <div class="org-src-container">
 </p>
 
 <div class="org-src-container">
-<a href="private/vars.yml"><q>private/vars.yml</q></a><pre class="src src-conf">core_addr_cidr:             <span class="org-string">"{{ private_net_cidr | ipaddr('1') }}"</span>
-gate_addr_cidr:             <span class="org-string">"{{ private_net_cidr | ipaddr('2') }}"</span>
-gate_wifi_addr_cidr:        <span class="org-string">"{{ gate_wifi_net_cidr | ipaddr('1') }}"</span>
-wifi_wan_addr_cidr:         <span class="org-string">"{{ gate_wifi_net_cidr | ipaddr('2') }}"</span>
-front_private_addr_cidr:    <span class="org-string">"{{ public_vpn_net_cidr | ipaddr('1') }}"</span>
+<a href="private/vars.yml"><q>private/vars.yml</q></a><pre class="src src-conf">core_addr_cidr:  <span class="org-string">"{{ private_net_cidr | ansible.utils.ipaddr('1') }}"</span>
+gate_addr_cidr:  <span class="org-string">"{{ private_net_cidr | ansible.utils.ipaddr('2') }}"</span>
+gate_wifi_addr_cidr:
+               <span class="org-string">"{{ gate_wifi_net_cidr | ansible.utils.ipaddr('1') }}"</span>
+wifi_wan_addr_cidr:
+               <span class="org-string">"{{ gate_wifi_net_cidr | ansible.utils.ipaddr('2') }}"</span>
+front_private_addr_cidr:
+              <span class="org-string">"{{ public_vpn_net_cidr | ansible.utils.ipaddr('1') }}"</span>
 
 
-core_addr:                 <span class="org-string">"{{ core_addr_cidr | ipaddr('address') }}"</span>
-gate_addr:                 <span class="org-string">"{{ gate_addr_cidr | ipaddr('address') }}"</span>
-gate_wifi_addr:       <span class="org-string">"{{ gate_wifi_addr_cidr | ipaddr('address') }}"</span>
-wifi_wan_addr:         <span class="org-string">"{{ wifi_wan_addr_cidr | ipaddr('address') }}"</span>
+core_addr:   <span class="org-string">"{{ core_addr_cidr | ansible.utils.ipaddr('address') }}"</span>
+gate_addr:   <span class="org-string">"{{ gate_addr_cidr | ansible.utils.ipaddr('address') }}"</span>
+gate_wifi_addr:
+        <span class="org-string">"{{ gate_wifi_addr_cidr | ansible.utils.ipaddr('address') }}"</span>
+wifi_wan_addr:
+         <span class="org-string">"{{ wifi_wan_addr_cidr | ansible.utils.ipaddr('address') }}"</span>
 front_private_addr:
 front_private_addr:
-                  <span class="org-string">"{{ front_private_addr_cidr | ipaddr('address') }}"</span>
+    <span class="org-string">"{{ front_private_addr_cidr | ansible.utils.ipaddr('address') }}"</span>
 </pre>
 </div>
 </div>
 </pre>
 </div>
 </div>
@@ -1475,7 +1490,7 @@ USB-Ethernet adapter, or a wireless adapter connected to a
 campground Wi-Fi access point, etc.</li>
 </ol>
 
 campground Wi-Fi access point, etc.</li>
 </ol>
 
-<pre class="example" id="org393f96f">
+<pre class="example" id="org04f5b91">
 =============== | ==================================================
                 |                                           Premises
           (Campus ISP)                                              
 =============== | ==================================================
                 |                                           Premises
           (Campus ISP)                                              
@@ -1498,7 +1513,7 @@ This avoids the need for a second Wi-Fi access point and leads to the
 following topology.
 </p>
 
 following topology.
 </p>
 
-<pre class="example" id="orgbaffd1d">
+<pre class="example" id="org56d9e40">
 =============== | ==================================================
                 |                                           Premises
            (House ISP)                                              
 =============== | ==================================================
                 |                                           Premises
            (House ISP)                                              
@@ -1651,8 +1666,8 @@ The <code>all</code> role contains tasks that are executed on all of the
 institute's servers.  At the moment there is just the one.
 </p>
 </div>
 institute's servers.  At the moment there is just the one.
 </p>
 </div>
-<div id="outline-container-org76ba4d0" class="outline-3">
-<h3 id="org76ba4d0"><span class="section-number-3">6.1.</span> Include Particulars</h3>
+<div id="outline-container-orgbc53e05" class="outline-3">
+<h3 id="orgbc53e05"><span class="section-number-3">6.1.</span> Include Particulars</h3>
 <div class="outline-text-3" id="text-6-1">
 <p>
 The <code>all</code> role's task contains a reference to a common institute
 <div class="outline-text-3" id="text-6-1">
 <p>
 The <code>all</code> role's task contains a reference to a common institute
@@ -1793,8 +1808,8 @@ uses the institute's CA and server certificates, and expects client
 certificates signed by the institute CA.
 </p>
 </div>
 certificates signed by the institute CA.
 </p>
 </div>
-<div id="outline-container-org530ccf9" class="outline-3">
-<h3 id="org530ccf9"><span class="section-number-3">7.1.</span> Include Particulars</h3>
+<div id="outline-container-org12c1e48" class="outline-3">
+<h3 id="org12c1e48"><span class="section-number-3">7.1.</span> Include Particulars</h3>
 <div class="outline-text-3" id="text-7-1">
 <p>
 The first task, as in <a href="#orgd60dcd1">The All Role</a>, is to include the institute
 <div class="outline-text-3" id="text-7-1">
 <p>
 The first task, as in <a href="#orgd60dcd1">The All Role</a>, is to include the institute
@@ -1819,8 +1834,8 @@ membership roll, so these are included was well.
 </div>
 </div>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-orgaab41cc" class="outline-3">
-<h3 id="orgaab41cc"><span class="section-number-3">7.2.</span> Configure Hostname</h3>
+<div id="outline-container-org4c87c3a" class="outline-3">
+<h3 id="org4c87c3a"><span class="section-number-3">7.2.</span> Configure Hostname</h3>
 <div class="outline-text-3" id="text-7-2">
 <p>
 This task ensures that Front's <q>/etc/hostname</q> and <q>/etc/mailname</q> are
 <div class="outline-text-3" id="text-7-2">
 <p>
 This task ensures that Front's <q>/etc/hostname</q> and <q>/etc/mailname</q> are
@@ -1850,8 +1865,8 @@ delivery.
 </div>
 </div>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-org1c6c567" class="outline-3">
-<h3 id="org1c6c567"><span class="section-number-3">7.3.</span> Add Administrator to System Groups</h3>
+<div id="outline-container-org053261f" class="outline-3">
+<h3 id="org053261f"><span class="section-number-3">7.3.</span> Add Administrator to System Groups</h3>
 <div class="outline-text-3" id="text-7-3">
 <p>
 The administrator often needs to read (directories of) log files owned
 <div class="outline-text-3" id="text-7-3">
 <p>
 The administrator often needs to read (directories of) log files owned
@@ -1910,8 +1925,8 @@ those stored in <a href="Secret/ssh_front/etc/ssh/"><q>Secret/ssh_front/etc/ssh/
 </div>
 </div>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-org3c1e478" class="outline-3">
-<h3 id="org3c1e478"><span class="section-number-3">7.5.</span> Configure Monkey</h3>
+<div id="outline-container-orga03d6a3" class="outline-3">
+<h3 id="orga03d6a3"><span class="section-number-3">7.5.</span> Configure Monkey</h3>
 <div class="outline-text-3" id="text-7-5">
 <p>
 The small institute runs cron jobs and web scripts that generate
 <div class="outline-text-3" id="text-7-5">
 <p>
 The small institute runs cron jobs and web scripts that generate
@@ -1967,8 +1982,8 @@ Monkey uses Rsync to keep the institute's public web site up-to-date.
 </div>
 </div>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-orgc0c5126" class="outline-3">
-<h3 id="orgc0c5126"><span class="section-number-3">7.7.</span> Install Unattended Upgrades</h3>
+<div id="outline-container-org80f3494" class="outline-3">
+<h3 id="org80f3494"><span class="section-number-3">7.7.</span> Install Unattended Upgrades</h3>
 <div class="outline-text-3" id="text-7-7">
 <p>
 The institute prefers to install security updates as soon as possible.
 <div class="outline-text-3" id="text-7-7">
 <p>
 The institute prefers to install security updates as soon as possible.
@@ -1983,8 +1998,8 @@ The institute prefers to install security updates as soon as possible.
 </div>
 </div>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-orgd6eddb7" class="outline-3">
-<h3 id="orgd6eddb7"><span class="section-number-3">7.8.</span> Configure User Accounts</h3>
+<div id="outline-container-org07c2e32" class="outline-3">
+<h3 id="org07c2e32"><span class="section-number-3">7.8.</span> Configure User Accounts</h3>
 <div class="outline-text-3" id="text-7-8">
 <p>
 User accounts are created immediately so that Postfix and Dovecot can
 <div class="outline-text-3" id="text-7-8">
 <p>
 User accounts are created immediately so that Postfix and Dovecot can
@@ -2027,8 +2042,8 @@ recipient" replies.  The <a href="#orge7fe793">Account Management</a> chapter de
 </div>
 </div>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-orgcf49e25" class="outline-3">
-<h3 id="orgcf49e25"><span class="section-number-3">7.9.</span> Install Server Certificate</h3>
+<div id="outline-container-org42ffdc5" class="outline-3">
+<h3 id="org42ffdc5"><span class="section-number-3">7.9.</span> Install Server Certificate</h3>
 <div class="outline-text-3" id="text-7-9">
 <p>
 The servers on Front use the same certificate (and key) to
 <div class="outline-text-3" id="text-7-9">
 <p>
 The servers on Front use the same certificate (and key) to
@@ -2255,8 +2270,8 @@ created by a more specialized role.
 </div>
 </div>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-org08dd9e3" class="outline-3">
-<h3 id="org08dd9e3"><span class="section-number-3">7.12.</span> Configure Dovecot IMAPd</h3>
+<div id="outline-container-org7960eac" class="outline-3">
+<h3 id="org7960eac"><span class="section-number-3">7.12.</span> Configure Dovecot IMAPd</h3>
 <div class="outline-text-3" id="text-7-12">
 <p>
 Front uses Dovecot's IMAPd to allow user Fetchmail jobs on Core to
 <div class="outline-text-3" id="text-7-12">
 <p>
 Front uses Dovecot's IMAPd to allow user Fetchmail jobs on Core to
@@ -2612,8 +2627,8 @@ the users' <q>~/Public/HTML/</q> directories.
 </div>
 </div>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-orgaf75396" class="outline-3">
-<h3 id="orgaf75396"><span class="section-number-3">7.14.</span> Configure OpenVPN</h3>
+<div id="outline-container-org24ac22d" class="outline-3">
+<h3 id="org24ac22d"><span class="section-number-3">7.14.</span> Configure OpenVPN</h3>
 <div class="outline-text-3" id="text-7-14">
 <p>
 Front uses OpenVPN to provide the institute's public VPN service.  The
 <div class="outline-text-3" id="text-7-14">
 <p>
 Front uses OpenVPN to provide the institute's public VPN service.  The
@@ -2897,8 +2912,8 @@ Debian install and remote access to a privileged, administrator's
 account.  (For details, see <a href="#org8d60b7b">The Core Machine</a>.)
 </p>
 </div>
 account.  (For details, see <a href="#org8d60b7b">The Core Machine</a>.)
 </p>
 </div>
-<div id="outline-container-org215b0ac" class="outline-3">
-<h3 id="org215b0ac"><span class="section-number-3">8.1.</span> Include Particulars</h3>
+<div id="outline-container-orgca8f5da" class="outline-3">
+<h3 id="orgca8f5da"><span class="section-number-3">8.1.</span> Include Particulars</h3>
 <div class="outline-text-3" id="text-8-1">
 <p>
 The first task, as in <a href="#org9240129">The Front Role</a>, is to include the institute
 <div class="outline-text-3" id="text-8-1">
 <p>
 The first task, as in <a href="#org9240129">The Front Role</a>, is to include the institute
@@ -2920,8 +2935,8 @@ particulars and membership roll.
 </div>
 </div>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-org8638d54" class="outline-3">
-<h3 id="org8638d54"><span class="section-number-3">8.2.</span> Configure Hostname</h3>
+<div id="outline-container-org90da685" class="outline-3">
+<h3 id="org90da685"><span class="section-number-3">8.2.</span> Configure Hostname</h3>
 <div class="outline-text-3" id="text-8-2">
 <p>
 This task ensures that Core's <q>/etc/hostname</q> and <q>/etc/mailname</q> are
 <div class="outline-text-3" id="text-8-2">
 <p>
 This task ensures that Core's <q>/etc/hostname</q> and <q>/etc/mailname</q> are
@@ -2954,8 +2969,8 @@ proper email delivery.
 </div>
 </div>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-orgf60b98e" class="outline-3">
-<h3 id="orgf60b98e"><span class="section-number-3">8.3.</span> Configure Systemd Resolved</h3>
+<div id="outline-container-org0fa3ade" class="outline-3">
+<h3 id="org0fa3ade"><span class="section-number-3">8.3.</span> Configure Systemd Resolved</h3>
 <div class="outline-text-3" id="text-8-3">
 <p>
 Core runs the campus name server, so Resolved is configured to use it
 <div class="outline-text-3" id="text-8-3">
 <p>
 Core runs the campus name server, so Resolved is configured to use it
@@ -3263,19 +3278,19 @@ probably be used as forwarders rather than Google.
         file <span class="org-string">"/etc/bind/db.domain"</span>;
 };
 
         file <span class="org-string">"/etc/bind/db.domain"</span>;
 };
 
-<span class="org-type">zone </span><span class="org-string"><span class="org-type">"{</span></span><span class="org-string">{ private_net_cidr | ipaddr('revdns')</span>
+<span class="org-type">zone </span><span class="org-string"><span class="org-type">"{</span></span><span class="org-string">{ private_net_cidr | ansible.utils.ipaddr('revdns')</span>
 <span class="org-string">         </span><span class="org-string"><span class="org-type">| regex_replace('^0\.','') }}"</span></span> {
         type master;
         file <span class="org-string">"/etc/bind/db.private"</span>;
 };
 
 <span class="org-string">         </span><span class="org-string"><span class="org-type">| regex_replace('^0\.','') }}"</span></span> {
         type master;
         file <span class="org-string">"/etc/bind/db.private"</span>;
 };
 
-<span class="org-type">zone </span><span class="org-string"><span class="org-type">"{</span></span><span class="org-string">{ public_vpn_net_cidr | ipaddr('revdns')</span>
+<span class="org-type">zone </span><span class="org-string"><span class="org-type">"{</span></span><span class="org-string">{ public_vpn_net_cidr | ansible.utils.ipaddr('revdns')</span>
 <span class="org-string">         </span><span class="org-string"><span class="org-type">| regex_replace('^0\.','') }}"</span></span> {
         type master;
         file <span class="org-string">"/etc/bind/db.public_vpn"</span>;
 };
 
 <span class="org-string">         </span><span class="org-string"><span class="org-type">| regex_replace('^0\.','') }}"</span></span> {
         type master;
         file <span class="org-string">"/etc/bind/db.public_vpn"</span>;
 };
 
-<span class="org-type">zone </span><span class="org-string"><span class="org-type">"{</span></span><span class="org-string">{ campus_vpn_net_cidr | ipaddr('revdns')</span>
+<span class="org-type">zone </span><span class="org-string"><span class="org-type">"{</span></span><span class="org-string">{ campus_vpn_net_cidr | ansible.utils.ipaddr('revdns')</span>
 <span class="org-string">         </span><span class="org-string"><span class="org-type">| regex_replace('^0\.','') }}"</span></span> {
         type master;
         file <span class="org-string">"/etc/bind/db.campus_vpn"</span>;
 <span class="org-string">         </span><span class="org-string"><span class="org-type">| regex_replace('^0\.','') }}"</span></span> {
         type master;
         file <span class="org-string">"/etc/bind/db.campus_vpn"</span>;
@@ -3368,8 +3383,8 @@ probably be used as forwarders rather than Google.
 </div>
 </div>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-org13a7457" class="outline-3">
-<h3 id="org13a7457"><span class="section-number-3">8.7.</span> Add Administrator to System Groups</h3>
+<div id="outline-container-orgb5d04d3" class="outline-3">
+<h3 id="orgb5d04d3"><span class="section-number-3">8.7.</span> Add Administrator to System Groups</h3>
 <div class="outline-text-3" id="text-8-7">
 <p>
 The administrator often needs to read (directories of) log files owned
 <div class="outline-text-3" id="text-8-7">
 <p>
 The administrator often needs to read (directories of) log files owned
@@ -3389,8 +3404,8 @@ these groups speeds up debugging.
 </div>
 </div>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-org920462d" class="outline-3">
-<h3 id="org920462d"><span class="section-number-3">8.8.</span> Configure Monkey</h3>
+<div id="outline-container-org6f07952" class="outline-3">
+<h3 id="org6f07952"><span class="section-number-3">8.8.</span> Configure Monkey</h3>
 <div class="outline-text-3" id="text-8-8">
 <p>
 The small institute runs cron jobs and web scripts that generate
 <div class="outline-text-3" id="text-8-8">
 <p>
 The small institute runs cron jobs and web scripts that generate
@@ -3457,8 +3472,8 @@ described in <a href="#org1ac6235">*Configure Apache2</a>).
 </div>
 </div>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-orgc30ba4d" class="outline-3">
-<h3 id="orgc30ba4d"><span class="section-number-3">8.9.</span> Install Unattended Upgrades</h3>
+<div id="outline-container-org3a924c4" class="outline-3">
+<h3 id="org3a924c4"><span class="section-number-3">8.9.</span> Install Unattended Upgrades</h3>
 <div class="outline-text-3" id="text-8-9">
 <p>
 The institute prefers to install security updates as soon as possible.
 <div class="outline-text-3" id="text-8-9">
 <p>
 The institute prefers to install security updates as soon as possible.
@@ -3490,8 +3505,8 @@ with Nextcloud on the command line.
 </div>
 </div>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-org873ab4b" class="outline-3">
-<h3 id="org873ab4b"><span class="section-number-3">8.11.</span> Configure User Accounts</h3>
+<div id="outline-container-org2e19b28" class="outline-3">
+<h3 id="org2e19b28"><span class="section-number-3">8.11.</span> Configure User Accounts</h3>
 <div class="outline-text-3" id="text-8-11">
 <p>
 User accounts are created immediately so that backups can begin
 <div class="outline-text-3" id="text-8-11">
 <p>
 User accounts are created immediately so that backups can begin
@@ -3533,8 +3548,8 @@ describes the <code>members</code> and <code>usernames</code> variables.
 </div>
 </div>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-org0b2d499" class="outline-3">
-<h3 id="org0b2d499"><span class="section-number-3">8.12.</span> Install Server Certificate</h3>
+<div id="outline-container-org3893d2e" class="outline-3">
+<h3 id="org3893d2e"><span class="section-number-3">8.12.</span> Install Server Certificate</h3>
 <div class="outline-text-3" id="text-8-12">
 <p>
 The servers on Core use the same certificate (and key) to authenticate
 <div class="outline-text-3" id="text-8-12">
 <p>
 The servers on Core use the same certificate (and key) to authenticate
@@ -3758,8 +3773,8 @@ installed by more specialized roles.
 </div>
 </div>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-orge854133" class="outline-3">
-<h3 id="orge854133"><span class="section-number-3">8.16.</span> Configure Dovecot IMAPd</h3>
+<div id="outline-container-org14b48ba" class="outline-3">
+<h3 id="org14b48ba"><span class="section-number-3">8.16.</span> Configure Dovecot IMAPd</h3>
 <div class="outline-text-3" id="text-8-16">
 <p>
 Core uses Dovecot's IMAPd to store and serve member emails.  As on
 <div class="outline-text-3" id="text-8-16">
 <p>
 Core uses Dovecot's IMAPd to store and serve member emails.  As on
@@ -5085,7 +5100,7 @@ performance, as recommended by Nextcloud.
   lineinfile:
     path: /etc/php/8.2/apache2/php.ini
     <span class="org-variable-name">regexp: memory_limit *</span>=
   lineinfile:
     path: /etc/php/8.2/apache2/php.ini
     <span class="org-variable-name">regexp: memory_limit *</span>=
-    <span class="org-variable-name">line: memory_limit</span> = 512M
+    <span class="org-variable-name">line: memory_limit</span> = 768M
 
 - name: Include PHP parameters for Nextcloud.
   become: yes
 
 - name: Include PHP parameters for Nextcloud.
   become: yes
@@ -5509,8 +5524,8 @@ applied first, by which Gate gets a campus machine's DNS and Postfix
 configurations, etc.
 </p>
 </div>
 configurations, etc.
 </p>
 </div>
-<div id="outline-container-orgd5b1e01" class="outline-3">
-<h3 id="orgd5b1e01"><span class="section-number-3">9.1.</span> Include Particulars</h3>
+<div id="outline-container-org0a4dc99" class="outline-3">
+<h3 id="org0a4dc99"><span class="section-number-3">9.1.</span> Include Particulars</h3>
 <div class="outline-text-3" id="text-9-1">
 <p>
 The following should be familiar boilerplate by now.
 <div class="outline-text-3" id="text-9-1">
 <p>
 The following should be familiar boilerplate by now.
@@ -5896,8 +5911,8 @@ addresses (or perhaps finding no <code>wifi</code> interface at all?).
 </div>
 </div>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-orge4e2eb5" class="outline-3">
-<h3 id="orge4e2eb5"><span class="section-number-3">9.6.</span> Install Server Certificate</h3>
+<div id="outline-container-orgf647926" class="outline-3">
+<h3 id="orgf647926"><span class="section-number-3">9.6.</span> Install Server Certificate</h3>
 <div class="outline-text-3" id="text-9-6">
 <p>
 The (OpenVPN) server on Gate uses an institute certificate (and key)
 <div class="outline-text-3" id="text-9-6">
 <p>
 The (OpenVPN) server on Gate uses an institute certificate (and key)
@@ -5924,8 +5939,8 @@ and Front) do.
 </div>
 </div>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-orgd47bbbe" class="outline-3">
-<h3 id="orgd47bbbe"><span class="section-number-3">9.7.</span> Configure OpenVPN</h3>
+<div id="outline-container-orga48817c" class="outline-3">
+<h3 id="orga48817c"><span class="section-number-3">9.7.</span> Configure OpenVPN</h3>
 <div class="outline-text-3" id="text-9-7">
 <p>
 Gate uses OpenVPN to provide the institute's campus VPN service.  Its
 <div class="outline-text-3" id="text-9-7">
 <p>
 Gate uses OpenVPN to provide the institute's campus VPN service.  Its
@@ -6052,8 +6067,8 @@ Wireless campus devices can get a key to the campus VPN from the
 configured manually.
 </p>
 </div>
 configured manually.
 </p>
 </div>
-<div id="outline-container-org757a1ed" class="outline-3">
-<h3 id="org757a1ed"><span class="section-number-3">10.1.</span> Include Particulars</h3>
+<div id="outline-container-org84fdcbf" class="outline-3">
+<h3 id="org84fdcbf"><span class="section-number-3">10.1.</span> Include Particulars</h3>
 <div class="outline-text-3" id="text-10-1">
 <p>
 The following should be familiar boilerplate by now.
 <div class="outline-text-3" id="text-10-1">
 <p>
 The following should be familiar boilerplate by now.
@@ -6069,8 +6084,8 @@ The following should be familiar boilerplate by now.
 </div>
 </div>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-orgc2c0904" class="outline-3">
-<h3 id="orgc2c0904"><span class="section-number-3">10.2.</span> Configure Hostname</h3>
+<div id="outline-container-orgce42bc5" class="outline-3">
+<h3 id="orgce42bc5"><span class="section-number-3">10.2.</span> Configure Hostname</h3>
 <div class="outline-text-3" id="text-10-2">
 <p>
 Clients should be using the expected host name.
 <div class="outline-text-3" id="text-10-2">
 <p>
 Clients should be using the expected host name.
@@ -6097,8 +6112,8 @@ Clients should be using the expected host name.
 </div>
 </div>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-org8550267" class="outline-3">
-<h3 id="org8550267"><span class="section-number-3">10.3.</span> Configure Systemd Resolved</h3>
+<div id="outline-container-org87b2fe8" class="outline-3">
+<h3 id="org87b2fe8"><span class="section-number-3">10.3.</span> Configure Systemd Resolved</h3>
 <div class="outline-text-3" id="text-10-3">
 <p>
 Campus machines use the campus name server on Core (or <code>dns.google</code>),
 <div class="outline-text-3" id="text-10-3">
 <p>
 Campus machines use the campus name server on Core (or <code>dns.google</code>),
@@ -6170,8 +6185,8 @@ and file timestamps.
 </div>
 </div>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-org6f719ec" class="outline-3">
-<h3 id="org6f719ec"><span class="section-number-3">10.5.</span> Add Administrator to System Groups</h3>
+<div id="outline-container-orgd519148" class="outline-3">
+<h3 id="orgd519148"><span class="section-number-3">10.5.</span> Add Administrator to System Groups</h3>
 <div class="outline-text-3" id="text-10-5">
 <p>
 The administrator often needs to read (directories of) log files owned
 <div class="outline-text-3" id="text-10-5">
 <p>
 The administrator often needs to read (directories of) log files owned
@@ -6191,8 +6206,8 @@ these groups speeds up debugging.
 </div>
 </div>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-org915c5c3" class="outline-3">
-<h3 id="org915c5c3"><span class="section-number-3">10.6.</span> Install Unattended Upgrades</h3>
+<div id="outline-container-org66ef6c6" class="outline-3">
+<h3 id="org66ef6c6"><span class="section-number-3">10.6.</span> Install Unattended Upgrades</h3>
 <div class="outline-text-3" id="text-10-6">
 <p>
 The institute prefers to install security updates as soon as possible.
 <div class="outline-text-3" id="text-10-6">
 <p>
 The institute prefers to install security updates as soon as possible.
@@ -9127,7 +9142,7 @@ routes on Front and Gate, making the simulation less&#x2026; similar.
 </div></div>
 <div id="postamble" class="status">
 <p class="author">Author: Matt Birkholz</p>
 </div></div>
 <div id="postamble" class="status">
 <p class="author">Author: Matt Birkholz</p>
-<p class="date">Created: 2024-09-03 Tue 08:43</p>
+<p class="date">Created: 2024-10-29 Tue 21:35</p>
 <p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p>
 </div>
 </body>
 <p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p>
 </div>
 </body>
Small Institute Networking