"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
-<!-- 2024-04-01 Mon 18:11 -->
+<!-- 2024-04-03 Wed 11:00 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>A Small Institute</title>
members off campus.
</p>
-<pre class="example" id="org03eeea2">
+<pre class="example" id="orgf7cca3e">
=
_|||_
=-The-Institute-=
</pre>
</div>
-<div class="TEXT" id="orge944bca">
+<div class="TEXT" id="org80ad917">
<p>
=> 10.62.17.0/24
</p>
campground Wi-Fi access point, etc.</li>
</ol>
-<pre class="example" id="org91a8808">
+<pre class="example" id="orgf915d51">
=============== | ==================================================
| Premises
(Campus ISP)
following topology.
</p>
-<pre class="example" id="org6c9a8ee">
+<pre class="example" id="org9bcafc4">
=============== | ==================================================
| Premises
(House ISP)
institute's servers. At the moment there is just the one.
</p>
</div>
-<div id="outline-container-orgd05be9b" class="outline-3">
-<h3 id="orgd05be9b"><span class="section-number-3">6.1.</span> Include Particulars</h3>
+<div id="outline-container-org88e2a87" class="outline-3">
+<h3 id="org88e2a87"><span class="section-number-3">6.1.</span> Include Particulars</h3>
<div class="outline-text-3" id="text-6-1">
<p>
The <code>all</code> role's task contains a reference to a common institute
certificates signed by the institute CA.
</p>
</div>
-<div id="outline-container-org0ef137d" class="outline-3">
-<h3 id="org0ef137d"><span class="section-number-3">7.1.</span> Include Particulars</h3>
+<div id="outline-container-org9ed2166" class="outline-3">
+<h3 id="org9ed2166"><span class="section-number-3">7.1.</span> Include Particulars</h3>
<div class="outline-text-3" id="text-7-1">
<p>
The first task, as in <a href="#orgd60dcd1">The All Role</a>, is to include the institute
</div>
</div>
</div>
-<div id="outline-container-org81e40a8" class="outline-3">
-<h3 id="org81e40a8"><span class="section-number-3">7.2.</span> Configure Hostname</h3>
+<div id="outline-container-org667399b" class="outline-3">
+<h3 id="org667399b"><span class="section-number-3">7.2.</span> Configure Hostname</h3>
<div class="outline-text-3" id="text-7-2">
<p>
This task ensures that Front's <q>/etc/hostname</q> and <q>/etc/mailname</q> are
</div>
</div>
</div>
-<div id="outline-container-org57e47eb" class="outline-3">
-<h3 id="org57e47eb"><span class="section-number-3">7.3.</span> Add Administrator to System Groups</h3>
+<div id="outline-container-orgbeed30e" class="outline-3">
+<h3 id="orgbeed30e"><span class="section-number-3">7.3.</span> Add Administrator to System Groups</h3>
<div class="outline-text-3" id="text-7-3">
<p>
The administrator often needs to read (directories of) log files owned
</div>
</div>
</div>
-<div id="outline-container-org5b372eb" class="outline-3">
-<h3 id="org5b372eb"><span class="section-number-3">7.5.</span> Configure Monkey</h3>
+<div id="outline-container-org2dfafe1" class="outline-3">
+<h3 id="org2dfafe1"><span class="section-number-3">7.5.</span> Configure Monkey</h3>
<div class="outline-text-3" id="text-7-5">
<p>
The small institute runs cron jobs and web scripts that generate
</div>
</div>
</div>
-<div id="outline-container-orgc3cb428" class="outline-3">
-<h3 id="orgc3cb428"><span class="section-number-3">7.7.</span> Install Unattended Upgrades</h3>
+<div id="outline-container-orge76bee7" class="outline-3">
+<h3 id="orge76bee7"><span class="section-number-3">7.7.</span> Install Unattended Upgrades</h3>
<div class="outline-text-3" id="text-7-7">
<p>
The institute prefers to install security updates as soon as possible.
</div>
</div>
</div>
-<div id="outline-container-orgdd57567" class="outline-3">
-<h3 id="orgdd57567"><span class="section-number-3">7.8.</span> Configure User Accounts</h3>
+<div id="outline-container-orgb1bb413" class="outline-3">
+<h3 id="orgb1bb413"><span class="section-number-3">7.8.</span> Configure User Accounts</h3>
<div class="outline-text-3" id="text-7-8">
<p>
User accounts are created immediately so that Postfix and Dovecot can
</div>
</div>
</div>
-<div id="outline-container-orgae21fe3" class="outline-3">
-<h3 id="orgae21fe3"><span class="section-number-3">7.9.</span> Install Server Certificate</h3>
+<div id="outline-container-orgf522cdf" class="outline-3">
+<h3 id="orgf522cdf"><span class="section-number-3">7.9.</span> Install Server Certificate</h3>
<div class="outline-text-3" id="text-7-9">
<p>
The servers on Front use the same certificate (and key) to
</div>
</div>
</div>
-<div id="outline-container-org1901801" class="outline-3">
-<h3 id="org1901801"><span class="section-number-3">7.12.</span> Configure Dovecot IMAPd</h3>
+<div id="outline-container-org2535c23" class="outline-3">
+<h3 id="org2535c23"><span class="section-number-3">7.12.</span> Configure Dovecot IMAPd</h3>
<div class="outline-text-3" id="text-7-12">
<p>
Front uses Dovecot's IMAPd to allow user Fetchmail jobs on Core to
</div>
</div>
</div>
-<div id="outline-container-org9b09fee" class="outline-3">
-<h3 id="org9b09fee"><span class="section-number-3">7.14.</span> Configure OpenVPN</h3>
+<div id="outline-container-org03de61c" class="outline-3">
+<h3 id="org03de61c"><span class="section-number-3">7.14.</span> Configure OpenVPN</h3>
<div class="outline-text-3" id="text-7-14">
<p>
Front uses OpenVPN to provide the institute's public VPN service. The
account. (For details, see <a href="#org8d60b7b">The Core Machine</a>.)
</p>
</div>
-<div id="outline-container-org410d61d" class="outline-3">
-<h3 id="org410d61d"><span class="section-number-3">8.1.</span> Include Particulars</h3>
+<div id="outline-container-orgbb393c3" class="outline-3">
+<h3 id="orgbb393c3"><span class="section-number-3">8.1.</span> Include Particulars</h3>
<div class="outline-text-3" id="text-8-1">
<p>
The first task, as in <a href="#org9240129">The Front Role</a>, is to include the institute
</div>
</div>
</div>
-<div id="outline-container-orgb2a100f" class="outline-3">
-<h3 id="orgb2a100f"><span class="section-number-3">8.2.</span> Configure Hostname</h3>
+<div id="outline-container-org0fec6b7" class="outline-3">
+<h3 id="org0fec6b7"><span class="section-number-3">8.2.</span> Configure Hostname</h3>
<div class="outline-text-3" id="text-8-2">
<p>
This task ensures that Core's <q>/etc/hostname</q> and <q>/etc/mailname</q> are
</div>
</div>
</div>
-<div id="outline-container-org512893b" class="outline-3">
-<h3 id="org512893b"><span class="section-number-3">8.3.</span> Configure Systemd Resolved</h3>
+<div id="outline-container-org48eccc5" class="outline-3">
+<h3 id="org48eccc5"><span class="section-number-3">8.3.</span> Configure Systemd Resolved</h3>
<div class="outline-text-3" id="text-8-3">
<p>
Core runs the campus name server, so Resolved is configured to use it
</div>
</div>
</div>
-<div id="outline-container-orgd15a13c" class="outline-3">
-<h3 id="orgd15a13c"><span class="section-number-3">8.7.</span> Add Administrator to System Groups</h3>
+<div id="outline-container-org4d265a3" class="outline-3">
+<h3 id="org4d265a3"><span class="section-number-3">8.7.</span> Add Administrator to System Groups</h3>
<div class="outline-text-3" id="text-8-7">
<p>
The administrator often needs to read (directories of) log files owned
</div>
</div>
</div>
-<div id="outline-container-org2dfafe1" class="outline-3">
-<h3 id="org2dfafe1"><span class="section-number-3">8.8.</span> Configure Monkey</h3>
+<div id="outline-container-orgf602306" class="outline-3">
+<h3 id="orgf602306"><span class="section-number-3">8.8.</span> Configure Monkey</h3>
<div class="outline-text-3" id="text-8-8">
<p>
The small institute runs cron jobs and web scripts that generate
</div>
</div>
</div>
-<div id="outline-container-org1f5d4bb" class="outline-3">
-<h3 id="org1f5d4bb"><span class="section-number-3">8.9.</span> Install Unattended Upgrades</h3>
+<div id="outline-container-org4aa0705" class="outline-3">
+<h3 id="org4aa0705"><span class="section-number-3">8.9.</span> Install Unattended Upgrades</h3>
<div class="outline-text-3" id="text-8-9">
<p>
The institute prefers to install security updates as soon as possible.
</div>
</div>
</div>
-<div id="outline-container-orgb1bb413" class="outline-3">
-<h3 id="orgb1bb413"><span class="section-number-3">8.11.</span> Configure User Accounts</h3>
+<div id="outline-container-org9d61acb" class="outline-3">
+<h3 id="org9d61acb"><span class="section-number-3">8.11.</span> Configure User Accounts</h3>
<div class="outline-text-3" id="text-8-11">
<p>
User accounts are created immediately so that backups can begin
</div>
</div>
</div>
-<div id="outline-container-org6d54f2f" class="outline-3">
-<h3 id="org6d54f2f"><span class="section-number-3">8.12.</span> Install Server Certificate</h3>
+<div id="outline-container-org2157407" class="outline-3">
+<h3 id="org2157407"><span class="section-number-3">8.12.</span> Install Server Certificate</h3>
<div class="outline-text-3" id="text-8-12">
<p>
The servers on Core use the same certificate (and key) to authenticate
</div>
</div>
</div>
-<div id="outline-container-org2535c23" class="outline-3">
-<h3 id="org2535c23"><span class="section-number-3">8.16.</span> Configure Dovecot IMAPd</h3>
+<div id="outline-container-orgf01b935" class="outline-3">
+<h3 id="orgf01b935"><span class="section-number-3">8.16.</span> Configure Dovecot IMAPd</h3>
<div class="outline-text-3" id="text-8-16">
<p>
Core uses Dovecot's IMAPd to store and serve member emails. As on
configurations, etc.
</p>
</div>
-<div id="outline-container-org2a37764" class="outline-3">
-<h3 id="org2a37764"><span class="section-number-3">9.1.</span> Include Particulars</h3>
+<div id="outline-container-org4d1b050" class="outline-3">
+<h3 id="org4d1b050"><span class="section-number-3">9.1.</span> Include Particulars</h3>
<div class="outline-text-3" id="text-9-1">
<p>
The following should be familiar boilerplate by now.
</div>
</div>
</div>
-<div id="outline-container-orgf522cdf" class="outline-3">
-<h3 id="orgf522cdf"><span class="section-number-3">9.6.</span> Install Server Certificate</h3>
+<div id="outline-container-orgc30c758" class="outline-3">
+<h3 id="orgc30c758"><span class="section-number-3">9.6.</span> Install Server Certificate</h3>
<div class="outline-text-3" id="text-9-6">
<p>
The (OpenVPN) server on Gate uses an institute certificate (and key)
</div>
</div>
</div>
-<div id="outline-container-org03de61c" class="outline-3">
-<h3 id="org03de61c"><span class="section-number-3">9.7.</span> Configure OpenVPN</h3>
+<div id="outline-container-orgb967873" class="outline-3">
+<h3 id="orgb967873"><span class="section-number-3">9.7.</span> Configure OpenVPN</h3>
<div class="outline-text-3" id="text-9-7">
<p>
Gate uses OpenVPN to provide the institute's campus VPN service. Its
configured manually.
</p>
</div>
-<div id="outline-container-org88e2a87" class="outline-3">
-<h3 id="org88e2a87"><span class="section-number-3">10.1.</span> Include Particulars</h3>
+<div id="outline-container-org0fcff87" class="outline-3">
+<h3 id="org0fcff87"><span class="section-number-3">10.1.</span> Include Particulars</h3>
<div class="outline-text-3" id="text-10-1">
<p>
The following should be familiar boilerplate by now.
</div>
</div>
</div>
-<div id="outline-container-org667399b" class="outline-3">
-<h3 id="org667399b"><span class="section-number-3">10.2.</span> Configure Hostname</h3>
+<div id="outline-container-orgef26e47" class="outline-3">
+<h3 id="orgef26e47"><span class="section-number-3">10.2.</span> Configure Hostname</h3>
<div class="outline-text-3" id="text-10-2">
<p>
Clients should be using the expected host name.
</div>
</div>
</div>
-<div id="outline-container-org48eccc5" class="outline-3">
-<h3 id="org48eccc5"><span class="section-number-3">10.3.</span> Configure Systemd Resolved</h3>
+<div id="outline-container-org64e4c11" class="outline-3">
+<h3 id="org64e4c11"><span class="section-number-3">10.3.</span> Configure Systemd Resolved</h3>
<div class="outline-text-3" id="text-10-3">
<p>
Campus machines use the campus name server on Core (or <code>dns.google</code>),
</div>
</div>
</div>
-<div id="outline-container-orgbeed30e" class="outline-3">
-<h3 id="orgbeed30e"><span class="section-number-3">10.5.</span> Add Administrator to System Groups</h3>
+<div id="outline-container-org1d7831c" class="outline-3">
+<h3 id="org1d7831c"><span class="section-number-3">10.5.</span> Add Administrator to System Groups</h3>
<div class="outline-text-3" id="text-10-5">
<p>
The administrator often needs to read (directories of) log files owned
</div>
</div>
</div>
-<div id="outline-container-orge76bee7" class="outline-3">
-<h3 id="orge76bee7"><span class="section-number-3">10.6.</span> Install Unattended Upgrades</h3>
+<div id="outline-container-orgfb6d583" class="outline-3">
+<h3 id="orgfb6d583"><span class="section-number-3">10.6.</span> Install Unattended Upgrades</h3>
<div class="outline-text-3" id="text-10-6">
<p>
The institute prefers to install security updates as soon as possible.
</div>
</div>
</div>
-<div id="outline-container-org546611a" class="outline-3">
-<h3 id="org546611a"><span class="section-number-3">10.8.</span> Hard-wire Important IP Addresses</h3>
+<div id="outline-container-orgcdd657f" class="outline-3">
+<h3 id="orgcdd657f"><span class="section-number-3">10.8.</span> Set Domain Name</h3>
<div class="outline-text-3" id="text-10-8">
<p>
-For the edification of programs consulting the <q>/etc/hosts</q> file, the
-institute's domain name and public IP address are added. The Debian
-custom of translating the host name into <code>127.0.1.1</code> is also followed.
+The host's fully qualified (private) domain name (FQDN) is set by an
+alias in its <q>/etc/hosts</q> file, as is customary on Debian. (See "The
+"recommended method of setting the FQDN" in the <code>hostname(1)</code>
+manpage.)
</p>
<div class="org-src-container">
<a href="roles_t/campus/tasks/main.yml"><q>roles_t/campus/tasks/main.yml</q></a><pre class="src src-conf">
-- name: Hard-wire important IP addresses.
+- name: Set domain name.
become: yes
- lineinfile:
- path: /etc/hosts
- regexp: <span class="org-string">"{{ item.regexp }}"</span>
- line: <span class="org-string">"{{ item.line }}"</span>
- insertafter: EOF
vars:
name: <span class="org-string">"{{ inventory_hostname }}"</span>
- loop:
- - regexp: <span class="org-string">"^{{ front_addr }}[ ].*"</span>
- line: <span class="org-string">"{{ front_addr }} {{ domain_name }}"</span>
- - regexp: <span class="org-string">"^127.0.1.1[ ].*"</span>
- line: <span class="org-string">"127.0.1.1 {{ name }}.localdomain {{ name }}"</span>
+ lineinfile:
+ path: /etc/hosts
+ regexp: <span class="org-string">"^127.0.1.1[ ].*"</span>
+ line: <span class="org-string">"127.0.1.1 {{ name }}.{{ domain_priv }} {{ name }}"</span>
</pre>
</div>
</div>
</div></div>
<div id="postamble" class="status">
<p class="author">Author: Matt Birkholz</p>
-<p class="date">Created: 2024-04-01 Mon 18:11</p>
+<p class="date">Created: 2024-04-03 Wed 11:00</p>
<p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p>
</div>
</body>
projects / Institute / commitdiff