"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
-<!-- 2023-12-18 Mon 10:33 -->
+<!-- 2023-12-28 Thu 16:07 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Birchwood Abbey Networks</title>
philosophy, attitude.
</p>
-<pre class="example" id="org3fe2c3e">
+<pre class="example" id="org06c67d1">
|
=
_|||_
Dovecot-IMAPd, and hosting a VPN with OpenVPN.
</p>
</div>
-<div id="outline-container-org4b97d6a" class="outline-3">
-<h3 id="org4b97d6a"><span class="section-number-3">3.1.</span> Install Emacs</h3>
+<div id="outline-container-orgc44d496" class="outline-3">
+<h3 id="orgc44d496"><span class="section-number-3">3.1.</span> Install Emacs</h3>
<div class="outline-text-3" id="text-3-1">
<p>
The monks of the abbey are masters of the staff (bo) and Emacs.
</div>
</div>
</div>
-<div id="outline-container-orga0317b1" class="outline-3">
-<h3 id="orga0317b1"><span class="section-number-3">3.5.</span> Configure CGit on Front</h3>
-<div class="outline-text-3" id="text-3-5">
-<p>
-CGit is handled similarly, modifying <q>/etc/cgitrc</q> to reference a
-<code>CGIT_SCANPATH</code> environment variable set by Apache re-write rules.
-The resulting Apache directives are given in <code>apache-cgit</code> and the
-Ansible tasks in <code>apache-cgit-tasks</code>, for both Front and Core.
-</p>
-
-<div class="org-src-container">
-<code>apache-cgit</code><pre class="src src-conf" id="org9ae034e">
-ScriptAlias /cgit/ /usr/lib/cgit/cgit.cgi/
-Alias /cgit-css/ /usr/share/cgit/
-<Directory <span class="org-string">"/usr/lib/cgit/"</span>>
- AllowOverride None
- Options ExecCGI FollowSymlinks
- Require all granted
-</Directory>
-RewriteRule ^/cgit?(/.*)$ \
- <span class="org-variable-name">/cgit$1 [QSA,E</span>=CGIT_SCANPATH:/var/www/git/,L,PT]
-RewriteRule ^/\~([^\/]+)/cgit(/.*)?$ \
- <span class="org-variable-name">/cgit$2 [QSA,E</span>=CGIT_SCANPATH:/home/$1/Public/Git/,L,PT]
-</pre>
-</div>
-
-<div class="org-src-container">
-<code>apache-cgi-tasks</code><pre class="src src-conf" id="org50bf153">- name: Install CGit.
- become: yes
- <span class="org-variable-name">apt: pkg</span>=cgit
-
-- name: Disable CGit default configuration.
- become: yes
- command:
- cmd: a2disconf -q cgit
- removes: /etc/apache2/conf-enabled/cgit.conf
-
-- name: Override CGit scan path.
- become: yes
- lineinfile:
- path: /etc/cgitrc
- regexp: <span class="org-string">"^scan-path *="</span>
- line: <span class="org-string">"scan-path=$CGIT_SCANPATH"</span>
- notify: Restart Apache2.
-</pre>
-</div>
-</div>
-</div>
<div id="outline-container-orge8ea40f" class="outline-3">
-<h3 id="orge8ea40f"><span class="section-number-3">3.6.</span> Configure Apache for Abbey Documentation</h3>
-<div class="outline-text-3" id="text-3-6">
+<h3 id="orge8ea40f"><span class="section-number-3">3.5.</span> Configure Apache for Abbey Documentation</h3>
+<div class="outline-text-3" id="text-3-5">
<p>
Some of the directives added to the <q>-vhost.conf</q> file are needed by
the abbey's documentation, published at
</div>
</div>
<div id="outline-container-org1a605db" class="outline-3">
-<h3 id="org1a605db"><span class="section-number-3">3.7.</span> Configure Photos URLs on Front</h3>
-<div class="outline-text-3" id="text-3-7">
+<h3 id="org1a605db"><span class="section-number-3">3.6.</span> Configure Photos URLs on Front</h3>
+<div class="outline-text-3" id="text-3-6">
<p>
Some of the directives added to the <q>-vhost.conf</q> file map the abbey's
abstract photo URLs, e.g. <q>/Photos/2022/08/06/</q>, into actual file
</div>
</div>
<div id="outline-container-org2ab9cdd" class="outline-3">
-<h3 id="org2ab9cdd"><span class="section-number-3">3.8.</span> Configure Apache on Front</h3>
-<div class="outline-text-3" id="text-3-8">
+<h3 id="org2ab9cdd"><span class="section-number-3">3.7.</span> Configure Apache on Front</h3>
+<div class="outline-text-3" id="text-3-7">
<p>
The abbey needs to add some Apache2 configuration directives to the
virtual host listening for HTTPS requests to <q>birchwood-abbey.net</q>.
</p>
<p>
-The following task adds the <a href="#org158c789"><code>apache-abbey</code></a>, <a href="#org5e1b247"><code>apache-photos</code></a>,
-<a href="#org119fc95"><code>apache-gitweb</code></a>, and <a href="#org9ae034e"><code>apache-cgit</code></a> directives described above to the
-<q>-vhost.conf</q> file, and includes <q>options-ssl-apache.conf</q> from
-<q>/etc/letsencrypt/</q>. The rest of the Let's Encrypt configuration is
-discussed in the following <a href="#orgdc68478">Install Let's Encrypt</a> section.
+The following task adds the <a href="#org158c789"><code>apache-abbey</code></a>, <a href="#org5e1b247"><code>apache-photos</code></a>, and
+<a href="#org119fc95"><code>apache-gitweb</code></a> directives described above to the <q>-vhost.conf</q> file,
+and includes <q>options-ssl-apache.conf</q> from <q>/etc/letsencrypt/</q>. The
+rest of the Let's Encrypt configuration is discussed in the following
+<a href="#orgdc68478">Install Let's Encrypt</a> section.
</p>
<div class="org-src-container">
RewriteRule ^/\~([^\/]+)/gitweb(\.cgi)?(/.*)?$ \
/cgi-bin/gitweb.cgi$3 \
[<span class="org-type">QSA,E=GITWEB_PROJECTROOT:/home/$1/Public/Git/,L,PT</span>]
-
- ScriptAlias /cgit/ /usr/lib/cgit/cgit.cgi/
- Alias /cgit-css/ /usr/share/cgit/
- <Directory <span class="org-string">"/usr/lib/cgit/"</span>>
- AllowOverride None
- Options ExecCGI FollowSymlinks
- Require all granted
- </Directory>
- RewriteRule ^/cgit?(/.*)$ \
- <span class="org-variable-name">/cgit$1 [QSA,E</span>=CGIT_SCANPATH:/var/www/git/,L,PT]
- RewriteRule ^/\~([^\/]+)/cgit(/.*)?$ \
- <span class="org-variable-name">/cgit$2 [QSA,E</span>=CGIT_SCANPATH:/home/$1/Public/Git/,L,PT]
IncludeOptional /etc/letsencrypt/options-ssl-apache.conf
dest: /etc/apache2/sites-available/{{ domain_name }}-vhost.conf
notify: Restart Apache2.
<span class="org-variable-name">$javascript</span> = <span class="org-string">"/gitweb-static/gitweb.js"</span>;
dest: /etc/gitweb.conf
<span class="org-variable-name">mode: u</span>=rw,g=r,o=r
-
-- name: Install CGit.
- become: yes
- <span class="org-variable-name">apt: pkg</span>=cgit
-
-- name: Disable CGit default configuration.
- become: yes
- command:
- cmd: a2disconf -q cgit
- removes: /etc/apache2/conf-enabled/cgit.conf
-
-- name: Override CGit scan path.
- become: yes
- lineinfile:
- path: /etc/cgitrc
- regexp: <span class="org-string">"^scan-path *="</span>
- line: <span class="org-string">"scan-path=$CGIT_SCANPATH"</span>
- notify: Restart Apache2.
</pre>
</div>
</div>
</div>
<div id="outline-container-org70e49eb" class="outline-3">
-<h3 id="org70e49eb"><span class="section-number-3">3.9.</span> Configure Apache Log Archival</h3>
-<div class="outline-text-3" id="text-3-9">
+<h3 id="org70e49eb"><span class="section-number-3">3.8.</span> Configure Apache Log Archival</h3>
+<div class="outline-text-3" id="text-3-8">
<p>
These tasks hack Apache's <code>logrotate(8)</code> configuration to rotate
weekly, keep the last 12 weeks, and email each week's log to <code>root</code>.
</div>
</div>
<div id="outline-container-orgdc68478" class="outline-3">
-<h3 id="orgdc68478"><span class="section-number-3">3.10.</span> Install Let's Encrypt</h3>
-<div class="outline-text-3" id="text-3-10">
+<h3 id="orgdc68478"><span class="section-number-3">3.9.</span> Install Let's Encrypt</h3>
+<div class="outline-text-3" id="text-3-9">
<p>
The abbey uses a Let's Encrypt certificate to authenticate its public
web site and email services. Initial installation of a Let's Encrypt
entered as shown below).
</p>
-<pre class="example" id="org8ae15d2">
+<pre class="example" id="org05dd1db">
$ sudo apt install python3-certbot-apache
$ sudo certbot --apache -d birchwood-abbey.net
...
</div>
</div>
<div id="outline-container-org043445c" class="outline-3">
-<h3 id="org043445c"><span class="section-number-3">3.11.</span> Rotate Let's Encrypt Log</h3>
-<div class="outline-text-3" id="text-3-11">
+<h3 id="org043445c"><span class="section-number-3">3.10.</span> Rotate Let's Encrypt Log</h3>
+<div class="outline-text-3" id="text-3-10">
<p>
The following task arranges to rotate Certbot's logs files.
</p>
</div>
</div>
<div id="outline-container-org0a13320" class="outline-3">
-<h3 id="org0a13320"><span class="section-number-3">3.12.</span> Archive Let's Encrypt Data</h3>
-<div class="outline-text-3" id="text-3-12">
+<h3 id="org0a13320"><span class="section-number-3">3.11.</span> Archive Let's Encrypt Data</h3>
+<div class="outline-text-3" id="text-3-11">
<p>
A backup copy of Let's Encrypt's data (<q>/etc/letsencrypt/</q>) is sent to
<code>root@core</code> in S/MIME encrypted email every time it changes. Changes
The Apache2 configuration on Core specifies three web sites (live,
test, and campus). The live and test sites must operate just like the
site on Front. Their configurations include the same <a href="#org158c789"><code>apache-abbey</code></a>,
-<a href="#org5e1b247"><code>apache-photos</code></a>, <a href="#org119fc95"><code>apache-gitweb</code></a>, and <a href="#org9ae034e"><code>apache-cgit</code></a> used on Front.
+<a href="#org5e1b247"><code>apache-photos</code></a>, and <a href="#org119fc95"><code>apache-gitweb</code></a> used on Front.
</p>
<div class="org-src-container">
RewriteRule ^/\~([^\/]+)/gitweb(\.cgi)?(/.*)?$ \
/cgi-bin/gitweb.cgi$3 \
[<span class="org-type">QSA,E=GITWEB_PROJECTROOT:/home/$1/Public/Git/,L,PT</span>]
-
- ScriptAlias /cgit/ /usr/lib/cgit/cgit.cgi/
- Alias /cgit-css/ /usr/share/cgit/
- <Directory <span class="org-string">"/usr/lib/cgit/"</span>>
- AllowOverride None
- Options ExecCGI FollowSymlinks
- Require all granted
- </Directory>
- RewriteRule ^/cgit?(/.*)$ \
- <span class="org-variable-name">/cgit$1 [QSA,E</span>=CGIT_SCANPATH:/var/www/git/,L,PT]
- RewriteRule ^/\~([^\/]+)/cgit(/.*)?$ \
- <span class="org-variable-name">/cgit$2 [QSA,E</span>=CGIT_SCANPATH:/home/$1/Public/Git/,L,PT]
dest: /etc/apache2/sites-available/live-vhost.conf
<span class="org-variable-name">mode: u</span>=rw,g=r,o=r
notify: Restart Apache2.
RewriteRule ^/\~([^\/]+)/gitweb(\.cgi)?(/.*)?$ \
/cgi-bin/gitweb.cgi$3 \
[<span class="org-type">QSA,E=GITWEB_PROJECTROOT:/home/$1/Public/Git/,L,PT</span>]
-
- ScriptAlias /cgit/ /usr/lib/cgit/cgit.cgi/
- Alias /cgit-css/ /usr/share/cgit/
- <Directory <span class="org-string">"/usr/lib/cgit/"</span>>
- AllowOverride None
- Options ExecCGI FollowSymlinks
- Require all granted
- </Directory>
- RewriteRule ^/cgit?(/.*)$ \
- <span class="org-variable-name">/cgit$1 [QSA,E</span>=CGIT_SCANPATH:/var/www/git/,L,PT]
- RewriteRule ^/\~([^\/]+)/cgit(/.*)?$ \
- <span class="org-variable-name">/cgit$2 [QSA,E</span>=CGIT_SCANPATH:/home/$1/Public/Git/,L,PT]
dest: /etc/apache2/sites-available/test-vhost.conf
<span class="org-variable-name">mode: u</span>=rw,g=r,o=r
notify: Restart Apache2.
<span class="org-variable-name">$javascript</span> = <span class="org-string">"/gitweb-static/gitweb.js"</span>;
dest: /etc/gitweb.conf
<span class="org-variable-name">mode: u</span>=rw,g=r,o=r
-
-- name: Install CGit.
- become: yes
- <span class="org-variable-name">apt: pkg</span>=cgit
-
-- name: Disable CGit default configuration.
- become: yes
- command:
- cmd: a2disconf -q cgit
- removes: /etc/apache2/conf-enabled/cgit.conf
-
-- name: Override CGit scan path.
- become: yes
- lineinfile:
- path: /etc/cgitrc
- regexp: <span class="org-string">"^scan-path *="</span>
- line: <span class="org-string">"scan-path=$CGIT_SCANPATH"</span>
- notify: Restart Apache2.
</pre>
</div>
site. This is a debugging convenience, making some HTML documentation
more accessible, especially the documentation of software installed on
Core and not on typical desktop clients. Also included: the Apache2
-directives that enable user Git publishing with Gitweb and CGit
-(defined <a href="#org119fc95">here</a> and <a href="#org9ae034e">here</a> respectively).
+directives that enable user Git publishing with Gitweb (defined <a href="#org119fc95">here</a>).
</p>
<div class="org-src-container">
RewriteRule ^/\~([^\/]+)/gitweb(\.cgi)?(/.*)?$ \
/cgi-bin/gitweb.cgi$3 \
[<span class="org-type">QSA,E=GITWEB_PROJECTROOT:/home/$1/Public/Git/,L,PT</span>]
-
- ScriptAlias /cgit/ /usr/lib/cgit/cgit.cgi/
- Alias /cgit-css/ /usr/share/cgit/
- <Directory <span class="org-string">"/usr/lib/cgit/"</span>>
- AllowOverride None
- Options ExecCGI FollowSymlinks
- Require all granted
- </Directory>
- RewriteRule ^/cgit?(/.*)$ \
- <span class="org-variable-name">/cgit$1 [QSA,E</span>=CGIT_SCANPATH:/var/www/git/,L,PT]
- RewriteRule ^/\~([^\/]+)/cgit(/.*)?$ \
- <span class="org-variable-name">/cgit$2 [QSA,E</span>=CGIT_SCANPATH:/home/$1/Public/Git/,L,PT]
dest: /etc/apache2/sites-available/www-vhost.conf
<span class="org-variable-name">mode: u</span>=rw,g=r,o=r
notify: Restart Apache2.
</div>
</div>
</div>
-<div id="outline-container-org5715c44" class="outline-3">
-<h3 id="org5715c44"><span class="section-number-3">4.7.</span> Use Cloister Apt Cache</h3>
+<div id="outline-container-org8a4cba0" class="outline-3">
+<h3 id="org8a4cba0"><span class="section-number-3">4.7.</span> Use Cloister Apt Cache</h3>
<div class="outline-text-3" id="text-4-7">
<p>
Core itself will benefit from using the package cache.
<span class="org-function-name">brief_data</span>() {
<span class="org-builtin">echo</span> <span class="org-string">"$1"</span> | sed -n -E -e <span class="org-string">'</span>
-<span class="org-string"> /^temp[0-9]+: +[-+][0-9.]+°C/ { s/^temp[0-9]+: +([-+][0-9.]+)°C.*/ \1/; H }</span>
+<span class="org-string"> /^temp[0-9]+: +[-+][0-9.]+.?C/ { s/^temp[0-9]+: +([-+][0-9.]+).?C.*/ \1/; H }</span>
<span class="org-string"> $ { x; s/\n//g; p }'</span>
}
Raspberry Pi OS (ARM64) machine, uses the <code>abbey_pisensors</code> monitor.
</p>
+<p>
+Kamino is currently unmonitored as it is now rarely powered up.
+</p>
+
<div class="org-src-container">
<q>roles_t/abbey-core/tasks/main.yml</q><pre class="src src-conf">
- name: Configure cloister NAGIOS monitoring.
template:
src: nagios-{{ item }}.cfg
dest: /etc/nagios4/conf.d/{{ item }}.cfg
- loop: [ devaron, kamino, kessel ]
+ loop: [ devaron, kessel ]
notify: Reload NAGIOS4.
</pre>
</div>
is not associated with a member of the small institute.
</p>
</div>
-<div id="outline-container-orge1c4717" class="outline-3">
-<h3 id="orge1c4717"><span class="section-number-3">6.1.</span> Use Cloister Apt Cache</h3>
+<div id="outline-container-org511e141" class="outline-3">
+<h3 id="org511e141"><span class="section-number-3">6.1.</span> Use Cloister Apt Cache</h3>
<div class="outline-text-3" id="text-6-1">
<p>
The Apt-Cacher:TNG program does not work well on the frontier, so is
</div>
</div>
</div>
-<div id="outline-container-org1de052d" class="outline-3">
-<h3 id="org1de052d"><span class="section-number-3">6.3.</span> Install Emacs</h3>
+<div id="outline-container-org9602152" class="outline-3">
+<h3 id="org9602152"><span class="section-number-3">6.3.</span> Install Emacs</h3>
<div class="outline-text-3" id="text-6-3">
<p>
The monks of the abbey are masters of the staff and Emacs.
below. A test session is shown below.
</p>
-<pre class="example" id="orgb93b6b1">
+<pre class="example" id="org206e8f5">
monkey@new$ owdir
...
/26.2153B6000000/
</p>
</div>
</div>
-<div id="outline-container-orgf7717ca" class="outline-3">
-<h3 id="orgf7717ca"><span class="section-number-3">8.4.</span> Include Abbey Variables</h3>
+<div id="outline-container-org5de7ccb" class="outline-3">
+<h3 id="org5de7ccb"><span class="section-number-3">8.4.</span> Include Abbey Variables</h3>
<div class="outline-text-3" id="text-8-4">
<p>
In this abbey specific document, most abbey particulars are not
</p>
</div>
</div>
-<div id="outline-container-org0a2e0ac" class="outline-3">
-<h3 id="org0a2e0ac"><span class="section-number-3">9.3.</span> Include Abbey Variables</h3>
+<div id="outline-container-org76f687f" class="outline-3">
+<h3 id="org76f687f"><span class="section-number-3">9.3.</span> Include Abbey Variables</h3>
<div class="outline-text-3" id="text-9-3">
<p>
In this abbey specific document, most abbey particulars are not
the OTA (over the air) broadcasts.
</p>
-<pre class="example" id="org4ac4fc8">
+<pre class="example" id="orga9c76ab">
$ tv_grab_zz_sdjson --configure --config-file .mythtv/Mr.Antenna.xmltv
Cache file for lineups, schedules and programs.
Cache file: [/home/mythtv/.xmltv/tv_grab_zz_sdjson.cache]
hosts:
anoat:
devaron:
- kamino:
kessel:
weather:
hosts:
hosts:
devaron:
geonosis:
- kamino:
</pre>
</div>
</div>
<span class="org-constant">use</span> strict;
-<span class="org-keyword">if</span> ($<span class="org-variable-name">ARGV</span>[0] eq <span class="org-string">"config"</span>) {
- <span class="org-keyword">exec</span> <span class="org-string">"./Institute/inst"</span>, @<span class="org-underline"><span class="org-variable-name">ARGV</span></span>;
-}
-<span class="org-keyword">if</span> ($<span class="org-variable-name">ARGV</span>[0] eq <span class="org-string">"new"</span>) {
- <span class="org-keyword">exec</span> <span class="org-string">"./Institute/inst"</span>, @<span class="org-underline"><span class="org-variable-name">ARGV</span></span>;
-}
-<span class="org-keyword">if</span> ($<span class="org-variable-name">ARGV</span>[0] eq <span class="org-string">"old"</span>) {
- <span class="org-keyword">exec</span> <span class="org-string">"./Institute/inst"</span>, @<span class="org-underline"><span class="org-variable-name">ARGV</span></span>;
-}
-<span class="org-keyword">if</span> ($<span class="org-variable-name">ARGV</span>[0] eq <span class="org-string">"pass"</span>) {
- <span class="org-keyword">exec</span> <span class="org-string">"./Institute/inst"</span>, @<span class="org-underline"><span class="org-variable-name">ARGV</span></span>;
-}
-<span class="org-keyword">if</span> ($<span class="org-variable-name">ARGV</span>[0] eq <span class="org-string">"client"</span>) {
+<span class="org-keyword">if</span> (grep { $<span class="org-variable-name">_</span> eq $<span class="org-variable-name">ARGV</span>[0] } qw<span class="org-string">(CA config new old pass client)</span>) {
<span class="org-keyword">exec</span> <span class="org-string">"./Institute/inst"</span>, @<span class="org-underline"><span class="org-variable-name">ARGV</span></span>;
}
</pre>
</div>
<div id="postamble" class="status">
<p class="author">Author: Matt Birkholz</p>
-<p class="date">Created: 2023-12-18 Mon 10:33</p>
+<p class="date">Created: 2023-12-28 Thu 16:07</p>
<p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p>
</div>
</body>