Update README.html.

diff --git a/README.html b/README.html
index 22e1f04637fb2f13ee6fc5c41b320d5dacc560a1..2e05e0c98f65949638090c33ba8171cf7fe2816a 100644 (file)
--- a/README.html
+++ b/README.html
@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2024-11-01 Fri 13:07 -->
+<!-- 2025-05-31 Sat 22:27 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>Birchwood Abbey Networks</title>
@@ -24,8 +24,8 @@ idiosyncrasies.  The roles herein are abbey specific, emphasized by
 the <code>abbey-</code> prefix on their names.  These roles are applied <i>after</i>
 the generic institutional roles (again, documented <a href="Institute/README.html">here</a>).
 </p>
-<div id="outline-container-orgc282e28" class="outline-2">
-<h2 id="orgc282e28"><span class="section-number-2">1.</span> Overview</h2>
+<div id="outline-container-org78c54e5" class="outline-2">
+<h2 id="org78c54e5"><span class="section-number-2">1.</span> Overview</h2>
 <div class="outline-text-2" id="text-1">
 <p>
 A Small Institute makes security and privacy top priorities but
@@ -64,7 +64,7 @@ map is very similar, with differences mainly in terminology,
 philosophy, attitude.
 </p>
 
-<pre class="example" id="orga51646b">
+<pre class="example" id="orgc8da95b">
                 |                                                   
                 =                                                   
               _|||_                                                 
@@ -103,8 +103,8 @@ philosophy, attitude.
 </pre>
 </div>
 </div>
-<div id="outline-container-orgbd0fb96" class="outline-2">
-<h2 id="orgbd0fb96"><span class="section-number-2">2.</span> The Abbey Particulars</h2>
+<div id="outline-container-org5dfe8b0" class="outline-2">
+<h2 id="org5dfe8b0"><span class="section-number-2">2.</span> The Abbey Particulars</h2>
 <div class="outline-text-2" id="text-2">
 <p>
 The abbey's public particulars are included below.  They are the
@@ -112,13 +112,13 @@ public particulars of a small institute, nothing more.
 </p>
 
 <div class="org-src-container">
-<a href="public/vars.yml"><q>public/vars.yml</q></a><pre class="src src-conf">---
+<a href="public/vars.yml"><q>public/vars.yml</q></a><pre class="src src-conf"><code>---
 domain_name: birchwood-abbey.net
 
 full_name: Birchwood Abbey
 
 front_addr: 159.65.75.60
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -134,8 +134,8 @@ into <a href="private_ex/vars-abbey.yml"><q>private_ex/vars-abbey.yml</q></a>.
 </p>
 </div>
 </div>
-<div id="outline-container-orgf21aecc" class="outline-2">
-<h2 id="orgf21aecc"><span class="section-number-2">3.</span> The Abbey Front Role</h2>
+<div id="outline-container-org1b3ee79" class="outline-2">
+<h2 id="org1b3ee79"><span class="section-number-2">3.</span> The Abbey Front Role</h2>
 <div class="outline-text-2" id="text-3">
 <p>
 Birchwood Abbey's front door is a Digital Ocean Droplet configured as
@@ -144,24 +144,24 @@ with Apache2, spooling email with Postfix and serving it with
 Dovecot-IMAPd, and hosting a VPN with OpenVPN.
 </p>
 </div>
-<div id="outline-container-org2981d17" class="outline-3">
-<h3 id="org2981d17"><span class="section-number-3">3.1.</span> Install Emacs</h3>
+<div id="outline-container-org95d4834" class="outline-3">
+<h3 id="org95d4834"><span class="section-number-3">3.1.</span> Install Emacs</h3>
 <div class="outline-text-3" id="text-3-1">
 <p>
 The monks of the abbey are masters of the staff (bo) and Emacs.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf">---
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>---
 - name: Install Emacs.
   become: yes
   <span class="org-variable-name">apt: pkg</span>=emacs
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org0d682e6" class="outline-3">
-<h3 id="org0d682e6"><span class="section-number-3">3.2.</span> Configure Public Email Aliases</h3>
+<div id="outline-container-org3adf5e2" class="outline-3">
+<h3 id="org3adf5e2"><span class="section-number-3">3.2.</span> Configure Public Email Aliases</h3>
 <div class="outline-text-3" id="text-3-2">
 <p>
 The abbey uses several additional email aliases.  These are the public
@@ -172,7 +172,7 @@ from there, forwarding <code>sysadm</code> to a real person.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Install abbey email aliases.
   become: yes
   blockinfile:
@@ -188,20 +188,20 @@ from there, forwarding <code>sysadm</code> to a real person.
     dest: /etc/aliases
     marker: <span class="org-string">"# {mark} ABBEY MANAGED BLOCK"</span>
   notify: New aliases.
-</pre>
+</code></pre>
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf">---
+<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf"><code>---
 - name: New aliases.
   become: yes
   command: newaliases
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org31d6bbb" class="outline-3">
-<h3 id="org31d6bbb"><span class="section-number-3">3.3.</span> Configure Git Daemon on Front</h3>
+<div id="outline-container-orgb528e3c" class="outline-3">
+<h3 id="orgb528e3c"><span class="section-number-3">3.3.</span> Configure Git Daemon on Front</h3>
 <div class="outline-text-3" id="text-3-3">
 <p>
 The abbey publishes member Git repositories with <code>git-daemon</code>.  If
@@ -219,7 +219,6 @@ chmod -R o+r ~/foo/.git
 find ~/foo/.git -type d -print0 | xargs -0 chmod o+rx
 </pre>
 
-
 <p>
 User repositories can be made available to the public at a URL like
 <code>git://small.example.org/~dick/foo</code> by copying it to the same path on
@@ -231,7 +230,6 @@ creates or updates such a copy.
 rsync -av ~/foo/.git/ small.example.org:Public/Git/foo/
 </pre>
 
-
 <p>
 Note that Dick's Git repository, mirrored to Front (or Core), does not
 need to be backed up, assuming Dick's home directory (including
@@ -244,7 +242,6 @@ There are no regular, system backups on Front.
 rsync -av --del small.institute.org:Public/foo/ ~/Public/foo/
 </pre>
 
-
 <p>
 With SystemD and the <code>git-daemon-sysvinit</code> package installed, SystemD
 supervises a <code>git-daemon</code> service unit launched with
@@ -273,13 +270,13 @@ like <code>git-tasks</code> and <code>git-handlers</code>.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
 &lt;&lt;git-tasks&gt;&gt;
-</pre>
+</code></pre>
 </div>
 
 <div class="org-src-container">
-<code>git-tasks</code><pre class="src src-conf" id="orgdf3814b">- name: Install git daemon.
+<code>git-tasks</code><pre class="src src-conf" id="org12c9e63"><code>- name: Install git daemon.
   become: yes
   <span class="org-variable-name">apt: pkg</span>=git-daemon-sysvinit
 
@@ -307,26 +304,26 @@ like <code>git-tasks</code> and <code>git-handlers</code>.
     state: directory
     group: staff
     <span class="org-variable-name">mode: u</span>=rwx,g=srwx,o=rx
-</pre>
+</code></pre>
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf"><code>
 &lt;&lt;git-handlers&gt;&gt;
-</pre>
+</code></pre>
 </div>
 
 <div class="org-src-container">
-<code>git-handlers</code><pre class="src src-conf" id="org76516ba">
+<code>git-handlers</code><pre class="src src-conf" id="org449892c"><code>
 - name: Restart git daemon.
   become: yes
   command: systemctl restart git-daemon
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-orgdf93aec" class="outline-3">
-<h3 id="orgdf93aec"><span class="section-number-3">3.4.</span> Configure Gitweb on Front</h3>
+<div id="outline-container-org243eb6b" class="outline-3">
+<h3 id="org243eb6b"><span class="section-number-3">3.4.</span> Configure Gitweb on Front</h3>
 <div class="outline-text-3" id="text-3-4">
 <p>
 The abbey provides an HTML interface to members' public Git
@@ -353,7 +350,7 @@ lists the repositories found in <q>/var/www/git/</q>.
 </p>
 
 <div class="org-src-container">
-<code>apache-gitweb</code><pre class="src src-conf" id="org119fc95">
+<code>apache-gitweb</code><pre class="src src-conf" id="org4103e5b"><code>
 Alias /gitweb-static/ /usr/share/gitweb/static/
 &lt;Directory <span class="org-string">"/usr/share/gitweb/static/"</span>&gt;
     Options MultiViews
@@ -364,7 +361,7 @@ RewriteRule ^/git(/.*)?$ \
 RewriteRule ^/\~([^\/]+)/git(/.*)?$ \
             /cgi-bin/gitweb.cgi$2 \
             [<span class="org-type">QSA,E=GITWEB_PROJECTROOT:/home/$1/Public/Git/,L,PT</span>]
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -387,8 +384,8 @@ or no rewriting will take place.
 The CGI script and <code>RewriteRule</code> require Apache's <code>cgi</code> and <code>rewrite</code>
 modules, which are not normally enabled on a small institute's public
 server.  Thus they need to be enabled here.  Note that Debian and
--Ubuntu install different Apache MPMs (multi-processing modules)
--requiring different CGI modules, turning two tasks into three.
+Ubuntu install different Apache MPMs (multi-processing modules)
+requiring different CGI modules, turning two tasks into three.
 </p>
 
 <p>
@@ -411,7 +408,7 @@ web site <q>/favicon.ico</q>.
 </p>
 
 <div class="org-src-container">
-<code>apache-gitweb-tasks</code><pre class="src src-conf" id="orgd2fd2f5">- name: Enable Apache2 rewrite module for Gitweb.
+<code>apache-gitweb-tasks</code><pre class="src src-conf" id="org9cedbba"><code>- name: Enable Apache2 rewrite module for Gitweb.
   become: yes
   <span class="org-variable-name">apache2_module: name</span>=rewrite
   notify: Restart Apache2.
@@ -444,21 +441,21 @@ web site <q>/favicon.ico</q>.
       <span class="org-variable-name">$javascript</span> = <span class="org-string">"/gitweb-static/gitweb.js"</span>;
     dest: /etc/gitweb.conf
     <span class="org-variable-name">mode: u</span>=rw,g=r,o=r
-</pre>
+</code></pre>
 </div>
 
 <div class="org-src-container">
-<code>apache-gitweb-handlers</code><pre class="src src-conf" id="org7715d62">- name: Restart Apache2.
+<code>apache-gitweb-handlers</code><pre class="src src-conf" id="orge67db37"><code>- name: Restart Apache2.
   become: yes
   systemd:
     service: apache2
     state: restarted
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-orge8ea40f" class="outline-3">
-<h3 id="orge8ea40f"><span class="section-number-3">3.5.</span> Configure Apache for Abbey Documentation</h3>
+<div id="outline-container-org507f7cd" class="outline-3">
+<h3 id="org507f7cd"><span class="section-number-3">3.5.</span> Configure Apache for Abbey Documentation</h3>
 <div class="outline-text-3" id="text-3-5">
 <p>
 Some of the directives added to the <q>-vhost.conf</q> file are needed by
@@ -476,11 +473,11 @@ filename suffixes.
 </p>
 
 <div class="org-src-container">
-<code>apache-abbey</code><pre class="src src-conf" id="org158c789">&lt;Directory {{ docroot }}/Abbey/&gt;
+<code>apache-abbey</code><pre class="src src-conf" id="org54b905a"><code>&lt;Directory {{ docroot }}/Abbey/&gt;
     AllowOverride Indexes FileInfo
     Options +Indexes +FollowSymLinks
 &lt;/Directory&gt;
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -490,17 +487,17 @@ be plain text, so that they are displayed rather than downloaded.
 </p>
 
 <div class="org-src-container">
-<a href=".htaccess"><q>.htaccess</q></a><pre class="src src-conf">ReadmeName notfound.html
+<a href=".htaccess"><q>.htaccess</q></a><pre class="src src-conf"><code>ReadmeName notfound.html
 IndexIgnore README.org
 AddType text/plain attr campus_vpn cfg cnf conf crt daily_letsencrypt
 AddType text/plain domain el htaccess idx j2 key old org pack pem
 AddType text/plain private pub public_vpn req rev sample txt yml
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org1a605db" class="outline-3">
-<h3 id="org1a605db"><span class="section-number-3">3.6.</span> Configure Photos URLs on Front</h3>
+<div id="outline-container-org01bb2eb" class="outline-3">
+<h3 id="org01bb2eb"><span class="section-number-3">3.6.</span> Configure Photos URLs on Front</h3>
 <div class="outline-text-3" id="text-3-6">
 <p>
 Some of the directives added to the <q>-vhost.conf</q> file map the abbey's
@@ -512,7 +509,7 @@ matching configurations for accurate previews and tests.
 </p>
 
 <div class="org-src-container">
-<code>apache-photos</code><pre class="src src-conf" id="org5e1b247">
+<code>apache-photos</code><pre class="src src-conf" id="org25f4ed6"><code>
 RedirectMatch /Photos$ /Photos/
 RedirectMatch /Photos/(20[0-9][0-9])_([0-9][0-9])_([0-9][0-9])$ \
               /Photos/$1_$2_$3/
@@ -521,12 +518,12 @@ AliasMatch /Photos/(20[0-9][0-9])_([0-9][0-9])_([0-9][0-9])/(.+)$ \
 AliasMatch /Photos/(20[0-9][0-9])_([0-9][0-9])_([0-9][0-9])/$ \
            {{ docroot }}/Photos/$1/$2/$3/index.html
 AliasMatch /Photos/$ {{ docroot }}/Photos/index.html
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org2ab9cdd" class="outline-3">
-<h3 id="org2ab9cdd"><span class="section-number-3">3.7.</span> Configure Apache on Front</h3>
+<div id="outline-container-orga3d8399" class="outline-3">
+<h3 id="orga3d8399"><span class="section-number-3">3.7.</span> Configure Apache on Front</h3>
 <div class="outline-text-3" id="text-3-7">
 <p>
 The abbey needs to add some Apache2 configuration directives to the
@@ -537,15 +534,15 @@ The abbey simply creates a <q>birchwood-abbey.net-vhost.conf</q> file in
 </p>
 
 <p>
-The following task adds the <a href="#org158c789"><code>apache-abbey</code></a>, <a href="#org5e1b247"><code>apache-photos</code></a>, and
-<a href="#org119fc95"><code>apache-gitweb</code></a> directives described above to the <q>-vhost.conf</q> file,
+The following task adds the <a href="#org54b905a"><code>apache-abbey</code></a>, <a href="#org25f4ed6"><code>apache-photos</code></a>, and
+<a href="#org4103e5b"><code>apache-gitweb</code></a> directives described above to the <q>-vhost.conf</q> file,
 and includes <q>options-ssl-apache.conf</q> from <q>/etc/letsencrypt/</q>.  The
 rest of the Let's Encrypt configuration is discussed in the following
-<a href="#orgdc68478">Install Let's Encrypt</a> section.
+<a href="#org1dbe4e6">Install Let's Encrypt</a> section.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Configure Apache.
   become: yes
   vars:
@@ -561,22 +558,22 @@ rest of the Let's Encrypt configuration is discussed in the following
   notify: Restart Apache2.
 
 &lt;&lt;apache-gitweb-tasks&gt;&gt;
-</pre>
+</code></pre>
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf"><code>
 &lt;&lt;apache-gitweb-handlers&gt;&gt;
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org70e49eb" class="outline-3">
-<h3 id="org70e49eb"><span class="section-number-3">3.8.</span> Configure Apache Log Archival</h3>
+<div id="outline-container-orgf9b9547" class="outline-3">
+<h3 id="orgf9b9547"><span class="section-number-3">3.8.</span> Configure Apache Log Archival</h3>
 <div class="outline-text-3" id="text-3-8">
 <p>
 These tasks hack Apache's <code>logrotate(8)</code> configuration to rotate
-weekly, keep the last 12 weeks, and email each week's log to <code>root</code>.
+weekly, keep a couple weeks, and email each week's log to <code>root</code>.
 The <code>logrotate(8)</code> manual page explains the configuration options.
 </p>
 
@@ -589,7 +586,7 @@ The replacement <q>logrotate-mailer</q> does, and includes it in a
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Configure Apache log archival.
   become: yes
   lineinfile:
@@ -598,7 +595,7 @@ The replacement <q>logrotate-mailer</q> does, and includes it in a
     line: <span class="org-string">"{{ item.line }}"</span>
   loop:
   - { regexp: <span class="org-string">'^ *daily'</span>, line: <span class="org-string">"\tweekly"</span> }
-  - { regexp: <span class="org-string">'^ *rotate'</span>, line: <span class="org-string">"\trotate 12"</span> }
+  - { regexp: <span class="org-string">'^ *rotate'</span>, line: <span class="org-string">"\trotate 2"</span> }
 
 - name: Configure Apache log email.
   become: yes
@@ -625,16 +622,16 @@ The replacement <q>logrotate-mailer</q> does, and includes it in a
     src: logrotate-mailer
     dest: /usr/local/sbin/logrotate-mailer
     <span class="org-variable-name">mode: u</span>=rwx,g=rx,o=rx
-</pre>
+</code></pre>
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf"><code>
 - name: Reload systemd.
   become: yes
   systemd:
     daemon_reload: yes
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -646,12 +643,12 @@ page.)
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/files/logrotate-mailer.conf"><q>roles_t/abbey-front/files/logrotate-mailer.conf</q></a><pre class="src src-conf">[<span class="org-type">Service</span>]
+<a href="roles_t/abbey-front/files/logrotate-mailer.conf"><q>roles_t/abbey-front/files/logrotate-mailer.conf</q></a><pre class="src src-conf"><code>[<span class="org-type">Service</span>]
 <span class="org-variable-name">ExecStart</span>=
 <span class="org-variable-name">ExecStart</span>=/usr/sbin/logrotate \
                 --mail /usr/local/sbin/logrotate-mailer \
                 /etc/logrotate.conf
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -664,7 +661,7 @@ encrypting and sending to <code>sendmail</code>.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/files/logrotate-mailer"><q>roles_t/abbey-front/files/logrotate-mailer</q></a><pre class="src src-sh"><span class="org-comment-delimiter">#</span><span class="org-comment">!/bin/</span><span class="org-keyword">bash</span><span class="org-comment"> -e</span>
+<a href="roles_t/abbey-front/files/logrotate-mailer"><q>roles_t/abbey-front/files/logrotate-mailer</q></a><pre class="src src-sh"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/bin/</span><span class="org-keyword">bash</span><span class="org-comment"> -e</span>
 
 <span class="org-keyword">if</span> [ <span class="org-string">"$#"</span> != 3 -o <span class="org-string">"$1"</span> != <span class="org-string">"-s"</span> ]; <span class="org-keyword">then</span>
     <span class="org-builtin">echo</span> <span class="org-string">"usage: $0 -s subject recipient"</span> 1&gt;&amp;2
@@ -700,12 +697,12 @@ encrypting and sending to <code>sendmail</code>.
         --trust-model always --recipient root@core ) <span class="org-sh-escaped-newline">\</span>
 | sendmail root <span class="org-sh-escaped-newline">\</span>
 || <span class="org-keyword">exit</span> $<span class="org-variable-name">?</span>
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-orgdc68478" class="outline-3">
-<h3 id="orgdc68478"><span class="section-number-3">3.9.</span> Install Let's Encrypt</h3>
+<div id="outline-container-org1dbe4e6" class="outline-3">
+<h3 id="org1dbe4e6"><span class="section-number-3">3.9.</span> Install Let's Encrypt</h3>
 <div class="outline-text-3" id="text-3-9">
 <p>
 The abbey uses a Let's Encrypt certificate to authenticate its public
@@ -714,7 +711,7 @@ certificate is a terminal session affair (with prompts and lines
 entered as shown below).
 </p>
 
-<pre class="example" id="org0610a0c">
+<pre class="example" id="org3e4c0de">
 $ sudo apt install python3-certbot-apache
 $ sudo certbot --apache -d birchwood-abbey.net
 ...
@@ -775,7 +772,7 @@ package is installed and its <q>live/</q> subdirectory is world readable.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Install Certbot for Apache.
   become: yes
   <span class="org-variable-name">apt: pkg</span>=python3-certbot-apache
@@ -785,7 +782,7 @@ package is installed and its <q>live/</q> subdirectory is world readable.
 <span class="org-string">  file:</span>
 <span class="org-string">    mode: u=rwx,g=rx,o=rx</span>
 <span class="org-string">    path: /etc/letsencrypt/live</span>
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -808,7 +805,7 @@ restarted manually.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Use Let<span class="org-string">'s Encrypt certificate&amp;key.</span>
 <span class="org-string">  file:</span>
 <span class="org-string">    state: link</span>
@@ -820,41 +817,41 @@ restarted manually.
 <span class="org-string">    link: /etc/server.crt</span>
 <span class="org-string">  - target: /etc/letsencrypt/live/birchwood-abbey.net/privkey.pem</span>
 <span class="org-string">    link: /etc/server.key</span>
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org043445c" class="outline-3">
-<h3 id="org043445c"><span class="section-number-3">3.10.</span> Rotate Let's Encrypt Log</h3>
+<div id="outline-container-org4f28126" class="outline-3">
+<h3 id="org4f28126"><span class="section-number-3">3.10.</span> Rotate Let's Encrypt Log</h3>
 <div class="outline-text-3" id="text-3-10">
 <p>
 The following task arranges to rotate Certbot's logs files.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Install Certbot logrotate configuration.
   become: yes
   copy:
     src: certbot_logrotate
     dest: /etc/logrotate.d/certbot
     <span class="org-variable-name">mode: u</span>=rw,g=r,o=r
-</pre>
+</code></pre>
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/files/certbot_logrotate"><q>roles_t/abbey-front/files/certbot_logrotate</q></a><pre class="src src-conf"><span class="org-type">/var/log/letsencrypt/*.log</span> {
+<a href="roles_t/abbey-front/files/certbot_logrotate"><q>roles_t/abbey-front/files/certbot_logrotate</q></a><pre class="src src-conf"><code><span class="org-type">/var/log/letsencrypt/*.log</span> {
     rotate 12
     weekly
     compress
     missingok
 }
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org0a13320" class="outline-3">
-<h3 id="org0a13320"><span class="section-number-3">3.11.</span> Archive Let's Encrypt Data</h3>
+<div id="outline-container-org9ba4d44" class="outline-3">
+<h3 id="org9ba4d44"><span class="section-number-3">3.11.</span> Archive Let's Encrypt Data</h3>
 <div class="outline-text-3" id="text-3-11">
 <p>
 A backup copy of Let's Encrypt's data (<q>/etc/letsencrypt/</q>) is sent to
@@ -863,18 +860,18 @@ are detected by keeping a copy in <q>/etc/letsencrypt~/</q> for comparison.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Install Let<span class="org-string">'s Encrypt archive script.</span>
 <span class="org-string">  become: yes</span>
 <span class="org-string">  copy:</span>
 <span class="org-string">    src: cron.daily_letsencrypt</span>
 <span class="org-string">    dest: /etc/cron.daily/letsencrypt</span>
 <span class="org-string">    mode: u=rwx,g=rx,o=rx</span>
-</pre>
+</code></pre>
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/files/cron.daily_letsencrypt"><q>roles_t/abbey-front/files/cron.daily_letsencrypt</q></a><pre class="src src-sh"><span class="org-comment-delimiter">#</span><span class="org-comment">!/bin/</span><span class="org-keyword">bash</span><span class="org-comment"> -e</span>
+<a href="roles_t/abbey-front/files/cron.daily_letsencrypt"><q>roles_t/abbey-front/files/cron.daily_letsencrypt</q></a><pre class="src src-sh"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/bin/</span><span class="org-keyword">bash</span><span class="org-comment"> -e</span>
 
 <span class="org-builtin">cd</span> /etc/
 
@@ -882,9 +879,20 @@ are detected by keeping a copy in <q>/etc/letsencrypt~/</q> for comparison.
 &amp;&amp; diff -rq letsencrypt/ letsencrypt~/ <span class="org-sh-escaped-newline">\</span>
 &amp;&amp; <span class="org-keyword">exit</span> 0
 
+<span class="org-variable-name">F</span>=<span class="org-sh-quoted-exec">`date "+%Y%m%d"`</span>.tar.gz
 ( <span class="org-builtin">echo</span> <span class="org-string">"Subject: New /etc/letsencrypt/ on Droplet."</span>
   <span class="org-builtin">echo</span> <span class="org-string">""</span>
-  tar czf - letsencrypt/ <span class="org-sh-escaped-newline">\</span>
+  ( <span class="org-builtin">echo</span> <span class="org-string">"Content-Type: multipart/mixed; boundary=\"boundary\""</span>
+    <span class="org-builtin">echo</span> <span class="org-string">"MIME-Version: 1.0"</span>
+    <span class="org-builtin">echo</span> <span class="org-string">""</span>
+    <span class="org-builtin">echo</span> <span class="org-string">"--boundary"</span>
+    <span class="org-builtin">echo</span> <span class="org-string">"Content-Type: application/gzip; name=\"$F\""</span>
+    <span class="org-builtin">echo</span> <span class="org-string">"Content-Disposition: attachment; filename=\"$F\""</span>
+    <span class="org-builtin">echo</span> <span class="org-string">"Content-Transfer-Encoding: base64"</span>
+    <span class="org-builtin">echo</span> <span class="org-string">""</span>
+    tar czf - letsencrypt/ | base64
+    <span class="org-builtin">echo</span> <span class="org-string">""</span>
+    <span class="org-builtin">echo</span> <span class="org-string">"--boundary--"</span> ) <span class="org-sh-escaped-newline">\</span>
   | gpg --encrypt --armor <span class="org-sh-escaped-newline">\</span>
         --trust-model always --recipient root@core ) <span class="org-sh-escaped-newline">\</span>
 | sendmail root <span class="org-sh-escaped-newline">\</span>
@@ -892,7 +900,7 @@ are detected by keeping a copy in <q>/etc/letsencrypt~/</q> for comparison.
 
 rm -rf letsencrypt~
 cp -a letsencrypt letsencrypt~
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -901,7 +909,7 @@ imported into <code>root@front</code>'s GnuPG key file.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Copy root@core<span class="org-string">'s public key.</span>
 <span class="org-string">  become: yes</span>
 <span class="org-string">  copy:</span>
@@ -909,21 +917,21 @@ imported into <code>root@front</code>'s GnuPG key file.
 <span class="org-string">    dest: /root/.gnupg-root-pub.pem</span>
 <span class="org-string">    mode: u=r,g=r,o=r</span>
 <span class="org-string">  notify: Import root@core'</span>s public key.
-</pre>
+</code></pre>
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf"><code>
 - name: Import root@core<span class="org-string">'s public key.</span>
 <span class="org-string">  become: yes</span>
 <span class="org-string">  command: gpg --import ~/.gnupg-root-pub.pem</span>
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-org62c2afa" class="outline-2">
-<h2 id="org62c2afa"><span class="section-number-2">4.</span> The Abbey Core Role</h2>
+<div id="outline-container-org5564028" class="outline-2">
+<h2 id="org5564028"><span class="section-number-2">4.</span> The Abbey Core Role</h2>
 <div class="outline-text-2" id="text-4">
 <p>
 Birchwood Abbey's core is a mini-PC (System76 Meerkat) configured as A
@@ -933,8 +941,8 @@ with Postfix and Dovecot, and providing essential localnet services:
 NTP, DNS and DHCP.
 </p>
 </div>
-<div id="outline-container-orgd0b322a" class="outline-3">
-<h3 id="orgd0b322a"><span class="section-number-3">4.1.</span> Include Abbey Variables</h3>
+<div id="outline-container-orgddbc6d6" class="outline-3">
+<h3 id="orgddbc6d6"><span class="section-number-3">4.1.</span> Include Abbey Variables</h3>
 <div class="outline-text-3" id="text-4-1">
 <p>
 In this abbey specific document, most abbey particulars are not
@@ -946,15 +954,15 @@ directory, <q>playbooks/</q>.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf">---
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>---
 - name: Include private abbey variables.
   include_vars: ../private/vars-abbey.yml
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org001474c" class="outline-3">
-<h3 id="org001474c"><span class="section-number-3">4.2.</span> Install Additional Packages</h3>
+<div id="outline-container-org79995db" class="outline-3">
+<h3 id="org79995db"><span class="section-number-3">4.2.</span> Install Additional Packages</h3>
 <div class="outline-text-3" id="text-4-2">
 <p>
 The scripts that maintain the abbey's web site use a number of
@@ -964,16 +972,16 @@ The house task list uses JQuery.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Install additional packages.
   apt:
     pkg: [ libhtml-tree-perl, libjs-jquery, mit-scheme, gnuplot ]
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-orgd7a5da4" class="outline-3">
-<h3 id="orgd7a5da4"><span class="section-number-3">4.3.</span> Configure Private Email Aliases</h3>
+<div id="outline-container-org0ab12ca" class="outline-3">
+<h3 id="org0ab12ca"><span class="section-number-3">4.3.</span> Configure Private Email Aliases</h3>
 <div class="outline-text-3" id="text-4-3">
 <p>
 The abbey uses several additional email aliases.  These are the campus
@@ -989,7 +997,7 @@ e.g. <code>mythtv@mythtv.birchwood.private</code>, locally.)
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Install abbey email aliases.
   become: yes
   blockinfile:
@@ -1001,52 +1009,52 @@ e.g. <code>mythtv@mythtv.birchwood.private</code>, locally.)
     dest: /etc/aliases
     marker: <span class="org-string">"# {mark} ABBEY MANAGED BLOCK"</span>
   notify: New aliases.
-</pre>
+</code></pre>
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf">---
+<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf"><code>---
 - name: New aliases.
   become: yes
   command: newaliases
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org6cfc8e7" class="outline-3">
-<h3 id="org6cfc8e7"><span class="section-number-3">4.4.</span> Configure Git Daemon on Core</h3>
+<div id="outline-container-org9d29244" class="outline-3">
+<h3 id="org9d29244"><span class="section-number-3">4.4.</span> Configure Git Daemon on Core</h3>
 <div class="outline-text-3" id="text-4-4">
 <p>
 These tasks are identical to those executed on Front, for similar Git
-services on Front and Core.  See <a href="#org31d6bbb">3.3</a> and
-<a href="#orgdf93aec">Configure Gitweb on Front</a> for more information.
+services on Front and Core.  See <a href="#orgb528e3c">3.3</a> and
+<a href="#org243eb6b">Configure Gitweb on Front</a> for more information.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
 &lt;&lt;git-tasks&gt;&gt;
-</pre>
+</code></pre>
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf"><code>
 &lt;&lt;git-handlers&gt;&gt;
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-orged71937" class="outline-3">
-<h3 id="orged71937"><span class="section-number-3">4.5.</span> Configure Apache on Core</h3>
+<div id="outline-container-orga95b58f" class="outline-3">
+<h3 id="orga95b58f"><span class="section-number-3">4.5.</span> Configure Apache on Core</h3>
 <div class="outline-text-3" id="text-4-5">
 <p>
 The Apache2 configuration on Core specifies three web sites (live,
 test, and campus).  The live and test sites must operate just like the
-site on Front.  Their configurations include the same <a href="#org158c789"><code>apache-abbey</code></a>,
-<a href="#org5e1b247"><code>apache-photos</code></a>, and <a href="#org119fc95"><code>apache-gitweb</code></a> used on Front.
+site on Front.  Their configurations include the same <a href="#org54b905a"><code>apache-abbey</code></a>,
+<a href="#org25f4ed6"><code>apache-photos</code></a>, and <a href="#org4103e5b"><code>apache-gitweb</code></a> used on Front.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Configure live website.
   become: yes
   vars:
@@ -1074,29 +1082,29 @@ site on Front.  Their configurations include the same <a href="#org158c789"><cod
   notify: Restart Apache2.
 
 &lt;&lt;apache-gitweb-tasks&gt;&gt;
-</pre>
+</code></pre>
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf"><code>
 &lt;&lt;apache-gitweb-handlers&gt;&gt;
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org7cfc2f1" class="outline-3">
-<h3 id="org7cfc2f1"><span class="section-number-3">4.6.</span> Configure Documentation URLs</h3>
+<div id="outline-container-org64aef4c" class="outline-3">
+<h3 id="org64aef4c"><span class="section-number-3">4.6.</span> Configure Documentation URLs</h3>
 <div class="outline-text-3" id="text-4-6">
 <p>
 The institute serves its <q>/usr/share/doc/</q> on the house (campus) web
 site.  This is a debugging convenience, making some HTML documentation
 more accessible, especially the documentation of software installed on
 Core and not on typical desktop clients.  Also included: the Apache2
-directives that enable user Git publishing with Gitweb (defined <a href="#org119fc95">here</a>).
+directives that enable user Git publishing with Gitweb (defined <a href="#org4103e5b">here</a>).
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Configure house website.
   become: yes
   copy:
@@ -1109,12 +1117,12 @@ directives that enable user Git publishing with Gitweb (defined <a href="#org119
     dest: /etc/apache2/sites-available/www-vhost.conf
     <span class="org-variable-name">mode: u</span>=rw,g=r,o=r
   notify: Restart Apache2.
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org1ad313a" class="outline-3">
-<h3 id="org1ad313a"><span class="section-number-3">4.7.</span> Install Apt Cacher</h3>
+<div id="outline-container-org1f5f460" class="outline-3">
+<h3 id="org1f5f460"><span class="section-number-3">4.7.</span> Install Apt Cacher</h3>
 <div class="outline-text-3" id="text-4-7">
 <p>
 The abbey uses the Apt-Cacher:TNG package cache on Core.  The
@@ -1122,16 +1130,16 @@ The abbey uses the Apt-Cacher:TNG package cache on Core.  The
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Install Apt-Cacher:TNG.
   become: yes
   <span class="org-variable-name">apt: pkg</span>=apt-cacher-ng
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-orga2718da" class="outline-3">
-<h3 id="orga2718da"><span class="section-number-3">4.8.</span> Use Cloister Apt Cache</h3>
+<div id="outline-container-org854ed0e" class="outline-3">
+<h3 id="org854ed0e"><span class="section-number-3">4.8.</span> Use Cloister Apt Cache</h3>
 <div class="outline-text-3" id="text-4-8">
 <p>
 Core itself will benefit from using the package cache, but should
@@ -1140,7 +1148,7 @@ so caching their packages is not a priority.)
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Use the local Apt package cache.
   become: yes
   copy:
@@ -1151,12 +1159,12 @@ so caching their packages is not a priority.)
       Acquire::https::Proxy <span class="org-string">"DIRECT"</span>;
     dest: /etc/apt/apt.conf.d/01proxy
     <span class="org-variable-name">mode: u</span>=rw,g=r,o=r
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org30c2703" class="outline-3">
-<h3 id="org30c2703"><span class="section-number-3">4.9.</span> Configure NAGIOS</h3>
+<div id="outline-container-org7df8de5" class="outline-3">
+<h3 id="org7df8de5"><span class="section-number-3">4.9.</span> Configure NAGIOS</h3>
 <div class="outline-text-3" id="text-4-9">
 <p>
 A small institute uses <code>nagios4</code> to monitor the health of its network,
@@ -1170,8 +1178,8 @@ customized <code>check_sensors</code> plugin (<code>abbey_pisensors</code>) in
 </p>
 </div>
 </div>
-<div id="outline-container-org5b67d8f" class="outline-3">
-<h3 id="org5b67d8f"><span class="section-number-3">4.10.</span> Monitoring The Home Disk</h3>
+<div id="outline-container-orgbe3c2ab" class="outline-3">
+<h3 id="orgbe3c2ab"><span class="section-number-3">4.10.</span> Monitoring The Home Disk</h3>
 <div class="outline-text-3" id="text-4-10">
 <p>
 The abbey adds monitoring of the space remaining on the volume at
@@ -1180,7 +1188,7 @@ remaining on roots.)
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Configure NAGIOS monitoring for Core /home/.
   become: yes
   copy:
@@ -1193,22 +1201,22 @@ remaining on roots.)
       }
     dest: /etc/nagios4/conf.d/abbey.cfg
   notify: Reload NAGIOS4.
-</pre>
+</code></pre>
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf"><code>
 - name: Reload NAGIOS4.
   become: yes
   systemd:
     service: nagios4
     state: reloaded
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org154a00c" class="outline-3">
-<h3 id="org154a00c"><span class="section-number-3">4.11.</span> Custom NAGIOS Monitor <code>abbey_pisensors</code></h3>
+<div id="outline-container-orgb2727c9" class="outline-3">
+<h3 id="orgb2727c9"><span class="section-number-3">4.11.</span> Custom NAGIOS Monitor <code>abbey_pisensors</code></h3>
 <div class="outline-text-3" id="text-4-11">
 <p>
 The <code>check_sensors</code> plugin is included in the package
@@ -1221,7 +1229,7 @@ recognizable temperature in the <code>sensors</code> output.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/files/abbey_pisensors"><q>roles_t/abbey-core/files/abbey_pisensors</q></a><pre class="src src-sh"><span class="org-comment-delimiter">#</span><span class="org-comment">!/bin/</span><span class="org-keyword">sh</span>
+<a href="roles_t/abbey-core/files/abbey_pisensors"><q>roles_t/abbey-core/files/abbey_pisensors</q></a><pre class="src src-sh"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/bin/</span><span class="org-keyword">sh</span>
 
 <span class="org-variable-name">PATH</span>=<span class="org-string">"/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"</span>
 <span class="org-builtin">export</span> PATH
@@ -1299,12 +1307,12 @@ recognizable temperature in the <code>sensors</code> output.
         <span class="org-keyword">exit</span> $<span class="org-variable-name">exit</span>
         ;;
 <span class="org-keyword">esac</span>
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org362dff5" class="outline-3">
-<h3 id="org362dff5"><span class="section-number-3">4.12.</span> Monitoring The Cloister</h3>
+<div id="outline-container-org30ce167" class="outline-3">
+<h3 id="org30ce167"><span class="section-number-3">4.12.</span> Monitoring The Cloister</h3>
 <div class="outline-text-3" id="text-4-12">
 <p>
 The abbey adds monitoring for more servers: Kamino, Kessel, and Ord
@@ -1321,8 +1329,8 @@ Kessel is a wireless host while Kamino is wired.  Ord Mantell, the
 Raspberry Pi OS (ARM64) machine, uses the <code>abbey_pisensors</code> monitor.
 </p>
 </div>
-<div id="outline-container-org668580c" class="outline-4">
-<h4 id="org668580c"><span class="section-number-4">4.12.1.</span> Cloister Network Addresses</h4>
+<div id="outline-container-orge336c74" class="outline-4">
+<h4 id="orge336c74"><span class="section-number-4">4.12.1.</span> Cloister Network Addresses</h4>
 <div class="outline-text-4" id="text-4-12-1">
 <p>
 The IP addresses of all three hosts are nice to use in the NAGIOS
@@ -1331,16 +1339,16 @@ included in <q>private/vars-abbey.yml</q>.
 </p>
 
 <div class="org-src-container">
-<a href="private_ex/vars-abbey.yml"><q>private_ex/vars-abbey.yml</q></a><pre class="src src-conf">---
+<a href="private_ex/vars-abbey.yml"><q>private_ex/vars-abbey.yml</q></a><pre class="src src-conf"><code>---
 kamino_addr:                192.168.56.14
 kessel_addr:                10.84.138.8
 ord_mantell_addr:           10.84.138.10
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org5225aac" class="outline-4">
-<h4 id="org5225aac"><span class="section-number-4">4.12.2.</span> Installing NAGIOS Configurations</h4>
+<div id="outline-container-orga6b33a1" class="outline-4">
+<h4 id="orga6b33a1"><span class="section-number-4">4.12.2.</span> Installing NAGIOS Configurations</h4>
 <div class="outline-text-4" id="text-4-12-2">
 <p>
 The following task installs each host's NAGIOS configuration.  Note
@@ -1349,7 +1357,7 @@ rarely powered up.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Configure cloister NAGIOS monitoring.
   become: yes
   template:
@@ -1357,15 +1365,15 @@ rarely powered up.
     dest: /etc/nagios4/conf.d/{{ item }}.cfg
   loop: [ ord-mantell, kessel ]
   notify: Reload NAGIOS4.
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org50c82d2" class="outline-4">
-<h4 id="org50c82d2"><span class="section-number-4">4.12.3.</span> NAGIOS Monitoring of Ord-Mantell</h4>
+<div id="outline-container-org6e2d7e1" class="outline-4">
+<h4 id="org6e2d7e1"><span class="section-number-4">4.12.3.</span> NAGIOS Monitoring of Ord-Mantell</h4>
 <div class="outline-text-4" id="text-4-12-3">
 <div class="org-src-container">
-<a href="roles_t/abbey-core/templates/nagios-ord-mantell.cfg"><q>roles_t/abbey-core/templates/nagios-ord-mantell.cfg</q></a><pre class="src src-conf"><span class="org-type">define host</span> {
+<a href="roles_t/abbey-core/templates/nagios-ord-mantell.cfg"><q>roles_t/abbey-core/templates/nagios-ord-mantell.cfg</q></a><pre class="src src-conf"><code><span class="org-type">define host</span> {
     use                     linux-server
     host_name               ord-mantell
     address                 {{ ord_mantell_addr }}
@@ -1412,15 +1420,15 @@ rarely powered up.
     service_description     Temperature Sensors
     check_command           check_nrpe!abbey_pisensors
 }
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-orge8ccd3b" class="outline-4">
-<h4 id="orge8ccd3b"><span class="section-number-4">4.12.4.</span> NAGIOS Monitoring of Kamino</h4>
+<div id="outline-container-orgf144fc5" class="outline-4">
+<h4 id="orgf144fc5"><span class="section-number-4">4.12.4.</span> NAGIOS Monitoring of Kamino</h4>
 <div class="outline-text-4" id="text-4-12-4">
 <div class="org-src-container">
-<a href="roles_t/abbey-core/templates/nagios-kamino.cfg"><q>roles_t/abbey-core/templates/nagios-kamino.cfg</q></a><pre class="src src-conf"><span class="org-type">define host</span> {
+<a href="roles_t/abbey-core/templates/nagios-kamino.cfg"><q>roles_t/abbey-core/templates/nagios-kamino.cfg</q></a><pre class="src src-conf"><code><span class="org-type">define host</span> {
     use                     linux-server
     host_name               kamino
     address                 {{ kamino_addr }}
@@ -1467,15 +1475,15 @@ rarely powered up.
     service_description     Temperature Sensors
     check_command           check_nrpe!inst_sensors
 }
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org4f9ed4f" class="outline-4">
-<h4 id="org4f9ed4f"><span class="section-number-4">4.12.5.</span> NAGIOS Monitoring of Kessel</h4>
+<div id="outline-container-orgb34d6be" class="outline-4">
+<h4 id="orgb34d6be"><span class="section-number-4">4.12.5.</span> NAGIOS Monitoring of Kessel</h4>
 <div class="outline-text-4" id="text-4-12-5">
 <div class="org-src-container">
-<a href="roles_t/abbey-core/templates/nagios-kessel.cfg"><q>roles_t/abbey-core/templates/nagios-kessel.cfg</q></a><pre class="src src-conf"><span class="org-type">define host</span> {
+<a href="roles_t/abbey-core/templates/nagios-kessel.cfg"><q>roles_t/abbey-core/templates/nagios-kessel.cfg</q></a><pre class="src src-conf"><code><span class="org-type">define host</span> {
     use                     linux-server
     host_name               kessel
     address                 {{ kessel_addr }}
@@ -1522,13 +1530,13 @@ rarely powered up.
     service_description     Temperature Sensors
     check_command           check_nrpe!inst_sensors
 }
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-org6e1d8e8" class="outline-3">
-<h3 id="org6e1d8e8"><span class="section-number-3">4.13.</span> Install Munin</h3>
+<div id="outline-container-org1616d99" class="outline-3">
+<h3 id="org1616d99"><span class="section-number-3">4.13.</span> Install Munin</h3>
 <div class="outline-text-3" id="text-4-13">
 <p>
 The abbey is experimenting with Munin.  NAGIOS is all about notifying
@@ -1537,7 +1545,7 @@ trends in resource usage.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Install Munin.
   become: yes
   <span class="org-variable-name">apt: pkg</span>=munin
@@ -1581,7 +1589,7 @@ trends in resource usage.
           address {{ ord_mantell_addr }}
     dest: /etc/munin/munin-conf.d/zzz-site.cfg
   notify: Restart Munin.
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -1590,7 +1598,7 @@ next task configures <code>libsensors</code> to ignore them.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Configure core sensors(1).
   become: yes
   copy:
@@ -1601,22 +1609,22 @@ next task configures <code>libsensors</code> to ignore them.
       chip <span class="org-string">"acpitz-acpi-0"</span>
           ignore temp1
     dest: /etc/sensors.d/site.conf
-</pre>
+</code></pre>
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf"><code>
 - name: Restart Munin.
   become: yes
   systemd:
     service: munin
     state: restarted
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-orga9351cb" class="outline-3">
-<h3 id="orga9351cb"><span class="section-number-3">4.14.</span> Install Analog</h3>
+<div id="outline-container-org994a05d" class="outline-3">
+<h3 id="org994a05d"><span class="section-number-3">4.14.</span> Install Analog</h3>
 <div class="outline-text-3" id="text-4-14">
 <p>
 The abbey's public web site's access and error logs are emailed
@@ -1626,7 +1634,7 @@ the campus as <code>http://www/analog.html</code>.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Install Analog.
   become: yes
   <span class="org-variable-name">apt: pkg</span>=analog
@@ -1666,12 +1674,12 @@ the campus as <code>http://www/analog.html</code>.
     owner: monkey
     group: staff
     <span class="org-variable-name">mode: u</span>=rwx,g=srwx,o=rx
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org4cc42f5" class="outline-3">
-<h3 id="org4cc42f5"><span class="section-number-3">4.15.</span> Add Monkey to Web Server Group</h3>
+<div id="outline-container-orgf39e76a" class="outline-3">
+<h3 id="orgf39e76a"><span class="section-number-3">4.15.</span> Add Monkey to Web Server Group</h3>
 <div class="outline-text-3" id="text-4-15">
 <p>
 Monkey needs to be in <code>www-data</code> so that it can run
@@ -1682,19 +1690,19 @@ user cloud accounts, found in files owned by <code>www-data</code>, files like
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Add Monkey to Nextcloud group.
   become: yes
   user:
     name: monkey
     append: yes
     groups: www-data
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-orgb69761e" class="outline-3">
-<h3 id="orgb69761e"><span class="section-number-3">4.16.</span> Install netpbm For Photo Processing</h3>
+<div id="outline-container-org3d47406" class="outline-3">
+<h3 id="org3d47406"><span class="section-number-3">4.16.</span> Install netpbm For Photo Processing</h3>
 <div class="outline-text-3" id="text-4-16">
 <p>
 Monkey's photo processing scripts use <code>netpbm</code> commands like
@@ -1702,16 +1710,16 @@ Monkey's photo processing scripts use <code>netpbm</code> commands like
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Install netpbm.
   become: yes
   <span class="org-variable-name">apt: pkg</span>=netpbm
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org248a7c3" class="outline-3">
-<h3 id="org248a7c3"><span class="section-number-3">4.17.</span> Install Samba</h3>
+<div id="outline-container-org10e9548" class="outline-3">
+<h3 id="org10e9548"><span class="section-number-3">4.17.</span> Install Samba</h3>
 <div class="outline-text-3" id="text-4-17">
 <p>
 The abbey core provides NAS (Network Attached Storage) service to the
@@ -1727,7 +1735,7 @@ permissions.</li>
 </ul>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Install Samba.
   become: yes
   <span class="org-variable-name">apt: pkg</span>=samba
@@ -1774,55 +1782,57 @@ permissions.</li>
     dest: /etc/samba/smb.conf
     marker: <span class="org-string">"# {mark} ABBEY MANAGED BLOCK"</span>
   notify: New shares.
-</pre>
+</code></pre>
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf"><code>
 - name: New shares.
   become: yes
   systemd:
     service: smbd
     state: reloaded
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-org3960a98" class="outline-2">
-<h2 id="org3960a98"><span class="section-number-2">5.</span> The Abbey Gate Role</h2>
+<div id="outline-container-org2100b2e" class="outline-2">
+<h2 id="org2100b2e"><span class="section-number-2">5.</span> The Abbey Gate Role</h2>
 <div class="outline-text-2" id="text-5">
 <p>
 Birchwood Abbey's gate is a $110 µPC configured as A Small Institute
 Gate, thus providing a campus VPN on a campus Wi-Fi access point.  It
-routes network traffic from its <code>wifi</code> and <code>lan</code> interfaces to its
+routes network traffic from its <code>wild</code> and <code>lan</code> interfaces to its
 <code>isp</code> interface (and back) with NAT.  That is all the abbey requires
 of its gate, so there is no additional Ansible configuration in this
 chapter (yet).
 </p>
 </div>
-<div id="outline-container-org743d9d2" class="outline-3">
-<h3 id="org743d9d2"><span class="section-number-3">5.1.</span> The Abbey Gate's Network Interfaces</h3>
+<div id="outline-container-org49442fe" class="outline-3">
+<h3 id="org49442fe"><span class="section-number-3">5.1.</span> The Abbey Gate's Network Interfaces</h3>
 <div class="outline-text-3" id="text-5-1">
 <p>
 The abbey gate's <code>lan</code> interface is the PC's built-in Ethernet
 interface, connected to the cloister Ethernet, a Gigabit Ethernet
-switch.  Its <code>wifi</code> interface is a USB3.0 Ethernet adapter connected
-with a cross-over cable to the WAN interface of a Think Penguin
-TPE-R1300 (and at one time a Linksys WRT1900AC).  The <code>isp</code> interface
-is another USB3.0 Ethernet adapter connected with a cross-over cable
-to the Ethernet interface of a "cable modem" (a Starlink terminal).
+switch.  Its <code>wild</code> interface is a USB3.0 Ethernet adapter connected
+to a 5-port Gigabit Ethernet switch into which are patched the WAN
+interfaces of two Think Penguin TPE-R1300 (and sometimes a Linksys
+WRT1900AC), as well as a couple IoT things like an Ecowitt hub and a
+HomeAssistant Pi.  The <code>isp</code> interface is another USB3.0 Ethernet
+adapter connected with a cross-over cable to the Ethernet interface of
+a "cable modem" (a Starlink terminal).
 </p>
 
 <p>
 The MAC address of each interface is set in <q>private/vars.yml</q> (see
 <a href="Institute/private/vars.yml"><q>Institute/private/vars.yml</q></a>) as the values of the <code>gate_lan_mac</code>,
-<code>gate_wifi_mac</code> and <code>gate_isp_mac</code> variables.
+<code>gate_wild_mac</code> and <code>gate_isp_mac</code> variables.
 </p>
 </div>
 </div>
-<div id="outline-container-orgd8fd372" class="outline-3">
-<h3 id="orgd8fd372"><span class="section-number-3">5.2.</span> The Abbey's Starlink Configuration</h3>
+<div id="outline-container-orgb1e9969" class="outline-3">
+<h3 id="orgb1e9969"><span class="section-number-3">5.2.</span> The Abbey's Starlink Configuration</h3>
 <div class="outline-text-3" id="text-5-2">
 <p>
 The abbey connects to Starlink via Ethernet, and disables Starlink's
@@ -1870,8 +1880,8 @@ at least our local network traffic out of view of our ISPs.
 </p>
 </div>
 </div>
-<div id="outline-container-orgbc20e11" class="outline-3">
-<h3 id="orgbc20e11"><span class="section-number-3">5.3.</span> Alternate ISPs</h3>
+<div id="outline-container-org19c48b7" class="outline-3">
+<h3 id="org19c48b7"><span class="section-number-3">5.3.</span> Alternate ISPs</h3>
 <div class="outline-text-3" id="text-5-3">
 <p>
 The abbey used to use a cell phone on a USB tether to get Internet
@@ -1880,7 +1890,7 @@ following.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-conf">network:
+<pre class="src src-conf"><code>network:
   ethernets:
     tether:
       match:
@@ -1889,7 +1899,7 @@ following.
       dhcp4: true
       dhcp4-overrides:
         use-dns: false
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -1898,7 +1908,7 @@ service, using a <q>60-isp.yaml</q> file similar to the lines below.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-conf">network:
+<pre class="src src-conf"><code>network:
   wifis:
     tether:
       match:
@@ -1911,13 +1921,13 @@ service, using a <q>60-isp.yaml</q> file similar to the lines below.
         <span class="org-string">"AP with password"</span>:
           password: <span class="org-string">"password"</span>
         <span class="org-string">"AP with no password"</span>: {}
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-orgb1328d7" class="outline-2">
-<h2 id="orgb1328d7"><span class="section-number-2">6.</span> The Abbey Cloister Role</h2>
+<div id="outline-container-org40bbd8f" class="outline-2">
+<h2 id="org40bbd8f"><span class="section-number-2">6.</span> The Abbey Cloister Role</h2>
 <div class="outline-text-2" id="text-6">
 <p>
 Birchwood Abbey's cloister is a small institute campus.  The <code>campus</code>
@@ -1932,7 +1942,7 @@ tasks, namely configuration required on Raspberry Pi OS machines.
 <p>
 Wireless clients are issued keys for the cloister VPN by the <code>./abbey
 client</code> command which is currently identical to the <code>./inst client</code>
-command (described in <a href="Institute/README.html#org0ad53cf">The Client Command</a>).  The wireless, cloistered
+command (described in <a href="Institute/README.html#orgdc36b90">The Client Command</a>).  The wireless, cloistered
 hosts never roam, are not associated with a member, and so are
 "campus" clients, issued keys with commands like this:
 </p>
@@ -1941,8 +1951,8 @@ hosts never roam, are not associated with a member, and so are
 ./abbey client campus new-host-name
 </pre>
 </div>
-<div id="outline-container-orgaeb3b44" class="outline-3">
-<h3 id="orgaeb3b44"><span class="section-number-3">6.1.</span> Use Cloister Apt Cache</h3>
+<div id="outline-container-orgfe5bd70" class="outline-3">
+<h3 id="orgfe5bd70"><span class="section-number-3">6.1.</span> Use Cloister Apt Cache</h3>
 <div class="outline-text-3" id="text-6-1">
 <p>
 The Apt-Cacher:TNG program does not work well on the frontier, so is
@@ -1961,7 +1971,7 @@ local host.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf">---
+<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf"><code>---
 - name: Use the local Apt package cache.
   become: yes
   copy:
@@ -1972,24 +1982,24 @@ local host.
       Acquire::https::Proxy <span class="org-string">"DIRECT"</span>;
     dest: /etc/apt/apt.conf.d/01proxy
     <span class="org-variable-name">mode: u</span>=rw,g=r,o=r
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-orgc08e9b0" class="outline-3">
-<h3 id="orgc08e9b0"><span class="section-number-3">6.2.</span> Configure Cloister NRPE</h3>
+<div id="outline-container-org90b7085" class="outline-3">
+<h3 id="org90b7085"><span class="section-number-3">6.2.</span> Configure Cloister NRPE</h3>
 <div class="outline-text-3" id="text-6-2">
 <p>
 Each cloistered host is a small institute campus host and thus is
 already running an NRPE server (a NAGIOS Remote Plugin Executor
-server) with a custom <code>inst_sensors</code> monitor (described in <a href="Institute/README.html#orgbd0ce38">Configure
+server) with a custom <code>inst_sensors</code> monitor (described in <a href="Institute/README.html#org356ce5d">Configure
 NRPE</a> of <a href="Institute/README.html">A Small Institute</a>).  The abbey adds one complication: yet
 another <code>check_sensors</code> variant, <code>abbey_pisensors</code>, installed on
 Raspberry Pis (architecture <code>aarch64</code>) only.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Install abbey_pisensors NAGIOS plugin.
   become: yes
   copy:
@@ -2006,29 +2016,29 @@ Raspberry Pis (architecture <code>aarch64</code>) only.
     dest: /etc/nagios/nrpe.d/abbey.cfg
   <span class="org-variable-name">when: ansible_architecture</span> == <span class="org-string">'aarch64'</span>
   notify: Reload NRPE server.
-</pre>
+</code></pre>
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-cloister/handlers/main.yml"><q>roles_t/abbey-cloister/handlers/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-cloister/handlers/main.yml"><q>roles_t/abbey-cloister/handlers/main.yml</q></a><pre class="src src-conf"><code>
 - name: Reload NRPE server.
   become: yes
   systemd:
     service: nagios-nrpe-server
     state: reloaded
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-orgc166594" class="outline-3">
-<h3 id="orgc166594"><span class="section-number-3">6.3.</span> Install Munin Node</h3>
+<div id="outline-container-org3b9668e" class="outline-3">
+<h3 id="org3b9668e"><span class="section-number-3">6.3.</span> Install Munin Node</h3>
 <div class="outline-text-3" id="text-6-3">
 <p>
 Each cloistered host is a Munin node.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Install Munin Node.
   become: yes
   <span class="org-variable-name">apt: pkg</span>=munin-node
@@ -2039,7 +2049,7 @@ Each cloistered host is a Munin node.
     name: <span class="org-string">"{{ ansible_user }}"</span>
     append: yes
     groups: munin
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -2049,7 +2059,7 @@ them.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Configure {{ inventory_hostname }} sensors(1).
   copy:
     content: |
@@ -2060,29 +2070,29 @@ them.
           ignore temp1
     dest: /etc/sensors.d/site.conf
   <span class="org-variable-name">when: inventory_hostname</span> == <span class="org-string">'anoat'</span>
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org229349d" class="outline-3">
-<h3 id="org229349d"><span class="section-number-3">6.4.</span> Install Emacs</h3>
+<div id="outline-container-org742a99b" class="outline-3">
+<h3 id="org742a99b"><span class="section-number-3">6.4.</span> Install Emacs</h3>
 <div class="outline-text-3" id="text-6-4">
 <p>
 The monks of the abbey are masters of the staff and Emacs.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Install monastic software.
   become: yes
   <span class="org-variable-name">apt: pkg</span>=emacs
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-org7341dda" class="outline-2">
-<h2 id="org7341dda"><span class="section-number-2">7.</span> The Abbey Weather Role</h2>
+<div id="outline-container-orgc8a0fc6" class="outline-2">
+<h2 id="orgc8a0fc6"><span class="section-number-2">7.</span> The Abbey Weather Role</h2>
 <div class="outline-text-2" id="text-7">
 <p>
 Birchwood Abbey now uses Home Assistant to record and display weather
@@ -2105,20 +2115,20 @@ The configuration of Home Assistant involved installing the Ecowitt
 "integration".  This was accomplished by choosing "Settings", then
 "Devices &amp; services", then "Add Integration", and searching for
 "Ecowitt".  Once installed, the integration created dozens of weather
-entities which were organized into an "Abbey" dashboard.
+entities.  These were labeled and organized on an "Abbey" dashboard.
 </p>
 </div>
 </div>
-<div id="outline-container-org2c65dbc" class="outline-2">
-<h2 id="org2c65dbc"><span class="section-number-2">8.</span> The Abbey DVR Role</h2>
+<div id="outline-container-orgfdb0505" class="outline-2">
+<h2 id="orgfdb0505"><span class="section-number-2">8.</span> The Abbey DVR Role</h2>
 <div class="outline-text-2" id="text-8">
 <p>
 The abbey uses AgentDVR to record video from PoE IP HD security
 cameras.  It is installed and configured as described here.
 </p>
 </div>
-<div id="outline-container-org1485bcd" class="outline-3">
-<h3 id="org1485bcd"><span class="section-number-3">8.1.</span> AgentDVR Installation</h3>
+<div id="outline-container-org1be8ddb" class="outline-3">
+<h3 id="org1be8ddb"><span class="section-number-3">8.1.</span> AgentDVR Installation</h3>
 <div class="outline-text-3" id="text-8-1">
 <p>
 AgentDVR is installed at the abbey according to the iSpy web site's
@@ -2129,11 +2139,11 @@ second of which is broken across three lines).
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">sudo apt-get install curl
+<pre class="src src-sh"><code>sudo apt-get install curl
 bash &lt;(curl -s <span class="org-string">"https://raw.githubusercontent.com/\</span>
 <span class="org-string">ispysoftware/agent-install-scripts/main/v2/\</span>
 <span class="org-string">install.sh"</span>)
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -2141,8 +2151,8 @@ bash &lt;(curl -s <span class="org-string">"https://raw.githubusercontent.com/\<
 preparations.
 </p>
 </div>
-<div id="outline-container-orge3711be" class="outline-4">
-<h4 id="orge3711be"><span class="section-number-4">8.1.1.</span> AgentDVR Installation Preparation</h4>
+<div id="outline-container-org536c708" class="outline-4">
+<h4 id="org536c708"><span class="section-number-4">8.1.1.</span> AgentDVR Installation Preparation</h4>
 <div class="outline-text-4" id="text-8-1-1">
 <p>
 AgentDVR runs in the abbey as a system user, <code>agentdvr</code>, which
@@ -2155,7 +2165,6 @@ a login shell, <q>/bin/bash</q>.  This much Ansible can do in preparation.
 ./abbey config dvrs
 </pre>
 
-
 <p>
 After the <code>agentdvr</code> account is created, it is temporarily authorized
 to run a handful of system commands (as <code>root</code>!).  This small set is
@@ -2168,18 +2177,18 @@ privileges until a "rescue" (involving a reboot) is performed.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh"><span class="org-builtin">echo</span> <span class="org-string">"ALL ALL=(agentdvr) NOPASSWD: /bin/systemctl,/bin/apt-get,\</span>
+<pre class="src src-sh"><code><span class="org-builtin">echo</span> <span class="org-string">"ALL ALL=(agentdvr) NOPASSWD: /bin/systemctl,/bin/apt-get,\</span>
 <span class="org-string">     /sbin/adduser,/sbin/usermod"</span> &gt;~/01agentdvr
 sudo chown root:root ~/01agentdvr
 sudo chmod 440 ~/01agentdvr
 visudo --check --owner --perms ~/01agentdvr
 sudo mv ~/01agentdvr /etc/sudoers.d/
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org53fe590" class="outline-4">
-<h4 id="org53fe590"><span class="section-number-4">8.1.2.</span> AgentDVR Installation Execution</h4>
+<div id="outline-container-org46e0754" class="outline-4">
+<h4 id="org46e0754"><span class="section-number-4">8.1.2.</span> AgentDVR Installation Execution</h4>
 <div class="outline-text-4" id="text-8-1-2">
 <p>
 With the above preparations, the system administrator can get a shell
@@ -2188,9 +2197,9 @@ in the empty <q>/home/agentdvr/</q> directory.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">sudo apt-get install curl
+<pre class="src src-sh"><code>sudo apt-get install curl
 sudo -u agentdvr &lt;(curl -s <span class="org-string">"https:.../install.sh"</span>)
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -2200,8 +2209,8 @@ Ansible is run again.
 </p>
 </div>
 </div>
-<div id="outline-container-org27ee283" class="outline-4">
-<h4 id="org27ee283"><span class="section-number-4">8.1.3.</span> AgentDVR Installation Completion</h4>
+<div id="outline-container-orgcfce738" class="outline-4">
+<h4 id="orgcfce738"><span class="section-number-4">8.1.3.</span> AgentDVR Installation Completion</h4>
 <div class="outline-text-4" id="text-8-1-3">
 <p>
 When Ansible is run a second time, after the installation script, it
@@ -2213,7 +2222,6 @@ starts) the new system service.
 ./abbey config dvrs
 </pre>
 
-
 <p>
 Also after the installation, the system administrator revokes the
 <code>agentdvr</code> account's authorizations to modify packages and accounts.
@@ -2225,15 +2233,15 @@ sudo rm /etc/sudoers.d/01agentdvr
 </div>
 </div>
 </div>
-<div id="outline-container-orgb219961" class="outline-3">
-<h3 id="orgb219961"><span class="section-number-3">8.2.</span> Create User <code>agentdvr</code></h3>
+<div id="outline-container-orgfad547c" class="outline-3">
+<h3 id="orgfad547c"><span class="section-number-3">8.2.</span> Create User <code>agentdvr</code></h3>
 <div class="outline-text-3" id="text-8-2">
 <p>
 AgentDVR runs as the system user <code>agentdvr</code>, which is created here.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-dvr/tasks/main.yml"><q>roles_t/abbey-dvr/tasks/main.yml</q></a><pre class="src src-conf">---
+<a href="roles_t/abbey-dvr/tasks/main.yml"><q>roles_t/abbey-dvr/tasks/main.yml</q></a><pre class="src src-conf"><code>---
 - name: Create agentdvr.
   become: yes
   user:
@@ -2259,12 +2267,12 @@ AgentDVR runs as the system user <code>agentdvr</code>, which is created here.
     owner: agentdvr
     group: agentdvr
     <span class="org-variable-name">mode: u</span>=rwx,g=rwxs,o=rx
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org0f20387" class="outline-3">
-<h3 id="org0f20387"><span class="section-number-3">8.3.</span> Test For <q>AgentDVR/</q></h3>
+<div id="outline-container-org7af0ee3" class="outline-3">
+<h3 id="org7af0ee3"><span class="section-number-3">8.3.</span> Test For <q>AgentDVR/</q></h3>
 <div class="outline-text-3" id="text-8-3">
 <p>
 The following task probes for the <q>/home/agentdvr/AgentDVR/</q>
@@ -2275,7 +2283,7 @@ remaining installation steps are skipped unless
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-dvr/tasks/main.yml"><q>roles_t/abbey-dvr/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-dvr/tasks/main.yml"><q>roles_t/abbey-dvr/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Test for AgentDVR directory.
   stat:
     path: /home/agentdvr/AgentDVR
@@ -2283,12 +2291,12 @@ remaining installation steps are skipped unless
 - debug:
     msg: <span class="org-string">"/home/agentdvr/AgentDVR/ does not yet exist"</span>
   when: not agentdvr.stat.exists
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org6053bf2" class="outline-3">
-<h3 id="org6053bf2"><span class="section-number-3">8.4.</span> Create AgentDVR Service</h3>
+<div id="outline-container-orgee22060" class="outline-3">
+<h3 id="orgee22060"><span class="section-number-3">8.4.</span> Create AgentDVR Service</h3>
 <div class="outline-text-3" id="text-8-4">
 <p>
 This service definition came from the template downloaded (from <a href="https://raw.githubusercontent.com/ispysoftware/agent-install-scripts/main/v2/AgentDVR.service">here</a>)
@@ -2297,7 +2305,7 @@ by <q>install.sh</q>.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-dvr/tasks/main.yml"><q>roles_t/abbey-dvr/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-dvr/tasks/main.yml"><q>roles_t/abbey-dvr/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Install AgentDVR.service.
   become: yes
   copy:
@@ -2334,12 +2342,12 @@ by <q>install.sh</q>.
     enabled: yes
     state: started
   when: agentdvr.stat.exists
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-orgbdf0cde" class="outline-3">
-<h3 id="orgbdf0cde"><span class="section-number-3">8.5.</span> Create AgentDVR Storage</h3>
+<div id="outline-container-org71f8c7b" class="outline-3">
+<h3 id="org71f8c7b"><span class="section-number-3">8.5.</span> Create AgentDVR Storage</h3>
 <div class="outline-text-3" id="text-8-5">
 <p>
 The abbey uses a separate volume to store surveillance recordings,
@@ -2351,7 +2359,7 @@ location do not fail.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-dvr/tasks/main.yml"><q>roles_t/abbey-dvr/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-dvr/tasks/main.yml"><q>roles_t/abbey-dvr/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Create /DVR/AgentDVR/.
   become: yes
   file:
@@ -2369,15 +2377,15 @@ location do not fail.
     owner: agentdvr
     group: agentdvr
     <span class="org-variable-name">mode: u</span>=rwx,g=rxs,o=
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-orgaaba8bb" class="outline-3">
-<h3 id="orgaaba8bb"><span class="section-number-3">8.6.</span> Configure IP Cameras</h3>
+<div id="outline-container-orgde12133" class="outline-3">
+<h3 id="orgde12133"><span class="section-number-3">8.6.</span> Configure IP Cameras</h3>
 <div class="outline-text-3" id="text-8-6">
 <p>
-A new security camera is setup as described in <a href="#org110d7b3">Cloistering</a>, after
+A new security camera is setup as described in <a href="#orgd14afca">Cloistering</a>, after
 which the camera should be accessible by name on the abbey networks.
 Assuming <code>ping -c1 new</code> works, the camera's web interface will be
 accessible at <code>http://new/</code>.
@@ -2396,8 +2404,8 @@ long duration logs, thus fewer frames per second.</li>
 </ul>
 </div>
 </div>
-<div id="outline-container-org45c6d54" class="outline-3">
-<h3 id="org45c6d54"><span class="section-number-3">8.7.</span> Configure AgentDVR's Cameras</h3>
+<div id="outline-container-orgfba9ac2" class="outline-3">
+<h3 id="orgfba9ac2"><span class="section-number-3">8.7.</span> Configure AgentDVR's Cameras</h3>
 <div class="outline-text-3" id="text-8-7">
 <p>
 After Ansible has configured and started the AgentDVR service, its web
@@ -2434,8 +2442,8 @@ AgentDVR's Live View.
 </p>
 </div>
 </div>
-<div id="outline-container-orgba96682" class="outline-3">
-<h3 id="orgba96682"><span class="section-number-3">8.8.</span> Configure AgentDVR's Default Storage</h3>
+<div id="outline-container-orgb541780" class="outline-3">
+<h3 id="orgb541780"><span class="section-number-3">8.8.</span> Configure AgentDVR's Default Storage</h3>
 <div class="outline-text-3" id="text-8-8">
 <p>
 AgentDVR's web interface is also used to configure a default storage
@@ -2447,8 +2455,8 @@ pressed before the task is complete.
 </p>
 </div>
 </div>
-<div id="outline-container-orgcaf1cbe" class="outline-3">
-<h3 id="orgcaf1cbe"><span class="section-number-3">8.9.</span> Configure AgentDVR's Recordings</h3>
+<div id="outline-container-org8d0c814" class="outline-3">
+<h3 id="org8d0c814"><span class="section-number-3">8.9.</span> Configure AgentDVR's Recordings</h3>
 <div class="outline-text-3" id="text-8-9">
 <p>
 After a default storage location has been configured, AgentDVR's
@@ -2480,8 +2488,8 @@ parameters are set (in the Recording and Storage tabs).
 </div>
 </div>
 </div>
-<div id="outline-container-orgbe3cdfe" class="outline-2">
-<h2 id="orgbe3cdfe"><span class="section-number-2">9.</span> The Abbey TVR Role</h2>
+<div id="outline-container-org15981aa" class="outline-2">
+<h2 id="org15981aa"><span class="section-number-2">9.</span> The Abbey TVR Role</h2>
 <div class="outline-text-2" id="text-9">
 <p>
 The abbey has a few TV tuners and a subscription to <a href="https://schedulesdirect.org/">Schedules Direct</a>
@@ -2496,8 +2504,8 @@ interface on the master server.  It configures the Apache web server
 to serve MythWeb pages at e.g. <code>http://new/mythweb/</code>.
 </p>
 </div>
-<div id="outline-container-orge6089d9" class="outline-3">
-<h3 id="orge6089d9"><span class="section-number-3">9.1.</span> Building MythTV and MythWeb</h3>
+<div id="outline-container-orge9182da" class="outline-3">
+<h3 id="orge9182da"><span class="section-number-3">9.1.</span> Building MythTV and MythWeb</h3>
 <div class="outline-text-3" id="text-9-1">
 <p>
 Neither Debian nor the MythTV project provide binary packages of
@@ -2528,19 +2536,19 @@ video source and capture card, after which the backend can be started.
 </p>
 </div>
 </div>
-<div id="outline-container-orgd36bd18" class="outline-3">
-<h3 id="orgd36bd18"><span class="section-number-3">9.2.</span> TVR Machine Setup</h3>
+<div id="outline-container-orgd814b7f" class="outline-3">
+<h3 id="orgd814b7f"><span class="section-number-3">9.2.</span> TVR Machine Setup</h3>
 <div class="outline-text-3" id="text-9-2">
 <p>
-A new TVR machine needs only <a href="#org110d7b3">Cloistering</a> to prepare it for
+A new TVR machine needs only <a href="#orgd14afca">Cloistering</a> to prepare it for
 Ansible.  As part of that process, it should be added to the <code>tvrs</code>
 group in the <q>hosts</q> file.  An existing server can become a TVR
 machine simply by adding it to the <code>tvrs</code> group.
 </p>
 </div>
 </div>
-<div id="outline-container-orgb0dac75" class="outline-3">
-<h3 id="orgb0dac75"><span class="section-number-3">9.3.</span> Include Abbey Variables</h3>
+<div id="outline-container-org3e3cef7" class="outline-3">
+<h3 id="org3e3cef7"><span class="section-number-3">9.3.</span> Include Abbey Variables</h3>
 <div class="outline-text-3" id="text-9-3">
 <p>
 Private variables in <q>private/vars-abbey.yml</q> are needed, as in the
@@ -2549,15 +2557,15 @@ directory, <q>playbooks/</q>.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-tvr/tasks/main.yml"><q>roles_t/abbey-tvr/tasks/main.yml</q></a><pre class="src src-conf">---
+<a href="roles_t/abbey-tvr/tasks/main.yml"><q>roles_t/abbey-tvr/tasks/main.yml</q></a><pre class="src src-conf"><code>---
 - name: Include private abbey variables.
   include_vars: ../private/vars-abbey.yml
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org004060a" class="outline-3">
-<h3 id="org004060a"><span class="section-number-3">9.4.</span> Install MythTV Build Requisites</h3>
+<div id="outline-container-orgb1c5512" class="outline-3">
+<h3 id="orgb1c5512"><span class="section-number-3">9.4.</span> Install MythTV Build Requisites</h3>
 <div class="outline-text-3" id="text-9-4">
 <p>
 A number of developer packages are needed to build MythTV.  The wiki
@@ -2578,10 +2586,10 @@ be appropriate to download updates.)
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">git clone https://github.com/MythTV/ansible mythtv-ansible
+<pre class="src src-sh"><code>git clone https://github.com/MythTV/ansible mythtv-ansible
 <span class="org-builtin">cd</span> mythtv-ansible
 git checkout fixes/32
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -2593,7 +2601,7 @@ following.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-diff"><span class="org-diff-header">diff --git a/roles/mythtv-deb/tasks/main.yml b/roles/mythtv-deb/tasks</span>
+<pre class="src src-diff"><code><span class="org-diff-header">diff --git a/roles/mythtv-deb/tasks/main.yml b/roles/mythtv-deb/tasks</span>
 <span class="org-diff-header">index 868c9b7..3dcf115 100644</span>
 <span class="org-diff-header">--- </span><span class="org-diff-header"><span class="org-diff-file-header">a/roles/mythtv-deb/tasks/main.yml</span></span>
 <span class="org-diff-header">+++ </span><span class="org-diff-header"><span class="org-diff-file-header">b/roles/mythtv-deb/tasks/main.yml</span></span>
@@ -2617,11 +2625,11 @@ following.
 <span class="org-diff-context">   apt:</span>
 <span class="org-diff-context">     name:</span>
        '{{ lookup("flattened", deb_pkg_lst ) }}'
-</pre>
+</code></pre>
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-tvr/tasks/mains.yml"><q>roles_t/abbey-tvr/tasks/mains.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-tvr/tasks/mains.yml"><q>roles_t/abbey-tvr/tasks/mains.yml</q></a><pre class="src src-conf"><code>
 - name: Install MythTV runtime requisites.
   become: yes
   apt:
@@ -2632,7 +2640,7 @@ following.
   loop:
   - ../mythtv-ansible/roles/mythtv-deb/tasks/main.yml
   - ../mythtv-ansible/roles/qt5/tasks/qt5-deb.yml
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -2643,8 +2651,8 @@ MythTV is built and installed.
 </p>
 </div>
 </div>
-<div id="outline-container-org64aabf5" class="outline-3">
-<h3 id="org64aabf5"><span class="section-number-3">9.5.</span> Build and Install MythTV</h3>
+<div id="outline-container-org0ab6b54" class="outline-3">
+<h3 id="org0ab6b54"><span class="section-number-3">9.5.</span> Build and Install MythTV</h3>
 <div class="outline-text-3" id="text-9-5">
 <p>
 After a successful "first" run of e.g. <code>./abbey config new</code>, the
@@ -2653,7 +2661,7 @@ following commands are used.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh"><span class="org-builtin">cd</span> /usr/local/src/
+<pre class="src src-sh"><code><span class="org-builtin">cd</span> /usr/local/src/
 git clone https://github.com/MythTV/mythtv
 <span class="org-builtin">cd</span> mythtv/
 git checkout fixes/32
@@ -2661,7 +2669,7 @@ git checkout fixes/32
 ./configure
 make
 sudo make install
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -2680,7 +2688,7 @@ Several of the remaining installation steps are skipped unless
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-tvr/tasks/main.yml"><q>roles_t/abbey-tvr/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-tvr/tasks/main.yml"><q>roles_t/abbey-tvr/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Test for MythTV binary packages.
   stat:
     path: /usr/local/bin/mythtv-setup
@@ -2688,30 +2696,30 @@ Several of the remaining installation steps are skipped unless
 - debug:
     msg: <span class="org-string">"/usr/local/bin/mythtv-setup does not yet exist"</span>
   when: not mythtv.stat.exists
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org0918ba8" class="outline-3">
-<h3 id="org0918ba8"><span class="section-number-3">9.6.</span> Create MythTV User</h3>
+<div id="outline-container-org37f7152" class="outline-3">
+<h3 id="org37f7152"><span class="section-number-3">9.6.</span> Create MythTV User</h3>
 <div class="outline-text-3" id="text-9-6">
 <p>
 MythTV Backend needs to run as its own user: <code>mythtv</code>.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-tvr/tasks/main.yml"><q>roles_t/abbey-tvr/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-tvr/tasks/main.yml"><q>roles_t/abbey-tvr/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Create mythtv.
   become: yes
   user:
     name: mythtv
     system: yes
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-orga439b85" class="outline-3">
-<h3 id="orga439b85"><span class="section-number-3">9.7.</span> Create MythTV DB</h3>
+<div id="outline-container-orgd714c4e" class="outline-3">
+<h3 id="orgd714c4e"><span class="section-number-3">9.7.</span> Create MythTV DB</h3>
 <div class="outline-text-3" id="text-9-7">
 <p>
 MythTV's MariaDB database is created by the following task, when the
@@ -2719,7 +2727,7 @@ MythTV's MariaDB database is created by the following task, when the
 </p>
 
 <div class="org-src-container">
-<pre class="src src-conf">
+<pre class="src src-conf"><code>
 - name: Create MythTV DB.
   become: yes
   mysql_db:
@@ -2727,7 +2735,7 @@ MythTV's MariaDB database is created by the following task, when the
     name: mythconverg
     collation: utf8mb4_general_ci
     encoding: utf8mb4
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -2738,8 +2746,8 @@ privileged DB user, the <code>mythconverg</code> database is created manually
 </p>
 </div>
 </div>
-<div id="outline-container-org6b043d2" class="outline-3">
-<h3 id="org6b043d2"><span class="section-number-3">9.8.</span> Create MythTV DB User</h3>
+<div id="outline-container-org101fbf6" class="outline-3">
+<h3 id="org101fbf6"><span class="section-number-3">9.8.</span> Create MythTV DB User</h3>
 <div class="outline-text-3" id="text-9-8">
 <p>
 The DB user's password is taken from the <code>mythtv_dbpass</code> variable,
@@ -2748,8 +2756,8 @@ kept in <q>private/vars-abbey.yml</q>, and generated e.g. with the <code>apg -n
 </p>
 
 <div class="org-src-container">
-<a href="private_ex/vars-abbey.yml"><q>private_ex/vars-abbey.yml</q></a><pre class="src src-conf">mythtv_dbpass:           daJkibpoJkag
-</pre>
+<a href="private_ex/vars-abbey.yml"><q>private_ex/vars-abbey.yml</q></a><pre class="src src-conf"><code>mythtv_dbpass:           daJkibpoJkag
+</code></pre>
 </div>
 
 <p>
@@ -2759,7 +2767,7 @@ created above.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-conf">
+<pre class="src src-conf"><code>
 - name: Create MythTV DB user.
   become: yes
   mysql_user:
@@ -2767,12 +2775,12 @@ created above.
     name: mythtv
     password: <span class="org-string">"{{ mythtv_dbpass }}"</span>
     priv: <span class="org-string">"mythconverg.*:all"</span>
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-orgf23c6ec" class="outline-3">
-<h3 id="orgf23c6ec"><span class="section-number-3">9.9.</span> Manually Create MythTV DB and DB User</h3>
+<div id="outline-container-org7f4cbe9" class="outline-3">
+<h3 id="org7f4cbe9"><span class="section-number-3">9.9.</span> Manually Create MythTV DB and DB User</h3>
 <div class="outline-text-3" id="text-9-9">
 <p>
 The MythTV database and database user are created manually with the
@@ -2782,7 +2790,7 @@ piped into the command.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sql"><span class="org-keyword">create</span> database mythconverg
+<pre class="src src-sql"><code><span class="org-keyword">create</span> database mythconverg
     <span class="org-type">character</span> <span class="org-keyword">set</span> utf8mb4
     <span class="org-keyword">collate</span> utf8mb4_general_ci;
 <span class="org-keyword">create</span> <span class="org-builtin">user</span> <span class="org-string">'mythtv'</span>@<span class="org-string">'%'</span> identified <span class="org-keyword">by</span> <span class="org-string">'{{ mythtv_dbpass }}'</span>;
@@ -2793,12 +2801,12 @@ piped into the command.
     <span class="org-keyword">to</span> <span class="org-string">'mythtv'</span>@<span class="org-string">'localhost'</span> <span class="org-keyword">with</span> <span class="org-keyword">grant</span> <span class="org-keyword">option</span>;
 flush <span class="org-keyword">privileges</span>;
 exit;
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org0e830e0" class="outline-3">
-<h3 id="org0e830e0"><span class="section-number-3">9.10.</span> Load DB Timezone Info</h3>
+<div id="outline-container-org137d5c6" class="outline-3">
+<h3 id="org137d5c6"><span class="section-number-3">9.10.</span> Load DB Timezone Info</h3>
 <div class="outline-text-3" id="text-9-10">
 <p>
 Starting with MythTV version 0.26, the time zone tables must be loaded
@@ -2807,8 +2815,8 @@ too.  The test SQL produced <code>NULL</code>.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sql"><span class="org-keyword">SELECT</span> CONVERT_TZ(NOW(), <span class="org-string">'SYSTEM'</span>, <span class="org-string">'Etc/UTC'</span>);
-</pre>
+<pre class="src src-sql"><code><span class="org-keyword">SELECT</span> CONVERT_TZ(NOW(), <span class="org-string">'SYSTEM'</span>, <span class="org-string">'Etc/UTC'</span>);
+</code></pre>
 </div>
 
 <p>
@@ -2817,20 +2825,20 @@ e.g. <code>2022-09-13 20:15:41</code>.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">mysql_tzinfo_to_sql /usr/share/zoneinfo | sudo mysql mysql
-</pre>
+<pre class="src src-sh"><code>mysql_tzinfo_to_sql /usr/share/zoneinfo | sudo mysql mysql
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-orge16b82b" class="outline-3">
-<h3 id="orge16b82b"><span class="section-number-3">9.11.</span> Create MythTV Backend Service</h3>
+<div id="outline-container-orgb9246a4" class="outline-3">
+<h3 id="orgb9246a4"><span class="section-number-3">9.11.</span> Create MythTV Backend Service</h3>
 <div class="outline-text-3" id="text-9-11">
 <p>
 This task installs the <q>mythtv-backend.service</q> file.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-tvr/tasks/mains.yml"><q>roles_t/abbey-tvr/tasks/mains.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-tvr/tasks/mains.yml"><q>roles_t/abbey-tvr/tasks/mains.yml</q></a><pre class="src src-conf"><code>
 - name: Create mythtv-backend service.
   become: yes
   copy:
@@ -2855,20 +2863,20 @@ This task installs the <q>mythtv-backend.service</q> file.
     dest: /etc/systemd/system/mythtv-backend.service
   when: mythtv.stat.exists
   notify: Reload Systemd.
-</pre>
+</code></pre>
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-tvr/handlers/main.yml"><q>roles_t/abbey-tvr/handlers/main.yml</q></a><pre class="src src-conf">---
+<a href="roles_t/abbey-tvr/handlers/main.yml"><q>roles_t/abbey-tvr/handlers/main.yml</q></a><pre class="src src-conf"><code>---
 - name: Reload Systemd.
   become: yes
   command: systemctl daemon-reload
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org330aa60" class="outline-3">
-<h3 id="org330aa60"><span class="section-number-3">9.12.</span> Set PHP Timezone</h3>
+<div id="outline-container-org8179ec0" class="outline-3">
+<h3 id="org8179ec0"><span class="section-number-3">9.12.</span> Set PHP Timezone</h3>
 <div class="outline-text-3" id="text-9-12">
 <p>
 This task checks PHP's timezone.  If unset, MythTV's backend logs
@@ -2876,34 +2884,39 @@ bitter complaints.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-tvr/tasks/main.yml"><q>roles_t/abbey-tvr/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-tvr/tasks/main.yml"><q>roles_t/abbey-tvr/tasks/main.yml</q></a><pre class="src src-conf"><code>
+- name: Get the local timezone.
+  shell: readlink /etc/localtime | sed <span class="org-string">'s,/usr/share/zoneinfo/,,'</span>
+  delegate_to: localhost
+  register: timezone
+
 - name: Configure PHP date.timezone.
   become: yes
   lineinfile:
     <span class="org-variable-name">regexp: date.timezone ?</span>=
-    <span class="org-variable-name">line: date.timezone</span> = {{ lookup(<span class="org-string">'file'</span>, <span class="org-string">'/etc/timezone'</span>) }}
+    <span class="org-variable-name">line: date.timezone</span> = {{ timezone.stdout }}
     path: <span class="org-string">"{{ item }}"</span>
   loop:
   - /etc/php/8.2/cli/php.ini
   - /etc/php/8.2/apache2/php.ini
   when: mythtv.stat.exists
   notify: Restart Apache2.
-</pre>
+</code></pre>
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-tvr/handlers/main.yml"><q>roles_t/abbey-tvr/handlers/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-tvr/handlers/main.yml"><q>roles_t/abbey-tvr/handlers/main.yml</q></a><pre class="src src-conf"><code>
 - name: Restart Apache2.
   become: yes
   systemd:
     service: apache2
     state: restarted
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org85e76a2" class="outline-3">
-<h3 id="org85e76a2"><span class="section-number-3">9.13.</span> Create MythTV Storage Area</h3>
+<div id="outline-container-orgc8e1549" class="outline-3">
+<h3 id="orgc8e1549"><span class="section-number-3">9.13.</span> Create MythTV Storage Area</h3>
 <div class="outline-text-3" id="text-9-13">
 <p>
 The backend does not have a default storage area for its recordings.
@@ -2914,7 +2927,7 @@ creates that directory and ensures it has appropriate permissions.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-tvr/tasks/main.yml"><q>roles_t/abbey-tvr/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-tvr/tasks/main.yml"><q>roles_t/abbey-tvr/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Create MythTV storage area.
   become: yes
   file:
@@ -2923,12 +2936,12 @@ creates that directory and ensures it has appropriate permissions.
     owner: mythtv
     group: mythtv
     <span class="org-variable-name">mode: u</span>=rwx,g+rwx,o=rx
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org5913169" class="outline-3">
-<h3 id="org5913169"><span class="section-number-3">9.14.</span> Configure MythTV Backend</h3>
+<div id="outline-container-org5e82666" class="outline-3">
+<h3 id="org5e82666"><span class="section-number-3">9.14.</span> Configure MythTV Backend</h3>
 <div class="outline-text-3" id="text-9-14">
 <p>
 With MythTV built and installed, and the post-installation tasks
@@ -2968,12 +2981,12 @@ directory: <q>/home/mythtv/Recordings</q>.</li>
 </ul>
 </div>
 </div>
-<div id="outline-container-org9451aba" class="outline-3">
-<h3 id="org9451aba"><span class="section-number-3">9.15.</span> Configure Tuner</h3>
+<div id="outline-container-orgb4ae05f" class="outline-3">
+<h3 id="orgb4ae05f"><span class="section-number-3">9.15.</span> Configure Tuner</h3>
 <div class="outline-text-3" id="text-9-15">
 <p>
 The abbey has a Silicon Dust Homerun HDTV Duo (with two tuners).  It
-is setup as described in <a href="#org110d7b3">Cloistering</a>, after which the tuner is
+is setup as described in <a href="#orgd14afca">Cloistering</a>, after which the tuner is
 accessible by name (e.g. <code>new</code>) on the cloister network.  Assuming
 <code>ping -c1 new</code> works, the tuner should be accessible via the
 <code>hdhomerun_config_gui</code> command, a graphical interface contributed to
@@ -2984,8 +2997,8 @@ tuner's domain name or IP address can also be entered.
 </p>
 </div>
 </div>
-<div id="outline-container-orgaf6031c" class="outline-3">
-<h3 id="orgaf6031c"><span class="section-number-3">9.16.</span> Add HDHomerun and Mr.Antenna</h3>
+<div id="outline-container-orgba1e762" class="outline-3">
+<h3 id="orgba1e762"><span class="section-number-3">9.16.</span> Add HDHomerun and Mr.Antenna</h3>
 <div class="outline-text-3" id="text-9-16">
 <p>
 In MythTV Setup:
@@ -3028,8 +3041,8 @@ any case, do <i>not</i> run <code>mythfilldatabase</code>.</li>
 </ul>
 </div>
 </div>
-<div id="outline-container-orgdd4b427" class="outline-3">
-<h3 id="orgdd4b427"><span class="section-number-3">9.17.</span> Scan for New Channels</h3>
+<div id="outline-container-org9307cfe" class="outline-3">
+<h3 id="org9307cfe"><span class="section-number-3">9.17.</span> Scan for New Channels</h3>
 <div class="outline-text-3" id="text-9-17">
 <p>
 In MythTV Setup:
@@ -3050,8 +3063,8 @@ channels is presented.  Delete All unused transports.</li>
 </ul>
 </div>
 </div>
-<div id="outline-container-org720bce1" class="outline-3">
-<h3 id="org720bce1"><span class="section-number-3">9.18.</span> Configure XMLTV</h3>
+<div id="outline-container-orgc8796ba" class="outline-3">
+<h3 id="orgc8796ba"><span class="section-number-3">9.18.</span> Configure XMLTV</h3>
 <div class="outline-text-3" id="text-9-18">
 <p>
 The <code>xmltv</code> package, specifically its <code>tv_grab_zz_sdjson</code> program, is
@@ -3062,9 +3075,9 @@ option.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">tv_grab_zz_sdjson --configure
+<pre class="src src-sh"><code>tv_grab_zz_sdjson --configure
 cp ~/.xmltv/tv_grab_zz_sdjson.conf ~/.mythtv/Mr.Antenna.xmltv
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -3075,9 +3088,9 @@ Afterwards any re-configuration should use the following command.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">tv_grab_zz_sdjson --configure <span class="org-sh-escaped-newline">\</span>
+<pre class="src src-sh"><code>tv_grab_zz_sdjson --configure <span class="org-sh-escaped-newline">\</span>
         --config-file ~/.mythtv/Mr.Antenna.xmltv
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -3086,7 +3099,7 @@ the list of "inputs" available in a postal code typically ends with
 the OTA (over the air) broadcasts.
 </p>
 
-<pre class="example" id="org49ca1ff">
+<pre class="example" id="org7acf78f">
 $ tv_grab_zz_sdjson --configure --config-file .mythtv/Mr.Antenna.xml
 Cache file for lineups, schedules and programs.
 Cache file: [/home/mythtv/.xmltv/tv_grab_zz_sdjson.cache]
@@ -3136,8 +3149,8 @@ backend is running, so it is not run until then.
 </p>
 </div>
 </div>
-<div id="outline-container-org94330c2" class="outline-3">
-<h3 id="org94330c2"><span class="section-number-3">9.19.</span> Debug XMLTV</h3>
+<div id="outline-container-org4866d34" class="outline-3">
+<h3 id="org4866d34"><span class="section-number-3">9.19.</span> Debug XMLTV</h3>
 <div class="outline-text-3" id="text-9-19">
 <p>
 If the <code>mythfilldatabase</code> command fails or expected listings do not
@@ -3147,8 +3160,8 @@ option for "interactive configuration".
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">sudo -H -u mythtv mythfilldatabase --verbose
-</pre>
+<pre class="src src-sh"><code>sudo -H -u mythtv mythfilldatabase --verbose
+</code></pre>
 </div>
 
 <p>
@@ -3157,10 +3170,10 @@ The command might, for example, show that it is failing to run a
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">nice tv_grab_zz_sdjson <span class="org-sh-escaped-newline">\</span>
+<pre class="src src-sh"><code>nice tv_grab_zz_sdjson <span class="org-sh-escaped-newline">\</span>
         --config-file <span class="org-string">'/home/mythtv/.mythtv/Mr.Antenna.xmltv'</span> <span class="org-sh-escaped-newline">\</span>
         --output /tmp/myths5Sq35 --quiet
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -3168,16 +3181,16 @@ Running a similar command (without <code>--quiet</code>) might be more revealing
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">sudo -H -u mythtv <span class="org-sh-escaped-newline">\</span>
+<pre class="src src-sh"><code>sudo -H -u mythtv <span class="org-sh-escaped-newline">\</span>
     tv_grab_zz_sdjson <span class="org-sh-escaped-newline">\</span>
         --config-file <span class="org-string">'/home/mythtv/.mythtv/Mr.Antenna.xmltv'</span> <span class="org-sh-escaped-newline">\</span>
         --output /tmp/mythFUBAR
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-orgb3acb2a" class="outline-3">
-<h3 id="orgb3acb2a"><span class="section-number-3">9.20.</span> Configure MythTV Backend Logging</h3>
+<div id="outline-container-org4ab8d36" class="outline-3">
+<h3 id="org4ab8d36"><span class="section-number-3">9.20.</span> Configure MythTV Backend Logging</h3>
 <div class="outline-text-3" id="text-9-20">
 <p>
 The abbey directs MythTV log messages to <q>/var/log/mythtv.log</q> (and
@@ -3185,7 +3198,7 @@ away from <q>/var/log/syslog</q>) and rotates the log file.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-tvr/tasks/main.yml"><q>roles_t/abbey-tvr/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-tvr/tasks/main.yml"><q>roles_t/abbey-tvr/tasks/main.yml</q></a><pre class="src src-conf"><code>
 <span class="org-variable-name">- name: Install</span> =/etc/rsyslog.d/40-mythtv.conf.
   become: yes
   copy:
@@ -3210,12 +3223,12 @@ away from <q>/var/log/syslog</q>) and rotates the log file.
           endscript
       }
     dest: /etc/logrotate.d/mythtv
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org053357f" class="outline-3">
-<h3 id="org053357f"><span class="section-number-3">9.21.</span> Start MythTV Backend</h3>
+<div id="outline-container-orgae60275" class="outline-3">
+<h3 id="orgae60275"><span class="section-number-3">9.21.</span> Start MythTV Backend</h3>
 <div class="outline-text-3" id="text-9-21">
 <p>
 After configuring with <code>mythtv-setup</code> as discussed above, start and
@@ -3223,16 +3236,16 @@ enable (at boot time) the <code>mythtv-backend</code> service.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">sudo systemctl enable mythtv-backend
+<pre class="src src-sh"><code>sudo systemctl enable mythtv-backend
 sudo systemctl start mythtv-backend
 systemctl status -l mythtv-backend
 sudo -u mythtv mythfilldatabase
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org4113415" class="outline-3">
-<h3 id="org4113415"><span class="section-number-3">9.22.</span> Install MythWeb</h3>
+<div id="outline-container-org8e745a5" class="outline-3">
+<h3 id="org8e745a5"><span class="section-number-3">9.22.</span> Install MythWeb</h3>
 <div class="outline-text-3" id="text-9-22">
 <p>
 MythWeb, like MythTV, is installed from a Git repository.  The
@@ -3242,11 +3255,11 @@ out the appropriate branch, and copying the appropriate portion.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh"><span class="org-builtin">cd</span> /usr/local/src/
+<pre class="src src-sh"><code><span class="org-builtin">cd</span> /usr/local/src/
 git clone https://github.com/MythTV/mythweb
 ( <span class="org-builtin">cd</span> mythweb/; git checkout fixes/32 )
 rsync -C mythweb /usr/local/share/mythtv/
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -3254,7 +3267,7 @@ The following tasks take care of the rest of the installation.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-tvr/tasks/main.yml"><q>roles_t/abbey-tvr/tasks/main.yml</q></a><pre class="src src-conf">
+<a href="roles_t/abbey-tvr/tasks/main.yml"><q>roles_t/abbey-tvr/tasks/main.yml</q></a><pre class="src src-conf"><code>
 - name: Install MythWeb requisites.
   become: yes
   apt:
@@ -3286,11 +3299,11 @@ The following tasks take care of the rest of the installation.
     cmd: a2ensite -q mythweb
     creates: /etc/apache2/sites-enabled/mythweb.conf
   notify: Restart Apache2.
-</pre>
+</code></pre>
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-tvr/templates/mythweb.conf.j2"><q>roles_t/abbey-tvr/templates/mythweb.conf.j2</q></a><pre class="src src-conf"><span class="org-comment-delimiter">#</span>
+<a href="roles_t/abbey-tvr/templates/mythweb.conf.j2"><q>roles_t/abbey-tvr/templates/mythweb.conf.j2</q></a><pre class="src src-conf"><code><span class="org-comment-delimiter">#</span>
 <span class="org-comment-delimiter"># </span><span class="org-comment">Apache configuration directives for MythWeb.</span>
 <span class="org-comment-delimiter">#</span>
 <span class="org-comment-delimiter"># </span><span class="org-comment">Note that this file is maintained by the network administration.</span>
@@ -3344,18 +3357,18 @@ The following tasks take care of the rest of the installation.
     &lt;/Files&gt;
 
 &lt;/Directory&gt;
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org6a7f10b" class="outline-3">
-<h3 id="org6a7f10b"><span class="section-number-3">9.23.</span> Change Broadcast Area</h3>
+<div id="outline-container-orgea31ddf" class="outline-3">
+<h3 id="orgea31ddf"><span class="section-number-3">9.23.</span> Change Broadcast Area</h3>
 <div class="outline-text-3" id="text-9-23">
 <p>
 The abbey changes location almost weekly, so its HDTV broadcast area
 changes frequently.  At the start of a long stay the administrator
 uses the MythTV Setup program to scan for the new area's channels, as
-described in <a href="#orgdd4b427">Scan for New Channels</a>.
+described in <a href="#org9307cfe">Scan for New Channels</a>.
 </p>
 
 <p>
@@ -3366,14 +3379,14 @@ program as user <code>mythtv</code>.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">tv_grab_zz_sdjson --configure <span class="org-sh-escaped-newline">\</span>
+<pre class="src src-sh"><code>tv_grab_zz_sdjson --configure <span class="org-sh-escaped-newline">\</span>
         --config-file ~/.mythtv/Mr.Antenna.xmltv
-</pre>
+</code></pre>
 </div>
 
 <p>
 The program will prompt for the zip code and offer a list of "inputs"
-available in that area, as described in <a href="#org720bce1">Configure XMLTV</a>.
+available in that area, as described in <a href="#orgc8796ba">Configure XMLTV</a>.
 </p>
 
 <p>
@@ -3381,8 +3394,8 @@ Then the administrator can re-start the backend.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">sudo systemctl start mythtv-backend
-</pre>
+<pre class="src src-sh"><code>sudo systemctl start mythtv-backend
+</code></pre>
 </div>
 
 <p>
@@ -3390,14 +3403,14 @@ And the <code>mythtv</code> account can run <code>mythfilldatabase</code>.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">mythfilldatabase
-</pre>
+<pre class="src src-sh"><code>mythfilldatabase
+</code></pre>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-org965be21" class="outline-2">
-<h2 id="org965be21"><span class="section-number-2">10.</span> The Ansible Configuration</h2>
+<div id="outline-container-orgdf6af2e" class="outline-2">
+<h2 id="orgdf6af2e"><span class="section-number-2">10.</span> The Ansible Configuration</h2>
 <div class="outline-text-2" id="text-10">
 <p>
 The abbey's Ansible configuration, like that of <a href="Institute/README.html">A Small Institute</a>, is
@@ -3424,7 +3437,7 @@ specific versions.
 </p>
 
 <p>
-NOTE: if you have not read at least the <a href="Institute/README.html#org56d00a8">Overview</a> of <a href="Institute/README.html">A Small Institute</a>
+NOTE: if you have not read at least the <a href="Institute/README.html#org12986b7">Overview</a> of <a href="Institute/README.html">A Small Institute</a>
 you are lost.
 </p>
 
@@ -3454,8 +3467,8 @@ rest are built up piecemeal by (tangled from) this document,
 <q>README.org</q>, and <a href="Institute/README.html"><q>Institute/README.org</q></a>.
 </p>
 </div>
-<div id="outline-container-org3a422c6" class="outline-3">
-<h3 id="org3a422c6"><span class="section-number-3">10.1.</span> <q>ansible.cfg</q></h3>
+<div id="outline-container-orga3a8144" class="outline-3">
+<h3 id="orga3a8144"><span class="section-number-3">10.1.</span> <q>ansible.cfg</q></h3>
 <div class="outline-text-3" id="text-10-1">
 <p>
 This is much like the example (test) institutional configuration file,
@@ -3463,20 +3476,20 @@ except the roles are found in <q>Institute/roles/</q> as well as <q>roles/</q>.
 </p>
 
 <div class="org-src-container">
-<a href="ansible.cfg"><q>ansible.cfg</q></a><pre class="src src-conf">[<span class="org-type">defaults</span>]
+<a href="ansible.cfg"><q>ansible.cfg</q></a><pre class="src src-conf"><code>[<span class="org-type">defaults</span>]
 <span class="org-variable-name">interpreter_python</span>=/usr/bin/python3
 <span class="org-variable-name">vault_password_file</span>=Secret/vault-password
 <span class="org-variable-name">inventory</span>=hosts
 <span class="org-variable-name">roles_path</span>=roles:Institute/roles
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-orgd0676df" class="outline-3">
-<h3 id="orgd0676df"><span class="section-number-3">10.2.</span> <q>hosts</q></h3>
+<div id="outline-container-orgb235f82" class="outline-3">
+<h3 id="orgb235f82"><span class="section-number-3">10.2.</span> <q>hosts</q></h3>
 <div class="outline-text-3" id="text-10-2">
 <div class="org-src-container">
-<a href="hosts"><q>hosts</q></a><pre class="src src-conf" id="orgc3f7e11">all:
+<a href="hosts"><q>hosts</q></a><pre class="src src-conf" id="org4fb460a"><code>all:
   vars:
     ansible_user: sysadm
     ansible_ssh_extra_args: -i Secret/ssh_admin/id_rsa
@@ -3543,12 +3556,12 @@ except the roles are found in <q>Institute/roles/</q> as well as <q>roles/</q>.
       hosts:
         sullust:
         kamino:
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org850f665" class="outline-3">
-<h3 id="org850f665"><span class="section-number-3">10.3.</span> <q>playbooks/site.yml</q></h3>
+<div id="outline-container-org9ae7299" class="outline-3">
+<h3 id="org9ae7299"><span class="section-number-3">10.3.</span> <q>playbooks/site.yml</q></h3>
 <div class="outline-text-3" id="text-10-3">
 <p>
 This playbook provisions the entire network by applying first the
@@ -3556,7 +3569,7 @@ institutional roles, then the liturgical roles.
 </p>
 
 <div class="org-src-container">
-<a href="playbooks/site.yml"><q>playbooks/site.yml</q></a><pre class="src src-conf">---
+<a href="playbooks/site.yml"><q>playbooks/site.yml</q></a><pre class="src src-conf"><code>---
 - name: Configure All
   hosts: all
   roles: [ all ]
@@ -3584,22 +3597,22 @@ institutional roles, then the liturgical roles.
 - name: Configure TVRs
   hosts: tvrs
   roles: [ abbey-tvr ]
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-org4fe467e" class="outline-2">
-<h2 id="org4fe467e"><span class="section-number-2">11.</span> The Abbey Commands</h2>
+<div id="outline-container-orgd4d0d6f" class="outline-2">
+<h2 id="orgd4d0d6f"><span class="section-number-2">11.</span> The Abbey Commands</h2>
 <div class="outline-text-2" id="text-11">
 <p>
 The <code>./abbey</code> script encodes the abbey's canonical procedures.  It
-includes <a href="Institute/README.html#org1c6f4a8">The Institute Commands</a> and adds a few abbey-specific
+includes <a href="Institute/README.html#org5db480b">The Institute Commands</a> and adds a few abbey-specific
 sub-commands.
 </p>
 </div>
-<div id="outline-container-org3733a87" class="outline-3">
-<h3 id="org3733a87"><span class="section-number-3">11.1.</span> Abbey Command Overview</h3>
+<div id="outline-container-org69e40b3" class="outline-3">
+<h3 id="org69e40b3"><span class="section-number-3">11.1.</span> Abbey Command Overview</h3>
 <div class="outline-text-3" id="text-11-1">
 <p>
 Institutional sub-commands:
@@ -3628,15 +3641,15 @@ and <code>_architecture</code> for all hosts.</dd>
 </dl>
 </div>
 </div>
-<div id="outline-container-org2775f4a" class="outline-3">
-<h3 id="org2775f4a"><span class="section-number-3">11.2.</span> Abbey Command Script</h3>
+<div id="outline-container-orgcbc1c9d" class="outline-3">
+<h3 id="orgcbc1c9d"><span class="section-number-3">11.2.</span> Abbey Command Script</h3>
 <div class="outline-text-3" id="text-11-2">
 <p>
 The script begins with the following prefix and trampolines.
 </p>
 
 <div class="org-src-container">
-<a href="abbey"><q>abbey</q></a><pre class="src src-perl"><span class="org-comment-delimiter">#</span><span class="org-comment">!/usr/bin/perl -w</span>
+<a href="abbey"><q>abbey</q></a><pre class="src src-perl"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/usr/bin/perl -w</span>
 <span class="org-comment-delimiter">#</span>
 <span class="org-comment-delimiter"># </span><span class="org-comment">DO NOT EDIT.  This file was tangled from README.org.</span>
 
@@ -3645,14 +3658,14 @@ The script begins with the following prefix and trampolines.
 <span class="org-keyword">if</span> (grep { $<span class="org-variable-name">_</span> eq $<span class="org-variable-name">ARGV</span>[0] } qw<span class="org-string">(CA config new old pass client)</span>) {
   <span class="org-keyword">exec</span> <span class="org-string">"./Institute/inst"</span>, @<span class="org-perl-non-scalar-variable">ARGV</span>;
 }
-</pre>
+</code></pre>
 </div>
 
 <p>
 The small institute's <code>./inst</code> command expects to be running in
 <q>Institute/</q>, not <q>./</q>, but it only references <q>public/</q>, <q>private/</q>,
 <q>Secret/</q> and <q>playbooks/check-inst-vars.yml</q>, and will find the abbey
-specific versions of these.  The <code>roles_path</code> setting in <a href="#org3a422c6"><q>ansible.cfg</q></a>
+specific versions of these.  The <code>roles_path</code> setting in <a href="#orga3a8144"><q>ansible.cfg</q></a>
 effectively merges the institutional roles into the distinctly named
 abbey specific roles.  The roles likewise reference files with
 relative names, and will find the abbey specific <q>private/</q>
@@ -3666,13 +3679,13 @@ code block "duplicates" the action of the institute's
 </p>
 
 <div class="org-src-container">
-<a href="playbooks/check-inst-vars.yml"><q>playbooks/check-inst-vars.yml</q></a><pre class="src src-conf">- import_playbook: ../Institute/playbooks/check-inst-vars.yml
-</pre>
+<a href="playbooks/check-inst-vars.yml"><q>playbooks/check-inst-vars.yml</q></a><pre class="src src-conf"><code>- import_playbook: ../Institute/playbooks/check-inst-vars.yml
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org39d7904" class="outline-3">
-<h3 id="org39d7904"><span class="section-number-3">11.3.</span> The Upgrade Command</h3>
+<div id="outline-container-orgab9a06a" class="outline-3">
+<h3 id="orgab9a06a"><span class="section-number-3">11.3.</span> The Upgrade Command</h3>
 <div class="outline-text-3" id="text-11-3">
 <p>
 The script implements an <code>upgrade</code> sub-command that runs <code>apt update</code>
@@ -3690,9 +3703,8 @@ a limit pattern.  For example:
 ./abbey upgrade '!front'
 </pre>
 
-
 <div class="org-src-container">
-<a href="abbey"><q>abbey</q></a><pre class="src src-perl">
+<a href="abbey"><q>abbey</q></a><pre class="src src-perl"><code>
 <span class="org-keyword">if</span> ($<span class="org-variable-name">ARGV</span>[0] eq <span class="org-string">"upgrade"</span>) {
   shift;
   <span class="org-keyword">my</span> @<span class="org-perl-non-scalar-variable">args</span> = ( <span class="org-string">"-e"</span>, <span class="org-string">"\@Secret/become.yml"</span> );
@@ -3709,11 +3721,11 @@ a limit pattern.  For example:
   }
   <span class="org-keyword">exec</span> (<span class="org-string">"ansible-playbook"</span>, @<span class="org-perl-non-scalar-variable">args</span>, <span class="org-string">"playbooks/upgrade.yml"</span>);
 }
-</pre>
+</code></pre>
 </div>
 
 <div class="org-src-container">
-<a href="playbooks/upgrade.yml"><q>playbooks/upgrade.yml</q></a><pre class="src src-conf">- hosts: all
+<a href="playbooks/upgrade.yml"><q>playbooks/upgrade.yml</q></a><pre class="src src-conf"><code>- hosts: all
   tasks:
 
   - name: Upgrade packages.
@@ -3734,12 +3746,12 @@ a limit pattern.  For example:
   - debug:
       msg: Reboot required.
     when: st.stat.exists
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-orgdc160ec" class="outline-3">
-<h3 id="orgdc160ec"><span class="section-number-3">11.4.</span> The Reboots Command</h3>
+<div id="outline-container-orgedd9424" class="outline-3">
+<h3 id="orgedd9424"><span class="section-number-3">11.4.</span> The Reboots Command</h3>
 <div class="outline-text-3" id="text-11-4">
 <p>
 The script implements a <code>reboots</code> sub-command that looks for
@@ -3747,15 +3759,15 @@ The script implements a <code>reboots</code> sub-command that looks for
 </p>
 
 <div class="org-src-container">
-<a href="abbey"><q>abbey</q></a><pre class="src src-perl"><span class="org-keyword">if</span> ($<span class="org-variable-name">ARGV</span>[0] eq <span class="org-string">"reboots"</span>) {
+<a href="abbey"><q>abbey</q></a><pre class="src src-perl"><code><span class="org-keyword">if</span> ($<span class="org-variable-name">ARGV</span>[0] eq <span class="org-string">"reboots"</span>) {
   <span class="org-keyword">exec</span> (<span class="org-string">"ansible-playbook"</span>, <span class="org-string">"-e"</span>, <span class="org-string">"\@Secret/become.yml"</span>,
         <span class="org-string">"playbooks/reboots.yml"</span>);
 }
-</pre>
+</code></pre>
 </div>
 
 <div class="org-src-container">
-<a href="playbooks/reboots.yml"><q>playbooks/reboots.yml</q></a><pre class="src src-conf">---
+<a href="playbooks/reboots.yml"><q>playbooks/reboots.yml</q></a><pre class="src src-conf"><code>---
 - hosts: all
   tasks:
 
@@ -3766,12 +3778,12 @@ The script implements a <code>reboots</code> sub-command that looks for
   - debug:
       msg: Reboot required.
     when: st.stat.exists
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-orgcf4c1b6" class="outline-3">
-<h3 id="orgcf4c1b6"><span class="section-number-3">11.5.</span> The Versions Command</h3>
+<div id="outline-container-org7abf3e7" class="outline-3">
+<h3 id="org7abf3e7"><span class="section-number-3">11.5.</span> The Versions Command</h3>
 <div class="outline-text-3" id="text-11-5">
 <p>
 The script implements a <code>versions</code> sub-command that reports the
@@ -3779,27 +3791,27 @@ operating system version of all abbey managed machines.
 </p>
 
 <div class="org-src-container">
-<a href="abbey"><q>abbey</q></a><pre class="src src-perl"><span class="org-keyword">if</span> ($<span class="org-variable-name">ARGV</span>[0] eq <span class="org-string">"versions"</span>) {
+<a href="abbey"><q>abbey</q></a><pre class="src src-perl"><code><span class="org-keyword">if</span> ($<span class="org-variable-name">ARGV</span>[0] eq <span class="org-string">"versions"</span>) {
   <span class="org-keyword">exec</span> (<span class="org-string">"ansible-playbook"</span>, <span class="org-string">"-e"</span>, <span class="org-string">"\@Secret/become.yml"</span>,
         <span class="org-string">"playbooks/versarch.yml"</span>);
 }
-</pre>
+</code></pre>
 </div>
 
 <div class="org-src-container">
-<a href="playbooks/versarch.yml"><q>playbooks/versarch.yml</q></a><pre class="src src-conf">- hosts: all
+<a href="playbooks/versarch.yml"><q>playbooks/versarch.yml</q></a><pre class="src src-conf"><code>- hosts: all
   tasks:
   - debug:
       msg: &gt;-
         {{ ansible_distribution }}
         {{ ansible_distribution_version }}
         {{ ansible_architecture }}
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org1fd86c1" class="outline-3">
-<h3 id="org1fd86c1"><span class="section-number-3">11.6.</span> The TZ Command</h3>
+<div id="outline-container-orgd91650b" class="outline-3">
+<h3 id="orgd91650b"><span class="section-number-3">11.6.</span> The TZ Command</h3>
 <div class="outline-text-3" id="text-11-6">
 <p>
 The abbey changes location almost weekly, so its timezone changes
@@ -3825,25 +3837,31 @@ last host in the previous play.
 </p>
 
 <div class="org-src-container">
-<a href="abbey"><q>abbey</q></a><pre class="src src-perl"><span class="org-keyword">if</span> ($<span class="org-variable-name">ARGV</span>[0] eq <span class="org-string">"tz"</span>) {
-  <span class="org-keyword">my</span> $<span class="org-variable-name">city</span> = <span class="org-string">`cat /etc/timezone`</span>; chomp $<span class="org-variable-name">city</span>;
-  <span class="org-keyword">my</span> $<span class="org-variable-name">zone</span> = <span class="org-string">`date +%Z`</span>; chomp $<span class="org-variable-name">zone</span>;
-  print <span class="org-string">"Setting timezones to $city.\n"</span>;
+<a href="abbey"><q>abbey</q></a><pre class="src src-perl"><code><span class="org-keyword">if</span> ($<span class="org-variable-name">ARGV</span>[0] eq <span class="org-string">"tz"</span>) {
   <span class="org-keyword">exec</span> (<span class="org-string">"ansible-playbook"</span>, <span class="org-string">"-e"</span>, <span class="org-string">"\@Secret/become.yml"</span>,
-        <span class="org-string">"-e"</span>, <span class="org-string">"zone=$zone"</span>, <span class="org-string">"-e"</span>, <span class="org-string">"city=$city"</span>,
         <span class="org-string">"playbooks/timezone.yml"</span>);
 }
-</pre>
+</code></pre>
 </div>
 
 <div class="org-src-container">
-<a href="playbooks/timezone.yml"><q>playbooks/timezone.yml</q></a><pre class="src src-conf">---
+<a href="playbooks/timezone.yml"><q>playbooks/timezone.yml</q></a><pre class="src src-conf"><code>---
 - hosts: core, dvrs, tvrs, webtvs
   tasks:
+  - name: Get timezone.
+    command: date <span class="org-string">'+%Z'</span>
+    delegate_to: localhost
+    register: zone
+
+  - name: Get city.
+    shell: readlink /etc/localtime | sed <span class="org-string">'s,/usr/share/zoneinfo/,,'</span>
+    delegate_to: localhost
+    register: city
+
   - name: Update timezone.
     become: yes
-    command: timedatectl set-timezone {{ city }}
-    <span class="org-variable-name">when: ansible_date_time.tz !</span>= zone
+    command: timedatectl set-timezone {{ city.stdout }}
+    <span class="org-variable-name">when: ansible_date_time.tz !</span>= zone.stdout
     register: new_tz
 
 - hosts: dvrs
@@ -3871,7 +3889,7 @@ last host in the previous play.
     become: yes
     lineinfile:
       <span class="org-variable-name">regexp: date.timezone ?</span>=
-      <span class="org-variable-name">line: date.timezone</span> = {{ city }}
+      <span class="org-variable-name">line: date.timezone</span> = {{ city.stdout }}
       path: <span class="org-string">"{{ item }}"</span>
     loop:
     - /etc/php/8.2/cli/php.ini
@@ -3883,23 +3901,23 @@ last host in the previous play.
     systemd:
       service: apache2
       state: restarted
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org773e94c" class="outline-3">
-<h3 id="org773e94c"><span class="section-number-3">11.7.</span> Abbey Command Help</h3>
+<div id="outline-container-org8ae3cf0" class="outline-3">
+<h3 id="org8ae3cf0"><span class="section-number-3">11.7.</span> Abbey Command Help</h3>
 <div class="outline-text-3" id="text-11-7">
 <div class="org-src-container">
-<a href="abbey"><q>abbey</q></a><pre class="src src-perl"><span class="org-keyword">my</span> $<span class="org-variable-name">ops</span> = <span class="org-string">"config,new,old,pass,client,upgrade,reboots,versions,tz"</span>;
+<a href="abbey"><q>abbey</q></a><pre class="src src-perl"><code><span class="org-keyword">my</span> $<span class="org-variable-name">ops</span> = <span class="org-string">"config,new,old,pass,client,upgrade,reboots,versions,tz"</span>;
 <span class="org-keyword">die</span> <span class="org-string">"usage: $0 [$ops]\n"</span>;
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-org110d7b3" class="outline-2">
-<h2 id="org110d7b3"><span class="section-number-2">12.</span> Cloistering</h2>
+<div id="outline-container-orgd14afca" class="outline-2">
+<h2 id="orgd14afca"><span class="section-number-2">12.</span> Cloistering</h2>
 <div class="outline-text-2" id="text-12">
 <p>
 This is how a new machine is brought into the cloister.  The process
@@ -3908,8 +3926,8 @@ narrows down to the common preparation of all machines administered by
 Ansible.
 </p>
 </div>
-<div id="outline-container-orgd05b52b" class="outline-3">
-<h3 id="orgd05b52b"><span class="section-number-3">12.1.</span> IoT Devices</h3>
+<div id="outline-container-org1a85d26" class="outline-3">
+<h3 id="org1a85d26"><span class="section-number-3">12.1.</span> IoT Devices</h3>
 <div class="outline-text-3" id="text-12-1">
 <p>
 A wireless IoT device (smart TV, Blu-ray deck, etc.) cannot install
@@ -3925,8 +3943,8 @@ given a private domain name as described in the following steps.
 </p>
 
 <ul class="org-ul">
-<li><a href="#org9f0e885">Add to Core DHCP</a></li>
-<li><a href="#org15590d4">Create Wired Domain Name</a></li>
+<li><a href="#orgea5fe66">Add to Core DHCP</a></li>
+<li><a href="#orgb93cc18">Create Wired Domain Name</a></li>
 </ul>
 
 <p>
@@ -3936,12 +3954,12 @@ last step:
 </p>
 
 <ul class="org-ul">
-<li><a href="#org68a65ec">Create Wireless Domain Name</a></li>
+<li><a href="#org23b8a5f">Create Wireless Domain Name</a></li>
 </ul>
 </div>
 </div>
-<div id="outline-container-org390d48b" class="outline-3">
-<h3 id="org390d48b"><span class="section-number-3">12.2.</span> Raspberry Pis</h3>
+<div id="outline-container-org233f8df" class="outline-3">
+<h3 id="org233f8df"><span class="section-number-3">12.2.</span> Raspberry Pis</h3>
 <div class="outline-text-3" id="text-12-2">
 <p>
 The abbey's Raspberry Pi runs the Raspberry Pi OS desktop off an
@@ -3960,8 +3978,8 @@ Ethernet, and power up.</li>
 <li>new username: sysadm</li>
 <li>new password: fubar</li>
 </ul></li>
-<li><a href="#org9f0e885">Add to Core DHCP</a></li>
-<li><a href="#org15590d4">Create Wired Domain Name</a></li>
+<li><a href="#orgea5fe66">Add to Core DHCP</a></li>
+<li><a href="#orgb93cc18">Create Wired Domain Name</a></li>
 <li>Log in as <code>sysadm</code> on the console.</li>
 <li>Run <code>sudo raspi-config</code> and use the following menu items.
 <ul class="org-ul">
@@ -3969,9 +3987,9 @@ Ethernet, and power up.</li>
 <li>I1 SSH (Enable/disable remote command line access using SSH): enable</li>
 <li>A1 Expand Filesystem (Ensures that all of the SD card is available)</li>
 </ul></li>
-<li><a href="#org2846f52">Update From Cloister Apt Cache</a></li>
-<li><a href="#orgb8a472a">Authorize Remote Administration</a></li>
-<li><a href="#org9216df5">Configure with Ansible</a></li>
+<li><a href="#orgc375aea">Update From Cloister Apt Cache</a></li>
+<li><a href="#org18600bb">Authorize Remote Administration</a></li>
+<li><a href="#org46482e7">Configure with Ansible</a></li>
 </ul>
 
 <p>
@@ -3980,14 +3998,14 @@ steps are taken.
 </p>
 
 <ul class="org-ul">
-<li><a href="#org4f5e619">Connect to Cloister Wi-Fi</a></li>
-<li><a href="#org0929940">Connect to Cloister VPN</a></li>
-<li><a href="#org68a65ec">Create Wireless Domain Name</a></li>
+<li><a href="#orgef270e4">Connect to Cloister Wi-Fi</a></li>
+<li><a href="#orgc02afa2">Connect to Cloister VPN</a></li>
+<li><a href="#org23b8a5f">Create Wireless Domain Name</a></li>
 </ul>
 </div>
 </div>
-<div id="outline-container-org527e70f" class="outline-3">
-<h3 id="org527e70f"><span class="section-number-3">12.3.</span> PCs</h3>
+<div id="outline-container-org9d2660f" class="outline-3">
+<h3 id="org9d2660f"><span class="section-number-3">12.3.</span> PCs</h3>
 <div class="outline-text-3" id="text-12-3">
 <p>
 Most of the abbey's machines, like Core and Gate, are general-purpose
@@ -4007,18 +4025,18 @@ Ethernet, and power up.  Choose to boot from the USB drive.</li>
 <li>new username: sysadm</li>
 <li>new password: fubar</li>
 </ul></li>
-<li><a href="#org9f0e885">Add to Core DHCP</a></li>
-<li><a href="#org15590d4">Create Wired Domain Name</a></li>
+<li><a href="#orgea5fe66">Add to Core DHCP</a></li>
+<li><a href="#orgb93cc18">Create Wired Domain Name</a></li>
 <li>Log in as <code>sysadm</code> on the console.</li>
-<li><a href="#org2846f52">Update From Cloister Apt Cache</a></li>
+<li><a href="#orgc375aea">Update From Cloister Apt Cache</a></li>
 <li><p>
 Install OpenSSH.  Plain Debian does not come with OpenSSH installed.
 </p>
 <pre class="example">
 sudo apt install openssh-server
 </pre></li>
-<li><a href="#orgb8a472a">Authorize Remote Administration</a></li>
-<li><a href="#org9216df5">Configure with Ansible</a></li>
+<li><a href="#org18600bb">Authorize Remote Administration</a></li>
+<li><a href="#org46482e7">Configure with Ansible</a></li>
 </ul>
 
 <p>
@@ -4027,14 +4045,14 @@ steps are taken.
 </p>
 
 <ul class="org-ul">
-<li><a href="#org4f5e619">Connect to Cloister Wi-Fi</a></li>
-<li><a href="#org0929940">Connect to Cloister VPN</a></li>
-<li><a href="#org68a65ec">Create Wireless Domain Name</a></li>
+<li><a href="#orgef270e4">Connect to Cloister Wi-Fi</a></li>
+<li><a href="#orgc02afa2">Connect to Cloister VPN</a></li>
+<li><a href="#org23b8a5f">Create Wireless Domain Name</a></li>
 </ul>
 </div>
 </div>
-<div id="outline-container-org9f0e885" class="outline-3">
-<h3 id="org9f0e885"><span class="section-number-3">12.4.</span> Add to Core DHCP</h3>
+<div id="outline-container-orgea5fe66" class="outline-3">
+<h3 id="orgea5fe66"><span class="section-number-3">12.4.</span> Add to Core DHCP</h3>
 <div class="outline-text-3" id="text-12-4">
 <p>
 When a new machine is connected to the cloister Ethernet, its MAC
@@ -4052,8 +4070,8 @@ new device's MAC.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">tail -100 /var/log/daemon.log | grep DISCOVER
-</pre>
+<pre class="src src-sh"><code>tail -100 /var/log/daemon.log | grep DISCOVER
+</code></pre>
 </div>
 
 <p>
@@ -4064,9 +4082,9 @@ entry is chosen.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-conf"><span class="org-type">host new</span> {
+<pre class="src src-conf"><code><span class="org-type">host new</span> {
   hardware ethernet 08:00:27:f3:41:66; fixed-address 192.168.56.4; }
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -4074,8 +4092,8 @@ The DHCP service is then restarted (not reloaded).
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">sudo systemctl restart isc-dhcp-server
-</pre>
+<pre class="src src-sh"><code>sudo systemctl restart isc-dhcp-server
+</code></pre>
 </div>
 
 <p>
@@ -4090,17 +4108,17 @@ reporting <code>1 packets transmitted, 1 received, 0% packet loss...</code>.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">ping -c1 192.168.56.4
-</pre>
+<pre class="src src-sh"><code>ping -c1 192.168.56.4
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org15590d4" class="outline-3">
-<h3 id="org15590d4"><span class="section-number-3">12.5.</span> Create Wired Domain Name</h3>
+<div id="outline-container-orgb93cc18" class="outline-3">
+<h3 id="orgb93cc18"><span class="section-number-3">12.5.</span> Create Wired Domain Name</h3>
 <div class="outline-text-3" id="text-12-5">
 <p>
 A wired device is assigned an IP address when it is added to Core's
-DHCP configuration (as in <a href="#org9f0e885">Add to Core DHCP</a>).  A private domain name is
+DHCP configuration (as in <a href="#orgea5fe66">Add to Core DHCP</a>).  A private domain name is
 then associated with this address.  If the device is intended to
 operate wirelessly, the name for its address is modified with a <code>-w</code>
 suffix.  Thus <code>new-w.small.private</code> would be the name of the new
@@ -4116,8 +4134,8 @@ of the file.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-conf">new-w   IN      A       192.168.56.4
-</pre>
+<pre class="src src-conf"><code>new-w   IN      A       192.168.56.4
+</code></pre>
 </div>
 
 <p>
@@ -4127,8 +4145,8 @@ at the top of that file.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-conf">4       IN      PTR     new-w.small.private.
-</pre>
+<pre class="src src-conf"><code>4       IN      PTR     new-w.small.private.
+</code></pre>
 </div>
 
 <p>
@@ -4137,14 +4155,14 @@ name can be tested.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">resolvectl query new-w.small.private.
+<pre class="src src-sh"><code>resolvectl query new-w.small.private.
 resolvectl query 192.168.56.4
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org2846f52" class="outline-3">
-<h3 id="org2846f52"><span class="section-number-3">12.6.</span> Update From Cloister Apt Cache</h3>
+<div id="outline-container-orgc375aea" class="outline-3">
+<h3 id="orgc375aea"><span class="section-number-3">12.6.</span> Update From Cloister Apt Cache</h3>
 <div class="outline-text-3" id="text-12-6">
 <ul class="org-ul">
 <li>Log in as <code>sysadm</code> on the console.</li>
@@ -4167,8 +4185,8 @@ sudo reboot
 </ul>
 </div>
 </div>
-<div id="outline-container-orgb8a472a" class="outline-3">
-<h3 id="orgb8a472a"><span class="section-number-3">12.7.</span> Authorize Remote Administration</h3>
+<div id="outline-container-org18600bb" class="outline-3">
+<h3 id="org18600bb"><span class="section-number-3">12.7.</span> Authorize Remote Administration</h3>
 <div class="outline-text-3" id="text-12-7">
 <p>
 To remotely administer <code>new-w</code>, Ansible must be authorized to login as
@@ -4177,8 +4195,8 @@ accomplished by copying Ansible's SSH public key to <code>new-w</code>.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">scp Secret/ssh_admin/id_rsa.pub sysadm@new-w:admin_key
-</pre>
+<pre class="src src-sh"><code>scp Secret/ssh_admin/id_rsa.pub sysadm@new-w:admin_key
+</code></pre>
 </div>
 
 <p>
@@ -4187,8 +4205,8 @@ Then on <code>new-w</code> (logged in as <code>sysadm</code>) the public key is
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">( <span class="org-builtin">cd</span>; <span class="org-builtin">umask</span> 077; mkdir .ssh; cp admin_key .ssh/authorized_keys )
-</pre>
+<pre class="src src-sh"><code>( <span class="org-builtin">cd</span>; <span class="org-builtin">umask</span> 077; mkdir .ssh; cp admin_key .ssh/authorized_keys )
+</code></pre>
 </div>
 
 <p>
@@ -4197,16 +4215,16 @@ key.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">ssh -i Secret/ssh_admin/id_rsa sysadm@new-w
-</pre>
+<pre class="src src-sh"><code>ssh -i Secret/ssh_admin/id_rsa sysadm@new-w
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org9216df5" class="outline-3">
-<h3 id="org9216df5"><span class="section-number-3">12.8.</span> Configure with Ansible</h3>
+<div id="outline-container-org46482e7" class="outline-3">
+<h3 id="org46482e7"><span class="section-number-3">12.8.</span> Configure with Ansible</h3>
 <div class="outline-text-3" id="text-12-8">
 <p>
-With remote administration authorized and tested (as in <a href="#orgb8a472a">Authorize
+With remote administration authorized and tested (as in <a href="#org18600bb">Authorize
 Remote Administration</a>), and the machine connected to the cloister
 Ethernet, the configuration of <code>new-w</code> can be completed by Ansible.
 Note that if the machine is staying on the cloister Ethernet, its
@@ -4214,7 +4232,7 @@ domain name will be <code>new</code> (having had no <code>-w</code> suffix added
 </p>
 
 <p>
-First <code>new-w</code> is added to Ansible's inventory in <a href="#orgd0676df"><q>hosts</q></a>.  A <code>new-w</code>
+First <code>new-w</code> is added to Ansible's inventory in <a href="#orgb235f82"><q>hosts</q></a>.  A <code>new-w</code>
 section is added to the list of all hosts, and an empty section of the
 same name is added to the list of <code>campus</code> hosts.  If the machine uses
 the usual privileged account name, <code>sysadm</code>, the <code>ansible_user</code> key in
@@ -4222,7 +4240,7 @@ not needed.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-conf">hosts:
+<pre class="src src-conf"><code>hosts:
   ...
   new-w:
     ansible_user: pi
@@ -4234,7 +4252,7 @@ children:
     hosts:
       ...
       new-w:
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -4245,9 +4263,9 @@ shown below.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh"><span class="org-builtin">echo</span> -n <span class="org-string">"become_new: "</span> &gt;&gt;Secret/become.yml
+<pre class="src src-sh"><code><span class="org-builtin">echo</span> -n <span class="org-string">"become_new: "</span> &gt;&gt;Secret/become.yml
 ansible-vault encrypt_string PASSWORD &gt;&gt;Secret/become.yml
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -4257,13 +4275,13 @@ configuration files.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">./abbey config new-w
-</pre>
+<pre class="src src-sh"><code>./abbey config new-w
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org4f5e619" class="outline-3">
-<h3 id="org4f5e619"><span class="section-number-3">12.9.</span> Connect to Cloister Wi-Fi</h3>
+<div id="outline-container-orgef270e4" class="outline-3">
+<h3 id="orgef270e4"><span class="section-number-3">12.9.</span> Connect to Cloister Wi-Fi</h3>
 <div class="outline-text-3" id="text-12-9">
 <p>
 On an IoT device, or a Debian or Android "desktop", the cloister Wi-Fi
@@ -4280,11 +4298,11 @@ interface on <code>new</code> is named <code>wlan0</code>.
 </p>
 
 <div class="org-src-container">
-<q>/etc/network/interfaces.d/wifi</q><pre class="src src-conf">auto wlan0
+<q>/etc/network/interfaces.d/wifi</q><pre class="src src-conf"><code>auto wlan0
 iface wlan0 inet dhcp
     wpa-ssid <span class="org-string">"Birchwood Abbey"</span>
     wpa-psk <span class="org-string">"PASSWORD"</span>
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -4299,13 +4317,13 @@ desktop connected to the Wi-Fi using the following <code>ping</code> command.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">ping -c1 192.168.10.225
-</pre>
+<pre class="src src-sh"><code>ping -c1 192.168.10.225
+</code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org0929940" class="outline-3">
-<h3 id="org0929940"><span class="section-number-3">12.10.</span> Connect to Cloister VPN</h3>
+<div id="outline-container-orgc02afa2" class="outline-3">
+<h3 id="orgc02afa2"><span class="section-number-3">12.10.</span> Connect to Cloister VPN</h3>
 <div class="outline-text-3" id="text-12-10">
 <p>
 Wireless devices (with the cloister Wi-Fi password) can get an IP
@@ -4319,13 +4337,13 @@ however, are <i>not</i> accessible except via the cloister VPN.
 <p>
 Connections to the cloister VPN are authorized by OpenVPN
 configuration (<q>.ovpn</q>) files generated by the <code>./abbey client...</code>
-command (aka <a href="Institute/README.html#org0ad53cf">The Client Command</a>).  These are secret files, kept
+command (aka <a href="Institute/README.html#orgdc36b90">The Client Command</a>).  These are secret files, kept
 readable only by their owners and are deleted after use.  They are
 copied to new OpenVPN clients using secure (<code>ssh</code>) connections.
 </p>
 </div>
-<div id="outline-container-orgc2c05c2" class="outline-4">
-<h4 id="orgc2c05c2"><span class="section-number-4">12.10.1.</span> Debian Servers</h4>
+<div id="outline-container-org042d1cc" class="outline-4">
+<h4 id="org042d1cc"><span class="section-number-4">12.10.1.</span> Debian Servers</h4>
 <div class="outline-text-4" id="text-12-10-1">
 <p>
 Wireless Debian servers (without NetworkManager) are connected to the
@@ -4351,7 +4369,7 @@ And these are the commands:
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">./abbey client campus new
+<pre class="src src-sh"><code>./abbey client campus new
 scp campus.ovpn sysadm@new-w:
 ssh sysadm@new-w
 sudo apt install openvpn-systemd-resolved
@@ -4363,7 +4381,7 @@ sudo systemctl enable openvpn@cloister
 rm campus.ovpn
 <span class="org-keyword">logout</span>
 rm campus.ovpn
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -4371,8 +4389,8 @@ It may be necessary to reboot before the final tests.
 </p>
 </div>
 </div>
-<div id="outline-container-org110b3d7" class="outline-4">
-<h4 id="org110b3d7"><span class="section-number-4">12.10.2.</span> Debian Desktops</h4>
+<div id="outline-container-orgc25ebbb" class="outline-4">
+<h4 id="orgc25ebbb"><span class="section-number-4">12.10.2.</span> Debian Desktops</h4>
 <div class="outline-text-4" id="text-12-10-2">
 <p>
 Wireless Debian desktops (with NetworkManager) include our 8GB Core i3
@@ -4414,7 +4432,7 @@ And these are the commands:
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">./abbey client campus new
+<pre class="src src-sh"><code>./abbey client campus new
 scp wifi campus.ovpn sysadm@new-w:
 ssh sysadm@new-w
 sudo apt install openvpn-systemd-resolved
@@ -4428,7 +4446,7 @@ sudo systemctl enable openvpn@cloister
 rm wifi campus.ovpn
 <span class="org-keyword">logout</span>
 rm wifi campus.ovpn
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -4444,8 +4462,8 @@ i.e. anyone in the house.
 </p>
 </div>
 </div>
-<div id="outline-container-org23ebe84" class="outline-4">
-<h4 id="org23ebe84"><span class="section-number-4">12.10.3.</span> Private Desktops</h4>
+<div id="outline-container-org97cd3b7" class="outline-4">
+<h4 id="org97cd3b7"><span class="section-number-4">12.10.3.</span> Private Desktops</h4>
 <div class="outline-text-4" id="text-12-10-3">
 <p>
 Member notebooks are private machines not remotely administered by the
@@ -4505,8 +4523,8 @@ password is included in <q>Secret/become.yml</q>.
 </p>
 </div>
 </div>
-<div id="outline-container-org4faba4c" class="outline-4">
-<h4 id="org4faba4c"><span class="section-number-4">12.10.4.</span> Android</h4>
+<div id="outline-container-orgcb44d80" class="outline-4">
+<h4 id="orgcb44d80"><span class="section-number-4">12.10.4.</span> Android</h4>
 <div class="outline-text-4" id="text-12-10-4">
 <p>
 Android phones and tablets are connected to the cloister VPN via the
@@ -4539,16 +4557,16 @@ OpenVPN when a <q>.ovpn</q> file is opened.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">./abbey client android dicks-tablet dick
+<pre class="src src-sh"><code>./abbey client android dicks-tablet dick
 cp campus.ovpn public.ovpn /media/sysadm/Transfers/
 rm campus.ovpn public.ovpn
-</pre>
+</code></pre>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-org68a65ec" class="outline-3">
-<h3 id="org68a65ec"><span class="section-number-3">12.11.</span> Create Wireless Domain Name</h3>
+<div id="outline-container-org23b8a5f" class="outline-3">
+<h3 id="org23b8a5f"><span class="section-number-3">12.11.</span> Create Wireless Domain Name</h3>
 <div class="outline-text-3" id="text-12-11">
 <p>
 A wireless machine is assigned a Wi-Fi address when it connects to the
@@ -4563,8 +4581,8 @@ file.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-conf">new     IN      A       10.84.138.7
-</pre>
+<pre class="src src-conf"><code>new     IN      A       10.84.138.7
+</code></pre>
 </div>
 
 <p>
@@ -4574,8 +4592,8 @@ serial number at the top of that file.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-conf">7       IN      PTR     new.small.private.
-</pre>
+<pre class="src src-conf"><code>7       IN      PTR     new.small.private.
+</code></pre>
 </div>
 
 <p>
@@ -4584,9 +4602,9 @@ resolution of the new name.
 </p>
 
 <div class="org-src-container">
-<pre class="src src-sh">resolvectl query new.small.private.
+<pre class="src src-sh"><code>resolvectl query new.small.private.
 resolvectl query 10.84.138.7
-</pre>
+</code></pre>
 </div>
 
 <p>
@@ -4605,7 +4623,7 @@ to <q>private/db.campus_vpn</q>.)
 </div>
 <div id="postamble" class="status">
 <p class="author">Author: Matt Birkholz</p>
-<p class="date">Created: 2024-11-01 Fri 13:07</p>
+<p class="date">Created: 2025-05-31 Sat 22:27</p>
 <p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p>
 </div>
 </body>