"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
-<!-- 2026-01-02 Fri 15:07 -->
+<!-- 2026-01-12 Mon 09:55 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Birchwood Abbey Networks</title>
the <code>abbey-</code> prefix on their names. These roles are applied <i>after</i>
the generic institutional roles (again, documented <a href="Institute/README.html">here</a>).
</p>
-<div id="outline-container-org961589e" class="outline-2">
-<h2 id="org961589e"><span class="section-number-2">1.</span> Overview</h2>
+<div id="outline-container-org50dc40d" class="outline-2">
+<h2 id="org50dc40d"><span class="section-number-2">1.</span> Overview</h2>
<div class="outline-text-2" id="text-1">
<p>
A Small Institute makes security and privacy top priorities but
philosophy, attitude.
</p>
-<pre class="example" id="org0b1f40c">
+<pre class="example" id="org8e7f672">
|
=
_|||_
</pre>
</div>
</div>
-<div id="outline-container-orgca2c4ea" class="outline-2">
-<h2 id="orgca2c4ea"><span class="section-number-2">2.</span> The Abbey Particulars</h2>
+<div id="outline-container-org4b1a609" class="outline-2">
+<h2 id="org4b1a609"><span class="section-number-2">2.</span> The Abbey Particulars</h2>
<div class="outline-text-2" id="text-2">
<p>
The abbey's public particulars are included below. They are the
full_name: Birchwood Abbey
-front_addr: 159.65.75.60
+front_addr: 138.68.252.171
</code></pre>
</div>
</p>
</div>
</div>
-<div id="outline-container-org1b50b4c" class="outline-2">
-<h2 id="org1b50b4c"><span class="section-number-2">3.</span> The Abbey Front Role</h2>
+<div id="outline-container-org692ad08" class="outline-2">
+<h2 id="org692ad08"><span class="section-number-2">3.</span> The Abbey Front Role</h2>
<div class="outline-text-2" id="text-3">
<p>
Birchwood Abbey's front door is a Digital Ocean Droplet configured as
Dovecot-IMAPd, and hosting a VPN with WireGuard™.
</p>
</div>
-<div id="outline-container-orgf6f9f79" class="outline-3">
-<h3 id="orgf6f9f79"><span class="section-number-3">3.1.</span> Install Emacs</h3>
+<div id="outline-container-org44b7b45" class="outline-3">
+<h3 id="org44b7b45"><span class="section-number-3">3.1.</span> Install Emacs</h3>
<div class="outline-text-3" id="text-3-1">
<p>
The monks of the abbey are masters of the staff (bo) and Emacs.
</div>
</div>
</div>
-<div id="outline-container-org553cc85" class="outline-3">
-<h3 id="org553cc85"><span class="section-number-3">3.2.</span> Configure Public Email Aliases</h3>
+<div id="outline-container-org4f3bd49" class="outline-3">
+<h3 id="org4f3bd49"><span class="section-number-3">3.2.</span> Configure Public Email Aliases</h3>
<div class="outline-text-3" id="text-3-2">
<p>
The abbey uses several additional email aliases. These are the public
</div>
</div>
</div>
-<div id="outline-container-org1f28e49" class="outline-3">
-<h3 id="org1f28e49"><span class="section-number-3">3.3.</span> Configure Git Daemon on Front</h3>
+<div id="outline-container-org13cf72f" class="outline-3">
+<h3 id="org13cf72f"><span class="section-number-3">3.3.</span> Configure Git Daemon on Front</h3>
<div class="outline-text-3" id="text-3-3">
<p>
The abbey publishes member Git repositories with <code>git daemon</code>. If
The <code>git daemon</code> is run by SystemD per the <q>git-daemon.service</q> file.
The <code>git-daemon(1)</code> manual page explains the options in detail. The
<code>--base-path</code> option should agree with <code>$projectroot</code> in the
-<q>/etc/gitweb.conf</q> file installed <a href="#orgc63f8e5">here</a>.
+<q>/etc/gitweb.conf</q> file installed <a href="#org64cc86c">here</a>.
</p>
<p>
</div>
<div class="org-src-container">
-<code>gitd-tasks</code><pre class="src src-conf" id="org8125b8a"><code>- name: Install git.
+<code>gitd-tasks</code><pre class="src src-conf" id="org464ff22"><code>- name: Install git.
become: yes
<span class="org-variable-name">apt: pkg</span>=git
+- name: Add Monkey to Staff.
+ user:
+ name: monkey
+ append: yes
+ groups: staff
+
- name: Create /var/www/git/.
become: yes
file:
path: /var/www/git
state: directory
+ owner: monkey
group: staff
<span class="org-variable-name">mode: u</span>=rwx,g=srwx,o=rx
</div>
<div class="org-src-container">
-<code>gitd-handlers</code><pre class="src src-conf" id="orgb920ea7"><code>
+<code>gitd-handlers</code><pre class="src src-conf" id="org5cd07f7"><code>
- name: Reload systemd.
become: yes
systemd:
</div>
</div>
</div>
-<div id="outline-container-org0019fd0" class="outline-3">
-<h3 id="org0019fd0"><span class="section-number-3">3.4.</span> Configure Gitweb on Front</h3>
+<div id="outline-container-org9fbf79e" class="outline-3">
+<h3 id="org9fbf79e"><span class="section-number-3">3.4.</span> Configure Gitweb on Front</h3>
<div class="outline-text-3" id="text-3-4">
<p>
The abbey provides an HTML interface to members' public Git
</p>
<div class="org-src-container">
-<code>apache-gitweb</code><pre class="src src-conf" id="org72f1894"><code>
-Alias /gitweb-static/ /usr/share/gitweb/static/
+<code>apache-gitweb</code><pre class="src src-conf" id="org8cd08e6"><code>Alias /gitweb-static/ /usr/share/gitweb/static/
<Directory <span class="org-string">"/usr/share/gitweb/static/"</span>>
Options MultiViews
</Directory>
</div>
<div class="org-src-container">
-<code>gitweb-tasks</code><pre class="src src-conf" id="orgc63f8e5"><code>- name: Enable Apache2 rewrite module for Gitweb.
+<code>gitweb-tasks</code><pre class="src src-conf" id="org64cc86c"><code>- name: Enable Apache2 rewrite module.
become: yes
<span class="org-variable-name">apache2_module: name</span>=rewrite
notify: Restart Apache2.
<span class="org-variable-name">apache2_module: name</span>=cgid
notify: Restart Apache2.
-- name: Install libcgi-pm-perl for Gitweb.
+- name: Install libcgi-pm-perl.
become: yes
<span class="org-variable-name">apt: pkg</span>=libcgi-pm-perl
</div>
<div class="org-src-container">
-<code>gitweb-handlers</code><pre class="src src-conf" id="orga0c7f06"><code>- name: Restart Apache2.
+<code>gitweb-handlers</code><pre class="src src-conf" id="org1579b74"><code>- name: Restart Apache2.
become: yes
systemd:
service: apache2
</div>
</div>
</div>
-<div id="outline-container-orge27fab4" class="outline-3">
-<h3 id="orge27fab4"><span class="section-number-3">3.5.</span> Configure Apache for Abbey Documentation</h3>
+<div id="outline-container-orgc8d4102" class="outline-3">
+<h3 id="orgc8d4102"><span class="section-number-3">3.5.</span> Configure Apache for Abbey Documentation</h3>
<div class="outline-text-3" id="text-3-5">
<p>
Some of the directives added to the <q>-vhost.conf</q> file are needed by
</p>
<div class="org-src-container">
-<code>apache-abbey</code><pre class="src src-conf" id="org635af88"><code><Directory {{ docroot }}/Abbey/>
+<code>apache-abbey</code><pre class="src src-conf" id="org40cd5f8"><code><Directory {{ docroot }}/Abbey/>
AllowOverride Indexes FileInfo
Options +Indexes +FollowSymLinks
</Directory>
</div>
</div>
</div>
-<div id="outline-container-org48f710e" class="outline-3">
-<h3 id="org48f710e"><span class="section-number-3">3.6.</span> Configure Photos URLs on Front</h3>
+<div id="outline-container-orgfae9d4a" class="outline-3">
+<h3 id="orgfae9d4a"><span class="section-number-3">3.6.</span> Configure Photos URLs on Front</h3>
<div class="outline-text-3" id="text-3-6">
<p>
Some of the directives added to the <q>-vhost.conf</q> file map the abbey's
</p>
<div class="org-src-container">
-<code>apache-photos</code><pre class="src src-conf" id="org5096221"><code>
-RedirectMatch /Photos$ /Photos/
+<code>apache-photos</code><pre class="src src-conf" id="orgeb3396a"><code>RedirectMatch /Photos$ /Photos/
RedirectMatch /Photos/(20[0-9][0-9])_([0-9][0-9])_([0-9][0-9])$ \
/Photos/$1_$2_$3/
AliasMatch /Photos/(20[0-9][0-9])_([0-9][0-9])_([0-9][0-9])/(.+)$ \
</div>
</div>
</div>
-<div id="outline-container-orgd0a2883" class="outline-3">
-<h3 id="orgd0a2883"><span class="section-number-3">3.7.</span> Configure Apache on Front</h3>
+<div id="outline-container-org9cecdfb" class="outline-3">
+<h3 id="org9cecdfb"><span class="section-number-3">3.7.</span> Configure Tellurion Expiration on Front</h3>
<div class="outline-text-3" id="text-3-7">
<p>
+The abbey's <q>tellurion.png</q> is updated every 15 minutes on the quarter
+hour, and should expire soon thereafter. To accomplish this, Apache's
+<code>expires</code> module is enabled inside the <q>/Tellurion/</q> directory and the
+<q>tellurion.png</q> uploaded there.
+</p>
+
+<div class="org-src-container">
+<code>apache-tellurion</code><pre class="src src-conf" id="orgdb99c40"><code><Directory {{ docroot }}/Tellurion/>
+ ExpiresActive On
+ ExpiresByType image/png <span class="org-string">"modification plus 15 minutes"</span>
+</Directory>
+</code></pre>
+</div>
+
+<p>
+Apache's Expires module must be enabled before the above directives
+will be accepted.
+</p>
+
+<div class="org-src-container">
+<a href="roles_t/abbey-front/tasks/main.yml">=roles_t/abbey-front/tasks/main.yml</a><pre class="src src-conf"><code>
+<<tellurion-tasks>>
+</code></pre>
+</div>
+
+<div class="org-src-container">
+<code>tellurion-tasks</code><pre class="src src-conf" id="orga08ba96"><code>- name: Enable Apache2 expires module.
+ become: yes
+ <span class="org-variable-name">apache2_module: name</span>=expires
+ notify: Restart Apache2.
+</code></pre>
+</div>
+</div>
+</div>
+<div id="outline-container-orga6c3798" class="outline-3">
+<h3 id="orga6c3798"><span class="section-number-3">3.8.</span> Configure Apache on Front</h3>
+<div class="outline-text-3" id="text-3-8">
+<p>
The abbey needs to add some Apache2 configuration directives to the
virtual host listening for HTTPS requests to <q>birchwood-abbey.net</q>.
Luckily there is support for this in the institutional configuration.
</p>
<p>
-The following task adds the <a href="#org635af88"><code>apache-abbey</code></a>, <a href="#org5096221"><code>apache-photos</code></a>, and
-<a href="#org72f1894"><code>apache-gitweb</code></a> directives described above to the <q>-vhost.conf</q> file,
-and includes <q>options-ssl-apache.conf</q> from <q>/etc/letsencrypt/</q>. The
-rest of the Let's Encrypt configuration is discussed in the following
-<a href="#org84b4a08">Install Let's Encrypt</a> section.
+The following task adds the <a href="#org8cd08e6"><code>apache-gitweb</code></a>, <a href="#org40cd5f8"><code>apache-abbey</code></a>,
+<a href="#orgeb3396a"><code>apache-photos</code></a>, and <a href="#orgdb99c40"><code>apache-tellurion</code></a> directives described above to
+the <q>-vhost.conf</q> file, and includes <q>options-ssl-apache.conf</q> from
+<q>/etc/letsencrypt/</q>. The rest of the Let's Encrypt configuration is
+discussed in the following <a href="#orgf9fd0c9">Install Let's Encrypt</a> section.
</p>
<div class="org-src-container">
docroot: /home/www
copy:
content: |
+ <<apache-gitweb>>
+
<<apache-abbey>>
+
<<apache-photos>>
- <<apache-gitweb>>
+
+ <<apache-tellurion>>
IncludeOptional /etc/letsencrypt/options-ssl-apache.conf
dest: /etc/apache2/sites-available/birchwood-abbey.net-vhost.conf
</div>
</div>
</div>
-<div id="outline-container-org6cd258b" class="outline-3">
-<h3 id="org6cd258b"><span class="section-number-3">3.8.</span> Configure Apache Log Archival</h3>
-<div class="outline-text-3" id="text-3-8">
+<div id="outline-container-orgf43f038" class="outline-3">
+<h3 id="orgf43f038"><span class="section-number-3">3.9.</span> Configure Apache Log Archival</h3>
+<div class="outline-text-3" id="text-3-9">
<p>
These tasks hack Apache's <code>logrotate(8)</code> configuration to rotate
weekly, keep a couple weeks, and email each week's log to <code>root</code>.
path: /etc/logrotate.d/apache2
regexp: <span class="org-string">"{{ item.regexp }}"</span>
line: <span class="org-string">"{{ item.line }}"</span>
+ insertbefore: <span class="org-string">"^ *}"</span>
loop:
- - { regexp: <span class="org-string">'^ *daily'</span>, line: <span class="org-string">"\tweekly"</span> }
+ - regexp: <span class="org-string">'^ *(hourly|daily|weekly|monthly|yearly)'</span>
+ line: <span class="org-string">"\tweekly"</span>
- { regexp: <span class="org-string">'^ *rotate'</span>, line: <span class="org-string">"\trotate 2"</span> }
- name: Configure Apache log email.
path: /etc/logrotate.d/apache2
regexp: <span class="org-string">"{{ item.regexp }}"</span>
line: <span class="org-string">"{{ item.line }}"</span>
- insertbefore: <span class="org-string">" *}"</span>
+ insertbefore: <span class="org-string">"^ *}"</span>
firstmatch: yes
loop:
- { regexp: <span class="org-string">"^\tmail "</span>, line: <span class="org-string">"\tmail webmaster"</span> }
</div>
</div>
</div>
-<div id="outline-container-org84b4a08" class="outline-3">
-<h3 id="org84b4a08"><span class="section-number-3">3.9.</span> Install Let's Encrypt</h3>
-<div class="outline-text-3" id="text-3-9">
+<div id="outline-container-orgf9fd0c9" class="outline-3">
+<h3 id="orgf9fd0c9"><span class="section-number-3">3.10.</span> Install Let's Encrypt</h3>
+<div class="outline-text-3" id="text-3-10">
<p>
The abbey uses a Let's Encrypt certificate to authenticate its public
web site and email services. Initial installation of a Let's Encrypt
entered as shown below).
</p>
-<pre class="example" id="org76969b0">
+<pre class="example" id="org46fc9cc">
$ sudo apt install python3-certbot-apache
$ sudo certbot --apache -d birchwood-abbey.net
...
</div>
</div>
</div>
-<div id="outline-container-org1bdf2c2" class="outline-3">
-<h3 id="org1bdf2c2"><span class="section-number-3">3.10.</span> Restart servers caching the Let's Encrypt certificate.</h3>
-<div class="outline-text-3" id="text-3-10">
+<div id="outline-container-org99b8e67" class="outline-3">
+<h3 id="org99b8e67"><span class="section-number-3">3.11.</span> Restart servers caching the Let's Encrypt certificate.</h3>
+<div class="outline-text-3" id="text-3-11">
<div class="org-src-container">
<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
- name: Install Certbot hook.
</div>
</div>
</div>
-<div id="outline-container-orgff09563" class="outline-3">
-<h3 id="orgff09563"><span class="section-number-3">3.11.</span> Rotate Let's Encrypt Log</h3>
-<div class="outline-text-3" id="text-3-11">
+<div id="outline-container-orgb6d1f8c" class="outline-3">
+<h3 id="orgb6d1f8c"><span class="section-number-3">3.12.</span> Rotate Let's Encrypt Log</h3>
+<div class="outline-text-3" id="text-3-12">
<p>
The following task arranges to rotate Certbot's logs files.
</p>
</div>
</div>
</div>
-<div id="outline-container-org40b7d48" class="outline-3">
-<h3 id="org40b7d48"><span class="section-number-3">3.12.</span> Archive Let's Encrypt Data</h3>
-<div class="outline-text-3" id="text-3-12">
+<div id="outline-container-org8ed0e48" class="outline-3">
+<h3 id="org8ed0e48"><span class="section-number-3">3.13.</span> Archive Let's Encrypt Data</h3>
+<div class="outline-text-3" id="text-3-13">
<p>
A backup copy of Let's Encrypt's data (<q>/etc/letsencrypt/</q>) is sent to
<code>root@core</code> in OpenPGP encrypted email every time it changes. Changes
</div>
</div>
</div>
-<div id="outline-container-orgc325de7" class="outline-2">
-<h2 id="orgc325de7"><span class="section-number-2">4.</span> The Abbey Core Role</h2>
+<div id="outline-container-org9581f21" class="outline-2">
+<h2 id="org9581f21"><span class="section-number-2">4.</span> The Abbey Core Role</h2>
<div class="outline-text-2" id="text-4">
<p>
Birchwood Abbey's core is a mini-PC (System76 Meerkat) configured as A
NTP, DNS and DHCP.
</p>
</div>
-<div id="outline-container-org1f3ff6d" class="outline-3">
-<h3 id="org1f3ff6d"><span class="section-number-3">4.1.</span> Include Abbey Variables</h3>
+<div id="outline-container-org0c220ea" class="outline-3">
+<h3 id="org0c220ea"><span class="section-number-3">4.1.</span> Include Abbey Variables</h3>
<div class="outline-text-3" id="text-4-1">
<p>
In this abbey specific document, most abbey particulars are not
</div>
</div>
</div>
-<div id="outline-container-orgd8805da" class="outline-3">
-<h3 id="orgd8805da"><span class="section-number-3">4.2.</span> Install Additional Packages</h3>
+<div id="outline-container-org2777422" class="outline-3">
+<h3 id="org2777422"><span class="section-number-3">4.2.</span> Install Additional Packages</h3>
<div class="outline-text-3" id="text-4-2">
<p>
The scripts that maintain the abbey's web site use a number of
</div>
</div>
</div>
-<div id="outline-container-orgedad99a" class="outline-3">
-<h3 id="orgedad99a"><span class="section-number-3">4.3.</span> Configure Private Email Aliases</h3>
+<div id="outline-container-org7d68a5d" class="outline-3">
+<h3 id="org7d68a5d"><span class="section-number-3">4.3.</span> Configure Private Email Aliases</h3>
<div class="outline-text-3" id="text-4-3">
<p>
The abbey uses several additional email aliases. These are the campus
</div>
</div>
</div>
-<div id="outline-container-org5d20d9d" class="outline-3">
-<h3 id="org5d20d9d"><span class="section-number-3">4.4.</span> Configure Git Daemon on Core</h3>
+<div id="outline-container-org5ba15a5" class="outline-3">
+<h3 id="org5ba15a5"><span class="section-number-3">4.4.</span> Configure Git Daemon on Core</h3>
<div class="outline-text-3" id="text-4-4">
<p>
These tasks are identical to those executed on Front, for similar Git
services on Front and Core. This allows changes to be tested on Core
-before they are pushed to Front. See <a href="#org1f28e49">3.3</a>
+before they are pushed to Front. See <a href="#org13cf72f">3.3</a>
for more information.
</p>
</div>
</div>
</div>
-<div id="outline-container-orgc3d5416" class="outline-3">
-<h3 id="orgc3d5416"><span class="section-number-3">4.5.</span> Configure Gitweb on Core</h3>
+<div id="outline-container-org1b0ee3d" class="outline-3">
+<h3 id="org1b0ee3d"><span class="section-number-3">4.5.</span> Configure Gitweb on Core</h3>
<div class="outline-text-3" id="text-4-5">
<p>
These tasks are identical to those executed on Front, for similar
Gitweb services on Front and Core. This allows changes to be tested
-on Core before they are pushed to Front. See <a href="#org0019fd0">Configure Gitweb on
+on Core before they are pushed to Front. See <a href="#org9fbf79e">Configure Gitweb on
Front</a> for more information.
</p>
</div>
</div>
</div>
-<div id="outline-container-org3a8853f" class="outline-3">
-<h3 id="org3a8853f"><span class="section-number-3">4.6.</span> Configure Apache on Core</h3>
+<div id="outline-container-orgab09f6e" class="outline-3">
+<h3 id="orgab09f6e"><span class="section-number-3">4.6.</span> Configure Tellurion Expiration on Core</h3>
<div class="outline-text-3" id="text-4-6">
<p>
+The <code>apache-tellurion</code> directives are defined <a href="#orgdb99c40">here</a> and included in the
+Apache configuration below. The <code>tellurion-tasks</code> are defined <a href="#orga08ba96">here</a>
+and included by the following code block.
+</p>
+
+<div class="org-src-container">
+<a href="roles_t/abbey-core/tasks/main.yml">=roles_t/abbey-core/tasks/main.yml</a><pre class="src src-conf"><code>
+<<tellurion-tasks>>
+</code></pre>
+</div>
+</div>
+</div>
+<div id="outline-container-org4fd7c48" class="outline-3">
+<h3 id="org4fd7c48"><span class="section-number-3">4.7.</span> Configure Apache on Core</h3>
+<div class="outline-text-3" id="text-4-7">
+<p>
The Apache2 configuration on Core specifies three web sites (live,
test, and campus). The live and test sites must operate just like the
-site on Front. Their configurations include the same <a href="#org635af88"><code>apache-abbey</code></a>,
-<a href="#org5096221"><code>apache-photos</code></a>, and <a href="#org72f1894"><code>apache-gitweb</code></a> used on Front.
+site on Front. Their configurations include the same <a href="#org8cd08e6"><code>apache-gitweb</code></a>,
+<a href="#org40cd5f8"><code>apache-abbey</code></a>, <a href="#orgeb3396a"><code>apache-photos</code></a>, and <a href="#orgdb99c40"><code>apache-tellurion</code></a> used on Front.
</p>
<div class="org-src-container">
docroot: /WWW/live
copy:
content: |
+ <<apache-gitweb>>
+
<<apache-abbey>>
+
<<apache-photos>>
- <<apache-gitweb>>
+
+ <<apache-tellurion>>
dest: /etc/apache2/sites-available/live-vhost.conf
<span class="org-variable-name">mode: u</span>=rw,g=r,o=r
notify: Restart Apache2.
docroot: /WWW/test
copy:
content: |
+ <<apache-gitweb>>
+
<<apache-abbey>>
+
<<apache-photos>>
- <<apache-gitweb>>
+
+ <<apache-tellurion>>
dest: /etc/apache2/sites-available/test-vhost.conf
<span class="org-variable-name">mode: u</span>=rw,g=r,o=r
notify: Restart Apache2.
</div>
</div>
</div>
-<div id="outline-container-orgd475415" class="outline-3">
-<h3 id="orgd475415"><span class="section-number-3">4.7.</span> Configure Documentation URLs</h3>
-<div class="outline-text-3" id="text-4-7">
+<div id="outline-container-org248c006" class="outline-3">
+<h3 id="org248c006"><span class="section-number-3">4.8.</span> Configure Documentation URLs</h3>
+<div class="outline-text-3" id="text-4-8">
<p>
The institute serves its <q>/usr/share/doc/</q> on the house (campus) web
site. This is a debugging convenience, making some HTML documentation
more accessible, especially the documentation of software installed on
Core and not on typical desktop clients. Also included: the Apache2
-directives that enable user Git publishing with Gitweb (defined <a href="#org72f1894">here</a>).
+directives that enable user Git publishing with Gitweb (defined <a href="#org8cd08e6">here</a>).
</p>
<div class="org-src-container">
<Directory /usr/share/doc/>
Options Indexes
</Directory>
+
<<apache-gitweb>>
dest: /etc/apache2/sites-available/www-vhost.conf
<span class="org-variable-name">mode: u</span>=rw,g=r,o=r
</div>
</div>
</div>
-<div id="outline-container-org94e2626" class="outline-3">
-<h3 id="org94e2626"><span class="section-number-3">4.8.</span> Install Apt Cacher</h3>
-<div class="outline-text-3" id="text-4-8">
+<div id="outline-container-orgba81a62" class="outline-3">
+<h3 id="orgba81a62"><span class="section-number-3">4.9.</span> Install Apt Cacher</h3>
+<div class="outline-text-3" id="text-4-9">
<p>
The abbey uses the Apt-Cacher:TNG package cache on Core. The
<code>apt-cacher</code> domain name is defined in <q>private/db.domain</q>.
</div>
</div>
</div>
-<div id="outline-container-orgf08a21f" class="outline-3">
-<h3 id="orgf08a21f"><span class="section-number-3">4.9.</span> Use Cloister Apt Cache</h3>
-<div class="outline-text-3" id="text-4-9">
+<div id="outline-container-org9120676" class="outline-3">
+<h3 id="org9120676"><span class="section-number-3">4.10.</span> Use Cloister Apt Cache</h3>
+<div class="outline-text-3" id="text-4-10">
<p>
Core itself will benefit from using the package cache, but should
contact <code>https</code> repositories directly. (There are few such cretins
</div>
</div>
</div>
-<div id="outline-container-org748759e" class="outline-3">
-<h3 id="org748759e"><span class="section-number-3">4.10.</span> Configure NAGIOS</h3>
-<div class="outline-text-3" id="text-4-10">
+<div id="outline-container-org0ce49df" class="outline-3">
+<h3 id="org0ce49df"><span class="section-number-3">4.11.</span> Configure NAGIOS</h3>
+<div class="outline-text-3" id="text-4-11">
<p>
A small institute uses <code>nagios4</code> to monitor the health of its network,
with an initial smattering of monitors adopted from the Debian
Raspberry Pis.
</p>
</div>
-<div id="outline-container-org59fad33" class="outline-4">
-<h4 id="org59fad33"><span class="section-number-4">4.10.1.</span> Monitoring The Home Disk</h4>
-<div class="outline-text-4" id="text-4-10-1">
+<div id="outline-container-orgac651d1" class="outline-4">
+<h4 id="orgac651d1"><span class="section-number-4">4.11.1.</span> Monitoring The Home Disk</h4>
+<div class="outline-text-4" id="text-4-11-1">
<p>
The abbey adds monitoring of the space remaining on the volume at
<q>/home/</q> on Core. (The small institute only monitors the space
</div>
</div>
</div>
-<div id="outline-container-org911a170" class="outline-4">
-<h4 id="org911a170"><span class="section-number-4">4.10.2.</span> Custom NAGIOS Monitor <code>abbey_pisensors</code></h4>
-<div class="outline-text-4" id="text-4-10-2">
+<div id="outline-container-orgc0de65c" class="outline-4">
+<h4 id="orgc0de65c"><span class="section-number-4">4.11.2.</span> Custom NAGIOS Monitor <code>abbey_pisensors</code></h4>
+<div class="outline-text-4" id="text-4-11-2">
<p>
The <code>check_sensors</code> plugin is included in the package
<code>monitoring-plugins-basic</code>, but it does not report any readings. The
</div>
</div>
</div>
-<div id="outline-container-orgfa94f9b" class="outline-4">
-<h4 id="orgfa94f9b"><span class="section-number-4">4.10.3.</span> Stolen NAGIOS Monitor <code>check_mdstat</code></h4>
-<div class="outline-text-4" id="text-4-10-3">
+<div id="outline-container-org2605df4" class="outline-4">
+<h4 id="org2605df4"><span class="section-number-4">4.11.3.</span> Stolen NAGIOS Monitor <code>check_mdstat</code></h4>
+<div class="outline-text-4" id="text-4-11-3">
<p>
This <code>check_mdstat</code> plugin was copied from the NAGIOS Exchange (<a href="https://exchange.nagios.org/directory/plugins/operating-systems/linux/check_mdstat/details/">here</a>).
It detects a failing disk in a multi-disk array.
</div>
</div>
</div>
-<div id="outline-container-org065f0c0" class="outline-4">
-<h4 id="org065f0c0"><span class="section-number-4">4.10.4.</span> Configure NAGIOS Monitoring of The Cloister</h4>
-<div class="outline-text-4" id="text-4-10-4">
+<div id="outline-container-orgb6f92df" class="outline-4">
+<h4 id="orgb6f92df"><span class="section-number-4">4.11.4.</span> Configure NAGIOS Monitoring of The Cloister</h4>
+<div class="outline-text-4" id="text-4-11-4">
<p>
The abbey adds monitoring for more servers: Dantooine and Kessel.
They are <code>abbey-cloister</code> servers, so they are configured as small
are idiosyncratically in flux.
</p>
</div>
-<div id="outline-container-org3e109b1" class="outline-5">
-<h5 id="org3e109b1"><span class="section-number-5">4.10.4.1.</span> Cloister Network Addresses</h5>
-<div class="outline-text-5" id="text-4-10-4-1">
+<div id="outline-container-org8c86d68" class="outline-5">
+<h5 id="org8c86d68"><span class="section-number-5">4.11.4.1.</span> Cloister Network Addresses</h5>
+<div class="outline-text-5" id="text-4-11-4-1">
<p>
The IP addresses of all three hosts are nice to use in the NAGIOS
configuration (to avoid depending on name service) and so are
</div>
</div>
</div>
-<div id="outline-container-orgf83186b" class="outline-5">
-<h5 id="orgf83186b"><span class="section-number-5">4.10.4.2.</span> Install NAGIOS Configurations</h5>
-<div class="outline-text-5" id="text-4-10-4-2">
+<div id="outline-container-org2e120b3" class="outline-5">
+<h5 id="org2e120b3"><span class="section-number-5">4.11.4.2.</span> Install NAGIOS Configurations</h5>
+<div class="outline-text-5" id="text-4-11-4-2">
<p>
The following task installs each host's NAGIOS configuration.
</p>
</div>
</div>
</div>
-<div id="outline-container-org31151d6" class="outline-5">
-<h5 id="org31151d6"><span class="section-number-5">4.10.4.3.</span> NAGIOS Monitoring of Dantooine</h5>
-<div class="outline-text-5" id="text-4-10-4-3">
+<div id="outline-container-orgabd69bd" class="outline-5">
+<h5 id="orgabd69bd"><span class="section-number-5">4.11.4.3.</span> NAGIOS Monitoring of Dantooine</h5>
+<div class="outline-text-5" id="text-4-11-4-3">
<div class="org-src-container">
<a href="roles_t/abbey-core/templates/nagios-dantooine.cfg"><q>roles_t/abbey-core/templates/nagios-dantooine.cfg</q></a><pre class="src src-conf"><code><span class="org-type">define host</span> {
use linux-server
</div>
</div>
</div>
-<div id="outline-container-orgb2af791" class="outline-5">
-<h5 id="orgb2af791"><span class="section-number-5">4.10.4.4.</span> NAGIOS Monitoring of Kessel</h5>
-<div class="outline-text-5" id="text-4-10-4-4">
+<div id="outline-container-org9610ee2" class="outline-5">
+<h5 id="org9610ee2"><span class="section-number-5">4.11.4.4.</span> NAGIOS Monitoring of Kessel</h5>
+<div class="outline-text-5" id="text-4-11-4-4">
<div class="org-src-container">
<a href="roles_t/abbey-core/templates/nagios-kessel.cfg"><q>roles_t/abbey-core/templates/nagios-kessel.cfg</q></a><pre class="src src-conf"><code><span class="org-type">define host</span> {
use linux-server
</div>
</div>
</div>
-<div id="outline-container-org6dd00a7" class="outline-3">
-<h3 id="org6dd00a7"><span class="section-number-3">4.11.</span> Install Munin</h3>
-<div class="outline-text-3" id="text-4-11">
+<div id="outline-container-org7c560ef" class="outline-3">
+<h3 id="org7c560ef"><span class="section-number-3">4.12.</span> Install Munin</h3>
+<div class="outline-text-3" id="text-4-12">
<p>
The abbey is experimenting with Munin. NAGIOS is all about notifying
the Sys. Admin. of failed services. Munin is more about tracking
</div>
</div>
</div>
-<div id="outline-container-orgcceb87e" class="outline-3">
-<h3 id="orgcceb87e"><span class="section-number-3">4.12.</span> Install Analog</h3>
-<div class="outline-text-3" id="text-4-12">
+<div id="outline-container-orgcba0dc6" class="outline-3">
+<h3 id="orgcba0dc6"><span class="section-number-3">4.13.</span> Install Analog</h3>
+<div class="outline-text-3" id="text-4-13">
<p>
The abbey's public web site's access and error logs are emailed
regularly to <code>webmaster</code>, who saves them in <q>/Logs/apache2-public/</q>
</div>
</div>
</div>
-<div id="outline-container-org61569ee" class="outline-3">
-<h3 id="org61569ee"><span class="section-number-3">4.13.</span> Add Monkey to Web Server Group</h3>
-<div class="outline-text-3" id="text-4-13">
+<div id="outline-container-org7f86a75" class="outline-3">
+<h3 id="org7f86a75"><span class="section-number-3">4.14.</span> Add Monkey to Web Server Group</h3>
+<div class="outline-text-3" id="text-4-14">
<p>
Monkey needs to be in <code>www-data</code> so that it can run
<q>/WWW/live/Photos/Private/cronjob</q> to publish photos from multiple
</div>
</div>
</div>
-<div id="outline-container-orgb8c389f" class="outline-3">
-<h3 id="orgb8c389f"><span class="section-number-3">4.14.</span> Install netpbm For Photo Processing</h3>
-<div class="outline-text-3" id="text-4-14">
+<div id="outline-container-orgc0cae2b" class="outline-3">
+<h3 id="orgc0cae2b"><span class="section-number-3">4.15.</span> Install netpbm For Photo Processing</h3>
+<div class="outline-text-3" id="text-4-15">
<p>
Monkey's photo processing scripts use <code>netpbm</code> commands like
<code>jpegtopnm</code>.
</div>
</div>
</div>
-<div id="outline-container-org50a3ca1" class="outline-2">
-<h2 id="org50a3ca1"><span class="section-number-2">5.</span> The Abbey Gate Role</h2>
+<div id="outline-container-orgf403b12" class="outline-2">
+<h2 id="orgf403b12"><span class="section-number-2">5.</span> The Abbey Gate Role</h2>
<div class="outline-text-2" id="text-5">
<p>
Birchwood Abbey's gate is a $110 µPC configured as A Small Institute
Ecowitt hub.
</p>
</div>
-<div id="outline-container-org705dbd5" class="outline-3">
-<h3 id="org705dbd5"><span class="section-number-3">5.1.</span> The Abbey Gate's Network Interfaces</h3>
+<div id="outline-container-orgdb1a06f" class="outline-3">
+<h3 id="orgdb1a06f"><span class="section-number-3">5.1.</span> The Abbey Gate's Network Interfaces</h3>
<div class="outline-text-3" id="text-5-1">
<p>
The abbey gate's <code>lan</code> interface is the PC's built-in Ethernet
</p>
</div>
</div>
-<div id="outline-container-org4ae98c0" class="outline-3">
-<h3 id="org4ae98c0"><span class="section-number-3">5.2.</span> The Abbey's IoT Network</h3>
+<div id="outline-container-org8a34e52" class="outline-3">
+<h3 id="org8a34e52"><span class="section-number-3">5.2.</span> The Abbey's IoT Network</h3>
<div class="outline-text-3" id="text-5-2">
<p>
To allow masquerading between the private subnets and <code>wild</code>, the
following <code>iptables(8)</code> rules are added. They are very similar to the
<code>nat</code> and <code>filter</code> table rules used by a small institute to masquerade
-its <code>lan</code> to its <code>isp</code> (see the <a href="Institute/README.html#org95ec5ba">UFW Rules</a> of a Small Institute).
+its <code>lan</code> to its <code>isp</code> (see the <a href="Institute/README.html#org1ec6af1">UFW Rules</a> of a Small Institute).
The campus WireGuard™ subnet is not included because the campus Wi-Fi
hosts should be routing to the wild subnet directly and are assumed to
be masquerading as their access point(s).
</p>
<div class="org-src-container">
-<code>iot-nat</code><pre class="src src-conf" id="orgda26877"><code>-A POSTROUTING -s {{ private_net_cidr }} -o wild -j MASQUERADE
+<code>iot-nat</code><pre class="src src-conf" id="org5b612fa"><code>-A POSTROUTING -s {{ private_net_cidr }} -o wild -j MASQUERADE
-A POSTROUTING -s {{ public_wg_net_cidr }} -o wild -j MASQUERADE
</code></pre>
</div>
<div class="org-src-container">
-<code>iot-forward</code><pre class="src src-conf" id="org6731cd5"><code>-A ufw-user-forward -i lan -o wild -j ACCEPT
+<code>iot-forward</code><pre class="src src-conf" id="orgb2ac04b"><code>-A ufw-user-forward -i lan -o wild -j ACCEPT
-A ufw-user-forward -i wg0 -o wild -j ACCEPT
</code></pre>
</div>
</p>
</div>
</div>
-<div id="outline-container-org05fb5ce" class="outline-3">
-<h3 id="org05fb5ce"><span class="section-number-3">5.3.</span> Configure UFW for IoT</h3>
+<div id="outline-container-orga12c365" class="outline-3">
+<h3 id="orga12c365"><span class="section-number-3">5.3.</span> Configure UFW for IoT</h3>
<div class="outline-text-3" id="text-5-3">
<p>
The following tasks install the additional rules in <q>before.rules</q>
-and <q>user.rules</q> (as in <a href="Institute/README.html#org21789ad">Configure UFW</a>).
+and <q>user.rules</q> (as in <a href="Institute/README.html#org7d9cdf8">Configure UFW</a>).
</p>
<div class="org-src-container">
</div>
</div>
</div>
-<div id="outline-container-org70d9613" class="outline-3">
-<h3 id="org70d9613"><span class="section-number-3">5.4.</span> The Abbey's Starlink Configuration</h3>
+<div id="outline-container-org725e7fd" class="outline-3">
+<h3 id="org725e7fd"><span class="section-number-3">5.4.</span> The Abbey's Starlink Configuration</h3>
<div class="outline-text-3" id="text-5-4">
<p>
The abbey connects to Starlink via Ethernet, and disables Starlink's
</p>
</div>
</div>
-<div id="outline-container-org6263ec3" class="outline-3">
-<h3 id="org6263ec3"><span class="section-number-3">5.5.</span> Alternate ISPs</h3>
+<div id="outline-container-org6cf5fa4" class="outline-3">
+<h3 id="org6cf5fa4"><span class="section-number-3">5.5.</span> Alternate ISPs</h3>
<div class="outline-text-3" id="text-5-5">
<p>
The abbey used to use a cell phone on a USB tether to get Internet
</div>
</div>
</div>
-<div id="outline-container-org40da079" class="outline-2">
-<h2 id="org40da079"><span class="section-number-2">6.</span> The Abbey Cloister Role</h2>
+<div id="outline-container-org39f60e3" class="outline-2">
+<h2 id="org39f60e3"><span class="section-number-2">6.</span> The Abbey Cloister Role</h2>
<div class="outline-text-2" id="text-6">
<p>
Birchwood Abbey's cloister is a small institute campus. The <code>campus</code>
<p>
Wireless clients are issued keys for the cloister VPN by the <code>./abbey
client</code> command which is currently identical to the <code>./inst client</code>
-command (described in <a href="Institute/README.html#org8465bda">The Client Command</a>). The wireless, cloistered
+command (described in <a href="Institute/README.html#org2ac6cf1">The Client Command</a>). The wireless, cloistered
hosts never roam, are not associated with a member, and so are
"campus" clients, issued keys with commands like this:
</p>
S+6HaTnOwwhWgUGXjSBcPAvifKw+j8BDTRfq534gNW4=
</pre>
</div>
-<div id="outline-container-orgb2ba8cf" class="outline-3">
-<h3 id="orgb2ba8cf"><span class="section-number-3">6.1.</span> Use Cloister Apt Cache</h3>
+<div id="outline-container-org3a11c88" class="outline-3">
+<h3 id="org3a11c88"><span class="section-number-3">6.1.</span> Use Cloister Apt Cache</h3>
<div class="outline-text-3" id="text-6-1">
<p>
The Apt-Cacher:TNG program does not work well on the frontier, so is
</div>
</div>
</div>
-<div id="outline-container-orgc082038" class="outline-3">
-<h3 id="orgc082038"><span class="section-number-3">6.2.</span> Configure Cloister NRPE</h3>
+<div id="outline-container-org86e6ea0" class="outline-3">
+<h3 id="org86e6ea0"><span class="section-number-3">6.2.</span> Configure Cloister NRPE</h3>
<div class="outline-text-3" id="text-6-2">
<p>
Each cloistered host is a small institute campus host and thus is
already running an NRPE server (a NAGIOS Remote Plugin Executor
-server) with a custom <code>inst_sensors</code> monitor (described in <a href="Institute/README.html#orgf9a3257">Configure
+server) with a custom <code>inst_sensors</code> monitor (described in <a href="Institute/README.html#org58c226f">Configure
NRPE</a> of <a href="Institute/README.html">A Small Institute</a>). The abbey adds one complication: yet
another <code>check_sensors</code> variant, <code>abbey_pisensors</code>, installed on
Raspberry Pis (architecture <code>aarch64</code>) only.
</div>
</div>
</div>
-<div id="outline-container-orgad93d79" class="outline-3">
-<h3 id="orgad93d79"><span class="section-number-3">6.3.</span> Install Munin Node</h3>
+<div id="outline-container-org603e9b1" class="outline-3">
+<h3 id="org603e9b1"><span class="section-number-3">6.3.</span> Install Munin Node</h3>
<div class="outline-text-3" id="text-6-3">
<p>
Each cloistered host is a Munin node.
</div>
</div>
</div>
-<div id="outline-container-orgf21806d" class="outline-3">
-<h3 id="orgf21806d"><span class="section-number-3">6.4.</span> Install Emacs</h3>
+<div id="outline-container-org7ef9911" class="outline-3">
+<h3 id="org7ef9911"><span class="section-number-3">6.4.</span> Install Emacs</h3>
<div class="outline-text-3" id="text-6-4">
<p>
The monks of the abbey are masters of the staff and Emacs.
</div>
</div>
</div>
-<div id="outline-container-orgcc421f1" class="outline-2">
-<h2 id="orgcc421f1"><span class="section-number-2">7.</span> The Abbey Weather Role</h2>
+<div id="outline-container-org8f5862e" class="outline-2">
+<h2 id="org8f5862e"><span class="section-number-2">7.</span> The Abbey Weather Role</h2>
<div class="outline-text-2" id="text-7">
<p>
Birchwood Abbey now uses Home Assistant to record and display weather
</p>
</div>
</div>
-<div id="outline-container-org476a6b0" class="outline-2">
-<h2 id="org476a6b0"><span class="section-number-2">8.</span> The Abbey DVR Role</h2>
+<div id="outline-container-org0188138" class="outline-2">
+<h2 id="org0188138"><span class="section-number-2">8.</span> The Abbey DVR Role</h2>
<div class="outline-text-2" id="text-8">
<p>
The abbey uses AgentDVR to record video from PoE IP HD security
configuration and recordings in <q>/home/agentdvr/</q>.
</p>
</div>
-<div id="outline-container-org2e582ee" class="outline-3">
-<h3 id="org2e582ee"><span class="section-number-3">8.1.</span> Install AgentDVR</h3>
+<div id="outline-container-org79f84c0" class="outline-3">
+<h3 id="org79f84c0"><span class="section-number-3">8.1.</span> Install AgentDVR</h3>
<div class="outline-text-3" id="text-8-1">
<p>
AgentDVR is installed according to the iSpy web site's latest
<code>agentdvr</code> account if it has (temporary) authorization.
</p>
</div>
-<div id="outline-container-orga0c30b5" class="outline-4">
-<h4 id="orga0c30b5"><span class="section-number-4">8.1.1.</span> Prepare for AgentDVR Installation</h4>
+<div id="outline-container-orgd6c77dc" class="outline-4">
+<h4 id="orgd6c77dc"><span class="section-number-4">8.1.1.</span> Prepare for AgentDVR Installation</h4>
<div class="outline-text-4" id="text-8-1-1">
<p>
The following commands are manually executed to create the <code>agentdvr</code>
</div>
</div>
</div>
-<div id="outline-container-org69cb21c" class="outline-4">
-<h4 id="org69cb21c"><span class="section-number-4">8.1.2.</span> Execute AgentDVR Installation</h4>
+<div id="outline-container-org340986d" class="outline-4">
+<h4 id="org340986d"><span class="section-number-4">8.1.2.</span> Execute AgentDVR Installation</h4>
<div class="outline-text-4" id="text-8-1-2">
<p>
With the above preparations, the system administrator can get a shell
</p>
</div>
</div>
-<div id="outline-container-org8f0657d" class="outline-4">
-<h4 id="org8f0657d"><span class="section-number-4">8.1.3.</span> Complete AgentDVR Installation</h4>
+<div id="outline-container-org9a555a1" class="outline-4">
+<h4 id="org9a555a1"><span class="section-number-4">8.1.3.</span> Complete AgentDVR Installation</h4>
<div class="outline-text-4" id="text-8-1-3">
<p>
When Ansible is run a second time, after the installation script, it
</div>
</div>
</div>
-<div id="outline-container-org4c3c66a" class="outline-3">
-<h3 id="org4c3c66a"><span class="section-number-3">8.2.</span> Configure User <code>agentdvr</code></h3>
+<div id="outline-container-org1b09145" class="outline-3">
+<h3 id="org1b09145"><span class="section-number-3">8.2.</span> Configure User <code>agentdvr</code></h3>
<div class="outline-text-3" id="text-8-2">
<p>
AgentDVR runs as the system user <code>agentdvr</code>, which is configured here.
</div>
</div>
</div>
-<div id="outline-container-org8415a95" class="outline-3">
-<h3 id="org8415a95"><span class="section-number-3">8.3.</span> Test For <q>AgentDVR/</q></h3>
+<div id="outline-container-org10a48ff" class="outline-3">
+<h3 id="org10a48ff"><span class="section-number-3">8.3.</span> Test For <q>AgentDVR/</q></h3>
<div class="outline-text-3" id="text-8-3">
<p>
The following task probes for the <q>/home/agentdvr/AgentDVR/</q>
</div>
</div>
</div>
-<div id="outline-container-org3063f3a" class="outline-3">
-<h3 id="org3063f3a"><span class="section-number-3">8.4.</span> Create AgentDVR Service</h3>
+<div id="outline-container-org4ab6661" class="outline-3">
+<h3 id="org4ab6661"><span class="section-number-3">8.4.</span> Create AgentDVR Service</h3>
<div class="outline-text-3" id="text-8-4">
<p>
This service definition came from the template downloaded (from <a href="https://raw.githubusercontent.com/ispysoftware/agent-install-scripts/main/v2/AgentDVR.service">here</a>)
</div>
</div>
</div>
-<div id="outline-container-orgef1a08c" class="outline-3">
-<h3 id="orgef1a08c"><span class="section-number-3">8.5.</span> Create AgentDVR Storage</h3>
+<div id="outline-container-org2b56c4a" class="outline-3">
+<h3 id="org2b56c4a"><span class="section-number-3">8.5.</span> Create AgentDVR Storage</h3>
<div class="outline-text-3" id="text-8-5">
<p>
The abbey uses a separate volume to store surveillance recordings,
</div>
</div>
</div>
-<div id="outline-container-org53a1fb9" class="outline-3">
-<h3 id="org53a1fb9"><span class="section-number-3">8.6.</span> Install Custom NAGIOS Monitor <code>abbey_dvr</code></h3>
+<div id="outline-container-org5864b7d" class="outline-3">
+<h3 id="org5864b7d"><span class="section-number-3">8.6.</span> Install Custom NAGIOS Monitor <code>abbey_dvr</code></h3>
<div class="outline-text-3" id="text-8-6">
<p>
DVR hosts install a custom NRPE plugin named <code>abbey_dvr</code> to monitor
</div>
</div>
</div>
-<div id="outline-container-org943b187" class="outline-3">
-<h3 id="org943b187"><span class="section-number-3">8.7.</span> Configure IP Cameras</h3>
+<div id="outline-container-org065b021" class="outline-3">
+<h3 id="org065b021"><span class="section-number-3">8.7.</span> Configure IP Cameras</h3>
<div class="outline-text-3" id="text-8-7">
<p>
-A new security camera is setup as described in <a href="#org66cd4b1">Cloistering</a>, after
+A new security camera is setup as described in <a href="#org27bd882">Cloistering</a>, after
which the camera should be accessible by name on the abbey networks.
Assuming <code>ping -c1 new</code> works, the camera's web interface will be
accessible at <code>http://new/</code>.
</ul>
</div>
</div>
-<div id="outline-container-org07765cc" class="outline-3">
-<h3 id="org07765cc"><span class="section-number-3">8.8.</span> Configure AgentDVR's Cameras</h3>
+<div id="outline-container-orge09f1cd" class="outline-3">
+<h3 id="orge09f1cd"><span class="section-number-3">8.8.</span> Configure AgentDVR's Cameras</h3>
<div class="outline-text-3" id="text-8-8">
<p>
After Ansible has configured and started the AgentDVR service, its web
</p>
</div>
</div>
-<div id="outline-container-org7a1cf56" class="outline-3">
-<h3 id="org7a1cf56"><span class="section-number-3">8.9.</span> Configure AgentDVR's Default Storage</h3>
+<div id="outline-container-orgf0b63c4" class="outline-3">
+<h3 id="orgf0b63c4"><span class="section-number-3">8.9.</span> Configure AgentDVR's Default Storage</h3>
<div class="outline-text-3" id="text-8-9">
<p>
AgentDVR's web interface is also used to configure a default storage
</p>
</div>
</div>
-<div id="outline-container-org78f365b" class="outline-3">
-<h3 id="org78f365b"><span class="section-number-3">8.10.</span> Configure AgentDVR's Recordings</h3>
+<div id="outline-container-org490c797" class="outline-3">
+<h3 id="org490c797"><span class="section-number-3">8.10.</span> Configure AgentDVR's Recordings</h3>
<div class="outline-text-3" id="text-8-10">
<p>
After a default storage location has been configured, AgentDVR's
</ul>
</div>
</div>
-<div id="outline-container-orge424487" class="outline-3">
-<h3 id="orge424487"><span class="section-number-3">8.11.</span> Restore AgentDVR</h3>
+<div id="outline-container-org896cae7" class="outline-3">
+<h3 id="org896cae7"><span class="section-number-3">8.11.</span> Restore AgentDVR</h3>
<div class="outline-text-3" id="text-8-11">
<p>
When restoring <q>/home/</q> from a backup copy, the user accounts are
</div>
</div>
</div>
-<div id="outline-container-org0a40381" class="outline-2">
-<h2 id="org0a40381"><span class="section-number-2">9.</span> The Abbey TVR Role</h2>
+<div id="outline-container-org203e3d7" class="outline-2">
+<h2 id="org203e3d7"><span class="section-number-2">9.</span> The Abbey TVR Role</h2>
<div class="outline-text-2" id="text-9">
<p>
The abbey has a few TV tuners and a subscription to <a href="https://schedulesdirect.org/">Schedules Direct</a>
</p>
<p>
-A new TVR machine needs only <a href="#org66cd4b1">Cloistering</a> to prepare it for
+A new TVR machine needs only <a href="#org27bd882">Cloistering</a> to prepare it for
Ansible. As part of that process, it should be added to the <code>tvrs</code>
group in the <q>hosts</q> file. An existing server can become a TVR
machine by adding it to the <code>tvrs</code> group.
</p>
</div>
-<div id="outline-container-orga49742f" class="outline-3">
-<h3 id="orga49742f"><span class="section-number-3">9.1.</span> Include Abbey Variables</h3>
+<div id="outline-container-org9b29f58" class="outline-3">
+<h3 id="org9b29f58"><span class="section-number-3">9.1.</span> Include Abbey Variables</h3>
<div class="outline-text-3" id="text-9-1">
<p>
Private variables in <q>private/vars-abbey.yml</q> are needed, as in the
</div>
</div>
</div>
-<div id="outline-container-org0b99938" class="outline-3">
-<h3 id="org0b99938"><span class="section-number-3">9.2.</span> Manually Build and Install MythTV</h3>
+<div id="outline-container-org4ad523b" class="outline-3">
+<h3 id="org4ad523b"><span class="section-number-3">9.2.</span> Manually Build and Install MythTV</h3>
<div class="outline-text-3" id="text-9-2">
<p>
Neither Debian nor the MythTV project provide binary packages of
</div>
</div>
</div>
-<div id="outline-container-org1eafc15" class="outline-3">
-<h3 id="org1eafc15"><span class="section-number-3">9.3.</span> Restore MythTV</h3>
+<div id="outline-container-org0680394" class="outline-3">
+<h3 id="org0680394"><span class="section-number-3">9.3.</span> Restore MythTV</h3>
<div class="outline-text-3" id="text-9-3">
<p>
Restoring MythTV from a backup copy to a fresh TVR host:
</ul>
</div>
</div>
-<div id="outline-container-org54d3b6b" class="outline-3">
-<h3 id="org54d3b6b"><span class="section-number-3">9.4.</span> Manually Load DB Timezone Info</h3>
+<div id="outline-container-orgbd2d325" class="outline-3">
+<h3 id="orgbd2d325"><span class="section-number-3">9.4.</span> Manually Load DB Timezone Info</h3>
<div class="outline-text-3" id="text-9-4">
<p>
Starting with MythTV version 0.26, the time zone tables must be loaded
</div>
</div>
</div>
-<div id="outline-container-org18496a1" class="outline-3">
-<h3 id="org18496a1"><span class="section-number-3">9.5.</span> Create MythTV Storage Area</h3>
+<div id="outline-container-org6dbb52f" class="outline-3">
+<h3 id="org6dbb52f"><span class="section-number-3">9.5.</span> Create MythTV Storage Area</h3>
<div class="outline-text-3" id="text-9-5">
<p>
The backend does not have a default storage area for its recordings.
</div>
</div>
</div>
-<div id="outline-container-org1c294ef" class="outline-3">
-<h3 id="org1c294ef"><span class="section-number-3">9.6.</span> Configure MythTV Backend</h3>
+<div id="outline-container-orga0b7911" class="outline-3">
+<h3 id="orga0b7911"><span class="section-number-3">9.6.</span> Configure MythTV Backend</h3>
<div class="outline-text-3" id="text-9-6">
<p>
With MythTV built and installed, the post-installation tasks
</ul>
</div>
</div>
-<div id="outline-container-org7ca881c" class="outline-3">
-<h3 id="org7ca881c"><span class="section-number-3">9.7.</span> Configure Tuner</h3>
+<div id="outline-container-org6b36cc0" class="outline-3">
+<h3 id="org6b36cc0"><span class="section-number-3">9.7.</span> Configure Tuner</h3>
<div class="outline-text-3" id="text-9-7">
<p>
The abbey has a Silicon Dust Homerun HDTV Duo (with two tuners). It
-is setup as described in <a href="#org66cd4b1">Cloistering</a>, after which the tuner is
+is setup as described in <a href="#org27bd882">Cloistering</a>, after which the tuner is
accessible by name (e.g. <code>new</code>) on the cloister network. Assuming
<code>ping -c1 new</code> works, the tuner should be accessible via the
<code>hdhomerun_config_gui</code> command, a graphical interface contributed to
</p>
</div>
</div>
-<div id="outline-container-org16d6b6b" class="outline-3">
-<h3 id="org16d6b6b"><span class="section-number-3">9.8.</span> Add HDHomerun and Mr.Antenna</h3>
+<div id="outline-container-org5c66a8c" class="outline-3">
+<h3 id="org5c66a8c"><span class="section-number-3">9.8.</span> Add HDHomerun and Mr.Antenna</h3>
<div class="outline-text-3" id="text-9-8">
<p>
In MythTV Setup:
</ul>
</div>
</div>
-<div id="outline-container-orgf23d3fd" class="outline-3">
-<h3 id="orgf23d3fd"><span class="section-number-3">9.9.</span> Scan for New Channels</h3>
+<div id="outline-container-org9567eed" class="outline-3">
+<h3 id="org9567eed"><span class="section-number-3">9.9.</span> Scan for New Channels</h3>
<div class="outline-text-3" id="text-9-9">
<p>
In MythTV Backend, the website on Core's port 6544, e.g.
</ul>
</div>
</div>
-<div id="outline-container-org1222df8" class="outline-3">
-<h3 id="org1222df8"><span class="section-number-3">9.10.</span> Configure XMLTV</h3>
+<div id="outline-container-orgfd58ed4" class="outline-3">
+<h3 id="orgfd58ed4"><span class="section-number-3">9.10.</span> Configure XMLTV</h3>
<div class="outline-text-3" id="text-9-10">
<p>
The <code>xmltv</code> package, specifically its <code>tv_grab_zz_sdjson</code> program, is
the OTA (over the air) broadcasts.
</p>
-<pre class="example" id="orgecde88f">
+<pre class="example" id="orgc4a99e4">
$ tv_grab_zz_sdjson --configure --config-file .mythtv/Mr.Antenna.xml
Cache file for lineups, schedules and programs.
Cache file: [/home/mythtv/.xmltv/tv_grab_zz_sdjson.cache]
</p>
</div>
</div>
-<div id="outline-container-orgef98e7b" class="outline-3">
-<h3 id="orgef98e7b"><span class="section-number-3">9.11.</span> Debug XMLTV</h3>
+<div id="outline-container-orgeb4bdd4" class="outline-3">
+<h3 id="orgeb4bdd4"><span class="section-number-3">9.11.</span> Debug XMLTV</h3>
<div class="outline-text-3" id="text-9-11">
<p>
If the <code>mythfilldatabase</code> command fails or expected listings do not
</div>
</div>
</div>
-<div id="outline-container-org43b95cb" class="outline-3">
-<h3 id="org43b95cb"><span class="section-number-3">9.12.</span> Change Broadcast Area</h3>
+<div id="outline-container-orge9278cf" class="outline-3">
+<h3 id="orge9278cf"><span class="section-number-3">9.12.</span> Change Broadcast Area</h3>
<div class="outline-text-3" id="text-9-12">
<p>
The abbey changes location almost weekly, so its HDTV broadcast area
changes frequently. At the start of a long stay the administrator
uses the MythTV Setup program to scan for the new area's channels, as
-described in <a href="#orgf23d3fd">Scan for New Channels</a>.
+described in <a href="#org9567eed">Scan for New Channels</a>.
</p>
<p>
<p>
The program will prompt for the zip code and offer a list of "inputs"
-available in that area, as described in <a href="#org1222df8">Configure XMLTV</a>.
+available in that area, as described in <a href="#orgfd58ed4">Configure XMLTV</a>.
</p>
<p>
</div>
<p>
-If the command fails, consult <a href="#orgef98e7b">Debug XMLTV</a>. Else, the listings appear
+If the command fails, consult <a href="#orgeb4bdd4">Debug XMLTV</a>. Else, the listings appear
in MythTV Backend's "Program Guide" page.
</p>
</div>
</div>
</div>
-<div id="outline-container-org72723fe" class="outline-2">
-<h2 id="org72723fe"><span class="section-number-2">10.</span> The Ansible Configuration</h2>
+<div id="outline-container-org7d066b3" class="outline-2">
+<h2 id="org7d066b3"><span class="section-number-2">10.</span> The Ansible Configuration</h2>
<div class="outline-text-2" id="text-10">
<p>
The abbey's Ansible configuration, like that of <a href="Institute/README.html">A Small Institute</a>, is
</p>
<p>
-NOTE: if you have not read at least the <a href="Institute/README.html#org
60861c5">Overview</a> of <a href="Institute/README.html">A Small Institute</a>
+NOTE: if you have not read at least the <a href="Institute/README.html#org
5c113e6">Overview</a> of <a href="Institute/README.html">A Small Institute</a>
you are lost.
</p>
<q>README.org</q>, and <a href="Institute/README.html"><q>Institute/README.org</q></a>.
</p>
</div>
-<div id="outline-container-org7ab0f36" class="outline-3">
-<h3 id="org7ab0f36"><span class="section-number-3">10.1.</span> <q>ansible.cfg</q></h3>
+<div id="outline-container-org97721a6" class="outline-3">
+<h3 id="org97721a6"><span class="section-number-3">10.1.</span> <q>ansible.cfg</q></h3>
<div class="outline-text-3" id="text-10-1">
<p>
This is much like the example (test) institutional configuration file,
</div>
</div>
</div>
-<div id="outline-container-org81aa71b" class="outline-3">
-<h3 id="org81aa71b"><span class="section-number-3">10.2.</span> <q>hosts</q></h3>
+<div id="outline-container-orgce63353" class="outline-3">
+<h3 id="orgce63353"><span class="section-number-3">10.2.</span> <q>hosts</q></h3>
<div class="outline-text-3" id="text-10-2">
<div class="org-src-container">
-<a href="hosts"><q>hosts</q></a><pre class="src src-conf" id="org2a7459c"><code>all:
+<a href="hosts"><q>hosts</q></a><pre class="src src-conf" id="org059baf6"><code>all:
vars:
ansible_user: sysadm
ansible_ssh_extra_args: -i Secret/ssh_admin/id_rsa
hosts:
<span class="org-comment-delimiter"># </span><span class="org-comment">The Main Servers: Front, Gate and Core.
</span> droplet:
- ansible_host: 159.65.75.60
- ansible_become_password: <span class="org-string">"{{ become_droplet }}"</span>
- debdrop:
ansible_host: 138.68.252.171
- ansible_become_password: <span class="org-string">"{{ become_debdrop }}"</span>
+ ansible_become_password: <span class="org-string">"{{ become_droplet }}"</span>
anoat:
ansible_host: anoat.birchwood.private
ansible_become_password: <span class="org-string">"{{ become_anoat }}"</span>
ansible_host: dantooine.birchwood.private
ansible_become_password: <span class="org-string">"{{ become_dantooine }}"</span>
ord-mantell:
- ansible_host: ord-mantell-w.birchwood.private
+ ansible_host: ord-mantell.birchwood.private
ansible_become_password: <span class="org-string">"{{ become_ord_mantell }}"</span>
<span class="org-comment-delimiter"># </span><span class="org-comment">Notebooks
</span> felucia:
front:
hosts:
droplet:
- debdrop:
gate:
hosts:
anoat:
</div>
</div>
</div>
-<div id="outline-container-orgc65a79f" class="outline-3">
-<h3 id="orgc65a79f"><span class="section-number-3">10.3.</span> <q>playbooks/site.yml</q></h3>
+<div id="outline-container-orge2dc254" class="outline-3">
+<h3 id="orge2dc254"><span class="section-number-3">10.3.</span> <q>playbooks/site.yml</q></h3>
<div class="outline-text-3" id="text-10-3">
<p>
This playbook provisions the entire network by applying first the
</div>
</div>
</div>
-<div id="outline-container-org4b0a2dc" class="outline-2">
-<h2 id="org4b0a2dc"><span class="section-number-2">11.</span> The Abbey Commands</h2>
+<div id="outline-container-org78927cb" class="outline-2">
+<h2 id="org78927cb"><span class="section-number-2">11.</span> The Abbey Commands</h2>
<div class="outline-text-2" id="text-11">
<p>
The <code>./abbey</code> script encodes the abbey's canonical procedures. It
-includes <a href="Institute/README.html#org2fa987a">The Institute Commands</a> and adds a few abbey-specific
+includes <a href="Institute/README.html#org1a2cea9">The Institute Commands</a> and adds a few abbey-specific
sub-commands.
</p>
</div>
-<div id="outline-container-org11f8513" class="outline-3">
-<h3 id="org11f8513"><span class="section-number-3">11.1.</span> Abbey Command Overview</h3>
+<div id="outline-container-org81da97c" class="outline-3">
+<h3 id="org81da97c"><span class="section-number-3">11.1.</span> Abbey Command Overview</h3>
<div class="outline-text-3" id="text-11-1">
<p>
Institutional sub-commands:
</dl>
</div>
</div>
-<div id="outline-container-org2c28ec7" class="outline-3">
-<h3 id="org2c28ec7"><span class="section-number-3">11.2.</span> Abbey Command Script</h3>
+<div id="outline-container-org9b2329a" class="outline-3">
+<h3 id="org9b2329a"><span class="section-number-3">11.2.</span> Abbey Command Script</h3>
<div class="outline-text-3" id="text-11-2">
<p>
The script begins with the following prefix and trampolines.
The small institute's <code>./inst</code> command expects to be running in
<q>Institute/</q>, not <q>./</q>, but it only references <q>public/</q>, <q>private/</q>,
<q>Secret/</q> and <q>playbooks/check-inst-vars.yml</q>, and will find the abbey
-specific versions of these. The <code>roles_path</code> setting in <a href="#org7ab0f36"><q>ansible.cfg</q></a>
+specific versions of these. The <code>roles_path</code> setting in <a href="#org97721a6"><q>ansible.cfg</q></a>
effectively merges the institutional roles into the distinctly named
abbey specific roles. The roles likewise reference files with
relative names, and will find the abbey specific <q>private/</q>
</div>
</div>
</div>
-<div id="outline-container-org26884d7" class="outline-3">
-<h3 id="org26884d7"><span class="section-number-3">11.3.</span> The Upgrade Command</h3>
+<div id="outline-container-org98e05f7" class="outline-3">
+<h3 id="org98e05f7"><span class="section-number-3">11.3.</span> The Upgrade Command</h3>
<div class="outline-text-3" id="text-11-3">
<p>
The script implements an <code>upgrade</code> sub-command that runs <code>apt update</code>
</div>
</div>
</div>
-<div id="outline-container-orgd697aef" class="outline-3">
-<h3 id="orgd697aef"><span class="section-number-3">11.4.</span> The Reboots Command</h3>
+<div id="outline-container-org5127890" class="outline-3">
+<h3 id="org5127890"><span class="section-number-3">11.4.</span> The Reboots Command</h3>
<div class="outline-text-3" id="text-11-4">
<p>
The script implements a <code>reboots</code> sub-command that looks for
</div>
</div>
</div>
-<div id="outline-container-orgac85b61" class="outline-3">
-<h3 id="orgac85b61"><span class="section-number-3">11.5.</span> The Versions Command</h3>
+<div id="outline-container-orgde0400b" class="outline-3">
+<h3 id="orgde0400b"><span class="section-number-3">11.5.</span> The Versions Command</h3>
<div class="outline-text-3" id="text-11-5">
<p>
The script implements a <code>versions</code> sub-command that reports the
</div>
</div>
</div>
-<div id="outline-container-org8a4fb33" class="outline-3">
-<h3 id="org8a4fb33"><span class="section-number-3">11.6.</span> The Facts Command</h3>
+<div id="outline-container-org2a1851d" class="outline-3">
+<h3 id="org2a1851d"><span class="section-number-3">11.6.</span> The Facts Command</h3>
<div class="outline-text-3" id="text-11-6">
<p>
The script implements a <code>facts</code> sub-command to collect the Ansible
</div>
</div>
</div>
-<div id="outline-container-orgc63ebb2" class="outline-3">
-<h3 id="orgc63ebb2"><span class="section-number-3">11.7.</span> The TZ Command</h3>
+<div id="outline-container-orgb88859c" class="outline-3">
+<h3 id="orgb88859c"><span class="section-number-3">11.7.</span> The TZ Command</h3>
<div class="outline-text-3" id="text-11-7">
<p>
The abbey changes location almost weekly, so its timezone changes
</div>
</div>
</div>
-<div id="outline-container-org0bc04b7" class="outline-3">
-<h3 id="org0bc04b7"><span class="section-number-3">11.8.</span> Abbey Command Help</h3>
+<div id="outline-container-org28732dd" class="outline-3">
+<h3 id="org28732dd"><span class="section-number-3">11.8.</span> Abbey Command Help</h3>
<div class="outline-text-3" id="text-11-8">
<div class="org-src-container">
<a href="abbey"><q>abbey</q></a><pre class="src src-perl"><code><span class="org-keyword">my</span> $<span class="org-variable-name">ops</span> = (<span class="org-string">"config,new,old,pass,client,"</span>
</div>
</div>
</div>
-<div id="outline-container-org66cd4b1" class="outline-2">
-<h2 id="org66cd4b1"><span class="section-number-2">12.</span> Cloistering</h2>
+<div id="outline-container-org27bd882" class="outline-2">
+<h2 id="org27bd882"><span class="section-number-2">12.</span> Cloistering</h2>
<div class="outline-text-2" id="text-12">
<p>
This is how a new machine is brought into the cloister. The process
Ansible.
</p>
</div>
-<div id="outline-container-orge4f11c6" class="outline-3">
-<h3 id="orge4f11c6"><span class="section-number-3">12.1.</span> IoT Devices</h3>
+<div id="outline-container-org0c9c845" class="outline-3">
+<h3 id="org0c9c845"><span class="section-number-3">12.1.</span> IoT Devices</h3>
<div class="outline-text-3" id="text-12-1">
<p>
A wireless IoT device (smart TV, Blu-ray deck, etc.) cannot install
</p>
<ul class="org-ul">
-<li><a href="#org4597011">Add to Core DHCP</a></li>
-<li><a href="#org60e0ec7">Create Wired Domain Name</a></li>
+<li><a href="#org12c37aa">Add to Core DHCP</a></li>
+<li><a href="#org12a98b5">Create Wired Domain Name</a></li>
</ul>
<p>
</p>
<ul class="org-ul">
-<li><a href="#org3976eb7">Create Wireless Domain Name</a></li>
+<li><a href="#org8b05eeb">Create Wireless Domain Name</a></li>
</ul>
</div>
</div>
-<div id="outline-container-org548caea" class="outline-3">
-<h3 id="org548caea"><span class="section-number-3">12.2.</span> Raspberry Pis</h3>
+<div id="outline-container-org7a9ccc4" class="outline-3">
+<h3 id="org7a9ccc4"><span class="section-number-3">12.2.</span> Raspberry Pis</h3>
<div class="outline-text-3" id="text-12-2">
<p>
The abbey's Raspberry Pi runs the Raspberry Pi OS desktop off an NVMe
<li>new username: sysadm</li>
<li>new password: <password></li>
</ul></li>
-<li><a href="#org4597011">Add to Core DHCP</a></li>
-<li><a href="#org60e0ec7">Create Wired Domain Name</a></li>
+<li><a href="#org12c37aa">Add to Core DHCP</a></li>
+<li><a href="#org12a98b5">Create Wired Domain Name</a></li>
<li>Launch the desktop.</li>
<li>If the desktop is running on a USB HD (thumb drive) or μSD card, use
the Raspberry Pi Imager app in Accessories in the main menu. Choose
<li>Right click on the desktop (background) and choose Preferences. In
the Control Centre choose Interfaces in the left side bar and toggle
SSH on.</li>
-
-<li>Run <code>sudo raspi-config</code> and use the following menu items.
-<ul class="org-ul">
-<li>S4 Hostname (Set name for this computer on a network): new</li>
-<li>I1 SSH (Enable/disable remote command line access using SSH): enable</li>
-<li>A1 Expand Filesystem (Ensures that all of the SD card is available)</li>
-</ul></li>
-<li><a href="#org7dac27c">Update From Cloister Apt Cache</a></li>
-<li><a href="#org712443e">Authorize Remote Administration</a></li>
-<li><a href="#org0455894">Configure with Ansible</a></li>
+<li><a href="#org15d1e50">Update From Cloister Apt Cache</a></li>
+<li><a href="#orgeebba7d">Authorize Remote Administration</a></li>
+<li><a href="#org6711a44">Configure with Ansible</a></li>
</ul>
<p>
</p>
<ul class="org-ul">
-<li><a href="#org6ea1bda">Connect to Cloister Wi-Fi</a></li>
-<li><a href="#org8a6aeb9">Connect to Cloister VPN</a></li>
-<li><a href="#org3976eb7">Create Wireless Domain Name</a></li>
+<li><a href="#orge567883">Connect to Cloister Wi-Fi</a></li>
+<li><a href="#orgf7c666a">Connect to Cloister VPN</a></li>
+<li><a href="#org8b05eeb">Create Wireless Domain Name</a></li>
</ul>
</div>
</div>
-<div id="outline-container-orgb389fa1" class="outline-3">
-<h3 id="orgb389fa1"><span class="section-number-3">12.3.</span> PCs</h3>
+<div id="outline-container-orgf906b38" class="outline-3">
+<h3 id="orgf906b38"><span class="section-number-3">12.3.</span> PCs</h3>
<div class="outline-text-3" id="text-12-3">
<p>
Most of the abbey's machines, like Core and Gate, are general-purpose
to a USB drive and connect it to the PC.</li>
<li>Connect an HDMI monitor, a USB keyboard/mouse, and the cloister
Ethernet, and power up. Choose to boot from the USB drive.</li>
-<li><a href="#org4597011">Add to Core DHCP</a></li>
-<li><a href="#org60e0ec7">Create Wired Domain Name</a></li>
+<li><a href="#org12c37aa">Add to Core DHCP</a></li>
+<li><a href="#org12a98b5">Create Wired Domain Name</a></li>
<li>Answer first-boot installation questions as detailed in the
preparation of <a href="Institute/README.org*A Test Machine">A Test Machine</a> for a Small Institute.</li>
<li>Log in as <code>sysadm</code> on the console.</li>
-<li><a href="#org7dac27c">Update From Cloister Apt Cache</a></li>
+<li><a href="#org15d1e50">Update From Cloister Apt Cache</a></li>
<li><p>
Install <code>openssh-server</code>, unless it was included in the
distribution. Run the following if unsure.
<pre class="example">
sudo apt install openssh-server
</pre></li>
-<li><a href="#org712443e">Authorize Remote Administration</a></li>
-<li><a href="#org0455894">Configure with Ansible</a></li>
+<li><a href="#orgeebba7d">Authorize Remote Administration</a></li>
+<li><a href="#org6711a44">Configure with Ansible</a></li>
</ul>
<p>
</p>
<ul class="org-ul">
-<li><a href="#org6ea1bda">Connect to Cloister Wi-Fi</a></li>
-<li><a href="#org8a6aeb9">Connect to Cloister VPN</a></li>
-<li><a href="#org3976eb7">Create Wireless Domain Name</a></li>
+<li><a href="#orge567883">Connect to Cloister Wi-Fi</a></li>
+<li><a href="#orgf7c666a">Connect to Cloister VPN</a></li>
+<li><a href="#org8b05eeb">Create Wireless Domain Name</a></li>
</ul>
</div>
</div>
-<div id="outline-container-org4597011" class="outline-3">
-<h3 id="org4597011"><span class="section-number-3">12.4.</span> Add to Core DHCP</h3>
+<div id="outline-container-org12c37aa" class="outline-3">
+<h3 id="org12c37aa"><span class="section-number-3">12.4.</span> Add to Core DHCP</h3>
<div class="outline-text-3" id="text-12-4">
<p>
When a new machine is connected to the cloister Ethernet, its MAC
</div>
</div>
</div>
-<div id="outline-container-org60e0ec7" class="outline-3">
-<h3 id="org60e0ec7"><span class="section-number-3">12.5.</span> Create Wired Domain Name</h3>
+<div id="outline-container-org12a98b5" class="outline-3">
+<h3 id="org12a98b5"><span class="section-number-3">12.5.</span> Create Wired Domain Name</h3>
<div class="outline-text-3" id="text-12-5">
<p>
A wired device is assigned an IP address when it is added to Core's
-DHCP configuration (as in <a href="#org4597011">Add to Core DHCP</a>). A private domain name is
+DHCP configuration (as in <a href="#org12c37aa">Add to Core DHCP</a>). A private domain name is
then associated with this address. If the device is intended to
operate wirelessly, the name for its address is modified with a <code>-w</code>
suffix. Thus <code>new-w.small.private</code> would be the name of the new
</div>
</div>
</div>
-<div id="outline-container-org7dac27c" class="outline-3">
-<h3 id="org7dac27c"><span class="section-number-3">12.6.</span> Update From Cloister Apt Cache</h3>
+<div id="outline-container-org15d1e50" class="outline-3">
+<h3 id="org15d1e50"><span class="section-number-3">12.6.</span> Update From Cloister Apt Cache</h3>
<div class="outline-text-3" id="text-12-6">
<ul class="org-ul">
<li>Log in as <code>sysadm</code> on the console.</li>
</ul>
</div>
</div>
-<div id="outline-container-org712443e" class="outline-3">
-<h3 id="org712443e"><span class="section-number-3">12.7.</span> Authorize Remote Administration</h3>
+<div id="outline-container-orgeebba7d" class="outline-3">
+<h3 id="orgeebba7d"><span class="section-number-3">12.7.</span> Authorize Remote Administration</h3>
<div class="outline-text-3" id="text-12-7">
<p>
To remotely administer <code>new-w</code>, Ansible must be authorized to login as
</div>
</div>
</div>
-<div id="outline-container-org0455894" class="outline-3">
-<h3 id="org0455894"><span class="section-number-3">12.8.</span> Configure with Ansible</h3>
+<div id="outline-container-org6711a44" class="outline-3">
+<h3 id="org6711a44"><span class="section-number-3">12.8.</span> Configure with Ansible</h3>
<div class="outline-text-3" id="text-12-8">
<p>
-With remote administration authorized and tested (as in <a href="#org712443e">Authorize
+With remote administration authorized and tested (as in <a href="#orgeebba7d">Authorize
Remote Administration</a>), and the machine connected to the cloister
Ethernet, the configuration of <code>new-w</code> can be completed by Ansible.
Note that if the machine is staying on the cloister Ethernet, its
</p>
<p>
-First <code>new-w</code> is added to Ansible's inventory in <a href="#org81aa71b"><q>hosts</q></a>. A <code>new-w</code>
+First <code>new-w</code> is added to Ansible's inventory in <a href="#orgce63353"><q>hosts</q></a>. A <code>new-w</code>
section is added to the list of all hosts, and an empty section of the
same name is added to the list of <code>campus</code> hosts. If the machine uses
the usual privileged account name, <code>sysadm</code>, the <code>ansible_user</code> key is
</div>
</div>
</div>
-<div id="outline-container-org6ea1bda" class="outline-3">
-<h3 id="org6ea1bda"><span class="section-number-3">12.9.</span> Connect to Cloister Wi-Fi</h3>
+<div id="outline-container-orge567883" class="outline-3">
+<h3 id="orge567883"><span class="section-number-3">12.9.</span> Connect to Cloister Wi-Fi</h3>
<div class="outline-text-3" id="text-12-9">
<p>
On an IoT device, or a Debian or Android "desktop", the cloister Wi-Fi
</div>
</div>
</div>
-<div id="outline-container-org8a6aeb9" class="outline-3">
-<h3 id="org8a6aeb9"><span class="section-number-3">12.10.</span> Connect to Cloister VPN</h3>
+<div id="outline-container-orgf7c666a" class="outline-3">
+<h3 id="orgf7c666a"><span class="section-number-3">12.10.</span> Connect to Cloister VPN</h3>
<div class="outline-text-3" id="text-12-10">
<p>
Wireless devices (with the cloister Wi-Fi password) can get an IP
<p>
Connections to the cloister VPN are authorized by the <code>./abbey
-client...</code> command (aka <a href="Institute/README.html#org8465bda">The Client Command</a>), which registers a new
+client...</code> command (aka <a href="Institute/README.html#org2ac6cf1">The Client Command</a>), which registers a new
client's public key and installs new WireGuard™ configurations on the
servers. Private keys are kept on the clients (e.g. in
<q>/etc/wireguard/private-key</q>).
</p>
</div>
-<div id="outline-container-orge0f2773" class="outline-4">
-<h4 id="orge0f2773"><span class="section-number-4">12.10.1.</span> Campus Desktops and Servers</h4>
+<div id="outline-container-org6f1eab6" class="outline-4">
+<h4 id="org6f1eab6"><span class="section-number-4">12.10.1.</span> Campus Desktops and Servers</h4>
<div class="outline-text-4" id="text-12-10-1">
<p>
Wireless Debian desktops (with NetworkManager) as well as servers
</ul>
</div>
</div>
-<div id="outline-container-org9284b30" class="outline-4">
-<h4 id="org9284b30"><span class="section-number-4">12.10.2.</span> Private Desktops</h4>
+<div id="outline-container-org4270437" class="outline-4">
+<h4 id="org4270437"><span class="section-number-4">12.10.2.</span> Private Desktops</h4>
<div class="outline-text-4" id="text-12-10-2">
<p>
Member notebooks are private machines not remotely administered by the
</p>
</div>
</div>
-<div id="outline-container-org8722577" class="outline-4">
-<h4 id="org8722577"><span class="section-number-4">12.10.3.</span> Android</h4>
+<div id="outline-container-orgbc27c37" class="outline-4">
+<h4 id="orgbc27c37"><span class="section-number-4">12.10.3.</span> Android</h4>
<div class="outline-text-4" id="text-12-10-3">
<p>
Android phones and tablets are authorized to connect to the cloister
</div>
</div>
</div>
-<div id="outline-container-org3976eb7" class="outline-3">
-<h3 id="org3976eb7"><span class="section-number-3">12.11.</span> Create Wireless Domain Name</h3>
+<div id="outline-container-org8b05eeb" class="outline-3">
+<h3 id="org8b05eeb"><span class="section-number-3">12.11.</span> Create Wireless Domain Name</h3>
<div class="outline-text-3" id="text-12-11">
<p>
A wireless machine is assigned a Wi-Fi address when it connects to the
</div>
<div id="postamble" class="status">
<p class="author">Author: Matt Birkholz</p>
-<p class="date">Created: 2026-01-02 Fri 15:07</p>
+<p class="date">Created: 2026-01-12 Mon 09:55</p>
<p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p>
</div>
</body>
projects / Network.git / commitdiff