"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
-<!-- 2024-03-11 Mon 17:33 -->
+<!-- 2024-03-28 Thu 14:01 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>A Small Institute</title>
members off campus.
</p>
-<pre class="example" id="org842edc1">
+<pre class="example" id="orgb86bbff">
=
_|||_
=-The-Institute-=
</pre>
</div>
-<div class="TEXT" id="orgde5cea3">
+<div class="TEXT" id="org4170748">
<p>
=> 10.62.17.0/24
</p>
campground Wi-Fi access point, etc.</li>
</ol>
-<pre class="example" id="org6d09f97">
+<pre class="example" id="org7bd4bb7">
=============== | ==================================================
| Premises
(Campus ISP)
following topology.
</p>
-<pre class="example" id="orgc1e3280">
+<pre class="example" id="org266a7ce">
=============== | ==================================================
| Premises
(House ISP)
institute's servers. At the moment there is just the one.
</p>
</div>
-<div id="outline-container-org4e59c64" class="outline-3">
-<h3 id="org4e59c64"><span class="section-number-3">6.1.</span> Include Particulars</h3>
+<div id="outline-container-org447849b" class="outline-3">
+<h3 id="org447849b"><span class="section-number-3">6.1.</span> Include Particulars</h3>
<div class="outline-text-3" id="text-6-1">
<p>
The <code>all</code> role's task contains a reference to a common institute
certificates signed by the institute CA.
</p>
</div>
-<div id="outline-container-org9ff2317" class="outline-3">
-<h3 id="org9ff2317"><span class="section-number-3">7.1.</span> Include Particulars</h3>
+<div id="outline-container-orgf78c136" class="outline-3">
+<h3 id="orgf78c136"><span class="section-number-3">7.1.</span> Include Particulars</h3>
<div class="outline-text-3" id="text-7-1">
<p>
The first task, as in <a href="#orgd60dcd1">The All Role</a>, is to include the institute
</div>
</div>
</div>
-<div id="outline-container-org2ecf1fc" class="outline-3">
-<h3 id="org2ecf1fc"><span class="section-number-3">7.2.</span> Configure Hostname</h3>
+<div id="outline-container-org4c3996e" class="outline-3">
+<h3 id="org4c3996e"><span class="section-number-3">7.2.</span> Configure Hostname</h3>
<div class="outline-text-3" id="text-7-2">
<p>
This task ensures that Front's <q>/etc/hostname</q> and <q>/etc/mailname</q> are
</div>
</div>
</div>
-<div id="outline-container-org0365651" class="outline-3">
-<h3 id="org0365651"><span class="section-number-3">7.3.</span> Add Administrator to System Groups</h3>
+<div id="outline-container-orgab509e9" class="outline-3">
+<h3 id="orgab509e9"><span class="section-number-3">7.3.</span> Add Administrator to System Groups</h3>
<div class="outline-text-3" id="text-7-3">
<p>
The administrator often needs to read (directories of) log files owned
</div>
</div>
</div>
-<div id="outline-container-org4dc1eb8" class="outline-3">
-<h3 id="org4dc1eb8"><span class="section-number-3">7.5.</span> Configure Monkey</h3>
+<div id="outline-container-orgc79baad" class="outline-3">
+<h3 id="orgc79baad"><span class="section-number-3">7.5.</span> Configure Monkey</h3>
<div class="outline-text-3" id="text-7-5">
<p>
The small institute runs cron jobs and web scripts that generate
</div>
</div>
</div>
-<div id="outline-container-orged061bf" class="outline-3">
-<h3 id="orged061bf"><span class="section-number-3">7.7.</span> Install Unattended Upgrades</h3>
+<div id="outline-container-orge010cca" class="outline-3">
+<h3 id="orge010cca"><span class="section-number-3">7.7.</span> Install Unattended Upgrades</h3>
<div class="outline-text-3" id="text-7-7">
<p>
The institute prefers to install security updates as soon as possible.
</div>
</div>
</div>
-<div id="outline-container-org328bd8d" class="outline-3">
-<h3 id="org328bd8d"><span class="section-number-3">7.8.</span> Configure User Accounts</h3>
+<div id="outline-container-org4a578a7" class="outline-3">
+<h3 id="org4a578a7"><span class="section-number-3">7.8.</span> Configure User Accounts</h3>
<div class="outline-text-3" id="text-7-8">
<p>
User accounts are created immediately so that Postfix and Dovecot can
</div>
</div>
</div>
-<div id="outline-container-org2ab49c8" class="outline-3">
-<h3 id="org2ab49c8"><span class="section-number-3">7.9.</span> Install Server Certificate</h3>
+<div id="outline-container-org1a2f9ae" class="outline-3">
+<h3 id="org1a2f9ae"><span class="section-number-3">7.9.</span> Install Server Certificate</h3>
<div class="outline-text-3" id="text-7-9">
<p>
The servers on Front use the same certificate (and key) to
</div>
</div>
</div>
-<div id="outline-container-org26190b7" class="outline-3">
-<h3 id="org26190b7"><span class="section-number-3">7.12.</span> Configure Dovecot IMAPd</h3>
+<div id="outline-container-orgd1b1ae5" class="outline-3">
+<h3 id="orgd1b1ae5"><span class="section-number-3">7.12.</span> Configure Dovecot IMAPd</h3>
<div class="outline-text-3" id="text-7-12">
<p>
Front uses Dovecot's IMAPd to allow user Fetchmail jobs on Core to
</div>
</div>
</div>
-<div id="outline-container-orgf920b5f" class="outline-3">
-<h3 id="orgf920b5f"><span class="section-number-3">7.14.</span> Configure OpenVPN</h3>
+<div id="outline-container-org556ffbd" class="outline-3">
+<h3 id="org556ffbd"><span class="section-number-3">7.14.</span> Configure OpenVPN</h3>
<div class="outline-text-3" id="text-7-14">
<p>
Front uses OpenVPN to provide the institute's public VPN service. The
account. (For details, see <a href="#org8d60b7b">The Core Machine</a>.)
</p>
</div>
-<div id="outline-container-orga30cdd5" class="outline-3">
-<h3 id="orga30cdd5"><span class="section-number-3">8.1.</span> Include Particulars</h3>
+<div id="outline-container-org9c95097" class="outline-3">
+<h3 id="org9c95097"><span class="section-number-3">8.1.</span> Include Particulars</h3>
<div class="outline-text-3" id="text-8-1">
<p>
The first task, as in <a href="#org9240129">The Front Role</a>, is to include the institute
</div>
</div>
</div>
-<div id="outline-container-orgc3412ed" class="outline-3">
-<h3 id="orgc3412ed"><span class="section-number-3">8.2.</span> Configure Hostname</h3>
+<div id="outline-container-org5043c05" class="outline-3">
+<h3 id="org5043c05"><span class="section-number-3">8.2.</span> Configure Hostname</h3>
<div class="outline-text-3" id="text-8-2">
<p>
This task ensures that Core's <q>/etc/hostname</q> and <q>/etc/mailname</q> are
</div>
</div>
</div>
-<div id="outline-container-orge61e556" class="outline-3">
-<h3 id="orge61e556"><span class="section-number-3">8.3.</span> Configure Systemd Resolved</h3>
+<div id="outline-container-org065d2c9" class="outline-3">
+<h3 id="org065d2c9"><span class="section-number-3">8.3.</span> Configure Systemd Resolved</h3>
<div class="outline-text-3" id="text-8-3">
<p>
Core runs the campus name server, so Resolved is configured to use it
</div>
</div>
</div>
-<div id="outline-container-org86f8fed" class="outline-3">
-<h3 id="org86f8fed"><span class="section-number-3">8.7.</span> Add Administrator to System Groups</h3>
+<div id="outline-container-org52d18ca" class="outline-3">
+<h3 id="org52d18ca"><span class="section-number-3">8.7.</span> Add Administrator to System Groups</h3>
<div class="outline-text-3" id="text-8-7">
<p>
The administrator often needs to read (directories of) log files owned
</div>
</div>
</div>
-<div id="outline-container-orgc79baad" class="outline-3">
-<h3 id="orgc79baad"><span class="section-number-3">8.8.</span> Configure Monkey</h3>
+<div id="outline-container-orgd77b9bb" class="outline-3">
+<h3 id="orgd77b9bb"><span class="section-number-3">8.8.</span> Configure Monkey</h3>
<div class="outline-text-3" id="text-8-8">
<p>
The small institute runs cron jobs and web scripts that generate
</div>
</div>
</div>
-<div id="outline-container-org1c76b4a" class="outline-3">
-<h3 id="org1c76b4a"><span class="section-number-3">8.9.</span> Install Unattended Upgrades</h3>
+<div id="outline-container-org5613d36" class="outline-3">
+<h3 id="org5613d36"><span class="section-number-3">8.9.</span> Install Unattended Upgrades</h3>
<div class="outline-text-3" id="text-8-9">
<p>
The institute prefers to install security updates as soon as possible.
</div>
</div>
</div>
-<div id="outline-container-org4a578a7" class="outline-3">
-<h3 id="org4a578a7"><span class="section-number-3">8.11.</span> Configure User Accounts</h3>
+<div id="outline-container-orga1c82d1" class="outline-3">
+<h3 id="orga1c82d1"><span class="section-number-3">8.11.</span> Configure User Accounts</h3>
<div class="outline-text-3" id="text-8-11">
<p>
User accounts are created immediately so that backups can begin
</div>
</div>
</div>
-<div id="outline-container-org8af85b3" class="outline-3">
-<h3 id="org8af85b3"><span class="section-number-3">8.12.</span> Install Server Certificate</h3>
+<div id="outline-container-orga74f50b" class="outline-3">
+<h3 id="orga74f50b"><span class="section-number-3">8.12.</span> Install Server Certificate</h3>
<div class="outline-text-3" id="text-8-12">
<p>
The servers on Core use the same certificate (and key) to authenticate
</div>
</div>
</div>
-<div id="outline-container-orgd1b1ae5" class="outline-3">
-<h3 id="orgd1b1ae5"><span class="section-number-3">8.16.</span> Configure Dovecot IMAPd</h3>
+<div id="outline-container-org6b38a00" class="outline-3">
+<h3 id="org6b38a00"><span class="section-number-3">8.16.</span> Configure Dovecot IMAPd</h3>
<div class="outline-text-3" id="text-8-16">
<p>
Core uses Dovecot's IMAPd to store and serve member emails. As on
<p>
The tasks below install Apache2 and edit its default configuration.
-The global <code>ServerName</code> directive must be deleted because it seems to
-interfere with mapping URLs to the correct virtual host.
</p>
<div class="org-src-container">
become: yes
<span class="org-variable-name">apt: pkg</span>=apache2
-- name: Disable Apache2 server name.
- become: yes
- lineinfile:
- path: /etc/apache2/apache2.conf
- regexp: <span class="org-string">"([^#]+)ServerName (.*)"</span>
- backrefs: yes
- line: <span class="org-string">"# \\1ServerName \\2"</span>
- notify: Restart Apache2.
-
- name: Enable Apache2 modules.
become: yes
apache2_module:
configurations, etc.
</p>
</div>
-<div id="outline-container-org9d95455" class="outline-3">
-<h3 id="org9d95455"><span class="section-number-3">9.1.</span> Include Particulars</h3>
+<div id="outline-container-org3ef4117" class="outline-3">
+<h3 id="org3ef4117"><span class="section-number-3">9.1.</span> Include Particulars</h3>
<div class="outline-text-3" id="text-9-1">
<p>
The following should be familiar boilerplate by now.
</div>
</div>
</div>
-<div id="outline-container-org1a2f9ae" class="outline-3">
-<h3 id="org1a2f9ae"><span class="section-number-3">9.6.</span> Install Server Certificate</h3>
+<div id="outline-container-org2e943b2" class="outline-3">
+<h3 id="org2e943b2"><span class="section-number-3">9.6.</span> Install Server Certificate</h3>
<div class="outline-text-3" id="text-9-6">
<p>
The (OpenVPN) server on Gate uses an institute certificate (and key)
</div>
</div>
</div>
-<div id="outline-container-org556ffbd" class="outline-3">
-<h3 id="org556ffbd"><span class="section-number-3">9.7.</span> Configure OpenVPN</h3>
+<div id="outline-container-orge879e54" class="outline-3">
+<h3 id="orge879e54"><span class="section-number-3">9.7.</span> Configure OpenVPN</h3>
<div class="outline-text-3" id="text-9-7">
<p>
Gate uses OpenVPN to provide the institute's campus VPN service. Its
configured manually.
</p>
</div>
-<div id="outline-container-org447849b" class="outline-3">
-<h3 id="org447849b"><span class="section-number-3">10.1.</span> Include Particulars</h3>
+<div id="outline-container-orge96dcaf" class="outline-3">
+<h3 id="orge96dcaf"><span class="section-number-3">10.1.</span> Include Particulars</h3>
<div class="outline-text-3" id="text-10-1">
<p>
The following should be familiar boilerplate by now.
</div>
</div>
</div>
-<div id="outline-container-org4c3996e" class="outline-3">
-<h3 id="org4c3996e"><span class="section-number-3">10.2.</span> Configure Hostname</h3>
+<div id="outline-container-org8f79a3d" class="outline-3">
+<h3 id="org8f79a3d"><span class="section-number-3">10.2.</span> Configure Hostname</h3>
<div class="outline-text-3" id="text-10-2">
<p>
Clients should be using the expected host name.
</div>
</div>
</div>
-<div id="outline-container-org065d2c9" class="outline-3">
-<h3 id="org065d2c9"><span class="section-number-3">10.3.</span> Configure Systemd Resolved</h3>
+<div id="outline-container-org89d3c10" class="outline-3">
+<h3 id="org89d3c10"><span class="section-number-3">10.3.</span> Configure Systemd Resolved</h3>
<div class="outline-text-3" id="text-10-3">
<p>
Campus machines use the campus name server on Core (or <code>dns.google</code>),
</div>
</div>
</div>
-<div id="outline-container-orgab509e9" class="outline-3">
-<h3 id="orgab509e9"><span class="section-number-3">10.5.</span> Add Administrator to System Groups</h3>
+<div id="outline-container-orgc830621" class="outline-3">
+<h3 id="orgc830621"><span class="section-number-3">10.5.</span> Add Administrator to System Groups</h3>
<div class="outline-text-3" id="text-10-5">
<p>
The administrator often needs to read (directories of) log files owned
</div>
</div>
</div>
-<div id="outline-container-orge010cca" class="outline-3">
-<h3 id="orge010cca"><span class="section-number-3">10.6.</span> Install Unattended Upgrades</h3>
+<div id="outline-container-org8c95d10" class="outline-3">
+<h3 id="org8c95d10"><span class="section-number-3">10.6.</span> Install Unattended Upgrades</h3>
<div class="outline-text-3" id="text-10-6">
<p>
The institute prefers to install security updates as soon as possible.
</div></div>
<div id="postamble" class="status">
<p class="author">Author: Matt Birkholz</p>
-<p class="date">Created: 2024-03-11 Mon 17:33</p>
+<p class="date">Created: 2024-03-28 Thu 14:01</p>
<p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p>
</div>
</body>
projects / Institute / commitdiff