"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
-<!-- 2024-09-03 Tue 08:43 -->
+<!-- 2024-10-29 Tue 21:35 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>A Small Institute</title>
members off campus.
</p>
-<pre class="example" id="orgc59e2f6">
+<pre class="example" id="org42c266c">
=
_|||_
=-The-Institute-=
</pre>
</div>
-<div class="TEXT" id="orga0874e6">
+<div class="TEXT" id="org0dd8c3a">
<p>
=> 10.62.17.0/24
</p>
</p>
<div class="org-src-container">
-<a href="private/vars.yml"><q>private/vars.yml</q></a><pre class="src src-conf">private_net: <span class="org-string">"{{ private_net_cidr | ipaddr('network') }}"</span>
-private_net_mask: <span class="org-string">"{{ private_net_cidr | ipaddr('netmask') }}"</span>
-private_net_and_mask: <span class="org-string">"{{ private_net }} {{ private_net_mask }}"</span>
-public_vpn_net: <span class="org-string">"{{ public_vpn_net_cidr | ipaddr('network') }}"</span>
-public_vpn_net_mask: <span class="org-string">"{{ public_vpn_net_cidr | ipaddr('netmask') }}"</span>
+<a href="private/vars.yml"><q>private/vars.yml</q></a><pre class="src src-conf">private_net:
+ <span class="org-string">"{{ private_net_cidr | ansible.utils.ipaddr('network') }}"</span>
+private_net_mask:
+ <span class="org-string">"{{ private_net_cidr | ansible.utils.ipaddr('netmask') }}"</span>
+private_net_and_mask:
+ <span class="org-string">"{{ private_net }} {{ private_net_mask }}"</span>
+public_vpn_net:
+ <span class="org-string">"{{ public_vpn_net_cidr | ansible.utils.ipaddr('network') }}"</span>
+public_vpn_net_mask:
+ <span class="org-string">"{{ public_vpn_net_cidr | ansible.utils.ipaddr('netmask') }}"</span>
public_vpn_net_and_mask:
<span class="org-string">"{{ public_vpn_net }} {{ public_vpn_net_mask }}"</span>
-campus_vpn_net: <span class="org-string">"{{ campus_vpn_net_cidr | ipaddr('network') }}"</span>
-campus_vpn_net_mask: <span class="org-string">"{{ campus_vpn_net_cidr | ipaddr('netmask') }}"</span>
+campus_vpn_net:
+ <span class="org-string">"{{ campus_vpn_net_cidr | ansible.utils.ipaddr('network') }}"</span>
+campus_vpn_net_mask:
+ <span class="org-string">"{{ campus_vpn_net_cidr | ansible.utils.ipaddr('netmask') }}"</span>
campus_vpn_net_and_mask:
<span class="org-string">"{{ campus_vpn_net }} {{ campus_vpn_net_mask }}"</span>
-gate_wifi_net: <span class="org-string">"{{ gate_wifi_net_cidr | ipaddr('network') }}"</span>
-gate_wifi_net_mask: <span class="org-string">"{{ gate_wifi_net_cidr | ipaddr('netmask') }}"</span>
+gate_wifi_net:
+ <span class="org-string">"{{ gate_wifi_net_cidr | ansible.utils.ipaddr('network') }}"</span>
+gate_wifi_net_mask:
+ <span class="org-string">"{{ gate_wifi_net_cidr | ansible.utils.ipaddr('netmask') }}"</span>
gate_wifi_net_and_mask:
<span class="org-string">"{{ gate_wifi_net }} {{ gate_wifi_net_mask }}"</span>
-gate_wifi_broadcast: <span class="org-string">"{{ gate_wifi_net_cidr | ipaddr('broadcast') }}"</span>
+gate_wifi_broadcast:
+ <span class="org-string">"{{ gate_wifi_net_cidr | ansible.utils.ipaddr('broadcast') }}"</span>
</pre>
</div>
</p>
<div class="org-src-container">
-<a href="private/vars.yml"><q>private/vars.yml</q></a><pre class="src src-conf">core_addr_cidr: <span class="org-string">"{{ private_net_cidr | ipaddr('1') }}"</span>
-gate_addr_cidr: <span class="org-string">"{{ private_net_cidr | ipaddr('2') }}"</span>
-gate_wifi_addr_cidr: <span class="org-string">"{{ gate_wifi_net_cidr | ipaddr('1') }}"</span>
-wifi_wan_addr_cidr: <span class="org-string">"{{ gate_wifi_net_cidr | ipaddr('2') }}"</span>
-front_private_addr_cidr: <span class="org-string">"{{ public_vpn_net_cidr | ipaddr('1') }}"</span>
+<a href="private/vars.yml"><q>private/vars.yml</q></a><pre class="src src-conf">core_addr_cidr: <span class="org-string">"{{ private_net_cidr | ansible.utils.ipaddr('1') }}"</span>
+gate_addr_cidr: <span class="org-string">"{{ private_net_cidr | ansible.utils.ipaddr('2') }}"</span>
+gate_wifi_addr_cidr:
+ <span class="org-string">"{{ gate_wifi_net_cidr | ansible.utils.ipaddr('1') }}"</span>
+wifi_wan_addr_cidr:
+ <span class="org-string">"{{ gate_wifi_net_cidr | ansible.utils.ipaddr('2') }}"</span>
+front_private_addr_cidr:
+ <span class="org-string">"{{ public_vpn_net_cidr | ansible.utils.ipaddr('1') }}"</span>
-core_addr: <span class="org-string">"{{ core_addr_cidr | ipaddr('address') }}"</span>
-gate_addr: <span class="org-string">"{{ gate_addr_cidr | ipaddr('address') }}"</span>
-gate_wifi_addr: <span class="org-string">"{{ gate_wifi_addr_cidr | ipaddr('address') }}"</span>
-wifi_wan_addr: <span class="org-string">"{{ wifi_wan_addr_cidr | ipaddr('address') }}"</span>
+core_addr: <span class="org-string">"{{ core_addr_cidr | ansible.utils.ipaddr('address') }}"</span>
+gate_addr: <span class="org-string">"{{ gate_addr_cidr | ansible.utils.ipaddr('address') }}"</span>
+gate_wifi_addr:
+ <span class="org-string">"{{ gate_wifi_addr_cidr | ansible.utils.ipaddr('address') }}"</span>
+wifi_wan_addr:
+ <span class="org-string">"{{ wifi_wan_addr_cidr | ansible.utils.ipaddr('address') }}"</span>
front_private_addr:
- <span class="org-string">"{{ front_private_addr_cidr | ipaddr('address') }}"</span>
+ <span class="org-string">"{{ front_private_addr_cidr | ansible.utils.ipaddr('address') }}"</span>
</pre>
</div>
</div>
campground Wi-Fi access point, etc.</li>
</ol>
-<pre class="example" id="org393f96f">
+<pre class="example" id="org04f5b91">
=============== | ==================================================
| Premises
(Campus ISP)
following topology.
</p>
-<pre class="example" id="orgbaffd1d">
+<pre class="example" id="org56d9e40">
=============== | ==================================================
| Premises
(House ISP)
institute's servers. At the moment there is just the one.
</p>
</div>
-<div id="outline-container-org76ba4d0" class="outline-3">
-<h3 id="org76ba4d0"><span class="section-number-3">6.1.</span> Include Particulars</h3>
+<div id="outline-container-orgbc53e05" class="outline-3">
+<h3 id="orgbc53e05"><span class="section-number-3">6.1.</span> Include Particulars</h3>
<div class="outline-text-3" id="text-6-1">
<p>
The <code>all</code> role's task contains a reference to a common institute
certificates signed by the institute CA.
</p>
</div>
-<div id="outline-container-org530ccf9" class="outline-3">
-<h3 id="org530ccf9"><span class="section-number-3">7.1.</span> Include Particulars</h3>
+<div id="outline-container-org12c1e48" class="outline-3">
+<h3 id="org12c1e48"><span class="section-number-3">7.1.</span> Include Particulars</h3>
<div class="outline-text-3" id="text-7-1">
<p>
The first task, as in <a href="#orgd60dcd1">The All Role</a>, is to include the institute
</div>
</div>
</div>
-<div id="outline-container-orgaab41cc" class="outline-3">
-<h3 id="orgaab41cc"><span class="section-number-3">7.2.</span> Configure Hostname</h3>
+<div id="outline-container-org4c87c3a" class="outline-3">
+<h3 id="org4c87c3a"><span class="section-number-3">7.2.</span> Configure Hostname</h3>
<div class="outline-text-3" id="text-7-2">
<p>
This task ensures that Front's <q>/etc/hostname</q> and <q>/etc/mailname</q> are
</div>
</div>
</div>
-<div id="outline-container-org1c6c567" class="outline-3">
-<h3 id="org1c6c567"><span class="section-number-3">7.3.</span> Add Administrator to System Groups</h3>
+<div id="outline-container-org053261f" class="outline-3">
+<h3 id="org053261f"><span class="section-number-3">7.3.</span> Add Administrator to System Groups</h3>
<div class="outline-text-3" id="text-7-3">
<p>
The administrator often needs to read (directories of) log files owned
</div>
</div>
</div>
-<div id="outline-container-org3c1e478" class="outline-3">
-<h3 id="org3c1e478"><span class="section-number-3">7.5.</span> Configure Monkey</h3>
+<div id="outline-container-orga03d6a3" class="outline-3">
+<h3 id="orga03d6a3"><span class="section-number-3">7.5.</span> Configure Monkey</h3>
<div class="outline-text-3" id="text-7-5">
<p>
The small institute runs cron jobs and web scripts that generate
</div>
</div>
</div>
-<div id="outline-container-orgc0c5126" class="outline-3">
-<h3 id="orgc0c5126"><span class="section-number-3">7.7.</span> Install Unattended Upgrades</h3>
+<div id="outline-container-org80f3494" class="outline-3">
+<h3 id="org80f3494"><span class="section-number-3">7.7.</span> Install Unattended Upgrades</h3>
<div class="outline-text-3" id="text-7-7">
<p>
The institute prefers to install security updates as soon as possible.
</div>
</div>
</div>
-<div id="outline-container-orgd6eddb7" class="outline-3">
-<h3 id="orgd6eddb7"><span class="section-number-3">7.8.</span> Configure User Accounts</h3>
+<div id="outline-container-org07c2e32" class="outline-3">
+<h3 id="org07c2e32"><span class="section-number-3">7.8.</span> Configure User Accounts</h3>
<div class="outline-text-3" id="text-7-8">
<p>
User accounts are created immediately so that Postfix and Dovecot can
</div>
</div>
</div>
-<div id="outline-container-orgcf49e25" class="outline-3">
-<h3 id="orgcf49e25"><span class="section-number-3">7.9.</span> Install Server Certificate</h3>
+<div id="outline-container-org42ffdc5" class="outline-3">
+<h3 id="org42ffdc5"><span class="section-number-3">7.9.</span> Install Server Certificate</h3>
<div class="outline-text-3" id="text-7-9">
<p>
The servers on Front use the same certificate (and key) to
</div>
</div>
</div>
-<div id="outline-container-org08dd9e3" class="outline-3">
-<h3 id="org08dd9e3"><span class="section-number-3">7.12.</span> Configure Dovecot IMAPd</h3>
+<div id="outline-container-org7960eac" class="outline-3">
+<h3 id="org7960eac"><span class="section-number-3">7.12.</span> Configure Dovecot IMAPd</h3>
<div class="outline-text-3" id="text-7-12">
<p>
Front uses Dovecot's IMAPd to allow user Fetchmail jobs on Core to
</div>
</div>
</div>
-<div id="outline-container-orgaf75396" class="outline-3">
-<h3 id="orgaf75396"><span class="section-number-3">7.14.</span> Configure OpenVPN</h3>
+<div id="outline-container-org24ac22d" class="outline-3">
+<h3 id="org24ac22d"><span class="section-number-3">7.14.</span> Configure OpenVPN</h3>
<div class="outline-text-3" id="text-7-14">
<p>
Front uses OpenVPN to provide the institute's public VPN service. The
account. (For details, see <a href="#org8d60b7b">The Core Machine</a>.)
</p>
</div>
-<div id="outline-container-org215b0ac" class="outline-3">
-<h3 id="org215b0ac"><span class="section-number-3">8.1.</span> Include Particulars</h3>
+<div id="outline-container-orgca8f5da" class="outline-3">
+<h3 id="orgca8f5da"><span class="section-number-3">8.1.</span> Include Particulars</h3>
<div class="outline-text-3" id="text-8-1">
<p>
The first task, as in <a href="#org9240129">The Front Role</a>, is to include the institute
</div>
</div>
</div>
-<div id="outline-container-org8638d54" class="outline-3">
-<h3 id="org8638d54"><span class="section-number-3">8.2.</span> Configure Hostname</h3>
+<div id="outline-container-org90da685" class="outline-3">
+<h3 id="org90da685"><span class="section-number-3">8.2.</span> Configure Hostname</h3>
<div class="outline-text-3" id="text-8-2">
<p>
This task ensures that Core's <q>/etc/hostname</q> and <q>/etc/mailname</q> are
</div>
</div>
</div>
-<div id="outline-container-orgf60b98e" class="outline-3">
-<h3 id="orgf60b98e"><span class="section-number-3">8.3.</span> Configure Systemd Resolved</h3>
+<div id="outline-container-org0fa3ade" class="outline-3">
+<h3 id="org0fa3ade"><span class="section-number-3">8.3.</span> Configure Systemd Resolved</h3>
<div class="outline-text-3" id="text-8-3">
<p>
Core runs the campus name server, so Resolved is configured to use it
file <span class="org-string">"/etc/bind/db.domain"</span>;
};
-<span class="org-type">zone </span><span class="org-string"><span class="org-type">"{</span></span><span class="org-string">{ private_net_cidr | ipaddr('revdns')</span>
+<span class="org-type">zone </span><span class="org-string"><span class="org-type">"{</span></span><span class="org-string">{ private_net_cidr | ansible.utils.ipaddr('revdns')</span>
<span class="org-string"> </span><span class="org-string"><span class="org-type">| regex_replace('^0\.','') }}"</span></span> {
type master;
file <span class="org-string">"/etc/bind/db.private"</span>;
};
-<span class="org-type">zone </span><span class="org-string"><span class="org-type">"{</span></span><span class="org-string">{ public_vpn_net_cidr | ipaddr('revdns')</span>
+<span class="org-type">zone </span><span class="org-string"><span class="org-type">"{</span></span><span class="org-string">{ public_vpn_net_cidr | ansible.utils.ipaddr('revdns')</span>
<span class="org-string"> </span><span class="org-string"><span class="org-type">| regex_replace('^0\.','') }}"</span></span> {
type master;
file <span class="org-string">"/etc/bind/db.public_vpn"</span>;
};
-<span class="org-type">zone </span><span class="org-string"><span class="org-type">"{</span></span><span class="org-string">{ campus_vpn_net_cidr | ipaddr('revdns')</span>
+<span class="org-type">zone </span><span class="org-string"><span class="org-type">"{</span></span><span class="org-string">{ campus_vpn_net_cidr | ansible.utils.ipaddr('revdns')</span>
<span class="org-string"> </span><span class="org-string"><span class="org-type">| regex_replace('^0\.','') }}"</span></span> {
type master;
file <span class="org-string">"/etc/bind/db.campus_vpn"</span>;
</div>
</div>
</div>
-<div id="outline-container-org13a7457" class="outline-3">
-<h3 id="org13a7457"><span class="section-number-3">8.7.</span> Add Administrator to System Groups</h3>
+<div id="outline-container-orgb5d04d3" class="outline-3">
+<h3 id="orgb5d04d3"><span class="section-number-3">8.7.</span> Add Administrator to System Groups</h3>
<div class="outline-text-3" id="text-8-7">
<p>
The administrator often needs to read (directories of) log files owned
</div>
</div>
</div>
-<div id="outline-container-org920462d" class="outline-3">
-<h3 id="org920462d"><span class="section-number-3">8.8.</span> Configure Monkey</h3>
+<div id="outline-container-org6f07952" class="outline-3">
+<h3 id="org6f07952"><span class="section-number-3">8.8.</span> Configure Monkey</h3>
<div class="outline-text-3" id="text-8-8">
<p>
The small institute runs cron jobs and web scripts that generate
</div>
</div>
</div>
-<div id="outline-container-orgc30ba4d" class="outline-3">
-<h3 id="orgc30ba4d"><span class="section-number-3">8.9.</span> Install Unattended Upgrades</h3>
+<div id="outline-container-org3a924c4" class="outline-3">
+<h3 id="org3a924c4"><span class="section-number-3">8.9.</span> Install Unattended Upgrades</h3>
<div class="outline-text-3" id="text-8-9">
<p>
The institute prefers to install security updates as soon as possible.
</div>
</div>
</div>
-<div id="outline-container-org873ab4b" class="outline-3">
-<h3 id="org873ab4b"><span class="section-number-3">8.11.</span> Configure User Accounts</h3>
+<div id="outline-container-org2e19b28" class="outline-3">
+<h3 id="org2e19b28"><span class="section-number-3">8.11.</span> Configure User Accounts</h3>
<div class="outline-text-3" id="text-8-11">
<p>
User accounts are created immediately so that backups can begin
</div>
</div>
</div>
-<div id="outline-container-org0b2d499" class="outline-3">
-<h3 id="org0b2d499"><span class="section-number-3">8.12.</span> Install Server Certificate</h3>
+<div id="outline-container-org3893d2e" class="outline-3">
+<h3 id="org3893d2e"><span class="section-number-3">8.12.</span> Install Server Certificate</h3>
<div class="outline-text-3" id="text-8-12">
<p>
The servers on Core use the same certificate (and key) to authenticate
</div>
</div>
</div>
-<div id="outline-container-orge854133" class="outline-3">
-<h3 id="orge854133"><span class="section-number-3">8.16.</span> Configure Dovecot IMAPd</h3>
+<div id="outline-container-org14b48ba" class="outline-3">
+<h3 id="org14b48ba"><span class="section-number-3">8.16.</span> Configure Dovecot IMAPd</h3>
<div class="outline-text-3" id="text-8-16">
<p>
Core uses Dovecot's IMAPd to store and serve member emails. As on
lineinfile:
path: /etc/php/8.2/apache2/php.ini
<span class="org-variable-name">regexp: memory_limit *</span>=
- <span class="org-variable-name">line: memory_limit</span> = 512M
+ <span class="org-variable-name">line: memory_limit</span> = 768M
- name: Include PHP parameters for Nextcloud.
become: yes
configurations, etc.
</p>
</div>
-<div id="outline-container-orgd5b1e01" class="outline-3">
-<h3 id="orgd5b1e01"><span class="section-number-3">9.1.</span> Include Particulars</h3>
+<div id="outline-container-org0a4dc99" class="outline-3">
+<h3 id="org0a4dc99"><span class="section-number-3">9.1.</span> Include Particulars</h3>
<div class="outline-text-3" id="text-9-1">
<p>
The following should be familiar boilerplate by now.
</div>
</div>
</div>
-<div id="outline-container-orge4e2eb5" class="outline-3">
-<h3 id="orge4e2eb5"><span class="section-number-3">9.6.</span> Install Server Certificate</h3>
+<div id="outline-container-orgf647926" class="outline-3">
+<h3 id="orgf647926"><span class="section-number-3">9.6.</span> Install Server Certificate</h3>
<div class="outline-text-3" id="text-9-6">
<p>
The (OpenVPN) server on Gate uses an institute certificate (and key)
</div>
</div>
</div>
-<div id="outline-container-orgd47bbbe" class="outline-3">
-<h3 id="orgd47bbbe"><span class="section-number-3">9.7.</span> Configure OpenVPN</h3>
+<div id="outline-container-orga48817c" class="outline-3">
+<h3 id="orga48817c"><span class="section-number-3">9.7.</span> Configure OpenVPN</h3>
<div class="outline-text-3" id="text-9-7">
<p>
Gate uses OpenVPN to provide the institute's campus VPN service. Its
configured manually.
</p>
</div>
-<div id="outline-container-org757a1ed" class="outline-3">
-<h3 id="org757a1ed"><span class="section-number-3">10.1.</span> Include Particulars</h3>
+<div id="outline-container-org84fdcbf" class="outline-3">
+<h3 id="org84fdcbf"><span class="section-number-3">10.1.</span> Include Particulars</h3>
<div class="outline-text-3" id="text-10-1">
<p>
The following should be familiar boilerplate by now.
</div>
</div>
</div>
-<div id="outline-container-orgc2c0904" class="outline-3">
-<h3 id="orgc2c0904"><span class="section-number-3">10.2.</span> Configure Hostname</h3>
+<div id="outline-container-orgce42bc5" class="outline-3">
+<h3 id="orgce42bc5"><span class="section-number-3">10.2.</span> Configure Hostname</h3>
<div class="outline-text-3" id="text-10-2">
<p>
Clients should be using the expected host name.
</div>
</div>
</div>
-<div id="outline-container-org8550267" class="outline-3">
-<h3 id="org8550267"><span class="section-number-3">10.3.</span> Configure Systemd Resolved</h3>
+<div id="outline-container-org87b2fe8" class="outline-3">
+<h3 id="org87b2fe8"><span class="section-number-3">10.3.</span> Configure Systemd Resolved</h3>
<div class="outline-text-3" id="text-10-3">
<p>
Campus machines use the campus name server on Core (or <code>dns.google</code>),
</div>
</div>
</div>
-<div id="outline-container-org6f719ec" class="outline-3">
-<h3 id="org6f719ec"><span class="section-number-3">10.5.</span> Add Administrator to System Groups</h3>
+<div id="outline-container-orgd519148" class="outline-3">
+<h3 id="orgd519148"><span class="section-number-3">10.5.</span> Add Administrator to System Groups</h3>
<div class="outline-text-3" id="text-10-5">
<p>
The administrator often needs to read (directories of) log files owned
</div>
</div>
</div>
-<div id="outline-container-org915c5c3" class="outline-3">
-<h3 id="org915c5c3"><span class="section-number-3">10.6.</span> Install Unattended Upgrades</h3>
+<div id="outline-container-org66ef6c6" class="outline-3">
+<h3 id="org66ef6c6"><span class="section-number-3">10.6.</span> Install Unattended Upgrades</h3>
<div class="outline-text-3" id="text-10-6">
<p>
The institute prefers to install security updates as soon as possible.
</div></div>
<div id="postamble" class="status">
<p class="author">Author: Matt Birkholz</p>
-<p class="date">Created: 2024-09-03 Tue 08:43</p>
+<p class="date">Created: 2024-10-29 Tue 21:35</p>
<p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p>
</div>
</body>
projects / Institute / commitdiff