"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
-<!-- 2026-01-18 Sun 16:36 -->
+<!-- 2026-05-09 Sat 15:42 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Birchwood Abbey Networks</title>
the <code>abbey-</code> prefix on their names. These roles are applied <i>after</i>
the generic institutional roles (again, documented <a href="Institute/README.html">here</a>).
</p>
-<div id="outline-container-org04d6e4c" class="outline-2">
-<h2 id="org04d6e4c"><span class="section-number-2">1.</span> Overview</h2>
+<div id="outline-container-orgd8fe5bc" class="outline-2">
+<h2 id="orgd8fe5bc"><span class="section-number-2">1.</span> Overview</h2>
<div class="outline-text-2" id="text-1">
<p>
A Small Institute makes security and privacy top priorities but
philosophy, attitude.
</p>
-<pre class="example" id="org90d1082">
+<pre class="example" id="orgc79cdd3">
|
=
_|||_
</pre>
</div>
</div>
-<div id="outline-container-orgd67a975" class="outline-2">
-<h2 id="orgd67a975"><span class="section-number-2">2.</span> The Abbey Particulars</h2>
+<div id="outline-container-orgb63becf" class="outline-2">
+<h2 id="orgb63becf"><span class="section-number-2">2.</span> The Abbey Particulars</h2>
<div class="outline-text-2" id="text-2">
<p>
The abbey's public particulars are included below. They are the
</p>
</div>
</div>
-<div id="outline-container-orgd060277" class="outline-2">
-<h2 id="orgd060277"><span class="section-number-2">3.</span> The Abbey Front Role</h2>
+<div id="outline-container-org145e273" class="outline-2">
+<h2 id="org145e273"><span class="section-number-2">3.</span> The Abbey Front Role</h2>
<div class="outline-text-2" id="text-3">
<p>
Birchwood Abbey's front door is a Digital Ocean Droplet configured as
Dovecot-IMAPd, and hosting a VPN with WireGuard™.
</p>
</div>
-<div id="outline-container-orgbe9a4ee" class="outline-3">
-<h3 id="orgbe9a4ee"><span class="section-number-3">3.1.</span> Install Emacs</h3>
+<div id="outline-container-orgecba136" class="outline-3">
+<h3 id="orgecba136"><span class="section-number-3">3.1.</span> Install Emacs</h3>
<div class="outline-text-3" id="text-3-1">
<p>
The monks of the abbey are masters of the staff (bo) and Emacs.
</div>
</div>
</div>
-<div id="outline-container-orgf02dfe3" class="outline-3">
-<h3 id="orgf02dfe3"><span class="section-number-3">3.2.</span> Configure Public Email Aliases</h3>
+<div id="outline-container-org7f78165" class="outline-3">
+<h3 id="org7f78165"><span class="section-number-3">3.2.</span> Configure Public Email Aliases</h3>
<div class="outline-text-3" id="text-3-2">
<p>
The abbey uses several additional email aliases. These are the public
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install abbey email aliases.
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install abbey email aliases.
become: yes
blockinfile:
block: |
</div>
</div>
</div>
-<div id="outline-container-org227602e" class="outline-3">
-<h3 id="org227602e"><span class="section-number-3">3.3.</span> Configure Git Daemon on Front</h3>
+<div id="outline-container-org8137534" class="outline-3">
+<h3 id="org8137534"><span class="section-number-3">3.3.</span> Configure Git Daemon on Front</h3>
<div class="outline-text-3" id="text-3-3">
<p>
The abbey publishes member Git repositories with <code>git daemon</code>. If
The <code>git daemon</code> is run by SystemD per the <q>git-daemon.service</q> file.
The <code>git-daemon(1)</code> manual page explains the options in detail. The
<code>--base-path</code> option should agree with <code>$projectroot</code> in the
-<q>/etc/gitweb.conf</q> file installed <a href="#org3877377">here</a>.
+<q>/etc/gitweb.conf</q> file installed <a href="#org70b1318">here</a>.
</p>
<p>
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
-<<gitd-tasks>>
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code><<gitd-tasks>>
</code></pre>
</div>
<div class="org-src-container">
-<code>gitd-tasks</code><pre class="src src-conf" id="org59a9cd2"><code>- name: Install git.
+<code>gitd-tasks</code><pre class="src src-conf" id="org493cb93"><code>- name: Install git.
become: yes
<span class="org-variable-name">apt: pkg</span>=git
</div>
<div class="org-src-container">
-<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf"><code>
-<<gitd-handlers>>
+<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf"><code><<gitd-handlers>>
</code></pre>
</div>
<div class="org-src-container">
-<code>gitd-handlers</code><pre class="src src-conf" id="org5fd849e"><code>
-- name: Reload systemd.
+<code>gitd-handlers</code><pre class="src src-conf" id="org9b2b9d6"><code>- name: Reload systemd.
become: yes
systemd:
daemon-reload: yes
</div>
</div>
</div>
-<div id="outline-container-org3972eff" class="outline-3">
-<h3 id="org3972eff"><span class="section-number-3">3.4.</span> Configure Gitweb on Front</h3>
+<div id="outline-container-orgfd43e59" class="outline-3">
+<h3 id="orgfd43e59"><span class="section-number-3">3.4.</span> Configure Gitweb on Front</h3>
<div class="outline-text-3" id="text-3-4">
<p>
The abbey provides an HTML interface to members' public Git
</p>
<div class="org-src-container">
-<code>apache-gitweb</code><pre class="src src-conf" id="org7a39b76"><code>Alias /gitweb-static/ /usr/share/gitweb/static/
+<code>apache-gitweb</code><pre class="src src-conf" id="org5965c9d"><code>Alias /gitweb-static/ /usr/share/gitweb/static/
<Directory <span class="org-string">"/usr/share/gitweb/static/"</span>>
Options MultiViews
</Directory>
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
-<<gitweb-tasks>>
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code><<gitweb-tasks>>
</code></pre>
</div>
<div class="org-src-container">
-<code>gitweb-tasks</code><pre class="src src-conf" id="org3877377"><code>- name: Enable Apache2 rewrite module.
+<code>gitweb-tasks</code><pre class="src src-conf" id="org70b1318"><code>- name: Enable Apache2 rewrite module.
become: yes
<span class="org-variable-name">apache2_module: name</span>=rewrite
notify: Restart Apache2.
</div>
<div class="org-src-container">
-<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf"><code>
-<<gitweb-handlers>>
+<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf"><code><<gitweb-handlers>>
</code></pre>
</div>
<div class="org-src-container">
-<code>gitweb-handlers</code><pre class="src src-conf" id="orgbac5425"><code>- name: Restart Apache2.
+<code>gitweb-handlers</code><pre class="src src-conf" id="org1fae2ca"><code>- name: Restart Apache2.
become: yes
systemd:
service: apache2
</div>
</div>
</div>
-<div id="outline-container-orga1ffc3d" class="outline-3">
-<h3 id="orga1ffc3d"><span class="section-number-3">3.5.</span> Configure Apache for Abbey Documentation</h3>
+<div id="outline-container-org7ce6bc6" class="outline-3">
+<h3 id="org7ce6bc6"><span class="section-number-3">3.5.</span> Configure Apache for Abbey Documentation</h3>
<div class="outline-text-3" id="text-3-5">
<p>
Some of the directives added to the <q>-vhost.conf</q> file are needed by
</p>
<div class="org-src-container">
-<code>apache-abbey</code><pre class="src src-conf" id="org314ee41"><code><Directory {{ docroot }}/Abbey/>
+<code>apache-abbey</code><pre class="src src-conf" id="orga0b66d8"><code><Directory {{ docroot }}/Abbey/>
AllowOverride Indexes FileInfo
Options +Indexes +FollowSymLinks
</Directory>
</div>
</div>
</div>
-<div id="outline-container-org32b1d54" class="outline-3">
-<h3 id="org32b1d54"><span class="section-number-3">3.6.</span> Configure Photos URLs on Front</h3>
+<div id="outline-container-org5b3280a" class="outline-3">
+<h3 id="org5b3280a"><span class="section-number-3">3.6.</span> Configure Photos URLs on Front</h3>
<div class="outline-text-3" id="text-3-6">
<p>
Some of the directives added to the <q>-vhost.conf</q> file map the abbey's
</p>
<div class="org-src-container">
-<code>apache-photos</code><pre class="src src-conf" id="org7474b2d"><code>RedirectMatch /Photos$ /Photos/
+<code>apache-photos</code><pre class="src src-conf" id="orgc24d82d"><code>RedirectMatch /Photos$ /Photos/
RedirectMatch /Photos/(20[0-9][0-9])_([0-9][0-9])_([0-9][0-9])$ \
/Photos/$1_$2_$3/
AliasMatch /Photos/(20[0-9][0-9])_([0-9][0-9])_([0-9][0-9])/(.+)$ \
</div>
</div>
</div>
-<div id="outline-container-org20a4ad0" class="outline-3">
-<h3 id="org20a4ad0"><span class="section-number-3">3.7.</span> Configure Tellurion Expiration on Front</h3>
+<div id="outline-container-org1db8a1f" class="outline-3">
+<h3 id="org1db8a1f"><span class="section-number-3">3.7.</span> Configure Matt's Alter Ego</h3>
<div class="outline-text-3" id="text-3-7">
<p>
+Many years ago Matt's evil twin, Friar Puck, released a "pucked"
+version of MIT/GNU Scheme, advertising that it was available at a
+couple URLs:
+</p>
+
+<ul class="org-ul">
+<li><code>git://birchwood-abbey.net/~puck/mit-scheme.git</code></li>
+<li><code>https://birchwood-abbey.net/~puck/Scheme/</code></li>
+</ul>
+
+<p>
+These are actually duplicates of the "resources" at these URLs:
+</p>
+
+<ul class="org-ul">
+<li><code>git://birchwood-abbey.net/~matt/mit-scheme.git</code></li>
+<li><code>https://birchwood-abbey.net/~matt/Scheme/</code></li>
+</ul>
+
+<p>
+So the abbey's Google Indexing report warned of the duplicates, and
+explained that they would not be indexed. To get them off the report,
+the following redirects make clear that the canonical source is
+Matt's.
+</p>
+
+<div class="org-src-container">
+<code>apache-pucked</code><pre class="src src-conf" id="org217bddf"><code>RedirectMatch /~puck$ /~matt
+RedirectMatch /~puck/(.*) /~matt/$1
+</code></pre>
+</div>
+
+<p>
+The seemingly duplicated Git repository at <code>/~puck/mit-scheme.git</code> is
+actually the symbolic link at <q>/home/puck/Public</q> targeting
+<q>/home/matt/Public</q>.
+</p>
+</div>
+</div>
+<div id="outline-container-org668872c" class="outline-3">
+<h3 id="org668872c"><span class="section-number-3">3.8.</span> Configure Tellurion Expiration on Front</h3>
+<div class="outline-text-3" id="text-3-8">
+<p>
The abbey's <q>tellurion.png</q> is updated every 15 minutes on the quarter
hour, and should expire soon thereafter. To accomplish this, Apache's
<code>expires</code> module is enabled inside the <q>/Tellurion/</q> directory and the
</p>
<div class="org-src-container">
-<code>apache-tellurion</code><pre class="src src-conf" id="orgfc5fccc"><code><Directory {{ docroot }}/Tellurion/>
+<code>apache-tellurion</code><pre class="src src-conf" id="org7f77900"><code><Directory {{ docroot }}/Tellurion/>
ExpiresActive On
ExpiresByType image/png <span class="org-string">"modification plus 15 minutes"</span>
</Directory>
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml">=roles_t/abbey-front/tasks/main.yml</a><pre class="src src-conf"><code>
-<<tellurion-tasks>>
+<a href="roles_t/abbey-front/tasks/main.yml">=roles_t/abbey-front/tasks/main.yml</a><pre class="src src-conf"><code><<tellurion-tasks>>
</code></pre>
</div>
<div class="org-src-container">
-<code>tellurion-tasks</code><pre class="src src-conf" id="org00cd0cb"><code>- name: Enable Apache2 expires module.
+<code>tellurion-tasks</code><pre class="src src-conf" id="orgc049d99"><code>- name: Enable Apache2 expires module.
become: yes
<span class="org-variable-name">apache2_module: name</span>=expires
notify: Restart Apache2.
</div>
</div>
</div>
-<div id="outline-container-org683a306" class="outline-3">
-<h3 id="org683a306"><span class="section-number-3">3.8.</span> Configure Apache on Front</h3>
-<div class="outline-text-3" id="text-3-8">
+<div id="outline-container-orgb2d16a7" class="outline-3">
+<h3 id="orgb2d16a7"><span class="section-number-3">3.9.</span> Configure Apache on Front</h3>
+<div class="outline-text-3" id="text-3-9">
<p>
The abbey needs to add some Apache2 configuration directives to the
virtual host listening for HTTPS requests to <q>birchwood-abbey.net</q>.
</p>
<p>
-The following task adds the <a href="#org7a39b76"><code>apache-gitweb</code></a>, <a href="#org314ee41"><code>apache-abbey</code></a>,
-<a href="#org7474b2d"><code>apache-photos</code></a>, and <a href="#orgfc5fccc"><code>apache-tellurion</code></a> directives described above to
-the <q>-vhost.conf</q> file, and includes <q>options-ssl-apache.conf</q> from
-<q>/etc/letsencrypt/</q>. The rest of the Let's Encrypt configuration is
-discussed in the following <a href="#orgcddc4bf">Install Let's Encrypt</a> section.
+The following task adds the <a href="#org5965c9d"><code>apache-gitweb</code></a>, <a href="#orga0b66d8"><code>apache-abbey</code></a>,
+<a href="#orgc24d82d"><code>apache-photos</code></a>, <a href="#org217bddf"><code>apache-pucked</code></a> and <a href="#org7f77900"><code>apache-tellurion</code></a> directives
+described above to the <q>-vhost.conf</q> file, and includes
+<q>options-ssl-apache.conf</q> from <q>/etc/letsencrypt/</q>. The rest of the
+Let's Encrypt configuration is discussed in the following <a href="#org0e5fcbc">Install
+Let's Encrypt</a> section.
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Configure Apache.
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Configure Apache.
become: yes
vars:
docroot: /home/www
<<apache-photos>>
+ <<apache-pucked>>
+
<<apache-tellurion>>
IncludeOptional /etc/letsencrypt/options-ssl-apache.conf
</div>
</div>
</div>
-<div id="outline-container-orgcaa244b" class="outline-3">
-<h3 id="orgcaa244b"><span class="section-number-3">3.9.</span> Configure Apache Log Archival</h3>
-<div class="outline-text-3" id="text-3-9">
+<div id="outline-container-orgfb296d2" class="outline-3">
+<h3 id="orgfb296d2"><span class="section-number-3">3.10.</span> Configure Apache Log Archival</h3>
+<div class="outline-text-3" id="text-3-10">
<p>
These tasks hack Apache's <code>logrotate(8)</code> configuration to rotate
weekly, keep a couple weeks, and email each week's log to <code>root</code>.
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Configure Apache log archival.
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Configure Apache log archival.
become: yes
lineinfile:
path: /etc/logrotate.d/apache2
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-front/files/logrotate-mailer"><q>roles_t/abbey-front/files/logrotate-mailer</q></a><pre class="src src-sh"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/bin/</span><span class="org-keyword">bash</span><span class="org-comment"> -e
-</span>
+<a href="roles_t/abbey-front/files/logrotate-mailer"><q>roles_t/abbey-front/files/logrotate-mailer</q></a><pre class="src src-sh"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/bin/</span><span class="org-keyword">bash</span><span class="org-comment"> -e</span>
+
<span class="org-keyword">if</span> [ <span class="org-string">"$#"</span> != 3 -o <span class="org-string">"$1"</span> != <span class="org-string">"-s"</span> ]; <span class="org-keyword">then</span>
<span class="org-builtin">echo</span> <span class="org-string">"usage: $0 -s subject recipient"</span> 1>&2
<span class="org-keyword">exit</span> 1
</div>
</div>
</div>
-<div id="outline-container-orgcddc4bf" class="outline-3">
-<h3 id="orgcddc4bf"><span class="section-number-3">3.10.</span> Install Let's Encrypt</h3>
-<div class="outline-text-3" id="text-3-10">
+<div id="outline-container-org0e5fcbc" class="outline-3">
+<h3 id="org0e5fcbc"><span class="section-number-3">3.11.</span> Install Let's Encrypt</h3>
+<div class="outline-text-3" id="text-3-11">
<p>
The abbey uses a Let's Encrypt certificate to authenticate its public
web site and email services. Initial installation of a Let's Encrypt
entered as shown below).
</p>
-<pre class="example" id="org4b35bf2">
+<pre class="example" id="org6b7f5ea">
$ sudo apt install python3-certbot-apache
$ sudo certbot --apache -d birchwood-abbey.net
...
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install Certbot for Apache.
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install Certbot for Apache.
become: yes
<span class="org-variable-name">apt: pkg</span>=python3-certbot-apache
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: <span class="org-string">"Use Let's Encrypt certificate&key."</span>
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: <span class="org-string">"Use Let's Encrypt certificate&key."</span>
become: yes
file:
state: link
</div>
</div>
</div>
-<div id="outline-container-org676689c" class="outline-3">
-<h3 id="org676689c"><span class="section-number-3">3.11.</span> Restart Servers Caching Let's Encrypt</h3>
-<div class="outline-text-3" id="text-3-11">
+<div id="outline-container-org442cfd4" class="outline-3">
+<h3 id="org442cfd4"><span class="section-number-3">3.12.</span> Restart Servers Caching Let's Encrypt</h3>
+<div class="outline-text-3" id="text-3-12">
<div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install Certbot hook.
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install Certbot hook.
become: yes
copy:
src: certbot_hook
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-front/files/certbot_hook"><q>roles_t/abbey-front/files/certbot_hook</q></a><pre class="src src-conf"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/bin/bash
-</span>systemctl reload dovecot
+<a href="roles_t/abbey-front/files/certbot_hook"><q>roles_t/abbey-front/files/certbot_hook</q></a><pre class="src src-conf"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/bin/bash</span>
+systemctl reload dovecot
</code></pre>
</div>
</div>
</div>
-<div id="outline-container-org2493da1" class="outline-3">
-<h3 id="org2493da1"><span class="section-number-3">3.12.</span> Rotate Let's Encrypt Log</h3>
-<div class="outline-text-3" id="text-3-12">
+<div id="outline-container-org159a670" class="outline-3">
+<h3 id="org159a670"><span class="section-number-3">3.13.</span> Rotate Let's Encrypt Log</h3>
+<div class="outline-text-3" id="text-3-13">
<p>
The following task arranges to rotate Certbot's logs files.
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install Certbot logrotate configuration.
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install Certbot logrotate configuration.
become: yes
copy:
src: certbot_logrotate
</div>
</div>
</div>
-<div id="outline-container-orgcd5e4cb" class="outline-3">
-<h3 id="orgcd5e4cb"><span class="section-number-3">3.13.</span> Archive Let's Encrypt Data</h3>
-<div class="outline-text-3" id="text-3-13">
+<div id="outline-container-orgce3c556" class="outline-3">
+<h3 id="orgce3c556"><span class="section-number-3">3.14.</span> Archive Let's Encrypt Data</h3>
+<div class="outline-text-3" id="text-3-14">
<p>
A backup copy of Let's Encrypt's data (<q>/etc/letsencrypt/</q>) is sent to
<code>root@core</code> in OpenPGP encrypted email every time it changes. Changes
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: <span class="org-string">"Install Let's Encrypt archive script."</span>
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: <span class="org-string">"Install Let's Encrypt archive script."</span>
become: yes
copy:
src: cron.daily_letsencrypt
</div>
<div class="org-src-container">
-<a href="roles_t/abbey-front/files/cron.daily_letsencrypt"><q>roles_t/abbey-front/files/cron.daily_letsencrypt</q></a><pre class="src src-sh"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/bin/</span><span class="org-keyword">bash</span><span class="org-comment"> -e
-</span>
+<a href="roles_t/abbey-front/files/cron.daily_letsencrypt"><q>roles_t/abbey-front/files/cron.daily_letsencrypt</q></a><pre class="src src-sh"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/bin/</span><span class="org-keyword">bash</span><span class="org-comment"> -e</span>
+
<span class="org-builtin">cd</span> /etc/
[ -d letsencrypt~ ] <span class="org-sh-escaped-newline">\</span>
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Copy root@core<span class="org-string">'s public key.
- become: yes
- copy:
- src: ../Secret/root-pub.pem
- dest: /root/.gnupg-root-pub.pem
- mode: u=r,g=r,o=r
- notify: Import root@core'</span>s public key.
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Copy root@core<span class="org-string">'s public key.</span>
+<span class="org-string"> become: yes</span>
+<span class="org-string"> copy:</span>
+<span class="org-string"> src: ../Secret/root-pub.pem</span>
+<span class="org-string"> dest: /root/.gnupg-root-pub.pem</span>
+<span class="org-string"> mode: u=r,g=r,o=r</span>
+<span class="org-string"> notify: Import root@core'</span>s public key.
</code></pre>
</div>
<div class="org-src-container">
-<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf"><code>
-- name: Import root@core<span class="org-string">'s public key.
- become: yes
- command: gpg --import ~/.gnupg-root-pub.pem</span>
+<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf"><code>- name: Import root@core<span class="org-string">'s public key.</span>
+<span class="org-string"> become: yes</span>
+<span class="org-string"> command: gpg --import ~/.gnupg-root-pub.pem</span>
</code></pre>
</div>
</div>
</div>
</div>
-<div id="outline-container-org080ed5f" class="outline-2">
-<h2 id="org080ed5f"><span class="section-number-2">4.</span> The Abbey Core Role</h2>
+<div id="outline-container-orgbf2cbb7" class="outline-2">
+<h2 id="orgbf2cbb7"><span class="section-number-2">4.</span> The Abbey Core Role</h2>
<div class="outline-text-2" id="text-4">
<p>
Birchwood Abbey's core is a mini-PC (System76 Meerkat) configured as A
NTP, DNS and DHCP.
</p>
</div>
-<div id="outline-container-orgafb285f" class="outline-3">
-<h3 id="orgafb285f"><span class="section-number-3">4.1.</span> Include Abbey Variables</h3>
+<div id="outline-container-org68bc9a9" class="outline-3">
+<h3 id="org68bc9a9"><span class="section-number-3">4.1.</span> Include Abbey Variables</h3>
<div class="outline-text-3" id="text-4-1">
<p>
In this abbey specific document, most abbey particulars are not
</div>
</div>
</div>
-<div id="outline-container-org52e3fe1" class="outline-3">
-<h3 id="org52e3fe1"><span class="section-number-3">4.2.</span> Install Additional Packages</h3>
+<div id="outline-container-orgcc5d654" class="outline-3">
+<h3 id="orgcc5d654"><span class="section-number-3">4.2.</span> Install Additional Packages</h3>
<div class="outline-text-3" id="text-4-2">
<p>
The scripts that maintain the abbey's web site use a number of
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install additional packages.
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install additional packages.
become: yes
apt:
pkg: [ procmail, libhtml-tree-perl, libjs-jquery,
</div>
</div>
</div>
-<div id="outline-container-orga6fd82f" class="outline-3">
-<h3 id="orga6fd82f"><span class="section-number-3">4.3.</span> Configure Private Email Aliases</h3>
+<div id="outline-container-org12d916b" class="outline-3">
+<h3 id="org12d916b"><span class="section-number-3">4.3.</span> Configure Private Email Aliases</h3>
<div class="outline-text-3" id="text-4-3">
<p>
The abbey uses several additional email aliases. These are the campus
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install abbey email aliases.
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install abbey email aliases.
become: yes
blockinfile:
block: |
</div>
</div>
</div>
-<div id="outline-container-org864a898" class="outline-3">
-<h3 id="org864a898"><span class="section-number-3">4.4.</span> Configure Git Daemon on Core</h3>
+<div id="outline-container-orgfcd695d" class="outline-3">
+<h3 id="orgfcd695d"><span class="section-number-3">4.4.</span> Configure Git Daemon on Core</h3>
<div class="outline-text-3" id="text-4-4">
<p>
These tasks are identical to those executed on Front, for similar Git
services on Front and Core. This allows changes to be tested on Core
-before they are pushed to Front. See <a href="#org227602e">3.3</a>
+before they are pushed to Front. See <a href="#org8137534">3.3</a>
for more information.
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-<<gitd-tasks>>
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code><<gitd-tasks>>
</code></pre>
</div>
<div class="org-src-container">
-<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf"><code>
-<<gitd-handlers>>
+<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf"><code><<gitd-handlers>>
</code></pre>
</div>
</div>
</div>
-<div id="outline-container-org223edc0" class="outline-3">
-<h3 id="org223edc0"><span class="section-number-3">4.5.</span> Configure Gitweb on Core</h3>
+<div id="outline-container-orgb823c17" class="outline-3">
+<h3 id="orgb823c17"><span class="section-number-3">4.5.</span> Configure Gitweb on Core</h3>
<div class="outline-text-3" id="text-4-5">
<p>
These tasks are identical to those executed on Front, for similar
Gitweb services on Front and Core. This allows changes to be tested
-on Core before they are pushed to Front. See <a href="#org3972eff">Configure Gitweb on
+on Core before they are pushed to Front. See <a href="#orgfd43e59">Configure Gitweb on
Front</a> for more information.
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-<<gitweb-tasks>>
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code><<gitweb-tasks>>
</code></pre>
</div>
<div class="org-src-container">
-<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf"><code>
-<<gitweb-handlers>>
+<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf"><code><<gitweb-handlers>>
</code></pre>
</div>
</div>
</div>
-<div id="outline-container-org0deece2" class="outline-3">
-<h3 id="org0deece2"><span class="section-number-3">4.6.</span> Configure Tellurion Expiration on Core</h3>
+<div id="outline-container-org7da27ca" class="outline-3">
+<h3 id="org7da27ca"><span class="section-number-3">4.6.</span> Configure Tellurion Expiration on Core</h3>
<div class="outline-text-3" id="text-4-6">
<p>
-The <code>apache-tellurion</code> directives are defined <a href="#orgfc5fccc">here</a> and included in the
-Apache configuration below. The <code>tellurion-tasks</code> are defined <a href="#org00cd0cb">here</a>
+The <code>apache-tellurion</code> directives are defined <a href="#org7f77900">here</a> and included in the
+Apache configuration below. The <code>tellurion-tasks</code> are defined <a href="#orgc049d99">here</a>
and included by the following code block.
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml">=roles_t/abbey-core/tasks/main.yml</a><pre class="src src-conf"><code>
-<<tellurion-tasks>>
+<a href="roles_t/abbey-core/tasks/main.yml">=roles_t/abbey-core/tasks/main.yml</a><pre class="src src-conf"><code><<tellurion-tasks>>
</code></pre>
</div>
</div>
</div>
-<div id="outline-container-orgfa7854e" class="outline-3">
-<h3 id="orgfa7854e"><span class="section-number-3">4.7.</span> Configure Apache on Core</h3>
+<div id="outline-container-orgcad5462" class="outline-3">
+<h3 id="orgcad5462"><span class="section-number-3">4.7.</span> Configure Apache on Core</h3>
<div class="outline-text-3" id="text-4-7">
<p>
The Apache2 configuration on Core specifies three web sites (live,
test, and campus). The live and test sites must operate just like the
-site on Front. Their configurations include the same <a href="#org7a39b76"><code>apache-gitweb</code></a>,
-<a href="#org314ee41"><code>apache-abbey</code></a>, <a href="#org7474b2d"><code>apache-photos</code></a>, and <a href="#orgfc5fccc"><code>apache-tellurion</code></a> used on Front.
+site on Front. Their configurations include the same <a href="#org5965c9d"><code>apache-gitweb</code></a>,
+<a href="#orga0b66d8"><code>apache-abbey</code></a>, <a href="#orgc24d82d"><code>apache-photos</code></a>, <a href="#org217bddf"><code>apache-pucked</code></a> and
+<a href="#org7f77900"><code>apache-tellurion</code></a> directives used on Front.
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Configure live website.
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Configure live website.
become: yes
vars:
docroot: /WWW/live
<<apache-photos>>
+ <<apache-pucked>>
+
<<apache-tellurion>>
dest: /etc/apache2/sites-available/live-vhost.conf
<span class="org-variable-name">mode: u</span>=rw,g=r,o=r
<<apache-photos>>
+ <<apache-pucked>>
+
<<apache-tellurion>>
dest: /etc/apache2/sites-available/test-vhost.conf
<span class="org-variable-name">mode: u</span>=rw,g=r,o=r
</div>
</div>
</div>
-<div id="outline-container-org0afaf42" class="outline-3">
-<h3 id="org0afaf42"><span class="section-number-3">4.8.</span> Configure Documentation URLs</h3>
+<div id="outline-container-org042c3ee" class="outline-3">
+<h3 id="org042c3ee"><span class="section-number-3">4.8.</span> Configure Documentation URLs</h3>
<div class="outline-text-3" id="text-4-8">
<p>
The institute serves its <q>/usr/share/doc/</q> on the house (campus) web
site. This is a debugging convenience, making some HTML documentation
more accessible, especially the documentation of software installed on
Core and not on typical desktop clients. Also included: the Apache2
-directives that enable user Git publishing with Gitweb (defined <a href="#org7a39b76">here</a>).
+directives that enable user Git publishing with Gitweb (defined <a href="#org5965c9d">here</a>).
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Configure house website.
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Configure house website.
become: yes
copy:
content: |
</div>
</div>
</div>
-<div id="outline-container-org39ecdd8" class="outline-3">
-<h3 id="org39ecdd8"><span class="section-number-3">4.9.</span> Install Apt Cacher</h3>
+<div id="outline-container-orgfa7526b" class="outline-3">
+<h3 id="orgfa7526b"><span class="section-number-3">4.9.</span> Install Apt Cacher</h3>
<div class="outline-text-3" id="text-4-9">
<p>
The abbey uses the Apt-Cacher:TNG package cache on Core. The
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install Apt-Cacher:TNG.
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install Apt-Cacher:TNG.
become: yes
<span class="org-variable-name">apt: pkg</span>=apt-cacher-ng
</code></pre>
</div>
</div>
</div>
-<div id="outline-container-org6f7e389" class="outline-3">
-<h3 id="org6f7e389"><span class="section-number-3">4.10.</span> Use Cloister Apt Cache</h3>
+<div id="outline-container-orge15057a" class="outline-3">
+<h3 id="orge15057a"><span class="section-number-3">4.10.</span> Use Cloister Apt Cache</h3>
<div class="outline-text-3" id="text-4-10">
<p>
Core itself will benefit from using the package cache, but should
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Use the local Apt package cache.
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Use the local Apt package cache.
become: yes
copy:
content: |
</div>
</div>
</div>
-<div id="outline-container-org45e225e" class="outline-3">
-<h3 id="org45e225e"><span class="section-number-3">4.11.</span> Configure NAGIOS</h3>
+<div id="outline-container-org4924f3f" class="outline-3">
+<h3 id="org4924f3f"><span class="section-number-3">4.11.</span> Configure NAGIOS</h3>
<div class="outline-text-3" id="text-4-11">
<p>
A small institute uses <code>nagios4</code> to monitor the health of its network,
Raspberry Pis.
</p>
</div>
-<div id="outline-container-org9b85f24" class="outline-4">
-<h4 id="org9b85f24"><span class="section-number-4">4.11.1.</span> Monitoring The Home Disk</h4>
+<div id="outline-container-org414d2ee" class="outline-4">
+<h4 id="org414d2ee"><span class="section-number-4">4.11.1.</span> Monitoring The Home Disk</h4>
<div class="outline-text-4" id="text-4-11-1">
<p>
The abbey adds monitoring of the space remaining on the volume at
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Configure NAGIOS monitoring for Core /home/.
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Configure NAGIOS monitoring for Core /home/.
become: yes
copy:
content: |
</div>
<div class="org-src-container">
-<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf"><code>
-- name: Reload NAGIOS4.
+<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf"><code>- name: Reload NAGIOS4.
become: yes
systemd:
service: nagios4
</div>
</div>
</div>
-<div id="outline-container-orgf975d70" class="outline-4">
-<h4 id="orgf975d70"><span class="section-number-4">4.11.2.</span> Custom NAGIOS Monitor <code>abbey_pisensors</code></h4>
+<div id="outline-container-orgd9d0404" class="outline-4">
+<h4 id="orgd9d0404"><span class="section-number-4">4.11.2.</span> Custom NAGIOS Monitor <code>abbey_pisensors</code></h4>
<div class="outline-text-4" id="text-4-11-2">
<p>
The <code>check_sensors</code> plugin is included in the package
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-core/files/abbey_pisensors"><q>roles_t/abbey-core/files/abbey_pisensors</q></a><pre class="src src-sh"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/bin/</span><span class="org-keyword">sh</span><span class="org-comment">
-</span>
+<a href="roles_t/abbey-core/files/abbey_pisensors"><q>roles_t/abbey-core/files/abbey_pisensors</q></a><pre class="src src-sh"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/bin/</span><span class="org-keyword">sh</span>
+
<span class="org-variable-name">PATH</span>=<span class="org-string">"/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"</span>
<span class="org-builtin">export</span> PATH
<span class="org-variable-name">PROGNAME</span>=<span class="org-sh-quoted-exec">`basename $0`</span>
}
<span class="org-function-name">brief_data</span>() {
- <span class="org-builtin">echo</span> <span class="org-string">"$1"</span> | sed -n -E -e <span class="org-string">'
- /^temp[0-9]+: +[-+][0-9.]+.?C/ {
- s/^temp[0-9]+: +([-+][0-9.]+).?C.*/ \1/; H }
- $ { x; s/\n//g; p }'</span>
+ <span class="org-builtin">echo</span> <span class="org-string">"$1"</span> | sed -n -E -e <span class="org-string">'</span>
+<span class="org-string"> /^temp[0-9]+: +[-+][0-9.]+.?C/ {</span>
+<span class="org-string"> s/^temp[0-9]+: +([-+][0-9.]+).?C.*/ \1/; H }</span>
+<span class="org-string"> $ { x; s/\n//g; p }'</span>
}
<span class="org-keyword">case</span> <span class="org-string">"$1"</span><span class="org-keyword"> in</span>
</div>
</div>
</div>
-<div id="outline-container-org439ea1c" class="outline-4">
-<h4 id="org439ea1c"><span class="section-number-4">4.11.3.</span> Stolen NAGIOS Monitor <code>check_mdstat</code></h4>
+<div id="outline-container-org9545a84" class="outline-4">
+<h4 id="org9545a84"><span class="section-number-4">4.11.3.</span> Stolen NAGIOS Monitor <code>check_mdstat</code></h4>
<div class="outline-text-4" id="text-4-11-3">
<p>
This <code>check_mdstat</code> plugin was copied from the NAGIOS Exchange (<a href="https://exchange.nagios.org/directory/plugins/operating-systems/linux/check_mdstat/details/">here</a>).
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-core/files/check_mdstat"><q>roles_t/abbey-core/files/check_mdstat</q></a><pre class="src src-sh"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/usr/bin/</span><span class="org-keyword">env</span><span class="org-comment"> bash
-</span>
-<span class="org-comment-delimiter"># </span><span class="org-comment">nagios script checks for failed raid device
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">linux software raid /proc/mdstat
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">karl@webmedianow.com 2013-10-01
-</span>
+<a href="roles_t/abbey-core/files/check_mdstat"><q>roles_t/abbey-core/files/check_mdstat</q></a><pre class="src src-sh"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/usr/bin/</span><span class="org-keyword">env</span><span class="org-comment"> bash</span>
+
+<span class="org-comment-delimiter"># </span><span class="org-comment">nagios script checks for failed raid device</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">linux software raid /proc/mdstat</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">karl@webmedianow.com 2013-10-01</span>
+
<span class="org-variable-name">STATE_OK</span>=0
<span class="org-variable-name">STATE_WARNING</span>=1
<span class="org-variable-name">STATE_CRITICAL</span>=2
<span class="org-builtin">export</span> PATH
<span class="org-function-name">usage</span>() {
-cat <<-EOE<span class="org-sh-heredoc">
-Usage: $0 mdadm_device total_drives
+cat <<-EOE
+<span class="org-sh-heredoc">Usage: $0 mdadm_device total_drives</span>
- mdadm_device is md0, md1, etc...
- total_drives is 2 for mirror, or 3, 4 etc...
+<span class="org-sh-heredoc"> mdadm_device is md0, md1, etc...</span>
+<span class="org-sh-heredoc"> total_drives is 2 for mirror, or 3, 4 etc...</span>
-Nagios script to check if failed drive in /proc/mdstat
+<span class="org-sh-heredoc">Nagios script to check if failed drive in /proc/mdstat</span>
-Example: raid 2 (2 disk mirror)
- /opt/nagios/libexec/check_mdstat.sh md0 2
+<span class="org-sh-heredoc">Example: raid 2 (2 disk mirror)</span>
+<span class="org-sh-heredoc"> /opt/nagios/libexec/check_mdstat.sh md0 2</span>
-Example: raid 5 with 8 disks
- /opt/nagios/libexec/check_mdstat.sh md0 8
+<span class="org-sh-heredoc">Example: raid 5 with 8 disks</span>
+<span class="org-sh-heredoc"> /opt/nagios/libexec/check_mdstat.sh md0 8</span>
-EOE
-</span><span class="org-keyword">exit</span> $<span class="org-variable-name">STATE_UNKNOWN</span>
+<span class="org-sh-heredoc">EOE</span>
+<span class="org-keyword">exit</span> $<span class="org-variable-name">STATE_UNKNOWN</span>
}
<span class="org-keyword">if</span> [ $<span class="org-variable-name">#</span> -lt 2 ]; <span class="org-keyword">then</span>
<span class="org-variable-name">uu</span>=<span class="org-string">"[${U}]"</span>
<span class="org-variable-name">nn</span>=<span class="org-string">"[${drive_num}/${drive_num}]"</span>
-<span class="org-comment-delimiter">#</span><span class="org-comment">cat /proc/mdstat | grep -A 1 ^md1 | tail -1 | awk '{print ($(</span><span class="org-sh-quoted-exec">NF</span><span class="org-comment">))}'
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">[UUUUUUUU] is OK raid
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">[_U] is Failed Drive
-</span>
-<span class="org-comment-delimiter"># </span><span class="org-comment">check if we have correct device...
-</span><span class="org-keyword">if</span> cat /proc/mdstat | grep ^${<span class="org-variable-name">cmd_device</span>} | awk <span class="org-string">'{print $1}'</span> | grep ^${<span class="org-variable-name">cmd_device</span>}$ >/dev/null 2>&1
+<span class="org-comment-delimiter">#</span><span class="org-comment">cat /proc/mdstat | grep -A 1 ^md1 | tail -1 | awk '{print ($(</span><span class="org-sh-quoted-exec">NF</span><span class="org-comment">))}'</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">[UUUUUUUU] is OK raid</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">[_U] is Failed Drive</span>
+
+<span class="org-comment-delimiter"># </span><span class="org-comment">check if we have correct device...</span>
+<span class="org-keyword">if</span> cat /proc/mdstat | grep ^${<span class="org-variable-name">cmd_device</span>} | awk <span class="org-string">'{print $1}'</span> | grep ^${<span class="org-variable-name">cmd_device</span>}$ >/dev/null 2>&1
<span class="org-keyword">then</span>
<span class="org-variable-name">device</span>=$<span class="org-variable-name">cmd_device</span>
<span class="org-keyword">else</span>
<span class="org-builtin">echo</span> <span class="org-string">"FAIL: $device $n_status $u_status"</span>
<span class="org-keyword">exit</span> $<span class="org-variable-name">STATE_CRITICAL</span>
<span class="org-keyword">fi</span>
-
-
</code></pre>
</div>
</div>
</div>
-<div id="outline-container-orgfaece9a" class="outline-4">
-<h4 id="orgfaece9a"><span class="section-number-4">4.11.4.</span> Configure NAGIOS Monitoring of The Cloister</h4>
+<div id="outline-container-org42df1ba" class="outline-4">
+<h4 id="org42df1ba"><span class="section-number-4">4.11.4.</span> Configure NAGIOS Monitoring of The Cloister</h4>
<div class="outline-text-4" id="text-4-11-4">
<p>
The abbey adds monitoring for more servers: Dantooine, Kessel and Ord
are idiosyncratically in flux.
</p>
</div>
-<div id="outline-container-orgc13c51b" class="outline-5">
-<h5 id="orgc13c51b"><span class="section-number-5">4.11.4.1.</span> Cloister Network Addresses</h5>
+<div id="outline-container-org4f11f77" class="outline-5">
+<h5 id="org4f11f77"><span class="section-number-5">4.11.4.1.</span> Cloister Network Addresses</h5>
<div class="outline-text-5" id="text-4-11-4-1">
<p>
The IP addresses of all three hosts are nice to use in the NAGIOS
</div>
</div>
</div>
-<div id="outline-container-org34c60e8" class="outline-5">
-<h5 id="org34c60e8"><span class="section-number-5">4.11.4.2.</span> Install NAGIOS Configurations</h5>
+<div id="outline-container-org5f30805" class="outline-5">
+<h5 id="org5f30805"><span class="section-number-5">4.11.4.2.</span> Install NAGIOS Configurations</h5>
<div class="outline-text-5" id="text-4-11-4-2">
<p>
The following task installs each host's NAGIOS configuration.
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Configure cloister NAGIOS monitoring.
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Configure cloister NAGIOS monitoring.
become: yes
template:
src: nagios-{{ item }}.cfg
</div>
</div>
</div>
-<div id="outline-container-org57a0d79" class="outline-5">
-<h5 id="org57a0d79"><span class="section-number-5">4.11.4.3.</span> NAGIOS Monitoring of Dantooine</h5>
+<div id="outline-container-org356f783" class="outline-5">
+<h5 id="org356f783"><span class="section-number-5">4.11.4.3.</span> NAGIOS Monitoring of Dantooine</h5>
<div class="outline-text-5" id="text-4-11-4-3">
<div class="org-src-container">
<a href="roles_t/abbey-core/templates/nagios-dantooine.cfg"><q>roles_t/abbey-core/templates/nagios-dantooine.cfg</q></a><pre class="src src-conf"><code><span class="org-type">define host</span> {
check_command check_nrpe!abbey_dvr
}
-<span class="org-comment-delimiter"># </span><span class="org-comment">define service {
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">use generic-service
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">host_name dantooine
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">service_description Current Load
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">check_command check_nrpe!check_load
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">}
-</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">define service {</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">use generic-service</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">host_name dantooine</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">service_description Current Load</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">check_command check_nrpe!check_load</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">}</span>
+
<span class="org-type">define service</span> {
use generic-service
host_name dantooine
check_command check_nrpe!check_zombie_procs
}
-<span class="org-comment-delimiter"># </span><span class="org-comment">define service {
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">use generic-service
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">host_name dantooine
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">service_description Total Processes
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">check_command check_nrpe!check_total_procs
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">}
-</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">define service {</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">use generic-service</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">host_name dantooine</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">service_description Total Processes</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">check_command check_nrpe!check_total_procs</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">}</span>
+
<span class="org-type">define service</span> {
use generic-service
host_name dantooine
</div>
</div>
</div>
-<div id="outline-container-org2b3a9ba" class="outline-5">
-<h5 id="org2b3a9ba"><span class="section-number-5">4.11.4.4.</span> NAGIOS Monitoring of Kessel</h5>
+<div id="outline-container-org039d217" class="outline-5">
+<h5 id="org039d217"><span class="section-number-5">4.11.4.4.</span> NAGIOS Monitoring of Kessel</h5>
<div class="outline-text-5" id="text-4-11-4-4">
<div class="org-src-container">
<a href="roles_t/abbey-core/templates/nagios-kessel.cfg"><q>roles_t/abbey-core/templates/nagios-kessel.cfg</q></a><pre class="src src-conf"><code><span class="org-type">define host</span> {
check_command check_nrpe!inst_root
}
-<span class="org-comment-delimiter"># </span><span class="org-comment">define service {
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">use generic-service
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">host_name kessel
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">service_description Current Load
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">check_command check_nrpe!check_load
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">}
-</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">define service {</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">use generic-service</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">host_name kessel</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">service_description Current Load</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">check_command check_nrpe!check_load</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">}</span>
+
<span class="org-type">define service</span> {
use generic-service
host_name kessel
check_command check_nrpe!check_zombie_procs
}
-<span class="org-comment-delimiter"># </span><span class="org-comment">define service {
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">use generic-service
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">host_name kessel
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">service_description Total Processes
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">check_command check_nrpe!check_total_procs
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">}
-</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">define service {</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">use generic-service</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">host_name kessel</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">service_description Total Processes</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">check_command check_nrpe!check_total_procs</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">}</span>
+
<span class="org-type">define service</span> {
use generic-service
host_name kessel
</div>
</div>
</div>
-<div id="outline-container-orgb9f9d18" class="outline-5">
-<h5 id="orgb9f9d18"><span class="section-number-5">4.11.4.5.</span> NAGIOS Monitoring of Ord-Mantell</h5>
+<div id="outline-container-orgae4d84f" class="outline-5">
+<h5 id="orgae4d84f"><span class="section-number-5">4.11.4.5.</span> NAGIOS Monitoring of Ord-Mantell</h5>
<div class="outline-text-5" id="text-4-11-4-5">
<div class="org-src-container">
<a href="roles_t/abbey-core/templates/nagios-ord-mantell.cfg"><q>roles_t/abbey-core/templates/nagios-ord-mantell.cfg</q></a><pre class="src src-conf"><code><span class="org-type">define host</span> {
check_command check_nrpe!inst_root
}
-<span class="org-comment-delimiter"># </span><span class="org-comment">define service {
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">use generic-service
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">host_name ord-mantell
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">service_description Current Load
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">check_command check_nrpe!check_load
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">}
-</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">define service {</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">use generic-service</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">host_name ord-mantell</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">service_description Current Load</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">check_command check_nrpe!check_load</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">}</span>
+
<span class="org-type">define service</span> {
use generic-service
host_name ord-mantell
check_command check_nrpe!check_zombie_procs
}
-<span class="org-comment-delimiter"># </span><span class="org-comment">define service {
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">use generic-service
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">host_name ord-mantell
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">service_description Total Processes
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">check_command check_nrpe!check_total_procs
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">}
-</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">define service {</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">use generic-service</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">host_name ord-mantell</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">service_description Total Processes</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">check_command check_nrpe!check_total_procs</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">}</span>
+
<span class="org-type">define service</span> {
use generic-service
host_name ord-mantell
</div>
</div>
</div>
-<div id="outline-container-org5216bd9" class="outline-3">
-<h3 id="org5216bd9"><span class="section-number-3">4.12.</span> Install Munin</h3>
+<div id="outline-container-org67864f4" class="outline-3">
+<h3 id="org67864f4"><span class="section-number-3">4.12.</span> Install Munin</h3>
<div class="outline-text-3" id="text-4-12">
<p>
The abbey is experimenting with Munin. NAGIOS is all about notifying
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install Munin.
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install Munin.
become: yes
<span class="org-variable-name">apt: pkg</span>=munin
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Configure core sensors(1).
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Configure core sensors(1).
become: yes
copy:
content: |
</div>
<div class="org-src-container">
-<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf"><code>
-- name: Restart Munin.
+<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf"><code>- name: Restart Munin.
become: yes
systemd:
service: munin
</div>
</div>
</div>
-<div id="outline-container-org633aafd" class="outline-3">
-<h3 id="org633aafd"><span class="section-number-3">4.13.</span> Install Analog</h3>
+<div id="outline-container-org227d64c" class="outline-3">
+<h3 id="org227d64c"><span class="section-number-3">4.13.</span> Install Analog</h3>
<div class="outline-text-3" id="text-4-13">
<p>
The abbey's public web site's access and error logs are emailed
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install Analog.
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install Analog.
become: yes
<span class="org-variable-name">apt: pkg</span>=analog
</div>
</div>
</div>
-<div id="outline-container-org4f1f439" class="outline-3">
-<h3 id="org4f1f439"><span class="section-number-3">4.14.</span> Add Monkey to Web Server Group</h3>
+<div id="outline-container-orgf8de97a" class="outline-3">
+<h3 id="orgf8de97a"><span class="section-number-3">4.14.</span> Add Monkey to Web Server Group</h3>
<div class="outline-text-3" id="text-4-14">
<p>
Monkey needs to be in <code>www-data</code> so that it can run
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Add Monkey to Nextcloud group.
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Add Monkey to Nextcloud group.
become: yes
user:
name: monkey
</div>
</div>
</div>
-<div id="outline-container-org0f4e52f" class="outline-3">
-<h3 id="org0f4e52f"><span class="section-number-3">4.15.</span> Install netpbm For Photo Processing</h3>
+<div id="outline-container-org61acd41" class="outline-3">
+<h3 id="org61acd41"><span class="section-number-3">4.15.</span> Install netpbm For Photo Processing</h3>
<div class="outline-text-3" id="text-4-15">
<p>
Monkey's photo processing scripts use <code>netpbm</code> commands like
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install netpbm.
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install netpbm.
become: yes
<span class="org-variable-name">apt: pkg</span>=netpbm
</code></pre>
</div>
</div>
</div>
-<div id="outline-container-org8b6dff1" class="outline-2">
-<h2 id="org8b6dff1"><span class="section-number-2">5.</span> The Abbey Gate Role</h2>
+<div id="outline-container-org0e51592" class="outline-2">
+<h2 id="org0e51592"><span class="section-number-2">5.</span> The Abbey Gate Role</h2>
<div class="outline-text-2" id="text-5">
<p>
Birchwood Abbey's gate is a $110 µPC configured as A Small Institute
Ecowitt hub.
</p>
</div>
-<div id="outline-container-org92e98ee" class="outline-3">
-<h3 id="org92e98ee"><span class="section-number-3">5.1.</span> The Abbey Gate's Network Interfaces</h3>
+<div id="outline-container-org6bb57a5" class="outline-3">
+<h3 id="org6bb57a5"><span class="section-number-3">5.1.</span> The Abbey Gate's Network Interfaces</h3>
<div class="outline-text-3" id="text-5-1">
<p>
The abbey gate's <code>lan</code> interface is the PC's built-in Ethernet
</p>
</div>
</div>
-<div id="outline-container-org6886cb3" class="outline-3">
-<h3 id="org6886cb3"><span class="section-number-3">5.2.</span> The Abbey's IoT Network</h3>
+<div id="outline-container-orgd354da1" class="outline-3">
+<h3 id="orgd354da1"><span class="section-number-3">5.2.</span> The Abbey's IoT Network</h3>
<div class="outline-text-3" id="text-5-2">
<p>
To allow masquerading between the private subnets and <code>wild</code>, the
following <code>iptables(8)</code> rules are added. They are very similar to the
<code>nat</code> and <code>filter</code> table rules used by a small institute to masquerade
-its <code>lan</code> to its <code>isp</code> (see the <a href="Institute/README.html#org1c59284">UFW Rules</a> of a Small Institute).
+its <code>lan</code> to its <code>isp</code> (see the <a href="Institute/README.html#orgcdebc22">UFW Rules</a> of a Small Institute).
The campus WireGuard™ subnet is not included because the campus Wi-Fi
hosts should be routing to the wild subnet directly and are assumed to
be masquerading as their access point(s).
</p>
<div class="org-src-container">
-<code>iot-nat</code><pre class="src src-conf" id="orgb5d849e"><code>-A POSTROUTING -s {{ private_net_cidr }} -o wild -j MASQUERADE
+<code>iot-nat</code><pre class="src src-conf" id="orgcffe50d"><code>-A POSTROUTING -s {{ private_net_cidr }} -o wild -j MASQUERADE
-A POSTROUTING -s {{ public_wg_net_cidr }} -o wild -j MASQUERADE
</code></pre>
</div>
<div class="org-src-container">
-<code>iot-forward</code><pre class="src src-conf" id="org8d7cf4c"><code>-A ufw-before-forward -i lan -o wild -j ACCEPT
+<code>iot-forward</code><pre class="src src-conf" id="org9eb6bed"><code>-A ufw-before-forward -i lan -o wild -j ACCEPT
-A ufw-before-forward -i wg0 -o wild -j ACCEPT
</code></pre>
</div>
</p>
</div>
</div>
-<div id="outline-container-org68384d2" class="outline-3">
-<h3 id="org68384d2"><span class="section-number-3">5.3.</span> Configure UFW for IoT</h3>
+<div id="outline-container-org4d5de24" class="outline-3">
+<h3 id="org4d5de24"><span class="section-number-3">5.3.</span> Configure UFW for IoT</h3>
<div class="outline-text-3" id="text-5-3">
<p>
The following task installs the additional rules in <q>before.rules</q> (as
-in <a href="Institute/README.html#orgf03d906">Configure UFW</a>).
+in <a href="Institute/README.html#org52994f0">Configure UFW</a>).
</p>
<div class="org-src-container">
</div>
</div>
</div>
-<div id="outline-container-org1bca27d" class="outline-3">
-<h3 id="org1bca27d"><span class="section-number-3">5.4.</span> The Abbey's Starlink Configuration</h3>
+<div id="outline-container-org4a2989c" class="outline-3">
+<h3 id="org4a2989c"><span class="section-number-3">5.4.</span> The Abbey's Starlink Configuration</h3>
<div class="outline-text-3" id="text-5-4">
<p>
The abbey connects to Starlink via Ethernet, and disables Starlink's
</p>
</div>
</div>
-<div id="outline-container-org00efde1" class="outline-3">
-<h3 id="org00efde1"><span class="section-number-3">5.5.</span> Alternate ISPs</h3>
+<div id="outline-container-orgf544c16" class="outline-3">
+<h3 id="orgf544c16"><span class="section-number-3">5.5.</span> Alternate ISPs</h3>
<div class="outline-text-3" id="text-5-5">
<p>
The abbey used to use a cell phone on a USB tether to get Internet
</div>
</div>
</div>
-<div id="outline-container-orgd5620ea" class="outline-2">
-<h2 id="orgd5620ea"><span class="section-number-2">6.</span> The Abbey Cloister Role</h2>
+<div id="outline-container-org10ccaff" class="outline-2">
+<h2 id="org10ccaff"><span class="section-number-2">6.</span> The Abbey Cloister Role</h2>
<div class="outline-text-2" id="text-6">
<p>
Birchwood Abbey's cloister is a small institute campus. The <code>campus</code>
<p>
Wireless clients are issued keys for the cloister VPN by the <code>./abbey
client</code> command which is currently identical to the <code>./inst client</code>
-command (described in <a href="Institute/README.html#org7efeef2">The Client Command</a>). The wireless, cloistered
+command (described in <a href="Institute/README.html#orgf253523">The Client Command</a>). The wireless, cloistered
hosts never roam, are not associated with a member, and so are
"campus" clients, issued keys with commands like this:
</p>
S+6HaTnOwwhWgUGXjSBcPAvifKw+j8BDTRfq534gNW4=
</pre>
</div>
-<div id="outline-container-org71ac6c2" class="outline-3">
-<h3 id="org71ac6c2"><span class="section-number-3">6.1.</span> Use Cloister Apt Cache</h3>
+<div id="outline-container-org61c12ec" class="outline-3">
+<h3 id="org61c12ec"><span class="section-number-3">6.1.</span> Use Cloister Apt Cache</h3>
<div class="outline-text-3" id="text-6-1">
<p>
The Apt-Cacher:TNG program does not work well on the frontier, so is
</div>
</div>
</div>
-<div id="outline-container-orga560782" class="outline-3">
-<h3 id="orga560782"><span class="section-number-3">6.2.</span> Configure Cloister NRPE</h3>
+<div id="outline-container-orga2d6911" class="outline-3">
+<h3 id="orga2d6911"><span class="section-number-3">6.2.</span> Configure Cloister NRPE</h3>
<div class="outline-text-3" id="text-6-2">
<p>
Each cloistered host is a small institute campus host and thus is
already running an NRPE server (a NAGIOS Remote Plugin Executor
-server) with a custom <code>inst_sensors</code> monitor (described in <a href="Institute/README.html#orgadce02c">Configure
+server) with a custom <code>inst_sensors</code> monitor (described in <a href="Institute/README.html#org0d2271c">Configure
NRPE</a> of <a href="Institute/README.html">A Small Institute</a>). The abbey adds one complication: yet
another <code>check_sensors</code> variant, <code>abbey_pisensors</code>, installed on
Raspberry Pis (architecture <code>aarch64</code>) only.
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install abbey_pisensors NAGIOS plugin.
+<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install abbey_pisensors NAGIOS plugin.
become: yes
copy:
src: ../abbey-core/files/abbey_pisensors
</div>
</div>
</div>
-<div id="outline-container-orgb638f2c" class="outline-3">
-<h3 id="orgb638f2c"><span class="section-number-3">6.3.</span> Install Munin Node</h3>
+<div id="outline-container-org4230b2d" class="outline-3">
+<h3 id="org4230b2d"><span class="section-number-3">6.3.</span> Install Munin Node</h3>
<div class="outline-text-3" id="text-6-3">
<p>
Each cloistered host is a Munin node.
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install Munin Node.
+<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install Munin Node.
become: yes
<span class="org-variable-name">apt: pkg</span>=munin-node
</div>
<div class="org-src-container">
-<a href="roles_t/abbey-cloister/handlers/main.yml"><q>roles_t/abbey-cloister/handlers/main.yml</q></a><pre class="src src-conf"><code>
-- name: Restart Munin Node.
+<a href="roles_t/abbey-cloister/handlers/main.yml"><q>roles_t/abbey-cloister/handlers/main.yml</q></a><pre class="src src-conf"><code>- name: Restart Munin Node.
become: yes
systemd:
service: munin-node
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Configure {{ inventory_hostname }} sensors(1).
+<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Configure {{ inventory_hostname }} sensors(1).
copy:
content: |
chip <span class="org-string">"iwlwifi_1-virtual-0"</span>
</div>
</div>
</div>
-<div id="outline-container-org430cada" class="outline-3">
-<h3 id="org430cada"><span class="section-number-3">6.4.</span> Install Emacs</h3>
+<div id="outline-container-orgccc2391" class="outline-3">
+<h3 id="orgccc2391"><span class="section-number-3">6.4.</span> Install Emacs</h3>
<div class="outline-text-3" id="text-6-4">
<p>
The monks of the abbey are masters of the staff and Emacs.
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install monastic software.
+<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install monastic software.
become: yes
<span class="org-variable-name">apt: pkg</span>=emacs
</code></pre>
</div>
</div>
</div>
-<div id="outline-container-org1ccf88d" class="outline-2">
-<h2 id="org1ccf88d"><span class="section-number-2">7.</span> The Abbey Weather Role</h2>
+<div id="outline-container-org19320d3" class="outline-2">
+<h2 id="org19320d3"><span class="section-number-2">7.</span> The Abbey Weather Role</h2>
<div class="outline-text-2" id="text-7">
<p>
Birchwood Abbey now uses Home Assistant to record and display weather
</p>
</div>
</div>
-<div id="outline-container-org8d22d49" class="outline-2">
-<h2 id="org8d22d49"><span class="section-number-2">8.</span> The Abbey DVR Role</h2>
+<div id="outline-container-orgdf2e3d4" class="outline-2">
+<h2 id="orgdf2e3d4"><span class="section-number-2">8.</span> The Abbey DVR Role</h2>
<div class="outline-text-2" id="text-8">
<p>
The abbey uses AgentDVR to record video from PoE IP HD security
configuration and recordings in <q>/home/agentdvr/</q>.
</p>
</div>
-<div id="outline-container-orgcc3a9aa" class="outline-3">
-<h3 id="orgcc3a9aa"><span class="section-number-3">8.1.</span> Install AgentDVR</h3>
+<div id="outline-container-org85c2ea3" class="outline-3">
+<h3 id="org85c2ea3"><span class="section-number-3">8.1.</span> Install AgentDVR</h3>
<div class="outline-text-3" id="text-8-1">
<p>
AgentDVR is installed according to the iSpy web site's latest
<div class="org-src-container">
<pre class="src src-sh"><code>sudo apt-get install curl
-bash <(curl -s <span class="org-string">"https://raw.githubusercontent.com/\
-ispysoftware/agent-install-scripts/main/v2/\
-install.sh"</span>)
+bash <(curl -s <span class="org-string">"https://raw.githubusercontent.com/\</span>
+<span class="org-string">ispysoftware/agent-install-scripts/main/v2/\</span>
+<span class="org-string">install.sh"</span>)
</code></pre>
</div>
<code>agentdvr</code> account if it has (temporary) authorization.
</p>
</div>
-<div id="outline-container-orgd5b359f" class="outline-4">
-<h4 id="orgd5b359f"><span class="section-number-4">8.1.1.</span> Prepare for AgentDVR Installation</h4>
+<div id="outline-container-orgf8d1694" class="outline-4">
+<h4 id="orgf8d1694"><span class="section-number-4">8.1.1.</span> Prepare for AgentDVR Installation</h4>
<div class="outline-text-4" id="text-8-1-1">
<p>
The following commands are manually executed to create the <code>agentdvr</code>
<div class="org-src-container">
<pre class="src src-sh"><code>sudo adduser --disabled-password agentdvr
-<span class="org-builtin">echo</span> <span class="org-string">"ALL ALL=(agentdvr) NOPASSWD: /bin/systemctl,/bin/apt-get,\
- /sbin/adduser,/sbin/usermod"</span> >~/01agentdvr
+<span class="org-builtin">echo</span> <span class="org-string">"ALL ALL=(agentdvr) NOPASSWD: /bin/systemctl,/bin/apt-get,\</span>
+<span class="org-string"> /sbin/adduser,/sbin/usermod"</span> >~/01agentdvr
sudo chown root:root ~/01agentdvr
sudo chmod 440 ~/01agentdvr
visudo --check --owner --perms ~/01agentdvr
</div>
</div>
</div>
-<div id="outline-container-org452133d" class="outline-4">
-<h4 id="org452133d"><span class="section-number-4">8.1.2.</span> Execute AgentDVR Installation</h4>
+<div id="outline-container-org4af08dc" class="outline-4">
+<h4 id="org4af08dc"><span class="section-number-4">8.1.2.</span> Execute AgentDVR Installation</h4>
<div class="outline-text-4" id="text-8-1-2">
<p>
With the above preparations, the system administrator can get a shell
</p>
</div>
</div>
-<div id="outline-container-org3d46dbb" class="outline-4">
-<h4 id="org3d46dbb"><span class="section-number-4">8.1.3.</span> Complete AgentDVR Installation</h4>
+<div id="outline-container-org7cb6c63" class="outline-4">
+<h4 id="org7cb6c63"><span class="section-number-4">8.1.3.</span> Complete AgentDVR Installation</h4>
<div class="outline-text-4" id="text-8-1-3">
<p>
When Ansible is run a second time, after the installation script, it
</div>
</div>
</div>
-<div id="outline-container-org775faed" class="outline-3">
-<h3 id="org775faed"><span class="section-number-3">8.2.</span> Configure User <code>agentdvr</code></h3>
+<div id="outline-container-orgef2a47d" class="outline-3">
+<h3 id="orgef2a47d"><span class="section-number-3">8.2.</span> Configure User <code>agentdvr</code></h3>
<div class="outline-text-3" id="text-8-2">
<p>
AgentDVR runs as the system user <code>agentdvr</code>, which is configured here.
</div>
</div>
</div>
-<div id="outline-container-orgd6c6dbb" class="outline-3">
-<h3 id="orgd6c6dbb"><span class="section-number-3">8.3.</span> Test For <q>AgentDVR/</q></h3>
+<div id="outline-container-org1d5c6a5" class="outline-3">
+<h3 id="org1d5c6a5"><span class="section-number-3">8.3.</span> Test For <q>AgentDVR/</q></h3>
<div class="outline-text-3" id="text-8-3">
<p>
The following task probes for the <q>/home/agentdvr/AgentDVR/</q>
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-dvr/tasks/main.yml"><q>roles_t/abbey-dvr/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Test for AgentDVR directory.
+<a href="roles_t/abbey-dvr/tasks/main.yml"><q>roles_t/abbey-dvr/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Test for AgentDVR directory.
stat:
path: /home/agentdvr/AgentDVR
register: agentdvr
</div>
</div>
</div>
-<div id="outline-container-orgf37a978" class="outline-3">
-<h3 id="orgf37a978"><span class="section-number-3">8.4.</span> Create AgentDVR Service</h3>
+<div id="outline-container-orge834b35" class="outline-3">
+<h3 id="orge834b35"><span class="section-number-3">8.4.</span> Create AgentDVR Service</h3>
<div class="outline-text-3" id="text-8-4">
<p>
This service definition came from the template downloaded (from <a href="https://raw.githubusercontent.com/ispysoftware/agent-install-scripts/main/v2/AgentDVR.service">here</a>)
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-dvr/tasks/main.yml"><q>roles_t/abbey-dvr/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install AgentDVR.service.
+<a href="roles_t/abbey-dvr/tasks/main.yml"><q>roles_t/abbey-dvr/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install AgentDVR.service.
become: yes
copy:
content: |
<span class="org-variable-name">WorkingDirectory</span>=/home/agentdvr/AgentDVR
<span class="org-variable-name">ExecStart</span>=/home/agentdvr/AgentDVR/Agent
- <span class="org-comment-delimiter"># </span><span class="org-comment">fix memory management issue with dotnet core
-</span> <span class="org-variable-name">Environment</span>=<span class="org-string">"MALLOC_TRIM_THRESHOLD_=100000"</span>
+ <span class="org-comment-delimiter"># </span><span class="org-comment">fix memory management issue with dotnet core</span>
+ <span class="org-variable-name">Environment</span>=<span class="org-string">"MALLOC_TRIM_THRESHOLD_=100000"</span>
- <span class="org-comment-delimiter"># </span><span class="org-comment">to query logs using journalctl, set a logical name here
-</span> <span class="org-variable-name">SyslogIdentifier</span>=AgentDVR
+ <span class="org-comment-delimiter"># </span><span class="org-comment">to query logs using journalctl, set a logical name here</span>
+ <span class="org-variable-name">SyslogIdentifier</span>=AgentDVR
<span class="org-variable-name">User</span>=agentdvr
- <span class="org-comment-delimiter"># </span><span class="org-comment">ensure the service automatically restarts
-</span> <span class="org-variable-name">Restart</span>=always
- <span class="org-comment-delimiter"># </span><span class="org-comment">amount of time to wait before restarting the service
-</span> <span class="org-variable-name">RestartSec</span>=5
+ <span class="org-comment-delimiter"># </span><span class="org-comment">ensure the service automatically restarts</span>
+ <span class="org-variable-name">Restart</span>=always
+ <span class="org-comment-delimiter"># </span><span class="org-comment">amount of time to wait before restarting the service</span>
+ <span class="org-variable-name">RestartSec</span>=5
[<span class="org-type">Install</span>]
<span class="org-variable-name">WantedBy</span>=multi-user.target
</div>
<div class="org-src-container">
-<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf"><code>
-- name: Restart AgentDVR.
+<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf"><code>- name: Restart AgentDVR.
become: yes
systemd:
service: AgentDVR
</div>
</div>
</div>
-<div id="outline-container-org514f090" class="outline-3">
-<h3 id="org514f090"><span class="section-number-3">8.5.</span> Create AgentDVR Storage</h3>
+<div id="outline-container-org302cbc2" class="outline-3">
+<h3 id="org302cbc2"><span class="section-number-3">8.5.</span> Create AgentDVR Storage</h3>
<div class="outline-text-3" id="text-8-5">
<p>
The abbey uses a separate volume to store surveillance recordings,
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-dvr/tasks/main.yml"><q>roles_t/abbey-dvr/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Create /DVR/AgentDVR/.
+<a href="roles_t/abbey-dvr/tasks/main.yml"><q>roles_t/abbey-dvr/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Create /DVR/AgentDVR/.
become: yes
file:
state: directory
</div>
</div>
</div>
-<div id="outline-container-org08ba9e6" class="outline-3">
-<h3 id="org08ba9e6"><span class="section-number-3">8.6.</span> Install Custom NAGIOS Monitor <code>abbey_dvr</code></h3>
+<div id="outline-container-org6a98471" class="outline-3">
+<h3 id="org6a98471"><span class="section-number-3">8.6.</span> Install Custom NAGIOS Monitor <code>abbey_dvr</code></h3>
<div class="outline-text-3" id="text-8-6">
<p>
DVR hosts install a custom NRPE plugin named <code>abbey_dvr</code> to monitor
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-dvr/tasks/main.yml"><q>roles_t/abbey-dvr/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Configure NAGIOS command abbey_dvr.
+<a href="roles_t/abbey-dvr/tasks/main.yml"><q>roles_t/abbey-dvr/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Configure NAGIOS command abbey_dvr.
become: yes
vars:
lib: /usr/lib/nagios/plugins
</div>
</div>
</div>
-<div id="outline-container-orge82a2fb" class="outline-3">
-<h3 id="orge82a2fb"><span class="section-number-3">8.7.</span> Configure IP Cameras</h3>
+<div id="outline-container-org068505d" class="outline-3">
+<h3 id="org068505d"><span class="section-number-3">8.7.</span> Configure IP Cameras</h3>
<div class="outline-text-3" id="text-8-7">
<p>
-A new security camera is setup as described in <a href="#orgb57e970">Cloistering</a>, after
+A new security camera is setup as described in <a href="#orgbcbd35c">Cloistering</a>, after
which the camera should be accessible by name on the abbey networks.
Assuming <code>ping -c1 new</code> works, the camera's web interface will be
accessible at <code>http://new/</code>.
</ul>
</div>
</div>
-<div id="outline-container-org2f0ff57" class="outline-3">
-<h3 id="org2f0ff57"><span class="section-number-3">8.8.</span> Configure AgentDVR's Cameras</h3>
+<div id="outline-container-org79c420e" class="outline-3">
+<h3 id="org79c420e"><span class="section-number-3">8.8.</span> Configure AgentDVR's Cameras</h3>
<div class="outline-text-3" id="text-8-8">
<p>
After Ansible has configured and started the AgentDVR service, its web
</p>
</div>
</div>
-<div id="outline-container-org75e828d" class="outline-3">
-<h3 id="org75e828d"><span class="section-number-3">8.9.</span> Configure AgentDVR's Default Storage</h3>
+<div id="outline-container-org8759686" class="outline-3">
+<h3 id="org8759686"><span class="section-number-3">8.9.</span> Configure AgentDVR's Default Storage</h3>
<div class="outline-text-3" id="text-8-9">
<p>
AgentDVR's web interface is also used to configure a default storage
</p>
</div>
</div>
-<div id="outline-container-org5593023" class="outline-3">
-<h3 id="org5593023"><span class="section-number-3">8.10.</span> Configure AgentDVR's Recordings</h3>
+<div id="outline-container-org9eb2379" class="outline-3">
+<h3 id="org9eb2379"><span class="section-number-3">8.10.</span> Configure AgentDVR's Recordings</h3>
<div class="outline-text-3" id="text-8-10">
<p>
After a default storage location has been configured, AgentDVR's
</ul>
</div>
</div>
-<div id="outline-container-org2acb7a7" class="outline-3">
-<h3 id="org2acb7a7"><span class="section-number-3">8.11.</span> Restore AgentDVR</h3>
+<div id="outline-container-org38942e9" class="outline-3">
+<h3 id="org38942e9"><span class="section-number-3">8.11.</span> Restore AgentDVR</h3>
<div class="outline-text-3" id="text-8-11">
<p>
When restoring <q>/home/</q> from a backup copy, the user accounts are
</div>
</div>
</div>
-<div id="outline-container-orgb2e6139" class="outline-2">
-<h2 id="orgb2e6139"><span class="section-number-2">9.</span> The Abbey TVR Role</h2>
+<div id="outline-container-org1f83e98" class="outline-2">
+<h2 id="org1f83e98"><span class="section-number-2">9.</span> The Abbey TVR Role</h2>
<div class="outline-text-2" id="text-9">
<p>
The abbey has a few TV tuners and a subscription to <a href="https://schedulesdirect.org/">Schedules Direct</a>
</p>
<p>
-A new TVR machine needs only <a href="#orgb57e970">Cloistering</a> to prepare it for
+A new TVR machine needs only <a href="#orgbcbd35c">Cloistering</a> to prepare it for
Ansible. As part of that process, it should be added to the <code>tvrs</code>
group in the <q>hosts</q> file. An existing server can become a TVR
machine by adding it to the <code>tvrs</code> group.
</p>
</div>
-<div id="outline-container-org0bd571a" class="outline-3">
-<h3 id="org0bd571a"><span class="section-number-3">9.1.</span> Include Abbey Variables</h3>
+<div id="outline-container-org69fdfc9" class="outline-3">
+<h3 id="org69fdfc9"><span class="section-number-3">9.1.</span> Include Abbey Variables</h3>
<div class="outline-text-3" id="text-9-1">
<p>
Private variables in <q>private/vars-abbey.yml</q> are needed, as in the
</div>
</div>
</div>
-<div id="outline-container-org99fc858" class="outline-3">
-<h3 id="org99fc858"><span class="section-number-3">9.2.</span> Manually Build and Install MythTV</h3>
+<div id="outline-container-orgc734da1" class="outline-3">
+<h3 id="orgc734da1"><span class="section-number-3">9.2.</span> Manually Build and Install MythTV</h3>
<div class="outline-text-3" id="text-9-2">
<p>
Neither Debian nor the MythTV project provide binary packages of
</div>
</div>
</div>
-<div id="outline-container-org9f2867d" class="outline-3">
-<h3 id="org9f2867d"><span class="section-number-3">9.3.</span> Restore MythTV</h3>
+<div id="outline-container-org68f3641" class="outline-3">
+<h3 id="org68f3641"><span class="section-number-3">9.3.</span> Restore MythTV</h3>
<div class="outline-text-3" id="text-9-3">
<p>
Restoring MythTV from a backup copy to a fresh TVR host:
</ul>
</div>
</div>
-<div id="outline-container-orgf981860" class="outline-3">
-<h3 id="orgf981860"><span class="section-number-3">9.4.</span> Manually Load DB Timezone Info</h3>
+<div id="outline-container-org54142b3" class="outline-3">
+<h3 id="org54142b3"><span class="section-number-3">9.4.</span> Manually Load DB Timezone Info</h3>
<div class="outline-text-3" id="text-9-4">
<p>
Starting with MythTV version 0.26, the time zone tables must be loaded
</div>
</div>
</div>
-<div id="outline-container-org4e44682" class="outline-3">
-<h3 id="org4e44682"><span class="section-number-3">9.5.</span> Create MythTV Storage Area</h3>
+<div id="outline-container-org7c6c1f3" class="outline-3">
+<h3 id="org7c6c1f3"><span class="section-number-3">9.5.</span> Create MythTV Storage Area</h3>
<div class="outline-text-3" id="text-9-5">
<p>
The backend does not have a default storage area for its recordings.
</p>
<div class="org-src-container">
-<a href="roles_t/abbey-tvr/tasks/main.yml"><q>roles_t/abbey-tvr/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Create MythTV storage area.
+<a href="roles_t/abbey-tvr/tasks/main.yml"><q>roles_t/abbey-tvr/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Create MythTV storage area.
become: yes
file:
state: directory
</div>
</div>
</div>
-<div id="outline-container-org4f2c780" class="outline-3">
-<h3 id="org4f2c780"><span class="section-number-3">9.6.</span> Configure MythTV Backend</h3>
+<div id="outline-container-orgbbfee39" class="outline-3">
+<h3 id="orgbbfee39"><span class="section-number-3">9.6.</span> Configure MythTV Backend</h3>
<div class="outline-text-3" id="text-9-6">
<p>
With MythTV built and installed, the post-installation tasks
</ul>
</div>
</div>
-<div id="outline-container-orgd3eb8f9" class="outline-3">
-<h3 id="orgd3eb8f9"><span class="section-number-3">9.7.</span> Configure Tuner</h3>
+<div id="outline-container-org47d1cd3" class="outline-3">
+<h3 id="org47d1cd3"><span class="section-number-3">9.7.</span> Configure Tuner</h3>
<div class="outline-text-3" id="text-9-7">
<p>
The abbey has a Silicon Dust Homerun HDTV Duo (with two tuners). It
-is setup as described in <a href="#orgb57e970">Cloistering</a>, after which the tuner is
+is setup as described in <a href="#orgbcbd35c">Cloistering</a>, after which the tuner is
accessible by name (e.g. <code>new</code>) on the cloister network. Assuming
<code>ping -c1 new</code> works, the tuner should be accessible via the
<code>hdhomerun_config_gui</code> command, a graphical interface contributed to
</p>
</div>
</div>
-<div id="outline-container-org29af529" class="outline-3">
-<h3 id="org29af529"><span class="section-number-3">9.8.</span> Add HDHomerun and Mr.Antenna</h3>
+<div id="outline-container-org64695ca" class="outline-3">
+<h3 id="org64695ca"><span class="section-number-3">9.8.</span> Add HDHomerun and Mr.Antenna</h3>
<div class="outline-text-3" id="text-9-8">
<p>
In MythTV Setup:
</ul>
</div>
</div>
-<div id="outline-container-org7d7753e" class="outline-3">
-<h3 id="org7d7753e"><span class="section-number-3">9.9.</span> Scan for New Channels</h3>
+<div id="outline-container-org1a5bf23" class="outline-3">
+<h3 id="org1a5bf23"><span class="section-number-3">9.9.</span> Scan for New Channels</h3>
<div class="outline-text-3" id="text-9-9">
<p>
In MythTV Backend, the website on Core's port 6544, e.g.
<li>Press "Delete".</li>
<li>Choose "Input Connections" from the top tab bar.</li>
<li>Choose (unfold) "HDHomeRun => Mr.Antenna".</li>
-<li>Press "+ Scan for Channels".</li>
-<li>Choose options? Eventually press "Scan"? And wait.</li>
-<li>Choose to import all.</li>
+<li>Press (unfold) "+ Scan for Channels".</li>
+<li>Choose Scan Type: Full Scan</li>
+<li>Press "Start Scan" and wait.</li>
+<li>Choose to "Insert All".</li>
<li>Choose "Restart Backend Full Operation".</li>
</ul>
</div>
</div>
-<div id="outline-container-org216ca3b" class="outline-3">
-<h3 id="org216ca3b"><span class="section-number-3">9.10.</span> Configure XMLTV</h3>
+<div id="outline-container-orge06879f" class="outline-3">
+<h3 id="orge06879f"><span class="section-number-3">9.10.</span> Configure XMLTV</h3>
<div class="outline-text-3" id="text-9-10">
<p>
The <code>xmltv</code> package, specifically its <code>tv_grab_zz_sdjson</code> program, is
the OTA (over the air) broadcasts.
</p>
-<pre class="example" id="orga54a74f">
+<pre class="example" id="org1ea8f23">
$ tv_grab_zz_sdjson --configure --config-file .mythtv/Mr.Antenna.xml
Cache file for lineups, schedules and programs.
Cache file: [/home/mythtv/.xmltv/tv_grab_zz_sdjson.cache]
</p>
</div>
</div>
-<div id="outline-container-org7d7443b" class="outline-3">
-<h3 id="org7d7443b"><span class="section-number-3">9.11.</span> Debug XMLTV</h3>
+<div id="outline-container-org2d5e116" class="outline-3">
+<h3 id="org2d5e116"><span class="section-number-3">9.11.</span> Debug XMLTV</h3>
<div class="outline-text-3" id="text-9-11">
<p>
If the <code>mythfilldatabase</code> command fails or expected listings do not
</div>
</div>
</div>
-<div id="outline-container-orgc9cb7f0" class="outline-3">
-<h3 id="orgc9cb7f0"><span class="section-number-3">9.12.</span> Change Broadcast Area</h3>
+<div id="outline-container-orge0bfe53" class="outline-3">
+<h3 id="orge0bfe53"><span class="section-number-3">9.12.</span> Change Broadcast Area</h3>
<div class="outline-text-3" id="text-9-12">
<p>
The abbey changes location almost weekly, so its HDTV broadcast area
changes frequently. At the start of a long stay the administrator
uses the MythTV Setup program to scan for the new area's channels, as
-described in <a href="#org7d7753e">Scan for New Channels</a>.
+described in <a href="#org1a5bf23">Scan for New Channels</a>.
</p>
<p>
<p>
The program will prompt for the zip code and offer a list of "inputs"
-available in that area, as described in <a href="#org216ca3b">Configure XMLTV</a>.
+available in that area, as described in <a href="#orge06879f">Configure XMLTV</a>.
</p>
<p>
</div>
<p>
-If the command fails, consult <a href="#org7d7443b">Debug XMLTV</a>. Else, the listings appear
+If the command fails, consult <a href="#org2d5e116">Debug XMLTV</a>. Else, the listings appear
in MythTV Backend's "Program Guide" page.
</p>
</div>
</div>
</div>
-<div id="outline-container-orgdde9bfe" class="outline-2">
-<h2 id="orgdde9bfe"><span class="section-number-2">10.</span> The Ansible Configuration</h2>
+<div id="outline-container-org89ddc1e" class="outline-2">
+<h2 id="org89ddc1e"><span class="section-number-2">10.</span> The Ansible Configuration</h2>
<div class="outline-text-2" id="text-10">
<p>
The abbey's Ansible configuration, like that of <a href="Institute/README.html">A Small Institute</a>, is
</p>
<p>
-NOTE: if you have not read at least the <a href="Institute/README.html#org
efb6095">Overview</a> of <a href="Institute/README.html">A Small Institute</a>
+NOTE: if you have not read at least the <a href="Institute/README.html#org
953f84e">Overview</a> of <a href="Institute/README.html">A Small Institute</a>
you are lost.
</p>
<q>README.org</q>, and <a href="Institute/README.html"><q>Institute/README.org</q></a>.
</p>
</div>
-<div id="outline-container-org8173efc" class="outline-3">
-<h3 id="org8173efc"><span class="section-number-3">10.1.</span> <q>ansible.cfg</q></h3>
+<div id="outline-container-org009c273" class="outline-3">
+<h3 id="org009c273"><span class="section-number-3">10.1.</span> <q>ansible.cfg</q></h3>
<div class="outline-text-3" id="text-10-1">
<p>
This is much like the example (test) institutional configuration file,
</div>
</div>
</div>
-<div id="outline-container-org12a438b" class="outline-3">
-<h3 id="org12a438b"><span class="section-number-3">10.2.</span> <q>hosts</q></h3>
+<div id="outline-container-org87eda60" class="outline-3">
+<h3 id="org87eda60"><span class="section-number-3">10.2.</span> <q>hosts</q></h3>
<div class="outline-text-3" id="text-10-2">
<div class="org-src-container">
-<a href="hosts"><q>hosts</q></a><pre class="src src-conf" id="orgf05c25e"><code>all:
+<a href="hosts"><q>hosts</q></a><pre class="src src-conf" id="orga772956"><code>all:
vars:
ansible_user: sysadm
ansible_ssh_extra_args: -i Secret/ssh_admin/id_rsa
hosts:
- <span class="org-comment-delimiter"># </span><span class="org-comment">The Main Servers: Front, Gate and Core.
-</span> droplet:
+ <span class="org-comment-delimiter"># </span><span class="org-comment">The Main Servers: Front, Gate and Core.</span>
+ droplet:
ansible_host: 138.68.252.171
ansible_become_password: <span class="org-string">"{{ become_droplet }}"</span>
anoat:
malastare:
ansible_host: malastare.birchwood.private
ansible_become_password: <span class="org-string">"{{ become_malastare }}"</span>
- <span class="org-comment-delimiter"># </span><span class="org-comment">Campus
-</span> kessel:
+ <span class="org-comment-delimiter"># </span><span class="org-comment">Campus</span>
+ kessel:
ansible_host: kessel.birchwood.private
ansible_become_password: <span class="org-string">"{{ become_kessel }}"</span>
dantooine:
ord-mantell:
ansible_host: ord-mantell.birchwood.private
ansible_become_password: <span class="org-string">"{{ become_ord_mantell }}"</span>
- <span class="org-comment-delimiter"># </span><span class="org-comment">Notebooks
-</span> felucia:
+ <span class="org-comment-delimiter"># </span><span class="org-comment">Notebooks</span>
+ felucia:
ansible_host: felucia.birchwood.private
ansible_become_password: <span class="org-string">"{{ become_felucia }}"</span>
sullust:
</div>
</div>
</div>
-<div id="outline-container-org2811731" class="outline-3">
-<h3 id="org2811731"><span class="section-number-3">10.3.</span> <q>playbooks/site.yml</q></h3>
+<div id="outline-container-org8998876" class="outline-3">
+<h3 id="org8998876"><span class="section-number-3">10.3.</span> <q>playbooks/site.yml</q></h3>
<div class="outline-text-3" id="text-10-3">
<p>
This playbook provisions the entire network by applying first the
</div>
</div>
</div>
-<div id="outline-container-orga94a492" class="outline-2">
-<h2 id="orga94a492"><span class="section-number-2">11.</span> The Abbey Commands</h2>
+<div id="outline-container-org910bf1b" class="outline-2">
+<h2 id="org910bf1b"><span class="section-number-2">11.</span> The Abbey Commands</h2>
<div class="outline-text-2" id="text-11">
<p>
The <code>./abbey</code> script encodes the abbey's canonical procedures. It
-includes <a href="Institute/README.html#org43f8955">The Institute Commands</a> and adds a few abbey-specific
+includes <a href="Institute/README.html#org219b1f0">The Institute Commands</a> and adds a few abbey-specific
sub-commands.
</p>
</div>
-<div id="outline-container-org151420e" class="outline-3">
-<h3 id="org151420e"><span class="section-number-3">11.1.</span> Abbey Command Overview</h3>
+<div id="outline-container-orga60eee4" class="outline-3">
+<h3 id="orga60eee4"><span class="section-number-3">11.1.</span> Abbey Command Overview</h3>
<div class="outline-text-3" id="text-11-1">
<p>
Institutional sub-commands:
</dl>
</div>
</div>
-<div id="outline-container-orge616d74" class="outline-3">
-<h3 id="orge616d74"><span class="section-number-3">11.2.</span> Abbey Command Script</h3>
+<div id="outline-container-org67dbcd9" class="outline-3">
+<h3 id="org67dbcd9"><span class="section-number-3">11.2.</span> Abbey Command Script</h3>
<div class="outline-text-3" id="text-11-2">
<p>
The script begins with the following prefix and trampolines.
</p>
<div class="org-src-container">
-<a href="abbey"><q>abbey</q></a><pre class="src src-perl"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/usr/bin/perl -w
-</span><span class="org-comment-delimiter">#</span><span class="org-comment">
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">DO NOT EDIT. This file was tangled from README.org.
-</span>
+<a href="abbey"><q>abbey</q></a><pre class="src src-perl"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/usr/bin/perl -w</span>
+<span class="org-comment-delimiter">#</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">DO NOT EDIT. This file was tangled from README.org.</span>
+
<span class="org-keyword">use</span> <span class="org-constant">strict</span>;
<span class="org-keyword">if</span> (defined $<span class="org-variable-name">ARGV</span>[0]
The small institute's <code>./inst</code> command expects to be running in
<q>Institute/</q>, not <q>./</q>, but it only references <q>public/</q>, <q>private/</q>,
<q>Secret/</q> and <q>playbooks/check-inst-vars.yml</q>, and will find the abbey
-specific versions of these. The <code>roles_path</code> setting in <a href="#org8173efc"><q>ansible.cfg</q></a>
+specific versions of these. The <code>roles_path</code> setting in <a href="#org009c273"><q>ansible.cfg</q></a>
effectively merges the institutional roles into the distinctly named
abbey specific roles. The roles likewise reference files with
relative names, and will find the abbey specific <q>private/</q>
</div>
</div>
</div>
-<div id="outline-container-org2d29e39" class="outline-3">
-<h3 id="org2d29e39"><span class="section-number-3">11.3.</span> The Upgrade Command</h3>
+<div id="outline-container-org741731b" class="outline-3">
+<h3 id="org741731b"><span class="section-number-3">11.3.</span> The Upgrade Command</h3>
<div class="outline-text-3" id="text-11-3">
<p>
The script implements an <code>upgrade</code> sub-command that runs <code>apt update</code>
</pre>
<div class="org-src-container">
-<a href="abbey"><q>abbey</q></a><pre class="src src-perl"><code>
-<span class="org-keyword">if</span> (defined $<span class="org-variable-name">ARGV</span>[0] && $<span class="org-variable-name">ARGV</span>[0] eq <span class="org-string">"upgrade"</span>) {
+<a href="abbey"><q>abbey</q></a><pre class="src src-perl"><code><span class="org-keyword">if</span> (defined $<span class="org-variable-name">ARGV</span>[0] && $<span class="org-variable-name">ARGV</span>[0] eq <span class="org-string">"upgrade"</span>) {
shift;
<span class="org-keyword">my</span> @<span class="org-perl-non-scalar-variable">args</span> = ( <span class="org-string">"-e"</span>, <span class="org-string">"\@Secret/become.yml"</span> );
<span class="org-keyword">if</span> (defined $<span class="org-variable-name">ARGV</span>[0] && $<span class="org-variable-name">ARGV</span>[0] eq <span class="org-string">"-n"</span>) {
</div>
</div>
</div>
-<div id="outline-container-orgdd0d22a" class="outline-3">
-<h3 id="orgdd0d22a"><span class="section-number-3">11.4.</span> The Reboots Command</h3>
+<div id="outline-container-org753535b" class="outline-3">
+<h3 id="org753535b"><span class="section-number-3">11.4.</span> The Reboots Command</h3>
<div class="outline-text-3" id="text-11-4">
<p>
The script implements a <code>reboots</code> sub-command that looks for
</div>
</div>
</div>
-<div id="outline-container-orge4ce523" class="outline-3">
-<h3 id="orge4ce523"><span class="section-number-3">11.5.</span> The Versions Command</h3>
+<div id="outline-container-org98619eb" class="outline-3">
+<h3 id="org98619eb"><span class="section-number-3">11.5.</span> The Versions Command</h3>
<div class="outline-text-3" id="text-11-5">
<p>
The script implements a <code>versions</code> sub-command that reports the
</div>
</div>
</div>
-<div id="outline-container-orga466b57" class="outline-3">
-<h3 id="orga466b57"><span class="section-number-3">11.6.</span> The Facts Command</h3>
+<div id="outline-container-orgf9b1ac0" class="outline-3">
+<h3 id="orgf9b1ac0"><span class="section-number-3">11.6.</span> The Facts Command</h3>
<div class="outline-text-3" id="text-11-6">
<p>
The script implements a <code>facts</code> sub-command to collect the Ansible
</div>
</div>
</div>
-<div id="outline-container-orgb4cc7c8" class="outline-3">
-<h3 id="orgb4cc7c8"><span class="section-number-3">11.7.</span> The TZ Command</h3>
+<div id="outline-container-org50015c8" class="outline-3">
+<h3 id="org50015c8"><span class="section-number-3">11.7.</span> The TZ Command</h3>
<div class="outline-text-3" id="text-11-7">
<p>
The abbey changes location almost weekly, so its timezone changes
<div class="org-src-container">
<a href="playbooks/timezone.yml"><q>playbooks/timezone.yml</q></a><pre class="src src-conf"><code>---
-- hosts: core, dvrs, tvrs, webtvs
+- hosts: core, dvrs, tvrs, webtvs, notebooks
tasks:
- name: Get timezone.
command: date <span class="org-string">'+%Z'</span>
<span class="org-variable-name">when: ansible_date_time.tz !</span>= zone.stdout
register: new_tz
+ - name: Restart CronD.
+ become: yes
+ systemd:
+ service: cron
+ status: restarted
+ when: new_tz.changed
+
- hosts: dvrs
tasks:
- name: Restart AgentDVR.
</div>
</div>
</div>
-<div id="outline-container-orgc69e418" class="outline-3">
-<h3 id="orgc69e418"><span class="section-number-3">11.8.</span> Abbey Command Help</h3>
+<div id="outline-container-org261237d" class="outline-3">
+<h3 id="org261237d"><span class="section-number-3">11.8.</span> Abbey Command Help</h3>
<div class="outline-text-3" id="text-11-8">
<div class="org-src-container">
<a href="abbey"><q>abbey</q></a><pre class="src src-perl"><code><span class="org-keyword">my</span> $<span class="org-variable-name">ops</span> = (<span class="org-string">"config,new,old,pass,client,"</span>
</div>
</div>
</div>
-<div id="outline-container-orgb57e970" class="outline-2">
-<h2 id="orgb57e970"><span class="section-number-2">12.</span> Cloistering</h2>
+<div id="outline-container-orgbcbd35c" class="outline-2">
+<h2 id="orgbcbd35c"><span class="section-number-2">12.</span> Cloistering</h2>
<div class="outline-text-2" id="text-12">
<p>
This is how a new machine is brought into the cloister. The process
Ansible.
</p>
</div>
-<div id="outline-container-org9b9f5e9" class="outline-3">
-<h3 id="org9b9f5e9"><span class="section-number-3">12.1.</span> IoT Devices</h3>
+<div id="outline-container-orgecbedba" class="outline-3">
+<h3 id="orgecbedba"><span class="section-number-3">12.1.</span> IoT Devices</h3>
<div class="outline-text-3" id="text-12-1">
<p>
A wireless IoT device (smart TV, Blu-ray deck, etc.) cannot install
</p>
<ul class="org-ul">
-<li><a href="#org64bbfaa">Add to Core DHCP</a></li>
-<li><a href="#org488e689">Create Wired Domain Name</a></li>
+<li><a href="#orgadef5df">Add to Core DHCP</a></li>
+<li><a href="#org3f8edac">Create Wired Domain Name</a></li>
</ul>
<p>
</p>
<ul class="org-ul">
-<li><a href="#org39c2bc6">Create Wireless Domain Name</a></li>
+<li><a href="#org330fa20">Create Wireless Domain Name</a></li>
</ul>
</div>
</div>
-<div id="outline-container-org47e58c8" class="outline-3">
-<h3 id="org47e58c8"><span class="section-number-3">12.2.</span> Raspberry Pis</h3>
+<div id="outline-container-orgb51956b" class="outline-3">
+<h3 id="orgb51956b"><span class="section-number-3">12.2.</span> Raspberry Pis</h3>
<div class="outline-text-3" id="text-12-2">
<p>
The abbey's Raspberry Pi runs the Raspberry Pi OS desktop off an NVMe
<li>new username: sysadm</li>
<li>new password: <password></li>
</ul></li>
-<li><a href="#org64bbfaa">Add to Core DHCP</a></li>
-<li><a href="#org488e689">Create Wired Domain Name</a></li>
+<li><a href="#orgadef5df">Add to Core DHCP</a></li>
+<li><a href="#org3f8edac">Create Wired Domain Name</a></li>
<li>Launch the desktop.</li>
<li>If the desktop is running on a USB HD (thumb drive) or μSD card, use
the Raspberry Pi Imager app in Accessories in the main menu. Choose
<li>Right click on the desktop (background) and choose Preferences. In
the Control Centre choose Interfaces in the left side bar and toggle
SSH on.</li>
-<li><a href="#org9623e8b">Update From Cloister Apt Cache</a></li>
-<li><a href="#orgb84bcd7">Authorize Remote Administration</a></li>
-<li><a href="#orgef7f507">Configure with Ansible</a></li>
+<li><a href="#orgef77f9b">Update From Cloister Apt Cache</a></li>
+<li><a href="#org162f1d6">Authorize Remote Administration</a></li>
+<li><a href="#org9304c14">Configure with Ansible</a></li>
</ul>
<p>
</p>
<ul class="org-ul">
-<li><a href="#org1520010">Connect to Cloister Wi-Fi</a></li>
-<li><a href="#org9bae096">Connect to Cloister VPN</a></li>
-<li><a href="#org39c2bc6">Create Wireless Domain Name</a></li>
+<li><a href="#org844c5f9">Connect to Cloister Wi-Fi</a></li>
+<li><a href="#org93a29fc">Connect to Cloister VPN</a></li>
+<li><a href="#org330fa20">Create Wireless Domain Name</a></li>
</ul>
</div>
</div>
-<div id="outline-container-orgfd73a60" class="outline-3">
-<h3 id="orgfd73a60"><span class="section-number-3">12.3.</span> PCs</h3>
+<div id="outline-container-org1ebc509" class="outline-3">
+<h3 id="org1ebc509"><span class="section-number-3">12.3.</span> PCs</h3>
<div class="outline-text-3" id="text-12-3">
<p>
Most of the abbey's machines, like Core and Gate, are general-purpose
to a USB drive and connect it to the PC.</li>
<li>Connect an HDMI monitor, a USB keyboard/mouse, and the cloister
Ethernet, and power up. Choose to boot from the USB drive.</li>
-<li><a href="#org64bbfaa">Add to Core DHCP</a></li>
-<li><a href="#org488e689">Create Wired Domain Name</a></li>
+<li><a href="#orgadef5df">Add to Core DHCP</a></li>
+<li><a href="#org3f8edac">Create Wired Domain Name</a></li>
<li>Answer first-boot installation questions as detailed in the
preparation of <a href="Institute/README.org*A Test Machine">A Test Machine</a> for a Small Institute.</li>
<li>Log in as <code>sysadm</code> on the console.</li>
-<li><a href="#org9623e8b">Update From Cloister Apt Cache</a></li>
+<li><a href="#orgef77f9b">Update From Cloister Apt Cache</a></li>
<li><p>
Install <code>openssh-server</code>, unless it was included in the
distribution. Run the following if unsure.
<pre class="example">
sudo apt install openssh-server
</pre></li>
-<li><a href="#orgb84bcd7">Authorize Remote Administration</a></li>
-<li><a href="#orgef7f507">Configure with Ansible</a></li>
+<li><a href="#org162f1d6">Authorize Remote Administration</a></li>
+<li><a href="#org9304c14">Configure with Ansible</a></li>
</ul>
<p>
</p>
<ul class="org-ul">
-<li><a href="#org1520010">Connect to Cloister Wi-Fi</a></li>
-<li><a href="#org9bae096">Connect to Cloister VPN</a></li>
-<li><a href="#org39c2bc6">Create Wireless Domain Name</a></li>
+<li><a href="#org844c5f9">Connect to Cloister Wi-Fi</a></li>
+<li><a href="#org93a29fc">Connect to Cloister VPN</a></li>
+<li><a href="#org330fa20">Create Wireless Domain Name</a></li>
</ul>
</div>
</div>
-<div id="outline-container-org64bbfaa" class="outline-3">
-<h3 id="org64bbfaa"><span class="section-number-3">12.4.</span> Add to Core DHCP</h3>
+<div id="outline-container-orgadef5df" class="outline-3">
+<h3 id="orgadef5df"><span class="section-number-3">12.4.</span> Add to Core DHCP</h3>
<div class="outline-text-3" id="text-12-4">
<p>
When a new machine is connected to the cloister Ethernet, its MAC
</div>
</div>
</div>
-<div id="outline-container-org488e689" class="outline-3">
-<h3 id="org488e689"><span class="section-number-3">12.5.</span> Create Wired Domain Name</h3>
+<div id="outline-container-org3f8edac" class="outline-3">
+<h3 id="org3f8edac"><span class="section-number-3">12.5.</span> Create Wired Domain Name</h3>
<div class="outline-text-3" id="text-12-5">
<p>
A wired device is assigned an IP address when it is added to Core's
-DHCP configuration (as in <a href="#org64bbfaa">Add to Core DHCP</a>). A private domain name is
+DHCP configuration (as in <a href="#orgadef5df">Add to Core DHCP</a>). A private domain name is
then associated with this address. If the device is intended to
operate wirelessly, the name for its address is modified with a <code>-w</code>
suffix. Thus <code>new-w.small.private</code> would be the name of the new
</div>
</div>
</div>
-<div id="outline-container-org9623e8b" class="outline-3">
-<h3 id="org9623e8b"><span class="section-number-3">12.6.</span> Update From Cloister Apt Cache</h3>
+<div id="outline-container-orgef77f9b" class="outline-3">
+<h3 id="orgef77f9b"><span class="section-number-3">12.6.</span> Update From Cloister Apt Cache</h3>
<div class="outline-text-3" id="text-12-6">
<ul class="org-ul">
<li>Log in as <code>sysadm</code> on the console.</li>
</ul>
</div>
</div>
-<div id="outline-container-orgb84bcd7" class="outline-3">
-<h3 id="orgb84bcd7"><span class="section-number-3">12.7.</span> Authorize Remote Administration</h3>
+<div id="outline-container-org162f1d6" class="outline-3">
+<h3 id="org162f1d6"><span class="section-number-3">12.7.</span> Authorize Remote Administration</h3>
<div class="outline-text-3" id="text-12-7">
<p>
To remotely administer <code>new-w</code>, Ansible must be authorized to login as
</div>
</div>
</div>
-<div id="outline-container-orgef7f507" class="outline-3">
-<h3 id="orgef7f507"><span class="section-number-3">12.8.</span> Configure with Ansible</h3>
+<div id="outline-container-org9304c14" class="outline-3">
+<h3 id="org9304c14"><span class="section-number-3">12.8.</span> Configure with Ansible</h3>
<div class="outline-text-3" id="text-12-8">
<p>
-With remote administration authorized and tested (as in <a href="#orgb84bcd7">Authorize
+With remote administration authorized and tested (as in <a href="#org162f1d6">Authorize
Remote Administration</a>), and the machine connected to the cloister
Ethernet, the configuration of <code>new-w</code> can be completed by Ansible.
Note that if the machine is staying on the cloister Ethernet, its
</p>
<p>
-First <code>new-w</code> is added to Ansible's inventory in <a href="#org12a438b"><q>hosts</q></a>. A <code>new-w</code>
+First <code>new-w</code> is added to Ansible's inventory in <a href="#org87eda60"><q>hosts</q></a>. A <code>new-w</code>
section is added to the list of all hosts, and an empty section of the
same name is added to the list of <code>campus</code> hosts. If the machine uses
the usual privileged account name, <code>sysadm</code>, the <code>ansible_user</code> key is
</div>
</div>
</div>
-<div id="outline-container-org1520010" class="outline-3">
-<h3 id="org1520010"><span class="section-number-3">12.9.</span> Connect to Cloister Wi-Fi</h3>
+<div id="outline-container-org844c5f9" class="outline-3">
+<h3 id="org844c5f9"><span class="section-number-3">12.9.</span> Connect to Cloister Wi-Fi</h3>
<div class="outline-text-3" id="text-12-9">
<p>
On an IoT device, or a Debian or Android "desktop", the cloister Wi-Fi
</div>
</div>
</div>
-<div id="outline-container-org9bae096" class="outline-3">
-<h3 id="org9bae096"><span class="section-number-3">12.10.</span> Connect to Cloister VPN</h3>
+<div id="outline-container-org93a29fc" class="outline-3">
+<h3 id="org93a29fc"><span class="section-number-3">12.10.</span> Connect to Cloister VPN</h3>
<div class="outline-text-3" id="text-12-10">
<p>
Wireless devices (with the cloister Wi-Fi password) can get an IP
<p>
Connections to the cloister VPN are authorized by the <code>./abbey
-client...</code> command (aka <a href="Institute/README.html#org7efeef2">The Client Command</a>), which registers a new
+client...</code> command (aka <a href="Institute/README.html#orgf253523">The Client Command</a>), which registers a new
client's public key and installs new WireGuard™ configurations on the
servers. Private keys are kept on the clients (e.g. in
<q>/etc/wireguard/private-key</q>).
</p>
</div>
-<div id="outline-container-orgeb7948c" class="outline-4">
-<h4 id="orgeb7948c"><span class="section-number-4">12.10.1.</span> Campus Desktops and Servers</h4>
+<div id="outline-container-orgb137076" class="outline-4">
+<h4 id="orgb137076"><span class="section-number-4">12.10.1.</span> Campus Desktops and Servers</h4>
<div class="outline-text-4" id="text-12-10-1">
<p>
Wireless Debian desktops (with NetworkManager) as well as servers
</ul>
</div>
</div>
-<div id="outline-container-orgdd2ffc7" class="outline-4">
-<h4 id="orgdd2ffc7"><span class="section-number-4">12.10.2.</span> Private Desktops</h4>
+<div id="outline-container-org120c7de" class="outline-4">
+<h4 id="org120c7de"><span class="section-number-4">12.10.2.</span> Private Desktops</h4>
<div class="outline-text-4" id="text-12-10-2">
<p>
Member notebooks are private machines not remotely administered by the
</p>
</div>
</div>
-<div id="outline-container-orgd3c62d2" class="outline-4">
-<h4 id="orgd3c62d2"><span class="section-number-4">12.10.3.</span> Android</h4>
+<div id="outline-container-org8a46237" class="outline-4">
+<h4 id="org8a46237"><span class="section-number-4">12.10.3.</span> Android</h4>
<div class="outline-text-4" id="text-12-10-3">
<p>
Android phones and tablets are authorized to connect to the cloister
</div>
</div>
</div>
-<div id="outline-container-org39c2bc6" class="outline-3">
-<h3 id="org39c2bc6"><span class="section-number-3">12.11.</span> Create Wireless Domain Name</h3>
+<div id="outline-container-org330fa20" class="outline-3">
+<h3 id="org330fa20"><span class="section-number-3">12.11.</span> Create Wireless Domain Name</h3>
<div class="outline-text-3" id="text-12-11">
<p>
A wireless machine is assigned a Wi-Fi address when it connects to the
</div>
<div id="postamble" class="status">
<p class="author">Author: Matt Birkholz</p>
-<p class="date">Created: 2026-01-18 Sun 16:36</p>
+<p class="date">Created: 2026-05-09 Sat 15:42</p>
<p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p>
</div>
</body>
projects / Network.git / commitdiff