From: Matt Birkholz Date: Thu, 18 Sep 2025 21:00:26 +0000 (-0600) Subject: Wordsmithing. Updated installation instructions, Nextcloud config. X-Git-Url: https://birchwood-abbey.net/git?a=commitdiff_plain;h=9ac9c05af64147739f4c01c01b8d2009d39a5a8b;p=Institute Wordsmithing. Updated installation instructions, Nextcloud config. --- diff --git a/README.org b/README.org index f340084..7af2eb8 100644 --- a/README.org +++ b/README.org @@ -493,7 +493,9 @@ files mentioned in the Nextcloud database dump). #+BEGIN_SRC sh :tangle private/backup :mkdirp yes :tangle-mode u=rw #!/bin/bash -e # -# DO NOT EDIT. Maintained (will be replaced) by Ansible. +# DO NOT EDIT. +# +# Maintained (will be replaced) by Ansible. # # sudo backup [-n] @@ -627,7 +629,7 @@ institute. The institute's private domain name should end with one of the top-level domains set aside for this purpose: ~.intranet~, ~.internal~, ~.private~, ~.corp~, ~.home~ or ~.lan~.[fn:1] It is -hoped that doing so will increase that chances that some abomination +hoped that doing so will increase the chances that some abomination like DNS-over-HTTPS will pass us by. #+CAPTION: [[file:private/vars.yml][=private/vars.yml=]] @@ -952,11 +954,22 @@ packages. The administrator temporarily plugged Core into a cable modem and installed them as shown below. : $ sudo apt install netplan.io systemd-resolved unattended-upgrades \ -: _ ntp isc-dhcp-server bind9 apache2 wireguard \ +: _ chrony isc-dhcp-server bind9 apache2 wireguard \ : _ postfix dovecot-imapd fetchmail expect rsync \ : _ gnupg openssh-server -The Nextcloud configuration requires Apache2, MariaDB and a number of +Manual installation of Postfix prompted for configuration type and +mail name. The answers given are listed here. + +- General type of mail configuration: Internet Site +- System mail name: core.small.private + +The host then needed to be rebooted to get its name service working +again after ~systemd-resolved~ was installed. (Any help with this +will be welcome!) After rebooting and re-logging in, yet more +software packages were installed. + +The Nextcloud configuration required Apache2, MariaDB and a number of PHP modules. Installing them while Core was on a cable modem sped up final configuration "in position" (on a frontier). @@ -964,7 +977,7 @@ final configuration "in position" (on a frontier). : _ php-{json,mysql,mbstring,intl,imagick,xml,zip} \ : _ libapache2-mod-php -Similarly, the NAGIOS configuration requires a handful of packages +Similarly, the NAGIOS configuration required a handful of packages that were pre-loaded via cable modem (to test a frontier deployment). : $ sudo apt install nagios4 monitoring-plugins-basic lm-sensors \ @@ -994,7 +1007,7 @@ key found in [[file:Secret/ssh_admin/][=Secret/ssh_admin/=]] (created by [[*The Note that the name ~core.lan~ should be known to the cable modem's DNS service. An IP address might be used instead, discovered with an ~ip -a~ on Core. +-4 a~ command on Core. Now Core no longer needed the Internets so it was disconnected from the cable modem and connected to the campus Ethernet switch. Its @@ -1026,9 +1039,8 @@ interfaces. point(s). 3. ~isp~ is its third network interface, connected to the campus ISP. This could be an Ethernet device connected to a cable - modem. It could be a USB port tethered to a phone, a - USB-Ethernet adapter, or a wireless adapter connected to a - campground Wi-Fi access point, etc. + modem, a USB port tethered to a phone, a wireless adapter + connected to a campground Wi-Fi access point, etc. #+BEGIN_EXAMPLE =============== | ================================================== @@ -1109,6 +1121,11 @@ cable modem and installed them as shown below. : _ ufw isc-dhcp-server postfix wireguard \ : _ openssh-server +The host then needed to be rebooted to get its name service working +again after ~systemd-resolved~ was installed. (Any help with this will +be welcome!) After rebooting and re-logging in, the administrator was +ready to proceed. + Next, the administrator concatenated a personal public ssh key and the key found in [[file:Secret/ssh_admin/][=Secret/ssh_admin/=]] (created by [[*The CA Command][The CA Command]]) into an =admin_keys= file, copied it to Gate, and installed it as the @@ -1147,10 +1164,11 @@ generated by the random subnet address picking procedure described in : $ sudo ip address add 10.227.248.2 dev eth0 Gate was also connected to the USB Ethernet dongles cabled to the -campus Wi-Fi access point and the campus ISP. The three network -adapters are known by their MAC addresses, the values of the variables -~gate_lan_mac~, ~gate_wild_mac~, and ~gate_isp_mac~. (For more -information, see the Gate role's [[netplan-gate][Configure Netplan]] task.) +campus Wi-Fi access point and the campus ISP and the values of three +variables (~gate_lan_mac~, ~gate_wild_mac~, and ~gate_isp_mac~ in +[[file:private/vars.yml][=private/vars.yml=]]) match the actual hardware MAC addresses of the +dongles. (For more information, see the Gate role's [[netplan-gate][Configure Netplan]] +task.) At this point Gate was ready for provisioning with Ansible. @@ -3512,7 +3530,9 @@ Monkey on Core runs =/usr/local/sbin/webupdate= every 15 minutes via a #+BEGIN_SRC sh #!/bin/bash -e # -# DO NOT EDIT. This file was tangled from institute.org. +# DO NOT EDIT. +# +# This file was tangled from a small institute's README.org. cd /WWW/live/ @@ -4210,12 +4230,6 @@ more secure Unix socket authentication method. Rather than create such a user, the ~nextcloud~ database and ~nextclouduser~ user are created manually. -The following task would work (~mysql_user~ supports -~check_implicit_admin~) /but/ the ~nextcloud~ database was not created -above. Thus both database and user are created manually, with SQL -given in the [[Install Nextcloud]] subsection below, before ~occ -maintenance:install~ can run. - #+BEGIN_SRC conf - name: Create Nextcloud DB user. @@ -4228,6 +4242,21 @@ maintenance:install~ can run. priv: 'nextcloud.*:all' #+END_SRC +The task above would work (~mysql_user~ supports +~check_implicit_admin~) /but/ the ~nextcloud~ database was not created +first. Thus both database and user are created manually, with the +following SQL, before ~occ maintenance:install~ can run. + +#+BEGIN_SRC sql +create database nextcloud + character set utf8mb4 + collate utf8mb4_general_ci; +grant all on nextcloud.* + to 'nextclouduser'@'localhost' + identified by 'ippAgmaygyobwyt5'; +flush privileges; +#+END_SRC + Finally, a symbolic link positions =/Nextcloud/nextcloud/= at =/var/www/nextcloud/= as expected by the Apache2 configuration above. Nextcloud itself should always believe that =/var/www/nextcloud/= is @@ -4355,11 +4384,19 @@ sudo chown -R www-data.www-data /Nextcloud/nextcloud/ The database is restored with the following commands, which assume the last dump was made February 20th 2022 and thus was saved in =/Nextcloud/20220220.bak=. The database will need to be -created first as when installing Nextcloud. The appropriate SQL are -given in [[*Install Nextcloud][Install Nextcloud]] below. +created first as when installing Nextcloud. #+BEGIN_SRC sh cd /Nextcloud/ +sudo mysql +create database nextcloud + character set utf8mb4 + collate utf8mb4_general_ci; +grant all on nextcloud.* + to 'nextclouduser'@'localhost' + identified by 'ippAgmaygyobwyt5'; +flush privileges; +exit; sudo mysql --defaults-file=dbbackup.cnf nextcloud < 20220220.bak cd nextcloud/ sudo -u www-data php occ maintenance:data-fingerprint @@ -4716,7 +4753,7 @@ new network plan. #+END_SRC Note that the =60-isp.yaml= file is only updated (created) if it does -not already exists, so that it can be easily modified to debug a new +not already exist so that it can be easily modified to debug a new campus ISP without interference from Ansible. ** UFW Rules @@ -5618,7 +5655,9 @@ The first code block is the header of the ~./inst~ script. #+BEGIN_SRC perl :tangle inst :tangle-mode u=rwx,g=rx #!/usr/bin/perl -w # -# DO NOT EDIT. This file was tangled from an institute.org file. +# DO NOT EDIT. +# +# This file was tangled from a small institute's README.org. use strict; use IO::File; diff --git a/inst b/inst index 458a7ef..f025af2 100755 --- a/inst +++ b/inst @@ -1,6 +1,8 @@ #!/usr/bin/perl -w # -# DO NOT EDIT. This file was tangled from an institute.org file. +# DO NOT EDIT. +# +# This file was tangled from a small institute's README.org. use strict; use IO::File; diff --git a/private/backup b/private/backup index 9d4741c..7560dab 100644 --- a/private/backup +++ b/private/backup @@ -1,6 +1,8 @@ #!/bin/bash -e # -# DO NOT EDIT. Maintained (will be replaced) by Ansible. +# DO NOT EDIT. +# +# Maintained (will be replaced) by Ansible. # # sudo backup [-n]