From: Matt Birkholz <matt@birchwood-abbey.net>
Date: Fri, 29 Dec 2023 21:28:53 +0000 (-0700)
Subject: Update README.html (forced).
X-Git-Url: https://birchwood-abbey.net/git?a=commitdiff_plain;h=a7115f9276de88e0bc3397f9300e9a7deec7a829;p=Institute
Update README.html (forced).
---
diff --git a/README.html b/README.html
index dd4aae3..4c88b27 100644
--- a/README.html
+++ b/README.html
@@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
-<!-- 2023-12-28 Thu 16:07 -->
+<!-- 2023-12-29 Fri 14:26 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>A Small Institute</title>
@@ -48,7 +48,7 @@ connects to Front making the institute email, cloud, etc. available to
members off campus.
</p>
-<pre class="example" id="org212bb48">
+<pre class="example" id="orgb84bde2">
=
_|||_
=-The-Institute-=
@@ -1014,7 +1014,7 @@ example result follows the code.
</pre>
</div>
-<div class="TEXT" id="orgb4a45be">
+<div class="TEXT" id="org0021adc">
<p>
=> 10.62.17.0/24
</p>
@@ -1429,7 +1429,7 @@ USB-Ethernet adapter, or a wireless adapter connected to a
campground Wi-Fi access point, etc.</li>
</ol>
-<pre class="example" id="org0804a36">
+<pre class="example" id="org16dbe19">
=============== | ==================================================
| Premises
(Campus ISP)
@@ -1452,7 +1452,7 @@ This avoids the need for a second Wi-Fi access point and leads to the
following topology.
</p>
-<pre class="example" id="orgc8b61ff">
+<pre class="example" id="orga5f2d99">
=============== | ==================================================
| Premises
(House ISP)
@@ -1624,8 +1624,8 @@ uses the institute's CA and server certificates, and expects client
certificates signed by the institute CA.
</p>
</div>
-<div id="outline-container-orgf58fc42" class="outline-3">
-<h3 id="orgf58fc42"><span class="section-number-3">6.1.</span> Include Particulars</h3>
+<div id="outline-container-org9d81c0f" class="outline-3">
+<h3 id="org9d81c0f"><span class="section-number-3">6.1.</span> Include Particulars</h3>
<div class="outline-text-3" id="text-6-1">
<p>
The <code>front</code> role's tasks contain references to several common
@@ -1657,8 +1657,8 @@ The code block below is the first to tangle into
</div>
</div>
</div>
-<div id="outline-container-org2cdf742" class="outline-3">
-<h3 id="org2cdf742"><span class="section-number-3">6.2.</span> Configure Hostname</h3>
+<div id="outline-container-orgcc676de" class="outline-3">
+<h3 id="orgcc676de"><span class="section-number-3">6.2.</span> Configure Hostname</h3>
<div class="outline-text-3" id="text-6-2">
<p>
This task ensures that Front's <q>/etc/hostname</q> and <q>/etc/mailname</q> are
@@ -1782,8 +1782,8 @@ separate code block named <code>enable-resolved</code>.<sup><a id="fnr.2" class=
</div>
</div>
</div>
-<div id="outline-container-org7985220" class="outline-3">
-<h3 id="org7985220"><span class="section-number-3">6.4.</span> Add Administrator to System Groups</h3>
+<div id="outline-container-orga3a919f" class="outline-3">
+<h3 id="orga3a919f"><span class="section-number-3">6.4.</span> Add Administrator to System Groups</h3>
<div class="outline-text-3" id="text-6-4">
<p>
The administrator often needs to read (directories of) log files owned
@@ -1842,8 +1842,8 @@ those stored in <a href="Secret/ssh_front/etc/ssh/"><q>Secret/ssh_front/etc/ssh/
</div>
</div>
</div>
-<div id="outline-container-orgce99e39" class="outline-3">
-<h3 id="orgce99e39"><span class="section-number-3">6.6.</span> Configure Monkey</h3>
+<div id="outline-container-org718cfbd" class="outline-3">
+<h3 id="org718cfbd"><span class="section-number-3">6.6.</span> Configure Monkey</h3>
<div class="outline-text-3" id="text-6-6">
<p>
The small institute runs cron jobs and web scripts that generate
@@ -1899,8 +1899,8 @@ Monkey uses Rsync to keep the institute's public web site up-to-date.
</div>
</div>
</div>
-<div id="outline-container-orgf6a2764" class="outline-3">
-<h3 id="orgf6a2764"><span class="section-number-3">6.8.</span> Install Unattended Upgrades</h3>
+<div id="outline-container-orgb504c59" class="outline-3">
+<h3 id="orgb504c59"><span class="section-number-3">6.8.</span> Install Unattended Upgrades</h3>
<div class="outline-text-3" id="text-6-8">
<p>
The institute prefers to install security updates as soon as possible.
@@ -1915,8 +1915,8 @@ The institute prefers to install security updates as soon as possible.
</div>
</div>
</div>
-<div id="outline-container-org754e3d3" class="outline-3">
-<h3 id="org754e3d3"><span class="section-number-3">6.9.</span> Configure User Accounts</h3>
+<div id="outline-container-org55ba8e2" class="outline-3">
+<h3 id="org55ba8e2"><span class="section-number-3">6.9.</span> Configure User Accounts</h3>
<div class="outline-text-3" id="text-6-9">
<p>
User accounts are created immediately so that Postfix and Dovecot can
@@ -1959,8 +1959,8 @@ recipient" replies. The <a href="#orge7fe793">Account Management</a> chapter de
</div>
</div>
</div>
-<div id="outline-container-org615c988" class="outline-3">
-<h3 id="org615c988"><span class="section-number-3">6.10.</span> Trust Institute Certificate Authority</h3>
+<div id="outline-container-orgfab713c" class="outline-3">
+<h3 id="orgfab713c"><span class="section-number-3">6.10.</span> Trust Institute Certificate Authority</h3>
<div class="outline-text-3" id="text-6-10">
<p>
Front should recognize the institute's Certificate Authority as
@@ -1992,8 +1992,8 @@ X.509 certificates is available in <a href="#org6519b0c">Keys</a>.
</div>
</div>
</div>
-<div id="outline-container-org8773a2c" class="outline-3">
-<h3 id="org8773a2c"><span class="section-number-3">6.11.</span> Install Server Certificate</h3>
+<div id="outline-container-org203c172" class="outline-3">
+<h3 id="org203c172"><span class="section-number-3">6.11.</span> Install Server Certificate</h3>
<div class="outline-text-3" id="text-6-11">
<p>
The servers on Front use the same certificate (and key) to
@@ -2257,8 +2257,8 @@ created by a more specialized role.
</div>
</div>
</div>
-<div id="outline-container-org3ff50b5" class="outline-3">
-<h3 id="org3ff50b5"><span class="section-number-3">6.14.</span> Configure Dovecot IMAPd</h3>
+<div id="outline-container-org49d8726" class="outline-3">
+<h3 id="org49d8726"><span class="section-number-3">6.14.</span> Configure Dovecot IMAPd</h3>
<div class="outline-text-3" id="text-6-14">
<p>
Front uses Dovecot's IMAPd to allow user Fetchmail jobs on Core to
@@ -2722,8 +2722,8 @@ the users' <q>~/Public/HTML/</q> directories.
</div>
</div>
</div>
-<div id="outline-container-org567b473" class="outline-3">
-<h3 id="org567b473"><span class="section-number-3">6.16.</span> Configure OpenVPN</h3>
+<div id="outline-container-org760a95a" class="outline-3">
+<h3 id="org760a95a"><span class="section-number-3">6.16.</span> Configure OpenVPN</h3>
<div class="outline-text-3" id="text-6-16">
<p>
Front uses OpenVPN to provide the institute's public VPN service. The
@@ -3047,8 +3047,8 @@ Debian install and remote access to a privileged, administrator's
account. (For details, see <a href="#org8d60b7b">The Core Machine</a>.)
</p>
</div>
-<div id="outline-container-orga90d99c" class="outline-3">
-<h3 id="orga90d99c"><span class="section-number-3">7.1.</span> Include Particulars</h3>
+<div id="outline-container-org2f3c047" class="outline-3">
+<h3 id="org2f3c047"><span class="section-number-3">7.1.</span> Include Particulars</h3>
<div class="outline-text-3" id="text-7-1">
<p>
The first task, as in <a href="#org9240129">The Front Role</a>, is to include the institute
@@ -3070,8 +3070,8 @@ particulars and membership roll.
</div>
</div>
</div>
-<div id="outline-container-orgf87fff2" class="outline-3">
-<h3 id="orgf87fff2"><span class="section-number-3">7.2.</span> Configure Hostname</h3>
+<div id="outline-container-orgef1bdc1" class="outline-3">
+<h3 id="orgef1bdc1"><span class="section-number-3">7.2.</span> Configure Hostname</h3>
<div class="outline-text-3" id="text-7-2">
<p>
This task ensures that Core's <q>/etc/hostname</q> and <q>/etc/mailname</q> are
@@ -3104,8 +3104,8 @@ proper email delivery.
</div>
</div>
</div>
-<div id="outline-container-org04ee34b" class="outline-3">
-<h3 id="org04ee34b"><span class="section-number-3">7.3.</span> Enable Systemd Resolved</h3>
+<div id="outline-container-orge776843" class="outline-3">
+<h3 id="orge776843"><span class="section-number-3">7.3.</span> Enable Systemd Resolved</h3>
<div class="outline-text-3" id="text-7-3">
<p>
Core starts the <code>systemd-networkd</code> and <code>systemd-resolved</code> service
@@ -3149,8 +3149,8 @@ units on boot. See <a href="#org5738867">Enable Systemd Resolved</a>.
</div>
</div>
</div>
-<div id="outline-container-org31aa8c4" class="outline-3">
-<h3 id="org31aa8c4"><span class="section-number-3">7.4.</span> Configure Systemd Resolved</h3>
+<div id="outline-container-org85c46f2" class="outline-3">
+<h3 id="org85c46f2"><span class="section-number-3">7.4.</span> Configure Systemd Resolved</h3>
<div class="outline-text-3" id="text-7-4">
<p>
Core runs the campus name server, so Resolved is configured to use it
@@ -3617,8 +3617,8 @@ craps up <q>/var/log/</q> and the Systemd journal.
</div>
</div>
</div>
-<div id="outline-container-org6baad6a" class="outline-3">
-<h3 id="org6baad6a"><span class="section-number-3">7.8.</span> Add Administrator to System Groups</h3>
+<div id="outline-container-orgd3224ac" class="outline-3">
+<h3 id="orgd3224ac"><span class="section-number-3">7.8.</span> Add Administrator to System Groups</h3>
<div class="outline-text-3" id="text-7-8">
<p>
The administrator often needs to read (directories of) log files owned
@@ -3638,8 +3638,8 @@ these groups speeds up debugging.
</div>
</div>
</div>
-<div id="outline-container-org718cfbd" class="outline-3">
-<h3 id="org718cfbd"><span class="section-number-3">7.9.</span> Configure Monkey</h3>
+<div id="outline-container-org41d0afc" class="outline-3">
+<h3 id="org41d0afc"><span class="section-number-3">7.9.</span> Configure Monkey</h3>
<div class="outline-text-3" id="text-7-9">
<p>
The small institute runs cron jobs and web scripts that generate
@@ -3739,8 +3739,8 @@ with Nextcloud on the command line.
</div>
</div>
</div>
-<div id="outline-container-org55ba8e2" class="outline-3">
-<h3 id="org55ba8e2"><span class="section-number-3">7.12.</span> Configure User Accounts</h3>
+<div id="outline-container-orged63f05" class="outline-3">
+<h3 id="orged63f05"><span class="section-number-3">7.12.</span> Configure User Accounts</h3>
<div class="outline-text-3" id="text-7-12">
<p>
User accounts are created immediately so that backups can begin
@@ -3782,8 +3782,8 @@ describes the <code>members</code> and <code>usernames</code> variables.
</div>
</div>
</div>
-<div id="outline-container-org36bf9fc" class="outline-3">
-<h3 id="org36bf9fc"><span class="section-number-3">7.13.</span> Trust Institute Certificate Authority</h3>
+<div id="outline-container-org7a2d68e" class="outline-3">
+<h3 id="org7a2d68e"><span class="section-number-3">7.13.</span> Trust Institute Certificate Authority</h3>
<div class="outline-text-3" id="text-7-13">
<p>
Core should recognize the institute's Certificate Authority as
@@ -3815,8 +3815,8 @@ X.509 certificates is available in <a href="#org6519b0c">Keys</a>.
</div>
</div>
</div>
-<div id="outline-container-org22d2cc7" class="outline-3">
-<h3 id="org22d2cc7"><span class="section-number-3">7.14.</span> Install Server Certificate</h3>
+<div id="outline-container-org3f537e9" class="outline-3">
+<h3 id="org3f537e9"><span class="section-number-3">7.14.</span> Install Server Certificate</h3>
<div class="outline-text-3" id="text-7-14">
<p>
The servers on Core use the same certificate (and key) to authenticate
@@ -4069,8 +4069,8 @@ installed by more specialized roles.
</div>
</div>
</div>
-<div id="outline-container-org49d8726" class="outline-3">
-<h3 id="org49d8726"><span class="section-number-3">7.18.</span> Configure Dovecot IMAPd</h3>
+<div id="outline-container-orgeaf598f" class="outline-3">
+<h3 id="orgeaf598f"><span class="section-number-3">7.18.</span> Configure Dovecot IMAPd</h3>
<div class="outline-text-3" id="text-7-18">
<p>
Core uses Dovecot's IMAPd to store and serve member emails. As on
@@ -5954,8 +5954,8 @@ applied first, by which Gate gets a campus machine's DNS and Postfix
configurations, etc.
</p>
</div>
-<div id="outline-container-org0fd1c05" class="outline-3">
-<h3 id="org0fd1c05"><span class="section-number-3">8.1.</span> Include Particulars</h3>
+<div id="outline-container-orgc5bdd96" class="outline-3">
+<h3 id="orgc5bdd96"><span class="section-number-3">8.1.</span> Include Particulars</h3>
<div class="outline-text-3" id="text-8-1">
<p>
The following should be familiar boilerplate by now.
@@ -6329,8 +6329,8 @@ the daemon listens <i>only</i> on the Gate-WiFi network interface.
</div>
</div>
</div>
-<div id="outline-container-org203c172" class="outline-3">
-<h3 id="org203c172"><span class="section-number-3">8.6.</span> Install Server Certificate</h3>
+<div id="outline-container-orgd63b568" class="outline-3">
+<h3 id="orgd63b568"><span class="section-number-3">8.6.</span> Install Server Certificate</h3>
<div class="outline-text-3" id="text-8-6">
<p>
The (OpenVPN) server on Gate uses an institute certificate (and key)
@@ -6357,8 +6357,8 @@ and Front) do.
</div>
</div>
</div>
-<div id="outline-container-org760a95a" class="outline-3">
-<h3 id="org760a95a"><span class="section-number-3">8.7.</span> Configure OpenVPN</h3>
+<div id="outline-container-orgb68db3f" class="outline-3">
+<h3 id="orgb68db3f"><span class="section-number-3">8.7.</span> Configure OpenVPN</h3>
<div class="outline-text-3" id="text-8-7">
<p>
Gate uses OpenVPN to provide the institute's campus VPN service. Its
@@ -6521,8 +6521,8 @@ Wireless campus devices can get a key to the campus VPN from the
configured manually.
</p>
</div>
-<div id="outline-container-org9d81c0f" class="outline-3">
-<h3 id="org9d81c0f"><span class="section-number-3">9.1.</span> Include Particulars</h3>
+<div id="outline-container-org0b6eaeb" class="outline-3">
+<h3 id="org0b6eaeb"><span class="section-number-3">9.1.</span> Include Particulars</h3>
<div class="outline-text-3" id="text-9-1">
<p>
The following should be familiar boilerplate by now.
@@ -6538,8 +6538,8 @@ The following should be familiar boilerplate by now.
</div>
</div>
</div>
-<div id="outline-container-orgcc676de" class="outline-3">
-<h3 id="orgcc676de"><span class="section-number-3">9.2.</span> Configure Hostname</h3>
+<div id="outline-container-org53f705c" class="outline-3">
+<h3 id="org53f705c"><span class="section-number-3">9.2.</span> Configure Hostname</h3>
<div class="outline-text-3" id="text-9-2">
<p>
Clients should be using the expected host name.
@@ -6572,8 +6572,8 @@ Clients should be using the expected host name.
</div>
</div>
</div>
-<div id="outline-container-orge776843" class="outline-3">
-<h3 id="orge776843"><span class="section-number-3">9.3.</span> Enable Systemd Resolved</h3>
+<div id="outline-container-org7dcd4cf" class="outline-3">
+<h3 id="org7dcd4cf"><span class="section-number-3">9.3.</span> Enable Systemd Resolved</h3>
<div class="outline-text-3" id="text-9-3">
<p>
Campus machines start the <code>systemd-networkd</code> and <code>systemd-resolved</code>
@@ -6617,8 +6617,8 @@ service units on boot. See <a href="#org5738867">Enable Systemd Resolved</a>.
</div>
</div>
</div>
-<div id="outline-container-org85c46f2" class="outline-3">
-<h3 id="org85c46f2"><span class="section-number-3">9.4.</span> Configure Systemd Resolved</h3>
+<div id="outline-container-org1951472" class="outline-3">
+<h3 id="org1951472"><span class="section-number-3">9.4.</span> Configure Systemd Resolved</h3>
<div class="outline-text-3" id="text-9-4">
<p>
Campus machines use the campus name server on Core (or <code>dns.google</code>),
@@ -6689,8 +6689,8 @@ and file timestamps.
</div>
</div>
</div>
-<div id="outline-container-orga3a919f" class="outline-3">
-<h3 id="orga3a919f"><span class="section-number-3">9.6.</span> Add Administrator to System Groups</h3>
+<div id="outline-container-org0432f89" class="outline-3">
+<h3 id="org0432f89"><span class="section-number-3">9.6.</span> Add Administrator to System Groups</h3>
<div class="outline-text-3" id="text-9-6">
<p>
The administrator often needs to read (directories of) log files owned
@@ -6710,8 +6710,8 @@ these groups speeds up debugging.
</div>
</div>
</div>
-<div id="outline-container-orgfab713c" class="outline-3">
-<h3 id="orgfab713c"><span class="section-number-3">9.7.</span> Trust Institute Certificate Authority</h3>
+<div id="outline-container-orge3e0d1d" class="outline-3">
+<h3 id="orge3e0d1d"><span class="section-number-3">9.7.</span> Trust Institute Certificate Authority</h3>
<div class="outline-text-3" id="text-9-7">
<p>
Campus hosts should recognize the institute's Certificate Authority as
@@ -6743,8 +6743,8 @@ keys, certificates and passwords, see <a href="#org6519b0c">Keys</a>.)
</div>
</div>
</div>
-<div id="outline-container-orgb504c59" class="outline-3">
-<h3 id="orgb504c59"><span class="section-number-3">9.8.</span> Install Unattended Upgrades</h3>
+<div id="outline-container-org98f9cd5" class="outline-3">
+<h3 id="org98f9cd5"><span class="section-number-3">9.8.</span> Install Unattended Upgrades</h3>
<div class="outline-text-3" id="text-9-8">
<p>
The institute prefers to install security updates as soon as possible.
@@ -9687,7 +9687,7 @@ routes on Front and Gate, making the simulation less… similar.
</div></div>
<div id="postamble" class="status">
<p class="author">Author: Matt Birkholz</p>
-<p class="date">Created: 2023-12-28 Thu 16:07</p>
+<p class="date">Created: 2023-12-29 Fri 14:26</p>
<p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p>
</div>
</body>