Institute
3 months agoUse the systemd Ansible module to reload daemon configs.
Matt Birkholz [Mon, 2 Sep 2024 23:19:28 +0000 (17:19 -0600)]
Use the systemd Ansible module to reload daemon configs.

3 months agoAdd a Systemd dependency for the isc-dhcp-server.service.
Matt Birkholz [Mon, 2 Sep 2024 23:16:47 +0000 (17:16 -0600)]
Add a Systemd dependency for the isc-dhcp-server.service.

This old daemon is still started by the SysV init compatibility layer?
It would occasionally start and find no IP address for the wifi
interface.

3 months agoFix whitespace, typo, left-over mention of "private-view" names.
Matt Birkholz [Mon, 2 Sep 2024 23:05:13 +0000 (17:05 -0600)]
Fix whitespace, typo, left-over mention of "private-view" names.

7 months agoUpdate README.html.
Matt Birkholz [Wed, 8 May 2024 20:43:00 +0000 (14:43 -0600)]
Update README.html.

7 months agoSet opcache.interned_strings_buffer to 12, 50% larger.
Matt Birkholz [Wed, 8 May 2024 20:18:29 +0000 (14:18 -0600)]
Set opcache.interned_strings_buffer to 12, 50% larger.

7 months agoAlways use the Apache2 cgid module.
Matt Birkholz [Wed, 8 May 2024 20:12:30 +0000 (14:12 -0600)]
Always use the Apache2 cgid module.

Core (Nextcloud) and Front presumably benefit.  Lost the why of
supporting cgi as well.  Perhaps cgi was recommended with a default
MPM?

7 months agoAssume Debian 12 (PHP 8.2) is in use on the Nextcloud server.
Matt Birkholz [Wed, 8 May 2024 20:10:55 +0000 (14:10 -0600)]
Assume Debian 12 (PHP 8.2) is in use on the Nextcloud server.

7 months agoUpdate README.html.
Matt Birkholz [Fri, 3 May 2024 16:45:38 +0000 (10:45 -0600)]
Update README.html.

7 months agoDon't fiddle extra host keys added later by monkey@core's ssh.
Matt Birkholz [Tue, 30 Apr 2024 18:46:28 +0000 (12:46 -0600)]
Don't fiddle extra host keys added later by monkey@core's ssh.

And remove group read access to =~monkey/.ssh/known_hosts= on Core,
else the client will remove it later (producing a spurious diff, and a
re-config loop).

7 months agoConfigure PHP 8.2 (instead of 7.4).
Matt Birkholz [Tue, 30 Apr 2024 18:43:52 +0000 (12:43 -0600)]
Configure PHP 8.2 (instead of 7.4).

Is it worth extra code to configure two PHP versions, old and new?

8 months agoUpdate README.html.
Matt Birkholz [Sun, 21 Apr 2024 20:40:43 +0000 (14:40 -0600)]
Update README.html.

8 months agoSimplify BIND options for Debian 12. Listen on localhost.
Matt Birkholz [Sun, 21 Apr 2024 20:28:04 +0000 (14:28 -0600)]
Simplify BIND options for Debian 12.  Listen on localhost.

Punt disabling SecureDNS; run with the defaults.  One or both of the
dnssec- options is no longer supported by BIND.

8 months agoUpdate README.html.
Matt Birkholz [Wed, 3 Apr 2024 16:04:11 +0000 (11:04 -0500)]
Update README.html.

8 months agoAdd campus Set Domain Name. Punt Hard-wire Important IP Addresses.
Matt Birkholz [Wed, 3 Apr 2024 16:01:22 +0000 (11:01 -0500)]
Add campus Set Domain Name.  Punt Hard-wire Important IP Addresses.

8 months agoUpdate README.html.
Matt Birkholz [Mon, 1 Apr 2024 23:12:21 +0000 (18:12 -0500)]
Update README.html.

8 months agoPunt task "Disable Apache2 server name." (for Debian 12).
Matt Birkholz [Thu, 28 Mar 2024 18:56:38 +0000 (13:56 -0500)]
Punt task "Disable Apache2 server name." (for Debian 12).

Debian 12 does not configure Apache with a ServerName (as Debian 11 did?).

9 months agoWordsmithing. Punt redundant mention of make-cadir.
Matt Birkholz [Mon, 11 Mar 2024 22:26:06 +0000 (17:26 -0500)]
Wordsmithing.  Punt redundant mention of make-cadir.

9 months agoUpdate README.html, after fixing core/files/ src block to mkdirp.
Matt Birkholz [Sat, 9 Mar 2024 16:37:29 +0000 (10:37 -0600)]
Update README.html, after fixing core/files/ src block to mkdirp.

9 months agoReplace ":noweb yes" with ":noweb no-export".
Matt Birkholz [Sat, 9 Mar 2024 16:35:07 +0000 (10:35 -0600)]
Replace ":noweb yes" with ":noweb no-export".

There were no noweb references in the exported HTML!

9 months agoModerate fetchmail dependencies to avoid hard fails.
Matt Birkholz [Sat, 9 Mar 2024 16:31:39 +0000 (10:31 -0600)]
Moderate fetchmail dependencies to avoid hard fails.

9 months agoUpdate discussion of Apache configuration.
Matt Birkholz [Sat, 9 Mar 2024 16:23:58 +0000 (10:23 -0600)]
Update discussion of Apache configuration.

Apache seems to be following the symbolic links in /home/www-users/
without Option FollowSymLinks, which was removed a while ago(?).

Also removed apache-userdir-directory.  User directories are not
really treated differently.  All are strict AllowOverride None.

9 months agoUpdate README.html.
Matt Birkholz [Tue, 27 Feb 2024 18:55:44 +0000 (11:55 -0700)]
Update README.html.

9 months agoMove the Enable Systemd Resolved task(s) to the "all" role.
Matt Birkholz [Tue, 27 Feb 2024 03:37:07 +0000 (20:37 -0700)]
Move the Enable Systemd Resolved task(s) to the "all" role.

9 months agoUpdate README.html.
Matt Birkholz [Tue, 27 Feb 2024 02:43:02 +0000 (19:43 -0700)]
Update README.html.

9 months agoWordsmithing. Updated installation instructions for Debian 12.
Matt Birkholz [Tue, 27 Feb 2024 00:46:15 +0000 (17:46 -0700)]
Wordsmithing.  Updated installation instructions for Debian 12.

9 months agoUpdate pre-provisioning to install all desired Debian (12) packages.
Matt Birkholz [Tue, 27 Feb 2024 00:44:10 +0000 (17:44 -0700)]
Update pre-provisioning to install all desired Debian (12) packages.

9 months agoPunt unnecessary default route for Test Core.
Matt Birkholz [Tue, 27 Feb 2024 00:40:39 +0000 (17:40 -0700)]
Punt unnecessary default route for Test Core.

9 months agoAdd instructions for installing the host key on Front.
Matt Birkholz [Tue, 27 Feb 2024 00:36:30 +0000 (17:36 -0700)]
Add instructions for installing the host key on Front.

9 months agoFix the VBoxManage commands that set up the networks.
Matt Birkholz [Sat, 24 Feb 2024 04:23:41 +0000 (21:23 -0700)]
Fix the VBoxManage commands that set up the networks.

9 months agoIn Debian 12: Expect new PHP version. Use Apache CGId module.
Matt Birkholz [Sat, 24 Feb 2024 04:19:15 +0000 (21:19 -0700)]
In Debian 12:  Expect new PHP version.  Use Apache CGId module.

9 months agoPunt netplan.io on Front. Use drop-in with ifupdown (installed).
Matt Birkholz [Sat, 24 Feb 2024 04:14:14 +0000 (21:14 -0700)]
Punt netplan.io on Front.  Use drop-in with ifupdown (installed).

9 months agoPunt VBoxManage unattended install, and startvm headless.
Matt Birkholz [Sat, 24 Feb 2024 04:07:03 +0000 (21:07 -0700)]
Punt VBoxManage unattended install, and startvm headless.

Start new machines on the default NAT and prepare them there, then
move them to the simulated campus.

9 months agoSet MAC addresses on gate's network interfaces, else they're random.
Matt Birkholz [Sat, 24 Feb 2024 03:25:31 +0000 (20:25 -0700)]
Set MAC addresses on gate's network interfaces, else they're random.

Set corresponding example variable values.  Simplify test instructions.

9 months agoAdd the core_ethernet variable, naming Core's Ethernet interface.
Matt Birkholz [Sat, 24 Feb 2024 01:27:06 +0000 (18:27 -0700)]
Add the core_ethernet variable, naming Core's Ethernet interface.

This should be derivable from ansible_facts, somehow.

9 months agoAdded the "all" role, for all hosts.
Matt Birkholz [Sat, 24 Feb 2024 00:39:26 +0000 (17:39 -0700)]
Added the "all" role, for all hosts.

This eliminates duplicate code from all (other) roles, installing the
institute certificate authority.  Originally intended to ensure the
institute CA was installed before OpenVPN needed it.  OpenVPN actually
just needed the /usr/local/share/ca-certificates/ file (not
update-ca-certificates execution).

11 months agoRenumber (already sorted) footnotes. Update README.html.
Matt Birkholz [Tue, 2 Jan 2024 20:38:41 +0000 (13:38 -0700)]
Renumber (already sorted) footnotes.  Update README.html.

11 months agoUpdate README.html.
Matt Birkholz [Mon, 1 Jan 2024 17:49:04 +0000 (10:49 -0700)]
Update README.html.

11 months agoFix "Update hostname." task.
Matt Birkholz [Mon, 1 Jan 2024 17:47:43 +0000 (10:47 -0700)]
Fix "Update hostname." task.

11 months agoMisspelled mask. Wordsmithing.
Matt Birkholz [Sun, 31 Dec 2023 22:57:46 +0000 (15:57 -0700)]
Misspelled mask.  Wordsmithing.

Punt note about pre-seeding test installs.  Correct the answer to the
"System mail name" prompt in the test Postfix install.

11 months agoUpdate README.html.
Matt Birkholz [Sat, 30 Dec 2023 21:12:56 +0000 (14:12 -0700)]
Update README.html.

11 months agoMove domain_priv to private/vars.yml. Wordsmith some too.
Matt Birkholz [Sat, 30 Dec 2023 21:07:05 +0000 (14:07 -0700)]
Move domain_priv to private/vars.yml.  Wordsmith some too.

11 months agoUpdate README.html (forced).
Matt Birkholz [Fri, 29 Dec 2023 21:28:53 +0000 (14:28 -0700)]
Update README.html (forced).

11 months agoUpdate README.html.
Matt Birkholz [Thu, 28 Dec 2023 23:07:43 +0000 (16:07 -0700)]
Update README.html.

11 months agoFix the CA (sub)command to export root keys to Secret/.
Matt Birkholz [Thu, 28 Dec 2023 22:37:41 +0000 (15:37 -0700)]
Fix the CA (sub)command to export root keys to Secret/.

11 months agoorg-html-publish-to-html does not include results (by default)?
Matt Birkholz [Thu, 28 Dec 2023 22:35:57 +0000 (15:35 -0700)]
org-html-publish-to-html does not include results (by default)?

11 months agoTurn many relative filenames into links.
Matt Birkholz [Thu, 28 Dec 2023 06:20:54 +0000 (23:20 -0700)]
Turn many relative filenames into links.

11 months agoRe-generated the example Secret/CA/ with the small.private domain.
Matt Birkholz [Thu, 28 Dec 2023 01:08:42 +0000 (18:08 -0700)]
Re-generated the example Secret/CA/ with the small.private domain.

11 months agoWordsmithing.
Matt Birkholz [Wed, 27 Dec 2023 22:22:21 +0000 (15:22 -0700)]
Wordsmithing.

12 months agoTrim ping and ssh monitors from Gate. Lost before repos changed?
Matt Birkholz [Mon, 18 Dec 2023 23:18:59 +0000 (16:18 -0700)]
Trim ping and ssh monitors from Gate.  Lost before repos changed?

12 months agoInitial version.
Matt Birkholz [Sun, 17 Dec 2023 23:20:55 +0000 (16:20 -0700)]
Initial version.