From 27518bac3cdbac765bbd94dfede64babdc77f13e Mon Sep 17 00:00:00 2001
From: Matt Birkholz <matt@birchwood-abbey.net>
Date: Sat, 9 May 2026 15:44:15 -0600
Subject: [PATCH] Update README.html.

---
 README.html | 1007 ++++++++++++++++++++++++++-------------------------
 1 file changed, 508 insertions(+), 499 deletions(-)

diff --git a/README.html b/README.html
index 69e5a54..2654117 100644
--- a/README.html
+++ b/README.html
@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2026-01-18 Sun 16:36 -->
+<!-- 2026-05-09 Sat 15:42 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>Birchwood Abbey Networks</title>
@@ -24,8 +24,8 @@ idiosyncrasies.  The roles herein are abbey specific, emphasized by
 the <code>abbey-</code> prefix on their names.  These roles are applied <i>after</i>
 the generic institutional roles (again, documented <a href="Institute/README.html">here</a>).
 </p>
-<div id="outline-container-org04d6e4c" class="outline-2">
-<h2 id="org04d6e4c"><span class="section-number-2">1.</span> Overview</h2>
+<div id="outline-container-orgd8fe5bc" class="outline-2">
+<h2 id="orgd8fe5bc"><span class="section-number-2">1.</span> Overview</h2>
 <div class="outline-text-2" id="text-1">
 <p>
 A Small Institute makes security and privacy top priorities but
@@ -64,7 +64,7 @@ map is very similar, with differences mainly in terminology,
 philosophy, attitude.
 </p>
 
-<pre class="example" id="org90d1082">
+<pre class="example" id="orgc79cdd3">
                 |                                                   
                 =                                                   
               _|||_                                                 
@@ -103,8 +103,8 @@ philosophy, attitude.
 </pre>
 </div>
 </div>
-<div id="outline-container-orgd67a975" class="outline-2">
-<h2 id="orgd67a975"><span class="section-number-2">2.</span> The Abbey Particulars</h2>
+<div id="outline-container-orgb63becf" class="outline-2">
+<h2 id="orgb63becf"><span class="section-number-2">2.</span> The Abbey Particulars</h2>
 <div class="outline-text-2" id="text-2">
 <p>
 The abbey's public particulars are included below.  They are the
@@ -134,8 +134,8 @@ into <a href="private_ex/vars-abbey.yml"><q>private_ex/vars-abbey.yml</q></a>.
 </p>
 </div>
 </div>
-<div id="outline-container-orgd060277" class="outline-2">
-<h2 id="orgd060277"><span class="section-number-2">3.</span> The Abbey Front Role</h2>
+<div id="outline-container-org145e273" class="outline-2">
+<h2 id="org145e273"><span class="section-number-2">3.</span> The Abbey Front Role</h2>
 <div class="outline-text-2" id="text-3">
 <p>
 Birchwood Abbey's front door is a Digital Ocean Droplet configured as
@@ -144,8 +144,8 @@ with Apache2, spooling email with Postfix and serving it with
 Dovecot-IMAPd, and hosting a VPN with WireGuard™.
 </p>
 </div>
-<div id="outline-container-orgbe9a4ee" class="outline-3">
-<h3 id="orgbe9a4ee"><span class="section-number-3">3.1.</span> Install Emacs</h3>
+<div id="outline-container-orgecba136" class="outline-3">
+<h3 id="orgecba136"><span class="section-number-3">3.1.</span> Install Emacs</h3>
 <div class="outline-text-3" id="text-3-1">
 <p>
 The monks of the abbey are masters of the staff (bo) and Emacs.
@@ -160,8 +160,8 @@ The monks of the abbey are masters of the staff (bo) and Emacs.
 </div>
 </div>
 </div>
-<div id="outline-container-orgf02dfe3" class="outline-3">
-<h3 id="orgf02dfe3"><span class="section-number-3">3.2.</span> Configure Public Email Aliases</h3>
+<div id="outline-container-org7f78165" class="outline-3">
+<h3 id="org7f78165"><span class="section-number-3">3.2.</span> Configure Public Email Aliases</h3>
 <div class="outline-text-3" id="text-3-2">
 <p>
 The abbey uses several additional email aliases.  These are the public
@@ -172,8 +172,7 @@ from there, forwarding <code>sysadm</code> to a real person.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install abbey email aliases.
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install abbey email aliases.
   become: yes
   blockinfile:
     block: |
@@ -201,8 +200,8 @@ from there, forwarding <code>sysadm</code> to a real person.
 </div>
 </div>
 </div>
-<div id="outline-container-org227602e" class="outline-3">
-<h3 id="org227602e"><span class="section-number-3">3.3.</span> Configure Git Daemon on Front</h3>
+<div id="outline-container-org8137534" class="outline-3">
+<h3 id="org8137534"><span class="section-number-3">3.3.</span> Configure Git Daemon on Front</h3>
 <div class="outline-text-3" id="text-3-3">
 <p>
 The abbey publishes member Git repositories with <code>git daemon</code>.  If
@@ -247,7 +246,7 @@ rsync -av --del small.institute.org:Public/foo/ ~/Public/foo/
 The <code>git daemon</code> is run by SystemD per the <q>git-daemon.service</q> file.
 The <code>git-daemon(1)</code> manual page explains the options in detail.  The
 <code>--base-path</code> option should agree with <code>$projectroot</code> in the
-<q>/etc/gitweb.conf</q> file installed <a href="#org3877377">here</a>.
+<q>/etc/gitweb.conf</q> file installed <a href="#org70b1318">here</a>.
 </p>
 
 <p>
@@ -274,13 +273,12 @@ like <code>gitd-tasks</code> and <code>gitd-handlers</code>.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
-&lt;&lt;gitd-tasks&gt;&gt;
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>&lt;&lt;gitd-tasks&gt;&gt;
 </code></pre>
 </div>
 
 <div class="org-src-container">
-<code>gitd-tasks</code><pre class="src src-conf" id="org59a9cd2"><code>- name: Install git.
+<code>gitd-tasks</code><pre class="src src-conf" id="org493cb93"><code>- name: Install git.
   become: yes
   <span class="org-variable-name">apt: pkg</span>=git
 
@@ -358,14 +356,12 @@ like <code>gitd-tasks</code> and <code>gitd-handlers</code>.
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf"><code>
-&lt;&lt;gitd-handlers&gt;&gt;
+<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf"><code>&lt;&lt;gitd-handlers&gt;&gt;
 </code></pre>
 </div>
 
 <div class="org-src-container">
-<code>gitd-handlers</code><pre class="src src-conf" id="org5fd849e"><code>
-- name: Reload systemd.
+<code>gitd-handlers</code><pre class="src src-conf" id="org9b2b9d6"><code>- name: Reload systemd.
   become: yes
   systemd:
     daemon-reload: yes
@@ -380,8 +376,8 @@ like <code>gitd-tasks</code> and <code>gitd-handlers</code>.
 </div>
 </div>
 </div>
-<div id="outline-container-org3972eff" class="outline-3">
-<h3 id="org3972eff"><span class="section-number-3">3.4.</span> Configure Gitweb on Front</h3>
+<div id="outline-container-orgfd43e59" class="outline-3">
+<h3 id="orgfd43e59"><span class="section-number-3">3.4.</span> Configure Gitweb on Front</h3>
 <div class="outline-text-3" id="text-3-4">
 <p>
 The abbey provides an HTML interface to members' public Git
@@ -408,7 +404,7 @@ lists the repositories found in <q>/var/www/git/</q>.
 </p>
 
 <div class="org-src-container">
-<code>apache-gitweb</code><pre class="src src-conf" id="org7a39b76"><code>Alias /gitweb-static/ /usr/share/gitweb/static/
+<code>apache-gitweb</code><pre class="src src-conf" id="org5965c9d"><code>Alias /gitweb-static/ /usr/share/gitweb/static/
 &lt;Directory <span class="org-string">"/usr/share/gitweb/static/"</span>&gt;
     Options MultiViews
 &lt;/Directory&gt;
@@ -465,13 +461,12 @@ web site <q>/favicon.ico</q>.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
-&lt;&lt;gitweb-tasks&gt;&gt;
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>&lt;&lt;gitweb-tasks&gt;&gt;
 </code></pre>
 </div>
 
 <div class="org-src-container">
-<code>gitweb-tasks</code><pre class="src src-conf" id="org3877377"><code>- name: Enable Apache2 rewrite module.
+<code>gitweb-tasks</code><pre class="src src-conf" id="org70b1318"><code>- name: Enable Apache2 rewrite module.
   become: yes
   <span class="org-variable-name">apache2_module: name</span>=rewrite
   notify: Restart Apache2.
@@ -508,13 +503,12 @@ web site <q>/favicon.ico</q>.
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf"><code>
-&lt;&lt;gitweb-handlers&gt;&gt;
+<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf"><code>&lt;&lt;gitweb-handlers&gt;&gt;
 </code></pre>
 </div>
 
 <div class="org-src-container">
-<code>gitweb-handlers</code><pre class="src src-conf" id="orgbac5425"><code>- name: Restart Apache2.
+<code>gitweb-handlers</code><pre class="src src-conf" id="org1fae2ca"><code>- name: Restart Apache2.
   become: yes
   systemd:
     service: apache2
@@ -524,8 +518,8 @@ web site <q>/favicon.ico</q>.
 </div>
 </div>
 </div>
-<div id="outline-container-orga1ffc3d" class="outline-3">
-<h3 id="orga1ffc3d"><span class="section-number-3">3.5.</span> Configure Apache for Abbey Documentation</h3>
+<div id="outline-container-org7ce6bc6" class="outline-3">
+<h3 id="org7ce6bc6"><span class="section-number-3">3.5.</span> Configure Apache for Abbey Documentation</h3>
 <div class="outline-text-3" id="text-3-5">
 <p>
 Some of the directives added to the <q>-vhost.conf</q> file are needed by
@@ -543,7 +537,7 @@ filename suffixes.
 </p>
 
 <div class="org-src-container">
-<code>apache-abbey</code><pre class="src src-conf" id="org314ee41"><code>&lt;Directory {{ docroot }}/Abbey/&gt;
+<code>apache-abbey</code><pre class="src src-conf" id="orga0b66d8"><code>&lt;Directory {{ docroot }}/Abbey/&gt;
     AllowOverride Indexes FileInfo
     Options +Indexes +FollowSymLinks
 &lt;/Directory&gt;
@@ -566,8 +560,8 @@ AddType text/plain private pub public_vpn req rev sample txt yml
 </div>
 </div>
 </div>
-<div id="outline-container-org32b1d54" class="outline-3">
-<h3 id="org32b1d54"><span class="section-number-3">3.6.</span> Configure Photos URLs on Front</h3>
+<div id="outline-container-org5b3280a" class="outline-3">
+<h3 id="org5b3280a"><span class="section-number-3">3.6.</span> Configure Photos URLs on Front</h3>
 <div class="outline-text-3" id="text-3-6">
 <p>
 Some of the directives added to the <q>-vhost.conf</q> file map the abbey's
@@ -579,7 +573,7 @@ matching configurations for accurate previews and tests.
 </p>
 
 <div class="org-src-container">
-<code>apache-photos</code><pre class="src src-conf" id="org7474b2d"><code>RedirectMatch /Photos$ /Photos/
+<code>apache-photos</code><pre class="src src-conf" id="orgc24d82d"><code>RedirectMatch /Photos$ /Photos/
 RedirectMatch /Photos/(20[0-9][0-9])_([0-9][0-9])_([0-9][0-9])$ \
               /Photos/$1_$2_$3/
 AliasMatch /Photos/(20[0-9][0-9])_([0-9][0-9])_([0-9][0-9])/(.+)$ \
@@ -591,10 +585,53 @@ AliasMatch /Photos/$ {{ docroot }}/Photos/index.html
 </div>
 </div>
 </div>
-<div id="outline-container-org20a4ad0" class="outline-3">
-<h3 id="org20a4ad0"><span class="section-number-3">3.7.</span> Configure Tellurion Expiration on Front</h3>
+<div id="outline-container-org1db8a1f" class="outline-3">
+<h3 id="org1db8a1f"><span class="section-number-3">3.7.</span> Configure Matt's Alter Ego</h3>
 <div class="outline-text-3" id="text-3-7">
 <p>
+Many years ago Matt's evil twin, Friar Puck, released a "pucked"
+version of MIT/GNU Scheme, advertising that it was available at a
+couple URLs:
+</p>
+
+<ul class="org-ul">
+<li><code>git://birchwood-abbey.net/~puck/mit-scheme.git</code></li>
+<li><code>https://birchwood-abbey.net/~puck/Scheme/</code></li>
+</ul>
+
+<p>
+These are actually duplicates of the "resources" at these URLs:
+</p>
+
+<ul class="org-ul">
+<li><code>git://birchwood-abbey.net/~matt/mit-scheme.git</code></li>
+<li><code>https://birchwood-abbey.net/~matt/Scheme/</code></li>
+</ul>
+
+<p>
+So the abbey's Google Indexing report warned of the duplicates, and
+explained that they would not be indexed.  To get them off the report,
+the following redirects make clear that the canonical source is
+Matt's.
+</p>
+
+<div class="org-src-container">
+<code>apache-pucked</code><pre class="src src-conf" id="org217bddf"><code>RedirectMatch /~puck$ /~matt
+RedirectMatch /~puck/(.*) /~matt/$1
+</code></pre>
+</div>
+
+<p>
+The seemingly duplicated Git repository at <code>/~puck/mit-scheme.git</code> is
+actually the symbolic link at <q>/home/puck/Public</q> targeting
+<q>/home/matt/Public</q>.
+</p>
+</div>
+</div>
+<div id="outline-container-org668872c" class="outline-3">
+<h3 id="org668872c"><span class="section-number-3">3.8.</span> Configure Tellurion Expiration on Front</h3>
+<div class="outline-text-3" id="text-3-8">
+<p>
 The abbey's <q>tellurion.png</q> is updated every 15 minutes on the quarter
 hour, and should expire soon thereafter.  To accomplish this, Apache's
 <code>expires</code> module is enabled inside the <q>/Tellurion/</q> directory and the
@@ -602,7 +639,7 @@ hour, and should expire soon thereafter.  To accomplish this, Apache's
 </p>
 
 <div class="org-src-container">
-<code>apache-tellurion</code><pre class="src src-conf" id="orgfc5fccc"><code>&lt;Directory {{ docroot }}/Tellurion/&gt;
+<code>apache-tellurion</code><pre class="src src-conf" id="org7f77900"><code>&lt;Directory {{ docroot }}/Tellurion/&gt;
     ExpiresActive On
     ExpiresByType image/png <span class="org-string">"modification plus 15 minutes"</span>
 &lt;/Directory&gt;
@@ -615,13 +652,12 @@ will be accepted.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml">=roles_t/abbey-front/tasks/main.yml</a><pre class="src src-conf"><code>
-&lt;&lt;tellurion-tasks&gt;&gt;
+<a href="roles_t/abbey-front/tasks/main.yml">=roles_t/abbey-front/tasks/main.yml</a><pre class="src src-conf"><code>&lt;&lt;tellurion-tasks&gt;&gt;
 </code></pre>
 </div>
 
 <div class="org-src-container">
-<code>tellurion-tasks</code><pre class="src src-conf" id="org00cd0cb"><code>- name: Enable Apache2 expires module.
+<code>tellurion-tasks</code><pre class="src src-conf" id="orgc049d99"><code>- name: Enable Apache2 expires module.
   become: yes
   <span class="org-variable-name">apache2_module: name</span>=expires
   notify: Restart Apache2.
@@ -629,9 +665,9 @@ will be accepted.
 </div>
 </div>
 </div>
-<div id="outline-container-org683a306" class="outline-3">
-<h3 id="org683a306"><span class="section-number-3">3.8.</span> Configure Apache on Front</h3>
-<div class="outline-text-3" id="text-3-8">
+<div id="outline-container-orgb2d16a7" class="outline-3">
+<h3 id="orgb2d16a7"><span class="section-number-3">3.9.</span> Configure Apache on Front</h3>
+<div class="outline-text-3" id="text-3-9">
 <p>
 The abbey needs to add some Apache2 configuration directives to the
 virtual host listening for HTTPS requests to <q>birchwood-abbey.net</q>.
@@ -641,16 +677,16 @@ The abbey simply creates a <q>birchwood-abbey.net-vhost.conf</q> file in
 </p>
 
 <p>
-The following task adds the <a href="#org7a39b76"><code>apache-gitweb</code></a>, <a href="#org314ee41"><code>apache-abbey</code></a>,
-<a href="#org7474b2d"><code>apache-photos</code></a>, and <a href="#orgfc5fccc"><code>apache-tellurion</code></a> directives described above to
-the <q>-vhost.conf</q> file, and includes <q>options-ssl-apache.conf</q> from
-<q>/etc/letsencrypt/</q>.  The rest of the Let's Encrypt configuration is
-discussed in the following <a href="#orgcddc4bf">Install Let's Encrypt</a> section.
+The following task adds the <a href="#org5965c9d"><code>apache-gitweb</code></a>, <a href="#orga0b66d8"><code>apache-abbey</code></a>,
+<a href="#orgc24d82d"><code>apache-photos</code></a>, <a href="#org217bddf"><code>apache-pucked</code></a> and <a href="#org7f77900"><code>apache-tellurion</code></a> directives
+described above to the <q>-vhost.conf</q> file, and includes
+<q>options-ssl-apache.conf</q> from <q>/etc/letsencrypt/</q>.  The rest of the
+Let's Encrypt configuration is discussed in the following <a href="#org0e5fcbc">Install
+Let's Encrypt</a> section.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Configure Apache.
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Configure Apache.
   become: yes
   vars:
     docroot: /home/www
@@ -662,6 +698,8 @@ discussed in the following <a href="#orgcddc4bf">Install Let's Encrypt</a> secti
 
         &lt;&lt;apache-photos&gt;&gt;
 
+        &lt;&lt;apache-pucked&gt;&gt;
+
         &lt;&lt;apache-tellurion&gt;&gt;
 
         IncludeOptional /etc/letsencrypt/options-ssl-apache.conf
@@ -671,9 +709,9 @@ discussed in the following <a href="#orgcddc4bf">Install Let's Encrypt</a> secti
 </div>
 </div>
 </div>
-<div id="outline-container-orgcaa244b" class="outline-3">
-<h3 id="orgcaa244b"><span class="section-number-3">3.9.</span> Configure Apache Log Archival</h3>
-<div class="outline-text-3" id="text-3-9">
+<div id="outline-container-orgfb296d2" class="outline-3">
+<h3 id="orgfb296d2"><span class="section-number-3">3.10.</span> Configure Apache Log Archival</h3>
+<div class="outline-text-3" id="text-3-10">
 <p>
 These tasks hack Apache's <code>logrotate(8)</code> configuration to rotate
 weekly, keep a couple weeks, and email each week's log to <code>root</code>.
@@ -689,8 +727,7 @@ The replacement <q>logrotate-mailer</q> does, and includes it in a
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Configure Apache log archival.
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Configure Apache log archival.
   become: yes
   lineinfile:
     path: /etc/logrotate.d/apache2
@@ -768,8 +805,8 @@ encrypting and sending to <code>sendmail</code>.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/files/logrotate-mailer"><q>roles_t/abbey-front/files/logrotate-mailer</q></a><pre class="src src-sh"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/bin/</span><span class="org-keyword">bash</span><span class="org-comment"> -e
-</span>
+<a href="roles_t/abbey-front/files/logrotate-mailer"><q>roles_t/abbey-front/files/logrotate-mailer</q></a><pre class="src src-sh"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/bin/</span><span class="org-keyword">bash</span><span class="org-comment"> -e</span>
+
 <span class="org-keyword">if</span> [ <span class="org-string">"$#"</span> != 3 -o <span class="org-string">"$1"</span> != <span class="org-string">"-s"</span> ]; <span class="org-keyword">then</span>
     <span class="org-builtin">echo</span> <span class="org-string">"usage: $0 -s subject recipient"</span> 1&gt;&amp;2
     <span class="org-keyword">exit</span> 1
@@ -808,9 +845,9 @@ encrypting and sending to <code>sendmail</code>.
 </div>
 </div>
 </div>
-<div id="outline-container-orgcddc4bf" class="outline-3">
-<h3 id="orgcddc4bf"><span class="section-number-3">3.10.</span> Install Let's Encrypt</h3>
-<div class="outline-text-3" id="text-3-10">
+<div id="outline-container-org0e5fcbc" class="outline-3">
+<h3 id="org0e5fcbc"><span class="section-number-3">3.11.</span> Install Let's Encrypt</h3>
+<div class="outline-text-3" id="text-3-11">
 <p>
 The abbey uses a Let's Encrypt certificate to authenticate its public
 web site and email services.  Initial installation of a Let's Encrypt
@@ -818,7 +855,7 @@ certificate is a terminal session affair (with prompts and lines
 entered as shown below).
 </p>
 
-<pre class="example" id="org4b35bf2">
+<pre class="example" id="org6b7f5ea">
 $ sudo apt install python3-certbot-apache
 $ sudo certbot --apache -d birchwood-abbey.net
 ...
@@ -879,8 +916,7 @@ package is installed and its <q>live/</q> subdirectory is world readable.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install Certbot for Apache.
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install Certbot for Apache.
   become: yes
   <span class="org-variable-name">apt: pkg</span>=python3-certbot-apache
 
@@ -925,8 +961,7 @@ be restarted manually.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: <span class="org-string">"Use Let's Encrypt certificate&amp;key."</span>
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: <span class="org-string">"Use Let's Encrypt certificate&amp;key."</span>
   become: yes
   file:
     state: link
@@ -943,12 +978,11 @@ be restarted manually.
 </div>
 </div>
 </div>
-<div id="outline-container-org676689c" class="outline-3">
-<h3 id="org676689c"><span class="section-number-3">3.11.</span> Restart Servers Caching Let's Encrypt</h3>
-<div class="outline-text-3" id="text-3-11">
+<div id="outline-container-org442cfd4" class="outline-3">
+<h3 id="org442cfd4"><span class="section-number-3">3.12.</span> Restart Servers Caching Let's Encrypt</h3>
+<div class="outline-text-3" id="text-3-12">
 <div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install Certbot hook.
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install Certbot hook.
   become: yes
   copy:
     src: certbot_hook
@@ -967,22 +1001,21 @@ server certificate.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/files/certbot_hook"><q>roles_t/abbey-front/files/certbot_hook</q></a><pre class="src src-conf"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/bin/bash
-</span>systemctl reload dovecot
+<a href="roles_t/abbey-front/files/certbot_hook"><q>roles_t/abbey-front/files/certbot_hook</q></a><pre class="src src-conf"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/bin/bash</span>
+systemctl reload dovecot
 </code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org2493da1" class="outline-3">
-<h3 id="org2493da1"><span class="section-number-3">3.12.</span> Rotate Let's Encrypt Log</h3>
-<div class="outline-text-3" id="text-3-12">
+<div id="outline-container-org159a670" class="outline-3">
+<h3 id="org159a670"><span class="section-number-3">3.13.</span> Rotate Let's Encrypt Log</h3>
+<div class="outline-text-3" id="text-3-13">
 <p>
 The following task arranges to rotate Certbot's logs files.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install Certbot logrotate configuration.
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install Certbot logrotate configuration.
   become: yes
   copy:
     src: certbot_logrotate
@@ -1002,9 +1035,9 @@ The following task arranges to rotate Certbot's logs files.
 </div>
 </div>
 </div>
-<div id="outline-container-orgcd5e4cb" class="outline-3">
-<h3 id="orgcd5e4cb"><span class="section-number-3">3.13.</span> Archive Let's Encrypt Data</h3>
-<div class="outline-text-3" id="text-3-13">
+<div id="outline-container-orgce3c556" class="outline-3">
+<h3 id="orgce3c556"><span class="section-number-3">3.14.</span> Archive Let's Encrypt Data</h3>
+<div class="outline-text-3" id="text-3-14">
 <p>
 A backup copy of Let's Encrypt's data (<q>/etc/letsencrypt/</q>) is sent to
 <code>root@core</code> in OpenPGP encrypted email every time it changes.  Changes
@@ -1012,8 +1045,7 @@ are detected by keeping a copy in <q>/etc/letsencrypt~/</q> for comparison.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: <span class="org-string">"Install Let's Encrypt archive script."</span>
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: <span class="org-string">"Install Let's Encrypt archive script."</span>
   become: yes
   copy:
     src: cron.daily_letsencrypt
@@ -1023,8 +1055,8 @@ are detected by keeping a copy in <q>/etc/letsencrypt~/</q> for comparison.
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/files/cron.daily_letsencrypt"><q>roles_t/abbey-front/files/cron.daily_letsencrypt</q></a><pre class="src src-sh"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/bin/</span><span class="org-keyword">bash</span><span class="org-comment"> -e
-</span>
+<a href="roles_t/abbey-front/files/cron.daily_letsencrypt"><q>roles_t/abbey-front/files/cron.daily_letsencrypt</q></a><pre class="src src-sh"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/bin/</span><span class="org-keyword">bash</span><span class="org-comment"> -e</span>
+
 <span class="org-builtin">cd</span> /etc/
 
 [ -d letsencrypt~ ] <span class="org-sh-escaped-newline">\</span>
@@ -1061,29 +1093,27 @@ imported into <code>root@front</code>'s GnuPG key file.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Copy root@core<span class="org-string">'s public key.
-  become: yes
-  copy:
-    src: ../Secret/root-pub.pem
-    dest: /root/.gnupg-root-pub.pem
-    mode: u=r,g=r,o=r
-  notify: Import root@core'</span>s public key.
+<a href="roles_t/abbey-front/tasks/main.yml"><q>roles_t/abbey-front/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Copy root@core<span class="org-string">'s public key.</span>
+<span class="org-string">  become: yes</span>
+<span class="org-string">  copy:</span>
+<span class="org-string">    src: ../Secret/root-pub.pem</span>
+<span class="org-string">    dest: /root/.gnupg-root-pub.pem</span>
+<span class="org-string">    mode: u=r,g=r,o=r</span>
+<span class="org-string">  notify: Import root@core'</span>s public key.
 </code></pre>
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf"><code>
-- name: Import root@core<span class="org-string">'s public key.
-  become: yes
-  command: gpg --import ~/.gnupg-root-pub.pem</span>
+<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf"><code>- name: Import root@core<span class="org-string">'s public key.</span>
+<span class="org-string">  become: yes</span>
+<span class="org-string">  command: gpg --import ~/.gnupg-root-pub.pem</span>
 </code></pre>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-org080ed5f" class="outline-2">
-<h2 id="org080ed5f"><span class="section-number-2">4.</span> The Abbey Core Role</h2>
+<div id="outline-container-orgbf2cbb7" class="outline-2">
+<h2 id="orgbf2cbb7"><span class="section-number-2">4.</span> The Abbey Core Role</h2>
 <div class="outline-text-2" id="text-4">
 <p>
 Birchwood Abbey's core is a mini-PC (System76 Meerkat) configured as A
@@ -1093,8 +1123,8 @@ with Postfix and Dovecot, and providing essential localnet services:
 NTP, DNS and DHCP.
 </p>
 </div>
-<div id="outline-container-orgafb285f" class="outline-3">
-<h3 id="orgafb285f"><span class="section-number-3">4.1.</span> Include Abbey Variables</h3>
+<div id="outline-container-org68bc9a9" class="outline-3">
+<h3 id="org68bc9a9"><span class="section-number-3">4.1.</span> Include Abbey Variables</h3>
 <div class="outline-text-3" id="text-4-1">
 <p>
 In this abbey specific document, most abbey particulars are not
@@ -1113,8 +1143,8 @@ directory, <q>playbooks/</q>.
 </div>
 </div>
 </div>
-<div id="outline-container-org52e3fe1" class="outline-3">
-<h3 id="org52e3fe1"><span class="section-number-3">4.2.</span> Install Additional Packages</h3>
+<div id="outline-container-orgcc5d654" class="outline-3">
+<h3 id="orgcc5d654"><span class="section-number-3">4.2.</span> Install Additional Packages</h3>
 <div class="outline-text-3" id="text-4-2">
 <p>
 The scripts that maintain the abbey's web site use a number of
@@ -1124,8 +1154,7 @@ The house task list uses JQuery.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install additional packages.
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install additional packages.
   become: yes
   apt:
     pkg: [ procmail, libhtml-tree-perl, libjs-jquery,
@@ -1134,8 +1163,8 @@ The house task list uses JQuery.
 </div>
 </div>
 </div>
-<div id="outline-container-orga6fd82f" class="outline-3">
-<h3 id="orga6fd82f"><span class="section-number-3">4.3.</span> Configure Private Email Aliases</h3>
+<div id="outline-container-org12d916b" class="outline-3">
+<h3 id="org12d916b"><span class="section-number-3">4.3.</span> Configure Private Email Aliases</h3>
 <div class="outline-text-3" id="text-4-3">
 <p>
 The abbey uses several additional email aliases.  These are the campus
@@ -1151,8 +1180,7 @@ e.g. <code>mythtv@mythtv.birchwood.private</code>, locally.)
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install abbey email aliases.
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install abbey email aliases.
   become: yes
   blockinfile:
     block: |
@@ -1176,81 +1204,76 @@ e.g. <code>mythtv@mythtv.birchwood.private</code>, locally.)
 </div>
 </div>
 </div>
-<div id="outline-container-org864a898" class="outline-3">
-<h3 id="org864a898"><span class="section-number-3">4.4.</span> Configure Git Daemon on Core</h3>
+<div id="outline-container-orgfcd695d" class="outline-3">
+<h3 id="orgfcd695d"><span class="section-number-3">4.4.</span> Configure Git Daemon on Core</h3>
 <div class="outline-text-3" id="text-4-4">
 <p>
 These tasks are identical to those executed on Front, for similar Git
 services on Front and Core.  This allows changes to be tested on Core
-before they are pushed to Front.  See <a href="#org227602e">3.3</a>
+before they are pushed to Front.  See <a href="#org8137534">3.3</a>
 for more information.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-&lt;&lt;gitd-tasks&gt;&gt;
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>&lt;&lt;gitd-tasks&gt;&gt;
 </code></pre>
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf"><code>
-&lt;&lt;gitd-handlers&gt;&gt;
+<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf"><code>&lt;&lt;gitd-handlers&gt;&gt;
 </code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org223edc0" class="outline-3">
-<h3 id="org223edc0"><span class="section-number-3">4.5.</span> Configure Gitweb on Core</h3>
+<div id="outline-container-orgb823c17" class="outline-3">
+<h3 id="orgb823c17"><span class="section-number-3">4.5.</span> Configure Gitweb on Core</h3>
 <div class="outline-text-3" id="text-4-5">
 <p>
 These tasks are identical to those executed on Front, for similar
 Gitweb services on Front and Core.  This allows changes to be tested
-on Core before they are pushed to Front.  See <a href="#org3972eff">Configure Gitweb on
+on Core before they are pushed to Front.  See <a href="#orgfd43e59">Configure Gitweb on
 Front</a> for more information.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-&lt;&lt;gitweb-tasks&gt;&gt;
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>&lt;&lt;gitweb-tasks&gt;&gt;
 </code></pre>
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf"><code>
-&lt;&lt;gitweb-handlers&gt;&gt;
+<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf"><code>&lt;&lt;gitweb-handlers&gt;&gt;
 </code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org0deece2" class="outline-3">
-<h3 id="org0deece2"><span class="section-number-3">4.6.</span> Configure Tellurion Expiration on Core</h3>
+<div id="outline-container-org7da27ca" class="outline-3">
+<h3 id="org7da27ca"><span class="section-number-3">4.6.</span> Configure Tellurion Expiration on Core</h3>
 <div class="outline-text-3" id="text-4-6">
 <p>
-The <code>apache-tellurion</code> directives are defined <a href="#orgfc5fccc">here</a> and included in the
-Apache configuration below.  The <code>tellurion-tasks</code> are defined <a href="#org00cd0cb">here</a>
+The <code>apache-tellurion</code> directives are defined <a href="#org7f77900">here</a> and included in the
+Apache configuration below.  The <code>tellurion-tasks</code> are defined <a href="#orgc049d99">here</a>
 and included by the following code block.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml">=roles_t/abbey-core/tasks/main.yml</a><pre class="src src-conf"><code>
-&lt;&lt;tellurion-tasks&gt;&gt;
+<a href="roles_t/abbey-core/tasks/main.yml">=roles_t/abbey-core/tasks/main.yml</a><pre class="src src-conf"><code>&lt;&lt;tellurion-tasks&gt;&gt;
 </code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-orgfa7854e" class="outline-3">
-<h3 id="orgfa7854e"><span class="section-number-3">4.7.</span> Configure Apache on Core</h3>
+<div id="outline-container-orgcad5462" class="outline-3">
+<h3 id="orgcad5462"><span class="section-number-3">4.7.</span> Configure Apache on Core</h3>
 <div class="outline-text-3" id="text-4-7">
 <p>
 The Apache2 configuration on Core specifies three web sites (live,
 test, and campus).  The live and test sites must operate just like the
-site on Front.  Their configurations include the same <a href="#org7a39b76"><code>apache-gitweb</code></a>,
-<a href="#org314ee41"><code>apache-abbey</code></a>, <a href="#org7474b2d"><code>apache-photos</code></a>, and <a href="#orgfc5fccc"><code>apache-tellurion</code></a> used on Front.
+site on Front.  Their configurations include the same <a href="#org5965c9d"><code>apache-gitweb</code></a>,
+<a href="#orga0b66d8"><code>apache-abbey</code></a>, <a href="#orgc24d82d"><code>apache-photos</code></a>, <a href="#org217bddf"><code>apache-pucked</code></a> and
+<a href="#org7f77900"><code>apache-tellurion</code></a> directives used on Front.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Configure live website.
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Configure live website.
   become: yes
   vars:
     docroot: /WWW/live
@@ -1262,6 +1285,8 @@ site on Front.  Their configurations include the same <a href="#org7a39b76"><cod
 
         &lt;&lt;apache-photos&gt;&gt;
 
+        &lt;&lt;apache-pucked&gt;&gt;
+
         &lt;&lt;apache-tellurion&gt;&gt;
     dest: /etc/apache2/sites-available/live-vhost.conf
     <span class="org-variable-name">mode: u</span>=rw,g=r,o=r
@@ -1279,6 +1304,8 @@ site on Front.  Their configurations include the same <a href="#org7a39b76"><cod
 
         &lt;&lt;apache-photos&gt;&gt;
 
+        &lt;&lt;apache-pucked&gt;&gt;
+
         &lt;&lt;apache-tellurion&gt;&gt;
     dest: /etc/apache2/sites-available/test-vhost.conf
     <span class="org-variable-name">mode: u</span>=rw,g=r,o=r
@@ -1287,20 +1314,19 @@ site on Front.  Their configurations include the same <a href="#org7a39b76"><cod
 </div>
 </div>
 </div>
-<div id="outline-container-org0afaf42" class="outline-3">
-<h3 id="org0afaf42"><span class="section-number-3">4.8.</span> Configure Documentation URLs</h3>
+<div id="outline-container-org042c3ee" class="outline-3">
+<h3 id="org042c3ee"><span class="section-number-3">4.8.</span> Configure Documentation URLs</h3>
 <div class="outline-text-3" id="text-4-8">
 <p>
 The institute serves its <q>/usr/share/doc/</q> on the house (campus) web
 site.  This is a debugging convenience, making some HTML documentation
 more accessible, especially the documentation of software installed on
 Core and not on typical desktop clients.  Also included: the Apache2
-directives that enable user Git publishing with Gitweb (defined <a href="#org7a39b76">here</a>).
+directives that enable user Git publishing with Gitweb (defined <a href="#org5965c9d">here</a>).
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Configure house website.
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Configure house website.
   become: yes
   copy:
     content: |
@@ -1317,8 +1343,8 @@ directives that enable user Git publishing with Gitweb (defined <a href="#org7a3
 </div>
 </div>
 </div>
-<div id="outline-container-org39ecdd8" class="outline-3">
-<h3 id="org39ecdd8"><span class="section-number-3">4.9.</span> Install Apt Cacher</h3>
+<div id="outline-container-orgfa7526b" class="outline-3">
+<h3 id="orgfa7526b"><span class="section-number-3">4.9.</span> Install Apt Cacher</h3>
 <div class="outline-text-3" id="text-4-9">
 <p>
 The abbey uses the Apt-Cacher:TNG package cache on Core.  The
@@ -1326,16 +1352,15 @@ The abbey uses the Apt-Cacher:TNG package cache on Core.  The
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install Apt-Cacher:TNG.
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install Apt-Cacher:TNG.
   become: yes
   <span class="org-variable-name">apt: pkg</span>=apt-cacher-ng
 </code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-org6f7e389" class="outline-3">
-<h3 id="org6f7e389"><span class="section-number-3">4.10.</span> Use Cloister Apt Cache</h3>
+<div id="outline-container-orge15057a" class="outline-3">
+<h3 id="orge15057a"><span class="section-number-3">4.10.</span> Use Cloister Apt Cache</h3>
 <div class="outline-text-3" id="text-4-10">
 <p>
 Core itself will benefit from using the package cache, but should
@@ -1344,8 +1369,7 @@ so caching their packages is not a priority.)
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Use the local Apt package cache.
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Use the local Apt package cache.
   become: yes
   copy:
     content: |
@@ -1357,8 +1381,8 @@ so caching their packages is not a priority.)
 </div>
 </div>
 </div>
-<div id="outline-container-org45e225e" class="outline-3">
-<h3 id="org45e225e"><span class="section-number-3">4.11.</span> Configure NAGIOS</h3>
+<div id="outline-container-org4924f3f" class="outline-3">
+<h3 id="org4924f3f"><span class="section-number-3">4.11.</span> Configure NAGIOS</h3>
 <div class="outline-text-3" id="text-4-11">
 <p>
 A small institute uses <code>nagios4</code> to monitor the health of its network,
@@ -1372,8 +1396,8 @@ another customized <code>check_sensors</code> plugin (<code>abbey_pisensors</cod
 Raspberry Pis.
 </p>
 </div>
-<div id="outline-container-org9b85f24" class="outline-4">
-<h4 id="org9b85f24"><span class="section-number-4">4.11.1.</span> Monitoring The Home Disk</h4>
+<div id="outline-container-org414d2ee" class="outline-4">
+<h4 id="org414d2ee"><span class="section-number-4">4.11.1.</span> Monitoring The Home Disk</h4>
 <div class="outline-text-4" id="text-4-11-1">
 <p>
 The abbey adds monitoring of the space remaining on the volume at
@@ -1383,8 +1407,7 @@ RAID-5 array under <q>/home/</q>.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Configure NAGIOS monitoring for Core /home/.
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Configure NAGIOS monitoring for Core /home/.
   become: yes
   copy:
     content: |
@@ -1417,8 +1440,7 @@ RAID-5 array under <q>/home/</q>.
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf"><code>
-- name: Reload NAGIOS4.
+<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf"><code>- name: Reload NAGIOS4.
   become: yes
   systemd:
     service: nagios4
@@ -1428,8 +1450,8 @@ RAID-5 array under <q>/home/</q>.
 </div>
 </div>
 </div>
-<div id="outline-container-orgf975d70" class="outline-4">
-<h4 id="orgf975d70"><span class="section-number-4">4.11.2.</span> Custom NAGIOS Monitor <code>abbey_pisensors</code></h4>
+<div id="outline-container-orgd9d0404" class="outline-4">
+<h4 id="orgd9d0404"><span class="section-number-4">4.11.2.</span> Custom NAGIOS Monitor <code>abbey_pisensors</code></h4>
 <div class="outline-text-4" id="text-4-11-2">
 <p>
 The <code>check_sensors</code> plugin is included in the package
@@ -1442,8 +1464,8 @@ recognizable temperature in the <code>sensors</code> output.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/files/abbey_pisensors"><q>roles_t/abbey-core/files/abbey_pisensors</q></a><pre class="src src-sh"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/bin/</span><span class="org-keyword">sh</span><span class="org-comment">
-</span>
+<a href="roles_t/abbey-core/files/abbey_pisensors"><q>roles_t/abbey-core/files/abbey_pisensors</q></a><pre class="src src-sh"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/bin/</span><span class="org-keyword">sh</span>
+
 <span class="org-variable-name">PATH</span>=<span class="org-string">"/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"</span>
 <span class="org-builtin">export</span> PATH
 <span class="org-variable-name">PROGNAME</span>=<span class="org-sh-quoted-exec">`basename $0`</span>
@@ -1468,10 +1490,10 @@ recognizable temperature in the <code>sensors</code> output.
 }
 
 <span class="org-function-name">brief_data</span>() {
-    <span class="org-builtin">echo</span> <span class="org-string">"$1"</span> | sed -n -E -e <span class="org-string">'
-  /^temp[0-9]+: +[-+][0-9.]+.?C/ {
-    s/^temp[0-9]+: +([-+][0-9.]+).?C.*/ \1/; H }
-  $ { x; s/\n//g; p }'</span>
+    <span class="org-builtin">echo</span> <span class="org-string">"$1"</span> | sed -n -E -e <span class="org-string">'</span>
+<span class="org-string">  /^temp[0-9]+: +[-+][0-9.]+.?C/ {</span>
+<span class="org-string">    s/^temp[0-9]+: +([-+][0-9.]+).?C.*/ \1/; H }</span>
+<span class="org-string">  $ { x; s/\n//g; p }'</span>
 }
 
 <span class="org-keyword">case</span> <span class="org-string">"$1"</span><span class="org-keyword"> in</span>
@@ -1524,8 +1546,8 @@ recognizable temperature in the <code>sensors</code> output.
 </div>
 </div>
 </div>
-<div id="outline-container-org439ea1c" class="outline-4">
-<h4 id="org439ea1c"><span class="section-number-4">4.11.3.</span> Stolen NAGIOS Monitor <code>check_mdstat</code></h4>
+<div id="outline-container-org9545a84" class="outline-4">
+<h4 id="org9545a84"><span class="section-number-4">4.11.3.</span> Stolen NAGIOS Monitor <code>check_mdstat</code></h4>
 <div class="outline-text-4" id="text-4-11-3">
 <p>
 This <code>check_mdstat</code> plugin was copied from the NAGIOS Exchange (<a href="https://exchange.nagios.org/directory/plugins/operating-systems/linux/check_mdstat/details/">here</a>).
@@ -1533,12 +1555,12 @@ It detects a failing disk in a multi-disk array.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/files/check_mdstat"><q>roles_t/abbey-core/files/check_mdstat</q></a><pre class="src src-sh"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/usr/bin/</span><span class="org-keyword">env</span><span class="org-comment"> bash
-</span>
-<span class="org-comment-delimiter"># </span><span class="org-comment">nagios script checks for failed raid device
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">linux software raid /proc/mdstat
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">karl@webmedianow.com 2013-10-01
-</span>
+<a href="roles_t/abbey-core/files/check_mdstat"><q>roles_t/abbey-core/files/check_mdstat</q></a><pre class="src src-sh"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/usr/bin/</span><span class="org-keyword">env</span><span class="org-comment"> bash</span>
+
+<span class="org-comment-delimiter"># </span><span class="org-comment">nagios script checks for failed raid device</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">linux software raid /proc/mdstat</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">karl@webmedianow.com 2013-10-01</span>
+
 <span class="org-variable-name">STATE_OK</span>=0
 <span class="org-variable-name">STATE_WARNING</span>=1
 <span class="org-variable-name">STATE_CRITICAL</span>=2
@@ -1549,22 +1571,22 @@ It detects a failing disk in a multi-disk array.
 <span class="org-builtin">export</span> PATH
 
 <span class="org-function-name">usage</span>() {
-cat &lt;&lt;-EOE<span class="org-sh-heredoc">
-Usage: $0 mdadm_device total_drives
+cat &lt;&lt;-EOE
+<span class="org-sh-heredoc">Usage: $0 mdadm_device total_drives</span>
 
-  mdadm_device is md0, md1, etc...
-  total_drives is 2 for mirror, or 3, 4 etc...
+<span class="org-sh-heredoc">  mdadm_device is md0, md1, etc...</span>
+<span class="org-sh-heredoc">  total_drives is 2 for mirror, or 3, 4 etc...</span>
 
-Nagios script to check if failed drive in /proc/mdstat
+<span class="org-sh-heredoc">Nagios script to check if failed drive in /proc/mdstat</span>
 
-Example: raid 2 (2 disk mirror)
-  /opt/nagios/libexec/check_mdstat.sh md0 2
+<span class="org-sh-heredoc">Example: raid 2 (2 disk mirror)</span>
+<span class="org-sh-heredoc">  /opt/nagios/libexec/check_mdstat.sh md0 2</span>
 
-Example: raid 5 with 8 disks
-  /opt/nagios/libexec/check_mdstat.sh md0 8
+<span class="org-sh-heredoc">Example: raid 5 with 8 disks</span>
+<span class="org-sh-heredoc">  /opt/nagios/libexec/check_mdstat.sh md0 8</span>
 
-EOE
-</span><span class="org-keyword">exit</span> $<span class="org-variable-name">STATE_UNKNOWN</span>
+<span class="org-sh-heredoc">EOE</span>
+<span class="org-keyword">exit</span> $<span class="org-variable-name">STATE_UNKNOWN</span>
 }
 
 <span class="org-keyword">if</span> [ $<span class="org-variable-name">#</span> -lt 2 ]; <span class="org-keyword">then</span>
@@ -1583,12 +1605,12 @@ EOE
 <span class="org-variable-name">uu</span>=<span class="org-string">"[${U}]"</span>
 <span class="org-variable-name">nn</span>=<span class="org-string">"[${drive_num}/${drive_num}]"</span>
 
-<span class="org-comment-delimiter">#</span><span class="org-comment">cat /proc/mdstat | grep -A 1 ^md1 | tail -1 | awk '{print ($(</span><span class="org-sh-quoted-exec">NF</span><span class="org-comment">))}'
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">[UUUUUUUU] is OK raid
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">[_U] is Failed Drive
-</span>
-<span class="org-comment-delimiter"># </span><span class="org-comment">check if we have correct device...
-</span><span class="org-keyword">if</span> cat /proc/mdstat | grep ^${<span class="org-variable-name">cmd_device</span>} | awk <span class="org-string">'{print $1}'</span> | grep ^${<span class="org-variable-name">cmd_device</span>}$ &gt;/dev/null 2&gt;&amp;1
+<span class="org-comment-delimiter">#</span><span class="org-comment">cat /proc/mdstat | grep -A 1 ^md1 | tail -1 | awk '{print ($(</span><span class="org-sh-quoted-exec">NF</span><span class="org-comment">))}'</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">[UUUUUUUU] is OK raid</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">[_U] is Failed Drive</span>
+
+<span class="org-comment-delimiter"># </span><span class="org-comment">check if we have correct device...</span>
+<span class="org-keyword">if</span> cat /proc/mdstat | grep ^${<span class="org-variable-name">cmd_device</span>} | awk <span class="org-string">'{print $1}'</span> | grep ^${<span class="org-variable-name">cmd_device</span>}$ &gt;/dev/null 2&gt;&amp;1
 <span class="org-keyword">then</span>
   <span class="org-variable-name">device</span>=$<span class="org-variable-name">cmd_device</span>
 <span class="org-keyword">else</span>
@@ -1606,14 +1628,12 @@ EOE
   <span class="org-builtin">echo</span> <span class="org-string">"FAIL:  $device $n_status $u_status"</span>
   <span class="org-keyword">exit</span> $<span class="org-variable-name">STATE_CRITICAL</span>
 <span class="org-keyword">fi</span>
-
-
 </code></pre>
 </div>
 </div>
 </div>
-<div id="outline-container-orgfaece9a" class="outline-4">
-<h4 id="orgfaece9a"><span class="section-number-4">4.11.4.</span> Configure NAGIOS Monitoring of The Cloister</h4>
+<div id="outline-container-org42df1ba" class="outline-4">
+<h4 id="org42df1ba"><span class="section-number-4">4.11.4.</span> Configure NAGIOS Monitoring of The Cloister</h4>
 <div class="outline-text-4" id="text-4-11-4">
 <p>
 The abbey adds monitoring for more servers: Dantooine, Kessel and Ord
@@ -1628,8 +1648,8 @@ The configurations for these servers are very similar to Gate's, but
 are idiosyncratically in flux.
 </p>
 </div>
-<div id="outline-container-orgc13c51b" class="outline-5">
-<h5 id="orgc13c51b"><span class="section-number-5">4.11.4.1.</span> Cloister Network Addresses</h5>
+<div id="outline-container-org4f11f77" class="outline-5">
+<h5 id="org4f11f77"><span class="section-number-5">4.11.4.1.</span> Cloister Network Addresses</h5>
 <div class="outline-text-5" id="text-4-11-4-1">
 <p>
 The IP addresses of all three hosts are nice to use in the NAGIOS
@@ -1646,16 +1666,15 @@ ord_mantell_addr:           10.84.138.12
 </div>
 </div>
 </div>
-<div id="outline-container-org34c60e8" class="outline-5">
-<h5 id="org34c60e8"><span class="section-number-5">4.11.4.2.</span> Install NAGIOS Configurations</h5>
+<div id="outline-container-org5f30805" class="outline-5">
+<h5 id="org5f30805"><span class="section-number-5">4.11.4.2.</span> Install NAGIOS Configurations</h5>
 <div class="outline-text-5" id="text-4-11-4-2">
 <p>
 The following task installs each host's NAGIOS configuration.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Configure cloister NAGIOS monitoring.
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Configure cloister NAGIOS monitoring.
   become: yes
   template:
     src: nagios-{{ item }}.cfg
@@ -1666,8 +1685,8 @@ The following task installs each host's NAGIOS configuration.
 </div>
 </div>
 </div>
-<div id="outline-container-org57a0d79" class="outline-5">
-<h5 id="org57a0d79"><span class="section-number-5">4.11.4.3.</span> NAGIOS Monitoring of Dantooine</h5>
+<div id="outline-container-org356f783" class="outline-5">
+<h5 id="org356f783"><span class="section-number-5">4.11.4.3.</span> NAGIOS Monitoring of Dantooine</h5>
 <div class="outline-text-5" id="text-4-11-4-3">
 <div class="org-src-container">
 <a href="roles_t/abbey-core/templates/nagios-dantooine.cfg"><q>roles_t/abbey-core/templates/nagios-dantooine.cfg</q></a><pre class="src src-conf"><code><span class="org-type">define host</span> {
@@ -1690,13 +1709,13 @@ The following task installs each host's NAGIOS configuration.
     check_command           check_nrpe!abbey_dvr
 }
 
-<span class="org-comment-delimiter"># </span><span class="org-comment">define service {
-</span><span class="org-comment-delimiter">#     </span><span class="org-comment">use                     generic-service
-</span><span class="org-comment-delimiter">#     </span><span class="org-comment">host_name               dantooine
-</span><span class="org-comment-delimiter">#     </span><span class="org-comment">service_description     Current Load
-</span><span class="org-comment-delimiter">#     </span><span class="org-comment">check_command           check_nrpe!check_load
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">}
-</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">define service {</span>
+<span class="org-comment-delimiter">#     </span><span class="org-comment">use                     generic-service</span>
+<span class="org-comment-delimiter">#     </span><span class="org-comment">host_name               dantooine</span>
+<span class="org-comment-delimiter">#     </span><span class="org-comment">service_description     Current Load</span>
+<span class="org-comment-delimiter">#     </span><span class="org-comment">check_command           check_nrpe!check_load</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">}</span>
+
 <span class="org-type">define service</span> {
     use                     generic-service
     host_name               dantooine
@@ -1704,13 +1723,13 @@ The following task installs each host's NAGIOS configuration.
     check_command           check_nrpe!check_zombie_procs
 }
 
-<span class="org-comment-delimiter"># </span><span class="org-comment">define service {
-</span><span class="org-comment-delimiter">#     </span><span class="org-comment">use                     generic-service
-</span><span class="org-comment-delimiter">#     </span><span class="org-comment">host_name               dantooine
-</span><span class="org-comment-delimiter">#     </span><span class="org-comment">service_description     Total Processes
-</span><span class="org-comment-delimiter">#     </span><span class="org-comment">check_command           check_nrpe!check_total_procs
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">}
-</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">define service {</span>
+<span class="org-comment-delimiter">#     </span><span class="org-comment">use                     generic-service</span>
+<span class="org-comment-delimiter">#     </span><span class="org-comment">host_name               dantooine</span>
+<span class="org-comment-delimiter">#     </span><span class="org-comment">service_description     Total Processes</span>
+<span class="org-comment-delimiter">#     </span><span class="org-comment">check_command           check_nrpe!check_total_procs</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">}</span>
+
 <span class="org-type">define service</span> {
     use                     generic-service
     host_name               dantooine
@@ -1728,8 +1747,8 @@ The following task installs each host's NAGIOS configuration.
 </div>
 </div>
 </div>
-<div id="outline-container-org2b3a9ba" class="outline-5">
-<h5 id="org2b3a9ba"><span class="section-number-5">4.11.4.4.</span> NAGIOS Monitoring of Kessel</h5>
+<div id="outline-container-org039d217" class="outline-5">
+<h5 id="org039d217"><span class="section-number-5">4.11.4.4.</span> NAGIOS Monitoring of Kessel</h5>
 <div class="outline-text-5" id="text-4-11-4-4">
 <div class="org-src-container">
 <a href="roles_t/abbey-core/templates/nagios-kessel.cfg"><q>roles_t/abbey-core/templates/nagios-kessel.cfg</q></a><pre class="src src-conf"><code><span class="org-type">define host</span> {
@@ -1745,13 +1764,13 @@ The following task installs each host's NAGIOS configuration.
     check_command           check_nrpe!inst_root
 }
 
-<span class="org-comment-delimiter"># </span><span class="org-comment">define service {
-</span><span class="org-comment-delimiter">#     </span><span class="org-comment">use                     generic-service
-</span><span class="org-comment-delimiter">#     </span><span class="org-comment">host_name               kessel
-</span><span class="org-comment-delimiter">#     </span><span class="org-comment">service_description     Current Load
-</span><span class="org-comment-delimiter">#     </span><span class="org-comment">check_command           check_nrpe!check_load
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">}
-</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">define service {</span>
+<span class="org-comment-delimiter">#     </span><span class="org-comment">use                     generic-service</span>
+<span class="org-comment-delimiter">#     </span><span class="org-comment">host_name               kessel</span>
+<span class="org-comment-delimiter">#     </span><span class="org-comment">service_description     Current Load</span>
+<span class="org-comment-delimiter">#     </span><span class="org-comment">check_command           check_nrpe!check_load</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">}</span>
+
 <span class="org-type">define service</span> {
     use                     generic-service
     host_name               kessel
@@ -1759,13 +1778,13 @@ The following task installs each host's NAGIOS configuration.
     check_command           check_nrpe!check_zombie_procs
 }
 
-<span class="org-comment-delimiter"># </span><span class="org-comment">define service {
-</span><span class="org-comment-delimiter">#     </span><span class="org-comment">use                     generic-service
-</span><span class="org-comment-delimiter">#     </span><span class="org-comment">host_name               kessel
-</span><span class="org-comment-delimiter">#     </span><span class="org-comment">service_description     Total Processes
-</span><span class="org-comment-delimiter">#     </span><span class="org-comment">check_command           check_nrpe!check_total_procs
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">}
-</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">define service {</span>
+<span class="org-comment-delimiter">#     </span><span class="org-comment">use                     generic-service</span>
+<span class="org-comment-delimiter">#     </span><span class="org-comment">host_name               kessel</span>
+<span class="org-comment-delimiter">#     </span><span class="org-comment">service_description     Total Processes</span>
+<span class="org-comment-delimiter">#     </span><span class="org-comment">check_command           check_nrpe!check_total_procs</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">}</span>
+
 <span class="org-type">define service</span> {
     use                     generic-service
     host_name               kessel
@@ -1783,8 +1802,8 @@ The following task installs each host's NAGIOS configuration.
 </div>
 </div>
 </div>
-<div id="outline-container-orgb9f9d18" class="outline-5">
-<h5 id="orgb9f9d18"><span class="section-number-5">4.11.4.5.</span> NAGIOS Monitoring of Ord-Mantell</h5>
+<div id="outline-container-orgae4d84f" class="outline-5">
+<h5 id="orgae4d84f"><span class="section-number-5">4.11.4.5.</span> NAGIOS Monitoring of Ord-Mantell</h5>
 <div class="outline-text-5" id="text-4-11-4-5">
 <div class="org-src-container">
 <a href="roles_t/abbey-core/templates/nagios-ord-mantell.cfg"><q>roles_t/abbey-core/templates/nagios-ord-mantell.cfg</q></a><pre class="src src-conf"><code><span class="org-type">define host</span> {
@@ -1800,13 +1819,13 @@ The following task installs each host's NAGIOS configuration.
     check_command           check_nrpe!inst_root
 }
 
-<span class="org-comment-delimiter"># </span><span class="org-comment">define service {
-</span><span class="org-comment-delimiter">#     </span><span class="org-comment">use                     generic-service
-</span><span class="org-comment-delimiter">#     </span><span class="org-comment">host_name               ord-mantell
-</span><span class="org-comment-delimiter">#     </span><span class="org-comment">service_description     Current Load
-</span><span class="org-comment-delimiter">#     </span><span class="org-comment">check_command           check_nrpe!check_load
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">}
-</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">define service {</span>
+<span class="org-comment-delimiter">#     </span><span class="org-comment">use                     generic-service</span>
+<span class="org-comment-delimiter">#     </span><span class="org-comment">host_name               ord-mantell</span>
+<span class="org-comment-delimiter">#     </span><span class="org-comment">service_description     Current Load</span>
+<span class="org-comment-delimiter">#     </span><span class="org-comment">check_command           check_nrpe!check_load</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">}</span>
+
 <span class="org-type">define service</span> {
     use                     generic-service
     host_name               ord-mantell
@@ -1814,13 +1833,13 @@ The following task installs each host's NAGIOS configuration.
     check_command           check_nrpe!check_zombie_procs
 }
 
-<span class="org-comment-delimiter"># </span><span class="org-comment">define service {
-</span><span class="org-comment-delimiter">#     </span><span class="org-comment">use                     generic-service
-</span><span class="org-comment-delimiter">#     </span><span class="org-comment">host_name               ord-mantell
-</span><span class="org-comment-delimiter">#     </span><span class="org-comment">service_description     Total Processes
-</span><span class="org-comment-delimiter">#     </span><span class="org-comment">check_command           check_nrpe!check_total_procs
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">}
-</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">define service {</span>
+<span class="org-comment-delimiter">#     </span><span class="org-comment">use                     generic-service</span>
+<span class="org-comment-delimiter">#     </span><span class="org-comment">host_name               ord-mantell</span>
+<span class="org-comment-delimiter">#     </span><span class="org-comment">service_description     Total Processes</span>
+<span class="org-comment-delimiter">#     </span><span class="org-comment">check_command           check_nrpe!check_total_procs</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">}</span>
+
 <span class="org-type">define service</span> {
     use                     generic-service
     host_name               ord-mantell
@@ -1840,8 +1859,8 @@ The following task installs each host's NAGIOS configuration.
 </div>
 </div>
 </div>
-<div id="outline-container-org5216bd9" class="outline-3">
-<h3 id="org5216bd9"><span class="section-number-3">4.12.</span> Install Munin</h3>
+<div id="outline-container-org67864f4" class="outline-3">
+<h3 id="org67864f4"><span class="section-number-3">4.12.</span> Install Munin</h3>
 <div class="outline-text-3" id="text-4-12">
 <p>
 The abbey is experimenting with Munin.  NAGIOS is all about notifying
@@ -1850,8 +1869,7 @@ trends in resource usage.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install Munin.
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install Munin.
   become: yes
   <span class="org-variable-name">apt: pkg</span>=munin
 
@@ -1922,8 +1940,7 @@ next task configures <code>libsensors</code> to ignore them.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Configure core sensors(1).
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Configure core sensors(1).
   become: yes
   copy:
     content: |
@@ -1937,8 +1954,7 @@ next task configures <code>libsensors</code> to ignore them.
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf"><code>
-- name: Restart Munin.
+<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf"><code>- name: Restart Munin.
   become: yes
   systemd:
     service: munin
@@ -1948,8 +1964,8 @@ next task configures <code>libsensors</code> to ignore them.
 </div>
 </div>
 </div>
-<div id="outline-container-org633aafd" class="outline-3">
-<h3 id="org633aafd"><span class="section-number-3">4.13.</span> Install Analog</h3>
+<div id="outline-container-org227d64c" class="outline-3">
+<h3 id="org227d64c"><span class="section-number-3">4.13.</span> Install Analog</h3>
 <div class="outline-text-3" id="text-4-13">
 <p>
 The abbey's public web site's access and error logs are emailed
@@ -1969,8 +1985,7 @@ at <code>http://www/doc/analog/</code>.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install Analog.
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install Analog.
   become: yes
   <span class="org-variable-name">apt: pkg</span>=analog
 
@@ -2025,8 +2040,8 @@ at <code>http://www/doc/analog/</code>.
 </div>
 </div>
 </div>
-<div id="outline-container-org4f1f439" class="outline-3">
-<h3 id="org4f1f439"><span class="section-number-3">4.14.</span> Add Monkey to Web Server Group</h3>
+<div id="outline-container-orgf8de97a" class="outline-3">
+<h3 id="orgf8de97a"><span class="section-number-3">4.14.</span> Add Monkey to Web Server Group</h3>
 <div class="outline-text-3" id="text-4-14">
 <p>
 Monkey needs to be in <code>www-data</code> so that it can run
@@ -2037,8 +2052,7 @@ user cloud accounts, found in files owned by <code>www-data</code>, files like
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Add Monkey to Nextcloud group.
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Add Monkey to Nextcloud group.
   become: yes
   user:
     name: monkey
@@ -2048,8 +2062,8 @@ user cloud accounts, found in files owned by <code>www-data</code>, files like
 </div>
 </div>
 </div>
-<div id="outline-container-org0f4e52f" class="outline-3">
-<h3 id="org0f4e52f"><span class="section-number-3">4.15.</span> Install netpbm For Photo Processing</h3>
+<div id="outline-container-org61acd41" class="outline-3">
+<h3 id="org61acd41"><span class="section-number-3">4.15.</span> Install netpbm For Photo Processing</h3>
 <div class="outline-text-3" id="text-4-15">
 <p>
 Monkey's photo processing scripts use <code>netpbm</code> commands like
@@ -2057,8 +2071,7 @@ Monkey's photo processing scripts use <code>netpbm</code> commands like
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install netpbm.
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install netpbm.
   become: yes
   <span class="org-variable-name">apt: pkg</span>=netpbm
 </code></pre>
@@ -2066,8 +2079,8 @@ Monkey's photo processing scripts use <code>netpbm</code> commands like
 </div>
 </div>
 </div>
-<div id="outline-container-org8b6dff1" class="outline-2">
-<h2 id="org8b6dff1"><span class="section-number-2">5.</span> The Abbey Gate Role</h2>
+<div id="outline-container-org0e51592" class="outline-2">
+<h2 id="org0e51592"><span class="section-number-2">5.</span> The Abbey Gate Role</h2>
 <div class="outline-text-2" id="text-5">
 <p>
 Birchwood Abbey's gate is a $110 µPC configured as A Small Institute
@@ -2079,8 +2092,8 @@ allows access to the Abbey's IoT appliances: a HomeAssistant and an
 Ecowitt hub.
 </p>
 </div>
-<div id="outline-container-org92e98ee" class="outline-3">
-<h3 id="org92e98ee"><span class="section-number-3">5.1.</span> The Abbey Gate's Network Interfaces</h3>
+<div id="outline-container-org6bb57a5" class="outline-3">
+<h3 id="org6bb57a5"><span class="section-number-3">5.1.</span> The Abbey Gate's Network Interfaces</h3>
 <div class="outline-text-3" id="text-5-1">
 <p>
 The abbey gate's <code>lan</code> interface is the PC's built-in Ethernet
@@ -2101,27 +2114,27 @@ The MAC address of each interface is set in <q>private/vars.yml</q> (see
 </p>
 </div>
 </div>
-<div id="outline-container-org6886cb3" class="outline-3">
-<h3 id="org6886cb3"><span class="section-number-3">5.2.</span> The Abbey's IoT Network</h3>
+<div id="outline-container-orgd354da1" class="outline-3">
+<h3 id="orgd354da1"><span class="section-number-3">5.2.</span> The Abbey's IoT Network</h3>
 <div class="outline-text-3" id="text-5-2">
 <p>
 To allow masquerading between the private subnets and <code>wild</code>, the
 following <code>iptables(8)</code> rules are added.  They are very similar to the
 <code>nat</code> and <code>filter</code> table rules used by a small institute to masquerade
-its <code>lan</code> to its <code>isp</code> (see the <a href="Institute/README.html#org1c59284">UFW Rules</a> of a Small Institute).
+its <code>lan</code> to its <code>isp</code> (see the <a href="Institute/README.html#orgcdebc22">UFW Rules</a> of a Small Institute).
 The campus WireGuard™ subnet is not included because the campus Wi-Fi
 hosts should be routing to the wild subnet directly and are assumed to
 be masquerading as their access point(s).
 </p>
 
 <div class="org-src-container">
-<code>iot-nat</code><pre class="src src-conf" id="orgb5d849e"><code>-A POSTROUTING -s {{   private_net_cidr }} -o wild -j MASQUERADE
+<code>iot-nat</code><pre class="src src-conf" id="orgcffe50d"><code>-A POSTROUTING -s {{   private_net_cidr }} -o wild -j MASQUERADE
 -A POSTROUTING -s {{ public_wg_net_cidr }} -o wild -j MASQUERADE
 </code></pre>
 </div>
 
 <div class="org-src-container">
-<code>iot-forward</code><pre class="src src-conf" id="org8d7cf4c"><code>-A ufw-before-forward -i lan -o wild -j ACCEPT
+<code>iot-forward</code><pre class="src src-conf" id="org9eb6bed"><code>-A ufw-before-forward -i lan -o wild -j ACCEPT
 -A ufw-before-forward -i wg0 -o wild -j ACCEPT
 </code></pre>
 </div>
@@ -2132,12 +2145,12 @@ The second rule includes the campus VPN.
 </p>
 </div>
 </div>
-<div id="outline-container-org68384d2" class="outline-3">
-<h3 id="org68384d2"><span class="section-number-3">5.3.</span> Configure UFW for IoT</h3>
+<div id="outline-container-org4d5de24" class="outline-3">
+<h3 id="org4d5de24"><span class="section-number-3">5.3.</span> Configure UFW for IoT</h3>
 <div class="outline-text-3" id="text-5-3">
 <p>
 The following task installs the additional rules in <q>before.rules</q> (as
-in <a href="Institute/README.html#orgf03d906">Configure UFW</a>).
+in <a href="Institute/README.html#org52994f0">Configure UFW</a>).
 </p>
 
 <div class="org-src-container">
@@ -2160,8 +2173,8 @@ in <a href="Institute/README.html#orgf03d906">Configure UFW</a>).
 </div>
 </div>
 </div>
-<div id="outline-container-org1bca27d" class="outline-3">
-<h3 id="org1bca27d"><span class="section-number-3">5.4.</span> The Abbey's Starlink Configuration</h3>
+<div id="outline-container-org4a2989c" class="outline-3">
+<h3 id="org4a2989c"><span class="section-number-3">5.4.</span> The Abbey's Starlink Configuration</h3>
 <div class="outline-text-3" id="text-5-4">
 <p>
 The abbey connects to Starlink via Ethernet, and disables Starlink's
@@ -2209,8 +2222,8 @@ at least our local network traffic out of view of our ISPs.
 </p>
 </div>
 </div>
-<div id="outline-container-org00efde1" class="outline-3">
-<h3 id="org00efde1"><span class="section-number-3">5.5.</span> Alternate ISPs</h3>
+<div id="outline-container-orgf544c16" class="outline-3">
+<h3 id="orgf544c16"><span class="section-number-3">5.5.</span> Alternate ISPs</h3>
 <div class="outline-text-3" id="text-5-5">
 <p>
 The abbey used to use a cell phone on a USB tether to get Internet
@@ -2255,8 +2268,8 @@ service, using a <q>60-isp.yaml</q> file similar to the lines below.
 </div>
 </div>
 </div>
-<div id="outline-container-orgd5620ea" class="outline-2">
-<h2 id="orgd5620ea"><span class="section-number-2">6.</span> The Abbey Cloister Role</h2>
+<div id="outline-container-org10ccaff" class="outline-2">
+<h2 id="org10ccaff"><span class="section-number-2">6.</span> The Abbey Cloister Role</h2>
 <div class="outline-text-2" id="text-6">
 <p>
 Birchwood Abbey's cloister is a small institute campus.  The <code>campus</code>
@@ -2271,7 +2284,7 @@ tasks, namely configuration required on Raspberry Pi OS machines.
 <p>
 Wireless clients are issued keys for the cloister VPN by the <code>./abbey
 client</code> command which is currently identical to the <code>./inst client</code>
-command (described in <a href="Institute/README.html#org7efeef2">The Client Command</a>).  The wireless, cloistered
+command (described in <a href="Institute/README.html#orgf253523">The Client Command</a>).  The wireless, cloistered
 hosts never roam, are not associated with a member, and so are
 "campus" clients, issued keys with commands like this:
 </p>
@@ -2281,8 +2294,8 @@ hosts never roam, are not associated with a member, and so are
                S+6HaTnOwwhWgUGXjSBcPAvifKw+j8BDTRfq534gNW4=
 </pre>
 </div>
-<div id="outline-container-org71ac6c2" class="outline-3">
-<h3 id="org71ac6c2"><span class="section-number-3">6.1.</span> Use Cloister Apt Cache</h3>
+<div id="outline-container-org61c12ec" class="outline-3">
+<h3 id="org61c12ec"><span class="section-number-3">6.1.</span> Use Cloister Apt Cache</h3>
 <div class="outline-text-3" id="text-6-1">
 <p>
 The Apt-Cacher:TNG program does not work well on the frontier, so is
@@ -2314,21 +2327,20 @@ local host.
 </div>
 </div>
 </div>
-<div id="outline-container-orga560782" class="outline-3">
-<h3 id="orga560782"><span class="section-number-3">6.2.</span> Configure Cloister NRPE</h3>
+<div id="outline-container-orga2d6911" class="outline-3">
+<h3 id="orga2d6911"><span class="section-number-3">6.2.</span> Configure Cloister NRPE</h3>
 <div class="outline-text-3" id="text-6-2">
 <p>
 Each cloistered host is a small institute campus host and thus is
 already running an NRPE server (a NAGIOS Remote Plugin Executor
-server) with a custom <code>inst_sensors</code> monitor (described in <a href="Institute/README.html#orgadce02c">Configure
+server) with a custom <code>inst_sensors</code> monitor (described in <a href="Institute/README.html#org0d2271c">Configure
 NRPE</a> of <a href="Institute/README.html">A Small Institute</a>).  The abbey adds one complication: yet
 another <code>check_sensors</code> variant, <code>abbey_pisensors</code>, installed on
 Raspberry Pis (architecture <code>aarch64</code>) only.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install abbey_pisensors NAGIOS plugin.
+<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install abbey_pisensors NAGIOS plugin.
   become: yes
   copy:
     src: ../abbey-core/files/abbey_pisensors
@@ -2359,16 +2371,15 @@ Raspberry Pis (architecture <code>aarch64</code>) only.
 </div>
 </div>
 </div>
-<div id="outline-container-orgb638f2c" class="outline-3">
-<h3 id="orgb638f2c"><span class="section-number-3">6.3.</span> Install Munin Node</h3>
+<div id="outline-container-org4230b2d" class="outline-3">
+<h3 id="org4230b2d"><span class="section-number-3">6.3.</span> Install Munin Node</h3>
 <div class="outline-text-3" id="text-6-3">
 <p>
 Each cloistered host is a Munin node.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install Munin Node.
+<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install Munin Node.
   become: yes
   <span class="org-variable-name">apt: pkg</span>=munin-node
 
@@ -2403,8 +2414,7 @@ Each cloistered host is a Munin node.
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-cloister/handlers/main.yml"><q>roles_t/abbey-cloister/handlers/main.yml</q></a><pre class="src src-conf"><code>
-- name: Restart Munin Node.
+<a href="roles_t/abbey-cloister/handlers/main.yml"><q>roles_t/abbey-cloister/handlers/main.yml</q></a><pre class="src src-conf"><code>- name: Restart Munin Node.
   become: yes
   systemd:
     service: munin-node
@@ -2420,8 +2430,7 @@ them.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Configure {{ inventory_hostname }} sensors(1).
+<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Configure {{ inventory_hostname }} sensors(1).
   copy:
     content: |
       chip <span class="org-string">"iwlwifi_1-virtual-0"</span>
@@ -2435,16 +2444,15 @@ them.
 </div>
 </div>
 </div>
-<div id="outline-container-org430cada" class="outline-3">
-<h3 id="org430cada"><span class="section-number-3">6.4.</span> Install Emacs</h3>
+<div id="outline-container-orgccc2391" class="outline-3">
+<h3 id="orgccc2391"><span class="section-number-3">6.4.</span> Install Emacs</h3>
 <div class="outline-text-3" id="text-6-4">
 <p>
 The monks of the abbey are masters of the staff and Emacs.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install monastic software.
+<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install monastic software.
   become: yes
   <span class="org-variable-name">apt: pkg</span>=emacs
 </code></pre>
@@ -2452,8 +2460,8 @@ The monks of the abbey are masters of the staff and Emacs.
 </div>
 </div>
 </div>
-<div id="outline-container-org1ccf88d" class="outline-2">
-<h2 id="org1ccf88d"><span class="section-number-2">7.</span> The Abbey Weather Role</h2>
+<div id="outline-container-org19320d3" class="outline-2">
+<h2 id="org19320d3"><span class="section-number-2">7.</span> The Abbey Weather Role</h2>
 <div class="outline-text-2" id="text-7">
 <p>
 Birchwood Abbey now uses Home Assistant to record and display weather
@@ -2480,8 +2488,8 @@ entities.  These were labeled and organized on an "Abbey" dashboard.
 </p>
 </div>
 </div>
-<div id="outline-container-org8d22d49" class="outline-2">
-<h2 id="org8d22d49"><span class="section-number-2">8.</span> The Abbey DVR Role</h2>
+<div id="outline-container-orgdf2e3d4" class="outline-2">
+<h2 id="orgdf2e3d4"><span class="section-number-2">8.</span> The Abbey DVR Role</h2>
 <div class="outline-text-2" id="text-8">
 <p>
 The abbey uses AgentDVR to record video from PoE IP HD security
@@ -2489,8 +2497,8 @@ cameras.  It runs as user <code>agentdvr</code> and keeps all of its
 configuration and recordings in <q>/home/agentdvr/</q>.
 </p>
 </div>
-<div id="outline-container-orgcc3a9aa" class="outline-3">
-<h3 id="orgcc3a9aa"><span class="section-number-3">8.1.</span> Install AgentDVR</h3>
+<div id="outline-container-org85c2ea3" class="outline-3">
+<h3 id="org85c2ea3"><span class="section-number-3">8.1.</span> Install AgentDVR</h3>
 <div class="outline-text-3" id="text-8-1">
 <p>
 AgentDVR is installed according to the iSpy web site's latest
@@ -2502,9 +2510,9 @@ second of which is broken across three lines).
 
 <div class="org-src-container">
 <pre class="src src-sh"><code>sudo apt-get install curl
-bash &lt;(curl -s <span class="org-string">"https://raw.githubusercontent.com/\
-ispysoftware/agent-install-scripts/main/v2/\
-install.sh"</span>)
+bash &lt;(curl -s <span class="org-string">"https://raw.githubusercontent.com/\</span>
+<span class="org-string">ispysoftware/agent-install-scripts/main/v2/\</span>
+<span class="org-string">install.sh"</span>)
 </code></pre>
 </div>
 
@@ -2514,8 +2522,8 @@ executes several <code>sudo</code> commands.  These commands can be run by the
 <code>agentdvr</code> account if it has (temporary) authorization.
 </p>
 </div>
-<div id="outline-container-orgd5b359f" class="outline-4">
-<h4 id="orgd5b359f"><span class="section-number-4">8.1.1.</span> Prepare for AgentDVR Installation</h4>
+<div id="outline-container-orgf8d1694" class="outline-4">
+<h4 id="orgf8d1694"><span class="section-number-4">8.1.1.</span> Prepare for AgentDVR Installation</h4>
 <div class="outline-text-4" id="text-8-1-1">
 <p>
 The following commands are manually executed to create the <code>agentdvr</code>
@@ -2533,8 +2541,8 @@ cutting off access to all elevated privileges until a "rescue"
 
 <div class="org-src-container">
 <pre class="src src-sh"><code>sudo adduser --disabled-password agentdvr
-<span class="org-builtin">echo</span> <span class="org-string">"ALL ALL=(agentdvr) NOPASSWD: /bin/systemctl,/bin/apt-get,\
-     /sbin/adduser,/sbin/usermod"</span> &gt;~/01agentdvr
+<span class="org-builtin">echo</span> <span class="org-string">"ALL ALL=(agentdvr) NOPASSWD: /bin/systemctl,/bin/apt-get,\</span>
+<span class="org-string">     /sbin/adduser,/sbin/usermod"</span> &gt;~/01agentdvr
 sudo chown root:root ~/01agentdvr
 sudo chmod 440 ~/01agentdvr
 visudo --check --owner --perms ~/01agentdvr
@@ -2543,8 +2551,8 @@ sudo mv ~/01agentdvr /etc/sudoers.d/
 </div>
 </div>
 </div>
-<div id="outline-container-org452133d" class="outline-4">
-<h4 id="org452133d"><span class="section-number-4">8.1.2.</span> Execute AgentDVR Installation</h4>
+<div id="outline-container-org4af08dc" class="outline-4">
+<h4 id="org4af08dc"><span class="section-number-4">8.1.2.</span> Execute AgentDVR Installation</h4>
 <div class="outline-text-4" id="text-8-1-2">
 <p>
 With the above preparations, the system administrator can get a shell
@@ -2565,8 +2573,8 @@ Ansible is run again.
 </p>
 </div>
 </div>
-<div id="outline-container-org3d46dbb" class="outline-4">
-<h4 id="org3d46dbb"><span class="section-number-4">8.1.3.</span> Complete AgentDVR Installation</h4>
+<div id="outline-container-org7cb6c63" class="outline-4">
+<h4 id="org7cb6c63"><span class="section-number-4">8.1.3.</span> Complete AgentDVR Installation</h4>
 <div class="outline-text-4" id="text-8-1-3">
 <p>
 When Ansible is run a second time, after the installation script, it
@@ -2589,8 +2597,8 @@ sudo rm /etc/sudoers.d/01agentdvr
 </div>
 </div>
 </div>
-<div id="outline-container-org775faed" class="outline-3">
-<h3 id="org775faed"><span class="section-number-3">8.2.</span> Configure User <code>agentdvr</code></h3>
+<div id="outline-container-orgef2a47d" class="outline-3">
+<h3 id="orgef2a47d"><span class="section-number-3">8.2.</span> Configure User <code>agentdvr</code></h3>
 <div class="outline-text-3" id="text-8-2">
 <p>
 AgentDVR runs as the system user <code>agentdvr</code>, which is configured here.
@@ -2629,8 +2637,8 @@ restoration of AgentDVR.)
 </div>
 </div>
 </div>
-<div id="outline-container-orgd6c6dbb" class="outline-3">
-<h3 id="orgd6c6dbb"><span class="section-number-3">8.3.</span> Test For <q>AgentDVR/</q></h3>
+<div id="outline-container-org1d5c6a5" class="outline-3">
+<h3 id="org1d5c6a5"><span class="section-number-3">8.3.</span> Test For <q>AgentDVR/</q></h3>
 <div class="outline-text-3" id="text-8-3">
 <p>
 The following task probes for the <q>/home/agentdvr/AgentDVR/</q>
@@ -2641,8 +2649,7 @@ remaining installation steps are skipped unless
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-dvr/tasks/main.yml"><q>roles_t/abbey-dvr/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Test for AgentDVR directory.
+<a href="roles_t/abbey-dvr/tasks/main.yml"><q>roles_t/abbey-dvr/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Test for AgentDVR directory.
   stat:
     path: /home/agentdvr/AgentDVR
   register: agentdvr
@@ -2653,8 +2660,8 @@ remaining installation steps are skipped unless
 </div>
 </div>
 </div>
-<div id="outline-container-orgf37a978" class="outline-3">
-<h3 id="orgf37a978"><span class="section-number-3">8.4.</span> Create AgentDVR Service</h3>
+<div id="outline-container-orge834b35" class="outline-3">
+<h3 id="orge834b35"><span class="section-number-3">8.4.</span> Create AgentDVR Service</h3>
 <div class="outline-text-3" id="text-8-4">
 <p>
 This service definition came from the template downloaded (from <a href="https://raw.githubusercontent.com/ispysoftware/agent-install-scripts/main/v2/AgentDVR.service">here</a>)
@@ -2663,8 +2670,7 @@ by <q>install.sh</q>.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-dvr/tasks/main.yml"><q>roles_t/abbey-dvr/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Install AgentDVR.service.
+<a href="roles_t/abbey-dvr/tasks/main.yml"><q>roles_t/abbey-dvr/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Install AgentDVR.service.
   become: yes
   copy:
     content: |
@@ -2675,18 +2681,18 @@ by <q>install.sh</q>.
       <span class="org-variable-name">WorkingDirectory</span>=/home/agentdvr/AgentDVR
       <span class="org-variable-name">ExecStart</span>=/home/agentdvr/AgentDVR/Agent
 
-      <span class="org-comment-delimiter"># </span><span class="org-comment">fix memory management issue with dotnet core
-</span>      <span class="org-variable-name">Environment</span>=<span class="org-string">"MALLOC_TRIM_THRESHOLD_=100000"</span>
+      <span class="org-comment-delimiter"># </span><span class="org-comment">fix memory management issue with dotnet core</span>
+      <span class="org-variable-name">Environment</span>=<span class="org-string">"MALLOC_TRIM_THRESHOLD_=100000"</span>
 
-      <span class="org-comment-delimiter"># </span><span class="org-comment">to query logs using journalctl, set a logical name here
-</span>      <span class="org-variable-name">SyslogIdentifier</span>=AgentDVR
+      <span class="org-comment-delimiter"># </span><span class="org-comment">to query logs using journalctl, set a logical name here</span>
+      <span class="org-variable-name">SyslogIdentifier</span>=AgentDVR
 
       <span class="org-variable-name">User</span>=agentdvr
 
-      <span class="org-comment-delimiter"># </span><span class="org-comment">ensure the service automatically restarts
-</span>      <span class="org-variable-name">Restart</span>=always
-      <span class="org-comment-delimiter"># </span><span class="org-comment">amount of time to wait before restarting the service
-</span>      <span class="org-variable-name">RestartSec</span>=5
+      <span class="org-comment-delimiter"># </span><span class="org-comment">ensure the service automatically restarts</span>
+      <span class="org-variable-name">Restart</span>=always
+      <span class="org-comment-delimiter"># </span><span class="org-comment">amount of time to wait before restarting the service</span>
+      <span class="org-variable-name">RestartSec</span>=5
 
       [<span class="org-type">Install</span>]
       <span class="org-variable-name">WantedBy</span>=multi-user.target
@@ -2705,8 +2711,7 @@ by <q>install.sh</q>.
 </div>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf"><code>
-- name: Restart AgentDVR.
+<a href="roles_t/abbey-front/handlers/main.yml"><q>roles_t/abbey-front/handlers/main.yml</q></a><pre class="src src-conf"><code>- name: Restart AgentDVR.
   become: yes
   systemd:
     service: AgentDVR
@@ -2717,8 +2722,8 @@ by <q>install.sh</q>.
 </div>
 </div>
 </div>
-<div id="outline-container-org514f090" class="outline-3">
-<h3 id="org514f090"><span class="section-number-3">8.5.</span> Create AgentDVR Storage</h3>
+<div id="outline-container-org302cbc2" class="outline-3">
+<h3 id="org302cbc2"><span class="section-number-3">8.5.</span> Create AgentDVR Storage</h3>
 <div class="outline-text-3" id="text-8-5">
 <p>
 The abbey uses a separate volume to store surveillance recordings,
@@ -2730,8 +2735,7 @@ location do not fail.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-dvr/tasks/main.yml"><q>roles_t/abbey-dvr/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Create /DVR/AgentDVR/.
+<a href="roles_t/abbey-dvr/tasks/main.yml"><q>roles_t/abbey-dvr/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Create /DVR/AgentDVR/.
   become: yes
   file:
     state: directory
@@ -2752,8 +2756,8 @@ location do not fail.
 </div>
 </div>
 </div>
-<div id="outline-container-org08ba9e6" class="outline-3">
-<h3 id="org08ba9e6"><span class="section-number-3">8.6.</span> Install Custom NAGIOS Monitor <code>abbey_dvr</code></h3>
+<div id="outline-container-org6a98471" class="outline-3">
+<h3 id="org6a98471"><span class="section-number-3">8.6.</span> Install Custom NAGIOS Monitor <code>abbey_dvr</code></h3>
 <div class="outline-text-3" id="text-8-6">
 <p>
 DVR hosts install a custom NRPE plugin named <code>abbey_dvr</code> to monitor
@@ -2761,8 +2765,7 @@ the storage available on <q>/DVR/</q>.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-dvr/tasks/main.yml"><q>roles_t/abbey-dvr/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Configure NAGIOS command abbey_dvr.
+<a href="roles_t/abbey-dvr/tasks/main.yml"><q>roles_t/abbey-dvr/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Configure NAGIOS command abbey_dvr.
   become: yes
   vars:
     lib: /usr/lib/nagios/plugins
@@ -2786,11 +2789,11 @@ the storage available on <q>/DVR/</q>.
 </div>
 </div>
 </div>
-<div id="outline-container-orge82a2fb" class="outline-3">
-<h3 id="orge82a2fb"><span class="section-number-3">8.7.</span> Configure IP Cameras</h3>
+<div id="outline-container-org068505d" class="outline-3">
+<h3 id="org068505d"><span class="section-number-3">8.7.</span> Configure IP Cameras</h3>
 <div class="outline-text-3" id="text-8-7">
 <p>
-A new security camera is setup as described in <a href="#orgb57e970">Cloistering</a>, after
+A new security camera is setup as described in <a href="#orgbcbd35c">Cloistering</a>, after
 which the camera should be accessible by name on the abbey networks.
 Assuming <code>ping -c1 new</code> works, the camera's web interface will be
 accessible at <code>http://new/</code>.
@@ -2813,8 +2816,8 @@ protocol) is nice but optional.</li>
 </ul>
 </div>
 </div>
-<div id="outline-container-org2f0ff57" class="outline-3">
-<h3 id="org2f0ff57"><span class="section-number-3">8.8.</span> Configure AgentDVR's Cameras</h3>
+<div id="outline-container-org79c420e" class="outline-3">
+<h3 id="org79c420e"><span class="section-number-3">8.8.</span> Configure AgentDVR's Cameras</h3>
 <div class="outline-text-3" id="text-8-8">
 <p>
 After Ansible has configured and started the AgentDVR service, its web
@@ -2853,8 +2856,8 @@ AgentDVR's Live View.
 </p>
 </div>
 </div>
-<div id="outline-container-org75e828d" class="outline-3">
-<h3 id="org75e828d"><span class="section-number-3">8.9.</span> Configure AgentDVR's Default Storage</h3>
+<div id="outline-container-org8759686" class="outline-3">
+<h3 id="org8759686"><span class="section-number-3">8.9.</span> Configure AgentDVR's Default Storage</h3>
 <div class="outline-text-3" id="text-8-9">
 <p>
 AgentDVR's web interface is also used to configure a default storage
@@ -2866,8 +2869,8 @@ pressed before the task is complete.
 </p>
 </div>
 </div>
-<div id="outline-container-org5593023" class="outline-3">
-<h3 id="org5593023"><span class="section-number-3">8.10.</span> Configure AgentDVR's Recordings</h3>
+<div id="outline-container-org9eb2379" class="outline-3">
+<h3 id="org9eb2379"><span class="section-number-3">8.10.</span> Configure AgentDVR's Recordings</h3>
 <div class="outline-text-3" id="text-8-10">
 <p>
 After a default storage location has been configured, AgentDVR's
@@ -2898,8 +2901,8 @@ parameters are set (in the Recording and Storage tabs).
 </ul>
 </div>
 </div>
-<div id="outline-container-org2acb7a7" class="outline-3">
-<h3 id="org2acb7a7"><span class="section-number-3">8.11.</span> Restore AgentDVR</h3>
+<div id="outline-container-org38942e9" class="outline-3">
+<h3 id="org38942e9"><span class="section-number-3">8.11.</span> Restore AgentDVR</h3>
 <div class="outline-text-3" id="text-8-11">
 <p>
 When restoring <q>/home/</q> from a backup copy, the user accounts are
@@ -2915,8 +2918,8 @@ installs the system service configuration file and starts the service.
 </div>
 </div>
 </div>
-<div id="outline-container-orgb2e6139" class="outline-2">
-<h2 id="orgb2e6139"><span class="section-number-2">9.</span> The Abbey TVR Role</h2>
+<div id="outline-container-org1f83e98" class="outline-2">
+<h2 id="org1f83e98"><span class="section-number-2">9.</span> The Abbey TVR Role</h2>
 <div class="outline-text-2" id="text-9">
 <p>
 The abbey has a few TV tuners and a subscription to <a href="https://schedulesdirect.org/">Schedules Direct</a>
@@ -2931,14 +2934,14 @@ configured to serve MythTV pages at e.g. <code>http://new/mythweb/</code>.
 </p>
 
 <p>
-A new TVR machine needs only <a href="#orgb57e970">Cloistering</a> to prepare it for
+A new TVR machine needs only <a href="#orgbcbd35c">Cloistering</a> to prepare it for
 Ansible.  As part of that process, it should be added to the <code>tvrs</code>
 group in the <q>hosts</q> file.  An existing server can become a TVR
 machine by adding it to the <code>tvrs</code> group.
 </p>
 </div>
-<div id="outline-container-org0bd571a" class="outline-3">
-<h3 id="org0bd571a"><span class="section-number-3">9.1.</span> Include Abbey Variables</h3>
+<div id="outline-container-org69fdfc9" class="outline-3">
+<h3 id="org69fdfc9"><span class="section-number-3">9.1.</span> Include Abbey Variables</h3>
 <div class="outline-text-3" id="text-9-1">
 <p>
 Private variables in <q>private/vars-abbey.yml</q> are needed, as in the
@@ -2954,8 +2957,8 @@ directory, <q>playbooks/</q>.
 </div>
 </div>
 </div>
-<div id="outline-container-org99fc858" class="outline-3">
-<h3 id="org99fc858"><span class="section-number-3">9.2.</span> Manually Build and Install MythTV</h3>
+<div id="outline-container-orgc734da1" class="outline-3">
+<h3 id="orgc734da1"><span class="section-number-3">9.2.</span> Manually Build and Install MythTV</h3>
 <div class="outline-text-3" id="text-9-2">
 <p>
 Neither Debian nor the MythTV project provide binary packages of
@@ -2984,8 +2987,8 @@ sudo apt install mythtv-backend
 </div>
 </div>
 </div>
-<div id="outline-container-org9f2867d" class="outline-3">
-<h3 id="org9f2867d"><span class="section-number-3">9.3.</span> Restore MythTV</h3>
+<div id="outline-container-org68f3641" class="outline-3">
+<h3 id="org68f3641"><span class="section-number-3">9.3.</span> Restore MythTV</h3>
 <div class="outline-text-3" id="text-9-3">
 <p>
 Restoring MythTV from a backup copy to a fresh TVR host:
@@ -3013,8 +3016,8 @@ The <q>.mythtv/config.xml</q> file should provide the DB particulars
 </ul>
 </div>
 </div>
-<div id="outline-container-orgf981860" class="outline-3">
-<h3 id="orgf981860"><span class="section-number-3">9.4.</span> Manually Load DB Timezone Info</h3>
+<div id="outline-container-org54142b3" class="outline-3">
+<h3 id="org54142b3"><span class="section-number-3">9.4.</span> Manually Load DB Timezone Info</h3>
 <div class="outline-text-3" id="text-9-4">
 <p>
 Starting with MythTV version 0.26, the time zone tables must be loaded
@@ -3038,8 +3041,8 @@ e.g. <code>2022-09-13 20:15:41</code>.
 </div>
 </div>
 </div>
-<div id="outline-container-org4e44682" class="outline-3">
-<h3 id="org4e44682"><span class="section-number-3">9.5.</span> Create MythTV Storage Area</h3>
+<div id="outline-container-org7c6c1f3" class="outline-3">
+<h3 id="org7c6c1f3"><span class="section-number-3">9.5.</span> Create MythTV Storage Area</h3>
 <div class="outline-text-3" id="text-9-5">
 <p>
 The backend does not have a default storage area for its recordings.
@@ -3050,8 +3053,7 @@ creates that directory and ensures it has appropriate permissions.
 </p>
 
 <div class="org-src-container">
-<a href="roles_t/abbey-tvr/tasks/main.yml"><q>roles_t/abbey-tvr/tasks/main.yml</q></a><pre class="src src-conf"><code>
-- name: Create MythTV storage area.
+<a href="roles_t/abbey-tvr/tasks/main.yml"><q>roles_t/abbey-tvr/tasks/main.yml</q></a><pre class="src src-conf"><code>- name: Create MythTV storage area.
   become: yes
   file:
     state: directory
@@ -3063,8 +3065,8 @@ creates that directory and ensures it has appropriate permissions.
 </div>
 </div>
 </div>
-<div id="outline-container-org4f2c780" class="outline-3">
-<h3 id="org4f2c780"><span class="section-number-3">9.6.</span> Configure MythTV Backend</h3>
+<div id="outline-container-orgbbfee39" class="outline-3">
+<h3 id="orgbbfee39"><span class="section-number-3">9.6.</span> Configure MythTV Backend</h3>
 <div class="outline-text-3" id="text-9-6">
 <p>
 With MythTV built and installed, the post-installation tasks
@@ -3080,12 +3082,12 @@ at <code>http://new:6544</code> and make the following selections.
 </ul>
 </div>
 </div>
-<div id="outline-container-orgd3eb8f9" class="outline-3">
-<h3 id="orgd3eb8f9"><span class="section-number-3">9.7.</span> Configure Tuner</h3>
+<div id="outline-container-org47d1cd3" class="outline-3">
+<h3 id="org47d1cd3"><span class="section-number-3">9.7.</span> Configure Tuner</h3>
 <div class="outline-text-3" id="text-9-7">
 <p>
 The abbey has a Silicon Dust Homerun HDTV Duo (with two tuners).  It
-is setup as described in <a href="#orgb57e970">Cloistering</a>, after which the tuner is
+is setup as described in <a href="#orgbcbd35c">Cloistering</a>, after which the tuner is
 accessible by name (e.g. <code>new</code>) on the cloister network.  Assuming
 <code>ping -c1 new</code> works, the tuner should be accessible via the
 <code>hdhomerun_config_gui</code> command, a graphical interface contributed to
@@ -3096,8 +3098,8 @@ tuner's domain name or IP address can also be entered.
 </p>
 </div>
 </div>
-<div id="outline-container-org29af529" class="outline-3">
-<h3 id="org29af529"><span class="section-number-3">9.8.</span> Add HDHomerun and Mr.Antenna</h3>
+<div id="outline-container-org64695ca" class="outline-3">
+<h3 id="org64695ca"><span class="section-number-3">9.8.</span> Add HDHomerun and Mr.Antenna</h3>
 <div class="outline-text-3" id="text-9-8">
 <p>
 In MythTV Setup:
@@ -3140,8 +3142,8 @@ any case, do <i>not</i> run <code>mythfilldatabase</code>.</li>
 </ul>
 </div>
 </div>
-<div id="outline-container-org7d7753e" class="outline-3">
-<h3 id="org7d7753e"><span class="section-number-3">9.9.</span> Scan for New Channels</h3>
+<div id="outline-container-org1a5bf23" class="outline-3">
+<h3 id="org1a5bf23"><span class="section-number-3">9.9.</span> Scan for New Channels</h3>
 <div class="outline-text-3" id="text-9-9">
 <p>
 In MythTV Backend, the website on Core's port 6544, e.g.
@@ -3155,15 +3157,16 @@ In MythTV Backend, the website on Core's port 6544, e.g.
 <li>Press "Delete".</li>
 <li>Choose "Input Connections" from the top tab bar.</li>
 <li>Choose (unfold) "HDHomeRun =&gt; Mr.Antenna".</li>
-<li>Press "+ Scan for Channels".</li>
-<li>Choose options?  Eventually press "Scan"?  And wait.</li>
-<li>Choose to import all.</li>
+<li>Press (unfold) "+ Scan for Channels".</li>
+<li>Choose Scan Type: Full Scan</li>
+<li>Press "Start Scan" and wait.</li>
+<li>Choose to "Insert All".</li>
 <li>Choose "Restart Backend Full Operation".</li>
 </ul>
 </div>
 </div>
-<div id="outline-container-org216ca3b" class="outline-3">
-<h3 id="org216ca3b"><span class="section-number-3">9.10.</span> Configure XMLTV</h3>
+<div id="outline-container-orge06879f" class="outline-3">
+<h3 id="orge06879f"><span class="section-number-3">9.10.</span> Configure XMLTV</h3>
 <div class="outline-text-3" id="text-9-10">
 <p>
 The <code>xmltv</code> package, specifically its <code>tv_grab_zz_sdjson</code> program, is
@@ -3198,7 +3201,7 @@ the list of "inputs" available in a postal code typically ends with
 the OTA (over the air) broadcasts.
 </p>
 
-<pre class="example" id="orga54a74f">
+<pre class="example" id="org1ea8f23">
 $ tv_grab_zz_sdjson --configure --config-file .mythtv/Mr.Antenna.xml
 Cache file for lineups, schedules and programs.
 Cache file: [/home/mythtv/.xmltv/tv_grab_zz_sdjson.cache]
@@ -3248,8 +3251,8 @@ backend is running, so it is not run until then.
 </p>
 </div>
 </div>
-<div id="outline-container-org7d7443b" class="outline-3">
-<h3 id="org7d7443b"><span class="section-number-3">9.11.</span> Debug XMLTV</h3>
+<div id="outline-container-org2d5e116" class="outline-3">
+<h3 id="org2d5e116"><span class="section-number-3">9.11.</span> Debug XMLTV</h3>
 <div class="outline-text-3" id="text-9-11">
 <p>
 If the <code>mythfilldatabase</code> command fails or expected listings do not
@@ -3288,14 +3291,14 @@ Running a similar command (without <code>--quiet</code>) might be more revealing
 </div>
 </div>
 </div>
-<div id="outline-container-orgc9cb7f0" class="outline-3">
-<h3 id="orgc9cb7f0"><span class="section-number-3">9.12.</span> Change Broadcast Area</h3>
+<div id="outline-container-orge0bfe53" class="outline-3">
+<h3 id="orge0bfe53"><span class="section-number-3">9.12.</span> Change Broadcast Area</h3>
 <div class="outline-text-3" id="text-9-12">
 <p>
 The abbey changes location almost weekly, so its HDTV broadcast area
 changes frequently.  At the start of a long stay the administrator
 uses the MythTV Setup program to scan for the new area's channels, as
-described in <a href="#org7d7753e">Scan for New Channels</a>.
+described in <a href="#org1a5bf23">Scan for New Channels</a>.
 </p>
 
 <p>
@@ -3313,7 +3316,7 @@ program as user <code>mythtv</code>.
 
 <p>
 The program will prompt for the zip code and offer a list of "inputs"
-available in that area, as described in <a href="#org216ca3b">Configure XMLTV</a>.
+available in that area, as described in <a href="#orge06879f">Configure XMLTV</a>.
 </p>
 
 <p>
@@ -3327,14 +3330,14 @@ Lastly, the administrator runs an immediate update (again as the
 </div>
 
 <p>
-If the command fails, consult <a href="#org7d7443b">Debug XMLTV</a>.  Else, the listings appear
+If the command fails, consult <a href="#org2d5e116">Debug XMLTV</a>.  Else, the listings appear
 in MythTV Backend's "Program Guide" page.
 </p>
 </div>
 </div>
 </div>
-<div id="outline-container-orgdde9bfe" class="outline-2">
-<h2 id="orgdde9bfe"><span class="section-number-2">10.</span> The Ansible Configuration</h2>
+<div id="outline-container-org89ddc1e" class="outline-2">
+<h2 id="org89ddc1e"><span class="section-number-2">10.</span> The Ansible Configuration</h2>
 <div class="outline-text-2" id="text-10">
 <p>
 The abbey's Ansible configuration, like that of <a href="Institute/README.html">A Small Institute</a>, is
@@ -3361,7 +3364,7 @@ specific versions.
 </p>
 
 <p>
-NOTE: if you have not read at least the <a href="Institute/README.html#orgefb6095">Overview</a> of <a href="Institute/README.html">A Small Institute</a>
+NOTE: if you have not read at least the <a href="Institute/README.html#org953f84e">Overview</a> of <a href="Institute/README.html">A Small Institute</a>
 you are lost.
 </p>
 
@@ -3391,8 +3394,8 @@ rest are built up piecemeal by (tangled from) this document,
 <q>README.org</q>, and <a href="Institute/README.html"><q>Institute/README.org</q></a>.
 </p>
 </div>
-<div id="outline-container-org8173efc" class="outline-3">
-<h3 id="org8173efc"><span class="section-number-3">10.1.</span> <q>ansible.cfg</q></h3>
+<div id="outline-container-org009c273" class="outline-3">
+<h3 id="org009c273"><span class="section-number-3">10.1.</span> <q>ansible.cfg</q></h3>
 <div class="outline-text-3" id="text-10-1">
 <p>
 This is much like the example (test) institutional configuration file,
@@ -3409,17 +3412,17 @@ except the roles are found in <q>Institute/roles/</q> as well as <q>roles/</q>.
 </div>
 </div>
 </div>
-<div id="outline-container-org12a438b" class="outline-3">
-<h3 id="org12a438b"><span class="section-number-3">10.2.</span> <q>hosts</q></h3>
+<div id="outline-container-org87eda60" class="outline-3">
+<h3 id="org87eda60"><span class="section-number-3">10.2.</span> <q>hosts</q></h3>
 <div class="outline-text-3" id="text-10-2">
 <div class="org-src-container">
-<a href="hosts"><q>hosts</q></a><pre class="src src-conf" id="orgf05c25e"><code>all:
+<a href="hosts"><q>hosts</q></a><pre class="src src-conf" id="orga772956"><code>all:
   vars:
     ansible_user: sysadm
     ansible_ssh_extra_args: -i Secret/ssh_admin/id_rsa
   hosts:
-    <span class="org-comment-delimiter"># </span><span class="org-comment">The Main Servers: Front, Gate and Core.
-</span>    droplet:
+    <span class="org-comment-delimiter"># </span><span class="org-comment">The Main Servers: Front, Gate and Core.</span>
+    droplet:
       ansible_host: 138.68.252.171
       ansible_become_password: <span class="org-string">"{{ become_droplet }}"</span>
     anoat:
@@ -3428,8 +3431,8 @@ except the roles are found in <q>Institute/roles/</q> as well as <q>roles/</q>.
     malastare:
       ansible_host: malastare.birchwood.private
       ansible_become_password: <span class="org-string">"{{ become_malastare }}"</span>
-    <span class="org-comment-delimiter"># </span><span class="org-comment">Campus
-</span>    kessel:
+    <span class="org-comment-delimiter"># </span><span class="org-comment">Campus</span>
+    kessel:
       ansible_host: kessel.birchwood.private
       ansible_become_password: <span class="org-string">"{{ become_kessel }}"</span>
     dantooine:
@@ -3438,8 +3441,8 @@ except the roles are found in <q>Institute/roles/</q> as well as <q>roles/</q>.
     ord-mantell:
       ansible_host: ord-mantell.birchwood.private
       ansible_become_password: <span class="org-string">"{{ become_ord_mantell }}"</span>
-    <span class="org-comment-delimiter"># </span><span class="org-comment">Notebooks
-</span>    felucia:
+    <span class="org-comment-delimiter"># </span><span class="org-comment">Notebooks</span>
+    felucia:
       ansible_host: felucia.birchwood.private
       ansible_become_password: <span class="org-string">"{{ become_felucia }}"</span>
     sullust:
@@ -3493,8 +3496,8 @@ except the roles are found in <q>Institute/roles/</q> as well as <q>roles/</q>.
 </div>
 </div>
 </div>
-<div id="outline-container-org2811731" class="outline-3">
-<h3 id="org2811731"><span class="section-number-3">10.3.</span> <q>playbooks/site.yml</q></h3>
+<div id="outline-container-org8998876" class="outline-3">
+<h3 id="org8998876"><span class="section-number-3">10.3.</span> <q>playbooks/site.yml</q></h3>
 <div class="outline-text-3" id="text-10-3">
 <p>
 This playbook provisions the entire network by applying first the
@@ -3535,17 +3538,17 @@ institutional roles, then the liturgical roles.
 </div>
 </div>
 </div>
-<div id="outline-container-orga94a492" class="outline-2">
-<h2 id="orga94a492"><span class="section-number-2">11.</span> The Abbey Commands</h2>
+<div id="outline-container-org910bf1b" class="outline-2">
+<h2 id="org910bf1b"><span class="section-number-2">11.</span> The Abbey Commands</h2>
 <div class="outline-text-2" id="text-11">
 <p>
 The <code>./abbey</code> script encodes the abbey's canonical procedures.  It
-includes <a href="Institute/README.html#org43f8955">The Institute Commands</a> and adds a few abbey-specific
+includes <a href="Institute/README.html#org219b1f0">The Institute Commands</a> and adds a few abbey-specific
 sub-commands.
 </p>
 </div>
-<div id="outline-container-org151420e" class="outline-3">
-<h3 id="org151420e"><span class="section-number-3">11.1.</span> Abbey Command Overview</h3>
+<div id="outline-container-orga60eee4" class="outline-3">
+<h3 id="orga60eee4"><span class="section-number-3">11.1.</span> Abbey Command Overview</h3>
 <div class="outline-text-3" id="text-11-1">
 <p>
 Institutional sub-commands:
@@ -3574,18 +3577,18 @@ and <code>_architecture</code> for all hosts.</dd>
 </dl>
 </div>
 </div>
-<div id="outline-container-orge616d74" class="outline-3">
-<h3 id="orge616d74"><span class="section-number-3">11.2.</span> Abbey Command Script</h3>
+<div id="outline-container-org67dbcd9" class="outline-3">
+<h3 id="org67dbcd9"><span class="section-number-3">11.2.</span> Abbey Command Script</h3>
 <div class="outline-text-3" id="text-11-2">
 <p>
 The script begins with the following prefix and trampolines.
 </p>
 
 <div class="org-src-container">
-<a href="abbey"><q>abbey</q></a><pre class="src src-perl"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/usr/bin/perl -w
-</span><span class="org-comment-delimiter">#</span><span class="org-comment">
-</span><span class="org-comment-delimiter"># </span><span class="org-comment">DO NOT EDIT.  This file was tangled from README.org.
-</span>
+<a href="abbey"><q>abbey</q></a><pre class="src src-perl"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/usr/bin/perl -w</span>
+<span class="org-comment-delimiter">#</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">DO NOT EDIT.  This file was tangled from README.org.</span>
+
 <span class="org-keyword">use</span> <span class="org-constant">strict</span>;
 
 <span class="org-keyword">if</span> (defined $<span class="org-variable-name">ARGV</span>[0]
@@ -3599,7 +3602,7 @@ The script begins with the following prefix and trampolines.
 The small institute's <code>./inst</code> command expects to be running in
 <q>Institute/</q>, not <q>./</q>, but it only references <q>public/</q>, <q>private/</q>,
 <q>Secret/</q> and <q>playbooks/check-inst-vars.yml</q>, and will find the abbey
-specific versions of these.  The <code>roles_path</code> setting in <a href="#org8173efc"><q>ansible.cfg</q></a>
+specific versions of these.  The <code>roles_path</code> setting in <a href="#org009c273"><q>ansible.cfg</q></a>
 effectively merges the institutional roles into the distinctly named
 abbey specific roles.  The roles likewise reference files with
 relative names, and will find the abbey specific <q>private/</q>
@@ -3622,8 +3625,8 @@ code block "duplicates" the action of the institute's
 </div>
 </div>
 </div>
-<div id="outline-container-org2d29e39" class="outline-3">
-<h3 id="org2d29e39"><span class="section-number-3">11.3.</span> The Upgrade Command</h3>
+<div id="outline-container-org741731b" class="outline-3">
+<h3 id="org741731b"><span class="section-number-3">11.3.</span> The Upgrade Command</h3>
 <div class="outline-text-3" id="text-11-3">
 <p>
 The script implements an <code>upgrade</code> sub-command that runs <code>apt update</code>
@@ -3642,8 +3645,7 @@ a limit pattern.  For example:
 </pre>
 
 <div class="org-src-container">
-<a href="abbey"><q>abbey</q></a><pre class="src src-perl"><code>
-<span class="org-keyword">if</span> (defined $<span class="org-variable-name">ARGV</span>[0] &amp;&amp; $<span class="org-variable-name">ARGV</span>[0] eq <span class="org-string">"upgrade"</span>) {
+<a href="abbey"><q>abbey</q></a><pre class="src src-perl"><code><span class="org-keyword">if</span> (defined $<span class="org-variable-name">ARGV</span>[0] &amp;&amp; $<span class="org-variable-name">ARGV</span>[0] eq <span class="org-string">"upgrade"</span>) {
   shift;
   <span class="org-keyword">my</span> @<span class="org-perl-non-scalar-variable">args</span> = ( <span class="org-string">"-e"</span>, <span class="org-string">"\@Secret/become.yml"</span> );
   <span class="org-keyword">if</span> (defined $<span class="org-variable-name">ARGV</span>[0] &amp;&amp; $<span class="org-variable-name">ARGV</span>[0] eq <span class="org-string">"-n"</span>) {
@@ -3688,8 +3690,8 @@ a limit pattern.  For example:
 </div>
 </div>
 </div>
-<div id="outline-container-orgdd0d22a" class="outline-3">
-<h3 id="orgdd0d22a"><span class="section-number-3">11.4.</span> The Reboots Command</h3>
+<div id="outline-container-org753535b" class="outline-3">
+<h3 id="org753535b"><span class="section-number-3">11.4.</span> The Reboots Command</h3>
 <div class="outline-text-3" id="text-11-4">
 <p>
 The script implements a <code>reboots</code> sub-command that looks for
@@ -3720,8 +3722,8 @@ The script implements a <code>reboots</code> sub-command that looks for
 </div>
 </div>
 </div>
-<div id="outline-container-orge4ce523" class="outline-3">
-<h3 id="orge4ce523"><span class="section-number-3">11.5.</span> The Versions Command</h3>
+<div id="outline-container-org98619eb" class="outline-3">
+<h3 id="org98619eb"><span class="section-number-3">11.5.</span> The Versions Command</h3>
 <div class="outline-text-3" id="text-11-5">
 <p>
 The script implements a <code>versions</code> sub-command that reports the
@@ -3748,8 +3750,8 @@ operating system version of all abbey managed machines.
 </div>
 </div>
 </div>
-<div id="outline-container-orga466b57" class="outline-3">
-<h3 id="orga466b57"><span class="section-number-3">11.6.</span> The Facts Command</h3>
+<div id="outline-container-orgf9b1ac0" class="outline-3">
+<h3 id="orgf9b1ac0"><span class="section-number-3">11.6.</span> The Facts Command</h3>
 <div class="outline-text-3" id="text-11-6">
 <p>
 The script implements a <code>facts</code> sub-command to collect the Ansible
@@ -3769,8 +3771,8 @@ The script implements a <code>facts</code> sub-command to collect the Ansible
 </div>
 </div>
 </div>
-<div id="outline-container-orgb4cc7c8" class="outline-3">
-<h3 id="orgb4cc7c8"><span class="section-number-3">11.7.</span> The TZ Command</h3>
+<div id="outline-container-org50015c8" class="outline-3">
+<h3 id="org50015c8"><span class="section-number-3">11.7.</span> The TZ Command</h3>
 <div class="outline-text-3" id="text-11-7">
 <p>
 The abbey changes location almost weekly, so its timezone changes
@@ -3805,7 +3807,7 @@ last host in the previous play.
 
 <div class="org-src-container">
 <a href="playbooks/timezone.yml"><q>playbooks/timezone.yml</q></a><pre class="src src-conf"><code>---
-- hosts: core, dvrs, tvrs, webtvs
+- hosts: core, dvrs, tvrs, webtvs, notebooks
   tasks:
   - name: Get timezone.
     command: date <span class="org-string">'+%Z'</span>
@@ -3827,6 +3829,13 @@ last host in the previous play.
     <span class="org-variable-name">when: ansible_date_time.tz !</span>= zone.stdout
     register: new_tz
 
+  - name: Restart CronD.
+    become: yes
+    systemd:
+      service: cron
+      status: restarted
+    when: new_tz.changed
+
 - hosts: dvrs
   tasks:
   - name: Restart AgentDVR.
@@ -3849,8 +3858,8 @@ last host in the previous play.
 </div>
 </div>
 </div>
-<div id="outline-container-orgc69e418" class="outline-3">
-<h3 id="orgc69e418"><span class="section-number-3">11.8.</span> Abbey Command Help</h3>
+<div id="outline-container-org261237d" class="outline-3">
+<h3 id="org261237d"><span class="section-number-3">11.8.</span> Abbey Command Help</h3>
 <div class="outline-text-3" id="text-11-8">
 <div class="org-src-container">
 <a href="abbey"><q>abbey</q></a><pre class="src src-perl"><code><span class="org-keyword">my</span> $<span class="org-variable-name">ops</span> = (<span class="org-string">"config,new,old,pass,client,"</span>
@@ -3861,8 +3870,8 @@ last host in the previous play.
 </div>
 </div>
 </div>
-<div id="outline-container-orgb57e970" class="outline-2">
-<h2 id="orgb57e970"><span class="section-number-2">12.</span> Cloistering</h2>
+<div id="outline-container-orgbcbd35c" class="outline-2">
+<h2 id="orgbcbd35c"><span class="section-number-2">12.</span> Cloistering</h2>
 <div class="outline-text-2" id="text-12">
 <p>
 This is how a new machine is brought into the cloister.  The process
@@ -3871,8 +3880,8 @@ narrows down to the common preparation of all machines administered by
 Ansible.
 </p>
 </div>
-<div id="outline-container-org9b9f5e9" class="outline-3">
-<h3 id="org9b9f5e9"><span class="section-number-3">12.1.</span> IoT Devices</h3>
+<div id="outline-container-orgecbedba" class="outline-3">
+<h3 id="orgecbedba"><span class="section-number-3">12.1.</span> IoT Devices</h3>
 <div class="outline-text-3" id="text-12-1">
 <p>
 A wireless IoT device (smart TV, Blu-ray deck, etc.) cannot install
@@ -3888,8 +3897,8 @@ given a private domain name as described in the following steps.
 </p>
 
 <ul class="org-ul">
-<li><a href="#org64bbfaa">Add to Core DHCP</a></li>
-<li><a href="#org488e689">Create Wired Domain Name</a></li>
+<li><a href="#orgadef5df">Add to Core DHCP</a></li>
+<li><a href="#org3f8edac">Create Wired Domain Name</a></li>
 </ul>
 
 <p>
@@ -3899,12 +3908,12 @@ last step:
 </p>
 
 <ul class="org-ul">
-<li><a href="#org39c2bc6">Create Wireless Domain Name</a></li>
+<li><a href="#org330fa20">Create Wireless Domain Name</a></li>
 </ul>
 </div>
 </div>
-<div id="outline-container-org47e58c8" class="outline-3">
-<h3 id="org47e58c8"><span class="section-number-3">12.2.</span> Raspberry Pis</h3>
+<div id="outline-container-orgb51956b" class="outline-3">
+<h3 id="orgb51956b"><span class="section-number-3">12.2.</span> Raspberry Pis</h3>
 <div class="outline-text-3" id="text-12-2">
 <p>
 The abbey's Raspberry Pi runs the Raspberry Pi OS desktop off an NVMe
@@ -3925,8 +3934,8 @@ Ethernet, and power up.</li>
 <li>new username: sysadm</li>
 <li>new password: &lt;password&gt;</li>
 </ul></li>
-<li><a href="#org64bbfaa">Add to Core DHCP</a></li>
-<li><a href="#org488e689">Create Wired Domain Name</a></li>
+<li><a href="#orgadef5df">Add to Core DHCP</a></li>
+<li><a href="#org3f8edac">Create Wired Domain Name</a></li>
 <li>Launch the desktop.</li>
 <li>If the desktop is running on a USB HD (thumb drive) or μSD card, use
 the Raspberry Pi Imager app in Accessories in the main menu.  Choose
@@ -3936,9 +3945,9 @@ installation questions again.</li>
 <li>Right click on the desktop (background) and choose Preferences.  In
 the Control Centre choose Interfaces in the left side bar and toggle
 SSH on.</li>
-<li><a href="#org9623e8b">Update From Cloister Apt Cache</a></li>
-<li><a href="#orgb84bcd7">Authorize Remote Administration</a></li>
-<li><a href="#orgef7f507">Configure with Ansible</a></li>
+<li><a href="#orgef77f9b">Update From Cloister Apt Cache</a></li>
+<li><a href="#org162f1d6">Authorize Remote Administration</a></li>
+<li><a href="#org9304c14">Configure with Ansible</a></li>
 </ul>
 
 <p>
@@ -3947,14 +3956,14 @@ steps are taken.
 </p>
 
 <ul class="org-ul">
-<li><a href="#org1520010">Connect to Cloister Wi-Fi</a></li>
-<li><a href="#org9bae096">Connect to Cloister VPN</a></li>
-<li><a href="#org39c2bc6">Create Wireless Domain Name</a></li>
+<li><a href="#org844c5f9">Connect to Cloister Wi-Fi</a></li>
+<li><a href="#org93a29fc">Connect to Cloister VPN</a></li>
+<li><a href="#org330fa20">Create Wireless Domain Name</a></li>
 </ul>
 </div>
 </div>
-<div id="outline-container-orgfd73a60" class="outline-3">
-<h3 id="orgfd73a60"><span class="section-number-3">12.3.</span> PCs</h3>
+<div id="outline-container-org1ebc509" class="outline-3">
+<h3 id="org1ebc509"><span class="section-number-3">12.3.</span> PCs</h3>
 <div class="outline-text-3" id="text-12-3">
 <p>
 Most of the abbey's machines, like Core and Gate, are general-purpose
@@ -3967,12 +3976,12 @@ follows.
 to a USB drive and connect it to the PC.</li>
 <li>Connect an HDMI monitor, a USB keyboard/mouse, and the cloister
 Ethernet, and power up.  Choose to boot from the USB drive.</li>
-<li><a href="#org64bbfaa">Add to Core DHCP</a></li>
-<li><a href="#org488e689">Create Wired Domain Name</a></li>
+<li><a href="#orgadef5df">Add to Core DHCP</a></li>
+<li><a href="#org3f8edac">Create Wired Domain Name</a></li>
 <li>Answer first-boot installation questions as detailed in the
 preparation of <a href="Institute/README.org*A Test Machine">A Test Machine</a> for a Small Institute.</li>
 <li>Log in as <code>sysadm</code> on the console.</li>
-<li><a href="#org9623e8b">Update From Cloister Apt Cache</a></li>
+<li><a href="#orgef77f9b">Update From Cloister Apt Cache</a></li>
 <li><p>
 Install <code>openssh-server</code>, unless it was included in the
 distribution.  Run the following if unsure.
@@ -3980,8 +3989,8 @@ distribution.  Run the following if unsure.
 <pre class="example">
 sudo apt install openssh-server
 </pre></li>
-<li><a href="#orgb84bcd7">Authorize Remote Administration</a></li>
-<li><a href="#orgef7f507">Configure with Ansible</a></li>
+<li><a href="#org162f1d6">Authorize Remote Administration</a></li>
+<li><a href="#org9304c14">Configure with Ansible</a></li>
 </ul>
 
 <p>
@@ -3990,14 +3999,14 @@ steps are taken.
 </p>
 
 <ul class="org-ul">
-<li><a href="#org1520010">Connect to Cloister Wi-Fi</a></li>
-<li><a href="#org9bae096">Connect to Cloister VPN</a></li>
-<li><a href="#org39c2bc6">Create Wireless Domain Name</a></li>
+<li><a href="#org844c5f9">Connect to Cloister Wi-Fi</a></li>
+<li><a href="#org93a29fc">Connect to Cloister VPN</a></li>
+<li><a href="#org330fa20">Create Wireless Domain Name</a></li>
 </ul>
 </div>
 </div>
-<div id="outline-container-org64bbfaa" class="outline-3">
-<h3 id="org64bbfaa"><span class="section-number-3">12.4.</span> Add to Core DHCP</h3>
+<div id="outline-container-orgadef5df" class="outline-3">
+<h3 id="orgadef5df"><span class="section-number-3">12.4.</span> Add to Core DHCP</h3>
 <div class="outline-text-3" id="text-12-4">
 <p>
 When a new machine is connected to the cloister Ethernet, its MAC
@@ -4057,12 +4066,12 @@ reporting <code>1 packets transmitted, 1 received, 0% packet loss...</code>.
 </div>
 </div>
 </div>
-<div id="outline-container-org488e689" class="outline-3">
-<h3 id="org488e689"><span class="section-number-3">12.5.</span> Create Wired Domain Name</h3>
+<div id="outline-container-org3f8edac" class="outline-3">
+<h3 id="org3f8edac"><span class="section-number-3">12.5.</span> Create Wired Domain Name</h3>
 <div class="outline-text-3" id="text-12-5">
 <p>
 A wired device is assigned an IP address when it is added to Core's
-DHCP configuration (as in <a href="#org64bbfaa">Add to Core DHCP</a>).  A private domain name is
+DHCP configuration (as in <a href="#orgadef5df">Add to Core DHCP</a>).  A private domain name is
 then associated with this address.  If the device is intended to
 operate wirelessly, the name for its address is modified with a <code>-w</code>
 suffix.  Thus <code>new-w.small.private</code> would be the name of the new
@@ -4105,8 +4114,8 @@ resolvectl query 192.168.56.4
 </div>
 </div>
 </div>
-<div id="outline-container-org9623e8b" class="outline-3">
-<h3 id="org9623e8b"><span class="section-number-3">12.6.</span> Update From Cloister Apt Cache</h3>
+<div id="outline-container-orgef77f9b" class="outline-3">
+<h3 id="orgef77f9b"><span class="section-number-3">12.6.</span> Update From Cloister Apt Cache</h3>
 <div class="outline-text-3" id="text-12-6">
 <ul class="org-ul">
 <li>Log in as <code>sysadm</code> on the console.</li>
@@ -4128,8 +4137,8 @@ sudo reboot
 </ul>
 </div>
 </div>
-<div id="outline-container-orgb84bcd7" class="outline-3">
-<h3 id="orgb84bcd7"><span class="section-number-3">12.7.</span> Authorize Remote Administration</h3>
+<div id="outline-container-org162f1d6" class="outline-3">
+<h3 id="org162f1d6"><span class="section-number-3">12.7.</span> Authorize Remote Administration</h3>
 <div class="outline-text-3" id="text-12-7">
 <p>
 To remotely administer <code>new-w</code>, Ansible must be authorized to login as
@@ -4163,11 +4172,11 @@ key.
 </div>
 </div>
 </div>
-<div id="outline-container-orgef7f507" class="outline-3">
-<h3 id="orgef7f507"><span class="section-number-3">12.8.</span> Configure with Ansible</h3>
+<div id="outline-container-org9304c14" class="outline-3">
+<h3 id="org9304c14"><span class="section-number-3">12.8.</span> Configure with Ansible</h3>
 <div class="outline-text-3" id="text-12-8">
 <p>
-With remote administration authorized and tested (as in <a href="#orgb84bcd7">Authorize
+With remote administration authorized and tested (as in <a href="#org162f1d6">Authorize
 Remote Administration</a>), and the machine connected to the cloister
 Ethernet, the configuration of <code>new-w</code> can be completed by Ansible.
 Note that if the machine is staying on the cloister Ethernet, its
@@ -4175,7 +4184,7 @@ domain name will be <code>new</code> (having had no <code>-w</code> suffix added
 </p>
 
 <p>
-First <code>new-w</code> is added to Ansible's inventory in <a href="#org12a438b"><q>hosts</q></a>.  A <code>new-w</code>
+First <code>new-w</code> is added to Ansible's inventory in <a href="#org87eda60"><q>hosts</q></a>.  A <code>new-w</code>
 section is added to the list of all hosts, and an empty section of the
 same name is added to the list of <code>campus</code> hosts.  If the machine uses
 the usual privileged account name, <code>sysadm</code>, the <code>ansible_user</code> key is
@@ -4223,8 +4232,8 @@ configuration files.
 </div>
 </div>
 </div>
-<div id="outline-container-org1520010" class="outline-3">
-<h3 id="org1520010"><span class="section-number-3">12.9.</span> Connect to Cloister Wi-Fi</h3>
+<div id="outline-container-org844c5f9" class="outline-3">
+<h3 id="org844c5f9"><span class="section-number-3">12.9.</span> Connect to Cloister Wi-Fi</h3>
 <div class="outline-text-3" id="text-12-9">
 <p>
 On an IoT device, or a Debian or Android "desktop", the cloister Wi-Fi
@@ -4265,8 +4274,8 @@ desktop connected to the Wi-Fi using the following <code>ping</code> command.
 </div>
 </div>
 </div>
-<div id="outline-container-org9bae096" class="outline-3">
-<h3 id="org9bae096"><span class="section-number-3">12.10.</span> Connect to Cloister VPN</h3>
+<div id="outline-container-org93a29fc" class="outline-3">
+<h3 id="org93a29fc"><span class="section-number-3">12.10.</span> Connect to Cloister VPN</h3>
 <div class="outline-text-3" id="text-12-10">
 <p>
 Wireless devices (with the cloister Wi-Fi password) can get an IP
@@ -4279,14 +4288,14 @@ however, are <i>not</i> accessible except via the cloister VPN.
 
 <p>
 Connections to the cloister VPN are authorized by the <code>./abbey
-client...</code> command (aka <a href="Institute/README.html#org7efeef2">The Client Command</a>), which registers a new
+client...</code> command (aka <a href="Institute/README.html#orgf253523">The Client Command</a>), which registers a new
 client's public key and installs new WireGuard™ configurations on the
 servers.  Private keys are kept on the clients (e.g. in
 <q>/etc/wireguard/private-key</q>).
 </p>
 </div>
-<div id="outline-container-orgeb7948c" class="outline-4">
-<h4 id="orgeb7948c"><span class="section-number-4">12.10.1.</span> Campus Desktops and Servers</h4>
+<div id="outline-container-orgb137076" class="outline-4">
+<h4 id="orgb137076"><span class="section-number-4">12.10.1.</span> Campus Desktops and Servers</h4>
 <div class="outline-text-4" id="text-12-10-1">
 <p>
 Wireless Debian desktops (with NetworkManager) as well as servers
@@ -4372,8 +4381,8 @@ sudo systemctl enable wg-quick@wg0
 </ul>
 </div>
 </div>
-<div id="outline-container-orgdd2ffc7" class="outline-4">
-<h4 id="orgdd2ffc7"><span class="section-number-4">12.10.2.</span> Private Desktops</h4>
+<div id="outline-container-org120c7de" class="outline-4">
+<h4 id="org120c7de"><span class="section-number-4">12.10.2.</span> Private Desktops</h4>
 <div class="outline-text-4" id="text-12-10-2">
 <p>
 Member notebooks are private machines not remotely administered by the
@@ -4485,8 +4494,8 @@ password is included in <q>Secret/become.yml</q>.
 </p>
 </div>
 </div>
-<div id="outline-container-orgd3c62d2" class="outline-4">
-<h4 id="orgd3c62d2"><span class="section-number-4">12.10.3.</span> Android</h4>
+<div id="outline-container-org8a46237" class="outline-4">
+<h4 id="org8a46237"><span class="section-number-4">12.10.3.</span> Android</h4>
 <div class="outline-text-4" id="text-12-10-3">
 <p>
 Android phones and tablets are authorized to connect to the cloister
@@ -4523,8 +4532,8 @@ public VPN.</li>
 </div>
 </div>
 </div>
-<div id="outline-container-org39c2bc6" class="outline-3">
-<h3 id="org39c2bc6"><span class="section-number-3">12.11.</span> Create Wireless Domain Name</h3>
+<div id="outline-container-org330fa20" class="outline-3">
+<h3 id="org330fa20"><span class="section-number-3">12.11.</span> Create Wireless Domain Name</h3>
 <div class="outline-text-3" id="text-12-11">
 <p>
 A wireless machine is assigned a Wi-Fi address when it connects to the
@@ -4579,7 +4588,7 @@ be added to <q>private/db.campus_vpn</q>.)
 </div>
 <div id="postamble" class="status">
 <p class="author">Author: Matt Birkholz</p>
-<p class="date">Created: 2026-01-18 Sun 16:36</p>
+<p class="date">Created: 2026-05-09 Sat 15:42</p>
 <p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p>
 </div>
 </body>
-- 
2.47.3