From 1cfc12a53ae83121396eaf27f98192faaead08e0 Mon Sep 17 00:00:00 2001
From: Matt Birkholz <matt@birchwood-abbey.net>
Date: Wed, 3 Apr 2024 11:04:11 -0500
Subject: [PATCH] Update README.html.

---
 README.html | 147 +++++++++++++++++++++++++---------------------------
 1 file changed, 71 insertions(+), 76 deletions(-)

diff --git a/README.html b/README.html
index 907d654..7208837 100644
--- a/README.html
+++ b/README.html
@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2024-04-01 Mon 18:11 -->
+<!-- 2024-04-03 Wed 11:00 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>A Small Institute</title>
@@ -48,7 +48,7 @@ connects to Front making the institute email, cloud, etc. available to
 members off campus.
 </p>
 
-<pre class="example" id="org03eeea2">
+<pre class="example" id="orgf7cca3e">
                 =                                                   
               _|||_                                                 
         =-The-Institute-=                                           
@@ -1022,7 +1022,7 @@ example result follows the code.
 </pre>
 </div>
 
-<div class="TEXT" id="orge944bca">
+<div class="TEXT" id="org80ad917">
 <p>
 =&gt; 10.62.17.0/24
 </p>
@@ -1475,7 +1475,7 @@ USB-Ethernet adapter, or a wireless adapter connected to a
 campground Wi-Fi access point, etc.</li>
 </ol>
 
-<pre class="example" id="org91a8808">
+<pre class="example" id="orgf915d51">
 =============== | ==================================================
                 |                                           Premises
           (Campus ISP)                                              
@@ -1498,7 +1498,7 @@ This avoids the need for a second Wi-Fi access point and leads to the
 following topology.
 </p>
 
-<pre class="example" id="org6c9a8ee">
+<pre class="example" id="org9bcafc4">
 =============== | ==================================================
                 |                                           Premises
            (House ISP)                                              
@@ -1651,8 +1651,8 @@ The <code>all</code> role contains tasks that are executed on all of the
 institute's servers.  At the moment there is just the one.
 </p>
 </div>
-<div id="outline-container-orgd05be9b" class="outline-3">
-<h3 id="orgd05be9b"><span class="section-number-3">6.1.</span> Include Particulars</h3>
+<div id="outline-container-org88e2a87" class="outline-3">
+<h3 id="org88e2a87"><span class="section-number-3">6.1.</span> Include Particulars</h3>
 <div class="outline-text-3" id="text-6-1">
 <p>
 The <code>all</code> role's task contains a reference to a common institute
@@ -1793,8 +1793,8 @@ uses the institute's CA and server certificates, and expects client
 certificates signed by the institute CA.
 </p>
 </div>
-<div id="outline-container-org0ef137d" class="outline-3">
-<h3 id="org0ef137d"><span class="section-number-3">7.1.</span> Include Particulars</h3>
+<div id="outline-container-org9ed2166" class="outline-3">
+<h3 id="org9ed2166"><span class="section-number-3">7.1.</span> Include Particulars</h3>
 <div class="outline-text-3" id="text-7-1">
 <p>
 The first task, as in <a href="#orgd60dcd1">The All Role</a>, is to include the institute
@@ -1819,8 +1819,8 @@ membership roll, so these are included was well.
 </div>
 </div>
 </div>
-<div id="outline-container-org81e40a8" class="outline-3">
-<h3 id="org81e40a8"><span class="section-number-3">7.2.</span> Configure Hostname</h3>
+<div id="outline-container-org667399b" class="outline-3">
+<h3 id="org667399b"><span class="section-number-3">7.2.</span> Configure Hostname</h3>
 <div class="outline-text-3" id="text-7-2">
 <p>
 This task ensures that Front's <q>/etc/hostname</q> and <q>/etc/mailname</q> are
@@ -1850,8 +1850,8 @@ delivery.
 </div>
 </div>
 </div>
-<div id="outline-container-org57e47eb" class="outline-3">
-<h3 id="org57e47eb"><span class="section-number-3">7.3.</span> Add Administrator to System Groups</h3>
+<div id="outline-container-orgbeed30e" class="outline-3">
+<h3 id="orgbeed30e"><span class="section-number-3">7.3.</span> Add Administrator to System Groups</h3>
 <div class="outline-text-3" id="text-7-3">
 <p>
 The administrator often needs to read (directories of) log files owned
@@ -1910,8 +1910,8 @@ those stored in <a href="Secret/ssh_front/etc/ssh/"><q>Secret/ssh_front/etc/ssh/
 </div>
 </div>
 </div>
-<div id="outline-container-org5b372eb" class="outline-3">
-<h3 id="org5b372eb"><span class="section-number-3">7.5.</span> Configure Monkey</h3>
+<div id="outline-container-org2dfafe1" class="outline-3">
+<h3 id="org2dfafe1"><span class="section-number-3">7.5.</span> Configure Monkey</h3>
 <div class="outline-text-3" id="text-7-5">
 <p>
 The small institute runs cron jobs and web scripts that generate
@@ -1967,8 +1967,8 @@ Monkey uses Rsync to keep the institute's public web site up-to-date.
 </div>
 </div>
 </div>
-<div id="outline-container-orgc3cb428" class="outline-3">
-<h3 id="orgc3cb428"><span class="section-number-3">7.7.</span> Install Unattended Upgrades</h3>
+<div id="outline-container-orge76bee7" class="outline-3">
+<h3 id="orge76bee7"><span class="section-number-3">7.7.</span> Install Unattended Upgrades</h3>
 <div class="outline-text-3" id="text-7-7">
 <p>
 The institute prefers to install security updates as soon as possible.
@@ -1983,8 +1983,8 @@ The institute prefers to install security updates as soon as possible.
 </div>
 </div>
 </div>
-<div id="outline-container-orgdd57567" class="outline-3">
-<h3 id="orgdd57567"><span class="section-number-3">7.8.</span> Configure User Accounts</h3>
+<div id="outline-container-orgb1bb413" class="outline-3">
+<h3 id="orgb1bb413"><span class="section-number-3">7.8.</span> Configure User Accounts</h3>
 <div class="outline-text-3" id="text-7-8">
 <p>
 User accounts are created immediately so that Postfix and Dovecot can
@@ -2027,8 +2027,8 @@ recipient" replies.  The <a href="#orge7fe793">Account Management</a> chapter de
 </div>
 </div>
 </div>
-<div id="outline-container-orgae21fe3" class="outline-3">
-<h3 id="orgae21fe3"><span class="section-number-3">7.9.</span> Install Server Certificate</h3>
+<div id="outline-container-orgf522cdf" class="outline-3">
+<h3 id="orgf522cdf"><span class="section-number-3">7.9.</span> Install Server Certificate</h3>
 <div class="outline-text-3" id="text-7-9">
 <p>
 The servers on Front use the same certificate (and key) to
@@ -2255,8 +2255,8 @@ created by a more specialized role.
 </div>
 </div>
 </div>
-<div id="outline-container-org1901801" class="outline-3">
-<h3 id="org1901801"><span class="section-number-3">7.12.</span> Configure Dovecot IMAPd</h3>
+<div id="outline-container-org2535c23" class="outline-3">
+<h3 id="org2535c23"><span class="section-number-3">7.12.</span> Configure Dovecot IMAPd</h3>
 <div class="outline-text-3" id="text-7-12">
 <p>
 Front uses Dovecot's IMAPd to allow user Fetchmail jobs on Core to
@@ -2612,8 +2612,8 @@ the users' <q>~/Public/HTML/</q> directories.
 </div>
 </div>
 </div>
-<div id="outline-container-org9b09fee" class="outline-3">
-<h3 id="org9b09fee"><span class="section-number-3">7.14.</span> Configure OpenVPN</h3>
+<div id="outline-container-org03de61c" class="outline-3">
+<h3 id="org03de61c"><span class="section-number-3">7.14.</span> Configure OpenVPN</h3>
 <div class="outline-text-3" id="text-7-14">
 <p>
 Front uses OpenVPN to provide the institute's public VPN service.  The
@@ -2896,8 +2896,8 @@ Debian install and remote access to a privileged, administrator's
 account.  (For details, see <a href="#org8d60b7b">The Core Machine</a>.)
 </p>
 </div>
-<div id="outline-container-org410d61d" class="outline-3">
-<h3 id="org410d61d"><span class="section-number-3">8.1.</span> Include Particulars</h3>
+<div id="outline-container-orgbb393c3" class="outline-3">
+<h3 id="orgbb393c3"><span class="section-number-3">8.1.</span> Include Particulars</h3>
 <div class="outline-text-3" id="text-8-1">
 <p>
 The first task, as in <a href="#org9240129">The Front Role</a>, is to include the institute
@@ -2919,8 +2919,8 @@ particulars and membership roll.
 </div>
 </div>
 </div>
-<div id="outline-container-orgb2a100f" class="outline-3">
-<h3 id="orgb2a100f"><span class="section-number-3">8.2.</span> Configure Hostname</h3>
+<div id="outline-container-org0fec6b7" class="outline-3">
+<h3 id="org0fec6b7"><span class="section-number-3">8.2.</span> Configure Hostname</h3>
 <div class="outline-text-3" id="text-8-2">
 <p>
 This task ensures that Core's <q>/etc/hostname</q> and <q>/etc/mailname</q> are
@@ -2953,8 +2953,8 @@ proper email delivery.
 </div>
 </div>
 </div>
-<div id="outline-container-org512893b" class="outline-3">
-<h3 id="org512893b"><span class="section-number-3">8.3.</span> Configure Systemd Resolved</h3>
+<div id="outline-container-org48eccc5" class="outline-3">
+<h3 id="org48eccc5"><span class="section-number-3">8.3.</span> Configure Systemd Resolved</h3>
 <div class="outline-text-3" id="text-8-3">
 <p>
 Core runs the campus name server, so Resolved is configured to use it
@@ -3377,8 +3377,8 @@ craps up <q>/var/log/</q> and the Systemd journal.
 </div>
 </div>
 </div>
-<div id="outline-container-orgd15a13c" class="outline-3">
-<h3 id="orgd15a13c"><span class="section-number-3">8.7.</span> Add Administrator to System Groups</h3>
+<div id="outline-container-org4d265a3" class="outline-3">
+<h3 id="org4d265a3"><span class="section-number-3">8.7.</span> Add Administrator to System Groups</h3>
 <div class="outline-text-3" id="text-8-7">
 <p>
 The administrator often needs to read (directories of) log files owned
@@ -3398,8 +3398,8 @@ these groups speeds up debugging.
 </div>
 </div>
 </div>
-<div id="outline-container-org2dfafe1" class="outline-3">
-<h3 id="org2dfafe1"><span class="section-number-3">8.8.</span> Configure Monkey</h3>
+<div id="outline-container-orgf602306" class="outline-3">
+<h3 id="orgf602306"><span class="section-number-3">8.8.</span> Configure Monkey</h3>
 <div class="outline-text-3" id="text-8-8">
 <p>
 The small institute runs cron jobs and web scripts that generate
@@ -3466,8 +3466,8 @@ described in <a href="#org1ac6235">*Configure Apache2</a>).
 </div>
 </div>
 </div>
-<div id="outline-container-org1f5d4bb" class="outline-3">
-<h3 id="org1f5d4bb"><span class="section-number-3">8.9.</span> Install Unattended Upgrades</h3>
+<div id="outline-container-org4aa0705" class="outline-3">
+<h3 id="org4aa0705"><span class="section-number-3">8.9.</span> Install Unattended Upgrades</h3>
 <div class="outline-text-3" id="text-8-9">
 <p>
 The institute prefers to install security updates as soon as possible.
@@ -3499,8 +3499,8 @@ with Nextcloud on the command line.
 </div>
 </div>
 </div>
-<div id="outline-container-orgb1bb413" class="outline-3">
-<h3 id="orgb1bb413"><span class="section-number-3">8.11.</span> Configure User Accounts</h3>
+<div id="outline-container-org9d61acb" class="outline-3">
+<h3 id="org9d61acb"><span class="section-number-3">8.11.</span> Configure User Accounts</h3>
 <div class="outline-text-3" id="text-8-11">
 <p>
 User accounts are created immediately so that backups can begin
@@ -3542,8 +3542,8 @@ describes the <code>members</code> and <code>usernames</code> variables.
 </div>
 </div>
 </div>
-<div id="outline-container-org6d54f2f" class="outline-3">
-<h3 id="org6d54f2f"><span class="section-number-3">8.12.</span> Install Server Certificate</h3>
+<div id="outline-container-org2157407" class="outline-3">
+<h3 id="org2157407"><span class="section-number-3">8.12.</span> Install Server Certificate</h3>
 <div class="outline-text-3" id="text-8-12">
 <p>
 The servers on Core use the same certificate (and key) to authenticate
@@ -3767,8 +3767,8 @@ installed by more specialized roles.
 </div>
 </div>
 </div>
-<div id="outline-container-org2535c23" class="outline-3">
-<h3 id="org2535c23"><span class="section-number-3">8.16.</span> Configure Dovecot IMAPd</h3>
+<div id="outline-container-orgf01b935" class="outline-3">
+<h3 id="orgf01b935"><span class="section-number-3">8.16.</span> Configure Dovecot IMAPd</h3>
 <div class="outline-text-3" id="text-8-16">
 <p>
 Core uses Dovecot's IMAPd to store and serve member emails.  As on
@@ -5540,8 +5540,8 @@ applied first, by which Gate gets a campus machine's DNS and Postfix
 configurations, etc.
 </p>
 </div>
-<div id="outline-container-org2a37764" class="outline-3">
-<h3 id="org2a37764"><span class="section-number-3">9.1.</span> Include Particulars</h3>
+<div id="outline-container-org4d1b050" class="outline-3">
+<h3 id="org4d1b050"><span class="section-number-3">9.1.</span> Include Particulars</h3>
 <div class="outline-text-3" id="text-9-1">
 <p>
 The following should be familiar boilerplate by now.
@@ -5910,8 +5910,8 @@ the daemon listens <i>only</i> on the Gate-WiFi network interface.
 </div>
 </div>
 </div>
-<div id="outline-container-orgf522cdf" class="outline-3">
-<h3 id="orgf522cdf"><span class="section-number-3">9.6.</span> Install Server Certificate</h3>
+<div id="outline-container-orgc30c758" class="outline-3">
+<h3 id="orgc30c758"><span class="section-number-3">9.6.</span> Install Server Certificate</h3>
 <div class="outline-text-3" id="text-9-6">
 <p>
 The (OpenVPN) server on Gate uses an institute certificate (and key)
@@ -5938,8 +5938,8 @@ and Front) do.
 </div>
 </div>
 </div>
-<div id="outline-container-org03de61c" class="outline-3">
-<h3 id="org03de61c"><span class="section-number-3">9.7.</span> Configure OpenVPN</h3>
+<div id="outline-container-orgb967873" class="outline-3">
+<h3 id="orgb967873"><span class="section-number-3">9.7.</span> Configure OpenVPN</h3>
 <div class="outline-text-3" id="text-9-7">
 <p>
 Gate uses OpenVPN to provide the institute's campus VPN service.  Its
@@ -6066,8 +6066,8 @@ Wireless campus devices can get a key to the campus VPN from the
 configured manually.
 </p>
 </div>
-<div id="outline-container-org88e2a87" class="outline-3">
-<h3 id="org88e2a87"><span class="section-number-3">10.1.</span> Include Particulars</h3>
+<div id="outline-container-org0fcff87" class="outline-3">
+<h3 id="org0fcff87"><span class="section-number-3">10.1.</span> Include Particulars</h3>
 <div class="outline-text-3" id="text-10-1">
 <p>
 The following should be familiar boilerplate by now.
@@ -6083,8 +6083,8 @@ The following should be familiar boilerplate by now.
 </div>
 </div>
 </div>
-<div id="outline-container-org667399b" class="outline-3">
-<h3 id="org667399b"><span class="section-number-3">10.2.</span> Configure Hostname</h3>
+<div id="outline-container-orgef26e47" class="outline-3">
+<h3 id="orgef26e47"><span class="section-number-3">10.2.</span> Configure Hostname</h3>
 <div class="outline-text-3" id="text-10-2">
 <p>
 Clients should be using the expected host name.
@@ -6111,8 +6111,8 @@ Clients should be using the expected host name.
 </div>
 </div>
 </div>
-<div id="outline-container-org48eccc5" class="outline-3">
-<h3 id="org48eccc5"><span class="section-number-3">10.3.</span> Configure Systemd Resolved</h3>
+<div id="outline-container-org64e4c11" class="outline-3">
+<h3 id="org64e4c11"><span class="section-number-3">10.3.</span> Configure Systemd Resolved</h3>
 <div class="outline-text-3" id="text-10-3">
 <p>
 Campus machines use the campus name server on Core (or <code>dns.google</code>),
@@ -6183,8 +6183,8 @@ and file timestamps.
 </div>
 </div>
 </div>
-<div id="outline-container-orgbeed30e" class="outline-3">
-<h3 id="orgbeed30e"><span class="section-number-3">10.5.</span> Add Administrator to System Groups</h3>
+<div id="outline-container-org1d7831c" class="outline-3">
+<h3 id="org1d7831c"><span class="section-number-3">10.5.</span> Add Administrator to System Groups</h3>
 <div class="outline-text-3" id="text-10-5">
 <p>
 The administrator often needs to read (directories of) log files owned
@@ -6204,8 +6204,8 @@ these groups speeds up debugging.
 </div>
 </div>
 </div>
-<div id="outline-container-orge76bee7" class="outline-3">
-<h3 id="orge76bee7"><span class="section-number-3">10.6.</span> Install Unattended Upgrades</h3>
+<div id="outline-container-orgfb6d583" class="outline-3">
+<h3 id="orgfb6d583"><span class="section-number-3">10.6.</span> Install Unattended Upgrades</h3>
 <div class="outline-text-3" id="text-10-6">
 <p>
 The institute prefers to install security updates as soon as possible.
@@ -6282,31 +6282,26 @@ tasks below.
 </div>
 </div>
 </div>
-<div id="outline-container-org546611a" class="outline-3">
-<h3 id="org546611a"><span class="section-number-3">10.8.</span> Hard-wire Important IP Addresses</h3>
+<div id="outline-container-orgcdd657f" class="outline-3">
+<h3 id="orgcdd657f"><span class="section-number-3">10.8.</span> Set Domain Name</h3>
 <div class="outline-text-3" id="text-10-8">
 <p>
-For the edification of programs consulting the <q>/etc/hosts</q> file, the
-institute's domain name and public IP address are added.  The Debian
-custom of translating the host name into <code>127.0.1.1</code> is also followed.
+The host's fully qualified (private) domain name (FQDN) is set by an
+alias in its <q>/etc/hosts</q> file, as is customary on Debian.  (See "The
+"recommended method of setting the FQDN" in the <code>hostname(1)</code>
+manpage.)
 </p>
 
 <div class="org-src-container">
 <a href="roles_t/campus/tasks/main.yml"><q>roles_t/campus/tasks/main.yml</q></a><pre class="src src-conf">
-- name: Hard-wire important IP addresses.
+- name: Set domain name.
   become: yes
-  lineinfile:
-    path: /etc/hosts
-    regexp: <span class="org-string">"{{ item.regexp }}"</span>
-    line: <span class="org-string">"{{ item.line }}"</span>
-    insertafter: EOF
   vars:
     name: <span class="org-string">"{{ inventory_hostname }}"</span>
-  loop:
-  - regexp: <span class="org-string">"^{{ front_addr }}[         ].*"</span>
-    line: <span class="org-string">"{{ front_addr }}     {{ domain_name }}"</span>
-  - regexp: <span class="org-string">"^127.0.1.1[        ].*"</span>
-    line: <span class="org-string">"127.0.1.1    {{ name }}.localdomain {{ name }}"</span>
+  lineinfile:
+    path: /etc/hosts
+    regexp: <span class="org-string">"^127.0.1.1[        ].*"</span>
+    line: <span class="org-string">"127.0.1.1    {{ name }}.{{ domain_priv }} {{ name }}"</span>
 </pre>
 </div>
 </div>
@@ -9145,7 +9140,7 @@ routes on Front and Gate, making the simulation less&#x2026; similar.
 </div></div>
 <div id="postamble" class="status">
 <p class="author">Author: Matt Birkholz</p>
-<p class="date">Created: 2024-04-01 Mon 18:11</p>
+<p class="date">Created: 2024-04-03 Wed 11:00</p>
 <p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p>
 </div>
 </body>
-- 
2.25.1