From 4fa094d6b5a9ece284a55d665dea49b38554cf57 Mon Sep 17 00:00:00 2001 From: Matt Birkholz Date: Thu, 28 Dec 2023 16:08:11 -0700 Subject: [PATCH] Merge Institute. Update README.html. --- Institute | 2 +- README.html | 235 ++++++++++------------------------------------------ 2 files changed, 47 insertions(+), 190 deletions(-) diff --git a/Institute b/Institute index 5e2be73..86964fe 160000 --- a/Institute +++ b/Institute @@ -1 +1 @@ -Subproject commit 5e2be7364f649d078cf0fe499f802d60e31d7553 +Subproject commit 86964fe9486c73c726b8ae0eb537d7956e17f81d diff --git a/README.html b/README.html index e9506bf..e62163e 100644 --- a/README.html +++ b/README.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + Birchwood Abbey Networks @@ -65,7 +65,7 @@ map is very similar, with differences mainly in terminology, philosophy, attitude.

-
+
                 |                                                   
                 =                                                   
               _|||_                                                 
@@ -136,8 +136,8 @@ with Apache2, spooling email with Postfix and serving it with
 Dovecot-IMAPd, and hosting a VPN with OpenVPN.
 

 
-

-
3.1. Install Emacs

+

+
3.1. Install Emacs

 

 

 The monks of the abbey are masters of the staff (bo) and Emacs.
@@ -487,57 +487,9 @@ web site /favicon.ico.
 

 

 

-

-
3.5. Configure CGit on Front

-

-

-CGit is handled similarly, modifying /etc/cgitrc to reference a
-CGIT_SCANPATH environment variable set by Apache re-write rules.
-The resulting Apache directives are given in apache-cgit and the
-Ansible tasks in apache-cgit-tasks, for both Front and Core.
-

-
-

-apache-cgit
-ScriptAlias /cgit/ /usr/lib/cgit/cgit.cgi/
-Alias /cgit-css/ /usr/share/cgit/
-<Directory "/usr/lib/cgit/">
-   AllowOverride None
-   Options ExecCGI FollowSymlinks
-   Require all granted
-</Directory>
-RewriteRule ^/cgit?(/.*)$ \
-            /cgit$1 [QSA,E=CGIT_SCANPATH:/var/www/git/,L,PT]
-RewriteRule ^/\~([^\/]+)/cgit(/.*)?$ \
-            /cgit$2 [QSA,E=CGIT_SCANPATH:/home/$1/Public/Git/,L,PT]
-

-

-
-

-apache-cgi-tasks
- name: Install CGit.
-  become: yes
-  apt: pkg=cgit
-
-- name: Disable CGit default configuration.
-  become: yes
-  command:
-    cmd: a2disconf -q cgit
-    removes: /etc/apache2/conf-enabled/cgit.conf
-
-- name: Override CGit scan path.
-  become: yes
-  lineinfile:
-    path: /etc/cgitrc
-    regexp: "^scan-path *="
-    line: "scan-path=$CGIT_SCANPATH"
-  notify: Restart Apache2.
-

-

-

-

 

-
3.6. Configure Apache for Abbey Documentation

-

+
3.5. Configure Apache for Abbey Documentation

+

 

 Some of the directives added to the -vhost.conf file are needed by
 the abbey's documentation, published at
@@ -563,8 +515,8 @@ filename suffixes.
 

 

 

-
3.7. Configure Photos URLs on Front

-

+
3.6. Configure Photos URLs on Front

+

 

 Some of the directives added to the -vhost.conf file map the abbey's
 abstract photo URLs, e.g. /Photos/2022/08/06/, into actual file
@@ -589,8 +541,8 @@ AliasMatch /Photos/$ {{ docroot }}/Photos/index.html
 

 

 

-
3.8. Configure Apache on Front

-

+
3.7. Configure Apache on Front

+

 

 The abbey needs to add some Apache2 configuration directives to the
 virtual host listening for HTTPS requests to birchwood-abbey.net.
@@ -600,11 +552,11 @@ The abbey simply creates a birchwood-abbey.net-vhost.conf file in
 

 
 

-The following task adds the apache-abbey, apache-photos,
-apache-gitweb, and apache-cgit directives described above to the
--vhost.conf file, and includes options-ssl-apache.conf from
-/etc/letsencrypt/.  The rest of the Let's Encrypt configuration is
-discussed in the following Install Let's Encrypt section.
+The following task adds the apache-abbey, apache-photos, and
+apache-gitweb directives described above to the -vhost.conf file,
+and includes options-ssl-apache.conf from /etc/letsencrypt/.  The
+rest of the Let's Encrypt configuration is discussed in the following
+Install Let's Encrypt section.
 

 
 

@@ -639,18 +591,6 @@ discussed in the following Install Let's Encrypt secti
         RewriteRule ^/\~([^\/]+)/gitweb(\.cgi)?(/.*)?$ \
                     /cgi-bin/gitweb.cgi$3 \
                     [QSA,E=GITWEB_PROJECTROOT:/home/$1/Public/Git/,L,PT]
-
-        ScriptAlias /cgit/ /usr/lib/cgit/cgit.cgi/
-        Alias /cgit-css/ /usr/share/cgit/
-        <Directory "/usr/lib/cgit/">
-           AllowOverride None
-           Options ExecCGI FollowSymlinks
-           Require all granted
-        </Directory>
-        RewriteRule ^/cgit?(/.*)$ \
-                    /cgit$1 [QSA,E=CGIT_SCANPATH:/var/www/git/,L,PT]
-        RewriteRule ^/\~([^\/]+)/cgit(/.*)?$ \
-                    /cgit$2 [QSA,E=CGIT_SCANPATH:/home/$1/Public/Git/,L,PT]
         IncludeOptional /etc/letsencrypt/options-ssl-apache.conf
     dest: /etc/apache2/sites-available/{{ domain_name }}-vhost.conf
   notify: Restart Apache2.
@@ -695,24 +635,6 @@ discussed in the following Install Let's Encrypt secti
       $javascript = "/gitweb-static/gitweb.js";
     dest: /etc/gitweb.conf
     mode: u=rw,g=r,o=r
-
-- name: Install CGit.
-  become: yes
-  apt: pkg=cgit
-
-- name: Disable CGit default configuration.
-  become: yes
-  command:
-    cmd: a2disconf -q cgit
-    removes: /etc/apache2/conf-enabled/cgit.conf
-
-- name: Override CGit scan path.
-  become: yes
-  lineinfile:
-    path: /etc/cgitrc
-    regexp: "^scan-path *="
-    line: "scan-path=$CGIT_SCANPATH"
-  notify: Restart Apache2.
 

 
 
@@ -728,8 +650,8 @@ discussed in the following Install Let's Encrypt secti
 
 
 

-
3.9. Configure Apache Log Archival

-

+
3.8. Configure Apache Log Archival

+

 

 These tasks hack Apache's logrotate(8) configuration to rotate
 weekly, keep the last 12 weeks, and email each week's log to root.
@@ -858,8 +780,8 @@ Droplet's ISP's Mom, the NSA/CIA/NWO.
 

 

 

-
3.10. Install Let's Encrypt

-

+
3.9. Install Let's Encrypt

+

 

 The abbey uses a Let's Encrypt certificate to authenticate its public
 web site and email services.  Initial installation of a Let's Encrypt
@@ -867,7 +789,7 @@ certificate is a terminal session affair (with prompts and lines
 entered as shown below).
 

 
-
+
 $ sudo apt install python3-certbot-apache
 $ sudo certbot --apache -d birchwood-abbey.net
 ...
@@ -978,8 +900,8 @@ restarted manually.
 

 

 

-
3.11. Rotate Let's Encrypt Log

-

+
3.10. Rotate Let's Encrypt Log

+

 

 The following task arranges to rotate Certbot's logs files.
 

@@ -1007,8 +929,8 @@ The following task arranges to rotate Certbot's logs files.
 

 

 

-
3.12. Archive Let's Encrypt Data

-

+
3.11. Archive Let's Encrypt Data

+

 

 A backup copy of Let's Encrypt's data (/etc/letsencrypt/) is sent to
 root@core in S/MIME encrypted email every time it changes.  Changes
@@ -1207,7 +1129,7 @@ services on Front and Core.  See 3.3 and
 The Apache2 configuration on Core specifies three web sites (live,
 test, and campus).  The live and test sites must operate just like the
 site on Front.  Their configurations include the same apache-abbey,
-apache-photos, apache-gitweb, and apache-cgit used on Front.
+apache-photos, and apache-gitweb used on Front.
 

 
 

@@ -1242,18 +1164,6 @@ site on Front.  Their configurations include the same QSA,E=GITWEB_PROJECTROOT:/home/$1/Public/Git/,L,PT]
-
-        ScriptAlias /cgit/ /usr/lib/cgit/cgit.cgi/
-        Alias /cgit-css/ /usr/share/cgit/
-        <Directory "/usr/lib/cgit/">
-           AllowOverride None
-           Options ExecCGI FollowSymlinks
-           Require all granted
-        </Directory>
-        RewriteRule ^/cgit?(/.*)$ \
-                    /cgit$1 [QSA,E=CGIT_SCANPATH:/var/www/git/,L,PT]
-        RewriteRule ^/\~([^\/]+)/cgit(/.*)?$ \
-                    /cgit$2 [QSA,E=CGIT_SCANPATH:/home/$1/Public/Git/,L,PT]
     dest: /etc/apache2/sites-available/live-vhost.conf
     mode: u=rw,g=r,o=r
   notify: Restart Apache2.
@@ -1288,18 +1198,6 @@ site on Front.  Their configurations include the same QSA,E=GITWEB_PROJECTROOT:/home/$1/Public/Git/,L,PT]
-
-        ScriptAlias /cgit/ /usr/lib/cgit/cgit.cgi/
-        Alias /cgit-css/ /usr/share/cgit/
-        <Directory "/usr/lib/cgit/">
-           AllowOverride None
-           Options ExecCGI FollowSymlinks
-           Require all granted
-        </Directory>
-        RewriteRule ^/cgit?(/.*)$ \
-                    /cgit$1 [QSA,E=CGIT_SCANPATH:/var/www/git/,L,PT]
-        RewriteRule ^/\~([^\/]+)/cgit(/.*)?$ \
-                    /cgit$2 [QSA,E=CGIT_SCANPATH:/home/$1/Public/Git/,L,PT]
     dest: /etc/apache2/sites-available/test-vhost.conf
     mode: u=rw,g=r,o=r
   notify: Restart Apache2.
@@ -1344,24 +1242,6 @@ site on Front.  Their configurations include the same $javascript = "/gitweb-static/gitweb.js";
     dest: /etc/gitweb.conf
     mode: u=rw,g=r,o=r
-
-- name: Install CGit.
-  become: yes
-  apt: pkg=cgit
-
-- name: Disable CGit default configuration.
-  become: yes
-  command:
-    cmd: a2disconf -q cgit
-    removes: /etc/apache2/conf-enabled/cgit.conf
-
-- name: Override CGit scan path.
-  become: yes
-  lineinfile:
-    path: /etc/cgitrc
-    regexp: "^scan-path *="
-    line: "scan-path=$CGIT_SCANPATH"
-  notify: Restart Apache2.
@@ -1384,8 +1264,7 @@ The institute serves its /usr/share/doc/ on the house (campus) web site. This is a debugging convenience, making some HTML documentation more accessible, especially the documentation of software installed on Core and not on typical desktop clients. Also included: the Apache2 -directives that enable user Git publishing with Gitweb and CGit -(defined here and here respectively). +directives that enable user Git publishing with Gitweb (defined here).

@@ -1409,18 +1288,6 @@ directives that enable user Git publishing with Gitweb and CGit RewriteRule ^/\~([^\/]+)/gitweb(\.cgi)?(/.*)?$ \ /cgi-bin/gitweb.cgi$3 \ [QSA,E=GITWEB_PROJECTROOT:/home/$1/Public/Git/,L,PT] - - ScriptAlias /cgit/ /usr/lib/cgit/cgit.cgi/ - Alias /cgit-css/ /usr/share/cgit/ - <Directory "/usr/lib/cgit/"> - AllowOverride None - Options ExecCGI FollowSymlinks - Require all granted - </Directory> - RewriteRule ^/cgit?(/.*)$ \ - /cgit$1 [QSA,E=CGIT_SCANPATH:/var/www/git/,L,PT] - RewriteRule ^/\~([^\/]+)/cgit(/.*)?$ \ - /cgit$2 [QSA,E=CGIT_SCANPATH:/home/$1/Public/Git/,L,PT] dest: /etc/apache2/sites-available/www-vhost.conf mode: u=rw,g=r,o=r notify: Restart Apache2. @@ -1445,8 +1312,8 @@ The abbey uses the Apt-Cacher:TNG package cache on Core. The
-
-

4.7. Use Cloister Apt Cache

+
+

4.7. Use Cloister Apt Cache

Core itself will benefit from using the package cache. @@ -1557,7 +1424,7 @@ recognizable temperature in the sensors output. brief_data() { echo "$1" | sed -n -E -e ' - /^temp[0-9]+: +[-+][0-9.]+°C/ { s/^temp[0-9]+: +([-+][0-9.]+)°C.*/ \1/; H } + /^temp[0-9]+: +[-+][0-9.]+.?C/ { s/^temp[0-9]+: +([-+][0-9.]+).?C.*/ \1/; H } $ { x; s/\n//g; p }' } @@ -1629,6 +1496,10 @@ Kessel is a wireless host while Kamino is wired. Devaron, the Raspberry Pi OS (ARM64) machine, uses the abbey_pisensors monitor.

+

+Kamino is currently unmonitored as it is now rarely powered up. +

+
roles_t/abbey-core/tasks/main.yml
 - name: Configure cloister NAGIOS monitoring.
@@ -1636,7 +1507,7 @@ Raspberry Pi OS (ARM64) machine, uses the abbey_pisensors monitor.
   template:
     src: nagios-{{ item }}.cfg
     dest: /etc/nagios4/conf.d/{{ item }}.cfg
-  loop: [ devaron, kamino, kessel ]
+  loop: [ devaron, kessel ]
   notify: Reload NAGIOS4.
@@ -2044,8 +1915,8 @@ clients: Android, Debian and Campus. The last type never roams, and is not associated with a member of the small institute.

-
-

6.1. Use Cloister Apt Cache

+
+

6.1. Use Cloister Apt Cache

The Apt-Cacher:TNG program does not work well on the frontier, so is @@ -2115,8 +1986,8 @@ Raspberry Pis (architecture aarch64) only.

-
-

6.3. Install Emacs

+
+

6.3. Install Emacs

The monks of the abbey are masters of the staff and Emacs. @@ -2183,7 +2054,7 @@ Listing them (e.g. running owdir /26.nnnnnnnn or owdir below. A test session is shown below.

-
+
 monkey@new$ owdir
 ...
     /26.2153B6000000/
@@ -2619,8 +2490,8 @@ described in the final section, Configure Cameras, bel
-
-

8.4. Include Abbey Variables

+
+

8.4. Include Abbey Variables

In this abbey specific document, most abbey particulars are not @@ -3054,8 +2925,8 @@ machine simply by adding it to the tvrs group.

-
-

9.3. Include Abbey Variables

+
+

9.3. Include Abbey Variables

In this abbey specific document, most abbey particulars are not @@ -3607,7 +3478,7 @@ the list of "inputs" available in a postal code typically ends with the OTA (over the air) broadcasts.

-
+
 $ tv_grab_zz_sdjson --configure --config-file .mythtv/Mr.Antenna.xmltv
 Cache file for lineups, schedules and programs.
 Cache file: [/home/mythtv/.xmltv/tv_grab_zz_sdjson.cache]
@@ -4024,7 +3895,6 @@ except the roles are found in Institute/roles/ as well as roles/.
       hosts:
         anoat:
         devaron:
-        kamino:
         kessel:
     weather:
       hosts:
@@ -4043,7 +3913,6 @@ except the roles are found in Institute/roles/ as well as roles/.
       hosts:
         devaron:
         geonosis:
-        kamino:
@@ -4143,19 +4012,7 @@ The script begins with the following prefix and trampolines. use strict; -if ($ARGV[0] eq "config") { - exec "./Institute/inst", @ARGV; -} -if ($ARGV[0] eq "new") { - exec "./Institute/inst", @ARGV; -} -if ($ARGV[0] eq "old") { - exec "./Institute/inst", @ARGV; -} -if ($ARGV[0] eq "pass") { - exec "./Institute/inst", @ARGV; -} -if ($ARGV[0] eq "client") { +if (grep { $_ eq $ARGV[0] } qw(CA config new old pass client)) { exec "./Institute/inst", @ARGV; } @@ -5037,7 +4894,7 @@ to private/db.campus_vpn.)

Author: Matt Birkholz

-

Created: 2023-12-18 Mon 10:33

+

Created: 2023-12-28 Thu 16:07

Validate

-- 2.25.1