From a3ec772b7cc4eb3348dc224c5ebc3708bd11ccd2 Mon Sep 17 00:00:00 2001 From: Matt Birkholz Date: Sat, 30 Dec 2023 16:00:21 -0700 Subject: [PATCH] Remove "birchwood.private". Mention Institute/private/vars.yml. Tried to explain why there is no private/ in the distribution. Pointed out the example private/vars.yml file (in Institute/private/). --- README.org | 41 +++++++++++++++++++++-------------------- 1 file changed, 21 insertions(+), 20 deletions(-) diff --git a/README.org b/README.org index fcf8298..1877b57 100644 --- a/README.org +++ b/README.org @@ -81,8 +81,10 @@ philosophy, attitude. The abbey's public particulars are included below. They are the public particulars of a small institute, nothing more. As for the -abbey's private data, examples (only! ;-) are included in the -following chapters. +abbey's private parameters, in =private/vars-abbey.yml=, example lines +(only! ;-) are included in the following chapters. An example of the +abbey's private institutional parameters, =private/vars.yml=, can be +found in [[file:Institute/private/vars.yml][=Institute/private/vars.yml=]]. #+CAPTION: =public/vars.yml= #+BEGIN_SRC conf :tangle public/vars.yml :mkdirp yes @@ -1391,9 +1393,9 @@ TPE-R1300 (and at one time a Linksys WRT1900AC). The ~isp~ interface is another USB3.0 Ethernet adapter connected with a cross-over cable to the Ethernet interface of a "cable modem" (a Starlink terminal). -The MAC address of each interface is set in =private/vars.yml=, the -values of the ~gate_lan_mac~, ~gate_wifi_mac~ and ~gate_isp_mac~ -variables. +The MAC address of each interface is set in =private/vars.yml= (see +[[file:Institute/private/vars.yml][=Institute/private/vars.yml=]]) as the values of the ~gate_lan_mac~, +~gate_wifi_mac~ and ~gate_isp_mac~ variables. ** The Abbey's Starlink Configuration @@ -2115,7 +2117,6 @@ the ~apg -n 1 -x 12 -m 12~ command. #+CAPTION: =private/vars-abbey.yml= #+BEGIN_SRC conf ---- zoneminder_dbpass: gakJopbikJadsEdd #+END_SRC @@ -3584,10 +3585,10 @@ A wired device is assigned an IP address when it is added to Core's DHCP configuration (as in [[*Add to Core DHCP][Add to Core DHCP]]). A private domain name is then associated with this address. If the device is intended to operate wirelessly, the name for its address is modified with a ~-w~ -suffix. Thus ~new-w.birchwood.private~ would be the name of the new +suffix. Thus ~new-w.small.private~ would be the name of the new device while it is temporarily connected to the cloister Ethernet, and -~new.birchwood.private~ would be its "normal" name used when it is on -the cloister Wi-Fi. +~new.small.private~ would be its "normal" name used when it is on the +cloister Wi-Fi. The private domain name is created by adding a line like the following to =private/db.domain= and incrementing the serial number at the top @@ -3602,14 +3603,14 @@ following to =private/db.private= and incrementing the serial number at the top of that file. #+BEGIN_SRC conf -4 IN PTR new-w.birchwood.private. +4 IN PTR new-w.small.private. #+END_SRC After ~./abbey config core~ updates Core, resolution of the ~new-w~ name can be tested. #+BEGIN_SRC sh -resolvectl query new-w.birchwood.private. +resolvectl query new-w.small.private. resolvectl query 192.168.56.4 #+END_SRC @@ -3617,7 +3618,7 @@ resolvectl query 192.168.56.4 - Log in as ~sysadm~ on the console. - Create =/etc/apt/apt.conf.d/01proxy=. - : D=apt-cacher.birchwood.private. + : D=apt-cacher.small.private. : echo "Acquire::http::Proxy \"http://$D:3142\";" \ : > | sudo tee /etc/apt/apt.conf.d/01proxy - Update the system and reboot. @@ -3808,7 +3809,7 @@ rm campus.ovpn public.ovpn ssh sysadm@dicks-notebook.lan sudo apt install openvpn openvpn-systemd-resolved \ network-manager-openvpn-gnome -ping -c1 core.birchwood.private. +ping -c1 core.small.private. #+END_SRC Note that Dick's notebook does not need to connect to the cloister @@ -3858,10 +3859,10 @@ cloister Wi-Fi, and a "VPN address" when it connects to Gate's OpenVPN server. The VPN address can be discovered by running ~ip addr show dev ovpn~ on the machine, or inspecting =/etc/openvpn/ipp.txt= on Gate. Once discovered, a private domain name, -e.g. ~new.birchwood.private~, can be associated with the VPN address, -e.g ~10.84.138.7~. The administrator adds a line like the following -to =private/db.domain= and increments the serial number at the top of -the file. +e.g. ~new.small.private~, can be associated with the VPN address, e.g +~10.84.138.7~. The administrator adds a line like the following to +=private/db.domain= and increments the serial number at the top of the +file. #+BEGIN_SRC conf new IN A 10.84.138.7 @@ -3872,20 +3873,20 @@ like the following to =private/db.campus_vpn= and incrementing the serial number at the top of that file. #+BEGIN_SRC conf -7 IN PTR new.birchwood.private. +7 IN PTR new.small.private. #+END_SRC After ~./abbey config core~ updates Core, the administrator can test resolution of the new name. #+BEGIN_SRC sh -resolvectl query new.birchwood.private. +resolvectl query new.small.private. resolvectl query 10.84.138.7 #+END_SRC A wireless device with no Ethernet interface and unable to run OpenVPN gets just a Wi-Fi address. It can be given a private domain name -(e.g. ~new.birchwood.private~) associated with the Wi-Fi address +(e.g. ~new.small.private~) associated with the Wi-Fi address (e.g. ~192.168.10.225~), but a reverse lookup on a machine connected to the Wi-Fi may yield a name like ~new.lan~ (provided by the access point) while elsewhere (e.g. on the cloister Ethernet) the IP address -- 2.25.1