From c0cc0ed8f0092c0ad80d407fefc7a2d20b3c4db8 Mon Sep 17 00:00:00 2001
From: Matt Birkholz <matt@birchwood-abbey.net>
Date: Wed, 8 May 2024 14:43:00 -0600
Subject: [PATCH] Update README.html.

---
 README.html | 374 +++++++++++++++++++++++++---------------------------
 1 file changed, 176 insertions(+), 198 deletions(-)

diff --git a/README.html b/README.html
index 2adc81a..342fbbd 100644
--- a/README.html
+++ b/README.html
@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2024-05-03 Fri 10:44 -->
+<!-- 2024-05-08 Wed 14:42 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>A Small Institute</title>
@@ -48,7 +48,7 @@ connects to Front making the institute email, cloud, etc. available to
 members off campus.
 </p>
 
-<pre class="example" id="org54e48fc">
+<pre class="example" id="org45c8e96">
                 =                                                   
               _|||_                                                 
         =-The-Institute-=                                           
@@ -1022,7 +1022,7 @@ example result follows the code.
 </pre>
 </div>
 
-<div class="TEXT" id="orgba5292c">
+<div class="TEXT" id="org42b732b">
 <p>
 =&gt; 10.62.17.0/24
 </p>
@@ -1475,7 +1475,7 @@ USB-Ethernet adapter, or a wireless adapter connected to a
 campground Wi-Fi access point, etc.</li>
 </ol>
 
-<pre class="example" id="org7ce76e5">
+<pre class="example" id="org42f1391">
 =============== | ==================================================
                 |                                           Premises
           (Campus ISP)                                              
@@ -1498,7 +1498,7 @@ This avoids the need for a second Wi-Fi access point and leads to the
 following topology.
 </p>
 
-<pre class="example" id="org10903d3">
+<pre class="example" id="org3745e1f">
 =============== | ==================================================
                 |                                           Premises
            (House ISP)                                              
@@ -1651,8 +1651,8 @@ The <code>all</code> role contains tasks that are executed on all of the
 institute's servers.  At the moment there is just the one.
 </p>
 </div>
-<div id="outline-container-org4e74a72" class="outline-3">
-<h3 id="org4e74a72"><span class="section-number-3">6.1.</span> Include Particulars</h3>
+<div id="outline-container-orgf4bacc5" class="outline-3">
+<h3 id="orgf4bacc5"><span class="section-number-3">6.1.</span> Include Particulars</h3>
 <div class="outline-text-3" id="text-6-1">
 <p>
 The <code>all</code> role's task contains a reference to a common institute
@@ -1793,8 +1793,8 @@ uses the institute's CA and server certificates, and expects client
 certificates signed by the institute CA.
 </p>
 </div>
-<div id="outline-container-org46c277d" class="outline-3">
-<h3 id="org46c277d"><span class="section-number-3">7.1.</span> Include Particulars</h3>
+<div id="outline-container-org3abef52" class="outline-3">
+<h3 id="org3abef52"><span class="section-number-3">7.1.</span> Include Particulars</h3>
 <div class="outline-text-3" id="text-7-1">
 <p>
 The first task, as in <a href="#orgd60dcd1">The All Role</a>, is to include the institute
@@ -1819,8 +1819,8 @@ membership roll, so these are included was well.
 </div>
 </div>
 </div>
-<div id="outline-container-org6f97126" class="outline-3">
-<h3 id="org6f97126"><span class="section-number-3">7.2.</span> Configure Hostname</h3>
+<div id="outline-container-org5206757" class="outline-3">
+<h3 id="org5206757"><span class="section-number-3">7.2.</span> Configure Hostname</h3>
 <div class="outline-text-3" id="text-7-2">
 <p>
 This task ensures that Front's <q>/etc/hostname</q> and <q>/etc/mailname</q> are
@@ -1850,8 +1850,8 @@ delivery.
 </div>
 </div>
 </div>
-<div id="outline-container-orgc133751" class="outline-3">
-<h3 id="orgc133751"><span class="section-number-3">7.3.</span> Add Administrator to System Groups</h3>
+<div id="outline-container-org6909535" class="outline-3">
+<h3 id="org6909535"><span class="section-number-3">7.3.</span> Add Administrator to System Groups</h3>
 <div class="outline-text-3" id="text-7-3">
 <p>
 The administrator often needs to read (directories of) log files owned
@@ -1910,8 +1910,8 @@ those stored in <a href="Secret/ssh_front/etc/ssh/"><q>Secret/ssh_front/etc/ssh/
 </div>
 </div>
 </div>
-<div id="outline-container-org7915c60" class="outline-3">
-<h3 id="org7915c60"><span class="section-number-3">7.5.</span> Configure Monkey</h3>
+<div id="outline-container-org4e16e32" class="outline-3">
+<h3 id="org4e16e32"><span class="section-number-3">7.5.</span> Configure Monkey</h3>
 <div class="outline-text-3" id="text-7-5">
 <p>
 The small institute runs cron jobs and web scripts that generate
@@ -1967,8 +1967,8 @@ Monkey uses Rsync to keep the institute's public web site up-to-date.
 </div>
 </div>
 </div>
-<div id="outline-container-org09cd0a8" class="outline-3">
-<h3 id="org09cd0a8"><span class="section-number-3">7.7.</span> Install Unattended Upgrades</h3>
+<div id="outline-container-orgeed5ae9" class="outline-3">
+<h3 id="orgeed5ae9"><span class="section-number-3">7.7.</span> Install Unattended Upgrades</h3>
 <div class="outline-text-3" id="text-7-7">
 <p>
 The institute prefers to install security updates as soon as possible.
@@ -1983,8 +1983,8 @@ The institute prefers to install security updates as soon as possible.
 </div>
 </div>
 </div>
-<div id="outline-container-org257e089" class="outline-3">
-<h3 id="org257e089"><span class="section-number-3">7.8.</span> Configure User Accounts</h3>
+<div id="outline-container-orgc8ba404" class="outline-3">
+<h3 id="orgc8ba404"><span class="section-number-3">7.8.</span> Configure User Accounts</h3>
 <div class="outline-text-3" id="text-7-8">
 <p>
 User accounts are created immediately so that Postfix and Dovecot can
@@ -2027,8 +2027,8 @@ recipient" replies.  The <a href="#orge7fe793">Account Management</a> chapter de
 </div>
 </div>
 </div>
-<div id="outline-container-org5259a7b" class="outline-3">
-<h3 id="org5259a7b"><span class="section-number-3">7.9.</span> Install Server Certificate</h3>
+<div id="outline-container-org19b4e27" class="outline-3">
+<h3 id="org19b4e27"><span class="section-number-3">7.9.</span> Install Server Certificate</h3>
 <div class="outline-text-3" id="text-7-9">
 <p>
 The servers on Front use the same certificate (and key) to
@@ -2255,8 +2255,8 @@ created by a more specialized role.
 </div>
 </div>
 </div>
-<div id="outline-container-org8c230d4" class="outline-3">
-<h3 id="org8c230d4"><span class="section-number-3">7.12.</span> Configure Dovecot IMAPd</h3>
+<div id="outline-container-orgbb94cf7" class="outline-3">
+<h3 id="orgbb94cf7"><span class="section-number-3">7.12.</span> Configure Dovecot IMAPd</h3>
 <div class="outline-text-3" id="text-7-12">
 <p>
 Front uses Dovecot's IMAPd to allow user Fetchmail jobs on Core to
@@ -2612,8 +2612,8 @@ the users' <q>~/Public/HTML/</q> directories.
 </div>
 </div>
 </div>
-<div id="outline-container-org19cf6c6" class="outline-3">
-<h3 id="org19cf6c6"><span class="section-number-3">7.14.</span> Configure OpenVPN</h3>
+<div id="outline-container-org7469fd3" class="outline-3">
+<h3 id="org7469fd3"><span class="section-number-3">7.14.</span> Configure OpenVPN</h3>
 <div class="outline-text-3" id="text-7-14">
 <p>
 Front uses OpenVPN to provide the institute's public VPN service.  The
@@ -2896,8 +2896,8 @@ Debian install and remote access to a privileged, administrator's
 account.  (For details, see <a href="#org8d60b7b">The Core Machine</a>.)
 </p>
 </div>
-<div id="outline-container-org813bdbd" class="outline-3">
-<h3 id="org813bdbd"><span class="section-number-3">8.1.</span> Include Particulars</h3>
+<div id="outline-container-org168f170" class="outline-3">
+<h3 id="org168f170"><span class="section-number-3">8.1.</span> Include Particulars</h3>
 <div class="outline-text-3" id="text-8-1">
 <p>
 The first task, as in <a href="#org9240129">The Front Role</a>, is to include the institute
@@ -2919,8 +2919,8 @@ particulars and membership roll.
 </div>
 </div>
 </div>
-<div id="outline-container-org9e33869" class="outline-3">
-<h3 id="org9e33869"><span class="section-number-3">8.2.</span> Configure Hostname</h3>
+<div id="outline-container-org12b7127" class="outline-3">
+<h3 id="org12b7127"><span class="section-number-3">8.2.</span> Configure Hostname</h3>
 <div class="outline-text-3" id="text-8-2">
 <p>
 This task ensures that Core's <q>/etc/hostname</q> and <q>/etc/mailname</q> are
@@ -2953,8 +2953,8 @@ proper email delivery.
 </div>
 </div>
 </div>
-<div id="outline-container-org1fe8eef" class="outline-3">
-<h3 id="org1fe8eef"><span class="section-number-3">8.3.</span> Configure Systemd Resolved</h3>
+<div id="outline-container-org965db3d" class="outline-3">
+<h3 id="org965db3d"><span class="section-number-3">8.3.</span> Configure Systemd Resolved</h3>
 <div class="outline-text-3" id="text-8-3">
 <p>
 Core runs the campus name server, so Resolved is configured to use it
@@ -3367,8 +3367,8 @@ probably be used as forwarders rather than Google.
 </div>
 </div>
 </div>
-<div id="outline-container-org9cd1752" class="outline-3">
-<h3 id="org9cd1752"><span class="section-number-3">8.7.</span> Add Administrator to System Groups</h3>
+<div id="outline-container-orgd1f4c06" class="outline-3">
+<h3 id="orgd1f4c06"><span class="section-number-3">8.7.</span> Add Administrator to System Groups</h3>
 <div class="outline-text-3" id="text-8-7">
 <p>
 The administrator often needs to read (directories of) log files owned
@@ -3388,8 +3388,8 @@ these groups speeds up debugging.
 </div>
 </div>
 </div>
-<div id="outline-container-org6be797b" class="outline-3">
-<h3 id="org6be797b"><span class="section-number-3">8.8.</span> Configure Monkey</h3>
+<div id="outline-container-org91d0903" class="outline-3">
+<h3 id="org91d0903"><span class="section-number-3">8.8.</span> Configure Monkey</h3>
 <div class="outline-text-3" id="text-8-8">
 <p>
 The small institute runs cron jobs and web scripts that generate
@@ -3456,8 +3456,8 @@ described in <a href="#org1ac6235">*Configure Apache2</a>).
 </div>
 </div>
 </div>
-<div id="outline-container-orgedf22e5" class="outline-3">
-<h3 id="orgedf22e5"><span class="section-number-3">8.9.</span> Install Unattended Upgrades</h3>
+<div id="outline-container-org10376d0" class="outline-3">
+<h3 id="org10376d0"><span class="section-number-3">8.9.</span> Install Unattended Upgrades</h3>
 <div class="outline-text-3" id="text-8-9">
 <p>
 The institute prefers to install security updates as soon as possible.
@@ -3489,8 +3489,8 @@ with Nextcloud on the command line.
 </div>
 </div>
 </div>
-<div id="outline-container-org24a298d" class="outline-3">
-<h3 id="org24a298d"><span class="section-number-3">8.11.</span> Configure User Accounts</h3>
+<div id="outline-container-org8597071" class="outline-3">
+<h3 id="org8597071"><span class="section-number-3">8.11.</span> Configure User Accounts</h3>
 <div class="outline-text-3" id="text-8-11">
 <p>
 User accounts are created immediately so that backups can begin
@@ -3532,8 +3532,8 @@ describes the <code>members</code> and <code>usernames</code> variables.
 </div>
 </div>
 </div>
-<div id="outline-container-org7bba6c0" class="outline-3">
-<h3 id="org7bba6c0"><span class="section-number-3">8.12.</span> Install Server Certificate</h3>
+<div id="outline-container-org2e22fe0" class="outline-3">
+<h3 id="org2e22fe0"><span class="section-number-3">8.12.</span> Install Server Certificate</h3>
 <div class="outline-text-3" id="text-8-12">
 <p>
 The servers on Core use the same certificate (and key) to authenticate
@@ -3757,8 +3757,8 @@ installed by more specialized roles.
 </div>
 </div>
 </div>
-<div id="outline-container-org191f07f" class="outline-3">
-<h3 id="org191f07f"><span class="section-number-3">8.16.</span> Configure Dovecot IMAPd</h3>
+<div id="outline-container-org9e726e1" class="outline-3">
+<h3 id="org9e726e1"><span class="section-number-3">8.16.</span> Configure Dovecot IMAPd</h3>
 <div class="outline-text-3" id="text-8-16">
 <p>
 Core uses Dovecot's IMAPd to store and serve member emails.  As on
@@ -4157,22 +4157,11 @@ The tasks below install Apache2 and edit its default configuration.
   <span class="org-variable-name">apt: pkg</span>=apache2
 
 - name: Enable Apache2 modules.
-  become: yes
-  apache2_module:
-    name: <span class="org-string">"{{ item }}"</span>
-  loop: [ userdir, cgi ]
-  notify: Restart Apache2.
-  <span class="org-variable-name">when: ansible_distribution !</span>= <span class="org-string">'Debian'</span>
-        or 12 &gt; ansible_distribution_major_version|int
-
-- name: Enable Apache2 modules (Debian 12).
   become: yes
   apache2_module:
     name: <span class="org-string">"{{ item }}"</span>
   loop: [ userdir, cgid ]
   notify: Restart Apache2.
-  <span class="org-variable-name">when: ansible_distribution</span> == <span class="org-string">'Debian'</span>
-        and 11 &lt; ansible_distribution_major_version|int
 </pre>
 </div>
 
@@ -5091,22 +5080,11 @@ performance, as recommended by Nextcloud.
 <div class="org-src-container">
 <a href="roles_t/core/tasks/main.yml"><q>roles_t/core/tasks/main.yml</q></a><pre class="src src-conf">
 - name: Set PHP memory_limit for Nextcloud.
-  become: yes
-  lineinfile:
-    path: /etc/php/7.4/apache2/php.ini
-    <span class="org-variable-name">regexp: memory_limit *</span>=
-    <span class="org-variable-name">line: memory_limit</span> = 512M
-  <span class="org-variable-name">when: ansible_distribution !</span>= <span class="org-string">'Debian'</span>
-        or 12 &gt; ansible_distribution_major_version|int
-
-- name: Set PHP memory_limit for Nextcloud (Debian 12).
   become: yes
   lineinfile:
     path: /etc/php/8.2/apache2/php.ini
     <span class="org-variable-name">regexp: memory_limit *</span>=
     <span class="org-variable-name">line: memory_limit</span> = 512M
-  <span class="org-variable-name">when: ansible_distribution</span> == <span class="org-string">'Debian'</span>
-        and 11 &lt; ansible_distribution_major_version|int
 
 - name: Include PHP parameters for Nextcloud.
   become: yes
@@ -5116,12 +5094,12 @@ performance, as recommended by Nextcloud.
       <span class="org-variable-name">apc.enable_cli</span>=1
       <span class="org-variable-name">opcache.enable</span>=1
       <span class="org-variable-name">opcache.enable_cli</span>=1
-      <span class="org-variable-name">opcache.interned_strings_buffer</span>=8
+      <span class="org-variable-name">opcache.interned_strings_buffer</span>=12
       <span class="org-variable-name">opcache.max_accelerated_files</span>=10000
       <span class="org-variable-name">opcache.memory_consumption</span>=128
       <span class="org-variable-name">opcache.save_comments</span>=1
       <span class="org-variable-name">opcache.revalidate_freq</span>=1
-    dest: /etc/php/7.4/mods-available/nextcloud.ini
+    dest: /etc/php/8.2/mods-available/nextcloud.ini
   notify: Restart Apache2.
 
 - name: Enable Nextcloud PHP modules.
@@ -5530,8 +5508,8 @@ applied first, by which Gate gets a campus machine's DNS and Postfix
 configurations, etc.
 </p>
 </div>
-<div id="outline-container-org085ec93" class="outline-3">
-<h3 id="org085ec93"><span class="section-number-3">9.1.</span> Include Particulars</h3>
+<div id="outline-container-org97c93fd" class="outline-3">
+<h3 id="org97c93fd"><span class="section-number-3">9.1.</span> Include Particulars</h3>
 <div class="outline-text-3" id="text-9-1">
 <p>
 The following should be familiar boilerplate by now.
@@ -5900,8 +5878,8 @@ the daemon listens <i>only</i> on the Gate-WiFi network interface.
 </div>
 </div>
 </div>
-<div id="outline-container-orgedcf028" class="outline-3">
-<h3 id="orgedcf028"><span class="section-number-3">9.6.</span> Install Server Certificate</h3>
+<div id="outline-container-org013399e" class="outline-3">
+<h3 id="org013399e"><span class="section-number-3">9.6.</span> Install Server Certificate</h3>
 <div class="outline-text-3" id="text-9-6">
 <p>
 The (OpenVPN) server on Gate uses an institute certificate (and key)
@@ -5928,8 +5906,8 @@ and Front) do.
 </div>
 </div>
 </div>
-<div id="outline-container-org7d0940f" class="outline-3">
-<h3 id="org7d0940f"><span class="section-number-3">9.7.</span> Configure OpenVPN</h3>
+<div id="outline-container-org9453d8e" class="outline-3">
+<h3 id="org9453d8e"><span class="section-number-3">9.7.</span> Configure OpenVPN</h3>
 <div class="outline-text-3" id="text-9-7">
 <p>
 Gate uses OpenVPN to provide the institute's campus VPN service.  Its
@@ -6056,8 +6034,8 @@ Wireless campus devices can get a key to the campus VPN from the
 configured manually.
 </p>
 </div>
-<div id="outline-container-orgdb99136" class="outline-3">
-<h3 id="orgdb99136"><span class="section-number-3">10.1.</span> Include Particulars</h3>
+<div id="outline-container-org72203b0" class="outline-3">
+<h3 id="org72203b0"><span class="section-number-3">10.1.</span> Include Particulars</h3>
 <div class="outline-text-3" id="text-10-1">
 <p>
 The following should be familiar boilerplate by now.
@@ -6073,8 +6051,8 @@ The following should be familiar boilerplate by now.
 </div>
 </div>
 </div>
-<div id="outline-container-org873736d" class="outline-3">
-<h3 id="org873736d"><span class="section-number-3">10.2.</span> Configure Hostname</h3>
+<div id="outline-container-orge42346a" class="outline-3">
+<h3 id="orge42346a"><span class="section-number-3">10.2.</span> Configure Hostname</h3>
 <div class="outline-text-3" id="text-10-2">
 <p>
 Clients should be using the expected host name.
@@ -6101,8 +6079,8 @@ Clients should be using the expected host name.
 </div>
 </div>
 </div>
-<div id="outline-container-org8d7a075" class="outline-3">
-<h3 id="org8d7a075"><span class="section-number-3">10.3.</span> Configure Systemd Resolved</h3>
+<div id="outline-container-orgba5d3f1" class="outline-3">
+<h3 id="orgba5d3f1"><span class="section-number-3">10.3.</span> Configure Systemd Resolved</h3>
 <div class="outline-text-3" id="text-10-3">
 <p>
 Campus machines use the campus name server on Core (or <code>dns.google</code>),
@@ -6173,8 +6151,8 @@ and file timestamps.
 </div>
 </div>
 </div>
-<div id="outline-container-org65ae49f" class="outline-3">
-<h3 id="org65ae49f"><span class="section-number-3">10.5.</span> Add Administrator to System Groups</h3>
+<div id="outline-container-org3e078d4" class="outline-3">
+<h3 id="org3e078d4"><span class="section-number-3">10.5.</span> Add Administrator to System Groups</h3>
 <div class="outline-text-3" id="text-10-5">
 <p>
 The administrator often needs to read (directories of) log files owned
@@ -6194,8 +6172,8 @@ these groups speeds up debugging.
 </div>
 </div>
 </div>
-<div id="outline-container-orgbd8ac82" class="outline-3">
-<h3 id="orgbd8ac82"><span class="section-number-3">10.6.</span> Install Unattended Upgrades</h3>
+<div id="outline-container-orgae71e41" class="outline-3">
+<h3 id="orgae71e41"><span class="section-number-3">10.6.</span> Install Unattended Upgrades</h3>
 <div class="outline-text-3" id="text-10-6">
 <p>
 The institute prefers to install security updates as soon as possible.
@@ -6675,8 +6653,8 @@ The first code block is the header of the <code>./inst</code> script.
 <span class="org-comment-delimiter">#</span>
 <span class="org-comment-delimiter"># </span><span class="org-comment">DO NOT EDIT.  This file was tangled from an institute.org file.</span>
 
-<span class="org-constant">use</span> strict;
-<span class="org-constant">use</span> IO::File;
+<span class="org-keyword">use</span> <span class="org-constant">strict</span>;
+<span class="org-keyword">use</span> <span class="org-constant">IO::File</span>;
 </pre>
 </div>
 </div>
@@ -6699,7 +6677,7 @@ permissions.  It probes past the <a href="Secret/"><q>Secret/</q></a> mount poin
 <span class="org-keyword">sub</span> <span class="org-function-name">note_missing_directory_p</span> ($);
 
 {
-  <span class="org-type">my</span> $<span class="org-variable-name">missing</span> = 0;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">missing</span> = 0;
   <span class="org-keyword">if</span> (note_missing_file_p <span class="org-string">"ansible.cfg"</span>) { $<span class="org-variable-name">missing</span> += 1; }
   <span class="org-keyword">if</span> (note_missing_file_p <span class="org-string">"hosts"</span>) { $<span class="org-variable-name">missing</span> += 1; }
   <span class="org-keyword">if</span> (note_missing_directory_p <span class="org-string">"Secret"</span>) { $<span class="org-variable-name">missing</span> += 1; }
@@ -6710,8 +6688,8 @@ permissions.  It probes past the <a href="Secret/"><q>Secret/</q></a> mount poin
   <span class="org-keyword">if</span> (note_missing_directory_p <span class="org-string">"public"</span>) { $<span class="org-variable-name">missing</span> += 1; }
   <span class="org-keyword">if</span> (note_missing_directory_p <span class="org-string">"private"</span>) { $<span class="org-variable-name">missing</span> += 1; }
 
-  <span class="org-keyword">for</span> <span class="org-type">my</span> $<span class="org-variable-name">filename</span> (glob <span class="org-string">"private/*"</span>) {
-    <span class="org-type">my</span> $<span class="org-variable-name">perm</span> = (stat $<span class="org-variable-name">filename</span>)[2];
+  <span class="org-keyword">for</span> <span class="org-keyword">my</span> $<span class="org-variable-name">filename</span> (glob <span class="org-string">"private/*"</span>) {
+    <span class="org-keyword">my</span> $<span class="org-variable-name">perm</span> = (stat $<span class="org-variable-name">filename</span>)[2];
     <span class="org-keyword">if</span> ($<span class="org-variable-name">perm</span> &amp; 077) {
       print <span class="org-string">"$filename: not private\n"</span>;
     }
@@ -6720,7 +6698,7 @@ permissions.  It probes past the <a href="Secret/"><q>Secret/</q></a> mount poin
 }
 
 <span class="org-keyword">sub</span> <span class="org-function-name">note_missing_file_p</span> ($) {
-  <span class="org-type">my</span> ($<span class="org-variable-name">filename</span>) = @<span class="org-underline"><span class="org-variable-name">_</span></span>;
+  <span class="org-keyword">my</span> ($<span class="org-variable-name">filename</span>) = @<span class="org-perl-non-scalar-variable">_</span>;
   <span class="org-keyword">if</span> (! -f $<span class="org-variable-name">filename</span>) {
     print <span class="org-string">"$filename: missing\n"</span>;
     <span class="org-keyword">return</span> 1;
@@ -6730,7 +6708,7 @@ permissions.  It probes past the <a href="Secret/"><q>Secret/</q></a> mount poin
 }
 
 <span class="org-keyword">sub</span> <span class="org-function-name">note_missing_directory_p</span> ($) {
-  <span class="org-type">my</span> ($<span class="org-variable-name">dirname</span>) = @<span class="org-underline"><span class="org-variable-name">_</span></span>;
+  <span class="org-keyword">my</span> ($<span class="org-variable-name">dirname</span>) = @<span class="org-perl-non-scalar-variable">_</span>;
   <span class="org-keyword">if</span> (! -d $<span class="org-variable-name">dirname</span>) {
     print <span class="org-string">"$dirname: missing\n"</span>;
     <span class="org-keyword">return</span> 1;
@@ -6845,7 +6823,7 @@ config</code>.
 <div class="org-src-container">
 <a href="inst"><q>inst</q></a><pre class="src src-perl">
 <span class="org-keyword">if</span> (defined $<span class="org-variable-name">ARGV</span>[0] &amp;&amp; $<span class="org-variable-name">ARGV</span>[0] eq <span class="org-string">"CA"</span>) {
-  <span class="org-keyword">die</span> <span class="org-string">"usage: $0 CA"</span> <span class="org-keyword">if</span> @<span class="org-underline"><span class="org-variable-name">ARGV</span></span> != 1;
+  <span class="org-keyword">die</span> <span class="org-string">"usage: $0 CA"</span> <span class="org-keyword">if</span> @<span class="org-perl-non-scalar-variable">ARGV</span> != 1;
   <span class="org-keyword">die</span> <span class="org-string">"Secret/CA/easyrsa: not an executable\n"</span>
     <span class="org-keyword">if</span> ! -x <span class="org-string">"Secret/CA/easyrsa"</span>;
   <span class="org-keyword">die</span> <span class="org-string">"Secret/CA/pki/: already exists\n"</span> <span class="org-keyword">if</span> -e <span class="org-string">"Secret/CA/pki"</span>;
@@ -6855,8 +6833,8 @@ config</code>.
   mysystem <span class="org-string">"cd Secret/CA; ./easyrsa build-ca nopass"</span>;
   <span class="org-comment"># Common Name: small.example.org</span>
 
-  <span class="org-type">my</span> $<span class="org-variable-name">dom</span> = $<span class="org-variable-name">domain_name</span>;
-  <span class="org-type">my</span> $<span class="org-variable-name">pvt</span> = $<span class="org-variable-name">domain_priv</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">dom</span> = $<span class="org-variable-name">domain_name</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">pvt</span> = $<span class="org-variable-name">domain_priv</span>;
   mysystem <span class="org-string">"cd Secret/CA; ./easyrsa build-server-full $dom nopass"</span>;
   mysystem <span class="org-string">"cd Secret/CA; ./easyrsa build-server-full gate.$pvt nopass"</span>;
   mysystem <span class="org-string">"cd Secret/CA; ./easyrsa build-server-full core.$pvt nopass"</span>;
@@ -6930,15 +6908,15 @@ Example command lines:
   <span class="org-keyword">die</span> <span class="org-string">"Secret/CA/easyrsa: not executable\n"</span>
     <span class="org-keyword">if</span> ! -x <span class="org-string">"Secret/CA/easyrsa"</span>;
   shift;
-  <span class="org-type">my</span> $<span class="org-variable-name">cmd</span> = <span class="org-string">"ansible-playbook -e \@Secret/become.yml"</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">cmd</span> = <span class="org-string">"ansible-playbook -e \@Secret/become.yml"</span>;
   <span class="org-keyword">if</span> (defined $<span class="org-variable-name">ARGV</span>[0] &amp;&amp; $<span class="org-variable-name">ARGV</span>[0] eq <span class="org-string">"-n"</span>) {
     shift;
     $<span class="org-variable-name">cmd</span> .= <span class="org-string">" --check --diff"</span>
   }
-  <span class="org-keyword">if</span> (@<span class="org-underline"><span class="org-variable-name">ARGV</span></span> == 0) {
+  <span class="org-keyword">if</span> (@<span class="org-perl-non-scalar-variable">ARGV</span> == 0) {
     ;
   } <span class="org-keyword">elsif</span> (defined $<span class="org-variable-name">ARGV</span>[0]) {
-    <span class="org-type">my</span> $<span class="org-variable-name">hosts</span> = lc $<span class="org-variable-name">ARGV</span>[0];
+    <span class="org-keyword">my</span> $<span class="org-variable-name">hosts</span> = lc $<span class="org-variable-name">ARGV</span>[0];
     <span class="org-keyword">die</span> <span class="org-string">"$hosts: contains illegal characters"</span>
       <span class="org-keyword">if</span> $<span class="org-variable-name">hosts</span> !~ <span class="org-string">/^!?[a-z][-a-z0-9,!]+$/</span>;
     $<span class="org-variable-name">cmd</span> .= <span class="org-string">" -l $hosts"</span>;
@@ -7045,10 +7023,10 @@ read from the file.  The dump subroutine is another story (below).
 
 <div class="org-src-container">
 <a href="inst"><q>inst</q></a><pre class="src src-perl">
-<span class="org-constant">use</span> YAML::XS qw<span class="org-string">(LoadFile DumpFile)</span>;
+<span class="org-keyword">use</span> <span class="org-constant">YAML::XS</span> qw<span class="org-string">(LoadFile DumpFile)</span>;
 
 <span class="org-keyword">sub</span> <span class="org-function-name">read_members_yaml</span> () {
-  <span class="org-type">my</span> $<span class="org-variable-name">path</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">path</span>;
   $<span class="org-variable-name">path</span> = <span class="org-string">"private/members.yml"</span>;
   <span class="org-keyword">if</span> (-e $<span class="org-variable-name">path</span>) { <span class="org-keyword">return</span> LoadFile ($<span class="org-variable-name">path</span>); }
   $<span class="org-variable-name">path</span> = <span class="org-string">"private/members-empty.yml"</span>;
@@ -7057,15 +7035,15 @@ read from the file.  The dump subroutine is another story (below).
 }
 
 <span class="org-keyword">sub</span> <span class="org-function-name">write_members_yaml</span> ($) {
-  <span class="org-type">my</span> ($<span class="org-variable-name">yaml</span>) = @<span class="org-underline"><span class="org-variable-name">_</span></span>;
-  <span class="org-type">my</span> $<span class="org-variable-name">old_umask</span> = umask 077;
-  <span class="org-type">my</span> $<span class="org-variable-name">path</span> = <span class="org-string">"private/members.yml"</span>;
+  <span class="org-keyword">my</span> ($<span class="org-variable-name">yaml</span>) = @<span class="org-perl-non-scalar-variable">_</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">old_umask</span> = umask 077;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">path</span> = <span class="org-string">"private/members.yml"</span>;
   print <span class="org-string">"$path: "</span>; STDOUT-&gt;flush;
   <span class="org-keyword">eval</span> { <span class="org-comment">#DumpFile ("$path.tmp", $yaml);</span>
          dump_members_yaml (<span class="org-string">"$path.tmp"</span>, $<span class="org-variable-name">yaml</span>);
          rename (<span class="org-string">"$path.tmp"</span>, $<span class="org-variable-name">path</span>)
            or <span class="org-keyword">die</span> <span class="org-string">"Could not rename $path.tmp: $!\n"</span>; };
-  <span class="org-type">my</span> $<span class="org-variable-name">err</span> = $@;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">err</span> = $@;
   umask $<span class="org-variable-name">old_umask</span>;
   <span class="org-keyword">if</span> ($<span class="org-variable-name">err</span>) {
     print <span class="org-string">"ERROR\n"</span>;
@@ -7076,17 +7054,17 @@ read from the file.  The dump subroutine is another story (below).
 }
 
 <span class="org-keyword">sub</span> <span class="org-function-name">dump_members_yaml</span> ($$) {
-  <span class="org-type">my</span> ($<span class="org-variable-name">pathname</span>, $<span class="org-variable-name">yaml</span>) = @<span class="org-underline"><span class="org-variable-name">_</span></span>;
-  <span class="org-type">my</span> $<span class="org-variable-name">O</span> = new IO::File;
+  <span class="org-keyword">my</span> ($<span class="org-variable-name">pathname</span>, $<span class="org-variable-name">yaml</span>) = @<span class="org-perl-non-scalar-variable">_</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">O</span> = new IO::File;
   open ($<span class="org-variable-name">O</span>, <span class="org-string">"&gt;$pathname"</span>) or <span class="org-keyword">die</span> <span class="org-string">"Could not open $pathname: $!\n"</span>;
   print $<span class="org-variable-name">O</span> <span class="org-string">"---\n"</span>;
   <span class="org-keyword">if</span> (keys %{$<span class="org-variable-name">yaml</span>-&gt;{<span class="org-string">"members"</span>}}) {
     print $<span class="org-variable-name">O</span> <span class="org-string">"members:\n"</span>;
-    <span class="org-keyword">for</span> <span class="org-type">my</span> $<span class="org-variable-name">user</span> (sort keys %{$<span class="org-variable-name">yaml</span>-&gt;{<span class="org-string">"members"</span>}}) {
+    <span class="org-keyword">for</span> <span class="org-keyword">my</span> $<span class="org-variable-name">user</span> (sort keys %{$<span class="org-variable-name">yaml</span>-&gt;{<span class="org-string">"members"</span>}}) {
       print_member ($<span class="org-variable-name">O</span>, $<span class="org-variable-name">yaml</span>-&gt;{<span class="org-string">"members"</span>}-&gt;{$<span class="org-variable-name">user</span>});
     }
     print $<span class="org-variable-name">O</span> <span class="org-string">"usernames:\n"</span>;
-    <span class="org-keyword">for</span> <span class="org-type">my</span> $<span class="org-variable-name">user</span> (sort keys %{$<span class="org-variable-name">yaml</span>-&gt;{<span class="org-string">"members"</span>}}) {
+    <span class="org-keyword">for</span> <span class="org-keyword">my</span> $<span class="org-variable-name">user</span> (sort keys %{$<span class="org-variable-name">yaml</span>-&gt;{<span class="org-string">"members"</span>}}) {
       print $<span class="org-variable-name">O</span> <span class="org-string">"- $user\n"</span>;
     }
   } <span class="org-keyword">else</span> {
@@ -7095,7 +7073,7 @@ read from the file.  The dump subroutine is another story (below).
   }
   <span class="org-keyword">if</span> (@{$<span class="org-variable-name">yaml</span>-&gt;{<span class="org-string">"revoked"</span>}}) {
     print $<span class="org-variable-name">O</span> <span class="org-string">"revoked:\n"</span>;
-    <span class="org-keyword">for</span> <span class="org-type">my</span> $<span class="org-variable-name">name</span> (@{$<span class="org-variable-name">yaml</span>-&gt;{<span class="org-string">"revoked"</span>}}) {
+    <span class="org-keyword">for</span> <span class="org-keyword">my</span> $<span class="org-variable-name">name</span> (@{$<span class="org-variable-name">yaml</span>-&gt;{<span class="org-string">"revoked"</span>}}) {
       print $<span class="org-variable-name">O</span> <span class="org-string">"- $name\n"</span>;
     }
   } <span class="org-keyword">else</span> {
@@ -7122,13 +7100,13 @@ each record.
 <div class="org-src-container">
 <a href="inst"><q>inst</q></a><pre class="src src-perl">
 <span class="org-keyword">sub</span> <span class="org-function-name">print_member</span> ($$) {
-  <span class="org-type">my</span> ($<span class="org-variable-name">out</span>, $<span class="org-variable-name">member</span>) = @<span class="org-underline"><span class="org-variable-name">_</span></span>;
+  <span class="org-keyword">my</span> ($<span class="org-variable-name">out</span>, $<span class="org-variable-name">member</span>) = @<span class="org-perl-non-scalar-variable">_</span>;
   print $<span class="org-variable-name">out</span> <span class="org-string">"  "</span>, $<span class="org-variable-name">member</span>-&gt;{<span class="org-string">"username"</span>}, <span class="org-string">":\n"</span>;
   print $<span class="org-variable-name">out</span> <span class="org-string">"    username: "</span>, $<span class="org-variable-name">member</span>-&gt;{<span class="org-string">"username"</span>}, <span class="org-string">"\n"</span>;
   print $<span class="org-variable-name">out</span> <span class="org-string">"    status: "</span>, $<span class="org-variable-name">member</span>-&gt;{<span class="org-string">"status"</span>}, <span class="org-string">"\n"</span>;
   <span class="org-keyword">if</span> (@{$<span class="org-variable-name">member</span>-&gt;{<span class="org-string">"clients"</span>} || []}) {
     print $<span class="org-variable-name">out</span> <span class="org-string">"    clients:\n"</span>;
-    <span class="org-keyword">for</span> <span class="org-type">my</span> $<span class="org-variable-name">name</span> (@{$<span class="org-variable-name">member</span>-&gt;{<span class="org-string">"clients"</span>} || []}) {
+    <span class="org-keyword">for</span> <span class="org-keyword">my</span> $<span class="org-variable-name">name</span> (@{$<span class="org-variable-name">member</span>-&gt;{<span class="org-string">"clients"</span>} || []}) {
       print $<span class="org-variable-name">out</span> <span class="org-string">"    - "</span>, $<span class="org-variable-name">name</span>, <span class="org-string">"\n"</span>;
     }
   } <span class="org-keyword">else</span> {
@@ -7138,18 +7116,18 @@ each record.
   print $<span class="org-variable-name">out</span> <span class="org-string">"    password_core: "</span>, $<span class="org-variable-name">member</span>-&gt;{<span class="org-string">"password_core"</span>}, <span class="org-string">"\n"</span>;
   <span class="org-keyword">if</span> (defined $<span class="org-variable-name">member</span>-&gt;{<span class="org-string">"password_fetchmail"</span>}) {
     print $<span class="org-variable-name">out</span> <span class="org-string">"    password_fetchmail: !vault |\n"</span>;
-    <span class="org-keyword">for</span> <span class="org-type">my</span> $<span class="org-variable-name">line</span> (split <span class="org-string">/\n/</span>, $<span class="org-variable-name">member</span>-&gt;{<span class="org-string">"password_fetchmail"</span>}) {
+    <span class="org-keyword">for</span> <span class="org-keyword">my</span> $<span class="org-variable-name">line</span> (split <span class="org-string">/\n/</span>, $<span class="org-variable-name">member</span>-&gt;{<span class="org-string">"password_fetchmail"</span>}) {
       print $<span class="org-variable-name">out</span> <span class="org-string">"      $line\n"</span>;
     }
   }
-  <span class="org-type">my</span> @<span class="org-underline"><span class="org-variable-name">standard_keys</span></span> = ( <span class="org-string">"username"</span>, <span class="org-string">"status"</span>, <span class="org-string">"clients"</span>,
+  <span class="org-keyword">my</span> @<span class="org-perl-non-scalar-variable">standard_keys</span> = ( <span class="org-string">"username"</span>, <span class="org-string">"status"</span>, <span class="org-string">"clients"</span>,
                         <span class="org-string">"password_front"</span>, <span class="org-string">"password_core"</span>,
                         <span class="org-string">"password_fetchmail"</span> );
-  <span class="org-type">my</span> @<span class="org-underline"><span class="org-variable-name">other_keys</span></span> = (sort
-                    grep { <span class="org-type">my</span> $<span class="org-variable-name">k</span> = $<span class="org-variable-name">_</span>;
-                           ! grep { $<span class="org-variable-name">_</span> eq $<span class="org-variable-name">k</span> } @<span class="org-underline"><span class="org-variable-name">standard_keys</span></span> }
+  <span class="org-keyword">my</span> @<span class="org-perl-non-scalar-variable">other_keys</span> = (sort
+                    grep { <span class="org-keyword">my</span> $<span class="org-variable-name">k</span> = $<span class="org-variable-name">_</span>;
+                           ! grep { $<span class="org-variable-name">_</span> eq $<span class="org-variable-name">k</span> } @<span class="org-perl-non-scalar-variable">standard_keys</span> }
                     keys %$<span class="org-variable-name">member</span>);
-  <span class="org-keyword">for</span> <span class="org-type">my</span> $<span class="org-variable-name">key</span> (@<span class="org-underline"><span class="org-variable-name">other_keys</span></span>) {
+  <span class="org-keyword">for</span> <span class="org-keyword">my</span> $<span class="org-variable-name">key</span> (@<span class="org-perl-non-scalar-variable">other_keys</span>) {
     print $<span class="org-variable-name">out</span> <span class="org-string">"    $key: "</span>, $<span class="org-variable-name">member</span>-&gt;{$<span class="org-variable-name">key</span>}, <span class="org-string">"\n"</span>;
   }
 }
@@ -7178,17 +7156,17 @@ initial, generated password.
 <span class="org-keyword">sub</span> <span class="org-function-name">strip_vault</span> ($);
 
 <span class="org-keyword">if</span> (defined $<span class="org-variable-name">ARGV</span>[0] &amp;&amp; $<span class="org-variable-name">ARGV</span>[0] eq <span class="org-string">"new"</span>) {
-  <span class="org-type">my</span> $<span class="org-variable-name">user</span> = valid_username (@<span class="org-underline"><span class="org-variable-name">ARGV</span></span>);
-  <span class="org-type">my</span> $<span class="org-variable-name">yaml</span> = read_members_yaml ();
-  <span class="org-type">my</span> $<span class="org-variable-name">members</span> = $<span class="org-variable-name">yaml</span>-&gt;{<span class="org-string">"members"</span>};
+  <span class="org-keyword">my</span> $<span class="org-variable-name">user</span> = valid_username (@<span class="org-perl-non-scalar-variable">ARGV</span>);
+  <span class="org-keyword">my</span> $<span class="org-variable-name">yaml</span> = read_members_yaml ();
+  <span class="org-keyword">my</span> $<span class="org-variable-name">members</span> = $<span class="org-variable-name">yaml</span>-&gt;{<span class="org-string">"members"</span>};
   <span class="org-keyword">die</span> <span class="org-string">"$user: already exists\n"</span> <span class="org-keyword">if</span> defined $<span class="org-variable-name">members</span>-&gt;{$<span class="org-variable-name">user</span>};
 
-  <span class="org-type">my</span> $<span class="org-variable-name">pass</span> = <span class="org-string">`apg -n 1 -x 12 -m 12`</span>; chomp $<span class="org-variable-name">pass</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">pass</span> = <span class="org-string">`apg -n 1 -x 12 -m 12`</span>; chomp $<span class="org-variable-name">pass</span>;
   print <span class="org-string">"Initial password: $pass\n"</span>;
-  <span class="org-type">my</span> $<span class="org-variable-name">epass</span> = shell_escape $<span class="org-variable-name">pass</span>;
-  <span class="org-type">my</span> $<span class="org-variable-name">front</span> = <span class="org-string">`mkpasswd -m sha-512 "$epass"`</span>; chomp $<span class="org-variable-name">front</span>;
-  <span class="org-type">my</span> $<span class="org-variable-name">core</span> = <span class="org-string">`mkpasswd -m sha-512 "$epass"`</span>; chomp $<span class="org-variable-name">core</span>;
-  <span class="org-type">my</span> $<span class="org-variable-name">vault</span> = strip_vault <span class="org-string">`ansible-vault encrypt_string "$epass"`</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">epass</span> = shell_escape $<span class="org-variable-name">pass</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">front</span> = <span class="org-string">`mkpasswd -m sha-512 "$epass"`</span>; chomp $<span class="org-variable-name">front</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">core</span> = <span class="org-string">`mkpasswd -m sha-512 "$epass"`</span>; chomp $<span class="org-variable-name">core</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">vault</span> = strip_vault <span class="org-string">`ansible-vault encrypt_string "$epass"`</span>;
   mysystem (<span class="org-string">"ansible-playbook -e \@Secret/become.yml"</span>,
             <span class="org-string">" playbooks/nextcloud-new.yml"</span>,
             <span class="org-string">" -e user=$user"</span>, <span class="org-string">" -e pass=\"$epass\""</span>);
@@ -7206,10 +7184,10 @@ initial, generated password.
 }
 
 <span class="org-keyword">sub</span> <span class="org-function-name">valid_username</span> (@) {
-  <span class="org-type">my</span> $<span class="org-keyword">sub</span> = $<span class="org-variable-name">_</span>[0];
+  <span class="org-keyword">my</span> $<span class="org-variable-name">sub</span> = $<span class="org-variable-name">_</span>[0];
   <span class="org-keyword">die</span> <span class="org-string">"usage: $0 $sub USER\n"</span>
-    <span class="org-keyword">if</span> @<span class="org-underline"><span class="org-variable-name">_</span></span> != 2;
-  <span class="org-type">my</span> $<span class="org-variable-name">username</span> = lc $<span class="org-variable-name">_</span>[1];
+    <span class="org-keyword">if</span> @<span class="org-perl-non-scalar-variable">_</span> != 2;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">username</span> = lc $<span class="org-variable-name">_</span>[1];
   <span class="org-keyword">die</span> <span class="org-string">"$username: does not begin with an alphabetic character\n"</span>
     <span class="org-keyword">if</span> $<span class="org-variable-name">username</span> !~ <span class="org-string">/^[a-z]/</span>;
   <span class="org-keyword">die</span> <span class="org-string">"$username: contains non-alphanumeric character(s)\n"</span>
@@ -7218,18 +7196,18 @@ initial, generated password.
 }
 
 <span class="org-keyword">sub</span> <span class="org-function-name">shell_escape</span> ($) {
-  <span class="org-type">my</span> ($<span class="org-variable-name">string</span>) = @<span class="org-underline"><span class="org-variable-name">_</span></span>;
-  <span class="org-type">my</span> $<span class="org-variable-name">result</span> = <span class="org-string">"$string"</span>;
+  <span class="org-keyword">my</span> ($<span class="org-variable-name">string</span>) = @<span class="org-perl-non-scalar-variable">_</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">result</span> = <span class="org-string">"$string"</span>;
   $<span class="org-variable-name">result</span> =~ s<span class="org-string">/([\$`"\\ ])/\\$1/</span>g;
   <span class="org-keyword">return</span> ($<span class="org-variable-name">result</span>);
 }
 
 <span class="org-keyword">sub</span> <span class="org-function-name">strip_vault</span> ($) {
-  <span class="org-type">my</span> ($<span class="org-variable-name">string</span>) = @<span class="org-underline"><span class="org-variable-name">_</span></span>;
+  <span class="org-keyword">my</span> ($<span class="org-variable-name">string</span>) = @<span class="org-perl-non-scalar-variable">_</span>;
   <span class="org-keyword">die</span> <span class="org-string">"Unexpected result from ansible-vault: $string\n"</span>
     <span class="org-keyword">if</span> $<span class="org-variable-name">string</span> !~ <span class="org-string">/^ *!vault [|]/</span>;
-  <span class="org-type">my</span> @<span class="org-underline"><span class="org-variable-name">lines</span></span> = split <span class="org-string">/^ */</span>m, $<span class="org-variable-name">string</span>;
-  <span class="org-keyword">return</span> (join <span class="org-string">""</span>, @<span class="org-underline"><span class="org-variable-name">lines</span></span>[1..$#<span class="org-underline"><span class="org-variable-name">lines</span></span>]);
+  <span class="org-keyword">my</span> @<span class="org-perl-non-scalar-variable">lines</span> = split <span class="org-string">/^ */</span>m, $<span class="org-variable-name">string</span>;
+  <span class="org-keyword">return</span> (join <span class="org-string">""</span>, @<span class="org-perl-non-scalar-variable">lines</span>[1..$#<span class="org-perl-non-scalar-variable">lines</span>]);
 }
 </pre>
 </div>
@@ -7294,11 +7272,11 @@ in <a href="Secret/"><q>Secret/</q></a>.
 <div class="org-src-container">
 <a href="roles_t/core/templates/passwd"><q>roles_t/core/templates/passwd</q></a><pre class="src src-perl"><span class="org-comment-delimiter">#</span><span class="org-comment">!/bin/perl -wT</span>
 
-<span class="org-constant">use</span> strict;
+<span class="org-keyword">use</span> <span class="org-constant">strict</span>;
 
 $<span class="org-variable-name">ENV</span>{PATH} = <span class="org-string">"/usr/sbin:/usr/bin:/bin"</span>;
 
-<span class="org-type">my</span> ($<span class="org-variable-name">username</span>) = getpwuid $&lt;;
+<span class="org-keyword">my</span> ($<span class="org-variable-name">username</span>) = getpwuid $&lt;;
 <span class="org-keyword">if</span> ($<span class="org-variable-name">username</span> ne <span class="org-string">"{{ ansible_user }}"</span>) {
   { <span class="org-keyword">exec</span> (<span class="org-string">"sudo"</span>, <span class="org-string">"-u"</span>, <span class="org-string">"{{ ansible_user }}"</span>,
           <span class="org-string">"/usr/local/bin/passwd"</span>, $<span class="org-variable-name">username</span>) };
@@ -7307,11 +7285,11 @@ $<span class="org-variable-name">ENV</span>{PATH} = <span class="org-string">"/u
 }
 
 $<span class="org-variable-name">username</span> = $<span class="org-variable-name">ARGV</span>[0];
-<span class="org-type">my</span> $<span class="org-variable-name">passwd</span>;
+<span class="org-keyword">my</span> $<span class="org-variable-name">passwd</span>;
 {
-  <span class="org-type">my</span> $<span class="org-variable-name">SHADOW</span> = new IO::File;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">SHADOW</span> = new IO::File;
   open $<span class="org-variable-name">SHADOW</span>, <span class="org-string">"&lt;/etc/shadow"</span> or <span class="org-keyword">die</span> <span class="org-string">"Cannot read /etc/shadow: $!\n"</span>;
-  <span class="org-type">my</span> ($<span class="org-variable-name">line</span>) = grep <span class="org-string">/^$username:/</span>, &lt;$<span class="org-variable-name">SHADOW</span>&gt;;
+  <span class="org-keyword">my</span> ($<span class="org-variable-name">line</span>) = grep <span class="org-string">/^$username:/</span>, &lt;$<span class="org-variable-name">SHADOW</span>&gt;;
   close $<span class="org-variable-name">SHADOW</span>;
   <span class="org-keyword">die</span> <span class="org-string">"No /etc/shadow record found: $username\n"</span> <span class="org-keyword">if</span> ! defined $<span class="org-variable-name">line</span>;
   (undef, $<span class="org-variable-name">passwd</span>) = split <span class="org-string">":"</span>, $<span class="org-variable-name">line</span>;
@@ -7321,9 +7299,9 @@ system <span class="org-string">"stty -echo"</span>;
 <span class="org-keyword">END</span> { system <span class="org-string">"stty echo"</span>; }
 
 print <span class="org-string">"Current password: "</span>;
-<span class="org-type">my</span> $<span class="org-variable-name">pass</span> = &lt;<span class="org-constant">STDIN</span>&gt;; chomp $<span class="org-variable-name">pass</span>;
+<span class="org-keyword">my</span> $<span class="org-variable-name">pass</span> = &lt;<span class="org-constant">STDIN</span>&gt;; chomp $<span class="org-variable-name">pass</span>;
 print <span class="org-string">"\n"</span>;
-<span class="org-type">my</span> $<span class="org-variable-name">hash</span> = crypt($<span class="org-variable-name">pass</span>, $<span class="org-variable-name">passwd</span>);
+<span class="org-keyword">my</span> $<span class="org-variable-name">hash</span> = crypt($<span class="org-variable-name">pass</span>, $<span class="org-variable-name">passwd</span>);
 <span class="org-keyword">die</span> <span class="org-string">"Sorry...\n"</span> <span class="org-keyword">if</span> $<span class="org-variable-name">hash</span> ne $<span class="org-variable-name">passwd</span>;
 
 print <span class="org-string">"New password: "</span>;
@@ -7331,36 +7309,36 @@ $<span class="org-variable-name">pass</span> = &lt;<span class="org-constant">ST
 <span class="org-keyword">die</span> <span class="org-string">"Passwords must be at least 10 characters long.\n"</span>
   <span class="org-keyword">if</span> length $<span class="org-variable-name">pass</span> &lt; 10;
 print <span class="org-string">"\nRetype password: "</span>;
-<span class="org-type">my</span> $<span class="org-variable-name">pass2</span> = &lt;<span class="org-constant">STDIN</span>&gt;; chomp($<span class="org-variable-name">pass2</span>);
+<span class="org-keyword">my</span> $<span class="org-variable-name">pass2</span> = &lt;<span class="org-constant">STDIN</span>&gt;; chomp($<span class="org-variable-name">pass2</span>);
 print <span class="org-string">"\n"</span>;
 <span class="org-keyword">die</span> <span class="org-string">"New passwords do not match!\n"</span>
   <span class="org-keyword">if</span> $<span class="org-variable-name">pass2</span> ne $<span class="org-variable-name">pass</span>;
 
-<span class="org-constant">use</span> MIME::Base64;
-<span class="org-type">my</span> $<span class="org-variable-name">epass</span> = encode_base64 $<span class="org-variable-name">pass</span>;
+<span class="org-keyword">use</span> <span class="org-constant">MIME::Base64</span>;
+<span class="org-keyword">my</span> $<span class="org-variable-name">epass</span> = encode_base64 $<span class="org-variable-name">pass</span>;
 
-<span class="org-constant">use</span> File::Temp qw<span class="org-string">(tempfile)</span>;
-<span class="org-type">my</span> ($<span class="org-variable-name">TMP</span>, $<span class="org-variable-name">tmp</span>) = tempfile;
+<span class="org-keyword">use</span> <span class="org-constant">File::Temp</span> qw<span class="org-string">(tempfile)</span>;
+<span class="org-keyword">my</span> ($<span class="org-variable-name">TMP</span>, $<span class="org-variable-name">tmp</span>) = tempfile;
 close $<span class="org-variable-name">TMP</span>;
 
-<span class="org-type">my</span> $<span class="org-variable-name">O</span> = new IO::File;
+<span class="org-keyword">my</span> $<span class="org-variable-name">O</span> = new IO::File;
 open $<span class="org-variable-name">O</span>, (<span class="org-string">"| gpg --encrypt --armor"</span>
           .<span class="org-string">" --trust-model always --recipient root\@core"</span>
           .<span class="org-string">" &gt; $tmp"</span>) or <span class="org-keyword">die</span> <span class="org-string">"Error running gpg &gt; $tmp: $!\n"</span>;
 print $<span class="org-variable-name">O</span> &lt;&lt;EOD;
-<span class="org-constant">username</span>: $<span class="org-variable-name">username</span>
-<span class="org-constant">password</span>: $<span class="org-variable-name">epass</span>
-EOD
+<span class="org-perl-heredoc">username: $username</span>
+<span class="org-perl-heredoc">password: $epass</span>
+<span class="org-perl-heredoc">EOD</span>
 close $<span class="org-variable-name">O</span> or <span class="org-keyword">die</span> <span class="org-string">"Error closing pipe to gpg: $!\n"</span>;
 
-<span class="org-constant">use</span> File::Copy;
+<span class="org-keyword">use</span> <span class="org-constant">File::Copy</span>;
 open ($<span class="org-variable-name">O</span>, <span class="org-string">"| sendmail root"</span>);
 print $<span class="org-variable-name">O</span> &lt;&lt;EOD;
-<span class="org-constant">From</span>: root
-<span class="org-constant">To</span>: root
-<span class="org-constant">Subject</span>: New password.
+<span class="org-perl-heredoc">From: root</span>
+<span class="org-perl-heredoc">To: root</span>
+<span class="org-perl-heredoc">Subject: New password.</span>
 
-EOD
+<span class="org-perl-heredoc">EOD</span>
 $<span class="org-variable-name">O</span>-&gt;flush;
 copy $<span class="org-variable-name">tmp</span>, $<span class="org-variable-name">O</span>;
 <span class="org-comment-delimiter">#</span><span class="org-comment">print $O `cat $tmp`;</span>
@@ -7385,32 +7363,32 @@ the administrator to update <q>private/members.yml</q> before running
 
 <div class="org-src-container">
 <a href="inst"><q>inst</q></a><pre class="src src-perl">
-<span class="org-constant">use</span> MIME::Base64;
+<span class="org-keyword">use</span> <span class="org-constant">MIME::Base64</span>;
 
 <span class="org-keyword">if</span> (defined $<span class="org-variable-name">ARGV</span>[0] &amp;&amp; $<span class="org-variable-name">ARGV</span>[0] eq <span class="org-string">"pass"</span>) {
-  <span class="org-type">my</span> $<span class="org-variable-name">I</span> = new IO::File;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">I</span> = new IO::File;
   open $<span class="org-variable-name">I</span>, <span class="org-string">"gpg --homedir Secret/root.gnupg --quiet --decrypt |"</span>
     or <span class="org-keyword">die</span> <span class="org-string">"Error running gpg: $!\n"</span>;
-  <span class="org-type">my</span> $<span class="org-variable-name">msg_yaml</span> = LoadFile ($<span class="org-variable-name">I</span>);
+  <span class="org-keyword">my</span> $<span class="org-variable-name">msg_yaml</span> = LoadFile ($<span class="org-variable-name">I</span>);
   close $<span class="org-variable-name">I</span> or <span class="org-keyword">die</span> <span class="org-string">"Error closing pipe from gpg: $!\n"</span>;
 
-  <span class="org-type">my</span> $<span class="org-variable-name">user</span> = $<span class="org-variable-name">msg_yaml</span>-&gt;{<span class="org-string">"username"</span>};
+  <span class="org-keyword">my</span> $<span class="org-variable-name">user</span> = $<span class="org-variable-name">msg_yaml</span>-&gt;{<span class="org-string">"username"</span>};
   <span class="org-keyword">die</span> <span class="org-string">"Could not find a username in the decrypted input.\n"</span>
     <span class="org-keyword">if</span> ! defined $<span class="org-variable-name">user</span>;
-  <span class="org-type">my</span> $<span class="org-variable-name">pass64</span> = $<span class="org-variable-name">msg_yaml</span>-&gt;{<span class="org-string">"password"</span>};
+  <span class="org-keyword">my</span> $<span class="org-variable-name">pass64</span> = $<span class="org-variable-name">msg_yaml</span>-&gt;{<span class="org-string">"password"</span>};
   <span class="org-keyword">die</span> <span class="org-string">"Could not find a password in the decrypted input.\n"</span>
     <span class="org-keyword">if</span> ! defined $<span class="org-variable-name">pass64</span>;
 
-  <span class="org-type">my</span> $<span class="org-variable-name">mem_yaml</span> = read_members_yaml ();
-  <span class="org-type">my</span> $<span class="org-variable-name">members</span> = $<span class="org-variable-name">mem_yaml</span>-&gt;{<span class="org-string">"members"</span>};
-  <span class="org-type">my</span> $<span class="org-variable-name">member</span> = $<span class="org-variable-name">members</span>-&gt;{$<span class="org-variable-name">user</span>};
+  <span class="org-keyword">my</span> $<span class="org-variable-name">mem_yaml</span> = read_members_yaml ();
+  <span class="org-keyword">my</span> $<span class="org-variable-name">members</span> = $<span class="org-variable-name">mem_yaml</span>-&gt;{<span class="org-string">"members"</span>};
+  <span class="org-keyword">my</span> $<span class="org-variable-name">member</span> = $<span class="org-variable-name">members</span>-&gt;{$<span class="org-variable-name">user</span>};
   <span class="org-keyword">die</span> <span class="org-string">"No such member: $user\n"</span> <span class="org-keyword">if</span> ! defined $<span class="org-variable-name">member</span>;
 
-  <span class="org-type">my</span> $<span class="org-variable-name">pass</span> = decode_base64 $<span class="org-variable-name">pass64</span>;
-  <span class="org-type">my</span> $<span class="org-variable-name">epass</span> = shell_escape $<span class="org-variable-name">pass</span>;
-  <span class="org-type">my</span> $<span class="org-variable-name">front</span> = <span class="org-string">`mkpasswd -m sha-512 "$epass"`</span>; chomp $<span class="org-variable-name">front</span>;
-  <span class="org-type">my</span> $<span class="org-variable-name">core</span> = <span class="org-string">`mkpasswd -m sha-512 "$epass"`</span>; chomp $<span class="org-variable-name">core</span>;
-  <span class="org-type">my</span> $<span class="org-variable-name">vault</span> = strip_vault <span class="org-string">`ansible-vault encrypt_string "$epass"`</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">pass</span> = decode_base64 $<span class="org-variable-name">pass64</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">epass</span> = shell_escape $<span class="org-variable-name">pass</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">front</span> = <span class="org-string">`mkpasswd -m sha-512 "$epass"`</span>; chomp $<span class="org-variable-name">front</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">core</span> = <span class="org-string">`mkpasswd -m sha-512 "$epass"`</span>; chomp $<span class="org-variable-name">core</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">vault</span> = strip_vault <span class="org-string">`ansible-vault encrypt_string "$epass"`</span>;
   $<span class="org-variable-name">member</span>-&gt;{<span class="org-string">"password_front"</span>} = $<span class="org-variable-name">front</span>;
   $<span class="org-variable-name">member</span>-&gt;{<span class="org-string">"password_core"</span>} = $<span class="org-variable-name">core</span>;
   $<span class="org-variable-name">member</span>-&gt;{<span class="org-string">"password_fetchmail"</span>} = $<span class="org-variable-name">vault</span>;
@@ -7421,7 +7399,7 @@ the administrator to update <q>private/members.yml</q> before running
   write_members_yaml $<span class="org-variable-name">mem_yaml</span>;
   mysystem (<span class="org-string">"ansible-playbook -e \@Secret/become.yml"</span>,
             <span class="org-string">"-t accounts playbooks/site.yml"</span>);
-  <span class="org-type">my</span> $<span class="org-variable-name">O</span> = new IO::File;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">O</span> = new IO::File;
   open ($<span class="org-variable-name">O</span>, <span class="org-string">"| sendmail $user\@$domain_priv"</span>)
     or <span class="org-keyword">die</span> <span class="org-string">"Could not pipe to sendmail: $!\n"</span>;
   print $<span class="org-variable-name">O</span> <span class="org-string">"From: &lt;root&gt;</span>
@@ -7551,10 +7529,10 @@ The <code>old</code> command disables a member's accounts and clients.
 <div class="org-src-container">
 <a href="inst"><q>inst</q></a><pre class="src src-perl">
 <span class="org-keyword">if</span> (defined $<span class="org-variable-name">ARGV</span>[0] &amp;&amp; $<span class="org-variable-name">ARGV</span>[0] eq <span class="org-string">"old"</span>) {
-  <span class="org-type">my</span> $<span class="org-variable-name">user</span> = valid_username (@<span class="org-underline"><span class="org-variable-name">ARGV</span></span>);
-  <span class="org-type">my</span> $<span class="org-variable-name">yaml</span> = read_members_yaml ();
-  <span class="org-type">my</span> $<span class="org-variable-name">members</span> = $<span class="org-variable-name">yaml</span>-&gt;{<span class="org-string">"members"</span>};
-  <span class="org-type">my</span> $<span class="org-variable-name">member</span> = $<span class="org-variable-name">members</span>-&gt;{$<span class="org-variable-name">user</span>};
+  <span class="org-keyword">my</span> $<span class="org-variable-name">user</span> = valid_username (@<span class="org-perl-non-scalar-variable">ARGV</span>);
+  <span class="org-keyword">my</span> $<span class="org-variable-name">yaml</span> = read_members_yaml ();
+  <span class="org-keyword">my</span> $<span class="org-variable-name">members</span> = $<span class="org-variable-name">yaml</span>-&gt;{<span class="org-string">"members"</span>};
+  <span class="org-keyword">my</span> $<span class="org-variable-name">member</span> = $<span class="org-variable-name">members</span>-&gt;{$<span class="org-variable-name">user</span>};
   <span class="org-keyword">die</span> <span class="org-string">"$user: does not exist\n"</span> <span class="org-keyword">if</span> ! defined $<span class="org-variable-name">member</span>;
 
   mysystem (<span class="org-string">"ansible-playbook -e \@Secret/become.yml"</span>,
@@ -7648,29 +7626,29 @@ up-restart
 
 <span class="org-keyword">if</span> (defined $<span class="org-variable-name">ARGV</span>[0] &amp;&amp; $<span class="org-variable-name">ARGV</span>[0] eq <span class="org-string">"client"</span>) {
   <span class="org-keyword">die</span> <span class="org-string">"Secret/CA/easyrsa: not found\n"</span> <span class="org-keyword">if</span> ! -x <span class="org-string">"Secret/CA/easyrsa"</span>;
-  <span class="org-type">my</span> $<span class="org-variable-name">type</span> = $<span class="org-variable-name">ARGV</span>[1]||<span class="org-string">""</span>;
-  <span class="org-type">my</span> $<span class="org-variable-name">name</span> = $<span class="org-variable-name">ARGV</span>[2]||<span class="org-string">""</span>;
-  <span class="org-type">my</span> $<span class="org-variable-name">user</span> = $<span class="org-variable-name">ARGV</span>[3]||<span class="org-string">""</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">type</span> = $<span class="org-variable-name">ARGV</span>[1]||<span class="org-string">""</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">name</span> = $<span class="org-variable-name">ARGV</span>[2]||<span class="org-string">""</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">user</span> = $<span class="org-variable-name">ARGV</span>[3]||<span class="org-string">""</span>;
   <span class="org-keyword">if</span> ($<span class="org-variable-name">type</span> eq <span class="org-string">"campus"</span>) {
-    <span class="org-keyword">die</span> <span class="org-string">"usage: $0 client campus NAME\n"</span> <span class="org-keyword">if</span> @<span class="org-underline"><span class="org-variable-name">ARGV</span></span> != 3;
+    <span class="org-keyword">die</span> <span class="org-string">"usage: $0 client campus NAME\n"</span> <span class="org-keyword">if</span> @<span class="org-perl-non-scalar-variable">ARGV</span> != 3;
     <span class="org-keyword">die</span> <span class="org-string">"$name: invalid host name\n"</span> <span class="org-keyword">if</span> $<span class="org-variable-name">name</span> !~ <span class="org-string">/^[a-z][-a-z0-9]+$/</span>;
   } <span class="org-keyword">elsif</span> ($<span class="org-variable-name">type</span> eq <span class="org-string">"android"</span> || $<span class="org-variable-name">type</span> eq <span class="org-string">"debian"</span>) {
-    <span class="org-keyword">die</span> <span class="org-string">"usage: $0 client $type NAME USER\n"</span> <span class="org-keyword">if</span> @<span class="org-underline"><span class="org-variable-name">ARGV</span></span> != 4;
+    <span class="org-keyword">die</span> <span class="org-string">"usage: $0 client $type NAME USER\n"</span> <span class="org-keyword">if</span> @<span class="org-perl-non-scalar-variable">ARGV</span> != 4;
     <span class="org-keyword">die</span> <span class="org-string">"$name: invalid host name\n"</span> <span class="org-keyword">if</span> $<span class="org-variable-name">name</span> !~ <span class="org-string">/^[a-z][-a-z0-9]+$/</span>;
   } <span class="org-keyword">else</span> {
-    <span class="org-keyword">die</span> <span class="org-string">"usage: $0 client [debian|android|campus]\n"</span> <span class="org-keyword">if</span> @<span class="org-underline"><span class="org-variable-name">ARGV</span></span> != 4;
+    <span class="org-keyword">die</span> <span class="org-string">"usage: $0 client [debian|android|campus]\n"</span> <span class="org-keyword">if</span> @<span class="org-perl-non-scalar-variable">ARGV</span> != 4;
   }
-  <span class="org-type">my</span> $<span class="org-variable-name">yaml</span>;
-  <span class="org-type">my</span> $<span class="org-variable-name">member</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">yaml</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">member</span>;
   <span class="org-keyword">if</span> ($<span class="org-variable-name">type</span> ne <span class="org-string">"campus"</span>) {
     $<span class="org-variable-name">yaml</span> = read_members_yaml;
-    <span class="org-type">my</span> $<span class="org-variable-name">members</span> = $<span class="org-variable-name">yaml</span>-&gt;{<span class="org-string">"members"</span>};
-    <span class="org-keyword">if</span> (@<span class="org-underline"><span class="org-variable-name">ARGV</span></span> == 4) {
+    <span class="org-keyword">my</span> $<span class="org-variable-name">members</span> = $<span class="org-variable-name">yaml</span>-&gt;{<span class="org-string">"members"</span>};
+    <span class="org-keyword">if</span> (@<span class="org-perl-non-scalar-variable">ARGV</span> == 4) {
       $<span class="org-variable-name">member</span> = $<span class="org-variable-name">members</span>-&gt;{$<span class="org-variable-name">user</span>};
       <span class="org-keyword">die</span> <span class="org-string">"$user: does not exist\n"</span> <span class="org-keyword">if</span> ! defined $<span class="org-variable-name">member</span>;
     }
     <span class="org-keyword">if</span> (defined $<span class="org-variable-name">member</span>) {
-      <span class="org-type">my</span> ($<span class="org-variable-name">owner</span>) = grep { grep { $<span class="org-variable-name">_</span> eq $<span class="org-variable-name">name</span> } @{$<span class="org-variable-name">_</span>-&gt;{<span class="org-string">"clients"</span>}} }
+      <span class="org-keyword">my</span> ($<span class="org-variable-name">owner</span>) = grep { grep { $<span class="org-variable-name">_</span> eq $<span class="org-variable-name">name</span> } @{$<span class="org-variable-name">_</span>-&gt;{<span class="org-string">"clients"</span>}} }
                     values %{$<span class="org-variable-name">members</span>};
       <span class="org-keyword">die</span> <span class="org-string">"$name: owned by $owner-&gt;{username}\n"</span>
         <span class="org-keyword">if</span> defined $<span class="org-variable-name">owner</span> &amp;&amp; $<span class="org-variable-name">owner</span>-&gt;{username} ne $<span class="org-variable-name">member</span>-&gt;{username};
@@ -7687,7 +7665,7 @@ up-restart
   }
 
   <span class="org-keyword">if</span> ($<span class="org-variable-name">type</span> ne <span class="org-string">"campus"</span>) {
-    <span class="org-type">my</span> $<span class="org-variable-name">clients</span> = $<span class="org-variable-name">member</span>-&gt;{<span class="org-string">"clients"</span>};
+    <span class="org-keyword">my</span> $<span class="org-variable-name">clients</span> = $<span class="org-variable-name">member</span>-&gt;{<span class="org-string">"clients"</span>};
     <span class="org-keyword">if</span> (! grep { $<span class="org-variable-name">_</span> eq $<span class="org-variable-name">name</span> } @$<span class="org-variable-name">clients</span>) {
       $<span class="org-variable-name">member</span>-&gt;{<span class="org-string">"clients"</span>} = [ $<span class="org-variable-name">name</span>, @$<span class="org-variable-name">clients</span> ];
       write_members_yaml $<span class="org-variable-name">yaml</span>;
@@ -7695,20 +7673,20 @@ up-restart
   }
 
   umask 077;
-  <span class="org-type">my</span> $<span class="org-variable-name">DEV</span> = $<span class="org-variable-name">type</span> eq <span class="org-string">"android"</span> ? <span class="org-string">"tun"</span> : <span class="org-string">"ovpn"</span>;
-  <span class="org-type">my</span> $<span class="org-variable-name">CA</span> = read_file <span class="org-string">"Secret/CA/pki/ca.crt"</span>;
-  <span class="org-type">my</span> $<span class="org-variable-name">CRT</span> = read_file <span class="org-string">"Secret/CA/pki/issued/$name.crt"</span>;
-  <span class="org-type">my</span> $<span class="org-variable-name">KEY</span> = read_file <span class="org-string">"Secret/CA/pki/private/$name.key"</span>;
-  <span class="org-type">my</span> $<span class="org-variable-name">UP</span> = $<span class="org-variable-name">type</span> eq <span class="org-string">"android"</span> ? <span class="org-string">""</span> : <span class="org-string">"</span>
+  <span class="org-keyword">my</span> $<span class="org-variable-name">DEV</span> = $<span class="org-variable-name">type</span> eq <span class="org-string">"android"</span> ? <span class="org-string">"tun"</span> : <span class="org-string">"ovpn"</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">CA</span> = read_file <span class="org-string">"Secret/CA/pki/ca.crt"</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">CRT</span> = read_file <span class="org-string">"Secret/CA/pki/issued/$name.crt"</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">KEY</span> = read_file <span class="org-string">"Secret/CA/pki/private/$name.key"</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">UP</span> = $<span class="org-variable-name">type</span> eq <span class="org-string">"android"</span> ? <span class="org-string">""</span> : <span class="org-string">"</span>
 <span class="org-string">&lt;&lt;openvpn-up&gt;&gt;"</span>;
 
   <span class="org-keyword">if</span> ($<span class="org-variable-name">type</span> ne <span class="org-string">"campus"</span>) {
-    <span class="org-type">my</span> $<span class="org-variable-name">TA</span> = read_file <span class="org-string">"Secret/front-ta.key"</span>;
+    <span class="org-keyword">my</span> $<span class="org-variable-name">TA</span> = read_file <span class="org-string">"Secret/front-ta.key"</span>;
     write_template ($<span class="org-variable-name">DEV</span>,$<span class="org-variable-name">UP</span>,$<span class="org-variable-name">CA</span>,$<span class="org-variable-name">CRT</span>,$<span class="org-variable-name">KEY</span>,$<span class="org-variable-name">TA</span>, $<span class="org-variable-name">front_addr</span>,
                     $<span class="org-variable-name">domain_name</span>, <span class="org-string">"public.ovpn"</span>);
     print <span class="org-string">"Wrote public VPN configuration to public.ovpn.\n"</span>;
   }
-  <span class="org-type">my</span> $<span class="org-variable-name">TA</span> = read_file <span class="org-string">"Secret/gate-ta.key"</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">TA</span> = read_file <span class="org-string">"Secret/gate-ta.key"</span>;
   write_template ($<span class="org-variable-name">DEV</span>,$<span class="org-variable-name">UP</span>,$<span class="org-variable-name">CA</span>,$<span class="org-variable-name">CRT</span>,$<span class="org-variable-name">KEY</span>,$<span class="org-variable-name">TA</span>, $<span class="org-variable-name">gate_wifi_addr</span>,
                   <span class="org-string">"gate.$domain_priv"</span>, <span class="org-string">"campus.ovpn"</span>);
   print <span class="org-string">"Wrote campus VPN configuration to campus.ovpn.\n"</span>;
@@ -7717,8 +7695,8 @@ up-restart
 }
 
 <span class="org-keyword">sub</span> <span class="org-function-name">write_template</span> ($$$$$$$$$) {
-  <span class="org-type">my</span> ($<span class="org-variable-name">DEV</span>,$<span class="org-variable-name">UP</span>,$<span class="org-variable-name">CA</span>,$<span class="org-variable-name">CRT</span>,$<span class="org-variable-name">KEY</span>,$<span class="org-variable-name">TA</span>,$<span class="org-variable-name">ADDR</span>,$<span class="org-variable-name">NAME</span>,$<span class="org-variable-name">FILE</span>) = @<span class="org-underline"><span class="org-variable-name">_</span></span>;
-  <span class="org-type">my</span> $<span class="org-variable-name">O</span> = new IO::File;
+  <span class="org-keyword">my</span> ($<span class="org-variable-name">DEV</span>,$<span class="org-variable-name">UP</span>,$<span class="org-variable-name">CA</span>,$<span class="org-variable-name">CRT</span>,$<span class="org-variable-name">KEY</span>,$<span class="org-variable-name">TA</span>,$<span class="org-variable-name">ADDR</span>,$<span class="org-variable-name">NAME</span>,$<span class="org-variable-name">FILE</span>) = @<span class="org-perl-non-scalar-variable">_</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">O</span> = new IO::File;
   open ($<span class="org-variable-name">O</span>, <span class="org-string">"&gt;$FILE.tmp"</span>) or <span class="org-keyword">die</span> <span class="org-string">"Could not open $FILE.tmp: $!\n"</span>;
   print $<span class="org-variable-name">O</span> <span class="org-string">"client</span>
 <span class="org-string">dev-type tun</span>
@@ -7741,11 +7719,11 @@ up-restart
 }
 
 <span class="org-keyword">sub</span> <span class="org-function-name">read_file</span> ($) {
-  <span class="org-type">my</span> ($<span class="org-variable-name">path</span>) = @<span class="org-underline"><span class="org-variable-name">_</span></span>;
-  <span class="org-type">my</span> $<span class="org-variable-name">I</span> = new IO::File;
+  <span class="org-keyword">my</span> ($<span class="org-variable-name">path</span>) = @<span class="org-perl-non-scalar-variable">_</span>;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">I</span> = new IO::File;
   open ($<span class="org-variable-name">I</span>, <span class="org-string">"&lt;$path"</span>) or <span class="org-keyword">die</span> <span class="org-string">"$path: could not read: $!\n"</span>;
-  <span class="org-type">local</span> $/;
-  <span class="org-type">my</span> $<span class="org-variable-name">c</span> = &lt;$<span class="org-variable-name">I</span>&gt;;
+  <span class="org-keyword">local</span> $/;
+  <span class="org-keyword">my</span> $<span class="org-variable-name">c</span> = &lt;$<span class="org-variable-name">I</span>&gt;;
   close $<span class="org-variable-name">I</span> or <span class="org-keyword">die</span> <span class="org-string">"$path: could not close: $!\n"</span>;
   <span class="org-keyword">return</span> $<span class="org-variable-name">c</span>;
 }
@@ -8511,8 +8489,8 @@ require several more).
 
 <div class="org-src-container">
 <pre class="src src-nil">sudo apt install network-manager-openvpn-gnome \
-		 openvpn-systemd-resolved \
-		 nextcloud-desktop evolution
+                 openvpn-systemd-resolved \
+                 nextcloud-desktop evolution
 </pre>
 </div>
 </div>
@@ -9130,7 +9108,7 @@ routes on Front and Gate, making the simulation less&#x2026; similar.
 </div></div>
 <div id="postamble" class="status">
 <p class="author">Author: Matt Birkholz</p>
-<p class="date">Created: 2024-05-03 Fri 10:44</p>
+<p class="date">Created: 2024-05-08 Wed 14:42</p>
 <p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p>
 </div>
 </body>
-- 
2.25.1