From f94be3dd69b03bbb61aa6f84e70228fee00437da Mon Sep 17 00:00:00 2001
From: Matt Birkholz
+| = _|||_ @@ -116,7 +116,7 @@ found inInstitute/private/vars.yml<--public/vars.yml--- +public/vars.yml--- domain_name: birchwood-abbey.net full_name: Birchwood Abbey @@ -136,15 +136,15 @@ with Apache2, spooling email with Postfix and serving it with Dovecot-IMAPd, and hosting a VPN with OpenVPN.-3.1. Install Emacs
++3.1. Install Emacs
The monks of the abbey are masters of the staff (bo) and Emacs.
-+ +roles_t/abbey-front/tasks/main.yml--- +roles_t/abbey-front/tasks/main.yml--- - name: Install Emacs. become: yes apt: pkg=emacs @@ -164,7 +164,7 @@ from there, forwardingsysadm
to a real person.-roles_t/abbey-front/tasks/main.yml+roles_t/abbey-front/tasks/main.yml- name: Install abbey email aliases. become: yes blockinfile: @@ -184,7 +184,7 @@ from there, forwardingsysadm
to a real person.-roles_t/abbey-front/handlers/main.yml--- +roles_t/abbey-front/handlers/main.yml--- - name: New aliases. become: yes command: newaliases @@ -265,7 +265,7 @@ likegit-tasks
andgit-handlers
.-@@ -303,7 +303,7 @@ likeroles_t/abbey-front/tasks/main.yml+roles_t/abbey-front/tasks/main.yml<<git-tasks>>git-tasks
andgit-handlers
.-@@ -481,6 +481,21 @@ filename suffixes. </Directory>roles_t/abbey-front/handlers/main.yml+roles_t/abbey-front/handlers/main.yml<<git-handlers>>+The following
+ +.htaccessfile works with the directives above. It +declares most the native source files in the current directory tree to +be plain text, so that they are displayed rather than downloaded. ++.htaccessReadmeName notfound.html +IndexIgnore README.org +AddType text/plain attr campus_vpn cfg cnf conf crt daily_letsencrypt +AddType text/plain domain el htaccess idx j2 key old org pack pem +AddType text/plain private pub public_vpn req rev sample txt yml ++@@ -529,7 +544,7 @@ rest of the Let's Encrypt configuration is discussed in the following-roles_t/abbey-front/tasks/main.yml+roles_t/abbey-front/tasks/main.yml- name: Configure Apache. become: yes vars: @@ -549,7 +564,7 @@ rest of the Let's Encrypt configuration is discussed in the following-@@ -573,7 +588,7 @@ The replacementroles_t/abbey-front/handlers/main.yml+roles_t/abbey-front/handlers/main.yml<<apache-gitweb-handlers>>logrotate-mailerdoes, and includes it in a-roles_t/abbey-front/tasks/main.yml+roles_t/abbey-front/tasks/main.yml- name: Configure Apache log archival. become: yes lineinfile: @@ -613,7 +628,7 @@ The replacementlogrotate-mailerdoes, and includes it in a-roles_t/abbey-front/handlers/main.yml+roles_t/abbey-front/handlers/main.yml- name: Reload systemd. become: yes systemd: @@ -630,7 +645,7 @@ page.)-roles_t/abbey-front/files/logrotate-mailer.conf[Service] +roles_t/abbey-front/files/logrotate-mailer.conf[Service] ExecStart= ExecStart=/usr/sbin/logrotate \ --mail /usr/local/sbin/logrotate-mailer \ @@ -650,7 +665,7 @@ Droplet's ISP's Mom, the NSA/CIA/NWO.-roles_t/abbey-front/files/logrotate-mailer#!/bin/bash -e +roles_t/abbey-front/files/logrotate-mailer#!/bin/bash -e if [ "$#" != 3 -o "$1" != "-s" ]; then echo "usage: $0 -s subject recipient" 1>&2 @@ -695,11 +710,11 @@ certificate is a terminal session affair (with prompts and lines entered as shown below). -+$ sudo apt install python3-certbot-apache $ sudo certbot --apache -d birchwood-abbey.net ... -Enter email address (...) (Enter 'c' to cancel): webmaster@birchwood-a +Enter email address (...) (Enter 'c' to cancel): webmaster@birchwood- bbey.net ... Please read the Terms of Service at @@ -710,30 +725,30 @@ Would you be willing to share your email address... ... (Y)es/(N)o: Y ... -Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/birchw +Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/birch ood-abbey.net.conf -Please choose whether or not to redirect HTTP traffic to HTTPS, removi +Please choose whether or not to redirect HTTP traffic to HTTPS, remov ng HTTP access. -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1: No redirect - Make no further changes to the webserver configuratio +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +1: No redirect - Make no further changes to the webserver configurati n. ... -Select the appropriate number [1-2] then [enter] (press 'c' to cancel) +Select the appropriate number [1-2] then [enter] (press 'c' to cancel : 1 -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Congratulations! You have successfully enabled https://birchwood-abbey +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +Congratulations! You have successfully enabled https://birchwood-abbe .net You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=birchwood-abbey.net -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a - secure backup of this folder now. This configuration directory will + secure backup of this folder now. This configuration directory wil also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. ... @@ -742,7 +757,7 @@ IMPORTANT NOTES: Your key file has been saved at: /etc/letsencrypt/live/birchwood-abbey.net/privkey.pem Your cert will expire on 2019-01-13. To obtain a new or tweaked - version of this certificate in the future, simply run certbot again + version of this certificate in the future, simply run certbot agai with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew"@@ -756,7 +771,7 @@ package is installed and itslive/subdirectory is world readable.-roles_t/abbey-front/tasks/main.yml+roles_t/abbey-front/tasks/main.yml- name: Install Certbot for Apache. become: yes apt: pkg=python3-certbot-apache @@ -789,7 +804,7 @@ restarted manually.-roles_t/abbey-front/tasks/main.yml+roles_t/abbey-front/tasks/main.yml- name: Use Let's Encrypt certificate&key. file: state: link @@ -813,7 +828,7 @@ The following task arranges to rotate Certbot's logs files.-roles_t/abbey-front/tasks/main.yml+roles_t/abbey-front/tasks/main.yml- name: Install Certbot logrotate configuration. become: yes copy: @@ -824,7 +839,7 @@ The following task arranges to rotate Certbot's logs files.-roles_t/abbey-front/files/certbot_logrotate/var/log/letsencrypt/*.log { +roles_t/abbey-front/files/certbot_logrotate/var/log/letsencrypt/*.log { rotate 12 weekly compress @@ -844,7 +859,7 @@ are detected by keeping a copy in/etc/letsencrypt~/for comparison.-roles_t/abbey-front/tasks/main.yml+roles_t/abbey-front/tasks/main.yml- name: Install Let's Encrypt archive script. become: yes copy: @@ -855,7 +870,7 @@ are detected by keeping a copy in/etc/letsencrypt~/for comparison.-roles_t/abbey-front/files/cron.daily_letsencrypt#!/bin/bash -e +roles_t/abbey-front/files/cron.daily_letsencrypt#!/bin/bash -e cd /etc/ @@ -882,7 +897,7 @@ imported intoroot@front
's GnuPG key file.-roles_t/abbey-front/tasks/main.yml+roles_t/abbey-front/tasks/main.yml- name: Copy root@core's public key. become: yes copy: @@ -894,7 +909,7 @@ imported intoroot@front
's GnuPG key file.--roles_t/abbey-front/handlers/main.yml+roles_t/abbey-front/handlers/main.yml- name: Import root@core's public key. become: yes command: gpg --import ~/.gnupg-root-pub.pem @@ -914,8 +929,8 @@ with Postfix and Dovecot, and providing essential localnet services: NTP, DNS and DHCP.-4.1. Include Abbey Variables
++4.1. Include Abbey Variables
In this abbey specific document, most abbey particulars are not @@ -927,7 +942,7 @@ directory,
playbooks/.-roles_t/abbey-core/tasks/main.yml--- +roles_t/abbey-core/tasks/main.yml--- - name: Include private abbey variables. include_vars: ../private/vars-abbey.yml@@ -947,7 +962,7 @@ packages).-roles_t/abbey-core/tasks/main.yml+roles_t/abbey-core/tasks/main.yml- name: Install additional packages. apt: pkg: [ libhtml-tree-perl, libjs-jquery, mit-scheme, gnuplot ] @@ -972,7 +987,7 @@ e.g.mythtv@mythtv.birchwood-abbey.net
, locally.)-roles_t/abbey-core/tasks/main.yml+roles_t/abbey-core/tasks/main.yml- name: Install abbey email aliases. become: yes blockinfile: @@ -988,7 +1003,7 @@ e.g.mythtv@mythtv.birchwood-abbey.net
, locally.)--roles_t/abbey-core/handlers/main.yml--- +roles_t/abbey-core/handlers/main.yml--- - name: New aliases. become: yes command: newaliases @@ -1006,13 +1021,13 @@ services on Front and Core. See 3.3 and-roles_t/abbey-core/tasks/main.yml+roles_t/abbey-core/tasks/main.yml<<git-tasks>>-@@ -1029,7 +1044,7 @@ site on Front. Their configurations include the sameroles_t/abbey-core/handlers/main.yml+roles_t/abbey-core/handlers/main.yml<<git-handlers>> -roles_t/abbey-core/tasks/main.yml+roles_t/abbey-core/tasks/main.yml- name: Configure live website. become: yes vars: @@ -1061,7 +1076,7 @@ site on Front. Their configurations include the same -@@ -1079,7 +1094,7 @@ directives that enable user Git publishing with Gitweb (defined -roles_t/abbey-core/handlers/main.yml+roles_t/abbey-core/handlers/main.yml<<apache-gitweb-handlers>>roles_t/abbey-core/tasks/main.yml+roles_t/abbey-core/tasks/main.yml- name: Configure house website. become: yes copy: @@ -1105,7 +1120,7 @@ The abbey uses the Apt-Cacher:TNG package cache on Core. The-roles_t/abbey-core/tasks/main.yml+roles_t/abbey-core/tasks/main.yml- name: Install Apt-Cacher:TNG. become: yes apt: pkg=apt-cacher-ng @@ -1113,20 +1128,21 @@ The abbey uses the Apt-Cacher:TNG package cache on Core. The
-4.8. Use Cloister Apt Cache
++4.8. Use Cloister Apt Cache
Core itself will benefit from using the package cache.
-roles_t/abbey-core/tasks/main.yml+roles_t/abbey-core/tasks/main.yml- name: Use the local Apt package cache. become: yes copy: - content: | - Acquire::http::Proxy "http://apt-cacher.{{ domain_priv }}.:3142"; + content: > + Acquire::http::Proxy + "http://apt-cacher.{{ domain_priv }}.:3142"; dest: /etc/apt/apt.conf.d/01proxy mode: u=rw,g=r,o=r@@ -1158,7 +1174,7 @@ remaining on roots.)-roles_t/abbey-core/tasks/main.yml+roles_t/abbey-core/tasks/main.yml- name: Configure NAGIOS monitoring for Core /home/. become: yes copy: @@ -1175,7 +1191,7 @@ remaining on roots.)-roles_t/abbey-core/handlers/main.yml+roles_t/abbey-core/handlers/main.yml- name: Reload NAGIOS4. become: yes systemd: @@ -1199,7 +1215,7 @@ recognizable temperature in thesensors
output.-@@ -1307,7 +1325,7 @@ included inroles_t/abbey-core/files/abbey_pisensors#!/bin/sh +roles_t/abbey-core/files/abbey_pisensors#!/bin/sh PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" export PATH @@ -1217,7 +1233,8 @@ recognizable temperature in thesensors
output. echo "" print_usage echo "" - echo "This plugin checks hardware status using the lm_sensors package." + echo "This plugin checks hardware status using" \ + "the lm_sensors package." echo "" support exit $STATE_OK @@ -1225,55 +1242,56 @@ recognizable temperature in thesensors
output. brief_data() { echo "$1" | sed -n -E -e ' - /^temp[0-9]+: +[-+][0-9.]+.?C/ { s/^temp[0-9]+: +([-+][0-9.]+).?C.*/ \1/; H } + /^temp[0-9]+: +[-+][0-9.]+.?C/ { + s/^temp[0-9]+: +([-+][0-9.]+).?C.*/ \1/; H } $ { x; s/\n//g; p }' } case "$1" in - --help) - print_help - exit $STATE_OK - ;; - -h) - print_help - exit $STATE_OK - ;; - --version) - print_revision $PROGNAME $REVISION - exit $STATE_OK - ;; - -V) - print_revision $PROGNAME $REVISION - exit $STATE_OK - ;; - *) - sensordata=`sensors 2>&1` - status=$? - if test ${status} -eq 127; then - text="SENSORS UNKNOWN - command not found" - text="$text (did you install lmsensors?)" - exit=$STATE_UNKNOWN - elif test ${status} -ne 0; then - text="WARNING - sensors returned state $status" - exit=$STATE_WARNING - elif echo ${sensordata} | egrep ALARM > /dev/null; then - text="SENSOR CRITICAL -`brief_data "${sensordata}"`" - exit=$STATE_CRITICAL - elif echo ${sensordata} | egrep FAULT > /dev/null \ - && test "$1" != "-i" -a "$1" != "--ignore-fault"; then - text="SENSOR UNKNOWN - Sensor reported fault" - exit=$STATE_UNKNOWN - else - text="SENSORS OK -`brief_data "${sensordata}"`" - exit=$STATE_OK - fi - - echo "$text" - if test "$1" = "-v" -o "$1" = "--verbose"; then - echo ${sensordata} - fi - exit $exit - ;; +--help) + print_help + exit $STATE_OK + ;; +-h) + print_help + exit $STATE_OK + ;; +--version) + print_revision $PROGNAME $REVISION + exit $STATE_OK + ;; +-V) + print_revision $PROGNAME $REVISION + exit $STATE_OK + ;; +*) + sensordata=`sensors 2>&1` + status=$? + if test ${status} -eq 127; then + text="SENSORS UNKNOWN - command not found" + text="$text (did you install lmsensors?)" + exit=$STATE_UNKNOWN + elif test ${status} -ne 0; then + text="WARNING - sensors returned state $status" + exit=$STATE_WARNING + elif echo ${sensordata} | egrep ALARM > /dev/null; then + text="SENSOR CRITICAL -`brief_data "${sensordata}"`" + exit=$STATE_CRITICAL + elif echo ${sensordata} | egrep FAULT > /dev/null \ + && test "$1" != "-i" -a "$1" != "--ignore-fault"; then + text="SENSOR UNKNOWN - Sensor reported fault" + exit=$STATE_UNKNOWN + else + text="SENSORS OK -`brief_data "${sensordata}"`" + exit=$STATE_OK + fi + + echo "$text" + if test "$1" = "-v" -o "$1" = "--verbose"; then + echo ${sensordata} + fi + exit $exit + ;; esacprivate/vars-abbey.yml.-private/vars-abbey.ymldevaron_addr: 10.84.138.10 +private/vars-abbey.ymldevaron_addr: 10.84.138.10 kamino_addr: 192.168.56.14 kessel_addr: 10.84.138.8@@ -1324,7 +1342,7 @@ rarely powered up.-roles_t/abbey-core/tasks/main.yml+roles_t/abbey-core/tasks/main.yml- name: Configure cloister NAGIOS monitoring. become: yes template: @@ -1340,7 +1358,7 @@ rarely powered up.4.12.3. NAGIOS Monitoring of Devaron
-roles_t/abbey-core/templates/nagios-devaron.cfgdefine host { +roles_t/abbey-core/templates/nagios-devaron.cfgdefine host { use linux-server host_name devaron address {{ devaron_addr }} @@ -1395,7 +1413,7 @@ rarely powered up.4.12.4. NAGIOS Monitoring of Kamino
-roles_t/abbey-core/templates/nagios-kamino.cfgdefine host { +roles_t/abbey-core/templates/nagios-kamino.cfgdefine host { use linux-server host_name kamino address {{ kamino_addr }} @@ -1450,7 +1468,7 @@ rarely powered up.4.12.5. NAGIOS Monitoring of Kessel
-roles_t/abbey-core/templates/nagios-kessel.cfgdefine host { +roles_t/abbey-core/templates/nagios-kessel.cfgdefine host { use linux-server host_name kessel address {{ kessel_addr }} @@ -1513,7 +1531,7 @@ the campus ashttp://www/analog.html
.-roles_t/abbey-core/tasks/main.yml+roles_t/abbey-core/tasks/main.yml- name: Install Analog. become: yes apt: pkg=analog @@ -1569,7 +1587,7 @@ user cloud accounts, found in files owned bywww-data
, files like-roles_t/abbey-core/tasks/main.yml+roles_t/abbey-core/tasks/main.yml- name: Add Monkey to Nextcloud group. become: yes user: @@ -1589,7 +1607,7 @@ Monkey's photo processing scripts usenetpbm
commands like-roles_t/abbey-core/tasks/main.yml+roles_t/abbey-core/tasks/main.yml- name: Install netpbm. become: yes apt: pkg=netpbm @@ -1606,7 +1624,7 @@ minutes andcronjob-midnightat midnight.--roles_t/abbey-core/tasks/main.yml+roles_t/abbey-core/tasks/main.yml- name: Create Monkey's weather job. become: yes cron: @@ -1768,8 +1786,8 @@ clients: Android, Debian and Campus. The last type never roams, and is not associated with a member of the small institute.-6.1. Use Cloister Apt Cache
++6.1. Use Cloister Apt Cache
-The Apt-Cacher:TNG program does not work well on the frontier, so is @@ -1783,12 +1801,13 @@ while.
-roles_t/abbey-cloister/tasks/main.yml--- +roles_t/abbey-cloister/tasks/main.yml--- - name: Use the local Apt package cache. become: yes copy: - content: | - Acquire::http::Proxy "http://apt-cacher.{{ domain_priv }}.:3142"; + content: > + Acquire::http::Proxy + "http://apt-cacher.{{ domain_priv }}.:3142"; dest: /etc/apt/apt.conf.d/01proxy mode: u=rw,g=r,o=r@@ -1808,7 +1827,7 @@ Raspberry Pis (architectureaarch64
) only.-roles_t/abbey-cloister/tasks/main.yml+roles_t/abbey-cloister/tasks/main.yml- name: Install abbey_pisensors NAGIOS plugin. become: yes copy: @@ -1829,7 +1848,7 @@ Raspberry Pis (architectureaarch64
) only.-roles_t/abbey-cloister/handlers/main.yml+roles_t/abbey-cloister/handlers/main.yml- name: Reload NRPE server. become: yes systemd: @@ -1839,15 +1858,15 @@ Raspberry Pis (architectureaarch64
) only.-6.3. Install Emacs
++6.3. Install Emacs
The monks of the abbey are masters of the staff and Emacs.
-roles_t/abbey-cloister/tasks/main.yml+roles_t/abbey-cloister/tasks/main.yml- name: Install monastic software. become: yes apt: pkg=emacs @@ -1907,7 +1926,7 @@ Listing them (e.g. runningowdir /26.nnnnnnnn
orowdir below. A test session is shown below. -
+monkey@new$ owdir ... /26.2153B6000000/ @@ -1938,7 +1957,7 @@ one weather host,anoat
.-roles_t/abbey-weather/files/daemon-anoat#!/usr/bin/perl -w +roles_t/abbey-weather/files/daemon-anoat#!/usr/bin/perl -w # -*- CPerl -*- # # Weather/daemon @@ -2077,7 +2096,7 @@ installed by the following task.-roles_t/abbey-weather/tasks/main.yml--- +roles_t/abbey-weather/tasks/main.yml--- - name: Install weather daemon packages. become: yes apt: pkg=libtimedate-perl @@ -2096,7 +2115,7 @@ USB adapter (rather than a test "fake" adapter).-roles_t/abbey-weather/tasks/main.yml+roles_t/abbey-weather/tasks/main.yml- name: Install 1-Wire server. become: yes apt: @@ -2125,7 +2144,7 @@ Monkey on Core will want to download log records (files) using-roles_t/abbey-weather/tasks/main.yml+roles_t/abbey-weather/tasks/main.yml- name: Install Rsync. become: yes apt: pkg=rsync @@ -2146,7 +2165,7 @@ debugging thesysadm
account is included in themonkey
--roles_t/abbey-weather/tasks/main.yml+roles_t/abbey-weather/tasks/main.yml- name: Create monkey. become: yes user: @@ -2187,7 +2206,7 @@ TheExecStartPre=/bin/sleep 30
is intended to avoid recent hangs in-roles_t/abbey-weather/tasks/main.yml+roles_t/abbey-weather/tasks/main.yml- name: Install weather directory. become: yes file: @@ -2259,7 +2278,7 @@ TheExecStartPre=/bin/sleep 30
is intended to avoid recent hangs in-roles_t/abbey-weather/handlers/main.yml--- +roles_t/abbey-weather/handlers/main.yml--- - name: Reload Systemd. become: yes command: systemctl daemon-reload @@ -2281,9 +2300,9 @@ TheExecStartPre=/bin/sleep 30
is intended to avoid recent hangs in The abbey uses Zoneminder to record video from PoE IP HD security cameras. The Abbey DVR Role installs Zoneminder and configures it to record to/Zoneminder/, the mount point for a separate, large -storage volume. It follows the instructions in -/usr/share/doc/zoneminder/README.Debianto create thezm
database -and configuring Apache. +storage volume. It follows the instructions in Zoneminder's +README.Debian(in/usr/share/doc/zoneminder/) to create thezm
+database and configure Apache.@@ -2343,8 +2362,8 @@ described in the final section, Configure Cameras, bel-8.4. Include Abbey Variables
++8.4. Include Abbey Variables
Private variables in
private/vars-abbey.ymlare needed, and included @@ -2353,7 +2372,7 @@ playbook's directory,playbooks/.-roles_t/abbey-dvr/tasks/main.yml--- +roles_t/abbey-dvr/tasks/main.yml--- - name: Include private abbey variables. include_vars: ../private/vars-abbey.yml@@ -2382,7 +2401,7 @@ and "Time Zone" in/usr/share/doc/zoneminder/README.Debian.gz.-roles_t/abbey-dvr/tasks/main.yml+roles_t/abbey-dvr/tasks/main.yml- name: Install Zoneminder. become: yes apt: pkg=zoneminder @@ -2431,7 +2450,7 @@ and "Time Zone" in/usr/share/doc/zoneminder/README.Debian.gz.-roles_t/abbey-dvr/handlers/main.yml--- +roles_t/abbey-dvr/handlers/main.yml--- - name: Restart MySQL. become: yes systemd: @@ -2452,7 +2471,7 @@ out of/var/log/syslog.-roles_t/abbey-dvr/tasks/main.yml+roles_t/abbey-dvr/tasks/main.yml- name: Use /var/log/zoneminder.log become: yes copy: @@ -2506,7 +2525,7 @@ theapg -n 1 -x 12 -m 12
command.-@@ -2570,7 +2589,7 @@ or not (yet).private/vars-abbey.ymlzoneminder_dbpass: gakJopbikJadsEdd +private/vars-abbey.ymlzoneminder_dbpass: gakJopbikJadsEdd-roles_t/abbey-dvr/tasks/main.yml+roles_t/abbey-dvr/tasks/main.yml- name: Test for /Zoneminder/. stat: path: /Zoneminder @@ -2610,7 +2629,7 @@ proper permissions and contains the correct password.--roles_t/abbey-dvr/tasks/main.yml+roles_t/abbey-dvr/tasks/main.yml- name: Set /etc/zm/zm.conf permissions. become: yes file: @@ -2636,7 +2655,7 @@ run.-roles_t/abbey-dvr/tasks/main.yml+roles_t/abbey-dvr/tasks/main.yml- name: Enable/Start Zoneminder. become: yes systemd: @@ -2770,8 +2789,8 @@ machine simply by adding it to thetvrs
group.-9.3. Include Abbey Variables
++9.3. Include Abbey Variables
Private variables in
private/vars-abbey.ymlare needed, as in the @@ -2780,7 +2799,7 @@ directory,playbooks/.-roles_t/abbey-tvr/tasks/main.yml--- +roles_t/abbey-tvr/tasks/main.yml--- - name: Include private abbey variables. include_vars: ../private/vars-abbey.yml@@ -2824,7 +2843,7 @@ following.-diff --git a/roles/mythtv-deb/tasks/main.yml b/roles/mythtv-deb/tasks/main.yml +diff --git a/roles/mythtv-deb/tasks/main.yml b/roles/mythtv-deb/tasks index 868c9b7..3dcf115 100644 --- a/roles/mythtv-deb/tasks/main.yml +++ b/roles/mythtv-deb/tasks/main.yml @@ -2836,7 +2855,7 @@ following. apt: name: '{{ lookup("flattened", deb_pkg_lst ) }}' -diff --git a/roles/qt5/tasks/qt5-deb.yml b/roles/qt5/tasks/qt5-deb.yml +diff --git a/roles/qt5/tasks/qt5-deb.yml b/roles/qt5/tasks/qt5-deb.ym index 7a1a0bc..26ba782 100644 --- a/roles/qt5/tasks/qt5-deb.yml +++ b/roles/qt5/tasks/qt5-deb.yml @@ -2852,7 +2871,7 @@ following.-roles_t/abbey-tvr/tasks/mains.yml+roles_t/abbey-tvr/tasks/mains.yml- name: Install MythTV runtime requisites. become: yes apt: @@ -2911,7 +2930,7 @@ Several of the remaining installation steps are skipped unless-roles_t/abbey-tvr/tasks/main.yml+roles_t/abbey-tvr/tasks/main.yml- name: Test for MythTV binary packages. stat: path: /usr/local/bin/mythtv-setup @@ -2931,7 +2950,7 @@ MythTV Backend needs to run as its own user:mythtv
.-roles_t/abbey-tvr/tasks/main.yml+roles_t/abbey-tvr/tasks/main.yml- name: Create mythtv. become: yes user: @@ -2979,7 +2998,7 @@ kept inprivate/vars-abbey.yml, and generated e.g. with theapg -n
-@@ -3061,7 +3080,7 @@ This task installs theprivate/vars-abbey.ymlmythtv_dbpass: daJkibpoJkag +private/vars-abbey.ymlmythtv_dbpass: daJkibpoJkagmythtv-backend.servicefile.-roles_t/abbey-tvr/tasks/mains.yml+roles_t/abbey-tvr/tasks/mains.yml- name: Create mythtv-backend service. become: yes copy: @@ -3090,7 +3109,7 @@ This task installs themythtv-backend.servicefile.-roles_t/abbey-tvr/handlers/main.yml--- +roles_t/abbey-tvr/handlers/main.yml--- - name: Reload Systemd. become: yes command: systemctl daemon-reload @@ -3107,7 +3126,7 @@ bitter complaints.-roles_t/abbey-tvr/tasks/main.yml+roles_t/abbey-tvr/tasks/main.yml- name: Configure PHP date.timezone. become: yes lineinfile: @@ -3123,7 +3142,7 @@ bitter complaints.-roles_t/abbey-tvr/handlers/main.yml+roles_t/abbey-tvr/handlers/main.yml- name: Restart Apache2. become: yes systemd: @@ -3145,7 +3164,7 @@ creates that directory and ensures it has appropriate permissions.-roles_t/abbey-tvr/tasks/main.yml+roles_t/abbey-tvr/tasks/main.yml- name: Create MythTV storage area. become: yes file: @@ -3306,7 +3325,8 @@ Afterwards any re-configuration should use the following command.-@@ -3316,8 +3336,8 @@ the list of "inputs" available in a postal code typically ends with the OTA (over the air) broadcasts. -tv_grab_zz_sdjson --configure --config-file ~/.mythtv/Mr.Antenna.xmltv +tv_grab_zz_sdjson --configure \ + --config-file ~/.mythtv/Mr.Antenna.xmltv
-$ tv_grab_zz_sdjson --configure --config-file .mythtv/Mr.Antenna.xmltv ++$ tv_grab_zz_sdjson --configure --config-file .mythtv/Mr.Antenna.xml Cache file for lineups, schedules and programs. Cache file: [/home/mythtv/.xmltv/tv_grab_zz_sdjson.cache] If you are migrating from a different grabber selecting an alternate @@ -3327,7 +3347,7 @@ Select channel ID format: 1: tv_grab_na_dd Format (eg: I12345.labs.zap2it.com) 2: MythTV Internal DD Grabber Format (eg: 12345) Select one: [0,1,2 (default=0)] -As the JSON data only includes the previously shown date normally the +As the JSON data only includes the previously shown date normally th XML output should only have the date. However some programs such as older versions of MythTV also need a time. Select previously shown format: @@ -3339,7 +3359,7 @@ Username: USERNAME Schedules Direct password. Password: PASSWORD ** POST https://json.schedulesdirect.org/20141201/token ==> 200 OK -** GET https://json.schedulesdirect.org/20141201/status ==> 200 OK (1s) +** GET https://json.schedulesdirect.org/20141201/status ==> 200 OK ( ** GET https://json.schedulesdirect.org/20141201/lineups ==> 200 OK This step configures the lineups enabled for your Schedules Direct account. It impacts all other configurations and programs using the @@ -3415,7 +3435,7 @@ away from/var/log/syslog) and rotates the log file.-roles_t/abbey-tvr/tasks/main.yml+roles_t/abbey-tvr/tasks/main.yml- name: Install =/etc/rsyslog.d/40-mythtv.conf. become: yes copy: @@ -3484,7 +3504,7 @@ The following tasks take care of the rest of the installation.-roles_t/abbey-tvr/tasks/main.yml+roles_t/abbey-tvr/tasks/main.yml- name: Install MythWeb requisites. become: yes apt: @@ -3520,7 +3540,7 @@ The following tasks take care of the rest of the installation.-roles_t/abbey-tvr/templates/mythweb.conf.j2# +roles_t/abbey-tvr/templates/mythweb.conf.j2# # Apache configuration directives for MythWeb. # # Note that this file is maintained by the network administration. @@ -3596,7 +3616,8 @@ program as usermythtv
.-@@ -3674,7 +3695,7 @@ except the roles are found intv_grab_zz_sdjson --configure --config-file ~/.mythtv/Mr.Antenna.xmltv +tv_grab_zz_sdjson --configure \ + --config-file ~/.mythtv/Mr.Antenna.xmltv
Institute/roles/as well asroles/.-ansible.cfg[defaults] +ansible.cfg[defaults] interpreter_python=/usr/bin/python3 vault_password_file=Secret/vault-password inventory=hosts @@ -3687,7 +3708,7 @@ except the roles are found inInstitute/roles/as well asroles/.10.2.
hosts-hostsall: +hostsall: vars: ansible_user: sysadm ansible_ssh_extra_args: -i Secret/ssh_admin/id_rsa @@ -3766,7 +3787,7 @@ institutional roles, then the liturgical roles.-playbooks/site.yml--- +playbooks/site.yml--- - name: Configure All hosts: all roles: [ all ] @@ -3850,7 +3871,7 @@ The script begins with the following prefix and trampolines.-@@ -3906,7 +3927,7 @@ a limit pattern. For example:abbey#!/usr/bin/perl -w +abbey#!/usr/bin/perl -w # # DO NOT EDIT. This file was tangled from README.org. @@ -3880,7 +3901,7 @@ code block "duplicates" the action of the institute's-playbooks/check-inst-vars.yml- import_playbook: ../Institute/playbooks/check-inst-vars.yml +playbooks/check-inst-vars.yml- import_playbook: ../Institute/playbooks/check-inst-vars.yml-abbey+abbeyif ($ARGV[0] eq "upgrade") { shift; my @args = ( "-e", "\@Secret/become.yml" ); @@ -3927,7 +3948,7 @@ a limit pattern. For example:-playbooks/upgrade.yml- hosts: all +playbooks/upgrade.yml- hosts: all tasks: - name: Upgrade packages. @@ -3961,7 +3982,7 @@ The script implements areboots
sub-command that looks for-abbeyif ($ARGV[0] eq "reboots") { +abbeyif ($ARGV[0] eq "reboots") { exec ("ansible-playbook", "-e", "\@Secret/become.yml", "playbooks/reboots.yml"); } @@ -3969,7 +3990,7 @@ The script implements areboots
sub-command that looks for-playbooks/reboots.yml--- +playbooks/reboots.yml--- - hosts: all tasks: @@ -3993,7 +4014,7 @@ operating system version of all abbey managed machines.-abbeyif ($ARGV[0] eq "versions") { +abbeyif ($ARGV[0] eq "versions") { exec ("ansible-playbook", "-e", "\@Secret/become.yml", "playbooks/versarch.yml"); } @@ -4001,7 +4022,7 @@ operating system version of all abbey managed machines.-playbooks/versarch.yml- hosts: all +playbooks/versarch.yml- hosts: all tasks: - debug: msg: >- @@ -4039,7 +4060,7 @@ last host in the previous play.-abbeyif ($ARGV[0] eq "tz") { +abbeyif ($ARGV[0] eq "tz") { my $city = `cat /etc/timezone`; chomp $city; my $zone = `date +%Z`; chomp $zone; print "Setting timezones to $city.\n"; @@ -4051,7 +4072,7 @@ last host in the previous play.--- 2.25.1 -playbooks/timezone.yml--- +playbooks/timezone.yml--- - hosts: core, dvrs, tvrs tasks: - name: Update timezone. @@ -4107,8 +4128,8 @@ last host in the previous play.11.7. Abbey Command Help
@@ -4821,7 +4842,7 @@ to-abbeydie - "usage: $0 [config,new,old,pass,client,upgrade,reboots,versions]\n"; +abbeymy $ops = "config,new,old,pass,client,upgrade,reboots,versions"; +die "usage: $0 [$ops]\n";private/db.campus_vpn.)