Skip to main content
Advanced Search
Search Terms
Content Type

Exact Matches
Tag Searches
Date Options
Updated after
Updated before
Created after
Created before

Search Results

35 total results found

Architecture & Design Decisions

Ansible

Purpose of this Page This page captures the rationale behind every non-obvious design choice in the ssh-baseline role. Each entry follows the pattern: What we did → Why → Trade-off accepted. Where possible, comments inside the role itself reference these dec...

system
Ansible
type
Technical Documentation
status
Active

Deployment Runbook — New Host

Ansible

When to Use This Runbook Follow this runbook when adding a new Ubuntu host to the SSH baseline. The procedure assumes: The host runs Ubuntu 22.04 or 24.04 LTS (the role's supported versions) The host has a real hostname (not ubuntu or localhost) The host ca...

system
Ansible
type
Technical Documentation
status
Active

Configuration Reference

Ansible

Variable Source Hierarchy Variables resolve in standard Ansible precedence order. The role uses three layers: Role defaults — roles/ssh-baseline/defaults/main.yml (lowest precedence; the safe baseline) Group vars — inventory/group_vars/all/main.yml (organisa...

system
Ansible
type
Technical Documentation
status
Active

AD Integration & SSSD

Ansible

Overview The role integrates Ubuntu hosts with Active Directory via SSSD using realm join. Once joined, AD users authenticate via Kerberos (with their AD password), are authorised via AD group membership, and have their SSH public keys retrieved from the sshP...

system
Ansible
type
Technical Documentation
status
Active

Duo MFA Integration

Ansible

Scope Duo MFA is enforced in two places: SSH login (v2.3+) — via PAM keyboard-interactive after publickey auth sudo (v2.4+) — via PAM at the auth phase, with AD password as the post-Duo factor The role uses Duo Security's official duo-unix package, not Ub...

system
Ansible
type
Technical Documentation
status
Active

SSH Hardening Reference

Ansible

What This Page Covers This page walks through every directive in roles/ssh-baseline/templates/sshd_hardening.conf.j2 and explains how it lands on the target host. The deployed file is /etc/ssh/sshd_config.d/10-pbr-hardening.conf. The hardening is aligned wit...

system
Ansible
type
Technical Documentation
status
Active

Playbook Reference (Preflight, Verify, Teardown)

Ansible

Playbooks Overview The repository contains four playbooks under playbooks/: PlaybookPurposeChanges target? preflight.ymlVerify readiness; no changesNo ssh-baseline.ymlRun preflight then apply the baseline roleYes verify.ymlPost-deployment validationNo te...

system
Ansible
type
Technical Documentation
status
Active

Known Limitations, Troubleshooting & Version History

Ansible

Known Limitations & Accepted Risks LXC auditd compliance gap Affected hosts: pbr-graylog-kl1, pbr-thingsboard-kl1 Issue: auditd cannot run inside LXC containers. The kernel audit netlink interface is isolated from container namespaces. Forcing auditd to star...

system
Ansible
type
Technical Documentation
status
Active

Capacity Overview & Quick Reference

Capacity Management

Key Concepts: Manifests and Legs In CustomLinc, a manifest represents the overall service (e.g. the 11:00 Bel-Lak-Gem / 15:05 Gem-Lak-Bel service). It appears as a green highlighted row in the Manifests view. Within each manifest, individual legs represent eac...

system
CustomLinc
status
Active
type
How-To
site
Belgrave

Adjusting the Train Capacity (Manifest)

Capacity Management

Overview Use this procedure to change the capacity for general and single-journey passengers. This affects the four main legs: Belgrave–Lakeside, Lakeside–Gembrook, Gembrook–Lakeside, and Lakeside–Belgrave. Do not manually edit these individual legs — changin...

system
CustomLinc
status
Active
type
How-To
site
Belgrave

Adjusting the Belgrave–Gembrook Return Allocation

Capacity Management

Overview Use this procedure to change the capacity for the Belgrave – Gembrook Return allocation — the full return journey product, typically set to 56 seats.  How Capacity is Structured Each leg on a Belgrave–Gembrook service has a total capacity of 176 passe...

system
CustomLinc
status
Active
type
How-To
site
Belgrave

Strategic Partnerships Grant

Booking Management

Overview This guide explains how to create a booking in CustomLinc for the Strategic Partnerships Grant (SPG) program. Selecting the correct agent ensures the Source and Promotion Code are automatically assigned. Steps In CustomLinc, click Add and select Crea...

system
CustomLinc
status
Active
type
How-To

CustomLinc TOL → Queue-it Availability JSON

n8n Automation Workflows

Overview Workflow IDT76MXW3QRGcoIBbo Webhook URLhttps://n8n.pbr.org.au/webhook/availability/tol n8n editorhttps://n8n.pbr.org.au/workflow/T76MXW3QRGcoIBbo TriggerHTTP GET/POST webhook Season2026-06-26 → 2026-07-19 (24 dates) ProductTOL (18:00 Lakeside Twilig...

system
n8n
system
CustomLinc
system
Queue-it
status
Active
type
Technical Documentation
lifecycle
Seasonal

Node-RED Queue Migration — msg-queue to queue-gate

Level Crossing Monitoring

Overview Purpose Migrate all level crossing Pi Node-RED flows from node-red-contrib-msg-queue to node-red-contrib-queue-gate Trigger msg-queue fails to install on rebuilt Pis — native sqlite3 dependency does not compile on modern Node.js/ARM Original flow f...

system
Node-RED
system
Level Crossing
status
Active
type
Technical Documentation

Enabling Aztec Code on Datalogic Gryphon Scanners

Handheld Scanners

Aztec Code is disabled by default on the Datalogic Gryphon 2D scanners (GD44XX / GBT4400 / GM440X, including the 4400-BK). If the scanner reads normal QR and 1D barcodes but ignores Aztec codes, enable the symbology using the steps below. Enable Aztec Code Sca...

system
Datalogic Gryphon
type
How-To
status
Active

MOTOTRBO R7 — SCEPman EAP-TLS Enrolment

PBR Radio System

Overview How Motorola MOTOTRBO R7 portable radios obtain a device certificate from SCEPman (via SCEP) and authenticate to the WPA3-Enterprise Wi-Fi using EAP-TLS, validated by Aruba ClearPass. SCEPman is Azure-hosted; the radios reach it through an internal Tr...

system
Radio
system
SCEPman
type
Technical Documentation
status
Active

RM Programming — Over-Wi-Fi Across Sites/Subnets

PBR Radio System

Overview Programming MOTOTRBO R7 radios and repeaters over Wi-Fi with Radio Management (RM), across sites and subnets. RM Server / Device Programmer runs on pbr-radio-kl1 (10.8.40.10), RM version 2.157.149.0. Out of the box, RM Wi-Fi programming only works whe...

system
MOTOTRBO
system
Radio Management
status
Active
type
Technical Documentation
type
Troubleshooting