From 1dc4dc73a2ad02a6d7f06f22456b0276044f0c3e Mon Sep 17 00:00:00 2001 From: Mike Phares Date: Mon, 11 Nov 2024 18:07:28 -0700 Subject: [PATCH] Kuma setup with mattermost --- .gitignore | 65 +++++ .vscode/mklink.md | 4 + .vscode/settings.json | 7 + etc/apt/sources.list | 3 + etc/bash_history_2024-11-05.txt | 64 ++++ etc/bash_history_2024-11-11.txt | 273 ++++++++++++++++++ etc/group | 61 ++++ etc/group- | 61 ++++ etc/gshadow | 61 ++++ etc/gshadow- | 61 ++++ etc/hosts | 13 + etc/network/interfaces | 17 ++ etc/nginx/sites-available/default | 10 + etc/passwd | 34 +++ etc/passwd- | 34 +++ etc/resolv.conf | 2 + etc/shadow | 34 +++ etc/shadow- | 33 +++ etc/sysctl.conf | 68 +++++ .../snap.adguard-home.adguard-home.service | 19 ++ .../containers/systemd/neko-server.container | 32 ++ 21 files changed, 956 insertions(+) create mode 100644 .gitignore create mode 100644 .vscode/mklink.md create mode 100644 .vscode/settings.json create mode 100644 etc/apt/sources.list create mode 100644 etc/bash_history_2024-11-05.txt create mode 100644 etc/bash_history_2024-11-11.txt create mode 100644 etc/group create mode 100644 etc/group- create mode 100644 etc/gshadow create mode 100644 etc/gshadow- create mode 100644 etc/hosts create mode 100644 etc/network/interfaces create mode 100644 etc/nginx/sites-available/default create mode 100644 etc/passwd create mode 100644 etc/passwd- create mode 100644 etc/resolv.conf create mode 100644 etc/shadow create mode 100644 etc/shadow- create mode 100644 etc/sysctl.conf create mode 100644 etc/systemd/system/snap.adguard-home.adguard-home.service create mode 100644 home/podman/.config/containers/systemd/neko-server.container diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ed5c0cc --- /dev/null +++ b/.gitignore @@ -0,0 +1,65 @@ +* + +!.gitignore +!*.ffs_gui + +!*/ + +!.vscode/* + +!etc/*.md +!etc/bash_history* +!etc/group* +!etc/gshadow* +!etc/pass* +!etc/shadow* +!etc/systemd/system/snap* + +!etc/.pihole/advanced/pihole-admin.conf +!etc/apt/sources.list +!etc/dhcpcd.conf +!etc/hosts +!etc/kea/kea-dhcp4.conf +!etc/lighttpd/lighttpd.conf +!etc/network/interfaces +!etc/passwd +!etc/pihole/custom.list +!etc/pihole/dhcp.leases +!etc/pihole/index.nginx-debian.html +!etc/pihole/setupVars.conf +!etc/resolv.conf +!etc/snmp/snmpd.conf +!etc/sysctl.conf +!etc/systemd/resolved.conf +!etc/systemd/system/code-server.service +!etc/systemd/system/gogs-daemon.service +!etc/systemd/system/text-2-json.service +!etc/ufw/user.rules +!etc/unbound/unbound.conf +!etc/unbound/unbound.conf.d/pi-hole.conf + +!etc/cups/* +!etc/containers/systemd/**/* +!etc/dnsmasq.d/* +!etc/fstab/* +!etc/netplan/* +!etc/nginx/sites-available/* +!etc/mysql/mariadb.conf.d/* +!etc/php/* +!etc/postgresql/* +!etc/wsl/* + +!etc/letsencrypt/**/* + +!opt/copy/**/* + +!root/**/*container +!home/podman/**/*volume +!home/podman/**/*container + +# !home/gogs/gogs/custom/conf/app.ini +# !home/syncthing/.config/syncthing/config.xml +# !usr/local/etc/gogs/conf/app.ini +# !usr/local/etc/no-ip2.conf +# !var/snap/nextcloud/current/nextcloud/config/* +# !var/www/html/.well-known/acme-challenge/* diff --git a/.vscode/mklink.md b/.vscode/mklink.md new file mode 100644 index 0000000..b6c5670 --- /dev/null +++ b/.vscode/mklink.md @@ -0,0 +1,4 @@ +# mklink + +```bash +``` diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..0f57c45 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,7 @@ +{ + "files.associations": { + "*.container": "ini", + "*.org": "ini", + "*.net": "ini" + } +} \ No newline at end of file diff --git a/etc/apt/sources.list b/etc/apt/sources.list new file mode 100644 index 0000000..56ee8fd --- /dev/null +++ b/etc/apt/sources.list @@ -0,0 +1,3 @@ +deb http://deb.debian.org/debian bookworm main contrib +deb http://deb.debian.org/debian bookworm-updates main contrib +deb http://security.debian.org/debian-security bookworm-security main contrib diff --git a/etc/bash_history_2024-11-05.txt b/etc/bash_history_2024-11-05.txt new file mode 100644 index 0000000..5145139 --- /dev/null +++ b/etc/bash_history_2024-11-05.txt @@ -0,0 +1,64 @@ +ip a +nano /etc/netplan +bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)" +bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)" +bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)" +bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)" +sudo -i +bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)" +bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)" +ping www.google.com +ping www.google.com +bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)" +bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/kernel-clean.sh)" +uname -r +bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/kernel-clean.sh)" +lsb_release -a +apt-get install links unzip nginx git nano git ncdu -y +cd /home +ncdu +apt-cache rdepends cockpit +apt install cockpit -y +apt-get install cockpit cockpit-podman -y +systemctl enable --now cockpit.socket +apt-get install snapd -y +snap install adguard-home +exit +adduser podman +apt install sudo +lsof -i -P -n | grep LISTEN +lsblk -I 8 -o NAME,SIZE,TYPE,FSUSED,FSUSE% +cd /etc/ +mkdir /etc/duckdns +cd /etc/duckdns +nano duck.sh +chmod 700 duck.sh +./duck.sh +cat duck.log +cd /tmp +git clone https://github.com/acmesh-official/acme.sh.git +cd /tmp/acme.sh +./acme.sh --install -m mikepharesjr@msn.com +export DuckDNS_Token=1d3fc707-7052-4459-a624-fb01250f00b9 +echo $DuckDNS_Token +./acme.sh --register-account -m mikepharesjr@msn.com +./acme.sh --set-default-ca --server letsencrypt +./acme.sh --issue --dns dns_duckdns -d '*.affirm.duckdns.org' --debug --home /root/.acme.sh --dnssleep 120 --days 90 --ecc --server https://acme-v02.api.letsencrypt.org/directory +adduser podman sudo +nginx -t +exit +nginx -t +nginx -s reload +exit +nginx -t +nginx -s reload +exit +apt-get install ssh-import-id -y +ssh-import-id gh:mikepharesjr +service ssh restart +nano ~/.ssh/authorized_keys +service ssh restart +bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/ct/uptimekuma.sh)" +nginx -t +nginx -s reload +exit diff --git a/etc/bash_history_2024-11-11.txt b/etc/bash_history_2024-11-11.txt new file mode 100644 index 0000000..7b7a7a5 --- /dev/null +++ b/etc/bash_history_2024-11-11.txt @@ -0,0 +1,273 @@ +ip a +nano /etc/netplan +bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)" +bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)" +bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)" +bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)" +sudo -i +bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)" +bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)" +ping www.google.com +ping www.google.com +bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)" +bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/kernel-clean.sh)" +uname -r +bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/kernel-clean.sh)" +lsb_release -a +apt-get install links unzip nginx git nano git ncdu -y +cd /home +ncdu +apt-cache rdepends cockpit +apt install cockpit -y +apt-get install cockpit cockpit-podman -y +systemctl enable --now cockpit.socket +apt-get install snapd -y +snap install adguard-home +exit +adduser podman +apt install sudo +lsof -i -P -n | grep LISTEN +lsblk -I 8 -o NAME,SIZE,TYPE,FSUSED,FSUSE% +cd /etc/ +mkdir /etc/duckdns +cd /etc/duckdns +nano duck.sh +chmod 700 duck.sh +./duck.sh +cat duck.log +cd /tmp +git clone https://github.com/acmesh-official/acme.sh.git +cd /tmp/acme.sh +./acme.sh --install -m mikepharesjr@msn.com +export DuckDNS_Token=1d3fc707-7052-4459-a624-fb01250f00b9 +echo $DuckDNS_Token +./acme.sh --register-account -m mikepharesjr@msn.com +./acme.sh --set-default-ca --server letsencrypt +./acme.sh --issue --dns dns_duckdns -d '*.affirm.duckdns.org' --debug --home /root/.acme.sh --dnssleep 120 --days 90 --ecc --server https://acme-v02.api.letsencrypt.org/directory +adduser podman sudo +nginx -t +exit +nginx -t +nginx -s reload +exit +nginx -t +nginx -s reload +exit +apt-get install ssh-import-id -y +ssh-import-id gh:mikepharesjr +service ssh restart +nano ~/.ssh/authorized_keys +service ssh restart +bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/ct/uptimekuma.sh)" +nginx -t +nginx -s reload +exit +ln -s /var/log/nginx /var/www/html/log-nginx +ls -la /var/www/html +cp ~/.bash_history /etc/bash_history_2024-11-05.txt +cat /etc/bash_history_2024-11-05.txt +exit +apt-get install podman -y +apt-cache rdepends podman-compose +apt-get install podman-compose -y +apt-get install sudo +mkdir /home/podman/.ssh +cp /root/.ssh/authorized_keys /home/podman/.ssh/authorized_keys +chown podman:podman -R /home/podman +adduser podman sudo +loginctl enable-linger +sudo -iu podman +podman --version +sudo -iu podman +sudo -iu podman +mkdir -p /run/user/1000/ +chown -R podman:podman /run/user/1000/ +sudo -iu podman +sudo -iu podman +sudo -iu podman +systemctl --user start uptime-kuma-server +systemctl start uptime-kuma-server +sudo -iu podman +sudo -iu podman +find / -name "*fedora*" 2>/dev/null +nano /usr/share/lxc/config/fedora.common.conf +nano /usr/share/lxc/config/fedora.common.conf +nano /usr/share/lxc/config/fedora.common.conf +nano /usr/share/lxc/config/fedora.common.conf +nano /usr/share/lxc/config/fedora.userns.conf +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +chown -R podman:podman /home/podman +sudo -iu podman +apt install podman-quadlet +ls -la /usr/libexec/podman +systemctl -l | grep -i rootlessport +ps aux | grep rootlessport +whereis podman-generate-systemd +exit +clear +apt list --installed +sudo -iu podman +exit +sudo -iu podman +exit +bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/ct/ubuntu.sh)" +apt-get install podman-compose -y +exit +pip3 install podman-compose +systemctl enable podmand +apt install podman +systemctl enable podmand +podman --version +systemctl enable podman.socket +systemctl start podman.socket +systemctl status podman.socket +apt-get install cockpit cockpit-podman -y +systemctl enable --now cockpit.socket +sudo -iu podman +apt install software-properties-common uidmap -y +sudo -iu podman +apt-get install -y libapparmor-dev +cd /tmp/acme.sh +ls /root/.acme.sh/ +./acme.sh --issue --dns dns_duckdns -d '*.phares.duckdns.org' --debug --home /root/.acme.sh --dnssleep 120 --days 90 --ecc --server https://acme-v02.api.letsencrypt.org/directory +cd /tmp +git clone https://github.com/acmesh-official/acme.sh.git +cd /tmp/acme.sh +./acme.sh --install -m mikepharesjr@msn.com +export DuckDNS_Token=1d3fc707-7052-4459-a624-fb01250f00b9 +echo $DuckDNS_Token +./acme.sh --register-account -m mikepharesjr@msn.com +./acme.sh --set-default-ca --server letsencrypt +./acme.sh --issue --dns dns_duckdns -d '*.phares.duckdns.org' --debug --home /root/.acme.sh --dnssleep 120 --days 90 --ecc --server https://acme-v02.api.letsencrypt.org/directory +ls +ls /root/.acme.sh/ +cd /root/.acme.sh/ +cp -R \*.phares.duckdns.org_ecc/ wild-phares +cd wild-phares/ +ls +mv \*.phares.duckdns.org.cer phares.duckdns.org.cer +mv \*.phares.duckdns.org.conf phares.duckdns.org.conf +mv \*.phares.duckdns.org.csr phares.duckdns.org.csr +mv \*.phares.duckdns.org.csr.conf phares.duckdns.org.csr.conf +mv \*.phares.duckdns.org.key phares.duckdns.org.key +ls +cd .. +cd .. +cd /tmp/ +cd acme.sh/ +ls +./acme.sh --issue --dns dns_duckdns -d '*.affirm.duckdns.org' --debug --home /root/.acme.sh --dnssleep 120 --days 90 --ecc --server https://acme-v02.api.letsencrypt.org/directory +cp -R \*.affirm.duckdns.org_ecc/ wild-affirm +cp -R \*.affirm.duckdns.org_ecc/ wild-affirm +cp -R /root/.acme.sh/\*.affirm.duckdns.org_ecc/ /root/.acme.sh/wild-affirm +mv /root/.acme.sh/\*.affirm.duckdns.org.cer /root/.acme.sh/affirm.duckdns.org.cer +mv /root/.acme.sh/\*.affirm.duckdns.org.conf /root/.acme.sh/affirm.duckdns.org.conf +mv /root/.acme.sh/\*.affirm.duckdns.org.csr /root/.acme.sh/affirm.duckdns.org.csr +mv /root/.acme.sh/\*.affirm.duckdns.org.csr.conf /root/.acme.sh/affirm.duckdns.org.csr.conf +mv /root/.acme.sh/\*.affirm.duckdns.org.key /root/.acme.sh/affirm.duckdns.org.key +mv /root/.acme.sh/wild-affirm/\*.affirm.duckdns.org.cer /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer +mv /root/.acme.sh/wild-affirm/\*.affirm.duckdns.org.conf /root/.acme.sh/wild-affirm/affirm.duckdns.org.conf +mv /root/.acme.sh/wild-affirm/\*.affirm.duckdns.org.csr /root/.acme.sh/wild-affirm/affirm.duckdns.org.csr +mv /root/.acme.sh/wild-affirm/\*.affirm.duckdns.org.csr.conf /root/.acme.sh/wild-affirm/affirm.duckdns.org.csr.conf +mv /root/.acme.sh/wild-affirm/\*.affirm.duckdns.org.key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key +nginx -t +nginx -s reload +exit +rm -R /root/.acme.sh/affirm.duckdns.org_ecc/ +cp /root/.acme.sh/\*.bchs.duckdns.org_ecc /root/.acme.sh/wild-bchs +cd /root/.acme.sh/ +ls -la +cd /tmp/ +cd acme.sh/ +./acme.sh --issue --dns dns_duckdns -d '*.bchs.duckdns.org' --debug --home /root/.acme.sh --dnssleep 120 --days 90 --ecc --server https://acme-v02.api.letsencrypt.org/directory +cp /root/.acme.sh/\*.bchs.duckdns.org_ecc /root/.acme.sh/wild-bchs +mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.cer /root/.acme.sh/wild-bchs/bchs.duckdns.org.cer +mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.conf /root/.acme.sh/wild-bchs/bchs.duckdns.org.conf +mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.csr /root/.acme.sh/wild-bchs/bchs.duckdns.org.csr +mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.csr.conf /root/.acme.sh/wild-bchs/bchs.duckdns.org.csr.conf +mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.key /root/.acme.sh/wild-bchs/bchs.duckdns.org.key +cd /root/.acme.sh/ +ls +cp /root/.acme.sh/\*.bchs.duckdns.org_ecc /root/.acme.sh/wild-bchs +cp -R /root/.acme.sh/\*.bchs.duckdns.org_ecc /root/.acme.sh/wild-bchs +mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.cer /root/.acme.sh/wild-bchs/bchs.duckdns.org.cer +mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.conf /root/.acme.sh/wild-bchs/bchs.duckdns.org.conf +mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.csr /root/.acme.sh/wild-bchs/bchs.duckdns.org.csr +mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.csr.conf /root/.acme.sh/wild-bchs/bchs.duckdns.org.csr.conf +mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.key /root/.acme.sh/wild-bchs/bchs.duckdns.org.key +exit +nginx -t +nginx -t +nginx -s reload +nginx -s reload +exit +nano /etc/cockpit/cockpit.conf +systemctl restart cockpit +journalctl -u cockpit +systemctl restart cockpit.service +systemctl restart cockpit.socket +exit +systemctl restart cockpit.socket +systemctl restart cockpit.service +journalctl -u cockpit +systemctl stop cockpit +systemctl stop cockpit.socket +exit +mv /etc/cockpit/ws-certs.d/0-self-signed.cert /etc/cockpit/ws-certs.d/0-self-signed.cert.old +mv /etc/cockpit/ws-certs.d/0-self-signed.key /etc/cockpit/ws-certs.d/0-self-signed.key.old +cp /root/.acme.sh/wild-affirm/fullchain.cer /etc/cockpit/ws-certs.d/0-self-signed.cert +cp /root/.acme.sh/wild-affirm/affirm.duckdns.org.key /etc/cockpit/ws-certs.d/0-self-signed.key +systemctl start cockpit +journalctl -xeu cockpit.service +systemctl start cockpit +systemctl start cockpit.socket +systemctl start cockpit +systemctl status cockpit.service +ls -la /etc/cockpit/ws-certs.d +exit +chmod 774 -R /etc/cockpit/ws-certs.d +systemctl start cockpit +systemctl status cockpit.service +systemctl start cockpit.socket +systemctl start cockpit +systemctl stop cockpit +systemctl start cockpit +cp /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer /etc/cockpit/ws-certs.d/0-self-signed.cert +ls -la /etc/cockpit/ws-certs.d +chmod 774 -R /etc/cockpit/ws-certs.d +ls -la /etc/cockpit/ws-certs.d +systemctl start cockpit +journalctl -u cockpit +systemctl start cockpit.soket +systemctl start cockpit.socket +cat /etc/cockpit/ws-certs.d/0-self-signed.cert +exit +cat /etc/cockpit/ws-certs.d/0-self-signed.key +exit +systemctl start cockpit +exit +systemctl stop cockpit +systemctl stop cockpit.socket +systemctl start cockpit +systemctl start cockpit.socket +journalctl -u cockpit +journalctl -u cockpit +journalctl --rotate +journalctl --vacuum-time=1s +journalctl -u cockpit +journalctl -u cockpit +journalctl -u cockpit +journalctl -u cockpit +nano /etc/cockpit/cockpit.conf +ngnix -t +nginx -t +nginx -s reload +exit +sudo -iu podman +exit diff --git a/etc/group b/etc/group new file mode 100644 index 0000000..867a635 --- /dev/null +++ b/etc/group @@ -0,0 +1,61 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27:podman +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100:podman +nogroup:x:65534: +input:x:101: +sgx:x:102: +kvm:x:103: +render:x:104: +_ssh:x:105: +_chrony:x:106: +messagebus:x:107: +crontab:x:108: +systemd-journal:x:999: +systemd-network:x:998: +ssl-cert:x:109: +postfix:x:110: +postdrop:x:111: +tcpdump:x:112: +rdma:x:113: +gluster:x:114: +tss:x:115: +ceph:x:64045: +netdev:x:116: +cockpit-ws:x:117: +cockpit-wsinstance:x:118: +polkitd:x:997: +podman:x:1000: diff --git a/etc/group- b/etc/group- new file mode 100644 index 0000000..d672841 --- /dev/null +++ b/etc/group- @@ -0,0 +1,61 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29: +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +users:x:100:podman +nogroup:x:65534: +input:x:101: +sgx:x:102: +kvm:x:103: +render:x:104: +_ssh:x:105: +_chrony:x:106: +messagebus:x:107: +crontab:x:108: +systemd-journal:x:999: +systemd-network:x:998: +ssl-cert:x:109: +postfix:x:110: +postdrop:x:111: +tcpdump:x:112: +rdma:x:113: +gluster:x:114: +tss:x:115: +ceph:x:64045: +netdev:x:116: +cockpit-ws:x:117: +cockpit-wsinstance:x:118: +polkitd:x:997: +podman:x:1000: diff --git a/etc/gshadow b/etc/gshadow new file mode 100644 index 0000000..bf9966b --- /dev/null +++ b/etc/gshadow @@ -0,0 +1,61 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*::podman +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*::podman +nogroup:*:: +input:!:: +sgx:!:: +kvm:!:: +render:!:: +_ssh:!:: +_chrony:!:: +messagebus:!:: +crontab:!:: +systemd-journal:!*:: +systemd-network:!*:: +ssl-cert:!:: +postfix:!:: +postdrop:!:: +tcpdump:!:: +rdma:!:: +gluster:!:: +tss:!:: +ceph:!:: +netdev:!:: +cockpit-ws:!:: +cockpit-wsinstance:!:: +polkitd:!*:: +podman:!:: diff --git a/etc/gshadow- b/etc/gshadow- new file mode 100644 index 0000000..23d68aa --- /dev/null +++ b/etc/gshadow- @@ -0,0 +1,61 @@ +root:*:: +daemon:*:: +bin:*:: +sys:*:: +adm:*:: +tty:*:: +disk:*:: +lp:*:: +mail:*:: +news:*:: +uucp:*:: +man:*:: +proxy:*:: +kmem:*:: +dialout:*:: +fax:*:: +voice:*:: +cdrom:*:: +floppy:*:: +tape:*:: +sudo:*:: +audio:*:: +dip:*:: +www-data:*:: +backup:*:: +operator:*:: +list:*:: +irc:*:: +src:*:: +shadow:*:: +utmp:*:: +video:*:: +sasl:*:: +plugdev:*:: +staff:*:: +games:*:: +users:*::podman +nogroup:*:: +input:!:: +sgx:!:: +kvm:!:: +render:!:: +_ssh:!:: +_chrony:!:: +messagebus:!:: +crontab:!:: +systemd-journal:!*:: +systemd-network:!*:: +ssl-cert:!:: +postfix:!:: +postdrop:!:: +tcpdump:!:: +rdma:!:: +gluster:!:: +tss:!:: +ceph:!:: +netdev:!:: +cockpit-ws:!:: +cockpit-wsinstance:!:: +polkitd:!*:: +podman:!:: diff --git a/etc/hosts b/etc/hosts new file mode 100644 index 0000000..4d7c0db --- /dev/null +++ b/etc/hosts @@ -0,0 +1,13 @@ +127.0.0.1 localhost.localdomain localhost +192.168.31.12 pve.affirm.duckdns.org pve + +# The following lines are desirable for IPv6 capable hosts + +::1 ip6-localhost ip6-loopback +fe00::0 ip6-localnet +ff00::0 ip6-mcastprefix +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters +ff02::3 ip6-allhosts + +192.168.0.11 mattermost.phares.duckdns.org diff --git a/etc/network/interfaces b/etc/network/interfaces new file mode 100644 index 0000000..bfa1f09 --- /dev/null +++ b/etc/network/interfaces @@ -0,0 +1,17 @@ +auto lo +iface lo inet loopback + +iface enp2s0 inet manual + +auto vmbr0 +iface vmbr0 inet static + address 192.168.31.12/25 + gateway 192.168.31.1 + bridge-ports enp2s0 + bridge-stp off + bridge-fd 0 + +iface wlp1s0 inet manual + + +source /etc/network/interfaces.d/* diff --git a/etc/nginx/sites-available/default b/etc/nginx/sites-available/default new file mode 100644 index 0000000..cd13fa6 --- /dev/null +++ b/etc/nginx/sites-available/default @@ -0,0 +1,10 @@ +include /etc/nginx/include/adguard.conf; # https://adguard.affirm.duckddns.org # http://192.168.31.12:3002/; +include /etc/nginx/include/chat.conf; # https://chat.affirm.duckddns.org # https://192.168.31.12:5001/; +include /etc/nginx/include/cockpit.conf; # https://cockpit.affirm.duckddns.org # https://192.168.31.12:9090/; +include /etc/nginx/include/diskstation.conf; # https://diskstation.affirm.duckddns.org # https://192.168.31.12:5001/; +include /etc/nginx/include/drive.conf; # https://drive.affirm.duckddns.org # https://192.168.31.12:5001/; +include /etc/nginx/include/kuma.conf; # https://kuma.affirm.duckddns.org # http://192.168.31.37:3001/; +include /etc/nginx/include/neko.conf; # https://neko.affirm.duckddns.org # http://192.168.31.12:8082/; +include /etc/nginx/include/photos.conf; # https://photos.affirm.duckddns.org # https://192.168.31.12:5001/; +include /etc/nginx/include/pve.conf; # https://pve.affirm.duckddns.org # https://192.168.31.12:8006/; +include /etc/nginx/include/quartz.conf; # https://quartz.affirm.duckddns.org # http://192.168.31.12:8084/; diff --git a/etc/passwd b/etc/passwd new file mode 100644 index 0000000..8cbb3f6 --- /dev/null +++ b/etc/passwd @@ -0,0 +1,34 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin +bin:x:2:2:bin:/bin:/usr/sbin/nologin +sys:x:3:3:sys:/dev:/usr/sbin/nologin +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/usr/sbin/nologin +man:x:6:12:man:/var/cache/man:/usr/sbin/nologin +lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin +mail:x:8:8:mail:/var/mail:/usr/sbin/nologin +news:x:9:9:news:/var/spool/news:/usr/sbin/nologin +uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin +proxy:x:13:13:proxy:/bin:/usr/sbin/nologin +www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin +backup:x:34:34:backup:/var/backups:/usr/sbin/nologin +list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin +irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin +_apt:x:42:65534::/nonexistent:/usr/sbin/nologin +nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin +_chrony:x:100:106:Chrony daemon,,,:/var/lib/chrony:/usr/sbin/nologin +messagebus:x:101:107::/nonexistent:/usr/sbin/nologin +sshd:x:102:65534::/run/sshd:/usr/sbin/nologin +_rpc:x:103:65534::/run/rpcbind:/usr/sbin/nologin +systemd-network:x:998:998:systemd Network Management:/:/usr/sbin/nologin +postfix:x:104:110::/var/spool/postfix:/usr/sbin/nologin +tcpdump:x:105:112::/nonexistent:/usr/sbin/nologin +statd:x:106:65534::/var/lib/nfs:/usr/sbin/nologin +gluster:x:107:114::/var/lib/glusterd:/usr/sbin/nologin +tss:x:108:115:TPM software stack,,,:/var/lib/tpm:/bin/false +ceph:x:64045:64045:Ceph storage service:/var/lib/ceph:/usr/sbin/nologin +dnsmasq:x:109:65534:dnsmasq,,,:/var/lib/misc:/usr/sbin/nologin +cockpit-ws:x:110:117::/nonexistent:/usr/sbin/nologin +cockpit-wsinstance:x:111:118::/nonexistent:/usr/sbin/nologin +polkitd:x:997:997:polkit:/nonexistent:/usr/sbin/nologin +podman:x:1000:1000:Podman,,,:/home/podman:/bin/bash diff --git a/etc/passwd- b/etc/passwd- new file mode 100644 index 0000000..53b8783 --- /dev/null +++ b/etc/passwd- @@ -0,0 +1,34 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin +bin:x:2:2:bin:/bin:/usr/sbin/nologin +sys:x:3:3:sys:/dev:/usr/sbin/nologin +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/usr/sbin/nologin +man:x:6:12:man:/var/cache/man:/usr/sbin/nologin +lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin +mail:x:8:8:mail:/var/mail:/usr/sbin/nologin +news:x:9:9:news:/var/spool/news:/usr/sbin/nologin +uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin +proxy:x:13:13:proxy:/bin:/usr/sbin/nologin +www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin +backup:x:34:34:backup:/var/backups:/usr/sbin/nologin +list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin +irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin +_apt:x:42:65534::/nonexistent:/usr/sbin/nologin +nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin +_chrony:x:100:106:Chrony daemon,,,:/var/lib/chrony:/usr/sbin/nologin +messagebus:x:101:107::/nonexistent:/usr/sbin/nologin +sshd:x:102:65534::/run/sshd:/usr/sbin/nologin +_rpc:x:103:65534::/run/rpcbind:/usr/sbin/nologin +systemd-network:x:998:998:systemd Network Management:/:/usr/sbin/nologin +postfix:x:104:110::/var/spool/postfix:/usr/sbin/nologin +tcpdump:x:105:112::/nonexistent:/usr/sbin/nologin +statd:x:106:65534::/var/lib/nfs:/usr/sbin/nologin +gluster:x:107:114::/var/lib/glusterd:/usr/sbin/nologin +tss:x:108:115:TPM software stack,,,:/var/lib/tpm:/bin/false +ceph:x:64045:64045:Ceph storage service:/var/lib/ceph:/usr/sbin/nologin +dnsmasq:x:109:65534:dnsmasq,,,:/var/lib/misc:/usr/sbin/nologin +cockpit-ws:x:110:117::/nonexistent:/usr/sbin/nologin +cockpit-wsinstance:x:111:118::/nonexistent:/usr/sbin/nologin +polkitd:x:997:997:polkit:/nonexistent:/usr/sbin/nologin +podman:x:1000:1000::/home/podman:/bin/bash diff --git a/etc/resolv.conf b/etc/resolv.conf new file mode 100644 index 0000000..7c35a0d --- /dev/null +++ b/etc/resolv.conf @@ -0,0 +1,2 @@ +search affirm.duckdns.org +nameserver 192.168.31.1 diff --git a/etc/shadow b/etc/shadow new file mode 100644 index 0000000..122b151 --- /dev/null +++ b/etc/shadow @@ -0,0 +1,34 @@ +root:$5$oJi8Mxgz$2liscgyLpPtYBiPUgUPZXEPFMUzl8zLaDUp7uFmsgWB:20032:0:99999:7::: +daemon:*:19936:0:99999:7::: +bin:*:19936:0:99999:7::: +sys:*:19936:0:99999:7::: +sync:*:19936:0:99999:7::: +games:*:19936:0:99999:7::: +man:*:19936:0:99999:7::: +lp:*:19936:0:99999:7::: +mail:*:19936:0:99999:7::: +news:*:19936:0:99999:7::: +uucp:*:19936:0:99999:7::: +proxy:*:19936:0:99999:7::: +www-data:*:19936:0:99999:7::: +backup:*:19936:0:99999:7::: +list:*:19936:0:99999:7::: +irc:*:19936:0:99999:7::: +_apt:*:19936:0:99999:7::: +nobody:*:19936:0:99999:7::: +_chrony:!:19936:::::: +messagebus:!:20032:::::: +sshd:!:20032:::::: +_rpc:!:20032:::::: +systemd-network:!*:20032:::::: +postfix:!:20032:::::: +tcpdump:!:20032:::::: +statd:!:20032:::::: +gluster:!:20032:::::: +tss:!:20032:::::: +ceph:!:20032:::::: +dnsmasq:!:20033:::::: +cockpit-ws:!:20033:::::: +cockpit-wsinstance:!:20033:::::: +polkitd:!*:20033:::::: +podman:$y$j9T$nnCjvHHv8TyjZALLaQTLW1$AXTOIYnt4d90f9uFmkIdC8CcWqAlJ429.w645eQnqu2:20033:0:99999:7::: diff --git a/etc/shadow- b/etc/shadow- new file mode 100644 index 0000000..ec38210 --- /dev/null +++ b/etc/shadow- @@ -0,0 +1,33 @@ +root:$5$oJi8Mxgz$2liscgyLpPtYBiPUgUPZXEPFMUzl8zLaDUp7uFmsgWB:20032:0:99999:7::: +daemon:*:19936:0:99999:7::: +bin:*:19936:0:99999:7::: +sys:*:19936:0:99999:7::: +sync:*:19936:0:99999:7::: +games:*:19936:0:99999:7::: +man:*:19936:0:99999:7::: +lp:*:19936:0:99999:7::: +mail:*:19936:0:99999:7::: +news:*:19936:0:99999:7::: +uucp:*:19936:0:99999:7::: +proxy:*:19936:0:99999:7::: +www-data:*:19936:0:99999:7::: +backup:*:19936:0:99999:7::: +list:*:19936:0:99999:7::: +irc:*:19936:0:99999:7::: +_apt:*:19936:0:99999:7::: +nobody:*:19936:0:99999:7::: +_chrony:!:19936:::::: +messagebus:!:20032:::::: +sshd:!:20032:::::: +_rpc:!:20032:::::: +systemd-network:!*:20032:::::: +postfix:!:20032:::::: +tcpdump:!:20032:::::: +statd:!:20032:::::: +gluster:!:20032:::::: +tss:!:20032:::::: +ceph:!:20032:::::: +dnsmasq:!:20033:::::: +cockpit-ws:!:20033:::::: +cockpit-wsinstance:!:20033:::::: +polkitd:!*:20033:::::: diff --git a/etc/sysctl.conf b/etc/sysctl.conf new file mode 100644 index 0000000..eb96ed5 --- /dev/null +++ b/etc/sysctl.conf @@ -0,0 +1,68 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +################################################################### +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +#net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +#net.ipv6.conf.all.forwarding=1 + + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all, >1 bitmask of sysrq functions +# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html +# for what other values do +#kernel.sysrq=438 + diff --git a/etc/systemd/system/snap.adguard-home.adguard-home.service b/etc/systemd/system/snap.adguard-home.adguard-home.service new file mode 100644 index 0000000..a9d82c1 --- /dev/null +++ b/etc/systemd/system/snap.adguard-home.adguard-home.service @@ -0,0 +1,19 @@ +[Unit] +# Auto-generated, DO NOT EDIT +Description=Service for snap application adguard-home.adguard-home +Requires=snap-adguard\x2dhome-7470.mount +Wants=network.target +After=snap-adguard\x2dhome-7470.mount network.target snapd.apparmor.service +X-Snappy=yes + +[Service] +EnvironmentFile=-/etc/environment +ExecStart=/usr/bin/snap run adguard-home +SyslogIdentifier=adguard-home.adguard-home +Restart=always +WorkingDirectory=/var/snap/adguard-home/7470 +TimeoutStopSec=30 +Type=simple + +[Install] +WantedBy=multi-user.target diff --git a/home/podman/.config/containers/systemd/neko-server.container b/home/podman/.config/containers/systemd/neko-server.container new file mode 100644 index 0000000..9f77b82 --- /dev/null +++ b/home/podman/.config/containers/systemd/neko-server.container @@ -0,0 +1,32 @@ +[Container] +AutoUpdate=registry +ContainerName=neko-server +Environment="NEKO_SCREEN=1920x1080@30" +Environment="NEKO_PASSWORD=neko" +Environment="NEKO_PASSWORD_ADMIN=admin" +Environment="NEKO_EPR=52000-52100" +Environment="NEKO_NAT1TO1=192.168.31.12" +Image=docker.io/m1k1o/neko:firefox +# Network=neko.network +# Pod=neko.pod +PublishPort=8082:8080/tcp +PublishPort=52000-52100:52000-52100/udp +Volume=/etc/localtime:/etc/localtime:ro +Volume=/etc/timezone:/etc/timezone:ro + +[Service] +Restart=no + +[Install] +WantedBy=multi-user.target default.target + +# podman pull docker.io/m1k1o/neko:firefox +# systemctl --user daemon-reload +# systemctl --user start neko-server +# systemctl --user status neko-server +# journalctl -fu neko-server.service +# podman logs neko-server +# systemctl --user stop neko-server +# systemctl --user disable neko-server +# podman exec -ti neko-server /bin/sh +# podman exec -ti neko-server /bin/bash