Kuma setup with mattermost

.gitignore

@@ -0,0 +1,65 @@
+*
+
+!.gitignore
+!*.ffs_gui
+
+!*/
+
+!.vscode/*
+
+!etc/*.md
+!etc/bash_history*
+!etc/group*
+!etc/gshadow*
+!etc/pass*
+!etc/shadow*
+!etc/systemd/system/snap*
+
+!etc/.pihole/advanced/pihole-admin.conf
+!etc/apt/sources.list
+!etc/dhcpcd.conf
+!etc/hosts
+!etc/kea/kea-dhcp4.conf
+!etc/lighttpd/lighttpd.conf
+!etc/network/interfaces
+!etc/passwd
+!etc/pihole/custom.list
+!etc/pihole/dhcp.leases
+!etc/pihole/index.nginx-debian.html
+!etc/pihole/setupVars.conf
+!etc/resolv.conf
+!etc/snmp/snmpd.conf
+!etc/sysctl.conf
+!etc/systemd/resolved.conf
+!etc/systemd/system/code-server.service
+!etc/systemd/system/gogs-daemon.service
+!etc/systemd/system/text-2-json.service
+!etc/ufw/user.rules
+!etc/unbound/unbound.conf
+!etc/unbound/unbound.conf.d/pi-hole.conf
+
+!etc/cups/*
+!etc/containers/systemd/**/*
+!etc/dnsmasq.d/*
+!etc/fstab/*
+!etc/netplan/*
+!etc/nginx/sites-available/*
+!etc/mysql/mariadb.conf.d/*
+!etc/php/*
+!etc/postgresql/*
+!etc/wsl/*
+
+!etc/letsencrypt/**/*
+
+!opt/copy/**/*
+
+!root/**/*container
+!home/podman/**/*volume
+!home/podman/**/*container
+
+# !home/gogs/gogs/custom/conf/app.ini
+# !home/syncthing/.config/syncthing/config.xml
+# !usr/local/etc/gogs/conf/app.ini
+# !usr/local/etc/no-ip2.conf
+# !var/snap/nextcloud/current/nextcloud/config/*
+# !var/www/html/.well-known/acme-challenge/*

.vscode/mklink.md

@@ -0,0 +1,4 @@
+# mklink
+
+```bash
+```

.vscode/settings.json

@@ -0,0 +1,7 @@
+{
+    "files.associations": {
+        "*.container": "ini",
+        "*.org": "ini",
+        "*.net": "ini"
+    }
+}

etc/apt/sources.list

@@ -0,0 +1,3 @@
+deb http://deb.debian.org/debian bookworm main contrib
+deb http://deb.debian.org/debian bookworm-updates main contrib
+deb http://security.debian.org/debian-security bookworm-security main contrib

etc/bash_history_2024-11-05.txt

@@ -0,0 +1,64 @@
+ip a
+nano /etc/netplan
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)"
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)"
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)"
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)"
+sudo -i
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)"
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)"
+ping www.google.com
+ping www.google.com
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)"
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/kernel-clean.sh)"
+uname -r
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/kernel-clean.sh)"
+lsb_release -a
+apt-get install links unzip nginx git nano git ncdu -y
+cd /home
+ncdu
+apt-cache rdepends cockpit
+apt install cockpit -y
+apt-get install cockpit cockpit-podman -y
+systemctl enable --now cockpit.socket
+apt-get install snapd -y
+snap install adguard-home
+exit
+adduser podman
+apt install sudo
+lsof -i -P -n | grep LISTEN
+lsblk -I 8 -o NAME,SIZE,TYPE,FSUSED,FSUSE%
+cd /etc/
+mkdir /etc/duckdns
+cd /etc/duckdns
+nano duck.sh
+chmod 700 duck.sh
+./duck.sh
+cat duck.log
+cd /tmp
+git clone https://github.com/acmesh-official/acme.sh.git
+cd /tmp/acme.sh
+./acme.sh --install -m mikepharesjr@msn.com
+export DuckDNS_Token=1d3fc707-7052-4459-a624-fb01250f00b9
+echo $DuckDNS_Token
+./acme.sh --register-account -m mikepharesjr@msn.com
+./acme.sh --set-default-ca --server letsencrypt
+./acme.sh --issue --dns dns_duckdns -d '*.affirm.duckdns.org' --debug --home /root/.acme.sh --dnssleep 120 --days 90 --ecc --server https://acme-v02.api.letsencrypt.org/directory
+adduser podman sudo
+nginx -t
+exit
+nginx -t
+nginx -s reload
+exit
+nginx -t
+nginx -s reload
+exit
+apt-get install ssh-import-id -y
+ssh-import-id gh:mikepharesjr
+service ssh restart
+nano ~/.ssh/authorized_keys
+service ssh restart
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/ct/uptimekuma.sh)"
+nginx -t
+nginx -s reload
+exit

etc/bash_history_2024-11-11.txt

@@ -0,0 +1,273 @@
+ip a
+nano /etc/netplan
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)"
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)"
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)"
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)"
+sudo -i
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)"
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)"
+ping www.google.com
+ping www.google.com
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)"
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/kernel-clean.sh)"
+uname -r
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/kernel-clean.sh)"
+lsb_release -a
+apt-get install links unzip nginx git nano git ncdu -y
+cd /home
+ncdu
+apt-cache rdepends cockpit
+apt install cockpit -y
+apt-get install cockpit cockpit-podman -y
+systemctl enable --now cockpit.socket
+apt-get install snapd -y
+snap install adguard-home
+exit
+adduser podman
+apt install sudo
+lsof -i -P -n | grep LISTEN
+lsblk -I 8 -o NAME,SIZE,TYPE,FSUSED,FSUSE%
+cd /etc/
+mkdir /etc/duckdns
+cd /etc/duckdns
+nano duck.sh
+chmod 700 duck.sh
+./duck.sh
+cat duck.log
+cd /tmp
+git clone https://github.com/acmesh-official/acme.sh.git
+cd /tmp/acme.sh
+./acme.sh --install -m mikepharesjr@msn.com
+export DuckDNS_Token=1d3fc707-7052-4459-a624-fb01250f00b9
+echo $DuckDNS_Token
+./acme.sh --register-account -m mikepharesjr@msn.com
+./acme.sh --set-default-ca --server letsencrypt
+./acme.sh --issue --dns dns_duckdns -d '*.affirm.duckdns.org' --debug --home /root/.acme.sh --dnssleep 120 --days 90 --ecc --server https://acme-v02.api.letsencrypt.org/directory
+adduser podman sudo
+nginx -t
+exit
+nginx -t
+nginx -s reload
+exit
+nginx -t
+nginx -s reload
+exit
+apt-get install ssh-import-id -y
+ssh-import-id gh:mikepharesjr
+service ssh restart
+nano ~/.ssh/authorized_keys
+service ssh restart
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/ct/uptimekuma.sh)"
+nginx -t
+nginx -s reload
+exit
+ln -s /var/log/nginx /var/www/html/log-nginx
+ls -la /var/www/html
+cp ~/.bash_history /etc/bash_history_2024-11-05.txt
+cat /etc/bash_history_2024-11-05.txt
+exit
+apt-get install podman -y
+apt-cache rdepends podman-compose
+apt-get install podman-compose -y
+apt-get install sudo
+mkdir /home/podman/.ssh
+cp /root/.ssh/authorized_keys /home/podman/.ssh/authorized_keys
+chown podman:podman -R /home/podman
+adduser podman sudo
+loginctl enable-linger
+sudo -iu podman
+podman --version
+sudo -iu podman
+sudo -iu podman
+mkdir -p /run/user/1000/
+chown -R podman:podman /run/user/1000/
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+systemctl --user start uptime-kuma-server
+systemctl start uptime-kuma-server
+sudo -iu podman
+sudo -iu podman
+find / -name "*fedora*" 2>/dev/null
+nano /usr/share/lxc/config/fedora.common.conf
+nano /usr/share/lxc/config/fedora.common.conf
+nano /usr/share/lxc/config/fedora.common.conf
+nano /usr/share/lxc/config/fedora.common.conf
+nano /usr/share/lxc/config/fedora.userns.conf
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+chown -R podman:podman /home/podman
+sudo -iu podman
+apt install podman-quadlet
+ls -la /usr/libexec/podman
+systemctl -l | grep -i rootlessport
+ps aux | grep rootlessport
+whereis podman-generate-systemd
+exit
+clear
+apt list --installed
+sudo -iu podman
+exit
+sudo -iu podman
+exit
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/ct/ubuntu.sh)"
+apt-get install podman-compose -y
+exit
+pip3 install podman-compose
+systemctl enable podmand
+apt install podman
+systemctl enable podmand
+podman --version
+systemctl enable podman.socket
+systemctl start podman.socket
+systemctl status podman.socket
+apt-get install cockpit cockpit-podman -y
+systemctl enable --now cockpit.socket
+sudo -iu podman
+apt install software-properties-common uidmap -y
+sudo -iu podman
+apt-get install -y libapparmor-dev
+cd /tmp/acme.sh
+ls /root/.acme.sh/
+./acme.sh --issue --dns dns_duckdns -d '*.phares.duckdns.org' --debug --home /root/.acme.sh --dnssleep 120 --days 90 --ecc --server https://acme-v02.api.letsencrypt.org/directory
+cd /tmp
+git clone https://github.com/acmesh-official/acme.sh.git
+cd /tmp/acme.sh
+./acme.sh --install -m mikepharesjr@msn.com
+export DuckDNS_Token=1d3fc707-7052-4459-a624-fb01250f00b9
+echo $DuckDNS_Token
+./acme.sh --register-account -m mikepharesjr@msn.com
+./acme.sh --set-default-ca --server letsencrypt
+./acme.sh --issue --dns dns_duckdns -d '*.phares.duckdns.org' --debug --home /root/.acme.sh --dnssleep 120 --days 90 --ecc --server https://acme-v02.api.letsencrypt.org/directory
+ls
+ls /root/.acme.sh/
+cd /root/.acme.sh/
+cp -R \*.phares.duckdns.org_ecc/ wild-phares
+cd wild-phares/
+ls
+mv \*.phares.duckdns.org.cer phares.duckdns.org.cer
+mv \*.phares.duckdns.org.conf phares.duckdns.org.conf
+mv \*.phares.duckdns.org.csr phares.duckdns.org.csr
+mv \*.phares.duckdns.org.csr.conf phares.duckdns.org.csr.conf
+mv \*.phares.duckdns.org.key phares.duckdns.org.key
+ls
+cd ..
+cd ..
+cd /tmp/
+cd acme.sh/
+ls
+./acme.sh --issue --dns dns_duckdns -d '*.affirm.duckdns.org' --debug --home /root/.acme.sh --dnssleep 120 --days 90 --ecc --server https://acme-v02.api.letsencrypt.org/directory
+cp -R \*.affirm.duckdns.org_ecc/ wild-affirm
+cp -R \*.affirm.duckdns.org_ecc/ wild-affirm
+cp -R /root/.acme.sh/\*.affirm.duckdns.org_ecc/ /root/.acme.sh/wild-affirm
+mv /root/.acme.sh/\*.affirm.duckdns.org.cer /root/.acme.sh/affirm.duckdns.org.cer
+mv /root/.acme.sh/\*.affirm.duckdns.org.conf /root/.acme.sh/affirm.duckdns.org.conf
+mv /root/.acme.sh/\*.affirm.duckdns.org.csr /root/.acme.sh/affirm.duckdns.org.csr
+mv /root/.acme.sh/\*.affirm.duckdns.org.csr.conf /root/.acme.sh/affirm.duckdns.org.csr.conf
+mv /root/.acme.sh/\*.affirm.duckdns.org.key /root/.acme.sh/affirm.duckdns.org.key
+mv /root/.acme.sh/wild-affirm/\*.affirm.duckdns.org.cer /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer
+mv /root/.acme.sh/wild-affirm/\*.affirm.duckdns.org.conf /root/.acme.sh/wild-affirm/affirm.duckdns.org.conf
+mv /root/.acme.sh/wild-affirm/\*.affirm.duckdns.org.csr /root/.acme.sh/wild-affirm/affirm.duckdns.org.csr
+mv /root/.acme.sh/wild-affirm/\*.affirm.duckdns.org.csr.conf /root/.acme.sh/wild-affirm/affirm.duckdns.org.csr.conf
+mv /root/.acme.sh/wild-affirm/\*.affirm.duckdns.org.key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key
+nginx -t
+nginx -s reload
+exit
+rm -R /root/.acme.sh/affirm.duckdns.org_ecc/
+cp /root/.acme.sh/\*.bchs.duckdns.org_ecc /root/.acme.sh/wild-bchs
+cd /root/.acme.sh/
+ls -la
+cd /tmp/
+cd acme.sh/
+./acme.sh --issue --dns dns_duckdns -d '*.bchs.duckdns.org' --debug --home /root/.acme.sh --dnssleep 120 --days 90 --ecc --server https://acme-v02.api.letsencrypt.org/directory
+cp /root/.acme.sh/\*.bchs.duckdns.org_ecc /root/.acme.sh/wild-bchs
+mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.cer /root/.acme.sh/wild-bchs/bchs.duckdns.org.cer
+mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.conf /root/.acme.sh/wild-bchs/bchs.duckdns.org.conf
+mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.csr /root/.acme.sh/wild-bchs/bchs.duckdns.org.csr
+mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.csr.conf /root/.acme.sh/wild-bchs/bchs.duckdns.org.csr.conf
+mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.key /root/.acme.sh/wild-bchs/bchs.duckdns.org.key
+cd /root/.acme.sh/
+ls
+cp /root/.acme.sh/\*.bchs.duckdns.org_ecc /root/.acme.sh/wild-bchs
+cp -R /root/.acme.sh/\*.bchs.duckdns.org_ecc /root/.acme.sh/wild-bchs
+mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.cer /root/.acme.sh/wild-bchs/bchs.duckdns.org.cer
+mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.conf /root/.acme.sh/wild-bchs/bchs.duckdns.org.conf
+mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.csr /root/.acme.sh/wild-bchs/bchs.duckdns.org.csr
+mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.csr.conf /root/.acme.sh/wild-bchs/bchs.duckdns.org.csr.conf
+mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.key /root/.acme.sh/wild-bchs/bchs.duckdns.org.key
+exit
+nginx -t
+nginx -t
+nginx -s reload
+nginx -s reload
+exit
+nano /etc/cockpit/cockpit.conf
+systemctl restart cockpit
+journalctl -u cockpit
+systemctl restart cockpit.service
+systemctl restart cockpit.socket
+exit
+systemctl restart cockpit.socket
+systemctl restart cockpit.service
+journalctl -u cockpit
+systemctl stop cockpit
+systemctl stop cockpit.socket
+exit
+mv /etc/cockpit/ws-certs.d/0-self-signed.cert /etc/cockpit/ws-certs.d/0-self-signed.cert.old
+mv /etc/cockpit/ws-certs.d/0-self-signed.key /etc/cockpit/ws-certs.d/0-self-signed.key.old
+cp /root/.acme.sh/wild-affirm/fullchain.cer /etc/cockpit/ws-certs.d/0-self-signed.cert
+cp /root/.acme.sh/wild-affirm/affirm.duckdns.org.key /etc/cockpit/ws-certs.d/0-self-signed.key
+systemctl start cockpit
+journalctl -xeu cockpit.service
+systemctl start cockpit
+systemctl start cockpit.socket
+systemctl start cockpit
+systemctl status cockpit.service
+ls -la /etc/cockpit/ws-certs.d
+exit
+chmod 774 -R /etc/cockpit/ws-certs.d
+systemctl start cockpit
+systemctl status cockpit.service
+systemctl start cockpit.socket
+systemctl start cockpit
+systemctl stop cockpit
+systemctl start cockpit
+cp /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer /etc/cockpit/ws-certs.d/0-self-signed.cert
+ls -la /etc/cockpit/ws-certs.d
+chmod 774 -R /etc/cockpit/ws-certs.d
+ls -la /etc/cockpit/ws-certs.d
+systemctl start cockpit
+journalctl -u cockpit
+systemctl start cockpit.soket
+systemctl start cockpit.socket
+cat /etc/cockpit/ws-certs.d/0-self-signed.cert
+exit
+cat /etc/cockpit/ws-certs.d/0-self-signed.key
+exit
+systemctl start cockpit
+exit
+systemctl stop cockpit
+systemctl stop cockpit.socket
+systemctl start cockpit
+systemctl start cockpit.socket
+journalctl -u cockpit
+journalctl -u cockpit
+journalctl --rotate
+journalctl --vacuum-time=1s
+journalctl -u cockpit
+journalctl -u cockpit
+journalctl -u cockpit
+journalctl -u cockpit
+nano /etc/cockpit/cockpit.conf 
+ngnix -t
+nginx -t
+nginx -s reload
+exit
+sudo -iu podman
+exit

etc/group

@@ -0,0 +1,61 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:podman
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:podman
+nogroup:x:65534:
+input:x:101:
+sgx:x:102:
+kvm:x:103:
+render:x:104:
+_ssh:x:105:
+_chrony:x:106:
+messagebus:x:107:
+crontab:x:108:
+systemd-journal:x:999:
+systemd-network:x:998:
+ssl-cert:x:109:
+postfix:x:110:
+postdrop:x:111:
+tcpdump:x:112:
+rdma:x:113:
+gluster:x:114:
+tss:x:115:
+ceph:x:64045:
+netdev:x:116:
+cockpit-ws:x:117:
+cockpit-wsinstance:x:118:
+polkitd:x:997:
+podman:x:1000:

etc/group-

@@ -0,0 +1,61 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:podman
+nogroup:x:65534:
+input:x:101:
+sgx:x:102:
+kvm:x:103:
+render:x:104:
+_ssh:x:105:
+_chrony:x:106:
+messagebus:x:107:
+crontab:x:108:
+systemd-journal:x:999:
+systemd-network:x:998:
+ssl-cert:x:109:
+postfix:x:110:
+postdrop:x:111:
+tcpdump:x:112:
+rdma:x:113:
+gluster:x:114:
+tss:x:115:
+ceph:x:64045:
+netdev:x:116:
+cockpit-ws:x:117:
+cockpit-wsinstance:x:118:
+polkitd:x:997:
+podman:x:1000:

etc/gshadow

@@ -0,0 +1,61 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::podman
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::podman
+nogroup:*::
+input:!::
+sgx:!::
+kvm:!::
+render:!::
+_ssh:!::
+_chrony:!::
+messagebus:!::
+crontab:!::
+systemd-journal:!*::
+systemd-network:!*::
+ssl-cert:!::
+postfix:!::
+postdrop:!::
+tcpdump:!::
+rdma:!::
+gluster:!::
+tss:!::
+ceph:!::
+netdev:!::
+cockpit-ws:!::
+cockpit-wsinstance:!::
+polkitd:!*::
+podman:!::

etc/gshadow-

@@ -0,0 +1,61 @@
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::podman
+nogroup:*::
+input:!::
+sgx:!::
+kvm:!::
+render:!::
+_ssh:!::
+_chrony:!::
+messagebus:!::
+crontab:!::
+systemd-journal:!*::
+systemd-network:!*::
+ssl-cert:!::
+postfix:!::
+postdrop:!::
+tcpdump:!::
+rdma:!::
+gluster:!::
+tss:!::
+ceph:!::
+netdev:!::
+cockpit-ws:!::
+cockpit-wsinstance:!::
+polkitd:!*::
+podman:!::

etc/hosts

@@ -0,0 +1,13 @@
+127.0.0.1 localhost.localdomain localhost
+192.168.31.12 pve.affirm.duckdns.org pve
+
+# The following lines are desirable for IPv6 capable hosts
+
+::1     ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
+ff02::3 ip6-allhosts
+
+192.168.0.11 mattermost.phares.duckdns.org

etc/network/interfaces

@@ -0,0 +1,17 @@
+auto lo
+iface lo inet loopback
+
+iface enp2s0 inet manual
+
+auto vmbr0
+iface vmbr0 inet static
+	address 192.168.31.12/25
+	gateway 192.168.31.1
+	bridge-ports enp2s0
+	bridge-stp off
+	bridge-fd 0
+
+iface wlp1s0 inet manual
+
+
+source /etc/network/interfaces.d/*

etc/nginx/sites-available/default

@@ -0,0 +1,10 @@
+include /etc/nginx/include/adguard.conf; # https://adguard.affirm.duckddns.org # http://192.168.31.12:3002/;
+include /etc/nginx/include/chat.conf; # https://chat.affirm.duckddns.org # https://192.168.31.12:5001/;
+include /etc/nginx/include/cockpit.conf; # https://cockpit.affirm.duckddns.org # https://192.168.31.12:9090/;
+include /etc/nginx/include/diskstation.conf; # https://diskstation.affirm.duckddns.org # https://192.168.31.12:5001/;
+include /etc/nginx/include/drive.conf; # https://drive.affirm.duckddns.org # https://192.168.31.12:5001/;
+include /etc/nginx/include/kuma.conf; # https://kuma.affirm.duckddns.org # http://192.168.31.37:3001/;
+include /etc/nginx/include/neko.conf; # https://neko.affirm.duckddns.org # http://192.168.31.12:8082/;
+include /etc/nginx/include/photos.conf; # https://photos.affirm.duckddns.org # https://192.168.31.12:5001/;
+include /etc/nginx/include/pve.conf; # https://pve.affirm.duckddns.org # https://192.168.31.12:8006/;
+include /etc/nginx/include/quartz.conf; # https://quartz.affirm.duckddns.org # http://192.168.31.12:8084/;

etc/passwd

@@ -0,0 +1,34 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
+bin:x:2:2:bin:/bin:/usr/sbin/nologin
+sys:x:3:3:sys:/dev:/usr/sbin/nologin
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/usr/sbin/nologin
+man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
+lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
+mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
+news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
+uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
+proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
+www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
+backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
+list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
+irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
+_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
+nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
+_chrony:x:100:106:Chrony daemon,,,:/var/lib/chrony:/usr/sbin/nologin
+messagebus:x:101:107::/nonexistent:/usr/sbin/nologin
+sshd:x:102:65534::/run/sshd:/usr/sbin/nologin
+_rpc:x:103:65534::/run/rpcbind:/usr/sbin/nologin
+systemd-network:x:998:998:systemd Network Management:/:/usr/sbin/nologin
+postfix:x:104:110::/var/spool/postfix:/usr/sbin/nologin
+tcpdump:x:105:112::/nonexistent:/usr/sbin/nologin
+statd:x:106:65534::/var/lib/nfs:/usr/sbin/nologin
+gluster:x:107:114::/var/lib/glusterd:/usr/sbin/nologin
+tss:x:108:115:TPM software stack,,,:/var/lib/tpm:/bin/false
+ceph:x:64045:64045:Ceph storage service:/var/lib/ceph:/usr/sbin/nologin
+dnsmasq:x:109:65534:dnsmasq,,,:/var/lib/misc:/usr/sbin/nologin
+cockpit-ws:x:110:117::/nonexistent:/usr/sbin/nologin
+cockpit-wsinstance:x:111:118::/nonexistent:/usr/sbin/nologin
+polkitd:x:997:997:polkit:/nonexistent:/usr/sbin/nologin
+podman:x:1000:1000:Podman,,,:/home/podman:/bin/bash

etc/passwd-

@@ -0,0 +1,34 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
+bin:x:2:2:bin:/bin:/usr/sbin/nologin
+sys:x:3:3:sys:/dev:/usr/sbin/nologin
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/usr/sbin/nologin
+man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
+lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
+mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
+news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
+uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
+proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
+www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
+backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
+list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
+irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
+_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
+nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
+_chrony:x:100:106:Chrony daemon,,,:/var/lib/chrony:/usr/sbin/nologin
+messagebus:x:101:107::/nonexistent:/usr/sbin/nologin
+sshd:x:102:65534::/run/sshd:/usr/sbin/nologin
+_rpc:x:103:65534::/run/rpcbind:/usr/sbin/nologin
+systemd-network:x:998:998:systemd Network Management:/:/usr/sbin/nologin
+postfix:x:104:110::/var/spool/postfix:/usr/sbin/nologin
+tcpdump:x:105:112::/nonexistent:/usr/sbin/nologin
+statd:x:106:65534::/var/lib/nfs:/usr/sbin/nologin
+gluster:x:107:114::/var/lib/glusterd:/usr/sbin/nologin
+tss:x:108:115:TPM software stack,,,:/var/lib/tpm:/bin/false
+ceph:x:64045:64045:Ceph storage service:/var/lib/ceph:/usr/sbin/nologin
+dnsmasq:x:109:65534:dnsmasq,,,:/var/lib/misc:/usr/sbin/nologin
+cockpit-ws:x:110:117::/nonexistent:/usr/sbin/nologin
+cockpit-wsinstance:x:111:118::/nonexistent:/usr/sbin/nologin
+polkitd:x:997:997:polkit:/nonexistent:/usr/sbin/nologin
+podman:x:1000:1000::/home/podman:/bin/bash

etc/resolv.conf

@@ -0,0 +1,2 @@
+search affirm.duckdns.org
+nameserver 192.168.31.1

etc/shadow

@@ -0,0 +1,34 @@
+root:$5$oJi8Mxgz$2liscgyLpPtYBiPUgUPZXEPFMUzl8zLaDUp7uFmsgWB:20032:0:99999:7:::
+daemon:*:19936:0:99999:7:::
+bin:*:19936:0:99999:7:::
+sys:*:19936:0:99999:7:::
+sync:*:19936:0:99999:7:::
+games:*:19936:0:99999:7:::
+man:*:19936:0:99999:7:::
+lp:*:19936:0:99999:7:::
+mail:*:19936:0:99999:7:::
+news:*:19936:0:99999:7:::
+uucp:*:19936:0:99999:7:::
+proxy:*:19936:0:99999:7:::
+www-data:*:19936:0:99999:7:::
+backup:*:19936:0:99999:7:::
+list:*:19936:0:99999:7:::
+irc:*:19936:0:99999:7:::
+_apt:*:19936:0:99999:7:::
+nobody:*:19936:0:99999:7:::
+_chrony:!:19936::::::
+messagebus:!:20032::::::
+sshd:!:20032::::::
+_rpc:!:20032::::::
+systemd-network:!*:20032::::::
+postfix:!:20032::::::
+tcpdump:!:20032::::::
+statd:!:20032::::::
+gluster:!:20032::::::
+tss:!:20032::::::
+ceph:!:20032::::::
+dnsmasq:!:20033::::::
+cockpit-ws:!:20033::::::
+cockpit-wsinstance:!:20033::::::
+polkitd:!*:20033::::::
+podman:$y$j9T$nnCjvHHv8TyjZALLaQTLW1$AXTOIYnt4d90f9uFmkIdC8CcWqAlJ429.w645eQnqu2:20033:0:99999:7:::

etc/shadow-

@@ -0,0 +1,33 @@
+root:$5$oJi8Mxgz$2liscgyLpPtYBiPUgUPZXEPFMUzl8zLaDUp7uFmsgWB:20032:0:99999:7:::
+daemon:*:19936:0:99999:7:::
+bin:*:19936:0:99999:7:::
+sys:*:19936:0:99999:7:::
+sync:*:19936:0:99999:7:::
+games:*:19936:0:99999:7:::
+man:*:19936:0:99999:7:::
+lp:*:19936:0:99999:7:::
+mail:*:19936:0:99999:7:::
+news:*:19936:0:99999:7:::
+uucp:*:19936:0:99999:7:::
+proxy:*:19936:0:99999:7:::
+www-data:*:19936:0:99999:7:::
+backup:*:19936:0:99999:7:::
+list:*:19936:0:99999:7:::
+irc:*:19936:0:99999:7:::
+_apt:*:19936:0:99999:7:::
+nobody:*:19936:0:99999:7:::
+_chrony:!:19936::::::
+messagebus:!:20032::::::
+sshd:!:20032::::::
+_rpc:!:20032::::::
+systemd-network:!*:20032::::::
+postfix:!:20032::::::
+tcpdump:!:20032::::::
+statd:!:20032::::::
+gluster:!:20032::::::
+tss:!:20032::::::
+ceph:!:20032::::::
+dnsmasq:!:20033::::::
+cockpit-ws:!:20033::::::
+cockpit-wsinstance:!:20033::::::
+polkitd:!*:20033::::::

etc/sysctl.conf

@@ -0,0 +1,68 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+###################################################################
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+#net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+#net.ipv6.conf.all.forwarding=1
+
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all, >1 bitmask of sysrq functions
+# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html
+# for what other values do
+#kernel.sysrq=438
+

etc/systemd/system/snap.adguard-home.adguard-home.service

@@ -0,0 +1,19 @@
+[Unit]
+# Auto-generated, DO NOT EDIT
+Description=Service for snap application adguard-home.adguard-home
+Requires=snap-adguard\x2dhome-7470.mount
+Wants=network.target
+After=snap-adguard\x2dhome-7470.mount network.target snapd.apparmor.service
+X-Snappy=yes
+
+[Service]
+EnvironmentFile=-/etc/environment
+ExecStart=/usr/bin/snap run adguard-home
+SyslogIdentifier=adguard-home.adguard-home
+Restart=always
+WorkingDirectory=/var/snap/adguard-home/7470
+TimeoutStopSec=30
+Type=simple
+
+[Install]
+WantedBy=multi-user.target

home/podman/.config/containers/systemd/neko-server.container

@@ -0,0 +1,32 @@
+[Container]
+AutoUpdate=registry
+ContainerName=neko-server
+Environment="NEKO_SCREEN=1920x1080@30"
+Environment="NEKO_PASSWORD=neko"
+Environment="NEKO_PASSWORD_ADMIN=admin"
+Environment="NEKO_EPR=52000-52100"
+Environment="NEKO_NAT1TO1=192.168.31.12"
+Image=docker.io/m1k1o/neko:firefox
+# Network=neko.network
+# Pod=neko.pod
+PublishPort=8082:8080/tcp
+PublishPort=52000-52100:52000-52100/udp
+Volume=/etc/localtime:/etc/localtime:ro
+Volume=/etc/timezone:/etc/timezone:ro
+
+[Service]
+Restart=no
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull docker.io/m1k1o/neko:firefox
+# systemctl --user daemon-reload
+# systemctl --user start neko-server
+# systemctl --user status neko-server
+# journalctl -fu neko-server.service
+# podman logs neko-server
+# systemctl --user stop neko-server
+# systemctl --user disable neko-server
+# podman exec -ti neko-server /bin/sh
+# podman exec -ti neko-server /bin/bash