2024-11-23

.gitignore

@@ -43,15 +43,18 @@
 !etc/dnsmasq.d/*
 !etc/fstab/*
 !etc/netplan/*
+!etc/nginx/include/*
 !etc/nginx/sites-available/*
 !etc/mysql/mariadb.conf.d/*
 !etc/php/*
 !etc/postgresql/*
 !etc/wsl/*
+!etc/dnsmasq.d/SDN/*
 
 !etc/letsencrypt/**/*
 
 !opt/copy/**/*
+!opt/dockge/**/*.yaml
 
 !root/**/*container
 !home/podman/**/*volume

.vscode/settings.json

@@ -3,5 +3,11 @@
         "*.container": "ini",
         "*.org": "ini",
         "*.net": "ini"
-    }
+    },
+    "cSpell.words": [
+        "diskstation",
+        "dockge",
+        "neko",
+        "phares"
+    ]
 }

etc/bash_history_2024-11-23.txt

@@ -0,0 +1,500 @@
+nginx -t
+nginx -s reload
+exit
+ln -s /var/log/nginx /var/www/html/log-nginx
+ls -la /var/www/html
+cp ~/.bash_history /etc/bash_history_2024-11-05.txt
+cat /etc/bash_history_2024-11-05.txt
+exit
+apt-get install podman -y
+apt-cache rdepends podman-compose
+apt-get install podman-compose -y
+apt-get install sudo
+mkdir /home/podman/.ssh
+cp /root/.ssh/authorized_keys /home/podman/.ssh/authorized_keys
+chown podman:podman -R /home/podman
+adduser podman sudo
+loginctl enable-linger
+sudo -iu podman
+podman --version
+sudo -iu podman
+sudo -iu podman
+mkdir -p /run/user/1000/
+chown -R podman:podman /run/user/1000/
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+systemctl --user start uptime-kuma-server
+systemctl start uptime-kuma-server
+sudo -iu podman
+sudo -iu podman
+find / -name "*fedora*" 2>/dev/null
+nano /usr/share/lxc/config/fedora.common.conf
+nano /usr/share/lxc/config/fedora.common.conf
+nano /usr/share/lxc/config/fedora.common.conf
+nano /usr/share/lxc/config/fedora.common.conf
+nano /usr/share/lxc/config/fedora.userns.conf
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+chown -R podman:podman /home/podman
+sudo -iu podman
+apt install podman-quadlet
+ls -la /usr/libexec/podman
+systemctl -l | grep -i rootlessport
+ps aux | grep rootlessport
+whereis podman-generate-systemd
+exit
+clear
+apt list --installed
+sudo -iu podman
+exit
+sudo -iu podman
+exit
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/ct/ubuntu.sh)"
+apt-get install podman-compose -y
+exit
+pip3 install podman-compose
+systemctl enable podmand
+apt install podman
+systemctl enable podmand
+podman --version
+systemctl enable podman.socket
+systemctl start podman.socket
+systemctl status podman.socket
+apt-get install cockpit cockpit-podman -y
+systemctl enable --now cockpit.socket
+sudo -iu podman
+apt install software-properties-common uidmap -y
+sudo -iu podman
+apt-get install -y libapparmor-dev
+cd /tmp/acme.sh
+ls /root/.acme.sh/
+./acme.sh --issue --dns dns_duckdns -d '*.phares.duckdns.org' --debug --home /root/.acme.sh --dnssleep 120 --days 90 --ecc --server https://acme-v02.api.letsencrypt.org/directory
+cd /tmp
+git clone https://github.com/acmesh-official/acme.sh.git
+cd /tmp/acme.sh
+./acme.sh --install -m mikepharesjr@msn.com
+export DuckDNS_Token=1d3fc707-7052-4459-a624-fb01250f00b9
+echo $DuckDNS_Token
+./acme.sh --register-account -m mikepharesjr@msn.com
+./acme.sh --set-default-ca --server letsencrypt
+./acme.sh --issue --dns dns_duckdns -d '*.phares.duckdns.org' --debug --home /root/.acme.sh --dnssleep 120 --days 90 --ecc --server https://acme-v02.api.letsencrypt.org/directory
+ls
+ls /root/.acme.sh/
+cd /root/.acme.sh/
+cp -R \*.phares.duckdns.org_ecc/ wild-phares
+cd wild-phares/
+ls
+mv \*.phares.duckdns.org.cer phares.duckdns.org.cer
+mv \*.phares.duckdns.org.conf phares.duckdns.org.conf
+mv \*.phares.duckdns.org.csr phares.duckdns.org.csr
+mv \*.phares.duckdns.org.csr.conf phares.duckdns.org.csr.conf
+mv \*.phares.duckdns.org.key phares.duckdns.org.key
+ls
+cd ..
+cd ..
+cd /tmp/
+cd acme.sh/
+ls
+./acme.sh --issue --dns dns_duckdns -d '*.affirm.duckdns.org' --debug --home /root/.acme.sh --dnssleep 120 --days 90 --ecc --server https://acme-v02.api.letsencrypt.org/directory
+cp -R \*.affirm.duckdns.org_ecc/ wild-affirm
+cp -R \*.affirm.duckdns.org_ecc/ wild-affirm
+cp -R /root/.acme.sh/\*.affirm.duckdns.org_ecc/ /root/.acme.sh/wild-affirm
+mv /root/.acme.sh/\*.affirm.duckdns.org.cer /root/.acme.sh/affirm.duckdns.org.cer
+mv /root/.acme.sh/\*.affirm.duckdns.org.conf /root/.acme.sh/affirm.duckdns.org.conf
+mv /root/.acme.sh/\*.affirm.duckdns.org.csr /root/.acme.sh/affirm.duckdns.org.csr
+mv /root/.acme.sh/\*.affirm.duckdns.org.csr.conf /root/.acme.sh/affirm.duckdns.org.csr.conf
+mv /root/.acme.sh/\*.affirm.duckdns.org.key /root/.acme.sh/affirm.duckdns.org.key
+mv /root/.acme.sh/wild-affirm/\*.affirm.duckdns.org.cer /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer
+mv /root/.acme.sh/wild-affirm/\*.affirm.duckdns.org.conf /root/.acme.sh/wild-affirm/affirm.duckdns.org.conf
+mv /root/.acme.sh/wild-affirm/\*.affirm.duckdns.org.csr /root/.acme.sh/wild-affirm/affirm.duckdns.org.csr
+mv /root/.acme.sh/wild-affirm/\*.affirm.duckdns.org.csr.conf /root/.acme.sh/wild-affirm/affirm.duckdns.org.csr.conf
+mv /root/.acme.sh/wild-affirm/\*.affirm.duckdns.org.key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key
+nginx -t
+nginx -s reload
+exit
+rm -R /root/.acme.sh/affirm.duckdns.org_ecc/
+cp /root/.acme.sh/\*.bchs.duckdns.org_ecc /root/.acme.sh/wild-bchs
+cd /root/.acme.sh/
+ls -la
+cd /tmp/
+cd acme.sh/
+./acme.sh --issue --dns dns_duckdns -d '*.bchs.duckdns.org' --debug --home /root/.acme.sh --dnssleep 120 --days 90 --ecc --server https://acme-v02.api.letsencrypt.org/directory
+cp /root/.acme.sh/\*.bchs.duckdns.org_ecc /root/.acme.sh/wild-bchs
+mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.cer /root/.acme.sh/wild-bchs/bchs.duckdns.org.cer
+mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.conf /root/.acme.sh/wild-bchs/bchs.duckdns.org.conf
+mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.csr /root/.acme.sh/wild-bchs/bchs.duckdns.org.csr
+mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.csr.conf /root/.acme.sh/wild-bchs/bchs.duckdns.org.csr.conf
+mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.key /root/.acme.sh/wild-bchs/bchs.duckdns.org.key
+cd /root/.acme.sh/
+ls
+cp /root/.acme.sh/\*.bchs.duckdns.org_ecc /root/.acme.sh/wild-bchs
+cp -R /root/.acme.sh/\*.bchs.duckdns.org_ecc /root/.acme.sh/wild-bchs
+mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.cer /root/.acme.sh/wild-bchs/bchs.duckdns.org.cer
+mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.conf /root/.acme.sh/wild-bchs/bchs.duckdns.org.conf
+mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.csr /root/.acme.sh/wild-bchs/bchs.duckdns.org.csr
+mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.csr.conf /root/.acme.sh/wild-bchs/bchs.duckdns.org.csr.conf
+mv /root/.acme.sh/wild-bchs/\*.bchs.duckdns.org.key /root/.acme.sh/wild-bchs/bchs.duckdns.org.key
+exit
+nginx -t
+nginx -t
+nginx -s reload
+nginx -s reload
+exit
+nano /etc/cockpit/cockpit.conf
+systemctl restart cockpit
+journalctl -u cockpit
+systemctl restart cockpit.service
+systemctl restart cockpit.socket
+exit
+systemctl restart cockpit.socket
+systemctl restart cockpit.service
+journalctl -u cockpit
+systemctl stop cockpit
+systemctl stop cockpit.socket
+exit
+mv /etc/cockpit/ws-certs.d/0-self-signed.cert /etc/cockpit/ws-certs.d/0-self-signed.cert.old
+mv /etc/cockpit/ws-certs.d/0-self-signed.key /etc/cockpit/ws-certs.d/0-self-signed.key.old
+cp /root/.acme.sh/wild-affirm/fullchain.cer /etc/cockpit/ws-certs.d/0-self-signed.cert
+cp /root/.acme.sh/wild-affirm/affirm.duckdns.org.key /etc/cockpit/ws-certs.d/0-self-signed.key
+systemctl start cockpit
+journalctl -xeu cockpit.service
+systemctl start cockpit
+systemctl start cockpit.socket
+systemctl start cockpit
+systemctl status cockpit.service
+ls -la /etc/cockpit/ws-certs.d
+exit
+chmod 774 -R /etc/cockpit/ws-certs.d
+systemctl start cockpit
+systemctl status cockpit.service
+systemctl start cockpit.socket
+systemctl start cockpit
+systemctl stop cockpit
+systemctl start cockpit
+cp /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer /etc/cockpit/ws-certs.d/0-self-signed.cert
+ls -la /etc/cockpit/ws-certs.d
+chmod 774 -R /etc/cockpit/ws-certs.d
+ls -la /etc/cockpit/ws-certs.d
+systemctl start cockpit
+journalctl -u cockpit
+systemctl start cockpit.soket
+systemctl start cockpit.socket
+cat /etc/cockpit/ws-certs.d/0-self-signed.cert
+exit
+cat /etc/cockpit/ws-certs.d/0-self-signed.key
+exit
+systemctl start cockpit
+exit
+systemctl stop cockpit
+systemctl stop cockpit.socket
+systemctl start cockpit
+systemctl start cockpit.socket
+journalctl -u cockpit
+journalctl -u cockpit
+journalctl --rotate
+journalctl --vacuum-time=1s
+journalctl -u cockpit
+journalctl -u cockpit
+journalctl -u cockpit
+journalctl -u cockpit
+nano /etc/cockpit/cockpit.conf 
+ngnix -t
+nginx -t
+nginx -s reload
+exit
+sudo -iu podman
+exit
+cp ~/.bash_history /etc/bash_history_2024-11-11.txt
+cat /etc/bash_history_2024-11-11.txt
+ls
+ls -la
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/ct/uptimekuma.sh)"
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/ct/uptimekuma.sh)"
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/ct/uptimekuma.sh)"
+/etc/network/interfaces
+ls /etc/network/interfaces
+cat /etc/network/interfaces
+ping 192.168.31.31
+ping 192.168.31.32
+ngnix -t
+nginx -s reload
+links http://192.168.31.31:3001
+links http://192.168.31.31:3001
+links http://192.168.31.31
+links http://192.168.31.31:3002
+links http://192.168.31.32:3001
+nginx -s reload
+nginx -s reload
+nginx -s reload
+nginx -s reload
+links http://192.168.31.65:3001
+links https://192.168.31.65:3001
+links http://192.168.31.12:8006
+links http://192.168.31.12:8006
+nginx -s reload
+nginx -s reload
+cat /etc/systemd/system/getty@.service.d/autologin.conf
+pct enter 100
+nginx -s reload
+pct enter 100
+pct enter 101
+pct enter 100
+nginx -s reload
+pct enter 100
+mkdir /mnt/vm-100-disk-0
+mount /dev/pve/vm-100-disk-0 /mnt/vm-100-disk-0
+cd /mnt/vm-100-disk-0
+ls -la
+cp /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer /certs/server.cert
+cp /root/.acme.sh/wild-affirm/affirm.duckdns.org.key /certs/server.key
+mkdir /mnt/vm-100-disk-0/certs
+cp /root/.acme.sh/wild-affirm/affirm.duckdns.org.key /certs/server.key
+cp /root/.acme.sh/wild-affirm/affirm.duckdns.org.key /certs/server.key
+ls
+cd certs/
+ls
+cp /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer /certs/server.cert
+nano /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer 
+cp /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer /mnt/vm-100-disk-0/certs/server.cert
+cp /root/.acme.sh/wild-affirm/affirm.duckdns.org.key /mnt/vm-100-disk-0/certs/server.key
+ls
+ls -la
+umount /mnt/vm-100-disk-0
+cd /
+umount /mnt/vm-100-disk-0
+cd /mnt/vm-100-disk-0
+ls
+pct enter 100
+pct enter 100
+pct enter 100
+links http://192.168.31.39:3001
+links http://192.168.31.39:3004
+links https://192.168.31.39:3001
+nginx -s reload
+links https://192.168.31.39:3001
+ip a
+pct enter 100
+pct enter 100
+pct enter 100
+nginx -s reload
+pct enter 100
+nano /etc/hosts
+pct enter 100
+ping mattermost.phares.duckdns.org
+curl https://mattermost.phares.duckdns.org
+pct enter 100
+exit
+links http://192.168.31.12:8084/
+cp /var/www/html /var/www/html-quartz
+cp -R /var/www/html /var/www/html-quartz
+links http://192.168.31.12:8084/
+nginx -s reload
+nginx -s reload
+links http://192.168.31.12:8084/
+ls -la /var/www/html-quartz
+r -r /var/www/html-quartz/log-nginx
+rm -R /var/www/html-quartz/log-nginx
+ls -la /var/www/html-quartz
+mv /var/www/html-quartz/index.nginx-debian.html index.html
+links http://192.168.31.12:8084/
+ls
+mv index.html /var/www/html-quartz/
+ls
+links http://192.168.31.12:8084/
+links http://192.168.31.12:8084/
+exit
+cd /run/user/1000/
+cd systemd/
+ls -la
+nano generator.late/
+cd generator.late/
+ls
+cd ..
+mkdir /run/user/1000/systemd/generator
+cp /home/podman/libexec-podman-quadlet-output/neko-server.service /run/user/1000/systemd/generator/neko-server.service
+cd generator
+ls
+sudo -iu podman
+sudo -iu podman
+ls -la /run/user/1000/systemd/generator/neko-server.service
+ls -la /run/user/1000/systemd/generator
+ls -la /run/user/1000/systemd
+mkdir /run/user/1000/systemd/generator
+cp /home/podman/libexec-podman-quadlet-output/neko-server.service /run/user/1000/systemd/generator/neko-server.service
+sudo -iu podman
+nginx -s reload
+nginx -s reload
+sudo -iu podman
+cp /home/podman/libexec-podman-quadlet-output/neko-server.service /run/user/1000/systemd/generator/neko-server.service
+mkdir /run/user/1000/systemd/generator
+cp /home/podman/libexec-podman-quadlet-output/neko-server.service /run/user/1000/systemd/generator/neko-server.service
+exit
+mkdir /run/user/1000/systemd/generator
+cp /home/podman/libexec-podman-quadlet-output/neko-server.service /run/user/1000/systemd/generator/neko-server.service
+sudo -iu podman
+nginx -s reload
+exit
+cat /etc/network/interfaces
+apt update
+apt install dnsmasq -y
+systemctl disable --now dnsmasq
+apt install frr-pythontools -y
+exit
+exit
+cat /etc/network/interfaces
+nginx -s reload
+links http://192.168.32.100:3001
+curl http://192.168.32.100:3001
+curl http://192.168.32.100:3001
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/vm/ubuntu2404-vm.sh)"
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/vm/ubuntu2404-vm.sh)"
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/ct/adguard.sh)"
+curl http://192.168.32.100:3001
+snap remove addguard
+snap remove addguardhome
+snap remove adguardhome
+snap remove adguard
+snap remove adguard-home
+snap install adguard-home
+curl http:192.168.31.12:3000
+curl http://192.168.31.12:3000
+nginx -s reload
+nginx -s reload
+curl http:192.168.31.100:3002
+curl http://192.168.31.100:3002
+curl http://192.168.31.100:3000
+curl http://192.168.31.100:3001
+curl http://192.168.31.100:3001
+ping 192.168.32.100
+curl http://192.168.32.100:3002
+curl http://192.168.32.100:3001
+links http://192.168.32.100:3001/
+nginx -s reload
+pct enter 100
+curl http://192.168.32.100:3001
+curl http://192.168.32.100:3001/dashboardroot
+nano /etc/dnsmasq.d/SDN/ethers
+pct enter 100
+nano /etc/hosts
+pct enter 100
+pct enter 100
+nano /etc/hosts
+pct modify /etc/hosts 100
+exit
+cat /var/lib/misc/dnsmasq.SDN.leases
+exit
+mviewcl
+lsblk -I 8 -o NAME,SIZE,TYPE,FSUSED,FSUSE%
+docker
+exit
+snap info
+snap
+snap find
+snap list
+exit
+cd /tmp
+curl -fsSL https://get.docker.com -o get-docker.sh
+sh get-docker.sh
+docker ps -a
+exit
+cd /tmp
+mkdir -p /opt/stacks /opt/dockge
+cd /opt/dockge
+curl https://raw.githubusercontent.com/louislam/dockge/master/compose.yaml --output compose.yaml
+docker compose up -d
+nginx -s reload
+nginx -s reload
+apt install podman-docker
+/usr/libexec/podman/quadlet -dryrun --user
+apt install podman-docker
+docker down
+docker
+docker stop
+docker ls
+docker ps a
+docker ps -a
+docker stop c
+nginx -s reload
+docker compose up -d
+docker ps -a
+docker stop c
+docker compose up -d
+nginx -s reload
+curl http://192.168.31.12:5800
+nginx -s reload
+nginx -s reload
+nginx -s reload
+docker exec -it firefox bash
+docker ps -a
+docker exec -it 1 bash
+docker exec -it 1 sh
+exit
+exit
+exit
+docker exec -it 1 bash
+docker exec -it firefox bash
+docker ps a
+docker ps -a
+docker exec -it 1 bash
+docker exec -it 1 sh
+snap list
+nginx -s reload
+snap install dotnet-sdk --classic --channel latest/stable
+export DOTNET_ROOT=/snap/dotnet-sdk/current
+~/.bashrc
+dotnet --info
+exit
+cd /tmp/
+git clone https://33aada599f8e245782e68931fe2629a959af5d26@gitea.phares.duckdns.org/phares3757/one-review.git
+cd one-review/
+git checkout origin/11-17
+git log -1
+docker compose -up
+docker compose up
+docker compose up
+nano docker-compose.yaml 
+exit
+links http://localhost:5001
+links http://192.168.11.2:5001
+exit
+nginx -s reload
+links http://localhost:5000/Products
+exit
+cd /tmp/
+cd one-review/
+nano docker-compose.yaml 
+docker compose up
+docker ps -a\
+docker ps -a
+docker images ls
+docker image ls
+git pull origin 11-17
+git log -1
+git reset --hard
+git log -1
+git pull origin 11-17
+git log -1
+docker compose up
+docker ps -a
+docker image ls
+docker compose up
+docker compose up
+dotnet run --project src/OneReview
+dotnet run --project src/OneReview
+docker image ls
+docker image ls
+docker image rm 0f
+docker image rm 0f
+docker ps -a
+docker container rm e5
+docker image rm 0f
+docker compose up
+exit
+nginx -t
+nginx -s reload

etc/dnsmasq.d/README

@@ -0,0 +1,7 @@
+# All files in this directory will be read by dnsmasq as 
+# configuration files, except if their names end in 
+# ".dpkg-dist",".dpkg-old" or ".dpkg-new"
+#
+# This can be changed by editing /etc/default/dnsmasq
+
+

etc/dnsmasq.d/SDN/00-default.conf

@@ -0,0 +1,24 @@
+except-interface=lo
+enable-ra
+quiet-ra
+bind-dynamic
+no-hosts
+dhcp-leasefile=/var/lib/misc/dnsmasq.SDN.leases
+dhcp-hostsfile=/etc/dnsmasq.d/SDN/ethers
+dhcp-ignore=tag:!known
+
+dhcp-option=26,1500
+ra-param=*,mtu:1500,0
+
+# Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave.
+dhcp-option=252,"\n"
+
+# Send microsoft-specific option to tell windows to release the DHCP lease
+# when it shuts down. Note the "i" flag, to tell dnsmasq to send the
+# value as a four-byte integer - that's what microsoft wants.
+dhcp-option=vendor:MSFT,2,1i
+
+# If a DHCP client claims that its name is "wpad", ignore that.
+# This fixes a security hole. see CERT Vulnerability VU#598349
+dhcp-name-match=set:wpad-ignore,wpad
+dhcp-ignore-names=tag:wpad-ignore

etc/dnsmasq.d/SDN/10-SDN.conf

@@ -0,0 +1,3 @@
+dhcp-option=tag:SDN-192.168.32.1-25,option:router,192.168.32.1
+dhcp-range=set:SDN-192.168.32.1-25,192.168.32.1,static,255.255.255.128,infinite
+interface=SDN

etc/dnsmasq.d/SDN/ethers

@@ -0,0 +1,2 @@
+BC:24:11:D6:FC:B3,192.168.32.100
+BC:24:11:6A:65:00,192.168.32.101

etc/group

@@ -59,3 +59,6 @@ cockpit-ws:x:117:
 cockpit-wsinstance:x:118:
 polkitd:x:997:
 podman:x:1000:
+frrvty:x:119:frr
+frr:x:120:
+docker:x:996:

etc/group-

@@ -18,7 +18,7 @@ voice:x:22:
 cdrom:x:24:
 floppy:x:25:
 tape:x:26:
-sudo:x:27:
+sudo:x:27:podman
 audio:x:29:
 dip:x:30:
 www-data:x:33:
@@ -59,3 +59,5 @@ cockpit-ws:x:117:
 cockpit-wsinstance:x:118:
 polkitd:x:997:
 podman:x:1000:
+frrvty:x:119:frr
+frr:x:120:

etc/gshadow

@@ -59,3 +59,6 @@ cockpit-ws:!::
 cockpit-wsinstance:!::
 polkitd:!*::
 podman:!::
+frrvty:!::frr
+frr:!::
+docker:!::

etc/gshadow-

@@ -18,7 +18,7 @@ voice:*::
 cdrom:*::
 floppy:*::
 tape:*::
-sudo:*::
+sudo:*::podman
 audio:*::
 dip:*::
 www-data:*::
@@ -59,3 +59,5 @@ cockpit-ws:!::
 cockpit-wsinstance:!::
 polkitd:!*::
 podman:!::
+frrvty:!::frr
+frr:!::

etc/hosts

@@ -1,5 +1,13 @@
 127.0.0.1 localhost.localdomain localhost
+127.0.1.1 uptimekuma.affirm.duckdns.org
+#
+192.168.0.11 mattermost.phares.duckdns.org
+192.168.0.11 vaultwarden.phares.duckdns.org
+192.168.0.11 gitea.phares.duckdns.org
+#
 192.168.31.12 pve.affirm.duckdns.org pve
+192.168.31.12 cockpit.affirm.duckdns.org
+
 
 # The following lines are desirable for IPv6 capable hosts
 
@@ -9,5 +17,3 @@ ff00::0 ip6-mcastprefix
 ff02::1 ip6-allnodes
 ff02::2 ip6-allrouters
 ff02::3 ip6-allhosts
-
-192.168.0.11 mattermost.phares.duckdns.org

etc/nginx/include/adguard.conf

@@ -0,0 +1,20 @@
+server {
+    # touch /etc/nginx/include/adguard.affirm.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/adguard.affirm.duckdns.org.key -out /etc/nginx/include/adguard.affirm.duckdns.org.crt -config /etc/nginx/include/adguard.affirm.duckdns.org
+    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
+    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
+    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name adguard.affirm.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.31.12:3002/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/include/chat.conf

@@ -0,0 +1,20 @@
+server {
+    # touch /etc/nginx/include/chat.affirm.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/chat.affirm.duckdns.org.key -out /etc/nginx/include/chat.affirm.duckdns.org.crt -config /etc/nginx/include/chat.affirm.duckdns.org
+    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
+    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
+    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name chat.affirm.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              https://192.168.0.31:5001/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/include/cockpit.conf

@@ -0,0 +1,24 @@
+server {
+    # touch /etc/nginx/include/cockpit.affirm.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/cockpit.affirm.duckdns.org.key -out /etc/nginx/include/cockpit.affirm.duckdns.org.crt -config /etc/nginx/include/cockpit.affirm.duckdns.org
+    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
+    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
+    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name cockpit.affirm.duckdns.org;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              https://127.0.0.1:9090/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+        proxy_http_version 1.1;
+        proxy_buffering off;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        gzip off;
+    }
+}

etc/nginx/include/diskstation.conf

@@ -0,0 +1,18 @@
+server {
+    # touch /etc/nginx/include/diskstation.affirm.duckdns.org
+    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
+    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
+    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name diskstation.affirm.duckdns.org;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              https://192.168.0.31:5001/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/include/dockge.conf

@@ -0,0 +1,20 @@
+server {
+    # touch /etc/nginx/include/dockge.affirm.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/dockge.affirm.duckdns.org.key -out /etc/nginx/include/dockge.affirm.duckdns.org.crt -config /etc/nginx/include/dockge.affirm.duckdns.org
+    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
+    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
+    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name dockge.affirm.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.31.12:5002/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/include/drive.conf

@@ -0,0 +1,18 @@
+server {
+    # touch /etc/nginx/include/drive.affirm.duckdns.org
+    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
+    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
+    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name drive.affirm.duckdns.org;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              https://192.168.0.31:5001/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/include/firefox.conf

@@ -0,0 +1,19 @@
+server {
+    # touch /etc/nginx/include/firefox.affirm.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/firefox.affirm.duckdns.org.key -out /etc/nginx/include/firefox.affirm.duckdns.org.crt -config /etc/nginx/include/firefox.affirm.duckdns.org
+    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
+    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
+    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name firefox.affirm.duckdns.org;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.31.12:5800/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/include/kuma.conf

@@ -0,0 +1,32 @@
+server {
+    # touch /etc/nginx/include/kuma.affirm.duckdns.org
+    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
+    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
+    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name kuma.affirm.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.31.12:3001/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}
+
+# [Container]
+# AutoUpdate=registry
+# ContainerName=uptime-kuma-server
+# Environment="UPTIME_KUMA_SSL_CERT=/certs/server.cert"
+# Environment="UPTIME_KUMA_SSL_KEY=/certs/server.key"
+# Image=docker.io/louislam/uptime-kuma:1
+# PodmanArgs=--add-host=cockpit.phares.duckdns.org:192.168.11.2
+# PodmanArgs=--add-host=mattermost.phares.duckdns.org:192.168.11.2
+# PublishPort=3004:3001
+# Volume=uptime-kuma-server-data.volume:/app/data:rw
+# Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro
+# Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro

etc/nginx/include/neko.conf

@@ -0,0 +1,24 @@
+server {
+    # touch /etc/nginx/include/neko.affirm.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/neko.affirm.duckdns.org.key -out /etc/nginx/include/neko.phares.duckdns.org.crt -config /etc/nginx/include/neko.phares.duckdns.org
+    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
+    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
+    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name neko.affirm.duckdns.org;
+    location / {
+        # https://neko.m1k1o.net/#/getting-started/reverse-proxy
+        proxy_pass http://192.168.31.12:8082;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_read_timeout 86400;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_set_header X-Forwarded-Protocol $scheme;
+    }
+}

etc/nginx/include/photos.conf

@@ -0,0 +1,19 @@
+server {
+    # touch /etc/nginx/include/photos.affirm.duckdns.org
+    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
+    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
+    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name photos.affirm.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              https://192.168.0.31:5001/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/include/products.conf

@@ -0,0 +1,19 @@
+server {
+    # touch /etc/nginx/include/products.affirm.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/products.affirm.duckdns.org.key -out /etc/nginx/include/products.affirm.duckdns.org.crt -config /etc/nginx/include/products.affirm.duckdns.org
+    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
+    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
+    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name products.affirm.duckdns.org;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.31.12:5005/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/include/pve.conf

@@ -0,0 +1,22 @@
+server {
+    # touch /etc/nginx/include/pve.affirm.duckdns.org
+    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
+    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
+    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name pve.affirm.duckdns.org;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              https://192.168.31.12:8006/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+        proxy_buffering off;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        client_max_body_size 500M;
+    }
+}

etc/nginx/include/quartz.conf

@@ -0,0 +1,23 @@
+server {
+	listen 8084 default_server;
+	root /var/www/html-quartz;
+	index index.html index.htm;
+	server_name _;
+	location / {
+		try_files $uri $uri/ =404;
+	}
+}
+server {
+    # touch /etc/nginx/include/quartz.affirm.duckdns.org
+    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
+    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
+    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name quartz.affirm.duckdns.org;
+    root /var/www/html-quartz;
+    index index.html index.htm index.nginx-debian.html;
+    location / {
+        try_files $uri $uri.html $uri/ =404;
+    }
+}

etc/nginx/sites-available/default

@@ -1,10 +1,14 @@
-include /etc/nginx/include/adguard.conf; # https://adguard.affirm.duckddns.org # http://192.168.31.12:3002/;
+include /etc/nginx/include/adguard.conf; # https://adguard.affirm.duckdns.org # http://192.168.31.12:3002/;
-include /etc/nginx/include/chat.conf; # https://chat.affirm.duckddns.org # https://192.168.31.12:5001/;
+include /etc/nginx/include/chat.conf; # https://chat.affirm.duckdns.org # https://192.168.31.12:5001/;
-include /etc/nginx/include/cockpit.conf; # https://cockpit.affirm.duckddns.org # https://192.168.31.12:9090/;
+include /etc/nginx/include/cockpit.conf; # https://cockpit.affirm.duckdns.org # https://192.168.31.12:9090/;
-include /etc/nginx/include/diskstation.conf; # https://diskstation.affirm.duckddns.org # https://192.168.31.12:5001/;
+include /etc/nginx/include/diskstation.conf; # https://diskstation.affirm.duckdns.org # https://192.168.31.12:5001/;
-include /etc/nginx/include/drive.conf; # https://drive.affirm.duckddns.org # https://192.168.31.12:5001/;
+include /etc/nginx/include/dockge.conf; # https://dockge.affirm.duckdns.org # http://192.168.31.12:5002/;
-include /etc/nginx/include/kuma.conf; # https://kuma.affirm.duckddns.org # http://192.168.31.37:3001/;
+include /etc/nginx/include/drive.conf; # https://drive.affirm.duckdns.org # https://192.168.31.12:5001/;
-include /etc/nginx/include/neko.conf; # https://neko.affirm.duckddns.org # http://192.168.31.12:8082/;
+include /etc/nginx/include/firefox.conf; # https://firefox.affirm.duckdns.org # http://192.168.31.12:5800/;
-include /etc/nginx/include/photos.conf; # https://photos.affirm.duckddns.org # https://192.168.31.12:5001/;
+include /etc/nginx/include/kuma.conf; # https://kuma.affirm.duckdns.org # http://192.168.32.100:3001/;
-include /etc/nginx/include/pve.conf; # https://pve.affirm.duckddns.org # https://192.168.31.12:8006/;
+include /etc/nginx/include/neko.conf; # https://neko.affirm.duckdns.org # http://192.168.31.12:8082/;
-include /etc/nginx/include/quartz.conf; # https://quartz.affirm.duckddns.org # http://192.168.31.12:8084/;
+include /etc/nginx/include/photos.conf; # https://photos.affirm.duckdns.org # https://192.168.31.12:5001/;
+include /etc/nginx/include/products.conf; # https://products.affirm.duckdns.org # https://192.168.31.12:5005/;
+include /etc/nginx/include/pve.conf; # https://pve.affirm.duckdns.org # https://192.168.31.12:8006/;
+include /etc/nginx/include/quartz.conf; # https://quartz.affirm.duckdns.org # http://192.168.31.12:8084/;
+# ssh root@free.file.sync.media -i C:/Users/phares/.ssh/id_ed25519

etc/passwd

@@ -32,3 +32,4 @@ cockpit-ws:x:110:117::/nonexistent:/usr/sbin/nologin
 cockpit-wsinstance:x:111:118::/nonexistent:/usr/sbin/nologin
 polkitd:x:997:997:polkit:/nonexistent:/usr/sbin/nologin
 podman:x:1000:1000:Podman,,,:/home/podman:/bin/bash
+frr:x:112:120:Frr routing suite,,,:/nonexistent:/usr/sbin/nologin

etc/passwd-

@@ -31,4 +31,5 @@ dnsmasq:x:109:65534:dnsmasq,,,:/var/lib/misc:/usr/sbin/nologin
 cockpit-ws:x:110:117::/nonexistent:/usr/sbin/nologin
 cockpit-wsinstance:x:111:118::/nonexistent:/usr/sbin/nologin
 polkitd:x:997:997:polkit:/nonexistent:/usr/sbin/nologin
-podman:x:1000:1000::/home/podman:/bin/bash
+podman:x:1000:1000:Podman,,,:/home/podman:/bin/bash
+frr:x:112:120::/nonexistent:/usr/sbin/nologin

etc/resolv.conf

@@ -1,2 +1,2 @@
 search affirm.duckdns.org
-nameserver 192.168.31.1
+nameserver 192.168.31.12

etc/shadow

@@ -32,3 +32,4 @@ cockpit-ws:!:20033::::::
 cockpit-wsinstance:!:20033::::::
 polkitd:!*:20033::::::
 podman:$y$j9T$nnCjvHHv8TyjZALLaQTLW1$AXTOIYnt4d90f9uFmkIdC8CcWqAlJ429.w645eQnqu2:20033:0:99999:7:::
+frr:!:20039::::::

etc/shadow-

@@ -31,3 +31,4 @@ dnsmasq:!:20033::::::
 cockpit-ws:!:20033::::::
 cockpit-wsinstance:!:20033::::::
 polkitd:!*:20033::::::
+podman:$y$j9T$nnCjvHHv8TyjZALLaQTLW1$AXTOIYnt4d90f9uFmkIdC8CcWqAlJ429.w645eQnqu2:20033:0:99999:7:::

opt/dockge/compose.yaml

@@ -0,0 +1,22 @@
+services:
+  dockge:
+    image: louislam/dockge:1
+    restart: unless-stopped
+    ports:
+      # Host Port : Container Port
+      - 5002:5001
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./data:/app/data
+        
+      # If you want to use private registries, you need to share the auth file with Dockge:
+      # - /root/.docker/:/root/.docker
+
+      # Stacks Directory
+      # ⚠️ READ IT CAREFULLY. If you did it wrong, your data could end up writing into a WRONG PATH.
+      # ⚠️ 1. FULL path only. No relative path (MUST)
+      # ⚠️ 2. Left Stacks Path === Right Stacks Path (MUST)
+      - /opt/stacks:/opt/stacks
+    environment:
+      # Tell Dockge where is your stacks directory
+      - DOCKGE_STACKS_DIR=/opt/stacks