diff --git a/.gitignore b/.gitignore index 858cdd9..cb0f1e5 100644 --- a/.gitignore +++ b/.gitignore @@ -55,6 +55,8 @@ !opt/copy/**/* !opt/dockge/**/*.yaml +!var/spool/cron/crontabs/**/* + !root/**/*container !home/podman/**/*volume !home/podman/**/*container @@ -64,4 +66,4 @@ # !usr/local/etc/gogs/conf/app.ini # !usr/local/etc/no-ip2.conf # !var/snap/nextcloud/current/nextcloud/config/* -# !var/www/html/.well-known/acme-challenge/* +# !var/www/html/.well-known/acme-challenge/* \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json index 398e1b2..14cd3b0 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -2,25 +2,35 @@ "files.associations": { "*.container": "ini", "*.org": "ini", - "*.net": "ini" + "*.net": "ini", + "podman": "ini", + "default": "ini" }, "cSpell.words": [ "ASPNETCORE", + "autoindex", "bchs", "blinko", "dashkiosk", "dockge", "docmost", + "dorico", "duckdns", + "fauth", + "fullchain", "gitea", "gogs", "immich", "journalctl", "kestra", + "keyout", "linkwarden", "localtime", + "lphares", "neko", + "newkey", "odoo", + "personalised", "pgadmin", "phares", "umbrel", diff --git a/.vscode/tasks.json b/.vscode/tasks.json new file mode 100644 index 0000000..e60a89a --- /dev/null +++ b/.vscode/tasks.json @@ -0,0 +1,20 @@ +{ + "version": "2.0.0", + "tasks": [ + { + "label": "File-Folder-Helper AOT s X Day-Helper-2025-01-01", + "type": "shell", + "command": "L:/DevOps/Mesa_FI/File-Folder-Helper/bin/Release/net9.0/win-x64/publish/File-Folder-Helper.exe", + "args": [ + "s", + "X", + "D:/6-Other-Large-Z/Linux-Ubuntu-Phares/home/podman/cron-backup", + "Day-Helper-2025-01-01", + "*.tar", + "-202", + "-Delete" + ], + "problemMatcher": [] + } + ] +} \ No newline at end of file diff --git a/etc/bash_history_2024-01-03_podman.txt b/etc/bash_history_2024-01-03_podman.txt new file mode 100644 index 0000000..447e106 --- /dev/null +++ b/etc/bash_history_2024-01-03_podman.txt @@ -0,0 +1,500 @@ +podman exec -ti immich-to-slideshow-server /bin/bash +cp -R /var/www/html-slideshow/Images-c9dbce3b-Results/F\)Random/c9dbce3b/\[\]/* /var/www/html-slideshow/slideshow/random-results/ +exit +ls -al /var/www/html-slideshow/slideshow/random-results +exit +podman exec -ti immich-to-slideshow-server /bin/bash +exit +systemctl --user start immich-to-slideshow-server +exit +exit +systemctl --user start immich-to-slideshow-server +podman exec -ti immich-to-slideshow-server /bin/bash +exit +systemctl --user start immich-to-slideshow-server +exit +podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest +systemctl --user start immich-to-slideshow-server +exit +podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest +systemctl --user start immich-to-slideshow-server +exit +systemctl --user start immich-to-slideshow-server +exit +systemctl --user start immich-to-slideshow-server +exit +podman exec -ti immich-to-slideshow-server /bin/bash +systemctl --user start immich-to-slideshow-server +podman exec -ti immich-to-slideshow-server /bin/bash +exit +systemctl --user start immich-to-slideshow-server +podman exec -ti immich-to-slideshow-server /bin/bash +exit +podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest +systemctl --user start immich-to-slideshow-server +exit +podman pull docker.io/damongolding/immich-kiosk:latest +exit +systemctl --user start immich-kiosk +exit +systemctl --user start immich-kiosk +exit +systemctl --user start immich-kiosk +exit +systemctl --user start immich-kiosk +exit +systemctl --user start immich-kiosk +exit +systemctl --user start immich-to-slideshow-server +systemctl --user status immich-to-slideshow-server +exit +systemctl --user status immich-to-slideshow-server +systemctl --user start immich-to-slideshow-server +nano ~/.microsoft/usersecrets/cc24ad7a-1d95-4c47-a3ea-0d8475ab06da/secrets.json +exit +podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest +exit +systemctl --user start immich-to-slideshow-server +exit +podman pull tananaev/traccar:latest +podman pull tananaev.org/traccar:latest +podman pull traccar.org/traccar:latest +podman pull docker.io/traccar/traccar:latest +exit +systemctl --user start traccar-server +systemctl --user status traccar-server --lines=999 +ls -la /opt/traccar/ +ls -la /opt/traccar/logs/ +exit +systemctl --user status traccar-server --lines=999 +systemctl --user start traccar-server +nano /opt/traccar/traccar.xml +exit +nano /opt/traccar/traccar.xml +systemctl --user start traccar-server +systemctl --user status traccar-server --lines=999 +nano /opt/traccar/traccar.xml +nano /opt/traccar/traccar.xml +systemctl --user start traccar-server +systemctl --user status traccar-server --lines=999 +podman pull ghcr.io/linkwarden/linkwarden:latest +podman pull ghcr.io/linkwarden/linkwarden:latest +podman pull docker.io/postgres:16-alpine +podman pull docker.io/postgres:16-alpine +podman pull ghcr.io/linkwarden/linkwarden:latest +podman pull ghcr.io/linkwarden/linkwarden:latest +exit +systemctl --user start linkwarden-db +systemctl --user start linkwarden-server +systemctl --user status linkwarden-server --lines=9999 +exit +systemctl --user start linkwarden-server +systemctl --user status linkwarden-server --lines=9999 +exit +systemctl --user start linkwarden-server +systemctl --user status linkwarden-server --lines=9999 +exit +podman pull docker.io/blinkospace/blinko:latest +podman pull docker.io/postgres:14 +systemctl --user start blinko-server +systemctl --user status blinko-server --lines=9999 +systemctl --user start blinko-db +systemctl --user status blinko-db +systemctl --user start blinko-db +systemctl --user start blinko-server +systemctl --user status blinko-server --lines=9999 +exit +podman volunme ls +podman volume ls +podman volume prune +podman volume ls +podman volume rm systemd-odoo-server-data +podman volume rm systemd-odoo-db-data +podman volume rm one-review_postgres_data +podman volume prune +podman volume rm systemd-vaultwarden-server-data +podman volume prune +exit +exit +exit +podman exec -ti mattermost-server /bin/bash +podman volume ls +podman volume inspect systemd-mattermost-server-config +nano /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/config.json +exit +systemctl --user start mattermost-server +systemctl --user status mattermost-server --lines=999 +podman volume prune +systemctl --user start mattermost-server +systemctl --user status mattermost-server --lines=999 +docker system prune --volumes +podman system prune --volumes +exit +systemctl --user start mattermost-server +systemctl --user status mattermost-server --lines=999 +exit +systemctl --user start mattermost-server +systemctl --user status mattermost-server --lines=999 +exit +systemctl --user start linkwarden-server +systemctl --user status linkwarden-server --lines=9999 +podman volume prune +podman volume prune +podman image prune +podman image prune +podman container prune +podman volume prune +podman container prune +exit +exit +podman exec -ti linkwarden-server /bin/bash +podman pull docker.io/mattermost/mattermost-team-edition:release-10.3 +podman pull docker.io/mattermost/mattermost-team-edition:release-10.3 +exit +systemctl --user start mattermost-server +systemctl --user status mattermost-server --lines=999 +exit +systemctl --user start mattermost-server +curl -f http://localhost:8065/api/v4/system/ping || exit 1 +systemctl --user start mattermost-server +podman exec -ti mattermost-server /bin/sh +exit +systemctl --user start mattermost-server +exit +systemctl --user start mattermost-server +exit +systemctl --user start mattermost-server +exit +podman volume ls +podman volume prune +podman volume inspect systemd-blinko-server-data +sudo -i root +sudo -i +podman exec -ti blinko-server /bin/bash +podman exec -ti blinko-server /bin/sh +exit +sudo -i +exit +sudo -i +exit +exit +systemctl --user start linkwarden-server +exit +podman volume list +podman volume info systemd-blinko-server-data +podman volume systemd-blinko-server-data info +podman volume systemd-blinko-server-data +podman volume --help +podman volume inspect systemd-blinko-server-data +ls /home/podman/.local/share/containers/storage/volumes/systemd-blinko-server-data/_data +mkdir -p /home/podman/backup-blinko +podman volume export blinko-server-data --output /home/podman/backup-blinko/blinko-server-data.tar +podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/blinko-server-data.tar +podman volume export systemd-baikal-server-data --output /home/podman/backup-baikal/baikal-server-data.tar +mkdir -p /home/podman/backup-baikal +podman volume export systemd-baikal-server-data --output /home/podman/backup-baikal/baikal-server-data.tar +now=$(date +'%Y-%m-%d_%H-%M-%S') +podman volume export systemd-baikal-server-data --output /home/podman/backup-baikal/baikal-server-data-${now}.tar +crontab -e +exit +crontab -e +crontab -e +crontab -r +exit +podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"\%Y\%m\%d-\%H\%M\%S")'.tar' +exit +podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"%Y-%m-%d--%H-%M-%S")'.tar' +exit +crontab -e +exit +chrontab -e +crontab -e +crontab -e +exit +podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"%Y-%m-%d--%H-%M-%S")'.tar' +whereis podman +/usr/bin/podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"%Y-%m-%d--%H-%M-%S")'.tar' +crontab -e +crontab -e +crontab -e +grep CRON /var/log/syslog +nano /var/log/syslog +cat /var/log/syslog +exit +crontab -l +crontab -r +crontab -e +cat /etc/cron.allow +cat /etc/cron.d/cron.allow +crontab -l -u podman +nano /etc/cron. d/cron +nano /etc/cron +nano /etc/cron.d/cron.allow +crontab -r +crontab -l +exit +crontab -l +crontab -e +systemctl status cron +sudo -i +systemctl status cron +crontab -e +crontab -e +systemctl status cron +systemctl status cron +systemctl status cron +crontab -l +crontab -e +systemctl status cron +systemctl status cron +service cron status +crontab -e +service cron status +crontab -l +crontab -e +/home/podman/cron-backup +mkdir /home/podman/cron-backup +crontab -e +crontab -e +crontab -e +crontab -e +tar --list \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar +tar --list --file \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar +tar \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar +tar --list --file \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar /etc +tar -tf \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar +tar --list --file /home/podman/cron-backup/immich-server-upload-2024-12-23--11-24-01.tar +tar --list --file /home/podman/cron-backup/immich-server-upload-2024-12-23--11-24-01.tar thumbs/5f0b1052-466d-44de-a554-226d7256850d/33/c5/ +crontab -e +tar --list --directory /home/podman/cron-backup/immich-server-upload-2024-12-23--11-24-01.tar +tar --list --file /home/podman/cron-backup/immich-server-upload-2024-12-23--11-24-01.tar +crontab -e +exit +systemctl --user start linkwarden-server +exit +podman pull docker.io/actualbudget/actual-server:latest +systemctl --user start actual-server +exit +exit +exit +exit +exit +systemctl --user start linkwarden-server +exit +id +exit +nano ~/.bash_profile +nano ~/.bash_profile +exit +exit +systemctl --user start uptime-kuma-server +exit +systemctl --user start uptime-kuma-server +podman pull docker.io/2fauth/2fauth +exit +systemctl --user start 2fauth-server +exit +systemctl --user start 2fauth-server +exit +systemctl --user start 2fauth-server +exit +podman volumn prune +podman volume prune +podman volume prune +exit +systemctl --user start 2fauth-server +exit +systemctl --user start 2fauth-server +systemctl --user status 2fauth-server +exit +systemctl --user start 2fauth-server +exit +exit +systemctl --user start 2fauth-server +exit +podman exec -ti 2fauth-server /bin/bash +podman exec -ti 2fauth-server /bin/sh +nc -zv localhost 8000 +nc -zv localhost 443 +podman exec -ti 2fauth-server /bin/sh +podman exec -ti 2fauth-server /bin/sh +nc -zv localhost 8000 +nc -zv localhost 5015 +nc -zv localhost 5016 +nc -zv localhost 5015 +nc -zv localhost 5015 +systemctl --user start 2fauth-server +nc -zv localhost 5015 +exit +podman exec -ti 2fauth-server /bin/sh +exit +systemctl --user start 2fauth-server +podman exec -ti 2fauth-server /bin/sh +exit +systemctl --user start 2fauth-server +exit +systemctl --user start 2fauth-server +exit +podman exec -ti 2fauth-server /bin/sh +exit +systemctl --user start 2fauth-server +podman exec -ti 2fauth-server /bin/sh +podman exec -ti 2fauth-server /bin/sh +exit +podman exec -ti 2fauth-server /bin/sh +exit +podman exec -ti 2fauth-server /bin/sh +systemctl --user start 2fauth-server +podman exec -ti 2fauth-server /bin/sh +exit +systemctl --user start 2fauth-server +exit +systemctl --user start 2fauth-server +exit +podman pull docker.io/gotify/server +systemctl --user start gotify-server +exiot +exit +systemctl --user start uptime-kuma-server +nano /etc/hostname +exit +podman pull ghcr.io/goauthentik/server:2024.12.1 +exit +podman pull docker.io/library/redis:7.4.1 +exit +podman pull docker.io/library/redis:7.4.1 +exit +podman pull docker.io/library/postgres:16.6 +exit +exit +systemctl --user start authentik-db +systemctl --user status authentik-db +exit +systemctl --user start authentik-db +systemctl --user status authentik-db +systemctl --user start authentik-redis +systemctl --user status authentik-redis +systemctl --user start authentik-worker +systemctl --user status authentik-worker +exit +systemctl --user status authentik-worker +exit +systemctl --user start authentik-worker +systemctl --user status authentik-worker +nc -zv localhost 5021 +redis-cli ping +redis-cli -h localhost -p 6379 PING +redis-cli -h localhost -p 5021 PING +podman exec -ti authentik-redis /bin/bash +redis-cli -h localhost -p 5021 PING +exit +exit +systemctl --user start authentik-redis +systemctl --user status authentik-redis +exit +systemctl --user start authentik-redis +systemctl --user status authentik-redis +podman exec -ti authentik-redis /bin/bash +podman exec -ti authentik-redis /bin/sh +exit +exit +systemctl --user start authentik-redis +systemctl --user start authentik-redis +podman exec -ti authentik-redis /bin/sh +podman exec -ti authentik-redis /bin/bash +exit +exit +systemctl --user start authentik-redis +exit +systemctl --user start authentik-redis +systemctl --user start authentik-redis +exit +systemctl --user start authentik-redis +exit +systemctl --user start authentik-redis +podman exec -ti authentik-redis /bin/bash +exit +systemctl --user start authentik-redis +exit +systemctl --user start authentik-redis +exit +systemctl --user start mattermost-server +exit +systemctl --user status mattermost-server --lines=999 +exit +systemctl --user start mattermost-server +systemctl --user status mattermost-server --lines=999 +podman volume prune +exit +systemctl --user start mattermost-server +systemctl --user status mattermost-server --lines=999 +exit +systemctl --user start mattermost-server +systemctl --user status mattermost-server --lines=999 +exit +systemctl --user start mattermost-server +systemctl --user status mattermost-server --lines=999 +exit +systemctl --user start mattermost-server +systemctl --user status mattermost-server --lines=999 +systemctl --user start mattermost-server +systemctl --user status mattermost-server --lines=999 +exit +systemctl --user start mattermost-server +systemctl --user status mattermost-server --lines=999 +systemctl --user start mattermost-server +systemctl --user status mattermost-server --lines=999 +exit +systemctl --user start mattermost-server +systemctl --user status mattermost-server --lines=999 +exit +crontab -e +crontab -e +exit +crontab -e +exit +podman volume import systemd-mattermost-server-logs /home/podman/cron-backup/mattermost-server-logs-2024-12-23--11-28-01.tar +podman volume import systemd-mattermost-server-plugins /home/podman/cron-backup/mattermost-server-plugins-2024-12-23--11-29-02.tar +podman volume import systemd-mattermost-server-config /home/podman/cron-backup/mattermost-server-config-2024-12-23--11-27-01.tar +podman volume import systemd-mattermost-server-client-plugins /home/podman/cron-backup/mattermost-server-client-plugins-2024-12-23--11-26-01.tar +podman volume import systemd-mattermost-server-bleve /home/podman/cron-backup/mattermost-server-bleve-2024-12-23--11-25-01.tar +podman volume import systemd-mattermost-server-data /home/podman/cron-backup/mattermost-server-data-2024-12-23--11-18-01.tar +podman volume import systemd-mattermost-db-data /home/podman/cron-backup/mattermost-db-data-2024-12-24--12-17-01.tar +exit +systemctl --user start mattermost-server +systemctl --user start mattermost-db +exit +systemctl --user start mattermost-db +systemctl --user start mattermost-db +systemctl --user start mattermost-server +exit +systemctl --user status mattermost-server --lines=999 +exit +podman volume import systemd-mattermost-db-data /home/podman/cron-backup/mattermost-db-data-2024-12-24--12-17-01.tar +podman volume import systemd-mattermost-server-data /home/podman/cron-backup/mattermost-server-data-2024-12-23--11-18-01.tar +podman volume import systemd-mattermost-server-bleve /home/podman/cron-backup/mattermost-server-bleve-2024-12-23--11-25-01.tar +podman volume import systemd-mattermost-server-client-plugins /home/podman/cron-backup/mattermost-server-client-plugins-2024-12-23--11-26-01.tar +podman volume import systemd-mattermost-server-config /home/podman/cron-backup/mattermost-server-config-2024-12-23--11-27-01.tar +podman volume import systemd-mattermost-server-plugins /home/podman/cron-backup/mattermost-server-plugins-2024-12-23--11-29-02.tar +podman volume import systemd-mattermost-server-logs /home/podman/cron-backup/mattermost-server-logs-2024-12-23--11-28-01.tar +exit +podman volume import systemd-mattermost-server-data /home/podman/cron-backup/mattermost-server-data-2024-12-23--11-18-01.tar +systemctl --user start mattermost-db +systemctl --user start mattermost-server +exit +systemctl --user start mattermost-server +podman exec -ti mattermost-server /bin/bash +exit +systemctl --user start mattermost-server +exit +exit +exit +/usr/libexec/podman/quadlet --user /home/podman/libexec-podman-quadlet-output +/usr/libexec/podman/quadlet -dryrun --user +exit +exit +exit +systemctl --user start mattermost-server +exit +systemctl --user status mattermost-server --lines=999 +exit diff --git a/etc/bash_history_2025-01-03.txt b/etc/bash_history_2025-01-03.txt new file mode 100644 index 0000000..e05c5fb --- /dev/null +++ b/etc/bash_history_2025-01-03.txt @@ -0,0 +1,500 @@ +mv /mnt/free-file-sync/iso/images-a/DisneyWorld\\\\ 2019/ /mnt/free-file-sync/iso/images-a/DisneyWorld\\ 2019/ +mv /mnt/free-file-sync/iso/images-a/DisneyWorld\\\ 2019 /mnt/free-file-sync/iso/images-a/DisneyWorld\\ 2019/ +rm -R /mnt/free-file-sync/iso/images-a/DisneyWorld\\\ 2019/ +rm -R /mnt/free-file-sync/iso/images-a/All\\\ Pictures\\\ from\\\ Wedding\\\ Originals\\\ 2006 +rm -R /mnt/free-file-sync/iso/images-a/All\\\ Pictures\\\ from\\\ Wedding\\\ Originals\\\ 2006\ \\\!9 +exit +rm -R /mnt/free-file-sync/iso/images-a/Phares\\\ Slides\\\ #### +exit +mount /mnt/free-file-sync/iso/Edited.iso /mnt/iso-compare +mount /mnt/free-file-sync/iso/images-a/Edited/2024-12-18-17-56-37-119.iso /mnt/iso-compare +mount /mnt/free-file-sync/iso/images-a/Facebook/2024-12-18-17-32-32-487.iso /mnt/iso-compare +mount /mnt/free-file-sync/iso/images-a/All\ Pictures\ from\ Wedding\ Originals\ 2006/2024-12-18-18-10-19-693.iso /mnt/iso-compare +mount /mnt/free-file-sync/iso/images-a/Phares\ Slides\ ####/2024-12-18-18-13-54-579.iso /mnt/iso-compare +rm -R /mnt/free-file-sync/iso/images-a/Scanned\ Grandma\\\'s\ Quilt\ ####/ +rm -R /mnt/free-file-sync/iso/images-a/Event +rm -R /mnt/free-file-sync/iso/images-a/Question/ +mount /mnt/free-file-sync/iso/images-a/All\ Pictures\ from\ Wedding\ Originals\ 2006/2024-12-18-18-10-19-693.iso /mnt/iso-compare +rm -R /mnt/free-file-sync/iso/images-a/All\ Pictures\ from\ Wedding\ Originals\ 2006/ +mount /mnt/free-file-sync/iso/images-a/Edited/2024-12-18-17-56-37-119.iso /mnt/iso-compare +umount /mnt/iso-compare +mount /mnt/free-file-sync/iso/images-a/Edited/2024-12-18-17-56-37-119.iso /mnt/iso-compare +umount /mnt/iso-compare +umount /mnt/iso-compare +umount /mnt/iso-compare +umount /mnt/iso-compare +umount /mnt/iso-compare +mount /mnt/free-file-sync/iso/images-a/Edited/2024-12-18-17-56-37-119.iso /mnt/iso-compare +umount /mnt/iso-compare +mount /mnt/free-file-sync/iso/images-a/Facebook/2024-12-18-17-32-32-487.iso /mnt/iso-compare +umount /mnt/iso-compare +umount /mnt/iso-compare +mount /mnt/free-file-sync/iso/images-a/Facebook/2024-12-18-17-32-32-487.iso /mnt/iso-compare +umount /mnt/iso-compare +umount /mnt/iso-compare +rm -R /mnt/free-file-sync/iso/images-a/Facebook +mount /mnt/free-file-sync/iso/images-a/Rex\ Memorial\ ####/2024-12-18-18-15-40-537.iso /mnt/iso-compare +umount /mnt/iso-compare +umount /mnt/iso-compare +mount /mnt/free-file-sync/iso/images-a/Scanned\ Norman\ Herman/2024-12-18-18-15-43-097.iso /mnt/iso-compare +umount /mnt/iso-compare +rm -R /mnt/free-file-sync/iso/images-a/Scanned* +rm -R /mnt/free-file-sync/iso/images-a/Phares\ Slides\ ####/ +umount /mnt/iso-compare +umount /mnt/iso-compare +mount /mnt/free-file-sync/iso/images-a/DisneyWorld\ 2019/2024-12-18-18-42-26-222.iso /mnt/iso-compare +umount /mnt/iso-compare +umount /mnt/iso-compare +exit +ls -al /mnt/free-file-sync/iso/images-a +rm -R /mnt/free-file-sync/iso/images-a/Slide in N* +rm -R /mnt/free-file-sync/iso/images-a/Slide\\ in\\ N* +ls -al /mnt/free-file-sync/iso/images-a/Sli* +ls -al /mnt/free-file-sync/iso/images-a/Slide * +ls -al /mnt/free-file-sync/iso/images-a/Slide\\ * +ls -al /mnt/free-file-sync/iso/images-a +rm -R /mnt/free-file-sync/iso/images-a/'Slide in Name Order Originals \(622\) ####' +mkdir /mnt/free-file-sync/iso/videos-b +exit +lsblk +lsblk -o NAME,SIZE,TYPE,FSUSED,FSUSE% +rm /mnt/free-file-sync/iso/videos-b/Home\ Videos\ 1998\ -\ 2002/2024-12-18-19-49-52-202.iso +lsblk -o NAME,SIZE,TYPE,FSUSED,FSUSE% +exit +nano /root/.ssh/authorized_keys +exit +nano /root/.ssh/authorized_keys +exit +nano /root/.ssh/authorized_keys +exit +nano /root/.ssh/authorized_keys +nano /root/.ssh/authorized_keys +exit +exit +exit +lsblk +lsblk -o NAME,SIZE,TYPE,FSUSED,FSUSE%,MOUNTPOINT +exit +lsblk -b -o NAME,SIZE,TYPE,VENDOR,MODEL,SERIAL,MOUNTPOINT +lsblk -o NAME,SIZE,TYPE,FSUSED,FSUSE%,MOUNTPOINT +exit +reboot +aptget update +apt-get update +apt-get upgrade +ls +nano t +nano t +exit +sudo -iu podman +exit +mv -R /home/lphares/gdrive/ /mnt/free-file-sync/logan-google-drive +mv /home/lphares/gdrive/ /mnt/free-file-sync/logan-google-drive +mv /mnt/free-file-sync/logan-google-drive /mnt/free-file-sync/google-drive-logan +exit +nano /root/.ssh/authorized_keys +exit +sudo -iu podman +crontab -e +sudo -iu podman +/etc/duckdns/duck.sh >/dev/null 2>&1 +"/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null +cd /root/jackyzha0-quartz-phares && /snap/bin/npx quartz build +cd / +podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"\%Y\%m\%d-\%H\%M\%S")'.tar' +sudo -iu podman +ls /home/podman/backup-blinko/ +sudo -iu podman +ls /home/podman/backup-blinko/ +rm /home/podman/backup-blinko/* +ls /home/podman/backup-blinko/ +sudo -iu podman +exit +ls /home/podman/backup-blinko/ +exit +sudo -iu podman +nano /run/podman/podman.sock +ls /run/podman/podman.sock +sudo -iu podman +cat /var/log/syslog +grep "ERROR" /var/log/cron +sudo -iu podman +crontab -e +crontab -l +crontab -e +crontab -l +systemctl status cron +crontab -e +systemctl status cron +systemctl status cron +systemctl status cron +systemctl status cron +systemctl status cron +systemctl log cron +systemctl status cron +systemctl status cron +crontab -e +systemctl status cron +ls /home/podman/backup-blinko/ +ls /home/podman/backup-blinko/ +systemctl status cron +crontab -e +systemctl status cron +sudo -iu podman +exit +snap list vaultwarden +reboot +nginx -t +nginx -s reload +exit +sudo -iu podman +exit +sudo -iu podman +exit +su lphares +exit +exit +exit +exit +exit +nginx -t +nginx -t +nginx -s reload +nginx -t +ls -la /home/lphares/dorico +ls -la /home/lphares +ls -la /home/lphares/dorico/ +nginx -t +nginx -s reload +nginx -s reload +ls /var/www/html- +nginx -s reload +nginx -t +ls /etc/netplan/ +nginx -s reload +nginx -s reload +nginx -s reload +nginx -t +nginx -t +nginx -s reload +nginx -s reload +ls /etc/ModemManager/ -la +ls /etc/ModemManager -la +ls /etc/ModemManager +ls /etc/ModemManager - +ls /etc/ModemManager -l +ls /etc/ModemManager --time-style +ls /etc/ModemManager -lT +ls /etc/ModemManager --time-style=full +ls /etc/ModemManager/ --time-style=full +ls /etc/ModemManager/ +ls /etc/ModemManager -l -T +ls /etc/ModemManager -l --time-style=+"%b %d %Y %H:%M:%S" +ls /etc/ModemManager/ -l --time-style=+"%b %d %Y %H:%M:%S" +ls /etc/ModemManager/ -l --time-style=+"%b %d %Y %H:%M:%S%zz" +ls /etc/ModemManager/ -l --time-style=+"%b %d %Y %H:%M:%S %z" +ls /etc/ModemManager/ -l --time-style=+"%b %d %Y %HH:%M:%S %z" +ls /etc/ModemManager/ -l --time-style=+"%b %d %Y %h:%M:%S %z" +ls /etc/ModemManager/ -l --time-style=+"%b %d %Y %H:%M:%S %z" +ls /etc/ModemManager/ -la -D '%Y-%m-%dT%H:%M:%S' +ls /etc/ModemManager/ -la -D '%Y-%m-%dT %H:%M:%S' +nginx -t +nginx -s reload +ufw status +ufw number status +ufw numbered status +ufw status numbered +ufw active +ufw enable +ufw status numbered +ls +ufw disable +ip a +ufw allow 53/tcp comment "01) DNS TCP" +ufw status numbered +ufw allow 53/udp comment "02) DNS UDP" +ufw allow 67/tcp comment "03) DHCP TCP" +ufw allow 67/udp comment "04) DHCP UDP" +ufw allow from 0.0.0.0/0 to any port 443/tcp comment "05) HTTPS" +ufw allow from 192.168.11.0/25 to any port 22/tcp comment "06) SSH" +ufw allow from 192.168.21.0/25 to any port 22/tcp comment "07) SSH" +ufw allow from 192.168.31.0/25 to any port 22/tcp comment "08) SSH" +ufw allow from 192.168.41.0/25 to any port 22/tcp comment "09) SSH" +ufw allow from 192.168.42.0/25 to any port 22/tcp comment "10) SSH" +ufw allow from 192.168.43.0/25 to any port 22/tcp comment "11) SSH" +ufw allow to 0.0.0.0/0 port 22/tcp comment "12) SSH" +ufw enable +ufw status numbered +ufw disable +ufw allow from 0.0.0.0/0 443/tcp comment "05) HTTPS" +ufw allow from 0.0.0.0/0 port 443/tcp comment "05) HTTPS" +ufw allow from 0.0.0.0/0 port 443 comment "05) HTTPS" +ufw reset +ufw status numbered +ufw allow port 53/tcp comment "01) DNS TCP" +ufw allow 53/tcp comment "01) DNS TCP" +ufw allow 53/udp comment "02) DNS UDP" +ufw allow 67/tcp comment "03) DHCP TCP" +ufw allow 67/udp comment "04) DHCP UDP" +ufw allow from 0.0.0.0/0 port 443/tcp comment "05) HTTPS" +ufw allow from 192.168.11.0/25 port 22/tcp comment "06) SSH" +ufw allow from 192.168.21.0/25 port 22/tcp comment "07) SSH" +ufw allow from 192.168.31.0/25 port 22/tcp comment "08) SSH" +ufw allow from 192.168.41.0/25 port 22/tcp comment "09) SSH" +ufw allow from 192.168.42.0/25 port 22/tcp comment "10) SSH" +ufw allow from 192.168.43.0/25 port 22/tcp comment "11) SSH" +ufw allow to 0.0.0.0/0 port 22/tcp comment "12) SSH" +ufw allow from 0.0.0.0/0 port 443/tcp comment "05) HTTPS" +ufw allow from 0.0.0.0/0 443/tcp comment "05) HTTPS" +ufw allow from 0.0.0.0/0 port 443 comment "05) HTTPS" +ufw reset +ufw allow 53/tcp comment "01) DNS TCP" +ufw allow 53/udp comment "02) DNS UDP" +ufw allow 67/tcp comment "03) DHCP TCP" +ufw allow 67/udp comment "04) DHCP UDP" +ufw allow from 0.0.0.0/0 443/tcp comment "05) HTTPS" +ufw allow from 0.0.0.0/0 443 comment "05) HTTPS" +ufw allow from 0.0.0.0/0 443 comment "05) HTTPS" +ufw allow from 0.0.0.0/0 port 443 comment "05) HTTPS" +ufw allow from 192.168.11.0/25 port 22 comment "06) SSH" +ufw allow from 192.168.21.0/25 port 22 comment "07) SSH" +ufw allow from 192.168.31.0/25 port 22 comment "08) SSH" +ufw allow from 192.168.41.0/25 port 22 comment "09) SSH" +ufw allow from 192.168.42.0/25 port 22 comment "10) SSH" +ufw allow from 192.168.43.0/25 port 22 comment "11) SSH" +ufw allow to 0.0.0.0/0 port 22 comment "12) SSH" +ufw enable +ufw status numbered +ufw delete 12 +ufw status numbered +ufw disable +ufw allow to 192.168.11.0/25 port 22 comment "12) SSH" +ufw allow to 192.168.21.0/25 port 22 comment "13) SSH" +ufw allow to 192.168.31.0/25 port 22 comment "14) SSH" +ufw allow to 192.168.41.0/25 port 22 comment "15) SSH" +ufw allow to 192.168.42.0/25 port 22 comment "16) SSH" +ufw allow to 192.168.43.0/25 port 22 comment "17) SSH" +ufw enable +ufw status numbered +ufw status numbered +ufw disable +cat /etc/passwd +top +pcap +ps -ef | grep cr[o]n +ps -ef | grep nginx +usermod -a -G lphares www-data +exit +chmod -R 774 /home/lphares/dorico +nginx -t +nginx -s reload +nginx -s reload +rm -r /home/lphares/dorico +su lphares +exit +exit +exit +ufw status numbered +ufw enabled +ufw enable +ufw status numbered +ufw disable +ufw allow from 0.0.0.0/0 port 443 comment "18) HTTPS" +ufw enable +ufw disable +ufw reset +ufw disable +ufw allow 53/tcp comment "01) DNS TCP" +ufw allow 53/udp comment "02) DNS UDP" +ufw allow 67/tcp comment "03) DHCP TCP" +ufw allow 67/udp comment "04) DHCP UDP" +ufw allow from 0.0.0.0/0 port 443 comment "05) HTTPS" +ufw allow to 0.0.0.0/0 port 443 comment "06) HTTPS" +ufw enable +ufw allow from 192.168.11.0/25 port 22 comment "07) SSH" +ufw allow from 192.168.21.0/25 port 22 comment "08) SSH" +ufw allow from 192.168.31.0/25 port 22 comment "09) SSH" +ufw allow from 192.168.41.0/25 port 22 comment "10) SSH" +ufw allow from 192.168.42.0/25 port 22 comment "11) SSH" +ufw allow from 192.168.43.0/25 port 22 comment "12) SSH" +ufw allow to 192.168.11.0/25 port 22 comment "13) SSH" +ufw allow to 192.168.21.0/25 port 22 comment "14) SSH" +ufw allow to 192.168.31.0/25 port 22 comment "15) SSH" +ufw allow to 192.168.41.0/25 port 22 comment "16) SSH" +ufw allow to 192.168.42.0/25 port 22 comment "17) SSH" +ufw allow to 192.168.43.0/25 port 22 comment "18) SSH" +ufw enable +ufw status numbered +exit +ufw disable +top[ +top +systemctl list-timers +systemctl list-timers +apt-get remove certbot +snap remove certbot +systemctl list-timers +exit +sudo -iu podman +sudo -iu podman +sudo -iu podman +reboot +sudo -iu podman +exit +exit +grep sshd.\*Failed /var/log/auth.log | less +grep sshd.\*Failed /var/log/auth.log | less +grep sshd.\* /var/log/auth.log +grep sshd.\*publickey /var/log/auth.log | less +grep sshd.\*publickey /var/log/auth.log +grep sshd.\*publickey /var/log/auth.log | less +apt update +apt install fail2ban -y +systemctl status fail2ban.service +cd /etc/fail2ban +ls +head -20 jail.conf +cp jail.conf jail.local +nano jail.local +nano jail.local +nano jail.local +systemctl enable fail2ban +systemctl start fail2ban +systemctl status fail2ban +reboot +apt-get update +apt upgrade +sudo -iu podman +exit +snap info adguard-home +exit +tail /var/log/auth.log -f +exit +ufw status numbered +exit +ip a +exit +id +su phares +su podman +exit +exit +exit +sudo -iu podman +exit +sudo -iu podman +sudo -iu podman +sudo -iu podman +nginx -t +nginx -s reload +nginx -t +nginx -s reload +nginx -t +nginx -s reload +nginx -t +nginx -s reload +exit +ip a +ip a l | grep inet6 +cat /proc/sys/net/ipv6/conf/all/disable_ipv6 +cat /proc/sys/net/ipv6/conf/all/disable_ipv6 +cat /boot/firmware/cmdline.txt +nano /boot/firmware/cmdline.txt +exit +snap restart adguard-home +exit +nano /etc/duckdns/duck.sh +exit +nano /etc/duckdns/duck.sh +cat duck.log +chmod 700 /etc/duckdns/duck.sh +cd /etc/duckdns +./duck.sh +cat duck.log +ps -ef | grep cr[o]n +crontab -e +cat duck.log +xit +exit +sudo -iu podman +sudo -iu podman +sudo -iu podman +nginx -t +nginx -s reload +nginx -s reload +sudo -iu podman +sudo -iu podman +nginx -t +nginx -s reload +links http://192.168.11.2:5015/ +sudo -iu podman +sudo -iu podman +links http://192.168.11.2:5015/ +sudo -iu podman +links http://192.168.11.2:5015/ +sudo -iu podman +sudo -iu podman +links http://192.168.11.2:5015/ +links http://192.168.11.2:5015/ +sudo -iu podman +nginx -t +nginx -s reload +links http://192.168.11.2:5015/ +sudo -iu podman +chown podman:podman /home/podman/2fauth -R +sudo -iu podman +sudo -iu podman +chown podman:podman /home/podman/2fauth -R +sudo -iu podman +nginx -t +nginx -s reload +sudo -iu podman +sudo -iu podman +nc -zv localhost 5015 +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +exit +nano /home/persa/.ssh/authorized_keys +nano /home/persa/.ssh/authorized_keys +nano /root/.ssh/authorized_keys +exit +nano /root/.ssh/authorized_keys +nano /home/lphares/.ssh/authorized_keys +nano /home/bmiller/.ssh/authorized_keys +nano /home/podman/.ssh/authorized_keys +exit +nano /home/podman/.ssh/authorized_keys +nano /home/bmiller/.ssh/authorized_keys +nano /home/lphares/.ssh/authorized_keys +nano /root/.ssh/authorized_keys +nano /home/persa/.ssh/authorized_keys +nano /home/phares/.ssh/authorized_keys +exit\ +exit +sudo -iu podman +nano /etc/hostname +nano /etc/hosts +exit +nginx -t +nginx -s reload +sudo -iu podman +nginx -t +nginx -s reload +nginx -t +nginx -s reload +nginx -t +nginx -t +nginx -s reload +nginx -s reload +nginx -t +nginx -s reload +nginx -t +nginx -s reload +nginx -t +nginx -s reload +nginx -s reload +nginx -t +reboot +exit diff --git a/etc/group b/etc/group index 7018121..f8bbf31 100644 --- a/etc/group +++ b/etc/group @@ -59,7 +59,7 @@ fwupd-refresh:x:989: netdev:x:110: phares:x:1001: podman:x:1000: -lphares:x:1003:bmiller,persa +lphares:x:1003:bmiller,persa,www-data bmiller:x:1004: unbound:x:111: cockpit-ws:x:112: diff --git a/etc/group- b/etc/group- index 6392477..7018121 100644 --- a/etc/group- +++ b/etc/group- @@ -68,7 +68,7 @@ pcp:x:988: persa:x:1002: redis:x:114: swtpm:x:115: -libvirt:x:116:phares,podman +libvirt:x:116:phares,podman,libvirtdbus libvirt-qemu:x:64055:libvirt-qemu libvirt-dnsmasq:x:117: libvirtdbus:x:118: diff --git a/etc/gshadow b/etc/gshadow index 790ab74..cefa804 100644 --- a/etc/gshadow +++ b/etc/gshadow @@ -59,7 +59,7 @@ fwupd-refresh:!*:: netdev:!:: phares:!:: podman:!:: -lphares:!::bmiller,persa +lphares:!::bmiller,persa,www-data bmiller:!:: unbound:!:: cockpit-ws:!:: diff --git a/etc/gshadow- b/etc/gshadow- index 7f5f3eb..790ab74 100644 --- a/etc/gshadow- +++ b/etc/gshadow- @@ -68,7 +68,7 @@ pcp:!:: persa:!:: redis:!:: swtpm:!:: -libvirt:!::phares,podman +libvirt:!::phares,podman,libvirtdbus libvirt-qemu:!::libvirt-qemu libvirt-dnsmasq:!:: libvirtdbus:!:: diff --git a/etc/hosts b/etc/hosts index 42b06f5..b2ae084 100644 --- a/etc/hosts +++ b/etc/hosts @@ -1,5 +1,5 @@ 127.0.0.1 localhost -127.0.1.1 trigkey-green-g4 +127.0.1.1 phares.duckdns.org # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback diff --git a/etc/nginx/include/2fauth.conf b/etc/nginx/include/2fauth.conf new file mode 100644 index 0000000..2161e2c --- /dev/null +++ b/etc/nginx/include/2fauth.conf @@ -0,0 +1,20 @@ +server { + # touch /etc/nginx/include/2fauth.phares.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/2fauth.phares.duckdns.org.key -out /etc/nginx/include/2fauth.phares.duckdns.org.crt -config /etc/nginx/include/2fauth.phares.duckdns.org + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name 2fauth.phares.duckdns.org; + client_max_body_size 5000m; + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass https://192.168.11.2:5015/; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + } +} \ No newline at end of file diff --git a/etc/nginx/include/actual.conf b/etc/nginx/include/actual.conf new file mode 100644 index 0000000..531b113 --- /dev/null +++ b/etc/nginx/include/actual.conf @@ -0,0 +1,20 @@ +server { + # touch /etc/nginx/include/actual.phares.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/actual.phares.duckdns.org.key -out /etc/nginx/include/actual.phares.duckdns.org.crt -config /etc/nginx/include/actual.phares.duckdns.org + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name actual.phares.duckdns.org; + client_max_body_size 5000m; + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://192.168.11.2:5013/; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + } +} \ No newline at end of file diff --git a/etc/nginx/include/adguard.conf b/etc/nginx/include/adguard.conf index 40849a4..d136949 100644 --- a/etc/nginx/include/adguard.conf +++ b/etc/nginx/include/adguard.conf @@ -1,9 +1,9 @@ server { # touch /etc/nginx/include/adguard.phares.duckdns.org # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/adguard.phares.duckdns.org.key -out /etc/nginx/include/adguard.phares.duckdns.org.crt -config /etc/nginx/include/adguard.phares.duckdns.org - ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; - # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; - ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; ssl_protocols TLSv1.2 TLSv1.3; listen 443 ssl http2; server_name adguard.phares.duckdns.org; @@ -13,7 +13,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://192.168.11.2:3002/; + proxy_pass https://192.168.11.2:5014/; proxy_read_timeout 600s; proxy_send_timeout 600s; } diff --git a/etc/nginx/include/authentik.conf b/etc/nginx/include/authentik.conf new file mode 100644 index 0000000..538d6af --- /dev/null +++ b/etc/nginx/include/authentik.conf @@ -0,0 +1,23 @@ +server { + # touch /etc/nginx/include/authentik.phares.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/authentik.phares.duckdns.org.key -out /etc/nginx/include/authentik.phares.duckdns.org.crt -config /etc/nginx/include/authentik.phares.duckdns.org + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name authentik.phares.duckdns.org; + client_max_body_size 5000m; + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass https://192.168.11.2:5018/; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + proxy_connect_timeout 600s; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } +} \ No newline at end of file diff --git a/etc/nginx/include/baikal.conf b/etc/nginx/include/baikal.conf index b24b4a1..d24fca6 100644 --- a/etc/nginx/include/baikal.conf +++ b/etc/nginx/include/baikal.conf @@ -1,9 +1,9 @@ server { # touch /etc/nginx/include/baikal.phares.duckdns.org # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/baikal.phares.duckdns.org.key -out /etc/nginx/include/baikal.phares.duckdns.org.crt -config /etc/nginx/include/baikal.phares.duckdns.org - ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; - # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; - ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; ssl_protocols TLSv1.2 TLSv1.3; listen 443 ssl http2; server_name baikal.phares.duckdns.org; diff --git a/etc/nginx/include/blinko.conf b/etc/nginx/include/blinko.conf index db9edbb..f29dcbf 100644 --- a/etc/nginx/include/blinko.conf +++ b/etc/nginx/include/blinko.conf @@ -1,9 +1,9 @@ server { # touch /etc/nginx/include/blinko.phares.duckdns.org # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/blinko.phares.duckdns.org.key -out /etc/nginx/include/blinko.phares.duckdns.org.crt -config /etc/nginx/include/blinko.phares.duckdns.org - ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; - # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; - ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; ssl_protocols TLSv1.2 TLSv1.3; listen 443 ssl http2; server_name blinko.phares.duckdns.org; diff --git a/etc/nginx/include/cockpit.conf b/etc/nginx/include/cockpit.conf index 4a0084f..27c4e91 100644 --- a/etc/nginx/include/cockpit.conf +++ b/etc/nginx/include/cockpit.conf @@ -1,9 +1,9 @@ server { # touch /etc/nginx/include/cockpit.phares.duckdns.org # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/cockpit.phares.duckdns.org.key -out /etc/nginx/include/cockpit.phares.duckdns.org.crt -config /etc/nginx/include/cockpit.phares.duckdns.org - ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; - # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; - ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; ssl_protocols TLSv1.2 TLSv1.3; listen 443 ssl http2; server_name cockpit.phares.duckdns.org; diff --git a/etc/nginx/include/dashkiosk.conf b/etc/nginx/include/dashkiosk.conf index fcc3d3c..3b35f48 100644 --- a/etc/nginx/include/dashkiosk.conf +++ b/etc/nginx/include/dashkiosk.conf @@ -1,9 +1,9 @@ server { # touch /etc/nginx/include/dashkiosk.phares.duckdns.org # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/dashkiosk.phares.duckdns.org.key -out /etc/nginx/include/dashkiosk.phares.duckdns.org.crt -config /etc/nginx/include/dashkiosk.phares.duckdns.org - ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; - # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; - ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; ssl_protocols TLSv1.2 TLSv1.3; listen 443 ssl http2; server_name dashkiosk.phares.duckdns.org; diff --git a/etc/nginx/include/dorico.conf b/etc/nginx/include/dorico.conf new file mode 100644 index 0000000..dcdc6b4 --- /dev/null +++ b/etc/nginx/include/dorico.conf @@ -0,0 +1,17 @@ +server { + # touch /etc/nginx/include/dorico.phares.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/dorico.phares.duckdns.org.key -out /etc/nginx/include/dorico.phares.duckdns.org.crt -config /etc/nginx/include/dorico.phares.duckdns.org + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name dorico.phares.duckdns.org; + root /home/lphares/dorico; + # usermod -a -G lphares www-data + location / { + autoindex on; + disable_symlinks on; + autoindex_format json; + } +} \ No newline at end of file diff --git a/etc/nginx/include/firefox.conf b/etc/nginx/include/firefox.conf index 546cc53..7786414 100644 --- a/etc/nginx/include/firefox.conf +++ b/etc/nginx/include/firefox.conf @@ -1,9 +1,9 @@ server { # touch /etc/nginx/include/firefox.phares.duckdns.org # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/firefox.phares.duckdns.org.key -out /etc/nginx/include/firefox.phares.duckdns.org.crt -config /etc/nginx/include/firefox.phares.duckdns.org - ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; - # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; - ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; ssl_protocols TLSv1.2 TLSv1.3; listen 443 ssl http2; server_name firefox.phares.duckdns.org; diff --git a/etc/nginx/include/gitea.conf b/etc/nginx/include/gitea.conf index 6cd3288..7339176 100644 --- a/etc/nginx/include/gitea.conf +++ b/etc/nginx/include/gitea.conf @@ -1,9 +1,9 @@ server { # touch /etc/nginx/include/gitea.phares.duckdns.org # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/gitea.phares.duckdns.org.key -out /etc/nginx/include/gitea.phares.duckdns.org.crt -config /etc/nginx/include/gitea.phares.duckdns.org - ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; - # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; - ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; ssl_protocols TLSv1.2 TLSv1.3; listen 443 ssl http2; server_name gitea.phares.duckdns.org; diff --git a/etc/nginx/include/gotify.conf b/etc/nginx/include/gotify.conf new file mode 100644 index 0000000..a7aad3e --- /dev/null +++ b/etc/nginx/include/gotify.conf @@ -0,0 +1,23 @@ +server { + # touch /etc/nginx/include/gotify.phares.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/gotify.phares.duckdns.org.key -out /etc/nginx/include/gotify.phares.duckdns.org.crt -config /etc/nginx/include/gotify.phares.duckdns.org + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name gotify.phares.duckdns.org; + client_max_body_size 5000m; + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://192.168.11.2:5016/; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + proxy_connect_timeout 600s; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } +} \ No newline at end of file diff --git a/etc/nginx/include/immich-kiosk.conf b/etc/nginx/include/immich-kiosk.conf index 3691238..5a4b63c 100644 --- a/etc/nginx/include/immich-kiosk.conf +++ b/etc/nginx/include/immich-kiosk.conf @@ -1,9 +1,9 @@ server { # touch /etc/nginx/include/immich-kiosk.phares.duckdns.org # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/immich-kiosk.phares.duckdns.org.key -out /etc/nginx/include/immich-kiosk.phares.duckdns.org.crt -config /etc/nginx/include/immich-kiosk.phares.duckdns.org - ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; - # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; - ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; ssl_protocols TLSv1.2 TLSv1.3; listen 443 ssl http2; server_name immich-kiosk.phares.duckdns.org; diff --git a/etc/nginx/include/immich-to-slideshow.conf b/etc/nginx/include/immich-to-slideshow.conf index 8026339..20245ff 100644 --- a/etc/nginx/include/immich-to-slideshow.conf +++ b/etc/nginx/include/immich-to-slideshow.conf @@ -1,9 +1,9 @@ server { # touch /etc/nginx/include/immich-to-slideshow.phares.duckdns.org # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/immich-to-slideshow.phares.duckdns.org.key -out /etc/nginx/include/immich-to-slideshow.phares.duckdns.org.crt -config /etc/nginx/include/immich-to-slideshow.phares.duckdns.org - ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; - # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; - ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; ssl_protocols TLSv1.2 TLSv1.3; listen 443 ssl http2; server_name immich-to-slideshow.phares.duckdns.org; diff --git a/etc/nginx/include/immich.conf b/etc/nginx/include/immich.conf index aed4893..8f9d17f 100644 --- a/etc/nginx/include/immich.conf +++ b/etc/nginx/include/immich.conf @@ -1,9 +1,9 @@ server { # touch /etc/nginx/include/immich.phares.duckdns.org # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/immich.phares.duckdns.org.key -out /etc/nginx/include/immich.phares.duckdns.org.crt -config /etc/nginx/include/immich.phares.duckdns.org - ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; - # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; - ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; ssl_protocols TLSv1.2 TLSv1.3; listen 443 ssl http2; server_name immich.phares.duckdns.org; diff --git a/etc/nginx/include/kuma.conf b/etc/nginx/include/kuma.conf index bc22f0e..080f4ed 100644 --- a/etc/nginx/include/kuma.conf +++ b/etc/nginx/include/kuma.conf @@ -1,9 +1,9 @@ server { # touch /etc/nginx/include/kuma.phares.duckdns.org # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/kuma.phares.duckdns.org.key -out /etc/nginx/include/kuma.phares.duckdns.org.crt -config /etc/nginx/include/kuma.phares.duckdns.org - ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; - # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; - ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; ssl_protocols TLSv1.2 TLSv1.3; listen 443 ssl http2; server_name kuma.phares.duckdns.org; diff --git a/etc/nginx/include/linkwarden.conf b/etc/nginx/include/linkwarden.conf index f6c1183..efa066f 100644 --- a/etc/nginx/include/linkwarden.conf +++ b/etc/nginx/include/linkwarden.conf @@ -1,9 +1,9 @@ server { # touch /etc/nginx/include/linkwarden.phares.duckdns.org # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/linkwarden.phares.duckdns.org.key -out /etc/nginx/include/linkwarden.phares.duckdns.org.crt -config /etc/nginx/include/linkwarden.phares.duckdns.org - ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; - # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; - ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; ssl_protocols TLSv1.2 TLSv1.3; listen 443 ssl http2; server_name linkwarden.phares.duckdns.org; diff --git a/etc/nginx/include/mattermost.conf b/etc/nginx/include/mattermost.conf index 3a85e20..60cdab3 100644 --- a/etc/nginx/include/mattermost.conf +++ b/etc/nginx/include/mattermost.conf @@ -1,9 +1,9 @@ server { # touch /etc/nginx/include/mattermost.phares.duckdns.org # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/mattermost.phares.duckdns.org.key -out /etc/nginx/include/mattermost.phares.duckdns.org.crt -config /etc/nginx/include/mattermost.phares.duckdns.org - ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; - # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; - ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; ssl_protocols TLSv1.2 TLSv1.3; listen 443 ssl http2; server_name mattermost.phares.duckdns.org; diff --git a/etc/nginx/include/neko.conf b/etc/nginx/include/neko.conf deleted file mode 100644 index 0b07a58..0000000 --- a/etc/nginx/include/neko.conf +++ /dev/null @@ -1,24 +0,0 @@ -server { - # touch /etc/nginx/include/neko.phares.duckdns.org - # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/neko.phares.duckdns.org.key -out /etc/nginx/include/neko.phares.duckdns.org.crt -config /etc/nginx/include/neko.phares.duckdns.org - ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; - # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; - ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; - ssl_protocols TLSv1.2 TLSv1.3; - listen 443 ssl http2; - server_name neko.phares.duckdns.org; - location / { - # https://neko.m1k1o.net/#/getting-started/reverse-proxy - proxy_pass http://192.168.11.2:8082/; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 86400; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Protocol $scheme; - } -} \ No newline at end of file diff --git a/etc/nginx/include/odoo.conf b/etc/nginx/include/odoo.conf index 9ed5680..65be740 100644 --- a/etc/nginx/include/odoo.conf +++ b/etc/nginx/include/odoo.conf @@ -1,9 +1,9 @@ server { # touch /etc/nginx/include/odoo.ddns.net # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/odoo.ddns.net.key -out /etc/nginx/include/odoo.ddns.net.crt -config /etc/nginx/include/odoo.ddns.net - ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; - # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; - ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; ssl_protocols TLSv1.2 TLSv1.3; listen 443 ssl http2; server_name odoo.phares.duckdns.org; diff --git a/etc/nginx/include/passed.conf b/etc/nginx/include/passed.conf new file mode 100644 index 0000000..413e244 --- /dev/null +++ b/etc/nginx/include/passed.conf @@ -0,0 +1,23 @@ +server { + # touch /etc/nginx/include/passed.phares.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/passed.phares.duckdns.org.key -out /etc/nginx/include/passed.phares.duckdns.org.crt -config /etc/nginx/include/passed.phares.duckdns.org + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name passed.phares.duckdns.org; + client_max_body_size 5000m; + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://192.168.11.2:5022/; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + proxy_connect_timeout 600s; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } +} \ No newline at end of file diff --git a/etc/nginx/include/pgadmin.conf b/etc/nginx/include/pgadmin.conf index 8e3478e..763028f 100644 --- a/etc/nginx/include/pgadmin.conf +++ b/etc/nginx/include/pgadmin.conf @@ -1,9 +1,9 @@ server { # touch /etc/nginx/include/pgadmin.phares.duckdns.org # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/pgadmin.phares.duckdns.org.key -out /etc/nginx/include/pgadmin.phares.duckdns.org.crt -config /etc/nginx/include/pgadmin.phares.duckdns.org - ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; - # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; - ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; ssl_protocols TLSv1.2 TLSv1.3; listen 443 ssl http2; server_name pgadmin.phares.duckdns.org; diff --git a/etc/nginx/include/phares.conf b/etc/nginx/include/phares.conf index f0a9201..b0b55b1 100644 --- a/etc/nginx/include/phares.conf +++ b/etc/nginx/include/phares.conf @@ -19,9 +19,9 @@ server { server { # touch /etc/nginx/include/phares.duckdns.org # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/phares.duckdns.org.key -out /etc/nginx/include/phares.duckdns.org.crt -config /etc/nginx/include/phares.duckdns.org - ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; - # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; - ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; ssl_protocols TLSv1.2 TLSv1.3; listen 443 ssl http2; server_name phares.duckdns.org; diff --git a/etc/nginx/include/quartz.conf b/etc/nginx/include/quartz.conf index 2df6a35..d9063bf 100644 --- a/etc/nginx/include/quartz.conf +++ b/etc/nginx/include/quartz.conf @@ -10,9 +10,9 @@ server { server { # touch /etc/nginx/include/quartz.phares.duckdns.org # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/quartz.phares.duckdns.org.key -out /etc/nginx/include/quartz.phares.duckdns.org.crt -config /etc/nginx/include/quartz.phares.duckdns.org - ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; - # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; - ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; ssl_protocols TLSv1.2 TLSv1.3; listen 443 ssl http2; server_name quartz.phares.duckdns.org; diff --git a/etc/nginx/include/slideshow.conf b/etc/nginx/include/slideshow.conf index 28aac99..2eb916e 100644 --- a/etc/nginx/include/slideshow.conf +++ b/etc/nginx/include/slideshow.conf @@ -11,9 +11,9 @@ server { server { # touch /etc/nginx/include/slideshow.phares.duckdns.org # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/slideshow.phares.duckdns.org.key -out /etc/nginx/include/slideshow.phares.duckdns.org.crt -config /etc/nginx/include/slideshow.phares.duckdns.org - ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; - # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; - ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; ssl_protocols TLSv1.2 TLSv1.3; listen 443 ssl http2; server_name slideshow.phares.duckdns.org; diff --git a/etc/nginx/include/vaultwarden.conf b/etc/nginx/include/vaultwarden.conf index aa08dd6..c688154 100644 --- a/etc/nginx/include/vaultwarden.conf +++ b/etc/nginx/include/vaultwarden.conf @@ -1,9 +1,9 @@ server { # touch /etc/nginx/include/vaultwarden.phares.duckdns.org # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/vaultwarden.phares.duckdns.org.key -out /etc/nginx/include/vaultwarden.phares.duckdns.org.crt -config /etc/nginx/include/vaultwarden.phares.duckdns.org - ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; - # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; - ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; ssl_protocols TLSv1.2 TLSv1.3; listen 443 ssl http2; # server_tokens off; diff --git a/etc/nginx/include/warden.conf b/etc/nginx/include/warden.conf index 6b31b7d..e773109 100644 --- a/etc/nginx/include/warden.conf +++ b/etc/nginx/include/warden.conf @@ -1,9 +1,9 @@ server { # touch /etc/nginx/include/warden.phares.duckdns.org # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/warden.phares.duckdns.org.key -out /etc/nginx/include/warden.phares.duckdns.org.crt -config /etc/nginx/include/warden.phares.duckdns.org - ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; - # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; - ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; ssl_protocols TLSv1.2 TLSv1.3; listen 443 ssl http2; # server_tokens off; diff --git a/etc/nginx/include/xandikos.conf b/etc/nginx/include/xandikos.conf index a04a147..f4a24f6 100644 --- a/etc/nginx/include/xandikos.conf +++ b/etc/nginx/include/xandikos.conf @@ -1,9 +1,9 @@ server { # touch /etc/nginx/include/xandikos.phares.duckdns.org # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/xandikos.phares.duckdns.org.key -out /etc/nginx/include/xandikos.phares.duckdns.org.crt -config /etc/nginx/include/xandikos.phares.duckdns.org - ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; - # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; - ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; ssl_protocols TLSv1.2 TLSv1.3; listen 443 ssl http2; server_name xandikos.phares.duckdns.org; diff --git a/etc/nginx/sites-available/default b/etc/nginx/sites-available/default index e797dd1..7e91469 100644 --- a/etc/nginx/sites-available/default +++ b/etc/nginx/sites-available/default @@ -1,33 +1,9 @@ -include /etc/nginx/include/adguard.conf; # https://adguard.phares.duckdns.org # http://192.168.11.2:3002/ -include /etc/nginx/include/affirm.conf; # https://*.affirm.duckdns.org # /var/www/html-affirm -include /etc/nginx/include/baikal.conf; # https://baikal.phares.duckdns.org # http://192.168.11.2:8001/ -include /etc/nginx/include/bchs.conf; # https://*.bchs.duckdns.org # /var/www/html-bchs -include /etc/nginx/include/blinko.conf; # https://blinko.phares.duckdns.org # http://192.168.11.2:5012/ -include /etc/nginx/include/cockpit.conf; # https://cockpit.phares.duckdns.org # https://127.0.0.1:9090/ -include /etc/nginx/include/dashkiosk.conf; # https://dashkiosk.phares.duckdns.org # http://192.168.11.2:9400/ -include /etc/nginx/include/firefox.conf; # https://firefox.phares.duckdns.org # http://192.168.11.2:5800/ -include /etc/nginx/include/gitea.conf; # https://gitea.phares.duckdns.org # http://192.168.11.2:3000/ -include /etc/nginx/include/immich-kiosk.conf; # https://immich-kiosk.phares.duckdns.org # http://192.168.11.2:5010/ -include /etc/nginx/include/immich-to-slideshow.conf; # https://immich-to-slideshow.phares.duckdns.org # http://192.168.11.2:5009/ -include /etc/nginx/include/immich.conf; # https://immich.phares.duckdns.org # http://192.168.11.2:3001/ -include /etc/nginx/include/kuma.conf; # https://kuma.phares.duckdns.org # https://192.168.11.2:3004/ -include /etc/nginx/include/linkwarden.conf; # https://linkwarden.phares.duckdns.org # http://192.168.11.2:5011/ -include /etc/nginx/include/mattermost.conf; # https://mattermost.phares.duckdns.org # https://192.168.11.2:8443/ -include /etc/nginx/include/neko.conf; # https://neko.phares.duckdns.org # http://192.168.11.2:8082/ -include /etc/nginx/include/odoo.conf; # https://odoo.phares.duckdns.org # http://192.168.11.2:8069/ -include /etc/nginx/include/pgadmin.conf; # https://pgadmin.phares.duckdns.org # https://192.168.11.2:5007/ -include /etc/nginx/include/phares.conf; # https://phares.duckdns.org # /var/www/html-nginx -include /etc/nginx/include/quartz.conf; # https://quartz.phares.duckdns.org # /var/www/html-quartz -include /etc/nginx/include/slideshow.conf; # https://slideshow.phares.duckdns.org # /var/www/html-slideshow -include /etc/nginx/include/vaultwarden.conf; # https://vaultwarden.phares.duckdns.org # https://192.168.11.2:5008/ -include /etc/nginx/include/warden.conf; # https://warden.phares.duckdns.org # https://192.168.11.2:5008/ -include /etc/nginx/include/xandikos.conf; # https://xandikos.phares.duckdns.org # http://192.168.11.2:8000/ server { # touch /etc/nginx/include/phares.duckdns.org # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/phares.duckdns.org.key -out /etc/nginx/include/phares.duckdns.org.crt -config /etc/nginx/include/phares.duckdns.org - ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; - # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; - ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_certificate /home/podman/wild-phares/fullchain.cer; + # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key; ssl_protocols TLSv1.2 TLSv1.3; listen 443 ssl http2; server_name *.phares.duckdns.org; @@ -37,4 +13,32 @@ server { try_files $uri $uri.html $uri/ =404; } } +include /etc/nginx/include/2fauth.conf; # https://2fauth.phares.duckdns.org # https://192.168.11.2:5015/ +include /etc/nginx/include/adguard.conf; # https://adguard.phares.duckdns.org # http://192.168.11.2:5014/ +include /etc/nginx/include/authentik.conf; # https://authentik.phares.duckdns.org # https://192.168.11.2:5018/ +include /etc/nginx/include/affirm.conf; # https://*.affirm.duckdns.org # /var/www/html-affirm +include /etc/nginx/include/baikal.conf; # https://baikal.phares.duckdns.org # http://192.168.11.2:8001/ +include /etc/nginx/include/bchs.conf; # https://*.bchs.duckdns.org # /var/www/html-bchs +include /etc/nginx/include/blinko.conf; # https://blinko.phares.duckdns.org # http://192.168.11.2:5012/ +include /etc/nginx/include/cockpit.conf; # https://cockpit.phares.duckdns.org # https://127.0.0.1:9090/ +include /etc/nginx/include/dashkiosk.conf; # https://dashkiosk.phares.duckdns.org # http://192.168.11.2:9400/ +include /etc/nginx/include/dorico.conf; # https://dorico.phares.duckdns.org # /home/lphares/dorico +include /etc/nginx/include/firefox.conf; # https://firefox.phares.duckdns.org # http://192.168.11.2:5800/ +include /etc/nginx/include/gitea.conf; # https://gitea.phares.duckdns.org # http://192.168.11.2:3000/ +include /etc/nginx/include/gotify.conf; # https://gotify.phares.duckdns.org # http://192.168.11.2:5016/ +include /etc/nginx/include/immich-kiosk.conf; # https://immich-kiosk.phares.duckdns.org # http://192.168.11.2:5010/ +include /etc/nginx/include/immich-to-slideshow.conf; # https://immich-to-slideshow.phares.duckdns.org # http://192.168.11.2:5009/ +include /etc/nginx/include/immich.conf; # https://immich.phares.duckdns.org # http://192.168.11.2:3001/ +include /etc/nginx/include/kuma.conf; # https://kuma.phares.duckdns.org # https://192.168.11.2:3004/ +include /etc/nginx/include/linkwarden.conf; # https://linkwarden.phares.duckdns.org # http://192.168.11.2:5011/ +include /etc/nginx/include/mattermost.conf; # https://mattermost.phares.duckdns.org # https://192.168.11.2:8443/ +include /etc/nginx/include/odoo.conf; # https://odoo.phares.duckdns.org # http://192.168.11.2:8069/ +include /etc/nginx/include/passed.conf; # https://passed.phares.duckdns.org # http://192.168.11.2:5022/ +include /etc/nginx/include/pgadmin.conf; # https://pgadmin.phares.duckdns.org # https://192.168.11.2:5007/ +include /etc/nginx/include/phares.conf; # https://phares.duckdns.org # /var/www/html-nginx +include /etc/nginx/include/quartz.conf; # https://quartz.phares.duckdns.org # /var/www/html-quartz +include /etc/nginx/include/slideshow.conf; # https://slideshow.phares.duckdns.org # /var/www/html-slideshow +include /etc/nginx/include/vaultwarden.conf; # https://vaultwarden.phares.duckdns.org # https://192.168.11.2:5008/ +include /etc/nginx/include/warden.conf; # https://warden.phares.duckdns.org # https://192.168.11.2:5008/ +include /etc/nginx/include/xandikos.conf; # https://xandikos.phares.duckdns.org # http://192.168.11.2:8000/ # ssh root@free.file.sync.root -i C:/Users/phares/.ssh/id_ed25519 \ No newline at end of file diff --git a/etc/systemd/system/snap.certbot.renew.service b/etc/systemd/system/snap.certbot.renew.service deleted file mode 100644 index 677bc27..0000000 --- a/etc/systemd/system/snap.certbot.renew.service +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -# Auto-generated, DO NOT EDIT -Description=Service for snap application certbot.renew -Requires=snap-certbot-4193.mount -Wants=network.target -After=snap-certbot-4193.mount network.target snapd.apparmor.service -X-Snappy=yes - -[Service] -EnvironmentFile=-/etc/environment -ExecStart=/usr/bin/snap run --timer="00:00~24:00/2" certbot.renew -SyslogIdentifier=certbot.renew -Restart=no -WorkingDirectory=/var/snap/certbot/4193 -TimeoutStopSec=30 -Type=oneshot diff --git a/etc/systemd/system/snap.certbot.renew.timer b/etc/systemd/system/snap.certbot.renew.timer deleted file mode 100644 index 3496f8d..0000000 --- a/etc/systemd/system/snap.certbot.renew.timer +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -# Auto-generated, DO NOT EDIT -Description=Timer renew for snap application certbot.renew -Requires=snap-certbot-4193.mount -After=snap-certbot-4193.mount -X-Snappy=yes - -[Timer] -Unit=snap.certbot.renew.service -OnCalendar=*-*-* 06:46 -OnCalendar=*-*-* 14:10 - -[Install] -WantedBy=timers.target diff --git a/etc/ufw/user.rules b/etc/ufw/user.rules index 7503fbb..dcb7412 100644 --- a/etc/ufw/user.rules +++ b/etc/ufw/user.rules @@ -2,10 +2,102 @@ :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] +:ufw-before-logging-input - [0:0] +:ufw-before-logging-output - [0:0] +:ufw-before-logging-forward - [0:0] +:ufw-user-logging-input - [0:0] +:ufw-user-logging-output - [0:0] +:ufw-user-logging-forward - [0:0] +:ufw-after-logging-input - [0:0] +:ufw-after-logging-output - [0:0] +:ufw-after-logging-forward - [0:0] +:ufw-logging-deny - [0:0] +:ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### + +### tuple ### allow tcp 53 0.0.0.0/0 any 0.0.0.0/0 in comment=30312920444e5320544350 +-A ufw-user-input -p tcp --dport 53 -j ACCEPT + +### tuple ### allow udp 53 0.0.0.0/0 any 0.0.0.0/0 in comment=30322920444e5320554450 +-A ufw-user-input -p udp --dport 53 -j ACCEPT + +### tuple ### allow tcp 67 0.0.0.0/0 any 0.0.0.0/0 in comment=303329204448435020544350 +-A ufw-user-input -p tcp --dport 67 -j ACCEPT + +### tuple ### allow udp 67 0.0.0.0/0 any 0.0.0.0/0 in comment=303429204448435020554450 +-A ufw-user-input -p udp --dport 67 -j ACCEPT + +### tuple ### allow any any 0.0.0.0/0 443 0.0.0.0/0 in comment=303529204854545053 +-A ufw-user-input -p tcp --sport 443 -j ACCEPT +-A ufw-user-input -p udp --sport 443 -j ACCEPT + +### tuple ### allow any 443 0.0.0.0/0 any 0.0.0.0/0 in comment=303629204854545053 +-A ufw-user-input -p tcp --dport 443 -j ACCEPT +-A ufw-user-input -p udp --dport 443 -j ACCEPT + +### tuple ### allow any any 0.0.0.0/0 22 192.168.11.0/25 in comment=30372920535348 +-A ufw-user-input -p tcp -s 192.168.11.0/25 --sport 22 -j ACCEPT +-A ufw-user-input -p udp -s 192.168.11.0/25 --sport 22 -j ACCEPT + +### tuple ### allow any any 0.0.0.0/0 22 192.168.21.0/25 in comment=30382920535348 +-A ufw-user-input -p tcp -s 192.168.21.0/25 --sport 22 -j ACCEPT +-A ufw-user-input -p udp -s 192.168.21.0/25 --sport 22 -j ACCEPT + +### tuple ### allow any any 0.0.0.0/0 22 192.168.31.0/25 in comment=30392920535348 +-A ufw-user-input -p tcp -s 192.168.31.0/25 --sport 22 -j ACCEPT +-A ufw-user-input -p udp -s 192.168.31.0/25 --sport 22 -j ACCEPT + +### tuple ### allow any any 0.0.0.0/0 22 192.168.41.0/25 in comment=31302920535348 +-A ufw-user-input -p tcp -s 192.168.41.0/25 --sport 22 -j ACCEPT +-A ufw-user-input -p udp -s 192.168.41.0/25 --sport 22 -j ACCEPT + +### tuple ### allow any any 0.0.0.0/0 22 192.168.42.0/25 in comment=31312920535348 +-A ufw-user-input -p tcp -s 192.168.42.0/25 --sport 22 -j ACCEPT +-A ufw-user-input -p udp -s 192.168.42.0/25 --sport 22 -j ACCEPT + +### tuple ### allow any any 0.0.0.0/0 22 192.168.43.0/25 in comment=31322920535348 +-A ufw-user-input -p tcp -s 192.168.43.0/25 --sport 22 -j ACCEPT +-A ufw-user-input -p udp -s 192.168.43.0/25 --sport 22 -j ACCEPT + +### tuple ### allow any 22 192.168.11.0/25 any 0.0.0.0/0 in comment=31332920535348 +-A ufw-user-input -p tcp -d 192.168.11.0/25 --dport 22 -j ACCEPT +-A ufw-user-input -p udp -d 192.168.11.0/25 --dport 22 -j ACCEPT + +### tuple ### allow any 22 192.168.21.0/25 any 0.0.0.0/0 in comment=31342920535348 +-A ufw-user-input -p tcp -d 192.168.21.0/25 --dport 22 -j ACCEPT +-A ufw-user-input -p udp -d 192.168.21.0/25 --dport 22 -j ACCEPT + +### tuple ### allow any 22 192.168.31.0/25 any 0.0.0.0/0 in comment=31352920535348 +-A ufw-user-input -p tcp -d 192.168.31.0/25 --dport 22 -j ACCEPT +-A ufw-user-input -p udp -d 192.168.31.0/25 --dport 22 -j ACCEPT + +### tuple ### allow any 22 192.168.41.0/25 any 0.0.0.0/0 in comment=31362920535348 +-A ufw-user-input -p tcp -d 192.168.41.0/25 --dport 22 -j ACCEPT +-A ufw-user-input -p udp -d 192.168.41.0/25 --dport 22 -j ACCEPT + +### tuple ### allow any 22 192.168.42.0/25 any 0.0.0.0/0 in comment=31372920535348 +-A ufw-user-input -p tcp -d 192.168.42.0/25 --dport 22 -j ACCEPT +-A ufw-user-input -p udp -d 192.168.42.0/25 --dport 22 -j ACCEPT + +### tuple ### allow any 22 192.168.43.0/25 any 0.0.0.0/0 in comment=31382920535348 +-A ufw-user-input -p tcp -d 192.168.43.0/25 --dport 22 -j ACCEPT +-A ufw-user-input -p udp -d 192.168.43.0/25 --dport 22 -j ACCEPT + +### END RULES ### + +### LOGGING ### +-A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 +-A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 +-A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 +-A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 +### END LOGGING ### + +### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT +### END RATE LIMITING ### COMMIT diff --git a/home/podman/.config/containers/systemd/2fauth-server-data.volume b/home/podman/.config/containers/systemd/2fauth-server-data.volume new file mode 100644 index 0000000..a153d05 --- /dev/null +++ b/home/podman/.config/containers/systemd/2fauth-server-data.volume @@ -0,0 +1 @@ +[Volume] \ No newline at end of file diff --git a/home/podman/.config/containers/systemd/2fauth-server.container b/home/podman/.config/containers/systemd/2fauth-server.container new file mode 100644 index 0000000..6375d9f --- /dev/null +++ b/home/podman/.config/containers/systemd/2fauth-server.container @@ -0,0 +1,173 @@ +[Container] +# AutoUpdate=registry +ContainerName=2fauth-server +# You can change the name of the app +Environment="APP_NAME=2FAuth" +# You can leave this on "local". If you change it to production most console commands will ask for extra confirmation. +# Never set it to "testing". +Environment="APP_ENV=local" +# The timezone for your application, which is used to record dates and times to database. This global setting can be +# overridden by users via in-app settings for a personalised dates and times display. +# If this setting is changed while the application is already running, existing records in the database won't be updated +Environment="APP_TIMEZONE=UTC" +# Set to true if you want to see debug information in error screens. +Environment="APP_DEBUG=false" +# This should be your email address +Environment="SITE_OWNER=mikepharesjr@msn.com" +# The encryption key for our database and sessions. Keep this very secure. +# If you generate a new one all existing data must be considered LOST. +# Change it to a string of exactly 32 chars or use command `php artisan key:generate` to generate it +Environment="APP_KEY=uvL37oiI1By0J#5t5kZwYB~17CXI2J9A" +# This variable must match your installation's external address. +# Webauthn won't work otherwise. +# Environment="APP_URL=http://localhost" +# Environment="APP_URL=http://192.168.11.2" +# Environment="APP_URL=http://192.168.11.2:5015" +Environment="APP_URL=https://2fauth.phares.duckdns.org" +# If you want to serve js assets from a CDN (like https://cdn.example.com), +# uncomment the following line and set this var with the CDN url. +# Otherwise, let this line commented. +# - ASSET_URL=http://localhost +# +# Turn this to true if you want your app to react like a demo. +# The Demo mode reset the app content every hours and set a generic demo user. +Environment="IS_DEMO_APP=false" +# The log channel defines where your log entries go to. +# 'daily' is the default logging mode giving you 7 daily rotated log files in /storage/logs/. +# Also available are 'errorlog', 'syslog', 'stderr', 'papertrail', 'slack' and a 'stack' channel +# to combine multiple channels into a single one. +Environment="LOG_CHANNEL=daily" +# Log level. You can set this from least severe to most severe: +# debug, info, notice, warning, error, critical, alert, emergency +# If you set it to debug your logs will grow large, and fast. If you set it to emergency probably +# nothing will get logged, ever. +Environment="LOG_LEVEL=notice" +# Database config (can only be sqlite) +Environment="DB_DATABASE=/srv/database/database.sqlite" +# If you're looking for performance improvements, you could install memcached. +Environment="CACHE_DRIVER=file" +Environment="SESSION_DRIVER=file" +# Mail settings +# Refer your email provider documentation to configure your mail settings +# Set a value for every available setting to avoid issue +Environment="MAIL_MAILER=log" +Environment="MAIL_HOST=smtp.centurylink.net" +Environment="MAIL_PORT=587" +Environment="MAIL_USERNAME=phares@centurylink.net" +Environment="MAIL_PASSWORD=Q7rOkv6#YdLCx4SBvMIAw" +Environment="MAIL_ENCRYPTION=null" +Environment="MAIL_FROM_NAME=Mik Phares" +Environment="MAIL_FROM_ADDRESS=noreply@phares.duckdns.org" +# SSL peer verification. +# Set this to false to disable the SSL certificate validation. +# WARNING +# Disabling peer verification can result in a major security flaw. +# Change it only if you know what you're doing. +Environment="MAIL_VERIFY_SSL_PEER=false" +# API settings +# The maximum number of API calls in a minute from the same IP. +# Once reached, all requests from this IP will be rejected until the minute has elapsed. +# Set to null to disable the API throttling. +Environment="THROTTLE_API=60" +# Authentication settings +# The number of times per minute a user can fail to log in before being locked out. +# Once reached, all login attempts will be rejected until the minute has elapsed. +# This setting applies to both email/password and webauthn login attempts. +Environment="LOGIN_THROTTLE=5" +# The default authentication guard +# Supported: +# 'web-guard' : The Laravel built-in auth system (default if nulled) +# 'reverse-proxy-guard' : When 2FAuth is deployed behind a reverse-proxy that handle authentication +# WARNING +# When using 'reverse-proxy-guard' 2FAuth only look for the dedicated headers and skip all other built-in +# authentication checks. That means your proxy is fully responsible of the authentication process, 2FAuth will +# trust him as long as headers are presents. +Environment="AUTHENTICATION_GUARD=web-guard" +# Authentication log retention time, in days. +# Log entries older than that are automatically deleted. +Environment="AUTHENTICATION_LOG_RETENTION=365" +# Name of the HTTP headers sent by the reverse proxy that identifies the authenticated user at proxy level. +# Check your proxy documentation to find out how these headers are named (i.e 'REMOTE_USER', 'REMOTE_EMAIL', etc...) +# (only relevant when AUTHENTICATION_GUARD is set to 'reverse-proxy-guard') +Environment="AUTH_PROXY_HEADER_FOR_USER=null" +Environment="AUTH_PROXY_HEADER_FOR_EMAIL=null" +# Custom logout URL to open when using an auth proxy. +Environment="PROXY_LOGOUT_URL=null" +# WebAuthn settings +# Relying Party name, aka the name of the application. If blank, defaults to APP_NAME. Do not set to null. +Environment="WEBAUTHN_NAME=2FAuth" +# Relying Party ID, should equal the site domain (i.e 2fauth.example.com). +# If null, the device will fill it internally (recommended) +# See https://webauthn-doc.spomky-labs.com/prerequisites/the-relying-party#how-to-determine-the-relying-party-id +Environment="WEBAUTHN_ID=null" +# Use this setting to control how user verification behave during the +# WebAuthn authentication flow. +# +# Most authenticators and smartphones will ask the user to actively verify +# themselves for log in. For example, through a touch plus pin code, +# password entry, or biometric recognition (e.g., presenting a fingerprint). +# The intent is to distinguish one user from any other. +# +# Supported: +# 'required': Will ALWAYS ask for user verification +# 'preferred' (default) : Will ask for user verification IF POSSIBLE +# 'discouraged' : Will NOT ask for user verification (for example, to minimize disruption to the user interaction flow) +Environment="WEBAUTHN_USER_VERIFICATION=preferred" +#### SSO settings (for Socialite) #### +# Uncomment and complete lines for the OAuth providers you want to enable. +# - OPENID_AUTHORIZE_URL= +# - OPENID_TOKEN_URL= +# - OPENID_USERINFO_URL= +# - OPENID_CLIENT_ID= +# - OPENID_CLIENT_SECRET= +# - GITHUB_CLIENT_ID= +# - GITHUB_CLIENT_SECRET= +# Use this setting to declare trusted proxied. +# Supported: +# '*': to trust any proxy +# A comma separated IP list: The list of proxies IP to trust +Environment="TRUSTED_PROXIES=null" +# Proxy for outgoing requests like new releases detection or logo fetching. +# You can provide a proxy URL that contains a scheme, username, and password. +# For example, "http://username:password@192.168.16.1:10". +Environment="PROXY_FOR_OUTGOING_REQUESTS=null" +# Leave the following configuration vars as is. +# Unless you like to tinker and know what you're doing. +Environment="BROADCAST_DRIVER=log" +Environment="QUEUE_DRIVER=sync" +Environment="SESSION_LIFETIME=120" +Environment="REDIS_HOST=127.0.0.1" +Environment="REDIS_PASSWORD=null" +Environment="REDIS_PORT=6379" +Environment="PUSHER_APP_ID=" +Environment="PUSHER_APP_KEY=" +Environment="PUSHER_APP_SECRET=" +Environment="PUSHER_APP_CLUSTER=mt1" +Environment="VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}"" +Environment="VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"" +Environment="MIX_ENV=local" +Image=docker.io/2fauth/2fauth +# Network=2fauth.network +# Pod=2fauth.pod +PublishPort=5015:44311 +Volume=2fauth-server-data:/2fauth:Z +Volume=/home/podman/2fauth/nginx.conf:/etc/nginx/nginx.conf:ro +Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro +Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro + +[Service] +Restart=no + +[Install] +WantedBy=multi-user.target default.target + +# podman pull docker.io/2fauth/2fauth +# systemctl --user daemon-reload +# systemctl --user start 2fauth-server +# systemctl --user status 2fauth-server --lines=999 +# journalctl -fu 2fauth-server.service +# podman logs 2fauth-server +# systemctl --user stop 2fauth-server +# systemctl --user disable 2fauth-server +# podman exec -ti 2fauth-server /bin/sh +# podman exec -ti 2fauth-server /bin/bash diff --git a/home/podman/.config/containers/systemd/actual-server-data.volume b/home/podman/.config/containers/systemd/actual-server-data.volume new file mode 100644 index 0000000..a153d05 --- /dev/null +++ b/home/podman/.config/containers/systemd/actual-server-data.volume @@ -0,0 +1 @@ +[Volume] \ No newline at end of file diff --git a/home/podman/.config/containers/systemd/actual-server.container b/home/podman/.config/containers/systemd/actual-server.container new file mode 100644 index 0000000..3288ed5 --- /dev/null +++ b/home/podman/.config/containers/systemd/actual-server.container @@ -0,0 +1,36 @@ +[Container] +AutoUpdate=registry +ContainerName=actual-server +Environment="ACTUAL_HOSTNAME=0.0.0.0" +# Environment="ACTUAL_HTTPS_CERT=/certs/server.cert" +# Environment="ACTUAL_HTTPS_KEY=/certs/server" +# Environment="ACTUAL_PORT=5006" +# Environment="ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB=20" +# Environment="ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB=20" +# Environment="ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SYNC_SIZE_LIMIT_MB=50" +Image=docker.io/actualbudget/actual-server:latest +# Network=actual.network +# Pod=actual.pod +PublishPort=5013:5006 +Volume=/etc/localtime:/etc/localtime:ro +Volume=/etc/timezone:/etc/timezone:ro +Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro +Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro +Volume=actual-server-data.volume:/data:rw + +[Service] +Restart=no + +[Install] +WantedBy=multi-user.target default.target + +# podman pull docker.io/actualbudget/actual-server:latest +# systemctl --user daemon-reload +# systemctl --user start actual-server +# systemctl --user status actual-server --lines=999 +# journalctl -fu actual-server.service +# podman logs actual-server +# systemctl --user stop actual-server +# systemctl --user disable actual-server +# podman exec -ti actual-server /bin/sh +# podman exec -ti actual-server /bin/bash diff --git a/home/podman/.config/containers/systemd/authentik-db-data.volume b/home/podman/.config/containers/systemd/authentik-db-data.volume new file mode 100644 index 0000000..a153d05 --- /dev/null +++ b/home/podman/.config/containers/systemd/authentik-db-data.volume @@ -0,0 +1 @@ +[Volume] \ No newline at end of file diff --git a/home/podman/.config/containers/systemd/authentik-db.container b/home/podman/.config/containers/systemd/authentik-db.container new file mode 100644 index 0000000..d902bd1 --- /dev/null +++ b/home/podman/.config/containers/systemd/authentik-db.container @@ -0,0 +1,36 @@ +[Container] +# AutoUpdate=registry +ContainerName=authentik-db +Environment="POSTGRES_USER=authentik" +Environment="POSTGRES_PASSWORD=OCxfxtWadNuXslBbfWw9c0JXLMu+bWngv+qk9Ya65sw=" +Environment="POSTGRES_DB=authentik" +Environment="TZ=America/Phoenix" +Image=docker.io/library/postgres:16.6 +HealthCmd=pg_isready -U authentik +HealthInterval=30s +HealthRetries=5 +HealthStartPeriod=20s +HealthTimeout=3s +# Network=authentik.network +# Pod=authentik.pod +PublishPort=5439:5432 +Volume=/etc/localtime:/etc/localtime:ro +Volume=/etc/timezone:/etc/timezone:ro +Volume=authentik-db-data:/data:Z + +[Service] +Restart=no + +[Install] +WantedBy=multi-user.target default.target + +# podman pull docker.io/library/postgres:16.6 +# systemctl --user daemon-reload +# systemctl --user start authentik-db +# systemctl --user status authentik-db --lines=999 +# journalctl -fu authentik-db.service +# podman logs authentik-db +# systemctl --user stop authentik-db +# systemctl --user disable authentik-db +# podman exec -ti authentik-db /bin/sh +# podman exec -ti authentik-db /bin/bash diff --git a/home/podman/.config/containers/systemd/authentik-redis-data.volume b/home/podman/.config/containers/systemd/authentik-redis-data.volume new file mode 100644 index 0000000..a153d05 --- /dev/null +++ b/home/podman/.config/containers/systemd/authentik-redis-data.volume @@ -0,0 +1 @@ +[Volume] \ No newline at end of file diff --git a/home/podman/.config/containers/systemd/authentik-redis.container b/home/podman/.config/containers/systemd/authentik-redis.container new file mode 100644 index 0000000..9a3fc34 --- /dev/null +++ b/home/podman/.config/containers/systemd/authentik-redis.container @@ -0,0 +1,36 @@ +[Container] +# AutoUpdate=registry +ContainerName=authentik-redis +Exec=--save 60 1 --loglevel warning +# Environment="AUTHENTIK_REDIS__HOST=192.168.11.2" +HealthCmd=/usr/local/bin/redis-cli ping || grep PONG +HealthInterval=30s +HealthRetries=5 +HealthStartPeriod=20s +HealthTimeout=3s +Image=docker.io/library/redis:7.4.1 +# Network=authentik.network +# Pod=authentik.pod +PublishPort=5021:6379 +Volume=authentik-redis-data:/data:Z + +[Service] +Restart=no + +[Unit] +Requires=authentik-db.service +After=authentik-db.service + +[Install] +WantedBy=multi-user.target default.target + +# podman pull docker.io/library/redis:7.4.1 +# systemctl --user daemon-reload +# systemctl --user start authentik-redis +# systemctl --user status authentik-redis --lines=999 +# journalctl -fu authentik-redis.service +# podman logs authentik-redis +# systemctl --user stop authentik-redis +# systemctl --user disable authentik-redis +# podman exec -ti authentik-redis /bin/sh +# podman exec -ti authentik-redis /bin/bash diff --git a/home/podman/.config/containers/systemd/authentik-server-media.volume b/home/podman/.config/containers/systemd/authentik-server-media.volume new file mode 100644 index 0000000..a153d05 --- /dev/null +++ b/home/podman/.config/containers/systemd/authentik-server-media.volume @@ -0,0 +1 @@ +[Volume] \ No newline at end of file diff --git a/home/podman/.config/containers/systemd/authentik-server-templates.volume b/home/podman/.config/containers/systemd/authentik-server-templates.volume new file mode 100644 index 0000000..a153d05 --- /dev/null +++ b/home/podman/.config/containers/systemd/authentik-server-templates.volume @@ -0,0 +1 @@ +[Volume] \ No newline at end of file diff --git a/home/podman/.config/containers/systemd/authentik-server.container b/home/podman/.config/containers/systemd/authentik-server.container new file mode 100644 index 0000000..c3ba674 --- /dev/null +++ b/home/podman/.config/containers/systemd/authentik-server.container @@ -0,0 +1,55 @@ +[Container] +ContainerName=authentik-server +Environment="AUTHENTIK_POSTGRESQL__CONN_MAX_AGE=0" +Environment="AUTHENTIK_POSTGRESQL__HOST=192.168.11.2" +Environment="AUTHENTIK_POSTGRESQL__NAME=authentik" +Environment="AUTHENTIK_POSTGRESQL__PASSWORD=OCxfxtWadNuXslBbfWw9c0JXLMu+bWngv+qk9Ya65sw=" +Environment="AUTHENTIK_POSTGRESQL__PORT=5439" +Environment="AUTHENTIK_POSTGRESQL__USER=authentik" +Environment="AUTHENTIK_REDIS__HOST=192.168.11.2" +Environment="AUTHENTIK_REDIS__PORT=5021" +# (Required) To generate a secret key run the following command: +# echo $(openssl rand -base64 32) +Environment="AUTHENTIK_SECRET_KEY=mlZ57mWthun9b8SPaS7Ptl0bBQX4OvyRanbqdQ+5e/k=" +# (Optional) Enable Error Reporting +# Environment="AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false}" +# (Optional) Enable Email Sending +# Environment="AUTHENTIK_EMAIL__HOST=smtp.centurylink.net" +# Environment="AUTHENTIK_EMAIL__PORT=587" +# Environment="AUTHENTIK_EMAIL__USERNAME=phares@centurylink.net" +# Environment="AUTHENTIK_EMAIL__PASSWORD=Q7rOkv6#YdLCx4SBvMIAw" +# Environment="AUTHENTIK_EMAIL__USE_TLS=false" +# Environment="AUTHENTIK_EMAIL__USE_SSL=false" +# Environment="AUTHENTIK_EMAIL__TIMEOUT=10" +# Environment="AUTHENTIK_EMAIL__FROM=noreply@phares.duckdns.org" +Exec=server +Image=ghcr.io/goauthentik/server:2024.12.1 +PublishPort=5017:9000 +PublishPort=5018:9443 +Volume=/etc/localtime:/etc/localtime:ro +Volume=/etc/timezone:/etc/timezone:ro +Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro +Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro +Volume=authentik-server-media:/media:Z +Volume=authentik-server-templates:/templates:Z + +[Service] +Restart=no + +[Unit] +Requires=authentik-worker.service +After=authentik-worker.service + +[Install] +WantedBy=multi-user.target default.target + +# podman pull ghcr.io/goauthentik/server:2024.12.1 +# systemctl --user daemon-reload +# systemctl --user start authentik-server +# systemctl --user status authentik-server --lines=999 +# journalctl -fu authentik-server.service +# podman logs authentik-server +# systemctl --user stop authentik-server +# systemctl --user disable authentik-server +# podman exec -ti authentik-server /bin/sh +# podman exec -ti authentik-server /bin/bash diff --git a/home/podman/.config/containers/systemd/authentik-worker.container b/home/podman/.config/containers/systemd/authentik-worker.container new file mode 100644 index 0000000..22bd5b5 --- /dev/null +++ b/home/podman/.config/containers/systemd/authentik-worker.container @@ -0,0 +1,57 @@ +[Container] +ContainerName=authentik-worker +Environment="AUTHENTIK_POSTGRESQL__CONN_MAX_AGE=0" +Environment="AUTHENTIK_POSTGRESQL__HOST=192.168.11.2" +Environment="AUTHENTIK_POSTGRESQL__NAME=authentik" +Environment="AUTHENTIK_POSTGRESQL__PASSWORD=OCxfxtWadNuXslBbfWw9c0JXLMu+bWngv+qk9Ya65sw=" +Environment="AUTHENTIK_POSTGRESQL__PORT=5439" +Environment="AUTHENTIK_POSTGRESQL__USER=authentik" +Environment="AUTHENTIK_REDIS__HOST=192.168.11.2" +Environment="AUTHENTIK_REDIS__PORT=5021" +# (Required) To generate a secret key run the following command: +# echo $(openssl rand -base64 32) +Environment="AUTHENTIK_SECRET_KEY=QvqdN5Pn4piWcoof1yPDa0FcaGnOL1gHAiSImJjEGZl6pypRgE2nCps8DTd4R9UHqfFuOtR9jhCelmQ2" +# (Optional) Enable Error Reporting +# Environment="AUTHENTIK_ERROR_REPORTING__ENABLED=true" +# (Optional) Enable Email Sending +# Environment="AUTHENTIK_EMAIL__HOST=smtp.centurylink.net" +# Environment="AUTHENTIK_EMAIL__PORT=587" +# Environment="AUTHENTIK_EMAIL__USERNAME=phares@centurylink.net" +# Environment="AUTHENTIK_EMAIL__PASSWORD=Q7rOkv6#YdLCx4SBvMIAw" +# Environment="AUTHENTIK_EMAIL__USE_TLS=false" +# Environment="AUTHENTIK_EMAIL__USE_SSL=false" +# Environment="AUTHENTIK_EMAIL__TIMEOUT=10" +# Environment="AUTHENTIK_EMAIL__FROM=noreply@phares.duckdns.org" +Exec=worker +Image=ghcr.io/goauthentik/server:2024.12.1 +PublishPort=5019:9000 +PublishPort=5020:9443 +Volume=/etc/localtime:/etc/localtime:ro +Volume=/etc/timezone:/etc/timezone:ro +Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro +Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro +Volume=authentik-server-media:/media:Z +Volume=authentik-server-templates:/templates:Z + +[Service] +Restart=no + +[Unit] +Requires=authentik-db.service +Requires=authentik-redis.service +After=authentik-db.service +After=authentik-redis.service + +[Install] +WantedBy=multi-user.target default.target + +# podman pull ghcr.io/goauthentik/server:2024.12.1 +# systemctl --user daemon-reload +# systemctl --user start authentik-worker +# systemctl --user status authentik-worker --lines=999 +# journalctl -fu authentik-worker.service +# podman logs authentik-worker +# systemctl --user stop authentik-worker +# systemctl --user disable authentik-worker +# podman exec -ti authentik-worker /bin/sh +# podman exec -ti authentik-worker /bin/bash diff --git a/home/podman/.config/containers/systemd/gotify-server-data.volume b/home/podman/.config/containers/systemd/gotify-server-data.volume new file mode 100644 index 0000000..a153d05 --- /dev/null +++ b/home/podman/.config/containers/systemd/gotify-server-data.volume @@ -0,0 +1 @@ +[Volume] \ No newline at end of file diff --git a/home/podman/.config/containers/systemd/gotify-server.container b/home/podman/.config/containers/systemd/gotify-server.container new file mode 100644 index 0000000..18b98c4 --- /dev/null +++ b/home/podman/.config/containers/systemd/gotify-server.container @@ -0,0 +1,28 @@ +[Container] +# AutoUpdate=registry +ContainerName=gotify-server +Environment="TZ=America/Phoenix" +Image=docker.io/gotify/server +# Network=gotify.network +# Pod=gotify.pod +PublishPort=5016:80 +Volume=gotify-server-data.volume:/app/data:Z +Volume=/etc/localtime:/etc/localtime:ro +Volume=/etc/timezone:/etc/timezone:ro + +[Service] +Restart=no + +[Install] +WantedBy=multi-user.target default.target + +# podman pull docker.io/gotify/server +# systemctl --user daemon-reload +# systemctl --user start gotify-server +# systemctl --user status gotify-server --lines=999 +# journalctl -fu gotify-server.service +# podman logs gotify-server +# systemctl --user stop gotify-server +# systemctl --user disable gotify-server +# podman exec -ti gotify-server /bin/sh +# podman exec -ti gotify-server /bin/bash diff --git a/home/podman/.config/containers/systemd/immich-kiosk.container b/home/podman/.config/containers/systemd/immich-kiosk.container index c01954e..81f7a75 100644 --- a/home/podman/.config/containers/systemd/immich-kiosk.container +++ b/home/podman/.config/containers/systemd/immich-kiosk.container @@ -1,7 +1,6 @@ [Container] AutoUpdate=registry ContainerName=immich-kiosk - Environment="TZ=America/Phoenix" # Required settings Environment="KIOSK_IMMICH_API_KEY=fLJoRERkcmFuSviMaAfsuINmvyXLFKu9HIICXP8I" diff --git a/home/podman/.config/containers/systemd/mattermost-server.container b/home/podman/.config/containers/systemd/mattermost-server.container index 0feccc3..8116f6a 100644 --- a/home/podman/.config/containers/systemd/mattermost-server.container +++ b/home/podman/.config/containers/systemd/mattermost-server.container @@ -7,9 +7,9 @@ Environment="MM_SERVICESETTINGS_SITEURL=https://mattermost.phares.duckdns.org" Environment="MM_SQLSETTINGS_DATASOURCE=postgres://mmuser:mmuser_password@192.168.11.2:5436/mattermost?sslmode=disable&connect_timeout=10" Environment="MM_SQLSETTINGS_DRIVERNAME=postgres" Environment="TZ=US/Arizona" -# HealthCmd="curl -f http://192.168.11.2:8443/api/v4/system/ping || exit 1" -# HealthCmd="curl -f https://mattermost.phares.duckdns.org/api/v4/system/ping || exit 1" -HealthCmd="ls" +# HealthCmd=ls +# HealthCmd=curl -f http://0.0.0.0:8065/api/v4/system/ping || exit 1 +# HealthCmd=curl -f https://mattermost.phares.duckdns.org/api/v4/system/ping || exit 1 # Image=docker.io/mattermost/mattermost-team-edition:9.11.2 Image=docker.io/mattermost/mattermost-team-edition:release-10.3 # Network=mattermost.network @@ -47,4 +47,4 @@ WantedBy=multi-user.target default.target # systemctl --user stop mattermost-server # systemctl --user disable mattermost-server # podman exec -ti mattermost-server /bin/sh -# podman exec -ti mattermost-server /bin/bash +# podman exec -ti mattermost-server /bin/bash \ No newline at end of file diff --git a/home/podman/.config/containers/systemd/mysleep.container b/home/podman/.config/containers/systemd/mysleep.container deleted file mode 100644 index f0d1685..0000000 --- a/home/podman/.config/containers/systemd/mysleep.container +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=The sleep container -After=local-fs.target - -[Container] -Image=registry.access.redhat.com/ubi9-minimal:latest -Exec=sleep 1000 - -[Install] -# Start by default on boot -WantedBy=multi-user.target default.target multi-user.target diff --git a/home/podman/.config/containers/systemd/neko-server.container b/home/podman/.config/containers/systemd/neko-server.container deleted file mode 100644 index d7e8c72..0000000 --- a/home/podman/.config/containers/systemd/neko-server.container +++ /dev/null @@ -1,32 +0,0 @@ -[Container] -AutoUpdate=registry -ContainerName=neko-server -Environment="NEKO_SCREEN=1920x1080@30" -Environment="NEKO_PASSWORD=neko" -Environment="NEKO_PASSWORD_ADMIN=admin" -Environment="NEKO_EPR=52000-52100" -Environment="NEKO_NAT1TO1=192.168.11.2" -Image=docker.io/m1k1o/neko:firefox -# Network=neko.network -# Pod=neko.pod -PublishPort=8082:8080/tcp -PublishPort=52000-52100:52000-52100/udp -Volume=/etc/localtime:/etc/localtime:ro -Volume=/etc/timezone:/etc/timezone:ro - -[Service] -Restart=no - -[Install] -WantedBy=multi-user.target default.target - -# podman pull docker.io/m1k1o/neko:firefox -# systemctl --user daemon-reload -# systemctl --user start neko-server -# systemctl --user status neko-server -# journalctl -fu neko-server.service -# podman logs neko-server -# systemctl --user stop neko-server -# systemctl --user disable neko-server -# podman exec -ti neko-server /bin/sh -# podman exec -ti neko-server /bin/bash diff --git a/home/podman/.config/containers/systemd/passed-server-data.volume b/home/podman/.config/containers/systemd/passed-server-data.volume new file mode 100644 index 0000000..a153d05 --- /dev/null +++ b/home/podman/.config/containers/systemd/passed-server-data.volume @@ -0,0 +1 @@ +[Volume] \ No newline at end of file diff --git a/home/podman/.config/containers/systemd/passed-server.container b/home/podman/.config/containers/systemd/passed-server.container new file mode 100644 index 0000000..a5129b3 --- /dev/null +++ b/home/podman/.config/containers/systemd/passed-server.container @@ -0,0 +1,30 @@ +[Container] +# AutoUpdate=registry +ContainerName=passed-server +Environment="PASSED_ADDRESS=:3000" +Environment="PASSED_STORE_TYPE=dir" +Environment="PASSED_STORE_DIR_PATH=/etc/passed" +Image=git.1e99.eu/1e99/passed:latest +# Network=passed.network +# Pod=passed.pod +PublishPort=5022:3000 +Volume=passed-server-data.volume:/etc/passed:Z +Volume=/etc/localtime:/etc/localtime:ro +Volume=/etc/timezone:/etc/timezone:ro + +[Service] +Restart=no + +[Install] +WantedBy=multi-user.target default.target + +# podman pull git.1e99.eu/1e99/passed:latest +# systemctl --user daemon-reload +# systemctl --user start passed-server +# systemctl --user status passed-server --lines=999 +# journalctl -fu passed-server.service +# podman logs passed-server +# systemctl --user stop passed-server +# systemctl --user disable passed-server +# podman exec -ti passed-server /bin/sh +# podman exec -ti passed-server /bin/bash diff --git a/home/podman/.config/containers/systemd/uptime-kuma-server.container b/home/podman/.config/containers/systemd/uptime-kuma-server.container index 7abbdda..1bfa51a 100644 --- a/home/podman/.config/containers/systemd/uptime-kuma-server.container +++ b/home/podman/.config/containers/systemd/uptime-kuma-server.container @@ -8,7 +8,12 @@ Image=docker.io/louislam/uptime-kuma:1 # Network=uptime-kuma.network # Pod=uptime-kuma.pod PodmanArgs=--add-host=cockpit.phares.duckdns.org:192.168.11.2 +PodmanArgs=--add-host=gotify.phares.duckdns.org:192.168.11.2 +PodmanArgs=--add-host=kuma.phares.duckdns.org:192.168.11.2 PodmanArgs=--add-host=mattermost.phares.duckdns.org:192.168.11.2 +PodmanArgs=--add-host=pgadmin.phares.duckdns.org:192.168.11.2 +PodmanArgs=--add-host=vaultwarden.phares.duckdns.org:192.168.11.2 +PodmanArgs=--add-host=warden.phares.duckdns.org:192.168.11.2 PublishPort=3004:3001 Volume=uptime-kuma-server-data.volume:/app/data:rw Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro @@ -23,7 +28,7 @@ WantedBy=multi-user.target default.target # podman pull docker.io/louislam/uptime-kuma:1 # systemctl --user daemon-reload # systemctl --user start uptime-kuma-server -# systemctl --user status uptime-kuma-server +# systemctl --user status uptime-kuma-server --lines=999 # journalctl -fu uptime-kuma-server.service # podman logs uptime-kuma-server # systemctl --user stop uptime-kuma-server diff --git a/var/spool/cron/crontabs/podman b/var/spool/cron/crontabs/podman new file mode 100644 index 0000000..23283f0 --- /dev/null +++ b/var/spool/cron/crontabs/podman @@ -0,0 +1,40 @@ +# DO NOT EDIT THIS FILE - edit the master and reinstall. +# (/tmp/crontab.Ozl2NI/crontab installed on Fri Jan 3 22:08:52 2025) +# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $) +# DO NOT EDIT THIS FILE - edit the master and reinstall. +# (/tmp/crontab.35buNM/crontab installed on Tue Dec 3 13:24:22 2024) +# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $) +# Edit this file to introduce tasks to be run by cron. +# +14 11 * * * podman volume export systemd-baikal-server-data --output /home/podman/cron-backup/baikal-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +15 11 * * * podman volume export systemd-blinko-server-data --output /home/podman/cron-backup/blinko-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +16 11 * * * podman volume export systemd-gitea-server-data --output /home/podman/cron-backup/gitea-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +17 11 * * * podman volume export systemd-linkwarden-server-data --output /home/podman/cron-backup/linkwarden-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +18 11 * * * podman volume export systemd-mattermost-server-data --output /home/podman/cron-backup/mattermost-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +19 11 * * * podman volume export systemd-odoo-server-data --output /home/podman/cron-backup/odoo-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +20 11 * * * podman volume export systemd-uptime-kuma-server-data --output /home/podman/cron-backup/uptime-kuma-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +21 11 * * * podman volume export systemd-xandikos-server-data --output /home/podman/cron-backup/xandikos-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +# +22 11 * * * podman volume export systemd-baikal-server-config --output /home/podman/cron-backup/baikal-server-config-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +23 11 * * * podman volume export systemd-gitea-server-config --output /home/podman/cron-backup/gitea-server-config-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +24 11 23 * * podman volume export systemd-immich-server-upload --output /home/podman/cron-backup/immich-server-upload-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +25 11 * * * podman volume export systemd-mattermost-server-bleve --output /home/podman/cron-backup/mattermost-server-bleve-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +26 11 * * * podman volume export systemd-mattermost-server-client-plugins --output /home/podman/cron-backup/mattermost-server-client-plugins-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +27 11 * * * podman volume export systemd-mattermost-server-config --output /home/podman/cron-backup/mattermost-server-config-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +28 11 * * * podman volume export systemd-mattermost-server-logs --output /home/podman/cron-backup/mattermost-server-logs-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +29 11 * * * podman volume export systemd-mattermost-server-plugins --output /home/podman/cron-backup/mattermost-server-plugins-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +# +30 11 * * * podman volume export systemd-pgadmin-data --output /home/podman/cron-backup/pgadmin-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +31 11 * * * podman volume export systemd-firefox-data --output /home/podman/cron-backup/firefox-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +32 11 * * * podman volume export systemd-immich-learning-cache --output /home/podman/cron-backup/immich-learning-cache-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +# +13 12 * * * podman volume export systemd-blinko-db-data --output /home/podman/cron-backup/blinko-db-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +14 12 * * * podman volume export systemd-gitea-db-data --output /home/podman/cron-backup/gitea-db-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +15 12 * * * podman volume export systemd-immich-db-data --output /home/podman/cron-backup/immich-db-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +16 12 * * * podman volume export systemd-linkwarden-db-data --output /home/podman/cron-backup/linkwarden-db-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +17 12 * * * podman volume export systemd-mattermost-db-data --output /home/podman/cron-backup/mattermost-db-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +18 12 * * * podman volume export systemd-odoo-db-data --output /home/podman/cron-backup/odoo-db-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +19 12 * * * podman volume export systemd-vaultwarden-db-data --output /home/podman/cron-backup/vaultwarden-db-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +# +20 12 * * * podman volume export systemd-gotify-server-data --output /home/podman/cron-backup/gotify-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar +21 12 * * * podman volume export systemd-2fauth-server-data --output /home/podman/cron-backup/2fauth-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar diff --git a/var/spool/cron/crontabs/root b/var/spool/cron/crontabs/root new file mode 100644 index 0000000..6ad47f5 --- /dev/null +++ b/var/spool/cron/crontabs/root @@ -0,0 +1,10 @@ +# DO NOT EDIT THIS FILE - edit the master and reinstall. +# (/tmp/crontab.CuxS5w/crontab installed on Sun Jan 5 11:20:46 2025) +# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $) +# Edit this file to introduce tasks to be run by cron. +# +*/5 * * * * /etc/duckdns/duck.sh >/dev/null 2>&1 +24 5 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null +# 25 13 * * * cd /root/jackyzha0-quartz-phares && /snap/bin/npx quartz build +25 13 * * * cd /home/www-data/jackyzha0-quartz-phares && /snap/bin/npx quartz build +01 14 * * * rsync --remove-source-files -av -e ssh /home/podman/cron-backup/ root@192.168.0.31:/home/podman/cron-backup-delete/