01-06-a

2025-01-06 18:26:44 -07:00
parent 70f6c099a9
commit 1c0b573f60
65 changed files with 1871 additions and 201 deletions
--- a/etc/bash_history_2024-01-03_podman.txt
+++ b/etc/bash_history_2024-01-03_podman.txt
@ -0,0 +1,500 @@
+podman exec -ti immich-to-slideshow-server /bin/bash
+cp -R /var/www/html-slideshow/Images-c9dbce3b-Results/F\)Random/c9dbce3b/\[\]/* /var/www/html-slideshow/slideshow/random-results/
+exit
+ls -al /var/www/html-slideshow/slideshow/random-results
+exit
+podman exec -ti immich-to-slideshow-server /bin/bash
+exit
+systemctl --user start immich-to-slideshow-server
+exit
+exit
+systemctl --user start immich-to-slideshow-server
+podman exec -ti immich-to-slideshow-server /bin/bash
+exit
+systemctl --user start immich-to-slideshow-server
+exit
+podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest
+systemctl --user start immich-to-slideshow-server
+exit
+podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest
+systemctl --user start immich-to-slideshow-server
+exit
+systemctl --user start immich-to-slideshow-server
+exit
+systemctl --user start immich-to-slideshow-server
+exit
+podman exec -ti immich-to-slideshow-server /bin/bash
+systemctl --user start immich-to-slideshow-server
+podman exec -ti immich-to-slideshow-server /bin/bash
+exit
+systemctl --user start immich-to-slideshow-server
+podman exec -ti immich-to-slideshow-server /bin/bash
+exit
+podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest
+systemctl --user start immich-to-slideshow-server
+exit
+podman pull docker.io/damongolding/immich-kiosk:latest
+exit
+systemctl --user start immich-kiosk
+exit
+systemctl --user start immich-kiosk
+exit
+systemctl --user start immich-kiosk
+exit
+systemctl --user start immich-kiosk
+exit
+systemctl --user start immich-kiosk
+exit
+systemctl --user start immich-to-slideshow-server
+systemctl --user status immich-to-slideshow-server
+exit
+systemctl --user status immich-to-slideshow-server
+systemctl --user start immich-to-slideshow-server
+nano ~/.microsoft/usersecrets/cc24ad7a-1d95-4c47-a3ea-0d8475ab06da/secrets.json
+exit
+podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest
+exit
+systemctl --user start immich-to-slideshow-server
+exit
+podman pull tananaev/traccar:latest
+podman pull tananaev.org/traccar:latest
+podman pull traccar.org/traccar:latest
+podman pull docker.io/traccar/traccar:latest
+exit
+systemctl --user start traccar-server
+systemctl --user status traccar-server --lines=999
+ls -la /opt/traccar/
+ls -la /opt/traccar/logs/
+exit
+systemctl --user status traccar-server --lines=999
+systemctl --user start traccar-server
+nano /opt/traccar/traccar.xml
+exit
+nano /opt/traccar/traccar.xml
+systemctl --user start traccar-server
+systemctl --user status traccar-server --lines=999
+nano /opt/traccar/traccar.xml
+nano /opt/traccar/traccar.xml
+systemctl --user start traccar-server
+systemctl --user status traccar-server --lines=999
+podman pull ghcr.io/linkwarden/linkwarden:latest
+podman pull ghcr.io/linkwarden/linkwarden:latest
+podman pull docker.io/postgres:16-alpine
+podman pull docker.io/postgres:16-alpine
+podman pull ghcr.io/linkwarden/linkwarden:latest
+podman pull ghcr.io/linkwarden/linkwarden:latest
+exit
+systemctl --user start linkwarden-db
+systemctl --user start linkwarden-server
+systemctl --user status linkwarden-server --lines=9999
+exit
+systemctl --user start linkwarden-server
+systemctl --user status linkwarden-server --lines=9999
+exit
+systemctl --user start linkwarden-server
+systemctl --user status linkwarden-server --lines=9999
+exit
+podman pull docker.io/blinkospace/blinko:latest
+podman pull docker.io/postgres:14
+systemctl --user start blinko-server
+systemctl --user status blinko-server --lines=9999
+systemctl --user start blinko-db
+systemctl --user status blinko-db
+systemctl --user start blinko-db
+systemctl --user start blinko-server
+systemctl --user status blinko-server --lines=9999
+exit
+podman volunme ls
+podman volume ls
+podman volume prune
+podman volume ls
+podman volume rm systemd-odoo-server-data
+podman volume rm systemd-odoo-db-data
+podman volume rm one-review_postgres_data
+podman volume prune
+podman volume rm systemd-vaultwarden-server-data
+podman volume prune
+exit
+exit
+exit
+podman exec -ti mattermost-server /bin/bash
+podman volume ls
+podman volume inspect systemd-mattermost-server-config
+nano /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/config.json 
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+podman volume prune
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+docker system prune --volumes
+podman system prune --volumes
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start linkwarden-server
+systemctl --user status linkwarden-server --lines=9999
+podman volume prune
+podman volume prune
+podman image prune
+podman image prune
+podman container prune
+podman volume prune
+podman container prune
+exit
+exit
+podman exec -ti linkwarden-server /bin/bash
+podman pull docker.io/mattermost/mattermost-team-edition:release-10.3
+podman pull docker.io/mattermost/mattermost-team-edition:release-10.3
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+curl -f http://localhost:8065/api/v4/system/ping || exit 1
+systemctl --user start mattermost-server
+podman exec -ti mattermost-server /bin/sh
+exit
+systemctl --user start mattermost-server
+exit
+systemctl --user start mattermost-server
+exit
+systemctl --user start mattermost-server
+exit
+podman volume ls
+podman volume prune
+podman volume inspect systemd-blinko-server-data
+sudo -i root
+sudo -i
+podman exec -ti blinko-server /bin/bash
+podman exec -ti blinko-server /bin/sh
+exit
+sudo -i
+exit
+sudo -i
+exit
+exit
+systemctl --user start linkwarden-server
+exit
+podman volume list
+podman volume info systemd-blinko-server-data
+podman volume systemd-blinko-server-data info
+podman volume systemd-blinko-server-data
+podman volume --help
+podman volume inspect systemd-blinko-server-data
+ls /home/podman/.local/share/containers/storage/volumes/systemd-blinko-server-data/_data
+mkdir -p /home/podman/backup-blinko
+podman volume export blinko-server-data --output /home/podman/backup-blinko/blinko-server-data.tar
+podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/blinko-server-data.tar
+podman volume export systemd-baikal-server-data --output /home/podman/backup-baikal/baikal-server-data.tar
+mkdir -p /home/podman/backup-baikal
+podman volume export systemd-baikal-server-data --output /home/podman/backup-baikal/baikal-server-data.tar
+now=$(date +'%Y-%m-%d_%H-%M-%S')
+podman volume export systemd-baikal-server-data --output /home/podman/backup-baikal/baikal-server-data-${now}.tar
+crontab -e
+exit
+crontab -e
+crontab -e
+crontab -r
+exit
+podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"\%Y\%m\%d-\%H\%M\%S")'.tar'
+exit
+podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"%Y-%m-%d--%H-%M-%S")'.tar'
+exit
+crontab -e
+exit
+chrontab -e
+crontab -e
+crontab -e
+exit
+podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"%Y-%m-%d--%H-%M-%S")'.tar'
+whereis podman
+/usr/bin/podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"%Y-%m-%d--%H-%M-%S")'.tar'
+crontab -e
+crontab -e
+crontab -e
+grep CRON /var/log/syslog
+nano /var/log/syslog
+cat /var/log/syslog
+exit
+crontab -l
+crontab -r
+crontab -e
+cat /etc/cron.allow
+cat /etc/cron.d/cron.allow
+crontab -l -u podman
+nano /etc/cron. d/cron
+nano /etc/cron
+nano /etc/cron.d/cron.allow
+crontab -r
+crontab -l
+exit
+crontab -l
+crontab -e
+systemctl status cron
+sudo -i
+systemctl status cron
+crontab -e
+crontab -e
+systemctl status cron
+systemctl status cron
+systemctl status cron
+crontab -l
+crontab -e
+systemctl status cron
+systemctl status cron
+service cron status
+crontab -e
+service cron status
+crontab -l
+crontab -e
+/home/podman/cron-backup
+mkdir /home/podman/cron-backup
+crontab -e
+crontab -e
+crontab -e
+crontab -e
+tar --list \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar
+tar --list --file \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar
+tar \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar
+tar --list --file \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar /etc
+tar -tf \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar
+tar --list --file /home/podman/cron-backup/immich-server-upload-2024-12-23--11-24-01.tar
+tar --list --file /home/podman/cron-backup/immich-server-upload-2024-12-23--11-24-01.tar thumbs/5f0b1052-466d-44de-a554-226d7256850d/33/c5/
+crontab -e
+tar --list --directory /home/podman/cron-backup/immich-server-upload-2024-12-23--11-24-01.tar
+tar --list --file /home/podman/cron-backup/immich-server-upload-2024-12-23--11-24-01.tar
+crontab -e
+exit
+systemctl --user start linkwarden-server
+exit
+podman pull docker.io/actualbudget/actual-server:latest
+systemctl --user start actual-server
+exit
+exit
+exit
+exit
+exit
+systemctl --user start linkwarden-server
+exit
+id
+exit
+nano ~/.bash_profile
+nano ~/.bash_profile
+exit
+exit
+systemctl --user start uptime-kuma-server
+exit
+systemctl --user start uptime-kuma-server
+podman pull docker.io/2fauth/2fauth
+exit
+systemctl --user start 2fauth-server
+exit
+systemctl --user start 2fauth-server
+exit
+systemctl --user start 2fauth-server
+exit
+podman volumn prune
+podman volume prune
+podman volume prune
+exit
+systemctl --user start 2fauth-server
+exit
+systemctl --user start 2fauth-server
+systemctl --user status 2fauth-server
+exit
+systemctl --user start 2fauth-server
+exit
+exit
+systemctl --user start 2fauth-server
+exit
+podman exec -ti 2fauth-server /bin/bash
+podman exec -ti 2fauth-server /bin/sh
+nc -zv localhost 8000
+nc -zv localhost 443
+podman exec -ti 2fauth-server /bin/sh
+podman exec -ti 2fauth-server /bin/sh
+nc -zv localhost 8000
+nc -zv localhost 5015
+nc -zv localhost 5016
+nc -zv localhost 5015
+nc -zv localhost 5015
+systemctl --user start 2fauth-server
+nc -zv localhost 5015
+exit
+podman exec -ti 2fauth-server /bin/sh
+exit
+systemctl --user start 2fauth-server
+podman exec -ti 2fauth-server /bin/sh
+exit
+systemctl --user start 2fauth-server
+exit
+systemctl --user start 2fauth-server
+exit
+podman exec -ti 2fauth-server /bin/sh
+exit
+systemctl --user start 2fauth-server
+podman exec -ti 2fauth-server /bin/sh
+podman exec -ti 2fauth-server /bin/sh
+exit
+podman exec -ti 2fauth-server /bin/sh
+exit
+podman exec -ti 2fauth-server /bin/sh
+systemctl --user start 2fauth-server
+podman exec -ti 2fauth-server /bin/sh
+exit
+systemctl --user start 2fauth-server
+exit
+systemctl --user start 2fauth-server
+exit
+podman pull docker.io/gotify/server
+systemctl --user start gotify-server
+exiot
+exit
+systemctl --user start uptime-kuma-server
+nano /etc/hostname
+exit
+podman pull ghcr.io/goauthentik/server:2024.12.1
+exit
+podman pull docker.io/library/redis:7.4.1
+exit
+podman pull docker.io/library/redis:7.4.1
+exit
+podman pull docker.io/library/postgres:16.6
+exit
+exit
+systemctl --user start authentik-db
+systemctl --user status authentik-db
+exit
+systemctl --user start authentik-db
+systemctl --user status authentik-db
+systemctl --user start authentik-redis
+systemctl --user status authentik-redis
+systemctl --user start authentik-worker
+systemctl --user status authentik-worker
+exit
+systemctl --user status authentik-worker
+exit
+systemctl --user start authentik-worker
+systemctl --user status authentik-worker
+nc -zv localhost 5021
+redis-cli ping 
+redis-cli -h localhost -p 6379 PING
+redis-cli -h localhost -p 5021 PING
+podman exec -ti authentik-redis /bin/bash
+redis-cli -h localhost -p 5021 PING
+exit
+exit
+systemctl --user start authentik-redis
+systemctl --user status authentik-redis
+exit
+systemctl --user start authentik-redis
+systemctl --user status authentik-redis
+podman exec -ti authentik-redis /bin/bash
+podman exec -ti authentik-redis /bin/sh
+exit
+exit
+systemctl --user start authentik-redis
+systemctl --user start authentik-redis
+podman exec -ti authentik-redis /bin/sh
+podman exec -ti authentik-redis /bin/bash
+exit
+exit
+systemctl --user start authentik-redis
+exit
+systemctl --user start authentik-redis
+systemctl --user start authentik-redis
+exit
+systemctl --user start authentik-redis
+exit
+systemctl --user start authentik-redis
+podman exec -ti authentik-redis /bin/bash
+exit
+systemctl --user start authentik-redis
+exit
+systemctl --user start authentik-redis
+exit
+systemctl --user start mattermost-server
+exit
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+podman volume prune
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+crontab -e
+crontab -e
+exit
+crontab -e
+exit
+podman volume import systemd-mattermost-server-logs /home/podman/cron-backup/mattermost-server-logs-2024-12-23--11-28-01.tar
+podman volume import systemd-mattermost-server-plugins /home/podman/cron-backup/mattermost-server-plugins-2024-12-23--11-29-02.tar
+podman volume import systemd-mattermost-server-config /home/podman/cron-backup/mattermost-server-config-2024-12-23--11-27-01.tar
+podman volume import systemd-mattermost-server-client-plugins /home/podman/cron-backup/mattermost-server-client-plugins-2024-12-23--11-26-01.tar
+podman volume import systemd-mattermost-server-bleve /home/podman/cron-backup/mattermost-server-bleve-2024-12-23--11-25-01.tar
+podman volume import systemd-mattermost-server-data /home/podman/cron-backup/mattermost-server-data-2024-12-23--11-18-01.tar
+podman volume import systemd-mattermost-db-data /home/podman/cron-backup/mattermost-db-data-2024-12-24--12-17-01.tar
+exit
+systemctl --user start mattermost-server
+systemctl --user start mattermost-db
+exit
+systemctl --user start mattermost-db
+systemctl --user start mattermost-db
+systemctl --user start mattermost-server
+exit
+systemctl --user status mattermost-server --lines=999
+exit
+podman volume import systemd-mattermost-db-data /home/podman/cron-backup/mattermost-db-data-2024-12-24--12-17-01.tar
+podman volume import systemd-mattermost-server-data /home/podman/cron-backup/mattermost-server-data-2024-12-23--11-18-01.tar
+podman volume import systemd-mattermost-server-bleve /home/podman/cron-backup/mattermost-server-bleve-2024-12-23--11-25-01.tar
+podman volume import systemd-mattermost-server-client-plugins /home/podman/cron-backup/mattermost-server-client-plugins-2024-12-23--11-26-01.tar
+podman volume import systemd-mattermost-server-config /home/podman/cron-backup/mattermost-server-config-2024-12-23--11-27-01.tar
+podman volume import systemd-mattermost-server-plugins /home/podman/cron-backup/mattermost-server-plugins-2024-12-23--11-29-02.tar
+podman volume import systemd-mattermost-server-logs /home/podman/cron-backup/mattermost-server-logs-2024-12-23--11-28-01.tar
+exit
+podman volume import systemd-mattermost-server-data /home/podman/cron-backup/mattermost-server-data-2024-12-23--11-18-01.tar
+systemctl --user start mattermost-db
+systemctl --user start mattermost-server
+exit
+systemctl --user start mattermost-server
+podman exec -ti mattermost-server /bin/bash
+exit
+systemctl --user start mattermost-server
+exit
+exit
+exit
+/usr/libexec/podman/quadlet --user /home/podman/libexec-podman-quadlet-output
+/usr/libexec/podman/quadlet -dryrun --user
+exit
+exit
+exit
+systemctl --user start mattermost-server
+exit
+systemctl --user status mattermost-server --lines=999
+exit
--- a/etc/bash_history_2025-01-03.txt
+++ b/etc/bash_history_2025-01-03.txt
@ -0,0 +1,500 @@
+mv /mnt/free-file-sync/iso/images-a/DisneyWorld\\\\ 2019/ /mnt/free-file-sync/iso/images-a/DisneyWorld\\ 2019/
+mv /mnt/free-file-sync/iso/images-a/DisneyWorld\\\ 2019 /mnt/free-file-sync/iso/images-a/DisneyWorld\\ 2019/
+rm -R /mnt/free-file-sync/iso/images-a/DisneyWorld\\\ 2019/
+rm -R /mnt/free-file-sync/iso/images-a/All\\\ Pictures\\\ from\\\ Wedding\\\ Originals\\\ 2006
+rm -R /mnt/free-file-sync/iso/images-a/All\\\ Pictures\\\ from\\\ Wedding\\\ Originals\\\ 2006\ \\\!9
+exit
+rm -R /mnt/free-file-sync/iso/images-a/Phares\\\ Slides\\\ ####
+exit
+mount /mnt/free-file-sync/iso/Edited.iso /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Edited/2024-12-18-17-56-37-119.iso /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Facebook/2024-12-18-17-32-32-487.iso /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/All\ Pictures\ from\ Wedding\ Originals\ 2006/2024-12-18-18-10-19-693.iso /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Phares\ Slides\ ####/2024-12-18-18-13-54-579.iso /mnt/iso-compare
+rm -R /mnt/free-file-sync/iso/images-a/Scanned\ Grandma\\\'s\ Quilt\ ####/
+rm -R /mnt/free-file-sync/iso/images-a/Event
+rm -R /mnt/free-file-sync/iso/images-a/Question/
+mount /mnt/free-file-sync/iso/images-a/All\ Pictures\ from\ Wedding\ Originals\ 2006/2024-12-18-18-10-19-693.iso /mnt/iso-compare
+rm -R /mnt/free-file-sync/iso/images-a/All\ Pictures\ from\ Wedding\ Originals\ 2006/
+mount /mnt/free-file-sync/iso/images-a/Edited/2024-12-18-17-56-37-119.iso /mnt/iso-compare
+umount /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Edited/2024-12-18-17-56-37-119.iso /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Edited/2024-12-18-17-56-37-119.iso /mnt/iso-compare
+umount /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Facebook/2024-12-18-17-32-32-487.iso /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Facebook/2024-12-18-17-32-32-487.iso /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+rm -R /mnt/free-file-sync/iso/images-a/Facebook
+mount /mnt/free-file-sync/iso/images-a/Rex\ Memorial\ ####/2024-12-18-18-15-40-537.iso /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Scanned\ Norman\ Herman/2024-12-18-18-15-43-097.iso /mnt/iso-compare
+umount /mnt/iso-compare
+rm -R /mnt/free-file-sync/iso/images-a/Scanned*
+rm -R /mnt/free-file-sync/iso/images-a/Phares\ Slides\ ####/
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/DisneyWorld\ 2019/2024-12-18-18-42-26-222.iso /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+exit
+ls -al /mnt/free-file-sync/iso/images-a
+rm -R /mnt/free-file-sync/iso/images-a/Slide in N*
+rm -R /mnt/free-file-sync/iso/images-a/Slide\\ in\\ N*
+ls -al /mnt/free-file-sync/iso/images-a/Sli*
+ls -al /mnt/free-file-sync/iso/images-a/Slide *
+ls -al /mnt/free-file-sync/iso/images-a/Slide\\ *
+ls -al /mnt/free-file-sync/iso/images-a
+rm -R /mnt/free-file-sync/iso/images-a/'Slide in Name Order Originals \(622\) ####'
+mkdir /mnt/free-file-sync/iso/videos-b
+exit
+lsblk
+lsblk -o NAME,SIZE,TYPE,FSUSED,FSUSE%
+rm /mnt/free-file-sync/iso/videos-b/Home\ Videos\ 1998\ -\ 2002/2024-12-18-19-49-52-202.iso 
+lsblk -o NAME,SIZE,TYPE,FSUSED,FSUSE%
+exit
+nano /root/.ssh/authorized_keys 
+exit
+nano /root/.ssh/authorized_keys 
+exit
+nano /root/.ssh/authorized_keys 
+exit
+nano /root/.ssh/authorized_keys 
+nano /root/.ssh/authorized_keys 
+exit
+exit
+exit
+lsblk
+lsblk -o NAME,SIZE,TYPE,FSUSED,FSUSE%,MOUNTPOINT
+exit
+lsblk -b -o NAME,SIZE,TYPE,VENDOR,MODEL,SERIAL,MOUNTPOINT
+lsblk -o NAME,SIZE,TYPE,FSUSED,FSUSE%,MOUNTPOINT
+exit
+reboot
+aptget update
+apt-get update
+apt-get upgrade
+ls
+nano t
+nano t
+exit
+sudo -iu podman
+exit
+mv -R /home/lphares/gdrive/ /mnt/free-file-sync/logan-google-drive
+mv /home/lphares/gdrive/ /mnt/free-file-sync/logan-google-drive
+mv /mnt/free-file-sync/logan-google-drive /mnt/free-file-sync/google-drive-logan
+exit
+nano /root/.ssh/authorized_keys 
+exit
+sudo -iu podman
+crontab -e
+sudo -iu podman
+/etc/duckdns/duck.sh >/dev/null 2>&1
+"/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
+cd /root/jackyzha0-quartz-phares && /snap/bin/npx quartz build
+cd /
+podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"\%Y\%m\%d-\%H\%M\%S")'.tar'
+sudo -iu podman
+ls /home/podman/backup-blinko/
+sudo -iu podman
+ls /home/podman/backup-blinko/
+rm /home/podman/backup-blinko/*
+ls /home/podman/backup-blinko/
+sudo -iu podman
+exit
+ls /home/podman/backup-blinko/
+exit
+sudo -iu podman
+nano /run/podman/podman.sock
+ls /run/podman/podman.sock
+sudo -iu podman
+cat /var/log/syslog
+grep "ERROR" /var/log/cron
+sudo -iu podman
+crontab -e
+crontab -l
+crontab -e
+crontab -l
+systemctl status cron
+crontab -e
+systemctl status cron
+systemctl status cron
+systemctl status cron
+systemctl status cron
+systemctl status cron
+systemctl log cron
+systemctl status cron
+systemctl status cron
+crontab -e
+systemctl status cron
+ls /home/podman/backup-blinko/
+ls /home/podman/backup-blinko/
+systemctl status cron
+crontab -e
+systemctl status cron
+sudo -iu podman
+exit
+snap list vaultwarden 
+reboot
+nginx -t
+nginx -s reload
+exit
+sudo -iu podman
+exit
+sudo -iu podman
+exit
+su lphares
+exit
+exit
+exit
+exit
+exit
+nginx -t
+nginx -t
+nginx -s reload
+nginx -t
+ls -la /home/lphares/dorico
+ls -la /home/lphares
+ls -la /home/lphares/dorico/
+nginx -t
+nginx -s reload
+nginx -s reload
+ls /var/www/html-
+nginx -s reload
+nginx -t
+ls /etc/netplan/
+nginx -s reload
+nginx -s reload
+nginx -s reload
+nginx -t
+nginx -t
+nginx -s reload
+nginx -s reload
+ls /etc/ModemManager/ -la
+ls /etc/ModemManager -la
+ls /etc/ModemManager
+ls /etc/ModemManager -
+ls /etc/ModemManager -l
+ls /etc/ModemManager --time-style
+ls /etc/ModemManager -lT
+ls /etc/ModemManager --time-style=full
+ls /etc/ModemManager/ --time-style=full
+ls /etc/ModemManager/
+ls /etc/ModemManager -l -T
+ls /etc/ModemManager  -l --time-style=+"%b %d %Y %H:%M:%S"
+ls /etc/ModemManager/  -l --time-style=+"%b %d %Y %H:%M:%S"
+ls /etc/ModemManager/  -l --time-style=+"%b %d %Y %H:%M:%S%zz"
+ls /etc/ModemManager/  -l --time-style=+"%b %d %Y %H:%M:%S %z"
+ls /etc/ModemManager/  -l --time-style=+"%b %d %Y %HH:%M:%S %z"
+ls /etc/ModemManager/  -l --time-style=+"%b %d %Y %h:%M:%S %z"
+ls /etc/ModemManager/  -l --time-style=+"%b %d %Y %H:%M:%S %z"
+ls /etc/ModemManager/ -la -D '%Y-%m-%dT%H:%M:%S'
+ls /etc/ModemManager/ -la -D '%Y-%m-%dT     %H:%M:%S'
+nginx -t
+nginx -s reload
+ufw status
+ufw number status
+ufw numbered status
+ufw status numbered
+ufw active
+ufw enable
+ufw status numbered
+ls
+ufw disable
+ip a
+ufw allow                                   53/tcp comment "01) DNS TCP"
+ufw status numbered
+ufw allow                                   53/udp comment "02) DNS UDP"
+ufw allow                                   67/tcp comment "03) DHCP TCP"
+ufw allow                                   67/udp comment "04) DHCP UDP"
+ufw allow from       0.0.0.0/0 to any port 443/tcp comment "05) HTTPS"
+ufw allow from 192.168.11.0/25 to any port  22/tcp comment "06) SSH"
+ufw allow from 192.168.21.0/25 to any port  22/tcp comment "07) SSH"
+ufw allow from 192.168.31.0/25 to any port  22/tcp comment "08) SSH"
+ufw allow from 192.168.41.0/25 to any port  22/tcp comment "09) SSH"
+ufw allow from 192.168.42.0/25 to any port  22/tcp comment "10) SSH"
+ufw allow from 192.168.43.0/25 to any port  22/tcp comment "11) SSH"
+ufw allow to         0.0.0.0/0        port  22/tcp comment "12) SSH"
+ufw enable
+ufw status numbered
+ufw disable
+ufw allow from       0.0.0.0/0 443/tcp comment "05) HTTPS"
+ufw allow from       0.0.0.0/0 port 443/tcp comment "05) HTTPS"
+ufw allow from       0.0.0.0/0 port 443 comment "05) HTTPS"
+ufw reset
+ufw status numbered
+ufw allow                      port 53/tcp comment "01) DNS TCP"
+ufw allow                           53/tcp comment "01) DNS TCP"
+ufw allow                           53/udp comment "02) DNS UDP"
+ufw allow                           67/tcp comment "03) DHCP TCP"
+ufw allow                           67/udp comment "04) DHCP UDP"
+ufw allow from       0.0.0.0/0 port 443/tcp comment "05) HTTPS"
+ufw allow from 192.168.11.0/25 port  22/tcp comment "06) SSH"
+ufw allow from 192.168.21.0/25 port  22/tcp comment "07) SSH"
+ufw allow from 192.168.31.0/25 port  22/tcp comment "08) SSH"
+ufw allow from 192.168.41.0/25 port  22/tcp comment "09) SSH"
+ufw allow from 192.168.42.0/25 port  22/tcp comment "10) SSH"
+ufw allow from 192.168.43.0/25 port  22/tcp comment "11) SSH"
+ufw allow to         0.0.0.0/0 port  22/tcp comment "12) SSH"
+ufw allow from       0.0.0.0/0 port 443/tcp comment "05) HTTPS"
+ufw allow from       0.0.0.0/0 443/tcp comment "05) HTTPS"
+ufw allow from       0.0.0.0/0 port 443 comment "05) HTTPS"
+ufw reset
+ufw allow                           53/tcp comment "01) DNS TCP"
+ufw allow                           53/udp comment "02) DNS UDP"
+ufw allow                           67/tcp comment "03) DHCP TCP"
+ufw allow                           67/udp comment "04) DHCP UDP"
+ufw allow from       0.0.0.0/0 443/tcp comment "05) HTTPS"
+ufw allow from       0.0.0.0/0         443 comment "05) HTTPS"
+ufw allow from 0.0.0.0/0 443 comment "05) HTTPS"
+ufw allow from       0.0.0.0/0    port 443 comment "05) HTTPS"
+ufw allow from 192.168.11.0/25    port  22 comment "06) SSH"
+ufw allow from 192.168.21.0/25    port  22 comment "07) SSH"
+ufw allow from 192.168.31.0/25    port  22 comment "08) SSH"
+ufw allow from 192.168.41.0/25    port  22 comment "09) SSH"
+ufw allow from 192.168.42.0/25    port  22 comment "10) SSH"
+ufw allow from 192.168.43.0/25    port  22 comment "11) SSH"
+ufw allow to         0.0.0.0/0    port  22 comment "12) SSH"
+ufw enable
+ufw status numbered
+ufw delete 12
+ufw status numbered
+ufw disable
+ufw allow to   192.168.11.0/25    port  22 comment "12) SSH"
+ufw allow to   192.168.21.0/25    port  22 comment "13) SSH"
+ufw allow to   192.168.31.0/25    port  22 comment "14) SSH"
+ufw allow to   192.168.41.0/25    port  22 comment "15) SSH"
+ufw allow to   192.168.42.0/25    port  22 comment "16) SSH"
+ufw allow to   192.168.43.0/25    port  22 comment "17) SSH"
+ufw enable
+ufw status numbered
+ufw status numbered
+ufw disable
+cat /etc/passwd
+top
+pcap
+ps -ef | grep cr[o]n
+ps -ef | grep nginx
+usermod -a -G lphares www-data
+exit
+chmod -R 774 /home/lphares/dorico
+nginx -t
+nginx -s reload
+nginx -s reload
+rm -r /home/lphares/dorico
+su lphares
+exit
+exit
+exit
+ufw status numbered
+ufw enabled
+ufw enable
+ufw status numbered
+ufw disable
+ufw allow from       0.0.0.0/0    port 443 comment "18) HTTPS"
+ufw enable
+ufw disable
+ufw reset
+ufw disable
+ufw allow                           53/tcp comment "01) DNS TCP"
+ufw allow                           53/udp comment "02) DNS UDP"
+ufw allow                           67/tcp comment "03) DHCP TCP"
+ufw allow                           67/udp comment "04) DHCP UDP"
+ufw allow from       0.0.0.0/0    port 443 comment "05) HTTPS"
+ufw allow to         0.0.0.0/0    port 443 comment "06) HTTPS"
+ufw enable
+ufw allow from 192.168.11.0/25    port  22 comment "07) SSH"
+ufw allow from 192.168.21.0/25    port  22 comment "08) SSH"
+ufw allow from 192.168.31.0/25    port  22 comment "09) SSH"
+ufw allow from 192.168.41.0/25    port  22 comment "10) SSH"
+ufw allow from 192.168.42.0/25    port  22 comment "11) SSH"
+ufw allow from 192.168.43.0/25    port  22 comment "12) SSH"
+ufw allow to   192.168.11.0/25    port  22 comment "13) SSH"
+ufw allow to   192.168.21.0/25    port  22 comment "14) SSH"
+ufw allow to   192.168.31.0/25    port  22 comment "15) SSH"
+ufw allow to   192.168.41.0/25    port  22 comment "16) SSH"
+ufw allow to   192.168.42.0/25    port  22 comment "17) SSH"
+ufw allow to   192.168.43.0/25    port  22 comment "18) SSH"
+ufw enable
+ufw status numbered
+exit
+ufw disable
+top[
+top
+systemctl list-timers
+systemctl list-timers
+apt-get remove certbot
+snap remove certbot
+systemctl list-timers
+exit
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+reboot
+sudo -iu podman
+exit
+exit
+grep sshd.\*Failed /var/log/auth.log | less
+grep sshd.\*Failed /var/log/auth.log | less
+grep sshd.\* /var/log/auth.log
+grep sshd.\*publickey /var/log/auth.log | less
+grep sshd.\*publickey /var/log/auth.log
+grep sshd.\*publickey /var/log/auth.log | less
+apt update
+apt install fail2ban -y
+systemctl status fail2ban.service
+cd /etc/fail2ban
+ls
+head -20 jail.conf
+cp jail.conf jail.local
+nano jail.local
+nano jail.local
+nano jail.local
+systemctl enable fail2ban
+systemctl start fail2ban
+systemctl status fail2ban
+reboot
+apt-get update
+apt upgrade
+sudo -iu podman
+exit
+snap info adguard-home 
+exit
+tail /var/log/auth.log -f
+exit
+ufw status numbered
+exit
+ip a
+exit
+id
+su phares
+su podman
+exit
+exit
+exit
+sudo -iu podman
+exit
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+exit
+ip a
+ip a l | grep inet6
+cat /proc/sys/net/ipv6/conf/all/disable_ipv6
+cat /proc/sys/net/ipv6/conf/all/disable_ipv6
+cat /boot/firmware/cmdline.txt
+nano /boot/firmware/cmdline.txt
+exit
+snap restart adguard-home 
+exit
+nano /etc/duckdns/duck.sh
+exit
+nano /etc/duckdns/duck.sh
+cat duck.log
+chmod 700 /etc/duckdns/duck.sh
+cd /etc/duckdns
+./duck.sh
+cat duck.log
+ps -ef | grep cr[o]n
+crontab -e
+cat duck.log
+xit
+exit
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+nginx -t
+nginx -s reload
+nginx -s reload
+sudo -iu podman
+sudo -iu podman
+nginx -t
+nginx -s reload
+links http://192.168.11.2:5015/
+sudo -iu podman
+sudo -iu podman
+links http://192.168.11.2:5015/
+sudo -iu podman
+links http://192.168.11.2:5015/
+sudo -iu podman
+sudo -iu podman
+links http://192.168.11.2:5015/
+links http://192.168.11.2:5015/
+sudo -iu podman
+nginx -t
+nginx -s reload
+links http://192.168.11.2:5015/
+sudo -iu podman
+chown podman:podman /home/podman/2fauth -R
+sudo -iu podman
+sudo -iu podman
+chown podman:podman /home/podman/2fauth -R
+sudo -iu podman
+nginx -t
+nginx -s reload
+sudo -iu podman
+sudo -iu podman
+nc -zv localhost 5015
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+exit
+nano /home/persa/.ssh/authorized_keys 
+nano /home/persa/.ssh/authorized_keys 
+nano /root/.ssh/authorized_keys 
+exit
+nano /root/.ssh/authorized_keys 
+nano /home/lphares/.ssh/authorized_keys 
+nano /home/bmiller/.ssh/authorized_keys 
+nano /home/podman/.ssh/authorized_keys 
+exit
+nano /home/podman/.ssh/authorized_keys 
+nano /home/bmiller/.ssh/authorized_keys 
+nano /home/lphares/.ssh/authorized_keys 
+nano /root/.ssh/authorized_keys 
+nano /home/persa/.ssh/authorized_keys 
+nano /home/phares/.ssh/authorized_keys 
+exit\
+exit
+sudo -iu podman
+nano /etc/hostname 
+nano /etc/hosts
+exit
+nginx -t
+nginx -s reload
+sudo -iu podman
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nginx -t
+nginx -s reload
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -s reload
+nginx -t
+reboot
+exit
--- a/etc/group
+++ b/etc/group
@ -59,7 +59,7 @@ fwupd-refresh:x:989:
 netdev:x:110:
 phares:x:1001:
 podman:x:1000:
-lphares:x:1003:bmiller,persa
+lphares:x:1003:bmiller,persa,www-data
 bmiller:x:1004:
 unbound:x:111:
 cockpit-ws:x:112:
--- a/etc/group-
+++ b/etc/group-
@ -68,7 +68,7 @@ pcp:x:988:
 persa:x:1002:
 redis:x:114:
 swtpm:x:115:
-libvirt:x:116:phares,podman
+libvirt:x:116:phares,podman,libvirtdbus
 libvirt-qemu:x:64055:libvirt-qemu
 libvirt-dnsmasq:x:117:
 libvirtdbus:x:118:
--- a/etc/gshadow
+++ b/etc/gshadow
@ -59,7 +59,7 @@ fwupd-refresh:!*::
 netdev:!::
 phares:!::
 podman:!::
-lphares:!::bmiller,persa
+lphares:!::bmiller,persa,www-data
 bmiller:!::
 unbound:!::
 cockpit-ws:!::
--- a/etc/gshadow-
+++ b/etc/gshadow-
@ -68,7 +68,7 @@ pcp:!::
 persa:!::
 redis:!::
 swtpm:!::
-libvirt:!::phares,podman
+libvirt:!::phares,podman,libvirtdbus
 libvirt-qemu:!::libvirt-qemu
 libvirt-dnsmasq:!::
 libvirtdbus:!::
--- a/etc/hosts
+++ b/etc/hosts
@ -1,5 +1,5 @@
 127.0.0.1 localhost
-127.0.1.1 trigkey-green-g4
+127.0.1.1 phares.duckdns.org

 # The following lines are desirable for IPv6 capable hosts
 ::1     ip6-localhost ip6-loopback
--- a/etc/nginx/include/2fauth.conf
+++ b/etc/nginx/include/2fauth.conf
@ -0,0 +1,20 @@
+server {
+    # touch /etc/nginx/include/2fauth.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/2fauth.phares.duckdns.org.key -out /etc/nginx/include/2fauth.phares.duckdns.org.crt -config /etc/nginx/include/2fauth.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name 2fauth.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              https://192.168.11.2:5015/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}
--- a/etc/nginx/include/actual.conf
+++ b/etc/nginx/include/actual.conf
@ -0,0 +1,20 @@
+server {
+    # touch /etc/nginx/include/actual.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/actual.phares.duckdns.org.key -out /etc/nginx/include/actual.phares.duckdns.org.crt -config /etc/nginx/include/actual.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name actual.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:5013/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}
--- a/etc/nginx/include/adguard.conf
+++ b/etc/nginx/include/adguard.conf
@ -1,9 +1,9 @@
 server {
    # touch /etc/nginx/include/adguard.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/adguard.phares.duckdns.org.key -out /etc/nginx/include/adguard.phares.duckdns.org.crt -config /etc/nginx/include/adguard.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name adguard.phares.duckdns.org;
@ -13,7 +13,7 @@ server {
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass              http://192.168.11.2:3002/;
+        proxy_pass              https://192.168.11.2:5014/;
        proxy_read_timeout      600s;
        proxy_send_timeout      600s;
    }
--- a/etc/nginx/include/authentik.conf
+++ b/etc/nginx/include/authentik.conf
@ -0,0 +1,23 @@
+server {
+    # touch /etc/nginx/include/authentik.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/authentik.phares.duckdns.org.key -out /etc/nginx/include/authentik.phares.duckdns.org.crt -config /etc/nginx/include/authentik.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name authentik.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              https://192.168.11.2:5018/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+        proxy_connect_timeout   600s;
+        proxy_set_header        Upgrade $http_upgrade;
+        proxy_set_header        Connection "upgrade";
+    }
+}
--- a/etc/nginx/include/baikal.conf
+++ b/etc/nginx/include/baikal.conf
@ -1,9 +1,9 @@
 server {
    # touch /etc/nginx/include/baikal.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/baikal.phares.duckdns.org.key -out /etc/nginx/include/baikal.phares.duckdns.org.crt -config /etc/nginx/include/baikal.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name baikal.phares.duckdns.org;
--- a/etc/nginx/include/blinko.conf
+++ b/etc/nginx/include/blinko.conf
@ -1,9 +1,9 @@
 server {
    # touch /etc/nginx/include/blinko.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/blinko.phares.duckdns.org.key -out /etc/nginx/include/blinko.phares.duckdns.org.crt -config /etc/nginx/include/blinko.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name blinko.phares.duckdns.org;
--- a/etc/nginx/include/cockpit.conf
+++ b/etc/nginx/include/cockpit.conf
@ -1,9 +1,9 @@
 server {
    # touch /etc/nginx/include/cockpit.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/cockpit.phares.duckdns.org.key -out /etc/nginx/include/cockpit.phares.duckdns.org.crt -config /etc/nginx/include/cockpit.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name cockpit.phares.duckdns.org;
--- a/etc/nginx/include/dashkiosk.conf
+++ b/etc/nginx/include/dashkiosk.conf
@ -1,9 +1,9 @@
 server {
    # touch /etc/nginx/include/dashkiosk.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/dashkiosk.phares.duckdns.org.key -out /etc/nginx/include/dashkiosk.phares.duckdns.org.crt -config /etc/nginx/include/dashkiosk.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name dashkiosk.phares.duckdns.org;
--- a/etc/nginx/include/dorico.conf
+++ b/etc/nginx/include/dorico.conf
@ -0,0 +1,17 @@
+server {
+    # touch /etc/nginx/include/dorico.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/dorico.phares.duckdns.org.key -out /etc/nginx/include/dorico.phares.duckdns.org.crt -config /etc/nginx/include/dorico.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name dorico.phares.duckdns.org;
+    root /home/lphares/dorico;
+    # usermod -a -G lphares www-data
+    location / {
+        autoindex on;
+        disable_symlinks on;
+        autoindex_format json;
+    }
+}
--- a/etc/nginx/include/firefox.conf
+++ b/etc/nginx/include/firefox.conf
@ -1,9 +1,9 @@
 server {
    # touch /etc/nginx/include/firefox.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/firefox.phares.duckdns.org.key -out /etc/nginx/include/firefox.phares.duckdns.org.crt -config /etc/nginx/include/firefox.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name firefox.phares.duckdns.org;
--- a/etc/nginx/include/gitea.conf
+++ b/etc/nginx/include/gitea.conf
@ -1,9 +1,9 @@
 server {
    # touch /etc/nginx/include/gitea.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/gitea.phares.duckdns.org.key -out /etc/nginx/include/gitea.phares.duckdns.org.crt -config /etc/nginx/include/gitea.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name gitea.phares.duckdns.org;
--- a/etc/nginx/include/gotify.conf
+++ b/etc/nginx/include/gotify.conf
@ -0,0 +1,23 @@
+server {
+    # touch /etc/nginx/include/gotify.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/gotify.phares.duckdns.org.key -out /etc/nginx/include/gotify.phares.duckdns.org.crt -config /etc/nginx/include/gotify.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name gotify.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:5016/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+        proxy_connect_timeout   600s;
+        proxy_set_header        Upgrade $http_upgrade;
+        proxy_set_header        Connection "upgrade";
+    }
+}
--- a/etc/nginx/include/immich-kiosk.conf
+++ b/etc/nginx/include/immich-kiosk.conf
@ -1,9 +1,9 @@
 server {
    # touch /etc/nginx/include/immich-kiosk.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/immich-kiosk.phares.duckdns.org.key -out /etc/nginx/include/immich-kiosk.phares.duckdns.org.crt -config /etc/nginx/include/immich-kiosk.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name immich-kiosk.phares.duckdns.org;
--- a/etc/nginx/include/immich-to-slideshow.conf
+++ b/etc/nginx/include/immich-to-slideshow.conf
@ -1,9 +1,9 @@
 server {
    # touch /etc/nginx/include/immich-to-slideshow.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/immich-to-slideshow.phares.duckdns.org.key -out /etc/nginx/include/immich-to-slideshow.phares.duckdns.org.crt -config /etc/nginx/include/immich-to-slideshow.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name immich-to-slideshow.phares.duckdns.org;
--- a/etc/nginx/include/immich.conf
+++ b/etc/nginx/include/immich.conf
@ -1,9 +1,9 @@
 server {
    # touch /etc/nginx/include/immich.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/immich.phares.duckdns.org.key -out /etc/nginx/include/immich.phares.duckdns.org.crt -config /etc/nginx/include/immich.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name immich.phares.duckdns.org;
--- a/etc/nginx/include/kuma.conf
+++ b/etc/nginx/include/kuma.conf
@ -1,9 +1,9 @@
 server {
    # touch /etc/nginx/include/kuma.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/kuma.phares.duckdns.org.key -out /etc/nginx/include/kuma.phares.duckdns.org.crt -config /etc/nginx/include/kuma.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name kuma.phares.duckdns.org;
--- a/etc/nginx/include/linkwarden.conf
+++ b/etc/nginx/include/linkwarden.conf
@ -1,9 +1,9 @@
 server {
    # touch /etc/nginx/include/linkwarden.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/linkwarden.phares.duckdns.org.key -out /etc/nginx/include/linkwarden.phares.duckdns.org.crt -config /etc/nginx/include/linkwarden.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name linkwarden.phares.duckdns.org;
--- a/etc/nginx/include/mattermost.conf
+++ b/etc/nginx/include/mattermost.conf
@ -1,9 +1,9 @@
 server {
    # touch /etc/nginx/include/mattermost.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/mattermost.phares.duckdns.org.key -out /etc/nginx/include/mattermost.phares.duckdns.org.crt -config /etc/nginx/include/mattermost.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name mattermost.phares.duckdns.org;
--- a/etc/nginx/include/neko.conf
+++ b/etc/nginx/include/neko.conf
@ -1,24 +0,0 @@
-server {
-    # touch /etc/nginx/include/neko.phares.duckdns.org
-    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/neko.phares.duckdns.org.key -out /etc/nginx/include/neko.phares.duckdns.org.crt -config /etc/nginx/include/neko.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
-    ssl_protocols TLSv1.2 TLSv1.3;
-    listen 443 ssl http2;
-    server_name neko.phares.duckdns.org;
-    location / {
-        # https://neko.m1k1o.net/#/getting-started/reverse-proxy
-        proxy_pass http://192.168.11.2:8082/;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_read_timeout 86400;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $remote_addr;
-        proxy_set_header X-Forwarded-Host $host;
-        proxy_set_header X-Forwarded-Port $server_port;
-        proxy_set_header X-Forwarded-Protocol $scheme;
-    }
-}
--- a/etc/nginx/include/odoo.conf
+++ b/etc/nginx/include/odoo.conf
@ -1,9 +1,9 @@
 server {
    # touch /etc/nginx/include/odoo.ddns.net
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/odoo.ddns.net.key -out /etc/nginx/include/odoo.ddns.net.crt -config /etc/nginx/include/odoo.ddns.net
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name odoo.phares.duckdns.org;
--- a/etc/nginx/include/passed.conf
+++ b/etc/nginx/include/passed.conf
@ -0,0 +1,23 @@
+server {
+    # touch /etc/nginx/include/passed.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/passed.phares.duckdns.org.key -out /etc/nginx/include/passed.phares.duckdns.org.crt -config /etc/nginx/include/passed.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name passed.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:5022/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+        proxy_connect_timeout   600s;
+        proxy_set_header        Upgrade $http_upgrade;
+        proxy_set_header        Connection "upgrade";
+    }
+}
--- a/etc/nginx/include/pgadmin.conf
+++ b/etc/nginx/include/pgadmin.conf
@ -1,9 +1,9 @@
 server {
    # touch /etc/nginx/include/pgadmin.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/pgadmin.phares.duckdns.org.key -out /etc/nginx/include/pgadmin.phares.duckdns.org.crt -config /etc/nginx/include/pgadmin.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name pgadmin.phares.duckdns.org;
--- a/etc/nginx/include/phares.conf
+++ b/etc/nginx/include/phares.conf
@ -19,9 +19,9 @@ server {
 server {
    # touch /etc/nginx/include/phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/phares.duckdns.org.key -out /etc/nginx/include/phares.duckdns.org.crt -config /etc/nginx/include/phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name phares.duckdns.org;
--- a/etc/nginx/include/quartz.conf
+++ b/etc/nginx/include/quartz.conf
@ -10,9 +10,9 @@ server {
 server {
    # touch /etc/nginx/include/quartz.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/quartz.phares.duckdns.org.key -out /etc/nginx/include/quartz.phares.duckdns.org.crt -config /etc/nginx/include/quartz.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name quartz.phares.duckdns.org;
--- a/etc/nginx/include/slideshow.conf
+++ b/etc/nginx/include/slideshow.conf
@ -11,9 +11,9 @@ server {
 server {
    # touch /etc/nginx/include/slideshow.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/slideshow.phares.duckdns.org.key -out /etc/nginx/include/slideshow.phares.duckdns.org.crt -config /etc/nginx/include/slideshow.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name slideshow.phares.duckdns.org;
--- a/etc/nginx/include/vaultwarden.conf
+++ b/etc/nginx/include/vaultwarden.conf
@ -1,9 +1,9 @@
 server {
    # touch /etc/nginx/include/vaultwarden.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/vaultwarden.phares.duckdns.org.key -out /etc/nginx/include/vaultwarden.phares.duckdns.org.crt -config /etc/nginx/include/vaultwarden.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    # server_tokens off;
--- a/etc/nginx/include/warden.conf
+++ b/etc/nginx/include/warden.conf
@ -1,9 +1,9 @@
 server {
    # touch /etc/nginx/include/warden.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/warden.phares.duckdns.org.key -out /etc/nginx/include/warden.phares.duckdns.org.crt -config /etc/nginx/include/warden.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    # server_tokens off;
--- a/etc/nginx/include/xandikos.conf
+++ b/etc/nginx/include/xandikos.conf
@ -1,9 +1,9 @@
 server {
    # touch /etc/nginx/include/xandikos.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/xandikos.phares.duckdns.org.key -out /etc/nginx/include/xandikos.phares.duckdns.org.crt -config /etc/nginx/include/xandikos.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name xandikos.phares.duckdns.org;
--- a/etc/nginx/sites-available/default
+++ b/etc/nginx/sites-available/default
@ -1,33 +1,9 @@
-include /etc/nginx/include/adguard.conf; # https://adguard.phares.duckdns.org # http://192.168.11.2:3002/
-include /etc/nginx/include/affirm.conf; # https://*.affirm.duckdns.org # /var/www/html-affirm
-include /etc/nginx/include/baikal.conf; # https://baikal.phares.duckdns.org # http://192.168.11.2:8001/
-include /etc/nginx/include/bchs.conf; # https://*.bchs.duckdns.org # /var/www/html-bchs
-include /etc/nginx/include/blinko.conf; # https://blinko.phares.duckdns.org # http://192.168.11.2:5012/
-include /etc/nginx/include/cockpit.conf; # https://cockpit.phares.duckdns.org # https://127.0.0.1:9090/
-include /etc/nginx/include/dashkiosk.conf; # https://dashkiosk.phares.duckdns.org # http://192.168.11.2:9400/
-include /etc/nginx/include/firefox.conf; # https://firefox.phares.duckdns.org # http://192.168.11.2:5800/
-include /etc/nginx/include/gitea.conf; # https://gitea.phares.duckdns.org # http://192.168.11.2:3000/
-include /etc/nginx/include/immich-kiosk.conf; # https://immich-kiosk.phares.duckdns.org # http://192.168.11.2:5010/
-include /etc/nginx/include/immich-to-slideshow.conf; # https://immich-to-slideshow.phares.duckdns.org # http://192.168.11.2:5009/
-include /etc/nginx/include/immich.conf; # https://immich.phares.duckdns.org # http://192.168.11.2:3001/
-include /etc/nginx/include/kuma.conf; # https://kuma.phares.duckdns.org # https://192.168.11.2:3004/
-include /etc/nginx/include/linkwarden.conf; # https://linkwarden.phares.duckdns.org # http://192.168.11.2:5011/
-include /etc/nginx/include/mattermost.conf; # https://mattermost.phares.duckdns.org # https://192.168.11.2:8443/
-include /etc/nginx/include/neko.conf; # https://neko.phares.duckdns.org # http://192.168.11.2:8082/
-include /etc/nginx/include/odoo.conf; # https://odoo.phares.duckdns.org # http://192.168.11.2:8069/
-include /etc/nginx/include/pgadmin.conf; # https://pgadmin.phares.duckdns.org # https://192.168.11.2:5007/
-include /etc/nginx/include/phares.conf; # https://phares.duckdns.org # /var/www/html-nginx
-include /etc/nginx/include/quartz.conf; # https://quartz.phares.duckdns.org # /var/www/html-quartz
-include /etc/nginx/include/slideshow.conf; # https://slideshow.phares.duckdns.org # /var/www/html-slideshow
-include /etc/nginx/include/vaultwarden.conf; # https://vaultwarden.phares.duckdns.org # https://192.168.11.2:5008/
-include /etc/nginx/include/warden.conf; # https://warden.phares.duckdns.org # https://192.168.11.2:5008/
-include /etc/nginx/include/xandikos.conf; # https://xandikos.phares.duckdns.org # http://192.168.11.2:8000/
 server {
    # touch /etc/nginx/include/phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/phares.duckdns.org.key -out /etc/nginx/include/phares.duckdns.org.crt -config /etc/nginx/include/phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name *.phares.duckdns.org;
@ -37,4 +13,32 @@ server {
        try_files $uri $uri.html $uri/ =404;
    }
 }
+include /etc/nginx/include/2fauth.conf; # https://2fauth.phares.duckdns.org # https://192.168.11.2:5015/
+include /etc/nginx/include/adguard.conf; # https://adguard.phares.duckdns.org # http://192.168.11.2:5014/
+include /etc/nginx/include/authentik.conf; # https://authentik.phares.duckdns.org # https://192.168.11.2:5018/
+include /etc/nginx/include/affirm.conf; # https://*.affirm.duckdns.org # /var/www/html-affirm
+include /etc/nginx/include/baikal.conf; # https://baikal.phares.duckdns.org # http://192.168.11.2:8001/
+include /etc/nginx/include/bchs.conf; # https://*.bchs.duckdns.org # /var/www/html-bchs
+include /etc/nginx/include/blinko.conf; # https://blinko.phares.duckdns.org # http://192.168.11.2:5012/
+include /etc/nginx/include/cockpit.conf; # https://cockpit.phares.duckdns.org # https://127.0.0.1:9090/
+include /etc/nginx/include/dashkiosk.conf; # https://dashkiosk.phares.duckdns.org # http://192.168.11.2:9400/
+include /etc/nginx/include/dorico.conf; # https://dorico.phares.duckdns.org # /home/lphares/dorico
+include /etc/nginx/include/firefox.conf; # https://firefox.phares.duckdns.org # http://192.168.11.2:5800/
+include /etc/nginx/include/gitea.conf; # https://gitea.phares.duckdns.org # http://192.168.11.2:3000/
+include /etc/nginx/include/gotify.conf; # https://gotify.phares.duckdns.org # http://192.168.11.2:5016/
+include /etc/nginx/include/immich-kiosk.conf; # https://immich-kiosk.phares.duckdns.org # http://192.168.11.2:5010/
+include /etc/nginx/include/immich-to-slideshow.conf; # https://immich-to-slideshow.phares.duckdns.org # http://192.168.11.2:5009/
+include /etc/nginx/include/immich.conf; # https://immich.phares.duckdns.org # http://192.168.11.2:3001/
+include /etc/nginx/include/kuma.conf; # https://kuma.phares.duckdns.org # https://192.168.11.2:3004/
+include /etc/nginx/include/linkwarden.conf; # https://linkwarden.phares.duckdns.org # http://192.168.11.2:5011/
+include /etc/nginx/include/mattermost.conf; # https://mattermost.phares.duckdns.org # https://192.168.11.2:8443/
+include /etc/nginx/include/odoo.conf; # https://odoo.phares.duckdns.org # http://192.168.11.2:8069/
+include /etc/nginx/include/passed.conf; # https://passed.phares.duckdns.org # http://192.168.11.2:5022/
+include /etc/nginx/include/pgadmin.conf; # https://pgadmin.phares.duckdns.org # https://192.168.11.2:5007/
+include /etc/nginx/include/phares.conf; # https://phares.duckdns.org # /var/www/html-nginx
+include /etc/nginx/include/quartz.conf; # https://quartz.phares.duckdns.org # /var/www/html-quartz
+include /etc/nginx/include/slideshow.conf; # https://slideshow.phares.duckdns.org # /var/www/html-slideshow
+include /etc/nginx/include/vaultwarden.conf; # https://vaultwarden.phares.duckdns.org # https://192.168.11.2:5008/
+include /etc/nginx/include/warden.conf; # https://warden.phares.duckdns.org # https://192.168.11.2:5008/
+include /etc/nginx/include/xandikos.conf; # https://xandikos.phares.duckdns.org # http://192.168.11.2:8000/
 # ssh root@free.file.sync.root -i C:/Users/phares/.ssh/id_ed25519
--- a/etc/systemd/system/snap.certbot.renew.service
+++ b/etc/systemd/system/snap.certbot.renew.service
@ -1,16 +0,0 @@
-[Unit]
-# Auto-generated, DO NOT EDIT
-Description=Service for snap application certbot.renew
-Requires=snap-certbot-4193.mount
-Wants=network.target
-After=snap-certbot-4193.mount network.target snapd.apparmor.service
-X-Snappy=yes
-
-[Service]
-EnvironmentFile=-/etc/environment
-ExecStart=/usr/bin/snap run --timer="00:00~24:00/2" certbot.renew
-SyslogIdentifier=certbot.renew
-Restart=no
-WorkingDirectory=/var/snap/certbot/4193
-TimeoutStopSec=30
-Type=oneshot
--- a/etc/systemd/system/snap.certbot.renew.timer
+++ b/etc/systemd/system/snap.certbot.renew.timer
@ -1,14 +0,0 @@
-[Unit]
-# Auto-generated, DO NOT EDIT
-Description=Timer renew for snap application certbot.renew
-Requires=snap-certbot-4193.mount
-After=snap-certbot-4193.mount
-X-Snappy=yes
-
-[Timer]
-Unit=snap.certbot.renew.service
-OnCalendar=*-*-* 06:46
-OnCalendar=*-*-* 14:10
-
-[Install]
-WantedBy=timers.target
--- a/etc/ufw/user.rules
+++ b/etc/ufw/user.rules
@ -2,10 +2,102 @@
 :ufw-user-input - [0:0]
 :ufw-user-output - [0:0]
 :ufw-user-forward - [0:0]
+:ufw-before-logging-input - [0:0]
+:ufw-before-logging-output - [0:0]
+:ufw-before-logging-forward - [0:0]
+:ufw-user-logging-input - [0:0]
+:ufw-user-logging-output - [0:0]
+:ufw-user-logging-forward - [0:0]
+:ufw-after-logging-input - [0:0]
+:ufw-after-logging-output - [0:0]
+:ufw-after-logging-forward - [0:0]
+:ufw-logging-deny - [0:0]
+:ufw-logging-allow - [0:0]
 :ufw-user-limit - [0:0]
 :ufw-user-limit-accept - [0:0]
 ### RULES ###
+
+### tuple ### allow tcp 53 0.0.0.0/0 any 0.0.0.0/0 in comment=30312920444e5320544350
+-A ufw-user-input -p tcp --dport 53 -j ACCEPT
+
+### tuple ### allow udp 53 0.0.0.0/0 any 0.0.0.0/0 in comment=30322920444e5320554450
+-A ufw-user-input -p udp --dport 53 -j ACCEPT
+
+### tuple ### allow tcp 67 0.0.0.0/0 any 0.0.0.0/0 in comment=303329204448435020544350
+-A ufw-user-input -p tcp --dport 67 -j ACCEPT
+
+### tuple ### allow udp 67 0.0.0.0/0 any 0.0.0.0/0 in comment=303429204448435020554450
+-A ufw-user-input -p udp --dport 67 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 443 0.0.0.0/0 in comment=303529204854545053
+-A ufw-user-input -p tcp --sport 443 -j ACCEPT
+-A ufw-user-input -p udp --sport 443 -j ACCEPT
+
+### tuple ### allow any 443 0.0.0.0/0 any 0.0.0.0/0 in comment=303629204854545053
+-A ufw-user-input -p tcp --dport 443 -j ACCEPT
+-A ufw-user-input -p udp --dport 443 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 22 192.168.11.0/25 in comment=30372920535348
+-A ufw-user-input -p tcp -s 192.168.11.0/25 --sport 22 -j ACCEPT
+-A ufw-user-input -p udp -s 192.168.11.0/25 --sport 22 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 22 192.168.21.0/25 in comment=30382920535348
+-A ufw-user-input -p tcp -s 192.168.21.0/25 --sport 22 -j ACCEPT
+-A ufw-user-input -p udp -s 192.168.21.0/25 --sport 22 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 22 192.168.31.0/25 in comment=30392920535348
+-A ufw-user-input -p tcp -s 192.168.31.0/25 --sport 22 -j ACCEPT
+-A ufw-user-input -p udp -s 192.168.31.0/25 --sport 22 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 22 192.168.41.0/25 in comment=31302920535348
+-A ufw-user-input -p tcp -s 192.168.41.0/25 --sport 22 -j ACCEPT
+-A ufw-user-input -p udp -s 192.168.41.0/25 --sport 22 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 22 192.168.42.0/25 in comment=31312920535348
+-A ufw-user-input -p tcp -s 192.168.42.0/25 --sport 22 -j ACCEPT
+-A ufw-user-input -p udp -s 192.168.42.0/25 --sport 22 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 22 192.168.43.0/25 in comment=31322920535348
+-A ufw-user-input -p tcp -s 192.168.43.0/25 --sport 22 -j ACCEPT
+-A ufw-user-input -p udp -s 192.168.43.0/25 --sport 22 -j ACCEPT
+
+### tuple ### allow any 22 192.168.11.0/25 any 0.0.0.0/0 in comment=31332920535348
+-A ufw-user-input -p tcp -d 192.168.11.0/25 --dport 22 -j ACCEPT
+-A ufw-user-input -p udp -d 192.168.11.0/25 --dport 22 -j ACCEPT
+
+### tuple ### allow any 22 192.168.21.0/25 any 0.0.0.0/0 in comment=31342920535348
+-A ufw-user-input -p tcp -d 192.168.21.0/25 --dport 22 -j ACCEPT
+-A ufw-user-input -p udp -d 192.168.21.0/25 --dport 22 -j ACCEPT
+
+### tuple ### allow any 22 192.168.31.0/25 any 0.0.0.0/0 in comment=31352920535348
+-A ufw-user-input -p tcp -d 192.168.31.0/25 --dport 22 -j ACCEPT
+-A ufw-user-input -p udp -d 192.168.31.0/25 --dport 22 -j ACCEPT
+
+### tuple ### allow any 22 192.168.41.0/25 any 0.0.0.0/0 in comment=31362920535348
+-A ufw-user-input -p tcp -d 192.168.41.0/25 --dport 22 -j ACCEPT
+-A ufw-user-input -p udp -d 192.168.41.0/25 --dport 22 -j ACCEPT
+
+### tuple ### allow any 22 192.168.42.0/25 any 0.0.0.0/0 in comment=31372920535348
+-A ufw-user-input -p tcp -d 192.168.42.0/25 --dport 22 -j ACCEPT
+-A ufw-user-input -p udp -d 192.168.42.0/25 --dport 22 -j ACCEPT
+
+### tuple ### allow any 22 192.168.43.0/25 any 0.0.0.0/0 in comment=31382920535348
+-A ufw-user-input -p tcp -d 192.168.43.0/25 --dport 22 -j ACCEPT
+-A ufw-user-input -p udp -d 192.168.43.0/25 --dport 22 -j ACCEPT
+
+### END RULES ###
+
+### LOGGING ###
+-A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+-A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+-A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+-A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+### END LOGGING ###
+
+### RATE LIMITING ###
 -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] "
 -A ufw-user-limit -j REJECT
 -A ufw-user-limit-accept -j ACCEPT
+### END RATE LIMITING ###
 COMMIT