01-06-a

.gitignore

@@ -55,6 +55,8 @@
 !opt/copy/**/*
 !opt/dockge/**/*.yaml
 
+!var/spool/cron/crontabs/**/*
+
 !root/**/*container
 !home/podman/**/*volume
 !home/podman/**/*container
@@ -64,4 +66,4 @@
 # !usr/local/etc/gogs/conf/app.ini
 # !usr/local/etc/no-ip2.conf
 # !var/snap/nextcloud/current/nextcloud/config/*
-# !var/www/html/.well-known/acme-challenge/*
+# !var/www/html/.well-known/acme-challenge/*

.vscode/settings.json

@@ -2,25 +2,35 @@
     "files.associations": {
         "*.container": "ini",
         "*.org": "ini",
-        "*.net": "ini"
+        "*.net": "ini",
+        "podman": "ini",
+        "default": "ini"
     },
     "cSpell.words": [
         "ASPNETCORE",
+        "autoindex",
         "bchs",
         "blinko",
         "dashkiosk",
         "dockge",
         "docmost",
+        "dorico",
         "duckdns",
+        "fauth",
+        "fullchain",
         "gitea",
         "gogs",
         "immich",
         "journalctl",
         "kestra",
+        "keyout",
         "linkwarden",
         "localtime",
+        "lphares",
         "neko",
+        "newkey",
         "odoo",
+        "personalised",
         "pgadmin",
         "phares",
         "umbrel",

.vscode/tasks.json

@@ -0,0 +1,20 @@
+{
+    "version": "2.0.0",
+    "tasks": [
+        {
+            "label": "File-Folder-Helper AOT s X Day-Helper-2025-01-01",
+            "type": "shell",
+            "command": "L:/DevOps/Mesa_FI/File-Folder-Helper/bin/Release/net9.0/win-x64/publish/File-Folder-Helper.exe",
+            "args": [
+                "s",
+                "X",
+                "D:/6-Other-Large-Z/Linux-Ubuntu-Phares/home/podman/cron-backup",
+                "Day-Helper-2025-01-01",
+                "*.tar",
+                "-202",
+                "-Delete"
+            ],
+            "problemMatcher": []
+        }
+    ]
+}

etc/bash_history_2024-01-03_podman.txt

@@ -0,0 +1,500 @@
+podman exec -ti immich-to-slideshow-server /bin/bash
+cp -R /var/www/html-slideshow/Images-c9dbce3b-Results/F\)Random/c9dbce3b/\[\]/* /var/www/html-slideshow/slideshow/random-results/
+exit
+ls -al /var/www/html-slideshow/slideshow/random-results
+exit
+podman exec -ti immich-to-slideshow-server /bin/bash
+exit
+systemctl --user start immich-to-slideshow-server
+exit
+exit
+systemctl --user start immich-to-slideshow-server
+podman exec -ti immich-to-slideshow-server /bin/bash
+exit
+systemctl --user start immich-to-slideshow-server
+exit
+podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest
+systemctl --user start immich-to-slideshow-server
+exit
+podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest
+systemctl --user start immich-to-slideshow-server
+exit
+systemctl --user start immich-to-slideshow-server
+exit
+systemctl --user start immich-to-slideshow-server
+exit
+podman exec -ti immich-to-slideshow-server /bin/bash
+systemctl --user start immich-to-slideshow-server
+podman exec -ti immich-to-slideshow-server /bin/bash
+exit
+systemctl --user start immich-to-slideshow-server
+podman exec -ti immich-to-slideshow-server /bin/bash
+exit
+podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest
+systemctl --user start immich-to-slideshow-server
+exit
+podman pull docker.io/damongolding/immich-kiosk:latest
+exit
+systemctl --user start immich-kiosk
+exit
+systemctl --user start immich-kiosk
+exit
+systemctl --user start immich-kiosk
+exit
+systemctl --user start immich-kiosk
+exit
+systemctl --user start immich-kiosk
+exit
+systemctl --user start immich-to-slideshow-server
+systemctl --user status immich-to-slideshow-server
+exit
+systemctl --user status immich-to-slideshow-server
+systemctl --user start immich-to-slideshow-server
+nano ~/.microsoft/usersecrets/cc24ad7a-1d95-4c47-a3ea-0d8475ab06da/secrets.json
+exit
+podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest
+exit
+systemctl --user start immich-to-slideshow-server
+exit
+podman pull tananaev/traccar:latest
+podman pull tananaev.org/traccar:latest
+podman pull traccar.org/traccar:latest
+podman pull docker.io/traccar/traccar:latest
+exit
+systemctl --user start traccar-server
+systemctl --user status traccar-server --lines=999
+ls -la /opt/traccar/
+ls -la /opt/traccar/logs/
+exit
+systemctl --user status traccar-server --lines=999
+systemctl --user start traccar-server
+nano /opt/traccar/traccar.xml
+exit
+nano /opt/traccar/traccar.xml
+systemctl --user start traccar-server
+systemctl --user status traccar-server --lines=999
+nano /opt/traccar/traccar.xml
+nano /opt/traccar/traccar.xml
+systemctl --user start traccar-server
+systemctl --user status traccar-server --lines=999
+podman pull ghcr.io/linkwarden/linkwarden:latest
+podman pull ghcr.io/linkwarden/linkwarden:latest
+podman pull docker.io/postgres:16-alpine
+podman pull docker.io/postgres:16-alpine
+podman pull ghcr.io/linkwarden/linkwarden:latest
+podman pull ghcr.io/linkwarden/linkwarden:latest
+exit
+systemctl --user start linkwarden-db
+systemctl --user start linkwarden-server
+systemctl --user status linkwarden-server --lines=9999
+exit
+systemctl --user start linkwarden-server
+systemctl --user status linkwarden-server --lines=9999
+exit
+systemctl --user start linkwarden-server
+systemctl --user status linkwarden-server --lines=9999
+exit
+podman pull docker.io/blinkospace/blinko:latest
+podman pull docker.io/postgres:14
+systemctl --user start blinko-server
+systemctl --user status blinko-server --lines=9999
+systemctl --user start blinko-db
+systemctl --user status blinko-db
+systemctl --user start blinko-db
+systemctl --user start blinko-server
+systemctl --user status blinko-server --lines=9999
+exit
+podman volunme ls
+podman volume ls
+podman volume prune
+podman volume ls
+podman volume rm systemd-odoo-server-data
+podman volume rm systemd-odoo-db-data
+podman volume rm one-review_postgres_data
+podman volume prune
+podman volume rm systemd-vaultwarden-server-data
+podman volume prune
+exit
+exit
+exit
+podman exec -ti mattermost-server /bin/bash
+podman volume ls
+podman volume inspect systemd-mattermost-server-config
+nano /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/config.json 
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+podman volume prune
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+docker system prune --volumes
+podman system prune --volumes
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start linkwarden-server
+systemctl --user status linkwarden-server --lines=9999
+podman volume prune
+podman volume prune
+podman image prune
+podman image prune
+podman container prune
+podman volume prune
+podman container prune
+exit
+exit
+podman exec -ti linkwarden-server /bin/bash
+podman pull docker.io/mattermost/mattermost-team-edition:release-10.3
+podman pull docker.io/mattermost/mattermost-team-edition:release-10.3
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+curl -f http://localhost:8065/api/v4/system/ping || exit 1
+systemctl --user start mattermost-server
+podman exec -ti mattermost-server /bin/sh
+exit
+systemctl --user start mattermost-server
+exit
+systemctl --user start mattermost-server
+exit
+systemctl --user start mattermost-server
+exit
+podman volume ls
+podman volume prune
+podman volume inspect systemd-blinko-server-data
+sudo -i root
+sudo -i
+podman exec -ti blinko-server /bin/bash
+podman exec -ti blinko-server /bin/sh
+exit
+sudo -i
+exit
+sudo -i
+exit
+exit
+systemctl --user start linkwarden-server
+exit
+podman volume list
+podman volume info systemd-blinko-server-data
+podman volume systemd-blinko-server-data info
+podman volume systemd-blinko-server-data
+podman volume --help
+podman volume inspect systemd-blinko-server-data
+ls /home/podman/.local/share/containers/storage/volumes/systemd-blinko-server-data/_data
+mkdir -p /home/podman/backup-blinko
+podman volume export blinko-server-data --output /home/podman/backup-blinko/blinko-server-data.tar
+podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/blinko-server-data.tar
+podman volume export systemd-baikal-server-data --output /home/podman/backup-baikal/baikal-server-data.tar
+mkdir -p /home/podman/backup-baikal
+podman volume export systemd-baikal-server-data --output /home/podman/backup-baikal/baikal-server-data.tar
+now=$(date +'%Y-%m-%d_%H-%M-%S')
+podman volume export systemd-baikal-server-data --output /home/podman/backup-baikal/baikal-server-data-${now}.tar
+crontab -e
+exit
+crontab -e
+crontab -e
+crontab -r
+exit
+podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"\%Y\%m\%d-\%H\%M\%S")'.tar'
+exit
+podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"%Y-%m-%d--%H-%M-%S")'.tar'
+exit
+crontab -e
+exit
+chrontab -e
+crontab -e
+crontab -e
+exit
+podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"%Y-%m-%d--%H-%M-%S")'.tar'
+whereis podman
+/usr/bin/podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"%Y-%m-%d--%H-%M-%S")'.tar'
+crontab -e
+crontab -e
+crontab -e
+grep CRON /var/log/syslog
+nano /var/log/syslog
+cat /var/log/syslog
+exit
+crontab -l
+crontab -r
+crontab -e
+cat /etc/cron.allow
+cat /etc/cron.d/cron.allow
+crontab -l -u podman
+nano /etc/cron. d/cron
+nano /etc/cron
+nano /etc/cron.d/cron.allow
+crontab -r
+crontab -l
+exit
+crontab -l
+crontab -e
+systemctl status cron
+sudo -i
+systemctl status cron
+crontab -e
+crontab -e
+systemctl status cron
+systemctl status cron
+systemctl status cron
+crontab -l
+crontab -e
+systemctl status cron
+systemctl status cron
+service cron status
+crontab -e
+service cron status
+crontab -l
+crontab -e
+/home/podman/cron-backup
+mkdir /home/podman/cron-backup
+crontab -e
+crontab -e
+crontab -e
+crontab -e
+tar --list \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar
+tar --list --file \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar
+tar \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar
+tar --list --file \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar /etc
+tar -tf \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar
+tar --list --file /home/podman/cron-backup/immich-server-upload-2024-12-23--11-24-01.tar
+tar --list --file /home/podman/cron-backup/immich-server-upload-2024-12-23--11-24-01.tar thumbs/5f0b1052-466d-44de-a554-226d7256850d/33/c5/
+crontab -e
+tar --list --directory /home/podman/cron-backup/immich-server-upload-2024-12-23--11-24-01.tar
+tar --list --file /home/podman/cron-backup/immich-server-upload-2024-12-23--11-24-01.tar
+crontab -e
+exit
+systemctl --user start linkwarden-server
+exit
+podman pull docker.io/actualbudget/actual-server:latest
+systemctl --user start actual-server
+exit
+exit
+exit
+exit
+exit
+systemctl --user start linkwarden-server
+exit
+id
+exit
+nano ~/.bash_profile
+nano ~/.bash_profile
+exit
+exit
+systemctl --user start uptime-kuma-server
+exit
+systemctl --user start uptime-kuma-server
+podman pull docker.io/2fauth/2fauth
+exit
+systemctl --user start 2fauth-server
+exit
+systemctl --user start 2fauth-server
+exit
+systemctl --user start 2fauth-server
+exit
+podman volumn prune
+podman volume prune
+podman volume prune
+exit
+systemctl --user start 2fauth-server
+exit
+systemctl --user start 2fauth-server
+systemctl --user status 2fauth-server
+exit
+systemctl --user start 2fauth-server
+exit
+exit
+systemctl --user start 2fauth-server
+exit
+podman exec -ti 2fauth-server /bin/bash
+podman exec -ti 2fauth-server /bin/sh
+nc -zv localhost 8000
+nc -zv localhost 443
+podman exec -ti 2fauth-server /bin/sh
+podman exec -ti 2fauth-server /bin/sh
+nc -zv localhost 8000
+nc -zv localhost 5015
+nc -zv localhost 5016
+nc -zv localhost 5015
+nc -zv localhost 5015
+systemctl --user start 2fauth-server
+nc -zv localhost 5015
+exit
+podman exec -ti 2fauth-server /bin/sh
+exit
+systemctl --user start 2fauth-server
+podman exec -ti 2fauth-server /bin/sh
+exit
+systemctl --user start 2fauth-server
+exit
+systemctl --user start 2fauth-server
+exit
+podman exec -ti 2fauth-server /bin/sh
+exit
+systemctl --user start 2fauth-server
+podman exec -ti 2fauth-server /bin/sh
+podman exec -ti 2fauth-server /bin/sh
+exit
+podman exec -ti 2fauth-server /bin/sh
+exit
+podman exec -ti 2fauth-server /bin/sh
+systemctl --user start 2fauth-server
+podman exec -ti 2fauth-server /bin/sh
+exit
+systemctl --user start 2fauth-server
+exit
+systemctl --user start 2fauth-server
+exit
+podman pull docker.io/gotify/server
+systemctl --user start gotify-server
+exiot
+exit
+systemctl --user start uptime-kuma-server
+nano /etc/hostname
+exit
+podman pull ghcr.io/goauthentik/server:2024.12.1
+exit
+podman pull docker.io/library/redis:7.4.1
+exit
+podman pull docker.io/library/redis:7.4.1
+exit
+podman pull docker.io/library/postgres:16.6
+exit
+exit
+systemctl --user start authentik-db
+systemctl --user status authentik-db
+exit
+systemctl --user start authentik-db
+systemctl --user status authentik-db
+systemctl --user start authentik-redis
+systemctl --user status authentik-redis
+systemctl --user start authentik-worker
+systemctl --user status authentik-worker
+exit
+systemctl --user status authentik-worker
+exit
+systemctl --user start authentik-worker
+systemctl --user status authentik-worker
+nc -zv localhost 5021
+redis-cli ping 
+redis-cli -h localhost -p 6379 PING
+redis-cli -h localhost -p 5021 PING
+podman exec -ti authentik-redis /bin/bash
+redis-cli -h localhost -p 5021 PING
+exit
+exit
+systemctl --user start authentik-redis
+systemctl --user status authentik-redis
+exit
+systemctl --user start authentik-redis
+systemctl --user status authentik-redis
+podman exec -ti authentik-redis /bin/bash
+podman exec -ti authentik-redis /bin/sh
+exit
+exit
+systemctl --user start authentik-redis
+systemctl --user start authentik-redis
+podman exec -ti authentik-redis /bin/sh
+podman exec -ti authentik-redis /bin/bash
+exit
+exit
+systemctl --user start authentik-redis
+exit
+systemctl --user start authentik-redis
+systemctl --user start authentik-redis
+exit
+systemctl --user start authentik-redis
+exit
+systemctl --user start authentik-redis
+podman exec -ti authentik-redis /bin/bash
+exit
+systemctl --user start authentik-redis
+exit
+systemctl --user start authentik-redis
+exit
+systemctl --user start mattermost-server
+exit
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+podman volume prune
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+crontab -e
+crontab -e
+exit
+crontab -e
+exit
+podman volume import systemd-mattermost-server-logs /home/podman/cron-backup/mattermost-server-logs-2024-12-23--11-28-01.tar
+podman volume import systemd-mattermost-server-plugins /home/podman/cron-backup/mattermost-server-plugins-2024-12-23--11-29-02.tar
+podman volume import systemd-mattermost-server-config /home/podman/cron-backup/mattermost-server-config-2024-12-23--11-27-01.tar
+podman volume import systemd-mattermost-server-client-plugins /home/podman/cron-backup/mattermost-server-client-plugins-2024-12-23--11-26-01.tar
+podman volume import systemd-mattermost-server-bleve /home/podman/cron-backup/mattermost-server-bleve-2024-12-23--11-25-01.tar
+podman volume import systemd-mattermost-server-data /home/podman/cron-backup/mattermost-server-data-2024-12-23--11-18-01.tar
+podman volume import systemd-mattermost-db-data /home/podman/cron-backup/mattermost-db-data-2024-12-24--12-17-01.tar
+exit
+systemctl --user start mattermost-server
+systemctl --user start mattermost-db
+exit
+systemctl --user start mattermost-db
+systemctl --user start mattermost-db
+systemctl --user start mattermost-server
+exit
+systemctl --user status mattermost-server --lines=999
+exit
+podman volume import systemd-mattermost-db-data /home/podman/cron-backup/mattermost-db-data-2024-12-24--12-17-01.tar
+podman volume import systemd-mattermost-server-data /home/podman/cron-backup/mattermost-server-data-2024-12-23--11-18-01.tar
+podman volume import systemd-mattermost-server-bleve /home/podman/cron-backup/mattermost-server-bleve-2024-12-23--11-25-01.tar
+podman volume import systemd-mattermost-server-client-plugins /home/podman/cron-backup/mattermost-server-client-plugins-2024-12-23--11-26-01.tar
+podman volume import systemd-mattermost-server-config /home/podman/cron-backup/mattermost-server-config-2024-12-23--11-27-01.tar
+podman volume import systemd-mattermost-server-plugins /home/podman/cron-backup/mattermost-server-plugins-2024-12-23--11-29-02.tar
+podman volume import systemd-mattermost-server-logs /home/podman/cron-backup/mattermost-server-logs-2024-12-23--11-28-01.tar
+exit
+podman volume import systemd-mattermost-server-data /home/podman/cron-backup/mattermost-server-data-2024-12-23--11-18-01.tar
+systemctl --user start mattermost-db
+systemctl --user start mattermost-server
+exit
+systemctl --user start mattermost-server
+podman exec -ti mattermost-server /bin/bash
+exit
+systemctl --user start mattermost-server
+exit
+exit
+exit
+/usr/libexec/podman/quadlet --user /home/podman/libexec-podman-quadlet-output
+/usr/libexec/podman/quadlet -dryrun --user
+exit
+exit
+exit
+systemctl --user start mattermost-server
+exit
+systemctl --user status mattermost-server --lines=999
+exit

etc/bash_history_2025-01-03.txt

@@ -0,0 +1,500 @@
+mv /mnt/free-file-sync/iso/images-a/DisneyWorld\\\\ 2019/ /mnt/free-file-sync/iso/images-a/DisneyWorld\\ 2019/
+mv /mnt/free-file-sync/iso/images-a/DisneyWorld\\\ 2019 /mnt/free-file-sync/iso/images-a/DisneyWorld\\ 2019/
+rm -R /mnt/free-file-sync/iso/images-a/DisneyWorld\\\ 2019/
+rm -R /mnt/free-file-sync/iso/images-a/All\\\ Pictures\\\ from\\\ Wedding\\\ Originals\\\ 2006
+rm -R /mnt/free-file-sync/iso/images-a/All\\\ Pictures\\\ from\\\ Wedding\\\ Originals\\\ 2006\ \\\!9
+exit
+rm -R /mnt/free-file-sync/iso/images-a/Phares\\\ Slides\\\ ####
+exit
+mount /mnt/free-file-sync/iso/Edited.iso /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Edited/2024-12-18-17-56-37-119.iso /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Facebook/2024-12-18-17-32-32-487.iso /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/All\ Pictures\ from\ Wedding\ Originals\ 2006/2024-12-18-18-10-19-693.iso /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Phares\ Slides\ ####/2024-12-18-18-13-54-579.iso /mnt/iso-compare
+rm -R /mnt/free-file-sync/iso/images-a/Scanned\ Grandma\\\'s\ Quilt\ ####/
+rm -R /mnt/free-file-sync/iso/images-a/Event
+rm -R /mnt/free-file-sync/iso/images-a/Question/
+mount /mnt/free-file-sync/iso/images-a/All\ Pictures\ from\ Wedding\ Originals\ 2006/2024-12-18-18-10-19-693.iso /mnt/iso-compare
+rm -R /mnt/free-file-sync/iso/images-a/All\ Pictures\ from\ Wedding\ Originals\ 2006/
+mount /mnt/free-file-sync/iso/images-a/Edited/2024-12-18-17-56-37-119.iso /mnt/iso-compare
+umount /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Edited/2024-12-18-17-56-37-119.iso /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Edited/2024-12-18-17-56-37-119.iso /mnt/iso-compare
+umount /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Facebook/2024-12-18-17-32-32-487.iso /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Facebook/2024-12-18-17-32-32-487.iso /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+rm -R /mnt/free-file-sync/iso/images-a/Facebook
+mount /mnt/free-file-sync/iso/images-a/Rex\ Memorial\ ####/2024-12-18-18-15-40-537.iso /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Scanned\ Norman\ Herman/2024-12-18-18-15-43-097.iso /mnt/iso-compare
+umount /mnt/iso-compare
+rm -R /mnt/free-file-sync/iso/images-a/Scanned*
+rm -R /mnt/free-file-sync/iso/images-a/Phares\ Slides\ ####/
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/DisneyWorld\ 2019/2024-12-18-18-42-26-222.iso /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+exit
+ls -al /mnt/free-file-sync/iso/images-a
+rm -R /mnt/free-file-sync/iso/images-a/Slide in N*
+rm -R /mnt/free-file-sync/iso/images-a/Slide\\ in\\ N*
+ls -al /mnt/free-file-sync/iso/images-a/Sli*
+ls -al /mnt/free-file-sync/iso/images-a/Slide *
+ls -al /mnt/free-file-sync/iso/images-a/Slide\\ *
+ls -al /mnt/free-file-sync/iso/images-a
+rm -R /mnt/free-file-sync/iso/images-a/'Slide in Name Order Originals \(622\) ####'
+mkdir /mnt/free-file-sync/iso/videos-b
+exit
+lsblk
+lsblk -o NAME,SIZE,TYPE,FSUSED,FSUSE%
+rm /mnt/free-file-sync/iso/videos-b/Home\ Videos\ 1998\ -\ 2002/2024-12-18-19-49-52-202.iso 
+lsblk -o NAME,SIZE,TYPE,FSUSED,FSUSE%
+exit
+nano /root/.ssh/authorized_keys 
+exit
+nano /root/.ssh/authorized_keys 
+exit
+nano /root/.ssh/authorized_keys 
+exit
+nano /root/.ssh/authorized_keys 
+nano /root/.ssh/authorized_keys 
+exit
+exit
+exit
+lsblk
+lsblk -o NAME,SIZE,TYPE,FSUSED,FSUSE%,MOUNTPOINT
+exit
+lsblk -b -o NAME,SIZE,TYPE,VENDOR,MODEL,SERIAL,MOUNTPOINT
+lsblk -o NAME,SIZE,TYPE,FSUSED,FSUSE%,MOUNTPOINT
+exit
+reboot
+aptget update
+apt-get update
+apt-get upgrade
+ls
+nano t
+nano t
+exit
+sudo -iu podman
+exit
+mv -R /home/lphares/gdrive/ /mnt/free-file-sync/logan-google-drive
+mv /home/lphares/gdrive/ /mnt/free-file-sync/logan-google-drive
+mv /mnt/free-file-sync/logan-google-drive /mnt/free-file-sync/google-drive-logan
+exit
+nano /root/.ssh/authorized_keys 
+exit
+sudo -iu podman
+crontab -e
+sudo -iu podman
+/etc/duckdns/duck.sh >/dev/null 2>&1
+"/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
+cd /root/jackyzha0-quartz-phares && /snap/bin/npx quartz build
+cd /
+podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"\%Y\%m\%d-\%H\%M\%S")'.tar'
+sudo -iu podman
+ls /home/podman/backup-blinko/
+sudo -iu podman
+ls /home/podman/backup-blinko/
+rm /home/podman/backup-blinko/*
+ls /home/podman/backup-blinko/
+sudo -iu podman
+exit
+ls /home/podman/backup-blinko/
+exit
+sudo -iu podman
+nano /run/podman/podman.sock
+ls /run/podman/podman.sock
+sudo -iu podman
+cat /var/log/syslog
+grep "ERROR" /var/log/cron
+sudo -iu podman
+crontab -e
+crontab -l
+crontab -e
+crontab -l
+systemctl status cron
+crontab -e
+systemctl status cron
+systemctl status cron
+systemctl status cron
+systemctl status cron
+systemctl status cron
+systemctl log cron
+systemctl status cron
+systemctl status cron
+crontab -e
+systemctl status cron
+ls /home/podman/backup-blinko/
+ls /home/podman/backup-blinko/
+systemctl status cron
+crontab -e
+systemctl status cron
+sudo -iu podman
+exit
+snap list vaultwarden 
+reboot
+nginx -t
+nginx -s reload
+exit
+sudo -iu podman
+exit
+sudo -iu podman
+exit
+su lphares
+exit
+exit
+exit
+exit
+exit
+nginx -t
+nginx -t
+nginx -s reload
+nginx -t
+ls -la /home/lphares/dorico
+ls -la /home/lphares
+ls -la /home/lphares/dorico/
+nginx -t
+nginx -s reload
+nginx -s reload
+ls /var/www/html-
+nginx -s reload
+nginx -t
+ls /etc/netplan/
+nginx -s reload
+nginx -s reload
+nginx -s reload
+nginx -t
+nginx -t
+nginx -s reload
+nginx -s reload
+ls /etc/ModemManager/ -la
+ls /etc/ModemManager -la
+ls /etc/ModemManager
+ls /etc/ModemManager -
+ls /etc/ModemManager -l
+ls /etc/ModemManager --time-style
+ls /etc/ModemManager -lT
+ls /etc/ModemManager --time-style=full
+ls /etc/ModemManager/ --time-style=full
+ls /etc/ModemManager/
+ls /etc/ModemManager -l -T
+ls /etc/ModemManager  -l --time-style=+"%b %d %Y %H:%M:%S"
+ls /etc/ModemManager/  -l --time-style=+"%b %d %Y %H:%M:%S"
+ls /etc/ModemManager/  -l --time-style=+"%b %d %Y %H:%M:%S%zz"
+ls /etc/ModemManager/  -l --time-style=+"%b %d %Y %H:%M:%S %z"
+ls /etc/ModemManager/  -l --time-style=+"%b %d %Y %HH:%M:%S %z"
+ls /etc/ModemManager/  -l --time-style=+"%b %d %Y %h:%M:%S %z"
+ls /etc/ModemManager/  -l --time-style=+"%b %d %Y %H:%M:%S %z"
+ls /etc/ModemManager/ -la -D '%Y-%m-%dT%H:%M:%S'
+ls /etc/ModemManager/ -la -D '%Y-%m-%dT     %H:%M:%S'
+nginx -t
+nginx -s reload
+ufw status
+ufw number status
+ufw numbered status
+ufw status numbered
+ufw active
+ufw enable
+ufw status numbered
+ls
+ufw disable
+ip a
+ufw allow                                   53/tcp comment "01) DNS TCP"
+ufw status numbered
+ufw allow                                   53/udp comment "02) DNS UDP"
+ufw allow                                   67/tcp comment "03) DHCP TCP"
+ufw allow                                   67/udp comment "04) DHCP UDP"
+ufw allow from       0.0.0.0/0 to any port 443/tcp comment "05) HTTPS"
+ufw allow from 192.168.11.0/25 to any port  22/tcp comment "06) SSH"
+ufw allow from 192.168.21.0/25 to any port  22/tcp comment "07) SSH"
+ufw allow from 192.168.31.0/25 to any port  22/tcp comment "08) SSH"
+ufw allow from 192.168.41.0/25 to any port  22/tcp comment "09) SSH"
+ufw allow from 192.168.42.0/25 to any port  22/tcp comment "10) SSH"
+ufw allow from 192.168.43.0/25 to any port  22/tcp comment "11) SSH"
+ufw allow to         0.0.0.0/0        port  22/tcp comment "12) SSH"
+ufw enable
+ufw status numbered
+ufw disable
+ufw allow from       0.0.0.0/0 443/tcp comment "05) HTTPS"
+ufw allow from       0.0.0.0/0 port 443/tcp comment "05) HTTPS"
+ufw allow from       0.0.0.0/0 port 443 comment "05) HTTPS"
+ufw reset
+ufw status numbered
+ufw allow                      port 53/tcp comment "01) DNS TCP"
+ufw allow                           53/tcp comment "01) DNS TCP"
+ufw allow                           53/udp comment "02) DNS UDP"
+ufw allow                           67/tcp comment "03) DHCP TCP"
+ufw allow                           67/udp comment "04) DHCP UDP"
+ufw allow from       0.0.0.0/0 port 443/tcp comment "05) HTTPS"
+ufw allow from 192.168.11.0/25 port  22/tcp comment "06) SSH"
+ufw allow from 192.168.21.0/25 port  22/tcp comment "07) SSH"
+ufw allow from 192.168.31.0/25 port  22/tcp comment "08) SSH"
+ufw allow from 192.168.41.0/25 port  22/tcp comment "09) SSH"
+ufw allow from 192.168.42.0/25 port  22/tcp comment "10) SSH"
+ufw allow from 192.168.43.0/25 port  22/tcp comment "11) SSH"
+ufw allow to         0.0.0.0/0 port  22/tcp comment "12) SSH"
+ufw allow from       0.0.0.0/0 port 443/tcp comment "05) HTTPS"
+ufw allow from       0.0.0.0/0 443/tcp comment "05) HTTPS"
+ufw allow from       0.0.0.0/0 port 443 comment "05) HTTPS"
+ufw reset
+ufw allow                           53/tcp comment "01) DNS TCP"
+ufw allow                           53/udp comment "02) DNS UDP"
+ufw allow                           67/tcp comment "03) DHCP TCP"
+ufw allow                           67/udp comment "04) DHCP UDP"
+ufw allow from       0.0.0.0/0 443/tcp comment "05) HTTPS"
+ufw allow from       0.0.0.0/0         443 comment "05) HTTPS"
+ufw allow from 0.0.0.0/0 443 comment "05) HTTPS"
+ufw allow from       0.0.0.0/0    port 443 comment "05) HTTPS"
+ufw allow from 192.168.11.0/25    port  22 comment "06) SSH"
+ufw allow from 192.168.21.0/25    port  22 comment "07) SSH"
+ufw allow from 192.168.31.0/25    port  22 comment "08) SSH"
+ufw allow from 192.168.41.0/25    port  22 comment "09) SSH"
+ufw allow from 192.168.42.0/25    port  22 comment "10) SSH"
+ufw allow from 192.168.43.0/25    port  22 comment "11) SSH"
+ufw allow to         0.0.0.0/0    port  22 comment "12) SSH"
+ufw enable
+ufw status numbered
+ufw delete 12
+ufw status numbered
+ufw disable
+ufw allow to   192.168.11.0/25    port  22 comment "12) SSH"
+ufw allow to   192.168.21.0/25    port  22 comment "13) SSH"
+ufw allow to   192.168.31.0/25    port  22 comment "14) SSH"
+ufw allow to   192.168.41.0/25    port  22 comment "15) SSH"
+ufw allow to   192.168.42.0/25    port  22 comment "16) SSH"
+ufw allow to   192.168.43.0/25    port  22 comment "17) SSH"
+ufw enable
+ufw status numbered
+ufw status numbered
+ufw disable
+cat /etc/passwd
+top
+pcap
+ps -ef | grep cr[o]n
+ps -ef | grep nginx
+usermod -a -G lphares www-data
+exit
+chmod -R 774 /home/lphares/dorico
+nginx -t
+nginx -s reload
+nginx -s reload
+rm -r /home/lphares/dorico
+su lphares
+exit
+exit
+exit
+ufw status numbered
+ufw enabled
+ufw enable
+ufw status numbered
+ufw disable
+ufw allow from       0.0.0.0/0    port 443 comment "18) HTTPS"
+ufw enable
+ufw disable
+ufw reset
+ufw disable
+ufw allow                           53/tcp comment "01) DNS TCP"
+ufw allow                           53/udp comment "02) DNS UDP"
+ufw allow                           67/tcp comment "03) DHCP TCP"
+ufw allow                           67/udp comment "04) DHCP UDP"
+ufw allow from       0.0.0.0/0    port 443 comment "05) HTTPS"
+ufw allow to         0.0.0.0/0    port 443 comment "06) HTTPS"
+ufw enable
+ufw allow from 192.168.11.0/25    port  22 comment "07) SSH"
+ufw allow from 192.168.21.0/25    port  22 comment "08) SSH"
+ufw allow from 192.168.31.0/25    port  22 comment "09) SSH"
+ufw allow from 192.168.41.0/25    port  22 comment "10) SSH"
+ufw allow from 192.168.42.0/25    port  22 comment "11) SSH"
+ufw allow from 192.168.43.0/25    port  22 comment "12) SSH"
+ufw allow to   192.168.11.0/25    port  22 comment "13) SSH"
+ufw allow to   192.168.21.0/25    port  22 comment "14) SSH"
+ufw allow to   192.168.31.0/25    port  22 comment "15) SSH"
+ufw allow to   192.168.41.0/25    port  22 comment "16) SSH"
+ufw allow to   192.168.42.0/25    port  22 comment "17) SSH"
+ufw allow to   192.168.43.0/25    port  22 comment "18) SSH"
+ufw enable
+ufw status numbered
+exit
+ufw disable
+top[
+top
+systemctl list-timers
+systemctl list-timers
+apt-get remove certbot
+snap remove certbot
+systemctl list-timers
+exit
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+reboot
+sudo -iu podman
+exit
+exit
+grep sshd.\*Failed /var/log/auth.log | less
+grep sshd.\*Failed /var/log/auth.log | less
+grep sshd.\* /var/log/auth.log
+grep sshd.\*publickey /var/log/auth.log | less
+grep sshd.\*publickey /var/log/auth.log
+grep sshd.\*publickey /var/log/auth.log | less
+apt update
+apt install fail2ban -y
+systemctl status fail2ban.service
+cd /etc/fail2ban
+ls
+head -20 jail.conf
+cp jail.conf jail.local
+nano jail.local
+nano jail.local
+nano jail.local
+systemctl enable fail2ban
+systemctl start fail2ban
+systemctl status fail2ban
+reboot
+apt-get update
+apt upgrade
+sudo -iu podman
+exit
+snap info adguard-home 
+exit
+tail /var/log/auth.log -f
+exit
+ufw status numbered
+exit
+ip a
+exit
+id
+su phares
+su podman
+exit
+exit
+exit
+sudo -iu podman
+exit
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+exit
+ip a
+ip a l | grep inet6
+cat /proc/sys/net/ipv6/conf/all/disable_ipv6
+cat /proc/sys/net/ipv6/conf/all/disable_ipv6
+cat /boot/firmware/cmdline.txt
+nano /boot/firmware/cmdline.txt
+exit
+snap restart adguard-home 
+exit
+nano /etc/duckdns/duck.sh
+exit
+nano /etc/duckdns/duck.sh
+cat duck.log
+chmod 700 /etc/duckdns/duck.sh
+cd /etc/duckdns
+./duck.sh
+cat duck.log
+ps -ef | grep cr[o]n
+crontab -e
+cat duck.log
+xit
+exit
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+nginx -t
+nginx -s reload
+nginx -s reload
+sudo -iu podman
+sudo -iu podman
+nginx -t
+nginx -s reload
+links http://192.168.11.2:5015/
+sudo -iu podman
+sudo -iu podman
+links http://192.168.11.2:5015/
+sudo -iu podman
+links http://192.168.11.2:5015/
+sudo -iu podman
+sudo -iu podman
+links http://192.168.11.2:5015/
+links http://192.168.11.2:5015/
+sudo -iu podman
+nginx -t
+nginx -s reload
+links http://192.168.11.2:5015/
+sudo -iu podman
+chown podman:podman /home/podman/2fauth -R
+sudo -iu podman
+sudo -iu podman
+chown podman:podman /home/podman/2fauth -R
+sudo -iu podman
+nginx -t
+nginx -s reload
+sudo -iu podman
+sudo -iu podman
+nc -zv localhost 5015
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+exit
+nano /home/persa/.ssh/authorized_keys 
+nano /home/persa/.ssh/authorized_keys 
+nano /root/.ssh/authorized_keys 
+exit
+nano /root/.ssh/authorized_keys 
+nano /home/lphares/.ssh/authorized_keys 
+nano /home/bmiller/.ssh/authorized_keys 
+nano /home/podman/.ssh/authorized_keys 
+exit
+nano /home/podman/.ssh/authorized_keys 
+nano /home/bmiller/.ssh/authorized_keys 
+nano /home/lphares/.ssh/authorized_keys 
+nano /root/.ssh/authorized_keys 
+nano /home/persa/.ssh/authorized_keys 
+nano /home/phares/.ssh/authorized_keys 
+exit\
+exit
+sudo -iu podman
+nano /etc/hostname 
+nano /etc/hosts
+exit
+nginx -t
+nginx -s reload
+sudo -iu podman
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nginx -t
+nginx -s reload
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -s reload
+nginx -t
+reboot
+exit

etc/group

@@ -59,7 +59,7 @@ fwupd-refresh:x:989:
 netdev:x:110:
 phares:x:1001:
 podman:x:1000:
-lphares:x:1003:bmiller,persa
+lphares:x:1003:bmiller,persa,www-data
 bmiller:x:1004:
 unbound:x:111:
 cockpit-ws:x:112:

etc/group-

@@ -68,7 +68,7 @@ pcp:x:988:
 persa:x:1002:
 redis:x:114:
 swtpm:x:115:
-libvirt:x:116:phares,podman
+libvirt:x:116:phares,podman,libvirtdbus
 libvirt-qemu:x:64055:libvirt-qemu
 libvirt-dnsmasq:x:117:
 libvirtdbus:x:118:

etc/gshadow

@@ -59,7 +59,7 @@ fwupd-refresh:!*::
 netdev:!::
 phares:!::
 podman:!::
-lphares:!::bmiller,persa
+lphares:!::bmiller,persa,www-data
 bmiller:!::
 unbound:!::
 cockpit-ws:!::

etc/gshadow-

@@ -68,7 +68,7 @@ pcp:!::
 persa:!::
 redis:!::
 swtpm:!::
-libvirt:!::phares,podman
+libvirt:!::phares,podman,libvirtdbus
 libvirt-qemu:!::libvirt-qemu
 libvirt-dnsmasq:!::
 libvirtdbus:!::

etc/hosts

@@ -1,5 +1,5 @@
 127.0.0.1 localhost
-127.0.1.1 trigkey-green-g4
+127.0.1.1 phares.duckdns.org
 
 # The following lines are desirable for IPv6 capable hosts
 ::1     ip6-localhost ip6-loopback

etc/nginx/include/2fauth.conf

@@ -0,0 +1,20 @@
+server {
+    # touch /etc/nginx/include/2fauth.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/2fauth.phares.duckdns.org.key -out /etc/nginx/include/2fauth.phares.duckdns.org.crt -config /etc/nginx/include/2fauth.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name 2fauth.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              https://192.168.11.2:5015/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/include/actual.conf

@@ -0,0 +1,20 @@
+server {
+    # touch /etc/nginx/include/actual.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/actual.phares.duckdns.org.key -out /etc/nginx/include/actual.phares.duckdns.org.crt -config /etc/nginx/include/actual.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name actual.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:5013/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/include/adguard.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/adguard.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/adguard.phares.duckdns.org.key -out /etc/nginx/include/adguard.phares.duckdns.org.crt -config /etc/nginx/include/adguard.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name adguard.phares.duckdns.org;
@@ -13,7 +13,7 @@ server {
         proxy_set_header        X-Real-IP $remote_addr;
         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass              http://192.168.11.2:3002/;
+        proxy_pass              https://192.168.11.2:5014/;
         proxy_read_timeout      600s;
         proxy_send_timeout      600s;
     }

etc/nginx/include/authentik.conf

@@ -0,0 +1,23 @@
+server {
+    # touch /etc/nginx/include/authentik.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/authentik.phares.duckdns.org.key -out /etc/nginx/include/authentik.phares.duckdns.org.crt -config /etc/nginx/include/authentik.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name authentik.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              https://192.168.11.2:5018/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+        proxy_connect_timeout   600s;
+        proxy_set_header        Upgrade $http_upgrade;
+        proxy_set_header        Connection "upgrade";
+    }
+}

etc/nginx/include/baikal.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/baikal.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/baikal.phares.duckdns.org.key -out /etc/nginx/include/baikal.phares.duckdns.org.crt -config /etc/nginx/include/baikal.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name baikal.phares.duckdns.org;

etc/nginx/include/blinko.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/blinko.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/blinko.phares.duckdns.org.key -out /etc/nginx/include/blinko.phares.duckdns.org.crt -config /etc/nginx/include/blinko.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name blinko.phares.duckdns.org;

etc/nginx/include/cockpit.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/cockpit.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/cockpit.phares.duckdns.org.key -out /etc/nginx/include/cockpit.phares.duckdns.org.crt -config /etc/nginx/include/cockpit.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name cockpit.phares.duckdns.org;

etc/nginx/include/dashkiosk.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/dashkiosk.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/dashkiosk.phares.duckdns.org.key -out /etc/nginx/include/dashkiosk.phares.duckdns.org.crt -config /etc/nginx/include/dashkiosk.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name dashkiosk.phares.duckdns.org;

etc/nginx/include/dorico.conf

@@ -0,0 +1,17 @@
+server {
+    # touch /etc/nginx/include/dorico.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/dorico.phares.duckdns.org.key -out /etc/nginx/include/dorico.phares.duckdns.org.crt -config /etc/nginx/include/dorico.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name dorico.phares.duckdns.org;
+    root /home/lphares/dorico;
+    # usermod -a -G lphares www-data
+    location / {
+        autoindex on;
+        disable_symlinks on;
+        autoindex_format json;
+    }
+}

etc/nginx/include/firefox.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/firefox.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/firefox.phares.duckdns.org.key -out /etc/nginx/include/firefox.phares.duckdns.org.crt -config /etc/nginx/include/firefox.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name firefox.phares.duckdns.org;

etc/nginx/include/gitea.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/gitea.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/gitea.phares.duckdns.org.key -out /etc/nginx/include/gitea.phares.duckdns.org.crt -config /etc/nginx/include/gitea.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name gitea.phares.duckdns.org;

etc/nginx/include/gotify.conf

@@ -0,0 +1,23 @@
+server {
+    # touch /etc/nginx/include/gotify.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/gotify.phares.duckdns.org.key -out /etc/nginx/include/gotify.phares.duckdns.org.crt -config /etc/nginx/include/gotify.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name gotify.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:5016/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+        proxy_connect_timeout   600s;
+        proxy_set_header        Upgrade $http_upgrade;
+        proxy_set_header        Connection "upgrade";
+    }
+}

etc/nginx/include/immich-kiosk.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/immich-kiosk.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/immich-kiosk.phares.duckdns.org.key -out /etc/nginx/include/immich-kiosk.phares.duckdns.org.crt -config /etc/nginx/include/immich-kiosk.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name immich-kiosk.phares.duckdns.org;

etc/nginx/include/immich-to-slideshow.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/immich-to-slideshow.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/immich-to-slideshow.phares.duckdns.org.key -out /etc/nginx/include/immich-to-slideshow.phares.duckdns.org.crt -config /etc/nginx/include/immich-to-slideshow.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name immich-to-slideshow.phares.duckdns.org;

etc/nginx/include/immich.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/immich.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/immich.phares.duckdns.org.key -out /etc/nginx/include/immich.phares.duckdns.org.crt -config /etc/nginx/include/immich.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name immich.phares.duckdns.org;

etc/nginx/include/kuma.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/kuma.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/kuma.phares.duckdns.org.key -out /etc/nginx/include/kuma.phares.duckdns.org.crt -config /etc/nginx/include/kuma.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name kuma.phares.duckdns.org;

etc/nginx/include/linkwarden.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/linkwarden.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/linkwarden.phares.duckdns.org.key -out /etc/nginx/include/linkwarden.phares.duckdns.org.crt -config /etc/nginx/include/linkwarden.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name linkwarden.phares.duckdns.org;

etc/nginx/include/mattermost.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/mattermost.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/mattermost.phares.duckdns.org.key -out /etc/nginx/include/mattermost.phares.duckdns.org.crt -config /etc/nginx/include/mattermost.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name mattermost.phares.duckdns.org;

etc/nginx/include/neko.conf

@@ -1,24 +0,0 @@
-server {
-    # touch /etc/nginx/include/neko.phares.duckdns.org
-    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/neko.phares.duckdns.org.key -out /etc/nginx/include/neko.phares.duckdns.org.crt -config /etc/nginx/include/neko.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
-    ssl_protocols TLSv1.2 TLSv1.3;
-    listen 443 ssl http2;
-    server_name neko.phares.duckdns.org;
-    location / {
-        # https://neko.m1k1o.net/#/getting-started/reverse-proxy
-        proxy_pass http://192.168.11.2:8082/;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_read_timeout 86400;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $remote_addr;
-        proxy_set_header X-Forwarded-Host $host;
-        proxy_set_header X-Forwarded-Port $server_port;
-        proxy_set_header X-Forwarded-Protocol $scheme;
-    }
-}

etc/nginx/include/odoo.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/odoo.ddns.net
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/odoo.ddns.net.key -out /etc/nginx/include/odoo.ddns.net.crt -config /etc/nginx/include/odoo.ddns.net
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name odoo.phares.duckdns.org;

etc/nginx/include/passed.conf

@@ -0,0 +1,23 @@
+server {
+    # touch /etc/nginx/include/passed.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/passed.phares.duckdns.org.key -out /etc/nginx/include/passed.phares.duckdns.org.crt -config /etc/nginx/include/passed.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name passed.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:5022/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+        proxy_connect_timeout   600s;
+        proxy_set_header        Upgrade $http_upgrade;
+        proxy_set_header        Connection "upgrade";
+    }
+}

etc/nginx/include/pgadmin.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/pgadmin.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/pgadmin.phares.duckdns.org.key -out /etc/nginx/include/pgadmin.phares.duckdns.org.crt -config /etc/nginx/include/pgadmin.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name pgadmin.phares.duckdns.org;

etc/nginx/include/phares.conf

@@ -19,9 +19,9 @@ server {
 server {
     # touch /etc/nginx/include/phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/phares.duckdns.org.key -out /etc/nginx/include/phares.duckdns.org.crt -config /etc/nginx/include/phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name phares.duckdns.org;

etc/nginx/include/quartz.conf

@@ -10,9 +10,9 @@ server {
 server {
     # touch /etc/nginx/include/quartz.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/quartz.phares.duckdns.org.key -out /etc/nginx/include/quartz.phares.duckdns.org.crt -config /etc/nginx/include/quartz.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name quartz.phares.duckdns.org;

etc/nginx/include/slideshow.conf

@@ -11,9 +11,9 @@ server {
 server {
     # touch /etc/nginx/include/slideshow.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/slideshow.phares.duckdns.org.key -out /etc/nginx/include/slideshow.phares.duckdns.org.crt -config /etc/nginx/include/slideshow.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name slideshow.phares.duckdns.org;

etc/nginx/include/vaultwarden.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/vaultwarden.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/vaultwarden.phares.duckdns.org.key -out /etc/nginx/include/vaultwarden.phares.duckdns.org.crt -config /etc/nginx/include/vaultwarden.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     # server_tokens off;

etc/nginx/include/warden.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/warden.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/warden.phares.duckdns.org.key -out /etc/nginx/include/warden.phares.duckdns.org.crt -config /etc/nginx/include/warden.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     # server_tokens off;

etc/nginx/include/xandikos.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/xandikos.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/xandikos.phares.duckdns.org.key -out /etc/nginx/include/xandikos.phares.duckdns.org.crt -config /etc/nginx/include/xandikos.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name xandikos.phares.duckdns.org;

etc/nginx/sites-available/default

@@ -1,33 +1,9 @@
-include /etc/nginx/include/adguard.conf; # https://adguard.phares.duckdns.org # http://192.168.11.2:3002/
-include /etc/nginx/include/affirm.conf; # https://*.affirm.duckdns.org # /var/www/html-affirm
-include /etc/nginx/include/baikal.conf; # https://baikal.phares.duckdns.org # http://192.168.11.2:8001/
-include /etc/nginx/include/bchs.conf; # https://*.bchs.duckdns.org # /var/www/html-bchs
-include /etc/nginx/include/blinko.conf; # https://blinko.phares.duckdns.org # http://192.168.11.2:5012/
-include /etc/nginx/include/cockpit.conf; # https://cockpit.phares.duckdns.org # https://127.0.0.1:9090/
-include /etc/nginx/include/dashkiosk.conf; # https://dashkiosk.phares.duckdns.org # http://192.168.11.2:9400/
-include /etc/nginx/include/firefox.conf; # https://firefox.phares.duckdns.org # http://192.168.11.2:5800/
-include /etc/nginx/include/gitea.conf; # https://gitea.phares.duckdns.org # http://192.168.11.2:3000/
-include /etc/nginx/include/immich-kiosk.conf; # https://immich-kiosk.phares.duckdns.org # http://192.168.11.2:5010/
-include /etc/nginx/include/immich-to-slideshow.conf; # https://immich-to-slideshow.phares.duckdns.org # http://192.168.11.2:5009/
-include /etc/nginx/include/immich.conf; # https://immich.phares.duckdns.org # http://192.168.11.2:3001/
-include /etc/nginx/include/kuma.conf; # https://kuma.phares.duckdns.org # https://192.168.11.2:3004/
-include /etc/nginx/include/linkwarden.conf; # https://linkwarden.phares.duckdns.org # http://192.168.11.2:5011/
-include /etc/nginx/include/mattermost.conf; # https://mattermost.phares.duckdns.org # https://192.168.11.2:8443/
-include /etc/nginx/include/neko.conf; # https://neko.phares.duckdns.org # http://192.168.11.2:8082/
-include /etc/nginx/include/odoo.conf; # https://odoo.phares.duckdns.org # http://192.168.11.2:8069/
-include /etc/nginx/include/pgadmin.conf; # https://pgadmin.phares.duckdns.org # https://192.168.11.2:5007/
-include /etc/nginx/include/phares.conf; # https://phares.duckdns.org # /var/www/html-nginx
-include /etc/nginx/include/quartz.conf; # https://quartz.phares.duckdns.org # /var/www/html-quartz
-include /etc/nginx/include/slideshow.conf; # https://slideshow.phares.duckdns.org # /var/www/html-slideshow
-include /etc/nginx/include/vaultwarden.conf; # https://vaultwarden.phares.duckdns.org # https://192.168.11.2:5008/
-include /etc/nginx/include/warden.conf; # https://warden.phares.duckdns.org # https://192.168.11.2:5008/
-include /etc/nginx/include/xandikos.conf; # https://xandikos.phares.duckdns.org # http://192.168.11.2:8000/
 server {
     # touch /etc/nginx/include/phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/phares.duckdns.org.key -out /etc/nginx/include/phares.duckdns.org.crt -config /etc/nginx/include/phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name *.phares.duckdns.org;
@@ -37,4 +13,32 @@ server {
         try_files $uri $uri.html $uri/ =404;
     }
 }
+include /etc/nginx/include/2fauth.conf; # https://2fauth.phares.duckdns.org # https://192.168.11.2:5015/
+include /etc/nginx/include/adguard.conf; # https://adguard.phares.duckdns.org # http://192.168.11.2:5014/
+include /etc/nginx/include/authentik.conf; # https://authentik.phares.duckdns.org # https://192.168.11.2:5018/
+include /etc/nginx/include/affirm.conf; # https://*.affirm.duckdns.org # /var/www/html-affirm
+include /etc/nginx/include/baikal.conf; # https://baikal.phares.duckdns.org # http://192.168.11.2:8001/
+include /etc/nginx/include/bchs.conf; # https://*.bchs.duckdns.org # /var/www/html-bchs
+include /etc/nginx/include/blinko.conf; # https://blinko.phares.duckdns.org # http://192.168.11.2:5012/
+include /etc/nginx/include/cockpit.conf; # https://cockpit.phares.duckdns.org # https://127.0.0.1:9090/
+include /etc/nginx/include/dashkiosk.conf; # https://dashkiosk.phares.duckdns.org # http://192.168.11.2:9400/
+include /etc/nginx/include/dorico.conf; # https://dorico.phares.duckdns.org # /home/lphares/dorico
+include /etc/nginx/include/firefox.conf; # https://firefox.phares.duckdns.org # http://192.168.11.2:5800/
+include /etc/nginx/include/gitea.conf; # https://gitea.phares.duckdns.org # http://192.168.11.2:3000/
+include /etc/nginx/include/gotify.conf; # https://gotify.phares.duckdns.org # http://192.168.11.2:5016/
+include /etc/nginx/include/immich-kiosk.conf; # https://immich-kiosk.phares.duckdns.org # http://192.168.11.2:5010/
+include /etc/nginx/include/immich-to-slideshow.conf; # https://immich-to-slideshow.phares.duckdns.org # http://192.168.11.2:5009/
+include /etc/nginx/include/immich.conf; # https://immich.phares.duckdns.org # http://192.168.11.2:3001/
+include /etc/nginx/include/kuma.conf; # https://kuma.phares.duckdns.org # https://192.168.11.2:3004/
+include /etc/nginx/include/linkwarden.conf; # https://linkwarden.phares.duckdns.org # http://192.168.11.2:5011/
+include /etc/nginx/include/mattermost.conf; # https://mattermost.phares.duckdns.org # https://192.168.11.2:8443/
+include /etc/nginx/include/odoo.conf; # https://odoo.phares.duckdns.org # http://192.168.11.2:8069/
+include /etc/nginx/include/passed.conf; # https://passed.phares.duckdns.org # http://192.168.11.2:5022/
+include /etc/nginx/include/pgadmin.conf; # https://pgadmin.phares.duckdns.org # https://192.168.11.2:5007/
+include /etc/nginx/include/phares.conf; # https://phares.duckdns.org # /var/www/html-nginx
+include /etc/nginx/include/quartz.conf; # https://quartz.phares.duckdns.org # /var/www/html-quartz
+include /etc/nginx/include/slideshow.conf; # https://slideshow.phares.duckdns.org # /var/www/html-slideshow
+include /etc/nginx/include/vaultwarden.conf; # https://vaultwarden.phares.duckdns.org # https://192.168.11.2:5008/
+include /etc/nginx/include/warden.conf; # https://warden.phares.duckdns.org # https://192.168.11.2:5008/
+include /etc/nginx/include/xandikos.conf; # https://xandikos.phares.duckdns.org # http://192.168.11.2:8000/
 # ssh root@free.file.sync.root -i C:/Users/phares/.ssh/id_ed25519

etc/systemd/system/snap.certbot.renew.service

@@ -1,16 +0,0 @@
-[Unit]
-# Auto-generated, DO NOT EDIT
-Description=Service for snap application certbot.renew
-Requires=snap-certbot-4193.mount
-Wants=network.target
-After=snap-certbot-4193.mount network.target snapd.apparmor.service
-X-Snappy=yes
-
-[Service]
-EnvironmentFile=-/etc/environment
-ExecStart=/usr/bin/snap run --timer="00:00~24:00/2" certbot.renew
-SyslogIdentifier=certbot.renew
-Restart=no
-WorkingDirectory=/var/snap/certbot/4193
-TimeoutStopSec=30
-Type=oneshot

etc/systemd/system/snap.certbot.renew.timer

@@ -1,14 +0,0 @@
-[Unit]
-# Auto-generated, DO NOT EDIT
-Description=Timer renew for snap application certbot.renew
-Requires=snap-certbot-4193.mount
-After=snap-certbot-4193.mount
-X-Snappy=yes
-
-[Timer]
-Unit=snap.certbot.renew.service
-OnCalendar=*-*-* 06:46
-OnCalendar=*-*-* 14:10
-
-[Install]
-WantedBy=timers.target

etc/ufw/user.rules

@@ -2,10 +2,102 @@
 :ufw-user-input - [0:0]
 :ufw-user-output - [0:0]
 :ufw-user-forward - [0:0]
+:ufw-before-logging-input - [0:0]
+:ufw-before-logging-output - [0:0]
+:ufw-before-logging-forward - [0:0]
+:ufw-user-logging-input - [0:0]
+:ufw-user-logging-output - [0:0]
+:ufw-user-logging-forward - [0:0]
+:ufw-after-logging-input - [0:0]
+:ufw-after-logging-output - [0:0]
+:ufw-after-logging-forward - [0:0]
+:ufw-logging-deny - [0:0]
+:ufw-logging-allow - [0:0]
 :ufw-user-limit - [0:0]
 :ufw-user-limit-accept - [0:0]
 ### RULES ###
+
+### tuple ### allow tcp 53 0.0.0.0/0 any 0.0.0.0/0 in comment=30312920444e5320544350
+-A ufw-user-input -p tcp --dport 53 -j ACCEPT
+
+### tuple ### allow udp 53 0.0.0.0/0 any 0.0.0.0/0 in comment=30322920444e5320554450
+-A ufw-user-input -p udp --dport 53 -j ACCEPT
+
+### tuple ### allow tcp 67 0.0.0.0/0 any 0.0.0.0/0 in comment=303329204448435020544350
+-A ufw-user-input -p tcp --dport 67 -j ACCEPT
+
+### tuple ### allow udp 67 0.0.0.0/0 any 0.0.0.0/0 in comment=303429204448435020554450
+-A ufw-user-input -p udp --dport 67 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 443 0.0.0.0/0 in comment=303529204854545053
+-A ufw-user-input -p tcp --sport 443 -j ACCEPT
+-A ufw-user-input -p udp --sport 443 -j ACCEPT
+
+### tuple ### allow any 443 0.0.0.0/0 any 0.0.0.0/0 in comment=303629204854545053
+-A ufw-user-input -p tcp --dport 443 -j ACCEPT
+-A ufw-user-input -p udp --dport 443 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 22 192.168.11.0/25 in comment=30372920535348
+-A ufw-user-input -p tcp -s 192.168.11.0/25 --sport 22 -j ACCEPT
+-A ufw-user-input -p udp -s 192.168.11.0/25 --sport 22 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 22 192.168.21.0/25 in comment=30382920535348
+-A ufw-user-input -p tcp -s 192.168.21.0/25 --sport 22 -j ACCEPT
+-A ufw-user-input -p udp -s 192.168.21.0/25 --sport 22 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 22 192.168.31.0/25 in comment=30392920535348
+-A ufw-user-input -p tcp -s 192.168.31.0/25 --sport 22 -j ACCEPT
+-A ufw-user-input -p udp -s 192.168.31.0/25 --sport 22 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 22 192.168.41.0/25 in comment=31302920535348
+-A ufw-user-input -p tcp -s 192.168.41.0/25 --sport 22 -j ACCEPT
+-A ufw-user-input -p udp -s 192.168.41.0/25 --sport 22 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 22 192.168.42.0/25 in comment=31312920535348
+-A ufw-user-input -p tcp -s 192.168.42.0/25 --sport 22 -j ACCEPT
+-A ufw-user-input -p udp -s 192.168.42.0/25 --sport 22 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 22 192.168.43.0/25 in comment=31322920535348
+-A ufw-user-input -p tcp -s 192.168.43.0/25 --sport 22 -j ACCEPT
+-A ufw-user-input -p udp -s 192.168.43.0/25 --sport 22 -j ACCEPT
+
+### tuple ### allow any 22 192.168.11.0/25 any 0.0.0.0/0 in comment=31332920535348
+-A ufw-user-input -p tcp -d 192.168.11.0/25 --dport 22 -j ACCEPT
+-A ufw-user-input -p udp -d 192.168.11.0/25 --dport 22 -j ACCEPT
+
+### tuple ### allow any 22 192.168.21.0/25 any 0.0.0.0/0 in comment=31342920535348
+-A ufw-user-input -p tcp -d 192.168.21.0/25 --dport 22 -j ACCEPT
+-A ufw-user-input -p udp -d 192.168.21.0/25 --dport 22 -j ACCEPT
+
+### tuple ### allow any 22 192.168.31.0/25 any 0.0.0.0/0 in comment=31352920535348
+-A ufw-user-input -p tcp -d 192.168.31.0/25 --dport 22 -j ACCEPT
+-A ufw-user-input -p udp -d 192.168.31.0/25 --dport 22 -j ACCEPT
+
+### tuple ### allow any 22 192.168.41.0/25 any 0.0.0.0/0 in comment=31362920535348
+-A ufw-user-input -p tcp -d 192.168.41.0/25 --dport 22 -j ACCEPT
+-A ufw-user-input -p udp -d 192.168.41.0/25 --dport 22 -j ACCEPT
+
+### tuple ### allow any 22 192.168.42.0/25 any 0.0.0.0/0 in comment=31372920535348
+-A ufw-user-input -p tcp -d 192.168.42.0/25 --dport 22 -j ACCEPT
+-A ufw-user-input -p udp -d 192.168.42.0/25 --dport 22 -j ACCEPT
+
+### tuple ### allow any 22 192.168.43.0/25 any 0.0.0.0/0 in comment=31382920535348
+-A ufw-user-input -p tcp -d 192.168.43.0/25 --dport 22 -j ACCEPT
+-A ufw-user-input -p udp -d 192.168.43.0/25 --dport 22 -j ACCEPT
+
+### END RULES ###
+
+### LOGGING ###
+-A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+-A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+-A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+-A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+### END LOGGING ###
+
+### RATE LIMITING ###
 -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] "
 -A ufw-user-limit -j REJECT
 -A ufw-user-limit-accept -j ACCEPT
+### END RATE LIMITING ###
 COMMIT

home/podman/.config/containers/systemd/2fauth-server-data.volume

@@ -0,0 +1 @@
+[Volume]

home/podman/.config/containers/systemd/2fauth-server.container

@@ -0,0 +1,173 @@
+[Container]
+# AutoUpdate=registry
+ContainerName=2fauth-server
+# You can change the name of the app
+Environment="APP_NAME=2FAuth"
+# You can leave this on "local". If you change it to production most console commands will ask for extra confirmation.
+# Never set it to "testing".
+Environment="APP_ENV=local"
+# The timezone for your application, which is used to record dates and times to database. This global setting can be
+# overridden by users via in-app settings for a personalised dates and times display.
+# If this setting is changed while the application is already running, existing records in the database won't be updated
+Environment="APP_TIMEZONE=UTC"
+# Set to true if you want to see debug information in error screens.
+Environment="APP_DEBUG=false"
+# This should be your email address
+Environment="SITE_OWNER=mikepharesjr@msn.com"
+# The encryption key for  our database and sessions. Keep this very secure.
+# If you generate a new one all existing data must be considered LOST.
+# Change it to a string of exactly 32 chars or use command `php artisan key:generate` to generate it
+Environment="APP_KEY=uvL37oiI1By0J#5t5kZwYB~17CXI2J9A"
+# This variable must match your installation's external address.
+# Webauthn won't work otherwise.
+# Environment="APP_URL=http://localhost"
+# Environment="APP_URL=http://192.168.11.2"
+# Environment="APP_URL=http://192.168.11.2:5015"
+Environment="APP_URL=https://2fauth.phares.duckdns.org"
+# If you want to serve js assets from a CDN (like https://cdn.example.com),
+# uncomment the following line and set this var with the CDN url.
+# Otherwise, let this line commented.
+# - ASSET_URL=http://localhost
+#
+# Turn this to true if you want your app to react like a demo.
+# The Demo mode reset the app content every hours and set a generic demo user.
+Environment="IS_DEMO_APP=false"
+# The log channel defines where your log entries go to.
+# 'daily' is the default logging mode giving you 7 daily rotated log files in /storage/logs/.
+# Also available are 'errorlog', 'syslog', 'stderr', 'papertrail', 'slack' and a 'stack' channel
+# to combine multiple channels into a single one.
+Environment="LOG_CHANNEL=daily"
+# Log level. You can set this from least severe to most severe:
+# debug, info, notice, warning, error, critical, alert, emergency
+# If you set it to debug your logs will grow large, and fast. If you set it to emergency probably
+# nothing will get logged, ever.
+Environment="LOG_LEVEL=notice"
+# Database config (can only be sqlite)
+Environment="DB_DATABASE=/srv/database/database.sqlite"
+# If you're looking for performance improvements, you could install memcached.
+Environment="CACHE_DRIVER=file"
+Environment="SESSION_DRIVER=file"
+# Mail settings
+# Refer your email provider documentation to configure your mail settings
+# Set a value for every available setting to avoid issue
+Environment="MAIL_MAILER=log"
+Environment="MAIL_HOST=smtp.centurylink.net"
+Environment="MAIL_PORT=587"
+Environment="MAIL_USERNAME=phares@centurylink.net"
+Environment="MAIL_PASSWORD=Q7rOkv6#YdLCx4SBvMIAw"
+Environment="MAIL_ENCRYPTION=null"
+Environment="MAIL_FROM_NAME=Mik Phares"
+Environment="MAIL_FROM_ADDRESS=noreply@phares.duckdns.org"
+# SSL peer verification.
+# Set this to false to disable the SSL certificate validation.
+# WARNING
+# Disabling peer verification can result in a major security flaw.
+# Change it only if you know what you're doing.
+Environment="MAIL_VERIFY_SSL_PEER=false"
+# API settings
+# The maximum number of API calls in a minute from the same IP.
+# Once reached, all requests from this IP will be rejected until the minute has elapsed.
+# Set to null to disable the API throttling.
+Environment="THROTTLE_API=60"
+# Authentication settings
+# The number of times per minute a user can fail to log in before being locked out.
+# Once reached, all login attempts will be rejected until the minute has elapsed.
+# This setting applies to both email/password and webauthn login attempts.
+Environment="LOGIN_THROTTLE=5"
+# The default authentication guard
+# Supported:
+#   'web-guard' : The Laravel built-in auth system (default if nulled)
+#   'reverse-proxy-guard' : When 2FAuth is deployed behind a reverse-proxy that handle authentication
+# WARNING
+# When using 'reverse-proxy-guard' 2FAuth only look for the dedicated headers and skip all other built-in
+# authentication checks. That means your proxy is fully responsible of the authentication process, 2FAuth will
+# trust him as long as headers are presents.
+Environment="AUTHENTICATION_GUARD=web-guard"
+# Authentication log retention time, in days.
+# Log entries older than that are automatically deleted.
+Environment="AUTHENTICATION_LOG_RETENTION=365"
+# Name of the HTTP headers sent by the reverse proxy that identifies the authenticated user at proxy level.
+# Check your proxy documentation to find out how these headers are named (i.e 'REMOTE_USER', 'REMOTE_EMAIL', etc...)
+# (only relevant when AUTHENTICATION_GUARD is set to 'reverse-proxy-guard')
+Environment="AUTH_PROXY_HEADER_FOR_USER=null"
+Environment="AUTH_PROXY_HEADER_FOR_EMAIL=null"
+# Custom logout URL to open when using an auth proxy.
+Environment="PROXY_LOGOUT_URL=null"
+# WebAuthn settings
+# Relying Party name, aka the name of the application. If blank, defaults to APP_NAME. Do not set to null.
+Environment="WEBAUTHN_NAME=2FAuth"
+# Relying Party ID, should equal the site domain (i.e 2fauth.example.com).
+# If null, the device will fill it internally (recommended)
+# See https://webauthn-doc.spomky-labs.com/prerequisites/the-relying-party#how-to-determine-the-relying-party-id
+Environment="WEBAUTHN_ID=null"
+# Use this setting to control how user verification behave during the
+# WebAuthn authentication flow.
+#
+# Most authenticators and smartphones will ask the user to actively verify
+# themselves for log in. For example, through a touch plus pin code,
+# password entry, or biometric recognition (e.g., presenting a fingerprint).
+# The intent is to distinguish one user from any other.
+#
+# Supported:
+#   'required': Will ALWAYS ask for user verification
+#   'preferred' (default) : Will ask for user verification IF POSSIBLE
+#   'discouraged' : Will NOT ask for user verification (for example, to minimize disruption to the user interaction flow)
+Environment="WEBAUTHN_USER_VERIFICATION=preferred"
+#### SSO settings (for Socialite) ####
+# Uncomment and complete lines for the OAuth providers you want to enable.
+# - OPENID_AUTHORIZE_URL=
+# - OPENID_TOKEN_URL=
+# - OPENID_USERINFO_URL=
+# - OPENID_CLIENT_ID=
+# - OPENID_CLIENT_SECRET=
+# - GITHUB_CLIENT_ID=
+# - GITHUB_CLIENT_SECRET=
+# Use this setting to declare trusted proxied.
+# Supported:
+#   '*': to trust any proxy
+#   A comma separated IP list: The list of proxies IP to trust
+Environment="TRUSTED_PROXIES=null"
+# Proxy for outgoing requests like new releases detection or logo fetching.
+# You can provide a proxy URL that contains a scheme, username, and password.
+# For example, "http://username:password@192.168.16.1:10".
+Environment="PROXY_FOR_OUTGOING_REQUESTS=null"
+# Leave the following configuration vars as is.
+# Unless you like to tinker and know what you're doing.
+Environment="BROADCAST_DRIVER=log"
+Environment="QUEUE_DRIVER=sync"
+Environment="SESSION_LIFETIME=120"
+Environment="REDIS_HOST=127.0.0.1"
+Environment="REDIS_PASSWORD=null"
+Environment="REDIS_PORT=6379"
+Environment="PUSHER_APP_ID="
+Environment="PUSHER_APP_KEY="
+Environment="PUSHER_APP_SECRET="
+Environment="PUSHER_APP_CLUSTER=mt1"
+Environment="VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}""
+Environment="VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}""
+Environment="MIX_ENV=local"
+Image=docker.io/2fauth/2fauth
+# Network=2fauth.network
+# Pod=2fauth.pod
+PublishPort=5015:44311
+Volume=2fauth-server-data:/2fauth:Z
+Volume=/home/podman/2fauth/nginx.conf:/etc/nginx/nginx.conf:ro
+Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro
+Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro
+
+[Service]
+Restart=no
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull docker.io/2fauth/2fauth
+# systemctl --user daemon-reload
+# systemctl --user start 2fauth-server
+# systemctl --user status 2fauth-server --lines=999
+# journalctl -fu 2fauth-server.service
+# podman logs 2fauth-server
+# systemctl --user stop 2fauth-server
+# systemctl --user disable 2fauth-server
+# podman exec -ti 2fauth-server /bin/sh
+# podman exec -ti 2fauth-server /bin/bash

home/podman/.config/containers/systemd/actual-server-data.volume

@@ -0,0 +1 @@
+[Volume]

home/podman/.config/containers/systemd/actual-server.container

@@ -0,0 +1,36 @@
+[Container]
+AutoUpdate=registry
+ContainerName=actual-server
+Environment="ACTUAL_HOSTNAME=0.0.0.0"
+# Environment="ACTUAL_HTTPS_CERT=/certs/server.cert"
+# Environment="ACTUAL_HTTPS_KEY=/certs/server"
+# Environment="ACTUAL_PORT=5006"
+# Environment="ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB=20"
+# Environment="ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB=20"
+# Environment="ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SYNC_SIZE_LIMIT_MB=50"
+Image=docker.io/actualbudget/actual-server:latest
+# Network=actual.network
+# Pod=actual.pod
+PublishPort=5013:5006
+Volume=/etc/localtime:/etc/localtime:ro
+Volume=/etc/timezone:/etc/timezone:ro
+Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro
+Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro
+Volume=actual-server-data.volume:/data:rw
+
+[Service]
+Restart=no
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull docker.io/actualbudget/actual-server:latest
+# systemctl --user daemon-reload
+# systemctl --user start actual-server
+# systemctl --user status actual-server --lines=999
+# journalctl -fu actual-server.service
+# podman logs actual-server
+# systemctl --user stop actual-server
+# systemctl --user disable actual-server
+# podman exec -ti actual-server /bin/sh
+# podman exec -ti actual-server /bin/bash

home/podman/.config/containers/systemd/authentik-db-data.volume

@@ -0,0 +1 @@
+[Volume]

home/podman/.config/containers/systemd/authentik-db.container

@@ -0,0 +1,36 @@
+[Container]
+# AutoUpdate=registry
+ContainerName=authentik-db
+Environment="POSTGRES_USER=authentik"
+Environment="POSTGRES_PASSWORD=OCxfxtWadNuXslBbfWw9c0JXLMu+bWngv+qk9Ya65sw="
+Environment="POSTGRES_DB=authentik"
+Environment="TZ=America/Phoenix"
+Image=docker.io/library/postgres:16.6
+HealthCmd=pg_isready -U authentik
+HealthInterval=30s
+HealthRetries=5
+HealthStartPeriod=20s
+HealthTimeout=3s
+# Network=authentik.network
+# Pod=authentik.pod
+PublishPort=5439:5432
+Volume=/etc/localtime:/etc/localtime:ro
+Volume=/etc/timezone:/etc/timezone:ro
+Volume=authentik-db-data:/data:Z
+
+[Service]
+Restart=no
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull docker.io/library/postgres:16.6
+# systemctl --user daemon-reload
+# systemctl --user start authentik-db
+# systemctl --user status authentik-db --lines=999
+# journalctl -fu authentik-db.service
+# podman logs authentik-db
+# systemctl --user stop authentik-db
+# systemctl --user disable authentik-db
+# podman exec -ti authentik-db /bin/sh
+# podman exec -ti authentik-db /bin/bash

home/podman/.config/containers/systemd/authentik-redis-data.volume

@@ -0,0 +1 @@
+[Volume]

home/podman/.config/containers/systemd/authentik-redis.container

@@ -0,0 +1,36 @@
+[Container]
+# AutoUpdate=registry
+ContainerName=authentik-redis
+Exec=--save 60 1 --loglevel warning
+# Environment="AUTHENTIK_REDIS__HOST=192.168.11.2"
+HealthCmd=/usr/local/bin/redis-cli ping || grep PONG
+HealthInterval=30s
+HealthRetries=5
+HealthStartPeriod=20s
+HealthTimeout=3s
+Image=docker.io/library/redis:7.4.1
+# Network=authentik.network
+# Pod=authentik.pod
+PublishPort=5021:6379
+Volume=authentik-redis-data:/data:Z
+
+[Service]
+Restart=no
+
+[Unit]
+Requires=authentik-db.service
+After=authentik-db.service
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull docker.io/library/redis:7.4.1
+# systemctl --user daemon-reload
+# systemctl --user start authentik-redis
+# systemctl --user status authentik-redis --lines=999
+# journalctl -fu authentik-redis.service
+# podman logs authentik-redis
+# systemctl --user stop authentik-redis
+# systemctl --user disable authentik-redis
+# podman exec -ti authentik-redis /bin/sh
+# podman exec -ti authentik-redis /bin/bash

home/podman/.config/containers/systemd/authentik-server-media.volume

@@ -0,0 +1 @@
+[Volume]

home/podman/.config/containers/systemd/authentik-server-templates.volume

@@ -0,0 +1 @@
+[Volume]

home/podman/.config/containers/systemd/authentik-server.container

@@ -0,0 +1,55 @@
+[Container]
+ContainerName=authentik-server
+Environment="AUTHENTIK_POSTGRESQL__CONN_MAX_AGE=0"
+Environment="AUTHENTIK_POSTGRESQL__HOST=192.168.11.2"
+Environment="AUTHENTIK_POSTGRESQL__NAME=authentik"
+Environment="AUTHENTIK_POSTGRESQL__PASSWORD=OCxfxtWadNuXslBbfWw9c0JXLMu+bWngv+qk9Ya65sw="
+Environment="AUTHENTIK_POSTGRESQL__PORT=5439"
+Environment="AUTHENTIK_POSTGRESQL__USER=authentik"
+Environment="AUTHENTIK_REDIS__HOST=192.168.11.2"
+Environment="AUTHENTIK_REDIS__PORT=5021"
+# (Required)  To generate a secret key run the following command:
+#             echo $(openssl rand -base64 32)
+Environment="AUTHENTIK_SECRET_KEY=mlZ57mWthun9b8SPaS7Ptl0bBQX4OvyRanbqdQ+5e/k="
+# (Optional)  Enable Error Reporting
+# Environment="AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false}"
+# (Optional)  Enable Email Sending
+# Environment="AUTHENTIK_EMAIL__HOST=smtp.centurylink.net"
+# Environment="AUTHENTIK_EMAIL__PORT=587"
+# Environment="AUTHENTIK_EMAIL__USERNAME=phares@centurylink.net"
+# Environment="AUTHENTIK_EMAIL__PASSWORD=Q7rOkv6#YdLCx4SBvMIAw"
+# Environment="AUTHENTIK_EMAIL__USE_TLS=false"
+# Environment="AUTHENTIK_EMAIL__USE_SSL=false"
+# Environment="AUTHENTIK_EMAIL__TIMEOUT=10"
+# Environment="AUTHENTIK_EMAIL__FROM=noreply@phares.duckdns.org"
+Exec=server
+Image=ghcr.io/goauthentik/server:2024.12.1
+PublishPort=5017:9000
+PublishPort=5018:9443
+Volume=/etc/localtime:/etc/localtime:ro
+Volume=/etc/timezone:/etc/timezone:ro
+Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro
+Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro
+Volume=authentik-server-media:/media:Z
+Volume=authentik-server-templates:/templates:Z
+
+[Service]
+Restart=no
+
+[Unit]
+Requires=authentik-worker.service
+After=authentik-worker.service
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull ghcr.io/goauthentik/server:2024.12.1
+# systemctl --user daemon-reload
+# systemctl --user start authentik-server
+# systemctl --user status authentik-server --lines=999
+# journalctl -fu authentik-server.service
+# podman logs authentik-server
+# systemctl --user stop authentik-server
+# systemctl --user disable authentik-server
+# podman exec -ti authentik-server /bin/sh
+# podman exec -ti authentik-server /bin/bash

home/podman/.config/containers/systemd/authentik-worker.container

@@ -0,0 +1,57 @@
+[Container]
+ContainerName=authentik-worker
+Environment="AUTHENTIK_POSTGRESQL__CONN_MAX_AGE=0"
+Environment="AUTHENTIK_POSTGRESQL__HOST=192.168.11.2"
+Environment="AUTHENTIK_POSTGRESQL__NAME=authentik"
+Environment="AUTHENTIK_POSTGRESQL__PASSWORD=OCxfxtWadNuXslBbfWw9c0JXLMu+bWngv+qk9Ya65sw="
+Environment="AUTHENTIK_POSTGRESQL__PORT=5439"
+Environment="AUTHENTIK_POSTGRESQL__USER=authentik"
+Environment="AUTHENTIK_REDIS__HOST=192.168.11.2"
+Environment="AUTHENTIK_REDIS__PORT=5021"
+# (Required)  To generate a secret key run the following command:
+#             echo $(openssl rand -base64 32)
+Environment="AUTHENTIK_SECRET_KEY=QvqdN5Pn4piWcoof1yPDa0FcaGnOL1gHAiSImJjEGZl6pypRgE2nCps8DTd4R9UHqfFuOtR9jhCelmQ2"
+# (Optional)  Enable Error Reporting
+# Environment="AUTHENTIK_ERROR_REPORTING__ENABLED=true"
+# (Optional)  Enable Email Sending
+# Environment="AUTHENTIK_EMAIL__HOST=smtp.centurylink.net"
+# Environment="AUTHENTIK_EMAIL__PORT=587"
+# Environment="AUTHENTIK_EMAIL__USERNAME=phares@centurylink.net"
+# Environment="AUTHENTIK_EMAIL__PASSWORD=Q7rOkv6#YdLCx4SBvMIAw"
+# Environment="AUTHENTIK_EMAIL__USE_TLS=false"
+# Environment="AUTHENTIK_EMAIL__USE_SSL=false"
+# Environment="AUTHENTIK_EMAIL__TIMEOUT=10"
+# Environment="AUTHENTIK_EMAIL__FROM=noreply@phares.duckdns.org"
+Exec=worker
+Image=ghcr.io/goauthentik/server:2024.12.1
+PublishPort=5019:9000
+PublishPort=5020:9443
+Volume=/etc/localtime:/etc/localtime:ro
+Volume=/etc/timezone:/etc/timezone:ro
+Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro
+Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro
+Volume=authentik-server-media:/media:Z
+Volume=authentik-server-templates:/templates:Z
+
+[Service]
+Restart=no
+
+[Unit]
+Requires=authentik-db.service
+Requires=authentik-redis.service
+After=authentik-db.service
+After=authentik-redis.service
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull ghcr.io/goauthentik/server:2024.12.1
+# systemctl --user daemon-reload
+# systemctl --user start authentik-worker
+# systemctl --user status authentik-worker --lines=999
+# journalctl -fu authentik-worker.service
+# podman logs authentik-worker
+# systemctl --user stop authentik-worker
+# systemctl --user disable authentik-worker
+# podman exec -ti authentik-worker /bin/sh
+# podman exec -ti authentik-worker /bin/bash

home/podman/.config/containers/systemd/gotify-server-data.volume

@@ -0,0 +1 @@
+[Volume]

home/podman/.config/containers/systemd/gotify-server.container

@@ -0,0 +1,28 @@
+[Container]
+# AutoUpdate=registry
+ContainerName=gotify-server
+Environment="TZ=America/Phoenix"
+Image=docker.io/gotify/server
+# Network=gotify.network
+# Pod=gotify.pod
+PublishPort=5016:80
+Volume=gotify-server-data.volume:/app/data:Z
+Volume=/etc/localtime:/etc/localtime:ro
+Volume=/etc/timezone:/etc/timezone:ro
+
+[Service]
+Restart=no
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull docker.io/gotify/server
+# systemctl --user daemon-reload
+# systemctl --user start gotify-server
+# systemctl --user status gotify-server --lines=999
+# journalctl -fu gotify-server.service
+# podman logs gotify-server
+# systemctl --user stop gotify-server
+# systemctl --user disable gotify-server
+# podman exec -ti gotify-server /bin/sh
+# podman exec -ti gotify-server /bin/bash

home/podman/.config/containers/systemd/immich-kiosk.container

@@ -1,7 +1,6 @@
 [Container]
 AutoUpdate=registry
 ContainerName=immich-kiosk
-
 Environment="TZ=America/Phoenix"
 # Required settings
 Environment="KIOSK_IMMICH_API_KEY=fLJoRERkcmFuSviMaAfsuINmvyXLFKu9HIICXP8I"

home/podman/.config/containers/systemd/mattermost-server.container

@@ -7,9 +7,9 @@ Environment="MM_SERVICESETTINGS_SITEURL=https://mattermost.phares.duckdns.org"
 Environment="MM_SQLSETTINGS_DATASOURCE=postgres://mmuser:mmuser_password@192.168.11.2:5436/mattermost?sslmode=disable&connect_timeout=10"
 Environment="MM_SQLSETTINGS_DRIVERNAME=postgres"
 Environment="TZ=US/Arizona"
-# HealthCmd="curl -f http://192.168.11.2:8443/api/v4/system/ping || exit 1"
+# HealthCmd=ls
-# HealthCmd="curl -f https://mattermost.phares.duckdns.org/api/v4/system/ping || exit 1"
+# HealthCmd=curl -f http://0.0.0.0:8065/api/v4/system/ping || exit 1
-HealthCmd="ls"
+# HealthCmd=curl -f https://mattermost.phares.duckdns.org/api/v4/system/ping || exit 1
 # Image=docker.io/mattermost/mattermost-team-edition:9.11.2
 Image=docker.io/mattermost/mattermost-team-edition:release-10.3
 # Network=mattermost.network
@@ -47,4 +47,4 @@ WantedBy=multi-user.target default.target
 # systemctl --user stop mattermost-server
 # systemctl --user disable mattermost-server
 # podman exec -ti mattermost-server /bin/sh
-# podman exec -ti mattermost-server /bin/bash
+# podman exec -ti mattermost-server /bin/bash

home/podman/.config/containers/systemd/mysleep.container

@@ -1,11 +0,0 @@
-[Unit]
-Description=The sleep container
-After=local-fs.target
-
-[Container]
-Image=registry.access.redhat.com/ubi9-minimal:latest
-Exec=sleep 1000
-
-[Install]
-# Start by default on boot
-WantedBy=multi-user.target default.target multi-user.target

home/podman/.config/containers/systemd/neko-server.container

@@ -1,32 +0,0 @@
-[Container]
-AutoUpdate=registry
-ContainerName=neko-server
-Environment="NEKO_SCREEN=1920x1080@30"
-Environment="NEKO_PASSWORD=neko"
-Environment="NEKO_PASSWORD_ADMIN=admin"
-Environment="NEKO_EPR=52000-52100"
-Environment="NEKO_NAT1TO1=192.168.11.2"
-Image=docker.io/m1k1o/neko:firefox
-# Network=neko.network
-# Pod=neko.pod
-PublishPort=8082:8080/tcp
-PublishPort=52000-52100:52000-52100/udp
-Volume=/etc/localtime:/etc/localtime:ro
-Volume=/etc/timezone:/etc/timezone:ro
-
-[Service]
-Restart=no
-
-[Install]
-WantedBy=multi-user.target default.target
-
-# podman pull docker.io/m1k1o/neko:firefox
-# systemctl --user daemon-reload
-# systemctl --user start neko-server
-# systemctl --user status neko-server
-# journalctl -fu neko-server.service
-# podman logs neko-server
-# systemctl --user stop neko-server
-# systemctl --user disable neko-server
-# podman exec -ti neko-server /bin/sh
-# podman exec -ti neko-server /bin/bash

home/podman/.config/containers/systemd/passed-server-data.volume

@@ -0,0 +1 @@
+[Volume]

home/podman/.config/containers/systemd/passed-server.container

@@ -0,0 +1,30 @@
+[Container]
+# AutoUpdate=registry
+ContainerName=passed-server
+Environment="PASSED_ADDRESS=:3000"
+Environment="PASSED_STORE_TYPE=dir"
+Environment="PASSED_STORE_DIR_PATH=/etc/passed"
+Image=git.1e99.eu/1e99/passed:latest
+# Network=passed.network
+# Pod=passed.pod
+PublishPort=5022:3000
+Volume=passed-server-data.volume:/etc/passed:Z
+Volume=/etc/localtime:/etc/localtime:ro
+Volume=/etc/timezone:/etc/timezone:ro
+
+[Service]
+Restart=no
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull git.1e99.eu/1e99/passed:latest
+# systemctl --user daemon-reload
+# systemctl --user start passed-server
+# systemctl --user status passed-server --lines=999
+# journalctl -fu passed-server.service
+# podman logs passed-server
+# systemctl --user stop passed-server
+# systemctl --user disable passed-server
+# podman exec -ti passed-server /bin/sh
+# podman exec -ti passed-server /bin/bash

home/podman/.config/containers/systemd/uptime-kuma-server.container

@@ -8,7 +8,12 @@ Image=docker.io/louislam/uptime-kuma:1
 # Network=uptime-kuma.network
 # Pod=uptime-kuma.pod
 PodmanArgs=--add-host=cockpit.phares.duckdns.org:192.168.11.2
+PodmanArgs=--add-host=gotify.phares.duckdns.org:192.168.11.2
+PodmanArgs=--add-host=kuma.phares.duckdns.org:192.168.11.2
 PodmanArgs=--add-host=mattermost.phares.duckdns.org:192.168.11.2
+PodmanArgs=--add-host=pgadmin.phares.duckdns.org:192.168.11.2
+PodmanArgs=--add-host=vaultwarden.phares.duckdns.org:192.168.11.2
+PodmanArgs=--add-host=warden.phares.duckdns.org:192.168.11.2
 PublishPort=3004:3001
 Volume=uptime-kuma-server-data.volume:/app/data:rw
 Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro
@@ -23,7 +28,7 @@ WantedBy=multi-user.target default.target
 # podman pull docker.io/louislam/uptime-kuma:1
 # systemctl --user daemon-reload
 # systemctl --user start uptime-kuma-server
-# systemctl --user status uptime-kuma-server
+# systemctl --user status uptime-kuma-server --lines=999
 # journalctl -fu uptime-kuma-server.service
 # podman logs uptime-kuma-server
 # systemctl --user stop uptime-kuma-server

var/spool/cron/crontabs/podman

@@ -0,0 +1,40 @@
+# DO NOT EDIT THIS FILE - edit the master and reinstall.
+# (/tmp/crontab.Ozl2NI/crontab installed on Fri Jan  3 22:08:52 2025)
+# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
+# DO NOT EDIT THIS FILE - edit the master and reinstall.
+# (/tmp/crontab.35buNM/crontab installed on Tue Dec  3 13:24:22 2024)
+# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
+# Edit this file to introduce tasks to be run by cron.
+#
+14 11 * * * podman volume export systemd-baikal-server-data --output /home/podman/cron-backup/baikal-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+15 11 * * * podman volume export systemd-blinko-server-data --output /home/podman/cron-backup/blinko-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+16 11 * * * podman volume export systemd-gitea-server-data --output /home/podman/cron-backup/gitea-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+17 11 * * * podman volume export systemd-linkwarden-server-data --output /home/podman/cron-backup/linkwarden-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+18 11 * * * podman volume export systemd-mattermost-server-data --output /home/podman/cron-backup/mattermost-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+19 11 * * * podman volume export systemd-odoo-server-data --output /home/podman/cron-backup/odoo-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+20 11 * * * podman volume export systemd-uptime-kuma-server-data --output /home/podman/cron-backup/uptime-kuma-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+21 11 * * * podman volume export systemd-xandikos-server-data --output /home/podman/cron-backup/xandikos-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+#
+22 11 * * * podman volume export systemd-baikal-server-config --output /home/podman/cron-backup/baikal-server-config-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+23 11 * * * podman volume export systemd-gitea-server-config --output /home/podman/cron-backup/gitea-server-config-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+24 11 23 * * podman volume export systemd-immich-server-upload --output /home/podman/cron-backup/immich-server-upload-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+25 11 * * * podman volume export systemd-mattermost-server-bleve --output /home/podman/cron-backup/mattermost-server-bleve-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+26 11 * * * podman volume export systemd-mattermost-server-client-plugins --output /home/podman/cron-backup/mattermost-server-client-plugins-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+27 11 * * * podman volume export systemd-mattermost-server-config --output /home/podman/cron-backup/mattermost-server-config-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+28 11 * * * podman volume export systemd-mattermost-server-logs --output /home/podman/cron-backup/mattermost-server-logs-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+29 11 * * * podman volume export systemd-mattermost-server-plugins --output /home/podman/cron-backup/mattermost-server-plugins-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+#
+30 11 * * * podman volume export systemd-pgadmin-data --output /home/podman/cron-backup/pgadmin-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+31 11 * * * podman volume export systemd-firefox-data --output /home/podman/cron-backup/firefox-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+32 11 * * * podman volume export systemd-immich-learning-cache --output /home/podman/cron-backup/immich-learning-cache-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+#
+13 12 * * * podman volume export systemd-blinko-db-data --output /home/podman/cron-backup/blinko-db-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+14 12 * * * podman volume export systemd-gitea-db-data --output /home/podman/cron-backup/gitea-db-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+15 12 * * * podman volume export systemd-immich-db-data --output /home/podman/cron-backup/immich-db-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+16 12 * * * podman volume export systemd-linkwarden-db-data --output /home/podman/cron-backup/linkwarden-db-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+17 12 * * * podman volume export systemd-mattermost-db-data --output /home/podman/cron-backup/mattermost-db-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+18 12 * * * podman volume export systemd-odoo-db-data --output /home/podman/cron-backup/odoo-db-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+19 12 * * * podman volume export systemd-vaultwarden-db-data --output /home/podman/cron-backup/vaultwarden-db-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+#
+20 12 * * * podman volume export systemd-gotify-server-data --output /home/podman/cron-backup/gotify-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
+21 12 * * * podman volume export systemd-2fauth-server-data --output /home/podman/cron-backup/2fauth-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar

var/spool/cron/crontabs/root

@@ -0,0 +1,10 @@
+# DO NOT EDIT THIS FILE - edit the master and reinstall.
+# (/tmp/crontab.CuxS5w/crontab installed on Sun Jan  5 11:20:46 2025)
+# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
+# Edit this file to introduce tasks to be run by cron.
+#
+*/5 * * * * /etc/duckdns/duck.sh >/dev/null 2>&1
+24 5 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
+# 25 13 * * * cd /root/jackyzha0-quartz-phares && /snap/bin/npx quartz build
+25 13 * * * cd /home/www-data/jackyzha0-quartz-phares && /snap/bin/npx quartz build
+01 14 * * * rsync --remove-source-files -av -e ssh /home/podman/cron-backup/ root@192.168.0.31:/home/podman/cron-backup-delete/