phares3757/linux-ubuntu-server
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

01-06-a

Browse Source
This commit is contained in:
Mike Phares 2025-01-06 18:26:44 -07:00
parent 70f6c099a9
commit 1c0b573f60
65 changed files with 1871 additions and 201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -55,6 +55,8 @@
!opt/copy/**/*
!opt/dockge/**/*.yaml
!var/spool/cron/crontabs/**/*
!root/**/*container
!home/podman/**/*volume
!home/podman/**/*container
@ -64,4 +66,4 @@
# !usr/local/etc/gogs/conf/app.ini
# !usr/local/etc/no-ip2.conf
# !var/snap/nextcloud/current/nextcloud/config/*
# !var/www/html/.well-known/acme-challenge/*
# !var/www/html/.well-known/acme-challenge/*

12
.vscode/settings.json vendored
View File

@ -2,25 +2,35 @@
"files.associations": {
"*.container": "ini",
"*.org": "ini",
"*.net": "ini"
"*.net": "ini",
"podman": "ini",
"default": "ini"
},
"cSpell.words": [
"ASPNETCORE",
"autoindex",
"bchs",
"blinko",
"dashkiosk",
"dockge",
"docmost",
"dorico",
"duckdns",
"fauth",
"fullchain",
"gitea",
"gogs",
"immich",
"journalctl",
"kestra",
"keyout",
"linkwarden",
"localtime",
"lphares",
"neko",
"newkey",
"odoo",
"personalised",
"pgadmin",
"phares",
"umbrel",

20
.vscode/tasks.json vendored Normal file
View File

@ -0,0 +1,20 @@
{
"version": "2.0.0",
"tasks": [
{
"label": "File-Folder-Helper AOT s X Day-Helper-2025-01-01",
"type": "shell",
"command": "L:/DevOps/Mesa_FI/File-Folder-Helper/bin/Release/net9.0/win-x64/publish/File-Folder-Helper.exe",
"args": [
"s",
"X",
"D:/6-Other-Large-Z/Linux-Ubuntu-Phares/home/podman/cron-backup",
"Day-Helper-2025-01-01",
"*.tar",
"-202",
"-Delete"
],
"problemMatcher": []
}
]
}

500
etc/bash_history_2024-01-03_podman.txt Normal file
View File

@ -0,0 +1,500 @@
podman exec -ti immich-to-slideshow-server /bin/bash
cp -R /var/www/html-slideshow/Images-c9dbce3b-Results/F\)Random/c9dbce3b/\[\]/* /var/www/html-slideshow/slideshow/random-results/
exit
ls -al /var/www/html-slideshow/slideshow/random-results
exit
podman exec -ti immich-to-slideshow-server /bin/bash
exit
systemctl --user start immich-to-slideshow-server
exit
exit
systemctl --user start immich-to-slideshow-server
podman exec -ti immich-to-slideshow-server /bin/bash
exit
systemctl --user start immich-to-slideshow-server
exit
podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest
systemctl --user start immich-to-slideshow-server
exit
podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest
systemctl --user start immich-to-slideshow-server
exit
systemctl --user start immich-to-slideshow-server
exit
systemctl --user start immich-to-slideshow-server
exit
podman exec -ti immich-to-slideshow-server /bin/bash
systemctl --user start immich-to-slideshow-server
podman exec -ti immich-to-slideshow-server /bin/bash
exit
systemctl --user start immich-to-slideshow-server
podman exec -ti immich-to-slideshow-server /bin/bash
exit
podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest
systemctl --user start immich-to-slideshow-server
exit
podman pull docker.io/damongolding/immich-kiosk:latest
exit
systemctl --user start immich-kiosk
exit
systemctl --user start immich-kiosk
exit
systemctl --user start immich-kiosk
exit
systemctl --user start immich-kiosk
exit
systemctl --user start immich-kiosk
exit
systemctl --user start immich-to-slideshow-server
systemctl --user status immich-to-slideshow-server
exit
systemctl --user status immich-to-slideshow-server
systemctl --user start immich-to-slideshow-server
nano ~/.microsoft/usersecrets/cc24ad7a-1d95-4c47-a3ea-0d8475ab06da/secrets.json
exit
podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest
exit
systemctl --user start immich-to-slideshow-server
exit
podman pull tananaev/traccar:latest
podman pull tananaev.org/traccar:latest
podman pull traccar.org/traccar:latest
podman pull docker.io/traccar/traccar:latest
exit
systemctl --user start traccar-server
systemctl --user status traccar-server --lines=999
ls -la /opt/traccar/
ls -la /opt/traccar/logs/
exit
systemctl --user status traccar-server --lines=999
systemctl --user start traccar-server
nano /opt/traccar/traccar.xml
exit
nano /opt/traccar/traccar.xml
systemctl --user start traccar-server
systemctl --user status traccar-server --lines=999
nano /opt/traccar/traccar.xml
nano /opt/traccar/traccar.xml
systemctl --user start traccar-server
systemctl --user status traccar-server --lines=999
podman pull ghcr.io/linkwarden/linkwarden:latest
podman pull ghcr.io/linkwarden/linkwarden:latest
podman pull docker.io/postgres:16-alpine
podman pull docker.io/postgres:16-alpine
podman pull ghcr.io/linkwarden/linkwarden:latest
podman pull ghcr.io/linkwarden/linkwarden:latest
exit
systemctl --user start linkwarden-db
systemctl --user start linkwarden-server
systemctl --user status linkwarden-server --lines=9999
exit
systemctl --user start linkwarden-server
systemctl --user status linkwarden-server --lines=9999
exit
systemctl --user start linkwarden-server
systemctl --user status linkwarden-server --lines=9999
exit
podman pull docker.io/blinkospace/blinko:latest
podman pull docker.io/postgres:14
systemctl --user start blinko-server
systemctl --user status blinko-server --lines=9999
systemctl --user start blinko-db
systemctl --user status blinko-db
systemctl --user start blinko-db
systemctl --user start blinko-server
systemctl --user status blinko-server --lines=9999
exit
podman volunme ls
podman volume ls
podman volume prune
podman volume ls
podman volume rm systemd-odoo-server-data
podman volume rm systemd-odoo-db-data
podman volume rm one-review_postgres_data
podman volume prune
podman volume rm systemd-vaultwarden-server-data
podman volume prune
exit
exit
exit
podman exec -ti mattermost-server /bin/bash
podman volume ls
podman volume inspect systemd-mattermost-server-config
nano /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/config.json
exit
systemctl --user start mattermost-server
systemctl --user status mattermost-server --lines=999
podman volume prune
systemctl --user start mattermost-server
systemctl --user status mattermost-server --lines=999
docker system prune --volumes
podman system prune --volumes
exit
systemctl --user start mattermost-server
systemctl --user status mattermost-server --lines=999
exit
systemctl --user start mattermost-server
systemctl --user status mattermost-server --lines=999
exit
systemctl --user start linkwarden-server
systemctl --user status linkwarden-server --lines=9999
podman volume prune
podman volume prune
podman image prune
podman image prune
podman container prune
podman volume prune
podman container prune
exit
exit
podman exec -ti linkwarden-server /bin/bash
podman pull docker.io/mattermost/mattermost-team-edition:release-10.3
podman pull docker.io/mattermost/mattermost-team-edition:release-10.3
exit
systemctl --user start mattermost-server
systemctl --user status mattermost-server --lines=999
exit
systemctl --user start mattermost-server
curl -f http://localhost:8065/api/v4/system/ping || exit 1
systemctl --user start mattermost-server
podman exec -ti mattermost-server /bin/sh
exit
systemctl --user start mattermost-server
exit
systemctl --user start mattermost-server
exit
systemctl --user start mattermost-server
exit
podman volume ls
podman volume prune
podman volume inspect systemd-blinko-server-data
sudo -i root
sudo -i
podman exec -ti blinko-server /bin/bash
podman exec -ti blinko-server /bin/sh
exit
sudo -i
exit
sudo -i
exit
exit
systemctl --user start linkwarden-server
exit
podman volume list
podman volume info systemd-blinko-server-data
podman volume systemd-blinko-server-data info
podman volume systemd-blinko-server-data
podman volume --help
podman volume inspect systemd-blinko-server-data
ls /home/podman/.local/share/containers/storage/volumes/systemd-blinko-server-data/_data
mkdir -p /home/podman/backup-blinko
podman volume export blinko-server-data --output /home/podman/backup-blinko/blinko-server-data.tar
podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/blinko-server-data.tar
podman volume export systemd-baikal-server-data --output /home/podman/backup-baikal/baikal-server-data.tar
mkdir -p /home/podman/backup-baikal
podman volume export systemd-baikal-server-data --output /home/podman/backup-baikal/baikal-server-data.tar
now=$(date +'%Y-%m-%d_%H-%M-%S')
podman volume export systemd-baikal-server-data --output /home/podman/backup-baikal/baikal-server-data-${now}.tar
crontab -e
exit
crontab -e
crontab -e
crontab -r
exit
podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"\%Y\%m\%d-\%H\%M\%S")'.tar'
exit
podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"%Y-%m-%d--%H-%M-%S")'.tar'
exit
crontab -e
exit
chrontab -e
crontab -e
crontab -e
exit
podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"%Y-%m-%d--%H-%M-%S")'.tar'
whereis podman
/usr/bin/podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"%Y-%m-%d--%H-%M-%S")'.tar'
crontab -e
crontab -e
crontab -e
grep CRON /var/log/syslog
nano /var/log/syslog
cat /var/log/syslog
exit
crontab -l
crontab -r
crontab -e
cat /etc/cron.allow
cat /etc/cron.d/cron.allow
crontab -l -u podman
nano /etc/cron. d/cron
nano /etc/cron
nano /etc/cron.d/cron.allow
crontab -r
crontab -l
exit
crontab -l
crontab -e
systemctl status cron
sudo -i
systemctl status cron
crontab -e
crontab -e
systemctl status cron
systemctl status cron
systemctl status cron
crontab -l
crontab -e
systemctl status cron
systemctl status cron
service cron status
crontab -e
service cron status
crontab -l
crontab -e
/home/podman/cron-backup
mkdir /home/podman/cron-backup
crontab -e
crontab -e
crontab -e
crontab -e
tar --list \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar
tar --list --file \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar
tar \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar
tar --list --file \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar /etc
tar -tf \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar
tar --list --file /home/podman/cron-backup/immich-server-upload-2024-12-23--11-24-01.tar
tar --list --file /home/podman/cron-backup/immich-server-upload-2024-12-23--11-24-01.tar thumbs/5f0b1052-466d-44de-a554-226d7256850d/33/c5/
crontab -e
tar --list --directory /home/podman/cron-backup/immich-server-upload-2024-12-23--11-24-01.tar
tar --list --file /home/podman/cron-backup/immich-server-upload-2024-12-23--11-24-01.tar
crontab -e
exit
systemctl --user start linkwarden-server
exit
podman pull docker.io/actualbudget/actual-server:latest
systemctl --user start actual-server
exit
exit
exit
exit
exit
systemctl --user start linkwarden-server
exit
id
exit
nano ~/.bash_profile
nano ~/.bash_profile
exit
exit
systemctl --user start uptime-kuma-server
exit
systemctl --user start uptime-kuma-server
podman pull docker.io/2fauth/2fauth
exit
systemctl --user start 2fauth-server
exit
systemctl --user start 2fauth-server
exit
systemctl --user start 2fauth-server
exit
podman volumn prune
podman volume prune
podman volume prune
exit
systemctl --user start 2fauth-server
exit
systemctl --user start 2fauth-server
systemctl --user status 2fauth-server
exit
systemctl --user start 2fauth-server
exit
exit
systemctl --user start 2fauth-server
exit
podman exec -ti 2fauth-server /bin/bash
podman exec -ti 2fauth-server /bin/sh
nc -zv localhost 8000
nc -zv localhost 443
podman exec -ti 2fauth-server /bin/sh
podman exec -ti 2fauth-server /bin/sh
nc -zv localhost 8000
nc -zv localhost 5015
nc -zv localhost 5016
nc -zv localhost 5015
nc -zv localhost 5015
systemctl --user start 2fauth-server
nc -zv localhost 5015
exit
podman exec -ti 2fauth-server /bin/sh
exit
systemctl --user start 2fauth-server
podman exec -ti 2fauth-server /bin/sh
exit
systemctl --user start 2fauth-server
exit
systemctl --user start 2fauth-server
exit
podman exec -ti 2fauth-server /bin/sh
exit
systemctl --user start 2fauth-server
podman exec -ti 2fauth-server /bin/sh
podman exec -ti 2fauth-server /bin/sh
exit
podman exec -ti 2fauth-server /bin/sh
exit
podman exec -ti 2fauth-server /bin/sh
systemctl --user start 2fauth-server
podman exec -ti 2fauth-server /bin/sh
exit
systemctl --user start 2fauth-server
exit
systemctl --user start 2fauth-server
exit
podman pull docker.io/gotify/server
systemctl --user start gotify-server
exiot
exit
systemctl --user start uptime-kuma-server
nano /etc/hostname
exit
podman pull ghcr.io/goauthentik/server:2024.12.1
exit
podman pull docker.io/library/redis:7.4.1
exit
podman pull docker.io/library/redis:7.4.1
exit
podman pull docker.io/library/postgres:16.6
exit
exit
systemctl --user start authentik-db
systemctl --user status authentik-db
exit
systemctl --user start authentik-db
systemctl --user status authentik-db
systemctl --user start authentik-redis
systemctl --user status authentik-redis
systemctl --user start authentik-worker
systemctl --user status authentik-worker
exit
systemctl --user status authentik-worker
exit
systemctl --user start authentik-worker
systemctl --user status authentik-worker
nc -zv localhost 5021
redis-cli ping
redis-cli -h localhost -p 6379 PING
redis-cli -h localhost -p 5021 PING
podman exec -ti authentik-redis /bin/bash
redis-cli -h localhost -p 5021 PING
exit
exit
systemctl --user start authentik-redis
systemctl --user status authentik-redis
exit
systemctl --user start authentik-redis
systemctl --user status authentik-redis
podman exec -ti authentik-redis /bin/bash
podman exec -ti authentik-redis /bin/sh
exit
exit
systemctl --user start authentik-redis
systemctl --user start authentik-redis
podman exec -ti authentik-redis /bin/sh
podman exec -ti authentik-redis /bin/bash
exit
exit
systemctl --user start authentik-redis
exit
systemctl --user start authentik-redis
systemctl --user start authentik-redis
exit
systemctl --user start authentik-redis
exit
systemctl --user start authentik-redis
podman exec -ti authentik-redis /bin/bash
exit
systemctl --user start authentik-redis
exit
systemctl --user start authentik-redis
exit
systemctl --user start mattermost-server
exit
systemctl --user status mattermost-server --lines=999
exit
systemctl --user start mattermost-server
systemctl --user status mattermost-server --lines=999
podman volume prune
exit
systemctl --user start mattermost-server
systemctl --user status mattermost-server --lines=999
exit
systemctl --user start mattermost-server
systemctl --user status mattermost-server --lines=999
exit
systemctl --user start mattermost-server
systemctl --user status mattermost-server --lines=999
exit
systemctl --user start mattermost-server
systemctl --user status mattermost-server --lines=999
systemctl --user start mattermost-server
systemctl --user status mattermost-server --lines=999
exit
systemctl --user start mattermost-server
systemctl --user status mattermost-server --lines=999
systemctl --user start mattermost-server
systemctl --user status mattermost-server --lines=999
exit
systemctl --user start mattermost-server
systemctl --user status mattermost-server --lines=999
exit
crontab -e
crontab -e
exit
crontab -e
exit
podman volume import systemd-mattermost-server-logs /home/podman/cron-backup/mattermost-server-logs-2024-12-23--11-28-01.tar
podman volume import systemd-mattermost-server-plugins /home/podman/cron-backup/mattermost-server-plugins-2024-12-23--11-29-02.tar
podman volume import systemd-mattermost-server-config /home/podman/cron-backup/mattermost-server-config-2024-12-23--11-27-01.tar
podman volume import systemd-mattermost-server-client-plugins /home/podman/cron-backup/mattermost-server-client-plugins-2024-12-23--11-26-01.tar
podman volume import systemd-mattermost-server-bleve /home/podman/cron-backup/mattermost-server-bleve-2024-12-23--11-25-01.tar
podman volume import systemd-mattermost-server-data /home/podman/cron-backup/mattermost-server-data-2024-12-23--11-18-01.tar
podman volume import systemd-mattermost-db-data /home/podman/cron-backup/mattermost-db-data-2024-12-24--12-17-01.tar
exit
systemctl --user start mattermost-server
systemctl --user start mattermost-db
exit
systemctl --user start mattermost-db
systemctl --user start mattermost-db
systemctl --user start mattermost-server
exit
systemctl --user status mattermost-server --lines=999
exit
podman volume import systemd-mattermost-db-data /home/podman/cron-backup/mattermost-db-data-2024-12-24--12-17-01.tar
podman volume import systemd-mattermost-server-data /home/podman/cron-backup/mattermost-server-data-2024-12-23--11-18-01.tar
podman volume import systemd-mattermost-server-bleve /home/podman/cron-backup/mattermost-server-bleve-2024-12-23--11-25-01.tar
podman volume import systemd-mattermost-server-client-plugins /home/podman/cron-backup/mattermost-server-client-plugins-2024-12-23--11-26-01.tar
podman volume import systemd-mattermost-server-config /home/podman/cron-backup/mattermost-server-config-2024-12-23--11-27-01.tar
podman volume import systemd-mattermost-server-plugins /home/podman/cron-backup/mattermost-server-plugins-2024-12-23--11-29-02.tar
podman volume import systemd-mattermost-server-logs /home/podman/cron-backup/mattermost-server-logs-2024-12-23--11-28-01.tar
exit
podman volume import systemd-mattermost-server-data /home/podman/cron-backup/mattermost-server-data-2024-12-23--11-18-01.tar
systemctl --user start mattermost-db
systemctl --user start mattermost-server
exit
systemctl --user start mattermost-server
podman exec -ti mattermost-server /bin/bash
exit
systemctl --user start mattermost-server
exit
exit
exit
/usr/libexec/podman/quadlet --user /home/podman/libexec-podman-quadlet-output
/usr/libexec/podman/quadlet -dryrun --user
exit
exit
exit
systemctl --user start mattermost-server
exit
systemctl --user status mattermost-server --lines=999
exit

500
etc/bash_history_2025-01-03.txt Normal file
View File

@ -0,0 +1,500 @@
mv /mnt/free-file-sync/iso/images-a/DisneyWorld\\\\ 2019/ /mnt/free-file-sync/iso/images-a/DisneyWorld\\ 2019/
mv /mnt/free-file-sync/iso/images-a/DisneyWorld\\\ 2019 /mnt/free-file-sync/iso/images-a/DisneyWorld\\ 2019/
rm -R /mnt/free-file-sync/iso/images-a/DisneyWorld\\\ 2019/
rm -R /mnt/free-file-sync/iso/images-a/All\\\ Pictures\\\ from\\\ Wedding\\\ Originals\\\ 2006
rm -R /mnt/free-file-sync/iso/images-a/All\\\ Pictures\\\ from\\\ Wedding\\\ Originals\\\ 2006\ \\\!9
exit
rm -R /mnt/free-file-sync/iso/images-a/Phares\\\ Slides\\\ ####
exit
mount /mnt/free-file-sync/iso/Edited.iso /mnt/iso-compare
mount /mnt/free-file-sync/iso/images-a/Edited/2024-12-18-17-56-37-119.iso /mnt/iso-compare
mount /mnt/free-file-sync/iso/images-a/Facebook/2024-12-18-17-32-32-487.iso /mnt/iso-compare
mount /mnt/free-file-sync/iso/images-a/All\ Pictures\ from\ Wedding\ Originals\ 2006/2024-12-18-18-10-19-693.iso /mnt/iso-compare
mount /mnt/free-file-sync/iso/images-a/Phares\ Slides\ ####/2024-12-18-18-13-54-579.iso /mnt/iso-compare
rm -R /mnt/free-file-sync/iso/images-a/Scanned\ Grandma\\\'s\ Quilt\ ####/
rm -R /mnt/free-file-sync/iso/images-a/Event
rm -R /mnt/free-file-sync/iso/images-a/Question/
mount /mnt/free-file-sync/iso/images-a/All\ Pictures\ from\ Wedding\ Originals\ 2006/2024-12-18-18-10-19-693.iso /mnt/iso-compare
rm -R /mnt/free-file-sync/iso/images-a/All\ Pictures\ from\ Wedding\ Originals\ 2006/
mount /mnt/free-file-sync/iso/images-a/Edited/2024-12-18-17-56-37-119.iso /mnt/iso-compare
umount /mnt/iso-compare
mount /mnt/free-file-sync/iso/images-a/Edited/2024-12-18-17-56-37-119.iso /mnt/iso-compare
umount /mnt/iso-compare
umount /mnt/iso-compare
umount /mnt/iso-compare
umount /mnt/iso-compare
umount /mnt/iso-compare
mount /mnt/free-file-sync/iso/images-a/Edited/2024-12-18-17-56-37-119.iso /mnt/iso-compare
umount /mnt/iso-compare
mount /mnt/free-file-sync/iso/images-a/Facebook/2024-12-18-17-32-32-487.iso /mnt/iso-compare
umount /mnt/iso-compare
umount /mnt/iso-compare
mount /mnt/free-file-sync/iso/images-a/Facebook/2024-12-18-17-32-32-487.iso /mnt/iso-compare
umount /mnt/iso-compare
umount /mnt/iso-compare
rm -R /mnt/free-file-sync/iso/images-a/Facebook
mount /mnt/free-file-sync/iso/images-a/Rex\ Memorial\ ####/2024-12-18-18-15-40-537.iso /mnt/iso-compare
umount /mnt/iso-compare
umount /mnt/iso-compare
mount /mnt/free-file-sync/iso/images-a/Scanned\ Norman\ Herman/2024-12-18-18-15-43-097.iso /mnt/iso-compare
umount /mnt/iso-compare
rm -R /mnt/free-file-sync/iso/images-a/Scanned*
rm -R /mnt/free-file-sync/iso/images-a/Phares\ Slides\ ####/
umount /mnt/iso-compare
umount /mnt/iso-compare
mount /mnt/free-file-sync/iso/images-a/DisneyWorld\ 2019/2024-12-18-18-42-26-222.iso /mnt/iso-compare
umount /mnt/iso-compare
umount /mnt/iso-compare
exit
ls -al /mnt/free-file-sync/iso/images-a
rm -R /mnt/free-file-sync/iso/images-a/Slide in N*
rm -R /mnt/free-file-sync/iso/images-a/Slide\\ in\\ N*
ls -al /mnt/free-file-sync/iso/images-a/Sli*
ls -al /mnt/free-file-sync/iso/images-a/Slide *
ls -al /mnt/free-file-sync/iso/images-a/Slide\\ *
ls -al /mnt/free-file-sync/iso/images-a
rm -R /mnt/free-file-sync/iso/images-a/'Slide in Name Order Originals \(622\) ####'
mkdir /mnt/free-file-sync/iso/videos-b
exit
lsblk
lsblk -o NAME,SIZE,TYPE,FSUSED,FSUSE%
rm /mnt/free-file-sync/iso/videos-b/Home\ Videos\ 1998\ -\ 2002/2024-12-18-19-49-52-202.iso
lsblk -o NAME,SIZE,TYPE,FSUSED,FSUSE%
exit
nano /root/.ssh/authorized_keys
exit
nano /root/.ssh/authorized_keys
exit
nano /root/.ssh/authorized_keys
exit
nano /root/.ssh/authorized_keys
nano /root/.ssh/authorized_keys
exit
exit
exit
lsblk
lsblk -o NAME,SIZE,TYPE,FSUSED,FSUSE%,MOUNTPOINT
exit
lsblk -b -o NAME,SIZE,TYPE,VENDOR,MODEL,SERIAL,MOUNTPOINT
lsblk -o NAME,SIZE,TYPE,FSUSED,FSUSE%,MOUNTPOINT
exit
reboot
aptget update
apt-get update
apt-get upgrade
ls
nano t
nano t
exit
sudo -iu podman
exit
mv -R /home/lphares/gdrive/ /mnt/free-file-sync/logan-google-drive
mv /home/lphares/gdrive/ /mnt/free-file-sync/logan-google-drive
mv /mnt/free-file-sync/logan-google-drive /mnt/free-file-sync/google-drive-logan
exit
nano /root/.ssh/authorized_keys
exit
sudo -iu podman
crontab -e
sudo -iu podman
/etc/duckdns/duck.sh >/dev/null 2>&1
"/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
cd /root/jackyzha0-quartz-phares && /snap/bin/npx quartz build
cd /
podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"\%Y\%m\%d-\%H\%M\%S")'.tar'
sudo -iu podman
ls /home/podman/backup-blinko/
sudo -iu podman
ls /home/podman/backup-blinko/
rm /home/podman/backup-blinko/*
ls /home/podman/backup-blinko/
sudo -iu podman
exit
ls /home/podman/backup-blinko/
exit
sudo -iu podman
nano /run/podman/podman.sock
ls /run/podman/podman.sock
sudo -iu podman
cat /var/log/syslog
grep "ERROR" /var/log/cron
sudo -iu podman
crontab -e
crontab -l
crontab -e
crontab -l
systemctl status cron
crontab -e
systemctl status cron
systemctl status cron
systemctl status cron
systemctl status cron
systemctl status cron
systemctl log cron
systemctl status cron
systemctl status cron
crontab -e
systemctl status cron
ls /home/podman/backup-blinko/
ls /home/podman/backup-blinko/
systemctl status cron
crontab -e
systemctl status cron
sudo -iu podman
exit
snap list vaultwarden
reboot
nginx -t
nginx -s reload
exit
sudo -iu podman
exit
sudo -iu podman
exit
su lphares
exit
exit
exit
exit
exit
nginx -t
nginx -t
nginx -s reload
nginx -t
ls -la /home/lphares/dorico
ls -la /home/lphares
ls -la /home/lphares/dorico/
nginx -t
nginx -s reload
nginx -s reload
ls /var/www/html-
nginx -s reload
nginx -t
ls /etc/netplan/
nginx -s reload
nginx -s reload
nginx -s reload
nginx -t
nginx -t
nginx -s reload
nginx -s reload
ls /etc/ModemManager/ -la
ls /etc/ModemManager -la
ls /etc/ModemManager
ls /etc/ModemManager -
ls /etc/ModemManager -l
ls /etc/ModemManager --time-style
ls /etc/ModemManager -lT
ls /etc/ModemManager --time-style=full
ls /etc/ModemManager/ --time-style=full
ls /etc/ModemManager/
ls /etc/ModemManager -l -T
ls /etc/ModemManager -l --time-style=+"%b %d %Y %H:%M:%S"
ls /etc/ModemManager/ -l --time-style=+"%b %d %Y %H:%M:%S"
ls /etc/ModemManager/ -l --time-style=+"%b %d %Y %H:%M:%S%zz"
ls /etc/ModemManager/ -l --time-style=+"%b %d %Y %H:%M:%S %z"
ls /etc/ModemManager/ -l --time-style=+"%b %d %Y %HH:%M:%S %z"
ls /etc/ModemManager/ -l --time-style=+"%b %d %Y %h:%M:%S %z"
ls /etc/ModemManager/ -l --time-style=+"%b %d %Y %H:%M:%S %z"
ls /etc/ModemManager/ -la -D '%Y-%m-%dT%H:%M:%S'
ls /etc/ModemManager/ -la -D '%Y-%m-%dT %H:%M:%S'
nginx -t
nginx -s reload
ufw status
ufw number status
ufw numbered status
ufw status numbered
ufw active
ufw enable
ufw status numbered
ls
ufw disable
ip a
ufw allow 53/tcp comment "01) DNS TCP"
ufw status numbered
ufw allow 53/udp comment "02) DNS UDP"
ufw allow 67/tcp comment "03) DHCP TCP"
ufw allow 67/udp comment "04) DHCP UDP"
ufw allow from 0.0.0.0/0 to any port 443/tcp comment "05) HTTPS"
ufw allow from 192.168.11.0/25 to any port 22/tcp comment "06) SSH"
ufw allow from 192.168.21.0/25 to any port 22/tcp comment "07) SSH"
ufw allow from 192.168.31.0/25 to any port 22/tcp comment "08) SSH"
ufw allow from 192.168.41.0/25 to any port 22/tcp comment "09) SSH"
ufw allow from 192.168.42.0/25 to any port 22/tcp comment "10) SSH"
ufw allow from 192.168.43.0/25 to any port 22/tcp comment "11) SSH"
ufw allow to 0.0.0.0/0 port 22/tcp comment "12) SSH"
ufw enable
ufw status numbered
ufw disable
ufw allow from 0.0.0.0/0 443/tcp comment "05) HTTPS"
ufw allow from 0.0.0.0/0 port 443/tcp comment "05) HTTPS"
ufw allow from 0.0.0.0/0 port 443 comment "05) HTTPS"
ufw reset
ufw status numbered
ufw allow port 53/tcp comment "01) DNS TCP"
ufw allow 53/tcp comment "01) DNS TCP"
ufw allow 53/udp comment "02) DNS UDP"
ufw allow 67/tcp comment "03) DHCP TCP"
ufw allow 67/udp comment "04) DHCP UDP"
ufw allow from 0.0.0.0/0 port 443/tcp comment "05) HTTPS"
ufw allow from 192.168.11.0/25 port 22/tcp comment "06) SSH"
ufw allow from 192.168.21.0/25 port 22/tcp comment "07) SSH"
ufw allow from 192.168.31.0/25 port 22/tcp comment "08) SSH"
ufw allow from 192.168.41.0/25 port 22/tcp comment "09) SSH"
ufw allow from 192.168.42.0/25 port 22/tcp comment "10) SSH"
ufw allow from 192.168.43.0/25 port 22/tcp comment "11) SSH"
ufw allow to 0.0.0.0/0 port 22/tcp comment "12) SSH"
ufw allow from 0.0.0.0/0 port 443/tcp comment "05) HTTPS"
ufw allow from 0.0.0.0/0 443/tcp comment "05) HTTPS"
ufw allow from 0.0.0.0/0 port 443 comment "05) HTTPS"
ufw reset
ufw allow 53/tcp comment "01) DNS TCP"
ufw allow 53/udp comment "02) DNS UDP"
ufw allow 67/tcp comment "03) DHCP TCP"
ufw allow 67/udp comment "04) DHCP UDP"
ufw allow from 0.0.0.0/0 443/tcp comment "05) HTTPS"
ufw allow from 0.0.0.0/0 443 comment "05) HTTPS"
ufw allow from 0.0.0.0/0 443 comment "05) HTTPS"
ufw allow from 0.0.0.0/0 port 443 comment "05) HTTPS"
ufw allow from 192.168.11.0/25 port 22 comment "06) SSH"
ufw allow from 192.168.21.0/25 port 22 comment "07) SSH"
ufw allow from 192.168.31.0/25 port 22 comment "08) SSH"
ufw allow from 192.168.41.0/25 port 22 comment "09) SSH"
ufw allow from 192.168.42.0/25 port 22 comment "10) SSH"
ufw allow from 192.168.43.0/25 port 22 comment "11) SSH"
ufw allow to 0.0.0.0/0 port 22 comment "12) SSH"
ufw enable
ufw status numbered
ufw delete 12
ufw status numbered
ufw disable
ufw allow to 192.168.11.0/25 port 22 comment "12) SSH"
ufw allow to 192.168.21.0/25 port 22 comment "13) SSH"
ufw allow to 192.168.31.0/25 port 22 comment "14) SSH"
ufw allow to 192.168.41.0/25 port 22 comment "15) SSH"
ufw allow to 192.168.42.0/25 port 22 comment "16) SSH"
ufw allow to 192.168.43.0/25 port 22 comment "17) SSH"
ufw enable
ufw status numbered
ufw status numbered
ufw disable
cat /etc/passwd
top
pcap
ps -ef | grep cr[o]n
ps -ef | grep nginx
usermod -a -G lphares www-data
exit
chmod -R 774 /home/lphares/dorico
nginx -t
nginx -s reload
nginx -s reload
rm -r /home/lphares/dorico
su lphares
exit
exit
exit
ufw status numbered
ufw enabled
ufw enable
ufw status numbered
ufw disable
ufw allow from 0.0.0.0/0 port 443 comment "18) HTTPS"
ufw enable
ufw disable
ufw reset
ufw disable
ufw allow 53/tcp comment "01) DNS TCP"
ufw allow 53/udp comment "02) DNS UDP"
ufw allow 67/tcp comment "03) DHCP TCP"
ufw allow 67/udp comment "04) DHCP UDP"
ufw allow from 0.0.0.0/0 port 443 comment "05) HTTPS"
ufw allow to 0.0.0.0/0 port 443 comment "06) HTTPS"
ufw enable
ufw allow from 192.168.11.0/25 port 22 comment "07) SSH"
ufw allow from 192.168.21.0/25 port 22 comment "08) SSH"
ufw allow from 192.168.31.0/25 port 22 comment "09) SSH"
ufw allow from 192.168.41.0/25 port 22 comment "10) SSH"
ufw allow from 192.168.42.0/25 port 22 comment "11) SSH"
ufw allow from 192.168.43.0/25 port 22 comment "12) SSH"
ufw allow to 192.168.11.0/25 port 22 comment "13) SSH"
ufw allow to 192.168.21.0/25 port 22 comment "14) SSH"
ufw allow to 192.168.31.0/25 port 22 comment "15) SSH"
ufw allow to 192.168.41.0/25 port 22 comment "16) SSH"
ufw allow to 192.168.42.0/25 port 22 comment "17) SSH"
ufw allow to 192.168.43.0/25 port 22 comment "18) SSH"
ufw enable
ufw status numbered
exit
ufw disable
top[
top
systemctl list-timers
systemctl list-timers
apt-get remove certbot
snap remove certbot
systemctl list-timers
exit
sudo -iu podman
sudo -iu podman
sudo -iu podman
reboot
sudo -iu podman
exit
exit
grep sshd.\*Failed /var/log/auth.log | less
grep sshd.\*Failed /var/log/auth.log | less
grep sshd.\* /var/log/auth.log
grep sshd.\*publickey /var/log/auth.log | less
grep sshd.\*publickey /var/log/auth.log
grep sshd.\*publickey /var/log/auth.log | less
apt update
apt install fail2ban -y
systemctl status fail2ban.service
cd /etc/fail2ban
ls
head -20 jail.conf
cp jail.conf jail.local
nano jail.local
nano jail.local
nano jail.local
systemctl enable fail2ban
systemctl start fail2ban
systemctl status fail2ban
reboot
apt-get update
apt upgrade
sudo -iu podman
exit
snap info adguard-home
exit
tail /var/log/auth.log -f
exit
ufw status numbered
exit
ip a
exit
id
su phares
su podman
exit
exit
exit
sudo -iu podman
exit
sudo -iu podman
sudo -iu podman
sudo -iu podman
nginx -t
nginx -s reload
nginx -t
nginx -s reload
nginx -t
nginx -s reload
nginx -t
nginx -s reload
exit
ip a
ip a l | grep inet6
cat /proc/sys/net/ipv6/conf/all/disable_ipv6
cat /proc/sys/net/ipv6/conf/all/disable_ipv6
cat /boot/firmware/cmdline.txt
nano /boot/firmware/cmdline.txt
exit
snap restart adguard-home
exit
nano /etc/duckdns/duck.sh
exit
nano /etc/duckdns/duck.sh
cat duck.log
chmod 700 /etc/duckdns/duck.sh
cd /etc/duckdns
./duck.sh
cat duck.log
ps -ef | grep cr[o]n
crontab -e
cat duck.log
xit
exit
sudo -iu podman
sudo -iu podman
sudo -iu podman
nginx -t
nginx -s reload
nginx -s reload
sudo -iu podman
sudo -iu podman
nginx -t
nginx -s reload
links http://192.168.11.2:5015/
sudo -iu podman
sudo -iu podman
links http://192.168.11.2:5015/
sudo -iu podman
links http://192.168.11.2:5015/
sudo -iu podman
sudo -iu podman
links http://192.168.11.2:5015/
links http://192.168.11.2:5015/
sudo -iu podman
nginx -t
nginx -s reload
links http://192.168.11.2:5015/
sudo -iu podman
chown podman:podman /home/podman/2fauth -R
sudo -iu podman
sudo -iu podman
chown podman:podman /home/podman/2fauth -R
sudo -iu podman
nginx -t
nginx -s reload
sudo -iu podman
sudo -iu podman
nc -zv localhost 5015
sudo -iu podman
sudo -iu podman
sudo -iu podman
sudo -iu podman
exit
nano /home/persa/.ssh/authorized_keys
nano /home/persa/.ssh/authorized_keys
nano /root/.ssh/authorized_keys
exit
nano /root/.ssh/authorized_keys
nano /home/lphares/.ssh/authorized_keys
nano /home/bmiller/.ssh/authorized_keys
nano /home/podman/.ssh/authorized_keys
exit
nano /home/podman/.ssh/authorized_keys
nano /home/bmiller/.ssh/authorized_keys
nano /home/lphares/.ssh/authorized_keys
nano /root/.ssh/authorized_keys
nano /home/persa/.ssh/authorized_keys
nano /home/phares/.ssh/authorized_keys
exit\
exit
sudo -iu podman
nano /etc/hostname
nano /etc/hosts
exit
nginx -t
nginx -s reload
sudo -iu podman
nginx -t
nginx -s reload
nginx -t
nginx -s reload
nginx -t
nginx -t
nginx -s reload
nginx -s reload
nginx -t
nginx -s reload
nginx -t
nginx -s reload
nginx -t
nginx -s reload
nginx -s reload
nginx -t
reboot
exit

2
etc/group
View File

@ -59,7 +59,7 @@ fwupd-refresh:x:989:
netdev:x:110:
phares:x:1001:
podman:x:1000:
lphares:x:1003:bmiller,persa
lphares:x:1003:bmiller,persa,www-data
bmiller:x:1004:
unbound:x:111:
cockpit-ws:x:112:

2
etc/group-
View File

@ -68,7 +68,7 @@ pcp:x:988:
persa:x:1002:
redis:x:114:
swtpm:x:115:
libvirt:x:116:phares,podman
libvirt:x:116:phares,podman,libvirtdbus
libvirt-qemu:x:64055:libvirt-qemu
libvirt-dnsmasq:x:117:
libvirtdbus:x:118:

2
etc/gshadow
View File

@ -59,7 +59,7 @@ fwupd-refresh:!*::
netdev:!::
phares:!::
podman:!::
lphares:!::bmiller,persa
lphares:!::bmiller,persa,www-data
bmiller:!::
unbound:!::
cockpit-ws:!::

2
etc/gshadow-
View File

@ -68,7 +68,7 @@ pcp:!::
persa:!::
redis:!::
swtpm:!::
libvirt:!::phares,podman
libvirt:!::phares,podman,libvirtdbus
libvirt-qemu:!::libvirt-qemu
libvirt-dnsmasq:!::
libvirtdbus:!::

2
etc/hosts
View File

@ -1,5 +1,5 @@
127.0.0.1 localhost
127.0.1.1 trigkey-green-g4
127.0.1.1 phares.duckdns.org
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback

20
etc/nginx/include/2fauth.conf Normal file
View File

@ -0,0 +1,20 @@
server {
# touch /etc/nginx/include/2fauth.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/2fauth.phares.duckdns.org.key -out /etc/nginx/include/2fauth.phares.duckdns.org.crt -config /etc/nginx/include/2fauth.phares.duckdns.org
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name 2fauth.phares.duckdns.org;
client_max_body_size 5000m;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://192.168.11.2:5015/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}

20
etc/nginx/include/actual.conf Normal file
View File

@ -0,0 +1,20 @@
server {
# touch /etc/nginx/include/actual.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/actual.phares.duckdns.org.key -out /etc/nginx/include/actual.phares.duckdns.org.crt -config /etc/nginx/include/actual.phares.duckdns.org
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name actual.phares.duckdns.org;
client_max_body_size 5000m;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://192.168.11.2:5013/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}

8
etc/nginx/include/adguard.conf
View File

@ -1,9 +1,9 @@
server {
# touch /etc/nginx/include/adguard.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/adguard.phares.duckdns.org.key -out /etc/nginx/include/adguard.phares.duckdns.org.crt -config /etc/nginx/include/adguard.phares.duckdns.org
ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name adguard.phares.duckdns.org;
@ -13,7 +13,7 @@ server {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://192.168.11.2:3002/;
proxy_pass https://192.168.11.2:5014/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}

23
etc/nginx/include/authentik.conf Normal file
View File

@ -0,0 +1,23 @@
server {
# touch /etc/nginx/include/authentik.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/authentik.phares.duckdns.org.key -out /etc/nginx/include/authentik.phares.duckdns.org.crt -config /etc/nginx/include/authentik.phares.duckdns.org
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name authentik.phares.duckdns.org;
client_max_body_size 5000m;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://192.168.11.2:5018/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
proxy_connect_timeout 600s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

6
etc/nginx/include/baikal.conf
View File

@ -1,9 +1,9 @@
server {
# touch /etc/nginx/include/baikal.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/baikal.phares.duckdns.org.key -out /etc/nginx/include/baikal.phares.duckdns.org.crt -config /etc/nginx/include/baikal.phares.duckdns.org
ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name baikal.phares.duckdns.org;

6
etc/nginx/include/blinko.conf
View File

@ -1,9 +1,9 @@
server {
# touch /etc/nginx/include/blinko.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/blinko.phares.duckdns.org.key -out /etc/nginx/include/blinko.phares.duckdns.org.crt -config /etc/nginx/include/blinko.phares.duckdns.org
ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name blinko.phares.duckdns.org;

6
etc/nginx/include/cockpit.conf
View File

@ -1,9 +1,9 @@
server {
# touch /etc/nginx/include/cockpit.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/cockpit.phares.duckdns.org.key -out /etc/nginx/include/cockpit.phares.duckdns.org.crt -config /etc/nginx/include/cockpit.phares.duckdns.org
ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name cockpit.phares.duckdns.org;

6
etc/nginx/include/dashkiosk.conf
View File

@ -1,9 +1,9 @@
server {
# touch /etc/nginx/include/dashkiosk.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/dashkiosk.phares.duckdns.org.key -out /etc/nginx/include/dashkiosk.phares.duckdns.org.crt -config /etc/nginx/include/dashkiosk.phares.duckdns.org
ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name dashkiosk.phares.duckdns.org;

17
etc/nginx/include/dorico.conf Normal file
View File

@ -0,0 +1,17 @@
server {
# touch /etc/nginx/include/dorico.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/dorico.phares.duckdns.org.key -out /etc/nginx/include/dorico.phares.duckdns.org.crt -config /etc/nginx/include/dorico.phares.duckdns.org
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name dorico.phares.duckdns.org;
root /home/lphares/dorico;
# usermod -a -G lphares www-data
location / {
autoindex on;
disable_symlinks on;
autoindex_format json;
}
}

6
etc/nginx/include/firefox.conf
View File

@ -1,9 +1,9 @@
server {
# touch /etc/nginx/include/firefox.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/firefox.phares.duckdns.org.key -out /etc/nginx/include/firefox.phares.duckdns.org.crt -config /etc/nginx/include/firefox.phares.duckdns.org
ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name firefox.phares.duckdns.org;

6
etc/nginx/include/gitea.conf
View File

@ -1,9 +1,9 @@
server {
# touch /etc/nginx/include/gitea.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/gitea.phares.duckdns.org.key -out /etc/nginx/include/gitea.phares.duckdns.org.crt -config /etc/nginx/include/gitea.phares.duckdns.org
ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name gitea.phares.duckdns.org;

23
etc/nginx/include/gotify.conf Normal file
View File

@ -0,0 +1,23 @@
server {
# touch /etc/nginx/include/gotify.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/gotify.phares.duckdns.org.key -out /etc/nginx/include/gotify.phares.duckdns.org.crt -config /etc/nginx/include/gotify.phares.duckdns.org
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name gotify.phares.duckdns.org;
client_max_body_size 5000m;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://192.168.11.2:5016/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
proxy_connect_timeout 600s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

6
etc/nginx/include/immich-kiosk.conf
View File

@ -1,9 +1,9 @@
server {
# touch /etc/nginx/include/immich-kiosk.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/immich-kiosk.phares.duckdns.org.key -out /etc/nginx/include/immich-kiosk.phares.duckdns.org.crt -config /etc/nginx/include/immich-kiosk.phares.duckdns.org
ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name immich-kiosk.phares.duckdns.org;

6
etc/nginx/include/immich-to-slideshow.conf
View File

@ -1,9 +1,9 @@
server {
# touch /etc/nginx/include/immich-to-slideshow.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/immich-to-slideshow.phares.duckdns.org.key -out /etc/nginx/include/immich-to-slideshow.phares.duckdns.org.crt -config /etc/nginx/include/immich-to-slideshow.phares.duckdns.org
ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name immich-to-slideshow.phares.duckdns.org;

6
etc/nginx/include/immich.conf
View File

@ -1,9 +1,9 @@
server {
# touch /etc/nginx/include/immich.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/immich.phares.duckdns.org.key -out /etc/nginx/include/immich.phares.duckdns.org.crt -config /etc/nginx/include/immich.phares.duckdns.org
ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name immich.phares.duckdns.org;

6
etc/nginx/include/kuma.conf
View File

@ -1,9 +1,9 @@
server {
# touch /etc/nginx/include/kuma.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/kuma.phares.duckdns.org.key -out /etc/nginx/include/kuma.phares.duckdns.org.crt -config /etc/nginx/include/kuma.phares.duckdns.org
ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name kuma.phares.duckdns.org;

6
etc/nginx/include/linkwarden.conf
View File

@ -1,9 +1,9 @@
server {
# touch /etc/nginx/include/linkwarden.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/linkwarden.phares.duckdns.org.key -out /etc/nginx/include/linkwarden.phares.duckdns.org.crt -config /etc/nginx/include/linkwarden.phares.duckdns.org
ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name linkwarden.phares.duckdns.org;

6
etc/nginx/include/mattermost.conf
View File

@ -1,9 +1,9 @@
server {
# touch /etc/nginx/include/mattermost.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/mattermost.phares.duckdns.org.key -out /etc/nginx/include/mattermost.phares.duckdns.org.crt -config /etc/nginx/include/mattermost.phares.duckdns.org
ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name mattermost.phares.duckdns.org;

24
etc/nginx/include/neko.conf
View File

@ -1,24 +0,0 @@
server {
# touch /etc/nginx/include/neko.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/neko.phares.duckdns.org.key -out /etc/nginx/include/neko.phares.duckdns.org.crt -config /etc/nginx/include/neko.phares.duckdns.org
ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name neko.phares.duckdns.org;
location / {
# https://neko.m1k1o.net/#/getting-started/reverse-proxy
proxy_pass http://192.168.11.2:8082/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Protocol $scheme;
}
}

6
etc/nginx/include/odoo.conf
View File

@ -1,9 +1,9 @@
server {
# touch /etc/nginx/include/odoo.ddns.net
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/odoo.ddns.net.key -out /etc/nginx/include/odoo.ddns.net.crt -config /etc/nginx/include/odoo.ddns.net
ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name odoo.phares.duckdns.org;

23
etc/nginx/include/passed.conf Normal file
View File

@ -0,0 +1,23 @@
server {
# touch /etc/nginx/include/passed.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/passed.phares.duckdns.org.key -out /etc/nginx/include/passed.phares.duckdns.org.crt -config /etc/nginx/include/passed.phares.duckdns.org
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name passed.phares.duckdns.org;
client_max_body_size 5000m;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://192.168.11.2:5022/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
proxy_connect_timeout 600s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

6
etc/nginx/include/pgadmin.conf
View File

@ -1,9 +1,9 @@
server {
# touch /etc/nginx/include/pgadmin.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/pgadmin.phares.duckdns.org.key -out /etc/nginx/include/pgadmin.phares.duckdns.org.crt -config /etc/nginx/include/pgadmin.phares.duckdns.org
ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name pgadmin.phares.duckdns.org;

6
etc/nginx/include/phares.conf
View File

@ -19,9 +19,9 @@ server {
server {
# touch /etc/nginx/include/phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/phares.duckdns.org.key -out /etc/nginx/include/phares.duckdns.org.crt -config /etc/nginx/include/phares.duckdns.org
ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name phares.duckdns.org;

6
etc/nginx/include/quartz.conf
View File

@ -10,9 +10,9 @@ server {
server {
# touch /etc/nginx/include/quartz.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/quartz.phares.duckdns.org.key -out /etc/nginx/include/quartz.phares.duckdns.org.crt -config /etc/nginx/include/quartz.phares.duckdns.org
ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name quartz.phares.duckdns.org;

6
etc/nginx/include/slideshow.conf
View File

@ -11,9 +11,9 @@ server {
server {
# touch /etc/nginx/include/slideshow.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/slideshow.phares.duckdns.org.key -out /etc/nginx/include/slideshow.phares.duckdns.org.crt -config /etc/nginx/include/slideshow.phares.duckdns.org
ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name slideshow.phares.duckdns.org;

6
etc/nginx/include/vaultwarden.conf
View File

@ -1,9 +1,9 @@
server {
# touch /etc/nginx/include/vaultwarden.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/vaultwarden.phares.duckdns.org.key -out /etc/nginx/include/vaultwarden.phares.duckdns.org.crt -config /etc/nginx/include/vaultwarden.phares.duckdns.org
ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
# server_tokens off;

6
etc/nginx/include/warden.conf
View File

@ -1,9 +1,9 @@
server {
# touch /etc/nginx/include/warden.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/warden.phares.duckdns.org.key -out /etc/nginx/include/warden.phares.duckdns.org.crt -config /etc/nginx/include/warden.phares.duckdns.org
ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
# server_tokens off;

6
etc/nginx/include/xandikos.conf
View File

@ -1,9 +1,9 @@
server {
# touch /etc/nginx/include/xandikos.phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/xandikos.phares.duckdns.org.key -out /etc/nginx/include/xandikos.phares.duckdns.org.crt -config /etc/nginx/include/xandikos.phares.duckdns.org
ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name xandikos.phares.duckdns.org;

58
etc/nginx/sites-available/default
View File

@ -1,33 +1,9 @@
include /etc/nginx/include/adguard.conf; # https://adguard.phares.duckdns.org # http://192.168.11.2:3002/
include /etc/nginx/include/affirm.conf; # https://*.affirm.duckdns.org # /var/www/html-affirm
include /etc/nginx/include/baikal.conf; # https://baikal.phares.duckdns.org # http://192.168.11.2:8001/
include /etc/nginx/include/bchs.conf; # https://*.bchs.duckdns.org # /var/www/html-bchs
include /etc/nginx/include/blinko.conf; # https://blinko.phares.duckdns.org # http://192.168.11.2:5012/
include /etc/nginx/include/cockpit.conf; # https://cockpit.phares.duckdns.org # https://127.0.0.1:9090/
include /etc/nginx/include/dashkiosk.conf; # https://dashkiosk.phares.duckdns.org # http://192.168.11.2:9400/
include /etc/nginx/include/firefox.conf; # https://firefox.phares.duckdns.org # http://192.168.11.2:5800/
include /etc/nginx/include/gitea.conf; # https://gitea.phares.duckdns.org # http://192.168.11.2:3000/
include /etc/nginx/include/immich-kiosk.conf; # https://immich-kiosk.phares.duckdns.org # http://192.168.11.2:5010/
include /etc/nginx/include/immich-to-slideshow.conf; # https://immich-to-slideshow.phares.duckdns.org # http://192.168.11.2:5009/
include /etc/nginx/include/immich.conf; # https://immich.phares.duckdns.org # http://192.168.11.2:3001/
include /etc/nginx/include/kuma.conf; # https://kuma.phares.duckdns.org # https://192.168.11.2:3004/
include /etc/nginx/include/linkwarden.conf; # https://linkwarden.phares.duckdns.org # http://192.168.11.2:5011/
include /etc/nginx/include/mattermost.conf; # https://mattermost.phares.duckdns.org # https://192.168.11.2:8443/
include /etc/nginx/include/neko.conf; # https://neko.phares.duckdns.org # http://192.168.11.2:8082/
include /etc/nginx/include/odoo.conf; # https://odoo.phares.duckdns.org # http://192.168.11.2:8069/
include /etc/nginx/include/pgadmin.conf; # https://pgadmin.phares.duckdns.org # https://192.168.11.2:5007/
include /etc/nginx/include/phares.conf; # https://phares.duckdns.org # /var/www/html-nginx
include /etc/nginx/include/quartz.conf; # https://quartz.phares.duckdns.org # /var/www/html-quartz
include /etc/nginx/include/slideshow.conf; # https://slideshow.phares.duckdns.org # /var/www/html-slideshow
include /etc/nginx/include/vaultwarden.conf; # https://vaultwarden.phares.duckdns.org # https://192.168.11.2:5008/
include /etc/nginx/include/warden.conf; # https://warden.phares.duckdns.org # https://192.168.11.2:5008/
include /etc/nginx/include/xandikos.conf; # https://xandikos.phares.duckdns.org # http://192.168.11.2:8000/
server {
# touch /etc/nginx/include/phares.duckdns.org
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/phares.duckdns.org.key -out /etc/nginx/include/phares.duckdns.org.crt -config /etc/nginx/include/phares.duckdns.org
ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
# ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
ssl_certificate /home/podman/wild-phares/fullchain.cer;
# ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
ssl_protocols TLSv1.2 TLSv1.3;
listen 443 ssl http2;
server_name *.phares.duckdns.org;
@ -37,4 +13,32 @@ server {
try_files $uri $uri.html $uri/ =404;
}
}
include /etc/nginx/include/2fauth.conf; # https://2fauth.phares.duckdns.org # https://192.168.11.2:5015/
include /etc/nginx/include/adguard.conf; # https://adguard.phares.duckdns.org # http://192.168.11.2:5014/
include /etc/nginx/include/authentik.conf; # https://authentik.phares.duckdns.org # https://192.168.11.2:5018/
include /etc/nginx/include/affirm.conf; # https://*.affirm.duckdns.org # /var/www/html-affirm
include /etc/nginx/include/baikal.conf; # https://baikal.phares.duckdns.org # http://192.168.11.2:8001/
include /etc/nginx/include/bchs.conf; # https://*.bchs.duckdns.org # /var/www/html-bchs
include /etc/nginx/include/blinko.conf; # https://blinko.phares.duckdns.org # http://192.168.11.2:5012/
include /etc/nginx/include/cockpit.conf; # https://cockpit.phares.duckdns.org # https://127.0.0.1:9090/
include /etc/nginx/include/dashkiosk.conf; # https://dashkiosk.phares.duckdns.org # http://192.168.11.2:9400/
include /etc/nginx/include/dorico.conf; # https://dorico.phares.duckdns.org # /home/lphares/dorico
include /etc/nginx/include/firefox.conf; # https://firefox.phares.duckdns.org # http://192.168.11.2:5800/
include /etc/nginx/include/gitea.conf; # https://gitea.phares.duckdns.org # http://192.168.11.2:3000/
include /etc/nginx/include/gotify.conf; # https://gotify.phares.duckdns.org # http://192.168.11.2:5016/
include /etc/nginx/include/immich-kiosk.conf; # https://immich-kiosk.phares.duckdns.org # http://192.168.11.2:5010/
include /etc/nginx/include/immich-to-slideshow.conf; # https://immich-to-slideshow.phares.duckdns.org # http://192.168.11.2:5009/
include /etc/nginx/include/immich.conf; # https://immich.phares.duckdns.org # http://192.168.11.2:3001/
include /etc/nginx/include/kuma.conf; # https://kuma.phares.duckdns.org # https://192.168.11.2:3004/
include /etc/nginx/include/linkwarden.conf; # https://linkwarden.phares.duckdns.org # http://192.168.11.2:5011/
include /etc/nginx/include/mattermost.conf; # https://mattermost.phares.duckdns.org # https://192.168.11.2:8443/
include /etc/nginx/include/odoo.conf; # https://odoo.phares.duckdns.org # http://192.168.11.2:8069/
include /etc/nginx/include/passed.conf; # https://passed.phares.duckdns.org # http://192.168.11.2:5022/
include /etc/nginx/include/pgadmin.conf; # https://pgadmin.phares.duckdns.org # https://192.168.11.2:5007/
include /etc/nginx/include/phares.conf; # https://phares.duckdns.org # /var/www/html-nginx
include /etc/nginx/include/quartz.conf; # https://quartz.phares.duckdns.org # /var/www/html-quartz
include /etc/nginx/include/slideshow.conf; # https://slideshow.phares.duckdns.org # /var/www/html-slideshow
include /etc/nginx/include/vaultwarden.conf; # https://vaultwarden.phares.duckdns.org # https://192.168.11.2:5008/
include /etc/nginx/include/warden.conf; # https://warden.phares.duckdns.org # https://192.168.11.2:5008/
include /etc/nginx/include/xandikos.conf; # https://xandikos.phares.duckdns.org # http://192.168.11.2:8000/
# ssh root@free.file.sync.root -i C:/Users/phares/.ssh/id_ed25519

16
etc/systemd/system/snap.certbot.renew.service
View File

@ -1,16 +0,0 @@
[Unit]
# Auto-generated, DO NOT EDIT
Description=Service for snap application certbot.renew
Requires=snap-certbot-4193.mount
Wants=network.target
After=snap-certbot-4193.mount network.target snapd.apparmor.service
X-Snappy=yes
[Service]
EnvironmentFile=-/etc/environment
ExecStart=/usr/bin/snap run --timer="00:00~24:00/2" certbot.renew
SyslogIdentifier=certbot.renew
Restart=no
WorkingDirectory=/var/snap/certbot/4193
TimeoutStopSec=30
Type=oneshot

14
etc/systemd/system/snap.certbot.renew.timer
View File

@ -1,14 +0,0 @@
[Unit]
# Auto-generated, DO NOT EDIT
Description=Timer renew for snap application certbot.renew
Requires=snap-certbot-4193.mount
After=snap-certbot-4193.mount
X-Snappy=yes
[Timer]
Unit=snap.certbot.renew.service
OnCalendar=*-*-* 06:46
OnCalendar=*-*-* 14:10
[Install]
WantedBy=timers.target

92
etc/ufw/user.rules
View File

@ -2,10 +2,102 @@
:ufw-user-input - [0:0]
:ufw-user-output - [0:0]
:ufw-user-forward - [0:0]
:ufw-before-logging-input - [0:0]
:ufw-before-logging-output - [0:0]
:ufw-before-logging-forward - [0:0]
:ufw-user-logging-input - [0:0]
:ufw-user-logging-output - [0:0]
:ufw-user-logging-forward - [0:0]
:ufw-after-logging-input - [0:0]
:ufw-after-logging-output - [0:0]
:ufw-after-logging-forward - [0:0]
:ufw-logging-deny - [0:0]
:ufw-logging-allow - [0:0]
:ufw-user-limit - [0:0]
:ufw-user-limit-accept - [0:0]
### RULES ###
### tuple ### allow tcp 53 0.0.0.0/0 any 0.0.0.0/0 in comment=30312920444e5320544350
-A ufw-user-input -p tcp --dport 53 -j ACCEPT
### tuple ### allow udp 53 0.0.0.0/0 any 0.0.0.0/0 in comment=30322920444e5320554450
-A ufw-user-input -p udp --dport 53 -j ACCEPT
### tuple ### allow tcp 67 0.0.0.0/0 any 0.0.0.0/0 in comment=303329204448435020544350
-A ufw-user-input -p tcp --dport 67 -j ACCEPT
### tuple ### allow udp 67 0.0.0.0/0 any 0.0.0.0/0 in comment=303429204448435020554450
-A ufw-user-input -p udp --dport 67 -j ACCEPT
### tuple ### allow any any 0.0.0.0/0 443 0.0.0.0/0 in comment=303529204854545053
-A ufw-user-input -p tcp --sport 443 -j ACCEPT
-A ufw-user-input -p udp --sport 443 -j ACCEPT
### tuple ### allow any 443 0.0.0.0/0 any 0.0.0.0/0 in comment=303629204854545053
-A ufw-user-input -p tcp --dport 443 -j ACCEPT
-A ufw-user-input -p udp --dport 443 -j ACCEPT
### tuple ### allow any any 0.0.0.0/0 22 192.168.11.0/25 in comment=30372920535348
-A ufw-user-input -p tcp -s 192.168.11.0/25 --sport 22 -j ACCEPT
-A ufw-user-input -p udp -s 192.168.11.0/25 --sport 22 -j ACCEPT
### tuple ### allow any any 0.0.0.0/0 22 192.168.21.0/25 in comment=30382920535348
-A ufw-user-input -p tcp -s 192.168.21.0/25 --sport 22 -j ACCEPT
-A ufw-user-input -p udp -s 192.168.21.0/25 --sport 22 -j ACCEPT
### tuple ### allow any any 0.0.0.0/0 22 192.168.31.0/25 in comment=30392920535348
-A ufw-user-input -p tcp -s 192.168.31.0/25 --sport 22 -j ACCEPT
-A ufw-user-input -p udp -s 192.168.31.0/25 --sport 22 -j ACCEPT
### tuple ### allow any any 0.0.0.0/0 22 192.168.41.0/25 in comment=31302920535348
-A ufw-user-input -p tcp -s 192.168.41.0/25 --sport 22 -j ACCEPT
-A ufw-user-input -p udp -s 192.168.41.0/25 --sport 22 -j ACCEPT
### tuple ### allow any any 0.0.0.0/0 22 192.168.42.0/25 in comment=31312920535348
-A ufw-user-input -p tcp -s 192.168.42.0/25 --sport 22 -j ACCEPT
-A ufw-user-input -p udp -s 192.168.42.0/25 --sport 22 -j ACCEPT
### tuple ### allow any any 0.0.0.0/0 22 192.168.43.0/25 in comment=31322920535348
-A ufw-user-input -p tcp -s 192.168.43.0/25 --sport 22 -j ACCEPT
-A ufw-user-input -p udp -s 192.168.43.0/25 --sport 22 -j ACCEPT
### tuple ### allow any 22 192.168.11.0/25 any 0.0.0.0/0 in comment=31332920535348
-A ufw-user-input -p tcp -d 192.168.11.0/25 --dport 22 -j ACCEPT
-A ufw-user-input -p udp -d 192.168.11.0/25 --dport 22 -j ACCEPT
### tuple ### allow any 22 192.168.21.0/25 any 0.0.0.0/0 in comment=31342920535348
-A ufw-user-input -p tcp -d 192.168.21.0/25 --dport 22 -j ACCEPT
-A ufw-user-input -p udp -d 192.168.21.0/25 --dport 22 -j ACCEPT
### tuple ### allow any 22 192.168.31.0/25 any 0.0.0.0/0 in comment=31352920535348
-A ufw-user-input -p tcp -d 192.168.31.0/25 --dport 22 -j ACCEPT
-A ufw-user-input -p udp -d 192.168.31.0/25 --dport 22 -j ACCEPT
### tuple ### allow any 22 192.168.41.0/25 any 0.0.0.0/0 in comment=31362920535348
-A ufw-user-input -p tcp -d 192.168.41.0/25 --dport 22 -j ACCEPT
-A ufw-user-input -p udp -d 192.168.41.0/25 --dport 22 -j ACCEPT
### tuple ### allow any 22 192.168.42.0/25 any 0.0.0.0/0 in comment=31372920535348
-A ufw-user-input -p tcp -d 192.168.42.0/25 --dport 22 -j ACCEPT
-A ufw-user-input -p udp -d 192.168.42.0/25 --dport 22 -j ACCEPT
### tuple ### allow any 22 192.168.43.0/25 any 0.0.0.0/0 in comment=31382920535348
-A ufw-user-input -p tcp -d 192.168.43.0/25 --dport 22 -j ACCEPT
-A ufw-user-input -p udp -d 192.168.43.0/25 --dport 22 -j ACCEPT
### END RULES ###
### LOGGING ###
-A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
-A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
### END LOGGING ###
### RATE LIMITING ###
-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT
-A ufw-user-limit-accept -j ACCEPT
### END RATE LIMITING ###
COMMIT

1
home/podman/.config/containers/systemd/2fauth-server-data.volume Normal file
View File

@ -0,0 +1 @@
[Volume]

173
home/podman/.config/containers/systemd/2fauth-server.container Normal file
View File

@ -0,0 +1,173 @@
[Container]
# AutoUpdate=registry
ContainerName=2fauth-server
# You can change the name of the app
Environment="APP_NAME=2FAuth"
# You can leave this on "local". If you change it to production most console commands will ask for extra confirmation.
# Never set it to "testing".
Environment="APP_ENV=local"
# The timezone for your application, which is used to record dates and times to database. This global setting can be
# overridden by users via in-app settings for a personalised dates and times display.
# If this setting is changed while the application is already running, existing records in the database won't be updated
Environment="APP_TIMEZONE=UTC"
# Set to true if you want to see debug information in error screens.
Environment="APP_DEBUG=false"
# This should be your email address
Environment="SITE_OWNER=mikepharesjr@msn.com"
# The encryption key for our database and sessions. Keep this very secure.
# If you generate a new one all existing data must be considered LOST.
# Change it to a string of exactly 32 chars or use command `php artisan key:generate` to generate it
Environment="APP_KEY=uvL37oiI1By0J#5t5kZwYB~17CXI2J9A"
# This variable must match your installation's external address.
# Webauthn won't work otherwise.
# Environment="APP_URL=http://localhost"
# Environment="APP_URL=http://192.168.11.2"
# Environment="APP_URL=http://192.168.11.2:5015"
Environment="APP_URL=https://2fauth.phares.duckdns.org"
# If you want to serve js assets from a CDN (like https://cdn.example.com),
# uncomment the following line and set this var with the CDN url.
# Otherwise, let this line commented.
# - ASSET_URL=http://localhost
#
# Turn this to true if you want your app to react like a demo.
# The Demo mode reset the app content every hours and set a generic demo user.
Environment="IS_DEMO_APP=false"
# The log channel defines where your log entries go to.
# 'daily' is the default logging mode giving you 7 daily rotated log files in /storage/logs/.
# Also available are 'errorlog', 'syslog', 'stderr', 'papertrail', 'slack' and a 'stack' channel
# to combine multiple channels into a single one.
Environment="LOG_CHANNEL=daily"
# Log level. You can set this from least severe to most severe:
# debug, info, notice, warning, error, critical, alert, emergency
# If you set it to debug your logs will grow large, and fast. If you set it to emergency probably
# nothing will get logged, ever.
Environment="LOG_LEVEL=notice"
# Database config (can only be sqlite)
Environment="DB_DATABASE=/srv/database/database.sqlite"
# If you're looking for performance improvements, you could install memcached.
Environment="CACHE_DRIVER=file"
Environment="SESSION_DRIVER=file"
# Mail settings
# Refer your email provider documentation to configure your mail settings
# Set a value for every available setting to avoid issue
Environment="MAIL_MAILER=log"
Environment="MAIL_HOST=smtp.centurylink.net"
Environment="MAIL_PORT=587"
Environment="MAIL_USERNAME=phares@centurylink.net"
Environment="MAIL_PASSWORD=Q7rOkv6#YdLCx4SBvMIAw"
Environment="MAIL_ENCRYPTION=null"
Environment="MAIL_FROM_NAME=Mik Phares"
Environment="MAIL_FROM_ADDRESS=noreply@phares.duckdns.org"
# SSL peer verification.
# Set this to false to disable the SSL certificate validation.
# WARNING
# Disabling peer verification can result in a major security flaw.
# Change it only if you know what you're doing.
Environment="MAIL_VERIFY_SSL_PEER=false"
# API settings
# The maximum number of API calls in a minute from the same IP.
# Once reached, all requests from this IP will be rejected until the minute has elapsed.
# Set to null to disable the API throttling.
Environment="THROTTLE_API=60"
# Authentication settings
# The number of times per minute a user can fail to log in before being locked out.
# Once reached, all login attempts will be rejected until the minute has elapsed.
# This setting applies to both email/password and webauthn login attempts.
Environment="LOGIN_THROTTLE=5"
# The default authentication guard
# Supported:
# 'web-guard' : The Laravel built-in auth system (default if nulled)
# 'reverse-proxy-guard' : When 2FAuth is deployed behind a reverse-proxy that handle authentication
# WARNING
# When using 'reverse-proxy-guard' 2FAuth only look for the dedicated headers and skip all other built-in
# authentication checks. That means your proxy is fully responsible of the authentication process, 2FAuth will
# trust him as long as headers are presents.
Environment="AUTHENTICATION_GUARD=web-guard"
# Authentication log retention time, in days.
# Log entries older than that are automatically deleted.
Environment="AUTHENTICATION_LOG_RETENTION=365"
# Name of the HTTP headers sent by the reverse proxy that identifies the authenticated user at proxy level.
# Check your proxy documentation to find out how these headers are named (i.e 'REMOTE_USER', 'REMOTE_EMAIL', etc...)
# (only relevant when AUTHENTICATION_GUARD is set to 'reverse-proxy-guard')
Environment="AUTH_PROXY_HEADER_FOR_USER=null"
Environment="AUTH_PROXY_HEADER_FOR_EMAIL=null"
# Custom logout URL to open when using an auth proxy.
Environment="PROXY_LOGOUT_URL=null"
# WebAuthn settings
# Relying Party name, aka the name of the application. If blank, defaults to APP_NAME. Do not set to null.
Environment="WEBAUTHN_NAME=2FAuth"
# Relying Party ID, should equal the site domain (i.e 2fauth.example.com).
# If null, the device will fill it internally (recommended)
# See https://webauthn-doc.spomky-labs.com/prerequisites/the-relying-party#how-to-determine-the-relying-party-id
Environment="WEBAUTHN_ID=null"
# Use this setting to control how user verification behave during the
# WebAuthn authentication flow.
#
# Most authenticators and smartphones will ask the user to actively verify
# themselves for log in. For example, through a touch plus pin code,
# password entry, or biometric recognition (e.g., presenting a fingerprint).
# The intent is to distinguish one user from any other.
#
# Supported:
# 'required': Will ALWAYS ask for user verification
# 'preferred' (default) : Will ask for user verification IF POSSIBLE
# 'discouraged' : Will NOT ask for user verification (for example, to minimize disruption to the user interaction flow)
Environment="WEBAUTHN_USER_VERIFICATION=preferred"
#### SSO settings (for Socialite) ####
# Uncomment and complete lines for the OAuth providers you want to enable.
# - OPENID_AUTHORIZE_URL=
# - OPENID_TOKEN_URL=
# - OPENID_USERINFO_URL=
# - OPENID_CLIENT_ID=
# - OPENID_CLIENT_SECRET=
# - GITHUB_CLIENT_ID=
# - GITHUB_CLIENT_SECRET=
# Use this setting to declare trusted proxied.
# Supported:
# '*': to trust any proxy
# A comma separated IP list: The list of proxies IP to trust
Environment="TRUSTED_PROXIES=null"
# Proxy for outgoing requests like new releases detection or logo fetching.
# You can provide a proxy URL that contains a scheme, username, and password.
# For example, "http://username:password@192.168.16.1:10".
Environment="PROXY_FOR_OUTGOING_REQUESTS=null"
# Leave the following configuration vars as is.
# Unless you like to tinker and know what you're doing.
Environment="BROADCAST_DRIVER=log"
Environment="QUEUE_DRIVER=sync"
Environment="SESSION_LIFETIME=120"
Environment="REDIS_HOST=127.0.0.1"
Environment="REDIS_PASSWORD=null"
Environment="REDIS_PORT=6379"
Environment="PUSHER_APP_ID="
Environment="PUSHER_APP_KEY="
Environment="PUSHER_APP_SECRET="
Environment="PUSHER_APP_CLUSTER=mt1"
Environment="VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}""
Environment="VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}""
Environment="MIX_ENV=local"
Image=docker.io/2fauth/2fauth
# Network=2fauth.network
# Pod=2fauth.pod
PublishPort=5015:44311
Volume=2fauth-server-data:/2fauth:Z
Volume=/home/podman/2fauth/nginx.conf:/etc/nginx/nginx.conf:ro
Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro
Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro
[Service]
Restart=no
[Install]
WantedBy=multi-user.target default.target
# podman pull docker.io/2fauth/2fauth
# systemctl --user daemon-reload
# systemctl --user start 2fauth-server
# systemctl --user status 2fauth-server --lines=999
# journalctl -fu 2fauth-server.service
# podman logs 2fauth-server
# systemctl --user stop 2fauth-server
# systemctl --user disable 2fauth-server
# podman exec -ti 2fauth-server /bin/sh
# podman exec -ti 2fauth-server /bin/bash

1
home/podman/.config/containers/systemd/actual-server-data.volume Normal file
View File

@ -0,0 +1 @@
[Volume]

36
home/podman/.config/containers/systemd/actual-server.container Normal file
View File

@ -0,0 +1,36 @@
[Container]
AutoUpdate=registry
ContainerName=actual-server
Environment="ACTUAL_HOSTNAME=0.0.0.0"
# Environment="ACTUAL_HTTPS_CERT=/certs/server.cert"
# Environment="ACTUAL_HTTPS_KEY=/certs/server"
# Environment="ACTUAL_PORT=5006"
# Environment="ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB=20"
# Environment="ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB=20"
# Environment="ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SYNC_SIZE_LIMIT_MB=50"
Image=docker.io/actualbudget/actual-server:latest
# Network=actual.network
# Pod=actual.pod
PublishPort=5013:5006
Volume=/etc/localtime:/etc/localtime:ro
Volume=/etc/timezone:/etc/timezone:ro
Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro
Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro
Volume=actual-server-data.volume:/data:rw
[Service]
Restart=no
[Install]
WantedBy=multi-user.target default.target
# podman pull docker.io/actualbudget/actual-server:latest
# systemctl --user daemon-reload
# systemctl --user start actual-server
# systemctl --user status actual-server --lines=999
# journalctl -fu actual-server.service
# podman logs actual-server
# systemctl --user stop actual-server
# systemctl --user disable actual-server
# podman exec -ti actual-server /bin/sh
# podman exec -ti actual-server /bin/bash

1
home/podman/.config/containers/systemd/authentik-db-data.volume Normal file
View File

@ -0,0 +1 @@
[Volume]

36
home/podman/.config/containers/systemd/authentik-db.container Normal file
View File

@ -0,0 +1,36 @@
[Container]
# AutoUpdate=registry
ContainerName=authentik-db
Environment="POSTGRES_USER=authentik"
Environment="POSTGRES_PASSWORD=OCxfxtWadNuXslBbfWw9c0JXLMu+bWngv+qk9Ya65sw="
Environment="POSTGRES_DB=authentik"
Environment="TZ=America/Phoenix"
Image=docker.io/library/postgres:16.6
HealthCmd=pg_isready -U authentik
HealthInterval=30s
HealthRetries=5
HealthStartPeriod=20s
HealthTimeout=3s
# Network=authentik.network
# Pod=authentik.pod
PublishPort=5439:5432
Volume=/etc/localtime:/etc/localtime:ro
Volume=/etc/timezone:/etc/timezone:ro
Volume=authentik-db-data:/data:Z
[Service]
Restart=no
[Install]
WantedBy=multi-user.target default.target
# podman pull docker.io/library/postgres:16.6
# systemctl --user daemon-reload
# systemctl --user start authentik-db
# systemctl --user status authentik-db --lines=999
# journalctl -fu authentik-db.service
# podman logs authentik-db
# systemctl --user stop authentik-db
# systemctl --user disable authentik-db
# podman exec -ti authentik-db /bin/sh
# podman exec -ti authentik-db /bin/bash

1
home/podman/.config/containers/systemd/authentik-redis-data.volume Normal file
View File

@ -0,0 +1 @@
[Volume]

36
home/podman/.config/containers/systemd/authentik-redis.container Normal file
View File

@ -0,0 +1,36 @@
[Container]
# AutoUpdate=registry
ContainerName=authentik-redis
Exec=--save 60 1 --loglevel warning
# Environment="AUTHENTIK_REDIS__HOST=192.168.11.2"
HealthCmd=/usr/local/bin/redis-cli ping || grep PONG
HealthInterval=30s
HealthRetries=5
HealthStartPeriod=20s
HealthTimeout=3s
Image=docker.io/library/redis:7.4.1
# Network=authentik.network
# Pod=authentik.pod
PublishPort=5021:6379
Volume=authentik-redis-data:/data:Z
[Service]
Restart=no
[Unit]
Requires=authentik-db.service
After=authentik-db.service
[Install]
WantedBy=multi-user.target default.target
# podman pull docker.io/library/redis:7.4.1
# systemctl --user daemon-reload
# systemctl --user start authentik-redis
# systemctl --user status authentik-redis --lines=999
# journalctl -fu authentik-redis.service
# podman logs authentik-redis
# systemctl --user stop authentik-redis
# systemctl --user disable authentik-redis
# podman exec -ti authentik-redis /bin/sh
# podman exec -ti authentik-redis /bin/bash

1
home/podman/.config/containers/systemd/authentik-server-media.volume Normal file
View File

@ -0,0 +1 @@
[Volume]

1
home/podman/.config/containers/systemd/authentik-server-templates.volume Normal file
View File

@ -0,0 +1 @@
[Volume]

55
home/podman/.config/containers/systemd/authentik-server.container Normal file
View File

@ -0,0 +1,55 @@
[Container]
ContainerName=authentik-server
Environment="AUTHENTIK_POSTGRESQL__CONN_MAX_AGE=0"
Environment="AUTHENTIK_POSTGRESQL__HOST=192.168.11.2"
Environment="AUTHENTIK_POSTGRESQL__NAME=authentik"
Environment="AUTHENTIK_POSTGRESQL__PASSWORD=OCxfxtWadNuXslBbfWw9c0JXLMu+bWngv+qk9Ya65sw="
Environment="AUTHENTIK_POSTGRESQL__PORT=5439"
Environment="AUTHENTIK_POSTGRESQL__USER=authentik"
Environment="AUTHENTIK_REDIS__HOST=192.168.11.2"
Environment="AUTHENTIK_REDIS__PORT=5021"
# (Required) To generate a secret key run the following command:
# echo $(openssl rand -base64 32)
Environment="AUTHENTIK_SECRET_KEY=mlZ57mWthun9b8SPaS7Ptl0bBQX4OvyRanbqdQ+5e/k="
# (Optional) Enable Error Reporting
# Environment="AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false}"
# (Optional) Enable Email Sending
# Environment="AUTHENTIK_EMAIL__HOST=smtp.centurylink.net"
# Environment="AUTHENTIK_EMAIL__PORT=587"
# Environment="AUTHENTIK_EMAIL__USERNAME=phares@centurylink.net"
# Environment="AUTHENTIK_EMAIL__PASSWORD=Q7rOkv6#YdLCx4SBvMIAw"
# Environment="AUTHENTIK_EMAIL__USE_TLS=false"
# Environment="AUTHENTIK_EMAIL__USE_SSL=false"
# Environment="AUTHENTIK_EMAIL__TIMEOUT=10"
# Environment="AUTHENTIK_EMAIL__FROM=noreply@phares.duckdns.org"
Exec=server
Image=ghcr.io/goauthentik/server:2024.12.1
PublishPort=5017:9000
PublishPort=5018:9443
Volume=/etc/localtime:/etc/localtime:ro
Volume=/etc/timezone:/etc/timezone:ro
Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro
Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro
Volume=authentik-server-media:/media:Z
Volume=authentik-server-templates:/templates:Z
[Service]
Restart=no
[Unit]
Requires=authentik-worker.service
After=authentik-worker.service
[Install]
WantedBy=multi-user.target default.target
# podman pull ghcr.io/goauthentik/server:2024.12.1
# systemctl --user daemon-reload
# systemctl --user start authentik-server
# systemctl --user status authentik-server --lines=999
# journalctl -fu authentik-server.service
# podman logs authentik-server
# systemctl --user stop authentik-server
# systemctl --user disable authentik-server
# podman exec -ti authentik-server /bin/sh
# podman exec -ti authentik-server /bin/bash

57
home/podman/.config/containers/systemd/authentik-worker.container Normal file
View File

@ -0,0 +1,57 @@
[Container]
ContainerName=authentik-worker
Environment="AUTHENTIK_POSTGRESQL__CONN_MAX_AGE=0"
Environment="AUTHENTIK_POSTGRESQL__HOST=192.168.11.2"
Environment="AUTHENTIK_POSTGRESQL__NAME=authentik"
Environment="AUTHENTIK_POSTGRESQL__PASSWORD=OCxfxtWadNuXslBbfWw9c0JXLMu+bWngv+qk9Ya65sw="
Environment="AUTHENTIK_POSTGRESQL__PORT=5439"
Environment="AUTHENTIK_POSTGRESQL__USER=authentik"
Environment="AUTHENTIK_REDIS__HOST=192.168.11.2"
Environment="AUTHENTIK_REDIS__PORT=5021"
# (Required) To generate a secret key run the following command:
# echo $(openssl rand -base64 32)
Environment="AUTHENTIK_SECRET_KEY=QvqdN5Pn4piWcoof1yPDa0FcaGnOL1gHAiSImJjEGZl6pypRgE2nCps8DTd4R9UHqfFuOtR9jhCelmQ2"
# (Optional) Enable Error Reporting
# Environment="AUTHENTIK_ERROR_REPORTING__ENABLED=true"
# (Optional) Enable Email Sending
# Environment="AUTHENTIK_EMAIL__HOST=smtp.centurylink.net"
# Environment="AUTHENTIK_EMAIL__PORT=587"
# Environment="AUTHENTIK_EMAIL__USERNAME=phares@centurylink.net"
# Environment="AUTHENTIK_EMAIL__PASSWORD=Q7rOkv6#YdLCx4SBvMIAw"
# Environment="AUTHENTIK_EMAIL__USE_TLS=false"
# Environment="AUTHENTIK_EMAIL__USE_SSL=false"
# Environment="AUTHENTIK_EMAIL__TIMEOUT=10"
# Environment="AUTHENTIK_EMAIL__FROM=noreply@phares.duckdns.org"
Exec=worker
Image=ghcr.io/goauthentik/server:2024.12.1
PublishPort=5019:9000
PublishPort=5020:9443
Volume=/etc/localtime:/etc/localtime:ro
Volume=/etc/timezone:/etc/timezone:ro
Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro
Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro
Volume=authentik-server-media:/media:Z
Volume=authentik-server-templates:/templates:Z
[Service]
Restart=no
[Unit]
Requires=authentik-db.service
Requires=authentik-redis.service
After=authentik-db.service
After=authentik-redis.service
[Install]
WantedBy=multi-user.target default.target
# podman pull ghcr.io/goauthentik/server:2024.12.1
# systemctl --user daemon-reload
# systemctl --user start authentik-worker
# systemctl --user status authentik-worker --lines=999
# journalctl -fu authentik-worker.service
# podman logs authentik-worker
# systemctl --user stop authentik-worker
# systemctl --user disable authentik-worker
# podman exec -ti authentik-worker /bin/sh
# podman exec -ti authentik-worker /bin/bash

1
home/podman/.config/containers/systemd/gotify-server-data.volume Normal file
View File

@ -0,0 +1 @@
[Volume]

28
home/podman/.config/containers/systemd/gotify-server.container Normal file
View File

@ -0,0 +1,28 @@
[Container]
# AutoUpdate=registry
ContainerName=gotify-server
Environment="TZ=America/Phoenix"
Image=docker.io/gotify/server
# Network=gotify.network
# Pod=gotify.pod
PublishPort=5016:80
Volume=gotify-server-data.volume:/app/data:Z
Volume=/etc/localtime:/etc/localtime:ro
Volume=/etc/timezone:/etc/timezone:ro
[Service]
Restart=no
[Install]
WantedBy=multi-user.target default.target
# podman pull docker.io/gotify/server
# systemctl --user daemon-reload
# systemctl --user start gotify-server
# systemctl --user status gotify-server --lines=999
# journalctl -fu gotify-server.service
# podman logs gotify-server
# systemctl --user stop gotify-server
# systemctl --user disable gotify-server
# podman exec -ti gotify-server /bin/sh
# podman exec -ti gotify-server /bin/bash

1
home/podman/.config/containers/systemd/immich-kiosk.container
View File

@ -1,7 +1,6 @@
[Container]
AutoUpdate=registry
ContainerName=immich-kiosk
Environment="TZ=America/Phoenix"
# Required settings
Environment="KIOSK_IMMICH_API_KEY=fLJoRERkcmFuSviMaAfsuINmvyXLFKu9HIICXP8I"

8
home/podman/.config/containers/systemd/mattermost-server.container
View File

@ -7,9 +7,9 @@ Environment="MM_SERVICESETTINGS_SITEURL=https://mattermost.phares.duckdns.org"
Environment="MM_SQLSETTINGS_DATASOURCE=postgres://mmuser:mmuser_password@192.168.11.2:5436/mattermost?sslmode=disable&connect_timeout=10"
Environment="MM_SQLSETTINGS_DRIVERNAME=postgres"
Environment="TZ=US/Arizona"
# HealthCmd="curl -f http://192.168.11.2:8443/api/v4/system/ping || exit 1"
# HealthCmd="curl -f https://mattermost.phares.duckdns.org/api/v4/system/ping || exit 1"
HealthCmd="ls"
# HealthCmd=ls
# HealthCmd=curl -f http://0.0.0.0:8065/api/v4/system/ping || exit 1
# HealthCmd=curl -f https://mattermost.phares.duckdns.org/api/v4/system/ping || exit 1
# Image=docker.io/mattermost/mattermost-team-edition:9.11.2
Image=docker.io/mattermost/mattermost-team-edition:release-10.3
# Network=mattermost.network
@ -47,4 +47,4 @@ WantedBy=multi-user.target default.target
# systemctl --user stop mattermost-server
# systemctl --user disable mattermost-server
# podman exec -ti mattermost-server /bin/sh
# podman exec -ti mattermost-server /bin/bash
# podman exec -ti mattermost-server /bin/bash

11
home/podman/.config/containers/systemd/mysleep.container
View File

@ -1,11 +0,0 @@
[Unit]
Description=The sleep container
After=local-fs.target
[Container]
Image=registry.access.redhat.com/ubi9-minimal:latest
Exec=sleep 1000
[Install]
# Start by default on boot
WantedBy=multi-user.target default.target multi-user.target

32
home/podman/.config/containers/systemd/neko-server.container
View File

@ -1,32 +0,0 @@
[Container]
AutoUpdate=registry
ContainerName=neko-server
Environment="NEKO_SCREEN=1920x1080@30"
Environment="NEKO_PASSWORD=neko"
Environment="NEKO_PASSWORD_ADMIN=admin"
Environment="NEKO_EPR=52000-52100"
Environment="NEKO_NAT1TO1=192.168.11.2"
Image=docker.io/m1k1o/neko:firefox
# Network=neko.network
# Pod=neko.pod
PublishPort=8082:8080/tcp
PublishPort=52000-52100:52000-52100/udp
Volume=/etc/localtime:/etc/localtime:ro
Volume=/etc/timezone:/etc/timezone:ro
[Service]
Restart=no
[Install]
WantedBy=multi-user.target default.target
# podman pull docker.io/m1k1o/neko:firefox
# systemctl --user daemon-reload
# systemctl --user start neko-server
# systemctl --user status neko-server
# journalctl -fu neko-server.service
# podman logs neko-server
# systemctl --user stop neko-server
# systemctl --user disable neko-server
# podman exec -ti neko-server /bin/sh
# podman exec -ti neko-server /bin/bash

1
home/podman/.config/containers/systemd/passed-server-data.volume Normal file
View File

@ -0,0 +1 @@
[Volume]

30
home/podman/.config/containers/systemd/passed-server.container Normal file
View File

@ -0,0 +1,30 @@
[Container]
# AutoUpdate=registry
ContainerName=passed-server
Environment="PASSED_ADDRESS=:3000"
Environment="PASSED_STORE_TYPE=dir"
Environment="PASSED_STORE_DIR_PATH=/etc/passed"
Image=git.1e99.eu/1e99/passed:latest
# Network=passed.network
# Pod=passed.pod
PublishPort=5022:3000
Volume=passed-server-data.volume:/etc/passed:Z
Volume=/etc/localtime:/etc/localtime:ro
Volume=/etc/timezone:/etc/timezone:ro
[Service]
Restart=no
[Install]
WantedBy=multi-user.target default.target
# podman pull git.1e99.eu/1e99/passed:latest
# systemctl --user daemon-reload
# systemctl --user start passed-server
# systemctl --user status passed-server --lines=999
# journalctl -fu passed-server.service
# podman logs passed-server
# systemctl --user stop passed-server
# systemctl --user disable passed-server
# podman exec -ti passed-server /bin/sh
# podman exec -ti passed-server /bin/bash

7
home/podman/.config/containers/systemd/uptime-kuma-server.container
View File

@ -8,7 +8,12 @@ Image=docker.io/louislam/uptime-kuma:1
# Network=uptime-kuma.network
# Pod=uptime-kuma.pod
PodmanArgs=--add-host=cockpit.phares.duckdns.org:192.168.11.2
PodmanArgs=--add-host=gotify.phares.duckdns.org:192.168.11.2
PodmanArgs=--add-host=kuma.phares.duckdns.org:192.168.11.2
PodmanArgs=--add-host=mattermost.phares.duckdns.org:192.168.11.2
PodmanArgs=--add-host=pgadmin.phares.duckdns.org:192.168.11.2
PodmanArgs=--add-host=vaultwarden.phares.duckdns.org:192.168.11.2
PodmanArgs=--add-host=warden.phares.duckdns.org:192.168.11.2
PublishPort=3004:3001
Volume=uptime-kuma-server-data.volume:/app/data:rw
Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro
@ -23,7 +28,7 @@ WantedBy=multi-user.target default.target
# podman pull docker.io/louislam/uptime-kuma:1
# systemctl --user daemon-reload
# systemctl --user start uptime-kuma-server
# systemctl --user status uptime-kuma-server
# systemctl --user status uptime-kuma-server --lines=999
# journalctl -fu uptime-kuma-server.service
# podman logs uptime-kuma-server
# systemctl --user stop uptime-kuma-server

40
var/spool/cron/crontabs/podman Normal file
View File

@ -0,0 +1,40 @@
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (/tmp/crontab.Ozl2NI/crontab installed on Fri Jan 3 22:08:52 2025)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (/tmp/crontab.35buNM/crontab installed on Tue Dec 3 13:24:22 2024)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
# Edit this file to introduce tasks to be run by cron.
#
14 11 * * * podman volume export systemd-baikal-server-data --output /home/podman/cron-backup/baikal-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
15 11 * * * podman volume export systemd-blinko-server-data --output /home/podman/cron-backup/blinko-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
16 11 * * * podman volume export systemd-gitea-server-data --output /home/podman/cron-backup/gitea-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
17 11 * * * podman volume export systemd-linkwarden-server-data --output /home/podman/cron-backup/linkwarden-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
18 11 * * * podman volume export systemd-mattermost-server-data --output /home/podman/cron-backup/mattermost-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
19 11 * * * podman volume export systemd-odoo-server-data --output /home/podman/cron-backup/odoo-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
20 11 * * * podman volume export systemd-uptime-kuma-server-data --output /home/podman/cron-backup/uptime-kuma-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
21 11 * * * podman volume export systemd-xandikos-server-data --output /home/podman/cron-backup/xandikos-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
#
22 11 * * * podman volume export systemd-baikal-server-config --output /home/podman/cron-backup/baikal-server-config-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
23 11 * * * podman volume export systemd-gitea-server-config --output /home/podman/cron-backup/gitea-server-config-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
24 11 23 * * podman volume export systemd-immich-server-upload --output /home/podman/cron-backup/immich-server-upload-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
25 11 * * * podman volume export systemd-mattermost-server-bleve --output /home/podman/cron-backup/mattermost-server-bleve-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
26 11 * * * podman volume export systemd-mattermost-server-client-plugins --output /home/podman/cron-backup/mattermost-server-client-plugins-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
27 11 * * * podman volume export systemd-mattermost-server-config --output /home/podman/cron-backup/mattermost-server-config-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
28 11 * * * podman volume export systemd-mattermost-server-logs --output /home/podman/cron-backup/mattermost-server-logs-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
29 11 * * * podman volume export systemd-mattermost-server-plugins --output /home/podman/cron-backup/mattermost-server-plugins-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
#
30 11 * * * podman volume export systemd-pgadmin-data --output /home/podman/cron-backup/pgadmin-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
31 11 * * * podman volume export systemd-firefox-data --output /home/podman/cron-backup/firefox-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
32 11 * * * podman volume export systemd-immich-learning-cache --output /home/podman/cron-backup/immich-learning-cache-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
#
13 12 * * * podman volume export systemd-blinko-db-data --output /home/podman/cron-backup/blinko-db-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
14 12 * * * podman volume export systemd-gitea-db-data --output /home/podman/cron-backup/gitea-db-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
15 12 * * * podman volume export systemd-immich-db-data --output /home/podman/cron-backup/immich-db-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
16 12 * * * podman volume export systemd-linkwarden-db-data --output /home/podman/cron-backup/linkwarden-db-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
17 12 * * * podman volume export systemd-mattermost-db-data --output /home/podman/cron-backup/mattermost-db-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
18 12 * * * podman volume export systemd-odoo-db-data --output /home/podman/cron-backup/odoo-db-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
19 12 * * * podman volume export systemd-vaultwarden-db-data --output /home/podman/cron-backup/vaultwarden-db-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
#
20 12 * * * podman volume export systemd-gotify-server-data --output /home/podman/cron-backup/gotify-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar
21 12 * * * podman volume export systemd-2fauth-server-data --output /home/podman/cron-backup/2fauth-server-data-$(date +"\%Y-\%m-\%d--\%H-\%M-\%S").tar

10
var/spool/cron/crontabs/root Normal file
View File

@ -0,0 +1,10 @@
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (/tmp/crontab.CuxS5w/crontab installed on Sun Jan 5 11:20:46 2025)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
# Edit this file to introduce tasks to be run by cron.
#
*/5 * * * * /etc/duckdns/duck.sh >/dev/null 2>&1
24 5 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
# 25 13 * * * cd /root/jackyzha0-quartz-phares && /snap/bin/npx quartz build
25 13 * * * cd /home/www-data/jackyzha0-quartz-phares && /snap/bin/npx quartz build
01 14 * * * rsync --remove-source-files -av -e ssh /home/podman/cron-backup/ root@192.168.0.31:/home/podman/cron-backup-delete/