From 56c3e1f96306aa361afa23b7d77fa5a97479b17f Mon Sep 17 00:00:00 2001 From: Mike Phares Date: Sat, 19 Oct 2024 09:34:18 -0700 Subject: [PATCH] Sync --- .vscode/settings.json | 4 +- etc/.pihole/.gitignore | 12 --- etc/.pihole/advanced/pihole-admin.conf | 82 ------------------ etc/dnsmasq.d/01-pihole.conf | 39 --------- etc/dnsmasq.d/05-pihole-custom-cname.conf | 45 ---------- etc/dnsmasq.d/06-rfc6761.conf | 42 ---------- etc/group | 8 +- etc/group- | 8 +- etc/gshadow | 8 +- etc/gshadow- | 8 +- .../archive/phares3757.ddns.net/cert2.pem | 28 +++++++ .../archive/phares3757.ddns.net/chain2.pem | 26 ++++++ .../phares3757.ddns.net/fullchain2.pem | 54 ++++++++++++ .../archive/phares3757.ddns.net/privkey2.pem | 5 ++ etc/letsencrypt/ha/fullchain.pem | 50 +++++++++++ etc/letsencrypt/ha/privkey.pem | 6 ++ etc/lighttpd/lighttpd.conf | 61 -------------- etc/nginx/sites-available/default | 80 ++++++++++-------- etc/passwd | 4 +- etc/passwd- | 4 +- etc/pihole/custom.list | 84 ------------------- etc/pihole/dhcp.leases | 0 etc/pihole/setupVars.conf | 14 ---- etc/shadow | 4 +- etc/shadow- | 6 +- etc/systemd/resolved.conf | 2 +- .../snap.adguard-home.adguard-home.service | 19 +++++ etc/systemd/system/snap.certbot.renew.timer | 4 +- .../system/snap.ubuntu-frame.daemon.service | 6 +- etc/unbound/unbound.conf | 10 --- .../systemd/baikal-server-config.volume | 1 + .../systemd/baikal-server-data.volume | 1 + .../systemd/baikal-server.container | 24 ++++++ .../systemd/immich-card-dav.container | 35 ++++++++ .../containers/systemd/immich-db.container | 8 +- .../systemd/immich-learning.container | 3 + .../containers/systemd/immich-redis.container | 2 + .../systemd/immich-server.container | 4 +- .../systemd/xandikos-server-data.volume | 1 + .../systemd/xandikos-server.container | 23 +++++ 40 files changed, 374 insertions(+), 451 deletions(-) delete mode 100644 etc/.pihole/.gitignore delete mode 100644 etc/.pihole/advanced/pihole-admin.conf delete mode 100644 etc/dnsmasq.d/01-pihole.conf delete mode 100644 etc/dnsmasq.d/05-pihole-custom-cname.conf delete mode 100644 etc/dnsmasq.d/06-rfc6761.conf create mode 100644 etc/letsencrypt/archive/phares3757.ddns.net/cert2.pem create mode 100644 etc/letsencrypt/archive/phares3757.ddns.net/chain2.pem create mode 100644 etc/letsencrypt/archive/phares3757.ddns.net/fullchain2.pem create mode 100644 etc/letsencrypt/archive/phares3757.ddns.net/privkey2.pem create mode 100644 etc/letsencrypt/ha/fullchain.pem create mode 100644 etc/letsencrypt/ha/privkey.pem delete mode 100644 etc/lighttpd/lighttpd.conf delete mode 100644 etc/pihole/custom.list delete mode 100644 etc/pihole/dhcp.leases delete mode 100644 etc/pihole/setupVars.conf create mode 100644 etc/systemd/system/snap.adguard-home.adguard-home.service delete mode 100644 etc/unbound/unbound.conf create mode 100644 home/podman/.config/containers/systemd/baikal-server-config.volume create mode 100644 home/podman/.config/containers/systemd/baikal-server-data.volume create mode 100644 home/podman/.config/containers/systemd/baikal-server.container create mode 100644 home/podman/.config/containers/systemd/immich-card-dav.container create mode 100644 home/podman/.config/containers/systemd/xandikos-server-data.volume create mode 100644 home/podman/.config/containers/systemd/xandikos-server.container diff --git a/.vscode/settings.json b/.vscode/settings.json index 1a4782c..0f57c45 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,5 +1,7 @@ { "files.associations": { - "*.container": "ini" + "*.container": "ini", + "*.org": "ini", + "*.net": "ini" } } \ No newline at end of file diff --git a/etc/.pihole/.gitignore b/etc/.pihole/.gitignore deleted file mode 100644 index 8016472..0000000 --- a/etc/.pihole/.gitignore +++ /dev/null @@ -1,12 +0,0 @@ -.DS_Store -*.pyc -*.swp -__pycache__ -.cache -.pytest_cache -.tox -.eggs -*.egg-info -.idea/ -*.iml -.vscode/ diff --git a/etc/.pihole/advanced/pihole-admin.conf b/etc/.pihole/advanced/pihole-admin.conf deleted file mode 100644 index 0bb6eac..0000000 --- a/etc/.pihole/advanced/pihole-admin.conf +++ /dev/null @@ -1,82 +0,0 @@ -# Pi-hole: A black hole for Internet advertisements -# (c) 2017 Pi-hole, LLC (https://pi-hole.net) -# Network-wide ad blocking via your own hardware. -# -# Lighttpd config for Pi-hole -# -# This file is copyright under the latest version of the EUPL. -# Please see LICENSE file for your rights under this license. - -############################################################################### -# FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE. # -# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE # -############################################################################### - -server.errorlog := "/var/log/lighttpd/error-pihole.log" - -$HTTP["url"] =~ "^/admin/" { - server.document-root = "/var/www/html" - server.stream-response-body = 1 - accesslog.filename = "/var/log/lighttpd/access-pihole.log" - accesslog.format = "%{%s}t|%h|%V|%r|%s|%b" - - fastcgi.server = ( - ".php" => ( - "localhost" => ( - "socket" => "/run/lighttpd/pihole-php-fastcgi.socket", - "bin-path" => "/usr/bin/php-cgi", - "min-procs" => 1, - "max-procs" => 1, - "bin-environment" => ( - "PHP_FCGI_CHILDREN" => "4", - "PHP_FCGI_MAX_REQUESTS" => "10000", - ), - "bin-copy-environment" => ( - "PATH", "SHELL", "USER" - ), - "broken-scriptfilename" => "enable", - ) - ) - ) - - # X-Pi-hole is a response header for debugging using curl -I - # X-Frame-Options prevents clickjacking attacks and helps ensure your content is not embedded into other sites via < frame >, < iframe > or < object >. - # X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. This is important because it tells the browser to block the response if a malicious script has been inserted from a user input. (deprecated; disabled) - # X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. This is important because the browser will only load external resources if their content-type matches what is expected, and not malicious hidden code. - # Content-Security-Policy tells the browser where resources are allowed to be loaded and if it’s allowed to parse/run inline styles or Javascript. This is important because it prevents content injection attacks, such as Cross Site Scripting (XSS). - # X-Permitted-Cross-Domain-Policies is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains. - # Referrer-Policy allows control/restriction of the amount of information present in the referral header for links away from your page—the URL path or even if the header is sent at all. - setenv.add-response-header = ( - "X-Pi-hole" => "The Pi-hole Web interface is working!", - "X-Frame-Options" => "DENY", - "X-XSS-Protection" => "0", - "X-Content-Type-Options" => "nosniff", - "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';", - "X-Permitted-Cross-Domain-Policies" => "none", - "Referrer-Policy" => "same-origin" - ) - - # Block . files from being served, such as .git, .github, .gitignore - $HTTP["url"] =~ "^/admin/\." { - url.access-deny = ("") - } - - # allow teleporter and API qr code iframe on settings page - $HTTP["url"] =~ "/(teleporter|api_token)\.php$" { - $HTTP["referer"] =~ "/admin/settings\.php" { - setenv.set-response-header = ( "X-Frame-Options" => "SAMEORIGIN" ) - } - } -} -else $HTTP["url"] == "/admin" { - url.redirect = ("" => "/admin/") -} - -$HTTP["host"] == "pi.hole" { - $HTTP["url"] == "/" { - url.redirect = ("" => "/admin/") - } -} - -# (keep this on one line for basic-install.sh filtering during install) -server.modules += ( "mod_access", "mod_accesslog", "mod_redirect", "mod_fastcgi", "mod_setenv" ) diff --git a/etc/dnsmasq.d/01-pihole.conf b/etc/dnsmasq.d/01-pihole.conf deleted file mode 100644 index fdd5aaa..0000000 --- a/etc/dnsmasq.d/01-pihole.conf +++ /dev/null @@ -1,39 +0,0 @@ -# Pi-hole: A black hole for Internet advertisements -# (c) 2017 Pi-hole, LLC (https://pi-hole.net) -# Network-wide ad blocking via your own hardware. -# -# Dnsmasq config for Pi-hole's FTLDNS -# -# This file is copyright under the latest version of the EUPL. -# Please see LICENSE file for your rights under this license. - -############################################################################### -# FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. # -# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE # -# # -# IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN: # -# /etc/pihole/setupVars.conf # -# # -# ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE # -# WITHIN /etc/dnsmasq.d/yourname.conf # -############################################################################### - -addn-hosts=/etc/pihole/local.list -addn-hosts=/etc/pihole/custom.list - - -localise-queries - - -no-resolv - -log-queries -log-facility=/var/log/pihole/pihole.log - -log-async -cache-size=10000 -server=127.0.0.1#5335 -domain-needed -expand-hosts -bogus-priv -local-service diff --git a/etc/dnsmasq.d/05-pihole-custom-cname.conf b/etc/dnsmasq.d/05-pihole-custom-cname.conf deleted file mode 100644 index 844705e..0000000 --- a/etc/dnsmasq.d/05-pihole-custom-cname.conf +++ /dev/null @@ -1,45 +0,0 @@ -cname=affirm.ddns.net,beelink.server -cname=affirm.phares.duckdns.org,beelink.server -cname=ansible.ddns.net,beelink.server -cname=assistant.ddns.net,beelink.server -cname=casa.ddns.net,beelink.server -cname=cockpit.ddns.net,beelink.server -cname=codeserver.ddns.net,beelink.server -cname=dashkiosk.ddns.net,beelink.server -cname=dockge.ddns.net,beelink.server -cname=docmost.ddns.net,beelink.server -cname=emby.ddns.net,beelink.server -cname=filebrowser.ddns.net,beelink.server -cname=free.file.sync.root,beelink.server -cname=gitea.ddns.net,beelink.server -cname=gitea.phares.duckdns.org,beelink.server -cname=gogs.ddns.net,beelink.server -cname=haos.ddns.net,beelink.server -cname=immich.ddns.net,beelink.server -cname=immich.phares.duckdns.org,beelink.server -cname=incus.ddns.net,beelink.server -cname=invoice.ddns.net,beelink.server -cname=kestra.ddns.net,beelink.server -cname=lxconsole.ddns.net,beelink.server -cname=music.ddns.net,beelink.server -cname=music.phares.duckdns.org,beelink.server -cname=nextcloud.ddns.net,beelink.server -cname=owncast.ddns.net,beelink.server -cname=pgadmin.ddns.net,beelink.server -cname=phares.ddns.net,beelink.server -cname=phares.duckdns.org,beelink.server -cname=phares3757.ddns.net,beelink.server -cname=photoprism.ddns.net,beelink.server -cname=pihole.ddns.net,beelink.server -cname=proxmox.ddns.net,beelink.server -cname=quartz.ddns.net,beelink.server -cname=quartz.phares.duckdns.org,beelink.server -cname=readeck.ddns.net,beelink.server -cname=syncthing.ddns.net,beelink.server -cname=terraform.ddns.net,beelink.server -cname=umbrel.ddns.net,beelink.server -cname=uptimekuma.ddns.net,beelink.server -cname=vaultwarden.ddns.net,beelink.server -cname=vaultwarden.phares.duckdns.org,beelink.server -cname=vscodium.ddns.net,beelink.server -cname=wekan.ddns.net,beelink.server diff --git a/etc/dnsmasq.d/06-rfc6761.conf b/etc/dnsmasq.d/06-rfc6761.conf deleted file mode 100644 index fcdd001..0000000 --- a/etc/dnsmasq.d/06-rfc6761.conf +++ /dev/null @@ -1,42 +0,0 @@ -# Pi-hole: A black hole for Internet advertisements -# (c) 2021 Pi-hole, LLC (https://pi-hole.net) -# Network-wide ad blocking via your own hardware. -# -# RFC 6761 config file for Pi-hole -# -# This file is copyright under the latest version of the EUPL. -# Please see LICENSE file for your rights under this license. - -############################################################################### -# FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. # -# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE # -# # -# CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE # -# WITHIN /etc/dnsmasq.d/yourname.conf # -############################################################################### - -# RFC 6761: Caching DNS servers SHOULD recognize -# test, localhost, invalid -# names as special and SHOULD NOT attempt to look up NS records for them, or -# otherwise query authoritative DNS servers in an attempt to resolve these -# names. -server=/test/ -server=/localhost/ -server=/invalid/ - -# The same RFC requests something similar for -# 10.in-addr.arpa. 21.172.in-addr.arpa. 27.172.in-addr.arpa. -# 16.172.in-addr.arpa. 22.172.in-addr.arpa. 28.172.in-addr.arpa. -# 17.172.in-addr.arpa. 23.172.in-addr.arpa. 29.172.in-addr.arpa. -# 18.172.in-addr.arpa. 24.172.in-addr.arpa. 30.172.in-addr.arpa. -# 19.172.in-addr.arpa. 25.172.in-addr.arpa. 31.172.in-addr.arpa. -# 20.172.in-addr.arpa. 26.172.in-addr.arpa. 168.192.in-addr.arpa. -# Pi-hole implements this via the dnsmasq option "bogus-priv" (see -# 01-pihole.conf) because this also covers IPv6. - -# OpenWRT furthermore blocks bind, local, onion domains -# see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD -# and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml -# We do not include the ".local" rule ourselves, see https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972 -server=/bind/ -server=/onion/ diff --git a/etc/group b/etc/group index 629f05e..8ddf4be 100644 --- a/etc/group +++ b/etc/group @@ -34,7 +34,7 @@ sasl:x:45: plugdev:x:46:phares staff:x:50: games:x:60: -users:x:100:pihole,podman,lphares,bmiller +users:x:100:podman,lphares,bmiller,persa nogroup:x:65534: systemd-journal:x:999: systemd-network:x:998: @@ -58,10 +58,12 @@ landscape:x:109: fwupd-refresh:x:989: netdev:x:110: phares:x:1000: -pihole:x:1001:www-data podman:x:1002: -lphares:x:1003:bmiller +lphares:x:1003:bmiller,persa bmiller:x:1004: unbound:x:111: cockpit-ws:x:112: cockpit-wsinstance:x:113: +pcp:x:988: +persa:x:1001: +redis:x:114: diff --git a/etc/group- b/etc/group- index 8e32227..3578b38 100644 --- a/etc/group- +++ b/etc/group- @@ -34,7 +34,7 @@ sasl:x:45: plugdev:x:46:phares staff:x:50: games:x:60: -users:x:100:pihole,podman,lphares,bmiller +users:x:100:podman,lphares,bmiller,persa nogroup:x:65534: systemd-journal:x:999: systemd-network:x:998: @@ -58,9 +58,11 @@ landscape:x:109: fwupd-refresh:x:989: netdev:x:110: phares:x:1000: -pihole:x:1001:www-data podman:x:1002: -lphares:x:1003:bmiller +lphares:x:1003:bmiller,persa bmiller:x:1004: unbound:x:111: cockpit-ws:x:112: +cockpit-wsinstance:x:113: +pcp:x:988: +persa:x:1001: diff --git a/etc/gshadow b/etc/gshadow index 9579765..465e349 100644 --- a/etc/gshadow +++ b/etc/gshadow @@ -34,7 +34,7 @@ sasl:*:: plugdev:*::phares staff:*:: games:*:: -users:*::pihole,podman,lphares,bmiller +users:*::podman,lphares,bmiller,persa nogroup:*:: systemd-journal:!*:: systemd-network:!*:: @@ -58,10 +58,12 @@ landscape:!:: fwupd-refresh:!*:: netdev:!:: phares:!:: -pihole:!::www-data podman:!:: -lphares:!::bmiller +lphares:!::bmiller,persa bmiller:!:: unbound:!:: cockpit-ws:!:: cockpit-wsinstance:!:: +pcp:!:: +persa:!:: +redis:!:: diff --git a/etc/gshadow- b/etc/gshadow- index 2d26ab0..9c9a2e8 100644 --- a/etc/gshadow- +++ b/etc/gshadow- @@ -34,7 +34,7 @@ sasl:*:: plugdev:*::phares staff:*:: games:*:: -users:*::pihole,podman,lphares,bmiller +users:*::podman,lphares,bmiller,persa nogroup:*:: systemd-journal:!*:: systemd-network:!*:: @@ -58,9 +58,11 @@ landscape:!:: fwupd-refresh:!*:: netdev:!:: phares:!:: -pihole:!::www-data podman:!:: -lphares:!::bmiller +lphares:!::bmiller,persa bmiller:!:: unbound:!:: cockpit-ws:!:: +cockpit-wsinstance:!:: +pcp:!:: +persa:!:: diff --git a/etc/letsencrypt/archive/phares3757.ddns.net/cert2.pem b/etc/letsencrypt/archive/phares3757.ddns.net/cert2.pem new file mode 100644 index 0000000..8816106 --- /dev/null +++ b/etc/letsencrypt/archive/phares3757.ddns.net/cert2.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEvTCCBEOgAwIBAgISA8Rpfo5CToGTmLm5xS3DeDfoMAoGCCqGSM49BAMDMDIx +CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF +NjAeFw0yNDA4MDUyMTM3MDRaFw0yNDExMDMyMTM3MDNaMB4xHDAaBgNVBAMTE3Bo +YXJlczM3NTcuZGRucy5uZXQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQPJlBf +3XfrNcWGKQcOH9xS1X9UcBSiyFIva+mn524DDCYpB2aSLpEY1JdqGnbnDn0kBGgY +ZG5AoTspEWQvkn34o4IDSzCCA0cwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQG +CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSbfnI9 +DTkeKYqQTpJvsEmrG209UTAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU +0jBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNi5vLmxlbmNy +Lm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U2LmkubGVuY3Iub3JnLzCCAVIGA1Ud +EQSCAUkwggFFgg9hZmZpcm0uZGRucy5uZXSCF2NoYXQucGhhcmVzLmR1Y2tkbnMu +b3Jnghhkcml2ZS5waGFyZXMuZHVja2Rucy5vcmeCGGdpdGVhLnBoYXJlcy5kdWNr +ZG5zLm9yZ4IVaGEucGhhcmVzLmR1Y2tkbnMub3JnghlpbW1pY2gucGhhcmVzLmR1 +Y2tkbnMub3JnghhtdXNpYy5waGFyZXMuZHVja2Rucy5vcmeCEnBoYXJlcy5kdWNr +ZG5zLm9yZ4ITcGhhcmVzMzc1Ny5kZG5zLm5ldIIZcGhvdG9zLnBoYXJlcy5kdWNr +ZG5zLm9yZ4IZcXVhcnR6LnBoYXJlcy5kdWNrZG5zLm9yZ4IadHJhY2Nhci5waGFy +ZXMuZHVja2Rucy5vcmeCHnZhdWx0d2FyZGVuLnBoYXJlcy5kdWNrZG5zLm9yZzAT +BgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AD8X +S0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/KIXs+GRuAAABkSSvAAsAAAQDAEcwRQIg +JDDuoD1dGwEJXVMv6ejxDSA5egmmYy4+j5+CqWyAch4CIQD6azMSASbZZ/+63NoR +igd/G/woCeUvJJkNFfsqmeCFNQB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FI +WUZxH7WbAAABkSSvAAYAAAQDAEcwRQIhALl/GZSFMEMfiR0OvlHMxQQFl6+q8vuS +bFo/u9BCK0OZAiB02RbuxpKCvSXLAwKIzYnmsy+t3ip0mKKrRyx42Kz82DAKBggq +hkjOPQQDAwNoADBlAjEAvBDbAOHHkTzjxYKmNrJ1NDBv+rjjszQbLvrqPKij8YO5 +rdvW1ty2j0oQbKLiX8T2AjBgZhfrlHHRXOTYYwao5Sf1b3dNfFcv0be+aQjMTHWF +A3WZcUHjqZsHHqeaZiWgzlw= +-----END CERTIFICATE----- diff --git a/etc/letsencrypt/archive/phares3757.ddns.net/chain2.pem b/etc/letsencrypt/archive/phares3757.ddns.net/chain2.pem new file mode 100644 index 0000000..65797c8 --- /dev/null +++ b/etc/letsencrypt/archive/phares3757.ddns.net/chain2.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw +WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg +RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G +h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV +6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw +gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD +ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj +v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB +AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g +BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu +Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc +MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL +pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp +eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH +pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7 +s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu +h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv +YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8 +ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0 +LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+ +EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY +Ig46v9mFmBvyH04= +-----END CERTIFICATE----- diff --git a/etc/letsencrypt/archive/phares3757.ddns.net/fullchain2.pem b/etc/letsencrypt/archive/phares3757.ddns.net/fullchain2.pem new file mode 100644 index 0000000..7860748 --- /dev/null +++ b/etc/letsencrypt/archive/phares3757.ddns.net/fullchain2.pem @@ -0,0 +1,54 @@ +-----BEGIN CERTIFICATE----- +MIIEvTCCBEOgAwIBAgISA8Rpfo5CToGTmLm5xS3DeDfoMAoGCCqGSM49BAMDMDIx +CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF +NjAeFw0yNDA4MDUyMTM3MDRaFw0yNDExMDMyMTM3MDNaMB4xHDAaBgNVBAMTE3Bo +YXJlczM3NTcuZGRucy5uZXQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQPJlBf +3XfrNcWGKQcOH9xS1X9UcBSiyFIva+mn524DDCYpB2aSLpEY1JdqGnbnDn0kBGgY +ZG5AoTspEWQvkn34o4IDSzCCA0cwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQG +CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSbfnI9 +DTkeKYqQTpJvsEmrG209UTAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU +0jBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNi5vLmxlbmNy +Lm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U2LmkubGVuY3Iub3JnLzCCAVIGA1Ud +EQSCAUkwggFFgg9hZmZpcm0uZGRucy5uZXSCF2NoYXQucGhhcmVzLmR1Y2tkbnMu +b3Jnghhkcml2ZS5waGFyZXMuZHVja2Rucy5vcmeCGGdpdGVhLnBoYXJlcy5kdWNr +ZG5zLm9yZ4IVaGEucGhhcmVzLmR1Y2tkbnMub3JnghlpbW1pY2gucGhhcmVzLmR1 +Y2tkbnMub3JnghhtdXNpYy5waGFyZXMuZHVja2Rucy5vcmeCEnBoYXJlcy5kdWNr +ZG5zLm9yZ4ITcGhhcmVzMzc1Ny5kZG5zLm5ldIIZcGhvdG9zLnBoYXJlcy5kdWNr +ZG5zLm9yZ4IZcXVhcnR6LnBoYXJlcy5kdWNrZG5zLm9yZ4IadHJhY2Nhci5waGFy +ZXMuZHVja2Rucy5vcmeCHnZhdWx0d2FyZGVuLnBoYXJlcy5kdWNrZG5zLm9yZzAT +BgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AD8X +S0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/KIXs+GRuAAABkSSvAAsAAAQDAEcwRQIg +JDDuoD1dGwEJXVMv6ejxDSA5egmmYy4+j5+CqWyAch4CIQD6azMSASbZZ/+63NoR +igd/G/woCeUvJJkNFfsqmeCFNQB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FI +WUZxH7WbAAABkSSvAAYAAAQDAEcwRQIhALl/GZSFMEMfiR0OvlHMxQQFl6+q8vuS +bFo/u9BCK0OZAiB02RbuxpKCvSXLAwKIzYnmsy+t3ip0mKKrRyx42Kz82DAKBggq +hkjOPQQDAwNoADBlAjEAvBDbAOHHkTzjxYKmNrJ1NDBv+rjjszQbLvrqPKij8YO5 +rdvW1ty2j0oQbKLiX8T2AjBgZhfrlHHRXOTYYwao5Sf1b3dNfFcv0be+aQjMTHWF +A3WZcUHjqZsHHqeaZiWgzlw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw +WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg +RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G +h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV +6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw +gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD +ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj +v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB +AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g +BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu +Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc +MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL +pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp +eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH +pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7 +s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu +h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv +YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8 +ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0 +LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+ +EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY +Ig46v9mFmBvyH04= +-----END CERTIFICATE----- diff --git a/etc/letsencrypt/archive/phares3757.ddns.net/privkey2.pem b/etc/letsencrypt/archive/phares3757.ddns.net/privkey2.pem new file mode 100644 index 0000000..5b777ca --- /dev/null +++ b/etc/letsencrypt/archive/phares3757.ddns.net/privkey2.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgMkDpXWGeiqjE5WNj +mBuqwMXseOQuX9tv3SvZvQ761VOhRANCAAQPJlBf3XfrNcWGKQcOH9xS1X9UcBSi +yFIva+mn524DDCYpB2aSLpEY1JdqGnbnDn0kBGgYZG5AoTspEWQvkn34 +-----END PRIVATE KEY----- diff --git a/etc/letsencrypt/ha/fullchain.pem b/etc/letsencrypt/ha/fullchain.pem new file mode 100644 index 0000000..d5c04ce --- /dev/null +++ b/etc/letsencrypt/ha/fullchain.pem @@ -0,0 +1,50 @@ +-----BEGIN CERTIFICATE----- +MIID6zCCA3GgAwIBAgISA4snn7ZkkZV8ytXbnWtDcJgdMAoGCCqGSM49BAMDMDIx +CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF +NTAeFw0yNDEwMDYwNzU5MzRaFw0yNTAxMDQwNzU5MzNaMB0xGzAZBgNVBAMTEmFm +ZmlybS5kdWNrZG5zLm9yZzB2MBAGByqGSM49AgEGBSuBBAAiA2IABEzQCCWLkZD8 +R1rHsE1iNmoobwtfihmN78eB9zVu+FdWRkOyClBXm+sZQl4rNf7NfDiV6bZ4dz13 +fs/45z52PTWk6n2zP4c2Dgh/MESaxv9UaLvq4OjX4Bqd/OH1WuigHaOCAl0wggJZ +MA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw +DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUL+qPS4dEIsg41TGo25We68CvRIAwHwYD +VR0jBBgwFoAUnytfzzwhT50Et+0rLMTGcIvS1w0wVQYIKwYBBQUHAQEESTBHMCEG +CCsGAQUFBzABhhVodHRwOi8vZTUuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0 +dHA6Ly9lNS5pLmxlbmNyLm9yZy8wZQYDVR0RBF4wXIISYWZmaXJtLmR1Y2tkbnMu +b3JnghVoYS1waGFyZXMuZHVja2Rucy5vcmeCEnBoYXJlcy5kdWNrZG5zLm9yZ4Ib +c3lub2xvZ3ktcGhhcmVzLmR1Y2tkbnMub3JnMBMGA1UdIAQMMAowCAYGZ4EMAQIB +MIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYAzxFW7tUufK/zh1vZaS6b6RpxZ0qw +F+ysAdJbd87MOwgAAAGSYQzXTgAABAMARzBFAiEArfAVmkU+kJaHWipGCCPT7eVw +auk98aCxSEvIOD0Y+RsCIAnhbHMNuDAenJ8ZyRhtGmSCwMPRbLRnwcWbO7TFqxqf +AHcAouMK5EXvva2bfjjtR2d3U9eCW4SU1yteGyzEuVCkR+cAAAGSYQze4QAABAMA +SDBGAiEA+Vocdjpsc7/jUu9L5KjXO+Jnrp98MOnM0FEJN0hJU+wCIQD/HOM6C6H8 +ZxTaopyvNyWVylw5ooPuSpuJ1Xf8brNjATAKBggqhkjOPQQDAwNoADBlAjEA8aBN +tJqelSOy/mnypFRI6qrvGegu7tKgghqUw0XWy56u8zMVmtksglEJtcMkf3ZlAjBh +15d+rRL3k+xXAaOE1YesxGhIUqJO1JiMHeQ6mgOE6vOMJYKhmUjrZ3P70XoEC7E= +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw +WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg +RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK +a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO +VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw +gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD +ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw +i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB +AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g +BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu +Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C +2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+ +bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG +6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV +XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO +koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq +cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI +E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e +K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX +GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL +sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd +VQD9F6Na/+zmXCc= +-----END CERTIFICATE----- diff --git a/etc/letsencrypt/ha/privkey.pem b/etc/letsencrypt/ha/privkey.pem new file mode 100644 index 0000000..cde92b4 --- /dev/null +++ b/etc/letsencrypt/ha/privkey.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PRIVATE KEY----- +MIGkAgEBBDAK5i0BgRa7SIcpCykadElWV5mBrW+xOWg1Sse0Zx8TEx8fuMiz6js3 +CcVzHS0YjiegBwYFK4EEACKhZANiAARM0Agli5GQ/Edax7BNYjZqKG8LX4oZje/H +gfc1bvhXVkZDsgpQV5vrGUJeKzX+zXw4lem2eHc9d37P+Oc+dj01pOp9sz+HNg4I +fzBEmsb/VGi76uDo1+Aanfzh9VrooB0= +-----END EC PRIVATE KEY----- diff --git a/etc/lighttpd/lighttpd.conf b/etc/lighttpd/lighttpd.conf deleted file mode 100644 index 032773b..0000000 --- a/etc/lighttpd/lighttpd.conf +++ /dev/null @@ -1,61 +0,0 @@ -### Documentation -# https://wiki.lighttpd.net/ -# -### Configuration Syntax -# https://wiki.lighttpd.net/Docs_Configuration -# -### Configuration Options -# https://wiki.lighttpd.net/Docs_ConfigurationOptions -# - -### Debian lighttpd base configuration - -server.modules = ( - "mod_indexfile", - "mod_access", - "mod_alias", - "mod_redirect", -) - -server.document-root = "/var/www/html" -server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) -server.errorlog = "/var/log/lighttpd/error.log" -server.pid-file = "/run/lighttpd.pid" -server.username = "www-data" -server.groupname = "www-data" -server.port = 8005 - -# strict parsing and normalization of URL for consistency and security -# https://wiki.lighttpd.net/Server_http-parseoptsDetails -# (might need to explicitly set "url-path-2f-decode" = "disable" -# if a specific application is encoding URLs inside url-path) -server.http-parseopts = ( - "header-strict" => "enable",# default - "host-strict" => "enable",# default - "host-normalize" => "enable",# default - "url-normalize-unreserved"=> "enable",# recommended highly - "url-normalize-required" => "enable",# recommended - "url-ctrls-reject" => "enable",# recommended - "url-path-2f-decode" => "enable",# recommended highly (unless breaks app) - #"url-path-2f-reject" => "enable", - "url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app) - #"url-path-dotseg-reject" => "enable", - #"url-query-20-plus" => "enable",# consistency in query string - "url-invalid-utf8-reject" => "enable",# recommended highly (unless breaks app) -) - -index-file.names = ( "index.php", "index.html" ) -url.access-deny = ( "~", ".inc" ) -static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) - -include_shell "/usr/share/lighttpd/create-mime.conf.pl" -include "/etc/lighttpd/conf-enabled/*.conf" - -# default listening port for IPv6 is same as default IPv4 port -include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port - -### Customizations -# customizations should generally be placed in separate files such as -# /etc/lighttpd/conf-available/00_vars.conf # override variables for *.conf -# /etc/lighttpd/conf-available/99_custom.conf # override *.conf settings -# and then enabled using lighty-enable-mod (1) diff --git a/etc/nginx/sites-available/default b/etc/nginx/sites-available/default index 53fcb98..39795f5 100644 --- a/etc/nginx/sites-available/default +++ b/etc/nginx/sites-available/default @@ -7,38 +7,48 @@ server { try_files $uri $uri/ =404; } } -include /etc/nginx/include/affirm.conf; -# include /etc/nginx/include/ansible.conf; -# include /etc/nginx/include/assistant.conf; -# include /etc/nginx/include/casa.conf; -# include /etc/nginx/include/codeserver.conf; -include /etc/nginx/include/dashkiosk.conf; -# include /etc/nginx/include/dockge.conf; -# include /etc/nginx/include/docmost.conf; -# include /etc/nginx/include/emby.conf; -# include /etc/nginx/include/filebrowser.conf; -# include /etc/nginx/include/gogs.conf; -include /etc/nginx/include/gitea.conf; -include /etc/nginx/include/ha.conf; -include /etc/nginx/include/immich.conf; -# include /etc/nginx/include/incus.conf; -# include /etc/nginx/include/invoice.conf; -# include /etc/nginx/include/lxconsole.conf; -# include /etc/nginx/include/kestra.conf; -include /etc/nginx/include/music.conf; -# include /etc/nginx/include/nextcloud.conf; -# include /etc/nginx/include/owncast.conf; -include /etc/nginx/include/phares.conf; -include /etc/nginx/include/pgadmin.conf; -# include /etc/nginx/include/photoprism.conf; -# include /etc/nginx/include/pihole.conf; -# include /etc/nginx/include/proxmox.conf; -include /etc/nginx/include/quartz.conf; -# include /etc/nginx/include/readeck.conf; -# include /etc/nginx/include/syncthing.conf; -# include /etc/nginx/include/terraform.conf; -include /etc/nginx/include/umbrel.conf; -# include /etc/nginx/include/uptimekuma.conf; -include /etc/nginx/include/vaultwarden.conf; -# include /etc/nginx/include/vscodium.conf; -# include /etc/nginx/include/wekan.conf; \ No newline at end of file +include /etc/nginx/include/adguard.conf; # https://adguard.phares.duckddns.org # http://localhost:3002/; +include /etc/nginx/include/affirm.conf; # https://affirm.phares.duckddns.org # http://localhost:8069/; +# include /etc/nginx/include/ansible.conf; # https://ansible.phares.duckddns.org # https://192.168.12.15/; +# include /etc/nginx/include/assistant.conf; # https://assistant.phares.duckddns.org # http://192.168.12.17:5001/; +include /etc/nginx/include/baikal.conf; # https://baikal.phares.duckddns.org # http://localhost:8001/; +# include /etc/nginx/include/casa.conf; # https://casa.phares.duckddns.org # http://10.131.57.60/; +include /etc/nginx/include/chat.conf; # https://chat.phares.duckddns.org # https://192.168.11.6:5001/; +include /etc/nginx/include/cockpit.conf; # https://cockpit.phares.duckddns.org # http://localhost:9090/; +# include /etc/nginx/include/codeserver.conf; # https://codeserver.phares.duckddns.org # http://localhost:5007/; +include /etc/nginx/include/dashkiosk.conf; # https://dashkiosk.phares.duckddns.org # http://localhost:9400/; +include /etc/nginx/include/diskstation.conf; # https://diskstation.phares.duckddns.org # https://192.168.11.6:5001/; +# include /etc/nginx/include/dockge.conf; # https://dockge.phares.duckddns.org # http://localhost:5001/; +# include /etc/nginx/include/docmost.conf; # https://docmost.phares.duckddns.org # http://localhost:5006/; +include /etc/nginx/include/drive.conf; # https://drive.phares.duckddns.org # https://192.168.11.6:5001/; +# include /etc/nginx/include/emby.conf; # https://emby.phares.duckddns.org # http://10.131.57.134:8096/; +# include /etc/nginx/include/filebrowser.conf; # https://filebrowser.phares.duckddns.org # http://localhost:8080/; +include /etc/nginx/include/gitea.conf; # https://gitea.phares.duckddns.org # http://localhost:3000/; +# include /etc/nginx/include/gogs.conf; # https://gogs.phares.duckddns.org # http://localhost:3000/; +include /etc/nginx/include/ha.conf; # https://ha.phares.duckddns.org # http://192.168.0.41:8123/; +# include /etc/nginx/include/haos.conf; # https://haos.phares.duckddns.org # http://192.168.0.41:8123/; +include /etc/nginx/include/immich.conf; # https://immich.phares.duckddns.org # http://localhost:3001/; +# include /etc/nginx/include/incus.conf; # https://incus.phares.duckddns.org # http://localhost:5004/; +# include /etc/nginx/include/invoice.conf; # https://invoice.phares.duckddns.org # https://192.168.12.14/; +# include /etc/nginx/include/kestra.conf; # https://kestra.phares.duckddns.org # http://localhost:5002/; +# include /etc/nginx/include/lxconsole.conf; # https://lxconsole.phares.duckddns.org # http://localhost:5004/; +include /etc/nginx/include/music.conf; # https://music.phares.duckddns.org # +# include /etc/nginx/include/nextcloud.conf; # https://nextcloud.phares.duckddns.org # http://localhost:8081/; +# include /etc/nginx/include/owncast.conf; # https://owncast.phares.duckddns.org # http://10.131.57.141:8080/; +include /etc/nginx/include/pgadmin.conf; # https://pgadmin.phares.duckddns.org # http://localhost:5007/; +include /etc/nginx/include/phares.conf; # https://phares.phares.duckddns.org # +# include /etc/nginx/include/photoprism.conf; # https://photoprism.phares.duckddns.org # http://192.168.12.11:2342/; +include /etc/nginx/include/photos.conf; # https://photos.phares.duckddns.org # https://192.168.11.6:5001/; +# include /etc/nginx/include/pihole.conf; # https://pihole.phares.duckddns.org # http://localhost:8005/admin/; +# include /etc/nginx/include/proxmox.conf; # https://proxmox.phares.duckddns.org # https://localhost:8006/; +include /etc/nginx/include/quartz.conf; # https://quartz.phares.duckddns.org # http://localhost:8069/; +# include /etc/nginx/include/readeck.conf; # https://readeck.phares.duckddns.org # http://192.168.12.19:8000/; +# include /etc/nginx/include/syncthing.conf; # https://syncthing.phares.duckddns.org # https://localhost:8443/; +# include /etc/nginx/include/terraform.conf; # https://terraform.phares.duckddns.org # http://localhost:5001/; +include /etc/nginx/include/traccar.conf; # https://traccar.phares.duckddns.org # http://localhost:3000/; +# include /etc/nginx/include/umbrel.conf; # https://umbrel.phares.duckddns.org # http://192.168.11.20/; +# include /etc/nginx/include/uptimekuma.conf; # https://uptimekuma.phares.duckddns.org # http://192.168.12.10:3001/; +include /etc/nginx/include/vaultwarden.conf; # https://vaultwarden.phares.duckddns.org # http://localhost:5008/; +# include /etc/nginx/include/vscodium.conf; # https://vscodium.phares.duckddns.org # http://10.131.57.190:3000/; +# include /etc/nginx/include/wekan.conf; # https://wekan.phares.duckddns.org # http://localhost:5003/; +include /etc/nginx/include/xandikos.conf; # https://xandikos.phares.duckddns.org # http://localhost:8000/; \ No newline at end of file diff --git a/etc/passwd b/etc/passwd index 9636fde..5aa0e1b 100644 --- a/etc/passwd +++ b/etc/passwd @@ -32,7 +32,6 @@ fwupd-refresh:x:989:989:Firmware update daemon:/var/lib/fwupd:/usr/sbin/nologin usbmux:x:108:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin sshd:x:109:65534::/run/sshd:/usr/sbin/nologin phares:x:1000:1000:Mike Phares:/home/phares:/bin/bash -pihole:x:1001:1001:Pi-hole,,,:/home/pihole:/bin/bash podman:x:1002:1002:Podman,,,:/home/podman:/bin/bash lphares:x:1003:1003:Logan Phares,,,:/home/lphares:/bin/bash bmiller:x:1004:1004:Bill Miller,,,:/home/bmiller:/bin/bash @@ -40,3 +39,6 @@ unbound:x:110:111::/var/lib/unbound:/usr/sbin/nologin dnsmasq:x:999:65534:dnsmasq:/var/lib/misc:/usr/sbin/nologin cockpit-ws:x:111:112::/nonexistent:/usr/sbin/nologin cockpit-wsinstance:x:112:113::/nonexistent:/usr/sbin/nologin +pcp:x:996:988:Performance Co-Pilot:/var/lib/pcp:/usr/sbin/nologin +persa:x:1001:1001:Persaya Cortez,,,:/home/persa:/bin/bash +redis:x:113:114::/var/lib/redis:/usr/sbin/nologin diff --git a/etc/passwd- b/etc/passwd- index 04358ac..e6fef23 100644 --- a/etc/passwd- +++ b/etc/passwd- @@ -32,10 +32,12 @@ fwupd-refresh:x:989:989:Firmware update daemon:/var/lib/fwupd:/usr/sbin/nologin usbmux:x:108:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin sshd:x:109:65534::/run/sshd:/usr/sbin/nologin phares:x:1000:1000:Mike Phares:/home/phares:/bin/bash -pihole:x:1001:1001:Pi-hole,,,:/home/pihole:/bin/bash podman:x:1002:1002:Podman,,,:/home/podman:/bin/bash lphares:x:1003:1003:Logan Phares,,,:/home/lphares:/bin/bash bmiller:x:1004:1004:Bill Miller,,,:/home/bmiller:/bin/bash unbound:x:110:111::/var/lib/unbound:/usr/sbin/nologin dnsmasq:x:999:65534:dnsmasq:/var/lib/misc:/usr/sbin/nologin cockpit-ws:x:111:112::/nonexistent:/usr/sbin/nologin +cockpit-wsinstance:x:112:113::/nonexistent:/usr/sbin/nologin +pcp:x:996:988:Performance Co-Pilot:/var/lib/pcp:/usr/sbin/nologin +persa:x:1001:1001:Persaya Cortez,,,:/home/persa:/bin/bash diff --git a/etc/pihole/custom.list b/etc/pihole/custom.list deleted file mode 100644 index ab9bf9d..0000000 --- a/etc/pihole/custom.list +++ /dev/null @@ -1,84 +0,0 @@ -192.168.0.21 free.file.sync.k0308 -192.168.0.31 free.file.sync.media -192.168.0.41 free.file.sync.mikep -192.168.0.42 free.file.sync.lphar -192.168.0.43 free.file.sync.loft -192.168.11.2 beelink.server -192.168.11.3 solar.iot -192.168.11.4 NPI84AE43.printer -192.168.11.5 kristy.laptop -192.168.11.6 kristy.desktop -192.168.11.7 samsung.tv -192.168.11.8 playstation5.console -192.168.11.9 ultra.roku -192.168.11.10 asus.laptop -192.168.11.11 logan.desktop -192.168.11.12 trigkey.desktop -192.168.11.13 mackenzie.tv -192.168.11.14 infineon.iscn5cg3256cps.com -192.168.11.15 yamaha.main.iot -192.168.11.16 chelsea.desktop -192.168.11.17 raspberry.server -192.168.11.18 xbox.one.console -192.168.11.19 2519.usb -192.168.11.20 minisforum.desktop -192.168.11.21 minisforum.desktop -192.168.11.22 atom.usb -192.168.11.23 knew.desktop -192.168.11.72 mackenzie.macbook -192.168.11.73 mackenzie.laptop -192.168.11.74 jason.console -192.168.11.75 samsung.chromebook -192.168.11.76 donna.phone -192.168.11.77 donna.tablet -192.168.11.78 laundry.iot -192.168.11.79 porch.back.iot -192.168.11.80 entry.light.iot -192.168.11.81 entry.lamp.iot -192.168.11.82 chelsea.school -192.168.11.83 xbox.one.console -192.168.11.84 samsung.tv -192.168.11.85 plug.1.iot -192.168.11.86 zero.server -192.168.11.87 office.echo -192.168.11.88 unknown.unknown -192.168.11.89 logan.school -192.168.11.90 upstairs.iot -192.168.11.91 switch.console -192.168.11.92 living.iot -192.168.11.93 mike.phone -192.168.11.94 master.echo -192.168.11.95 logan.phone -192.168.11.96 kristy.paperwhite -192.168.11.97 chelsea.iot -192.168.11.98 garage.left.iot -192.168.11.99 garage.right.iot -192.168.11.100 logan.iot -192.168.11.101 porch.front.iot -192.168.11.102 kristy.phone -192.168.11.103 clock.iot -192.168.11.104 chelsea.old.school -192.168.11.105 lamp.iot -192.168.11.106 pictures.iot -192.168.11.107 chelsea.chromebook -192.168.11.108 kitchen.echo -192.168.11.109 saya.phone -192.168.11.110 infineon.iscn5cg3256cps.com -192.168.11.111 green.echo -192.168.11.112 playstation5.console -192.168.11.113 kristy.fire -192.168.11.114 oculas.console -192.168.11.115 chelsea.fire -192.168.11.116 chelsea.phone -192.168.11.117 logan.tablet -192.168.11.118 alarm.iot -192.168.11.119 trigkey.desktop -192.168.11.120 master.iot -192.168.11.121 ikea.iot -192.168.11.122 sprinklers.iot -192.168.11.123 chelsea.echo -192.168.11.124 mackenzie.phone -192.168.11.125 loft.echo -192.168.11.126 logan.chromebook -192.168.11.253 sengled.color.iot -192.168.11.254 sengled.white.iot \ No newline at end of file diff --git a/etc/pihole/dhcp.leases b/etc/pihole/dhcp.leases deleted file mode 100644 index e69de29..0000000 diff --git a/etc/pihole/setupVars.conf b/etc/pihole/setupVars.conf deleted file mode 100644 index 7080dca..0000000 --- a/etc/pihole/setupVars.conf +++ /dev/null @@ -1,14 +0,0 @@ -PIHOLE_INTERFACE=enp2s0 -QUERY_LOGGING=true -INSTALL_WEB_SERVER=true -INSTALL_WEB_INTERFACE=true -LIGHTTPD_ENABLED=true -CACHE_SIZE=10000 -DNS_FQDN_REQUIRED=true -DNS_BOGUS_PRIV=true -DNSMASQ_LISTENING=local -WEBPASSWORD=4f2f4f253d64a90315c0ace8a61b6b6e828f8d8d996b0a0b0e153230617bedd3 -BLOCKING_ENABLED=true -PIHOLE_DNS_1=127.0.0.1#5335 -DNSSEC=false -REV_SERVER=false diff --git a/etc/shadow b/etc/shadow index bb2dcb1..476f8ca 100644 --- a/etc/shadow +++ b/etc/shadow @@ -32,7 +32,6 @@ fwupd-refresh:!*:19836:::::: usbmux:!:19929:::::: sshd:!:19929:::::: phares:$y$j9T$mk3Fb5hENQkN//RvJPyB6.$xdsox1L6gnbZibmeEsveAMNjZ22J7sIEz.W957Osj1A:19930:0:99999:7::: -pihole:$y$j9T$k223Uf777oEQZtuag6kXO1$vfa4e7EdalU7A9ECEoPJ7QHnN9Bkylct7kNIHZYXGP8:19929:0:99999:7::: podman:$y$j9T$kuuH4dAlA8LAbBASzBA6y/$9xVT4/nstOeIVTVoil/WSUKMIyePo8dKBXDByMm.qG5:19929:0:99999:7::: lphares:$y$j9T$m33.tZHwrEl7X.ovXN.a7/$z2We2A72fQMDkSQIYetbXuNNTk8YHNEvQeisSwtmo6C:19929:0:99999:7::: bmiller:$y$j9T$sYFlvEEV1yntCl3CeN8M70$CpuMQrO3K9NFF122NsJWvM5nxnQK8EXvmD3C41.JZm8:19929:0:99999:7::: @@ -40,3 +39,6 @@ unbound:!:19929:::::: dnsmasq:!:19930:::::: cockpit-ws:!:19930:::::: cockpit-wsinstance:!:19930:::::: +pcp:!:19938:::::: +persa:$y$j9T$9AiaUMaouaQcqO9TOrKZe.$XSerhwFhjwluy/xONVpJVUmeQfXk/qasTO6FCFmw9E1:19978:0:99999:7::: +redis:!:20001:::::: diff --git a/etc/shadow- b/etc/shadow- index 254e3b8..5883a05 100644 --- a/etc/shadow- +++ b/etc/shadow- @@ -31,11 +31,13 @@ landscape:!:19836:::::: fwupd-refresh:!*:19836:::::: usbmux:!:19929:::::: sshd:!:19929:::::: -phares:$6$X.bTmW8z9/2WwB08$pivFW7YtPuGBou4Ut7eB1Y1ELwOVumy5tJYMf/RTQgkdUWzkKs9jndwfuVzTRlknbyGzA4A1lPImVtVHOCyBs/:19929:0:99999:7::: -pihole:$y$j9T$k223Uf777oEQZtuag6kXO1$vfa4e7EdalU7A9ECEoPJ7QHnN9Bkylct7kNIHZYXGP8:19929:0:99999:7::: +phares:$y$j9T$mk3Fb5hENQkN//RvJPyB6.$xdsox1L6gnbZibmeEsveAMNjZ22J7sIEz.W957Osj1A:19930:0:99999:7::: podman:$y$j9T$kuuH4dAlA8LAbBASzBA6y/$9xVT4/nstOeIVTVoil/WSUKMIyePo8dKBXDByMm.qG5:19929:0:99999:7::: lphares:$y$j9T$m33.tZHwrEl7X.ovXN.a7/$z2We2A72fQMDkSQIYetbXuNNTk8YHNEvQeisSwtmo6C:19929:0:99999:7::: bmiller:$y$j9T$sYFlvEEV1yntCl3CeN8M70$CpuMQrO3K9NFF122NsJWvM5nxnQK8EXvmD3C41.JZm8:19929:0:99999:7::: unbound:!:19929:::::: dnsmasq:!:19930:::::: cockpit-ws:!:19930:::::: +cockpit-wsinstance:!:19930:::::: +pcp:!:19938:::::: +persa:$y$j9T$9AiaUMaouaQcqO9TOrKZe.$XSerhwFhjwluy/xONVpJVUmeQfXk/qasTO6FCFmw9E1:19978:0:99999:7::: diff --git a/etc/systemd/resolved.conf b/etc/systemd/resolved.conf index 87fd639..e4dba1f 100644 --- a/etc/systemd/resolved.conf +++ b/etc/systemd/resolved.conf @@ -30,7 +30,7 @@ #LLMNR=no #Cache=no-negative #CacheFromLocalhost=no -DNSStubListener=no +#DNSStubListener=yes #DNSStubListenerExtra= #ReadEtcHosts=yes #ResolveUnicastSingleLabel=no diff --git a/etc/systemd/system/snap.adguard-home.adguard-home.service b/etc/systemd/system/snap.adguard-home.adguard-home.service new file mode 100644 index 0000000..405e84c --- /dev/null +++ b/etc/systemd/system/snap.adguard-home.adguard-home.service @@ -0,0 +1,19 @@ +[Unit] +# Auto-generated, DO NOT EDIT +Description=Service for snap application adguard-home.adguard-home +Requires=snap-adguard\x2dhome-7366.mount +Wants=network.target +After=snap-adguard\x2dhome-7366.mount network.target snapd.apparmor.service +X-Snappy=yes + +[Service] +EnvironmentFile=-/etc/environment +ExecStart=/usr/bin/snap run adguard-home +SyslogIdentifier=adguard-home.adguard-home +Restart=always +WorkingDirectory=/var/snap/adguard-home/7366 +TimeoutStopSec=30 +Type=simple + +[Install] +WantedBy=multi-user.target diff --git a/etc/systemd/system/snap.certbot.renew.timer b/etc/systemd/system/snap.certbot.renew.timer index 9a93056..7edaa29 100644 --- a/etc/systemd/system/snap.certbot.renew.timer +++ b/etc/systemd/system/snap.certbot.renew.timer @@ -7,8 +7,8 @@ X-Snappy=yes [Timer] Unit=snap.certbot.renew.service -OnCalendar=*-*-* 11:27 -OnCalendar=*-*-* 15:45 +OnCalendar=*-*-* 07:46 +OnCalendar=*-*-* 19:29 [Install] WantedBy=timers.target diff --git a/etc/systemd/system/snap.ubuntu-frame.daemon.service b/etc/systemd/system/snap.ubuntu-frame.daemon.service index 4169a7b..96f4218 100644 --- a/etc/systemd/system/snap.ubuntu-frame.daemon.service +++ b/etc/systemd/system/snap.ubuntu-frame.daemon.service @@ -1,9 +1,9 @@ [Unit] # Auto-generated, DO NOT EDIT Description=Service for snap application ubuntu-frame.daemon -Requires=snap-ubuntu\x2dframe-9750.mount +Requires=snap-ubuntu\x2dframe-10823.mount Wants=network.target -After=snap-ubuntu\x2dframe-9750.mount network.target snapd.apparmor.service +After=snap-ubuntu\x2dframe-10823.mount network.target snapd.apparmor.service X-Snappy=yes [Service] @@ -12,7 +12,7 @@ ExecStart=/usr/bin/snap run ubuntu-frame.daemon SyslogIdentifier=ubuntu-frame.daemon Restart=on-failure RestartSec=3 -WorkingDirectory=/var/snap/ubuntu-frame/9750 +WorkingDirectory=/var/snap/ubuntu-frame/10823 TimeoutStopSec=30 Type=simple diff --git a/etc/unbound/unbound.conf b/etc/unbound/unbound.conf deleted file mode 100644 index fa5185f..0000000 --- a/etc/unbound/unbound.conf +++ /dev/null @@ -1,10 +0,0 @@ -# Unbound configuration file for Debian. -# -# See the unbound.conf(5) man page. -# -# See /usr/share/doc/unbound/examples/unbound.conf for a commented -# reference config file. -# -# The following line includes additional configuration files from the -# /etc/unbound/unbound.conf.d directory. -include-toplevel: "/etc/unbound/unbound.conf.d/*.conf" diff --git a/home/podman/.config/containers/systemd/baikal-server-config.volume b/home/podman/.config/containers/systemd/baikal-server-config.volume new file mode 100644 index 0000000..a153d05 --- /dev/null +++ b/home/podman/.config/containers/systemd/baikal-server-config.volume @@ -0,0 +1 @@ +[Volume] \ No newline at end of file diff --git a/home/podman/.config/containers/systemd/baikal-server-data.volume b/home/podman/.config/containers/systemd/baikal-server-data.volume new file mode 100644 index 0000000..a153d05 --- /dev/null +++ b/home/podman/.config/containers/systemd/baikal-server-data.volume @@ -0,0 +1 @@ +[Volume] \ No newline at end of file diff --git a/home/podman/.config/containers/systemd/baikal-server.container b/home/podman/.config/containers/systemd/baikal-server.container new file mode 100644 index 0000000..4b7d1d1 --- /dev/null +++ b/home/podman/.config/containers/systemd/baikal-server.container @@ -0,0 +1,24 @@ +[Container] +AutoUpdate=registry +ContainerName=baikal-server +Image=docker.io/ckulka/baikal:latest +PublishPort=8001:80 +Volume=baikal-server-config.volume:/var/www/baikal/config:Z +Volume=baikal-server-data.volume:/var/www/baikal/Specific:Z + +[Service] +Restart=no + +[Install] +WantedBy=multi-user.target default.target + +# podman pull docker.io/ckulka/baikal:latest +# systemctl --user daemon-reload +# systemctl --user start baikal-server +# systemctl --user status baikal-server +# journalctl -fu baikal-server.service +# podman logs baikal-server +# systemctl --user stop baikal-server +# systemctl --user disable baikal-server +# podman exec -ti baikal-server /bin/sh +# podman exec -ti baikal-server /bin/bash diff --git a/home/podman/.config/containers/systemd/immich-card-dav.container b/home/podman/.config/containers/systemd/immich-card-dav.container new file mode 100644 index 0000000..c22e56a --- /dev/null +++ b/home/podman/.config/containers/systemd/immich-card-dav.container @@ -0,0 +1,35 @@ +[Container] +AutoUpdate=registry +ContainerName=immich-card-dav +Environment="CARDDAV_SYNC_CARDDAV_ADDRESSBOOK=asdf" +Environment="CARDDAV_SYNC_CARDDAV_PASSWORD=excitedwater164" +Environment="CARDDAV_SYNC_CARDDAV_URL=192.168.11.2" +Environment="CARDDAV_SYNC_CARDDAV_USERNAME=cphares" +Environment="CARDDAV_SYNC_CRON_EXPRESSION=24 5 * * *" +Environment="CARDDAV_SYNC_IMMICH_API_KEY=asdf" +Environment="CARDDAV_SYNC_IMMICH_API_URL=asdf" +Image=ghcr.io/daniele-athome/immich-carddav-sync-daemon:master +# Network=immich.network +# Pod=immich.pod +# PublishPort=3001:3001 + +[Service] +Restart=no + +[Unit] +Requires=immich-server.service +After=immich-server.service + +[Install] +WantedBy=multi-user.target default.target + +# podman pull ghcr.io/daniele-athome/immich-carddav-sync-daemon:master +# systemctl --user daemon-reload +# systemctl --user start immich-card-dav +# systemctl --user status immich-card-dav +# journalctl -fu immich-card-dav.service +# podman logs immich-card-dav +# systemctl --user stop immich-card-dav +# systemctl --user disable immich-card-dav +# podman exec -ti immich-card-dav /bin/sh +# podman exec -ti immich-card-dav /bin/bash diff --git a/home/podman/.config/containers/systemd/immich-db.container b/home/podman/.config/containers/systemd/immich-db.container index cc0d2d2..1201210 100644 --- a/home/podman/.config/containers/systemd/immich-db.container +++ b/home/podman/.config/containers/systemd/immich-db.container @@ -5,7 +5,7 @@ Environment="POSTGRES_DB=immich" Environment="POSTGRES_INITDB_ARGS=--data-checksums" Environment="POSTGRES_PASSWORD=postgres" Environment="POSTGRES_USER=postgres" -Image=docker.io/library/postgres:16 +Image=docker.io/tensorchord/pgvecto-rs:pg16-v0.2.0 # Network=immich.network # Pod=immich.pod PublishPort=5432:5432 @@ -41,7 +41,7 @@ WantedBy=multi-user.target default.target # - -c # - wal_compression=on -# podman pull docker.io/library/postgres:16 +# podman pull docker.io/tensorchord/pgvecto-rs:pg16-v0.2.0 # systemctl --user daemon-reload # systemctl --user start immich-db # systemctl --user status immich-db @@ -51,3 +51,7 @@ WantedBy=multi-user.target default.target # systemctl --user disable immich-db # podman exec -ti immich-db /bin/sh # podman exec -ti immich-db /bin/bash +# Image=docker.io/library/postgres:16 +# podman pull docker.io/library/postgres:16 +# file: 'extension.c', line: '543', routine: 'parse_extension_control_file' +# https://github.com/immich-app/immich/discussions/6792 \ No newline at end of file diff --git a/home/podman/.config/containers/systemd/immich-learning.container b/home/podman/.config/containers/systemd/immich-learning.container index b8b1418..7e6cccc 100644 --- a/home/podman/.config/containers/systemd/immich-learning.container +++ b/home/podman/.config/containers/systemd/immich-learning.container @@ -1,10 +1,13 @@ [Container] AutoUpdate=registry ContainerName=immich-learning +Environment="IMMICH_HOST=0.0.0.0" +Environment="MACHINE_LEARNING_HOST=0.0.0.0" Image=ghcr.io/immich-app/immich-machine-learning:release # Network=immich.network # Pod=immich.pod PublishPort=3003:3003 +Volume=/etc/localtime:/etc/localtime:ro Volume=immich-learning-cache.volume:/cache:Z [Service] diff --git a/home/podman/.config/containers/systemd/immich-redis.container b/home/podman/.config/containers/systemd/immich-redis.container index c4cb57a..a2f5c56 100644 --- a/home/podman/.config/containers/systemd/immich-redis.container +++ b/home/podman/.config/containers/systemd/immich-redis.container @@ -29,3 +29,5 @@ WantedBy=multi-user.target default.target # systemctl --user disable immich-redis # podman exec -ti immich-redis /bin/sh # podman exec -ti immich-redis /bin/bash +# ERROR Can't connect to ('::', 3003) +# https://github.com/immich-app/immich/discussions/8220 diff --git a/home/podman/.config/containers/systemd/immich-server.container b/home/podman/.config/containers/systemd/immich-server.container index 33593c4..1f889b3 100644 --- a/home/podman/.config/containers/systemd/immich-server.container +++ b/home/podman/.config/containers/systemd/immich-server.container @@ -2,9 +2,10 @@ AutoUpdate=registry ContainerName=immich-server Environment="DB_DATABASE_NAME=immich" -Environment="DB_HOST=192.168.11.2" +Environment="DB_HOSTNAME=192.168.11.2" Environment="DB_PASSWORD=postgres" Environment="DB_USERNAME=postgres" +Environment="REDIS_HOSTNAME=192.168.11.2" Image=ghcr.io/immich-app/immich-server:release # Network=immich.network # Pod=immich.pod @@ -35,3 +36,4 @@ WantedBy=multi-user.target default.target # systemctl --user disable immich-server # podman exec -ti immich-server /bin/sh # podman exec -ti immich-server /bin/bash +# Environment="DB_HOST=192.168.11.2" diff --git a/home/podman/.config/containers/systemd/xandikos-server-data.volume b/home/podman/.config/containers/systemd/xandikos-server-data.volume new file mode 100644 index 0000000..a153d05 --- /dev/null +++ b/home/podman/.config/containers/systemd/xandikos-server-data.volume @@ -0,0 +1 @@ +[Volume] \ No newline at end of file diff --git a/home/podman/.config/containers/systemd/xandikos-server.container b/home/podman/.config/containers/systemd/xandikos-server.container new file mode 100644 index 0000000..3adf290 --- /dev/null +++ b/home/podman/.config/containers/systemd/xandikos-server.container @@ -0,0 +1,23 @@ +[Container] +AutoUpdate=registry +ContainerName=xandikos-server +Image=ghcr.io/jelmer/xandikos +PublishPort=8000:8000 +Volume=xandikos-server-data.volume:/data:Z + +[Service] +Restart=no + +[Install] +WantedBy=multi-user.target default.target + +# podman pull ghcr.io/jelmer/xandikos +# systemctl --user daemon-reload +# systemctl --user start xandikos-server +# systemctl --user status xandikos-server +# journalctl -fu xandikos-server.service +# podman logs xandikos-server +# systemctl --user stop xandikos-server +# systemctl --user disable xandikos-server +# podman exec -ti xandikos-server /bin/sh +# podman exec -ti xandikos-server /bin/bash