Sync

.vscode/settings.json

@@ -1,5 +1,7 @@
 {
     "files.associations": {
-        "*.container": "ini"
+        "*.container": "ini",
+        "*.org": "ini",
+        "*.net": "ini"
     }
 }

etc/.pihole/.gitignore

@@ -1,12 +0,0 @@
-.DS_Store
-*.pyc
-*.swp
-__pycache__
-.cache
-.pytest_cache
-.tox
-.eggs
-*.egg-info
-.idea/
-*.iml
-.vscode/

etc/.pihole/advanced/pihole-admin.conf

@@ -1,82 +0,0 @@
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
-# Network-wide ad blocking via your own hardware.
-#
-# Lighttpd config for Pi-hole
-#
-# This file is copyright under the latest version of the EUPL.
-# Please see LICENSE file for your rights under this license.
-
-###############################################################################
-#     FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE.     #
-# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
-###############################################################################
-
-server.errorlog := "/var/log/lighttpd/error-pihole.log"
-
-$HTTP["url"] =~ "^/admin/" {
-    server.document-root = "/var/www/html"
-    server.stream-response-body = 1
-    accesslog.filename = "/var/log/lighttpd/access-pihole.log"
-    accesslog.format = "%{%s}t|%h|%V|%r|%s|%b"
-
-    fastcgi.server = (
-        ".php" => (
-            "localhost" => (
-                "socket" => "/run/lighttpd/pihole-php-fastcgi.socket",
-                "bin-path" => "/usr/bin/php-cgi",
-                "min-procs" => 1,
-                "max-procs" => 1,
-                "bin-environment" => (
-                    "PHP_FCGI_CHILDREN" => "4",
-                    "PHP_FCGI_MAX_REQUESTS" => "10000",
-                ),
-                "bin-copy-environment" => (
-                    "PATH", "SHELL", "USER"
-                ),
-                "broken-scriptfilename" => "enable",
-            )
-        )
-    )
-
-    # X-Pi-hole is a response header for debugging using curl -I
-    # X-Frame-Options prevents clickjacking attacks and helps ensure your content is not embedded into other sites via < frame >, < iframe > or < object >.
-    # X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. This is important because it tells the browser to block the response if a malicious script has been inserted from a user input. (deprecated; disabled)
-    # X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. This is important because the browser will only load external resources if their content-type matches what is expected, and not malicious hidden code.
-    # Content-Security-Policy tells the browser where resources are allowed to be loaded and if it’s allowed to parse/run inline styles or Javascript. This is important because it prevents content injection attacks, such as Cross Site Scripting (XSS).
-    # X-Permitted-Cross-Domain-Policies is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains.
-    # Referrer-Policy allows control/restriction of the amount of information present in the referral header for links away from your page—the URL path or even if the header is sent at all.
-    setenv.add-response-header = (
-        "X-Pi-hole" => "The Pi-hole Web interface is working!",
-        "X-Frame-Options" => "DENY",
-        "X-XSS-Protection" => "0",
-        "X-Content-Type-Options" => "nosniff",
-        "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';",
-        "X-Permitted-Cross-Domain-Policies" => "none",
-        "Referrer-Policy" => "same-origin"
-    )
-
-    # Block . files from being served, such as .git, .github, .gitignore
-    $HTTP["url"] =~ "^/admin/\." {
-        url.access-deny = ("")
-    }
-
-    # allow teleporter and API qr code iframe on settings page
-    $HTTP["url"] =~ "/(teleporter|api_token)\.php$" {
-        $HTTP["referer"] =~ "/admin/settings\.php" {
-            setenv.set-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
-        }
-    }
-}
-else $HTTP["url"] == "/admin" {
-    url.redirect = ("" => "/admin/")
-}
-
-$HTTP["host"] == "pi.hole" {
-    $HTTP["url"] == "/" {
-        url.redirect = ("" => "/admin/")
-    }
-}
-
-# (keep this on one line for basic-install.sh filtering during install)
-server.modules += ( "mod_access", "mod_accesslog", "mod_redirect", "mod_fastcgi", "mod_setenv" )

etc/dnsmasq.d/01-pihole.conf

@@ -1,39 +0,0 @@
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
-# Network-wide ad blocking via your own hardware.
-#
-# Dnsmasq config for Pi-hole's FTLDNS
-#
-# This file is copyright under the latest version of the EUPL.
-# Please see LICENSE file for your rights under this license.
-
-###############################################################################
-#      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
-# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
-#                                                                             #
-#        IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:          #
-#                      /etc/pihole/setupVars.conf                             #
-#                                                                             #
-#        ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE           #
-#                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
-###############################################################################
-
-addn-hosts=/etc/pihole/local.list
-addn-hosts=/etc/pihole/custom.list
-
-
-localise-queries
-
-
-no-resolv
-
-log-queries
-log-facility=/var/log/pihole/pihole.log
-
-log-async
-cache-size=10000
-server=127.0.0.1#5335
-domain-needed
-expand-hosts
-bogus-priv
-local-service

etc/dnsmasq.d/05-pihole-custom-cname.conf

@@ -1,45 +0,0 @@
-cname=affirm.ddns.net,beelink.server
-cname=affirm.phares.duckdns.org,beelink.server
-cname=ansible.ddns.net,beelink.server
-cname=assistant.ddns.net,beelink.server
-cname=casa.ddns.net,beelink.server
-cname=cockpit.ddns.net,beelink.server
-cname=codeserver.ddns.net,beelink.server
-cname=dashkiosk.ddns.net,beelink.server
-cname=dockge.ddns.net,beelink.server
-cname=docmost.ddns.net,beelink.server
-cname=emby.ddns.net,beelink.server
-cname=filebrowser.ddns.net,beelink.server
-cname=free.file.sync.root,beelink.server
-cname=gitea.ddns.net,beelink.server
-cname=gitea.phares.duckdns.org,beelink.server
-cname=gogs.ddns.net,beelink.server
-cname=haos.ddns.net,beelink.server
-cname=immich.ddns.net,beelink.server
-cname=immich.phares.duckdns.org,beelink.server
-cname=incus.ddns.net,beelink.server
-cname=invoice.ddns.net,beelink.server
-cname=kestra.ddns.net,beelink.server
-cname=lxconsole.ddns.net,beelink.server
-cname=music.ddns.net,beelink.server
-cname=music.phares.duckdns.org,beelink.server
-cname=nextcloud.ddns.net,beelink.server
-cname=owncast.ddns.net,beelink.server
-cname=pgadmin.ddns.net,beelink.server
-cname=phares.ddns.net,beelink.server
-cname=phares.duckdns.org,beelink.server
-cname=phares3757.ddns.net,beelink.server
-cname=photoprism.ddns.net,beelink.server
-cname=pihole.ddns.net,beelink.server
-cname=proxmox.ddns.net,beelink.server
-cname=quartz.ddns.net,beelink.server
-cname=quartz.phares.duckdns.org,beelink.server
-cname=readeck.ddns.net,beelink.server
-cname=syncthing.ddns.net,beelink.server
-cname=terraform.ddns.net,beelink.server
-cname=umbrel.ddns.net,beelink.server
-cname=uptimekuma.ddns.net,beelink.server
-cname=vaultwarden.ddns.net,beelink.server
-cname=vaultwarden.phares.duckdns.org,beelink.server
-cname=vscodium.ddns.net,beelink.server
-cname=wekan.ddns.net,beelink.server

etc/dnsmasq.d/06-rfc6761.conf

@@ -1,42 +0,0 @@
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2021 Pi-hole, LLC (https://pi-hole.net)
-# Network-wide ad blocking via your own hardware.
-#
-# RFC 6761 config file for Pi-hole
-#
-# This file is copyright under the latest version of the EUPL.
-# Please see LICENSE file for your rights under this license.
-
-###############################################################################
-#      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
-# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
-#                                                                             #
-#             CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE                #
-#                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
-###############################################################################
-
-# RFC 6761: Caching DNS servers SHOULD recognize
-#     test, localhost, invalid
-# names as special and SHOULD NOT attempt to look up NS records for them, or
-# otherwise query authoritative DNS servers in an attempt to resolve these
-# names.
-server=/test/
-server=/localhost/
-server=/invalid/
-
-# The same RFC requests something similar for
-#     10.in-addr.arpa.      21.172.in-addr.arpa.  27.172.in-addr.arpa.
-#     16.172.in-addr.arpa.  22.172.in-addr.arpa.  28.172.in-addr.arpa.
-#     17.172.in-addr.arpa.  23.172.in-addr.arpa.  29.172.in-addr.arpa.
-#     18.172.in-addr.arpa.  24.172.in-addr.arpa.  30.172.in-addr.arpa.
-#     19.172.in-addr.arpa.  25.172.in-addr.arpa.  31.172.in-addr.arpa.
-#     20.172.in-addr.arpa.  26.172.in-addr.arpa.  168.192.in-addr.arpa.
-# Pi-hole implements this via the dnsmasq option "bogus-priv" (see
-# 01-pihole.conf) because this also covers IPv6.
-
-# OpenWRT furthermore blocks    bind, local, onion    domains
-# see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD
-# and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml
-# We do not include the ".local" rule ourselves, see https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972
-server=/bind/
-server=/onion/

etc/group

@@ -34,7 +34,7 @@ sasl:x:45:
 plugdev:x:46:phares
 staff:x:50:
 games:x:60:
-users:x:100:pihole,podman,lphares,bmiller
+users:x:100:podman,lphares,bmiller,persa
 nogroup:x:65534:
 systemd-journal:x:999:
 systemd-network:x:998:
@@ -58,10 +58,12 @@ landscape:x:109:
 fwupd-refresh:x:989:
 netdev:x:110:
 phares:x:1000:
-pihole:x:1001:www-data
 podman:x:1002:
-lphares:x:1003:bmiller
+lphares:x:1003:bmiller,persa
 bmiller:x:1004:
 unbound:x:111:
 cockpit-ws:x:112:
 cockpit-wsinstance:x:113:
+pcp:x:988:
+persa:x:1001:
+redis:x:114:

etc/group-

@@ -34,7 +34,7 @@ sasl:x:45:
 plugdev:x:46:phares
 staff:x:50:
 games:x:60:
-users:x:100:pihole,podman,lphares,bmiller
+users:x:100:podman,lphares,bmiller,persa
 nogroup:x:65534:
 systemd-journal:x:999:
 systemd-network:x:998:
@@ -58,9 +58,11 @@ landscape:x:109:
 fwupd-refresh:x:989:
 netdev:x:110:
 phares:x:1000:
-pihole:x:1001:www-data
 podman:x:1002:
-lphares:x:1003:bmiller
+lphares:x:1003:bmiller,persa
 bmiller:x:1004:
 unbound:x:111:
 cockpit-ws:x:112:
+cockpit-wsinstance:x:113:
+pcp:x:988:
+persa:x:1001:

etc/gshadow

@@ -34,7 +34,7 @@ sasl:*::
 plugdev:*::phares
 staff:*::
 games:*::
-users:*::pihole,podman,lphares,bmiller
+users:*::podman,lphares,bmiller,persa
 nogroup:*::
 systemd-journal:!*::
 systemd-network:!*::
@@ -58,10 +58,12 @@ landscape:!::
 fwupd-refresh:!*::
 netdev:!::
 phares:!::
-pihole:!::www-data
 podman:!::
-lphares:!::bmiller
+lphares:!::bmiller,persa
 bmiller:!::
 unbound:!::
 cockpit-ws:!::
 cockpit-wsinstance:!::
+pcp:!::
+persa:!::
+redis:!::

etc/gshadow-

@@ -34,7 +34,7 @@ sasl:*::
 plugdev:*::phares
 staff:*::
 games:*::
-users:*::pihole,podman,lphares,bmiller
+users:*::podman,lphares,bmiller,persa
 nogroup:*::
 systemd-journal:!*::
 systemd-network:!*::
@@ -58,9 +58,11 @@ landscape:!::
 fwupd-refresh:!*::
 netdev:!::
 phares:!::
-pihole:!::www-data
 podman:!::
-lphares:!::bmiller
+lphares:!::bmiller,persa
 bmiller:!::
 unbound:!::
 cockpit-ws:!::
+cockpit-wsinstance:!::
+pcp:!::
+persa:!::

etc/letsencrypt/archive/phares3757.ddns.net/cert2.pem

@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEvTCCBEOgAwIBAgISA8Rpfo5CToGTmLm5xS3DeDfoMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NjAeFw0yNDA4MDUyMTM3MDRaFw0yNDExMDMyMTM3MDNaMB4xHDAaBgNVBAMTE3Bo
+YXJlczM3NTcuZGRucy5uZXQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQPJlBf
+3XfrNcWGKQcOH9xS1X9UcBSiyFIva+mn524DDCYpB2aSLpEY1JdqGnbnDn0kBGgY
+ZG5AoTspEWQvkn34o4IDSzCCA0cwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQG
+CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSbfnI9
+DTkeKYqQTpJvsEmrG209UTAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU
+0jBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNi5vLmxlbmNy
+Lm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U2LmkubGVuY3Iub3JnLzCCAVIGA1Ud
+EQSCAUkwggFFgg9hZmZpcm0uZGRucy5uZXSCF2NoYXQucGhhcmVzLmR1Y2tkbnMu
+b3Jnghhkcml2ZS5waGFyZXMuZHVja2Rucy5vcmeCGGdpdGVhLnBoYXJlcy5kdWNr
+ZG5zLm9yZ4IVaGEucGhhcmVzLmR1Y2tkbnMub3JnghlpbW1pY2gucGhhcmVzLmR1
+Y2tkbnMub3JnghhtdXNpYy5waGFyZXMuZHVja2Rucy5vcmeCEnBoYXJlcy5kdWNr
+ZG5zLm9yZ4ITcGhhcmVzMzc1Ny5kZG5zLm5ldIIZcGhvdG9zLnBoYXJlcy5kdWNr
+ZG5zLm9yZ4IZcXVhcnR6LnBoYXJlcy5kdWNrZG5zLm9yZ4IadHJhY2Nhci5waGFy
+ZXMuZHVja2Rucy5vcmeCHnZhdWx0d2FyZGVuLnBoYXJlcy5kdWNrZG5zLm9yZzAT
+BgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AD8X
+S0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/KIXs+GRuAAABkSSvAAsAAAQDAEcwRQIg
+JDDuoD1dGwEJXVMv6ejxDSA5egmmYy4+j5+CqWyAch4CIQD6azMSASbZZ/+63NoR
+igd/G/woCeUvJJkNFfsqmeCFNQB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FI
+WUZxH7WbAAABkSSvAAYAAAQDAEcwRQIhALl/GZSFMEMfiR0OvlHMxQQFl6+q8vuS
+bFo/u9BCK0OZAiB02RbuxpKCvSXLAwKIzYnmsy+t3ip0mKKrRyx42Kz82DAKBggq
+hkjOPQQDAwNoADBlAjEAvBDbAOHHkTzjxYKmNrJ1NDBv+rjjszQbLvrqPKij8YO5
+rdvW1ty2j0oQbKLiX8T2AjBgZhfrlHHRXOTYYwao5Sf1b3dNfFcv0be+aQjMTHWF
+A3WZcUHjqZsHHqeaZiWgzlw=
+-----END CERTIFICATE-----

etc/letsencrypt/archive/phares3757.ddns.net/chain2.pem

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
+h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
+6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
+v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
+MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
+pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
+eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
+pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
+s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
+h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
+YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
+ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
+LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
+EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
+Ig46v9mFmBvyH04=
+-----END CERTIFICATE-----

etc/letsencrypt/archive/phares3757.ddns.net/fullchain2.pem

@@ -0,0 +1,54 @@
+-----BEGIN CERTIFICATE-----
+MIIEvTCCBEOgAwIBAgISA8Rpfo5CToGTmLm5xS3DeDfoMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NjAeFw0yNDA4MDUyMTM3MDRaFw0yNDExMDMyMTM3MDNaMB4xHDAaBgNVBAMTE3Bo
+YXJlczM3NTcuZGRucy5uZXQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQPJlBf
+3XfrNcWGKQcOH9xS1X9UcBSiyFIva+mn524DDCYpB2aSLpEY1JdqGnbnDn0kBGgY
+ZG5AoTspEWQvkn34o4IDSzCCA0cwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQG
+CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSbfnI9
+DTkeKYqQTpJvsEmrG209UTAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU
+0jBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNi5vLmxlbmNy
+Lm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U2LmkubGVuY3Iub3JnLzCCAVIGA1Ud
+EQSCAUkwggFFgg9hZmZpcm0uZGRucy5uZXSCF2NoYXQucGhhcmVzLmR1Y2tkbnMu
+b3Jnghhkcml2ZS5waGFyZXMuZHVja2Rucy5vcmeCGGdpdGVhLnBoYXJlcy5kdWNr
+ZG5zLm9yZ4IVaGEucGhhcmVzLmR1Y2tkbnMub3JnghlpbW1pY2gucGhhcmVzLmR1
+Y2tkbnMub3JnghhtdXNpYy5waGFyZXMuZHVja2Rucy5vcmeCEnBoYXJlcy5kdWNr
+ZG5zLm9yZ4ITcGhhcmVzMzc1Ny5kZG5zLm5ldIIZcGhvdG9zLnBoYXJlcy5kdWNr
+ZG5zLm9yZ4IZcXVhcnR6LnBoYXJlcy5kdWNrZG5zLm9yZ4IadHJhY2Nhci5waGFy
+ZXMuZHVja2Rucy5vcmeCHnZhdWx0d2FyZGVuLnBoYXJlcy5kdWNrZG5zLm9yZzAT
+BgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AD8X
+S0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/KIXs+GRuAAABkSSvAAsAAAQDAEcwRQIg
+JDDuoD1dGwEJXVMv6ejxDSA5egmmYy4+j5+CqWyAch4CIQD6azMSASbZZ/+63NoR
+igd/G/woCeUvJJkNFfsqmeCFNQB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FI
+WUZxH7WbAAABkSSvAAYAAAQDAEcwRQIhALl/GZSFMEMfiR0OvlHMxQQFl6+q8vuS
+bFo/u9BCK0OZAiB02RbuxpKCvSXLAwKIzYnmsy+t3ip0mKKrRyx42Kz82DAKBggq
+hkjOPQQDAwNoADBlAjEAvBDbAOHHkTzjxYKmNrJ1NDBv+rjjszQbLvrqPKij8YO5
+rdvW1ty2j0oQbKLiX8T2AjBgZhfrlHHRXOTYYwao5Sf1b3dNfFcv0be+aQjMTHWF
+A3WZcUHjqZsHHqeaZiWgzlw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
+h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
+6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
+v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
+MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
+pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
+eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
+pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
+s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
+h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
+YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
+ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
+LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
+EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
+Ig46v9mFmBvyH04=
+-----END CERTIFICATE-----

etc/letsencrypt/archive/phares3757.ddns.net/privkey2.pem

@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgMkDpXWGeiqjE5WNj
+mBuqwMXseOQuX9tv3SvZvQ761VOhRANCAAQPJlBf3XfrNcWGKQcOH9xS1X9UcBSi
+yFIva+mn524DDCYpB2aSLpEY1JdqGnbnDn0kBGgYZG5AoTspEWQvkn34
+-----END PRIVATE KEY-----

etc/letsencrypt/ha/fullchain.pem

@@ -0,0 +1,50 @@
+-----BEGIN CERTIFICATE-----
+MIID6zCCA3GgAwIBAgISA4snn7ZkkZV8ytXbnWtDcJgdMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NTAeFw0yNDEwMDYwNzU5MzRaFw0yNTAxMDQwNzU5MzNaMB0xGzAZBgNVBAMTEmFm
+ZmlybS5kdWNrZG5zLm9yZzB2MBAGByqGSM49AgEGBSuBBAAiA2IABEzQCCWLkZD8
+R1rHsE1iNmoobwtfihmN78eB9zVu+FdWRkOyClBXm+sZQl4rNf7NfDiV6bZ4dz13
+fs/45z52PTWk6n2zP4c2Dgh/MESaxv9UaLvq4OjX4Bqd/OH1WuigHaOCAl0wggJZ
+MA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUL+qPS4dEIsg41TGo25We68CvRIAwHwYD
+VR0jBBgwFoAUnytfzzwhT50Et+0rLMTGcIvS1w0wVQYIKwYBBQUHAQEESTBHMCEG
+CCsGAQUFBzABhhVodHRwOi8vZTUuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0
+dHA6Ly9lNS5pLmxlbmNyLm9yZy8wZQYDVR0RBF4wXIISYWZmaXJtLmR1Y2tkbnMu
+b3JnghVoYS1waGFyZXMuZHVja2Rucy5vcmeCEnBoYXJlcy5kdWNrZG5zLm9yZ4Ib
+c3lub2xvZ3ktcGhhcmVzLmR1Y2tkbnMub3JnMBMGA1UdIAQMMAowCAYGZ4EMAQIB
+MIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYAzxFW7tUufK/zh1vZaS6b6RpxZ0qw
+F+ysAdJbd87MOwgAAAGSYQzXTgAABAMARzBFAiEArfAVmkU+kJaHWipGCCPT7eVw
+auk98aCxSEvIOD0Y+RsCIAnhbHMNuDAenJ8ZyRhtGmSCwMPRbLRnwcWbO7TFqxqf
+AHcAouMK5EXvva2bfjjtR2d3U9eCW4SU1yteGyzEuVCkR+cAAAGSYQze4QAABAMA
+SDBGAiEA+Vocdjpsc7/jUu9L5KjXO+Jnrp98MOnM0FEJN0hJU+wCIQD/HOM6C6H8
+ZxTaopyvNyWVylw5ooPuSpuJ1Xf8brNjATAKBggqhkjOPQQDAwNoADBlAjEA8aBN
+tJqelSOy/mnypFRI6qrvGegu7tKgghqUw0XWy56u8zMVmtksglEJtcMkf3ZlAjBh
+15d+rRL3k+xXAaOE1YesxGhIUqJO1JiMHeQ6mgOE6vOMJYKhmUjrZ3P70XoEC7E=
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK
+a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO
+VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw
+i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C
+2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+
+bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG
+6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV
+XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO
+koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq
+cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI
+E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e
+K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX
+GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL
+sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd
+VQD9F6Na/+zmXCc=
+-----END CERTIFICATE-----

etc/letsencrypt/ha/privkey.pem

@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDAK5i0BgRa7SIcpCykadElWV5mBrW+xOWg1Sse0Zx8TEx8fuMiz6js3
+CcVzHS0YjiegBwYFK4EEACKhZANiAARM0Agli5GQ/Edax7BNYjZqKG8LX4oZje/H
+gfc1bvhXVkZDsgpQV5vrGUJeKzX+zXw4lem2eHc9d37P+Oc+dj01pOp9sz+HNg4I
+fzBEmsb/VGi76uDo1+Aanfzh9VrooB0=
+-----END EC PRIVATE KEY-----

etc/lighttpd/lighttpd.conf

@@ -1,61 +0,0 @@
-### Documentation
-# https://wiki.lighttpd.net/
-#
-### Configuration Syntax
-# https://wiki.lighttpd.net/Docs_Configuration
-#
-### Configuration Options
-# https://wiki.lighttpd.net/Docs_ConfigurationOptions
-#
-
-### Debian lighttpd base configuration
-
-server.modules = (
-	"mod_indexfile",
-	"mod_access",
-	"mod_alias",
- 	"mod_redirect",
-)
-
-server.document-root        = "/var/www/html"
-server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
-server.errorlog             = "/var/log/lighttpd/error.log"
-server.pid-file             = "/run/lighttpd.pid"
-server.username             = "www-data"
-server.groupname            = "www-data"
-server.port                 = 8005
-
-# strict parsing and normalization of URL for consistency and security
-# https://wiki.lighttpd.net/Server_http-parseoptsDetails
-# (might need to explicitly set "url-path-2f-decode" = "disable"
-#  if a specific application is encoding URLs inside url-path)
-server.http-parseopts = (
-  "header-strict"           => "enable",# default
-  "host-strict"             => "enable",# default
-  "host-normalize"          => "enable",# default
-  "url-normalize-unreserved"=> "enable",# recommended highly
-  "url-normalize-required"  => "enable",# recommended
-  "url-ctrls-reject"        => "enable",# recommended
-  "url-path-2f-decode"      => "enable",# recommended highly (unless breaks app)
- #"url-path-2f-reject"      => "enable",
-  "url-path-dotseg-remove"  => "enable",# recommended highly (unless breaks app)
- #"url-path-dotseg-reject"  => "enable",
- #"url-query-20-plus"       => "enable",# consistency in query string
-  "url-invalid-utf8-reject" => "enable",# recommended highly (unless breaks app)
-)
-
-index-file.names            = ( "index.php", "index.html" )
-url.access-deny             = ( "~", ".inc" )
-static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
-
-include_shell "/usr/share/lighttpd/create-mime.conf.pl"
-include "/etc/lighttpd/conf-enabled/*.conf"
-
-# default listening port for IPv6 is same as default IPv4 port
-include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
-
-### Customizations
-# customizations should generally be placed in separate files such as
-#   /etc/lighttpd/conf-available/00_vars.conf    # override variables for *.conf
-#   /etc/lighttpd/conf-available/99_custom.conf  # override *.conf settings
-# and then enabled using lighty-enable-mod (1)

etc/nginx/sites-available/default

@@ -7,38 +7,48 @@ server {
 		try_files $uri $uri/ =404;
 	}
 }
-include /etc/nginx/include/affirm.conf;
-# include /etc/nginx/include/ansible.conf;
-# include /etc/nginx/include/assistant.conf;
-# include /etc/nginx/include/casa.conf;
-# include /etc/nginx/include/codeserver.conf;
-include /etc/nginx/include/dashkiosk.conf;
-# include /etc/nginx/include/dockge.conf;
-# include /etc/nginx/include/docmost.conf;
-# include /etc/nginx/include/emby.conf;
-# include /etc/nginx/include/filebrowser.conf;
-# include /etc/nginx/include/gogs.conf;
-include /etc/nginx/include/gitea.conf;
-include /etc/nginx/include/ha.conf;
-include /etc/nginx/include/immich.conf;
-# include /etc/nginx/include/incus.conf;
-# include /etc/nginx/include/invoice.conf;
-# include /etc/nginx/include/lxconsole.conf;
-# include /etc/nginx/include/kestra.conf;
-include /etc/nginx/include/music.conf;
-# include /etc/nginx/include/nextcloud.conf;
-# include /etc/nginx/include/owncast.conf;
-include /etc/nginx/include/phares.conf;
-include /etc/nginx/include/pgadmin.conf;
-# include /etc/nginx/include/photoprism.conf;
-# include /etc/nginx/include/pihole.conf;
-# include /etc/nginx/include/proxmox.conf;
-include /etc/nginx/include/quartz.conf;
-# include /etc/nginx/include/readeck.conf;
-# include /etc/nginx/include/syncthing.conf;
-# include /etc/nginx/include/terraform.conf;
-include /etc/nginx/include/umbrel.conf;
-# include /etc/nginx/include/uptimekuma.conf;
-include /etc/nginx/include/vaultwarden.conf;
-# include /etc/nginx/include/vscodium.conf;
-# include /etc/nginx/include/wekan.conf;
+include /etc/nginx/include/adguard.conf; # https://adguard.phares.duckddns.org # http://localhost:3002/;
+include /etc/nginx/include/affirm.conf; # https://affirm.phares.duckddns.org # http://localhost:8069/;
+# include /etc/nginx/include/ansible.conf; # https://ansible.phares.duckddns.org # https://192.168.12.15/;
+# include /etc/nginx/include/assistant.conf; # https://assistant.phares.duckddns.org # http://192.168.12.17:5001/;
+include /etc/nginx/include/baikal.conf; # https://baikal.phares.duckddns.org # http://localhost:8001/;
+# include /etc/nginx/include/casa.conf; # https://casa.phares.duckddns.org # http://10.131.57.60/;
+include /etc/nginx/include/chat.conf; # https://chat.phares.duckddns.org # https://192.168.11.6:5001/;
+include /etc/nginx/include/cockpit.conf; # https://cockpit.phares.duckddns.org # http://localhost:9090/;
+# include /etc/nginx/include/codeserver.conf; # https://codeserver.phares.duckddns.org # http://localhost:5007/;
+include /etc/nginx/include/dashkiosk.conf; # https://dashkiosk.phares.duckddns.org # http://localhost:9400/;
+include /etc/nginx/include/diskstation.conf; # https://diskstation.phares.duckddns.org # https://192.168.11.6:5001/;
+# include /etc/nginx/include/dockge.conf; # https://dockge.phares.duckddns.org # http://localhost:5001/;
+# include /etc/nginx/include/docmost.conf; # https://docmost.phares.duckddns.org # http://localhost:5006/;
+include /etc/nginx/include/drive.conf; # https://drive.phares.duckddns.org # https://192.168.11.6:5001/;
+# include /etc/nginx/include/emby.conf; # https://emby.phares.duckddns.org # http://10.131.57.134:8096/;
+# include /etc/nginx/include/filebrowser.conf; # https://filebrowser.phares.duckddns.org # http://localhost:8080/;
+include /etc/nginx/include/gitea.conf; # https://gitea.phares.duckddns.org # http://localhost:3000/;
+# include /etc/nginx/include/gogs.conf; # https://gogs.phares.duckddns.org # http://localhost:3000/;
+include /etc/nginx/include/ha.conf; # https://ha.phares.duckddns.org # http://192.168.0.41:8123/;
+# include /etc/nginx/include/haos.conf; # https://haos.phares.duckddns.org # http://192.168.0.41:8123/;
+include /etc/nginx/include/immich.conf; # https://immich.phares.duckddns.org # http://localhost:3001/;
+# include /etc/nginx/include/incus.conf; # https://incus.phares.duckddns.org # http://localhost:5004/;
+# include /etc/nginx/include/invoice.conf; # https://invoice.phares.duckddns.org # https://192.168.12.14/;
+# include /etc/nginx/include/kestra.conf; # https://kestra.phares.duckddns.org # http://localhost:5002/;
+# include /etc/nginx/include/lxconsole.conf; # https://lxconsole.phares.duckddns.org # http://localhost:5004/;
+include /etc/nginx/include/music.conf; # https://music.phares.duckddns.org #
+# include /etc/nginx/include/nextcloud.conf; # https://nextcloud.phares.duckddns.org # http://localhost:8081/;
+# include /etc/nginx/include/owncast.conf; # https://owncast.phares.duckddns.org # http://10.131.57.141:8080/;
+include /etc/nginx/include/pgadmin.conf; # https://pgadmin.phares.duckddns.org # http://localhost:5007/;
+include /etc/nginx/include/phares.conf; # https://phares.phares.duckddns.org #
+# include /etc/nginx/include/photoprism.conf; # https://photoprism.phares.duckddns.org # http://192.168.12.11:2342/;
+include /etc/nginx/include/photos.conf; # https://photos.phares.duckddns.org # https://192.168.11.6:5001/;
+# include /etc/nginx/include/pihole.conf; # https://pihole.phares.duckddns.org # http://localhost:8005/admin/;
+# include /etc/nginx/include/proxmox.conf; # https://proxmox.phares.duckddns.org # https://localhost:8006/;
+include /etc/nginx/include/quartz.conf; # https://quartz.phares.duckddns.org # http://localhost:8069/;
+# include /etc/nginx/include/readeck.conf; # https://readeck.phares.duckddns.org # http://192.168.12.19:8000/;
+# include /etc/nginx/include/syncthing.conf; # https://syncthing.phares.duckddns.org # https://localhost:8443/;
+# include /etc/nginx/include/terraform.conf; # https://terraform.phares.duckddns.org # http://localhost:5001/;
+include /etc/nginx/include/traccar.conf; # https://traccar.phares.duckddns.org # http://localhost:3000/;
+# include /etc/nginx/include/umbrel.conf; # https://umbrel.phares.duckddns.org # http://192.168.11.20/;
+# include /etc/nginx/include/uptimekuma.conf; # https://uptimekuma.phares.duckddns.org # http://192.168.12.10:3001/;
+include /etc/nginx/include/vaultwarden.conf; # https://vaultwarden.phares.duckddns.org # http://localhost:5008/;
+# include /etc/nginx/include/vscodium.conf; # https://vscodium.phares.duckddns.org # http://10.131.57.190:3000/;
+# include /etc/nginx/include/wekan.conf; # https://wekan.phares.duckddns.org # http://localhost:5003/;
+include /etc/nginx/include/xandikos.conf; # https://xandikos.phares.duckddns.org # http://localhost:8000/;

etc/passwd

@@ -32,7 +32,6 @@ fwupd-refresh:x:989:989:Firmware update daemon:/var/lib/fwupd:/usr/sbin/nologin
 usbmux:x:108:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
 sshd:x:109:65534::/run/sshd:/usr/sbin/nologin
 phares:x:1000:1000:Mike Phares:/home/phares:/bin/bash
-pihole:x:1001:1001:Pi-hole,,,:/home/pihole:/bin/bash
 podman:x:1002:1002:Podman,,,:/home/podman:/bin/bash
 lphares:x:1003:1003:Logan Phares,,,:/home/lphares:/bin/bash
 bmiller:x:1004:1004:Bill Miller,,,:/home/bmiller:/bin/bash
@@ -40,3 +39,6 @@ unbound:x:110:111::/var/lib/unbound:/usr/sbin/nologin
 dnsmasq:x:999:65534:dnsmasq:/var/lib/misc:/usr/sbin/nologin
 cockpit-ws:x:111:112::/nonexistent:/usr/sbin/nologin
 cockpit-wsinstance:x:112:113::/nonexistent:/usr/sbin/nologin
+pcp:x:996:988:Performance Co-Pilot:/var/lib/pcp:/usr/sbin/nologin
+persa:x:1001:1001:Persaya Cortez,,,:/home/persa:/bin/bash
+redis:x:113:114::/var/lib/redis:/usr/sbin/nologin

etc/passwd-

@@ -32,10 +32,12 @@ fwupd-refresh:x:989:989:Firmware update daemon:/var/lib/fwupd:/usr/sbin/nologin
 usbmux:x:108:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
 sshd:x:109:65534::/run/sshd:/usr/sbin/nologin
 phares:x:1000:1000:Mike Phares:/home/phares:/bin/bash
-pihole:x:1001:1001:Pi-hole,,,:/home/pihole:/bin/bash
 podman:x:1002:1002:Podman,,,:/home/podman:/bin/bash
 lphares:x:1003:1003:Logan Phares,,,:/home/lphares:/bin/bash
 bmiller:x:1004:1004:Bill Miller,,,:/home/bmiller:/bin/bash
 unbound:x:110:111::/var/lib/unbound:/usr/sbin/nologin
 dnsmasq:x:999:65534:dnsmasq:/var/lib/misc:/usr/sbin/nologin
 cockpit-ws:x:111:112::/nonexistent:/usr/sbin/nologin
+cockpit-wsinstance:x:112:113::/nonexistent:/usr/sbin/nologin
+pcp:x:996:988:Performance Co-Pilot:/var/lib/pcp:/usr/sbin/nologin
+persa:x:1001:1001:Persaya Cortez,,,:/home/persa:/bin/bash

etc/pihole/custom.list

@@ -1,84 +0,0 @@
-192.168.0.21 free.file.sync.k0308
-192.168.0.31 free.file.sync.media
-192.168.0.41 free.file.sync.mikep
-192.168.0.42 free.file.sync.lphar
-192.168.0.43 free.file.sync.loft
-192.168.11.2 beelink.server
-192.168.11.3 solar.iot
-192.168.11.4 NPI84AE43.printer
-192.168.11.5 kristy.laptop
-192.168.11.6 kristy.desktop
-192.168.11.7 samsung.tv
-192.168.11.8 playstation5.console
-192.168.11.9 ultra.roku
-192.168.11.10 asus.laptop
-192.168.11.11 logan.desktop
-192.168.11.12 trigkey.desktop
-192.168.11.13 mackenzie.tv
-192.168.11.14 infineon.iscn5cg3256cps.com
-192.168.11.15 yamaha.main.iot
-192.168.11.16 chelsea.desktop
-192.168.11.17 raspberry.server
-192.168.11.18 xbox.one.console
-192.168.11.19 2519.usb
-192.168.11.20 minisforum.desktop
-192.168.11.21 minisforum.desktop
-192.168.11.22 atom.usb
-192.168.11.23 knew.desktop
-192.168.11.72 mackenzie.macbook
-192.168.11.73 mackenzie.laptop
-192.168.11.74 jason.console
-192.168.11.75 samsung.chromebook
-192.168.11.76 donna.phone
-192.168.11.77 donna.tablet
-192.168.11.78 laundry.iot
-192.168.11.79 porch.back.iot
-192.168.11.80 entry.light.iot
-192.168.11.81 entry.lamp.iot
-192.168.11.82 chelsea.school
-192.168.11.83 xbox.one.console
-192.168.11.84 samsung.tv
-192.168.11.85 plug.1.iot
-192.168.11.86 zero.server
-192.168.11.87 office.echo
-192.168.11.88 unknown.unknown
-192.168.11.89 logan.school
-192.168.11.90 upstairs.iot
-192.168.11.91 switch.console
-192.168.11.92 living.iot
-192.168.11.93 mike.phone
-192.168.11.94 master.echo
-192.168.11.95 logan.phone
-192.168.11.96 kristy.paperwhite
-192.168.11.97 chelsea.iot
-192.168.11.98 garage.left.iot
-192.168.11.99 garage.right.iot
-192.168.11.100 logan.iot
-192.168.11.101 porch.front.iot
-192.168.11.102 kristy.phone
-192.168.11.103 clock.iot
-192.168.11.104 chelsea.old.school
-192.168.11.105 lamp.iot
-192.168.11.106 pictures.iot
-192.168.11.107 chelsea.chromebook
-192.168.11.108 kitchen.echo
-192.168.11.109 saya.phone
-192.168.11.110 infineon.iscn5cg3256cps.com
-192.168.11.111 green.echo
-192.168.11.112 playstation5.console
-192.168.11.113 kristy.fire
-192.168.11.114 oculas.console
-192.168.11.115 chelsea.fire
-192.168.11.116 chelsea.phone
-192.168.11.117 logan.tablet
-192.168.11.118 alarm.iot
-192.168.11.119 trigkey.desktop
-192.168.11.120 master.iot
-192.168.11.121 ikea.iot
-192.168.11.122 sprinklers.iot
-192.168.11.123 chelsea.echo
-192.168.11.124 mackenzie.phone
-192.168.11.125 loft.echo
-192.168.11.126 logan.chromebook
-192.168.11.253 sengled.color.iot
-192.168.11.254 sengled.white.iot

etc/pihole/setupVars.conf

@@ -1,14 +0,0 @@
-PIHOLE_INTERFACE=enp2s0
-QUERY_LOGGING=true
-INSTALL_WEB_SERVER=true
-INSTALL_WEB_INTERFACE=true
-LIGHTTPD_ENABLED=true
-CACHE_SIZE=10000
-DNS_FQDN_REQUIRED=true
-DNS_BOGUS_PRIV=true
-DNSMASQ_LISTENING=local
-WEBPASSWORD=4f2f4f253d64a90315c0ace8a61b6b6e828f8d8d996b0a0b0e153230617bedd3
-BLOCKING_ENABLED=true
-PIHOLE_DNS_1=127.0.0.1#5335
-DNSSEC=false
-REV_SERVER=false

etc/shadow

@@ -32,7 +32,6 @@ fwupd-refresh:!*:19836::::::
 usbmux:!:19929::::::
 sshd:!:19929::::::
 phares:$y$j9T$mk3Fb5hENQkN//RvJPyB6.$xdsox1L6gnbZibmeEsveAMNjZ22J7sIEz.W957Osj1A:19930:0:99999:7:::
-pihole:$y$j9T$k223Uf777oEQZtuag6kXO1$vfa4e7EdalU7A9ECEoPJ7QHnN9Bkylct7kNIHZYXGP8:19929:0:99999:7:::
 podman:$y$j9T$kuuH4dAlA8LAbBASzBA6y/$9xVT4/nstOeIVTVoil/WSUKMIyePo8dKBXDByMm.qG5:19929:0:99999:7:::
 lphares:$y$j9T$m33.tZHwrEl7X.ovXN.a7/$z2We2A72fQMDkSQIYetbXuNNTk8YHNEvQeisSwtmo6C:19929:0:99999:7:::
 bmiller:$y$j9T$sYFlvEEV1yntCl3CeN8M70$CpuMQrO3K9NFF122NsJWvM5nxnQK8EXvmD3C41.JZm8:19929:0:99999:7:::
@@ -40,3 +39,6 @@ unbound:!:19929::::::
 dnsmasq:!:19930::::::
 cockpit-ws:!:19930::::::
 cockpit-wsinstance:!:19930::::::
+pcp:!:19938::::::
+persa:$y$j9T$9AiaUMaouaQcqO9TOrKZe.$XSerhwFhjwluy/xONVpJVUmeQfXk/qasTO6FCFmw9E1:19978:0:99999:7:::
+redis:!:20001::::::

etc/shadow-

@@ -31,11 +31,13 @@ landscape:!:19836::::::
 fwupd-refresh:!*:19836::::::
 usbmux:!:19929::::::
 sshd:!:19929::::::
-phares:$6$X.bTmW8z9/2WwB08$pivFW7YtPuGBou4Ut7eB1Y1ELwOVumy5tJYMf/RTQgkdUWzkKs9jndwfuVzTRlknbyGzA4A1lPImVtVHOCyBs/:19929:0:99999:7:::
-pihole:$y$j9T$k223Uf777oEQZtuag6kXO1$vfa4e7EdalU7A9ECEoPJ7QHnN9Bkylct7kNIHZYXGP8:19929:0:99999:7:::
+phares:$y$j9T$mk3Fb5hENQkN//RvJPyB6.$xdsox1L6gnbZibmeEsveAMNjZ22J7sIEz.W957Osj1A:19930:0:99999:7:::
 podman:$y$j9T$kuuH4dAlA8LAbBASzBA6y/$9xVT4/nstOeIVTVoil/WSUKMIyePo8dKBXDByMm.qG5:19929:0:99999:7:::
 lphares:$y$j9T$m33.tZHwrEl7X.ovXN.a7/$z2We2A72fQMDkSQIYetbXuNNTk8YHNEvQeisSwtmo6C:19929:0:99999:7:::
 bmiller:$y$j9T$sYFlvEEV1yntCl3CeN8M70$CpuMQrO3K9NFF122NsJWvM5nxnQK8EXvmD3C41.JZm8:19929:0:99999:7:::
 unbound:!:19929::::::
 dnsmasq:!:19930::::::
 cockpit-ws:!:19930::::::
+cockpit-wsinstance:!:19930::::::
+pcp:!:19938::::::
+persa:$y$j9T$9AiaUMaouaQcqO9TOrKZe.$XSerhwFhjwluy/xONVpJVUmeQfXk/qasTO6FCFmw9E1:19978:0:99999:7:::

etc/systemd/resolved.conf

@@ -30,7 +30,7 @@
 #LLMNR=no
 #Cache=no-negative
 #CacheFromLocalhost=no
-DNSStubListener=no
+#DNSStubListener=yes
 #DNSStubListenerExtra=
 #ReadEtcHosts=yes
 #ResolveUnicastSingleLabel=no

etc/systemd/system/snap.adguard-home.adguard-home.service

@@ -0,0 +1,19 @@
+[Unit]
+# Auto-generated, DO NOT EDIT
+Description=Service for snap application adguard-home.adguard-home
+Requires=snap-adguard\x2dhome-7366.mount
+Wants=network.target
+After=snap-adguard\x2dhome-7366.mount network.target snapd.apparmor.service
+X-Snappy=yes
+
+[Service]
+EnvironmentFile=-/etc/environment
+ExecStart=/usr/bin/snap run adguard-home
+SyslogIdentifier=adguard-home.adguard-home
+Restart=always
+WorkingDirectory=/var/snap/adguard-home/7366
+TimeoutStopSec=30
+Type=simple
+
+[Install]
+WantedBy=multi-user.target

etc/systemd/system/snap.certbot.renew.timer

@@ -7,8 +7,8 @@ X-Snappy=yes
 
 [Timer]
 Unit=snap.certbot.renew.service
-OnCalendar=*-*-* 11:27
-OnCalendar=*-*-* 15:45
+OnCalendar=*-*-* 07:46
+OnCalendar=*-*-* 19:29
 
 [Install]
 WantedBy=timers.target

etc/systemd/system/snap.ubuntu-frame.daemon.service

@@ -1,9 +1,9 @@
 [Unit]
 # Auto-generated, DO NOT EDIT
 Description=Service for snap application ubuntu-frame.daemon
-Requires=snap-ubuntu\x2dframe-9750.mount
+Requires=snap-ubuntu\x2dframe-10823.mount
 Wants=network.target
-After=snap-ubuntu\x2dframe-9750.mount network.target snapd.apparmor.service
+After=snap-ubuntu\x2dframe-10823.mount network.target snapd.apparmor.service
 X-Snappy=yes
 
 [Service]
@@ -12,7 +12,7 @@ ExecStart=/usr/bin/snap run ubuntu-frame.daemon
 SyslogIdentifier=ubuntu-frame.daemon
 Restart=on-failure
 RestartSec=3
-WorkingDirectory=/var/snap/ubuntu-frame/9750
+WorkingDirectory=/var/snap/ubuntu-frame/10823
 TimeoutStopSec=30
 Type=simple
 

etc/unbound/unbound.conf

@@ -1,10 +0,0 @@
-# Unbound configuration file for Debian.
-#
-# See the unbound.conf(5) man page.
-#
-# See /usr/share/doc/unbound/examples/unbound.conf for a commented
-# reference config file.
-#
-# The following line includes additional configuration files from the
-# /etc/unbound/unbound.conf.d directory.
-include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"

home/podman/.config/containers/systemd/baikal-server-config.volume

@@ -0,0 +1 @@
+[Volume]

home/podman/.config/containers/systemd/baikal-server-data.volume

@@ -0,0 +1 @@
+[Volume]

home/podman/.config/containers/systemd/baikal-server.container

@@ -0,0 +1,24 @@
+[Container]
+AutoUpdate=registry
+ContainerName=baikal-server
+Image=docker.io/ckulka/baikal:latest
+PublishPort=8001:80
+Volume=baikal-server-config.volume:/var/www/baikal/config:Z
+Volume=baikal-server-data.volume:/var/www/baikal/Specific:Z
+
+[Service]
+Restart=no
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull docker.io/ckulka/baikal:latest
+# systemctl --user daemon-reload
+# systemctl --user start baikal-server
+# systemctl --user status baikal-server
+# journalctl -fu baikal-server.service
+# podman logs baikal-server
+# systemctl --user stop baikal-server
+# systemctl --user disable baikal-server
+# podman exec -ti baikal-server /bin/sh
+# podman exec -ti baikal-server /bin/bash

home/podman/.config/containers/systemd/immich-card-dav.container

@@ -0,0 +1,35 @@
+[Container]
+AutoUpdate=registry
+ContainerName=immich-card-dav
+Environment="CARDDAV_SYNC_CARDDAV_ADDRESSBOOK=asdf"
+Environment="CARDDAV_SYNC_CARDDAV_PASSWORD=excitedwater164"
+Environment="CARDDAV_SYNC_CARDDAV_URL=192.168.11.2"
+Environment="CARDDAV_SYNC_CARDDAV_USERNAME=cphares"
+Environment="CARDDAV_SYNC_CRON_EXPRESSION=24 5 * * *"
+Environment="CARDDAV_SYNC_IMMICH_API_KEY=asdf"
+Environment="CARDDAV_SYNC_IMMICH_API_URL=asdf"
+Image=ghcr.io/daniele-athome/immich-carddav-sync-daemon:master
+# Network=immich.network
+# Pod=immich.pod
+# PublishPort=3001:3001
+
+[Service]
+Restart=no
+
+[Unit]
+Requires=immich-server.service
+After=immich-server.service
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull ghcr.io/daniele-athome/immich-carddav-sync-daemon:master
+# systemctl --user daemon-reload
+# systemctl --user start immich-card-dav
+# systemctl --user status immich-card-dav
+# journalctl -fu immich-card-dav.service
+# podman logs immich-card-dav
+# systemctl --user stop immich-card-dav
+# systemctl --user disable immich-card-dav
+# podman exec -ti immich-card-dav /bin/sh
+# podman exec -ti immich-card-dav /bin/bash

home/podman/.config/containers/systemd/immich-db.container

@@ -5,7 +5,7 @@ Environment="POSTGRES_DB=immich"
 Environment="POSTGRES_INITDB_ARGS=--data-checksums"
 Environment="POSTGRES_PASSWORD=postgres"
 Environment="POSTGRES_USER=postgres"
-Image=docker.io/library/postgres:16
+Image=docker.io/tensorchord/pgvecto-rs:pg16-v0.2.0
 # Network=immich.network
 # Pod=immich.pod
 PublishPort=5432:5432
@@ -41,7 +41,7 @@ WantedBy=multi-user.target default.target
 #     - -c
 #     - wal_compression=on
 
-# podman pull docker.io/library/postgres:16
+# podman pull docker.io/tensorchord/pgvecto-rs:pg16-v0.2.0
 # systemctl --user daemon-reload
 # systemctl --user start immich-db
 # systemctl --user status immich-db
@@ -51,3 +51,7 @@ WantedBy=multi-user.target default.target
 # systemctl --user disable immich-db
 # podman exec -ti immich-db /bin/sh
 # podman exec -ti immich-db /bin/bash
+# Image=docker.io/library/postgres:16
+# podman pull docker.io/library/postgres:16
+# file: 'extension.c', line: '543', routine: 'parse_extension_control_file'
+# https://github.com/immich-app/immich/discussions/6792

home/podman/.config/containers/systemd/immich-learning.container

@@ -1,10 +1,13 @@
 [Container]
 AutoUpdate=registry
 ContainerName=immich-learning
+Environment="IMMICH_HOST=0.0.0.0"
+Environment="MACHINE_LEARNING_HOST=0.0.0.0"
 Image=ghcr.io/immich-app/immich-machine-learning:release
 # Network=immich.network
 # Pod=immich.pod
 PublishPort=3003:3003
+Volume=/etc/localtime:/etc/localtime:ro
 Volume=immich-learning-cache.volume:/cache:Z
 
 [Service]

home/podman/.config/containers/systemd/immich-redis.container

@@ -29,3 +29,5 @@ WantedBy=multi-user.target default.target
 # systemctl --user disable immich-redis
 # podman exec -ti immich-redis /bin/sh
 # podman exec -ti immich-redis /bin/bash
+# ERROR Can't connect to ('::', 3003)
+# https://github.com/immich-app/immich/discussions/8220

home/podman/.config/containers/systemd/immich-server.container

@@ -2,9 +2,10 @@
 AutoUpdate=registry
 ContainerName=immich-server
 Environment="DB_DATABASE_NAME=immich"
-Environment="DB_HOST=192.168.11.2"
+Environment="DB_HOSTNAME=192.168.11.2"
 Environment="DB_PASSWORD=postgres"
 Environment="DB_USERNAME=postgres"
+Environment="REDIS_HOSTNAME=192.168.11.2"
 Image=ghcr.io/immich-app/immich-server:release
 # Network=immich.network
 # Pod=immich.pod
@@ -35,3 +36,4 @@ WantedBy=multi-user.target default.target
 # systemctl --user disable immich-server
 # podman exec -ti immich-server /bin/sh
 # podman exec -ti immich-server /bin/bash
+# Environment="DB_HOST=192.168.11.2"

home/podman/.config/containers/systemd/xandikos-server-data.volume

@@ -0,0 +1 @@
+[Volume]

home/podman/.config/containers/systemd/xandikos-server.container

@@ -0,0 +1,23 @@
+[Container]
+AutoUpdate=registry
+ContainerName=xandikos-server
+Image=ghcr.io/jelmer/xandikos
+PublishPort=8000:8000
+Volume=xandikos-server-data.volume:/data:Z
+
+[Service]
+Restart=no
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull ghcr.io/jelmer/xandikos
+# systemctl --user daemon-reload
+# systemctl --user start xandikos-server
+# systemctl --user status xandikos-server
+# journalctl -fu xandikos-server.service
+# podman logs xandikos-server
+# systemctl --user stop xandikos-server
+# systemctl --user disable xandikos-server
+# podman exec -ti xandikos-server /bin/sh
+# podman exec -ti xandikos-server /bin/bash