phares3757/linux-ubuntu-server
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

resh install on Ubuntu Server with Docker at OS level then explore Podman Quadlet

Browse Source
This commit is contained in:
Mike Phares
2024-07-23 17:35:22 -07:00
parent 929745ed1b
commit 60d7407abb
80 changed files with 1846 additions and 1440 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
etc/.pihole/.gitignore vendored Normal file
View File

@ -0,0 +1,12 @@
.DS_Store
*.pyc
*.swp
__pycache__
.cache
.pytest_cache
.tox
.eggs
*.egg-info
.idea/
*.iml
.vscode/

82
etc/.pihole/advanced/pihole-admin.conf Normal file
View File

@ -0,0 +1,82 @@
# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Lighttpd config for Pi-hole
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.
###############################################################################
# FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE. #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
###############################################################################
server.errorlog := "/var/log/lighttpd/error-pihole.log"
$HTTP["url"] =~ "^/admin/" {
server.document-root = "/var/www/html"
server.stream-response-body = 1
accesslog.filename = "/var/log/lighttpd/access-pihole.log"
accesslog.format = "%{%s}t|%h|%V|%r|%s|%b"
fastcgi.server = (
".php" => (
"localhost" => (
"socket" => "/run/lighttpd/pihole-php-fastcgi.socket",
"bin-path" => "/usr/bin/php-cgi",
"min-procs" => 1,
"max-procs" => 1,
"bin-environment" => (
"PHP_FCGI_CHILDREN" => "4",
"PHP_FCGI_MAX_REQUESTS" => "10000",
),
"bin-copy-environment" => (
"PATH", "SHELL", "USER"
),
"broken-scriptfilename" => "enable",
)
)
)
# X-Pi-hole is a response header for debugging using curl -I
# X-Frame-Options prevents clickjacking attacks and helps ensure your content is not embedded into other sites via < frame >, < iframe > or < object >.
# X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. This is important because it tells the browser to block the response if a malicious script has been inserted from a user input. (deprecated; disabled)
# X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. This is important because the browser will only load external resources if their content-type matches what is expected, and not malicious hidden code.
# Content-Security-Policy tells the browser where resources are allowed to be loaded and if its allowed to parse/run inline styles or Javascript. This is important because it prevents content injection attacks, such as Cross Site Scripting (XSS).
# X-Permitted-Cross-Domain-Policies is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains.
# Referrer-Policy allows control/restriction of the amount of information present in the referral header for links away from your page—the URL path or even if the header is sent at all.
setenv.add-response-header = (
"X-Pi-hole" => "The Pi-hole Web interface is working!",
"X-Frame-Options" => "DENY",
"X-XSS-Protection" => "0",
"X-Content-Type-Options" => "nosniff",
"Content-Security-Policy" => "default-src 'self' 'unsafe-inline';",
"X-Permitted-Cross-Domain-Policies" => "none",
"Referrer-Policy" => "same-origin"
)
# Block . files from being served, such as .git, .github, .gitignore
$HTTP["url"] =~ "^/admin/\." {
url.access-deny = ("")
}
# allow teleporter and API qr code iframe on settings page
$HTTP["url"] =~ "/(teleporter|api_token)\.php$" {
$HTTP["referer"] =~ "/admin/settings\.php" {
setenv.set-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
}
}
}
else $HTTP["url"] == "/admin" {
url.redirect = ("" => "/admin/")
}
$HTTP["host"] == "pi.hole" {
$HTTP["url"] == "/" {
url.redirect = ("" => "/admin/")
}
}
# (keep this on one line for basic-install.sh filtering during install)
server.modules += ( "mod_access", "mod_accesslog", "mod_redirect", "mod_fastcgi", "mod_setenv" )

43
etc/apt/sources.list
View File

@ -1,42 +1 @@
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://us.archive.ubuntu.com/ubuntu/ mantic main restricted
# deb-src http://us.archive.ubuntu.com/ubuntu/ mantic main restricted
## Major bug fix updates produced after the final release of the
## distribution.
deb http://us.archive.ubuntu.com/ubuntu/ mantic-updates main restricted
# deb-src http://us.archive.ubuntu.com/ubuntu/ mantic-updates main restricted
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://us.archive.ubuntu.com/ubuntu/ mantic universe
# deb-src http://us.archive.ubuntu.com/ubuntu/ mantic universe
deb http://us.archive.ubuntu.com/ubuntu/ mantic-updates universe
# deb-src http://us.archive.ubuntu.com/ubuntu/ mantic-updates universe
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://us.archive.ubuntu.com/ubuntu/ mantic multiverse
# deb-src http://us.archive.ubuntu.com/ubuntu/ mantic multiverse
deb http://us.archive.ubuntu.com/ubuntu/ mantic-updates multiverse
# deb-src http://us.archive.ubuntu.com/ubuntu/ mantic-updates multiverse
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://us.archive.ubuntu.com/ubuntu/ mantic-backports main restricted universe multiverse
# deb-src http://us.archive.ubuntu.com/ubuntu/ mantic-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu/ mantic-security main restricted
# deb-src http://security.ubuntu.com/ubuntu/ mantic-security main restricted
deb http://security.ubuntu.com/ubuntu/ mantic-security universe
# deb-src http://security.ubuntu.com/ubuntu/ mantic-security universe
deb http://security.ubuntu.com/ubuntu/ mantic-security multiverse
# deb-src http://security.ubuntu.com/ubuntu/ mantic-security multiverse
# Ubuntu sources have moved to /etc/apt/sources.list.d/ubuntu.sources

28
etc/bash_history_2024-07-22.txt Normal file
View File

@ -0,0 +1,28 @@
apt-get update
apt upgrade -y
apt install snapd -y
apt install sudo links unzip nginx git nano ncdu -y
snap install dashkiosk
snap install ubuntu-frame wpe-webkit-mir-kiosk
snap set wpe-webkit-mir-kiosk daemon=true
snap set wpe-webkit-mir-kiosk url=http://localhost:9400/receiver
exit
wpe-webkit-mir-kiosk.cog http://localhost:9400/receiver
/snap/wpe-webkit-mir-kiosk/current/bin/setup.sh
wpe-webkit-mir-kiosk.cog http://localhost:9400/receiver
snap set ubuntu-frame daemon=true
exit
reboot
cat /root/.ssh/authorized_keys
nano /root/.ssh/authorized_keys
adduser lphares
mkdir /home/lphares/.ssh
cp /root/.ssh/authorized_keys /home/lphares/.ssh/authorized_keys
chown lphares:lphares -R /home/lphares
adduser bmiller
mkdir /home/bmiller/.ssh
cp /root/.ssh/authorized_keys /home/bmiller/.ssh/authorized_keys
chown bmiller:bmiller -R /home/bmiller
ln -s /var/log/nginx /var/www/html/log-nginx
ls -la /var/www/html
exit

4
etc/dhcpcd.conf
View File

@ -46,3 +46,7 @@ require dhcp_server_identifier
#slaac hwaddr
# OR generate Stable Private IPv6 Addresses based from the DUID
slaac private
interface enp2s0
static ip_address=192.168.11.2/25
static routers=192.168.11.1
static domain_name_servers=

39
etc/dnsmasq.d/01-pihole.conf Normal file
View File

@ -0,0 +1,39 @@
# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Dnsmasq config for Pi-hole's FTLDNS
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.
###############################################################################
# FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
# #
# IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN: #
# /etc/pihole/setupVars.conf #
# #
# ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE #
# WITHIN /etc/dnsmasq.d/yourname.conf #
###############################################################################
addn-hosts=/etc/pihole/local.list
addn-hosts=/etc/pihole/custom.list
localise-queries
no-resolv
log-queries
log-facility=/var/log/pihole/pihole.log
log-async
cache-size=10000
server=127.0.0.1#5335
domain-needed
expand-hosts
bogus-priv
local-service

42
etc/dnsmasq.d/06-rfc6761.conf Normal file
View File

@ -0,0 +1,42 @@
# Pi-hole: A black hole for Internet advertisements
# (c) 2021 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# RFC 6761 config file for Pi-hole
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.
###############################################################################
# FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
# #
# CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE #
# WITHIN /etc/dnsmasq.d/yourname.conf #
###############################################################################
# RFC 6761: Caching DNS servers SHOULD recognize
# test, localhost, invalid
# names as special and SHOULD NOT attempt to look up NS records for them, or
# otherwise query authoritative DNS servers in an attempt to resolve these
# names.
server=/test/
server=/localhost/
server=/invalid/
# The same RFC requests something similar for
# 10.in-addr.arpa. 21.172.in-addr.arpa. 27.172.in-addr.arpa.
# 16.172.in-addr.arpa. 22.172.in-addr.arpa. 28.172.in-addr.arpa.
# 17.172.in-addr.arpa. 23.172.in-addr.arpa. 29.172.in-addr.arpa.
# 18.172.in-addr.arpa. 24.172.in-addr.arpa. 30.172.in-addr.arpa.
# 19.172.in-addr.arpa. 25.172.in-addr.arpa. 31.172.in-addr.arpa.
# 20.172.in-addr.arpa. 26.172.in-addr.arpa. 168.192.in-addr.arpa.
# Pi-hole implements this via the dnsmasq option "bogus-priv" (see
# 01-pihole.conf) because this also covers IPv6.
# OpenWRT furthermore blocks bind, local, onion domains
# see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD
# and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml
# We do not include the ".local" rule ourselves, see https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972
server=/bind/
server=/onion/

52
etc/group
View File

@ -2,7 +2,7 @@ root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:mike
adm:x:4:syslog,phares
tty:x:5:
disk:x:6:
lp:x:7:
@ -15,12 +15,12 @@ kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:mike
cdrom:x:24:phares
floppy:x:25:
tape:x:26:
sudo:x:27:mike
sudo:x:27:phares
audio:x:29:
dip:x:30:mike
dip:x:30:phares
www-data:x:33:
backup:x:34:
operator:x:37:
@ -31,27 +31,35 @@ shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:mike
plugdev:x:46:phares
staff:x:50:
games:x:60:
users:x:100:lphares,bmiller,gogs
users:x:100:lphares,bmiller
nogroup:x:65534:
systemd-journal:x:999:
systemd-network:x:998:
systemd-timesync:x:997:
input:x:101:
sgx:x:102:
kvm:x:103:
render:x:104:
lxd:x:105:mike
messagebus:x:106:
systemd-resolve:x:996:
_ssh:x:107:
polkitd:x:995:
netdev:x:108:
mike:x:1000:
lphares:x:1002:bmiller
bmiller:x:1003:
gogs:x:1004:
snapd-range-524288-root:x:524288:
snap_daemon:x:584788:
input:x:996:
sgx:x:995:
kvm:x:994:
render:x:993:
lxd:x:101:phares
messagebus:x:102:
systemd-resolve:x:992:
_ssh:x:103:
polkitd:x:991:
crontab:x:990:
syslog:x:104:
uuidd:x:105:
rdma:x:106:
tcpdump:x:107:
tss:x:108:
landscape:x:109:
fwupd-refresh:x:989:
netdev:x:110:
phares:x:1000:
lphares:x:1001:bmiller
bmiller:x:1002:
pihole:x:1003:www-data
unbound:x:111:
docker:x:988:

50
etc/group-
View File

@ -2,7 +2,7 @@ root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:mike
adm:x:4:syslog,phares
tty:x:5:
disk:x:6:
lp:x:7:
@ -15,12 +15,12 @@ kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:mike
cdrom:x:24:phares
floppy:x:25:
tape:x:26:
sudo:x:27:mike
sudo:x:27:phares
audio:x:29:
dip:x:30:mike
dip:x:30:phares
www-data:x:33:
backup:x:34:
operator:x:37:
@ -31,26 +31,34 @@ shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:mike
plugdev:x:46:phares
staff:x:50:
games:x:60:
users:x:100:lphares,bmiller,gogs
users:x:100:lphares,bmiller
nogroup:x:65534:
systemd-journal:x:999:
systemd-network:x:998:
systemd-timesync:x:997:
input:x:101:
sgx:x:102:
kvm:x:103:
render:x:104:
lxd:x:105:mike
messagebus:x:106:
systemd-resolve:x:996:
_ssh:x:107:
polkitd:x:995:
netdev:x:108:
mike:x:1000:
lphares:x:1002:bmiller
bmiller:x:1003:
gogs:x:1004:
snapd-range-524288-root:x:524288:
input:x:996:
sgx:x:995:
kvm:x:994:
render:x:993:
lxd:x:101:phares
messagebus:x:102:
systemd-resolve:x:992:
_ssh:x:103:
polkitd:x:991:
crontab:x:990:
syslog:x:104:
uuidd:x:105:
rdma:x:106:
tcpdump:x:107:
tss:x:108:
landscape:x:109:
fwupd-refresh:x:989:
netdev:x:110:
phares:x:1000:
lphares:x:1001:bmiller
bmiller:x:1002:
pihole:x:1003:www-data
unbound:x:111:

38
etc/gshadow
View File

@ -2,7 +2,7 @@ root:*::
daemon:*::
bin:*::
sys:*::
adm:*::mike
adm:*::syslog,phares
tty:*::
disk:*::
lp:*::
@ -15,12 +15,12 @@ kmem:*::
dialout:*::
fax:*::
voice:*::
cdrom:*::mike
cdrom:*::phares
floppy:*::
tape:*::
sudo:*::mike
sudo:*::phares
audio:*::
dip:*::mike
dip:*::phares
www-data:*::
backup:*::
operator:*::
@ -31,27 +31,35 @@ shadow:*::
utmp:*::
video:*::
sasl:*::
plugdev:*::mike
plugdev:*::phares
staff:*::
games:*::
users:*::lphares,bmiller,gogs
users:*::lphares,bmiller
nogroup:*::
systemd-journal:!*::
systemd-network:!*::
systemd-timesync:!*::
input:!::
sgx:!::
kvm:!::
render:!::
lxd:!::mike
input:!*::
sgx:!*::
kvm:!*::
render:!*::
lxd:!::phares
messagebus:!::
systemd-resolve:!*::
_ssh:!::
polkitd:!*::
crontab:!*::
syslog:!::
uuidd:!::
rdma:!::
tcpdump:!::
tss:!::
landscape:!::
fwupd-refresh:!*::
netdev:!::
mike:!::
phares:!::
lphares:!::bmiller
bmiller:!::
gogs:!::
snapd-range-524288-root:!::
snap_daemon:!::
pihole:!::www-data
unbound:!::
docker:!::

36
etc/gshadow-
View File

@ -2,7 +2,7 @@ root:*::
daemon:*::
bin:*::
sys:*::
adm:*::mike
adm:*::syslog,phares
tty:*::
disk:*::
lp:*::
@ -15,12 +15,12 @@ kmem:*::
dialout:*::
fax:*::
voice:*::
cdrom:*::mike
cdrom:*::phares
floppy:*::
tape:*::
sudo:*::mike
sudo:*::phares
audio:*::
dip:*::mike
dip:*::phares
www-data:*::
backup:*::
operator:*::
@ -31,26 +31,34 @@ shadow:*::
utmp:*::
video:*::
sasl:*::
plugdev:*::mike
plugdev:*::phares
staff:*::
games:*::
users:*::lphares,bmiller,gogs
users:*::lphares,bmiller
nogroup:*::
systemd-journal:!*::
systemd-network:!*::
systemd-timesync:!*::
input:!::
sgx:!::
kvm:!::
render:!::
lxd:!::mike
input:!*::
sgx:!*::
kvm:!*::
render:!*::
lxd:!::phares
messagebus:!::
systemd-resolve:!*::
_ssh:!::
polkitd:!*::
crontab:!*::
syslog:!::
uuidd:!::
rdma:!::
tcpdump:!::
tss:!::
landscape:!::
fwupd-refresh:!*::
netdev:!::
mike:!::
phares:!::
lphares:!::bmiller
bmiller:!::
gogs:!::
snapd-range-524288-root:!::
pihole:!::www-data
unbound:!::

2
etc/hosts
View File

@ -1,5 +1,5 @@
127.0.0.1 localhost
127.0.1.1 server
127.0.1.1 beelink
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback

1
etc/letsencrypt/.updated-options-ssl-nginx-conf-digest.txt Normal file
View File

@ -0,0 +1 @@
5e21cc66989f26ec46116d979421e538131cf8ab33ffff3f682fbfe491b0ace8

1
etc/letsencrypt/.updated-ssl-dhparams-pem-digest.txt Normal file
View File

@ -0,0 +1 @@
9ba6429597aeed2d8617a7705b56e96d044f64b07971659382e426675105654b

1
etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/805d2f39f581c9a2a417db3d91bfc764/meta.json Normal file
View File

@ -0,0 +1 @@
{"creation_dt": "2024-07-23T03:12:26Z", "creation_host": "beelink"}

1
etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/805d2f39f581c9a2a417db3d91bfc764/private_key.json Normal file
View File

@ -0,0 +1 @@
{"n": "tAPgSFbPGk0aKdR6Pk3_0WtZ_YpjzRewuttzTYHV8m8adMKO771G-NMB_zSoYoWmia9s1tj1KCF3P6bnVQzDE3ZbBLfeIFT9GaGCczgDpMEWs6rkWfLWGW93IQoqEJi0f2ati7UpaO22NcnhFAkDmIAyLmaYxv_cTAgeGurv690379v_I38b0rxfw8woGlpfYzvyY_UiEbeK4sMT_TnZdq6ZYgcu770d_ZgYlhstK_jKnumH9G2zaxs3kgRKSoyd8LT4VmLHTIoVT8eEFT1abz0bFo2uPWOaxHtQjI2S8qLEQI9Tg15oy86SPDYDGpY6HfgshasA3Pm9-IUV0tgTUQ", "e": "AQAB", "d": "BzTTX9aNPMMFHvfaJF3OI3kPIQyF7fxaqGcsT3y4-ATcCGn9e7oD58HXSnsj4xgVvjhxc2fODBHwnN-SCcTdvA0B5TUsRWSBmVilbYjM8kEUlNxso4JTldVe7aU-qiKQjPLPwb3euF56oroJMn8hT5O1pWviT0GsUG5P51usEbDu81t_ZZcn-I21Xe9jQ0mXgNsS1c18cX6AlDMhAlm7aw6gUJdrnScbsWp0sDXQiOzLEvwm1ahjUioEtiQiHH1Jsa2mYcuGhrWyrx-Xlt0TzfslocDbHbgCFKPG6XLVBoBbWb4Hm3LBA7naiuEY_Dmi-wQUtHiJELwSu4opkNRxTQ", "p": "23HhNDzEaiDI2Gg2-qxkOBEwCDT9b1If_vGSwZRzPLJBijy5ypXDdtQifCgLEeNJm0CJSa9SZcZjyDZH7_JLFO8bWl1pjf095SwJBK3Sc9uavr8jl-OzAbX_fHOL1ZHhvI4vsBQhc6dsushPFCFEcvaokTuxf8QZUEP0DLsNWh8", "q": "0gCJICISX_tcQ7AmbBsJDFTnU2IqAo3nG0UXcoHSlMXJqkkjjaPo7TZ-CMlt8dbSZX1ekvw8nvRq7tHuNDqflNgfyxt0gHnjkzYowlM83OIMiMbMtV9ddDwYCYGJYZTPEVVRW6s6A1Pb97-2b-IiDoQkdohC0NxhIPM4ntw9xI8", "dp": "ovJ0320gDA48FTWNXaYU5O0eVXnDlp3M1GpdJxEsYK2crSFadGuwsNPkp3y0e5viVD4fs29UJ-6guVJVKH8p8Wl7TiZ-8shQ5ZNFPwwzcYRn66vSqj6R9XtHMwo5k2S30mNiVcUc8dwoiKmkzrXFNfiiQvWoX88lXMyYs7tRttE", "dq": "iNJWhTwNssFnZKaA8hBPPdyXdulPK6jeuRKz6yQQWmPfN3Y9lswDN4I4bWsnmdh37i3Xj3aN3JaskPrv8tF7JZQGauNxbT98-W3g8nMfBV62AetcdpMypUd99buTEaPNoaJvxoTx4Dcj6u_aYlz4CXMo-p1ewwvCsKAm9MHT8Js", "qi": "2VGQ-m3oki_uXi85Ybs2u-4tDFVL7zsFaoYtV8-KMOaYyd6N65kk2EjFWSXRa6BnAqoELEXr0cV9ZJA2YF4WfLQwCLVntyDN6Dc0_9du81qIc_efqBcY_fNMeEfDKAOZkslKIKkWJaP9CAXyI4_ctHdiAhFowdSCcBFTZ2O9xa4", "kty": "RSA"}

1
etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/805d2f39f581c9a2a417db3d91bfc764/regr.json Normal file
View File

@ -0,0 +1 @@
{"body": {}, "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/1851917407"}

25
etc/letsencrypt/archive/phares3757.ddns.net/cert1.pem Normal file
View File

@ -0,0 +1,25 @@
-----BEGIN CERTIFICATE-----
MIIEJzCCA6ygAwIBAgISBLIxc7whwwFJZCApth1UIMcPMAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NjAeFw0yNDA3MjMwMjEzNDhaFw0yNDEwMjEwMjEzNDdaMB4xHDAaBgNVBAMTE3Bo
YXJlczM3NTcuZGRucy5uZXQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQdWJOW
xYvavXWc5dOMmGpaToaiTDrDRZ+oKsywjM/KChalQiNYLUSJqp3Dh5eoRfQ09K50
X6yJOJaQxb0FFzC1o4ICtDCCArAwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBScvr8E
AeV+Re+aj/j90JHjpLTkuzAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU
0jBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNi5vLmxlbmNy
Lm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U2LmkubGVuY3Iub3JnLzCBuwYDVR0R
BIGzMIGwgg9hZmZpcm0uZGRucy5uZXSCGGdpdGVhLnBoYXJlcy5kdWNrZG5zLm9y
Z4IZaW1taWNoLnBoYXJlcy5kdWNrZG5zLm9yZ4IYbXVzaWMucGhhcmVzLmR1Y2tk
bnMub3JnghNwaGFyZXMzNzU3LmRkbnMubmV0ghlxdWFydHoucGhhcmVzLmR1Y2tk
bnMub3Jngh52YXVsdHdhcmRlbi5waGFyZXMuZHVja2Rucy5vcmcwEwYDVR0gBAww
CjAIBgZngQwBAgEwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwBIsONr2qZHNA/l
agL6nTDrHFIBy1bdLIHZu7+rOdiEcwAAAZDdlLOuAAAEAwBIMEYCIQCpfmsaNEgL
DrwdkCY+7NbJayn43Gv4sUjD4arZVJntKgIhAOyuzAjCF9JGPMSqNlSXd83zX89g
eKGUwLWltfIe+zVbAHYAPxdLT9ciR1iUHWUchL4NEu2QN38fhWrrwb8ohez4ZG4A
AAGQ3ZSztwAABAMARzBFAiEA4JYbBt/ZdGzUZk4evX3alv6QobD5D0An4NG0vF5G
JkQCICph30m0Ev4uFpVvLUx1CJlTR/gJMJ+0U8RbE95c9xyYMAoGCCqGSM49BAMD
A2kAMGYCMQCy5ix9dZALkOcFIWoAI0t2UzXBho7+eRGsXfIiLrBfYw8eDALPAglI
glGBo2OmRs8CMQCXQwaoJRZG2IPnVS+0JMDZq2PzhyyV9Tycj77wRrYHwOHWwyA6
9UaLhFqUL/sVdwo=
-----END CERTIFICATE-----

26
etc/letsencrypt/archive/phares3757.ddns.net/chain1.pem Normal file
View File

@ -0,0 +1,26 @@
-----BEGIN CERTIFICATE-----
MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
Ig46v9mFmBvyH04=
-----END CERTIFICATE-----

51
etc/letsencrypt/archive/phares3757.ddns.net/fullchain1.pem Normal file
View File

@ -0,0 +1,51 @@
-----BEGIN CERTIFICATE-----
MIIEJzCCA6ygAwIBAgISBLIxc7whwwFJZCApth1UIMcPMAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NjAeFw0yNDA3MjMwMjEzNDhaFw0yNDEwMjEwMjEzNDdaMB4xHDAaBgNVBAMTE3Bo
YXJlczM3NTcuZGRucy5uZXQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQdWJOW
xYvavXWc5dOMmGpaToaiTDrDRZ+oKsywjM/KChalQiNYLUSJqp3Dh5eoRfQ09K50
X6yJOJaQxb0FFzC1o4ICtDCCArAwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBScvr8E
AeV+Re+aj/j90JHjpLTkuzAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU
0jBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNi5vLmxlbmNy
Lm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U2LmkubGVuY3Iub3JnLzCBuwYDVR0R
BIGzMIGwgg9hZmZpcm0uZGRucy5uZXSCGGdpdGVhLnBoYXJlcy5kdWNrZG5zLm9y
Z4IZaW1taWNoLnBoYXJlcy5kdWNrZG5zLm9yZ4IYbXVzaWMucGhhcmVzLmR1Y2tk
bnMub3JnghNwaGFyZXMzNzU3LmRkbnMubmV0ghlxdWFydHoucGhhcmVzLmR1Y2tk
bnMub3Jngh52YXVsdHdhcmRlbi5waGFyZXMuZHVja2Rucy5vcmcwEwYDVR0gBAww
CjAIBgZngQwBAgEwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwBIsONr2qZHNA/l
agL6nTDrHFIBy1bdLIHZu7+rOdiEcwAAAZDdlLOuAAAEAwBIMEYCIQCpfmsaNEgL
DrwdkCY+7NbJayn43Gv4sUjD4arZVJntKgIhAOyuzAjCF9JGPMSqNlSXd83zX89g
eKGUwLWltfIe+zVbAHYAPxdLT9ciR1iUHWUchL4NEu2QN38fhWrrwb8ohez4ZG4A
AAGQ3ZSztwAABAMARzBFAiEA4JYbBt/ZdGzUZk4evX3alv6QobD5D0An4NG0vF5G
JkQCICph30m0Ev4uFpVvLUx1CJlTR/gJMJ+0U8RbE95c9xyYMAoGCCqGSM49BAMD
A2kAMGYCMQCy5ix9dZALkOcFIWoAI0t2UzXBho7+eRGsXfIiLrBfYw8eDALPAglI
glGBo2OmRs8CMQCXQwaoJRZG2IPnVS+0JMDZq2PzhyyV9Tycj77wRrYHwOHWwyA6
9UaLhFqUL/sVdwo=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
Ig46v9mFmBvyH04=
-----END CERTIFICATE-----

5
etc/letsencrypt/archive/phares3757.ddns.net/privkey1.pem Normal file
View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgWJ4x7Qxn+VXJXETc
HorPVTm5TMqwASdTvWnGchZodiWhRANCAAQdWJOWxYvavXWc5dOMmGpaToaiTDrD
RZ+oKsywjM/KChalQiNYLUSJqp3Dh5eoRfQ09K50X6yJOJaQxb0FFzC1
-----END PRIVATE KEY-----

14
etc/letsencrypt/live/README Normal file
View File

@ -0,0 +1,14 @@
This directory contains your keys and certificates.
`[cert name]/privkey.pem` : the private key for your certificate.
`[cert name]/fullchain.pem`: the certificate file used in most server software.
`[cert name]/chain.pem` : used for OCSP stapling in Nginx >=1.3.7.
`[cert name]/cert.pem` : will break many server configurations, and should not be used
without reading further documentation (see link below).
WARNING: DO NOT MOVE OR RENAME THESE FILES!
Certbot expects these files to remain in this location in order
to function properly!
We recommend not moving these files. For more information, see the Certbot
User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates.

14
etc/letsencrypt/live/phares3757.ddns.net/README Normal file
View File

@ -0,0 +1,14 @@
This directory contains your keys and certificates.
`privkey.pem` : the private key for your certificate.
`fullchain.pem`: the certificate file used in most server software.
`chain.pem` : used for OCSP stapling in Nginx >=1.3.7.
`cert.pem` : will break many server configurations, and should not be used
without reading further documentation (see link below).
WARNING: DO NOT MOVE OR RENAME THESE FILES!
Certbot expects these files to remain in this location in order
to function properly!
We recommend not moving these files. For more information, see the Certbot
User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates.

14
etc/letsencrypt/options-ssl-nginx.conf Normal file
View File

@ -0,0 +1,14 @@
# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file. Contents are based on https://ssl-config.mozilla.org
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";

15
etc/letsencrypt/renewal/phares3757.ddns.net.conf Normal file
View File

@ -0,0 +1,15 @@
# renew_before_expiry = 30 days
version = 2.11.0
archive_dir = /etc/letsencrypt/archive/phares3757.ddns.net
cert = /etc/letsencrypt/live/phares3757.ddns.net/cert.pem
privkey = /etc/letsencrypt/live/phares3757.ddns.net/privkey.pem
chain = /etc/letsencrypt/live/phares3757.ddns.net/chain.pem
fullchain = /etc/letsencrypt/live/phares3757.ddns.net/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = 805d2f39f581c9a2a417db3d91bfc764
authenticator = nginx
installer = nginx
server = https://acme-v02.api.letsencrypt.org/directory
key_type = ecdsa

8
etc/letsencrypt/ssl-dhparams.pem Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
-----END DH PARAMETERS-----

61
etc/lighttpd/lighttpd.conf Normal file
View File

@ -0,0 +1,61 @@
### Documentation
# https://wiki.lighttpd.net/
#
### Configuration Syntax
# https://wiki.lighttpd.net/Docs_Configuration
#
### Configuration Options
# https://wiki.lighttpd.net/Docs_ConfigurationOptions
#
### Debian lighttpd base configuration
server.modules = (
"mod_indexfile",
"mod_access",
"mod_alias",
"mod_redirect",
)
server.document-root = "/var/www/html"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 8005
# strict parsing and normalization of URL for consistency and security
# https://wiki.lighttpd.net/Server_http-parseoptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable"
# if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
"header-strict" => "enable",# default
"host-strict" => "enable",# default
"host-normalize" => "enable",# default
"url-normalize-unreserved"=> "enable",# recommended highly
"url-normalize-required" => "enable",# recommended
"url-ctrls-reject" => "enable",# recommended
"url-path-2f-decode" => "enable",# recommended highly (unless breaks app)
#"url-path-2f-reject" => "enable",
"url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app)
#"url-path-dotseg-reject" => "enable",
#"url-query-20-plus" => "enable",# consistency in query string
"url-invalid-utf8-reject" => "enable",# recommended highly (unless breaks app)
)
index-file.names = ( "index.php", "index.html" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"
# default listening port for IPv6 is same as default IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
### Customizations
# customizations should generally be placed in separate files such as
# /etc/lighttpd/conf-available/00_vars.conf # override variables for *.conf
# /etc/lighttpd/conf-available/99_custom.conf # override *.conf settings
# and then enabled using lighty-enable-mod (1)

32
etc/nginx/sites-available/dashkiosk.beelink.server.conf
View File

@ -1,32 +0,0 @@
[req]
default_bits = 2048
default_keyfile = dashkiosk.beelink.server.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Arizona
localityName = Locality Name (eg, city)
localityName_default = Anthem
organizationName = Organization Name (eg, company)
organizationName_default = Phares
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = dashkiosk.beelink.server
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = dashkiosk.beelink.server
DNS.10 = localhost
DNS.11 = 127.0.0.1

32
etc/nginx/sites-available/dashkiosk.ddns.net.conf
View File

@ -1,32 +0,0 @@
[req]
default_bits = 2048
default_keyfile = dashkiosk.ddns.net.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Arizona
localityName = Locality Name (eg, city)
localityName_default = Anthem
organizationName = Organization Name (eg, company)
organizationName_default = Phares
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = dashkiosk.ddns.net
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = dashkiosk.ddns.net
DNS.10 = localhost
DNS.11 = 127.0.0.1

399
etc/nginx/sites-available/default
View File

@ -7,370 +7,35 @@ server {
try_files $uri $uri/ =404;
}
}
server {
# touch /etc/nginx/sites-available/phares3757.beelink.server.conf
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/phares3757.beelink.server.key -out /etc/nginx/phares3757.beelink.server.crt -config /etc/nginx/sites-available/phares3757.beelink.server.conf
ssl_certificate 'phares3757.beelink.server.crt';
ssl_certificate_key 'phares3757.beelink.server.key';
listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
server_name phares3757.beelink.server;
root /etc/pihole;
autoindex on;
autoindex_format json;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
}
server {
# touch /etc/nginx/sites-available/dashkiosk.beelink.server.conf
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/dashkiosk.beelink.server.key -out /etc/nginx/dashkiosk.beelink.server.crt -config /etc/nginx/sites-available/dashkiosk.beelink.server.conf
ssl_certificate 'dashkiosk.beelink.server.crt';
ssl_certificate_key 'dashkiosk.beelink.server.key';
listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
server_name dashkiosk.beelink.server;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:9400/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}
server {
# touch /etc/nginx/sites-available/filebrowser.beelink.server.conf
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/filebrowser.beelink.server.key -out /etc/nginx/filebrowser.beelink.server.crt -config /etc/nginx/sites-available/filebrowser.beelink.server.conf
ssl_certificate 'filebrowser.beelink.server.crt';
ssl_certificate_key 'filebrowser.beelink.server.key';
listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
server_name filebrowser.beelink.server;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8080/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}
server {
# touch /etc/nginx/sites-available/gogs3757.beelink.server.conf
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/gogs3757.beelink.server.key -out /etc/nginx/gogs3757.beelink.server.crt -config /etc/nginx/sites-available/gogs3757.beelink.server.conf
ssl_certificate 'gogs3757.beelink.server.crt';
ssl_certificate_key 'gogs3757.beelink.server.key';
listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
server_name gogs3757.beelink.server;
client_max_body_size 5000m;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:3000/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}
server {
# touch /etc/nginx/sites-available/immich3757.beelink.server.conf
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/immich3757.beelink.server.key -out /etc/nginx/immich3757.beelink.server.crt -config /etc/nginx/sites-available/immich3757.beelink.server.conf
ssl_certificate 'immich3757.beelink.server.crt';
ssl_certificate_key 'immich3757.beelink.server.key';
listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
server_name immich3757.beelink.server;
client_max_body_size 50000M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
send_timeout 600s;
location / {
proxy_pass http://localhost:3001/;
}
}
server {
# touch /etc/nginx/sites-available/nextcloud3757.beelink.server.conf
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/nextcloud3757.beelink.server.key -out /etc/nginx/nextcloud3757.beelink.server.crt -config /etc/nginx/sites-available/nextcloud3757.beelink.server.conf
ssl_certificate 'nextcloud3757.beelink.server.crt';
ssl_certificate_key 'nextcloud3757.beelink.server.key';
listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
server_name nextcloud3757.beelink.server;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8081/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}
server {
# touch /etc/nginx/sites-available/music3757.beelink.server.conf
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/music3757.beelink.server.key -out /etc/nginx/music3757.beelink.server.crt -config /etc/nginx/sites-available/music3757.beelink.server.conf
ssl_certificate 'music3757.beelink.server.crt';
ssl_certificate_key 'music3757.beelink.server.key';
listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
server_name music3757.beelink.server;
root /var/www/html; # /home/syncthing/Loft-5G;
index index.html index.htm index.nginx-debian.html;
location / {
try_files $uri $uri/ =404;
}
}
server {
# touch /etc/nginx/sites-available/photoprism.beelink.server.conf
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/photoprism.beelink.server.key -out /etc/nginx/photoprism.beelink.server.crt -config /etc/nginx/sites-available/photoprism.beelink.server.conf
ssl_certificate 'photoprism.beelink.server.crt';
ssl_certificate_key 'photoprism.beelink.server.key';
listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
server_name photoprism.beelink.server;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:2342/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}
server {
# touch /etc/nginx/sites-available/pi-hole.beelink.server.conf
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/pi-hole.beelink.server.key -out /etc/nginx/pi-hole.beelink.server.crt -config /etc/nginx/sites-available/pi-hole.beelink.server.conf
ssl_certificate 'pi-hole.beelink.server.crt';
ssl_certificate_key 'pi-hole.beelink.server.key';
listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
server_name pi-hole.beelink.server;
location = / {
return 302 https://$host/admin/;
}
location /admin/ {
proxy_pass http://localhost:8005/admin/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
# touch /etc/nginx/sites-available/syncthing3757.beelink.server.conf
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/syncthing3757.beelink.server.key -out /etc/nginx/syncthing3757.beelink.server.crt -config /etc/nginx/sites-available/syncthing3757.beelink.server.conf
ssl_certificate 'syncthing3757.beelink.server.crt';
ssl_certificate_key 'syncthing3757.beelink.server.key';
listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
server_name syncthing3757.beelink.server;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8384/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}
server {
# touch /etc/nginx/sites-available/phares3757.ddns.net.conf
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/phares3757.ddns.net.key -out /etc/nginx/phares3757.ddns.net.crt -config /etc/nginx/sites-available/phares3757.ddns.net.conf
ssl_certificate 'phares3757.ddns.net.crt';
ssl_certificate_key 'phares3757.ddns.net.key';
listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
server_name phares3757.ddns.net;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:80/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}
server {
# touch /etc/nginx/sites-available/dashkiosk.ddns.net.conf
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/dashkiosk.ddns.net.key -out /etc/nginx/dashkiosk.ddns.net.crt -config /etc/nginx/sites-available/dashkiosk.ddns.net.conf
ssl_certificate 'dashkiosk.ddns.net.crt';
ssl_certificate_key 'dashkiosk.ddns.net.key';
listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
server_name dashkiosk.ddns.net;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:9400/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}
server {
# touch /etc/nginx/sites-available/filebrowser.ddns.net.conf
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/filebrowser.ddns.net.key -out /etc/nginx/filebrowser.ddns.net.crt -config /etc/nginx/sites-available/filebrowser.ddns.net.conf
ssl_certificate 'filebrowser.ddns.net.crt';
ssl_certificate_key 'filebrowser.ddns.net.key';
listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
server_name filebrowser.ddns.net;
client_max_body_size 5000m;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8080/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}
server {
# touch /etc/nginx/sites-available/gogs3757.ddns.net.conf
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/gogs3757.ddns.net.key -out /etc/nginx/gogs3757.ddns.net.crt -config /etc/nginx/sites-available/gogs3757.ddns.net.conf
ssl_certificate 'gogs3757.ddns.net.crt';
ssl_certificate_key 'gogs3757.ddns.net.key';
listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
server_name gogs3757.ddns.net;
client_max_body_size 5000m;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:3000/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}
server {
# touch /etc/nginx/sites-available/immich3757.ddns.net.conf
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/immich3757.ddns.net.key -out /etc/nginx/immich3757.ddns.net.crt -config /etc/nginx/sites-available/immich3757.ddns.net.conf
ssl_certificate 'immich3757.ddns.net.crt';
ssl_certificate_key 'immich3757.ddns.net.key';
listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
server_name immich3757.ddns.net;
client_max_body_size 50000M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
send_timeout 600s;
location / {
proxy_pass http://localhost:3001/;
}
}
server {
# touch /etc/nginx/sites-available/nextcloud3757.ddns.net.conf
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/nextcloud3757.ddns.net.key -out /etc/nginx/nextcloud3757.ddns.net.crt -config /etc/nginx/sites-available/nextcloud3757.ddns.net.conf
ssl_certificate 'nextcloud3757.ddns.net.crt';
ssl_certificate_key 'nextcloud3757.ddns.net.key';
listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
server_name nextcloud3757.ddns.net;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8081/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}
server {
# touch /etc/nginx/sites-available/music3757.ddns.net.conf
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/music3757.ddns.net.key -out /etc/nginx/music3757.ddns.net.crt -config /etc/nginx/sites-available/music3757.ddns.net.conf
ssl_certificate 'music3757.ddns.net.crt';
ssl_certificate_key 'music3757.ddns.net.key';
listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
server_name music3757.ddns.net;
root /var/www/html; # /home/syncthing/Loft-5G;
index index.html index.htm index.nginx-debian.html;
location / {
try_files $uri $uri/ =404;
}
}
server {
# touch /etc/nginx/sites-available/photoprism.ddns.net.conf
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/photoprism.ddns.net.key -out /etc/nginx/photoprism.ddns.net.crt -config /etc/nginx/sites-available/photoprism.ddns.net.conf
ssl_certificate 'photoprism.ddns.net.crt';
ssl_certificate_key 'photoprism.ddns.net.key';
listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
server_name photoprism.ddns.net;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:2342/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}
server {
# touch /etc/nginx/sites-available/pi-hole.ddns.net.conf
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/pi-hole.ddns.net.key -out /etc/nginx/pi-hole.ddns.net.crt -config /etc/nginx/sites-available/pi-hole.ddns.net.conf
ssl_certificate 'pi-hole.ddns.net.crt';
ssl_certificate_key 'pi-hole.ddns.net.key';
listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
server_name pi-hole.ddns.net;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8005/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}
server {
# touch /etc/nginx/sites-available/syncthing3757.ddns.net.conf
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/syncthing3757.ddns.net.key -out /etc/nginx/syncthing3757.ddns.net.crt -config /etc/nginx/sites-available/syncthing3757.ddns.net.conf
ssl_certificate 'syncthing3757.ddns.net.crt';
ssl_certificate_key 'syncthing3757.ddns.net.key';
listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
server_name syncthing3757.ddns.net;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8384/;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}
include /etc/nginx/include/affirm.conf;
# include /etc/nginx/include/ansible.conf;
# include /etc/nginx/include/assistant.conf;
# include /etc/nginx/include/casa.conf;
include /etc/nginx/include/codeserver.conf;
include /etc/nginx/include/dashkiosk.conf;
include /etc/nginx/include/dockge.conf;
# include /etc/nginx/include/docmost.conf;
# include /etc/nginx/include/emby.conf;
# include /etc/nginx/include/filebrowser.conf;
# include /etc/nginx/include/gogs.conf;
include /etc/nginx/include/gitea.conf;
include /etc/nginx/include/immich.conf;
include /etc/nginx/include/incus.conf;
# include /etc/nginx/include/invoice.conf;
include /etc/nginx/include/lxconsole.conf;
include /etc/nginx/include/kestra.conf;
include /etc/nginx/include/music.conf;
# include /etc/nginx/include/nextcloud.conf;
# include /etc/nginx/include/owncast.conf;
include /etc/nginx/include/phares.conf;
# include /etc/nginx/include/photoprism.conf;
# include /etc/nginx/include/pihole.conf;
# include /etc/nginx/include/proxmox.conf;
include /etc/nginx/include/quartz.conf;
# include /etc/nginx/include/readeck.conf;
# include /etc/nginx/include/syncthing.conf;
# include /etc/nginx/include/terraform.conf;
# include /etc/nginx/include/uptimekuma.conf;
include /etc/nginx/include/vaultwarden.conf;
# include /etc/nginx/include/vscodium.conf;
# include /etc/nginx/include/wekan.conf;

32
etc/nginx/sites-available/filebrowser.beelink.server.conf
View File

@ -1,32 +0,0 @@
[req]
default_bits = 2048
default_keyfile = filebrowser.beelink.server.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Arizona
localityName = Locality Name (eg, city)
localityName_default = Anthem
organizationName = Organization Name (eg, company)
organizationName_default = Phares
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = filebrowser.beelink.server
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = filebrowser.beelink.server
DNS.10 = localhost
DNS.11 = 127.0.0.1

32
etc/nginx/sites-available/filebrowser.ddns.net.conf
View File

@ -1,32 +0,0 @@
[req]
default_bits = 2048
default_keyfile = filebrowser.ddns.net.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Arizona
localityName = Locality Name (eg, city)
localityName_default = Anthem
organizationName = Organization Name (eg, company)
organizationName_default = Phares
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = filebrowser.ddns.net
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = filebrowser.ddns.net
DNS.10 = localhost
DNS.11 = 127.0.0.1

32
etc/nginx/sites-available/gogs3757.beelink.server.conf
View File

@ -1,32 +0,0 @@
[req]
default_bits = 2048
default_keyfile = gogs3757.beelink.server.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Arizona
localityName = Locality Name (eg, city)
localityName_default = Anthem
organizationName = Organization Name (eg, company)
organizationName_default = Phares
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = gogs3757.beelink.server
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = gogs3757.beelink.server
DNS.10 = localhost
DNS.11 = 127.0.0.1

32
etc/nginx/sites-available/gogs3757.ddns.net.conf
View File

@ -1,32 +0,0 @@
[req]
default_bits = 2048
default_keyfile = gogs3757.ddns.net.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Arizona
localityName = Locality Name (eg, city)
localityName_default = Anthem
organizationName = Organization Name (eg, company)
organizationName_default = Phares
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = gogs3757.ddns.net
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = gogs3757.ddns.net
DNS.10 = localhost
DNS.11 = 127.0.0.1

32
etc/nginx/sites-available/immich3757.beelink.server.conf
View File

@ -1,32 +0,0 @@
[req]
default_bits = 2048
default_keyfile = immich3757.beelink.server.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Arizona
localityName = Locality Name (eg, city)
localityName_default = Anthem
organizationName = Organization Name (eg, company)
organizationName_default = Phares
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = immich3757.beelink.server
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = immich3757.beelink.server
DNS.10 = localhost
DNS.11 = 127.0.0.1

32
etc/nginx/sites-available/immich3757.ddns.net.conf
View File

@ -1,32 +0,0 @@
[req]
default_bits = 2048
default_keyfile = immich3757.ddns.net.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Arizona
localityName = Locality Name (eg, city)
localityName_default = Anthem
organizationName = Organization Name (eg, company)
organizationName_default = Phares
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = immich3757.ddns.net
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = immich3757.ddns.net
DNS.10 = localhost
DNS.11 = 127.0.0.1

32
etc/nginx/sites-available/music3757.beelink.server.conf
View File

@ -1,32 +0,0 @@
[req]
default_bits = 2048
default_keyfile = music3757.beelink.server.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Arizona
localityName = Locality Name (eg, city)
localityName_default = Anthem
organizationName = Organization Name (eg, company)
organizationName_default = Phares
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = music3757.beelink.server
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = music3757.beelink.server
DNS.10 = localhost
DNS.11 = 127.0.0.1

32
etc/nginx/sites-available/music3757.ddns.net.conf
View File

@ -1,32 +0,0 @@
[req]
default_bits = 2048
default_keyfile = music3757.ddns.net.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Arizona
localityName = Locality Name (eg, city)
localityName_default = Anthem
organizationName = Organization Name (eg, company)
organizationName_default = Phares
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = music3757.ddns.net
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = music3757.ddns.net
DNS.10 = localhost
DNS.11 = 127.0.0.1

32
etc/nginx/sites-available/nextcloud3757.beelink.server.conf
View File

@ -1,32 +0,0 @@
[req]
default_bits = 2048
default_keyfile = nextcloud3757.beelink.server.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Arizona
localityName = Locality Name (eg, city)
localityName_default = Anthem
organizationName = Organization Name (eg, company)
organizationName_default = Phares
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = nextcloud3757.beelink.server
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = nextcloud3757.beelink.server
DNS.10 = localhost
DNS.11 = 127.0.0.1

32
etc/nginx/sites-available/nextcloud3757.ddns.net.conf
View File

@ -1,32 +0,0 @@
[req]
default_bits = 2048
default_keyfile = nextcloud3757.ddns.net.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Arizona
localityName = Locality Name (eg, city)
localityName_default = Anthem
organizationName = Organization Name (eg, company)
organizationName_default = Phares
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = nextcloud3757.ddns.net
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = nextcloud3757.ddns.net
DNS.10 = localhost
DNS.11 = 127.0.0.1

32
etc/nginx/sites-available/phares3757.beelink.server.conf
View File

@ -1,32 +0,0 @@
[req]
default_bits = 2048
default_keyfile = phares3757.beelink.server.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Arizona
localityName = Locality Name (eg, city)
localityName_default = Anthem
organizationName = Organization Name (eg, company)
organizationName_default = Phares
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = phares3757.beelink.server
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = phares3757.beelink.server
DNS.10 = localhost
DNS.11 = 127.0.0.1

32
etc/nginx/sites-available/phares3757.ddns.net.conf
View File

@ -1,32 +0,0 @@
[req]
default_bits = 2048
default_keyfile = phares3757.ddns.net.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Arizona
localityName = Locality Name (eg, city)
localityName_default = Anthem
organizationName = Organization Name (eg, company)
organizationName_default = Phares
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = phares3757.ddns.net
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = phares3757.ddns.net
DNS.10 = localhost
DNS.11 = 127.0.0.1

32
etc/nginx/sites-available/photoprism.beelink.server.conf
View File

@ -1,32 +0,0 @@
[req]
default_bits = 2048
default_keyfile = photoprism.beelink.server.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Arizona
localityName = Locality Name (eg, city)
localityName_default = Anthem
organizationName = Organization Name (eg, company)
organizationName_default = Phares
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = photoprism.beelink.server
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = photoprism.beelink.server
DNS.10 = localhost
DNS.11 = 127.0.0.1

32
etc/nginx/sites-available/photoprism.ddns.net.conf
View File

@ -1,32 +0,0 @@
[req]
default_bits = 2048
default_keyfile = photoprism.ddns.net.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Arizona
localityName = Locality Name (eg, city)
localityName_default = Anthem
organizationName = Organization Name (eg, company)
organizationName_default = Phares
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = photoprism.ddns.net
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = photoprism.ddns.net
DNS.10 = localhost
DNS.11 = 127.0.0.1

32
etc/nginx/sites-available/pi-hole.beelink.server.conf
View File

@ -1,32 +0,0 @@
[req]
default_bits = 2048
default_keyfile = pi-hole.beelink.server.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Arizona
localityName = Locality Name (eg, city)
localityName_default = Anthem
organizationName = Organization Name (eg, company)
organizationName_default = Phares
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = pi-hole.beelink.server
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = pi-hole.beelink.server
DNS.10 = localhost
DNS.11 = 127.0.0.1

32
etc/nginx/sites-available/pi-hole.ddns.net.conf
View File

@ -1,32 +0,0 @@
[req]
default_bits = 2048
default_keyfile = pi-hole.ddns.net.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Arizona
localityName = Locality Name (eg, city)
localityName_default = Anthem
organizationName = Organization Name (eg, company)
organizationName_default = Phares
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = pi-hole.ddns.net
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = pi-hole.ddns.net
DNS.10 = localhost
DNS.11 = 127.0.0.1

32
etc/nginx/sites-available/syncthing3757.beelink.server.conf
View File

@ -1,32 +0,0 @@
[req]
default_bits = 2048
default_keyfile = syncthing3757.beelink.server.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Arizona
localityName = Locality Name (eg, city)
localityName_default = Anthem
organizationName = Organization Name (eg, company)
organizationName_default = Phares
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = syncthing3757.beelink.server
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = syncthing3757.beelink.server
DNS.10 = localhost
DNS.11 = 127.0.0.1

32
etc/nginx/sites-available/syncthing3757.ddns.net.conf
View File

@ -1,32 +0,0 @@
[req]
default_bits = 2048
default_keyfile = syncthing3757.ddns.net.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Arizona
localityName = Locality Name (eg, city)
localityName_default = Anthem
organizationName = Organization Name (eg, company)
organizationName_default = Phares
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = syncthing3757.ddns.net
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = syncthing3757.ddns.net
DNS.10 = localhost
DNS.11 = 127.0.0.1

27
etc/passwd
View File

@ -19,15 +19,20 @@ nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-network:x:998:998:systemd Network Management:/:/usr/sbin/nologin
systemd-timesync:x:997:997:systemd Time Synchronization:/:/usr/sbin/nologin
dhcpcd:x:100:65534:DHCP Client Daemon,,,:/usr/lib/dhcpcd:/bin/false
messagebus:x:101:106::/nonexistent:/usr/sbin/nologin
systemd-resolve:x:996:996:systemd Resolver:/:/usr/sbin/nologin
messagebus:x:101:102::/nonexistent:/usr/sbin/nologin
systemd-resolve:x:992:992:systemd Resolver:/:/usr/sbin/nologin
pollinate:x:102:1::/var/cache/pollinate:/bin/false
polkitd:x:995:995:polkit:/nonexistent:/usr/sbin/nologin
usbmux:x:103:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
sshd:x:104:65534::/run/sshd:/usr/sbin/nologin
mike:x:1000:1000:Mike Phares:/home/mike:/bin/bash
lphares:x:1002:1002:Logan Phares,,,:/home/lphares:/bin/bash
bmiller:x:1003:1003:Bill Miller,,,:/home/bmiller:/bin/bash
gogs:x:1004:1004:gogs,,,:/home/gogs:/bin/bash
snapd-range-524288-root:x:524288:524288::/nonexistent:/usr/bin/false
snap_daemon:x:584788:584788::/nonexistent:/usr/bin/false
polkitd:x:991:991:User for polkitd:/:/usr/sbin/nologin
syslog:x:103:104::/nonexistent:/usr/sbin/nologin
uuidd:x:104:105::/run/uuidd:/usr/sbin/nologin
tcpdump:x:105:107::/nonexistent:/usr/sbin/nologin
tss:x:106:108:TPM software stack,,,:/var/lib/tpm:/bin/false
landscape:x:107:109::/var/lib/landscape:/usr/sbin/nologin
fwupd-refresh:x:989:989:Firmware update daemon:/var/lib/fwupd:/usr/sbin/nologin
usbmux:x:108:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
sshd:x:109:65534::/run/sshd:/usr/sbin/nologin
phares:x:1000:1000:Mike Phares:/home/phares:/bin/bash
lphares:x:1001:1001:Logan Phares,,,:/home/lphares:/bin/bash
bmiller:x:1002:1002:Bill Miller,,,:/home/bmiller:/bin/bash
pihole:x:999:1003::/home/pihole:/usr/sbin/nologin
unbound:x:110:111::/var/lib/unbound:/usr/sbin/nologin

25
etc/passwd-
View File

@ -19,14 +19,19 @@ nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-network:x:998:998:systemd Network Management:/:/usr/sbin/nologin
systemd-timesync:x:997:997:systemd Time Synchronization:/:/usr/sbin/nologin
dhcpcd:x:100:65534:DHCP Client Daemon,,,:/usr/lib/dhcpcd:/bin/false
messagebus:x:101:106::/nonexistent:/usr/sbin/nologin
systemd-resolve:x:996:996:systemd Resolver:/:/usr/sbin/nologin
messagebus:x:101:102::/nonexistent:/usr/sbin/nologin
systemd-resolve:x:992:992:systemd Resolver:/:/usr/sbin/nologin
pollinate:x:102:1::/var/cache/pollinate:/bin/false
polkitd:x:995:995:polkit:/nonexistent:/usr/sbin/nologin
usbmux:x:103:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
sshd:x:104:65534::/run/sshd:/usr/sbin/nologin
mike:x:1000:1000:Mike Phares:/home/mike:/bin/bash
lphares:x:1002:1002:Logan Phares,,,:/home/lphares:/bin/bash
bmiller:x:1003:1003:Bill Miller,,,:/home/bmiller:/bin/bash
gogs:x:1004:1004:gogs,,,:/home/gogs:/bin/bash
snapd-range-524288-root:x:524288:524288::/nonexistent:/usr/bin/false
polkitd:x:991:991:User for polkitd:/:/usr/sbin/nologin
syslog:x:103:104::/nonexistent:/usr/sbin/nologin
uuidd:x:104:105::/run/uuidd:/usr/sbin/nologin
tcpdump:x:105:107::/nonexistent:/usr/sbin/nologin
tss:x:106:108:TPM software stack,,,:/var/lib/tpm:/bin/false
landscape:x:107:109::/var/lib/landscape:/usr/sbin/nologin
fwupd-refresh:x:989:989:Firmware update daemon:/var/lib/fwupd:/usr/sbin/nologin
usbmux:x:108:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
sshd:x:109:65534::/run/sshd:/usr/sbin/nologin
phares:x:1000:1000:Mike Phares:/home/phares:/bin/bash
lphares:x:1001:1001:Logan Phares,,,:/home/lphares:/bin/bash
bmiller:x:1002:1002:Bill Miller,,,:/home/bmiller:/bin/bash
pihole:x:999:1003::/home/pihole:/usr/sbin/nologin

0
etc/pihole/dhcp.leases Normal file
View File

14
etc/pihole/setupVars.conf Normal file
View File

@ -0,0 +1,14 @@
PIHOLE_INTERFACE=enp2s0
QUERY_LOGGING=true
INSTALL_WEB_SERVER=true
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=true
CACHE_SIZE=10000
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSMASQ_LISTENING=local
WEBPASSWORD=4f2f4f253d64a90315c0ace8a61b6b6e828f8d8d996b0a0b0e153230617bedd3
BLOCKING_ENABLED=true
PIHOLE_DNS_1=127.0.0.1#5335
DNSSEC=false
REV_SERVER=false

71
etc/shadow
View File

@ -1,33 +1,38 @@
root:*:19641:0:99999:7:::
daemon:*:19641:0:99999:7:::
bin:*:19641:0:99999:7:::
sys:*:19641:0:99999:7:::
sync:*:19641:0:99999:7:::
games:*:19641:0:99999:7:::
man:*:19641:0:99999:7:::
lp:*:19641:0:99999:7:::
mail:*:19641:0:99999:7:::
news:*:19641:0:99999:7:::
uucp:*:19641:0:99999:7:::
proxy:*:19641:0:99999:7:::
www-data:*:19641:0:99999:7:::
backup:*:19641:0:99999:7:::
list:*:19641:0:99999:7:::
irc:*:19641:0:99999:7:::
_apt:*:19641:0:99999:7:::
nobody:*:19641:0:99999:7:::
systemd-network:!*:19641::::::
systemd-timesync:!*:19641::::::
dhcpcd:!:19641::::::
messagebus:!:19641::::::
systemd-resolve:!*:19641::::::
pollinate:!:19641::::::
polkitd:!*:19641::::::
usbmux:!:19834::::::
sshd:!:19834::::::
mike:$6$QRbDvWDeiwqDRfuu$krk4b6ITBDmi/CMIWLAQdBfYmZXzMSbsrzyhEkrIfCC7wLK6mZZ3E7jn1OReEgFTxtx.oVibHh.l5U3jpskZo/:19834:0:99999:7:::
lphares:$y$j9T$PuVm73wgRxF7.efV0ZbNC/$IjHAHZzMBNr9YPbxF9T0jNhAf0CrHkb3tqmXNKmJWEC:19835:0:99999:7:::
bmiller:$y$j9T$98wrMjOMoquxT8z19JnsA.$UVr695OobiLESI/H028IMhVHOoKsZzdfyrhCMr3fp1.:19835:0:99999:7:::
gogs:$y$j9T$pSEx/jhTuuaKMUAMExHgk/$.ELBs7.03JbQvvYMEHsM4oWddabw673rythGqgp2eE3:19835:0:99999:7:::
snapd-range-524288-root:!:19860::::::
snap_daemon:!:19860::::::
root:*:19836:0:99999:7:::
daemon:*:19836:0:99999:7:::
bin:*:19836:0:99999:7:::
sys:*:19836:0:99999:7:::
sync:*:19836:0:99999:7:::
games:*:19836:0:99999:7:::
man:*:19836:0:99999:7:::
lp:*:19836:0:99999:7:::
mail:*:19836:0:99999:7:::
news:*:19836:0:99999:7:::
uucp:*:19836:0:99999:7:::
proxy:*:19836:0:99999:7:::
www-data:*:19836:0:99999:7:::
backup:*:19836:0:99999:7:::
list:*:19836:0:99999:7:::
irc:*:19836:0:99999:7:::
_apt:*:19836:0:99999:7:::
nobody:*:19836:0:99999:7:::
systemd-network:!*:19836::::::
systemd-timesync:!*:19836::::::
dhcpcd:!:19836::::::
messagebus:!:19836::::::
systemd-resolve:!*:19836::::::
pollinate:!:19836::::::
polkitd:!*:19836::::::
syslog:!:19836::::::
uuidd:!:19836::::::
tcpdump:!:19836::::::
tss:!:19836::::::
landscape:!:19836::::::
fwupd-refresh:!*:19836::::::
usbmux:!:19927::::::
sshd:!:19927::::::
phares:$6$LmgqfVuKR4/5T6by$yxaJ71xy0Exf7laLI6OMkgqabo5r8bzlFPZekwuGRYO8JJMH2tKeTD2W1JOVD0X2pgL5Ob73xB45Vl/lIGYsO.:19927:0:99999:7:::
lphares:$y$j9T$bai9Rz4yLf4MoGt4s6iJB/$rzofcXaHGl0hmnnx1gZwsF4/IoTkcJRA2MX.Tc3E6l6:19927:0:99999:7:::
bmiller:$y$j9T$xqZANIbaE1MCQCukITvTr0$d55.kptZwaAVL4uPmeYm2cygatWo5NG5LW8V833OST1:19927:0:99999:7:::
pihole:!:19927::::::
unbound:!:19927::::::

69
etc/shadow-
View File

@ -1,32 +1,37 @@
root:*:19641:0:99999:7:::
daemon:*:19641:0:99999:7:::
bin:*:19641:0:99999:7:::
sys:*:19641:0:99999:7:::
sync:*:19641:0:99999:7:::
games:*:19641:0:99999:7:::
man:*:19641:0:99999:7:::
lp:*:19641:0:99999:7:::
mail:*:19641:0:99999:7:::
news:*:19641:0:99999:7:::
uucp:*:19641:0:99999:7:::
proxy:*:19641:0:99999:7:::
www-data:*:19641:0:99999:7:::
backup:*:19641:0:99999:7:::
list:*:19641:0:99999:7:::
irc:*:19641:0:99999:7:::
_apt:*:19641:0:99999:7:::
nobody:*:19641:0:99999:7:::
systemd-network:!*:19641::::::
systemd-timesync:!*:19641::::::
dhcpcd:!:19641::::::
messagebus:!:19641::::::
systemd-resolve:!*:19641::::::
pollinate:!:19641::::::
polkitd:!*:19641::::::
usbmux:!:19834::::::
sshd:!:19834::::::
mike:$6$QRbDvWDeiwqDRfuu$krk4b6ITBDmi/CMIWLAQdBfYmZXzMSbsrzyhEkrIfCC7wLK6mZZ3E7jn1OReEgFTxtx.oVibHh.l5U3jpskZo/:19834:0:99999:7:::
lphares:$y$j9T$PuVm73wgRxF7.efV0ZbNC/$IjHAHZzMBNr9YPbxF9T0jNhAf0CrHkb3tqmXNKmJWEC:19835:0:99999:7:::
bmiller:$y$j9T$98wrMjOMoquxT8z19JnsA.$UVr695OobiLESI/H028IMhVHOoKsZzdfyrhCMr3fp1.:19835:0:99999:7:::
gogs:$y$j9T$pSEx/jhTuuaKMUAMExHgk/$.ELBs7.03JbQvvYMEHsM4oWddabw673rythGqgp2eE3:19835:0:99999:7:::
snapd-range-524288-root:!:19860::::::
root:*:19836:0:99999:7:::
daemon:*:19836:0:99999:7:::
bin:*:19836:0:99999:7:::
sys:*:19836:0:99999:7:::
sync:*:19836:0:99999:7:::
games:*:19836:0:99999:7:::
man:*:19836:0:99999:7:::
lp:*:19836:0:99999:7:::
mail:*:19836:0:99999:7:::
news:*:19836:0:99999:7:::
uucp:*:19836:0:99999:7:::
proxy:*:19836:0:99999:7:::
www-data:*:19836:0:99999:7:::
backup:*:19836:0:99999:7:::
list:*:19836:0:99999:7:::
irc:*:19836:0:99999:7:::
_apt:*:19836:0:99999:7:::
nobody:*:19836:0:99999:7:::
systemd-network:!*:19836::::::
systemd-timesync:!*:19836::::::
dhcpcd:!:19836::::::
messagebus:!:19836::::::
systemd-resolve:!*:19836::::::
pollinate:!:19836::::::
polkitd:!*:19836::::::
syslog:!:19836::::::
uuidd:!:19836::::::
tcpdump:!:19836::::::
tss:!:19836::::::
landscape:!:19836::::::
fwupd-refresh:!*:19836::::::
usbmux:!:19927::::::
sshd:!:19927::::::
phares:$6$LmgqfVuKR4/5T6by$yxaJ71xy0Exf7laLI6OMkgqabo5r8bzlFPZekwuGRYO8JJMH2tKeTD2W1JOVD0X2pgL5Ob73xB45Vl/lIGYsO.:19927:0:99999:7:::
lphares:$y$j9T$bai9Rz4yLf4MoGt4s6iJB/$rzofcXaHGl0hmnnx1gZwsF4/IoTkcJRA2MX.Tc3E6l6:19927:0:99999:7:::
bmiller:$y$j9T$xqZANIbaE1MCQCukITvTr0$d55.kptZwaAVL4uPmeYm2cygatWo5NG5LW8V833OST1:19927:0:99999:7:::
pihole:!:19927::::::

6
etc/sysctl.conf
View File

@ -42,7 +42,7 @@
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
#net.ipv4.conf.default.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
@ -51,10 +51,6 @@
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#

11
etc/systemd/resolved.conf
View File

@ -6,9 +6,11 @@
# any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file, or by creating "drop-ins" in
# the resolved.conf.d/ subdirectory. The latter is generally recommended.
# Defaults can be restored by simply deleting this file and all drop-ins.
# should be created by either modifying this file (or a copy of it placed in
# /etc/ if the original file is shipped in /usr/), or by creating "drop-ins" in
# the /etc/systemd/resolved.conf.d/ directory. The latter is generally
# recommended. Defaults can be restored by simply deleting the main
# configuration file and all drop-ins located in /etc/.
#
# Use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.
#
@ -28,7 +30,8 @@
#LLMNR=no
#Cache=no-negative
#CacheFromLocalhost=no
#DNSStubListener=yes
DNSStubListener=no
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no
#StaleRetentionSec=0

30
etc/systemd/system/gogs-daemon.service
View File

@ -1,30 +0,0 @@
[Unit]
Description=Gogs
After=syslog.target
After=network.target
[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
#LimitMEMLOCK=infinity
#LimitNOFILE=65535
Type=simple
User=gogs
Group=gogs
WorkingDirectory=/home/gogs/gogs
ExecStart=/home/gogs/gogs/gogs web
Restart=always
Environment=USER=gogs HOME=/home/gogs
# Some distributions may not support these hardening directives
# If you cannot start the service due
# to an unknown option, comment out the ones not supported by your version of systemd.
ProtectSystem=full
PrivateDevices=yes
PrivateTmp=yes
NoNewPrivileges=true
[Install]
WantedBy=multi-user.target

16
etc/systemd/system/snap.certbot.renew.service Normal file
View File

@ -0,0 +1,16 @@
[Unit]
# Auto-generated, DO NOT EDIT
Description=Service for snap application certbot.renew
Requires=snap-certbot-3834.mount
Wants=network.target
After=snap-certbot-3834.mount network.target snapd.apparmor.service
X-Snappy=yes
[Service]
EnvironmentFile=-/etc/environment
ExecStart=/usr/bin/snap run --timer="00:00~24:00/2" certbot.renew
SyslogIdentifier=certbot.renew
Restart=no
WorkingDirectory=/var/snap/certbot/3834
TimeoutStopSec=30
Type=oneshot

14
etc/systemd/system/snap.certbot.renew.timer Normal file
View File

@ -0,0 +1,14 @@
[Unit]
# Auto-generated, DO NOT EDIT
Description=Timer renew for snap application certbot.renew
Requires=snap-certbot-3834.mount
After=snap-certbot-3834.mount
X-Snappy=yes
[Timer]
Unit=snap.certbot.renew.service
OnCalendar=*-*-* 03:24
OnCalendar=*-*-* 20:15
[Install]
WantedBy=timers.target

17
etc/systemd/system/snap.immich-distribution.acme.service
View File

@ -1,17 +0,0 @@
[Unit]
# Auto-generated, DO NOT EDIT
Description=Service for snap application immich-distribution.acme
Requires=snap-immich\x2ddistribution-131.mount
Wants=network.target
After=snap-immich\x2ddistribution-131.mount network.target snapd.apparmor.service
X-Snappy=yes
[Service]
EnvironmentFile=-/etc/environment
ExecStart=/usr/bin/snap run --timer="00:00-24:00/2" immich-distribution.acme
SyslogIdentifier=immich-distribution.acme
Restart=on-failure
RestartSec=60
WorkingDirectory=/var/snap/immich-distribution/131
TimeoutStopSec=30
Type=simple

14
etc/systemd/system/snap.immich-distribution.acme.timer
View File

@ -1,14 +0,0 @@
[Unit]
# Auto-generated, DO NOT EDIT
Description=Timer acme for snap application immich-distribution.acme
Requires=snap-immich\x2ddistribution-131.mount
After=snap-immich\x2ddistribution-131.mount
X-Snappy=yes
[Timer]
Unit=snap.immich-distribution.acme.service
OnCalendar=*-*-* 00:00
OnCalendar=*-*-* 12:00
[Install]
WantedBy=timers.target

19
etc/systemd/system/snap.immich-distribution.haproxy.service
View File

@ -1,19 +0,0 @@
[Unit]
# Auto-generated, DO NOT EDIT
Description=Service for snap application immich-distribution.haproxy
Requires=snap-immich\x2ddistribution-131.mount
Wants=network.target
After=snap-immich\x2ddistribution-131.mount network.target snapd.apparmor.service
X-Snappy=yes
[Service]
EnvironmentFile=-/etc/environment
ExecStart=/usr/bin/snap run immich-distribution.haproxy
SyslogIdentifier=immich-distribution.haproxy
Restart=on-failure
WorkingDirectory=/var/snap/immich-distribution/131
TimeoutStopSec=30
Type=simple
[Install]
WantedBy=multi-user.target

19
etc/systemd/system/snap.immich-distribution.immich-machine-learning.service
View File

@ -1,19 +0,0 @@
[Unit]
# Auto-generated, DO NOT EDIT
Description=Service for snap application immich-distribution.immich-machine-learning
Requires=snap-immich\x2ddistribution-131.mount
Wants=network.target
After=snap-immich\x2ddistribution-131.mount network.target snapd.apparmor.service
X-Snappy=yes
[Service]
EnvironmentFile=-/etc/environment
ExecStart=/usr/bin/snap run immich-distribution.immich-machine-learning
SyslogIdentifier=immich-distribution.immich-machine-learning
Restart=on-failure
WorkingDirectory=/var/snap/immich-distribution/131
TimeoutStopSec=30
Type=simple
[Install]
WantedBy=multi-user.target

20
etc/systemd/system/snap.immich-distribution.immich-microservices.service
View File

@ -1,20 +0,0 @@
[Unit]
# Auto-generated, DO NOT EDIT
Description=Service for snap application immich-distribution.immich-microservices
Requires=snap-immich\x2ddistribution-131.mount
Wants=network.target
After=snap-immich\x2ddistribution-131.mount network.target snap.immich-distribution.redis-server.service snap.immich-distribution.postgres.service snap.immich-distribution.immich-server.service snapd.apparmor.service
X-Snappy=yes
[Service]
EnvironmentFile=-/etc/environment
ExecStart=/usr/bin/snap run immich-distribution.immich-microservices
SyslogIdentifier=immich-distribution.immich-microservices
Restart=on-failure
RestartSec=10
WorkingDirectory=/var/snap/immich-distribution/131
TimeoutStopSec=30
Type=simple
[Install]
WantedBy=multi-user.target

20
etc/systemd/system/snap.immich-distribution.immich-server.service
View File

@ -1,20 +0,0 @@
[Unit]
# Auto-generated, DO NOT EDIT
Description=Service for snap application immich-distribution.immich-server
Requires=snap-immich\x2ddistribution-131.mount
Wants=network.target
After=snap-immich\x2ddistribution-131.mount network.target snap.immich-distribution.redis-server.service snap.immich-distribution.postgres.service snapd.apparmor.service
X-Snappy=yes
[Service]
EnvironmentFile=-/etc/environment
ExecStart=/usr/bin/snap run immich-distribution.immich-server
SyslogIdentifier=immich-distribution.immich-server
Restart=on-failure
RestartSec=10
WorkingDirectory=/var/snap/immich-distribution/131
TimeoutStopSec=30
Type=simple
[Install]
WantedBy=multi-user.target

20
etc/systemd/system/snap.immich-distribution.manager.service
View File

@ -1,20 +0,0 @@
[Unit]
# Auto-generated, DO NOT EDIT
Description=Service for snap application immich-distribution.manager
Requires=snap-immich\x2ddistribution-131.mount
Wants=network.target
After=snap-immich\x2ddistribution-131.mount network.target snap.immich-distribution.immich-server.service snap.immich-distribution.immich-microservices.service snapd.apparmor.service
X-Snappy=yes
[Service]
EnvironmentFile=-/etc/environment
ExecStart=/usr/bin/snap run immich-distribution.manager
SyslogIdentifier=immich-distribution.manager
Restart=on-failure
RestartSec=60
WorkingDirectory=/var/snap/immich-distribution/131
TimeoutStopSec=30
Type=simple
[Install]
WantedBy=multi-user.target

20
etc/systemd/system/snap.immich-distribution.postgres.service
View File

@ -1,20 +0,0 @@
[Unit]
# Auto-generated, DO NOT EDIT
Description=Service for snap application immich-distribution.postgres
Requires=snap-immich\x2ddistribution-131.mount
Wants=network.target
After=snap-immich\x2ddistribution-131.mount network.target snapd.apparmor.service
X-Snappy=yes
[Service]
EnvironmentFile=-/etc/environment
ExecStart=/usr/bin/snap run immich-distribution.postgres
SyslogIdentifier=immich-distribution.postgres
Restart=on-failure
RestartSec=10
WorkingDirectory=/var/snap/immich-distribution/131
TimeoutStopSec=30
Type=simple
[Install]
WantedBy=multi-user.target

20
etc/systemd/system/snap.immich-distribution.redis-server.service
View File

@ -1,20 +0,0 @@
[Unit]
# Auto-generated, DO NOT EDIT
Description=Service for snap application immich-distribution.redis-server
Requires=snap-immich\x2ddistribution-131.mount
Wants=network.target
After=snap-immich\x2ddistribution-131.mount network.target snapd.apparmor.service
X-Snappy=yes
[Service]
EnvironmentFile=-/etc/environment
ExecStart=/usr/bin/snap run immich-distribution.redis-server
SyslogIdentifier=immich-distribution.redis-server
Restart=on-failure
RestartSec=10
WorkingDirectory=/var/snap/immich-distribution/131
TimeoutStopSec=30
Type=simple
[Install]
WantedBy=multi-user.target

20
etc/systemd/system/snap.immich-distribution.sync-service.service
View File

@ -1,20 +0,0 @@
[Unit]
# Auto-generated, DO NOT EDIT
Description=Service for snap application immich-distribution.sync-service
Requires=snap-immich\x2ddistribution-131.mount
Wants=network.target
After=snap-immich\x2ddistribution-131.mount network.target snap.immich-distribution.immich-server.service snapd.apparmor.service
X-Snappy=yes
[Service]
EnvironmentFile=-/etc/environment
ExecStart=/usr/bin/snap run immich-distribution.sync-service
SyslogIdentifier=immich-distribution.sync-service
Restart=on-failure
RestartSec=10
WorkingDirectory=/var/snap/immich-distribution/131
TimeoutStopSec=30
Type=simple
[Install]
WantedBy=multi-user.target

6
etc/systemd/system/snap.ubuntu-frame.daemon.service
View File

@ -1,9 +1,9 @@
[Unit]
# Auto-generated, DO NOT EDIT
Description=Service for snap application ubuntu-frame.daemon
Requires=snap-ubuntu\x2dframe-9120.mount
Requires=snap-ubuntu\x2dframe-9750.mount
Wants=network.target
After=snap-ubuntu\x2dframe-9120.mount network.target snapd.apparmor.service
After=snap-ubuntu\x2dframe-9750.mount network.target snapd.apparmor.service
X-Snappy=yes
[Service]
@ -12,7 +12,7 @@ ExecStart=/usr/bin/snap run ubuntu-frame.daemon
SyslogIdentifier=ubuntu-frame.daemon
Restart=on-failure
RestartSec=3
WorkingDirectory=/var/snap/ubuntu-frame/9120
WorkingDirectory=/var/snap/ubuntu-frame/9750
TimeoutStopSec=30
Type=simple

10
etc/unbound/unbound.conf Normal file
View File

@ -0,0 +1,10 @@
# Unbound configuration file for Debian.
#
# See the unbound.conf(5) man page.
#
# See /usr/share/doc/unbound/examples/unbound.conf for a commented
# reference config file.
#
# The following line includes additional configuration files from the
# /etc/unbound/unbound.conf.d directory.
include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"

66
etc/unbound/unbound.conf.d/pi-hole.conf Normal file
View File

@ -0,0 +1,66 @@
server:
# If no logfile is specified, syslog is used
# logfile: "/var/log/unbound/unbound.log"
verbosity: 0
interface: 127.0.0.1
port: 5335
do-ip4: yes
do-udp: yes
do-tcp: yes
# May be set to yes if you have IPv6 connectivity
do-ip6: no
# You want to leave this to no unless you have *native* IPv6. With 6to4 and
# Terredo tunnels your web browser should favor IPv4 for the same reasons
prefer-ip6: no
# Use this only when you downloaded the list of primary root servers!
# If you use the default dns-root-data package, unbound will find it automatically
#root-hints: "/var/lib/unbound/root.hints"
# Trust glue only if it is within the server's authority
harden-glue: yes
# Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
harden-dnssec-stripped: yes
# Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
# see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
use-caps-for-id: no
# Reduce EDNS reassembly buffer size.
# IP fragmentation is unreliable on the Internet today, and can cause
# transmission failures when large DNS messages are sent via UDP. Even
# when fragmentation does work, it may not be secure; it is theoretically
# possible to spoof parts of a fragmented DNS message, without easy
# detection at the receiving end. Recently, there was an excellent study
# >>> Defragmenting DNS - Determining the optimal maximum UDP response size for DNS <<<
# by Axel Koolhaas, and Tjeerd Slokker (https://indico.dns-oarc.net/event/36/contributions/776/)
# in collaboration with NLnet Labs explored DNS using real world data from the
# the RIPE Atlas probes and the researchers suggested different values for
# IPv4 and IPv6 and in different scenarios. They advise that servers should
# be configured to limit DNS messages sent over UDP to a size that will not
# trigger fragmentation on typical network links. DNS servers can switch
# from UDP to TCP when a DNS response is too big to fit in this limited
# buffer size. This value has also been suggested in DNS Flag Day 2020.
edns-buffer-size: 1232
# Perform prefetching of close to expired message cache entries
# This only applies to domains that have been frequently queried
prefetch: yes
# One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
num-threads: 1
# Ensure kernel buffer is large enough to not lose messages in traffic spikes
so-rcvbuf: 1m
# Ensure privacy of local IP ranges
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-address: fd00::/8
private-address: fe80::/10