diff --git a/.gitignore b/.gitignore index ed5c0cc..858cdd9 100644 --- a/.gitignore +++ b/.gitignore @@ -43,6 +43,7 @@ !etc/dnsmasq.d/* !etc/fstab/* !etc/netplan/* +!etc/nginx/include/* !etc/nginx/sites-available/* !etc/mysql/mariadb.conf.d/* !etc/php/* @@ -52,6 +53,7 @@ !etc/letsencrypt/**/* !opt/copy/**/* +!opt/dockge/**/*.yaml !root/**/*container !home/podman/**/*volume diff --git a/.vscode/settings.json b/.vscode/settings.json index 0f57c45..b100527 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -3,5 +3,15 @@ "*.container": "ini", "*.org": "ini", "*.net": "ini" - } + }, + "cSpell.words": [ + "ASPNETCORE", + "duckdns", + "gitea", + "immich", + "journalctl", + "localtime", + "phares", + "usersecrets" + ] } \ No newline at end of file diff --git a/etc/bash_history_2024-11-10.txt b/etc/bash_history_2024-11-10.txt new file mode 100644 index 0000000..2cb7dc0 --- /dev/null +++ b/etc/bash_history_2024-11-10.txt @@ -0,0 +1,500 @@ +exit +cd ~/.bashrc.d/systemd +cd ~/.bashrc.d +ls -la +sudo -iu podman +exit +systemctl --user list-unit-files +cd /etc/containers/systemd/users +ls +ls -la +cd .. +ls -la +systemctl start --user +cd /usr/lib/systemd/system-generators/podman-system-generator +cd /usr/lib/systemd/system-generators +ls -la +ls -la +cd /usr/libexec/podman/quadlet +cd /usr/libexec/podman +ls -la +apt-get install apt install podman-quadlet +apt install podman-quadlet +ls -la +ls -la /usr/libexec/podman +systemctl -l | grep -i rootlessport +ps aux | grep rootlessport +podman-generate-systemd +ls +whereis podman-generate-systemd +clear +apt list --installed +clear +exit +clear +apt list --installed +clear +/usr/libexec/podman/quadlet -dryrun +/usr/libexec/podman/quadlet --user -dryrun +sudo -iu podman +exit +chown -R podman:podman /home/podman +/usr/libexec/podman/quadlet -dryrun --user +sudo -iu podman +find / -name "immich-server.service" 2>/dev/null +rm -R /home/podman/d +find / -name "uptime-kuma-server.service" 2>/dev/null +sudo -iu podman +sudo -iu podman +sudo -iu podman +chown -R podman:podman /home/podman/.config/containers/systemd +chown -R podman:podman /home/podman/.config/containers/systemd +sudo -iu podman +sudo -iu podman +sudo -iu podman +nginx -t +nginx -s reload +sudo -iu podman +nginx -t +nginx -s reload +sudo -iu podman +nginx -t +nginx -s reload +nginx -t +nginx -s reload +links https://phares.duckdns.org +nano /etc/hosts +links https://phares.duckdns.org +ls /var/www/html +nano index.html +nano /var/www/html/index.html +mv /var/www/html /var/www/html-slideshow +ls /var/www +mkdir /var/www/html +cp /var/www/html-slideshow/index.nginx-debian.html /var/www/html/ +mv /var/www/html /var/www/html-nginx +nginx -t +nginx -s reload +links https://phares.duckdns.org +ls /var/www/html-nginx +links https://adguard.phares.duckdns.org/ +nano /etc/hosts +links https://adguard.phares.duckdns.org/ +nano /etc/hosts +links https://adguard.phares.duckdns.org/ +nano /etc/hosts +nano /etc/hosts +links https://adguard.phares.duckdns.org/ +nano /etc/hosts +links https://adguard.phares.duckdns.org/ +exit +nginx -t +nginx -s reload +podman pull docker.io/m1k1o/neko:firefox +/usr/libexec/podman/quadlet --user /home/podman/libexec-podman-quadlet-output +chown -R podman:podman /home/podman/.config/containers/systemd +sudo -iu podman +sudo -iu podman +sudo -iu podman +nginx -t +nginx -s reload +podman pull docker.io/mattermost/mattermost-team-edition:9.11.2 +sudo -iu podman +podman list images +podman ls images +podman images ls +podman image ls +podman image prone +podman image purge +podman image --help +podman image prune +y +podman image ls +podman image rm 2 +podman image rm 7 +podman image ls +sudo -iu podman +chown -R podman:podman /home/podman/.config/containers/systemd +sudo -iu podman +sudo -iu podman +nginx -t +nginx -s reload +nginx -t +nginx -t +nginx -s reload +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +chown -R podman:podman /home/podman/.config/containers/systemd +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +exit +sudo -iu podman +exit +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +nano /etc/hosts +nano /etc/hosts +nano /etc/hosts +exit +sudo -iu podman +sudo -iu podman +cat /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/config.json +nano/home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/config.json +nano /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/config.json +sudo -iu podman +nano /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/config.json +sudo -iu podman +exit +exit +sudo -iu podman +cd /home/podman/.local/share/containers/storage/volumes/systemd-immich-server-external/_data +ls +ls -la +cd / +sudo -iu podman +ls -la /home/podman/.local/share/containers/storage/volumes/systemd-immich-server-upload/_data/thumbs/5f0b1052-466d-44de-a554-226d7256850d/ +sudo -iu podman +sudo -iu podman +sudo -iu podman +exit +sudo -iu podman +sudo -iu podman +links https://192.168.0.43:8123 +links http://192.168.0.43:8123 +exit +sudo -iu podman +sudo -iu podman +sudo -iu podman +ls -la /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data +cp -R /var/www/html-nginx/ /var/www/html-quartz +cd /var/www/html-quartz +ls +mv index.nginx-debian.html index.html +links http://192.168.11.2:8069/ +links http://192.168.11.2:8069/index.html +cd / +nginx -t +cd /var/www/html-infineon/ +ls +nginx -t +nginx -s reload +apt-get update +apt-get upgrade +reboot +links http://192.168.11.2:8069/ +links http://192.168.11.2:8069/ +links http://192.168.11.2/ +sudo -iu podman +ls -la /home/podman/.local/share/containers/storage/volumes/systemd-odoo-server-data/_data/sessions/ +rm /home/podman/.local/share/containers/storage/volumes/systemd-odoo-server-data/_data/sessions +rm -R /home/podman/.local/share/containers/storage/volumes/systemd-odoo-server-data/_data/sessions +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +ls -la /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data/git/ +ls -la /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data/var +ls -la /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data +ls -la /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data/git/ +ls -la /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data/git/repositories/ +ls -la /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data/git/repositories/phares3757/ +sudo -iu podman +exit +nginx -t +nginx -s reload +nginx -t +nginx -s reload +nginx -t +nginx -s reload +nginx -t +nginx -s reload +nginx -t +nano /root/.acme.sh/*.phares.duckdns.org_ecc/*.phares.duckdns.org.cer +nginx -t +nginx -s reload +nginx -t +nginx -s reload +reboot +links http://127.0.0.1:8080/slideshow/index.html?nocache=2024-07-01-11-36 +links http://127.0.0.1:8080/slideshow/index.html +links http://127.0.0.1:8080/slideshow +links http://192.168.11.2:8080/slideshow +nginx -t +reboot +nginx -t +nginx -s reload +nginx -t +nginx -s reload +nginx -t +nginx -s reload +exit +mv /root/.acme.sh/affirm.duckdns.org_ecc/ /root/acme.sh-master/wild-affirm +mv /root/acme.sh-master/wild-affirm /root/.acme.sh/wild-affirm +exit +nginx -t +nginx -t +nginx -s reload +exit +cd /tmp +git clone https://github.com/acmesh-official/acme.sh.git +cd /tmp/acme.sh +./acme.sh --install -m mikepharesjr@msn.com +export DuckDNS_Token=1d3fc707-7052-4459-a624-fb01250f00b9 +echo $DuckDNS_Token +./acme.sh --register-account -m mikepharesjr@msn.com +./acme.sh --set-default-ca --server letsencrypt +./acme.sh --issue --dns dns_duckdns -d '*.kmjmlc.duckdns.org' --debug --home /root/.acme.sh --dnssleep 120 --days 90 --ecc --server https://acme-v02.api.letsencrypt.org/directory +./acme.sh --issue --dns dns_duckdns -d '*.jmlc.duckdns.org' --debug --home /root/.acme.sh --dnssleep 120 --days 90 --ecc --server https://acme-v02.api.letsencrypt.org/directory +cp -R /root/.acme.sh/\*.jmlc.duckdns.org_ecc/ /root/.acme.sh/wild-jmlc +mv /root/.acme.sh/wild-jmlc/\*.jmlc.duckdns.org.cer /root/.acme.sh/wild-jmlc/jmlc.duckdns.org.cer +mv /root/.acme.sh/wild-jmlc/\*.jmlc.duckdns.org.conf /root/.acme.sh/wild-jmlc/jmlc.duckdns.org.conf +mv /root/.acme.sh/wild-jmlc/\*.jmlc.duckdns.org.csr /root/.acme.sh/wild-jmlc/jmlc.duckdns.org.csr +mv /root/.acme.sh/wild-jmlc/\*.jmlc.duckdns.org.csr.conf /root/.acme.sh/wild-jmlc/jmlc.duckdns.org.csr.conf +mv /root/.acme.sh/wild-jmlc/\*.jmlc.duckdns.org.key /root/.acme.sh/wild-jmlc/jmlc.duckdns.org.key +nginx -t +nginx -t +nginx -s reload +nginx -t +nginx -t +nginx -s reload +nginx -s reload +links http://192.168.11.2:9090 +links https://192.168.11.2:9090 +nginx -s reload +nano /etc/cockpit/ws-certs.d/0-self-signed.cert +man cockpit.conf +nano /etc/cockpit/cockpit.conf +systemctl status cockpit.socket +systemctl status cockpit +systemctl stop cockpit +systemctl stop cockpit.socket +systemctl stop cockpit +systemctl start cockpit +systemctl start cockpit.socket +nginx -s reload +rm /etc/cockpit/cockpit.conf +systemctl stop cockpit +systemctl stop cockpit.socket +systemctl stop cockpit +systemctl start cockpit.socket +systemctl start cockpit +nginx -s reload +journalctl -u cockpit +cd /etc/cockpit/ +ls +cd ws-certs.d/ +ls +mv 0-self-signed.cert 0-self-signed.cert.old +mv 0-self-signed.key 0-self-signed.key.old +cp /root/.acme.sh/wild-phares/phares.duckdns.org.cer 0-self-signed.cert +cp /root/.acme.sh/wild-phares/phares.duckdns.org.key 0-self-signed.key +systemctl restart cockpit +systemctl status cockpit +systemctl status cockpit +systemctl status cockpit +systemctl status cockpit +systemctl status cockpit +systemctl restart cockpit +nano /etc/cockpit/cockpit.conf +systemctl restart cockpit +systemctl status cockpit +systemctl status cockpit +systemctl status cockpit +systemctl status cockpit +systemctl restart cockpit +systemctl status cockpit +nginx -s reload +systemctl restart cockpit +systemctl status cockpit +nginx -s reload +nginx -s reload +rm -R /mnt/free-file-sync/notes/FS-ADO/ +exit +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +exit +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +nignx -t +nginx -t +nginx -s reload +reboot +lsof -i -P -n | grep LISTEN +links http://192.168.11.2:5007/ +links http://127.0.0.1:5007/ +sudo -iu podman +sudo -iu podman +sudo -iu podman +chmod -R 0774 /root/.acme.sh/wild-phares +sudo -iu podman +ls -la /root/.acme.sh/wild-phares +chmod -R 0775 /root/.acme.sh/wild-phares +ls -la /root/.acme.sh/wild-phares +sudo -iu podman +chmod -R 0777 /root/.acme.sh/wild-phares +sudo -iu podman +chmod -R 0774 /root/.acme.sh/wild-phares +ls -la /root/.acme.sh/wild-phares +chmod -R 0774 /root/.acme.sh +ls -la /root/.acme.sh +sudo -iu podman +ln -s /root/.acme.sh/wild-phares /home/podman/wild-phares +sudo -iu podman +cp -R /root/.acme.sh/wild-phares /home/podman/wild-phares +cp -R /root/.acme.sh/wild-phares/ /home/podman +rm /home/podman/wild-phares +cp -R /root/.acme.sh/wild-phares/ /home/podman +chown podman:podman /home/podman +ls /home/podman/wild-phares/ +ls -la /home/podman/wild-phares +sudo -iu podman +chown -R podman:podman /home/podman +ls -la /home/podman/wild-phares +sudo -iu podman +cd /home/podman/ +ls +cd quadlet/ +ls -la +cd default.target.wants/ +ls -la +cd .. +cd .. +cd lib +cd libpod/ +ls -la +sudo -iu podman +chown -R 1000:1000 /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data +sudo -iu podman +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data +cd / +sudo -iu podman +sudo -iu podman +reboot +sudo -iu podman +exit +/usr/libexec/podman/quadlet --user /home/podman/libexec-podman-quadlet-output +/usr/libexec/podman/quadlet -dryrun --user +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +exit +ls -ls \mnt\free-file-sync\proxmox +ls -ls /mnt/free-file-sync/proxmox +cd /home/podman +ls -la +setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl +apt-get install acl -y +setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl +ls -la +setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl +setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions.acl +cd / +setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions.acl +ls /home/podman/.config/cni/net.d +setfacl --restore=/mnt/free-file-sync/proxmox/one.acl +cd /home/phares/ +setfacl --restore=/mnt/free-file-sync/proxmox/one.acl +setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions.acl +setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions.acl +getfacl /home/podman > permissions.acl +ls +cat permissions.acl +rm permissions.acl +getfacl -R /home/podman > podman-permissions-bad.acl +mv podman-permissions-bad.acl /mnt/free-file-sync/proxmox/ +setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl +cd ../podman +setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl +cd / +setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl +nano /etc/passwd +nano /etc/passwd +nano /etc/group +nano /etc/shadow +find / -uid 1000 -exec chown -h 2000 {} + +find / -gid 1000 -exec chgrp -h 2000 {} + +find / -xdev -uid 1002 -exec chown -h 1000 {} + +find / -xdev -gid 1002 -exec chgrp -h 1000 {} + +reboot +reboot +nano /etc/passwd +nano /etc/group +find / -xdev -uid 1001 -exec chown -h 1005 {} + +find / -xdev -gid 1001 -exec chgrp -h 1005 {} + +find / -xdev -uid 2000 -exec chown -h 1001 {} + +find / -xdev -gid 2000 -exec chgrp -h 1001 {} + +nano /etc/passwd +nano /etc/group +find / -xdev -uid 1005 -exec chown -h 1002 {} + +find / -xdev -gid 1005 -exec chgrp -h 1002 {} + +reboot +cd / +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +ls /run/user/ +ls /run/user/1001/systemd/ +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +/usr/libexec/podman/quadlet -dryrun --user +/usr/libexec/podman/quadlet --user /home/podman/libexec-podman-quadlet-output +sudo -iu podman +sudo -iu podman +sudo -iu podman +cp /home/podman/config.json /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data +sudo -iu podman +chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-plugins/_data/ +sudo -iu podman +sudo -iu podman +chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-client-plugins/_data/ +sudo -iu podman +chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/_data/ +chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/ +chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/ +chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/ +sudo -iu podman +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/ +sudo -iu podman +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/ +sudo -iu podman +exit diff --git a/etc/bash_history_2024-11-23.txt b/etc/bash_history_2024-11-23.txt new file mode 100644 index 0000000..12687dc --- /dev/null +++ b/etc/bash_history_2024-11-23.txt @@ -0,0 +1,500 @@ +ls /home/podman/.config/cni/net.d +setfacl --restore=/mnt/free-file-sync/proxmox/one.acl +cd /home/phares/ +setfacl --restore=/mnt/free-file-sync/proxmox/one.acl +setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions.acl +setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions.acl +getfacl /home/podman > permissions.acl +ls +cat permissions.acl +rm permissions.acl +getfacl -R /home/podman > podman-permissions-bad.acl +mv podman-permissions-bad.acl /mnt/free-file-sync/proxmox/ +setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl +cd ../podman +setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl +cd / +setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl +nano /etc/passwd +nano /etc/passwd +nano /etc/group +nano /etc/shadow +find / -uid 1000 -exec chown -h 2000 {} + +find / -gid 1000 -exec chgrp -h 2000 {} + +find / -xdev -uid 1002 -exec chown -h 1000 {} + +find / -xdev -gid 1002 -exec chgrp -h 1000 {} + +reboot +reboot +nano /etc/passwd +nano /etc/group +find / -xdev -uid 1001 -exec chown -h 1005 {} + +find / -xdev -gid 1001 -exec chgrp -h 1005 {} + +find / -xdev -uid 2000 -exec chown -h 1001 {} + +find / -xdev -gid 2000 -exec chgrp -h 1001 {} + +nano /etc/passwd +nano /etc/group +find / -xdev -uid 1005 -exec chown -h 1002 {} + +find / -xdev -gid 1005 -exec chgrp -h 1002 {} + +reboot +cd / +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +ls /run/user/ +ls /run/user/1001/systemd/ +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +/usr/libexec/podman/quadlet -dryrun --user +/usr/libexec/podman/quadlet --user /home/podman/libexec-podman-quadlet-output +sudo -iu podman +sudo -iu podman +sudo -iu podman +cp /home/podman/config.json /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data +sudo -iu podman +chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-plugins/_data/ +sudo -iu podman +sudo -iu podman +chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-client-plugins/_data/ +sudo -iu podman +chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/_data/ +chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/ +chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/ +chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/ +sudo -iu podman +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/ +sudo -iu podman +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/ +sudo -iu podman +exit +cp ~/.bash_history /etc/bash_history_2024-11-10.txt +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/_data/ +sudo -iu podman +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/_data/ +sudo -iu podman +sudo -iu podman +sudo -iu podman +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-plugins/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-client-plugins/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/ +ls -la /home/podman/.local/share/containers/storage/volumes/systemd-mattermost +ls -la /home/podman/.local/share/containers/storage/volumes +ls -la /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-logs +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-plugins/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-client-plugins/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-logs/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-plugins/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-client-plugins/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-logs/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-logs/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-plugins/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-client-plugins/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-logs/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-logs/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-logs/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-client-plugins/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-logs/_data/ +chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-plugins/_data/ +sudo -iu podman +sudo -iu podman +chown -R podman:podman /home/podman/.config/containers/systemd +sudo -iu podman +sudo -iu podman +systemctl --user start mattermost-db +systemctl --user start mattermost-db +/usr/libexec/podman/quadlet --user /home/podman/libexec-podman-quadlet-output +sudo -iu podman +cp /home/podman/config.json /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data +sudo -iu podman +sudo -iu podman +exit +exit +sudo -iu podman +sudo -iu podman +sudo -iu podman +nginx -t +nginx -s reload +nginx -s reload +sudo -iu podman +sudo -iu podman +sudo -iu podman +links https://pgadmin.phares.duckdns.org/ +links https://pgadmin.phares.duckdns.org/ +sudo -iu podman +sudo -iu podman +lspci | grep -i nvme +lspci -vv -s 08:00.0 | grep -w LnkCap +lspci -vv -s 02:00.0 | grep -w LnkCap +sudo -iu podman +curl https://push-test.mattermost.com +sudo -iu podman +sudo -iu podman +sudo -iu podman +apt-file search setcap +setcap +sudo -iu podman +nano /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/config.json +sudo -iu podman +nginx -s reload +nginx -s reload +sudo -iu podman +nginx -s reload +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +exit +snap install vaultwarden +snap vaultwarden +snap vaultwarden help +lsof -i -P -n | grep LISTEN +nano /var/snap/vaultwarden/current/vaultwarden.conf +snap stop vaultwarden +sudo -iu podman +snap stop vaultwarden +sudo -iu podman +nginx -t +nginx -s reload +sudo -iu podman +links https://192.168.11.2:5008 +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +links https://192.168.11.2:5008 +links http://192.168.11.2:5008 +links https://192.168.11.2:5008 +snap start vaultwarden +snap vaultwarden +snap vaultwarden hash +snap uninstall vaultwarden +snap remove vaultwarden +exot +exit +sudo -iu podman +sudo -iu podman +sudo -iu podman +nginx -t +nginx -s reload +nginx -t +nginx -s reload +nginx -s reload +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +nginx -t +nginx -s reload +nginx -t +nginx -s reload +nginx -t +nginx -s reload +sudo -iu podman +links https://mattermost.phares.duckdns.org +snap install vaultwarden +snap stop vaultwarden +nano /var/snap/vaultwarden/current/vaultwarden.conf +rm /var/snap/vaultwarden/current/vaultwarden.conf +nano /var/snap/vaultwarden/current/vaultwarden.conf +snap remove vaultwarden +snap install vaultwarden +ls -la /var/snap/vaultwarden/current +ls -la /var/snap/vaultwarden/current +echo>/var/snap/vaultwarden/current/vaultwarden.conf +nano /var/snap/vaultwarden/current/vaultwarden.conf +snap start vaultwarden +snap info vaultwarden +snap status vaultwarden +lsof -i -P -n | grep LISTEN +snap start vaultwarden +lsof -i -P -n | grep LISTEN +links https://192.168.11.2:5009/ +openssl s_client -showcerts -connect vaultwarden.phares.duckdns.org:443 -servername vaultwarden.phares.duckdns.org +exit +snap start vaultwarden +journalctl -u snapd +cat /var/snap/vaultwarden/current/ +top +snap info adguard +snap info addguard +snap info addguardhome +snap info +snap info +snap changes +snap watch id 37 +snap watch 37 +snap watch 34 +snap logs vaultwardedn +snap logs vaultwarden +ls -la /home/podman/wild-phares/ +nano /var/snap/vaultwarden/current/vaultwarden.conf +nano /var/snap/vaultwarden/current/vaultwarden.conf +snap start vaultwarden +snap logs vaultwarden +ls -la /var/snap/vaultwarden/current/ +ls -la /var/snap/vaultwarden/current/ssl +cp -R /home/podman/wild-phares/* /var/snap/vaultwarden/current/ssl/ +ls -la /var/snap/vaultwarden/current/ssl/ +nano /var/snap/vaultwarden/current/vaultwarden.conf +snap start vaultwarden +snap logs vaultwarden +snap logs vaultwarden +nginx -t +nginx -s reload +nano /var/snap/vaultwarden/current/vaultwarden.conf +nano /var/snap/vaultwarden/current/vaultwarden.conf +nano /var/snap/vaultwarden/current/vaultwarden.conf +snap stop vaultwarden +snap start vaultwarden +sudo -iu podman +exit +nano /var/snap/vaultwarden/current/vaultwarden.conf +snap stop vaultwarden +nano /var/snap/vaultwarden/current/vaultwarden.conf +snap start vaultwarden +nginx -t +nginx -s reload +sudo -iu podman +exit +sudo -iu podman +sudo -iu podman +exit +nano /etc/cockpit/cockpit.conf +apt-get install cockpit cockpit-podman cockpit-machines -y +apt-get install cockpit cockpit-podman cockpit-machines -y +apt-get remove cockpit-machines -y +apt-get install cockpit cockpit-podman cockpit-files -y +apt-get install cockpit cockpit-podman cockpit-file -y +apt-get search cockpit-file +apt-get search +apt-get --help +apt-get check +apt-get auto-purge +apt-get --help +apt-get purge +apt-get autoremove +apt-get autoremove +apt-get update +apt-get install cockpit cockpit-podman cockpit-files -y +apt-get upgrade +sudo -iu podman +sudo -iu podman +nginx -t +nginx -s reload +sudo -iu podman +nano /etc/docker/daemon.json +nano /etc/podman/daemon.json +sudo -iu podman +nginx -s reload +sudo -iu podman +nano /etc/resolv.conf +nano /etc/resolv.conf +nano /etc/hosts +cat /etc/hosts +sudo -iu podman +nano /etc/hosts +sudo -iu podman +sudo -iu podman +nginx -s reload +nginx -s reload +nano /etc/hosts +sudo -iu podman +sudo -iu podman +sudo -iu podman +apt install podman +sudo -iu podman +sudo -iu podman +exit +sudo -iu podman +exit +sudo -iu podman +nginx -s reload +exit +nginx -t +nginx -s reload +exit +nginx -t +nginx -s reload +sudo -iu podman +sudo -iu podman +exit +nginx -s reload +exit +nano /etc/cockpit/cockpit.conf +exit +ls -la /etc/cockpit/ws-certs.d/ +nano /etc/cockpit/ws-certs.d/0-self-signed.cert +mv /etc/cockpit/ws-certs.d/0-self-signed.cert /etc/cockpit/ws-certs.d/0-self-signed.cert.part +cp /root/.acme.sh/wild-phares/fullchain.cer /etc/cockpit/ws-certs.d/0-self-signed.cert +exit +ls -la /etc/cockpit/ws-certs.d +chomod 774 -r /etc/cockpit/ws-certs.d +chmod 774 -R /etc/cockpit/ws-certs.d +ls -la /etc/cockpit/ws-certs.d +exit +cp /root/.acme.sh/wild-phares/phares.duckdns.org.cer /etc/cockpit/ws-certs.d/0-self-signed.cert +ls -la /etc/cockpit/ws-certs.d +rm /etc/cockpit/ws-certs.d/0-self-signed.cert.old +chmod 774 -R /etc/cockpit/ws-certs.d +exit +ls -la /usr/libexec/podman/quadlet +ls -la /usr/libexec/podman +exit +find / -name "neko-server.service" 2>/dev/null +exit +cp /run/user/1000/systemd/generator/multi-user.target.wants/neko-server.service /mnt/free-file-sync/proxmox/ +cp /run/user/1000/systemd/generator/default.target.wants/neko-server.service /mnt/free-file-sync/proxmox/ +cp /run/user/1000/systemd/generator/neko-server.service /mnt/free-file-sync/proxmox/ +nano /run/user/1000/systemd/generator/multi-user.target.wants/neko-server.service +dif /home/podman/libexec-podman-quadlet-output/default.target.wants/neko-server.service /run/user/1000/systemd/generator/default.target.wants/neko-server.service +diff /home/podman/libexec-podman-quadlet-output/default.target.wants/neko-server.service /run/user/1000/systemd/generator/default.target.wants/neko-server.service +diff /home/podman/libexec-podman-quadlet-output/multi-user.target.wants/neko-server.service /run/user/1000/systemd/generator/multi-user.target.wants/neko-server.service +diff /home/podman/libexec-podman-quadlet-output/neko-server.service /run/user/1000/systemd/generator/neko-server.service +sudo -iu podman +diff /home/podman/libexec-podman-quadlet-output/neko-server.service /run/user/1000/systemd/generator/neko-server.service +diff /home/podman/libexec-podman-quadlet-output/multi-user.target.wants/neko-server.service /run/user/1000/systemd/generator/multi-user.target.wants/neko-server.service +diff /home/podman/libexec-podman-quadlet-output/multi-user.target.wants/neko-server.service /run/user/1000/systemd/generator/multi-user.target.wants/neko-server.service +diff +diff --help +diff /home/podman/libexec-podman-quadlet-output/multi-user.target.wants/neko-server.service /run/user/1000/systemd/generator/multi-user.target.wants/neko-server.service -y +diff -y /home/podman/libexec-podman-quadlet-output/default.target.wants/neko-server.service /run/user/1000/systemd/generator/default.target.wants/neko-server.service +diff -r /home/podman/libexec-podman-quadlet-output/default.target.wants/neko-server.service /run/user/1000/systemd/generator/default.target.wants/neko-server.service +diff -y /home/podman/libexec-podman-quadlet-output/multi-user.target.wants/neko-server.service /run/user/1000/systemd/generator/multi-user.target.wants/neko-server.service +diff -r /home/podman/libexec-podman-quadlet-output/multi-user.target.wants/neko-server.service /run/user/1000/systemd/generator/multi-user.target.wants/neko-server.service +diff -y -r /home/podman/libexec-podman-quadlet-output/neko-server.service /run/user/1000/systemd/generator/neko-server.service +diff -r /home/podman/libexec-podman-quadlet-output/neko-server.service /run/user/1000/systemd/generator/neko-server.service +sudo -iu podman +diff -r /home/podman/libexec-podman-quadlet-output/neko-server.service /run/user/1000/systemd/generator/neko-server.service +/usr/lib/systemd/user-generators/podman-user-generator +ls /usr/lib/systemd/user-generators/podman-user-generator +exit +nginx -s reload +exit +rm -R /var/www/html-infineon/ +nginx -t +nginx -s reload +nginx -t +nginx -s reload +nginx -t +nginx -s reload +exit +exit +nginx -t +nginx -s reload +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +exit +docker +exit +snap list +exit +nano /var/www/html-slideshow/slideshow/scripts/index.js +nano /var/www/html-slideshow/slideshow/index.json +snap install dotnet-sdk --classic 9.0/stable +dotnet --info +snap install dotnet-sdk --classic --channel 9.0/stable +snap install dotnet-sdk --stable 9.0/stable +snap install dotnet-sdk --stable dotnet-sdk +snap install --stable dotnet-sdk +snap install --classic --stable dotnet-sdk +exit +~/.bashrc +exit +~/.bashrc +nano /etc/hostname +nano /etc/hostname +/etc/hosts +nano /etc/hosts +/etc/hosts +nano /etc/hostname +nano /etc/hosts +~/.bashrc +sudo -i +exit +dotnet --info +snap remove --classic --stable dotnet-sdk +snap remove dotnet-sdk +dotnet --info +snap install dotnet-sdk --classic --9.0/stable +snap install dotnet-sdk --classic --channel 9.0/stable +apt-get update +snap install dotnet-sdk --classic --channel 9.0/stable +snap install dotnet-sdk --classic --latest/stable +snap install dotnet-sdk --classic --channel latest/stable +export DOTNET_ROOT=/snap/dotnet-sdk/current +~/.bash_profile, ~/.bashrc +~/.bash_profile +~/.bashrc +sudo -i +exit +dotnet --info +cd /tmp/ +git clone https://33aada599f8e245782e68931fe2629a959af5d26@gitea.phares.duckdns.org/phares3757/one-review.git +ls +cd one-review/ +podman compose up --build +nano /etc/containers/registries.conf +ls +podman ps -a +sudo -iu podman +cd .. +rm -R one-review/ +sudo -iu podman +sudo -iu podman +apt-get install podman-plugins +sudo -iu podman +sudo -iu podman +sudo -iu podman +sudo -iu podman +git clone https://33aada599f8e245782e68931fe2629a959af5d26@gitea.phares.duckdns.org/phares3757/one-review.git +cd one-review/ +git checkout origin 11-17 +git checkout origin/11-17 +git pull +git pull origin 11-17 +git log -1 +docker compose up --build +snap install docker +snap remove docker +snap remove dotnet-sdk +cd .. +ls +rm -R one-review/ +ls +exit +dotnet --info +exit diff --git a/etc/group b/etc/group index 8ddf4be..7018121 100644 --- a/etc/group +++ b/etc/group @@ -57,13 +57,18 @@ tss:x:108: landscape:x:109: fwupd-refresh:x:989: netdev:x:110: -phares:x:1000: -podman:x:1002: +phares:x:1001: +podman:x:1000: lphares:x:1003:bmiller,persa bmiller:x:1004: unbound:x:111: cockpit-ws:x:112: cockpit-wsinstance:x:113: pcp:x:988: -persa:x:1001: +persa:x:1002: redis:x:114: +swtpm:x:115: +libvirt:x:116:phares,podman,libvirtdbus +libvirt-qemu:x:64055:libvirt-qemu +libvirt-dnsmasq:x:117: +libvirtdbus:x:118: diff --git a/etc/group- b/etc/group- index 3578b38..6392477 100644 --- a/etc/group- +++ b/etc/group- @@ -57,12 +57,18 @@ tss:x:108: landscape:x:109: fwupd-refresh:x:989: netdev:x:110: -phares:x:1000: -podman:x:1002: +phares:x:1001: +podman:x:1000: lphares:x:1003:bmiller,persa bmiller:x:1004: unbound:x:111: cockpit-ws:x:112: cockpit-wsinstance:x:113: pcp:x:988: -persa:x:1001: +persa:x:1002: +redis:x:114: +swtpm:x:115: +libvirt:x:116:phares,podman +libvirt-qemu:x:64055:libvirt-qemu +libvirt-dnsmasq:x:117: +libvirtdbus:x:118: diff --git a/etc/gshadow b/etc/gshadow index 465e349..790ab74 100644 --- a/etc/gshadow +++ b/etc/gshadow @@ -67,3 +67,8 @@ cockpit-wsinstance:!:: pcp:!:: persa:!:: redis:!:: +swtpm:!:: +libvirt:!::phares,podman,libvirtdbus +libvirt-qemu:!::libvirt-qemu +libvirt-dnsmasq:!:: +libvirtdbus:!:: diff --git a/etc/gshadow- b/etc/gshadow- index 9c9a2e8..7f5f3eb 100644 --- a/etc/gshadow- +++ b/etc/gshadow- @@ -66,3 +66,9 @@ cockpit-ws:!:: cockpit-wsinstance:!:: pcp:!:: persa:!:: +redis:!:: +swtpm:!:: +libvirt:!::phares,podman +libvirt-qemu:!::libvirt-qemu +libvirt-dnsmasq:!:: +libvirtdbus:!:: diff --git a/etc/hosts b/etc/hosts index 4c12078..42b06f5 100644 --- a/etc/hosts +++ b/etc/hosts @@ -1,5 +1,5 @@ 127.0.0.1 localhost -127.0.1.1 trigkey +127.0.1.1 trigkey-green-g4 # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback diff --git a/etc/nginx/include/adguard.conf b/etc/nginx/include/adguard.conf new file mode 100644 index 0000000..40849a4 --- /dev/null +++ b/etc/nginx/include/adguard.conf @@ -0,0 +1,20 @@ +server { + # touch /etc/nginx/include/adguard.phares.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/adguard.phares.duckdns.org.key -out /etc/nginx/include/adguard.phares.duckdns.org.crt -config /etc/nginx/include/adguard.phares.duckdns.org + ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; + # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name adguard.phares.duckdns.org; + client_max_body_size 5000m; + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://192.168.11.2:3002/; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + } +} \ No newline at end of file diff --git a/etc/nginx/include/affirm.conf b/etc/nginx/include/affirm.conf new file mode 100644 index 0000000..7882ced --- /dev/null +++ b/etc/nginx/include/affirm.conf @@ -0,0 +1,15 @@ +server { + # touch /etc/nginx/include/affirm.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/affirm.duckdns.org.key -out /etc/nginx/include/affirm.phares.duckdns.org.crt -config /etc/nginx/include/affirm.phares.duckdns.org + ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer; + # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer; + ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name *.affirm.duckdns.org; + root /var/www/html-affirm; + index index.html index.htm; + location / { + try_files $uri $uri.html $uri/ =404; + } +} \ No newline at end of file diff --git a/etc/nginx/include/baikal.conf b/etc/nginx/include/baikal.conf new file mode 100644 index 0000000..b24b4a1 --- /dev/null +++ b/etc/nginx/include/baikal.conf @@ -0,0 +1,20 @@ +server { + # touch /etc/nginx/include/baikal.phares.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/baikal.phares.duckdns.org.key -out /etc/nginx/include/baikal.phares.duckdns.org.crt -config /etc/nginx/include/baikal.phares.duckdns.org + ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; + # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name baikal.phares.duckdns.org; + client_max_body_size 5000m; + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://192.168.11.2:8001/; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + } +} \ No newline at end of file diff --git a/etc/nginx/include/bchs.conf b/etc/nginx/include/bchs.conf new file mode 100644 index 0000000..fdb4ace --- /dev/null +++ b/etc/nginx/include/bchs.conf @@ -0,0 +1,15 @@ +server { + # touch /etc/nginx/include/bchs.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/bchs.duckdns.org.key -out /etc/nginx/include/bchs.phares.duckdns.org.crt -config /etc/nginx/include/bchs.phares.duckdns.org + ssl_certificate /root/.acme.sh/wild-bchs/fullchain.cer; + # ssl_certificate /root/.acme.sh/wild-bchs/bchs.duckdns.org.cer; + ssl_certificate_key /root/.acme.sh/wild-bchs/bchs.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name *.bchs.duckdns.org; + root /var/www/html-bchs; + index index.html index.htm; + location / { + try_files $uri $uri.html $uri/ =404; + } +} \ No newline at end of file diff --git a/etc/nginx/include/cockpit.conf b/etc/nginx/include/cockpit.conf new file mode 100644 index 0000000..4a0084f --- /dev/null +++ b/etc/nginx/include/cockpit.conf @@ -0,0 +1,24 @@ +server { + # touch /etc/nginx/include/cockpit.phares.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/cockpit.phares.duckdns.org.key -out /etc/nginx/include/cockpit.phares.duckdns.org.crt -config /etc/nginx/include/cockpit.phares.duckdns.org + ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; + # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name cockpit.phares.duckdns.org; + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass https://127.0.0.1:9090/; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + proxy_http_version 1.1; + proxy_buffering off; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + gzip off; + } +} \ No newline at end of file diff --git a/etc/nginx/include/dashkiosk.conf b/etc/nginx/include/dashkiosk.conf new file mode 100644 index 0000000..fcc3d3c --- /dev/null +++ b/etc/nginx/include/dashkiosk.conf @@ -0,0 +1,19 @@ +server { + # touch /etc/nginx/include/dashkiosk.phares.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/dashkiosk.phares.duckdns.org.key -out /etc/nginx/include/dashkiosk.phares.duckdns.org.crt -config /etc/nginx/include/dashkiosk.phares.duckdns.org + ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; + # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name dashkiosk.phares.duckdns.org; + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://192.168.11.2:9400/; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + } +} \ No newline at end of file diff --git a/etc/nginx/include/firefox.conf b/etc/nginx/include/firefox.conf new file mode 100644 index 0000000..546cc53 --- /dev/null +++ b/etc/nginx/include/firefox.conf @@ -0,0 +1,19 @@ +server { + # touch /etc/nginx/include/firefox.phares.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/firefox.phares.duckdns.org.key -out /etc/nginx/include/firefox.phares.duckdns.org.crt -config /etc/nginx/include/firefox.phares.duckdns.org + ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; + # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name firefox.phares.duckdns.org; + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://192.168.11.2:5800/; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + } +} \ No newline at end of file diff --git a/etc/nginx/include/gitea.conf b/etc/nginx/include/gitea.conf new file mode 100644 index 0000000..6cd3288 --- /dev/null +++ b/etc/nginx/include/gitea.conf @@ -0,0 +1,20 @@ +server { + # touch /etc/nginx/include/gitea.phares.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/gitea.phares.duckdns.org.key -out /etc/nginx/include/gitea.phares.duckdns.org.crt -config /etc/nginx/include/gitea.phares.duckdns.org + ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; + # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name gitea.phares.duckdns.org; + client_max_body_size 5000m; + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://192.168.11.2:3000/; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + } +} \ No newline at end of file diff --git a/etc/nginx/include/immich-to-slideshow.conf b/etc/nginx/include/immich-to-slideshow.conf new file mode 100644 index 0000000..8026339 --- /dev/null +++ b/etc/nginx/include/immich-to-slideshow.conf @@ -0,0 +1,20 @@ +server { + # touch /etc/nginx/include/immich-to-slideshow.phares.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/immich-to-slideshow.phares.duckdns.org.key -out /etc/nginx/include/immich-to-slideshow.phares.duckdns.org.crt -config /etc/nginx/include/immich-to-slideshow.phares.duckdns.org + ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; + # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name immich-to-slideshow.phares.duckdns.org; + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://192.168.11.2:5009/; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + add_header Access-Control-Allow-Origin *; + } +} \ No newline at end of file diff --git a/etc/nginx/include/immich.conf b/etc/nginx/include/immich.conf new file mode 100644 index 0000000..aed4893 --- /dev/null +++ b/etc/nginx/include/immich.conf @@ -0,0 +1,25 @@ +server { + # touch /etc/nginx/include/immich.phares.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/immich.phares.duckdns.org.key -out /etc/nginx/include/immich.phares.duckdns.org.crt -config /etc/nginx/include/immich.phares.duckdns.org + ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; + # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name immich.phares.duckdns.org; + client_max_body_size 50000M; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_redirect off; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + send_timeout 600s; + location / { + proxy_pass http://192.168.11.2:3001/; + } +} \ No newline at end of file diff --git a/etc/nginx/include/immichtoslideshow.conf b/etc/nginx/include/immichtoslideshow.conf new file mode 100644 index 0000000..beaa815 --- /dev/null +++ b/etc/nginx/include/immichtoslideshow.conf @@ -0,0 +1,19 @@ +server { + # touch /etc/nginx/include/immichtoslideshow.phares.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/immichtoslideshow.phares.duckdns.org.key -out /etc/nginx/include/immichtoslideshow.phares.duckdns.org.crt -config /etc/nginx/include/immichtoslideshow.phares.duckdns.org + ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; + # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name immichtoslideshow.phares.duckdns.org; + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://192.168.11.2:5009/; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + } +} \ No newline at end of file diff --git a/etc/nginx/include/kuma.conf b/etc/nginx/include/kuma.conf new file mode 100644 index 0000000..bc22f0e --- /dev/null +++ b/etc/nginx/include/kuma.conf @@ -0,0 +1,22 @@ +server { + # touch /etc/nginx/include/kuma.phares.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/kuma.phares.duckdns.org.key -out /etc/nginx/include/kuma.phares.duckdns.org.crt -config /etc/nginx/include/kuma.phares.duckdns.org + ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; + # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name kuma.phares.duckdns.org; + client_max_body_size 5000m; + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass https://192.168.11.2:3004/; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Connection "upgrade"; + } +} \ No newline at end of file diff --git a/etc/nginx/include/mattermost.conf b/etc/nginx/include/mattermost.conf new file mode 100644 index 0000000..df32873 --- /dev/null +++ b/etc/nginx/include/mattermost.conf @@ -0,0 +1,46 @@ +server { + # touch /etc/nginx/include/mattermost.phares.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/mattermost.phares.duckdns.org.key -out /etc/nginx/include/mattermost.phares.duckdns.org.crt -config /etc/nginx/include/mattermost.phares.duckdns.org + ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; + # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name mattermost.phares.duckdns.org; + # add_header X-Early-Data $tls1_3_early_data; + location ~ /api/v[0-9]+/(users/)?websocket$ { + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + client_max_body_size 50M; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Frame-Options SAMEORIGIN; + proxy_buffers 256 16k; + proxy_buffer_size 16k; + client_body_timeout 60s; + send_timeout 300s; + lingering_timeout 5s; + proxy_connect_timeout 90s; + proxy_send_timeout 300s; + proxy_read_timeout 90s; + proxy_http_version 1.1; + proxy_pass https://192.168.11.2:8443; + } + location / { + # https://mattermost.m1k1o.net/#/getting-started/reverse-proxy + client_max_body_size 100M; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Frame-Options SAMEORIGIN; + proxy_buffers 256 16k; + proxy_buffer_size 16k; + proxy_read_timeout 600s; + proxy_http_version 1.1; + proxy_pass https://192.168.11.2:8443; + } +} \ No newline at end of file diff --git a/etc/nginx/include/neko.conf b/etc/nginx/include/neko.conf new file mode 100644 index 0000000..60ec1af --- /dev/null +++ b/etc/nginx/include/neko.conf @@ -0,0 +1,24 @@ +server { + # touch /etc/nginx/include/neko.phares.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/neko.phares.duckdns.org.key -out /etc/nginx/include/neko.phares.duckdns.org.crt -config /etc/nginx/include/neko.phares.duckdns.org + ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; + # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name neko.phares.duckdns.org; + location / { + # https://neko.m1k1o.net/#/getting-started/reverse-proxy + proxy_pass http://192.168.11.2:8082; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 86400; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Protocol $scheme; + } +} \ No newline at end of file diff --git a/etc/nginx/include/odoo.conf b/etc/nginx/include/odoo.conf new file mode 100644 index 0000000..9ed5680 --- /dev/null +++ b/etc/nginx/include/odoo.conf @@ -0,0 +1,19 @@ +server { + # touch /etc/nginx/include/odoo.ddns.net + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/odoo.ddns.net.key -out /etc/nginx/include/odoo.ddns.net.crt -config /etc/nginx/include/odoo.ddns.net + ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; + # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name odoo.phares.duckdns.org; + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://192.168.11.2:8069/; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + } +} \ No newline at end of file diff --git a/etc/nginx/include/pgadmin.conf b/etc/nginx/include/pgadmin.conf new file mode 100644 index 0000000..8e3478e --- /dev/null +++ b/etc/nginx/include/pgadmin.conf @@ -0,0 +1,19 @@ +server { + # touch /etc/nginx/include/pgadmin.phares.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/pgadmin.phares.duckdns.org.key -out /etc/nginx/include/pgadmin.phares.duckdns.org.crt -config /etc/nginx/include/pgadmin.phares.duckdns.org + ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; + # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name pgadmin.phares.duckdns.org; + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass https://192.168.11.2:5007/; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + } +} \ No newline at end of file diff --git a/etc/nginx/include/phares.conf b/etc/nginx/include/phares.conf new file mode 100644 index 0000000..f0a9201 --- /dev/null +++ b/etc/nginx/include/phares.conf @@ -0,0 +1,33 @@ +# server { +# listen 80 default_server; +# root /var/www/certbot; +# index index.html index.htm index.nginx-debian.html; +# server_name phares.duckdns.org; +# location / { +# try_files $uri $uri/ =404; +# } +# } +server { + listen 8083 default_server; + root /var/www/html-nginx; + index index.html index.htm; + server_name _; + location / { + try_files $uri $uri/ =404; + } +} +server { + # touch /etc/nginx/include/phares.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/phares.duckdns.org.key -out /etc/nginx/include/phares.duckdns.org.crt -config /etc/nginx/include/phares.duckdns.org + ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; + # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name phares.duckdns.org; + root /var/www/html-nginx; + index index.nginx-debian.html; + location / { + try_files $uri $uri.html $uri/ =404; + } +} \ No newline at end of file diff --git a/etc/nginx/include/quartz.conf b/etc/nginx/include/quartz.conf new file mode 100644 index 0000000..2df6a35 --- /dev/null +++ b/etc/nginx/include/quartz.conf @@ -0,0 +1,24 @@ +server { + listen 8084 default_server; + root /var/www/html-quartz; + index index.html index.htm; + server_name _; + location / { + try_files $uri $uri/ =404; + } +} +server { + # touch /etc/nginx/include/quartz.phares.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/quartz.phares.duckdns.org.key -out /etc/nginx/include/quartz.phares.duckdns.org.crt -config /etc/nginx/include/quartz.phares.duckdns.org + ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; + # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name quartz.phares.duckdns.org; + root /var/www/html-quartz; + index index.html index.htm; + location / { + try_files $uri $uri.html $uri/ =404; + } +} \ No newline at end of file diff --git a/etc/nginx/include/slideshow.conf b/etc/nginx/include/slideshow.conf new file mode 100644 index 0000000..28aac99 --- /dev/null +++ b/etc/nginx/include/slideshow.conf @@ -0,0 +1,25 @@ +server { + listen 8080 default_server; + root /var/www/html-slideshow; + index index.html index.htm; + server_name _; + location / { + try_files $uri $uri/ =404; + add_header Access-Control-Allow-Origin *; + } +} +server { + # touch /etc/nginx/include/slideshow.phares.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/slideshow.phares.duckdns.org.key -out /etc/nginx/include/slideshow.phares.duckdns.org.crt -config /etc/nginx/include/slideshow.phares.duckdns.org + ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; + # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name slideshow.phares.duckdns.org; + root /var/www/html-slideshow; + index index.html index.htm; + location / { + try_files $uri $uri/ =404; + } +} diff --git a/etc/nginx/include/vaultwarden.conf b/etc/nginx/include/vaultwarden.conf new file mode 100644 index 0000000..aa08dd6 --- /dev/null +++ b/etc/nginx/include/vaultwarden.conf @@ -0,0 +1,34 @@ +server { + # touch /etc/nginx/include/vaultwarden.phares.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/vaultwarden.phares.duckdns.org.key -out /etc/nginx/include/vaultwarden.phares.duckdns.org.crt -config /etc/nginx/include/vaultwarden.phares.duckdns.org + ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; + # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + # server_tokens off; + # ssl_ciphers ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-CCM:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-CCM:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256; + # ssl_prefer_server_ciphers on; + # ssl_session_tickets off; + # ssl_session_timeout 1d; + # ssl_session_cache shared:SSL:10m; + # ssl_buffer_size 8k; + # # ssl_stapling on; + # ssl_stapling off; + # ssl_stapling_verify on; + # add_header X-Content-Type-Options nosniff; + # add_header Content-Security-Policy "object-src 'none'; base-uri 'none'; require-trusted-types-for 'script'; frame-ancestors 'self';"; + # add_header Strict-Transport-Security "max-age=15552001; includeSubdomains; preload"; + server_name vaultwarden.phares.duckdns.org; + client_max_body_size 5000m; + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + # proxy_pass http://10.147.229.6:8000/; + proxy_pass https://192.168.11.2:5008/; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + } +} \ No newline at end of file diff --git a/etc/nginx/include/warden.conf b/etc/nginx/include/warden.conf new file mode 100644 index 0000000..6b31b7d --- /dev/null +++ b/etc/nginx/include/warden.conf @@ -0,0 +1,34 @@ +server { + # touch /etc/nginx/include/warden.phares.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/warden.phares.duckdns.org.key -out /etc/nginx/include/warden.phares.duckdns.org.crt -config /etc/nginx/include/warden.phares.duckdns.org + ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; + # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + # server_tokens off; + # ssl_ciphers ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-CCM:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-CCM:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256; + # ssl_prefer_server_ciphers on; + # ssl_session_tickets off; + # ssl_session_timeout 1d; + # ssl_session_cache shared:SSL:10m; + # ssl_buffer_size 8k; + # # ssl_stapling on; + # ssl_stapling off; + # ssl_stapling_verify on; + # add_header X-Content-Type-Options nosniff; + # add_header Content-Security-Policy "object-src 'none'; base-uri 'none'; require-trusted-types-for 'script'; frame-ancestors 'self';"; + # add_header Strict-Transport-Security "max-age=15552001; includeSubdomains; preload"; + server_name warden.phares.duckdns.org; + client_max_body_size 5000m; + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + # proxy_pass http://10.147.229.6:8000/; + proxy_pass https://192.168.11.2:5008/; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + } +} \ No newline at end of file diff --git a/etc/nginx/include/xandikos.conf b/etc/nginx/include/xandikos.conf new file mode 100644 index 0000000..a04a147 --- /dev/null +++ b/etc/nginx/include/xandikos.conf @@ -0,0 +1,20 @@ +server { + # touch /etc/nginx/include/xandikos.phares.duckdns.org + # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/xandikos.phares.duckdns.org.key -out /etc/nginx/include/xandikos.phares.duckdns.org.crt -config /etc/nginx/include/xandikos.phares.duckdns.org + ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer; + # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer; + ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key; + ssl_protocols TLSv1.2 TLSv1.3; + listen 443 ssl http2; + server_name xandikos.phares.duckdns.org; + client_max_body_size 5000m; + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://192.168.11.2:8000/; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + } +} \ No newline at end of file diff --git a/etc/nginx/sites-available/default b/etc/nginx/sites-available/default index 84d9a23..bf5fd43 100644 --- a/etc/nginx/sites-available/default +++ b/etc/nginx/sites-available/default @@ -1,46 +1,51 @@ -# include /etc/nginx/include/ansible.conf; # https://ansible.phares.duckddns.org # https://192.168.11.2/; -# include /etc/nginx/include/assistant.conf; # https://assistant.phares.duckddns.org # http://192.168.11.2:5001/; -# include /etc/nginx/include/casa.conf; # https://casa.phares.duckddns.org # http://10.131.57.60/; -# include /etc/nginx/include/chat.conf; # https://chat.phares.duckddns.org # https://192.168.0.31:5001/; -# include /etc/nginx/include/codeserver.conf; # https://codeserver.phares.duckddns.org # http://192.168.11.2:5007/; -# include /etc/nginx/include/diskstation.conf; # https://diskstation.phares.duckddns.org # https://192.168.0.31:5001/; -# include /etc/nginx/include/dockge.conf; # https://dockge.phares.duckddns.org # http://192.168.11.2:5001/; -# include /etc/nginx/include/docmost.conf; # https://docmost.phares.duckddns.org # http://192.168.11.2:5006/; -# include /etc/nginx/include/drive.conf; # https://drive.phares.duckddns.org # https://192.168.0.31:5001/; -# include /etc/nginx/include/emby.conf; # https://emby.phares.duckddns.org # http://10.131.57.134:8096/; -# include /etc/nginx/include/filebrowser.conf; # https://filebrowser.phares.duckddns.org # http://192.168.11.2:8080/; -# include /etc/nginx/include/gogs.conf; # https://gogs.phares.duckddns.org # http://192.168.11.2:3000/; -# include /etc/nginx/include/incus.conf; # https://incus.phares.duckddns.org # http://192.168.11.2:5004/; -# include /etc/nginx/include/invoice.conf; # https://invoice.phares.duckddns.org # https://192.168.11.2/; -# include /etc/nginx/include/kestra.conf; # https://kestra.phares.duckddns.org # http://192.168.11.2:5002/; -# include /etc/nginx/include/lxconsole.conf; # https://lxconsole.phares.duckddns.org # http://192.168.11.2:5004/; -# include /etc/nginx/include/nextcloud.conf; # https://nextcloud.phares.duckddns.org # http://192.168.11.2:8081/; -# include /etc/nginx/include/owncast.conf; # https://owncast.phares.duckddns.org # http://10.131.57.141:8080/; -# include /etc/nginx/include/photoprism.conf; # https://photoprism.phares.duckddns.org # http://192.168.11.2:2342/; -# include /etc/nginx/include/photos.conf; # https://photos.phares.duckddns.org # https://192.168.0.31:5001/; -# include /etc/nginx/include/pihole.conf; # https://pihole.phares.duckddns.org # http://192.168.11.2:8005/admin/; -# include /etc/nginx/include/proxmox.conf; # https://proxmox.phares.duckddns.org # https://192.168.11.2:8006/; -# include /etc/nginx/include/readeck.conf; # https://readeck.phares.duckddns.org # http://192.168.11.2:8000/; -# include /etc/nginx/include/terraform.conf; # https://terraform.phares.duckddns.org # http://192.168.11.2:5001/; -# include /etc/nginx/include/traccar.conf; # https://traccar.phares.duckddns.org # http://192.168.11.2:3000/; -# include /etc/nginx/include/umbrel.conf; # https://umbrel.phares.duckddns.org # http://192.168.11.20/; -# include /etc/nginx/include/vscodium.conf; # https://vscodium.phares.duckddns.org # http://10.131.57.190:3000/; -# include /etc/nginx/include/wekan.conf; # https://wekan.phares.duckddns.org # http://192.168.11.2:5003/; -include /etc/nginx/include/adguard.conf; # https://adguard.phares.duckddns.org # http://192.168.11.2:3002/; -include /etc/nginx/include/affirm.conf; # https://affirm.phares.duckddns.org # http://192.168.11.2:8069/; -include /etc/nginx/include/baikal.conf; # https://baikal.phares.duckddns.org # http://192.168.11.2:8001/; -include /etc/nginx/include/cockpit.conf; # https://cockpit.phares.duckddns.org # http://192.168.11.2:9090/; -include /etc/nginx/include/dashkiosk.conf; # https://dashkiosk.phares.duckddns.org # http://192.168.11.2:9400/; -include /etc/nginx/include/gitea.conf; # https://gitea.phares.duckddns.org # http://192.168.11.2:3000/; -include /etc/nginx/include/immich.conf; # https://immich.phares.duckddns.org # http://192.168.11.2:2283/; -include /etc/nginx/include/mattermost.conf; # https://mattermost.phares.duckddns.org # http://192.168.11.2:8065/; -include /etc/nginx/include/music.conf; # https://music.phares.duckddns.org # http://192.168.11.2/; -include /etc/nginx/include/neko.conf; # https://neko.phares.duckddns.org # http://192.168.11.2:8082/; -include /etc/nginx/include/pgadmin.conf; # https://pgadmin.phares.duckddns.org # http://192.168.11.2:5007/; -include /etc/nginx/include/phares.conf; # https://phares.phares.duckddns.org # http://192.168.11.2/; -include /etc/nginx/include/quartz.conf; # https://quartz.phares.duckddns.org # http://192.168.11.2/; -include /etc/nginx/include/router.conf; # https://router.phares.duckddns.org # https://192.168.11.1/; -include /etc/nginx/include/slideshow.conf; # https://slideshow.phares.duckddns.org # http://192.168.11.2:8080/; -include /etc/nginx/include/uptimekuma.conf; # https://uptimekuma.phares.duckddns.org # http://192.168.11.2:3004/; -include /etc/nginx/include/vaultwarden.conf; # https://vaultwarden.phares.duckddns.org # http://192.168.11.2:5008/; -include /etc/nginx/include/xandikos.conf; # https://xandikos.phares.duckddns.org # http://192.168.11.2:8000/; \ No newline at end of file +# include /etc/nginx/include/ansible.conf; # https://ansible.phares.duckdns.org # https://192.168.11.2/; +# include /etc/nginx/include/assistant.conf; # https://assistant.phares.duckdns.org # http://192.168.11.2:5001/; +# include /etc/nginx/include/casa.conf; # https://casa.phares.duckdns.org # http://10.131.57.60/; +# include /etc/nginx/include/chat.conf; # https://chat.phares.duckdns.org # https://192.168.0.31:5001/; +# include /etc/nginx/include/codeserver.conf; # https://codeserver.phares.duckdns.org # http://192.168.11.2:5007/; +# include /etc/nginx/include/diskstation.conf; # https://diskstation.phares.duckdns.org # https://192.168.0.31:5001/; +# include /etc/nginx/include/dockge.conf; # https://dockge.phares.duckdns.org # http://192.168.11.2:5001/; +# include /etc/nginx/include/docmost.conf; # https://docmost.phares.duckdns.org # http://192.168.11.2:5006/; +# include /etc/nginx/include/drive.conf; # https://drive.phares.duckdns.org # https://192.168.0.31:5001/; +# include /etc/nginx/include/emby.conf; # https://emby.phares.duckdns.org # http://10.131.57.134:8096/; +# include /etc/nginx/include/filebrowser.conf; # https://filebrowser.phares.duckdns.org # http://192.168.11.2:8080/; +# include /etc/nginx/include/gogs.conf; # https://gogs.phares.duckdns.org # http://192.168.11.2:3000/; +# include /etc/nginx/include/incus.conf; # https://incus.phares.duckdns.org # http://192.168.11.2:5004/; +# include /etc/nginx/include/invoice.conf; # https://invoice.phares.duckdns.org # https://192.168.11.2/; +# include /etc/nginx/include/kestra.conf; # https://kestra.phares.duckdns.org # http://192.168.11.2:5002/; +# include /etc/nginx/include/lxconsole.conf; # https://lxconsole.phares.duckdns.org # http://192.168.11.2:5004/; +# include /etc/nginx/include/nextcloud.conf; # https://nextcloud.phares.duckdns.org # http://192.168.11.2:8081/; +# include /etc/nginx/include/owncast.conf; # https://owncast.phares.duckdns.org # http://10.131.57.141:8080/; +# include /etc/nginx/include/photoprism.conf; # https://photoprism.phares.duckdns.org # http://192.168.11.2:2342/; +# include /etc/nginx/include/photos.conf; # https://photos.phares.duckdns.org # https://192.168.0.31:5001/; +# include /etc/nginx/include/pihole.conf; # https://pihole.phares.duckdns.org # http://192.168.11.2:8005/admin/; +# include /etc/nginx/include/proxmox.conf; # https://proxmox.phares.duckdns.org # https://192.168.11.2:8006/; +# include /etc/nginx/include/readeck.conf; # https://readeck.phares.duckdns.org # http://192.168.11.2:8000/; +# include /etc/nginx/include/terraform.conf; # https://terraform.phares.duckdns.org # http://192.168.11.2:5001/; +# include /etc/nginx/include/traccar.conf; # https://traccar.phares.duckdns.org # http://192.168.11.2:3000/; +# include /etc/nginx/include/umbrel.conf; # https://umbrel.phares.duckdns.org # http://192.168.11.20/; +# include /etc/nginx/include/vscodium.conf; # https://vscodium.phares.duckdns.org # http://10.131.57.190:3000/; +# include /etc/nginx/include/wekan.conf; # https://wekan.phares.duckdns.org # http://192.168.11.2:5003/; +include /etc/nginx/include/adguard.conf; # https://adguard.phares.duckdns.org # http://192.168.11.2:3002/; +include /etc/nginx/include/affirm.conf; # https://*.affirm.duckdns.org # https://192.168.11.2/; +include /etc/nginx/include/baikal.conf; # https://baikal.phares.duckdns.org # http://192.168.11.2:8001/; +include /etc/nginx/include/bchs.conf; # https://*.bchs.duckdns.org # https://192.168.11.2/; +include /etc/nginx/include/cockpit.conf; # https://cockpit.phares.duckdns.org # https://192.168.11.2:9090/; +include /etc/nginx/include/dashkiosk.conf; # https://dashkiosk.phares.duckdns.org # http://192.168.11.2:9400/; +include /etc/nginx/include/firefox.conf; # https://firefox.phares.duckdns.org # https://192.168.11.2:5800/; +include /etc/nginx/include/gitea.conf; # https://gitea.phares.duckdns.org # http://192.168.11.2:3000/; +include /etc/nginx/include/immich.conf; # https://immich.phares.duckdns.org # http://192.168.11.2:2283/; +include /etc/nginx/include/immich-to-slideshow.conf; # https://immich-to-slideshow.affirm.duckdns.org # https://192.168.31.12:5009/; +include /etc/nginx/include/immichtoslideshow.conf; # https://immichtoslideshow.affirm.duckdns.org # https://192.168.31.12:5009/; +include /etc/nginx/include/kuma.conf; # https://kuma.phares.duckdns.org # https://192.168.11.2:3004/; +include /etc/nginx/include/mattermost.conf; # https://mattermost.phares.duckdns.org # https://192.168.11.2:8443/; +include /etc/nginx/include/neko.conf; # https://neko.phares.duckdns.org # http://192.168.11.2:8082/; +include /etc/nginx/include/odoo.conf; # https://odoo.phares.duckdns.org # http://192.168.11.2:8069/; +include /etc/nginx/include/pgadmin.conf; # https://pgadmin.phares.duckdns.org # https://192.168.11.2:5007/; +include /etc/nginx/include/phares.conf; # https://phares.duckdns.org # http://192.168.11.2:8083/; +include /etc/nginx/include/quartz.conf; # https://quartz.phares.duckdns.org # http://192.168.11.2:8084/; +include /etc/nginx/include/slideshow.conf; # https://slideshow.phares.duckdns.org # http://192.168.11.2:8080/; +include /etc/nginx/include/vaultwarden.conf; # https://vaultwarden.phares.duckdns.org # https://192.168.11.2:5008/; +include /etc/nginx/include/warden.conf; # https://warden.phares.duckdns.org # https://192.168.11.2:5008/; +include /etc/nginx/include/xandikos.conf; # https://xandikos.phares.duckdns.org # http://192.168.11.2:8000/; +# ssh root@free.file.sync.root -i C:/Users/phares/.ssh/id_ed25519 \ No newline at end of file diff --git a/etc/passwd b/etc/passwd index 5aa0e1b..f463df2 100644 --- a/etc/passwd +++ b/etc/passwd @@ -31,8 +31,8 @@ landscape:x:107:109::/var/lib/landscape:/usr/sbin/nologin fwupd-refresh:x:989:989:Firmware update daemon:/var/lib/fwupd:/usr/sbin/nologin usbmux:x:108:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin sshd:x:109:65534::/run/sshd:/usr/sbin/nologin -phares:x:1000:1000:Mike Phares:/home/phares:/bin/bash -podman:x:1002:1002:Podman,,,:/home/podman:/bin/bash +phares:x:1001:1001:Mike Phares:/home/phares:/bin/bash +podman:x:1000:1000:Podman,,,:/home/podman:/bin/bash lphares:x:1003:1003:Logan Phares,,,:/home/lphares:/bin/bash bmiller:x:1004:1004:Bill Miller,,,:/home/bmiller:/bin/bash unbound:x:110:111::/var/lib/unbound:/usr/sbin/nologin @@ -40,5 +40,9 @@ dnsmasq:x:999:65534:dnsmasq:/var/lib/misc:/usr/sbin/nologin cockpit-ws:x:111:112::/nonexistent:/usr/sbin/nologin cockpit-wsinstance:x:112:113::/nonexistent:/usr/sbin/nologin pcp:x:996:988:Performance Co-Pilot:/var/lib/pcp:/usr/sbin/nologin -persa:x:1001:1001:Persaya Cortez,,,:/home/persa:/bin/bash +persa:x:1002:1002:Persaya Cortez,,,:/home/persa:/bin/bash redis:x:113:114::/var/lib/redis:/usr/sbin/nologin +swtpm:x:114:115:virtual TPM software stack,,,:/var/lib/swtpm:/bin/false +libvirt-qemu:x:64055:994:Libvirt Qemu,,,:/var/lib/libvirt:/usr/sbin/nologin +libvirt-dnsmasq:x:115:117:Libvirt Dnsmasq,,,:/var/lib/libvirt/dnsmasq:/usr/sbin/nologin +libvirtdbus:x:116:118:libvirt-dbus user,,,:/nonexistent:/usr/sbin/nologin diff --git a/etc/passwd- b/etc/passwd- index e6fef23..59f5e27 100644 --- a/etc/passwd- +++ b/etc/passwd- @@ -31,8 +31,8 @@ landscape:x:107:109::/var/lib/landscape:/usr/sbin/nologin fwupd-refresh:x:989:989:Firmware update daemon:/var/lib/fwupd:/usr/sbin/nologin usbmux:x:108:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin sshd:x:109:65534::/run/sshd:/usr/sbin/nologin -phares:x:1000:1000:Mike Phares:/home/phares:/bin/bash -podman:x:1002:1002:Podman,,,:/home/podman:/bin/bash +phares:x:1001:1001:Mike Phares:/home/phares:/bin/bash +podman:x:1000:1000:Podman,,,:/home/podman:/bin/bash lphares:x:1003:1003:Logan Phares,,,:/home/lphares:/bin/bash bmiller:x:1004:1004:Bill Miller,,,:/home/bmiller:/bin/bash unbound:x:110:111::/var/lib/unbound:/usr/sbin/nologin @@ -40,4 +40,9 @@ dnsmasq:x:999:65534:dnsmasq:/var/lib/misc:/usr/sbin/nologin cockpit-ws:x:111:112::/nonexistent:/usr/sbin/nologin cockpit-wsinstance:x:112:113::/nonexistent:/usr/sbin/nologin pcp:x:996:988:Performance Co-Pilot:/var/lib/pcp:/usr/sbin/nologin -persa:x:1001:1001:Persaya Cortez,,,:/home/persa:/bin/bash +persa:x:1002:1002:Persaya Cortez,,,:/home/persa:/bin/bash +redis:x:113:114::/var/lib/redis:/usr/sbin/nologin +swtpm:x:114:115:virtual TPM software stack,,,:/var/lib/swtpm:/bin/false +libvirt-qemu:x:64055:994:Libvirt Qemu,,,:/var/lib/libvirt:/usr/sbin/nologin +libvirt-dnsmasq:x:115:117:Libvirt Dnsmasq,,,:/var/lib/libvirt/dnsmasq:/usr/sbin/nologin +libvirtdbus:x:116:118::/nonexistent:/usr/sbin/nologin diff --git a/etc/shadow b/etc/shadow index 476f8ca..6cf0664 100644 --- a/etc/shadow +++ b/etc/shadow @@ -42,3 +42,7 @@ cockpit-wsinstance:!:19930:::::: pcp:!:19938:::::: persa:$y$j9T$9AiaUMaouaQcqO9TOrKZe.$XSerhwFhjwluy/xONVpJVUmeQfXk/qasTO6FCFmw9E1:19978:0:99999:7::: redis:!:20001:::::: +swtpm:!:20038:::::: +libvirt-qemu:!:20038:::::: +libvirt-dnsmasq:!:20038:::::: +libvirtdbus:!:20038:::::: diff --git a/etc/shadow- b/etc/shadow- index 5883a05..a66d36b 100644 --- a/etc/shadow- +++ b/etc/shadow- @@ -41,3 +41,7 @@ cockpit-ws:!:19930:::::: cockpit-wsinstance:!:19930:::::: pcp:!:19938:::::: persa:$y$j9T$9AiaUMaouaQcqO9TOrKZe.$XSerhwFhjwluy/xONVpJVUmeQfXk/qasTO6FCFmw9E1:19978:0:99999:7::: +redis:!:20001:::::: +swtpm:!:20038:::::: +libvirt-qemu:!:20038:::::: +libvirt-dnsmasq:!:20038:::::: diff --git a/etc/systemd/system/snap.certbot.renew.service b/etc/systemd/system/snap.certbot.renew.service index b00c025..677bc27 100644 --- a/etc/systemd/system/snap.certbot.renew.service +++ b/etc/systemd/system/snap.certbot.renew.service @@ -1,9 +1,9 @@ [Unit] # Auto-generated, DO NOT EDIT Description=Service for snap application certbot.renew -Requires=snap-certbot-4182.mount +Requires=snap-certbot-4193.mount Wants=network.target -After=snap-certbot-4182.mount network.target snapd.apparmor.service +After=snap-certbot-4193.mount network.target snapd.apparmor.service X-Snappy=yes [Service] @@ -11,6 +11,6 @@ EnvironmentFile=-/etc/environment ExecStart=/usr/bin/snap run --timer="00:00~24:00/2" certbot.renew SyslogIdentifier=certbot.renew Restart=no -WorkingDirectory=/var/snap/certbot/4182 +WorkingDirectory=/var/snap/certbot/4193 TimeoutStopSec=30 Type=oneshot diff --git a/etc/systemd/system/snap.certbot.renew.timer b/etc/systemd/system/snap.certbot.renew.timer index 8531402..fb457d8 100644 --- a/etc/systemd/system/snap.certbot.renew.timer +++ b/etc/systemd/system/snap.certbot.renew.timer @@ -1,14 +1,14 @@ [Unit] # Auto-generated, DO NOT EDIT Description=Timer renew for snap application certbot.renew -Requires=snap-certbot-4182.mount -After=snap-certbot-4182.mount +Requires=snap-certbot-4193.mount +After=snap-certbot-4193.mount X-Snappy=yes [Timer] Unit=snap.certbot.renew.service -OnCalendar=*-*-* 06:44 -OnCalendar=*-*-* 22:31 +OnCalendar=*-*-* 11:49 +OnCalendar=*-*-* 16:30 [Install] WantedBy=timers.target diff --git a/etc/systemd/system/snap.vaultwarden.vaultwarden.service b/etc/systemd/system/snap.vaultwarden.vaultwarden.service new file mode 100644 index 0000000..9aaac05 --- /dev/null +++ b/etc/systemd/system/snap.vaultwarden.vaultwarden.service @@ -0,0 +1,19 @@ +[Unit] +# Auto-generated, DO NOT EDIT +Description=Service for snap application vaultwarden.vaultwarden +Requires=snap-vaultwarden-143.mount +Wants=network.target +After=snap-vaultwarden-143.mount network.target snapd.apparmor.service +X-Snappy=yes + +[Service] +EnvironmentFile=-/etc/environment +ExecStart=/usr/bin/snap run vaultwarden +SyslogIdentifier=vaultwarden.vaultwarden +Restart=on-failure +WorkingDirectory=/var/snap/vaultwarden/143 +TimeoutStopSec=30 +Type=simple + +[Install] +WantedBy=multi-user.target diff --git a/home/podman/.config/containers/systemd/firefox-data.volume b/home/podman/.config/containers/systemd/firefox-data.volume new file mode 100644 index 0000000..a153d05 --- /dev/null +++ b/home/podman/.config/containers/systemd/firefox-data.volume @@ -0,0 +1 @@ +[Volume] \ No newline at end of file diff --git a/home/podman/.config/containers/systemd/firefox.container b/home/podman/.config/containers/systemd/firefox.container new file mode 100644 index 0000000..8db0f04 --- /dev/null +++ b/home/podman/.config/containers/systemd/firefox.container @@ -0,0 +1,28 @@ +[Container] +AutoUpdate=registry +ContainerName=firefox +Environment="FF_OPEN_URL=https://192.168.11.1" +Image=docker.io/jlesage/firefox:v24.11.1 +# Network=firefox.network +# Pod=firefox.pod +PublishPort=5800:5800 +Volume=/etc/localtime:/etc/localtime:ro +Volume=/etc/timezone:/etc/timezone:ro +Volume=firefox-data.volume:/config:rw + +[Service] +Restart=no + +[Install] +WantedBy=multi-user.target default.target + +# podman pull docker.io/jlesage/firefox:v24.11.1 +# systemctl --user daemon-reload +# systemctl --user start firefox +# systemctl --user status firefox +# journalctl -fu firefox.service +# podman logs firefox +# systemctl --user stop firefox +# systemctl --user disable firefox +# podman exec -ti firefox /bin/sh +# podman exec -ti firefox /bin/bash diff --git a/home/podman/.config/containers/systemd/immich-to-slideshow-server.container b/home/podman/.config/containers/systemd/immich-to-slideshow-server.container new file mode 100644 index 0000000..d867c7a --- /dev/null +++ b/home/podman/.config/containers/systemd/immich-to-slideshow-server.container @@ -0,0 +1,32 @@ +[Container] +AutoUpdate=registry +ContainerName=immich-to-slideshow-server +Environment="ASPNETCORE_ENVIRONMENT=Production" +Image=gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest +# Network=immich-to-slideshow-server.network +# Pod=immich-to-slideshow-server.pod +PublishPort=5009:5001 +Volume=/etc/localtime:/etc/localtime:ro +Volume=/etc/timezone:/etc/timezone:ro +Volume=immich-server-upload.volume:/app/immich:ro +Volume=/var/www/html-slideshow/slideshow/random-results:/app/random-results:rw +Volume=/var/www/html-slideshow/slideshow/5f0b1052-466d-44de-a554-226d7256850d:/app/sync:rw +# Volume=/home/podman/.microsoft/usersecrets/cc24ad7a-1d95-4c47-a3ea-0d8475ab06da:/~/.microsoft/usersecrets/cc24ad7a-1d95-4c47-a3ea-0d8475ab06da:ro +Volume=/home/podman/.microsoft/usersecrets/cc24ad7a-1d95-4c47-a3ea-0d8475ab06da/secrets.json:/app/secrets.json:ro + +[Service] +Restart=no + +[Install] +WantedBy=multi-user.target default.target + +# podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest +# systemctl --user daemon-reload +# systemctl --user start immich-to-slideshow-server +# systemctl --user status immich-to-slideshow-server +# journalctl -fu immich-to-slideshow-server.service +# podman logs immich-to-slideshow-server +# systemctl --user stop immich-to-slideshow-server +# systemctl --user disable immich-to-slideshow-server +# podman exec -ti immich-to-slideshow-server /bin/sh +# podman exec -ti immich-to-slideshow-server /bin/bash diff --git a/home/podman/.config/containers/systemd/mattermost-server.container b/home/podman/.config/containers/systemd/mattermost-server.container index 4733ef4..49827db 100644 --- a/home/podman/.config/containers/systemd/mattermost-server.container +++ b/home/podman/.config/containers/systemd/mattermost-server.container @@ -10,7 +10,7 @@ Environment="TZ=US/Arizona" Image=docker.io/mattermost/mattermost-team-edition:9.11.2 # Network=mattermost.network # Pod=mattermost.pod -PublishPort=8065:8065 +# PublishPort=8065:8065 PublishPort=8443:8443 Volume=/etc/localtime:/etc/localtime:ro Volume=/etc/timezone:/etc/timezone:ro @@ -20,6 +20,8 @@ Volume=mattermost-server-config.volume:/mattermost/config:rw Volume=mattermost-server-data.volume:/mattermost/data:rw Volume=mattermost-server-logs.volume:/mattermost/logs:rw Volume=mattermost-server-plugins.volume:/mattermost/plugins:rw +Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro +Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro [Service] Restart=no @@ -30,16 +32,6 @@ Requires=mattermost-db.service [Install] WantedBy=multi-user.target default.target -# chown -R podman:podman /home/podman/.config/containers/systemd -# /usr/libexec/podman/quadlet -dryrun --user -# /usr/libexec/podman/quadlet --user /home/podman/libexec-podman-quadlet-output -# find / -name "mattermost-server.service" 2>/dev/null -# /home/podman/quadlet/mattermost-server.service -# /home/podman/quadlet/default.target.wants/mattermost-server.service -# /home/podman/quadlet/multi-user.target.wants/mattermost-server.service -# /run/user/1002/systemd/generator/multi-user.target.wants/mattermost-server.service -# /run/user/1002/systemd/generator/default.target.wants/mattermost-server.service -# /run/user/1002/systemd/generator/mattermost-server.service # podman pull docker.io/mattermost/mattermost-team-edition:9.11.2 # systemctl --user daemon-reload # systemctl --user start mattermost-server diff --git a/home/podman/.config/containers/systemd/neko-server.container b/home/podman/.config/containers/systemd/neko-server.container index fcaf3a2..d7e8c72 100644 --- a/home/podman/.config/containers/systemd/neko-server.container +++ b/home/podman/.config/containers/systemd/neko-server.container @@ -20,16 +20,6 @@ Restart=no [Install] WantedBy=multi-user.target default.target -# chown -R podman:podman /home/podman/.config/containers/systemd -# /usr/libexec/podman/quadlet -dryrun --user -# /usr/libexec/podman/quadlet --user /home/podman/libexec-podman-quadlet-output -# find / -name "neko-server.service" 2>/dev/null -# /home/podman/quadlet/neko-server.service -# /home/podman/quadlet/default.target.wants/neko-server.service -# /home/podman/quadlet/multi-user.target.wants/neko-server.service -# /run/user/1002/systemd/generator/multi-user.target.wants/neko-server.service -# /run/user/1002/systemd/generator/default.target.wants/neko-server.service -# /run/user/1002/systemd/generator/neko-server.service # podman pull docker.io/m1k1o/neko:firefox # systemctl --user daemon-reload # systemctl --user start neko-server diff --git a/home/podman/.config/containers/systemd/pgadmin.container b/home/podman/.config/containers/systemd/pgadmin.container index 37856aa..0ae1642 100644 --- a/home/podman/.config/containers/systemd/pgadmin.container +++ b/home/podman/.config/containers/systemd/pgadmin.container @@ -3,11 +3,20 @@ AutoUpdate=registry ContainerName=pgadmin Environment="PGADMIN_DEFAULT_EMAIL=mikepharesjr@msn.com" Environment="PGADMIN_DEFAULT_PASSWORD=Vm1jZ4mzdaF1q#pn4v1b" +Environment="PGADMIN_LISTEN_ADDRESS=0.0.0.0" +# Environment="PGADMIN_LISTEN_ADDRESS=192.168.11.2" +# Environment="PGADMIN_LISTEN_ADDRESS=127.0.0.1" +# Environment="PGADMIN_LISTEN_ADDRESS=10.0.2.100" +Environment="PGADMIN_ENABLE_TLS=true" Image=docker.io/dpage/pgadmin4:8.12 # Network=gitea.network # Pod=gitea.pod -PublishPort=5007:80 +# PublishPort=5007:80 +PublishPort=5007:443 +Volume=/etc/localtime:/etc/localtime:ro Volume=pgadmin-data.volume:/var/lib/pgadmin/:Z +Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro +Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro [Service] Restart=no diff --git a/home/podman/.config/containers/systemd/uptime-kuma-server.container b/home/podman/.config/containers/systemd/uptime-kuma-server.container index 8e4e0c9..7abbdda 100644 --- a/home/podman/.config/containers/systemd/uptime-kuma-server.container +++ b/home/podman/.config/containers/systemd/uptime-kuma-server.container @@ -1,11 +1,18 @@ [Container] AutoUpdate=registry ContainerName=uptime-kuma-server +# Environment="NODE_TLS_REJECT_UNAUTHORIZED=1" +Environment="UPTIME_KUMA_SSL_CERT=/certs/server.cert" +Environment="UPTIME_KUMA_SSL_KEY=/certs/server.key" Image=docker.io/louislam/uptime-kuma:1 # Network=uptime-kuma.network # Pod=uptime-kuma.pod +PodmanArgs=--add-host=cockpit.phares.duckdns.org:192.168.11.2 +PodmanArgs=--add-host=mattermost.phares.duckdns.org:192.168.11.2 PublishPort=3004:3001 Volume=uptime-kuma-server-data.volume:/app/data:rw +Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro +Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro [Service] Restart=no @@ -13,16 +20,6 @@ Restart=no [Install] WantedBy=multi-user.target default.target -# chown -R podman:podman /home/podman/.config/containers/systemd -# /usr/libexec/podman/quadlet -dryrun --user -# /usr/libexec/podman/quadlet --user /home/podman/libexec-podman-quadlet-output -# find / -name "uptime-kuma-server.service" 2>/dev/null -# /home/podman/quadlet/uptime-kuma-server.service -# /home/podman/quadlet/default.target.wants/uptime-kuma-server.service -# /home/podman/quadlet/multi-user.target.wants/uptime-kuma-server.service -# /run/user/1002/systemd/generator/multi-user.target.wants/uptime-kuma-server.service -# /run/user/1002/systemd/generator/default.target.wants/uptime-kuma-server.service -# /run/user/1002/systemd/generator/uptime-kuma-server.service # podman pull docker.io/louislam/uptime-kuma:1 # systemctl --user daemon-reload # systemctl --user start uptime-kuma-server diff --git a/home/podman/.config/containers/systemd/vaultwarden-server.container b/home/podman/.config/containers/systemd/vaultwarden-server.container deleted file mode 100644 index f62a747..0000000 --- a/home/podman/.config/containers/systemd/vaultwarden-server.container +++ /dev/null @@ -1,43 +0,0 @@ -[Container] -AutoUpdate=registry -ContainerName=vaultwarden-server -Image=docker.io/vaultwarden/server:latest@sha256:7de8fd442afc26e4932a0b2521e2eec82db9f17667eef7b46fd9c2fa2e639de2 -# Network=vaultwarden.network -# Pod=vaultwarden.pod -PublishPort=5008:80 -Volume=vaultwarden-server-data.volume:/data:rw -Environment="ADMIN_TOKEN=7jrceE25+m5vPMK9jmVT8VsMM/0Svoiz4YEpLYHHT2hSaJPIlXcP8lOXwR5GpdaM" -# Environment="ADMIN_TOKEN=$argon2id$v=19$m=65540,t=3,p=4$U3JuRm84cFpHOC9Rbi9ZOWdzdXU2RFl5ajZka2trNnBJWTJCZW1BT3VUOD0$tc54DJ7/6bA5iNgSFF9KtKktP8u4mMU8unrGiL8hJMY" -# Environment="ADMIN_TOKEN=$$argon2id$$v=19$$m=65540,t=3,p=4$$U3JuRm84cFpHOC9Rbi9ZOWdzdXU2RFl5ajZka2trNnBJWTJCZW1BT3VUOD0$$tc54DJ7/6bA5iNgSFF9KtKktP8u4mMU8unrGiL8hJMY" -Environment="DATABASE_URL=postgresql://vaultwarden:vaultwarden@192.168.11.2:5435/vaultwarden" -Environment="DOMAIN=https://vaultwarden.phares.duckdns.org" -Environment="SIGNUPS_ALLOWED=true" -Environment="SMTP_FROM=phares@centurylink.net" -Environment="SMTP_HOST=smtp.centurylink.net" -Environment="SMTP_PASSWORD=0jbeze5r#OQqne73yFlp" -Environment="SMTP_PORT=587" -Environment="SMTP_SSL=false" -Environment="SMTP_USERNAME=phares@centurylink.net" -Environment="WEBSOCKET_ENABLED=true" - -[Service] -Restart=no - -[Unit] -Requires=vaultwarden-db.service -After=vaultwarden-db.service - -[Install] -WantedBy=multi-user.target default.target - -# podman pull docker.io/vaultwarden/server:latest@sha256:7de8fd442afc26e4932a0b2521e2eec82db9f17667eef7b46fd9c2fa2e639de2 -# x-podman pull docker.io/vaultwarden/server:1.31.0 -# systemctl --user daemon-reload -# systemctl --user start vaultwarden-server -# systemctl --user status vaultwarden-server -# journalctl -fu vaultwarden-server.service -# podman logs vaultwarden-server -# systemctl --user stop vaultwarden-server -# systemctl --user disable vaultwarden-server -# podman exec -ti vaultwarden-server /bin/sh -# podman exec -ti vaultwarden-server /bin/bash