Compare commits
2 Commits
07-26
...
56c3e1f963
| Author | SHA1 | Date | |
|---|---|---|---|
| 56c3e1f963 | |||
| 01853e0ba2 |
3
.gitignore
vendored
3
.gitignore
vendored
@ -5,6 +5,8 @@
|
||||
|
||||
!*/
|
||||
|
||||
!.vscode/*
|
||||
|
||||
!etc/*.md
|
||||
!etc/bash_history*
|
||||
!etc/group*
|
||||
@ -21,6 +23,7 @@
|
||||
!etc/lighttpd/lighttpd.conf
|
||||
!etc/network/interfaces
|
||||
!etc/passwd
|
||||
!etc/pihole/custom.list
|
||||
!etc/pihole/dhcp.leases
|
||||
!etc/pihole/index.nginx-debian.html
|
||||
!etc/pihole/setupVars.conf
|
||||
|
||||
5
.vscode/mklink.md
vendored
Normal file
5
.vscode/mklink.md
vendored
Normal file
@ -0,0 +1,5 @@
|
||||
# mklink
|
||||
|
||||
```bash Sat Jul 27 2024 07:50:14 GMT-0700 (Mountain Standard Time)
|
||||
mklink "L:\Git\Linux-Ubuntu-Server\.vscode\rebuild-ubuntu-beelink.md" "D:\5-Other-Small\Kanban\Phares\tasks\rebuild-ubuntu-beelink.md"
|
||||
```
|
||||
1
.vscode/rebuild-ubuntu-beelink.md
vendored
Symbolic link
1
.vscode/rebuild-ubuntu-beelink.md
vendored
Symbolic link
@ -0,0 +1 @@
|
||||
D:/5-Other-Small/Kanban/Phares/tasks/rebuild-ubuntu-beelink.md
|
||||
7
.vscode/settings.json
vendored
Normal file
7
.vscode/settings.json
vendored
Normal file
@ -0,0 +1,7 @@
|
||||
{
|
||||
"files.associations": {
|
||||
"*.container": "ini",
|
||||
"*.org": "ini",
|
||||
"*.net": "ini"
|
||||
}
|
||||
}
|
||||
12
etc/.pihole/.gitignore
vendored
12
etc/.pihole/.gitignore
vendored
@ -1,12 +0,0 @@
|
||||
.DS_Store
|
||||
*.pyc
|
||||
*.swp
|
||||
__pycache__
|
||||
.cache
|
||||
.pytest_cache
|
||||
.tox
|
||||
.eggs
|
||||
*.egg-info
|
||||
.idea/
|
||||
*.iml
|
||||
.vscode/
|
||||
@ -1,82 +0,0 @@
|
||||
# Pi-hole: A black hole for Internet advertisements
|
||||
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
|
||||
# Network-wide ad blocking via your own hardware.
|
||||
#
|
||||
# Lighttpd config for Pi-hole
|
||||
#
|
||||
# This file is copyright under the latest version of the EUPL.
|
||||
# Please see LICENSE file for your rights under this license.
|
||||
|
||||
###############################################################################
|
||||
# FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE. #
|
||||
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
|
||||
###############################################################################
|
||||
|
||||
server.errorlog := "/var/log/lighttpd/error-pihole.log"
|
||||
|
||||
$HTTP["url"] =~ "^/admin/" {
|
||||
server.document-root = "/var/www/html"
|
||||
server.stream-response-body = 1
|
||||
accesslog.filename = "/var/log/lighttpd/access-pihole.log"
|
||||
accesslog.format = "%{%s}t|%h|%V|%r|%s|%b"
|
||||
|
||||
fastcgi.server = (
|
||||
".php" => (
|
||||
"localhost" => (
|
||||
"socket" => "/run/lighttpd/pihole-php-fastcgi.socket",
|
||||
"bin-path" => "/usr/bin/php-cgi",
|
||||
"min-procs" => 1,
|
||||
"max-procs" => 1,
|
||||
"bin-environment" => (
|
||||
"PHP_FCGI_CHILDREN" => "4",
|
||||
"PHP_FCGI_MAX_REQUESTS" => "10000",
|
||||
),
|
||||
"bin-copy-environment" => (
|
||||
"PATH", "SHELL", "USER"
|
||||
),
|
||||
"broken-scriptfilename" => "enable",
|
||||
)
|
||||
)
|
||||
)
|
||||
|
||||
# X-Pi-hole is a response header for debugging using curl -I
|
||||
# X-Frame-Options prevents clickjacking attacks and helps ensure your content is not embedded into other sites via < frame >, < iframe > or < object >.
|
||||
# X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. This is important because it tells the browser to block the response if a malicious script has been inserted from a user input. (deprecated; disabled)
|
||||
# X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. This is important because the browser will only load external resources if their content-type matches what is expected, and not malicious hidden code.
|
||||
# Content-Security-Policy tells the browser where resources are allowed to be loaded and if it’s allowed to parse/run inline styles or Javascript. This is important because it prevents content injection attacks, such as Cross Site Scripting (XSS).
|
||||
# X-Permitted-Cross-Domain-Policies is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains.
|
||||
# Referrer-Policy allows control/restriction of the amount of information present in the referral header for links away from your page—the URL path or even if the header is sent at all.
|
||||
setenv.add-response-header = (
|
||||
"X-Pi-hole" => "The Pi-hole Web interface is working!",
|
||||
"X-Frame-Options" => "DENY",
|
||||
"X-XSS-Protection" => "0",
|
||||
"X-Content-Type-Options" => "nosniff",
|
||||
"Content-Security-Policy" => "default-src 'self' 'unsafe-inline';",
|
||||
"X-Permitted-Cross-Domain-Policies" => "none",
|
||||
"Referrer-Policy" => "same-origin"
|
||||
)
|
||||
|
||||
# Block . files from being served, such as .git, .github, .gitignore
|
||||
$HTTP["url"] =~ "^/admin/\." {
|
||||
url.access-deny = ("")
|
||||
}
|
||||
|
||||
# allow teleporter and API qr code iframe on settings page
|
||||
$HTTP["url"] =~ "/(teleporter|api_token)\.php$" {
|
||||
$HTTP["referer"] =~ "/admin/settings\.php" {
|
||||
setenv.set-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
|
||||
}
|
||||
}
|
||||
}
|
||||
else $HTTP["url"] == "/admin" {
|
||||
url.redirect = ("" => "/admin/")
|
||||
}
|
||||
|
||||
$HTTP["host"] == "pi.hole" {
|
||||
$HTTP["url"] == "/" {
|
||||
url.redirect = ("" => "/admin/")
|
||||
}
|
||||
}
|
||||
|
||||
# (keep this on one line for basic-install.sh filtering during install)
|
||||
server.modules += ( "mod_access", "mod_accesslog", "mod_redirect", "mod_fastcgi", "mod_setenv" )
|
||||
@ -2,8 +2,6 @@
|
||||
|
||||
## Ubuntu and Docker End of July 2024
|
||||
|
||||
### Dashkiosk
|
||||
|
||||
### authorized_keys
|
||||
|
||||
```bash Thu Jul 25 2024 16:02:13 GMT-0700 (Mountain Standard Time)
|
||||
@ -364,6 +362,20 @@ reboot
|
||||
nano /etc/default/grub
|
||||
```
|
||||
|
||||
```conf Fri Jul 26 2024 10:45:47 GMT-0700 (Mountain Standard Time)
|
||||
# https://opensource.com/article/22/8/disable-ipv6
|
||||
# GRUB_CMDLINE_LINUX_DEFAULT=""
|
||||
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash"
|
||||
# GRUB_CMDLINE_LINUX=""
|
||||
GRUB_CMDLINE_LINUX="ipv6.disable=1"
|
||||
```
|
||||
|
||||
```bash Fri Jul 26 2024 10:45:51 GMT-0700 (Mountain Standard Time)
|
||||
grub-mkconfig
|
||||
exit
|
||||
reboot
|
||||
```
|
||||
|
||||
### Fix Unbond (Move up next time!!!)
|
||||
|
||||
```conf Fri Jul 26 2024 10:45:41 GMT-0700 (Mountain Standard Time)
|
||||
@ -379,20 +391,6 @@ systemctl disable --now unbound-resolvconf.service
|
||||
service unbound restart
|
||||
```
|
||||
|
||||
```conf Fri Jul 26 2024 10:45:47 GMT-0700 (Mountain Standard Time)
|
||||
# https://opensource.com/article/22/8/disable-ipv6
|
||||
# GRUB_CMDLINE_LINUX_DEFAULT=""
|
||||
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash"
|
||||
# GRUB_CMDLINE_LINUX=""
|
||||
GRUB_CMDLINE_LINUX="ipv6.disable=1"
|
||||
```
|
||||
|
||||
```bash Fri Jul 26 2024 10:45:51 GMT-0700 (Mountain Standard Time)
|
||||
grub-mkconfig
|
||||
exit
|
||||
reboot
|
||||
```
|
||||
|
||||
### Cockpit (Move up next time!!!)
|
||||
|
||||
- [cockpit](https://cockpit-project.org/)
|
||||
|
||||
@ -1,39 +0,0 @@
|
||||
# Pi-hole: A black hole for Internet advertisements
|
||||
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
|
||||
# Network-wide ad blocking via your own hardware.
|
||||
#
|
||||
# Dnsmasq config for Pi-hole's FTLDNS
|
||||
#
|
||||
# This file is copyright under the latest version of the EUPL.
|
||||
# Please see LICENSE file for your rights under this license.
|
||||
|
||||
###############################################################################
|
||||
# FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. #
|
||||
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
|
||||
# #
|
||||
# IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN: #
|
||||
# /etc/pihole/setupVars.conf #
|
||||
# #
|
||||
# ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE #
|
||||
# WITHIN /etc/dnsmasq.d/yourname.conf #
|
||||
###############################################################################
|
||||
|
||||
addn-hosts=/etc/pihole/local.list
|
||||
addn-hosts=/etc/pihole/custom.list
|
||||
|
||||
|
||||
localise-queries
|
||||
|
||||
|
||||
no-resolv
|
||||
|
||||
log-queries
|
||||
log-facility=/var/log/pihole/pihole.log
|
||||
|
||||
log-async
|
||||
cache-size=10000
|
||||
server=127.0.0.1#5335
|
||||
domain-needed
|
||||
expand-hosts
|
||||
bogus-priv
|
||||
local-service
|
||||
@ -1,42 +0,0 @@
|
||||
# Pi-hole: A black hole for Internet advertisements
|
||||
# (c) 2021 Pi-hole, LLC (https://pi-hole.net)
|
||||
# Network-wide ad blocking via your own hardware.
|
||||
#
|
||||
# RFC 6761 config file for Pi-hole
|
||||
#
|
||||
# This file is copyright under the latest version of the EUPL.
|
||||
# Please see LICENSE file for your rights under this license.
|
||||
|
||||
###############################################################################
|
||||
# FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. #
|
||||
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
|
||||
# #
|
||||
# CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE #
|
||||
# WITHIN /etc/dnsmasq.d/yourname.conf #
|
||||
###############################################################################
|
||||
|
||||
# RFC 6761: Caching DNS servers SHOULD recognize
|
||||
# test, localhost, invalid
|
||||
# names as special and SHOULD NOT attempt to look up NS records for them, or
|
||||
# otherwise query authoritative DNS servers in an attempt to resolve these
|
||||
# names.
|
||||
server=/test/
|
||||
server=/localhost/
|
||||
server=/invalid/
|
||||
|
||||
# The same RFC requests something similar for
|
||||
# 10.in-addr.arpa. 21.172.in-addr.arpa. 27.172.in-addr.arpa.
|
||||
# 16.172.in-addr.arpa. 22.172.in-addr.arpa. 28.172.in-addr.arpa.
|
||||
# 17.172.in-addr.arpa. 23.172.in-addr.arpa. 29.172.in-addr.arpa.
|
||||
# 18.172.in-addr.arpa. 24.172.in-addr.arpa. 30.172.in-addr.arpa.
|
||||
# 19.172.in-addr.arpa. 25.172.in-addr.arpa. 31.172.in-addr.arpa.
|
||||
# 20.172.in-addr.arpa. 26.172.in-addr.arpa. 168.192.in-addr.arpa.
|
||||
# Pi-hole implements this via the dnsmasq option "bogus-priv" (see
|
||||
# 01-pihole.conf) because this also covers IPv6.
|
||||
|
||||
# OpenWRT furthermore blocks bind, local, onion domains
|
||||
# see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD
|
||||
# and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml
|
||||
# We do not include the ".local" rule ourselves, see https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972
|
||||
server=/bind/
|
||||
server=/onion/
|
||||
@ -34,7 +34,7 @@ sasl:x:45:
|
||||
plugdev:x:46:phares
|
||||
staff:x:50:
|
||||
games:x:60:
|
||||
users:x:100:pihole,podman,lphares,bmiller
|
||||
users:x:100:podman,lphares,bmiller,persa
|
||||
nogroup:x:65534:
|
||||
systemd-journal:x:999:
|
||||
systemd-network:x:998:
|
||||
@ -58,10 +58,12 @@ landscape:x:109:
|
||||
fwupd-refresh:x:989:
|
||||
netdev:x:110:
|
||||
phares:x:1000:
|
||||
pihole:x:1001:www-data
|
||||
podman:x:1002:
|
||||
lphares:x:1003:bmiller
|
||||
lphares:x:1003:bmiller,persa
|
||||
bmiller:x:1004:
|
||||
unbound:x:111:
|
||||
cockpit-ws:x:112:
|
||||
cockpit-wsinstance:x:113:
|
||||
pcp:x:988:
|
||||
persa:x:1001:
|
||||
redis:x:114:
|
||||
|
||||
@ -34,7 +34,7 @@ sasl:x:45:
|
||||
plugdev:x:46:phares
|
||||
staff:x:50:
|
||||
games:x:60:
|
||||
users:x:100:pihole,podman,lphares,bmiller
|
||||
users:x:100:podman,lphares,bmiller,persa
|
||||
nogroup:x:65534:
|
||||
systemd-journal:x:999:
|
||||
systemd-network:x:998:
|
||||
@ -58,9 +58,11 @@ landscape:x:109:
|
||||
fwupd-refresh:x:989:
|
||||
netdev:x:110:
|
||||
phares:x:1000:
|
||||
pihole:x:1001:www-data
|
||||
podman:x:1002:
|
||||
lphares:x:1003:bmiller
|
||||
lphares:x:1003:bmiller,persa
|
||||
bmiller:x:1004:
|
||||
unbound:x:111:
|
||||
cockpit-ws:x:112:
|
||||
cockpit-wsinstance:x:113:
|
||||
pcp:x:988:
|
||||
persa:x:1001:
|
||||
|
||||
@ -34,7 +34,7 @@ sasl:*::
|
||||
plugdev:*::phares
|
||||
staff:*::
|
||||
games:*::
|
||||
users:*::pihole,podman,lphares,bmiller
|
||||
users:*::podman,lphares,bmiller,persa
|
||||
nogroup:*::
|
||||
systemd-journal:!*::
|
||||
systemd-network:!*::
|
||||
@ -58,10 +58,12 @@ landscape:!::
|
||||
fwupd-refresh:!*::
|
||||
netdev:!::
|
||||
phares:!::
|
||||
pihole:!::www-data
|
||||
podman:!::
|
||||
lphares:!::bmiller
|
||||
lphares:!::bmiller,persa
|
||||
bmiller:!::
|
||||
unbound:!::
|
||||
cockpit-ws:!::
|
||||
cockpit-wsinstance:!::
|
||||
pcp:!::
|
||||
persa:!::
|
||||
redis:!::
|
||||
|
||||
@ -34,7 +34,7 @@ sasl:*::
|
||||
plugdev:*::phares
|
||||
staff:*::
|
||||
games:*::
|
||||
users:*::pihole,podman,lphares,bmiller
|
||||
users:*::podman,lphares,bmiller,persa
|
||||
nogroup:*::
|
||||
systemd-journal:!*::
|
||||
systemd-network:!*::
|
||||
@ -58,9 +58,11 @@ landscape:!::
|
||||
fwupd-refresh:!*::
|
||||
netdev:!::
|
||||
phares:!::
|
||||
pihole:!::www-data
|
||||
podman:!::
|
||||
lphares:!::bmiller
|
||||
lphares:!::bmiller,persa
|
||||
bmiller:!::
|
||||
unbound:!::
|
||||
cockpit-ws:!::
|
||||
cockpit-wsinstance:!::
|
||||
pcp:!::
|
||||
persa:!::
|
||||
|
||||
28
etc/letsencrypt/archive/phares3757.ddns.net/cert2.pem
Normal file
28
etc/letsencrypt/archive/phares3757.ddns.net/cert2.pem
Normal file
@ -0,0 +1,28 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEvTCCBEOgAwIBAgISA8Rpfo5CToGTmLm5xS3DeDfoMAoGCCqGSM49BAMDMDIx
|
||||
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
|
||||
NjAeFw0yNDA4MDUyMTM3MDRaFw0yNDExMDMyMTM3MDNaMB4xHDAaBgNVBAMTE3Bo
|
||||
YXJlczM3NTcuZGRucy5uZXQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQPJlBf
|
||||
3XfrNcWGKQcOH9xS1X9UcBSiyFIva+mn524DDCYpB2aSLpEY1JdqGnbnDn0kBGgY
|
||||
ZG5AoTspEWQvkn34o4IDSzCCA0cwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQG
|
||||
CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSbfnI9
|
||||
DTkeKYqQTpJvsEmrG209UTAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU
|
||||
0jBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNi5vLmxlbmNy
|
||||
Lm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U2LmkubGVuY3Iub3JnLzCCAVIGA1Ud
|
||||
EQSCAUkwggFFgg9hZmZpcm0uZGRucy5uZXSCF2NoYXQucGhhcmVzLmR1Y2tkbnMu
|
||||
b3Jnghhkcml2ZS5waGFyZXMuZHVja2Rucy5vcmeCGGdpdGVhLnBoYXJlcy5kdWNr
|
||||
ZG5zLm9yZ4IVaGEucGhhcmVzLmR1Y2tkbnMub3JnghlpbW1pY2gucGhhcmVzLmR1
|
||||
Y2tkbnMub3JnghhtdXNpYy5waGFyZXMuZHVja2Rucy5vcmeCEnBoYXJlcy5kdWNr
|
||||
ZG5zLm9yZ4ITcGhhcmVzMzc1Ny5kZG5zLm5ldIIZcGhvdG9zLnBoYXJlcy5kdWNr
|
||||
ZG5zLm9yZ4IZcXVhcnR6LnBoYXJlcy5kdWNrZG5zLm9yZ4IadHJhY2Nhci5waGFy
|
||||
ZXMuZHVja2Rucy5vcmeCHnZhdWx0d2FyZGVuLnBoYXJlcy5kdWNrZG5zLm9yZzAT
|
||||
BgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AD8X
|
||||
S0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/KIXs+GRuAAABkSSvAAsAAAQDAEcwRQIg
|
||||
JDDuoD1dGwEJXVMv6ejxDSA5egmmYy4+j5+CqWyAch4CIQD6azMSASbZZ/+63NoR
|
||||
igd/G/woCeUvJJkNFfsqmeCFNQB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FI
|
||||
WUZxH7WbAAABkSSvAAYAAAQDAEcwRQIhALl/GZSFMEMfiR0OvlHMxQQFl6+q8vuS
|
||||
bFo/u9BCK0OZAiB02RbuxpKCvSXLAwKIzYnmsy+t3ip0mKKrRyx42Kz82DAKBggq
|
||||
hkjOPQQDAwNoADBlAjEAvBDbAOHHkTzjxYKmNrJ1NDBv+rjjszQbLvrqPKij8YO5
|
||||
rdvW1ty2j0oQbKLiX8T2AjBgZhfrlHHRXOTYYwao5Sf1b3dNfFcv0be+aQjMTHWF
|
||||
A3WZcUHjqZsHHqeaZiWgzlw=
|
||||
-----END CERTIFICATE-----
|
||||
26
etc/letsencrypt/archive/phares3757.ddns.net/chain2.pem
Normal file
26
etc/letsencrypt/archive/phares3757.ddns.net/chain2.pem
Normal file
@ -0,0 +1,26 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
|
||||
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
|
||||
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
|
||||
WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
|
||||
RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
|
||||
h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
|
||||
6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
|
||||
gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
|
||||
ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
|
||||
v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
|
||||
AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
|
||||
BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
|
||||
Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
|
||||
MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
|
||||
pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
|
||||
eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
|
||||
pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
|
||||
s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
|
||||
h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
|
||||
YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
|
||||
ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
|
||||
LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
|
||||
EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
|
||||
Ig46v9mFmBvyH04=
|
||||
-----END CERTIFICATE-----
|
||||
54
etc/letsencrypt/archive/phares3757.ddns.net/fullchain2.pem
Normal file
54
etc/letsencrypt/archive/phares3757.ddns.net/fullchain2.pem
Normal file
@ -0,0 +1,54 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEvTCCBEOgAwIBAgISA8Rpfo5CToGTmLm5xS3DeDfoMAoGCCqGSM49BAMDMDIx
|
||||
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
|
||||
NjAeFw0yNDA4MDUyMTM3MDRaFw0yNDExMDMyMTM3MDNaMB4xHDAaBgNVBAMTE3Bo
|
||||
YXJlczM3NTcuZGRucy5uZXQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQPJlBf
|
||||
3XfrNcWGKQcOH9xS1X9UcBSiyFIva+mn524DDCYpB2aSLpEY1JdqGnbnDn0kBGgY
|
||||
ZG5AoTspEWQvkn34o4IDSzCCA0cwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQG
|
||||
CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSbfnI9
|
||||
DTkeKYqQTpJvsEmrG209UTAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU
|
||||
0jBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNi5vLmxlbmNy
|
||||
Lm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U2LmkubGVuY3Iub3JnLzCCAVIGA1Ud
|
||||
EQSCAUkwggFFgg9hZmZpcm0uZGRucy5uZXSCF2NoYXQucGhhcmVzLmR1Y2tkbnMu
|
||||
b3Jnghhkcml2ZS5waGFyZXMuZHVja2Rucy5vcmeCGGdpdGVhLnBoYXJlcy5kdWNr
|
||||
ZG5zLm9yZ4IVaGEucGhhcmVzLmR1Y2tkbnMub3JnghlpbW1pY2gucGhhcmVzLmR1
|
||||
Y2tkbnMub3JnghhtdXNpYy5waGFyZXMuZHVja2Rucy5vcmeCEnBoYXJlcy5kdWNr
|
||||
ZG5zLm9yZ4ITcGhhcmVzMzc1Ny5kZG5zLm5ldIIZcGhvdG9zLnBoYXJlcy5kdWNr
|
||||
ZG5zLm9yZ4IZcXVhcnR6LnBoYXJlcy5kdWNrZG5zLm9yZ4IadHJhY2Nhci5waGFy
|
||||
ZXMuZHVja2Rucy5vcmeCHnZhdWx0d2FyZGVuLnBoYXJlcy5kdWNrZG5zLm9yZzAT
|
||||
BgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AD8X
|
||||
S0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/KIXs+GRuAAABkSSvAAsAAAQDAEcwRQIg
|
||||
JDDuoD1dGwEJXVMv6ejxDSA5egmmYy4+j5+CqWyAch4CIQD6azMSASbZZ/+63NoR
|
||||
igd/G/woCeUvJJkNFfsqmeCFNQB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FI
|
||||
WUZxH7WbAAABkSSvAAYAAAQDAEcwRQIhALl/GZSFMEMfiR0OvlHMxQQFl6+q8vuS
|
||||
bFo/u9BCK0OZAiB02RbuxpKCvSXLAwKIzYnmsy+t3ip0mKKrRyx42Kz82DAKBggq
|
||||
hkjOPQQDAwNoADBlAjEAvBDbAOHHkTzjxYKmNrJ1NDBv+rjjszQbLvrqPKij8YO5
|
||||
rdvW1ty2j0oQbKLiX8T2AjBgZhfrlHHRXOTYYwao5Sf1b3dNfFcv0be+aQjMTHWF
|
||||
A3WZcUHjqZsHHqeaZiWgzlw=
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
|
||||
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
|
||||
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
|
||||
WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
|
||||
RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
|
||||
h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
|
||||
6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
|
||||
gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
|
||||
ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
|
||||
v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
|
||||
AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
|
||||
BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
|
||||
Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
|
||||
MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
|
||||
pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
|
||||
eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
|
||||
pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
|
||||
s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
|
||||
h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
|
||||
YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
|
||||
ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
|
||||
LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
|
||||
EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
|
||||
Ig46v9mFmBvyH04=
|
||||
-----END CERTIFICATE-----
|
||||
5
etc/letsencrypt/archive/phares3757.ddns.net/privkey2.pem
Normal file
5
etc/letsencrypt/archive/phares3757.ddns.net/privkey2.pem
Normal file
@ -0,0 +1,5 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgMkDpXWGeiqjE5WNj
|
||||
mBuqwMXseOQuX9tv3SvZvQ761VOhRANCAAQPJlBf3XfrNcWGKQcOH9xS1X9UcBSi
|
||||
yFIva+mn524DDCYpB2aSLpEY1JdqGnbnDn0kBGgYZG5AoTspEWQvkn34
|
||||
-----END PRIVATE KEY-----
|
||||
50
etc/letsencrypt/ha/fullchain.pem
Normal file
50
etc/letsencrypt/ha/fullchain.pem
Normal file
@ -0,0 +1,50 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIID6zCCA3GgAwIBAgISA4snn7ZkkZV8ytXbnWtDcJgdMAoGCCqGSM49BAMDMDIx
|
||||
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
|
||||
NTAeFw0yNDEwMDYwNzU5MzRaFw0yNTAxMDQwNzU5MzNaMB0xGzAZBgNVBAMTEmFm
|
||||
ZmlybS5kdWNrZG5zLm9yZzB2MBAGByqGSM49AgEGBSuBBAAiA2IABEzQCCWLkZD8
|
||||
R1rHsE1iNmoobwtfihmN78eB9zVu+FdWRkOyClBXm+sZQl4rNf7NfDiV6bZ4dz13
|
||||
fs/45z52PTWk6n2zP4c2Dgh/MESaxv9UaLvq4OjX4Bqd/OH1WuigHaOCAl0wggJZ
|
||||
MA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
|
||||
DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUL+qPS4dEIsg41TGo25We68CvRIAwHwYD
|
||||
VR0jBBgwFoAUnytfzzwhT50Et+0rLMTGcIvS1w0wVQYIKwYBBQUHAQEESTBHMCEG
|
||||
CCsGAQUFBzABhhVodHRwOi8vZTUuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0
|
||||
dHA6Ly9lNS5pLmxlbmNyLm9yZy8wZQYDVR0RBF4wXIISYWZmaXJtLmR1Y2tkbnMu
|
||||
b3JnghVoYS1waGFyZXMuZHVja2Rucy5vcmeCEnBoYXJlcy5kdWNrZG5zLm9yZ4Ib
|
||||
c3lub2xvZ3ktcGhhcmVzLmR1Y2tkbnMub3JnMBMGA1UdIAQMMAowCAYGZ4EMAQIB
|
||||
MIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYAzxFW7tUufK/zh1vZaS6b6RpxZ0qw
|
||||
F+ysAdJbd87MOwgAAAGSYQzXTgAABAMARzBFAiEArfAVmkU+kJaHWipGCCPT7eVw
|
||||
auk98aCxSEvIOD0Y+RsCIAnhbHMNuDAenJ8ZyRhtGmSCwMPRbLRnwcWbO7TFqxqf
|
||||
AHcAouMK5EXvva2bfjjtR2d3U9eCW4SU1yteGyzEuVCkR+cAAAGSYQze4QAABAMA
|
||||
SDBGAiEA+Vocdjpsc7/jUu9L5KjXO+Jnrp98MOnM0FEJN0hJU+wCIQD/HOM6C6H8
|
||||
ZxTaopyvNyWVylw5ooPuSpuJ1Xf8brNjATAKBggqhkjOPQQDAwNoADBlAjEA8aBN
|
||||
tJqelSOy/mnypFRI6qrvGegu7tKgghqUw0XWy56u8zMVmtksglEJtcMkf3ZlAjBh
|
||||
15d+rRL3k+xXAaOE1YesxGhIUqJO1JiMHeQ6mgOE6vOMJYKhmUjrZ3P70XoEC7E=
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
|
||||
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
|
||||
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
|
||||
WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
|
||||
RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK
|
||||
a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO
|
||||
VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw
|
||||
gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
|
||||
ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw
|
||||
i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
|
||||
AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
|
||||
BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
|
||||
Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C
|
||||
2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+
|
||||
bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG
|
||||
6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV
|
||||
XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO
|
||||
koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq
|
||||
cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI
|
||||
E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e
|
||||
K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX
|
||||
GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL
|
||||
sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd
|
||||
VQD9F6Na/+zmXCc=
|
||||
-----END CERTIFICATE-----
|
||||
6
etc/letsencrypt/ha/privkey.pem
Normal file
6
etc/letsencrypt/ha/privkey.pem
Normal file
@ -0,0 +1,6 @@
|
||||
-----BEGIN EC PRIVATE KEY-----
|
||||
MIGkAgEBBDAK5i0BgRa7SIcpCykadElWV5mBrW+xOWg1Sse0Zx8TEx8fuMiz6js3
|
||||
CcVzHS0YjiegBwYFK4EEACKhZANiAARM0Agli5GQ/Edax7BNYjZqKG8LX4oZje/H
|
||||
gfc1bvhXVkZDsgpQV5vrGUJeKzX+zXw4lem2eHc9d37P+Oc+dj01pOp9sz+HNg4I
|
||||
fzBEmsb/VGi76uDo1+Aanfzh9VrooB0=
|
||||
-----END EC PRIVATE KEY-----
|
||||
@ -1,61 +0,0 @@
|
||||
### Documentation
|
||||
# https://wiki.lighttpd.net/
|
||||
#
|
||||
### Configuration Syntax
|
||||
# https://wiki.lighttpd.net/Docs_Configuration
|
||||
#
|
||||
### Configuration Options
|
||||
# https://wiki.lighttpd.net/Docs_ConfigurationOptions
|
||||
#
|
||||
|
||||
### Debian lighttpd base configuration
|
||||
|
||||
server.modules = (
|
||||
"mod_indexfile",
|
||||
"mod_access",
|
||||
"mod_alias",
|
||||
"mod_redirect",
|
||||
)
|
||||
|
||||
server.document-root = "/var/www/html"
|
||||
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
|
||||
server.errorlog = "/var/log/lighttpd/error.log"
|
||||
server.pid-file = "/run/lighttpd.pid"
|
||||
server.username = "www-data"
|
||||
server.groupname = "www-data"
|
||||
server.port = 8005
|
||||
|
||||
# strict parsing and normalization of URL for consistency and security
|
||||
# https://wiki.lighttpd.net/Server_http-parseoptsDetails
|
||||
# (might need to explicitly set "url-path-2f-decode" = "disable"
|
||||
# if a specific application is encoding URLs inside url-path)
|
||||
server.http-parseopts = (
|
||||
"header-strict" => "enable",# default
|
||||
"host-strict" => "enable",# default
|
||||
"host-normalize" => "enable",# default
|
||||
"url-normalize-unreserved"=> "enable",# recommended highly
|
||||
"url-normalize-required" => "enable",# recommended
|
||||
"url-ctrls-reject" => "enable",# recommended
|
||||
"url-path-2f-decode" => "enable",# recommended highly (unless breaks app)
|
||||
#"url-path-2f-reject" => "enable",
|
||||
"url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app)
|
||||
#"url-path-dotseg-reject" => "enable",
|
||||
#"url-query-20-plus" => "enable",# consistency in query string
|
||||
"url-invalid-utf8-reject" => "enable",# recommended highly (unless breaks app)
|
||||
)
|
||||
|
||||
index-file.names = ( "index.php", "index.html" )
|
||||
url.access-deny = ( "~", ".inc" )
|
||||
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
|
||||
|
||||
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
|
||||
include "/etc/lighttpd/conf-enabled/*.conf"
|
||||
|
||||
# default listening port for IPv6 is same as default IPv4 port
|
||||
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
|
||||
|
||||
### Customizations
|
||||
# customizations should generally be placed in separate files such as
|
||||
# /etc/lighttpd/conf-available/00_vars.conf # override variables for *.conf
|
||||
# /etc/lighttpd/conf-available/99_custom.conf # override *.conf settings
|
||||
# and then enabled using lighty-enable-mod (1)
|
||||
@ -7,36 +7,48 @@ server {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
||||
include /etc/nginx/include/affirm.conf;
|
||||
# include /etc/nginx/include/ansible.conf;
|
||||
# include /etc/nginx/include/assistant.conf;
|
||||
# include /etc/nginx/include/casa.conf;
|
||||
include /etc/nginx/include/codeserver.conf;
|
||||
include /etc/nginx/include/dashkiosk.conf;
|
||||
# include /etc/nginx/include/dockge.conf;
|
||||
# include /etc/nginx/include/docmost.conf;
|
||||
# include /etc/nginx/include/emby.conf;
|
||||
# include /etc/nginx/include/filebrowser.conf;
|
||||
# include /etc/nginx/include/gogs.conf;
|
||||
include /etc/nginx/include/gitea.conf;
|
||||
include /etc/nginx/include/immich.conf;
|
||||
include /etc/nginx/include/incus.conf;
|
||||
# include /etc/nginx/include/invoice.conf;
|
||||
include /etc/nginx/include/lxconsole.conf;
|
||||
include /etc/nginx/include/kestra.conf;
|
||||
include /etc/nginx/include/music.conf;
|
||||
# include /etc/nginx/include/nextcloud.conf;
|
||||
# include /etc/nginx/include/owncast.conf;
|
||||
include /etc/nginx/include/phares.conf;
|
||||
include /etc/nginx/include/pgadmin.conf;
|
||||
# include /etc/nginx/include/photoprism.conf;
|
||||
# include /etc/nginx/include/pihole.conf;
|
||||
# include /etc/nginx/include/proxmox.conf;
|
||||
include /etc/nginx/include/quartz.conf;
|
||||
# include /etc/nginx/include/readeck.conf;
|
||||
# include /etc/nginx/include/syncthing.conf;
|
||||
# include /etc/nginx/include/terraform.conf;
|
||||
# include /etc/nginx/include/uptimekuma.conf;
|
||||
include /etc/nginx/include/vaultwarden.conf;
|
||||
# include /etc/nginx/include/vscodium.conf;
|
||||
# include /etc/nginx/include/wekan.conf;
|
||||
include /etc/nginx/include/adguard.conf; # https://adguard.phares.duckddns.org # http://localhost:3002/;
|
||||
include /etc/nginx/include/affirm.conf; # https://affirm.phares.duckddns.org # http://localhost:8069/;
|
||||
# include /etc/nginx/include/ansible.conf; # https://ansible.phares.duckddns.org # https://192.168.12.15/;
|
||||
# include /etc/nginx/include/assistant.conf; # https://assistant.phares.duckddns.org # http://192.168.12.17:5001/;
|
||||
include /etc/nginx/include/baikal.conf; # https://baikal.phares.duckddns.org # http://localhost:8001/;
|
||||
# include /etc/nginx/include/casa.conf; # https://casa.phares.duckddns.org # http://10.131.57.60/;
|
||||
include /etc/nginx/include/chat.conf; # https://chat.phares.duckddns.org # https://192.168.11.6:5001/;
|
||||
include /etc/nginx/include/cockpit.conf; # https://cockpit.phares.duckddns.org # http://localhost:9090/;
|
||||
# include /etc/nginx/include/codeserver.conf; # https://codeserver.phares.duckddns.org # http://localhost:5007/;
|
||||
include /etc/nginx/include/dashkiosk.conf; # https://dashkiosk.phares.duckddns.org # http://localhost:9400/;
|
||||
include /etc/nginx/include/diskstation.conf; # https://diskstation.phares.duckddns.org # https://192.168.11.6:5001/;
|
||||
# include /etc/nginx/include/dockge.conf; # https://dockge.phares.duckddns.org # http://localhost:5001/;
|
||||
# include /etc/nginx/include/docmost.conf; # https://docmost.phares.duckddns.org # http://localhost:5006/;
|
||||
include /etc/nginx/include/drive.conf; # https://drive.phares.duckddns.org # https://192.168.11.6:5001/;
|
||||
# include /etc/nginx/include/emby.conf; # https://emby.phares.duckddns.org # http://10.131.57.134:8096/;
|
||||
# include /etc/nginx/include/filebrowser.conf; # https://filebrowser.phares.duckddns.org # http://localhost:8080/;
|
||||
include /etc/nginx/include/gitea.conf; # https://gitea.phares.duckddns.org # http://localhost:3000/;
|
||||
# include /etc/nginx/include/gogs.conf; # https://gogs.phares.duckddns.org # http://localhost:3000/;
|
||||
include /etc/nginx/include/ha.conf; # https://ha.phares.duckddns.org # http://192.168.0.41:8123/;
|
||||
# include /etc/nginx/include/haos.conf; # https://haos.phares.duckddns.org # http://192.168.0.41:8123/;
|
||||
include /etc/nginx/include/immich.conf; # https://immich.phares.duckddns.org # http://localhost:3001/;
|
||||
# include /etc/nginx/include/incus.conf; # https://incus.phares.duckddns.org # http://localhost:5004/;
|
||||
# include /etc/nginx/include/invoice.conf; # https://invoice.phares.duckddns.org # https://192.168.12.14/;
|
||||
# include /etc/nginx/include/kestra.conf; # https://kestra.phares.duckddns.org # http://localhost:5002/;
|
||||
# include /etc/nginx/include/lxconsole.conf; # https://lxconsole.phares.duckddns.org # http://localhost:5004/;
|
||||
include /etc/nginx/include/music.conf; # https://music.phares.duckddns.org #
|
||||
# include /etc/nginx/include/nextcloud.conf; # https://nextcloud.phares.duckddns.org # http://localhost:8081/;
|
||||
# include /etc/nginx/include/owncast.conf; # https://owncast.phares.duckddns.org # http://10.131.57.141:8080/;
|
||||
include /etc/nginx/include/pgadmin.conf; # https://pgadmin.phares.duckddns.org # http://localhost:5007/;
|
||||
include /etc/nginx/include/phares.conf; # https://phares.phares.duckddns.org #
|
||||
# include /etc/nginx/include/photoprism.conf; # https://photoprism.phares.duckddns.org # http://192.168.12.11:2342/;
|
||||
include /etc/nginx/include/photos.conf; # https://photos.phares.duckddns.org # https://192.168.11.6:5001/;
|
||||
# include /etc/nginx/include/pihole.conf; # https://pihole.phares.duckddns.org # http://localhost:8005/admin/;
|
||||
# include /etc/nginx/include/proxmox.conf; # https://proxmox.phares.duckddns.org # https://localhost:8006/;
|
||||
include /etc/nginx/include/quartz.conf; # https://quartz.phares.duckddns.org # http://localhost:8069/;
|
||||
# include /etc/nginx/include/readeck.conf; # https://readeck.phares.duckddns.org # http://192.168.12.19:8000/;
|
||||
# include /etc/nginx/include/syncthing.conf; # https://syncthing.phares.duckddns.org # https://localhost:8443/;
|
||||
# include /etc/nginx/include/terraform.conf; # https://terraform.phares.duckddns.org # http://localhost:5001/;
|
||||
include /etc/nginx/include/traccar.conf; # https://traccar.phares.duckddns.org # http://localhost:3000/;
|
||||
# include /etc/nginx/include/umbrel.conf; # https://umbrel.phares.duckddns.org # http://192.168.11.20/;
|
||||
# include /etc/nginx/include/uptimekuma.conf; # https://uptimekuma.phares.duckddns.org # http://192.168.12.10:3001/;
|
||||
include /etc/nginx/include/vaultwarden.conf; # https://vaultwarden.phares.duckddns.org # http://localhost:5008/;
|
||||
# include /etc/nginx/include/vscodium.conf; # https://vscodium.phares.duckddns.org # http://10.131.57.190:3000/;
|
||||
# include /etc/nginx/include/wekan.conf; # https://wekan.phares.duckddns.org # http://localhost:5003/;
|
||||
include /etc/nginx/include/xandikos.conf; # https://xandikos.phares.duckddns.org # http://localhost:8000/;
|
||||
@ -32,7 +32,6 @@ fwupd-refresh:x:989:989:Firmware update daemon:/var/lib/fwupd:/usr/sbin/nologin
|
||||
usbmux:x:108:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
|
||||
sshd:x:109:65534::/run/sshd:/usr/sbin/nologin
|
||||
phares:x:1000:1000:Mike Phares:/home/phares:/bin/bash
|
||||
pihole:x:1001:1001:Pi-hole,,,:/home/pihole:/bin/bash
|
||||
podman:x:1002:1002:Podman,,,:/home/podman:/bin/bash
|
||||
lphares:x:1003:1003:Logan Phares,,,:/home/lphares:/bin/bash
|
||||
bmiller:x:1004:1004:Bill Miller,,,:/home/bmiller:/bin/bash
|
||||
@ -40,3 +39,6 @@ unbound:x:110:111::/var/lib/unbound:/usr/sbin/nologin
|
||||
dnsmasq:x:999:65534:dnsmasq:/var/lib/misc:/usr/sbin/nologin
|
||||
cockpit-ws:x:111:112::/nonexistent:/usr/sbin/nologin
|
||||
cockpit-wsinstance:x:112:113::/nonexistent:/usr/sbin/nologin
|
||||
pcp:x:996:988:Performance Co-Pilot:/var/lib/pcp:/usr/sbin/nologin
|
||||
persa:x:1001:1001:Persaya Cortez,,,:/home/persa:/bin/bash
|
||||
redis:x:113:114::/var/lib/redis:/usr/sbin/nologin
|
||||
|
||||
@ -32,10 +32,12 @@ fwupd-refresh:x:989:989:Firmware update daemon:/var/lib/fwupd:/usr/sbin/nologin
|
||||
usbmux:x:108:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
|
||||
sshd:x:109:65534::/run/sshd:/usr/sbin/nologin
|
||||
phares:x:1000:1000:Mike Phares:/home/phares:/bin/bash
|
||||
pihole:x:1001:1001:Pi-hole,,,:/home/pihole:/bin/bash
|
||||
podman:x:1002:1002:Podman,,,:/home/podman:/bin/bash
|
||||
lphares:x:1003:1003:Logan Phares,,,:/home/lphares:/bin/bash
|
||||
bmiller:x:1004:1004:Bill Miller,,,:/home/bmiller:/bin/bash
|
||||
unbound:x:110:111::/var/lib/unbound:/usr/sbin/nologin
|
||||
dnsmasq:x:999:65534:dnsmasq:/var/lib/misc:/usr/sbin/nologin
|
||||
cockpit-ws:x:111:112::/nonexistent:/usr/sbin/nologin
|
||||
cockpit-wsinstance:x:112:113::/nonexistent:/usr/sbin/nologin
|
||||
pcp:x:996:988:Performance Co-Pilot:/var/lib/pcp:/usr/sbin/nologin
|
||||
persa:x:1001:1001:Persaya Cortez,,,:/home/persa:/bin/bash
|
||||
|
||||
@ -1,14 +0,0 @@
|
||||
PIHOLE_INTERFACE=enp2s0
|
||||
QUERY_LOGGING=true
|
||||
INSTALL_WEB_SERVER=true
|
||||
INSTALL_WEB_INTERFACE=true
|
||||
LIGHTTPD_ENABLED=true
|
||||
CACHE_SIZE=10000
|
||||
DNS_FQDN_REQUIRED=true
|
||||
DNS_BOGUS_PRIV=true
|
||||
DNSMASQ_LISTENING=local
|
||||
WEBPASSWORD=4f2f4f253d64a90315c0ace8a61b6b6e828f8d8d996b0a0b0e153230617bedd3
|
||||
BLOCKING_ENABLED=true
|
||||
PIHOLE_DNS_1=127.0.0.1#5335
|
||||
DNSSEC=false
|
||||
REV_SERVER=false
|
||||
@ -32,7 +32,6 @@ fwupd-refresh:!*:19836::::::
|
||||
usbmux:!:19929::::::
|
||||
sshd:!:19929::::::
|
||||
phares:$y$j9T$mk3Fb5hENQkN//RvJPyB6.$xdsox1L6gnbZibmeEsveAMNjZ22J7sIEz.W957Osj1A:19930:0:99999:7:::
|
||||
pihole:$y$j9T$k223Uf777oEQZtuag6kXO1$vfa4e7EdalU7A9ECEoPJ7QHnN9Bkylct7kNIHZYXGP8:19929:0:99999:7:::
|
||||
podman:$y$j9T$kuuH4dAlA8LAbBASzBA6y/$9xVT4/nstOeIVTVoil/WSUKMIyePo8dKBXDByMm.qG5:19929:0:99999:7:::
|
||||
lphares:$y$j9T$m33.tZHwrEl7X.ovXN.a7/$z2We2A72fQMDkSQIYetbXuNNTk8YHNEvQeisSwtmo6C:19929:0:99999:7:::
|
||||
bmiller:$y$j9T$sYFlvEEV1yntCl3CeN8M70$CpuMQrO3K9NFF122NsJWvM5nxnQK8EXvmD3C41.JZm8:19929:0:99999:7:::
|
||||
@ -40,3 +39,6 @@ unbound:!:19929::::::
|
||||
dnsmasq:!:19930::::::
|
||||
cockpit-ws:!:19930::::::
|
||||
cockpit-wsinstance:!:19930::::::
|
||||
pcp:!:19938::::::
|
||||
persa:$y$j9T$9AiaUMaouaQcqO9TOrKZe.$XSerhwFhjwluy/xONVpJVUmeQfXk/qasTO6FCFmw9E1:19978:0:99999:7:::
|
||||
redis:!:20001::::::
|
||||
|
||||
@ -31,11 +31,13 @@ landscape:!:19836::::::
|
||||
fwupd-refresh:!*:19836::::::
|
||||
usbmux:!:19929::::::
|
||||
sshd:!:19929::::::
|
||||
phares:$6$X.bTmW8z9/2WwB08$pivFW7YtPuGBou4Ut7eB1Y1ELwOVumy5tJYMf/RTQgkdUWzkKs9jndwfuVzTRlknbyGzA4A1lPImVtVHOCyBs/:19929:0:99999:7:::
|
||||
pihole:$y$j9T$k223Uf777oEQZtuag6kXO1$vfa4e7EdalU7A9ECEoPJ7QHnN9Bkylct7kNIHZYXGP8:19929:0:99999:7:::
|
||||
phares:$y$j9T$mk3Fb5hENQkN//RvJPyB6.$xdsox1L6gnbZibmeEsveAMNjZ22J7sIEz.W957Osj1A:19930:0:99999:7:::
|
||||
podman:$y$j9T$kuuH4dAlA8LAbBASzBA6y/$9xVT4/nstOeIVTVoil/WSUKMIyePo8dKBXDByMm.qG5:19929:0:99999:7:::
|
||||
lphares:$y$j9T$m33.tZHwrEl7X.ovXN.a7/$z2We2A72fQMDkSQIYetbXuNNTk8YHNEvQeisSwtmo6C:19929:0:99999:7:::
|
||||
bmiller:$y$j9T$sYFlvEEV1yntCl3CeN8M70$CpuMQrO3K9NFF122NsJWvM5nxnQK8EXvmD3C41.JZm8:19929:0:99999:7:::
|
||||
unbound:!:19929::::::
|
||||
dnsmasq:!:19930::::::
|
||||
cockpit-ws:!:19930::::::
|
||||
cockpit-wsinstance:!:19930::::::
|
||||
pcp:!:19938::::::
|
||||
persa:$y$j9T$9AiaUMaouaQcqO9TOrKZe.$XSerhwFhjwluy/xONVpJVUmeQfXk/qasTO6FCFmw9E1:19978:0:99999:7:::
|
||||
|
||||
@ -30,7 +30,7 @@
|
||||
#LLMNR=no
|
||||
#Cache=no-negative
|
||||
#CacheFromLocalhost=no
|
||||
DNSStubListener=no
|
||||
#DNSStubListener=yes
|
||||
#DNSStubListenerExtra=
|
||||
#ReadEtcHosts=yes
|
||||
#ResolveUnicastSingleLabel=no
|
||||
|
||||
19
etc/systemd/system/snap.adguard-home.adguard-home.service
Normal file
19
etc/systemd/system/snap.adguard-home.adguard-home.service
Normal file
@ -0,0 +1,19 @@
|
||||
[Unit]
|
||||
# Auto-generated, DO NOT EDIT
|
||||
Description=Service for snap application adguard-home.adguard-home
|
||||
Requires=snap-adguard\x2dhome-7366.mount
|
||||
Wants=network.target
|
||||
After=snap-adguard\x2dhome-7366.mount network.target snapd.apparmor.service
|
||||
X-Snappy=yes
|
||||
|
||||
[Service]
|
||||
EnvironmentFile=-/etc/environment
|
||||
ExecStart=/usr/bin/snap run adguard-home
|
||||
SyslogIdentifier=adguard-home.adguard-home
|
||||
Restart=always
|
||||
WorkingDirectory=/var/snap/adguard-home/7366
|
||||
TimeoutStopSec=30
|
||||
Type=simple
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@ -7,8 +7,8 @@ X-Snappy=yes
|
||||
|
||||
[Timer]
|
||||
Unit=snap.certbot.renew.service
|
||||
OnCalendar=*-*-* 05:54
|
||||
OnCalendar=*-*-* 14:00
|
||||
OnCalendar=*-*-* 07:46
|
||||
OnCalendar=*-*-* 19:29
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
[Unit]
|
||||
# Auto-generated, DO NOT EDIT
|
||||
Description=Service for snap application ubuntu-frame.daemon
|
||||
Requires=snap-ubuntu\x2dframe-9750.mount
|
||||
Requires=snap-ubuntu\x2dframe-10823.mount
|
||||
Wants=network.target
|
||||
After=snap-ubuntu\x2dframe-9750.mount network.target snapd.apparmor.service
|
||||
After=snap-ubuntu\x2dframe-10823.mount network.target snapd.apparmor.service
|
||||
X-Snappy=yes
|
||||
|
||||
[Service]
|
||||
@ -12,7 +12,7 @@ ExecStart=/usr/bin/snap run ubuntu-frame.daemon
|
||||
SyslogIdentifier=ubuntu-frame.daemon
|
||||
Restart=on-failure
|
||||
RestartSec=3
|
||||
WorkingDirectory=/var/snap/ubuntu-frame/9750
|
||||
WorkingDirectory=/var/snap/ubuntu-frame/10823
|
||||
TimeoutStopSec=30
|
||||
Type=simple
|
||||
|
||||
|
||||
@ -1,10 +0,0 @@
|
||||
# Unbound configuration file for Debian.
|
||||
#
|
||||
# See the unbound.conf(5) man page.
|
||||
#
|
||||
# See /usr/share/doc/unbound/examples/unbound.conf for a commented
|
||||
# reference config file.
|
||||
#
|
||||
# The following line includes additional configuration files from the
|
||||
# /etc/unbound/unbound.conf.d directory.
|
||||
include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
|
||||
@ -0,0 +1 @@
|
||||
[Volume]
|
||||
@ -0,0 +1 @@
|
||||
[Volume]
|
||||
@ -0,0 +1,24 @@
|
||||
[Container]
|
||||
AutoUpdate=registry
|
||||
ContainerName=baikal-server
|
||||
Image=docker.io/ckulka/baikal:latest
|
||||
PublishPort=8001:80
|
||||
Volume=baikal-server-config.volume:/var/www/baikal/config:Z
|
||||
Volume=baikal-server-data.volume:/var/www/baikal/Specific:Z
|
||||
|
||||
[Service]
|
||||
Restart=no
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target default.target
|
||||
|
||||
# podman pull docker.io/ckulka/baikal:latest
|
||||
# systemctl --user daemon-reload
|
||||
# systemctl --user start baikal-server
|
||||
# systemctl --user status baikal-server
|
||||
# journalctl -fu baikal-server.service
|
||||
# podman logs baikal-server
|
||||
# systemctl --user stop baikal-server
|
||||
# systemctl --user disable baikal-server
|
||||
# podman exec -ti baikal-server /bin/sh
|
||||
# podman exec -ti baikal-server /bin/bash
|
||||
@ -0,0 +1,35 @@
|
||||
[Container]
|
||||
AutoUpdate=registry
|
||||
ContainerName=immich-card-dav
|
||||
Environment="CARDDAV_SYNC_CARDDAV_ADDRESSBOOK=asdf"
|
||||
Environment="CARDDAV_SYNC_CARDDAV_PASSWORD=excitedwater164"
|
||||
Environment="CARDDAV_SYNC_CARDDAV_URL=192.168.11.2"
|
||||
Environment="CARDDAV_SYNC_CARDDAV_USERNAME=cphares"
|
||||
Environment="CARDDAV_SYNC_CRON_EXPRESSION=24 5 * * *"
|
||||
Environment="CARDDAV_SYNC_IMMICH_API_KEY=asdf"
|
||||
Environment="CARDDAV_SYNC_IMMICH_API_URL=asdf"
|
||||
Image=ghcr.io/daniele-athome/immich-carddav-sync-daemon:master
|
||||
# Network=immich.network
|
||||
# Pod=immich.pod
|
||||
# PublishPort=3001:3001
|
||||
|
||||
[Service]
|
||||
Restart=no
|
||||
|
||||
[Unit]
|
||||
Requires=immich-server.service
|
||||
After=immich-server.service
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target default.target
|
||||
|
||||
# podman pull ghcr.io/daniele-athome/immich-carddav-sync-daemon:master
|
||||
# systemctl --user daemon-reload
|
||||
# systemctl --user start immich-card-dav
|
||||
# systemctl --user status immich-card-dav
|
||||
# journalctl -fu immich-card-dav.service
|
||||
# podman logs immich-card-dav
|
||||
# systemctl --user stop immich-card-dav
|
||||
# systemctl --user disable immich-card-dav
|
||||
# podman exec -ti immich-card-dav /bin/sh
|
||||
# podman exec -ti immich-card-dav /bin/bash
|
||||
@ -5,7 +5,7 @@ Environment="POSTGRES_DB=immich"
|
||||
Environment="POSTGRES_INITDB_ARGS=--data-checksums"
|
||||
Environment="POSTGRES_PASSWORD=postgres"
|
||||
Environment="POSTGRES_USER=postgres"
|
||||
Image=docker.io/library/postgres:16
|
||||
Image=docker.io/tensorchord/pgvecto-rs:pg16-v0.2.0
|
||||
# Network=immich.network
|
||||
# Pod=immich.pod
|
||||
PublishPort=5432:5432
|
||||
@ -41,7 +41,7 @@ WantedBy=multi-user.target default.target
|
||||
# - -c
|
||||
# - wal_compression=on
|
||||
|
||||
# podman pull docker.io/library/postgres:16
|
||||
# podman pull docker.io/tensorchord/pgvecto-rs:pg16-v0.2.0
|
||||
# systemctl --user daemon-reload
|
||||
# systemctl --user start immich-db
|
||||
# systemctl --user status immich-db
|
||||
@ -51,3 +51,7 @@ WantedBy=multi-user.target default.target
|
||||
# systemctl --user disable immich-db
|
||||
# podman exec -ti immich-db /bin/sh
|
||||
# podman exec -ti immich-db /bin/bash
|
||||
# Image=docker.io/library/postgres:16
|
||||
# podman pull docker.io/library/postgres:16
|
||||
# file: 'extension.c', line: '543', routine: 'parse_extension_control_file'
|
||||
# https://github.com/immich-app/immich/discussions/6792
|
||||
@ -1,10 +1,13 @@
|
||||
[Container]
|
||||
AutoUpdate=registry
|
||||
ContainerName=immich-learning
|
||||
Environment="IMMICH_HOST=0.0.0.0"
|
||||
Environment="MACHINE_LEARNING_HOST=0.0.0.0"
|
||||
Image=ghcr.io/immich-app/immich-machine-learning:release
|
||||
# Network=immich.network
|
||||
# Pod=immich.pod
|
||||
PublishPort=3003:3003
|
||||
Volume=/etc/localtime:/etc/localtime:ro
|
||||
Volume=immich-learning-cache.volume:/cache:Z
|
||||
|
||||
[Service]
|
||||
|
||||
@ -29,3 +29,5 @@ WantedBy=multi-user.target default.target
|
||||
# systemctl --user disable immich-redis
|
||||
# podman exec -ti immich-redis /bin/sh
|
||||
# podman exec -ti immich-redis /bin/bash
|
||||
# ERROR Can't connect to ('::', 3003)
|
||||
# https://github.com/immich-app/immich/discussions/8220
|
||||
|
||||
@ -2,9 +2,10 @@
|
||||
AutoUpdate=registry
|
||||
ContainerName=immich-server
|
||||
Environment="DB_DATABASE_NAME=immich"
|
||||
Environment="DB_HOST=192.168.11.2"
|
||||
Environment="DB_HOSTNAME=192.168.11.2"
|
||||
Environment="DB_PASSWORD=postgres"
|
||||
Environment="DB_USERNAME=postgres"
|
||||
Environment="REDIS_HOSTNAME=192.168.11.2"
|
||||
Image=ghcr.io/immich-app/immich-server:release
|
||||
# Network=immich.network
|
||||
# Pod=immich.pod
|
||||
@ -35,3 +36,4 @@ WantedBy=multi-user.target default.target
|
||||
# systemctl --user disable immich-server
|
||||
# podman exec -ti immich-server /bin/sh
|
||||
# podman exec -ti immich-server /bin/bash
|
||||
# Environment="DB_HOST=192.168.11.2"
|
||||
|
||||
@ -0,0 +1 @@
|
||||
[Volume]
|
||||
@ -0,0 +1,28 @@
|
||||
[Container]
|
||||
AutoUpdate=registry
|
||||
ContainerName=vaultwarden-db
|
||||
Environment="POSTGRES_DB=vaultwarden"
|
||||
Environment="POSTGRES_PASSWORD=vaultwarden"
|
||||
Environment="POSTGRES_USER=vaultwarden"
|
||||
Image=docker.io/library/postgres:14
|
||||
# Network=vaultwarden.network
|
||||
# Pod=vaultwarden.pod
|
||||
PublishPort=5435:5432
|
||||
Volume=vaultwarden-db-data.volume:/var/lib/postgresql/data:Z
|
||||
|
||||
[Service]
|
||||
Restart=no
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target default.target
|
||||
|
||||
# podman pull docker.io/library/postgres:14
|
||||
# systemctl --user daemon-reload
|
||||
# systemctl --user start vaultwarden-db
|
||||
# systemctl --user status vaultwarden-db
|
||||
# journalctl -fu vaultwarden-db.service
|
||||
# podman logs vaultwarden-db
|
||||
# systemctl --user stop vaultwarden-db
|
||||
# systemctl --user disable vaultwarden-db
|
||||
# podman exec -ti vaultwarden-db /bin/sh
|
||||
# podman exec -ti vaultwarden-db /bin/bash
|
||||
@ -1,25 +1,32 @@
|
||||
[Container]
|
||||
AutoUpdate=registry
|
||||
ContainerName=vaultwarden-server
|
||||
Image=docker.io/vaultwarden/server:latest
|
||||
Image=docker.io/vaultwarden/server:1.31.0
|
||||
# Network=vaultwarden.network
|
||||
# Pod=vaultwarden.pod
|
||||
PublishPort=5008:80
|
||||
Volume=vaultwarden-server-data.volume:/data:rw
|
||||
Environment="ADMIN_TOKEN=7jrceE25+m5vPMK9jmVT8VsMM/0Svoiz4YEpLYHHT2hSaJPIlXcP8lOXwR5GpdaM"
|
||||
# Environment="ADMIN_TOKEN=$argon2id$v=19$m=65540,t=3,p=4$U3JuRm84cFpHOC9Rbi9ZOWdzdXU2RFl5ajZka2trNnBJWTJCZW1BT3VUOD0$tc54DJ7/6bA5iNgSFF9KtKktP8u4mMU8unrGiL8hJMY"
|
||||
# Environment="ADMIN_TOKEN=$$argon2id$$v=19$$m=65540,t=3,p=4$$U3JuRm84cFpHOC9Rbi9ZOWdzdXU2RFl5ajZka2trNnBJWTJCZW1BT3VUOD0$$tc54DJ7/6bA5iNgSFF9KtKktP8u4mMU8unrGiL8hJMY"
|
||||
Environment="DATABASE_URL=postgresql://vaultwarden:vaultwarden@192.168.11.2:5435/vaultwarden"
|
||||
Environment="DOMAIN=https://vaultwarden.phares.duckdns.org"
|
||||
Environment="SIGNUPS_ALLOWED=true"
|
||||
Environment="SMTP_FROM=user@example.com"
|
||||
Environment="SMTP_HOST=smtp-relay.sendinblue.com"
|
||||
Environment="SMTP_PASSWORD=sendinblue password"
|
||||
Environment="SMTP_FROM=phares@centurylink.net"
|
||||
Environment="SMTP_HOST=smtp.centurylink.net"
|
||||
Environment="SMTP_PASSWORD=0jbeze5r#OQqne73yFlp"
|
||||
Environment="SMTP_PORT=587"
|
||||
Environment="SMTP_SSL=true"
|
||||
Environment="SMTP_USERNAME=user@example.com"
|
||||
Environment="SMTP_SSL=false"
|
||||
Environment="SMTP_USERNAME=phares@centurylink.net"
|
||||
Environment="WEBSOCKET_ENABLED=true"
|
||||
|
||||
[Service]
|
||||
Restart=no
|
||||
|
||||
[Unit]
|
||||
Requires=vaultwarden-db.service
|
||||
After=vaultwarden-db.service
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target default.target
|
||||
|
||||
|
||||
@ -0,0 +1 @@
|
||||
[Volume]
|
||||
@ -0,0 +1,23 @@
|
||||
[Container]
|
||||
AutoUpdate=registry
|
||||
ContainerName=xandikos-server
|
||||
Image=ghcr.io/jelmer/xandikos
|
||||
PublishPort=8000:8000
|
||||
Volume=xandikos-server-data.volume:/data:Z
|
||||
|
||||
[Service]
|
||||
Restart=no
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target default.target
|
||||
|
||||
# podman pull ghcr.io/jelmer/xandikos
|
||||
# systemctl --user daemon-reload
|
||||
# systemctl --user start xandikos-server
|
||||
# systemctl --user status xandikos-server
|
||||
# journalctl -fu xandikos-server.service
|
||||
# podman logs xandikos-server
|
||||
# systemctl --user stop xandikos-server
|
||||
# systemctl --user disable xandikos-server
|
||||
# podman exec -ti xandikos-server /bin/sh
|
||||
# podman exec -ti xandikos-server /bin/bash
|
||||
Reference in New Issue
Block a user