01-06-a

.gitignore

@@ -5,6 +5,8 @@
 
 !*/
 
+!.vscode/*
+
 !etc/*.md
 !etc/bash_history*
 !etc/group*
@@ -21,6 +23,7 @@
 !etc/lighttpd/lighttpd.conf
 !etc/network/interfaces
 !etc/passwd
+!etc/pihole/custom.list
 !etc/pihole/dhcp.leases
 !etc/pihole/index.nginx-debian.html
 !etc/pihole/setupVars.conf
@@ -40,6 +43,7 @@
 !etc/dnsmasq.d/*
 !etc/fstab/*
 !etc/netplan/*
+!etc/nginx/include/*
 !etc/nginx/sites-available/*
 !etc/mysql/mariadb.conf.d/*
 !etc/php/*
@@ -49,6 +53,9 @@
 !etc/letsencrypt/**/*
 
 !opt/copy/**/*
+!opt/dockge/**/*.yaml
+
+!var/spool/cron/crontabs/**/*
 
 !root/**/*container
 !home/podman/**/*volume
@@ -59,4 +66,4 @@
 # !usr/local/etc/gogs/conf/app.ini
 # !usr/local/etc/no-ip2.conf
 # !var/snap/nextcloud/current/nextcloud/config/*
-# !var/www/html/.well-known/acme-challenge/*
+# !var/www/html/.well-known/acme-challenge/*

.vscode/mklink.md

@@ -0,0 +1,5 @@
+# mklink
+
+```bash Sat Jul 27 2024 07:50:14 GMT-0700 (Mountain Standard Time)
+mklink "L:\Git\Linux-Ubuntu-Server\.vscode\rebuild-ubuntu-beelink.md" "D:\5-Other-Small\Kanban\Phares\tasks\rebuild-ubuntu-beelink.md"
+```

.vscode/rebuild-ubuntu-beelink.md

@@ -0,0 +1 @@
+D:/5-Other-Small/Kanban/Phares/tasks/rebuild-ubuntu-beelink.md

.vscode/settings.json

@@ -0,0 +1,42 @@
+{
+    "files.associations": {
+        "*.container": "ini",
+        "*.org": "ini",
+        "*.net": "ini",
+        "podman": "ini",
+        "default": "ini"
+    },
+    "cSpell.words": [
+        "ASPNETCORE",
+        "autoindex",
+        "bchs",
+        "blinko",
+        "dashkiosk",
+        "dockge",
+        "docmost",
+        "dorico",
+        "duckdns",
+        "fauth",
+        "fullchain",
+        "gitea",
+        "gogs",
+        "immich",
+        "journalctl",
+        "kestra",
+        "keyout",
+        "linkwarden",
+        "localtime",
+        "lphares",
+        "neko",
+        "newkey",
+        "odoo",
+        "personalised",
+        "pgadmin",
+        "phares",
+        "umbrel",
+        "usersecrets",
+        "vaultwarden",
+        "wekan",
+        "xandikos"
+    ]
+}

.vscode/tasks.json

@@ -0,0 +1,20 @@
+{
+    "version": "2.0.0",
+    "tasks": [
+        {
+            "label": "File-Folder-Helper AOT s X Day-Helper-2025-01-01",
+            "type": "shell",
+            "command": "L:/DevOps/Mesa_FI/File-Folder-Helper/bin/Release/net9.0/win-x64/publish/File-Folder-Helper.exe",
+            "args": [
+                "s",
+                "X",
+                "D:/6-Other-Large-Z/Linux-Ubuntu-Phares/home/podman/cron-backup",
+                "Day-Helper-2025-01-01",
+                "*.tar",
+                "-202",
+                "-Delete"
+            ],
+            "problemMatcher": []
+        }
+    ]
+}

etc/.pihole/.gitignore

@@ -1,12 +0,0 @@
-.DS_Store
-*.pyc
-*.swp
-__pycache__
-.cache
-.pytest_cache
-.tox
-.eggs
-*.egg-info
-.idea/
-*.iml
-.vscode/

etc/.pihole/advanced/pihole-admin.conf

@@ -1,82 +0,0 @@
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
-# Network-wide ad blocking via your own hardware.
-#
-# Lighttpd config for Pi-hole
-#
-# This file is copyright under the latest version of the EUPL.
-# Please see LICENSE file for your rights under this license.
-
-###############################################################################
-#     FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE.     #
-# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
-###############################################################################
-
-server.errorlog := "/var/log/lighttpd/error-pihole.log"
-
-$HTTP["url"] =~ "^/admin/" {
-    server.document-root = "/var/www/html"
-    server.stream-response-body = 1
-    accesslog.filename = "/var/log/lighttpd/access-pihole.log"
-    accesslog.format = "%{%s}t|%h|%V|%r|%s|%b"
-
-    fastcgi.server = (
-        ".php" => (
-            "localhost" => (
-                "socket" => "/run/lighttpd/pihole-php-fastcgi.socket",
-                "bin-path" => "/usr/bin/php-cgi",
-                "min-procs" => 1,
-                "max-procs" => 1,
-                "bin-environment" => (
-                    "PHP_FCGI_CHILDREN" => "4",
-                    "PHP_FCGI_MAX_REQUESTS" => "10000",
-                ),
-                "bin-copy-environment" => (
-                    "PATH", "SHELL", "USER"
-                ),
-                "broken-scriptfilename" => "enable",
-            )
-        )
-    )
-
-    # X-Pi-hole is a response header for debugging using curl -I
-    # X-Frame-Options prevents clickjacking attacks and helps ensure your content is not embedded into other sites via < frame >, < iframe > or < object >.
-    # X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. This is important because it tells the browser to block the response if a malicious script has been inserted from a user input. (deprecated; disabled)
-    # X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. This is important because the browser will only load external resources if their content-type matches what is expected, and not malicious hidden code.
-    # Content-Security-Policy tells the browser where resources are allowed to be loaded and if it’s allowed to parse/run inline styles or Javascript. This is important because it prevents content injection attacks, such as Cross Site Scripting (XSS).
-    # X-Permitted-Cross-Domain-Policies is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains.
-    # Referrer-Policy allows control/restriction of the amount of information present in the referral header for links away from your page—the URL path or even if the header is sent at all.
-    setenv.add-response-header = (
-        "X-Pi-hole" => "The Pi-hole Web interface is working!",
-        "X-Frame-Options" => "DENY",
-        "X-XSS-Protection" => "0",
-        "X-Content-Type-Options" => "nosniff",
-        "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';",
-        "X-Permitted-Cross-Domain-Policies" => "none",
-        "Referrer-Policy" => "same-origin"
-    )
-
-    # Block . files from being served, such as .git, .github, .gitignore
-    $HTTP["url"] =~ "^/admin/\." {
-        url.access-deny = ("")
-    }
-
-    # allow teleporter and API qr code iframe on settings page
-    $HTTP["url"] =~ "/(teleporter|api_token)\.php$" {
-        $HTTP["referer"] =~ "/admin/settings\.php" {
-            setenv.set-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
-        }
-    }
-}
-else $HTTP["url"] == "/admin" {
-    url.redirect = ("" => "/admin/")
-}
-
-$HTTP["host"] == "pi.hole" {
-    $HTTP["url"] == "/" {
-        url.redirect = ("" => "/admin/")
-    }
-}
-
-# (keep this on one line for basic-install.sh filtering during install)
-server.modules += ( "mod_access", "mod_accesslog", "mod_redirect", "mod_fastcgi", "mod_setenv" )

etc/bash_history_2024-01-03_podman.txt

@@ -0,0 +1,500 @@
+podman exec -ti immich-to-slideshow-server /bin/bash
+cp -R /var/www/html-slideshow/Images-c9dbce3b-Results/F\)Random/c9dbce3b/\[\]/* /var/www/html-slideshow/slideshow/random-results/
+exit
+ls -al /var/www/html-slideshow/slideshow/random-results
+exit
+podman exec -ti immich-to-slideshow-server /bin/bash
+exit
+systemctl --user start immich-to-slideshow-server
+exit
+exit
+systemctl --user start immich-to-slideshow-server
+podman exec -ti immich-to-slideshow-server /bin/bash
+exit
+systemctl --user start immich-to-slideshow-server
+exit
+podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest
+systemctl --user start immich-to-slideshow-server
+exit
+podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest
+systemctl --user start immich-to-slideshow-server
+exit
+systemctl --user start immich-to-slideshow-server
+exit
+systemctl --user start immich-to-slideshow-server
+exit
+podman exec -ti immich-to-slideshow-server /bin/bash
+systemctl --user start immich-to-slideshow-server
+podman exec -ti immich-to-slideshow-server /bin/bash
+exit
+systemctl --user start immich-to-slideshow-server
+podman exec -ti immich-to-slideshow-server /bin/bash
+exit
+podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest
+systemctl --user start immich-to-slideshow-server
+exit
+podman pull docker.io/damongolding/immich-kiosk:latest
+exit
+systemctl --user start immich-kiosk
+exit
+systemctl --user start immich-kiosk
+exit
+systemctl --user start immich-kiosk
+exit
+systemctl --user start immich-kiosk
+exit
+systemctl --user start immich-kiosk
+exit
+systemctl --user start immich-to-slideshow-server
+systemctl --user status immich-to-slideshow-server
+exit
+systemctl --user status immich-to-slideshow-server
+systemctl --user start immich-to-slideshow-server
+nano ~/.microsoft/usersecrets/cc24ad7a-1d95-4c47-a3ea-0d8475ab06da/secrets.json
+exit
+podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest
+exit
+systemctl --user start immich-to-slideshow-server
+exit
+podman pull tananaev/traccar:latest
+podman pull tananaev.org/traccar:latest
+podman pull traccar.org/traccar:latest
+podman pull docker.io/traccar/traccar:latest
+exit
+systemctl --user start traccar-server
+systemctl --user status traccar-server --lines=999
+ls -la /opt/traccar/
+ls -la /opt/traccar/logs/
+exit
+systemctl --user status traccar-server --lines=999
+systemctl --user start traccar-server
+nano /opt/traccar/traccar.xml
+exit
+nano /opt/traccar/traccar.xml
+systemctl --user start traccar-server
+systemctl --user status traccar-server --lines=999
+nano /opt/traccar/traccar.xml
+nano /opt/traccar/traccar.xml
+systemctl --user start traccar-server
+systemctl --user status traccar-server --lines=999
+podman pull ghcr.io/linkwarden/linkwarden:latest
+podman pull ghcr.io/linkwarden/linkwarden:latest
+podman pull docker.io/postgres:16-alpine
+podman pull docker.io/postgres:16-alpine
+podman pull ghcr.io/linkwarden/linkwarden:latest
+podman pull ghcr.io/linkwarden/linkwarden:latest
+exit
+systemctl --user start linkwarden-db
+systemctl --user start linkwarden-server
+systemctl --user status linkwarden-server --lines=9999
+exit
+systemctl --user start linkwarden-server
+systemctl --user status linkwarden-server --lines=9999
+exit
+systemctl --user start linkwarden-server
+systemctl --user status linkwarden-server --lines=9999
+exit
+podman pull docker.io/blinkospace/blinko:latest
+podman pull docker.io/postgres:14
+systemctl --user start blinko-server
+systemctl --user status blinko-server --lines=9999
+systemctl --user start blinko-db
+systemctl --user status blinko-db
+systemctl --user start blinko-db
+systemctl --user start blinko-server
+systemctl --user status blinko-server --lines=9999
+exit
+podman volunme ls
+podman volume ls
+podman volume prune
+podman volume ls
+podman volume rm systemd-odoo-server-data
+podman volume rm systemd-odoo-db-data
+podman volume rm one-review_postgres_data
+podman volume prune
+podman volume rm systemd-vaultwarden-server-data
+podman volume prune
+exit
+exit
+exit
+podman exec -ti mattermost-server /bin/bash
+podman volume ls
+podman volume inspect systemd-mattermost-server-config
+nano /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/config.json 
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+podman volume prune
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+docker system prune --volumes
+podman system prune --volumes
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start linkwarden-server
+systemctl --user status linkwarden-server --lines=9999
+podman volume prune
+podman volume prune
+podman image prune
+podman image prune
+podman container prune
+podman volume prune
+podman container prune
+exit
+exit
+podman exec -ti linkwarden-server /bin/bash
+podman pull docker.io/mattermost/mattermost-team-edition:release-10.3
+podman pull docker.io/mattermost/mattermost-team-edition:release-10.3
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+curl -f http://localhost:8065/api/v4/system/ping || exit 1
+systemctl --user start mattermost-server
+podman exec -ti mattermost-server /bin/sh
+exit
+systemctl --user start mattermost-server
+exit
+systemctl --user start mattermost-server
+exit
+systemctl --user start mattermost-server
+exit
+podman volume ls
+podman volume prune
+podman volume inspect systemd-blinko-server-data
+sudo -i root
+sudo -i
+podman exec -ti blinko-server /bin/bash
+podman exec -ti blinko-server /bin/sh
+exit
+sudo -i
+exit
+sudo -i
+exit
+exit
+systemctl --user start linkwarden-server
+exit
+podman volume list
+podman volume info systemd-blinko-server-data
+podman volume systemd-blinko-server-data info
+podman volume systemd-blinko-server-data
+podman volume --help
+podman volume inspect systemd-blinko-server-data
+ls /home/podman/.local/share/containers/storage/volumes/systemd-blinko-server-data/_data
+mkdir -p /home/podman/backup-blinko
+podman volume export blinko-server-data --output /home/podman/backup-blinko/blinko-server-data.tar
+podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/blinko-server-data.tar
+podman volume export systemd-baikal-server-data --output /home/podman/backup-baikal/baikal-server-data.tar
+mkdir -p /home/podman/backup-baikal
+podman volume export systemd-baikal-server-data --output /home/podman/backup-baikal/baikal-server-data.tar
+now=$(date +'%Y-%m-%d_%H-%M-%S')
+podman volume export systemd-baikal-server-data --output /home/podman/backup-baikal/baikal-server-data-${now}.tar
+crontab -e
+exit
+crontab -e
+crontab -e
+crontab -r
+exit
+podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"\%Y\%m\%d-\%H\%M\%S")'.tar'
+exit
+podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"%Y-%m-%d--%H-%M-%S")'.tar'
+exit
+crontab -e
+exit
+chrontab -e
+crontab -e
+crontab -e
+exit
+podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"%Y-%m-%d--%H-%M-%S")'.tar'
+whereis podman
+/usr/bin/podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"%Y-%m-%d--%H-%M-%S")'.tar'
+crontab -e
+crontab -e
+crontab -e
+grep CRON /var/log/syslog
+nano /var/log/syslog
+cat /var/log/syslog
+exit
+crontab -l
+crontab -r
+crontab -e
+cat /etc/cron.allow
+cat /etc/cron.d/cron.allow
+crontab -l -u podman
+nano /etc/cron. d/cron
+nano /etc/cron
+nano /etc/cron.d/cron.allow
+crontab -r
+crontab -l
+exit
+crontab -l
+crontab -e
+systemctl status cron
+sudo -i
+systemctl status cron
+crontab -e
+crontab -e
+systemctl status cron
+systemctl status cron
+systemctl status cron
+crontab -l
+crontab -e
+systemctl status cron
+systemctl status cron
+service cron status
+crontab -e
+service cron status
+crontab -l
+crontab -e
+/home/podman/cron-backup
+mkdir /home/podman/cron-backup
+crontab -e
+crontab -e
+crontab -e
+crontab -e
+tar --list \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar
+tar --list --file \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar
+tar \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar
+tar --list --file \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar /etc
+tar -tf \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar
+tar --list --file /home/podman/cron-backup/immich-server-upload-2024-12-23--11-24-01.tar
+tar --list --file /home/podman/cron-backup/immich-server-upload-2024-12-23--11-24-01.tar thumbs/5f0b1052-466d-44de-a554-226d7256850d/33/c5/
+crontab -e
+tar --list --directory /home/podman/cron-backup/immich-server-upload-2024-12-23--11-24-01.tar
+tar --list --file /home/podman/cron-backup/immich-server-upload-2024-12-23--11-24-01.tar
+crontab -e
+exit
+systemctl --user start linkwarden-server
+exit
+podman pull docker.io/actualbudget/actual-server:latest
+systemctl --user start actual-server
+exit
+exit
+exit
+exit
+exit
+systemctl --user start linkwarden-server
+exit
+id
+exit
+nano ~/.bash_profile
+nano ~/.bash_profile
+exit
+exit
+systemctl --user start uptime-kuma-server
+exit
+systemctl --user start uptime-kuma-server
+podman pull docker.io/2fauth/2fauth
+exit
+systemctl --user start 2fauth-server
+exit
+systemctl --user start 2fauth-server
+exit
+systemctl --user start 2fauth-server
+exit
+podman volumn prune
+podman volume prune
+podman volume prune
+exit
+systemctl --user start 2fauth-server
+exit
+systemctl --user start 2fauth-server
+systemctl --user status 2fauth-server
+exit
+systemctl --user start 2fauth-server
+exit
+exit
+systemctl --user start 2fauth-server
+exit
+podman exec -ti 2fauth-server /bin/bash
+podman exec -ti 2fauth-server /bin/sh
+nc -zv localhost 8000
+nc -zv localhost 443
+podman exec -ti 2fauth-server /bin/sh
+podman exec -ti 2fauth-server /bin/sh
+nc -zv localhost 8000
+nc -zv localhost 5015
+nc -zv localhost 5016
+nc -zv localhost 5015
+nc -zv localhost 5015
+systemctl --user start 2fauth-server
+nc -zv localhost 5015
+exit
+podman exec -ti 2fauth-server /bin/sh
+exit
+systemctl --user start 2fauth-server
+podman exec -ti 2fauth-server /bin/sh
+exit
+systemctl --user start 2fauth-server
+exit
+systemctl --user start 2fauth-server
+exit
+podman exec -ti 2fauth-server /bin/sh
+exit
+systemctl --user start 2fauth-server
+podman exec -ti 2fauth-server /bin/sh
+podman exec -ti 2fauth-server /bin/sh
+exit
+podman exec -ti 2fauth-server /bin/sh
+exit
+podman exec -ti 2fauth-server /bin/sh
+systemctl --user start 2fauth-server
+podman exec -ti 2fauth-server /bin/sh
+exit
+systemctl --user start 2fauth-server
+exit
+systemctl --user start 2fauth-server
+exit
+podman pull docker.io/gotify/server
+systemctl --user start gotify-server
+exiot
+exit
+systemctl --user start uptime-kuma-server
+nano /etc/hostname
+exit
+podman pull ghcr.io/goauthentik/server:2024.12.1
+exit
+podman pull docker.io/library/redis:7.4.1
+exit
+podman pull docker.io/library/redis:7.4.1
+exit
+podman pull docker.io/library/postgres:16.6
+exit
+exit
+systemctl --user start authentik-db
+systemctl --user status authentik-db
+exit
+systemctl --user start authentik-db
+systemctl --user status authentik-db
+systemctl --user start authentik-redis
+systemctl --user status authentik-redis
+systemctl --user start authentik-worker
+systemctl --user status authentik-worker
+exit
+systemctl --user status authentik-worker
+exit
+systemctl --user start authentik-worker
+systemctl --user status authentik-worker
+nc -zv localhost 5021
+redis-cli ping 
+redis-cli -h localhost -p 6379 PING
+redis-cli -h localhost -p 5021 PING
+podman exec -ti authentik-redis /bin/bash
+redis-cli -h localhost -p 5021 PING
+exit
+exit
+systemctl --user start authentik-redis
+systemctl --user status authentik-redis
+exit
+systemctl --user start authentik-redis
+systemctl --user status authentik-redis
+podman exec -ti authentik-redis /bin/bash
+podman exec -ti authentik-redis /bin/sh
+exit
+exit
+systemctl --user start authentik-redis
+systemctl --user start authentik-redis
+podman exec -ti authentik-redis /bin/sh
+podman exec -ti authentik-redis /bin/bash
+exit
+exit
+systemctl --user start authentik-redis
+exit
+systemctl --user start authentik-redis
+systemctl --user start authentik-redis
+exit
+systemctl --user start authentik-redis
+exit
+systemctl --user start authentik-redis
+podman exec -ti authentik-redis /bin/bash
+exit
+systemctl --user start authentik-redis
+exit
+systemctl --user start authentik-redis
+exit
+systemctl --user start mattermost-server
+exit
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+podman volume prune
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+crontab -e
+crontab -e
+exit
+crontab -e
+exit
+podman volume import systemd-mattermost-server-logs /home/podman/cron-backup/mattermost-server-logs-2024-12-23--11-28-01.tar
+podman volume import systemd-mattermost-server-plugins /home/podman/cron-backup/mattermost-server-plugins-2024-12-23--11-29-02.tar
+podman volume import systemd-mattermost-server-config /home/podman/cron-backup/mattermost-server-config-2024-12-23--11-27-01.tar
+podman volume import systemd-mattermost-server-client-plugins /home/podman/cron-backup/mattermost-server-client-plugins-2024-12-23--11-26-01.tar
+podman volume import systemd-mattermost-server-bleve /home/podman/cron-backup/mattermost-server-bleve-2024-12-23--11-25-01.tar
+podman volume import systemd-mattermost-server-data /home/podman/cron-backup/mattermost-server-data-2024-12-23--11-18-01.tar
+podman volume import systemd-mattermost-db-data /home/podman/cron-backup/mattermost-db-data-2024-12-24--12-17-01.tar
+exit
+systemctl --user start mattermost-server
+systemctl --user start mattermost-db
+exit
+systemctl --user start mattermost-db
+systemctl --user start mattermost-db
+systemctl --user start mattermost-server
+exit
+systemctl --user status mattermost-server --lines=999
+exit
+podman volume import systemd-mattermost-db-data /home/podman/cron-backup/mattermost-db-data-2024-12-24--12-17-01.tar
+podman volume import systemd-mattermost-server-data /home/podman/cron-backup/mattermost-server-data-2024-12-23--11-18-01.tar
+podman volume import systemd-mattermost-server-bleve /home/podman/cron-backup/mattermost-server-bleve-2024-12-23--11-25-01.tar
+podman volume import systemd-mattermost-server-client-plugins /home/podman/cron-backup/mattermost-server-client-plugins-2024-12-23--11-26-01.tar
+podman volume import systemd-mattermost-server-config /home/podman/cron-backup/mattermost-server-config-2024-12-23--11-27-01.tar
+podman volume import systemd-mattermost-server-plugins /home/podman/cron-backup/mattermost-server-plugins-2024-12-23--11-29-02.tar
+podman volume import systemd-mattermost-server-logs /home/podman/cron-backup/mattermost-server-logs-2024-12-23--11-28-01.tar
+exit
+podman volume import systemd-mattermost-server-data /home/podman/cron-backup/mattermost-server-data-2024-12-23--11-18-01.tar
+systemctl --user start mattermost-db
+systemctl --user start mattermost-server
+exit
+systemctl --user start mattermost-server
+podman exec -ti mattermost-server /bin/bash
+exit
+systemctl --user start mattermost-server
+exit
+exit
+exit
+/usr/libexec/podman/quadlet --user /home/podman/libexec-podman-quadlet-output
+/usr/libexec/podman/quadlet -dryrun --user
+exit
+exit
+exit
+systemctl --user start mattermost-server
+exit
+systemctl --user status mattermost-server --lines=999
+exit

etc/bash_history_2024-11-10.txt

@@ -0,0 +1,500 @@
+exit
+cd ~/.bashrc.d/systemd
+cd ~/.bashrc.d
+ls -la
+sudo -iu podman
+exit
+systemctl --user list-unit-files
+cd /etc/containers/systemd/users
+ls
+ls -la
+cd ..
+ls -la
+systemctl start --user
+cd /usr/lib/systemd/system-generators/podman-system-generator
+cd /usr/lib/systemd/system-generators
+ls -la
+ls -la
+cd /usr/libexec/podman/quadlet
+cd /usr/libexec/podman
+ls -la
+apt-get install apt install podman-quadlet
+apt install podman-quadlet
+ls -la
+ls -la /usr/libexec/podman
+systemctl -l | grep -i rootlessport
+ps aux | grep rootlessport
+podman-generate-systemd
+ls
+whereis podman-generate-systemd
+clear
+apt list --installed
+clear
+exit
+clear
+apt list --installed
+clear
+/usr/libexec/podman/quadlet -dryrun
+/usr/libexec/podman/quadlet --user -dryrun
+sudo -iu podman
+exit
+chown -R podman:podman /home/podman
+/usr/libexec/podman/quadlet -dryrun --user
+sudo -iu podman
+find / -name "immich-server.service" 2>/dev/null
+rm -R /home/podman/d
+find / -name "uptime-kuma-server.service" 2>/dev/null
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+chown -R podman:podman /home/podman/.config/containers/systemd
+chown -R podman:podman /home/podman/.config/containers/systemd
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+nginx -t
+nginx -s reload
+sudo -iu podman
+nginx -t
+nginx -s reload
+sudo -iu podman
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+links https://phares.duckdns.org
+nano /etc/hosts
+links https://phares.duckdns.org
+ls /var/www/html
+nano index.html
+nano /var/www/html/index.html
+mv /var/www/html /var/www/html-slideshow
+ls /var/www
+mkdir /var/www/html
+cp /var/www/html-slideshow/index.nginx-debian.html /var/www/html/
+mv /var/www/html /var/www/html-nginx
+nginx -t
+nginx -s reload
+links https://phares.duckdns.org
+ls /var/www/html-nginx
+links https://adguard.phares.duckdns.org/
+nano /etc/hosts
+links https://adguard.phares.duckdns.org/
+nano /etc/hosts
+links https://adguard.phares.duckdns.org/
+nano /etc/hosts
+nano /etc/hosts
+links https://adguard.phares.duckdns.org/
+nano /etc/hosts
+links https://adguard.phares.duckdns.org/
+exit
+nginx -t
+nginx -s reload
+podman pull docker.io/m1k1o/neko:firefox
+/usr/libexec/podman/quadlet --user /home/podman/libexec-podman-quadlet-output
+chown -R podman:podman /home/podman/.config/containers/systemd
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+nginx -t
+nginx -s reload
+podman pull docker.io/mattermost/mattermost-team-edition:9.11.2
+sudo -iu podman
+podman list images
+podman ls images
+podman images ls
+podman image ls
+podman image prone
+podman image purge
+podman image --help
+podman image prune
+y
+podman image ls
+podman image rm 2
+podman image rm 7
+podman image ls
+sudo -iu podman
+chown -R podman:podman /home/podman/.config/containers/systemd
+sudo -iu podman
+sudo -iu podman
+nginx -t
+nginx -s reload
+nginx -t
+nginx -t
+nginx -s reload
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+chown -R podman:podman /home/podman/.config/containers/systemd
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+exit
+sudo -iu podman
+exit
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+nano /etc/hosts
+nano /etc/hosts
+nano /etc/hosts
+exit
+sudo -iu podman
+sudo -iu podman
+cat /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/config.json 
+nano/home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/config.json 
+nano /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/config.json 
+sudo -iu podman
+nano /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/config.json 
+sudo -iu podman
+exit
+exit
+sudo -iu podman
+cd /home/podman/.local/share/containers/storage/volumes/systemd-immich-server-external/_data
+ls
+ls -la
+cd /
+sudo -iu podman
+ls -la /home/podman/.local/share/containers/storage/volumes/systemd-immich-server-upload/_data/thumbs/5f0b1052-466d-44de-a554-226d7256850d/
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+exit
+sudo -iu podman
+sudo -iu podman
+links https://192.168.0.43:8123
+links http://192.168.0.43:8123
+exit
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+ls -la /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data
+cp -R /var/www/html-nginx/ /var/www/html-quartz
+cd /var/www/html-quartz
+ls
+mv index.nginx-debian.html index.html
+links http://192.168.11.2:8069/
+links http://192.168.11.2:8069/index.html
+cd /
+nginx -t
+cd /var/www/html-infineon/
+ls
+nginx -t
+nginx -s reload
+apt-get update
+apt-get upgrade
+reboot
+links http://192.168.11.2:8069/
+links http://192.168.11.2:8069/
+links http://192.168.11.2/
+sudo -iu podman
+ls -la /home/podman/.local/share/containers/storage/volumes/systemd-odoo-server-data/_data/sessions/
+rm /home/podman/.local/share/containers/storage/volumes/systemd-odoo-server-data/_data/sessions
+rm -R /home/podman/.local/share/containers/storage/volumes/systemd-odoo-server-data/_data/sessions
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+ls -la /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data/git/
+ls -la /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data/var
+ls -la /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data
+ls -la /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data/git/
+ls -la /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data/git/repositories/
+ls -la /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data/git/repositories/phares3757/
+sudo -iu podman
+exit
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nano /root/.acme.sh/*.phares.duckdns.org_ecc/*.phares.duckdns.org.cer
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+reboot
+links http://127.0.0.1:8080/slideshow/index.html?nocache=2024-07-01-11-36
+links http://127.0.0.1:8080/slideshow/index.html
+links http://127.0.0.1:8080/slideshow
+links http://192.168.11.2:8080/slideshow
+nginx -t
+reboot
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+exit
+mv /root/.acme.sh/affirm.duckdns.org_ecc/ /root/acme.sh-master/wild-affirm
+mv /root/acme.sh-master/wild-affirm /root/.acme.sh/wild-affirm
+exit
+nginx -t
+nginx -t
+nginx -s reload
+exit
+cd /tmp
+git clone https://github.com/acmesh-official/acme.sh.git
+cd /tmp/acme.sh
+./acme.sh --install -m mikepharesjr@msn.com
+export DuckDNS_Token=1d3fc707-7052-4459-a624-fb01250f00b9
+echo $DuckDNS_Token
+./acme.sh --register-account -m mikepharesjr@msn.com
+./acme.sh --set-default-ca --server letsencrypt
+./acme.sh --issue --dns dns_duckdns -d '*.kmjmlc.duckdns.org' --debug --home /root/.acme.sh --dnssleep 120 --days 90 --ecc --server https://acme-v02.api.letsencrypt.org/directory
+./acme.sh --issue --dns dns_duckdns -d '*.jmlc.duckdns.org' --debug --home /root/.acme.sh --dnssleep 120 --days 90 --ecc --server https://acme-v02.api.letsencrypt.org/directory
+cp -R /root/.acme.sh/\*.jmlc.duckdns.org_ecc/ /root/.acme.sh/wild-jmlc
+mv /root/.acme.sh/wild-jmlc/\*.jmlc.duckdns.org.cer /root/.acme.sh/wild-jmlc/jmlc.duckdns.org.cer
+mv /root/.acme.sh/wild-jmlc/\*.jmlc.duckdns.org.conf /root/.acme.sh/wild-jmlc/jmlc.duckdns.org.conf
+mv /root/.acme.sh/wild-jmlc/\*.jmlc.duckdns.org.csr /root/.acme.sh/wild-jmlc/jmlc.duckdns.org.csr
+mv /root/.acme.sh/wild-jmlc/\*.jmlc.duckdns.org.csr.conf /root/.acme.sh/wild-jmlc/jmlc.duckdns.org.csr.conf
+mv /root/.acme.sh/wild-jmlc/\*.jmlc.duckdns.org.key /root/.acme.sh/wild-jmlc/jmlc.duckdns.org.key
+nginx -t
+nginx -t
+nginx -s reload
+nginx -t
+nginx -t
+nginx -s reload
+nginx -s reload
+links http://192.168.11.2:9090
+links https://192.168.11.2:9090
+nginx -s reload
+nano /etc/cockpit/ws-certs.d/0-self-signed.cert 
+man cockpit.conf
+nano /etc/cockpit/cockpit.conf
+systemctl status cockpit.socket
+systemctl status cockpit
+systemctl stop cockpit
+systemctl stop cockpit.socket
+systemctl stop cockpit
+systemctl start cockpit
+systemctl start cockpit.socket
+nginx -s reload
+rm /etc/cockpit/cockpit.conf
+systemctl stop cockpit
+systemctl stop cockpit.socket
+systemctl stop cockpit
+systemctl start cockpit.socket
+systemctl start cockpit
+nginx -s reload
+journalctl -u cockpit
+cd /etc/cockpit/
+ls
+cd ws-certs.d/
+ls
+mv 0-self-signed.cert 0-self-signed.cert.old
+mv 0-self-signed.key 0-self-signed.key.old
+cp /root/.acme.sh/wild-phares/phares.duckdns.org.cer 0-self-signed.cert
+cp /root/.acme.sh/wild-phares/phares.duckdns.org.key 0-self-signed.key
+systemctl restart cockpit
+systemctl status cockpit
+systemctl status cockpit
+systemctl status cockpit
+systemctl status cockpit
+systemctl status cockpit
+systemctl restart cockpit
+nano /etc/cockpit/cockpit.conf
+systemctl restart cockpit
+systemctl status cockpit
+systemctl status cockpit
+systemctl status cockpit
+systemctl status cockpit
+systemctl restart cockpit
+systemctl status cockpit
+nginx -s reload
+systemctl restart cockpit
+systemctl status cockpit
+nginx -s reload
+nginx -s reload
+rm -R /mnt/free-file-sync/notes/FS-ADO/
+exit
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+exit
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+nignx -t
+nginx -t
+nginx -s reload
+reboot
+lsof -i -P -n | grep LISTEN
+links http://192.168.11.2:5007/
+links http://127.0.0.1:5007/
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+chmod -R 0774 /root/.acme.sh/wild-phares
+sudo -iu podman
+ls -la /root/.acme.sh/wild-phares
+chmod -R 0775 /root/.acme.sh/wild-phares
+ls -la /root/.acme.sh/wild-phares
+sudo -iu podman
+chmod -R 0777 /root/.acme.sh/wild-phares
+sudo -iu podman
+chmod -R 0774 /root/.acme.sh/wild-phares
+ls -la /root/.acme.sh/wild-phares
+chmod -R 0774 /root/.acme.sh
+ls -la /root/.acme.sh
+sudo -iu podman
+ln -s /root/.acme.sh/wild-phares /home/podman/wild-phares
+sudo -iu podman
+cp -R /root/.acme.sh/wild-phares /home/podman/wild-phares
+cp -R /root/.acme.sh/wild-phares/ /home/podman
+rm /home/podman/wild-phares
+cp -R /root/.acme.sh/wild-phares/ /home/podman
+chown podman:podman /home/podman
+ls /home/podman/wild-phares/
+ls -la /home/podman/wild-phares
+sudo -iu podman
+chown -R podman:podman /home/podman
+ls -la /home/podman/wild-phares
+sudo -iu podman
+cd /home/podman/
+ls
+cd quadlet/
+ls -la
+cd default.target.wants/
+ls -la
+cd ..
+cd ..
+cd lib
+cd libpod/
+ls -la
+sudo -iu podman
+chown -R 1000:1000 /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data
+sudo -iu podman
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data
+cd /
+sudo -iu podman
+sudo -iu podman
+reboot
+sudo -iu podman
+exit
+/usr/libexec/podman/quadlet --user /home/podman/libexec-podman-quadlet-output
+/usr/libexec/podman/quadlet -dryrun --user
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+exit
+ls -ls \mnt\free-file-sync\proxmox
+ls -ls /mnt/free-file-sync/proxmox
+cd /home/podman
+ls -la
+setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl
+apt-get install acl -y
+setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl
+ls -la
+setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl
+setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions.acl
+cd /
+setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions.acl
+ls /home/podman/.config/cni/net.d
+setfacl --restore=/mnt/free-file-sync/proxmox/one.acl
+cd /home/phares/
+setfacl --restore=/mnt/free-file-sync/proxmox/one.acl
+setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions.acl
+setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions.acl
+getfacl /home/podman > permissions.acl
+ls
+cat permissions.acl 
+rm permissions.acl 
+getfacl -R /home/podman > podman-permissions-bad.acl
+mv podman-permissions-bad.acl /mnt/free-file-sync/proxmox/
+setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl
+cd ../podman
+setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl
+cd /
+setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl
+nano /etc/passwd
+nano /etc/passwd
+nano /etc/group
+nano /etc/shadow
+find / -uid 1000 -exec chown -h 2000 {} +
+find / -gid 1000 -exec chgrp -h 2000 {} +
+find / -xdev -uid 1002 -exec chown -h 1000 {} +
+find / -xdev -gid 1002 -exec chgrp -h 1000 {} +
+reboot
+reboot
+nano /etc/passwd
+nano /etc/group
+find / -xdev -uid 1001 -exec chown -h 1005 {} +
+find / -xdev -gid 1001 -exec chgrp -h 1005 {} +
+find / -xdev -uid 2000 -exec chown -h 1001 {} +
+find / -xdev -gid 2000 -exec chgrp -h 1001 {} +
+nano /etc/passwd
+nano /etc/group
+find / -xdev -uid 1005 -exec chown -h 1002 {} +
+find / -xdev -gid 1005 -exec chgrp -h 1002 {} +
+reboot
+cd /
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+ls /run/user/
+ls /run/user/1001/systemd/
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+/usr/libexec/podman/quadlet -dryrun --user
+/usr/libexec/podman/quadlet --user /home/podman/libexec-podman-quadlet-output
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+cp /home/podman/config.json /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data
+sudo -iu podman
+chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-plugins/_data/
+sudo -iu podman
+sudo -iu podman
+chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-client-plugins/_data/
+sudo -iu podman
+chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/_data/
+chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/
+chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/
+chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/
+sudo -iu podman
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/
+sudo -iu podman
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/
+sudo -iu podman
+exit

etc/bash_history_2024-11-23.txt

@@ -0,0 +1,500 @@
+ls /home/podman/.config/cni/net.d
+setfacl --restore=/mnt/free-file-sync/proxmox/one.acl
+cd /home/phares/
+setfacl --restore=/mnt/free-file-sync/proxmox/one.acl
+setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions.acl
+setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions.acl
+getfacl /home/podman > permissions.acl
+ls
+cat permissions.acl 
+rm permissions.acl 
+getfacl -R /home/podman > podman-permissions-bad.acl
+mv podman-permissions-bad.acl /mnt/free-file-sync/proxmox/
+setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl
+cd ../podman
+setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl
+cd /
+setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl
+nano /etc/passwd
+nano /etc/passwd
+nano /etc/group
+nano /etc/shadow
+find / -uid 1000 -exec chown -h 2000 {} +
+find / -gid 1000 -exec chgrp -h 2000 {} +
+find / -xdev -uid 1002 -exec chown -h 1000 {} +
+find / -xdev -gid 1002 -exec chgrp -h 1000 {} +
+reboot
+reboot
+nano /etc/passwd
+nano /etc/group
+find / -xdev -uid 1001 -exec chown -h 1005 {} +
+find / -xdev -gid 1001 -exec chgrp -h 1005 {} +
+find / -xdev -uid 2000 -exec chown -h 1001 {} +
+find / -xdev -gid 2000 -exec chgrp -h 1001 {} +
+nano /etc/passwd
+nano /etc/group
+find / -xdev -uid 1005 -exec chown -h 1002 {} +
+find / -xdev -gid 1005 -exec chgrp -h 1002 {} +
+reboot
+cd /
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+ls /run/user/
+ls /run/user/1001/systemd/
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+/usr/libexec/podman/quadlet -dryrun --user
+/usr/libexec/podman/quadlet --user /home/podman/libexec-podman-quadlet-output
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+cp /home/podman/config.json /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data
+sudo -iu podman
+chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-plugins/_data/
+sudo -iu podman
+sudo -iu podman
+chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-client-plugins/_data/
+sudo -iu podman
+chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/_data/
+chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/
+chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/
+chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/
+sudo -iu podman
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/
+sudo -iu podman
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/
+sudo -iu podman
+exit
+cp ~/.bash_history /etc/bash_history_2024-11-10.txt
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/_data/
+sudo -iu podman
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/_data/
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-plugins/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-client-plugins/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/
+ls -la /home/podman/.local/share/containers/storage/volumes/systemd-mattermost
+ls -la /home/podman/.local/share/containers/storage/volumes
+ls -la /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-logs
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-plugins/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-client-plugins/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-logs/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-plugins/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-client-plugins/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-logs/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-logs/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-plugins/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-client-plugins/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-logs/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-logs/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-logs/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-client-plugins/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-logs/_data/
+chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-plugins/_data/
+sudo -iu podman
+sudo -iu podman
+chown -R podman:podman /home/podman/.config/containers/systemd
+sudo -iu podman
+sudo -iu podman
+systemctl --user start mattermost-db
+systemctl --user start mattermost-db
+/usr/libexec/podman/quadlet --user /home/podman/libexec-podman-quadlet-output
+sudo -iu podman
+cp /home/podman/config.json /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data
+sudo -iu podman
+sudo -iu podman
+exit
+exit
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+nginx -t
+nginx -s reload
+nginx -s reload
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+links https://pgadmin.phares.duckdns.org/
+links https://pgadmin.phares.duckdns.org/
+sudo -iu podman
+sudo -iu podman
+lspci | grep -i nvme
+lspci -vv -s 08:00.0 | grep -w LnkCap
+lspci -vv -s 02:00.0 | grep -w LnkCap
+sudo -iu podman
+curl https://push-test.mattermost.com
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+apt-file search setcap
+setcap
+sudo -iu podman
+nano /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/config.json 
+sudo -iu podman
+nginx -s reload
+nginx -s reload
+sudo -iu podman
+nginx -s reload
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+exit
+snap install vaultwarden
+snap vaultwarden
+snap vaultwarden help
+lsof -i -P -n | grep LISTEN
+nano /var/snap/vaultwarden/current/vaultwarden.conf
+snap stop vaultwarden
+sudo -iu podman
+snap stop vaultwarden
+sudo -iu podman
+nginx -t
+nginx -s reload
+sudo -iu podman
+links https://192.168.11.2:5008
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+links https://192.168.11.2:5008
+links http://192.168.11.2:5008
+links https://192.168.11.2:5008
+snap start vaultwarden
+snap vaultwarden
+snap vaultwarden hash
+snap uninstall vaultwarden
+snap remove vaultwarden
+exot
+exit
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -s reload
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+sudo -iu podman
+links https://mattermost.phares.duckdns.org
+snap install vaultwarden
+snap stop vaultwarden
+nano /var/snap/vaultwarden/current/vaultwarden.conf
+rm /var/snap/vaultwarden/current/vaultwarden.conf
+nano /var/snap/vaultwarden/current/vaultwarden.conf
+snap remove vaultwarden
+snap install vaultwarden
+ls -la /var/snap/vaultwarden/current
+ls -la /var/snap/vaultwarden/current
+echo>/var/snap/vaultwarden/current/vaultwarden.conf
+nano /var/snap/vaultwarden/current/vaultwarden.conf
+snap start vaultwarden
+snap info vaultwarden
+snap status vaultwarden
+lsof -i -P -n | grep LISTEN
+snap start vaultwarden
+lsof -i -P -n | grep LISTEN
+links https://192.168.11.2:5009/
+openssl s_client -showcerts -connect vaultwarden.phares.duckdns.org:443 -servername vaultwarden.phares.duckdns.org
+exit
+snap start vaultwarden
+journalctl -u snapd
+cat /var/snap/vaultwarden/current/
+top
+snap info adguard
+snap info addguard
+snap info addguardhome
+snap info
+snap info 
+snap changes
+snap watch id 37
+snap watch 37
+snap watch 34
+snap logs vaultwardedn
+snap logs vaultwarden
+ls -la /home/podman/wild-phares/
+nano /var/snap/vaultwarden/current/vaultwarden.conf
+nano /var/snap/vaultwarden/current/vaultwarden.conf
+snap start vaultwarden
+snap logs vaultwarden
+ls -la /var/snap/vaultwarden/current/
+ls -la /var/snap/vaultwarden/current/ssl
+cp -R /home/podman/wild-phares/* /var/snap/vaultwarden/current/ssl/
+ls -la /var/snap/vaultwarden/current/ssl/
+nano /var/snap/vaultwarden/current/vaultwarden.conf
+snap start vaultwarden
+snap logs vaultwarden
+snap logs vaultwarden
+nginx -t
+nginx -s reload
+nano /var/snap/vaultwarden/current/vaultwarden.conf
+nano /var/snap/vaultwarden/current/vaultwarden.conf
+nano /var/snap/vaultwarden/current/vaultwarden.conf
+snap stop vaultwarden
+snap start vaultwarden
+sudo -iu podman
+exit
+nano /var/snap/vaultwarden/current/vaultwarden.conf
+snap stop vaultwarden
+nano /var/snap/vaultwarden/current/vaultwarden.conf
+snap start vaultwarden
+nginx -t
+nginx -s reload
+sudo -iu podman
+exit
+sudo -iu podman
+sudo -iu podman
+exit
+nano /etc/cockpit/cockpit.conf
+apt-get install cockpit cockpit-podman cockpit-machines -y
+apt-get install cockpit cockpit-podman cockpit-machines -y
+apt-get remove cockpit-machines -y
+apt-get install cockpit cockpit-podman cockpit-files -y
+apt-get install cockpit cockpit-podman cockpit-file -y
+apt-get search cockpit-file
+apt-get search
+apt-get --help
+apt-get check
+apt-get auto-purge
+apt-get --help
+apt-get purge
+apt-get autoremove
+apt-get autoremove
+apt-get update
+apt-get install cockpit cockpit-podman cockpit-files -y
+apt-get upgrade
+sudo -iu podman
+sudo -iu podman
+nginx -t
+nginx -s reload
+sudo -iu podman
+nano /etc/docker/daemon.json
+nano /etc/podman/daemon.json
+sudo -iu podman
+nginx -s reload
+sudo -iu podman
+nano /etc/resolv.conf
+nano /etc/resolv.conf
+nano /etc/hosts
+cat /etc/hosts
+sudo -iu podman
+nano /etc/hosts
+sudo -iu podman
+sudo -iu podman
+nginx -s reload
+nginx -s reload
+nano /etc/hosts
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+apt install podman
+sudo -iu podman
+sudo -iu podman
+exit
+sudo -iu podman
+exit
+sudo -iu podman
+nginx -s reload
+exit
+nginx -t
+nginx -s reload
+exit
+nginx -t
+nginx -s reload
+sudo -iu podman
+sudo -iu podman
+exit
+nginx -s reload
+exit
+nano /etc/cockpit/cockpit.conf
+exit
+ls -la /etc/cockpit/ws-certs.d/
+nano /etc/cockpit/ws-certs.d/0-self-signed.cert
+mv /etc/cockpit/ws-certs.d/0-self-signed.cert /etc/cockpit/ws-certs.d/0-self-signed.cert.part
+cp /root/.acme.sh/wild-phares/fullchain.cer /etc/cockpit/ws-certs.d/0-self-signed.cert
+exit
+ls -la /etc/cockpit/ws-certs.d
+chomod 774 -r /etc/cockpit/ws-certs.d
+chmod 774 -R /etc/cockpit/ws-certs.d
+ls -la /etc/cockpit/ws-certs.d
+exit
+cp /root/.acme.sh/wild-phares/phares.duckdns.org.cer /etc/cockpit/ws-certs.d/0-self-signed.cert
+ls -la /etc/cockpit/ws-certs.d
+rm /etc/cockpit/ws-certs.d/0-self-signed.cert.old 
+chmod 774 -R /etc/cockpit/ws-certs.d
+exit
+ls -la /usr/libexec/podman/quadlet
+ls -la /usr/libexec/podman
+exit
+find / -name "neko-server.service" 2>/dev/null
+exit
+cp /run/user/1000/systemd/generator/multi-user.target.wants/neko-server.service /mnt/free-file-sync/proxmox/
+cp /run/user/1000/systemd/generator/default.target.wants/neko-server.service /mnt/free-file-sync/proxmox/
+cp /run/user/1000/systemd/generator/neko-server.service /mnt/free-file-sync/proxmox/
+nano /run/user/1000/systemd/generator/multi-user.target.wants/neko-server.service
+dif /home/podman/libexec-podman-quadlet-output/default.target.wants/neko-server.service /run/user/1000/systemd/generator/default.target.wants/neko-server.service
+diff /home/podman/libexec-podman-quadlet-output/default.target.wants/neko-server.service /run/user/1000/systemd/generator/default.target.wants/neko-server.service
+diff /home/podman/libexec-podman-quadlet-output/multi-user.target.wants/neko-server.service /run/user/1000/systemd/generator/multi-user.target.wants/neko-server.service
+diff /home/podman/libexec-podman-quadlet-output/neko-server.service /run/user/1000/systemd/generator/neko-server.service
+sudo -iu podman
+diff /home/podman/libexec-podman-quadlet-output/neko-server.service /run/user/1000/systemd/generator/neko-server.service
+diff /home/podman/libexec-podman-quadlet-output/multi-user.target.wants/neko-server.service /run/user/1000/systemd/generator/multi-user.target.wants/neko-server.service
+diff /home/podman/libexec-podman-quadlet-output/multi-user.target.wants/neko-server.service /run/user/1000/systemd/generator/multi-user.target.wants/neko-server.service
+diff
+diff --help
+diff /home/podman/libexec-podman-quadlet-output/multi-user.target.wants/neko-server.service /run/user/1000/systemd/generator/multi-user.target.wants/neko-server.service -y
+diff -y /home/podman/libexec-podman-quadlet-output/default.target.wants/neko-server.service /run/user/1000/systemd/generator/default.target.wants/neko-server.service
+diff -r /home/podman/libexec-podman-quadlet-output/default.target.wants/neko-server.service /run/user/1000/systemd/generator/default.target.wants/neko-server.service
+diff -y /home/podman/libexec-podman-quadlet-output/multi-user.target.wants/neko-server.service /run/user/1000/systemd/generator/multi-user.target.wants/neko-server.service
+diff -r /home/podman/libexec-podman-quadlet-output/multi-user.target.wants/neko-server.service /run/user/1000/systemd/generator/multi-user.target.wants/neko-server.service
+diff -y -r /home/podman/libexec-podman-quadlet-output/neko-server.service /run/user/1000/systemd/generator/neko-server.service
+diff -r /home/podman/libexec-podman-quadlet-output/neko-server.service /run/user/1000/systemd/generator/neko-server.service
+sudo -iu podman
+diff -r /home/podman/libexec-podman-quadlet-output/neko-server.service /run/user/1000/systemd/generator/neko-server.service
+/usr/lib/systemd/user-generators/podman-user-generator
+ls /usr/lib/systemd/user-generators/podman-user-generator
+exit
+nginx -s reload
+exit
+rm -R /var/www/html-infineon/
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+exit
+exit
+nginx -t
+nginx -s reload
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+exit
+docker
+exit
+snap list
+exit
+nano /var/www/html-slideshow/slideshow/scripts/index.js 
+nano /var/www/html-slideshow/slideshow/index.json 
+snap install dotnet-sdk --classic 9.0/stable
+dotnet --info
+snap install dotnet-sdk --classic --channel 9.0/stable
+snap install dotnet-sdk --stable 9.0/stable
+snap install dotnet-sdk --stable dotnet-sdk
+snap install --stable dotnet-sdk
+snap install --classic --stable dotnet-sdk
+exit
+~/.bashrc
+exit
+~/.bashrc
+nano /etc/hostname
+nano /etc/hostname
+/etc/hosts
+nano /etc/hosts
+/etc/hosts
+nano /etc/hostname
+nano /etc/hosts
+~/.bashrc
+sudo -i
+exit
+dotnet --info
+snap remove --classic --stable dotnet-sdk
+snap remove dotnet-sdk
+dotnet --info
+snap install dotnet-sdk --classic --9.0/stable
+snap install dotnet-sdk --classic --channel 9.0/stable
+apt-get update
+snap install dotnet-sdk --classic --channel 9.0/stable
+snap install dotnet-sdk --classic --latest/stable
+snap install dotnet-sdk --classic --channel latest/stable
+export DOTNET_ROOT=/snap/dotnet-sdk/current
+~/.bash_profile, ~/.bashrc
+~/.bash_profile
+~/.bashrc
+sudo -i
+exit
+dotnet --info
+cd /tmp/
+git clone https://33aada599f8e245782e68931fe2629a959af5d26@gitea.phares.duckdns.org/phares3757/one-review.git
+ls
+cd one-review/
+podman compose up --build
+nano /etc/containers/registries.conf
+ls
+podman ps -a
+sudo -iu podman
+cd ..
+rm -R one-review/
+sudo -iu podman
+sudo -iu podman
+apt-get install podman-plugins
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+git clone https://33aada599f8e245782e68931fe2629a959af5d26@gitea.phares.duckdns.org/phares3757/one-review.git
+cd one-review/
+git checkout origin 11-17
+git checkout origin/11-17
+git pull
+git pull origin 11-17
+git log -1
+docker compose up --build
+snap install docker
+snap remove docker
+snap remove dotnet-sdk 
+cd ..
+ls
+rm -R one-review/
+ls
+exit
+dotnet --info
+exit

etc/bash_history_2025-01-03.txt

@@ -0,0 +1,500 @@
+mv /mnt/free-file-sync/iso/images-a/DisneyWorld\\\\ 2019/ /mnt/free-file-sync/iso/images-a/DisneyWorld\\ 2019/
+mv /mnt/free-file-sync/iso/images-a/DisneyWorld\\\ 2019 /mnt/free-file-sync/iso/images-a/DisneyWorld\\ 2019/
+rm -R /mnt/free-file-sync/iso/images-a/DisneyWorld\\\ 2019/
+rm -R /mnt/free-file-sync/iso/images-a/All\\\ Pictures\\\ from\\\ Wedding\\\ Originals\\\ 2006
+rm -R /mnt/free-file-sync/iso/images-a/All\\\ Pictures\\\ from\\\ Wedding\\\ Originals\\\ 2006\ \\\!9
+exit
+rm -R /mnt/free-file-sync/iso/images-a/Phares\\\ Slides\\\ ####
+exit
+mount /mnt/free-file-sync/iso/Edited.iso /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Edited/2024-12-18-17-56-37-119.iso /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Facebook/2024-12-18-17-32-32-487.iso /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/All\ Pictures\ from\ Wedding\ Originals\ 2006/2024-12-18-18-10-19-693.iso /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Phares\ Slides\ ####/2024-12-18-18-13-54-579.iso /mnt/iso-compare
+rm -R /mnt/free-file-sync/iso/images-a/Scanned\ Grandma\\\'s\ Quilt\ ####/
+rm -R /mnt/free-file-sync/iso/images-a/Event
+rm -R /mnt/free-file-sync/iso/images-a/Question/
+mount /mnt/free-file-sync/iso/images-a/All\ Pictures\ from\ Wedding\ Originals\ 2006/2024-12-18-18-10-19-693.iso /mnt/iso-compare
+rm -R /mnt/free-file-sync/iso/images-a/All\ Pictures\ from\ Wedding\ Originals\ 2006/
+mount /mnt/free-file-sync/iso/images-a/Edited/2024-12-18-17-56-37-119.iso /mnt/iso-compare
+umount /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Edited/2024-12-18-17-56-37-119.iso /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Edited/2024-12-18-17-56-37-119.iso /mnt/iso-compare
+umount /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Facebook/2024-12-18-17-32-32-487.iso /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Facebook/2024-12-18-17-32-32-487.iso /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+rm -R /mnt/free-file-sync/iso/images-a/Facebook
+mount /mnt/free-file-sync/iso/images-a/Rex\ Memorial\ ####/2024-12-18-18-15-40-537.iso /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Scanned\ Norman\ Herman/2024-12-18-18-15-43-097.iso /mnt/iso-compare
+umount /mnt/iso-compare
+rm -R /mnt/free-file-sync/iso/images-a/Scanned*
+rm -R /mnt/free-file-sync/iso/images-a/Phares\ Slides\ ####/
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/DisneyWorld\ 2019/2024-12-18-18-42-26-222.iso /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+exit
+ls -al /mnt/free-file-sync/iso/images-a
+rm -R /mnt/free-file-sync/iso/images-a/Slide in N*
+rm -R /mnt/free-file-sync/iso/images-a/Slide\\ in\\ N*
+ls -al /mnt/free-file-sync/iso/images-a/Sli*
+ls -al /mnt/free-file-sync/iso/images-a/Slide *
+ls -al /mnt/free-file-sync/iso/images-a/Slide\\ *
+ls -al /mnt/free-file-sync/iso/images-a
+rm -R /mnt/free-file-sync/iso/images-a/'Slide in Name Order Originals \(622\) ####'
+mkdir /mnt/free-file-sync/iso/videos-b
+exit
+lsblk
+lsblk -o NAME,SIZE,TYPE,FSUSED,FSUSE%
+rm /mnt/free-file-sync/iso/videos-b/Home\ Videos\ 1998\ -\ 2002/2024-12-18-19-49-52-202.iso 
+lsblk -o NAME,SIZE,TYPE,FSUSED,FSUSE%
+exit
+nano /root/.ssh/authorized_keys 
+exit
+nano /root/.ssh/authorized_keys 
+exit
+nano /root/.ssh/authorized_keys 
+exit
+nano /root/.ssh/authorized_keys 
+nano /root/.ssh/authorized_keys 
+exit
+exit
+exit
+lsblk
+lsblk -o NAME,SIZE,TYPE,FSUSED,FSUSE%,MOUNTPOINT
+exit
+lsblk -b -o NAME,SIZE,TYPE,VENDOR,MODEL,SERIAL,MOUNTPOINT
+lsblk -o NAME,SIZE,TYPE,FSUSED,FSUSE%,MOUNTPOINT
+exit
+reboot
+aptget update
+apt-get update
+apt-get upgrade
+ls
+nano t
+nano t
+exit
+sudo -iu podman
+exit
+mv -R /home/lphares/gdrive/ /mnt/free-file-sync/logan-google-drive
+mv /home/lphares/gdrive/ /mnt/free-file-sync/logan-google-drive
+mv /mnt/free-file-sync/logan-google-drive /mnt/free-file-sync/google-drive-logan
+exit
+nano /root/.ssh/authorized_keys 
+exit
+sudo -iu podman
+crontab -e
+sudo -iu podman
+/etc/duckdns/duck.sh >/dev/null 2>&1
+"/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
+cd /root/jackyzha0-quartz-phares && /snap/bin/npx quartz build
+cd /
+podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"\%Y\%m\%d-\%H\%M\%S")'.tar'
+sudo -iu podman
+ls /home/podman/backup-blinko/
+sudo -iu podman
+ls /home/podman/backup-blinko/
+rm /home/podman/backup-blinko/*
+ls /home/podman/backup-blinko/
+sudo -iu podman
+exit
+ls /home/podman/backup-blinko/
+exit
+sudo -iu podman
+nano /run/podman/podman.sock
+ls /run/podman/podman.sock
+sudo -iu podman
+cat /var/log/syslog
+grep "ERROR" /var/log/cron
+sudo -iu podman
+crontab -e
+crontab -l
+crontab -e
+crontab -l
+systemctl status cron
+crontab -e
+systemctl status cron
+systemctl status cron
+systemctl status cron
+systemctl status cron
+systemctl status cron
+systemctl log cron
+systemctl status cron
+systemctl status cron
+crontab -e
+systemctl status cron
+ls /home/podman/backup-blinko/
+ls /home/podman/backup-blinko/
+systemctl status cron
+crontab -e
+systemctl status cron
+sudo -iu podman
+exit
+snap list vaultwarden 
+reboot
+nginx -t
+nginx -s reload
+exit
+sudo -iu podman
+exit
+sudo -iu podman
+exit
+su lphares
+exit
+exit
+exit
+exit
+exit
+nginx -t
+nginx -t
+nginx -s reload
+nginx -t
+ls -la /home/lphares/dorico
+ls -la /home/lphares
+ls -la /home/lphares/dorico/
+nginx -t
+nginx -s reload
+nginx -s reload
+ls /var/www/html-
+nginx -s reload
+nginx -t
+ls /etc/netplan/
+nginx -s reload
+nginx -s reload
+nginx -s reload
+nginx -t
+nginx -t
+nginx -s reload
+nginx -s reload
+ls /etc/ModemManager/ -la
+ls /etc/ModemManager -la
+ls /etc/ModemManager
+ls /etc/ModemManager -
+ls /etc/ModemManager -l
+ls /etc/ModemManager --time-style
+ls /etc/ModemManager -lT
+ls /etc/ModemManager --time-style=full
+ls /etc/ModemManager/ --time-style=full
+ls /etc/ModemManager/
+ls /etc/ModemManager -l -T
+ls /etc/ModemManager  -l --time-style=+"%b %d %Y %H:%M:%S"
+ls /etc/ModemManager/  -l --time-style=+"%b %d %Y %H:%M:%S"
+ls /etc/ModemManager/  -l --time-style=+"%b %d %Y %H:%M:%S%zz"
+ls /etc/ModemManager/  -l --time-style=+"%b %d %Y %H:%M:%S %z"
+ls /etc/ModemManager/  -l --time-style=+"%b %d %Y %HH:%M:%S %z"
+ls /etc/ModemManager/  -l --time-style=+"%b %d %Y %h:%M:%S %z"
+ls /etc/ModemManager/  -l --time-style=+"%b %d %Y %H:%M:%S %z"
+ls /etc/ModemManager/ -la -D '%Y-%m-%dT%H:%M:%S'
+ls /etc/ModemManager/ -la -D '%Y-%m-%dT     %H:%M:%S'
+nginx -t
+nginx -s reload
+ufw status
+ufw number status
+ufw numbered status
+ufw status numbered
+ufw active
+ufw enable
+ufw status numbered
+ls
+ufw disable
+ip a
+ufw allow                                   53/tcp comment "01) DNS TCP"
+ufw status numbered
+ufw allow                                   53/udp comment "02) DNS UDP"
+ufw allow                                   67/tcp comment "03) DHCP TCP"
+ufw allow                                   67/udp comment "04) DHCP UDP"
+ufw allow from       0.0.0.0/0 to any port 443/tcp comment "05) HTTPS"
+ufw allow from 192.168.11.0/25 to any port  22/tcp comment "06) SSH"
+ufw allow from 192.168.21.0/25 to any port  22/tcp comment "07) SSH"
+ufw allow from 192.168.31.0/25 to any port  22/tcp comment "08) SSH"
+ufw allow from 192.168.41.0/25 to any port  22/tcp comment "09) SSH"
+ufw allow from 192.168.42.0/25 to any port  22/tcp comment "10) SSH"
+ufw allow from 192.168.43.0/25 to any port  22/tcp comment "11) SSH"
+ufw allow to         0.0.0.0/0        port  22/tcp comment "12) SSH"
+ufw enable
+ufw status numbered
+ufw disable
+ufw allow from       0.0.0.0/0 443/tcp comment "05) HTTPS"
+ufw allow from       0.0.0.0/0 port 443/tcp comment "05) HTTPS"
+ufw allow from       0.0.0.0/0 port 443 comment "05) HTTPS"
+ufw reset
+ufw status numbered
+ufw allow                      port 53/tcp comment "01) DNS TCP"
+ufw allow                           53/tcp comment "01) DNS TCP"
+ufw allow                           53/udp comment "02) DNS UDP"
+ufw allow                           67/tcp comment "03) DHCP TCP"
+ufw allow                           67/udp comment "04) DHCP UDP"
+ufw allow from       0.0.0.0/0 port 443/tcp comment "05) HTTPS"
+ufw allow from 192.168.11.0/25 port  22/tcp comment "06) SSH"
+ufw allow from 192.168.21.0/25 port  22/tcp comment "07) SSH"
+ufw allow from 192.168.31.0/25 port  22/tcp comment "08) SSH"
+ufw allow from 192.168.41.0/25 port  22/tcp comment "09) SSH"
+ufw allow from 192.168.42.0/25 port  22/tcp comment "10) SSH"
+ufw allow from 192.168.43.0/25 port  22/tcp comment "11) SSH"
+ufw allow to         0.0.0.0/0 port  22/tcp comment "12) SSH"
+ufw allow from       0.0.0.0/0 port 443/tcp comment "05) HTTPS"
+ufw allow from       0.0.0.0/0 443/tcp comment "05) HTTPS"
+ufw allow from       0.0.0.0/0 port 443 comment "05) HTTPS"
+ufw reset
+ufw allow                           53/tcp comment "01) DNS TCP"
+ufw allow                           53/udp comment "02) DNS UDP"
+ufw allow                           67/tcp comment "03) DHCP TCP"
+ufw allow                           67/udp comment "04) DHCP UDP"
+ufw allow from       0.0.0.0/0 443/tcp comment "05) HTTPS"
+ufw allow from       0.0.0.0/0         443 comment "05) HTTPS"
+ufw allow from 0.0.0.0/0 443 comment "05) HTTPS"
+ufw allow from       0.0.0.0/0    port 443 comment "05) HTTPS"
+ufw allow from 192.168.11.0/25    port  22 comment "06) SSH"
+ufw allow from 192.168.21.0/25    port  22 comment "07) SSH"
+ufw allow from 192.168.31.0/25    port  22 comment "08) SSH"
+ufw allow from 192.168.41.0/25    port  22 comment "09) SSH"
+ufw allow from 192.168.42.0/25    port  22 comment "10) SSH"
+ufw allow from 192.168.43.0/25    port  22 comment "11) SSH"
+ufw allow to         0.0.0.0/0    port  22 comment "12) SSH"
+ufw enable
+ufw status numbered
+ufw delete 12
+ufw status numbered
+ufw disable
+ufw allow to   192.168.11.0/25    port  22 comment "12) SSH"
+ufw allow to   192.168.21.0/25    port  22 comment "13) SSH"
+ufw allow to   192.168.31.0/25    port  22 comment "14) SSH"
+ufw allow to   192.168.41.0/25    port  22 comment "15) SSH"
+ufw allow to   192.168.42.0/25    port  22 comment "16) SSH"
+ufw allow to   192.168.43.0/25    port  22 comment "17) SSH"
+ufw enable
+ufw status numbered
+ufw status numbered
+ufw disable
+cat /etc/passwd
+top
+pcap
+ps -ef | grep cr[o]n
+ps -ef | grep nginx
+usermod -a -G lphares www-data
+exit
+chmod -R 774 /home/lphares/dorico
+nginx -t
+nginx -s reload
+nginx -s reload
+rm -r /home/lphares/dorico
+su lphares
+exit
+exit
+exit
+ufw status numbered
+ufw enabled
+ufw enable
+ufw status numbered
+ufw disable
+ufw allow from       0.0.0.0/0    port 443 comment "18) HTTPS"
+ufw enable
+ufw disable
+ufw reset
+ufw disable
+ufw allow                           53/tcp comment "01) DNS TCP"
+ufw allow                           53/udp comment "02) DNS UDP"
+ufw allow                           67/tcp comment "03) DHCP TCP"
+ufw allow                           67/udp comment "04) DHCP UDP"
+ufw allow from       0.0.0.0/0    port 443 comment "05) HTTPS"
+ufw allow to         0.0.0.0/0    port 443 comment "06) HTTPS"
+ufw enable
+ufw allow from 192.168.11.0/25    port  22 comment "07) SSH"
+ufw allow from 192.168.21.0/25    port  22 comment "08) SSH"
+ufw allow from 192.168.31.0/25    port  22 comment "09) SSH"
+ufw allow from 192.168.41.0/25    port  22 comment "10) SSH"
+ufw allow from 192.168.42.0/25    port  22 comment "11) SSH"
+ufw allow from 192.168.43.0/25    port  22 comment "12) SSH"
+ufw allow to   192.168.11.0/25    port  22 comment "13) SSH"
+ufw allow to   192.168.21.0/25    port  22 comment "14) SSH"
+ufw allow to   192.168.31.0/25    port  22 comment "15) SSH"
+ufw allow to   192.168.41.0/25    port  22 comment "16) SSH"
+ufw allow to   192.168.42.0/25    port  22 comment "17) SSH"
+ufw allow to   192.168.43.0/25    port  22 comment "18) SSH"
+ufw enable
+ufw status numbered
+exit
+ufw disable
+top[
+top
+systemctl list-timers
+systemctl list-timers
+apt-get remove certbot
+snap remove certbot
+systemctl list-timers
+exit
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+reboot
+sudo -iu podman
+exit
+exit
+grep sshd.\*Failed /var/log/auth.log | less
+grep sshd.\*Failed /var/log/auth.log | less
+grep sshd.\* /var/log/auth.log
+grep sshd.\*publickey /var/log/auth.log | less
+grep sshd.\*publickey /var/log/auth.log
+grep sshd.\*publickey /var/log/auth.log | less
+apt update
+apt install fail2ban -y
+systemctl status fail2ban.service
+cd /etc/fail2ban
+ls
+head -20 jail.conf
+cp jail.conf jail.local
+nano jail.local
+nano jail.local
+nano jail.local
+systemctl enable fail2ban
+systemctl start fail2ban
+systemctl status fail2ban
+reboot
+apt-get update
+apt upgrade
+sudo -iu podman
+exit
+snap info adguard-home 
+exit
+tail /var/log/auth.log -f
+exit
+ufw status numbered
+exit
+ip a
+exit
+id
+su phares
+su podman
+exit
+exit
+exit
+sudo -iu podman
+exit
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+exit
+ip a
+ip a l | grep inet6
+cat /proc/sys/net/ipv6/conf/all/disable_ipv6
+cat /proc/sys/net/ipv6/conf/all/disable_ipv6
+cat /boot/firmware/cmdline.txt
+nano /boot/firmware/cmdline.txt
+exit
+snap restart adguard-home 
+exit
+nano /etc/duckdns/duck.sh
+exit
+nano /etc/duckdns/duck.sh
+cat duck.log
+chmod 700 /etc/duckdns/duck.sh
+cd /etc/duckdns
+./duck.sh
+cat duck.log
+ps -ef | grep cr[o]n
+crontab -e
+cat duck.log
+xit
+exit
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+nginx -t
+nginx -s reload
+nginx -s reload
+sudo -iu podman
+sudo -iu podman
+nginx -t
+nginx -s reload
+links http://192.168.11.2:5015/
+sudo -iu podman
+sudo -iu podman
+links http://192.168.11.2:5015/
+sudo -iu podman
+links http://192.168.11.2:5015/
+sudo -iu podman
+sudo -iu podman
+links http://192.168.11.2:5015/
+links http://192.168.11.2:5015/
+sudo -iu podman
+nginx -t
+nginx -s reload
+links http://192.168.11.2:5015/
+sudo -iu podman
+chown podman:podman /home/podman/2fauth -R
+sudo -iu podman
+sudo -iu podman
+chown podman:podman /home/podman/2fauth -R
+sudo -iu podman
+nginx -t
+nginx -s reload
+sudo -iu podman
+sudo -iu podman
+nc -zv localhost 5015
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+exit
+nano /home/persa/.ssh/authorized_keys 
+nano /home/persa/.ssh/authorized_keys 
+nano /root/.ssh/authorized_keys 
+exit
+nano /root/.ssh/authorized_keys 
+nano /home/lphares/.ssh/authorized_keys 
+nano /home/bmiller/.ssh/authorized_keys 
+nano /home/podman/.ssh/authorized_keys 
+exit
+nano /home/podman/.ssh/authorized_keys 
+nano /home/bmiller/.ssh/authorized_keys 
+nano /home/lphares/.ssh/authorized_keys 
+nano /root/.ssh/authorized_keys 
+nano /home/persa/.ssh/authorized_keys 
+nano /home/phares/.ssh/authorized_keys 
+exit\
+exit
+sudo -iu podman
+nano /etc/hostname 
+nano /etc/hosts
+exit
+nginx -t
+nginx -s reload
+sudo -iu podman
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nginx -t
+nginx -s reload
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -s reload
+nginx -t
+reboot
+exit

etc/beelink.md

@@ -2,8 +2,6 @@
 
 ## Ubuntu and Docker End of July 2024
 
-### Dashkiosk
-
 ### authorized_keys
 
 ```bash Thu Jul 25 2024 16:02:13 GMT-0700 (Mountain Standard Time)
@@ -364,6 +362,20 @@ reboot
 nano /etc/default/grub
 ```
 
+```conf Fri Jul 26 2024 10:45:47 GMT-0700 (Mountain Standard Time)
+# https://opensource.com/article/22/8/disable-ipv6
+# GRUB_CMDLINE_LINUX_DEFAULT=""
+GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash"
+# GRUB_CMDLINE_LINUX=""
+GRUB_CMDLINE_LINUX="ipv6.disable=1"
+```
+
+```bash Fri Jul 26 2024 10:45:51 GMT-0700 (Mountain Standard Time)
+grub-mkconfig
+exit
+reboot
+```
+
 ### Fix Unbond (Move up next time!!!)
 
 ```conf Fri Jul 26 2024 10:45:41 GMT-0700 (Mountain Standard Time)
@@ -379,20 +391,6 @@ systemctl disable --now unbound-resolvconf.service
 service unbound restart
 ```
 
-```conf Fri Jul 26 2024 10:45:47 GMT-0700 (Mountain Standard Time)
-# https://opensource.com/article/22/8/disable-ipv6
-# GRUB_CMDLINE_LINUX_DEFAULT=""
-GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash"
-# GRUB_CMDLINE_LINUX=""
-GRUB_CMDLINE_LINUX="ipv6.disable=1"
-```
-
-```bash Fri Jul 26 2024 10:45:51 GMT-0700 (Mountain Standard Time)
-grub-mkconfig
-exit
-reboot
-```
-
 ### Cockpit (Move up next time!!!)
 
 - [cockpit](https://cockpit-project.org/)

etc/dnsmasq.d/01-pihole.conf

@@ -1,39 +0,0 @@
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
-# Network-wide ad blocking via your own hardware.
-#
-# Dnsmasq config for Pi-hole's FTLDNS
-#
-# This file is copyright under the latest version of the EUPL.
-# Please see LICENSE file for your rights under this license.
-
-###############################################################################
-#      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
-# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
-#                                                                             #
-#        IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:          #
-#                      /etc/pihole/setupVars.conf                             #
-#                                                                             #
-#        ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE           #
-#                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
-###############################################################################
-
-addn-hosts=/etc/pihole/local.list
-addn-hosts=/etc/pihole/custom.list
-
-
-localise-queries
-
-
-no-resolv
-
-log-queries
-log-facility=/var/log/pihole/pihole.log
-
-log-async
-cache-size=10000
-server=127.0.0.1#5335
-domain-needed
-expand-hosts
-bogus-priv
-local-service

etc/dnsmasq.d/06-rfc6761.conf

@@ -1,42 +0,0 @@
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2021 Pi-hole, LLC (https://pi-hole.net)
-# Network-wide ad blocking via your own hardware.
-#
-# RFC 6761 config file for Pi-hole
-#
-# This file is copyright under the latest version of the EUPL.
-# Please see LICENSE file for your rights under this license.
-
-###############################################################################
-#      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
-# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
-#                                                                             #
-#             CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE                #
-#                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
-###############################################################################
-
-# RFC 6761: Caching DNS servers SHOULD recognize
-#     test, localhost, invalid
-# names as special and SHOULD NOT attempt to look up NS records for them, or
-# otherwise query authoritative DNS servers in an attempt to resolve these
-# names.
-server=/test/
-server=/localhost/
-server=/invalid/
-
-# The same RFC requests something similar for
-#     10.in-addr.arpa.      21.172.in-addr.arpa.  27.172.in-addr.arpa.
-#     16.172.in-addr.arpa.  22.172.in-addr.arpa.  28.172.in-addr.arpa.
-#     17.172.in-addr.arpa.  23.172.in-addr.arpa.  29.172.in-addr.arpa.
-#     18.172.in-addr.arpa.  24.172.in-addr.arpa.  30.172.in-addr.arpa.
-#     19.172.in-addr.arpa.  25.172.in-addr.arpa.  31.172.in-addr.arpa.
-#     20.172.in-addr.arpa.  26.172.in-addr.arpa.  168.192.in-addr.arpa.
-# Pi-hole implements this via the dnsmasq option "bogus-priv" (see
-# 01-pihole.conf) because this also covers IPv6.
-
-# OpenWRT furthermore blocks    bind, local, onion    domains
-# see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD
-# and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml
-# We do not include the ".local" rule ourselves, see https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972
-server=/bind/
-server=/onion/

etc/group

@@ -34,7 +34,7 @@ sasl:x:45:
 plugdev:x:46:phares
 staff:x:50:
 games:x:60:
-users:x:100:pihole,podman,lphares,bmiller
+users:x:100:podman,lphares,bmiller,persa
 nogroup:x:65534:
 systemd-journal:x:999:
 systemd-network:x:998:
@@ -57,11 +57,18 @@ tss:x:108:
 landscape:x:109:
 fwupd-refresh:x:989:
 netdev:x:110:
-phares:x:1000:
-pihole:x:1001:www-data
-podman:x:1002:
-lphares:x:1003:bmiller
+phares:x:1001:
+podman:x:1000:
+lphares:x:1003:bmiller,persa,www-data
 bmiller:x:1004:
 unbound:x:111:
 cockpit-ws:x:112:
 cockpit-wsinstance:x:113:
+pcp:x:988:
+persa:x:1002:
+redis:x:114:
+swtpm:x:115:
+libvirt:x:116:phares,podman,libvirtdbus
+libvirt-qemu:x:64055:libvirt-qemu
+libvirt-dnsmasq:x:117:
+libvirtdbus:x:118:

etc/group-

@@ -34,7 +34,7 @@ sasl:x:45:
 plugdev:x:46:phares
 staff:x:50:
 games:x:60:
-users:x:100:pihole,podman,lphares,bmiller
+users:x:100:podman,lphares,bmiller,persa
 nogroup:x:65534:
 systemd-journal:x:999:
 systemd-network:x:998:
@@ -57,10 +57,18 @@ tss:x:108:
 landscape:x:109:
 fwupd-refresh:x:989:
 netdev:x:110:
-phares:x:1000:
-pihole:x:1001:www-data
-podman:x:1002:
-lphares:x:1003:bmiller
+phares:x:1001:
+podman:x:1000:
+lphares:x:1003:bmiller,persa
 bmiller:x:1004:
 unbound:x:111:
 cockpit-ws:x:112:
+cockpit-wsinstance:x:113:
+pcp:x:988:
+persa:x:1002:
+redis:x:114:
+swtpm:x:115:
+libvirt:x:116:phares,podman,libvirtdbus
+libvirt-qemu:x:64055:libvirt-qemu
+libvirt-dnsmasq:x:117:
+libvirtdbus:x:118:

etc/gshadow

@@ -34,7 +34,7 @@ sasl:*::
 plugdev:*::phares
 staff:*::
 games:*::
-users:*::pihole,podman,lphares,bmiller
+users:*::podman,lphares,bmiller,persa
 nogroup:*::
 systemd-journal:!*::
 systemd-network:!*::
@@ -58,10 +58,17 @@ landscape:!::
 fwupd-refresh:!*::
 netdev:!::
 phares:!::
-pihole:!::www-data
 podman:!::
-lphares:!::bmiller
+lphares:!::bmiller,persa,www-data
 bmiller:!::
 unbound:!::
 cockpit-ws:!::
 cockpit-wsinstance:!::
+pcp:!::
+persa:!::
+redis:!::
+swtpm:!::
+libvirt:!::phares,podman,libvirtdbus
+libvirt-qemu:!::libvirt-qemu
+libvirt-dnsmasq:!::
+libvirtdbus:!::

etc/gshadow-

@@ -34,7 +34,7 @@ sasl:*::
 plugdev:*::phares
 staff:*::
 games:*::
-users:*::pihole,podman,lphares,bmiller
+users:*::podman,lphares,bmiller,persa
 nogroup:*::
 systemd-journal:!*::
 systemd-network:!*::
@@ -58,9 +58,17 @@ landscape:!::
 fwupd-refresh:!*::
 netdev:!::
 phares:!::
-pihole:!::www-data
 podman:!::
-lphares:!::bmiller
+lphares:!::bmiller,persa
 bmiller:!::
 unbound:!::
 cockpit-ws:!::
+cockpit-wsinstance:!::
+pcp:!::
+persa:!::
+redis:!::
+swtpm:!::
+libvirt:!::phares,podman,libvirtdbus
+libvirt-qemu:!::libvirt-qemu
+libvirt-dnsmasq:!::
+libvirtdbus:!::

etc/hosts

@@ -1,5 +1,5 @@
 127.0.0.1 localhost
-127.0.1.1 beelink
+127.0.1.1 phares.duckdns.org
 
 # The following lines are desirable for IPv6 capable hosts
 ::1     ip6-localhost ip6-loopback

etc/letsencrypt/archive/phares3757.ddns.net/cert2.pem

@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEvTCCBEOgAwIBAgISA8Rpfo5CToGTmLm5xS3DeDfoMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NjAeFw0yNDA4MDUyMTM3MDRaFw0yNDExMDMyMTM3MDNaMB4xHDAaBgNVBAMTE3Bo
+YXJlczM3NTcuZGRucy5uZXQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQPJlBf
+3XfrNcWGKQcOH9xS1X9UcBSiyFIva+mn524DDCYpB2aSLpEY1JdqGnbnDn0kBGgY
+ZG5AoTspEWQvkn34o4IDSzCCA0cwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQG
+CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSbfnI9
+DTkeKYqQTpJvsEmrG209UTAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU
+0jBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNi5vLmxlbmNy
+Lm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U2LmkubGVuY3Iub3JnLzCCAVIGA1Ud
+EQSCAUkwggFFgg9hZmZpcm0uZGRucy5uZXSCF2NoYXQucGhhcmVzLmR1Y2tkbnMu
+b3Jnghhkcml2ZS5waGFyZXMuZHVja2Rucy5vcmeCGGdpdGVhLnBoYXJlcy5kdWNr
+ZG5zLm9yZ4IVaGEucGhhcmVzLmR1Y2tkbnMub3JnghlpbW1pY2gucGhhcmVzLmR1
+Y2tkbnMub3JnghhtdXNpYy5waGFyZXMuZHVja2Rucy5vcmeCEnBoYXJlcy5kdWNr
+ZG5zLm9yZ4ITcGhhcmVzMzc1Ny5kZG5zLm5ldIIZcGhvdG9zLnBoYXJlcy5kdWNr
+ZG5zLm9yZ4IZcXVhcnR6LnBoYXJlcy5kdWNrZG5zLm9yZ4IadHJhY2Nhci5waGFy
+ZXMuZHVja2Rucy5vcmeCHnZhdWx0d2FyZGVuLnBoYXJlcy5kdWNrZG5zLm9yZzAT
+BgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AD8X
+S0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/KIXs+GRuAAABkSSvAAsAAAQDAEcwRQIg
+JDDuoD1dGwEJXVMv6ejxDSA5egmmYy4+j5+CqWyAch4CIQD6azMSASbZZ/+63NoR
+igd/G/woCeUvJJkNFfsqmeCFNQB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FI
+WUZxH7WbAAABkSSvAAYAAAQDAEcwRQIhALl/GZSFMEMfiR0OvlHMxQQFl6+q8vuS
+bFo/u9BCK0OZAiB02RbuxpKCvSXLAwKIzYnmsy+t3ip0mKKrRyx42Kz82DAKBggq
+hkjOPQQDAwNoADBlAjEAvBDbAOHHkTzjxYKmNrJ1NDBv+rjjszQbLvrqPKij8YO5
+rdvW1ty2j0oQbKLiX8T2AjBgZhfrlHHRXOTYYwao5Sf1b3dNfFcv0be+aQjMTHWF
+A3WZcUHjqZsHHqeaZiWgzlw=
+-----END CERTIFICATE-----

etc/letsencrypt/archive/phares3757.ddns.net/cert3.pem

@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEvzCCBEWgAwIBAgISBI/TW6uuBCr2K8pVMOvUKwXMMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NTAeFw0yNDEwMjcwMDUxNDFaFw0yNTAxMjUwMDUxNDBaMB4xHDAaBgNVBAMTE3Bo
+YXJlczM3NTcuZGRucy5uZXQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATx31ZU
+Cb0Um0CB5L92TDKpscWoiT3hxDeUIBbYZufML/ODIwlMIJpeBABcPUuMWLKH+t5d
+lGtIZFZ8a9Y6s+QJo4IDTTCCA0kwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQG
+CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTPAmOa
+X0Q1jVn8hWataTC7SyVf3DAfBgNVHSMEGDAWgBSfK1/PPCFPnQS37SssxMZwi9LX
+DTBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNS5vLmxlbmNy
+Lm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U1LmkubGVuY3Iub3JnLzCCAVIGA1Ud
+EQSCAUkwggFFgg9hZmZpcm0uZGRucy5uZXSCF2NoYXQucGhhcmVzLmR1Y2tkbnMu
+b3Jnghhkcml2ZS5waGFyZXMuZHVja2Rucy5vcmeCGGdpdGVhLnBoYXJlcy5kdWNr
+ZG5zLm9yZ4IVaGEucGhhcmVzLmR1Y2tkbnMub3JnghlpbW1pY2gucGhhcmVzLmR1
+Y2tkbnMub3JnghhtdXNpYy5waGFyZXMuZHVja2Rucy5vcmeCEnBoYXJlcy5kdWNr
+ZG5zLm9yZ4ITcGhhcmVzMzc1Ny5kZG5zLm5ldIIZcGhvdG9zLnBoYXJlcy5kdWNr
+ZG5zLm9yZ4IZcXVhcnR6LnBoYXJlcy5kdWNrZG5zLm9yZ4IadHJhY2Nhci5waGFy
+ZXMuZHVja2Rucy5vcmeCHnZhdWx0d2FyZGVuLnBoYXJlcy5kdWNrZG5zLm9yZzAT
+BgNVHSAEDDAKMAgGBmeBDAECATCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3AKLj
+CuRF772tm3447Udnd1PXgluElNcrXhssxLlQpEfnAAABksuqp2cAAAQDAEgwRgIh
+ANhuwhhf/+vV2qEy+R9tMNHLnnvfBLjiAxg2AP4DDMsjAiEA/KPYYzSJ0JFO/TNv
+gZ+sK9w63SldtCQnH0lQ9NkV/sQAdwDgkrP8DB3I52g2H95huZZNClJ4GYpy1nLE
+sE2lbW9UBAAAAZLLqqdzAAAEAwBIMEYCIQDjpfPfuYeD/k2JqQcPM1hAeLNbFUq6
+vWeoAYqUi9bLqwIhAPZbo0y/asr4bdqlKtRsaLwpaG0w+6NKTpFmo6Rk3XbRMAoG
+CCqGSM49BAMDA2gAMGUCMQCwA9rnTaaNJ3Eqx2L7LSW+vVyK0kiaTp0poN82V5fr
+GGXZNdyPrHeLAA0OiGnMQHwCMFfCxgJJ7JFllCHIHnjjRFk7pV3DJ7a9N8W6nFxg
+Wik/YdTKMn5yCbKTyv6gYmLgjA==
+-----END CERTIFICATE-----

etc/letsencrypt/archive/phares3757.ddns.net/chain2.pem

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
+h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
+6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
+v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
+MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
+pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
+eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
+pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
+s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
+h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
+YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
+ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
+LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
+EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
+Ig46v9mFmBvyH04=
+-----END CERTIFICATE-----

etc/letsencrypt/archive/phares3757.ddns.net/chain3.pem

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK
+a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO
+VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw
+i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C
+2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+
+bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG
+6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV
+XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO
+koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq
+cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI
+E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e
+K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX
+GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL
+sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd
+VQD9F6Na/+zmXCc=
+-----END CERTIFICATE-----

etc/letsencrypt/archive/phares3757.ddns.net/fullchain2.pem

@@ -0,0 +1,54 @@
+-----BEGIN CERTIFICATE-----
+MIIEvTCCBEOgAwIBAgISA8Rpfo5CToGTmLm5xS3DeDfoMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NjAeFw0yNDA4MDUyMTM3MDRaFw0yNDExMDMyMTM3MDNaMB4xHDAaBgNVBAMTE3Bo
+YXJlczM3NTcuZGRucy5uZXQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQPJlBf
+3XfrNcWGKQcOH9xS1X9UcBSiyFIva+mn524DDCYpB2aSLpEY1JdqGnbnDn0kBGgY
+ZG5AoTspEWQvkn34o4IDSzCCA0cwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQG
+CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSbfnI9
+DTkeKYqQTpJvsEmrG209UTAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU
+0jBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNi5vLmxlbmNy
+Lm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U2LmkubGVuY3Iub3JnLzCCAVIGA1Ud
+EQSCAUkwggFFgg9hZmZpcm0uZGRucy5uZXSCF2NoYXQucGhhcmVzLmR1Y2tkbnMu
+b3Jnghhkcml2ZS5waGFyZXMuZHVja2Rucy5vcmeCGGdpdGVhLnBoYXJlcy5kdWNr
+ZG5zLm9yZ4IVaGEucGhhcmVzLmR1Y2tkbnMub3JnghlpbW1pY2gucGhhcmVzLmR1
+Y2tkbnMub3JnghhtdXNpYy5waGFyZXMuZHVja2Rucy5vcmeCEnBoYXJlcy5kdWNr
+ZG5zLm9yZ4ITcGhhcmVzMzc1Ny5kZG5zLm5ldIIZcGhvdG9zLnBoYXJlcy5kdWNr
+ZG5zLm9yZ4IZcXVhcnR6LnBoYXJlcy5kdWNrZG5zLm9yZ4IadHJhY2Nhci5waGFy
+ZXMuZHVja2Rucy5vcmeCHnZhdWx0d2FyZGVuLnBoYXJlcy5kdWNrZG5zLm9yZzAT
+BgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AD8X
+S0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/KIXs+GRuAAABkSSvAAsAAAQDAEcwRQIg
+JDDuoD1dGwEJXVMv6ejxDSA5egmmYy4+j5+CqWyAch4CIQD6azMSASbZZ/+63NoR
+igd/G/woCeUvJJkNFfsqmeCFNQB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FI
+WUZxH7WbAAABkSSvAAYAAAQDAEcwRQIhALl/GZSFMEMfiR0OvlHMxQQFl6+q8vuS
+bFo/u9BCK0OZAiB02RbuxpKCvSXLAwKIzYnmsy+t3ip0mKKrRyx42Kz82DAKBggq
+hkjOPQQDAwNoADBlAjEAvBDbAOHHkTzjxYKmNrJ1NDBv+rjjszQbLvrqPKij8YO5
+rdvW1ty2j0oQbKLiX8T2AjBgZhfrlHHRXOTYYwao5Sf1b3dNfFcv0be+aQjMTHWF
+A3WZcUHjqZsHHqeaZiWgzlw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
+h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
+6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
+v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
+MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
+pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
+eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
+pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
+s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
+h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
+YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
+ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
+LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
+EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
+Ig46v9mFmBvyH04=
+-----END CERTIFICATE-----

etc/letsencrypt/archive/phares3757.ddns.net/fullchain3.pem

@@ -0,0 +1,54 @@
+-----BEGIN CERTIFICATE-----
+MIIEvzCCBEWgAwIBAgISBI/TW6uuBCr2K8pVMOvUKwXMMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NTAeFw0yNDEwMjcwMDUxNDFaFw0yNTAxMjUwMDUxNDBaMB4xHDAaBgNVBAMTE3Bo
+YXJlczM3NTcuZGRucy5uZXQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATx31ZU
+Cb0Um0CB5L92TDKpscWoiT3hxDeUIBbYZufML/ODIwlMIJpeBABcPUuMWLKH+t5d
+lGtIZFZ8a9Y6s+QJo4IDTTCCA0kwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQG
+CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTPAmOa
+X0Q1jVn8hWataTC7SyVf3DAfBgNVHSMEGDAWgBSfK1/PPCFPnQS37SssxMZwi9LX
+DTBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNS5vLmxlbmNy
+Lm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U1LmkubGVuY3Iub3JnLzCCAVIGA1Ud
+EQSCAUkwggFFgg9hZmZpcm0uZGRucy5uZXSCF2NoYXQucGhhcmVzLmR1Y2tkbnMu
+b3Jnghhkcml2ZS5waGFyZXMuZHVja2Rucy5vcmeCGGdpdGVhLnBoYXJlcy5kdWNr
+ZG5zLm9yZ4IVaGEucGhhcmVzLmR1Y2tkbnMub3JnghlpbW1pY2gucGhhcmVzLmR1
+Y2tkbnMub3JnghhtdXNpYy5waGFyZXMuZHVja2Rucy5vcmeCEnBoYXJlcy5kdWNr
+ZG5zLm9yZ4ITcGhhcmVzMzc1Ny5kZG5zLm5ldIIZcGhvdG9zLnBoYXJlcy5kdWNr
+ZG5zLm9yZ4IZcXVhcnR6LnBoYXJlcy5kdWNrZG5zLm9yZ4IadHJhY2Nhci5waGFy
+ZXMuZHVja2Rucy5vcmeCHnZhdWx0d2FyZGVuLnBoYXJlcy5kdWNrZG5zLm9yZzAT
+BgNVHSAEDDAKMAgGBmeBDAECATCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3AKLj
+CuRF772tm3447Udnd1PXgluElNcrXhssxLlQpEfnAAABksuqp2cAAAQDAEgwRgIh
+ANhuwhhf/+vV2qEy+R9tMNHLnnvfBLjiAxg2AP4DDMsjAiEA/KPYYzSJ0JFO/TNv
+gZ+sK9w63SldtCQnH0lQ9NkV/sQAdwDgkrP8DB3I52g2H95huZZNClJ4GYpy1nLE
+sE2lbW9UBAAAAZLLqqdzAAAEAwBIMEYCIQDjpfPfuYeD/k2JqQcPM1hAeLNbFUq6
+vWeoAYqUi9bLqwIhAPZbo0y/asr4bdqlKtRsaLwpaG0w+6NKTpFmo6Rk3XbRMAoG
+CCqGSM49BAMDA2gAMGUCMQCwA9rnTaaNJ3Eqx2L7LSW+vVyK0kiaTp0poN82V5fr
+GGXZNdyPrHeLAA0OiGnMQHwCMFfCxgJJ7JFllCHIHnjjRFk7pV3DJ7a9N8W6nFxg
+Wik/YdTKMn5yCbKTyv6gYmLgjA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK
+a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO
+VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw
+i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C
+2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+
+bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG
+6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV
+XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO
+koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq
+cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI
+E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e
+K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX
+GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL
+sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd
+VQD9F6Na/+zmXCc=
+-----END CERTIFICATE-----

etc/letsencrypt/archive/phares3757.ddns.net/privkey2.pem

@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgMkDpXWGeiqjE5WNj
+mBuqwMXseOQuX9tv3SvZvQ761VOhRANCAAQPJlBf3XfrNcWGKQcOH9xS1X9UcBSi
+yFIva+mn524DDCYpB2aSLpEY1JdqGnbnDn0kBGgYZG5AoTspEWQvkn34
+-----END PRIVATE KEY-----

etc/letsencrypt/archive/phares3757.ddns.net/privkey3.pem

@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgr4csftLu03keRaK4
+OR+nS9nOaog7Ak6NbSRkXg72RRKhRANCAATx31ZUCb0Um0CB5L92TDKpscWoiT3h
+xDeUIBbYZufML/ODIwlMIJpeBABcPUuMWLKH+t5dlGtIZFZ8a9Y6s+QJ
+-----END PRIVATE KEY-----

etc/letsencrypt/ha/fullchain.pem

@@ -0,0 +1,50 @@
+-----BEGIN CERTIFICATE-----
+MIID6zCCA3GgAwIBAgISA4snn7ZkkZV8ytXbnWtDcJgdMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NTAeFw0yNDEwMDYwNzU5MzRaFw0yNTAxMDQwNzU5MzNaMB0xGzAZBgNVBAMTEmFm
+ZmlybS5kdWNrZG5zLm9yZzB2MBAGByqGSM49AgEGBSuBBAAiA2IABEzQCCWLkZD8
+R1rHsE1iNmoobwtfihmN78eB9zVu+FdWRkOyClBXm+sZQl4rNf7NfDiV6bZ4dz13
+fs/45z52PTWk6n2zP4c2Dgh/MESaxv9UaLvq4OjX4Bqd/OH1WuigHaOCAl0wggJZ
+MA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUL+qPS4dEIsg41TGo25We68CvRIAwHwYD
+VR0jBBgwFoAUnytfzzwhT50Et+0rLMTGcIvS1w0wVQYIKwYBBQUHAQEESTBHMCEG
+CCsGAQUFBzABhhVodHRwOi8vZTUuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0
+dHA6Ly9lNS5pLmxlbmNyLm9yZy8wZQYDVR0RBF4wXIISYWZmaXJtLmR1Y2tkbnMu
+b3JnghVoYS1waGFyZXMuZHVja2Rucy5vcmeCEnBoYXJlcy5kdWNrZG5zLm9yZ4Ib
+c3lub2xvZ3ktcGhhcmVzLmR1Y2tkbnMub3JnMBMGA1UdIAQMMAowCAYGZ4EMAQIB
+MIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYAzxFW7tUufK/zh1vZaS6b6RpxZ0qw
+F+ysAdJbd87MOwgAAAGSYQzXTgAABAMARzBFAiEArfAVmkU+kJaHWipGCCPT7eVw
+auk98aCxSEvIOD0Y+RsCIAnhbHMNuDAenJ8ZyRhtGmSCwMPRbLRnwcWbO7TFqxqf
+AHcAouMK5EXvva2bfjjtR2d3U9eCW4SU1yteGyzEuVCkR+cAAAGSYQze4QAABAMA
+SDBGAiEA+Vocdjpsc7/jUu9L5KjXO+Jnrp98MOnM0FEJN0hJU+wCIQD/HOM6C6H8
+ZxTaopyvNyWVylw5ooPuSpuJ1Xf8brNjATAKBggqhkjOPQQDAwNoADBlAjEA8aBN
+tJqelSOy/mnypFRI6qrvGegu7tKgghqUw0XWy56u8zMVmtksglEJtcMkf3ZlAjBh
+15d+rRL3k+xXAaOE1YesxGhIUqJO1JiMHeQ6mgOE6vOMJYKhmUjrZ3P70XoEC7E=
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK
+a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO
+VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw
+i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C
+2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+
+bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG
+6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV
+XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO
+koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq
+cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI
+E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e
+K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX
+GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL
+sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd
+VQD9F6Na/+zmXCc=
+-----END CERTIFICATE-----

etc/letsencrypt/ha/privkey.pem

@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDAK5i0BgRa7SIcpCykadElWV5mBrW+xOWg1Sse0Zx8TEx8fuMiz6js3
+CcVzHS0YjiegBwYFK4EEACKhZANiAARM0Agli5GQ/Edax7BNYjZqKG8LX4oZje/H
+gfc1bvhXVkZDsgpQV5vrGUJeKzX+zXw4lem2eHc9d37P+Oc+dj01pOp9sz+HNg4I
+fzBEmsb/VGi76uDo1+Aanfzh9VrooB0=
+-----END EC PRIVATE KEY-----

etc/lighttpd/lighttpd.conf

@@ -1,61 +0,0 @@
-### Documentation
-# https://wiki.lighttpd.net/
-#
-### Configuration Syntax
-# https://wiki.lighttpd.net/Docs_Configuration
-#
-### Configuration Options
-# https://wiki.lighttpd.net/Docs_ConfigurationOptions
-#
-
-### Debian lighttpd base configuration
-
-server.modules = (
-	"mod_indexfile",
-	"mod_access",
-	"mod_alias",
- 	"mod_redirect",
-)
-
-server.document-root        = "/var/www/html"
-server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
-server.errorlog             = "/var/log/lighttpd/error.log"
-server.pid-file             = "/run/lighttpd.pid"
-server.username             = "www-data"
-server.groupname            = "www-data"
-server.port                 = 8005
-
-# strict parsing and normalization of URL for consistency and security
-# https://wiki.lighttpd.net/Server_http-parseoptsDetails
-# (might need to explicitly set "url-path-2f-decode" = "disable"
-#  if a specific application is encoding URLs inside url-path)
-server.http-parseopts = (
-  "header-strict"           => "enable",# default
-  "host-strict"             => "enable",# default
-  "host-normalize"          => "enable",# default
-  "url-normalize-unreserved"=> "enable",# recommended highly
-  "url-normalize-required"  => "enable",# recommended
-  "url-ctrls-reject"        => "enable",# recommended
-  "url-path-2f-decode"      => "enable",# recommended highly (unless breaks app)
- #"url-path-2f-reject"      => "enable",
-  "url-path-dotseg-remove"  => "enable",# recommended highly (unless breaks app)
- #"url-path-dotseg-reject"  => "enable",
- #"url-query-20-plus"       => "enable",# consistency in query string
-  "url-invalid-utf8-reject" => "enable",# recommended highly (unless breaks app)
-)
-
-index-file.names            = ( "index.php", "index.html" )
-url.access-deny             = ( "~", ".inc" )
-static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
-
-include_shell "/usr/share/lighttpd/create-mime.conf.pl"
-include "/etc/lighttpd/conf-enabled/*.conf"
-
-# default listening port for IPv6 is same as default IPv4 port
-include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
-
-### Customizations
-# customizations should generally be placed in separate files such as
-#   /etc/lighttpd/conf-available/00_vars.conf    # override variables for *.conf
-#   /etc/lighttpd/conf-available/99_custom.conf  # override *.conf settings
-# and then enabled using lighty-enable-mod (1)

etc/netplan/50-cloud-init.yaml

@@ -5,7 +5,7 @@
 # network: {config: disabled}
 network:
     ethernets:
-        enp2s0:
+        enp1s0:
             dhcp4: true
     version: 2
     wifis: {}

etc/nginx/include/2fauth.conf

@@ -0,0 +1,20 @@
+server {
+    # touch /etc/nginx/include/2fauth.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/2fauth.phares.duckdns.org.key -out /etc/nginx/include/2fauth.phares.duckdns.org.crt -config /etc/nginx/include/2fauth.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name 2fauth.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              https://192.168.11.2:5015/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/include/actual.conf

@@ -0,0 +1,20 @@
+server {
+    # touch /etc/nginx/include/actual.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/actual.phares.duckdns.org.key -out /etc/nginx/include/actual.phares.duckdns.org.crt -config /etc/nginx/include/actual.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name actual.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:5013/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/include/adguard.conf

@@ -0,0 +1,20 @@
+server {
+    # touch /etc/nginx/include/adguard.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/adguard.phares.duckdns.org.key -out /etc/nginx/include/adguard.phares.duckdns.org.crt -config /etc/nginx/include/adguard.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name adguard.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              https://192.168.11.2:5014/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/include/affirm.conf

@@ -0,0 +1,15 @@
+server {
+    # touch /etc/nginx/include/affirm.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/affirm.duckdns.org.key -out /etc/nginx/include/affirm.phares.duckdns.org.crt -config /etc/nginx/include/affirm.phares.duckdns.org
+    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
+    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
+    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name *.affirm.duckdns.org;
+    root /var/www/html-affirm;
+    index index.html index.htm;
+    location / {
+        try_files $uri $uri.html $uri/ =404;
+    }
+}

etc/nginx/include/authentik.conf

@@ -0,0 +1,23 @@
+server {
+    # touch /etc/nginx/include/authentik.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/authentik.phares.duckdns.org.key -out /etc/nginx/include/authentik.phares.duckdns.org.crt -config /etc/nginx/include/authentik.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name authentik.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              https://192.168.11.2:5018/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+        proxy_connect_timeout   600s;
+        proxy_set_header        Upgrade $http_upgrade;
+        proxy_set_header        Connection "upgrade";
+    }
+}

etc/nginx/include/baikal.conf

@@ -0,0 +1,20 @@
+server {
+    # touch /etc/nginx/include/baikal.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/baikal.phares.duckdns.org.key -out /etc/nginx/include/baikal.phares.duckdns.org.crt -config /etc/nginx/include/baikal.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name baikal.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:8001/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/include/bchs.conf

@@ -0,0 +1,15 @@
+server {
+    # touch /etc/nginx/include/bchs.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/bchs.duckdns.org.key -out /etc/nginx/include/bchs.phares.duckdns.org.crt -config /etc/nginx/include/bchs.phares.duckdns.org
+    ssl_certificate /root/.acme.sh/wild-bchs/fullchain.cer;
+    # ssl_certificate /root/.acme.sh/wild-bchs/bchs.duckdns.org.cer;
+    ssl_certificate_key /root/.acme.sh/wild-bchs/bchs.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name *.bchs.duckdns.org;
+    root /var/www/html-bchs;
+    index index.html index.htm;
+    location / {
+        try_files $uri $uri.html $uri/ =404;
+    }
+}

etc/nginx/include/blinko.conf

@@ -0,0 +1,20 @@
+server {
+    # touch /etc/nginx/include/blinko.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/blinko.phares.duckdns.org.key -out /etc/nginx/include/blinko.phares.duckdns.org.crt -config /etc/nginx/include/blinko.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name blinko.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:5012/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/include/cockpit.conf

@@ -0,0 +1,24 @@
+server {
+    # touch /etc/nginx/include/cockpit.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/cockpit.phares.duckdns.org.key -out /etc/nginx/include/cockpit.phares.duckdns.org.crt -config /etc/nginx/include/cockpit.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name cockpit.phares.duckdns.org;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              https://127.0.0.1:9090/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+        proxy_http_version 1.1;
+        proxy_buffering off;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        gzip off;
+    }
+}

etc/nginx/include/dashkiosk.conf

@@ -0,0 +1,19 @@
+server {
+    # touch /etc/nginx/include/dashkiosk.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/dashkiosk.phares.duckdns.org.key -out /etc/nginx/include/dashkiosk.phares.duckdns.org.crt -config /etc/nginx/include/dashkiosk.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name dashkiosk.phares.duckdns.org;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:9400/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/include/dorico.conf

@@ -0,0 +1,17 @@
+server {
+    # touch /etc/nginx/include/dorico.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/dorico.phares.duckdns.org.key -out /etc/nginx/include/dorico.phares.duckdns.org.crt -config /etc/nginx/include/dorico.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name dorico.phares.duckdns.org;
+    root /home/lphares/dorico;
+    # usermod -a -G lphares www-data
+    location / {
+        autoindex on;
+        disable_symlinks on;
+        autoindex_format json;
+    }
+}

etc/nginx/include/firefox.conf

@@ -0,0 +1,19 @@
+server {
+    # touch /etc/nginx/include/firefox.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/firefox.phares.duckdns.org.key -out /etc/nginx/include/firefox.phares.duckdns.org.crt -config /etc/nginx/include/firefox.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name firefox.phares.duckdns.org;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:5800/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/include/gitea.conf

@@ -0,0 +1,20 @@
+server {
+    # touch /etc/nginx/include/gitea.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/gitea.phares.duckdns.org.key -out /etc/nginx/include/gitea.phares.duckdns.org.crt -config /etc/nginx/include/gitea.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name gitea.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:3000/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/include/gotify.conf

@@ -0,0 +1,23 @@
+server {
+    # touch /etc/nginx/include/gotify.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/gotify.phares.duckdns.org.key -out /etc/nginx/include/gotify.phares.duckdns.org.crt -config /etc/nginx/include/gotify.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name gotify.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:5016/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+        proxy_connect_timeout   600s;
+        proxy_set_header        Upgrade $http_upgrade;
+        proxy_set_header        Connection "upgrade";
+    }
+}

etc/nginx/include/immich-kiosk.conf

@@ -0,0 +1,20 @@
+server {
+    # touch /etc/nginx/include/immich-kiosk.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/immich-kiosk.phares.duckdns.org.key -out /etc/nginx/include/immich-kiosk.phares.duckdns.org.crt -config /etc/nginx/include/immich-kiosk.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name immich-kiosk.phares.duckdns.org;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:5010/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+		add_header Access-Control-Allow-Origin *;
+    }
+}

etc/nginx/include/immich-to-slideshow.conf

@@ -0,0 +1,20 @@
+server {
+    # touch /etc/nginx/include/immich-to-slideshow.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/immich-to-slideshow.phares.duckdns.org.key -out /etc/nginx/include/immich-to-slideshow.phares.duckdns.org.crt -config /etc/nginx/include/immich-to-slideshow.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name immich-to-slideshow.phares.duckdns.org;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:5009/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+		add_header Access-Control-Allow-Origin *;
+    }
+}

etc/nginx/include/immich.conf

@@ -0,0 +1,25 @@
+server {
+    # touch /etc/nginx/include/immich.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/immich.phares.duckdns.org.key -out /etc/nginx/include/immich.phares.duckdns.org.crt -config /etc/nginx/include/immich.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name immich.phares.duckdns.org;
+    client_max_body_size 50000M;
+    proxy_set_header Host              $http_host;
+    proxy_set_header X-Real-IP         $remote_addr;
+    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_http_version 1.1;
+    proxy_set_header   Upgrade    $http_upgrade;
+    proxy_set_header   Connection "upgrade";
+    proxy_redirect     off;
+    proxy_read_timeout 600s;
+    proxy_send_timeout 600s;
+    send_timeout       600s;
+    location / {
+        proxy_pass              http://192.168.11.2:3001/;
+    }
+}

etc/nginx/include/kuma.conf

@@ -0,0 +1,22 @@
+server {
+    # touch /etc/nginx/include/kuma.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/kuma.phares.duckdns.org.key -out /etc/nginx/include/kuma.phares.duckdns.org.crt -config /etc/nginx/include/kuma.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name kuma.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              https://192.168.11.2:3004/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+        # proxy_set_header   Upgrade $http_upgrade;
+        # proxy_set_header   Connection "upgrade";
+    }
+}

etc/nginx/include/linkwarden.conf

@@ -0,0 +1,20 @@
+server {
+    # touch /etc/nginx/include/linkwarden.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/linkwarden.phares.duckdns.org.key -out /etc/nginx/include/linkwarden.phares.duckdns.org.crt -config /etc/nginx/include/linkwarden.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name linkwarden.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:5011/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/include/mattermost.conf

@@ -0,0 +1,46 @@
+server {
+    # touch /etc/nginx/include/mattermost.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/mattermost.phares.duckdns.org.key -out /etc/nginx/include/mattermost.phares.duckdns.org.crt -config /etc/nginx/include/mattermost.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name mattermost.phares.duckdns.org;
+    # add_header X-Early-Data $tls1_3_early_data;
+    location / {
+        # https://mattermost.m1k1o.net/#/getting-started/reverse-proxy
+        client_max_body_size 100M;
+        proxy_set_header Connection "";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Frame-Options SAMEORIGIN;
+        proxy_buffers 256 16k;
+        proxy_buffer_size 16k;
+        proxy_read_timeout 600s;
+        proxy_http_version 1.1;
+        proxy_pass https://192.168.11.2:8443/;
+    }
+    location ~ /api/v[0-9]+/(users/)?websocket$ {
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        client_max_body_size 50M;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Frame-Options SAMEORIGIN;
+        proxy_buffers 256 16k;
+        proxy_buffer_size 16k;
+        client_body_timeout 60s;
+        send_timeout 300s;
+        lingering_timeout 5s;
+        proxy_connect_timeout 90s;
+        proxy_send_timeout 300s;
+        proxy_read_timeout 90s;
+        proxy_http_version 1.1;
+        proxy_pass https://192.168.11.2:8443;
+    }
+}

etc/nginx/include/odoo.conf

@@ -0,0 +1,19 @@
+server {
+    # touch /etc/nginx/include/odoo.ddns.net
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/odoo.ddns.net.key -out /etc/nginx/include/odoo.ddns.net.crt -config /etc/nginx/include/odoo.ddns.net
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name odoo.phares.duckdns.org;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:8069/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/include/passed.conf

@@ -0,0 +1,23 @@
+server {
+    # touch /etc/nginx/include/passed.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/passed.phares.duckdns.org.key -out /etc/nginx/include/passed.phares.duckdns.org.crt -config /etc/nginx/include/passed.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name passed.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:5022/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+        proxy_connect_timeout   600s;
+        proxy_set_header        Upgrade $http_upgrade;
+        proxy_set_header        Connection "upgrade";
+    }
+}

etc/nginx/include/pgadmin.conf

@@ -0,0 +1,19 @@
+server {
+    # touch /etc/nginx/include/pgadmin.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/pgadmin.phares.duckdns.org.key -out /etc/nginx/include/pgadmin.phares.duckdns.org.crt -config /etc/nginx/include/pgadmin.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name pgadmin.phares.duckdns.org;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              https://192.168.11.2:5007/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/include/phares.conf

@@ -0,0 +1,33 @@
+# server {
+# listen 80 default_server;
+# root /var/www/certbot;
+# index index.html index.htm index.nginx-debian.html;
+# server_name phares.duckdns.org;
+# location / {
+# try_files $uri $uri/ =404;
+# }
+# }
+server {
+	listen 8083 default_server;
+	root /var/www/html-nginx;
+	index index.html index.htm;
+	server_name _;
+	location / {
+		try_files $uri $uri/ =404;
+	}
+}
+server {
+    # touch /etc/nginx/include/phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/phares.duckdns.org.key -out /etc/nginx/include/phares.duckdns.org.crt -config /etc/nginx/include/phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name phares.duckdns.org;
+    root /var/www/html-nginx;
+    index index.nginx-debian.html;
+    location / {
+        try_files $uri $uri.html $uri/ =404;
+    }
+}

etc/nginx/include/quartz.conf

@@ -0,0 +1,24 @@
+server {
+	listen 8084 default_server;
+	root /var/www/html-quartz;
+	index index.html index.htm;
+	server_name _;
+	location / {
+		try_files $uri $uri/ =404;
+	}
+}
+server {
+    # touch /etc/nginx/include/quartz.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/quartz.phares.duckdns.org.key -out /etc/nginx/include/quartz.phares.duckdns.org.crt -config /etc/nginx/include/quartz.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name quartz.phares.duckdns.org;
+    root /var/www/html-quartz;
+    index index.html index.htm;
+    location / {
+        try_files $uri $uri.html $uri/ =404;
+    }
+}

etc/nginx/include/slideshow.conf

@@ -0,0 +1,25 @@
+server {
+	listen 8080 default_server;
+	root /var/www/html-slideshow;
+	index index.html index.htm;
+	server_name _;
+	location / {
+		try_files $uri $uri/ =404;
+		add_header Access-Control-Allow-Origin *;
+	}
+}
+server {
+    # touch /etc/nginx/include/slideshow.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/slideshow.phares.duckdns.org.key -out /etc/nginx/include/slideshow.phares.duckdns.org.crt -config /etc/nginx/include/slideshow.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name slideshow.phares.duckdns.org;
+	root /var/www/html-slideshow;
+	index index.html index.htm;
+	location / {
+		try_files $uri $uri/ =404;
+	}
+}

etc/nginx/include/vaultwarden.conf

@@ -0,0 +1,34 @@
+server {
+    # touch /etc/nginx/include/vaultwarden.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/vaultwarden.phares.duckdns.org.key -out /etc/nginx/include/vaultwarden.phares.duckdns.org.crt -config /etc/nginx/include/vaultwarden.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    # server_tokens off;
+    # ssl_ciphers ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-CCM:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-CCM:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256;
+    # ssl_prefer_server_ciphers on;
+    # ssl_session_tickets off;
+    # ssl_session_timeout 1d;
+    # ssl_session_cache shared:SSL:10m;
+    # ssl_buffer_size 8k;
+    # # ssl_stapling on;
+    # ssl_stapling off;
+    # ssl_stapling_verify on;
+    # add_header X-Content-Type-Options nosniff;
+    # add_header Content-Security-Policy "object-src 'none'; base-uri 'none'; require-trusted-types-for 'script'; frame-ancestors 'self';";
+    # add_header Strict-Transport-Security "max-age=15552001; includeSubdomains; preload";
+    server_name vaultwarden.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        # proxy_pass              http://10.147.229.6:8000/;
+        proxy_pass              https://192.168.11.2:5008/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/include/warden.conf

@@ -0,0 +1,34 @@
+server {
+    # touch /etc/nginx/include/warden.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/warden.phares.duckdns.org.key -out /etc/nginx/include/warden.phares.duckdns.org.crt -config /etc/nginx/include/warden.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    # server_tokens off;
+    # ssl_ciphers ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-CCM:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-CCM:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256;
+    # ssl_prefer_server_ciphers on;
+    # ssl_session_tickets off;
+    # ssl_session_timeout 1d;
+    # ssl_session_cache shared:SSL:10m;
+    # ssl_buffer_size 8k;
+    # # ssl_stapling on;
+    # ssl_stapling off;
+    # ssl_stapling_verify on;
+    # add_header X-Content-Type-Options nosniff;
+    # add_header Content-Security-Policy "object-src 'none'; base-uri 'none'; require-trusted-types-for 'script'; frame-ancestors 'self';";
+    # add_header Strict-Transport-Security "max-age=15552001; includeSubdomains; preload";
+    server_name warden.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        # proxy_pass              http://10.147.229.6:8000/;
+        proxy_pass              https://192.168.11.2:5008/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/include/xandikos.conf

@@ -0,0 +1,20 @@
+server {
+    # touch /etc/nginx/include/xandikos.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/xandikos.phares.duckdns.org.key -out /etc/nginx/include/xandikos.phares.duckdns.org.crt -config /etc/nginx/include/xandikos.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name xandikos.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:8000/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/sites-available/default

@@ -1,42 +1,44 @@
 server {
-	listen 8080 default_server;
-	root /var/www/html;
-	index index.html index.htm index.nginx-debian.html;
-	server_name _;
-	location / {
-		try_files $uri $uri/ =404;
-	}
+    # touch /etc/nginx/include/phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/phares.duckdns.org.key -out /etc/nginx/include/phares.duckdns.org.crt -config /etc/nginx/include/phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name *.phares.duckdns.org;
+    root /var/www/html-nginx;
+    index index.nginx-debian.html;
+    location / {
+        try_files $uri $uri.html $uri/ =404;
+    }
 }
-include /etc/nginx/include/affirm.conf;
-# include /etc/nginx/include/ansible.conf;
-# include /etc/nginx/include/assistant.conf;
-# include /etc/nginx/include/casa.conf;
-include /etc/nginx/include/codeserver.conf;
-include /etc/nginx/include/dashkiosk.conf;
-# include /etc/nginx/include/dockge.conf;
-# include /etc/nginx/include/docmost.conf;
-# include /etc/nginx/include/emby.conf;
-# include /etc/nginx/include/filebrowser.conf;
-# include /etc/nginx/include/gogs.conf;
-include /etc/nginx/include/gitea.conf;
-include /etc/nginx/include/immich.conf;
-include /etc/nginx/include/incus.conf;
-# include /etc/nginx/include/invoice.conf;
-include /etc/nginx/include/lxconsole.conf;
-include /etc/nginx/include/kestra.conf;
-include /etc/nginx/include/music.conf;
-# include /etc/nginx/include/nextcloud.conf;
-# include /etc/nginx/include/owncast.conf;
-include /etc/nginx/include/phares.conf;
-include /etc/nginx/include/pgadmin.conf;
-# include /etc/nginx/include/photoprism.conf;
-# include /etc/nginx/include/pihole.conf;
-# include /etc/nginx/include/proxmox.conf;
-include /etc/nginx/include/quartz.conf;
-# include /etc/nginx/include/readeck.conf;
-# include /etc/nginx/include/syncthing.conf;
-# include /etc/nginx/include/terraform.conf;
-# include /etc/nginx/include/uptimekuma.conf;
-include /etc/nginx/include/vaultwarden.conf;
-# include /etc/nginx/include/vscodium.conf;
-# include /etc/nginx/include/wekan.conf;
+include /etc/nginx/include/2fauth.conf; # https://2fauth.phares.duckdns.org # https://192.168.11.2:5015/
+include /etc/nginx/include/adguard.conf; # https://adguard.phares.duckdns.org # http://192.168.11.2:5014/
+include /etc/nginx/include/authentik.conf; # https://authentik.phares.duckdns.org # https://192.168.11.2:5018/
+include /etc/nginx/include/affirm.conf; # https://*.affirm.duckdns.org # /var/www/html-affirm
+include /etc/nginx/include/baikal.conf; # https://baikal.phares.duckdns.org # http://192.168.11.2:8001/
+include /etc/nginx/include/bchs.conf; # https://*.bchs.duckdns.org # /var/www/html-bchs
+include /etc/nginx/include/blinko.conf; # https://blinko.phares.duckdns.org # http://192.168.11.2:5012/
+include /etc/nginx/include/cockpit.conf; # https://cockpit.phares.duckdns.org # https://127.0.0.1:9090/
+include /etc/nginx/include/dashkiosk.conf; # https://dashkiosk.phares.duckdns.org # http://192.168.11.2:9400/
+include /etc/nginx/include/dorico.conf; # https://dorico.phares.duckdns.org # /home/lphares/dorico
+include /etc/nginx/include/firefox.conf; # https://firefox.phares.duckdns.org # http://192.168.11.2:5800/
+include /etc/nginx/include/gitea.conf; # https://gitea.phares.duckdns.org # http://192.168.11.2:3000/
+include /etc/nginx/include/gotify.conf; # https://gotify.phares.duckdns.org # http://192.168.11.2:5016/
+include /etc/nginx/include/immich-kiosk.conf; # https://immich-kiosk.phares.duckdns.org # http://192.168.11.2:5010/
+include /etc/nginx/include/immich-to-slideshow.conf; # https://immich-to-slideshow.phares.duckdns.org # http://192.168.11.2:5009/
+include /etc/nginx/include/immich.conf; # https://immich.phares.duckdns.org # http://192.168.11.2:3001/
+include /etc/nginx/include/kuma.conf; # https://kuma.phares.duckdns.org # https://192.168.11.2:3004/
+include /etc/nginx/include/linkwarden.conf; # https://linkwarden.phares.duckdns.org # http://192.168.11.2:5011/
+include /etc/nginx/include/mattermost.conf; # https://mattermost.phares.duckdns.org # https://192.168.11.2:8443/
+include /etc/nginx/include/odoo.conf; # https://odoo.phares.duckdns.org # http://192.168.11.2:8069/
+include /etc/nginx/include/passed.conf; # https://passed.phares.duckdns.org # http://192.168.11.2:5022/
+include /etc/nginx/include/pgadmin.conf; # https://pgadmin.phares.duckdns.org # https://192.168.11.2:5007/
+include /etc/nginx/include/phares.conf; # https://phares.duckdns.org # /var/www/html-nginx
+include /etc/nginx/include/quartz.conf; # https://quartz.phares.duckdns.org # /var/www/html-quartz
+include /etc/nginx/include/slideshow.conf; # https://slideshow.phares.duckdns.org # /var/www/html-slideshow
+include /etc/nginx/include/vaultwarden.conf; # https://vaultwarden.phares.duckdns.org # https://192.168.11.2:5008/
+include /etc/nginx/include/warden.conf; # https://warden.phares.duckdns.org # https://192.168.11.2:5008/
+include /etc/nginx/include/xandikos.conf; # https://xandikos.phares.duckdns.org # http://192.168.11.2:8000/
+# ssh root@free.file.sync.root -i C:/Users/phares/.ssh/id_ed25519

etc/passwd

@@ -31,12 +31,18 @@ landscape:x:107:109::/var/lib/landscape:/usr/sbin/nologin
 fwupd-refresh:x:989:989:Firmware update daemon:/var/lib/fwupd:/usr/sbin/nologin
 usbmux:x:108:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
 sshd:x:109:65534::/run/sshd:/usr/sbin/nologin
-phares:x:1000:1000:Mike Phares:/home/phares:/bin/bash
-pihole:x:1001:1001:Pi-hole,,,:/home/pihole:/bin/bash
-podman:x:1002:1002:Podman,,,:/home/podman:/bin/bash
+phares:x:1001:1001:Mike Phares:/home/phares:/bin/bash
+podman:x:1000:1000:Podman,,,:/home/podman:/bin/bash
 lphares:x:1003:1003:Logan Phares,,,:/home/lphares:/bin/bash
 bmiller:x:1004:1004:Bill Miller,,,:/home/bmiller:/bin/bash
 unbound:x:110:111::/var/lib/unbound:/usr/sbin/nologin
 dnsmasq:x:999:65534:dnsmasq:/var/lib/misc:/usr/sbin/nologin
 cockpit-ws:x:111:112::/nonexistent:/usr/sbin/nologin
 cockpit-wsinstance:x:112:113::/nonexistent:/usr/sbin/nologin
+pcp:x:996:988:Performance Co-Pilot:/var/lib/pcp:/usr/sbin/nologin
+persa:x:1002:1002:Persaya Cortez,,,:/home/persa:/bin/bash
+redis:x:113:114::/var/lib/redis:/usr/sbin/nologin
+swtpm:x:114:115:virtual TPM software stack,,,:/var/lib/swtpm:/bin/false
+libvirt-qemu:x:64055:994:Libvirt Qemu,,,:/var/lib/libvirt:/usr/sbin/nologin
+libvirt-dnsmasq:x:115:117:Libvirt Dnsmasq,,,:/var/lib/libvirt/dnsmasq:/usr/sbin/nologin
+libvirtdbus:x:116:118:libvirt-dbus user,,,:/nonexistent:/usr/sbin/nologin

etc/passwd-

@@ -31,11 +31,18 @@ landscape:x:107:109::/var/lib/landscape:/usr/sbin/nologin
 fwupd-refresh:x:989:989:Firmware update daemon:/var/lib/fwupd:/usr/sbin/nologin
 usbmux:x:108:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
 sshd:x:109:65534::/run/sshd:/usr/sbin/nologin
-phares:x:1000:1000:Mike Phares:/home/phares:/bin/bash
-pihole:x:1001:1001:Pi-hole,,,:/home/pihole:/bin/bash
-podman:x:1002:1002:Podman,,,:/home/podman:/bin/bash
+phares:x:1001:1001:Mike Phares:/home/phares:/bin/bash
+podman:x:1000:1000:Podman,,,:/home/podman:/bin/bash
 lphares:x:1003:1003:Logan Phares,,,:/home/lphares:/bin/bash
 bmiller:x:1004:1004:Bill Miller,,,:/home/bmiller:/bin/bash
 unbound:x:110:111::/var/lib/unbound:/usr/sbin/nologin
 dnsmasq:x:999:65534:dnsmasq:/var/lib/misc:/usr/sbin/nologin
 cockpit-ws:x:111:112::/nonexistent:/usr/sbin/nologin
+cockpit-wsinstance:x:112:113::/nonexistent:/usr/sbin/nologin
+pcp:x:996:988:Performance Co-Pilot:/var/lib/pcp:/usr/sbin/nologin
+persa:x:1002:1002:Persaya Cortez,,,:/home/persa:/bin/bash
+redis:x:113:114::/var/lib/redis:/usr/sbin/nologin
+swtpm:x:114:115:virtual TPM software stack,,,:/var/lib/swtpm:/bin/false
+libvirt-qemu:x:64055:994:Libvirt Qemu,,,:/var/lib/libvirt:/usr/sbin/nologin
+libvirt-dnsmasq:x:115:117:Libvirt Dnsmasq,,,:/var/lib/libvirt/dnsmasq:/usr/sbin/nologin
+libvirtdbus:x:116:118::/nonexistent:/usr/sbin/nologin

etc/pihole/setupVars.conf

@@ -1,14 +0,0 @@
-PIHOLE_INTERFACE=enp2s0
-QUERY_LOGGING=true
-INSTALL_WEB_SERVER=true
-INSTALL_WEB_INTERFACE=true
-LIGHTTPD_ENABLED=true
-CACHE_SIZE=10000
-DNS_FQDN_REQUIRED=true
-DNS_BOGUS_PRIV=true
-DNSMASQ_LISTENING=local
-WEBPASSWORD=4f2f4f253d64a90315c0ace8a61b6b6e828f8d8d996b0a0b0e153230617bedd3
-BLOCKING_ENABLED=true
-PIHOLE_DNS_1=127.0.0.1#5335
-DNSSEC=false
-REV_SERVER=false

etc/shadow

@@ -32,7 +32,6 @@ fwupd-refresh:!*:19836::::::
 usbmux:!:19929::::::
 sshd:!:19929::::::
 phares:$y$j9T$mk3Fb5hENQkN//RvJPyB6.$xdsox1L6gnbZibmeEsveAMNjZ22J7sIEz.W957Osj1A:19930:0:99999:7:::
-pihole:$y$j9T$k223Uf777oEQZtuag6kXO1$vfa4e7EdalU7A9ECEoPJ7QHnN9Bkylct7kNIHZYXGP8:19929:0:99999:7:::
 podman:$y$j9T$kuuH4dAlA8LAbBASzBA6y/$9xVT4/nstOeIVTVoil/WSUKMIyePo8dKBXDByMm.qG5:19929:0:99999:7:::
 lphares:$y$j9T$m33.tZHwrEl7X.ovXN.a7/$z2We2A72fQMDkSQIYetbXuNNTk8YHNEvQeisSwtmo6C:19929:0:99999:7:::
 bmiller:$y$j9T$sYFlvEEV1yntCl3CeN8M70$CpuMQrO3K9NFF122NsJWvM5nxnQK8EXvmD3C41.JZm8:19929:0:99999:7:::
@@ -40,3 +39,10 @@ unbound:!:19929::::::
 dnsmasq:!:19930::::::
 cockpit-ws:!:19930::::::
 cockpit-wsinstance:!:19930::::::
+pcp:!:19938::::::
+persa:$y$j9T$9AiaUMaouaQcqO9TOrKZe.$XSerhwFhjwluy/xONVpJVUmeQfXk/qasTO6FCFmw9E1:19978:0:99999:7:::
+redis:!:20001::::::
+swtpm:!:20038::::::
+libvirt-qemu:!:20038::::::
+libvirt-dnsmasq:!:20038::::::
+libvirtdbus:!:20038::::::

etc/shadow-

@@ -31,11 +31,17 @@ landscape:!:19836::::::
 fwupd-refresh:!*:19836::::::
 usbmux:!:19929::::::
 sshd:!:19929::::::
-phares:$6$X.bTmW8z9/2WwB08$pivFW7YtPuGBou4Ut7eB1Y1ELwOVumy5tJYMf/RTQgkdUWzkKs9jndwfuVzTRlknbyGzA4A1lPImVtVHOCyBs/:19929:0:99999:7:::
-pihole:$y$j9T$k223Uf777oEQZtuag6kXO1$vfa4e7EdalU7A9ECEoPJ7QHnN9Bkylct7kNIHZYXGP8:19929:0:99999:7:::
+phares:$y$j9T$mk3Fb5hENQkN//RvJPyB6.$xdsox1L6gnbZibmeEsveAMNjZ22J7sIEz.W957Osj1A:19930:0:99999:7:::
 podman:$y$j9T$kuuH4dAlA8LAbBASzBA6y/$9xVT4/nstOeIVTVoil/WSUKMIyePo8dKBXDByMm.qG5:19929:0:99999:7:::
 lphares:$y$j9T$m33.tZHwrEl7X.ovXN.a7/$z2We2A72fQMDkSQIYetbXuNNTk8YHNEvQeisSwtmo6C:19929:0:99999:7:::
 bmiller:$y$j9T$sYFlvEEV1yntCl3CeN8M70$CpuMQrO3K9NFF122NsJWvM5nxnQK8EXvmD3C41.JZm8:19929:0:99999:7:::
 unbound:!:19929::::::
 dnsmasq:!:19930::::::
 cockpit-ws:!:19930::::::
+cockpit-wsinstance:!:19930::::::
+pcp:!:19938::::::
+persa:$y$j9T$9AiaUMaouaQcqO9TOrKZe.$XSerhwFhjwluy/xONVpJVUmeQfXk/qasTO6FCFmw9E1:19978:0:99999:7:::
+redis:!:20001::::::
+swtpm:!:20038::::::
+libvirt-qemu:!:20038::::::
+libvirt-dnsmasq:!:20038::::::

etc/systemd/resolved.conf

@@ -30,7 +30,7 @@
 #LLMNR=no
 #Cache=no-negative
 #CacheFromLocalhost=no
-DNSStubListener=no
+#DNSStubListener=yes
 #DNSStubListenerExtra=
 #ReadEtcHosts=yes
 #ResolveUnicastSingleLabel=no

etc/systemd/system/snap.adguard-home.adguard-home.service

@@ -0,0 +1,19 @@
+[Unit]
+# Auto-generated, DO NOT EDIT
+Description=Service for snap application adguard-home.adguard-home
+Requires=snap-adguard\x2dhome-7577.mount
+Wants=network.target
+After=snap-adguard\x2dhome-7577.mount network.target snapd.apparmor.service
+X-Snappy=yes
+
+[Service]
+EnvironmentFile=-/etc/environment
+ExecStart=/usr/bin/snap run adguard-home
+SyslogIdentifier=adguard-home.adguard-home
+Restart=always
+WorkingDirectory=/var/snap/adguard-home/7577
+TimeoutStopSec=30
+Type=simple
+
+[Install]
+WantedBy=multi-user.target

etc/systemd/system/snap.certbot.renew.service

@@ -1,16 +0,0 @@
-[Unit]
-# Auto-generated, DO NOT EDIT
-Description=Service for snap application certbot.renew
-Requires=snap-certbot-3834.mount
-Wants=network.target
-After=snap-certbot-3834.mount network.target snapd.apparmor.service
-X-Snappy=yes
-
-[Service]
-EnvironmentFile=-/etc/environment
-ExecStart=/usr/bin/snap run --timer="00:00~24:00/2" certbot.renew
-SyslogIdentifier=certbot.renew
-Restart=no
-WorkingDirectory=/var/snap/certbot/3834
-TimeoutStopSec=30
-Type=oneshot

etc/systemd/system/snap.certbot.renew.timer

@@ -1,14 +0,0 @@
-[Unit]
-# Auto-generated, DO NOT EDIT
-Description=Timer renew for snap application certbot.renew
-Requires=snap-certbot-3834.mount
-After=snap-certbot-3834.mount
-X-Snappy=yes
-
-[Timer]
-Unit=snap.certbot.renew.service
-OnCalendar=*-*-* 05:54
-OnCalendar=*-*-* 14:00
-
-[Install]
-WantedBy=timers.target

etc/systemd/system/snap.ubuntu-frame.daemon.service

@@ -1,9 +1,9 @@
 [Unit]
 # Auto-generated, DO NOT EDIT
 Description=Service for snap application ubuntu-frame.daemon
-Requires=snap-ubuntu\x2dframe-9750.mount
+Requires=snap-ubuntu\x2dframe-10823.mount
 Wants=network.target
-After=snap-ubuntu\x2dframe-9750.mount network.target snapd.apparmor.service
+After=snap-ubuntu\x2dframe-10823.mount network.target snapd.apparmor.service
 X-Snappy=yes
 
 [Service]
@@ -12,7 +12,7 @@ ExecStart=/usr/bin/snap run ubuntu-frame.daemon
 SyslogIdentifier=ubuntu-frame.daemon
 Restart=on-failure
 RestartSec=3
-WorkingDirectory=/var/snap/ubuntu-frame/9750
+WorkingDirectory=/var/snap/ubuntu-frame/10823
 TimeoutStopSec=30
 Type=simple
 

etc/systemd/system/snap.vaultwarden.vaultwarden.service

@@ -0,0 +1,19 @@
+[Unit]
+# Auto-generated, DO NOT EDIT
+Description=Service for snap application vaultwarden.vaultwarden
+Requires=snap-vaultwarden-155.mount
+Wants=network.target
+After=snap-vaultwarden-155.mount network.target snapd.apparmor.service
+X-Snappy=yes
+
+[Service]
+EnvironmentFile=-/etc/environment
+ExecStart=/usr/bin/snap run vaultwarden
+SyslogIdentifier=vaultwarden.vaultwarden
+Restart=on-failure
+WorkingDirectory=/var/snap/vaultwarden/155
+TimeoutStopSec=30
+Type=simple
+
+[Install]
+WantedBy=multi-user.target

etc/ufw/user.rules

@@ -2,10 +2,102 @@
 :ufw-user-input - [0:0]
 :ufw-user-output - [0:0]
 :ufw-user-forward - [0:0]
+:ufw-before-logging-input - [0:0]
+:ufw-before-logging-output - [0:0]
+:ufw-before-logging-forward - [0:0]
+:ufw-user-logging-input - [0:0]
+:ufw-user-logging-output - [0:0]
+:ufw-user-logging-forward - [0:0]
+:ufw-after-logging-input - [0:0]
+:ufw-after-logging-output - [0:0]
+:ufw-after-logging-forward - [0:0]
+:ufw-logging-deny - [0:0]
+:ufw-logging-allow - [0:0]
 :ufw-user-limit - [0:0]
 :ufw-user-limit-accept - [0:0]
 ### RULES ###
+
+### tuple ### allow tcp 53 0.0.0.0/0 any 0.0.0.0/0 in comment=30312920444e5320544350
+-A ufw-user-input -p tcp --dport 53 -j ACCEPT
+
+### tuple ### allow udp 53 0.0.0.0/0 any 0.0.0.0/0 in comment=30322920444e5320554450
+-A ufw-user-input -p udp --dport 53 -j ACCEPT
+
+### tuple ### allow tcp 67 0.0.0.0/0 any 0.0.0.0/0 in comment=303329204448435020544350
+-A ufw-user-input -p tcp --dport 67 -j ACCEPT
+
+### tuple ### allow udp 67 0.0.0.0/0 any 0.0.0.0/0 in comment=303429204448435020554450
+-A ufw-user-input -p udp --dport 67 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 443 0.0.0.0/0 in comment=303529204854545053
+-A ufw-user-input -p tcp --sport 443 -j ACCEPT
+-A ufw-user-input -p udp --sport 443 -j ACCEPT
+
+### tuple ### allow any 443 0.0.0.0/0 any 0.0.0.0/0 in comment=303629204854545053
+-A ufw-user-input -p tcp --dport 443 -j ACCEPT
+-A ufw-user-input -p udp --dport 443 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 22 192.168.11.0/25 in comment=30372920535348
+-A ufw-user-input -p tcp -s 192.168.11.0/25 --sport 22 -j ACCEPT
+-A ufw-user-input -p udp -s 192.168.11.0/25 --sport 22 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 22 192.168.21.0/25 in comment=30382920535348
+-A ufw-user-input -p tcp -s 192.168.21.0/25 --sport 22 -j ACCEPT
+-A ufw-user-input -p udp -s 192.168.21.0/25 --sport 22 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 22 192.168.31.0/25 in comment=30392920535348
+-A ufw-user-input -p tcp -s 192.168.31.0/25 --sport 22 -j ACCEPT
+-A ufw-user-input -p udp -s 192.168.31.0/25 --sport 22 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 22 192.168.41.0/25 in comment=31302920535348
+-A ufw-user-input -p tcp -s 192.168.41.0/25 --sport 22 -j ACCEPT
+-A ufw-user-input -p udp -s 192.168.41.0/25 --sport 22 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 22 192.168.42.0/25 in comment=31312920535348
+-A ufw-user-input -p tcp -s 192.168.42.0/25 --sport 22 -j ACCEPT
+-A ufw-user-input -p udp -s 192.168.42.0/25 --sport 22 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 22 192.168.43.0/25 in comment=31322920535348
+-A ufw-user-input -p tcp -s 192.168.43.0/25 --sport 22 -j ACCEPT
+-A ufw-user-input -p udp -s 192.168.43.0/25 --sport 22 -j ACCEPT
+
+### tuple ### allow any 22 192.168.11.0/25 any 0.0.0.0/0 in comment=31332920535348
+-A ufw-user-input -p tcp -d 192.168.11.0/25 --dport 22 -j ACCEPT
+-A ufw-user-input -p udp -d 192.168.11.0/25 --dport 22 -j ACCEPT
+
+### tuple ### allow any 22 192.168.21.0/25 any 0.0.0.0/0 in comment=31342920535348
+-A ufw-user-input -p tcp -d 192.168.21.0/25 --dport 22 -j ACCEPT
+-A ufw-user-input -p udp -d 192.168.21.0/25 --dport 22 -j ACCEPT
+
+### tuple ### allow any 22 192.168.31.0/25 any 0.0.0.0/0 in comment=31352920535348
+-A ufw-user-input -p tcp -d 192.168.31.0/25 --dport 22 -j ACCEPT
+-A ufw-user-input -p udp -d 192.168.31.0/25 --dport 22 -j ACCEPT
+
+### tuple ### allow any 22 192.168.41.0/25 any 0.0.0.0/0 in comment=31362920535348
+-A ufw-user-input -p tcp -d 192.168.41.0/25 --dport 22 -j ACCEPT
+-A ufw-user-input -p udp -d 192.168.41.0/25 --dport 22 -j ACCEPT
+
+### tuple ### allow any 22 192.168.42.0/25 any 0.0.0.0/0 in comment=31372920535348
+-A ufw-user-input -p tcp -d 192.168.42.0/25 --dport 22 -j ACCEPT
+-A ufw-user-input -p udp -d 192.168.42.0/25 --dport 22 -j ACCEPT
+
+### tuple ### allow any 22 192.168.43.0/25 any 0.0.0.0/0 in comment=31382920535348
+-A ufw-user-input -p tcp -d 192.168.43.0/25 --dport 22 -j ACCEPT
+-A ufw-user-input -p udp -d 192.168.43.0/25 --dport 22 -j ACCEPT
+
+### END RULES ###
+
+### LOGGING ###
+-A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+-A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+-A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+-A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+### END LOGGING ###
+
+### RATE LIMITING ###
 -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] "
 -A ufw-user-limit -j REJECT
 -A ufw-user-limit-accept -j ACCEPT
+### END RATE LIMITING ###
 COMMIT

etc/unbound/unbound.conf

@@ -1,10 +0,0 @@
-# Unbound configuration file for Debian.
-#
-# See the unbound.conf(5) man page.
-#
-# See /usr/share/doc/unbound/examples/unbound.conf for a commented
-# reference config file.
-#
-# The following line includes additional configuration files from the
-# /etc/unbound/unbound.conf.d directory.
-include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"

home/podman/.config/containers/systemd/2fauth-server.container

@@ -0,0 +1,173 @@
+[Container]
+# AutoUpdate=registry
+ContainerName=2fauth-server
+# You can change the name of the app
+Environment="APP_NAME=2FAuth"
+# You can leave this on "local". If you change it to production most console commands will ask for extra confirmation.
+# Never set it to "testing".
+Environment="APP_ENV=local"
+# The timezone for your application, which is used to record dates and times to database. This global setting can be
+# overridden by users via in-app settings for a personalised dates and times display.
+# If this setting is changed while the application is already running, existing records in the database won't be updated
+Environment="APP_TIMEZONE=UTC"
+# Set to true if you want to see debug information in error screens.
+Environment="APP_DEBUG=false"
+# This should be your email address
+Environment="SITE_OWNER=mikepharesjr@msn.com"
+# The encryption key for  our database and sessions. Keep this very secure.
+# If you generate a new one all existing data must be considered LOST.
+# Change it to a string of exactly 32 chars or use command `php artisan key:generate` to generate it
+Environment="APP_KEY=uvL37oiI1By0J#5t5kZwYB~17CXI2J9A"
+# This variable must match your installation's external address.
+# Webauthn won't work otherwise.
+# Environment="APP_URL=http://localhost"
+# Environment="APP_URL=http://192.168.11.2"
+# Environment="APP_URL=http://192.168.11.2:5015"
+Environment="APP_URL=https://2fauth.phares.duckdns.org"
+# If you want to serve js assets from a CDN (like https://cdn.example.com),
+# uncomment the following line and set this var with the CDN url.
+# Otherwise, let this line commented.
+# - ASSET_URL=http://localhost
+#
+# Turn this to true if you want your app to react like a demo.
+# The Demo mode reset the app content every hours and set a generic demo user.
+Environment="IS_DEMO_APP=false"
+# The log channel defines where your log entries go to.
+# 'daily' is the default logging mode giving you 7 daily rotated log files in /storage/logs/.
+# Also available are 'errorlog', 'syslog', 'stderr', 'papertrail', 'slack' and a 'stack' channel
+# to combine multiple channels into a single one.
+Environment="LOG_CHANNEL=daily"
+# Log level. You can set this from least severe to most severe:
+# debug, info, notice, warning, error, critical, alert, emergency
+# If you set it to debug your logs will grow large, and fast. If you set it to emergency probably
+# nothing will get logged, ever.
+Environment="LOG_LEVEL=notice"
+# Database config (can only be sqlite)
+Environment="DB_DATABASE=/srv/database/database.sqlite"
+# If you're looking for performance improvements, you could install memcached.
+Environment="CACHE_DRIVER=file"
+Environment="SESSION_DRIVER=file"
+# Mail settings
+# Refer your email provider documentation to configure your mail settings
+# Set a value for every available setting to avoid issue
+Environment="MAIL_MAILER=log"
+Environment="MAIL_HOST=smtp.centurylink.net"
+Environment="MAIL_PORT=587"
+Environment="MAIL_USERNAME=phares@centurylink.net"
+Environment="MAIL_PASSWORD=Q7rOkv6#YdLCx4SBvMIAw"
+Environment="MAIL_ENCRYPTION=null"
+Environment="MAIL_FROM_NAME=Mik Phares"
+Environment="MAIL_FROM_ADDRESS=noreply@phares.duckdns.org"
+# SSL peer verification.
+# Set this to false to disable the SSL certificate validation.
+# WARNING
+# Disabling peer verification can result in a major security flaw.
+# Change it only if you know what you're doing.
+Environment="MAIL_VERIFY_SSL_PEER=false"
+# API settings
+# The maximum number of API calls in a minute from the same IP.
+# Once reached, all requests from this IP will be rejected until the minute has elapsed.
+# Set to null to disable the API throttling.
+Environment="THROTTLE_API=60"
+# Authentication settings
+# The number of times per minute a user can fail to log in before being locked out.
+# Once reached, all login attempts will be rejected until the minute has elapsed.
+# This setting applies to both email/password and webauthn login attempts.
+Environment="LOGIN_THROTTLE=5"
+# The default authentication guard
+# Supported:
+#   'web-guard' : The Laravel built-in auth system (default if nulled)
+#   'reverse-proxy-guard' : When 2FAuth is deployed behind a reverse-proxy that handle authentication
+# WARNING
+# When using 'reverse-proxy-guard' 2FAuth only look for the dedicated headers and skip all other built-in
+# authentication checks. That means your proxy is fully responsible of the authentication process, 2FAuth will
+# trust him as long as headers are presents.
+Environment="AUTHENTICATION_GUARD=web-guard"
+# Authentication log retention time, in days.
+# Log entries older than that are automatically deleted.
+Environment="AUTHENTICATION_LOG_RETENTION=365"
+# Name of the HTTP headers sent by the reverse proxy that identifies the authenticated user at proxy level.
+# Check your proxy documentation to find out how these headers are named (i.e 'REMOTE_USER', 'REMOTE_EMAIL', etc...)
+# (only relevant when AUTHENTICATION_GUARD is set to 'reverse-proxy-guard')
+Environment="AUTH_PROXY_HEADER_FOR_USER=null"
+Environment="AUTH_PROXY_HEADER_FOR_EMAIL=null"
+# Custom logout URL to open when using an auth proxy.
+Environment="PROXY_LOGOUT_URL=null"
+# WebAuthn settings
+# Relying Party name, aka the name of the application. If blank, defaults to APP_NAME. Do not set to null.
+Environment="WEBAUTHN_NAME=2FAuth"
+# Relying Party ID, should equal the site domain (i.e 2fauth.example.com).
+# If null, the device will fill it internally (recommended)
+# See https://webauthn-doc.spomky-labs.com/prerequisites/the-relying-party#how-to-determine-the-relying-party-id
+Environment="WEBAUTHN_ID=null"
+# Use this setting to control how user verification behave during the
+# WebAuthn authentication flow.
+#
+# Most authenticators and smartphones will ask the user to actively verify
+# themselves for log in. For example, through a touch plus pin code,
+# password entry, or biometric recognition (e.g., presenting a fingerprint).
+# The intent is to distinguish one user from any other.
+#
+# Supported:
+#   'required': Will ALWAYS ask for user verification
+#   'preferred' (default) : Will ask for user verification IF POSSIBLE
+#   'discouraged' : Will NOT ask for user verification (for example, to minimize disruption to the user interaction flow)
+Environment="WEBAUTHN_USER_VERIFICATION=preferred"
+#### SSO settings (for Socialite) ####
+# Uncomment and complete lines for the OAuth providers you want to enable.
+# - OPENID_AUTHORIZE_URL=
+# - OPENID_TOKEN_URL=
+# - OPENID_USERINFO_URL=
+# - OPENID_CLIENT_ID=
+# - OPENID_CLIENT_SECRET=
+# - GITHUB_CLIENT_ID=
+# - GITHUB_CLIENT_SECRET=
+# Use this setting to declare trusted proxied.
+# Supported:
+#   '*': to trust any proxy
+#   A comma separated IP list: The list of proxies IP to trust
+Environment="TRUSTED_PROXIES=null"
+# Proxy for outgoing requests like new releases detection or logo fetching.
+# You can provide a proxy URL that contains a scheme, username, and password.
+# For example, "http://username:password@192.168.16.1:10".
+Environment="PROXY_FOR_OUTGOING_REQUESTS=null"
+# Leave the following configuration vars as is.
+# Unless you like to tinker and know what you're doing.
+Environment="BROADCAST_DRIVER=log"
+Environment="QUEUE_DRIVER=sync"
+Environment="SESSION_LIFETIME=120"
+Environment="REDIS_HOST=127.0.0.1"
+Environment="REDIS_PASSWORD=null"
+Environment="REDIS_PORT=6379"
+Environment="PUSHER_APP_ID="
+Environment="PUSHER_APP_KEY="
+Environment="PUSHER_APP_SECRET="
+Environment="PUSHER_APP_CLUSTER=mt1"
+Environment="VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}""
+Environment="VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}""
+Environment="MIX_ENV=local"
+Image=docker.io/2fauth/2fauth
+# Network=2fauth.network
+# Pod=2fauth.pod
+PublishPort=5015:44311
+Volume=2fauth-server-data:/2fauth:Z
+Volume=/home/podman/2fauth/nginx.conf:/etc/nginx/nginx.conf:ro
+Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro
+Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro
+
+[Service]
+Restart=no
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull docker.io/2fauth/2fauth
+# systemctl --user daemon-reload
+# systemctl --user start 2fauth-server
+# systemctl --user status 2fauth-server --lines=999
+# journalctl -fu 2fauth-server.service
+# podman logs 2fauth-server
+# systemctl --user stop 2fauth-server
+# systemctl --user disable 2fauth-server
+# podman exec -ti 2fauth-server /bin/sh
+# podman exec -ti 2fauth-server /bin/bash

home/podman/.config/containers/systemd/actual-server.container

@@ -0,0 +1,36 @@
+[Container]
+AutoUpdate=registry
+ContainerName=actual-server
+Environment="ACTUAL_HOSTNAME=0.0.0.0"
+# Environment="ACTUAL_HTTPS_CERT=/certs/server.cert"
+# Environment="ACTUAL_HTTPS_KEY=/certs/server"
+# Environment="ACTUAL_PORT=5006"
+# Environment="ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB=20"
+# Environment="ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB=20"
+# Environment="ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SYNC_SIZE_LIMIT_MB=50"
+Image=docker.io/actualbudget/actual-server:latest
+# Network=actual.network
+# Pod=actual.pod
+PublishPort=5013:5006
+Volume=/etc/localtime:/etc/localtime:ro
+Volume=/etc/timezone:/etc/timezone:ro
+Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro
+Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro
+Volume=actual-server-data.volume:/data:rw
+
+[Service]
+Restart=no
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull docker.io/actualbudget/actual-server:latest
+# systemctl --user daemon-reload
+# systemctl --user start actual-server
+# systemctl --user status actual-server --lines=999
+# journalctl -fu actual-server.service
+# podman logs actual-server
+# systemctl --user stop actual-server
+# systemctl --user disable actual-server
+# podman exec -ti actual-server /bin/sh
+# podman exec -ti actual-server /bin/bash

home/podman/.config/containers/systemd/authentik-db-data.volume

@@ -0,0 +1 @@
+[Volume]

home/podman/.config/containers/systemd/authentik-db.container

@@ -0,0 +1,36 @@
+[Container]
+# AutoUpdate=registry
+ContainerName=authentik-db
+Environment="POSTGRES_USER=authentik"
+Environment="POSTGRES_PASSWORD=OCxfxtWadNuXslBbfWw9c0JXLMu+bWngv+qk9Ya65sw="
+Environment="POSTGRES_DB=authentik"
+Environment="TZ=America/Phoenix"
+Image=docker.io/library/postgres:16.6
+HealthCmd=pg_isready -U authentik
+HealthInterval=30s
+HealthRetries=5
+HealthStartPeriod=20s
+HealthTimeout=3s
+# Network=authentik.network
+# Pod=authentik.pod
+PublishPort=5439:5432
+Volume=/etc/localtime:/etc/localtime:ro
+Volume=/etc/timezone:/etc/timezone:ro
+Volume=authentik-db-data:/data:Z
+
+[Service]
+Restart=no
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull docker.io/library/postgres:16.6
+# systemctl --user daemon-reload
+# systemctl --user start authentik-db
+# systemctl --user status authentik-db --lines=999
+# journalctl -fu authentik-db.service
+# podman logs authentik-db
+# systemctl --user stop authentik-db
+# systemctl --user disable authentik-db
+# podman exec -ti authentik-db /bin/sh
+# podman exec -ti authentik-db /bin/bash

home/podman/.config/containers/systemd/authentik-redis-data.volume

@@ -0,0 +1 @@
+[Volume]

home/podman/.config/containers/systemd/authentik-redis.container

@@ -0,0 +1,36 @@
+[Container]
+# AutoUpdate=registry
+ContainerName=authentik-redis
+Exec=--save 60 1 --loglevel warning
+# Environment="AUTHENTIK_REDIS__HOST=192.168.11.2"
+HealthCmd=/usr/local/bin/redis-cli ping || grep PONG
+HealthInterval=30s
+HealthRetries=5
+HealthStartPeriod=20s
+HealthTimeout=3s
+Image=docker.io/library/redis:7.4.1
+# Network=authentik.network
+# Pod=authentik.pod
+PublishPort=5021:6379
+Volume=authentik-redis-data:/data:Z
+
+[Service]
+Restart=no
+
+[Unit]
+Requires=authentik-db.service
+After=authentik-db.service
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull docker.io/library/redis:7.4.1
+# systemctl --user daemon-reload
+# systemctl --user start authentik-redis
+# systemctl --user status authentik-redis --lines=999
+# journalctl -fu authentik-redis.service
+# podman logs authentik-redis
+# systemctl --user stop authentik-redis
+# systemctl --user disable authentik-redis
+# podman exec -ti authentik-redis /bin/sh
+# podman exec -ti authentik-redis /bin/bash

home/podman/.config/containers/systemd/authentik-server-media.volume

@@ -0,0 +1 @@
+[Volume]

home/podman/.config/containers/systemd/authentik-server-templates.volume

@@ -0,0 +1 @@
+[Volume]

home/podman/.config/containers/systemd/authentik-server.container

@@ -0,0 +1,55 @@
+[Container]
+ContainerName=authentik-server
+Environment="AUTHENTIK_POSTGRESQL__CONN_MAX_AGE=0"
+Environment="AUTHENTIK_POSTGRESQL__HOST=192.168.11.2"
+Environment="AUTHENTIK_POSTGRESQL__NAME=authentik"
+Environment="AUTHENTIK_POSTGRESQL__PASSWORD=OCxfxtWadNuXslBbfWw9c0JXLMu+bWngv+qk9Ya65sw="
+Environment="AUTHENTIK_POSTGRESQL__PORT=5439"
+Environment="AUTHENTIK_POSTGRESQL__USER=authentik"
+Environment="AUTHENTIK_REDIS__HOST=192.168.11.2"
+Environment="AUTHENTIK_REDIS__PORT=5021"
+# (Required)  To generate a secret key run the following command:
+#             echo $(openssl rand -base64 32)
+Environment="AUTHENTIK_SECRET_KEY=mlZ57mWthun9b8SPaS7Ptl0bBQX4OvyRanbqdQ+5e/k="
+# (Optional)  Enable Error Reporting
+# Environment="AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false}"
+# (Optional)  Enable Email Sending
+# Environment="AUTHENTIK_EMAIL__HOST=smtp.centurylink.net"
+# Environment="AUTHENTIK_EMAIL__PORT=587"
+# Environment="AUTHENTIK_EMAIL__USERNAME=phares@centurylink.net"
+# Environment="AUTHENTIK_EMAIL__PASSWORD=Q7rOkv6#YdLCx4SBvMIAw"
+# Environment="AUTHENTIK_EMAIL__USE_TLS=false"
+# Environment="AUTHENTIK_EMAIL__USE_SSL=false"
+# Environment="AUTHENTIK_EMAIL__TIMEOUT=10"
+# Environment="AUTHENTIK_EMAIL__FROM=noreply@phares.duckdns.org"
+Exec=server
+Image=ghcr.io/goauthentik/server:2024.12.1
+PublishPort=5017:9000
+PublishPort=5018:9443
+Volume=/etc/localtime:/etc/localtime:ro
+Volume=/etc/timezone:/etc/timezone:ro
+Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro
+Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro
+Volume=authentik-server-media:/media:Z
+Volume=authentik-server-templates:/templates:Z
+
+[Service]
+Restart=no
+
+[Unit]
+Requires=authentik-worker.service
+After=authentik-worker.service
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull ghcr.io/goauthentik/server:2024.12.1
+# systemctl --user daemon-reload
+# systemctl --user start authentik-server
+# systemctl --user status authentik-server --lines=999
+# journalctl -fu authentik-server.service
+# podman logs authentik-server
+# systemctl --user stop authentik-server
+# systemctl --user disable authentik-server
+# podman exec -ti authentik-server /bin/sh
+# podman exec -ti authentik-server /bin/bash

home/podman/.config/containers/systemd/authentik-worker.container

@@ -0,0 +1,57 @@
+[Container]
+ContainerName=authentik-worker
+Environment="AUTHENTIK_POSTGRESQL__CONN_MAX_AGE=0"
+Environment="AUTHENTIK_POSTGRESQL__HOST=192.168.11.2"
+Environment="AUTHENTIK_POSTGRESQL__NAME=authentik"
+Environment="AUTHENTIK_POSTGRESQL__PASSWORD=OCxfxtWadNuXslBbfWw9c0JXLMu+bWngv+qk9Ya65sw="
+Environment="AUTHENTIK_POSTGRESQL__PORT=5439"
+Environment="AUTHENTIK_POSTGRESQL__USER=authentik"
+Environment="AUTHENTIK_REDIS__HOST=192.168.11.2"
+Environment="AUTHENTIK_REDIS__PORT=5021"
+# (Required)  To generate a secret key run the following command:
+#             echo $(openssl rand -base64 32)
+Environment="AUTHENTIK_SECRET_KEY=QvqdN5Pn4piWcoof1yPDa0FcaGnOL1gHAiSImJjEGZl6pypRgE2nCps8DTd4R9UHqfFuOtR9jhCelmQ2"
+# (Optional)  Enable Error Reporting
+# Environment="AUTHENTIK_ERROR_REPORTING__ENABLED=true"
+# (Optional)  Enable Email Sending
+# Environment="AUTHENTIK_EMAIL__HOST=smtp.centurylink.net"
+# Environment="AUTHENTIK_EMAIL__PORT=587"
+# Environment="AUTHENTIK_EMAIL__USERNAME=phares@centurylink.net"
+# Environment="AUTHENTIK_EMAIL__PASSWORD=Q7rOkv6#YdLCx4SBvMIAw"
+# Environment="AUTHENTIK_EMAIL__USE_TLS=false"
+# Environment="AUTHENTIK_EMAIL__USE_SSL=false"
+# Environment="AUTHENTIK_EMAIL__TIMEOUT=10"
+# Environment="AUTHENTIK_EMAIL__FROM=noreply@phares.duckdns.org"
+Exec=worker
+Image=ghcr.io/goauthentik/server:2024.12.1
+PublishPort=5019:9000
+PublishPort=5020:9443
+Volume=/etc/localtime:/etc/localtime:ro
+Volume=/etc/timezone:/etc/timezone:ro
+Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro
+Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro
+Volume=authentik-server-media:/media:Z
+Volume=authentik-server-templates:/templates:Z
+
+[Service]
+Restart=no
+
+[Unit]
+Requires=authentik-db.service
+Requires=authentik-redis.service
+After=authentik-db.service
+After=authentik-redis.service
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull ghcr.io/goauthentik/server:2024.12.1
+# systemctl --user daemon-reload
+# systemctl --user start authentik-worker
+# systemctl --user status authentik-worker --lines=999
+# journalctl -fu authentik-worker.service
+# podman logs authentik-worker
+# systemctl --user stop authentik-worker
+# systemctl --user disable authentik-worker
+# podman exec -ti authentik-worker /bin/sh
+# podman exec -ti authentik-worker /bin/bash

home/podman/.config/containers/systemd/baikal-server-config.volume

@@ -0,0 +1 @@
+[Volume]

home/podman/.config/containers/systemd/baikal-server-data.volume

@@ -0,0 +1 @@
+[Volume]

home/podman/.config/containers/systemd/baikal-server.container

@@ -0,0 +1,24 @@
+[Container]
+AutoUpdate=registry
+ContainerName=baikal-server
+Image=docker.io/ckulka/baikal:latest
+PublishPort=8001:80
+Volume=baikal-server-config.volume:/var/www/baikal/config:Z
+Volume=baikal-server-data.volume:/var/www/baikal/Specific:Z
+
+[Service]
+Restart=no
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull docker.io/ckulka/baikal:latest
+# systemctl --user daemon-reload
+# systemctl --user start baikal-server
+# systemctl --user status baikal-server
+# journalctl -fu baikal-server.service
+# podman logs baikal-server
+# systemctl --user stop baikal-server
+# systemctl --user disable baikal-server
+# podman exec -ti baikal-server /bin/sh
+# podman exec -ti baikal-server /bin/bash

home/podman/.config/containers/systemd/blinko-db-data.volume

@@ -0,0 +1 @@
+[Volume]

home/podman/.config/containers/systemd/blinko-db.container

@@ -0,0 +1,32 @@
+[Container]
+AutoUpdate=registry
+ContainerName=blinko-db
+Environment="POSTGRES_DB=blinko"
+Environment="POSTGRES_PASSWORD=PmjIIip4vIKGr19rGOoG"
+Environment="POSTGRES_USER=postgres"
+Image=docker.io/postgres:14
+# Network=blinko.network
+# Pod=blinko.pod
+PublishPort=5438:5432
+Volume=blinko-db-data.volume:/var/lib/postgresql/data:Z
+
+[Service]
+Restart=no
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull docker.io/postgres:14
+# systemctl --user daemon-reload
+# systemctl --user start blinko-db
+# systemctl --user status blinko-db
+# journalctl -fu blinko-db.service
+# podman logs blinko-db
+# systemctl --user stop blinko-db
+# systemctl --user disable blinko-db
+# podman exec -ti blinko-db /bin/sh
+# podman exec -ti blinko-db /bin/bash
+# Image=docker.io/library/postgres:16
+# podman pull docker.io/library/postgres:16
+# file: 'extension.c', line: '543', routine: 'parse_extension_control_file'
+# https://github.com/blinko-app/blinko/discussions/6792

home/podman/.config/containers/systemd/blinko-server-data.volume

@@ -0,0 +1 @@
+[Volume]

home/podman/.config/containers/systemd/blinko-server.container

@@ -0,0 +1,33 @@
+[Container]
+AutoUpdate=registry
+ContainerName=blinko-server
+Environment="DATABASE_URL=postgresql://postgres:PmjIIip4vIKGr19rGOoG@192.168.11.2:5438/blinko"
+Environment="NEXTAUTH_SECRET=tKFFshr8tMHoXRAA8jxS"
+Environment="NODE_ENV=production"
+Image=docker.io/blinkospace/blinko:latest
+# Network=blinko.network
+# Pod=blinko.pod
+PublishPort=5012:1111
+Volume=/etc/localtime:/etc/localtime:ro
+Volume=blinko-server-data.volume:/data/data:Z
+
+[Service]
+Restart=no
+
+[Unit]
+Requires=blinko-db.service
+After=blinko-db.service
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull docker.io/blinkospace/blinko:latest
+# systemctl --user daemon-reload
+# systemctl --user start blinko-server
+# systemctl --user status blinko-server --lines=9999
+# journalctl -fu blinko-server.service
+# podman logs blinko-server
+# systemctl --user stop blinko-server
+# systemctl --user disable blinko-server
+# podman exec -ti blinko-server /bin/sh
+# podman exec -ti blinko-server /bin/bash

home/podman/.config/containers/systemd/firefox-data.volume

@@ -0,0 +1 @@
+[Volume]

home/podman/.config/containers/systemd/firefox.container

@@ -0,0 +1,28 @@
+[Container]
+AutoUpdate=registry
+ContainerName=firefox
+Environment="FF_OPEN_URL=https://192.168.11.1"
+Image=docker.io/jlesage/firefox:v24.11.1
+# Network=firefox.network
+# Pod=firefox.pod
+PublishPort=5800:5800
+Volume=/etc/localtime:/etc/localtime:ro
+Volume=/etc/timezone:/etc/timezone:ro
+Volume=firefox-data.volume:/config:rw
+
+[Service]
+Restart=no
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull docker.io/jlesage/firefox:v24.11.1
+# systemctl --user daemon-reload
+# systemctl --user start firefox
+# systemctl --user status firefox
+# journalctl -fu firefox.service
+# podman logs firefox
+# systemctl --user stop firefox
+# systemctl --user disable firefox
+# podman exec -ti firefox /bin/sh
+# podman exec -ti firefox /bin/bash

home/podman/.config/containers/systemd/gitea-server.container

@@ -19,7 +19,7 @@ Environment="GITEA__server__DOMAIN=gitea.phares.duckdns.org"
 Environment="GITEA__server__LFS_JWT_SECRET=WgTjm7nPHRtxHWrWi9EInaNnQGENsECgCqi2e9H37W0"
 Environment="GITEA__server__ROOT_URL=https://gitea.phares.duckdns.org/"
 Environment="GITEA__server__SSH_DOMAIN=gitea.phares.duckdns.org"
-Image=docker.io/gitea/gitea:1.22.1-rootless
+Image=docker.io/gitea/gitea:1.22.3-rootless
 # Network=gitea.network
 # Pod=gitea.pod
 PublishPort=3000:3000
@@ -38,7 +38,9 @@ Restart=no
 [Install]
 WantedBy=multi-user.target default.target
 
-# podman pull docker.io/gitea/gitea:1.22.1-rootless
+# podman pull docker.io/gitea/gitea:1.22.3-rootless
+# x-podman pull docker.io/gitea/gitea:1.22.1-rootless
+# x-podman pull docker.io/gitea/gitea:latest
 # systemctl --user daemon-reload
 # systemctl --user start gitea-server
 # systemctl --user status gitea-server

home/podman/.config/containers/systemd/gotify-server-data.volume

@@ -0,0 +1 @@
+[Volume]

home/podman/.config/containers/systemd/gotify-server.container

@@ -0,0 +1,28 @@
+[Container]
+# AutoUpdate=registry
+ContainerName=gotify-server
+Environment="TZ=America/Phoenix"
+Image=docker.io/gotify/server
+# Network=gotify.network
+# Pod=gotify.pod
+PublishPort=5016:80
+Volume=gotify-server-data.volume:/app/data:Z
+Volume=/etc/localtime:/etc/localtime:ro
+Volume=/etc/timezone:/etc/timezone:ro
+
+[Service]
+Restart=no
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull docker.io/gotify/server
+# systemctl --user daemon-reload
+# systemctl --user start gotify-server
+# systemctl --user status gotify-server --lines=999
+# journalctl -fu gotify-server.service
+# podman logs gotify-server
+# systemctl --user stop gotify-server
+# systemctl --user disable gotify-server
+# podman exec -ti gotify-server /bin/sh
+# podman exec -ti gotify-server /bin/bash

home/podman/.config/containers/systemd/immich-card-dav.container

@@ -0,0 +1,35 @@
+[Container]
+AutoUpdate=registry
+ContainerName=immich-card-dav
+Environment="CARDDAV_SYNC_CARDDAV_ADDRESSBOOK=asdf"
+Environment="CARDDAV_SYNC_CARDDAV_PASSWORD=excitedwater164"
+Environment="CARDDAV_SYNC_CARDDAV_URL=192.168.11.2"
+Environment="CARDDAV_SYNC_CARDDAV_USERNAME=cphares"
+Environment="CARDDAV_SYNC_CRON_EXPRESSION=24 5 * * *"
+Environment="CARDDAV_SYNC_IMMICH_API_KEY=asdf"
+Environment="CARDDAV_SYNC_IMMICH_API_URL=asdf"
+Image=ghcr.io/daniele-athome/immich-carddav-sync-daemon:master
+# Network=immich.network
+# Pod=immich.pod
+# PublishPort=3001:3001
+
+[Service]
+Restart=no
+
+[Unit]
+Requires=immich-server.service
+After=immich-server.service
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull ghcr.io/daniele-athome/immich-carddav-sync-daemon:master
+# systemctl --user daemon-reload
+# systemctl --user start immich-card-dav
+# systemctl --user status immich-card-dav
+# journalctl -fu immich-card-dav.service
+# podman logs immich-card-dav
+# systemctl --user stop immich-card-dav
+# systemctl --user disable immich-card-dav
+# podman exec -ti immich-card-dav /bin/sh
+# podman exec -ti immich-card-dav /bin/bash