Don't use

12-23
2024-11-23
2024-12-23 09:10:35 -07:00 · 2024-12-23 08:37:05 -07:00 · 2024-11-23 22:33:50 -07:00 · 2024-11-09 13:38:15 -07:00 · 2024-11-09 12:37:33 -07:00 · 2024-10-19 09:34:18 -07:00
107 changed files with 2676 additions and 410 deletions
--- a/.gitignore
+++ b/.gitignore
@ -5,6 +5,8 @@
 !*/
 !.vscode/*
 !etc/*.md
 !etc/bash_history*
 !etc/group*
@ -21,6 +23,7 @@
 !etc/lighttpd/lighttpd.conf
 !etc/network/interfaces
 !etc/passwd
 !etc/pihole/custom.list
 !etc/pihole/dhcp.leases
 !etc/pihole/index.nginx-debian.html
 !etc/pihole/setupVars.conf
@ -40,6 +43,7 @@
 !etc/dnsmasq.d/*
 !etc/fstab/*
 !etc/netplan/*
 !etc/nginx/include/*
 !etc/nginx/sites-available/*
 !etc/mysql/mariadb.conf.d/*
 !etc/php/*
@ -49,6 +53,7 @@
 !etc/letsencrypt/**/*
 !opt/copy/**/*
 !opt/dockge/**/*.yaml
 !root/**/*container
 !home/podman/**/*volume
--- a/.vscode/mklink.md
+++ b/.vscode/mklink.md
@ -0,0 +1,5 @@
 # mklink
 ```bash Sat Jul 27 2024 07:50:14 GMT-0700 (Mountain Standard Time)
 mklink "L:\Git\Linux-Ubuntu-Server\.vscode\rebuild-ubuntu-beelink.md" "D:\5-Other-Small\Kanban\Phares\tasks\rebuild-ubuntu-beelink.md"
 ```
--- a/.vscode/rebuild-ubuntu-beelink.md
+++ b/.vscode/rebuild-ubuntu-beelink.md
@ -0,0 +1 @@
 D:/5-Other-Small/Kanban/Phares/tasks/rebuild-ubuntu-beelink.md
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -0,0 +1,33 @@
 {
    "files.associations": {
        "*.container": "ini",
        "*.org": "ini",
        "*.net": "ini",
        "default": "ini"
    },
    "cSpell.words": [
        "ASPNETCORE",
        "bchs",
        "blinko",
        "dashkiosk",
        "dockge",
        "docmost",
        "duckdns",
        "gitea",
        "gogs",
        "immich",
        "journalctl",
        "kestra",
        "linkwarden",
        "localtime",
        "neko",
        "odoo",
        "pgadmin",
        "phares",
        "umbrel",
        "usersecrets",
        "vaultwarden",
        "wekan",
        "xandikos"
    ]
 }
--- a/etc/.pihole/.gitignore
+++ b/etc/.pihole/.gitignore
@ -1,12 +0,0 @@
 .DS_Store
 *.pyc
 *.swp
 __pycache__
 .cache
 .pytest_cache
 .tox
 .eggs
 *.egg-info
 .idea/
 *.iml
 .vscode/
--- a/etc/.pihole/advanced/pihole-admin.conf
+++ b/etc/.pihole/advanced/pihole-admin.conf
@ -1,82 +0,0 @@
 # Pi-hole: A black hole for Internet advertisements
 # (c) 2017 Pi-hole, LLC (https://pi-hole.net)
 # Network-wide ad blocking via your own hardware.
 #
 # Lighttpd config for Pi-hole
 #
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.
 ###############################################################################
 #     FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE.     #
 # ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
 ###############################################################################
 server.errorlog := "/var/log/lighttpd/error-pihole.log"
 $HTTP["url"] =~ "^/admin/" {
    server.document-root = "/var/www/html"
    server.stream-response-body = 1
    accesslog.filename = "/var/log/lighttpd/access-pihole.log"
    accesslog.format = "%{%s}t|%h|%V|%r|%s|%b"
    fastcgi.server = (
        ".php" => (
            "localhost" => (
                "socket" => "/run/lighttpd/pihole-php-fastcgi.socket",
                "bin-path" => "/usr/bin/php-cgi",
                "min-procs" => 1,
                "max-procs" => 1,
                "bin-environment" => (
                    "PHP_FCGI_CHILDREN" => "4",
                    "PHP_FCGI_MAX_REQUESTS" => "10000",
                ),
                "bin-copy-environment" => (
                    "PATH", "SHELL", "USER"
                ),
                "broken-scriptfilename" => "enable",
            )
        )
    )
    # X-Pi-hole is a response header for debugging using curl -I
    # X-Frame-Options prevents clickjacking attacks and helps ensure your content is not embedded into other sites via < frame >, < iframe > or < object >.
    # X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. This is important because it tells the browser to block the response if a malicious script has been inserted from a user input. (deprecated; disabled)
    # X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. This is important because the browser will only load external resources if their content-type matches what is expected, and not malicious hidden code.
    # Content-Security-Policy tells the browser where resources are allowed to be loaded and if it’s allowed to parse/run inline styles or Javascript. This is important because it prevents content injection attacks, such as Cross Site Scripting (XSS).
    # X-Permitted-Cross-Domain-Policies is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains.
    # Referrer-Policy allows control/restriction of the amount of information present in the referral header for links away from your page—the URL path or even if the header is sent at all.
    setenv.add-response-header = (
        "X-Pi-hole" => "The Pi-hole Web interface is working!",
        "X-Frame-Options" => "DENY",
        "X-XSS-Protection" => "0",
        "X-Content-Type-Options" => "nosniff",
        "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';",
        "X-Permitted-Cross-Domain-Policies" => "none",
        "Referrer-Policy" => "same-origin"
    )
    # Block . files from being served, such as .git, .github, .gitignore
    $HTTP["url"] =~ "^/admin/\." {
        url.access-deny = ("")
    }
    # allow teleporter and API qr code iframe on settings page
    $HTTP["url"] =~ "/(teleporter|api_token)\.php$" {
        $HTTP["referer"] =~ "/admin/settings\.php" {
            setenv.set-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
        }
    }
 }
 else $HTTP["url"] == "/admin" {
    url.redirect = ("" => "/admin/")
 }
 $HTTP["host"] == "pi.hole" {
    $HTTP["url"] == "/" {
        url.redirect = ("" => "/admin/")
    }
 }
 # (keep this on one line for basic-install.sh filtering during install)
 server.modules += ( "mod_access", "mod_accesslog", "mod_redirect", "mod_fastcgi", "mod_setenv" )
--- a/etc/bash_history_2024-11-10.txt
+++ b/etc/bash_history_2024-11-10.txt
@ -0,0 +1,500 @@
 exit
 cd ~/.bashrc.d/systemd
 cd ~/.bashrc.d
 ls -la
 sudo -iu podman
 exit
 systemctl --user list-unit-files
 cd /etc/containers/systemd/users
 ls
 ls -la
 cd ..
 ls -la
 systemctl start --user
 cd /usr/lib/systemd/system-generators/podman-system-generator
 cd /usr/lib/systemd/system-generators
 ls -la
 ls -la
 cd /usr/libexec/podman/quadlet
 cd /usr/libexec/podman
 ls -la
 apt-get install apt install podman-quadlet
 apt install podman-quadlet
 ls -la
 ls -la /usr/libexec/podman
 systemctl -l | grep -i rootlessport
 ps aux | grep rootlessport
 podman-generate-systemd
 ls
 whereis podman-generate-systemd
 clear
 apt list --installed
 clear
 exit
 clear
 apt list --installed
 clear
 /usr/libexec/podman/quadlet -dryrun
 /usr/libexec/podman/quadlet --user -dryrun
 sudo -iu podman
 exit
 chown -R podman:podman /home/podman
 /usr/libexec/podman/quadlet -dryrun --user
 sudo -iu podman
 find / -name "immich-server.service" 2>/dev/null
 rm -R /home/podman/d
 find / -name "uptime-kuma-server.service" 2>/dev/null
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 chown -R podman:podman /home/podman/.config/containers/systemd
 chown -R podman:podman /home/podman/.config/containers/systemd
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 nginx -t
 nginx -s reload
 sudo -iu podman
 nginx -t
 nginx -s reload
 sudo -iu podman
 nginx -t
 nginx -s reload
 nginx -t
 nginx -s reload
 links https://phares.duckdns.org
 nano /etc/hosts
 links https://phares.duckdns.org
 ls /var/www/html
 nano index.html
 nano /var/www/html/index.html
 mv /var/www/html /var/www/html-slideshow
 ls /var/www
 mkdir /var/www/html
 cp /var/www/html-slideshow/index.nginx-debian.html /var/www/html/
 mv /var/www/html /var/www/html-nginx
 nginx -t
 nginx -s reload
 links https://phares.duckdns.org
 ls /var/www/html-nginx
 links https://adguard.phares.duckdns.org/
 nano /etc/hosts
 links https://adguard.phares.duckdns.org/
 nano /etc/hosts
 links https://adguard.phares.duckdns.org/
 nano /etc/hosts
 nano /etc/hosts
 links https://adguard.phares.duckdns.org/
 nano /etc/hosts
 links https://adguard.phares.duckdns.org/
 exit
 nginx -t
 nginx -s reload
 podman pull docker.io/m1k1o/neko:firefox
 /usr/libexec/podman/quadlet --user /home/podman/libexec-podman-quadlet-output
 chown -R podman:podman /home/podman/.config/containers/systemd
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 nginx -t
 nginx -s reload
 podman pull docker.io/mattermost/mattermost-team-edition:9.11.2
 sudo -iu podman
 podman list images
 podman ls images
 podman images ls
 podman image ls
 podman image prone
 podman image purge
 podman image --help
 podman image prune
 y
 podman image ls
 podman image rm 2
 podman image rm 7
 podman image ls
 sudo -iu podman
 chown -R podman:podman /home/podman/.config/containers/systemd
 sudo -iu podman
 sudo -iu podman
 nginx -t
 nginx -s reload
 nginx -t
 nginx -t
 nginx -s reload
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 chown -R podman:podman /home/podman/.config/containers/systemd
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 exit
 sudo -iu podman
 exit
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 nano /etc/hosts
 nano /etc/hosts
 nano /etc/hosts
 exit
 sudo -iu podman
 sudo -iu podman
 cat /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/config.json 
 nano/home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/config.json 
 nano /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/config.json 
 sudo -iu podman
 nano /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/config.json 
 sudo -iu podman
 exit
 exit
 sudo -iu podman
 cd /home/podman/.local/share/containers/storage/volumes/systemd-immich-server-external/_data
 ls
 ls -la
 cd /
 sudo -iu podman
 ls -la /home/podman/.local/share/containers/storage/volumes/systemd-immich-server-upload/_data/thumbs/5f0b1052-466d-44de-a554-226d7256850d/
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 exit
 sudo -iu podman
 sudo -iu podman
 links https://192.168.0.43:8123
 links http://192.168.0.43:8123
 exit
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 ls -la /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data
 cp -R /var/www/html-nginx/ /var/www/html-quartz
 cd /var/www/html-quartz
 ls
 mv index.nginx-debian.html index.html
 links http://192.168.11.2:8069/
 links http://192.168.11.2:8069/index.html
 cd /
 nginx -t
 cd /var/www/html-infineon/
 ls
 nginx -t
 nginx -s reload
 apt-get update
 apt-get upgrade
 reboot
 links http://192.168.11.2:8069/
 links http://192.168.11.2:8069/
 links http://192.168.11.2/
 sudo -iu podman
 ls -la /home/podman/.local/share/containers/storage/volumes/systemd-odoo-server-data/_data/sessions/
 rm /home/podman/.local/share/containers/storage/volumes/systemd-odoo-server-data/_data/sessions
 rm -R /home/podman/.local/share/containers/storage/volumes/systemd-odoo-server-data/_data/sessions
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 ls -la /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data/git/
 ls -la /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data/var
 ls -la /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data
 ls -la /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data/git/
 ls -la /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data/git/repositories/
 ls -la /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data/git/repositories/phares3757/
 sudo -iu podman
 exit
 nginx -t
 nginx -s reload
 nginx -t
 nginx -s reload
 nginx -t
 nginx -s reload
 nginx -t
 nginx -s reload
 nginx -t
 nano /root/.acme.sh/*.phares.duckdns.org_ecc/*.phares.duckdns.org.cer
 nginx -t
 nginx -s reload
 nginx -t
 nginx -s reload
 reboot
 links http://127.0.0.1:8080/slideshow/index.html?nocache=2024-07-01-11-36
 links http://127.0.0.1:8080/slideshow/index.html
 links http://127.0.0.1:8080/slideshow
 links http://192.168.11.2:8080/slideshow
 nginx -t
 reboot
 nginx -t
 nginx -s reload
 nginx -t
 nginx -s reload
 nginx -t
 nginx -s reload
 exit
 mv /root/.acme.sh/affirm.duckdns.org_ecc/ /root/acme.sh-master/wild-affirm
 mv /root/acme.sh-master/wild-affirm /root/.acme.sh/wild-affirm
 exit
 nginx -t
 nginx -t
 nginx -s reload
 exit
 cd /tmp
 git clone https://github.com/acmesh-official/acme.sh.git
 cd /tmp/acme.sh
 ./acme.sh --install -m mikepharesjr@msn.com
 export DuckDNS_Token=1d3fc707-7052-4459-a624-fb01250f00b9
 echo $DuckDNS_Token
 ./acme.sh --register-account -m mikepharesjr@msn.com
 ./acme.sh --set-default-ca --server letsencrypt
 ./acme.sh --issue --dns dns_duckdns -d '*.kmjmlc.duckdns.org' --debug --home /root/.acme.sh --dnssleep 120 --days 90 --ecc --server https://acme-v02.api.letsencrypt.org/directory
 ./acme.sh --issue --dns dns_duckdns -d '*.jmlc.duckdns.org' --debug --home /root/.acme.sh --dnssleep 120 --days 90 --ecc --server https://acme-v02.api.letsencrypt.org/directory
 cp -R /root/.acme.sh/\*.jmlc.duckdns.org_ecc/ /root/.acme.sh/wild-jmlc
 mv /root/.acme.sh/wild-jmlc/\*.jmlc.duckdns.org.cer /root/.acme.sh/wild-jmlc/jmlc.duckdns.org.cer
 mv /root/.acme.sh/wild-jmlc/\*.jmlc.duckdns.org.conf /root/.acme.sh/wild-jmlc/jmlc.duckdns.org.conf
 mv /root/.acme.sh/wild-jmlc/\*.jmlc.duckdns.org.csr /root/.acme.sh/wild-jmlc/jmlc.duckdns.org.csr
 mv /root/.acme.sh/wild-jmlc/\*.jmlc.duckdns.org.csr.conf /root/.acme.sh/wild-jmlc/jmlc.duckdns.org.csr.conf
 mv /root/.acme.sh/wild-jmlc/\*.jmlc.duckdns.org.key /root/.acme.sh/wild-jmlc/jmlc.duckdns.org.key
 nginx -t
 nginx -t
 nginx -s reload
 nginx -t
 nginx -t
 nginx -s reload
 nginx -s reload
 links http://192.168.11.2:9090
 links https://192.168.11.2:9090
 nginx -s reload
 nano /etc/cockpit/ws-certs.d/0-self-signed.cert 
 man cockpit.conf
 nano /etc/cockpit/cockpit.conf
 systemctl status cockpit.socket
 systemctl status cockpit
 systemctl stop cockpit
 systemctl stop cockpit.socket
 systemctl stop cockpit
 systemctl start cockpit
 systemctl start cockpit.socket
 nginx -s reload
 rm /etc/cockpit/cockpit.conf
 systemctl stop cockpit
 systemctl stop cockpit.socket
 systemctl stop cockpit
 systemctl start cockpit.socket
 systemctl start cockpit
 nginx -s reload
 journalctl -u cockpit
 cd /etc/cockpit/
 ls
 cd ws-certs.d/
 ls
 mv 0-self-signed.cert 0-self-signed.cert.old
 mv 0-self-signed.key 0-self-signed.key.old
 cp /root/.acme.sh/wild-phares/phares.duckdns.org.cer 0-self-signed.cert
 cp /root/.acme.sh/wild-phares/phares.duckdns.org.key 0-self-signed.key
 systemctl restart cockpit
 systemctl status cockpit
 systemctl status cockpit
 systemctl status cockpit
 systemctl status cockpit
 systemctl status cockpit
 systemctl restart cockpit
 nano /etc/cockpit/cockpit.conf
 systemctl restart cockpit
 systemctl status cockpit
 systemctl status cockpit
 systemctl status cockpit
 systemctl status cockpit
 systemctl restart cockpit
 systemctl status cockpit
 nginx -s reload
 systemctl restart cockpit
 systemctl status cockpit
 nginx -s reload
 nginx -s reload
 rm -R /mnt/free-file-sync/notes/FS-ADO/
 exit
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 exit
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 nignx -t
 nginx -t
 nginx -s reload
 reboot
 lsof -i -P -n | grep LISTEN
 links http://192.168.11.2:5007/
 links http://127.0.0.1:5007/
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 chmod -R 0774 /root/.acme.sh/wild-phares
 sudo -iu podman
 ls -la /root/.acme.sh/wild-phares
 chmod -R 0775 /root/.acme.sh/wild-phares
 ls -la /root/.acme.sh/wild-phares
 sudo -iu podman
 chmod -R 0777 /root/.acme.sh/wild-phares
 sudo -iu podman
 chmod -R 0774 /root/.acme.sh/wild-phares
 ls -la /root/.acme.sh/wild-phares
 chmod -R 0774 /root/.acme.sh
 ls -la /root/.acme.sh
 sudo -iu podman
 ln -s /root/.acme.sh/wild-phares /home/podman/wild-phares
 sudo -iu podman
 cp -R /root/.acme.sh/wild-phares /home/podman/wild-phares
 cp -R /root/.acme.sh/wild-phares/ /home/podman
 rm /home/podman/wild-phares
 cp -R /root/.acme.sh/wild-phares/ /home/podman
 chown podman:podman /home/podman
 ls /home/podman/wild-phares/
 ls -la /home/podman/wild-phares
 sudo -iu podman
 chown -R podman:podman /home/podman
 ls -la /home/podman/wild-phares
 sudo -iu podman
 cd /home/podman/
 ls
 cd quadlet/
 ls -la
 cd default.target.wants/
 ls -la
 cd ..
 cd ..
 cd lib
 cd libpod/
 ls -la
 sudo -iu podman
 chown -R 1000:1000 /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data
 sudo -iu podman
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-gitea-server-data/_data
 cd /
 sudo -iu podman
 sudo -iu podman
 reboot
 sudo -iu podman
 exit
 /usr/libexec/podman/quadlet --user /home/podman/libexec-podman-quadlet-output
 /usr/libexec/podman/quadlet -dryrun --user
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 exit
 ls -ls \mnt\free-file-sync\proxmox
 ls -ls /mnt/free-file-sync/proxmox
 cd /home/podman
 ls -la
 setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl
 apt-get install acl -y
 setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl
 ls -la
 setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl
 setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions.acl
 cd /
 setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions.acl
 ls /home/podman/.config/cni/net.d
 setfacl --restore=/mnt/free-file-sync/proxmox/one.acl
 cd /home/phares/
 setfacl --restore=/mnt/free-file-sync/proxmox/one.acl
 setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions.acl
 setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions.acl
 getfacl /home/podman > permissions.acl
 ls
 cat permissions.acl 
 rm permissions.acl 
 getfacl -R /home/podman > podman-permissions-bad.acl
 mv podman-permissions-bad.acl /mnt/free-file-sync/proxmox/
 setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl
 cd ../podman
 setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl
 cd /
 setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl
 nano /etc/passwd
 nano /etc/passwd
 nano /etc/group
 nano /etc/shadow
 find / -uid 1000 -exec chown -h 2000 {} +
 find / -gid 1000 -exec chgrp -h 2000 {} +
 find / -xdev -uid 1002 -exec chown -h 1000 {} +
 find / -xdev -gid 1002 -exec chgrp -h 1000 {} +
 reboot
 reboot
 nano /etc/passwd
 nano /etc/group
 find / -xdev -uid 1001 -exec chown -h 1005 {} +
 find / -xdev -gid 1001 -exec chgrp -h 1005 {} +
 find / -xdev -uid 2000 -exec chown -h 1001 {} +
 find / -xdev -gid 2000 -exec chgrp -h 1001 {} +
 nano /etc/passwd
 nano /etc/group
 find / -xdev -uid 1005 -exec chown -h 1002 {} +
 find / -xdev -gid 1005 -exec chgrp -h 1002 {} +
 reboot
 cd /
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 ls /run/user/
 ls /run/user/1001/systemd/
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 /usr/libexec/podman/quadlet -dryrun --user
 /usr/libexec/podman/quadlet --user /home/podman/libexec-podman-quadlet-output
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 cp /home/podman/config.json /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data
 sudo -iu podman
 chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-plugins/_data/
 sudo -iu podman
 sudo -iu podman
 chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-client-plugins/_data/
 sudo -iu podman
 chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/_data/
 chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/
 chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/
 chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/
 sudo -iu podman
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/
 sudo -iu podman
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/
 sudo -iu podman
 exit
--- a/etc/bash_history_2024-11-23.txt
+++ b/etc/bash_history_2024-11-23.txt
@ -0,0 +1,500 @@
 ls /home/podman/.config/cni/net.d
 setfacl --restore=/mnt/free-file-sync/proxmox/one.acl
 cd /home/phares/
 setfacl --restore=/mnt/free-file-sync/proxmox/one.acl
 setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions.acl
 setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions.acl
 getfacl /home/podman > permissions.acl
 ls
 cat permissions.acl 
 rm permissions.acl 
 getfacl -R /home/podman > podman-permissions-bad.acl
 mv podman-permissions-bad.acl /mnt/free-file-sync/proxmox/
 setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl
 cd ../podman
 setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl
 cd /
 setfacl --restore=/mnt/free-file-sync/proxmox/podman-permissions-after.acl
 nano /etc/passwd
 nano /etc/passwd
 nano /etc/group
 nano /etc/shadow
 find / -uid 1000 -exec chown -h 2000 {} +
 find / -gid 1000 -exec chgrp -h 2000 {} +
 find / -xdev -uid 1002 -exec chown -h 1000 {} +
 find / -xdev -gid 1002 -exec chgrp -h 1000 {} +
 reboot
 reboot
 nano /etc/passwd
 nano /etc/group
 find / -xdev -uid 1001 -exec chown -h 1005 {} +
 find / -xdev -gid 1001 -exec chgrp -h 1005 {} +
 find / -xdev -uid 2000 -exec chown -h 1001 {} +
 find / -xdev -gid 2000 -exec chgrp -h 1001 {} +
 nano /etc/passwd
 nano /etc/group
 find / -xdev -uid 1005 -exec chown -h 1002 {} +
 find / -xdev -gid 1005 -exec chgrp -h 1002 {} +
 reboot
 cd /
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 ls /run/user/
 ls /run/user/1001/systemd/
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 /usr/libexec/podman/quadlet -dryrun --user
 /usr/libexec/podman/quadlet --user /home/podman/libexec-podman-quadlet-output
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 cp /home/podman/config.json /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data
 sudo -iu podman
 chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-plugins/_data/
 sudo -iu podman
 sudo -iu podman
 chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-client-plugins/_data/
 sudo -iu podman
 chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/_data/
 chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/
 chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/
 chown -R 233071:233071 /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/
 sudo -iu podman
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/
 sudo -iu podman
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/
 sudo -iu podman
 exit
 cp ~/.bash_history /etc/bash_history_2024-11-10.txt
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/_data/
 sudo -iu podman
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/_data/
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-plugins/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-client-plugins/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/
 ls -la /home/podman/.local/share/containers/storage/volumes/systemd-mattermost
 ls -la /home/podman/.local/share/containers/storage/volumes
 ls -la /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-logs
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-plugins/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-client-plugins/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-logs/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-plugins/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-client-plugins/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-logs/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-logs/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-plugins/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-client-plugins/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-logs/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-logs/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-logs/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-db-data/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-bleve/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-client-plugins/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-data/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-logs/_data/
 chown -R podman:podman /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-plugins/_data/
 sudo -iu podman
 sudo -iu podman
 chown -R podman:podman /home/podman/.config/containers/systemd
 sudo -iu podman
 sudo -iu podman
 systemctl --user start mattermost-db
 systemctl --user start mattermost-db
 /usr/libexec/podman/quadlet --user /home/podman/libexec-podman-quadlet-output
 sudo -iu podman
 cp /home/podman/config.json /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data
 sudo -iu podman
 sudo -iu podman
 exit
 exit
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 nginx -t
 nginx -s reload
 nginx -s reload
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 links https://pgadmin.phares.duckdns.org/
 links https://pgadmin.phares.duckdns.org/
 sudo -iu podman
 sudo -iu podman
 lspci | grep -i nvme
 lspci -vv -s 08:00.0 | grep -w LnkCap
 lspci -vv -s 02:00.0 | grep -w LnkCap
 sudo -iu podman
 curl https://push-test.mattermost.com
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 apt-file search setcap
 setcap
 sudo -iu podman
 nano /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/config.json 
 sudo -iu podman
 nginx -s reload
 nginx -s reload
 sudo -iu podman
 nginx -s reload
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 exit
 snap install vaultwarden
 snap vaultwarden
 snap vaultwarden help
 lsof -i -P -n | grep LISTEN
 nano /var/snap/vaultwarden/current/vaultwarden.conf
 snap stop vaultwarden
 sudo -iu podman
 snap stop vaultwarden
 sudo -iu podman
 nginx -t
 nginx -s reload
 sudo -iu podman
 links https://192.168.11.2:5008
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 links https://192.168.11.2:5008
 links http://192.168.11.2:5008
 links https://192.168.11.2:5008
 snap start vaultwarden
 snap vaultwarden
 snap vaultwarden hash
 snap uninstall vaultwarden
 snap remove vaultwarden
 exot
 exit
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 nginx -t
 nginx -s reload
 nginx -t
 nginx -s reload
 nginx -s reload
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 nginx -t
 nginx -s reload
 nginx -t
 nginx -s reload
 nginx -t
 nginx -s reload
 sudo -iu podman
 links https://mattermost.phares.duckdns.org
 snap install vaultwarden
 snap stop vaultwarden
 nano /var/snap/vaultwarden/current/vaultwarden.conf
 rm /var/snap/vaultwarden/current/vaultwarden.conf
 nano /var/snap/vaultwarden/current/vaultwarden.conf
 snap remove vaultwarden
 snap install vaultwarden
 ls -la /var/snap/vaultwarden/current
 ls -la /var/snap/vaultwarden/current
 echo>/var/snap/vaultwarden/current/vaultwarden.conf
 nano /var/snap/vaultwarden/current/vaultwarden.conf
 snap start vaultwarden
 snap info vaultwarden
 snap status vaultwarden
 lsof -i -P -n | grep LISTEN
 snap start vaultwarden
 lsof -i -P -n | grep LISTEN
 links https://192.168.11.2:5009/
 openssl s_client -showcerts -connect vaultwarden.phares.duckdns.org:443 -servername vaultwarden.phares.duckdns.org
 exit
 snap start vaultwarden
 journalctl -u snapd
 cat /var/snap/vaultwarden/current/
 top
 snap info adguard
 snap info addguard
 snap info addguardhome
 snap info
 snap info 
 snap changes
 snap watch id 37
 snap watch 37
 snap watch 34
 snap logs vaultwardedn
 snap logs vaultwarden
 ls -la /home/podman/wild-phares/
 nano /var/snap/vaultwarden/current/vaultwarden.conf
 nano /var/snap/vaultwarden/current/vaultwarden.conf
 snap start vaultwarden
 snap logs vaultwarden
 ls -la /var/snap/vaultwarden/current/
 ls -la /var/snap/vaultwarden/current/ssl
 cp -R /home/podman/wild-phares/* /var/snap/vaultwarden/current/ssl/
 ls -la /var/snap/vaultwarden/current/ssl/
 nano /var/snap/vaultwarden/current/vaultwarden.conf
 snap start vaultwarden
 snap logs vaultwarden
 snap logs vaultwarden
 nginx -t
 nginx -s reload
 nano /var/snap/vaultwarden/current/vaultwarden.conf
 nano /var/snap/vaultwarden/current/vaultwarden.conf
 nano /var/snap/vaultwarden/current/vaultwarden.conf
 snap stop vaultwarden
 snap start vaultwarden
 sudo -iu podman
 exit
 nano /var/snap/vaultwarden/current/vaultwarden.conf
 snap stop vaultwarden
 nano /var/snap/vaultwarden/current/vaultwarden.conf
 snap start vaultwarden
 nginx -t
 nginx -s reload
 sudo -iu podman
 exit
 sudo -iu podman
 sudo -iu podman
 exit
 nano /etc/cockpit/cockpit.conf
 apt-get install cockpit cockpit-podman cockpit-machines -y
 apt-get install cockpit cockpit-podman cockpit-machines -y
 apt-get remove cockpit-machines -y
 apt-get install cockpit cockpit-podman cockpit-files -y
 apt-get install cockpit cockpit-podman cockpit-file -y
 apt-get search cockpit-file
 apt-get search
 apt-get --help
 apt-get check
 apt-get auto-purge
 apt-get --help
 apt-get purge
 apt-get autoremove
 apt-get autoremove
 apt-get update
 apt-get install cockpit cockpit-podman cockpit-files -y
 apt-get upgrade
 sudo -iu podman
 sudo -iu podman
 nginx -t
 nginx -s reload
 sudo -iu podman
 nano /etc/docker/daemon.json
 nano /etc/podman/daemon.json
 sudo -iu podman
 nginx -s reload
 sudo -iu podman
 nano /etc/resolv.conf
 nano /etc/resolv.conf
 nano /etc/hosts
 cat /etc/hosts
 sudo -iu podman
 nano /etc/hosts
 sudo -iu podman
 sudo -iu podman
 nginx -s reload
 nginx -s reload
 nano /etc/hosts
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 apt install podman
 sudo -iu podman
 sudo -iu podman
 exit
 sudo -iu podman
 exit
 sudo -iu podman
 nginx -s reload
 exit
 nginx -t
 nginx -s reload
 exit
 nginx -t
 nginx -s reload
 sudo -iu podman
 sudo -iu podman
 exit
 nginx -s reload
 exit
 nano /etc/cockpit/cockpit.conf
 exit
 ls -la /etc/cockpit/ws-certs.d/
 nano /etc/cockpit/ws-certs.d/0-self-signed.cert
 mv /etc/cockpit/ws-certs.d/0-self-signed.cert /etc/cockpit/ws-certs.d/0-self-signed.cert.part
 cp /root/.acme.sh/wild-phares/fullchain.cer /etc/cockpit/ws-certs.d/0-self-signed.cert
 exit
 ls -la /etc/cockpit/ws-certs.d
 chomod 774 -r /etc/cockpit/ws-certs.d
 chmod 774 -R /etc/cockpit/ws-certs.d
 ls -la /etc/cockpit/ws-certs.d
 exit
 cp /root/.acme.sh/wild-phares/phares.duckdns.org.cer /etc/cockpit/ws-certs.d/0-self-signed.cert
 ls -la /etc/cockpit/ws-certs.d
 rm /etc/cockpit/ws-certs.d/0-self-signed.cert.old 
 chmod 774 -R /etc/cockpit/ws-certs.d
 exit
 ls -la /usr/libexec/podman/quadlet
 ls -la /usr/libexec/podman
 exit
 find / -name "neko-server.service" 2>/dev/null
 exit
 cp /run/user/1000/systemd/generator/multi-user.target.wants/neko-server.service /mnt/free-file-sync/proxmox/
 cp /run/user/1000/systemd/generator/default.target.wants/neko-server.service /mnt/free-file-sync/proxmox/
 cp /run/user/1000/systemd/generator/neko-server.service /mnt/free-file-sync/proxmox/
 nano /run/user/1000/systemd/generator/multi-user.target.wants/neko-server.service
 dif /home/podman/libexec-podman-quadlet-output/default.target.wants/neko-server.service /run/user/1000/systemd/generator/default.target.wants/neko-server.service
 diff /home/podman/libexec-podman-quadlet-output/default.target.wants/neko-server.service /run/user/1000/systemd/generator/default.target.wants/neko-server.service
 diff /home/podman/libexec-podman-quadlet-output/multi-user.target.wants/neko-server.service /run/user/1000/systemd/generator/multi-user.target.wants/neko-server.service
 diff /home/podman/libexec-podman-quadlet-output/neko-server.service /run/user/1000/systemd/generator/neko-server.service
 sudo -iu podman
 diff /home/podman/libexec-podman-quadlet-output/neko-server.service /run/user/1000/systemd/generator/neko-server.service
 diff /home/podman/libexec-podman-quadlet-output/multi-user.target.wants/neko-server.service /run/user/1000/systemd/generator/multi-user.target.wants/neko-server.service
 diff /home/podman/libexec-podman-quadlet-output/multi-user.target.wants/neko-server.service /run/user/1000/systemd/generator/multi-user.target.wants/neko-server.service
 diff
 diff --help
 diff /home/podman/libexec-podman-quadlet-output/multi-user.target.wants/neko-server.service /run/user/1000/systemd/generator/multi-user.target.wants/neko-server.service -y
 diff -y /home/podman/libexec-podman-quadlet-output/default.target.wants/neko-server.service /run/user/1000/systemd/generator/default.target.wants/neko-server.service
 diff -r /home/podman/libexec-podman-quadlet-output/default.target.wants/neko-server.service /run/user/1000/systemd/generator/default.target.wants/neko-server.service
 diff -y /home/podman/libexec-podman-quadlet-output/multi-user.target.wants/neko-server.service /run/user/1000/systemd/generator/multi-user.target.wants/neko-server.service
 diff -r /home/podman/libexec-podman-quadlet-output/multi-user.target.wants/neko-server.service /run/user/1000/systemd/generator/multi-user.target.wants/neko-server.service
 diff -y -r /home/podman/libexec-podman-quadlet-output/neko-server.service /run/user/1000/systemd/generator/neko-server.service
 diff -r /home/podman/libexec-podman-quadlet-output/neko-server.service /run/user/1000/systemd/generator/neko-server.service
 sudo -iu podman
 diff -r /home/podman/libexec-podman-quadlet-output/neko-server.service /run/user/1000/systemd/generator/neko-server.service
 /usr/lib/systemd/user-generators/podman-user-generator
 ls /usr/lib/systemd/user-generators/podman-user-generator
 exit
 nginx -s reload
 exit
 rm -R /var/www/html-infineon/
 nginx -t
 nginx -s reload
 nginx -t
 nginx -s reload
 nginx -t
 nginx -s reload
 exit
 exit
 nginx -t
 nginx -s reload
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 exit
 docker
 exit
 snap list
 exit
 nano /var/www/html-slideshow/slideshow/scripts/index.js 
 nano /var/www/html-slideshow/slideshow/index.json 
 snap install dotnet-sdk --classic 9.0/stable
 dotnet --info
 snap install dotnet-sdk --classic --channel 9.0/stable
 snap install dotnet-sdk --stable 9.0/stable
 snap install dotnet-sdk --stable dotnet-sdk
 snap install --stable dotnet-sdk
 snap install --classic --stable dotnet-sdk
 exit
 ~/.bashrc
 exit
 ~/.bashrc
 nano /etc/hostname
 nano /etc/hostname
 /etc/hosts
 nano /etc/hosts
 /etc/hosts
 nano /etc/hostname
 nano /etc/hosts
 ~/.bashrc
 sudo -i
 exit
 dotnet --info
 snap remove --classic --stable dotnet-sdk
 snap remove dotnet-sdk
 dotnet --info
 snap install dotnet-sdk --classic --9.0/stable
 snap install dotnet-sdk --classic --channel 9.0/stable
 apt-get update
 snap install dotnet-sdk --classic --channel 9.0/stable
 snap install dotnet-sdk --classic --latest/stable
 snap install dotnet-sdk --classic --channel latest/stable
 export DOTNET_ROOT=/snap/dotnet-sdk/current
 ~/.bash_profile, ~/.bashrc
 ~/.bash_profile
 ~/.bashrc
 sudo -i
 exit
 dotnet --info
 cd /tmp/
 git clone https://33aada599f8e245782e68931fe2629a959af5d26@gitea.phares.duckdns.org/phares3757/one-review.git
 ls
 cd one-review/
 podman compose up --build
 nano /etc/containers/registries.conf
 ls
 podman ps -a
 sudo -iu podman
 cd ..
 rm -R one-review/
 sudo -iu podman
 sudo -iu podman
 apt-get install podman-plugins
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 sudo -iu podman
 git clone https://33aada599f8e245782e68931fe2629a959af5d26@gitea.phares.duckdns.org/phares3757/one-review.git
 cd one-review/
 git checkout origin 11-17
 git checkout origin/11-17
 git pull
 git pull origin 11-17
 git log -1
 docker compose up --build
 snap install docker
 snap remove docker
 snap remove dotnet-sdk 
 cd ..
 ls
 rm -R one-review/
 ls
 exit
 dotnet --info
 exit
--- a/etc/beelink.md
+++ b/etc/beelink.md
@ -2,8 +2,6 @@
 ## Ubuntu and Docker End of July 2024
 ### Dashkiosk
 ### authorized_keys
 ```bash Thu Jul 25 2024 16:02:13 GMT-0700 (Mountain Standard Time)
@ -364,6 +362,20 @@ reboot
 nano /etc/default/grub
 ```
 ```conf Fri Jul 26 2024 10:45:47 GMT-0700 (Mountain Standard Time)
 # https://opensource.com/article/22/8/disable-ipv6
 # GRUB_CMDLINE_LINUX_DEFAULT=""
 GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash"
 # GRUB_CMDLINE_LINUX=""
 GRUB_CMDLINE_LINUX="ipv6.disable=1"
 ```
 ```bash Fri Jul 26 2024 10:45:51 GMT-0700 (Mountain Standard Time)
 grub-mkconfig
 exit
 reboot
 ```
 ### Fix Unbond (Move up next time!!!)
 ```conf Fri Jul 26 2024 10:45:41 GMT-0700 (Mountain Standard Time)
@ -379,20 +391,6 @@ systemctl disable --now unbound-resolvconf.service
 service unbound restart
 ```
 ```conf Fri Jul 26 2024 10:45:47 GMT-0700 (Mountain Standard Time)
 # https://opensource.com/article/22/8/disable-ipv6
 # GRUB_CMDLINE_LINUX_DEFAULT=""
 GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash"
 # GRUB_CMDLINE_LINUX=""
 GRUB_CMDLINE_LINUX="ipv6.disable=1"
 ```
 ```bash Fri Jul 26 2024 10:45:51 GMT-0700 (Mountain Standard Time)
 grub-mkconfig
 exit
 reboot
 ```
 ### Cockpit (Move up next time!!!)
 - [cockpit](https://cockpit-project.org/)
--- a/etc/dnsmasq.d/01-pihole.conf
+++ b/etc/dnsmasq.d/01-pihole.conf
@ -1,39 +0,0 @@
 # Pi-hole: A black hole for Internet advertisements
 # (c) 2017 Pi-hole, LLC (https://pi-hole.net)
 # Network-wide ad blocking via your own hardware.
 #
 # Dnsmasq config for Pi-hole's FTLDNS
 #
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.
 ###############################################################################
 #      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
 # ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
 #                                                                             #
 #        IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:          #
 #                      /etc/pihole/setupVars.conf                             #
 #                                                                             #
 #        ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE           #
 #                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
 ###############################################################################
 addn-hosts=/etc/pihole/local.list
 addn-hosts=/etc/pihole/custom.list
 localise-queries
 no-resolv
 log-queries
 log-facility=/var/log/pihole/pihole.log
 log-async
 cache-size=10000
 server=127.0.0.1#5335
 domain-needed
 expand-hosts
 bogus-priv
 local-service
--- a/etc/dnsmasq.d/06-rfc6761.conf
+++ b/etc/dnsmasq.d/06-rfc6761.conf
@ -1,42 +0,0 @@
 # Pi-hole: A black hole for Internet advertisements
 # (c) 2021 Pi-hole, LLC (https://pi-hole.net)
 # Network-wide ad blocking via your own hardware.
 #
 # RFC 6761 config file for Pi-hole
 #
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.
 ###############################################################################
 #      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
 # ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
 #                                                                             #
 #             CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE                #
 #                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
 ###############################################################################
 # RFC 6761: Caching DNS servers SHOULD recognize
 #     test, localhost, invalid
 # names as special and SHOULD NOT attempt to look up NS records for them, or
 # otherwise query authoritative DNS servers in an attempt to resolve these
 # names.
 server=/test/
 server=/localhost/
 server=/invalid/
 # The same RFC requests something similar for
 #     10.in-addr.arpa.      21.172.in-addr.arpa.  27.172.in-addr.arpa.
 #     16.172.in-addr.arpa.  22.172.in-addr.arpa.  28.172.in-addr.arpa.
 #     17.172.in-addr.arpa.  23.172.in-addr.arpa.  29.172.in-addr.arpa.
 #     18.172.in-addr.arpa.  24.172.in-addr.arpa.  30.172.in-addr.arpa.
 #     19.172.in-addr.arpa.  25.172.in-addr.arpa.  31.172.in-addr.arpa.
 #     20.172.in-addr.arpa.  26.172.in-addr.arpa.  168.192.in-addr.arpa.
 # Pi-hole implements this via the dnsmasq option "bogus-priv" (see
 # 01-pihole.conf) because this also covers IPv6.
 # OpenWRT furthermore blocks    bind, local, onion    domains
 # see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD
 # and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml
 # We do not include the ".local" rule ourselves, see https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972
 server=/bind/
 server=/onion/
--- a/etc/group
+++ b/etc/group
@ -34,7 +34,7 @@ sasl:x:45:
 plugdev:x:46:phares
 staff:x:50:
 games:x:60:
-users:x:100:pihole,podman,lphares,bmiller
+users:x:100:podman,lphares,bmiller,persa
 nogroup:x:65534:
 systemd-journal:x:999:
 systemd-network:x:998:
@ -57,11 +57,18 @@ tss:x:108:
 landscape:x:109:
 fwupd-refresh:x:989:
 netdev:x:110:
-phares:x:1000:
+phares:x:1001:
-pihole:x:1001:www-data
+podman:x:1000:
-podman:x:1002:
+lphares:x:1003:bmiller,persa
 lphares:x:1003:bmiller
 bmiller:x:1004:
 unbound:x:111:
 cockpit-ws:x:112:
 cockpit-wsinstance:x:113:
 pcp:x:988:
 persa:x:1002:
 redis:x:114:
 swtpm:x:115:
 libvirt:x:116:phares,podman,libvirtdbus
 libvirt-qemu:x:64055:libvirt-qemu
 libvirt-dnsmasq:x:117:
 libvirtdbus:x:118:
--- a/etc/group-
+++ b/etc/group-
@ -34,7 +34,7 @@ sasl:x:45:
 plugdev:x:46:phares
 staff:x:50:
 games:x:60:
-users:x:100:pihole,podman,lphares,bmiller
+users:x:100:podman,lphares,bmiller,persa
 nogroup:x:65534:
 systemd-journal:x:999:
 systemd-network:x:998:
@ -57,10 +57,18 @@ tss:x:108:
 landscape:x:109:
 fwupd-refresh:x:989:
 netdev:x:110:
-phares:x:1000:
+phares:x:1001:
-pihole:x:1001:www-data
+podman:x:1000:
-podman:x:1002:
+lphares:x:1003:bmiller,persa
 lphares:x:1003:bmiller
 bmiller:x:1004:
 unbound:x:111:
 cockpit-ws:x:112:
 cockpit-wsinstance:x:113:
 pcp:x:988:
 persa:x:1002:
 redis:x:114:
 swtpm:x:115:
 libvirt:x:116:phares,podman
 libvirt-qemu:x:64055:libvirt-qemu
 libvirt-dnsmasq:x:117:
 libvirtdbus:x:118:
--- a/etc/gshadow
+++ b/etc/gshadow
@ -34,7 +34,7 @@ sasl:*::
 plugdev:*::phares
 staff:*::
 games:*::
-users:*::pihole,podman,lphares,bmiller
+users:*::podman,lphares,bmiller,persa
 nogroup:*::
 systemd-journal:!*::
 systemd-network:!*::
@ -58,10 +58,17 @@ landscape:!::
 fwupd-refresh:!*::
 netdev:!::
 phares:!::
 pihole:!::www-data
 podman:!::
-lphares:!::bmiller
+lphares:!::bmiller,persa
 bmiller:!::
 unbound:!::
 cockpit-ws:!::
 cockpit-wsinstance:!::
 pcp:!::
 persa:!::
 redis:!::
 swtpm:!::
 libvirt:!::phares,podman,libvirtdbus
 libvirt-qemu:!::libvirt-qemu
 libvirt-dnsmasq:!::
 libvirtdbus:!::
--- a/etc/gshadow-
+++ b/etc/gshadow-
@ -34,7 +34,7 @@ sasl:*::
 plugdev:*::phares
 staff:*::
 games:*::
-users:*::pihole,podman,lphares,bmiller
+users:*::podman,lphares,bmiller,persa
 nogroup:*::
 systemd-journal:!*::
 systemd-network:!*::
@ -58,9 +58,17 @@ landscape:!::
 fwupd-refresh:!*::
 netdev:!::
 phares:!::
 pihole:!::www-data
 podman:!::
-lphares:!::bmiller
+lphares:!::bmiller,persa
 bmiller:!::
 unbound:!::
 cockpit-ws:!::
 cockpit-wsinstance:!::
 pcp:!::
 persa:!::
 redis:!::
 swtpm:!::
 libvirt:!::phares,podman
 libvirt-qemu:!::libvirt-qemu
 libvirt-dnsmasq:!::
 libvirtdbus:!::
--- a/etc/hosts
+++ b/etc/hosts
@ -1,5 +1,5 @@
 127.0.0.1 localhost
-127.0.1.1 beelink
+127.0.1.1 trigkey-green-g4
 # The following lines are desirable for IPv6 capable hosts
 ::1     ip6-localhost ip6-loopback
--- a/etc/letsencrypt/archive/phares3757.ddns.net/cert2.pem
+++ b/etc/letsencrypt/archive/phares3757.ddns.net/cert2.pem
@ -0,0 +1,28 @@
 -----BEGIN CERTIFICATE-----
 MIIEvTCCBEOgAwIBAgISA8Rpfo5CToGTmLm5xS3DeDfoMAoGCCqGSM49BAMDMDIx
 CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
 NjAeFw0yNDA4MDUyMTM3MDRaFw0yNDExMDMyMTM3MDNaMB4xHDAaBgNVBAMTE3Bo
 YXJlczM3NTcuZGRucy5uZXQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQPJlBf
 3XfrNcWGKQcOH9xS1X9UcBSiyFIva+mn524DDCYpB2aSLpEY1JdqGnbnDn0kBGgY
 ZG5AoTspEWQvkn34o4IDSzCCA0cwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQG
 CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSbfnI9
 DTkeKYqQTpJvsEmrG209UTAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU
 0jBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNi5vLmxlbmNy
 Lm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U2LmkubGVuY3Iub3JnLzCCAVIGA1Ud
 EQSCAUkwggFFgg9hZmZpcm0uZGRucy5uZXSCF2NoYXQucGhhcmVzLmR1Y2tkbnMu
 b3Jnghhkcml2ZS5waGFyZXMuZHVja2Rucy5vcmeCGGdpdGVhLnBoYXJlcy5kdWNr
 ZG5zLm9yZ4IVaGEucGhhcmVzLmR1Y2tkbnMub3JnghlpbW1pY2gucGhhcmVzLmR1
 Y2tkbnMub3JnghhtdXNpYy5waGFyZXMuZHVja2Rucy5vcmeCEnBoYXJlcy5kdWNr
 ZG5zLm9yZ4ITcGhhcmVzMzc1Ny5kZG5zLm5ldIIZcGhvdG9zLnBoYXJlcy5kdWNr
 ZG5zLm9yZ4IZcXVhcnR6LnBoYXJlcy5kdWNrZG5zLm9yZ4IadHJhY2Nhci5waGFy
 ZXMuZHVja2Rucy5vcmeCHnZhdWx0d2FyZGVuLnBoYXJlcy5kdWNrZG5zLm9yZzAT
 BgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AD8X
 S0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/KIXs+GRuAAABkSSvAAsAAAQDAEcwRQIg
 JDDuoD1dGwEJXVMv6ejxDSA5egmmYy4+j5+CqWyAch4CIQD6azMSASbZZ/+63NoR
 igd/G/woCeUvJJkNFfsqmeCFNQB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FI
 WUZxH7WbAAABkSSvAAYAAAQDAEcwRQIhALl/GZSFMEMfiR0OvlHMxQQFl6+q8vuS
 bFo/u9BCK0OZAiB02RbuxpKCvSXLAwKIzYnmsy+t3ip0mKKrRyx42Kz82DAKBggq
 hkjOPQQDAwNoADBlAjEAvBDbAOHHkTzjxYKmNrJ1NDBv+rjjszQbLvrqPKij8YO5
 rdvW1ty2j0oQbKLiX8T2AjBgZhfrlHHRXOTYYwao5Sf1b3dNfFcv0be+aQjMTHWF
 A3WZcUHjqZsHHqeaZiWgzlw=
 -----END CERTIFICATE-----
--- a/etc/letsencrypt/archive/phares3757.ddns.net/cert3.pem
+++ b/etc/letsencrypt/archive/phares3757.ddns.net/cert3.pem
@ -0,0 +1,28 @@
 -----BEGIN CERTIFICATE-----
 MIIEvzCCBEWgAwIBAgISBI/TW6uuBCr2K8pVMOvUKwXMMAoGCCqGSM49BAMDMDIx
 CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
 NTAeFw0yNDEwMjcwMDUxNDFaFw0yNTAxMjUwMDUxNDBaMB4xHDAaBgNVBAMTE3Bo
 YXJlczM3NTcuZGRucy5uZXQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATx31ZU
 Cb0Um0CB5L92TDKpscWoiT3hxDeUIBbYZufML/ODIwlMIJpeBABcPUuMWLKH+t5d
 lGtIZFZ8a9Y6s+QJo4IDTTCCA0kwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQG
 CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTPAmOa
 X0Q1jVn8hWataTC7SyVf3DAfBgNVHSMEGDAWgBSfK1/PPCFPnQS37SssxMZwi9LX
 DTBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNS5vLmxlbmNy
 Lm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U1LmkubGVuY3Iub3JnLzCCAVIGA1Ud
 EQSCAUkwggFFgg9hZmZpcm0uZGRucy5uZXSCF2NoYXQucGhhcmVzLmR1Y2tkbnMu
 b3Jnghhkcml2ZS5waGFyZXMuZHVja2Rucy5vcmeCGGdpdGVhLnBoYXJlcy5kdWNr
 ZG5zLm9yZ4IVaGEucGhhcmVzLmR1Y2tkbnMub3JnghlpbW1pY2gucGhhcmVzLmR1
 Y2tkbnMub3JnghhtdXNpYy5waGFyZXMuZHVja2Rucy5vcmeCEnBoYXJlcy5kdWNr
 ZG5zLm9yZ4ITcGhhcmVzMzc1Ny5kZG5zLm5ldIIZcGhvdG9zLnBoYXJlcy5kdWNr
 ZG5zLm9yZ4IZcXVhcnR6LnBoYXJlcy5kdWNrZG5zLm9yZ4IadHJhY2Nhci5waGFy
 ZXMuZHVja2Rucy5vcmeCHnZhdWx0d2FyZGVuLnBoYXJlcy5kdWNrZG5zLm9yZzAT
 BgNVHSAEDDAKMAgGBmeBDAECATCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3AKLj
 CuRF772tm3447Udnd1PXgluElNcrXhssxLlQpEfnAAABksuqp2cAAAQDAEgwRgIh
 ANhuwhhf/+vV2qEy+R9tMNHLnnvfBLjiAxg2AP4DDMsjAiEA/KPYYzSJ0JFO/TNv
 gZ+sK9w63SldtCQnH0lQ9NkV/sQAdwDgkrP8DB3I52g2H95huZZNClJ4GYpy1nLE
 sE2lbW9UBAAAAZLLqqdzAAAEAwBIMEYCIQDjpfPfuYeD/k2JqQcPM1hAeLNbFUq6
 vWeoAYqUi9bLqwIhAPZbo0y/asr4bdqlKtRsaLwpaG0w+6NKTpFmo6Rk3XbRMAoG
 CCqGSM49BAMDA2gAMGUCMQCwA9rnTaaNJ3Eqx2L7LSW+vVyK0kiaTp0poN82V5fr
 GGXZNdyPrHeLAA0OiGnMQHwCMFfCxgJJ7JFllCHIHnjjRFk7pV3DJ7a9N8W6nFxg
 Wik/YdTKMn5yCbKTyv6gYmLgjA==
 -----END CERTIFICATE-----
--- a/etc/letsencrypt/archive/phares3757.ddns.net/chain2.pem
+++ b/etc/letsencrypt/archive/phares3757.ddns.net/chain2.pem
@ -0,0 +1,26 @@
 -----BEGIN CERTIFICATE-----
 MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
 TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
 cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
 WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
 RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
 h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
 6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
 gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
 ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
 v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
 AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
 BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
 Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
 MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
 pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
 eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
 pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
 s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
 h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
 YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
 ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
 LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
 EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
 Ig46v9mFmBvyH04=
 -----END CERTIFICATE-----
--- a/etc/letsencrypt/archive/phares3757.ddns.net/chain3.pem
+++ b/etc/letsencrypt/archive/phares3757.ddns.net/chain3.pem
@ -0,0 +1,26 @@
 -----BEGIN CERTIFICATE-----
 MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
 TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
 cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
 WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
 RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK
 a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO
 VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw
 gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
 ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw
 i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
 AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
 BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
 Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C
 2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+
 bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG
 6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV
 XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO
 koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq
 cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI
 E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e
 K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX
 GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL
 sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd
 VQD9F6Na/+zmXCc=
 -----END CERTIFICATE-----
--- a/etc/letsencrypt/archive/phares3757.ddns.net/fullchain2.pem
+++ b/etc/letsencrypt/archive/phares3757.ddns.net/fullchain2.pem
@ -0,0 +1,54 @@
 -----BEGIN CERTIFICATE-----
 MIIEvTCCBEOgAwIBAgISA8Rpfo5CToGTmLm5xS3DeDfoMAoGCCqGSM49BAMDMDIx
 CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
 NjAeFw0yNDA4MDUyMTM3MDRaFw0yNDExMDMyMTM3MDNaMB4xHDAaBgNVBAMTE3Bo
 YXJlczM3NTcuZGRucy5uZXQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQPJlBf
 3XfrNcWGKQcOH9xS1X9UcBSiyFIva+mn524DDCYpB2aSLpEY1JdqGnbnDn0kBGgY
 ZG5AoTspEWQvkn34o4IDSzCCA0cwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQG
 CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSbfnI9
 DTkeKYqQTpJvsEmrG209UTAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU
 0jBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNi5vLmxlbmNy
 Lm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U2LmkubGVuY3Iub3JnLzCCAVIGA1Ud
 EQSCAUkwggFFgg9hZmZpcm0uZGRucy5uZXSCF2NoYXQucGhhcmVzLmR1Y2tkbnMu
 b3Jnghhkcml2ZS5waGFyZXMuZHVja2Rucy5vcmeCGGdpdGVhLnBoYXJlcy5kdWNr
 ZG5zLm9yZ4IVaGEucGhhcmVzLmR1Y2tkbnMub3JnghlpbW1pY2gucGhhcmVzLmR1
 Y2tkbnMub3JnghhtdXNpYy5waGFyZXMuZHVja2Rucy5vcmeCEnBoYXJlcy5kdWNr
 ZG5zLm9yZ4ITcGhhcmVzMzc1Ny5kZG5zLm5ldIIZcGhvdG9zLnBoYXJlcy5kdWNr
 ZG5zLm9yZ4IZcXVhcnR6LnBoYXJlcy5kdWNrZG5zLm9yZ4IadHJhY2Nhci5waGFy
 ZXMuZHVja2Rucy5vcmeCHnZhdWx0d2FyZGVuLnBoYXJlcy5kdWNrZG5zLm9yZzAT
 BgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AD8X
 S0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/KIXs+GRuAAABkSSvAAsAAAQDAEcwRQIg
 JDDuoD1dGwEJXVMv6ejxDSA5egmmYy4+j5+CqWyAch4CIQD6azMSASbZZ/+63NoR
 igd/G/woCeUvJJkNFfsqmeCFNQB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FI
 WUZxH7WbAAABkSSvAAYAAAQDAEcwRQIhALl/GZSFMEMfiR0OvlHMxQQFl6+q8vuS
 bFo/u9BCK0OZAiB02RbuxpKCvSXLAwKIzYnmsy+t3ip0mKKrRyx42Kz82DAKBggq
 hkjOPQQDAwNoADBlAjEAvBDbAOHHkTzjxYKmNrJ1NDBv+rjjszQbLvrqPKij8YO5
 rdvW1ty2j0oQbKLiX8T2AjBgZhfrlHHRXOTYYwao5Sf1b3dNfFcv0be+aQjMTHWF
 A3WZcUHjqZsHHqeaZiWgzlw=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
 TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
 cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
 WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
 RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
 h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
 6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
 gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
 ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
 v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
 AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
 BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
 Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
 MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
 pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
 eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
 pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
 s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
 h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
 YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
 ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
 LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
 EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
 Ig46v9mFmBvyH04=
 -----END CERTIFICATE-----
--- a/etc/letsencrypt/archive/phares3757.ddns.net/fullchain3.pem
+++ b/etc/letsencrypt/archive/phares3757.ddns.net/fullchain3.pem
@ -0,0 +1,54 @@
 -----BEGIN CERTIFICATE-----
 MIIEvzCCBEWgAwIBAgISBI/TW6uuBCr2K8pVMOvUKwXMMAoGCCqGSM49BAMDMDIx
 CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
 NTAeFw0yNDEwMjcwMDUxNDFaFw0yNTAxMjUwMDUxNDBaMB4xHDAaBgNVBAMTE3Bo
 YXJlczM3NTcuZGRucy5uZXQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATx31ZU
 Cb0Um0CB5L92TDKpscWoiT3hxDeUIBbYZufML/ODIwlMIJpeBABcPUuMWLKH+t5d
 lGtIZFZ8a9Y6s+QJo4IDTTCCA0kwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQG
 CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTPAmOa
 X0Q1jVn8hWataTC7SyVf3DAfBgNVHSMEGDAWgBSfK1/PPCFPnQS37SssxMZwi9LX
 DTBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNS5vLmxlbmNy
 Lm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U1LmkubGVuY3Iub3JnLzCCAVIGA1Ud
 EQSCAUkwggFFgg9hZmZpcm0uZGRucy5uZXSCF2NoYXQucGhhcmVzLmR1Y2tkbnMu
 b3Jnghhkcml2ZS5waGFyZXMuZHVja2Rucy5vcmeCGGdpdGVhLnBoYXJlcy5kdWNr
 ZG5zLm9yZ4IVaGEucGhhcmVzLmR1Y2tkbnMub3JnghlpbW1pY2gucGhhcmVzLmR1
 Y2tkbnMub3JnghhtdXNpYy5waGFyZXMuZHVja2Rucy5vcmeCEnBoYXJlcy5kdWNr
 ZG5zLm9yZ4ITcGhhcmVzMzc1Ny5kZG5zLm5ldIIZcGhvdG9zLnBoYXJlcy5kdWNr
 ZG5zLm9yZ4IZcXVhcnR6LnBoYXJlcy5kdWNrZG5zLm9yZ4IadHJhY2Nhci5waGFy
 ZXMuZHVja2Rucy5vcmeCHnZhdWx0d2FyZGVuLnBoYXJlcy5kdWNrZG5zLm9yZzAT
 BgNVHSAEDDAKMAgGBmeBDAECATCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3AKLj
 CuRF772tm3447Udnd1PXgluElNcrXhssxLlQpEfnAAABksuqp2cAAAQDAEgwRgIh
 ANhuwhhf/+vV2qEy+R9tMNHLnnvfBLjiAxg2AP4DDMsjAiEA/KPYYzSJ0JFO/TNv
 gZ+sK9w63SldtCQnH0lQ9NkV/sQAdwDgkrP8DB3I52g2H95huZZNClJ4GYpy1nLE
 sE2lbW9UBAAAAZLLqqdzAAAEAwBIMEYCIQDjpfPfuYeD/k2JqQcPM1hAeLNbFUq6
 vWeoAYqUi9bLqwIhAPZbo0y/asr4bdqlKtRsaLwpaG0w+6NKTpFmo6Rk3XbRMAoG
 CCqGSM49BAMDA2gAMGUCMQCwA9rnTaaNJ3Eqx2L7LSW+vVyK0kiaTp0poN82V5fr
 GGXZNdyPrHeLAA0OiGnMQHwCMFfCxgJJ7JFllCHIHnjjRFk7pV3DJ7a9N8W6nFxg
 Wik/YdTKMn5yCbKTyv6gYmLgjA==
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
 TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
 cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
 WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
 RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK
 a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO
 VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw
 gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
 ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw
 i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
 AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
 BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
 Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C
 2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+
 bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG
 6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV
 XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO
 koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq
 cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI
 E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e
 K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX
 GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL
 sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd
 VQD9F6Na/+zmXCc=
 -----END CERTIFICATE-----
--- a/etc/letsencrypt/archive/phares3757.ddns.net/privkey2.pem
+++ b/etc/letsencrypt/archive/phares3757.ddns.net/privkey2.pem
@ -0,0 +1,5 @@
 -----BEGIN PRIVATE KEY-----
 MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgMkDpXWGeiqjE5WNj
 mBuqwMXseOQuX9tv3SvZvQ761VOhRANCAAQPJlBf3XfrNcWGKQcOH9xS1X9UcBSi
 yFIva+mn524DDCYpB2aSLpEY1JdqGnbnDn0kBGgYZG5AoTspEWQvkn34
 -----END PRIVATE KEY-----
--- a/etc/letsencrypt/archive/phares3757.ddns.net/privkey3.pem
+++ b/etc/letsencrypt/archive/phares3757.ddns.net/privkey3.pem
@ -0,0 +1,5 @@
 -----BEGIN PRIVATE KEY-----
 MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgr4csftLu03keRaK4
 OR+nS9nOaog7Ak6NbSRkXg72RRKhRANCAATx31ZUCb0Um0CB5L92TDKpscWoiT3h
 xDeUIBbYZufML/ODIwlMIJpeBABcPUuMWLKH+t5dlGtIZFZ8a9Y6s+QJ
 -----END PRIVATE KEY-----
--- a/etc/letsencrypt/ha/fullchain.pem
+++ b/etc/letsencrypt/ha/fullchain.pem
@ -0,0 +1,50 @@
 -----BEGIN CERTIFICATE-----
 MIID6zCCA3GgAwIBAgISA4snn7ZkkZV8ytXbnWtDcJgdMAoGCCqGSM49BAMDMDIx
 CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
 NTAeFw0yNDEwMDYwNzU5MzRaFw0yNTAxMDQwNzU5MzNaMB0xGzAZBgNVBAMTEmFm
 ZmlybS5kdWNrZG5zLm9yZzB2MBAGByqGSM49AgEGBSuBBAAiA2IABEzQCCWLkZD8
 R1rHsE1iNmoobwtfihmN78eB9zVu+FdWRkOyClBXm+sZQl4rNf7NfDiV6bZ4dz13
 fs/45z52PTWk6n2zP4c2Dgh/MESaxv9UaLvq4OjX4Bqd/OH1WuigHaOCAl0wggJZ
 MA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
 DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUL+qPS4dEIsg41TGo25We68CvRIAwHwYD
 VR0jBBgwFoAUnytfzzwhT50Et+0rLMTGcIvS1w0wVQYIKwYBBQUHAQEESTBHMCEG
 CCsGAQUFBzABhhVodHRwOi8vZTUuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0
 dHA6Ly9lNS5pLmxlbmNyLm9yZy8wZQYDVR0RBF4wXIISYWZmaXJtLmR1Y2tkbnMu
 b3JnghVoYS1waGFyZXMuZHVja2Rucy5vcmeCEnBoYXJlcy5kdWNrZG5zLm9yZ4Ib
 c3lub2xvZ3ktcGhhcmVzLmR1Y2tkbnMub3JnMBMGA1UdIAQMMAowCAYGZ4EMAQIB
 MIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYAzxFW7tUufK/zh1vZaS6b6RpxZ0qw
 F+ysAdJbd87MOwgAAAGSYQzXTgAABAMARzBFAiEArfAVmkU+kJaHWipGCCPT7eVw
 auk98aCxSEvIOD0Y+RsCIAnhbHMNuDAenJ8ZyRhtGmSCwMPRbLRnwcWbO7TFqxqf
 AHcAouMK5EXvva2bfjjtR2d3U9eCW4SU1yteGyzEuVCkR+cAAAGSYQze4QAABAMA
 SDBGAiEA+Vocdjpsc7/jUu9L5KjXO+Jnrp98MOnM0FEJN0hJU+wCIQD/HOM6C6H8
 ZxTaopyvNyWVylw5ooPuSpuJ1Xf8brNjATAKBggqhkjOPQQDAwNoADBlAjEA8aBN
 tJqelSOy/mnypFRI6qrvGegu7tKgghqUw0XWy56u8zMVmtksglEJtcMkf3ZlAjBh
 15d+rRL3k+xXAaOE1YesxGhIUqJO1JiMHeQ6mgOE6vOMJYKhmUjrZ3P70XoEC7E=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
 TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
 cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
 WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
 RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK
 a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO
 VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw
 gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
 ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw
 i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
 AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
 BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
 Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C
 2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+
 bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG
 6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV
 XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO
 koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq
 cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI
 E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e
 K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX
 GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL
 sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd
 VQD9F6Na/+zmXCc=
 -----END CERTIFICATE-----
--- a/etc/letsencrypt/ha/privkey.pem
+++ b/etc/letsencrypt/ha/privkey.pem
@ -0,0 +1,6 @@
 -----BEGIN EC PRIVATE KEY-----
 MIGkAgEBBDAK5i0BgRa7SIcpCykadElWV5mBrW+xOWg1Sse0Zx8TEx8fuMiz6js3
 CcVzHS0YjiegBwYFK4EEACKhZANiAARM0Agli5GQ/Edax7BNYjZqKG8LX4oZje/H
 gfc1bvhXVkZDsgpQV5vrGUJeKzX+zXw4lem2eHc9d37P+Oc+dj01pOp9sz+HNg4I
 fzBEmsb/VGi76uDo1+Aanfzh9VrooB0=
 -----END EC PRIVATE KEY-----
--- a/etc/lighttpd/lighttpd.conf
+++ b/etc/lighttpd/lighttpd.conf
@ -1,61 +0,0 @@
 ### Documentation
 # https://wiki.lighttpd.net/
 #
 ### Configuration Syntax
 # https://wiki.lighttpd.net/Docs_Configuration
 #
 ### Configuration Options
 # https://wiki.lighttpd.net/Docs_ConfigurationOptions
 #
 ### Debian lighttpd base configuration
 server.modules = (
 	"mod_indexfile",
 	"mod_access",
 	"mod_alias",
 	"mod_redirect",
 )
 server.document-root        = "/var/www/html"
 server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
 server.errorlog             = "/var/log/lighttpd/error.log"
 server.pid-file             = "/run/lighttpd.pid"
 server.username             = "www-data"
 server.groupname            = "www-data"
 server.port                 = 8005
 # strict parsing and normalization of URL for consistency and security
 # https://wiki.lighttpd.net/Server_http-parseoptsDetails
 # (might need to explicitly set "url-path-2f-decode" = "disable"
 #  if a specific application is encoding URLs inside url-path)
 server.http-parseopts = (
  "header-strict"           => "enable",# default
  "host-strict"             => "enable",# default
  "host-normalize"          => "enable",# default
  "url-normalize-unreserved"=> "enable",# recommended highly
  "url-normalize-required"  => "enable",# recommended
  "url-ctrls-reject"        => "enable",# recommended
  "url-path-2f-decode"      => "enable",# recommended highly (unless breaks app)
 #"url-path-2f-reject"      => "enable",
  "url-path-dotseg-remove"  => "enable",# recommended highly (unless breaks app)
 #"url-path-dotseg-reject"  => "enable",
 #"url-query-20-plus"       => "enable",# consistency in query string
  "url-invalid-utf8-reject" => "enable",# recommended highly (unless breaks app)
 )
 index-file.names            = ( "index.php", "index.html" )
 url.access-deny             = ( "~", ".inc" )
 static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
 include_shell "/usr/share/lighttpd/create-mime.conf.pl"
 include "/etc/lighttpd/conf-enabled/*.conf"
 # default listening port for IPv6 is same as default IPv4 port
 include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
 ### Customizations
 # customizations should generally be placed in separate files such as
 #   /etc/lighttpd/conf-available/00_vars.conf    # override variables for *.conf
 #   /etc/lighttpd/conf-available/99_custom.conf  # override *.conf settings
 # and then enabled using lighty-enable-mod (1)
--- a/etc/netplan/50-cloud-init.yaml
+++ b/etc/netplan/50-cloud-init.yaml
@ -5,7 +5,7 @@
 # network: {config: disabled}
 network:
    ethernets:
-        enp2s0:
+        enp1s0:
            dhcp4: true
    version: 2
    wifis: {}
--- a/etc/nginx/include/adguard.conf
+++ b/etc/nginx/include/adguard.conf
@ -0,0 +1,20 @@
 server {
    # touch /etc/nginx/include/adguard.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/adguard.phares.duckdns.org.key -out /etc/nginx/include/adguard.phares.duckdns.org.crt -config /etc/nginx/include/adguard.phares.duckdns.org
    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name adguard.phares.duckdns.org;
    client_max_body_size 5000m;
    location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_pass              http://192.168.11.2:3002/;
        proxy_read_timeout      600s;
        proxy_send_timeout      600s;
    }
 }
--- a/etc/nginx/include/affirm.conf
+++ b/etc/nginx/include/affirm.conf
@ -0,0 +1,15 @@
 server {
    # touch /etc/nginx/include/affirm.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/affirm.duckdns.org.key -out /etc/nginx/include/affirm.phares.duckdns.org.crt -config /etc/nginx/include/affirm.phares.duckdns.org
    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name *.affirm.duckdns.org;
    root /var/www/html-affirm;
    index index.html index.htm;
    location / {
        try_files $uri $uri.html $uri/ =404;
    }
 }
--- a/etc/nginx/include/baikal.conf
+++ b/etc/nginx/include/baikal.conf
@ -0,0 +1,20 @@
 server {
    # touch /etc/nginx/include/baikal.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/baikal.phares.duckdns.org.key -out /etc/nginx/include/baikal.phares.duckdns.org.crt -config /etc/nginx/include/baikal.phares.duckdns.org
    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name baikal.phares.duckdns.org;
    client_max_body_size 5000m;
    location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_pass              http://192.168.11.2:8001/;
        proxy_read_timeout      600s;
        proxy_send_timeout      600s;
    }
 }
--- a/etc/nginx/include/bchs.conf
+++ b/etc/nginx/include/bchs.conf
@ -0,0 +1,15 @@
 server {
    # touch /etc/nginx/include/bchs.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/bchs.duckdns.org.key -out /etc/nginx/include/bchs.phares.duckdns.org.crt -config /etc/nginx/include/bchs.phares.duckdns.org
    ssl_certificate /root/.acme.sh/wild-bchs/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-bchs/bchs.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-bchs/bchs.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name *.bchs.duckdns.org;
    root /var/www/html-bchs;
    index index.html index.htm;
    location / {
        try_files $uri $uri.html $uri/ =404;
    }
 }
--- a/etc/nginx/include/blinko.conf
+++ b/etc/nginx/include/blinko.conf
@ -0,0 +1,20 @@
 server {
    # touch /etc/nginx/include/blinko.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/blinko.phares.duckdns.org.key -out /etc/nginx/include/blinko.phares.duckdns.org.crt -config /etc/nginx/include/blinko.phares.duckdns.org
    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name blinko.phares.duckdns.org;
    client_max_body_size 5000m;
    location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_pass              http://192.168.11.2:5012/;
        proxy_read_timeout      600s;
        proxy_send_timeout      600s;
    }
 }
--- a/etc/nginx/include/cockpit.conf
+++ b/etc/nginx/include/cockpit.conf
@ -0,0 +1,24 @@
 server {
    # touch /etc/nginx/include/cockpit.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/cockpit.phares.duckdns.org.key -out /etc/nginx/include/cockpit.phares.duckdns.org.crt -config /etc/nginx/include/cockpit.phares.duckdns.org
    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name cockpit.phares.duckdns.org;
    location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_pass              https://127.0.0.1:9090/;
        proxy_read_timeout      600s;
        proxy_send_timeout      600s;
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        gzip off;
    }
 }
--- a/etc/nginx/include/dashkiosk.conf
+++ b/etc/nginx/include/dashkiosk.conf
@ -0,0 +1,19 @@
 server {
    # touch /etc/nginx/include/dashkiosk.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/dashkiosk.phares.duckdns.org.key -out /etc/nginx/include/dashkiosk.phares.duckdns.org.crt -config /etc/nginx/include/dashkiosk.phares.duckdns.org
    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name dashkiosk.phares.duckdns.org;
    location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_pass              http://192.168.11.2:9400/;
        proxy_read_timeout      600s;
        proxy_send_timeout      600s;
    }
 }
--- a/etc/nginx/include/firefox.conf
+++ b/etc/nginx/include/firefox.conf
@ -0,0 +1,19 @@
 server {
    # touch /etc/nginx/include/firefox.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/firefox.phares.duckdns.org.key -out /etc/nginx/include/firefox.phares.duckdns.org.crt -config /etc/nginx/include/firefox.phares.duckdns.org
    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name firefox.phares.duckdns.org;
    location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_pass              http://192.168.11.2:5800/;
        proxy_read_timeout      600s;
        proxy_send_timeout      600s;
    }
 }
--- a/etc/nginx/include/gitea.conf
+++ b/etc/nginx/include/gitea.conf
@ -0,0 +1,20 @@
 server {
    # touch /etc/nginx/include/gitea.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/gitea.phares.duckdns.org.key -out /etc/nginx/include/gitea.phares.duckdns.org.crt -config /etc/nginx/include/gitea.phares.duckdns.org
    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name gitea.phares.duckdns.org;
    client_max_body_size 5000m;
    location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_pass              http://192.168.11.2:3000/;
        proxy_read_timeout      600s;
        proxy_send_timeout      600s;
    }
 }
--- a/etc/nginx/include/immich-kiosk.conf
+++ b/etc/nginx/include/immich-kiosk.conf
@ -0,0 +1,20 @@
 server {
    # touch /etc/nginx/include/immich-kiosk.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/immich-kiosk.phares.duckdns.org.key -out /etc/nginx/include/immich-kiosk.phares.duckdns.org.crt -config /etc/nginx/include/immich-kiosk.phares.duckdns.org
    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name immich-kiosk.phares.duckdns.org;
    location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_pass              http://192.168.11.2:5010/;
        proxy_read_timeout      600s;
        proxy_send_timeout      600s;
 		add_header Access-Control-Allow-Origin *;
    }
 }
--- a/etc/nginx/include/immich-to-slideshow.conf
+++ b/etc/nginx/include/immich-to-slideshow.conf
@ -0,0 +1,20 @@
 server {
    # touch /etc/nginx/include/immich-to-slideshow.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/immich-to-slideshow.phares.duckdns.org.key -out /etc/nginx/include/immich-to-slideshow.phares.duckdns.org.crt -config /etc/nginx/include/immich-to-slideshow.phares.duckdns.org
    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name immich-to-slideshow.phares.duckdns.org;
    location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_pass              http://192.168.11.2:5009/;
        proxy_read_timeout      600s;
        proxy_send_timeout      600s;
 		add_header Access-Control-Allow-Origin *;
    }
 }
--- a/etc/nginx/include/immich.conf
+++ b/etc/nginx/include/immich.conf
@ -0,0 +1,25 @@
 server {
    # touch /etc/nginx/include/immich.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/immich.phares.duckdns.org.key -out /etc/nginx/include/immich.phares.duckdns.org.crt -config /etc/nginx/include/immich.phares.duckdns.org
    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name immich.phares.duckdns.org;
    client_max_body_size 50000M;
    proxy_set_header Host              $http_host;
    proxy_set_header X-Real-IP         $remote_addr;
    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_http_version 1.1;
    proxy_set_header   Upgrade    $http_upgrade;
    proxy_set_header   Connection "upgrade";
    proxy_redirect     off;
    proxy_read_timeout 600s;
    proxy_send_timeout 600s;
    send_timeout       600s;
    location / {
        proxy_pass              http://192.168.11.2:3001/;
    }
 }
--- a/etc/nginx/include/kuma.conf
+++ b/etc/nginx/include/kuma.conf
@ -0,0 +1,22 @@
 server {
    # touch /etc/nginx/include/kuma.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/kuma.phares.duckdns.org.key -out /etc/nginx/include/kuma.phares.duckdns.org.crt -config /etc/nginx/include/kuma.phares.duckdns.org
    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name kuma.phares.duckdns.org;
    client_max_body_size 5000m;
    location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_pass              https://192.168.11.2:3004/;
        proxy_read_timeout      600s;
        proxy_send_timeout      600s;
        # proxy_set_header   Upgrade $http_upgrade;
        # proxy_set_header   Connection "upgrade";
    }
 }
--- a/etc/nginx/include/linkwarden.conf
+++ b/etc/nginx/include/linkwarden.conf
@ -0,0 +1,20 @@
 server {
    # touch /etc/nginx/include/linkwarden.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/linkwarden.phares.duckdns.org.key -out /etc/nginx/include/linkwarden.phares.duckdns.org.crt -config /etc/nginx/include/linkwarden.phares.duckdns.org
    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name linkwarden.phares.duckdns.org;
    client_max_body_size 5000m;
    location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_pass              http://192.168.11.2:5011/;
        proxy_read_timeout      600s;
        proxy_send_timeout      600s;
    }
 }
--- a/etc/nginx/include/mattermost.conf
+++ b/etc/nginx/include/mattermost.conf
@ -0,0 +1,46 @@
 server {
    # touch /etc/nginx/include/mattermost.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/mattermost.phares.duckdns.org.key -out /etc/nginx/include/mattermost.phares.duckdns.org.crt -config /etc/nginx/include/mattermost.phares.duckdns.org
    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name mattermost.phares.duckdns.org;
    # add_header X-Early-Data $tls1_3_early_data;
    location / {
        # https://mattermost.m1k1o.net/#/getting-started/reverse-proxy
        client_max_body_size 100M;
        proxy_set_header Connection "";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Frame-Options SAMEORIGIN;
        proxy_buffers 256 16k;
        proxy_buffer_size 16k;
        proxy_read_timeout 600s;
        proxy_http_version 1.1;
        proxy_pass https://192.168.11.2:8443/;
    }
    location ~ /api/v[0-9]+/(users/)?websocket$ {
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        client_max_body_size 50M;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Frame-Options SAMEORIGIN;
        proxy_buffers 256 16k;
        proxy_buffer_size 16k;
        client_body_timeout 60s;
        send_timeout 300s;
        lingering_timeout 5s;
        proxy_connect_timeout 90s;
        proxy_send_timeout 300s;
        proxy_read_timeout 90s;
        proxy_http_version 1.1;
        proxy_pass https://192.168.11.2:8443;
    }
 }
--- a/etc/nginx/include/neko.conf
+++ b/etc/nginx/include/neko.conf
@ -0,0 +1,24 @@
 server {
    # touch /etc/nginx/include/neko.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/neko.phares.duckdns.org.key -out /etc/nginx/include/neko.phares.duckdns.org.crt -config /etc/nginx/include/neko.phares.duckdns.org
    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name neko.phares.duckdns.org;
    location / {
        # https://neko.m1k1o.net/#/getting-started/reverse-proxy
        proxy_pass http://192.168.11.2:8082/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 86400;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-Protocol $scheme;
    }
 }
--- a/etc/nginx/include/odoo.conf
+++ b/etc/nginx/include/odoo.conf
@ -0,0 +1,19 @@
 server {
    # touch /etc/nginx/include/odoo.ddns.net
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/odoo.ddns.net.key -out /etc/nginx/include/odoo.ddns.net.crt -config /etc/nginx/include/odoo.ddns.net
    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name odoo.phares.duckdns.org;
    location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_pass              http://192.168.11.2:8069/;
        proxy_read_timeout      600s;
        proxy_send_timeout      600s;
    }
 }
--- a/etc/nginx/include/pgadmin.conf
+++ b/etc/nginx/include/pgadmin.conf
@ -0,0 +1,19 @@
 server {
    # touch /etc/nginx/include/pgadmin.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/pgadmin.phares.duckdns.org.key -out /etc/nginx/include/pgadmin.phares.duckdns.org.crt -config /etc/nginx/include/pgadmin.phares.duckdns.org
    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name pgadmin.phares.duckdns.org;
    location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_pass              https://192.168.11.2:5007/;
        proxy_read_timeout      600s;
        proxy_send_timeout      600s;
    }
 }
--- a/etc/nginx/include/phares.conf
+++ b/etc/nginx/include/phares.conf
@ -0,0 +1,33 @@
 # server {
 # listen 80 default_server;
 # root /var/www/certbot;
 # index index.html index.htm index.nginx-debian.html;
 # server_name phares.duckdns.org;
 # location / {
 # try_files $uri $uri/ =404;
 # }
 # }
 server {
 	listen 8083 default_server;
 	root /var/www/html-nginx;
 	index index.html index.htm;
 	server_name _;
 	location / {
 		try_files $uri $uri/ =404;
 	}
 }
 server {
    # touch /etc/nginx/include/phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/phares.duckdns.org.key -out /etc/nginx/include/phares.duckdns.org.crt -config /etc/nginx/include/phares.duckdns.org
    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name phares.duckdns.org;
    root /var/www/html-nginx;
    index index.nginx-debian.html;
    location / {
        try_files $uri $uri.html $uri/ =404;
    }
 }
--- a/etc/nginx/include/quartz.conf
+++ b/etc/nginx/include/quartz.conf
@ -0,0 +1,24 @@
 server {
 	listen 8084 default_server;
 	root /var/www/html-quartz;
 	index index.html index.htm;
 	server_name _;
 	location / {
 		try_files $uri $uri/ =404;
 	}
 }
 server {
    # touch /etc/nginx/include/quartz.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/quartz.phares.duckdns.org.key -out /etc/nginx/include/quartz.phares.duckdns.org.crt -config /etc/nginx/include/quartz.phares.duckdns.org
    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name quartz.phares.duckdns.org;
    root /var/www/html-quartz;
    index index.html index.htm;
    location / {
        try_files $uri $uri.html $uri/ =404;
    }
 }
--- a/etc/nginx/include/slideshow.conf
+++ b/etc/nginx/include/slideshow.conf
@ -0,0 +1,25 @@
 server {
 	listen 8080 default_server;
 	root /var/www/html-slideshow;
 	index index.html index.htm;
 	server_name _;
 	location / {
 		try_files $uri $uri/ =404;
 		add_header Access-Control-Allow-Origin *;
 	}
 }
 server {
    # touch /etc/nginx/include/slideshow.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/slideshow.phares.duckdns.org.key -out /etc/nginx/include/slideshow.phares.duckdns.org.crt -config /etc/nginx/include/slideshow.phares.duckdns.org
    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name slideshow.phares.duckdns.org;
 	root /var/www/html-slideshow;
 	index index.html index.htm;
 	location / {
 		try_files $uri $uri/ =404;
 	}
 }
--- a/etc/nginx/include/vaultwarden.conf
+++ b/etc/nginx/include/vaultwarden.conf
@ -0,0 +1,34 @@
 server {
    # touch /etc/nginx/include/vaultwarden.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/vaultwarden.phares.duckdns.org.key -out /etc/nginx/include/vaultwarden.phares.duckdns.org.crt -config /etc/nginx/include/vaultwarden.phares.duckdns.org
    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    # server_tokens off;
    # ssl_ciphers ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-CCM:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-CCM:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256;
    # ssl_prefer_server_ciphers on;
    # ssl_session_tickets off;
    # ssl_session_timeout 1d;
    # ssl_session_cache shared:SSL:10m;
    # ssl_buffer_size 8k;
    # # ssl_stapling on;
    # ssl_stapling off;
    # ssl_stapling_verify on;
    # add_header X-Content-Type-Options nosniff;
    # add_header Content-Security-Policy "object-src 'none'; base-uri 'none'; require-trusted-types-for 'script'; frame-ancestors 'self';";
    # add_header Strict-Transport-Security "max-age=15552001; includeSubdomains; preload";
    server_name vaultwarden.phares.duckdns.org;
    client_max_body_size 5000m;
    location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        # proxy_pass              http://10.147.229.6:8000/;
        proxy_pass              https://192.168.11.2:5008/;
        proxy_read_timeout      600s;
        proxy_send_timeout      600s;
    }
 }
--- a/etc/nginx/include/warden.conf
+++ b/etc/nginx/include/warden.conf
@ -0,0 +1,34 @@
 server {
    # touch /etc/nginx/include/warden.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/warden.phares.duckdns.org.key -out /etc/nginx/include/warden.phares.duckdns.org.crt -config /etc/nginx/include/warden.phares.duckdns.org
    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    # server_tokens off;
    # ssl_ciphers ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-CCM:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-CCM:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256;
    # ssl_prefer_server_ciphers on;
    # ssl_session_tickets off;
    # ssl_session_timeout 1d;
    # ssl_session_cache shared:SSL:10m;
    # ssl_buffer_size 8k;
    # # ssl_stapling on;
    # ssl_stapling off;
    # ssl_stapling_verify on;
    # add_header X-Content-Type-Options nosniff;
    # add_header Content-Security-Policy "object-src 'none'; base-uri 'none'; require-trusted-types-for 'script'; frame-ancestors 'self';";
    # add_header Strict-Transport-Security "max-age=15552001; includeSubdomains; preload";
    server_name warden.phares.duckdns.org;
    client_max_body_size 5000m;
    location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        # proxy_pass              http://10.147.229.6:8000/;
        proxy_pass              https://192.168.11.2:5008/;
        proxy_read_timeout      600s;
        proxy_send_timeout      600s;
    }
 }
--- a/etc/nginx/include/xandikos.conf
+++ b/etc/nginx/include/xandikos.conf
@ -0,0 +1,20 @@
 server {
    # touch /etc/nginx/include/xandikos.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/xandikos.phares.duckdns.org.key -out /etc/nginx/include/xandikos.phares.duckdns.org.crt -config /etc/nginx/include/xandikos.phares.duckdns.org
    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name xandikos.phares.duckdns.org;
    client_max_body_size 5000m;
    location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_pass              http://192.168.11.2:8000/;
        proxy_read_timeout      600s;
        proxy_send_timeout      600s;
    }
 }
--- a/etc/nginx/sites-available/default
+++ b/etc/nginx/sites-available/default
@ -1,42 +1,40 @@
 include /etc/nginx/include/adguard.conf; # https://adguard.phares.duckdns.org # http://192.168.11.2:3002/
 include /etc/nginx/include/affirm.conf; # https://*.affirm.duckdns.org # /var/www/html-affirm
 include /etc/nginx/include/baikal.conf; # https://baikal.phares.duckdns.org # http://192.168.11.2:8001/
 include /etc/nginx/include/bchs.conf; # https://*.bchs.duckdns.org # /var/www/html-bchs
 include /etc/nginx/include/blinko.conf; # https://blinko.phares.duckdns.org # http://192.168.11.2:5012/
 include /etc/nginx/include/cockpit.conf; # https://cockpit.phares.duckdns.org # https://127.0.0.1:9090/
 include /etc/nginx/include/dashkiosk.conf; # https://dashkiosk.phares.duckdns.org # http://192.168.11.2:9400/
 include /etc/nginx/include/firefox.conf; # https://firefox.phares.duckdns.org # http://192.168.11.2:5800/
 include /etc/nginx/include/gitea.conf; # https://gitea.phares.duckdns.org # http://192.168.11.2:3000/
 include /etc/nginx/include/immich-kiosk.conf; # https://immich-kiosk.phares.duckdns.org # http://192.168.11.2:5010/
 include /etc/nginx/include/immich-to-slideshow.conf; # https://immich-to-slideshow.phares.duckdns.org # http://192.168.11.2:5009/
 include /etc/nginx/include/immich.conf; # https://immich.phares.duckdns.org # http://192.168.11.2:3001/
 include /etc/nginx/include/kuma.conf; # https://kuma.phares.duckdns.org # https://192.168.11.2:3004/
 include /etc/nginx/include/linkwarden.conf; # https://linkwarden.phares.duckdns.org # http://192.168.11.2:5011/
 include /etc/nginx/include/mattermost.conf; # https://mattermost.phares.duckdns.org # https://192.168.11.2:8443/
 include /etc/nginx/include/neko.conf; # https://neko.phares.duckdns.org # http://192.168.11.2:8082/
 include /etc/nginx/include/odoo.conf; # https://odoo.phares.duckdns.org # http://192.168.11.2:8069/
 include /etc/nginx/include/pgadmin.conf; # https://pgadmin.phares.duckdns.org # https://192.168.11.2:5007/
 include /etc/nginx/include/phares.conf; # https://phares.duckdns.org # /var/www/html-nginx
 include /etc/nginx/include/quartz.conf; # https://quartz.phares.duckdns.org # /var/www/html-quartz
 include /etc/nginx/include/slideshow.conf; # https://slideshow.phares.duckdns.org # /var/www/html-slideshow
 include /etc/nginx/include/vaultwarden.conf; # https://vaultwarden.phares.duckdns.org # https://192.168.11.2:5008/
 include /etc/nginx/include/warden.conf; # https://warden.phares.duckdns.org # https://192.168.11.2:5008/
 include /etc/nginx/include/xandikos.conf; # https://xandikos.phares.duckdns.org # http://192.168.11.2:8000/
 server {
-	listen 8080 default_server;
+    # touch /etc/nginx/include/phares.duckdns.org
-	root /var/www/html;
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/phares.duckdns.org.key -out /etc/nginx/include/phares.duckdns.org.crt -config /etc/nginx/include/phares.duckdns.org
-	index index.html index.htm index.nginx-debian.html;
+    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-	server_name _;
+    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-	location / {
+    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
-		try_files $uri $uri/ =404;
+    ssl_protocols TLSv1.2 TLSv1.3;
-	}
+    listen 443 ssl http2;
    server_name *.phares.duckdns.org;
    root /var/www/html-nginx;
    index index.nginx-debian.html;
    location / {
        try_files $uri $uri.html $uri/ =404;
    }
 }
-include /etc/nginx/include/affirm.conf;
+# ssh root@free.file.sync.root -i C:/Users/phares/.ssh/id_ed25519
 # include /etc/nginx/include/ansible.conf;
 # include /etc/nginx/include/assistant.conf;
 # include /etc/nginx/include/casa.conf;
 include /etc/nginx/include/codeserver.conf;
 include /etc/nginx/include/dashkiosk.conf;
 # include /etc/nginx/include/dockge.conf;
 # include /etc/nginx/include/docmost.conf;
 # include /etc/nginx/include/emby.conf;
 # include /etc/nginx/include/filebrowser.conf;
 # include /etc/nginx/include/gogs.conf;
 include /etc/nginx/include/gitea.conf;
 include /etc/nginx/include/immich.conf;
 include /etc/nginx/include/incus.conf;
 # include /etc/nginx/include/invoice.conf;
 include /etc/nginx/include/lxconsole.conf;
 include /etc/nginx/include/kestra.conf;
 include /etc/nginx/include/music.conf;
 # include /etc/nginx/include/nextcloud.conf;
 # include /etc/nginx/include/owncast.conf;
 include /etc/nginx/include/phares.conf;
 include /etc/nginx/include/pgadmin.conf;
 # include /etc/nginx/include/photoprism.conf;
 # include /etc/nginx/include/pihole.conf;
 # include /etc/nginx/include/proxmox.conf;
 include /etc/nginx/include/quartz.conf;
 # include /etc/nginx/include/readeck.conf;
 # include /etc/nginx/include/syncthing.conf;
 # include /etc/nginx/include/terraform.conf;
 # include /etc/nginx/include/uptimekuma.conf;
 include /etc/nginx/include/vaultwarden.conf;
 # include /etc/nginx/include/vscodium.conf;
 # include /etc/nginx/include/wekan.conf;
--- a/etc/passwd
+++ b/etc/passwd
@ -31,12 +31,18 @@ landscape:x:107:109::/var/lib/landscape:/usr/sbin/nologin
 fwupd-refresh:x:989:989:Firmware update daemon:/var/lib/fwupd:/usr/sbin/nologin
 usbmux:x:108:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
 sshd:x:109:65534::/run/sshd:/usr/sbin/nologin
-phares:x:1000:1000:Mike Phares:/home/phares:/bin/bash
+phares:x:1001:1001:Mike Phares:/home/phares:/bin/bash
-pihole:x:1001:1001:Pi-hole,,,:/home/pihole:/bin/bash
+podman:x:1000:1000:Podman,,,:/home/podman:/bin/bash
 podman:x:1002:1002:Podman,,,:/home/podman:/bin/bash
 lphares:x:1003:1003:Logan Phares,,,:/home/lphares:/bin/bash
 bmiller:x:1004:1004:Bill Miller,,,:/home/bmiller:/bin/bash
 unbound:x:110:111::/var/lib/unbound:/usr/sbin/nologin
 dnsmasq:x:999:65534:dnsmasq:/var/lib/misc:/usr/sbin/nologin
 cockpit-ws:x:111:112::/nonexistent:/usr/sbin/nologin
 cockpit-wsinstance:x:112:113::/nonexistent:/usr/sbin/nologin
 pcp:x:996:988:Performance Co-Pilot:/var/lib/pcp:/usr/sbin/nologin
 persa:x:1002:1002:Persaya Cortez,,,:/home/persa:/bin/bash
 redis:x:113:114::/var/lib/redis:/usr/sbin/nologin
 swtpm:x:114:115:virtual TPM software stack,,,:/var/lib/swtpm:/bin/false
 libvirt-qemu:x:64055:994:Libvirt Qemu,,,:/var/lib/libvirt:/usr/sbin/nologin
 libvirt-dnsmasq:x:115:117:Libvirt Dnsmasq,,,:/var/lib/libvirt/dnsmasq:/usr/sbin/nologin
 libvirtdbus:x:116:118:libvirt-dbus user,,,:/nonexistent:/usr/sbin/nologin
--- a/etc/passwd-
+++ b/etc/passwd-
@ -31,11 +31,18 @@ landscape:x:107:109::/var/lib/landscape:/usr/sbin/nologin
 fwupd-refresh:x:989:989:Firmware update daemon:/var/lib/fwupd:/usr/sbin/nologin
 usbmux:x:108:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
 sshd:x:109:65534::/run/sshd:/usr/sbin/nologin
-phares:x:1000:1000:Mike Phares:/home/phares:/bin/bash
+phares:x:1001:1001:Mike Phares:/home/phares:/bin/bash
-pihole:x:1001:1001:Pi-hole,,,:/home/pihole:/bin/bash
+podman:x:1000:1000:Podman,,,:/home/podman:/bin/bash
 podman:x:1002:1002:Podman,,,:/home/podman:/bin/bash
 lphares:x:1003:1003:Logan Phares,,,:/home/lphares:/bin/bash
 bmiller:x:1004:1004:Bill Miller,,,:/home/bmiller:/bin/bash
 unbound:x:110:111::/var/lib/unbound:/usr/sbin/nologin
 dnsmasq:x:999:65534:dnsmasq:/var/lib/misc:/usr/sbin/nologin
 cockpit-ws:x:111:112::/nonexistent:/usr/sbin/nologin
 cockpit-wsinstance:x:112:113::/nonexistent:/usr/sbin/nologin
 pcp:x:996:988:Performance Co-Pilot:/var/lib/pcp:/usr/sbin/nologin
 persa:x:1002:1002:Persaya Cortez,,,:/home/persa:/bin/bash
 redis:x:113:114::/var/lib/redis:/usr/sbin/nologin
 swtpm:x:114:115:virtual TPM software stack,,,:/var/lib/swtpm:/bin/false
 libvirt-qemu:x:64055:994:Libvirt Qemu,,,:/var/lib/libvirt:/usr/sbin/nologin
 libvirt-dnsmasq:x:115:117:Libvirt Dnsmasq,,,:/var/lib/libvirt/dnsmasq:/usr/sbin/nologin
 libvirtdbus:x:116:118::/nonexistent:/usr/sbin/nologin
--- a/etc/pihole/dhcp.leases
+++ b/etc/pihole/dhcp.leases
--- a/etc/pihole/setupVars.conf
+++ b/etc/pihole/setupVars.conf
@ -1,14 +0,0 @@
 PIHOLE_INTERFACE=enp2s0
 QUERY_LOGGING=true
 INSTALL_WEB_SERVER=true
 INSTALL_WEB_INTERFACE=true
 LIGHTTPD_ENABLED=true
 CACHE_SIZE=10000
 DNS_FQDN_REQUIRED=true
 DNS_BOGUS_PRIV=true
 DNSMASQ_LISTENING=local
 WEBPASSWORD=4f2f4f253d64a90315c0ace8a61b6b6e828f8d8d996b0a0b0e153230617bedd3
 BLOCKING_ENABLED=true
 PIHOLE_DNS_1=127.0.0.1#5335
 DNSSEC=false
 REV_SERVER=false
--- a/etc/shadow
+++ b/etc/shadow
@ -32,7 +32,6 @@ fwupd-refresh:!*:19836::::::
 usbmux:!:19929::::::
 sshd:!:19929::::::
 phares:$y$j9T$mk3Fb5hENQkN//RvJPyB6.$xdsox1L6gnbZibmeEsveAMNjZ22J7sIEz.W957Osj1A:19930:0:99999:7:::
 pihole:$y$j9T$k223Uf777oEQZtuag6kXO1$vfa4e7EdalU7A9ECEoPJ7QHnN9Bkylct7kNIHZYXGP8:19929:0:99999:7:::
 podman:$y$j9T$kuuH4dAlA8LAbBASzBA6y/$9xVT4/nstOeIVTVoil/WSUKMIyePo8dKBXDByMm.qG5:19929:0:99999:7:::
 lphares:$y$j9T$m33.tZHwrEl7X.ovXN.a7/$z2We2A72fQMDkSQIYetbXuNNTk8YHNEvQeisSwtmo6C:19929:0:99999:7:::
 bmiller:$y$j9T$sYFlvEEV1yntCl3CeN8M70$CpuMQrO3K9NFF122NsJWvM5nxnQK8EXvmD3C41.JZm8:19929:0:99999:7:::
@ -40,3 +39,10 @@ unbound:!:19929::::::
 dnsmasq:!:19930::::::
 cockpit-ws:!:19930::::::
 cockpit-wsinstance:!:19930::::::
 pcp:!:19938::::::
 persa:$y$j9T$9AiaUMaouaQcqO9TOrKZe.$XSerhwFhjwluy/xONVpJVUmeQfXk/qasTO6FCFmw9E1:19978:0:99999:7:::
 redis:!:20001::::::
 swtpm:!:20038::::::
 libvirt-qemu:!:20038::::::
 libvirt-dnsmasq:!:20038::::::
 libvirtdbus:!:20038::::::
--- a/etc/shadow-
+++ b/etc/shadow-
@ -31,11 +31,17 @@ landscape:!:19836::::::
 fwupd-refresh:!*:19836::::::
 usbmux:!:19929::::::
 sshd:!:19929::::::
-phares:$6$X.bTmW8z9/2WwB08$pivFW7YtPuGBou4Ut7eB1Y1ELwOVumy5tJYMf/RTQgkdUWzkKs9jndwfuVzTRlknbyGzA4A1lPImVtVHOCyBs/:19929:0:99999:7:::
+phares:$y$j9T$mk3Fb5hENQkN//RvJPyB6.$xdsox1L6gnbZibmeEsveAMNjZ22J7sIEz.W957Osj1A:19930:0:99999:7:::
 pihole:$y$j9T$k223Uf777oEQZtuag6kXO1$vfa4e7EdalU7A9ECEoPJ7QHnN9Bkylct7kNIHZYXGP8:19929:0:99999:7:::
 podman:$y$j9T$kuuH4dAlA8LAbBASzBA6y/$9xVT4/nstOeIVTVoil/WSUKMIyePo8dKBXDByMm.qG5:19929:0:99999:7:::
 lphares:$y$j9T$m33.tZHwrEl7X.ovXN.a7/$z2We2A72fQMDkSQIYetbXuNNTk8YHNEvQeisSwtmo6C:19929:0:99999:7:::
 bmiller:$y$j9T$sYFlvEEV1yntCl3CeN8M70$CpuMQrO3K9NFF122NsJWvM5nxnQK8EXvmD3C41.JZm8:19929:0:99999:7:::
 unbound:!:19929::::::
 dnsmasq:!:19930::::::
 cockpit-ws:!:19930::::::
 cockpit-wsinstance:!:19930::::::
 pcp:!:19938::::::
 persa:$y$j9T$9AiaUMaouaQcqO9TOrKZe.$XSerhwFhjwluy/xONVpJVUmeQfXk/qasTO6FCFmw9E1:19978:0:99999:7:::
 redis:!:20001::::::
 swtpm:!:20038::::::
 libvirt-qemu:!:20038::::::
 libvirt-dnsmasq:!:20038::::::
--- a/etc/systemd/resolved.conf
+++ b/etc/systemd/resolved.conf
@ -30,7 +30,7 @@
 #LLMNR=no
 #Cache=no-negative
 #CacheFromLocalhost=no
-DNSStubListener=no
+#DNSStubListener=yes
 #DNSStubListenerExtra=
 #ReadEtcHosts=yes
 #ResolveUnicastSingleLabel=no
--- a/etc/systemd/system/snap.adguard-home.adguard-home.service
+++ b/etc/systemd/system/snap.adguard-home.adguard-home.service
@ -0,0 +1,19 @@
 [Unit]
 # Auto-generated, DO NOT EDIT
 Description=Service for snap application adguard-home.adguard-home
 Requires=snap-adguard\x2dhome-7577.mount
 Wants=network.target
 After=snap-adguard\x2dhome-7577.mount network.target snapd.apparmor.service
 X-Snappy=yes
 [Service]
 EnvironmentFile=-/etc/environment
 ExecStart=/usr/bin/snap run adguard-home
 SyslogIdentifier=adguard-home.adguard-home
 Restart=always
 WorkingDirectory=/var/snap/adguard-home/7577
 TimeoutStopSec=30
 Type=simple
 [Install]
 WantedBy=multi-user.target
--- a/etc/systemd/system/snap.certbot.renew.service
+++ b/etc/systemd/system/snap.certbot.renew.service
@ -1,9 +1,9 @@
 [Unit]
 # Auto-generated, DO NOT EDIT
 Description=Service for snap application certbot.renew
-Requires=snap-certbot-3834.mount
+Requires=snap-certbot-4193.mount
 Wants=network.target
-After=snap-certbot-3834.mount network.target snapd.apparmor.service
+After=snap-certbot-4193.mount network.target snapd.apparmor.service
 X-Snappy=yes
 [Service]
@ -11,6 +11,6 @@ EnvironmentFile=-/etc/environment
 ExecStart=/usr/bin/snap run --timer="00:00~24:00/2" certbot.renew
 SyslogIdentifier=certbot.renew
 Restart=no
-WorkingDirectory=/var/snap/certbot/3834
+WorkingDirectory=/var/snap/certbot/4193
 TimeoutStopSec=30
 Type=oneshot
--- a/etc/systemd/system/snap.certbot.renew.timer
+++ b/etc/systemd/system/snap.certbot.renew.timer
@ -1,14 +1,14 @@
 [Unit]
 # Auto-generated, DO NOT EDIT
 Description=Timer renew for snap application certbot.renew
-Requires=snap-certbot-3834.mount
+Requires=snap-certbot-4193.mount
-After=snap-certbot-3834.mount
+After=snap-certbot-4193.mount
 X-Snappy=yes
 [Timer]
 Unit=snap.certbot.renew.service
-OnCalendar=*-*-* 05:54
+OnCalendar=*-*-* 06:46
-OnCalendar=*-*-* 14:00
+OnCalendar=*-*-* 14:10
 [Install]
 WantedBy=timers.target
--- a/etc/systemd/system/snap.ubuntu-frame.daemon.service
+++ b/etc/systemd/system/snap.ubuntu-frame.daemon.service
@ -1,9 +1,9 @@
 [Unit]
 # Auto-generated, DO NOT EDIT
 Description=Service for snap application ubuntu-frame.daemon
-Requires=snap-ubuntu\x2dframe-9750.mount
+Requires=snap-ubuntu\x2dframe-10823.mount
 Wants=network.target
-After=snap-ubuntu\x2dframe-9750.mount network.target snapd.apparmor.service
+After=snap-ubuntu\x2dframe-10823.mount network.target snapd.apparmor.service
 X-Snappy=yes
 [Service]
@ -12,7 +12,7 @@ ExecStart=/usr/bin/snap run ubuntu-frame.daemon
 SyslogIdentifier=ubuntu-frame.daemon
 Restart=on-failure
 RestartSec=3
-WorkingDirectory=/var/snap/ubuntu-frame/9750
+WorkingDirectory=/var/snap/ubuntu-frame/10823
 TimeoutStopSec=30
 Type=simple
--- a/etc/systemd/system/snap.vaultwarden.vaultwarden.service
+++ b/etc/systemd/system/snap.vaultwarden.vaultwarden.service
@ -0,0 +1,19 @@
 [Unit]
 # Auto-generated, DO NOT EDIT
 Description=Service for snap application vaultwarden.vaultwarden
 Requires=snap-vaultwarden-155.mount
 Wants=network.target
 After=snap-vaultwarden-155.mount network.target snapd.apparmor.service
 X-Snappy=yes
 [Service]
 EnvironmentFile=-/etc/environment
 ExecStart=/usr/bin/snap run vaultwarden
 SyslogIdentifier=vaultwarden.vaultwarden
 Restart=on-failure
 WorkingDirectory=/var/snap/vaultwarden/155
 TimeoutStopSec=30
 Type=simple
 [Install]
 WantedBy=multi-user.target
--- a/etc/unbound/unbound.conf
+++ b/etc/unbound/unbound.conf
@ -1,10 +0,0 @@
 # Unbound configuration file for Debian.
 #
 # See the unbound.conf(5) man page.
 #
 # See /usr/share/doc/unbound/examples/unbound.conf for a commented
 # reference config file.
 #
 # The following line includes additional configuration files from the
 # /etc/unbound/unbound.conf.d directory.
 include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
--- a/home/podman/.config/containers/systemd/immich-server-external.volume
+++ b/home/podman/.config/containers/systemd/immich-server-external.volume
--- a/home/podman/.config/containers/systemd/vaultwarden-server-data.volume
+++ b/home/podman/.config/containers/systemd/vaultwarden-server-data.volume
--- a/home/podman/.config/containers/systemd/baikal-server.container
+++ b/home/podman/.config/containers/systemd/baikal-server.container
@ -0,0 +1,27 @@
 [Container]
 AutoUpdate=registry
 ContainerName=baikal-server
 Image=docker.io/ckulka/baikal:latest
 PublishPort=8001:80
 Volume=baikal-server-config.volume:/var/www/baikal/config:Z
 Volume=baikal-server-data.volume:/var/www/baikal/Specific:Z
 [Service]
 Restart=no
 [Install]
 WantedBy=multi-user.target default.target
 # podman pull docker.io/ckulka/baikal:latest
 # systemctl --user daemon-reload
 # systemctl --user start baikal-server
 # systemctl --user status baikal-server
 # journalctl -fu baikal-server.service
 # podman logs baikal-server
 # systemctl --user stop baikal-server
 # systemctl --user disable baikal-server
 # podman exec -ti baikal-server /bin/sh
 # podman exec -ti baikal-server /bin/bash
 # mkdir -p /home/podman/backup-baikal
 # now=$(date +'%Y-%m-%d_%H-%M-%S')
 # podman volume export systemd-baikal-server-data --output /home/podman/backup-baikal/baikal-server-data-${now}.tar
--- a/home/podman/.config/containers/systemd/blinko-db-data.volume
+++ b/home/podman/.config/containers/systemd/blinko-db-data.volume
@ -0,0 +1 @@
 [Volume]
--- a/home/podman/.config/containers/systemd/blinko-db.container
+++ b/home/podman/.config/containers/systemd/blinko-db.container
@ -0,0 +1,32 @@
 [Container]
 AutoUpdate=registry
 ContainerName=blinko-db
 Environment="POSTGRES_DB=blinko"
 Environment="POSTGRES_PASSWORD=PmjIIip4vIKGr19rGOoG"
 Environment="POSTGRES_USER=postgres"
 Image=docker.io/postgres:14
 # Network=blinko.network
 # Pod=blinko.pod
 PublishPort=5438:5432
 Volume=blinko-db-data.volume:/var/lib/postgresql/data:Z
 [Service]
 Restart=no
 [Install]
 WantedBy=multi-user.target default.target
 # podman pull docker.io/postgres:14
 # systemctl --user daemon-reload
 # systemctl --user start blinko-db
 # systemctl --user status blinko-db
 # journalctl -fu blinko-db.service
 # podman logs blinko-db
 # systemctl --user stop blinko-db
 # systemctl --user disable blinko-db
 # podman exec -ti blinko-db /bin/sh
 # podman exec -ti blinko-db /bin/bash
 # Image=docker.io/library/postgres:16
 # podman pull docker.io/library/postgres:16
 # file: 'extension.c', line: '543', routine: 'parse_extension_control_file'
 # https://github.com/blinko-app/blinko/discussions/6792
--- a/home/podman/.config/containers/systemd/blinko-server-data.volume
+++ b/home/podman/.config/containers/systemd/blinko-server-data.volume
@ -0,0 +1 @@
 [Volume]
--- a/home/podman/.config/containers/systemd/blinko-server.container
+++ b/home/podman/.config/containers/systemd/blinko-server.container
@ -0,0 +1,36 @@
 [Container]
 AutoUpdate=registry
 ContainerName=blinko-server
 Environment="DATABASE_URL=postgresql://postgres:PmjIIip4vIKGr19rGOoG@192.168.11.2:5438/blinko"
 Environment="NEXTAUTH_SECRET=tKFFshr8tMHoXRAA8jxS"
 Environment="NODE_ENV=production"
 Image=docker.io/blinkospace/blinko:latest
 # Network=blinko.network
 # Pod=blinko.pod
 PublishPort=5012:1111
 Volume=/etc/localtime:/etc/localtime:ro
 Volume=blinko-server-data.volume:/data/data:Z
 [Service]
 Restart=no
 [Unit]
 Requires=blinko-db.service
 After=blinko-db.service
 [Install]
 WantedBy=multi-user.target default.target
 # podman pull docker.io/blinkospace/blinko:latest
 # systemctl --user daemon-reload
 # systemctl --user start blinko-server
 # systemctl --user status blinko-server --lines=9999
 # journalctl -fu blinko-server.service
 # podman logs blinko-server
 # systemctl --user stop blinko-server
 # systemctl --user disable blinko-server
 # podman exec -ti blinko-server /bin/sh
 # podman exec -ti blinko-server /bin/bash
 # mkdir -p /home/podman/backup-blinko
 # now=$(date +'%Y-%m-%d_%H-%M-%S')
 # podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/blinko-server-data-${now}.tar
--- a/home/podman/.config/containers/systemd/firefox-data.volume
+++ b/home/podman/.config/containers/systemd/firefox-data.volume
@ -0,0 +1 @@
 [Volume]
--- a/home/podman/.config/containers/systemd/firefox.container
+++ b/home/podman/.config/containers/systemd/firefox.container
@ -0,0 +1,31 @@
 [Container]
 AutoUpdate=registry
 ContainerName=firefox
 Environment="FF_OPEN_URL=https://192.168.11.1"
 Image=docker.io/jlesage/firefox:v24.11.1
 # Network=firefox.network
 # Pod=firefox.pod
 PublishPort=5800:5800
 Volume=/etc/localtime:/etc/localtime:ro
 Volume=/etc/timezone:/etc/timezone:ro
 Volume=firefox-data.volume:/config:rw
 [Service]
 Restart=no
 [Install]
 WantedBy=multi-user.target default.target
 # podman pull docker.io/jlesage/firefox:v24.11.1
 # systemctl --user daemon-reload
 # systemctl --user start firefox
 # systemctl --user status firefox
 # journalctl -fu firefox.service
 # podman logs firefox
 # systemctl --user stop firefox
 # systemctl --user disable firefox
 # podman exec -ti firefox /bin/sh
 # podman exec -ti firefox /bin/bash
 # mkdir -p /home/podman/backup-firefox
 # now=$(date +'%Y-%m-%d_%H-%M-%S')
 # podman volume export systemd-firefox-server-data --output /home/podman/backup-firefox/firefox-server-data-${now}.tar
--- a/home/podman/.config/containers/systemd/gitea-server.container
+++ b/home/podman/.config/containers/systemd/gitea-server.container
@ -19,7 +19,7 @@ Environment="GITEA__server__DOMAIN=gitea.phares.duckdns.org"
 Environment="GITEA__server__LFS_JWT_SECRET=WgTjm7nPHRtxHWrWi9EInaNnQGENsECgCqi2e9H37W0"
 Environment="GITEA__server__ROOT_URL=https://gitea.phares.duckdns.org/"
 Environment="GITEA__server__SSH_DOMAIN=gitea.phares.duckdns.org"
-Image=docker.io/gitea/gitea:1.22.1-rootless
+Image=docker.io/gitea/gitea:1.22.3-rootless
 # Network=gitea.network
 # Pod=gitea.pod
 PublishPort=3000:3000
@ -38,7 +38,9 @@ Restart=no
 [Install]
 WantedBy=multi-user.target default.target
-# podman pull docker.io/gitea/gitea:1.22.1-rootless
+# podman pull docker.io/gitea/gitea:1.22.3-rootless
 # x-podman pull docker.io/gitea/gitea:1.22.1-rootless
 # x-podman pull docker.io/gitea/gitea:latest
 # systemctl --user daemon-reload
 # systemctl --user start gitea-server
 # systemctl --user status gitea-server
@ -48,3 +50,6 @@ WantedBy=multi-user.target default.target
 # systemctl --user disable gitea-server
 # podman exec -ti gitea-server /bin/sh
 # podman exec -ti gitea-server /bin/bash
 # mkdir -p /home/podman/backup-gitea
 # now=$(date +'%Y-%m-%d_%H-%M-%S')
 # podman volume export systemd-gitea-server-data --output /home/podman/backup-gitea/gitea-server-data-${now}.tar
--- a/home/podman/.config/containers/systemd/immich-card-dav.container
+++ b/home/podman/.config/containers/systemd/immich-card-dav.container
@ -0,0 +1,35 @@
 [Container]
 AutoUpdate=registry
 ContainerName=immich-card-dav
 Environment="CARDDAV_SYNC_CARDDAV_ADDRESSBOOK=asdf"
 Environment="CARDDAV_SYNC_CARDDAV_PASSWORD=excitedwater164"
 Environment="CARDDAV_SYNC_CARDDAV_URL=192.168.11.2"
 Environment="CARDDAV_SYNC_CARDDAV_USERNAME=cphares"
 Environment="CARDDAV_SYNC_CRON_EXPRESSION=24 5 * * *"
 Environment="CARDDAV_SYNC_IMMICH_API_KEY=asdf"
 Environment="CARDDAV_SYNC_IMMICH_API_URL=asdf"
 Image=ghcr.io/daniele-athome/immich-carddav-sync-daemon:master
 # Network=immich.network
 # Pod=immich.pod
 # PublishPort=3001:3001
 [Service]
 Restart=no
 [Unit]
 Requires=immich-server.service
 After=immich-server.service
 [Install]
 WantedBy=multi-user.target default.target
 # podman pull ghcr.io/daniele-athome/immich-carddav-sync-daemon:master
 # systemctl --user daemon-reload
 # systemctl --user start immich-card-dav
 # systemctl --user status immich-card-dav
 # journalctl -fu immich-card-dav.service
 # podman logs immich-card-dav
 # systemctl --user stop immich-card-dav
 # systemctl --user disable immich-card-dav
 # podman exec -ti immich-card-dav /bin/sh
 # podman exec -ti immich-card-dav /bin/bash
--- a/home/podman/.config/containers/systemd/immich-db.container
+++ b/home/podman/.config/containers/systemd/immich-db.container
@ -5,7 +5,7 @@ Environment="POSTGRES_DB=immich"
 Environment="POSTGRES_INITDB_ARGS=--data-checksums"
 Environment="POSTGRES_PASSWORD=postgres"
 Environment="POSTGRES_USER=postgres"
-Image=docker.io/library/postgres:16
+Image=docker.io/tensorchord/pgvecto-rs:pg16-v0.2.0
 # Network=immich.network
 # Pod=immich.pod
 PublishPort=5432:5432
@ -41,7 +41,7 @@ WantedBy=multi-user.target default.target
 #     - -c
 #     - wal_compression=on
-# podman pull docker.io/library/postgres:16
+# podman pull docker.io/tensorchord/pgvecto-rs:pg16-v0.2.0
 # systemctl --user daemon-reload
 # systemctl --user start immich-db
 # systemctl --user status immich-db
@ -51,3 +51,7 @@ WantedBy=multi-user.target default.target
 # systemctl --user disable immich-db
 # podman exec -ti immich-db /bin/sh
 # podman exec -ti immich-db /bin/bash
 # Image=docker.io/library/postgres:16
 # podman pull docker.io/library/postgres:16
 # file: 'extension.c', line: '543', routine: 'parse_extension_control_file'
 # https://github.com/immich-app/immich/discussions/6792
--- a/home/podman/.config/containers/systemd/immich-kiosk.container
+++ b/home/podman/.config/containers/systemd/immich-kiosk.container
@ -0,0 +1,83 @@
 [Container]
 AutoUpdate=registry
 ContainerName=immich-kiosk
 Environment="TZ=America/Phoenix"
 # Required settings
 Environment="KIOSK_IMMICH_API_KEY=fLJoRERkcmFuSviMaAfsuINmvyXLFKu9HIICXP8I"
 Environment="KIOSK_IMMICH_URL=http://192.168.11.2:3001"
 # Clock
 Environment="KIOSK_SHOW_TIME=true"
 Environment="KIOSK_TIME_FORMAT=12"
 Environment="KIOSK_SHOW_DATE=true"
 Environment="KIOSK_DATE_FORMAT=MM/DD/YYYY"
 # Kiosk behaviour
 Environment="KIOSK_REFRESH=15"
 Environment="KIOSK_DISABLE_SCREENSAVER=false"
 # Asset sources
 Environment="KIOSK_SHOW_ARCHIVED=false"
 # Environment="KIOSK_ALBUM=ALBUM_ID,ALBUM_ID,ALBUM_ID"
 # Environment="KIOSK_PERSON=PERSON_ID,PERSON_ID,PERSON_ID"
 # UI
 Environment="KIOSK_DISABLE_UI=false"
 Environment="KIOSK_FRAMELESS=false"
 Environment="KIOSK_HIDE_CURSOR=false"
 Environment="KIOSK_FONT_SIZE=100"
 Environment="KIOSK_BACKGROUND_BLUR=true"
 Environment="KIOSK_THEME=fade"
 Environment="KIOSK_LAYOUT=single"
 # Sleep mode
 # KIOSK_SLEEP_START=22"
 # KIOSK_SLEEP_END=7"
 # Transition options
 Environment="KIOSK_TRANSITION=none"
 Environment="KIOSK_FADE_TRANSITION_DURATION=1"
 Environment="KIOSK_CROSS_FADE_TRANSITION_DURATION=1"
 # Image display settings
 Environment="KIOSK_SHOW_PROGRESS=false"
 Environment="KIOSK_IMAGE_FIT=none"
 Environment="KIOSK_IMAGE_EFFECT=zoom"
 Environment="KIOSK_IMAGE_EFFECT_AMOUNT=12"
 Environment="KIOSK_USE_ORIGINAL_IMAGE=false"
 # Image metadata
 Environment="KIOSK_SHOW_IMAGE_TIME=true"
 Environment="KIOSK_IMAGE_TIME_FORMAT=12"
 Environment="KIOSK_SHOW_IMAGE_DATE=true"
 Environment="KIOSK_IMAGE_DATE_FORMAT=MM/DD/YYYY"
 Environment="KIOSK_SHOW_IMAGE_DESCRIPTION=false"
 Environment="KIOSK_SHOW_IMAGE_EXIF=true"
 Environment="KIOSK_SHOW_IMAGE_LOCATION=true"
 # Environment="KIOSK_HIDE_COUNTRIES=HIDDEN_COUNTRY,HIDDEN_COUNTRY"
 Environment="KIOSK_SHOW_IMAGE_ID=true"
 # Kiosk settings
 Environment="KIOSK_WATCH_CONFIG=false"
 Environment="KIOSK_FETCHED_ASSETS_SIZE=1000"
 Environment="KIOSK_HTTP_TIMEOUT=20"
 Environment="KIOSK_PASSWORD="
 Environment="KIOSK_CACHE=true"
 Environment="KIOSK_PREFETCH=true"
 Environment="KIOSK_ASSET_WEIGHTING=true"
 Environment="KIOSK_PORT=3000"
 Image=docker.io/damongolding/immich-kiosk:latest
 # Network=immich-kiosk.network
 # Pod=immich-kiosk.pod
 PublishPort=5010:3000
 Volume=/etc/localtime:/etc/localtime:ro
 Volume=/etc/timezone:/etc/timezone:ro
 [Service]
 Restart=no
 [Install]
 WantedBy=multi-user.target default.target
 # podman pull docker.io/damongolding/immich-kiosk:latest
 # systemctl --user daemon-reload
 # systemctl --user start immich-kiosk
 # systemctl --user status immich-kiosk
 # journalctl -fu immich-kiosk.service
 # podman logs immich-kiosk
 # systemctl --user stop immich-kiosk
 # systemctl --user disable immich-kiosk
 # podman exec -ti immich-kiosk /bin/sh
 # podman exec -ti immich-kiosk /bin/bash
--- a/home/podman/.config/containers/systemd/immich-learning.container
+++ b/home/podman/.config/containers/systemd/immich-learning.container
@ -1,10 +1,13 @@
 [Container]
 AutoUpdate=registry
 ContainerName=immich-learning
 Environment="IMMICH_HOST=0.0.0.0"
 Environment="MACHINE_LEARNING_HOST=0.0.0.0"
 Image=ghcr.io/immich-app/immich-machine-learning:release
 # Network=immich.network
 # Pod=immich.pod
 PublishPort=3003:3003
 Volume=/etc/localtime:/etc/localtime:ro
 Volume=immich-learning-cache.volume:/cache:Z
 [Service]
--- a/home/podman/.config/containers/systemd/immich-redis.container
+++ b/home/podman/.config/containers/systemd/immich-redis.container
@ -29,3 +29,5 @@ WantedBy=multi-user.target default.target
 # systemctl --user disable immich-redis
 # podman exec -ti immich-redis /bin/sh
 # podman exec -ti immich-redis /bin/bash
 # ERROR Can't connect to ('::', 3003)
 # https://github.com/immich-app/immich/discussions/8220
--- a/home/podman/.config/containers/systemd/immich-server.container
+++ b/home/podman/.config/containers/systemd/immich-server.container
@ -2,16 +2,19 @@
 AutoUpdate=registry
 ContainerName=immich-server
 Environment="DB_DATABASE_NAME=immich"
-Environment="DB_HOST=192.168.11.2"
+Environment="DB_HOSTNAME=192.168.11.2"
 Environment="DB_PASSWORD=postgres"
 Environment="DB_USERNAME=postgres"
 Environment="REDIS_HOSTNAME=192.168.11.2"
 Image=ghcr.io/immich-app/immich-server:release
 # Network=immich.network
 # Pod=immich.pod
-PublishPort=3001:3001
+PublishPort=3001:2283
 Volume=/etc/localtime:/etc/localtime:ro
 Volume=immich-server-upload.volume:/usr/src/app/upload:Z
-Volume=immich-server-external.volume:/usr/src/app/external:Z
+# Volume=immich-server-external.volume:/usr/src/app/external:Z
 Volume=/mnt/free-file-sync/still:/usr/src/app/external/still:Z
 Volume=/mnt/free-file-sync/moving:/usr/src/app/external/moving:Z
 [Service]
 Restart=no
@ -35,3 +38,4 @@ WantedBy=multi-user.target default.target
 # systemctl --user disable immich-server
 # podman exec -ti immich-server /bin/sh
 # podman exec -ti immich-server /bin/bash
 # Environment="DB_HOST=192.168.11.2"
--- a/home/podman/.config/containers/systemd/immich-to-slideshow-server.container
+++ b/home/podman/.config/containers/systemd/immich-to-slideshow-server.container
@ -0,0 +1,33 @@
 [Container]
 AutoUpdate=registry
 ContainerName=immich-to-slideshow-server
 Environment="ASPNETCORE_ENVIRONMENT=Production"
 Image=gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest
 # Network=immich-to-slideshow-server.network
 # Pod=immich-to-slideshow-server.pod
 PublishPort=5009:5001
 Volume=/etc/localtime:/etc/localtime:ro
 Volume=/etc/timezone:/etc/timezone:ro
 Volume=immich-server-upload.volume:/app/immich:ro
 Volume=/var/www/html-slideshow/slideshow:/app/sync:rw
 Volume=/var/www/html-slideshow/slideshow/random-results:/app/random-results:rw
 Volume=/mnt/free-file-sync/6-Other-Large-Z/Current-Results:/app/current-results:rw
 # Volume=/home/podman/.microsoft/usersecrets/cc24ad7a-1d95-4c47-a3ea-0d8475ab06da:/~/.microsoft/usersecrets/cc24ad7a-1d95-4c47-a3ea-0d8475ab06da:ro
 Volume=/home/podman/.microsoft/usersecrets/cc24ad7a-1d95-4c47-a3ea-0d8475ab06da/secrets.json:/app/secrets.json:ro
 [Service]
 Restart=no
 [Install]
 WantedBy=multi-user.target default.target
 # podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest
 # systemctl --user daemon-reload
 # systemctl --user start immich-to-slideshow-server
 # systemctl --user status immich-to-slideshow-server
 # journalctl -fu immich-to-slideshow-server.service
 # podman logs immich-to-slideshow-server
 # systemctl --user stop immich-to-slideshow-server
 # systemctl --user disable immich-to-slideshow-server
 # podman exec -ti immich-to-slideshow-server /bin/sh
 # podman exec -ti immich-to-slideshow-server /bin/bash
--- a/home/podman/.config/containers/systemd/linkwarden-db-data.volume
+++ b/home/podman/.config/containers/systemd/linkwarden-db-data.volume
@ -0,0 +1 @@
 [Volume]
--- a/home/podman/.config/containers/systemd/linkwarden-db.container
+++ b/home/podman/.config/containers/systemd/linkwarden-db.container
@ -0,0 +1,32 @@
 [Container]
 AutoUpdate=registry
 ContainerName=linkwarden-db
 Environment="POSTGRES_DB=linkwarden"
 Environment="POSTGRES_PASSWORD=postgres"
 Environment="POSTGRES_USER=postgres"
 Image=docker.io/postgres:16-alpine
 # Network=linkwarden.network
 # Pod=linkwarden.pod
 PublishPort=5437:5432
 Volume=linkwarden-db-data.volume:/var/lib/postgresql/data:Z
 [Service]
 Restart=no
 [Install]
 WantedBy=multi-user.target default.target
 # podman pull docker.io/postgres:16-alpine
 # systemctl --user daemon-reload
 # systemctl --user start linkwarden-db
 # systemctl --user status linkwarden-db
 # journalctl -fu linkwarden-db.service
 # podman logs linkwarden-db
 # systemctl --user stop linkwarden-db
 # systemctl --user disable linkwarden-db
 # podman exec -ti linkwarden-db /bin/sh
 # podman exec -ti linkwarden-db /bin/bash
 # Image=docker.io/library/postgres:16
 # podman pull docker.io/library/postgres:16
 # file: 'extension.c', line: '543', routine: 'parse_extension_control_file'
 # https://github.com/linkwarden-app/linkwarden/discussions/6792
--- a/home/podman/.config/containers/systemd/linkwarden-server-data.volume
+++ b/home/podman/.config/containers/systemd/linkwarden-server-data.volume
@ -0,0 +1 @@
 [Volume]
--- a/home/podman/.config/containers/systemd/linkwarden-server.container
+++ b/home/podman/.config/containers/systemd/linkwarden-server.container
@ -0,0 +1,37 @@
 [Container]
 AutoUpdate=registry
 ContainerName=linkwarden-server
 Environment="DATABASE_URL=postgresql://postgres:postgres@192.168.11.2:5437/linkwarden"
 Environment="NEXTAUTH_SECRET=BP3BnWf17S1I7tyxCbLO3"
 Environment="NEXTAUTH_URL=https://linkwarden.phares.duckdns.org/api/v1/auth"
 Environment="POSTGRES_PASSWORD=postgres"
 Image=ghcr.io/linkwarden/linkwarden:latest
 # Network=linkwarden.network
 # Pod=linkwarden.pod
 PublishPort=5011:3000
 Volume=/etc/localtime:/etc/localtime:ro
 Volume=linkwarden-server-data.volume:/data/data:Z
 [Service]
 Restart=no
 [Unit]
 Requires=linkwarden-db.service
 After=linkwarden-db.service
 [Install]
 WantedBy=multi-user.target default.target
 # podman pull ghcr.io/linkwarden/linkwarden:latest
 # systemctl --user daemon-reload
 # systemctl --user start linkwarden-server
 # systemctl --user status linkwarden-server --lines=9999
 # journalctl -fu linkwarden-server.service
 # podman logs linkwarden-server
 # systemctl --user stop linkwarden-server
 # systemctl --user disable linkwarden-server
 # podman exec -ti linkwarden-server /bin/sh
 # podman exec -ti linkwarden-server /bin/bash
 # mkdir -p /home/podman/backup-linkwarden
 # now=$(date +'%Y-%m-%d_%H-%M-%S')
 # podman volume export systemd-linkwarden-server-data --output /home/podman/backup-linkwarden/linkwarden-server-data-${now}.tar
--- a/home/podman/.config/containers/systemd/mattermost-db-data.volume
+++ b/home/podman/.config/containers/systemd/mattermost-db-data.volume
@ -0,0 +1 @@
 [Volume]
--- a/home/podman/.config/containers/systemd/mattermost-db.container
+++ b/home/podman/.config/containers/systemd/mattermost-db.container
@ -0,0 +1,33 @@
 [Container]
 AutoUpdate=registry
 ContainerName=mattermost-db
 Environment="POSTGRES_DB=mattermost"
 Environment="POSTGRES_INITDB_ARGS=--data-checksums"
 Environment="POSTGRES_PASSWORD=mmuser_password"
 Environment="POSTGRES_USER=mmuser"
 Image=docker.io/postgres:13-alpine
 # Network=immich.network
 # Pod=immich.pod
 PublishPort=5436:5432
 Volume=mattermost-db-data.volume:/var/lib/postgresql/data
 [Service]
 Restart=no
 [Install]
 WantedBy=multi-user.target default.target
 # podman pull docker.io/postgres:13-alpine
 # systemctl --user daemon-reload
 # systemctl --user start mattermost-db
 # systemctl --user status mattermost-db
 # journalctl -fu mattermost-db.service
 # podman logs mattermost-db
 # systemctl --user stop mattermost-db
 # systemctl --user disable mattermost-db
 # podman exec -ti mattermost-db /bin/sh
 # podman exec -ti mattermost-db /bin/bash
 # Image=docker.io/library/postgres:16
 # podman pull docker.io/library/postgres:16
 # file: 'extension.c', line: '543', routine: 'parse_extension_control_file'
 # https://github.com/immich-app/immich/discussions/6792
--- a/home/podman/.config/containers/systemd/mattermost-server-bleve.volume
+++ b/home/podman/.config/containers/systemd/mattermost-server-bleve.volume
@ -0,0 +1 @@
 [Volume]
--- a/home/podman/.config/containers/systemd/mattermost-server-client-plugins.volume
+++ b/home/podman/.config/containers/systemd/mattermost-server-client-plugins.volume
@ -0,0 +1 @@
 [Volume]
--- a/home/podman/.config/containers/systemd/mattermost-server-config.volume
+++ b/home/podman/.config/containers/systemd/mattermost-server-config.volume
@ -0,0 +1 @@
 [Volume]
--- a/home/podman/.config/containers/systemd/mattermost-server-data.volume
+++ b/home/podman/.config/containers/systemd/mattermost-server-data.volume
@ -0,0 +1 @@
 [Volume]
--- a/home/podman/.config/containers/systemd/mattermost-server-logs.volume
+++ b/home/podman/.config/containers/systemd/mattermost-server-logs.volume
@ -0,0 +1 @@
 [Volume]
--- a/home/podman/.config/containers/systemd/mattermost-server-plugins.volume
+++ b/home/podman/.config/containers/systemd/mattermost-server-plugins.volume
@ -0,0 +1 @@
 [Volume]
--- a/home/podman/.config/containers/systemd/mattermost-server.container
+++ b/home/podman/.config/containers/systemd/mattermost-server.container
@ -0,0 +1,50 @@
 [Container]
 AutoUpdate=registry
 ContainerName=mattermost-server
 Environment="DOMAIN=mattermost.phares.duckdns.org"
 Environment="MM_BLEVESETTINGS_INDEXDIR=/mattermost/bleve-indexes"
 Environment="MM_SERVICESETTINGS_SITEURL=https://mattermost.phares.duckdns.org"
 Environment="MM_SQLSETTINGS_DATASOURCE=postgres://mmuser:mmuser_password@192.168.11.2:5436/mattermost?sslmode=disable&connect_timeout=10"
 Environment="MM_SQLSETTINGS_DRIVERNAME=postgres"
 Environment="TZ=US/Arizona"
 # HealthCmd="curl -f http://192.168.11.2:8443/api/v4/system/ping || exit 1"
 # HealthCmd="curl -f https://mattermost.phares.duckdns.org/api/v4/system/ping || exit 1"
 HealthCmd="ls"
 # Image=docker.io/mattermost/mattermost-team-edition:9.11.2
 Image=docker.io/mattermost/mattermost-team-edition:release-10.3
 # Network=mattermost.network
 # Pod=mattermost.pod
 # PublishPort=8065:8065
 # PublishPort=8443:8443
 PublishPort=8443:8065
 Volume=/etc/localtime:/etc/localtime:ro
 Volume=/etc/timezone:/etc/timezone:ro
 Volume=mattermost-server-bleve.volume:/mattermost/bleve-indexes:rw
 Volume=mattermost-server-client-plugins.volume:/mattermost/client/plugins:rw
 Volume=mattermost-server-config.volume:/mattermost/config:rw
 Volume=mattermost-server-data.volume:/mattermost/data:rw
 Volume=mattermost-server-logs.volume:/mattermost/logs:rw
 Volume=mattermost-server-plugins.volume:/mattermost/plugins:rw
 Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro
 Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro
 [Service]
 Restart=no
 [Unit]
 Requires=mattermost-db.service
 [Install]
 WantedBy=multi-user.target default.target
 # podman pull docker.io/mattermost/mattermost-team-edition:release-10.3
 # podman pull docker.io/mattermost/mattermost-team-edition:9.11.2
 # systemctl --user daemon-reload
 # systemctl --user start mattermost-server
 # systemctl --user status mattermost-server --lines=999
 # journalctl -fu mattermost-server.service
 # podman logs mattermost-server
 # systemctl --user stop mattermost-server
 # systemctl --user disable mattermost-server
 # podman exec -ti mattermost-server /bin/sh
 # podman exec -ti mattermost-server /bin/bash
--- a/home/podman/.config/containers/systemd/mysleep.container
+++ b/home/podman/.config/containers/systemd/mysleep.container
@ -1,11 +0,0 @@
 [Unit]
 Description=The sleep container
 After=local-fs.target
 [Container]
 Image=registry.access.redhat.com/ubi9-minimal:latest
 Exec=sleep 1000
 [Install]
 # Start by default on boot
 WantedBy=multi-user.target default.target multi-user.target
--- a/home/podman/.config/containers/systemd/odoo-server.container
+++ b/home/podman/.config/containers/systemd/odoo-server.container
@ -34,3 +34,6 @@ WantedBy=multi-user.target default.target
 # systemctl --user disable odoo-server
 # podman exec -ti odoo-server /bin/sh
 # podman exec -ti odoo-server /bin/bash
 # mkdir -p /home/podman/backup-odoo
 # now=$(date +'%Y-%m-%d_%H-%M-%S')
 # podman volume export systemd-odoo-server-data --output /home/podman/backup-odoo/odoo-server-data-${now}.tar
--- a/home/podman/.config/containers/systemd/pgadmin.container
+++ b/home/podman/.config/containers/systemd/pgadmin.container
@ -3,11 +3,20 @@ AutoUpdate=registry
 ContainerName=pgadmin
 Environment="PGADMIN_DEFAULT_EMAIL=mikepharesjr@msn.com"
 Environment="PGADMIN_DEFAULT_PASSWORD=Vm1jZ4mzdaF1q#pn4v1b"
-Image=docker.io/dpage/pgadmin4:latest
+Environment="PGADMIN_LISTEN_ADDRESS=0.0.0.0"
 # Environment="PGADMIN_LISTEN_ADDRESS=192.168.11.2"
 # Environment="PGADMIN_LISTEN_ADDRESS=127.0.0.1"
 # Environment="PGADMIN_LISTEN_ADDRESS=10.0.2.100"
 Environment="PGADMIN_ENABLE_TLS=true"
 Image=docker.io/dpage/pgadmin4:8.12
 # Network=gitea.network
 # Pod=gitea.pod
-PublishPort=5007:80
+# PublishPort=5007:80
 PublishPort=5007:443
 Volume=/etc/localtime:/etc/localtime:ro
 Volume=pgadmin-data.volume:/var/lib/pgadmin/:Z
 Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro
 Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro
 [Service]
 Restart=no
@ -15,7 +24,8 @@ Restart=no
 [Install]
 WantedBy=multi-user.target default.target
-# podman pull docker.io/library/postgres:14
+# podman pull docker.io/dpage/pgadmin4:8.12
 # x-podman pull docker.io/dpage/pgadmin4:latest
 # systemctl --user daemon-reload
 # systemctl --user start pgadmin
 # systemctl --user status pgadmin
@ -25,3 +35,6 @@ WantedBy=multi-user.target default.target
 # systemctl --user disable pgadmin
 # podman exec -ti pgadmin /bin/sh
 # podman exec -ti pgadmin /bin/bash
 # mkdir -p /home/podman/backup-pgadmin
 # now=$(date +'%Y-%m-%d_%H-%M-%S')
 # podman volume export systemd-pgadmin-server-data --output /home/podman/backup-pgadmin/pgadmin-server-data-${now}.tar
--- a/home/podman/.config/containers/systemd/traccar-server.container
+++ b/home/podman/.config/containers/systemd/traccar-server.container
@ -0,0 +1,33 @@
 [Container]
 AutoUpdate=registry
 ContainerName=traccar-server
 Image=docker.io/traccar/traccar:latest
 # Network=traccar.network
 # Pod=traccar.pod
 PublishPort=5011:8082
 # PublishPort=5000-5150:5000-5150
 # PublishPort=5000-5150:5000-5150/udp
 Volume=/etc/localtime:/etc/localtime:ro
 Volume=/etc/timezone:/etc/timezone:ro
 Volume=/opt/traccar/logs:/opt/traccar/logs:rw
 Volume=/opt/traccar/traccar.xml:/opt/traccar/conf/traccar.xml:rw
 [Service]
 Restart=no
 # [Unit]
 # Requires=traccar-db.service
 [Install]
 WantedBy=multi-user.target default.target
 # podman pull docker.io/traccar/traccar:latest
 # systemctl --user daemon-reload
 # systemctl --user start traccar-server
 # systemctl --user status traccar-server --lines=999
 # journalctl -fu traccar-server.service
 # podman logs traccar-server
 # systemctl --user stop traccar-server
 # systemctl --user disable traccar-server
 # podman exec -ti traccar-server /bin/sh
 # podman exec -ti traccar-server /bin/bash
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Mike Phares	51a235740e	Don't use	2024-12-23 09:10:35 -07:00
Mike Phares	70f6c099a9	12-23	2024-12-23 08:37:05 -07:00
Mike Phares	f851fe93bf	2024-11-23	2024-11-23 22:33:50 -07:00
Mike Phares	6a5a49af76	pull upgrade	2024-11-09 13:38:15 -07:00
Mike Phares	591a1fbf5d	2024-11-09	2024-11-09 12:37:33 -07:00
Mike Phares	56c3e1f963	Sync	2024-10-19 09:34:18 -07:00
Mike Phares	01853e0ba2	Pi-hole DNS	2024-07-29 17:36:55 -07:00
		`@ -0,0 +1 @@`
							`D:/5-Other-Small/Kanban/Phares/tasks/rebuild-ubuntu-beelink.md`