phares3757/linux-ubuntu-server
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: phares3757:2a2ff446af0dd2077d2e02826863b81a00e8750f
Branches Tags
phares3757:07-26
phares3757:03-02-a
phares3757:volume-export-ignore
...
compare: phares3757:8945386a8dd0ba908e93449f8d2fd7316c177f9f
Branches Tags
phares3757:03-02-a
phares3757:volume-export-ignore
phares3757:07-26

10 Commits
2a2ff446af ... 8945386a8d

Author SHA1 Message Date
Mike Phares
8945386a8d After many attemps 2024-07-26 22:58:47 -07:00
Mike Phares
60d7407abb resh install on Ubuntu Server with Docker at OS level then explore Podman Quadlet 2024-07-23 17:35:22 -07:00
Mike Phares
929745ed1b Sync server 2024-05-20 08:19:59 -07:00
Mike Phares
b225606b01 2024-05-18 2024-05-18 14:34:31 -07:00
Mike Phares
6fdd99035e 2024-05-17 2024-05-17 16:34:38 -07:00
Mike Phares
f88b0a03a0 still 2024-04-28 23:06:36 -07:00
Mike Phares
4824b06ccf need to diff 2024-04-28 22:28:17 -07:00
Mike Phares
eb281d1402 phares instead of mikep 2024-04-21 21:53:34 -07:00
Mike Phares
ee36748a49 Fixed 2024-04-21 20:19:17 -07:00
Mike Phares
f531337cea nginx 2024-04-21 19:47:49 -07:00
74 changed files with 2284 additions and 143 deletions
Show Stats Expand all files Collapse all files

20
.gitignore vendored
View File

@ -5,9 +5,16 @@
!*/
!etc/*.md
!etc/bash_history*
!etc/group*
!etc/gshadow*
!etc/pass*
!etc/shadow*
!etc/systemd/system/snap*
!etc/.pihole/advanced/pihole-admin.conf
!etc/apt/sources.list
!etc/bash_history*
!etc/dhcpcd.conf
!etc/hosts
!etc/kea/kea-dhcp4.conf
@ -28,9 +35,10 @@
!etc/unbound/unbound.conf
!etc/unbound/unbound.conf.d/pi-hole.conf
!etc/cups/*
!etc/containers/systemd/**/*
!etc/dnsmasq.d/*
!etc/fstab/*
!etc/letsencrypt/*
!etc/netplan/*
!etc/nginx/sites-available/*
!etc/mysql/mariadb.conf.d/*
@ -38,6 +46,14 @@
!etc/postgresql/*
!etc/wsl/*
!etc/letsencrypt/**/*
!opt/copy/**/*
!root/**/*container
!home/podman/**/*volume
!home/podman/**/*container
# !home/gogs/gogs/custom/conf/app.ini
# !home/syncthing/.config/syncthing/config.xml
# !usr/local/etc/gogs/conf/app.ini

12
etc/.pihole/.gitignore vendored Normal file
View File

@ -0,0 +1,12 @@
.DS_Store
*.pyc
*.swp
__pycache__
.cache
.pytest_cache
.tox
.eggs
*.egg-info
.idea/
*.iml
.vscode/

82
etc/.pihole/advanced/pihole-admin.conf Normal file
View File

@ -0,0 +1,82 @@
# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Lighttpd config for Pi-hole
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.
###############################################################################
# FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE. #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
###############################################################################
server.errorlog := "/var/log/lighttpd/error-pihole.log"
$HTTP["url"] =~ "^/admin/" {
server.document-root = "/var/www/html"
server.stream-response-body = 1
accesslog.filename = "/var/log/lighttpd/access-pihole.log"
accesslog.format = "%{%s}t|%h|%V|%r|%s|%b"
fastcgi.server = (
".php" => (
"localhost" => (
"socket" => "/run/lighttpd/pihole-php-fastcgi.socket",
"bin-path" => "/usr/bin/php-cgi",
"min-procs" => 1,
"max-procs" => 1,
"bin-environment" => (
"PHP_FCGI_CHILDREN" => "4",
"PHP_FCGI_MAX_REQUESTS" => "10000",
),
"bin-copy-environment" => (
"PATH", "SHELL", "USER"
),
"broken-scriptfilename" => "enable",
)
)
)
# X-Pi-hole is a response header for debugging using curl -I
# X-Frame-Options prevents clickjacking attacks and helps ensure your content is not embedded into other sites via < frame >, < iframe > or < object >.
# X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. This is important because it tells the browser to block the response if a malicious script has been inserted from a user input. (deprecated; disabled)
# X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. This is important because the browser will only load external resources if their content-type matches what is expected, and not malicious hidden code.
# Content-Security-Policy tells the browser where resources are allowed to be loaded and if its allowed to parse/run inline styles or Javascript. This is important because it prevents content injection attacks, such as Cross Site Scripting (XSS).
# X-Permitted-Cross-Domain-Policies is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains.
# Referrer-Policy allows control/restriction of the amount of information present in the referral header for links away from your page—the URL path or even if the header is sent at all.
setenv.add-response-header = (
"X-Pi-hole" => "The Pi-hole Web interface is working!",
"X-Frame-Options" => "DENY",
"X-XSS-Protection" => "0",
"X-Content-Type-Options" => "nosniff",
"Content-Security-Policy" => "default-src 'self' 'unsafe-inline';",
"X-Permitted-Cross-Domain-Policies" => "none",
"Referrer-Policy" => "same-origin"
)
# Block . files from being served, such as .git, .github, .gitignore
$HTTP["url"] =~ "^/admin/\." {
url.access-deny = ("")
}
# allow teleporter and API qr code iframe on settings page
$HTTP["url"] =~ "/(teleporter|api_token)\.php$" {
$HTTP["referer"] =~ "/admin/settings\.php" {
setenv.set-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
}
}
}
else $HTTP["url"] == "/admin" {
url.redirect = ("" => "/admin/")
}
$HTTP["host"] == "pi.hole" {
$HTTP["url"] == "/" {
url.redirect = ("" => "/admin/")
}
}
# (keep this on one line for basic-install.sh filtering during install)
server.modules += ( "mod_access", "mod_accesslog", "mod_redirect", "mod_fastcgi", "mod_setenv" )

43
etc/apt/sources.list
View File

@ -1,42 +1 @@
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://us.archive.ubuntu.com/ubuntu/ mantic main restricted
# deb-src http://us.archive.ubuntu.com/ubuntu/ mantic main restricted
## Major bug fix updates produced after the final release of the
## distribution.
deb http://us.archive.ubuntu.com/ubuntu/ mantic-updates main restricted
# deb-src http://us.archive.ubuntu.com/ubuntu/ mantic-updates main restricted
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://us.archive.ubuntu.com/ubuntu/ mantic universe
# deb-src http://us.archive.ubuntu.com/ubuntu/ mantic universe
deb http://us.archive.ubuntu.com/ubuntu/ mantic-updates universe
# deb-src http://us.archive.ubuntu.com/ubuntu/ mantic-updates universe
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://us.archive.ubuntu.com/ubuntu/ mantic multiverse
# deb-src http://us.archive.ubuntu.com/ubuntu/ mantic multiverse
deb http://us.archive.ubuntu.com/ubuntu/ mantic-updates multiverse
# deb-src http://us.archive.ubuntu.com/ubuntu/ mantic-updates multiverse
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://us.archive.ubuntu.com/ubuntu/ mantic-backports main restricted universe multiverse
# deb-src http://us.archive.ubuntu.com/ubuntu/ mantic-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu/ mantic-security main restricted
# deb-src http://security.ubuntu.com/ubuntu/ mantic-security main restricted
deb http://security.ubuntu.com/ubuntu/ mantic-security universe
# deb-src http://security.ubuntu.com/ubuntu/ mantic-security universe
deb http://security.ubuntu.com/ubuntu/ mantic-security multiverse
# deb-src http://security.ubuntu.com/ubuntu/ mantic-security multiverse
# Ubuntu sources have moved to /etc/apt/sources.list.d/ubuntu.sources

28
etc/bash_history_2024-07-22.txt Normal file
View File

@ -0,0 +1,28 @@
apt-get update
apt upgrade -y
apt install snapd -y
apt install sudo links unzip nginx git nano ncdu -y
snap install dashkiosk
snap install ubuntu-frame wpe-webkit-mir-kiosk
snap set wpe-webkit-mir-kiosk daemon=true
snap set wpe-webkit-mir-kiosk url=http://localhost:9400/receiver
exit
wpe-webkit-mir-kiosk.cog http://localhost:9400/receiver
/snap/wpe-webkit-mir-kiosk/current/bin/setup.sh
wpe-webkit-mir-kiosk.cog http://localhost:9400/receiver
snap set ubuntu-frame daemon=true
exit
reboot
cat /root/.ssh/authorized_keys
nano /root/.ssh/authorized_keys
adduser lphares
mkdir /home/lphares/.ssh
cp /root/.ssh/authorized_keys /home/lphares/.ssh/authorized_keys
chown lphares:lphares -R /home/lphares
adduser bmiller
mkdir /home/bmiller/.ssh
cp /root/.ssh/authorized_keys /home/bmiller/.ssh/authorized_keys
chown bmiller:bmiller -R /home/bmiller
ln -s /var/log/nginx /var/www/html/log-nginx
ls -la /var/www/html
exit

64
etc/bash_history_2024-07-25.txt Normal file
View File

@ -0,0 +1,64 @@
cat /root/.ssh/authorized_keys
nano /root/.ssh/authorized_keys
exit
apt-get install podman -y
apt-cache rdepends podman-compose
apt-get install podman-compose -y
adduser podman sudo
sudo -iu podman
exit
timedatectl set-timezone America/Phoenix
date
apt-get update
apt upgrade -y
adduser pihole
adduser podman
adduser lphares
mkdir /home/lphares/.ssh
cp /root/.ssh/authorized_keys /home/lphares/.ssh/authorized_keys
chown lphares:lphares -R /home/lphares
#
adduser bmiller
mkdir /home/bmiller/.ssh
cp /root/.ssh/authorized_keys /home/bmiller/.ssh/authorized_keys
chown bmiller:bmiller -R /home/bmiller
adduser bmiller lphares
sudo usermod -a -G lphares bmiller
newgrp lphares
systemctl restart ssh
exit
reboot
sudo -iu podman
cd /run/user/0/
ls -la
cd ..
ls -la
cp -R 0/ 1002/
chown -R podman:podman /run/user/1002/
sudo -iu podman
rm -R /run/user/1002/
mkdir -p /run/user/1002/
sudo -iu podman
chown -R podman:podman /run/user/1002/
sudo -iu podman
exit
reboot
adduser pihole
cd /tmp
curl -sSL https://install.pi-hole.net | bash
pihole -a -p LhhI1S73VZhtP#WIG8Tk
exit
reboot
apt install unbound -y
nano /etc/unbound/unbound.conf.d/pi-hole.conf
service unbound restart
nano /etc/lighttpd/lighttpd.conf
pihole -up
service lighttpd restart
dig fail01.dnssec.works @127.0.0.1 -p 5335
dig dnssec.works @127.0.0.1 -p 5335
exit
reboot
ln -s /var/log/nginx /var/www/html/log-nginx
ls -la /var/www/html
exit

167
etc/bash_history_2024-07-26.txt Normal file
View File

@ -0,0 +1,167 @@
cat /root/.ssh/authorized_keys
nano /root/.ssh/authorized_keys
exit
apt-get install podman -y
apt-cache rdepends podman-compose
apt-get install podman-compose -y
adduser podman sudo
sudo -iu podman
exit
timedatectl set-timezone America/Phoenix
date
apt-get update
apt upgrade -y
adduser pihole
adduser podman
adduser lphares
mkdir /home/lphares/.ssh
cp /root/.ssh/authorized_keys /home/lphares/.ssh/authorized_keys
chown lphares:lphares -R /home/lphares
#
adduser bmiller
mkdir /home/bmiller/.ssh
cp /root/.ssh/authorized_keys /home/bmiller/.ssh/authorized_keys
chown bmiller:bmiller -R /home/bmiller
adduser bmiller lphares
sudo usermod -a -G lphares bmiller
newgrp lphares
systemctl restart ssh
exit
reboot
sudo -iu podman
cd /run/user/0/
ls -la
cd ..
ls -la
cp -R 0/ 1002/
chown -R podman:podman /run/user/1002/
sudo -iu podman
rm -R /run/user/1002/
mkdir -p /run/user/1002/
sudo -iu podman
chown -R podman:podman /run/user/1002/
sudo -iu podman
exit
reboot
adduser pihole
cd /tmp
curl -sSL https://install.pi-hole.net | bash
pihole -a -p LhhI1S73VZhtP#WIG8Tk
exit
reboot
apt install unbound -y
nano /etc/unbound/unbound.conf.d/pi-hole.conf
service unbound restart
nano /etc/lighttpd/lighttpd.conf
pihole -up
service lighttpd restart
dig fail01.dnssec.works @127.0.0.1 -p 5335
dig dnssec.works @127.0.0.1 -p 5335
exit
reboot
ln -s /var/log/nginx /var/www/html/log-nginx
ls -la /var/www/html
exit
cp ~/.bash_history /etc/bash_history_2024-07-25.txt
cat /etc/bash_history_2024-07-25.txt
exit
apt install smartmontools
smartctl -i /dev/sda
exit
reboot
apt install snapd -y
apt install sudo links unzip nginx git nano ncdu -y
snap install dashkiosk
apt install sudo links unzip nginx git nano ncdu -y
snap install ubuntu-frame wpe-webkit-mir-kiosk
snap set wpe-webkit-mir-kiosk daemon=true
snap set wpe-webkit-mir-kiosk url=http://localhost:9400/receiver
exit
wpe-webkit-mir-kiosk.cog http://localhost:9400/receiver
/snap/wpe-webkit-mir-kiosk/current/bin/setup.sh
wpe-webkit-mir-kiosk.cog http://localhost:9400/receiver
snap set ubuntu-frame daemon=true
exit
reboot
sudo -iu podman
chmod -R podman:podman /home/podman/.config/containers/systemd/
chown -R podman:podman /home/podman/.config/containers/systemd/
rm -R .config/containers/systemd/*.ignore
rm -R .config/containers/systemd/*.volume
rm -R .config/containers/systemd/*.container
rm -R /home/podman/.config/containers/systemd/*.ignore
rm -R /home/podman/.config/containers/systemd/*.volume
rm -R /home/podman/.config/containers/systemd/*.container
mkdir /home/podman/.ssh
cp /root/.ssh/authorized_keys /home/podman/.ssh/authorized_keys
chown podman:podman -R /home/podman
systemctl --user daemon-reload
sudo -iu podman
cd ~/
mkdir -p ~/.bashrc.d
echo "export XDG_RUNTIME_DIR=/run/user/$(id -u)" > ~/.bashrc.d/systemd
source ~/.bashrc.d/systemd
loginctl enable-linger 1002
podman ps -a
systemctl --user daemon-reload
podman image prune
podman volume prune
podman container prune
exit
shutdown now
ip a
lsof -i -P -n | grep LISTEN
apt-cache rdepends cockpit
apt install cockpit -y
passwd phares
apt-get install cockpit cockpit-podman -y
systemctl enable --now cockpit.socket
journalctl -fu unbound-resolvconf.service
ip a
service unbound restart
journalctl -fu unbound-resolvconf.service
nano /etc/sysctl.conf
sysctl -p
cat /proc/sys/net/ipv6/conf/all/disable_ipv6
exit
reboot
ip a
nano /etc/postfix/main.cf
nano /etc/default/grub
grub2-mkconfig
grub-mkconfig
exit
reboot
ip a
nmcli
dig pi-hole.net @127.0.0.1 -p 5335
dig fail01.dnssec.works @127.0.0.1 -p 5335
dig dnssec.works @127.0.0.1 -p 5335
systemctl is-active unbound-resolvconf.service
systemctl disable --now unbound-resolvconf.service
sed -Ei 's/^unbound_conf=/#unbound_conf=/' /etc/resolvconf.conf
service unbound restart
rm /etc/unbound/unbound.conf.d/resolvconf_resolvers.conf
systemctl disable --now unbound-resolvconf.service
exit
reboot\
reboot
sudo -iu podman
exit
reboot
sudo -iu podman
exit
reboot
sudo -iu podman
exit
shutdown now
lvs -a
lsblk -I 8 -o NAME,SIZE,TYPE,FSUSED,FSUSE%
smartctl -i /dev/sda
lsblk -I 8 -o NAME,SIZE,TYPE,FSUSED,FSUSE%
mkdir /mnt/usb
mount /dev/sdb2 /mnt/usb
exit
nginx -t
nginx -s reload
exit

547
etc/beelink.md Normal file
View File

@ -0,0 +1,547 @@
# Beelink
## Ubuntu and Docker End of July 2024
### Dashkiosk
### authorized_keys
```bash Thu Jul 25 2024 16:02:13 GMT-0700 (Mountain Standard Time)
sudo -i
cat /root/.ssh/authorized_keys
nano /root/.ssh/authorized_keys
```
```conf Thu Jul 25 2024 16:02:15 GMT-0700 (Mountain Standard Time)
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7khmvc9lTWHALZ/IOMcJNz/1SuvrU53fI43v4PxIJN # 92532396 2023-12-27 mikep@DESKTOP-VP94SPB
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGq7b8qtm4fgNxW2lxm+qoxm8Wz7+1uhLQCg7xSlKYL1 # 92683771 2024-01-01 mikep@DESKTOP-BMV4V66
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJqLFW9kYMp9lOTXXYafxLiUADFFKeM5KDzt02E3XeRP # 92691378 2024-01-01 cphar@DESKTOP-KA0LMMJ
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBkS+uvWevmhYNos6MJKVi2auAx6x+xlyOnnvbdEstsz # 92797978 2024-01-03 mikep@DESKTOP-GNECR7R
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKf5fo63+vyYa8E06+HOPg24e9VMsvv/kBsHKGjBBUyz # 92895319 2024-01-05 mike@mike-B365M-DS3H
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGM6ANLH/4dS0YqlsCyoXkznzkgIsDqCTk3YX01XVWd8 # 92909911 2024-01-06 mikep@DESKTOP-H6JG91B
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOwAv1vrRA29GYL0DFSE8nmD5q3gL+vVtFSwhrXObDo4 # 93288214 2024-01-13 infineon\phares@ISCN5CG3256CPS
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH1xPVOisKwW6Xwo/Yh1kx2smt2HJU2/pRjTJf4KdGXo # 97267150 2024-03-28 mike@mike-Default-string
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDz5WqCKsoaxV+LG/kufLNuiE9K3lqp+B3AqeKXGusX # 97442032 2024-04-01 lphar@DESKTOP-1238PEQ
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID09PhrjIpeNBmUeycnT3xKF8F5TcGL3ZKAvU9YdLj7H # 98747144 2024-04-25 mike@mike-Default-string
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaZyTLpafZta8W8Uv6uWpgbbj4QL5dde9Rlf06PfdYc # 98824914 2024-04-26 k0308@DESKTOP-0UJ8DD5
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFpucyp3FAHn8/9cXvfRegi09DkR6XLugoniEyQ9w0T # 98824924 2024-04-26 mille@DESKTOP-QL2HGEH
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOn/Ptg/k3rOJn32GxrL2J3Bazt/3M9fGWjzP+CW1qXK # 100900455 2024-06-03 lphares0907@penguin
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPMIxGucViHMHFXoM2VBPlvLvMgqNi2BUtTE/D4n778M # 101638217 2024-06-14 mikep@DESKTOP-VVO6KCM
```
```bash Thu Jul 25 2024 16:02:34 GMT-0700 (Mountain Standard Time)
exit
```
### Timezone
```bash Thu Jul 25 2024 16:10:06 GMT-0700 (Mountain Standard Time)
timedatectl set-timezone America/Phoenix
date
# Thu Jul 25 04:03:08 PM MST 2024
```
```bash Thu Jul 25 2024 16:10:08 GMT-0700 (Mountain Standard Time)
apt-get update
apt upgrade -y
```
### Create Users
```bash Thu Jul 25 2024 16:10:13 GMT-0700 (Mountain Standard Time)
adduser pihole
adduser podman
mkdir /home/podman/.ssh
cp /root/.ssh/authorized_keys /home/podman/.ssh/authorized_keys
chown podman:podman -R /home/podman
#
adduser lphares
#
mkdir /home/lphares/.ssh
cp /root/.ssh/authorized_keys /home/lphares/.ssh/authorized_keys
chown lphares:lphares -R /home/lphares
#
adduser bmiller
#
mkdir /home/bmiller/.ssh
cp /root/.ssh/authorized_keys /home/bmiller/.ssh/authorized_keys
chown bmiller:bmiller -R /home/bmiller
```
### Directory Share
```bash Mon Thu Jul 25 2024 16:10:17 GMT-0700 (Mountain Standard Time)
adduser bmiller lphares
sudo usermod -a -G lphares bmiller
newgrp lphares
systemctl restart ssh
```
### Podman Quadlet Rootless Example
```bash Thu Jul 25 2024 16:30:13 GMT-0700 (Mountain Standard Time)
apt-get install podman -y
apt-cache rdepends podman-compose
apt-get install podman-compose -y
# apt-get remove podman-compose -y
# apt-get purge podman-compose -y
adduser podman sudo
sudo -iu podman
loginctl enable-linger
# 2.
podman --version
# podman version 4.9.3
# https://www.redhat.com/sysadmin/quadlet-podman
cd ~/
mkdir -p .config/containers/systemd/
nano .config/containers/systemd/mysleep.container
```
```conf Thu Jul 25 2024 16:31:21 GMT-0700 (Mountain Standard Time)
[Unit]
Description=The sleep container
After=local-fs.target
[Container]
Image=registry.access.redhat.com/ubi9-minimal:latest
Exec=sleep 1000
[Install]
# Start by default on boot
WantedBy=multi-user.target default.target
```
```bash Thu Jul 25 2024 16:31:24 GMT-0700 (Mountain Standard Time)
exit
exit
reboot
```
```bash Thu Jul 25 2024 16:31:27 GMT-0700 (Mountain Standard Time)
# cp -R /run/user/0/ /run/user/1002/
mkdir -p /run/user/1002/
chown -R podman:podman /run/user/1002/
sudo -iu podman
cd ~/
mkdir -p ~/.bashrc.d
echo "export XDG_RUNTIME_DIR=/run/user/$(id -u)" > ~/.bashrc.d/systemd
source ~/.bashrc.d/systemd
loginctl enable-linger 1002
podman ps -a
systemctl --user daemon-reload
systemctl --user enable --now podman.socket
systemctl --user status mysleep.service
systemctl --user start mysleep.service
exit
reboot
```
### Pi-hole
```bash Thu Jul 25 2024 16:31:30 GMT-0700 (Mountain Standard Time)
# https://canyoublockit.com/
adduser pihole
cd /tmp
curl -sSL https://install.pi-hole.net | bash
pihole -a -p 484C889D0ED1EA4AB930AA518FE3B15E
exit
reboot
```
```bash Thu Jul 25 2024 16:35:27 GMT-0700 (Mountain Standard Time)
apt install unbound -y
# https://docs.pi-hole.net/guides/dns/unbound/
nano /etc/unbound/unbound.conf.d/pi-hole.conf
```
```conf Thu Jul 25 2024 16:35:36 GMT-0700 (Mountain Standard Time)
server:
# If no logfile is specified, syslog is used
# logfile: "/var/log/unbound/unbound.log"
verbosity: 0
interface: 127.0.0.1
port: 5335
do-ip4: yes
do-udp: yes
do-tcp: yes
# May be set to yes if you have IPv6 connectivity
do-ip6: no
# You want to leave this to no unless you have *native* IPv6. With 6to4 and
# Terredo tunnels your web browser should favor IPv4 for the same reasons
prefer-ip6: no
# Use this only when you downloaded the list of primary root servers!
# If you use the default dns-root-data package, unbound will find it automatically
#root-hints: "/var/lib/unbound/root.hints"
# Trust glue only if it is within the server's authority
harden-glue: yes
# Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
harden-dnssec-stripped: yes
# Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
# see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
use-caps-for-id: no
# Reduce EDNS reassembly buffer size.
# IP fragmentation is unreliable on the Internet today, and can cause
# transmission failures when large DNS messages are sent via UDP. Even
# when fragmentation does work, it may not be secure; it is theoretically
# possible to spoof parts of a fragmented DNS message, without easy
# detection at the receiving end. Recently, there was an excellent study
# >>> Defragmenting DNS - Determining the optimal maximum UDP response size for DNS <<<
# by Axel Koolhaas, and Tjeerd Slokker (https://indico.dns-oarc.net/event/36/contributions/776/)
# in collaboration with NLnet Labs explored DNS using real world data from the
# the RIPE Atlas probes and the researchers suggested different values for
# IPv4 and IPv6 and in different scenarios. They advise that servers should
# be configured to limit DNS messages sent over UDP to a size that will not
# trigger fragmentation on typical network links. DNS servers can switch
# from UDP to TCP when a DNS response is too big to fit in this limited
# buffer size. This value has also been suggested in DNS Flag Day 2020.
edns-buffer-size: 1232
# Perform prefetching of close to expired message cache entries
# This only applies to domains that have been frequently queried
prefetch: yes
# One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
num-threads: 1
# Ensure kernel buffer is large enough to not lose messages in traffic spikes
so-rcvbuf: 1m
# Ensure privacy of local IP ranges
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-address: fd00::/8
private-address: fe80::/10
```
```bash Thu Jul 25 2024 16:37:29 GMT-0700 (Mountain Standard Time)
service unbound restart
nano /etc/lighttpd/lighttpd.conf
```
```conf Thu Jul 25 2024 16:37:31 GMT-0700 (Mountain Standard Time)
...
server.port = 8005
...
```
```bash Thu Jul 25 2024 16:37:32 GMT-0700 (Mountain Standard Time)
pihole -up
service lighttpd restart
dig fail01.dnssec.works @127.0.0.1 -p 5335
dig dnssec.works @127.0.0.1 -p 5335
exit
reboot
```
### Log
```bash Thu Jul 25 2024 16:44:00 GMT-0700 (Mountain Standard Time)
ln -s /var/log/nginx /var/www/html/log-nginx
ls -la /var/www/html
exit
```
```bash Thu Jul 25 2024 16:44:01 GMT-0700 (Mountain Standard Time)
cp ~/.bash_history /etc/bash_history_2024-07-25.txt
cat /etc/bash_history_2024-07-25.txt
exit
```
```bash Thu Jul 25 2024 16:44:03 GMT-0700 (Mountain Standard Time)
apt install smartmontools
smartctl -i /dev/sda
```
```yaml Thu Jul 25 2024 16:44:05 GMT-0700 (Mountain Standard Time)
Device Model: minisforum
Serial Number: L9MLCHC11280472
LU WWN Device Id: 0 000000 000000000
Firmware Version: SBFMJ1.3
User Capacity: 256,060,514,304 bytes [256 GB]
Sector Size: 512 bytes logical/physical
Rotation Rate: Solid State Device
Form Factor: M.2
TRIM Command: Available
Device is: Not in smartctl database 7.3/5528
ATA Version is: ACS-4 (minor revision not indicated)
SATA Version is: SATA 3.2, 6.0 Gb/s (current: 6.0 Gb/s)
Local Time is: Thu Jul 25 16:38:33 2024 MST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
```
### Dashkiosk
```bash Thu Jul 25 2024 16:44:07 GMT-0700 (Mountain Standard Time)
apt install snapd -y
apt install sudo links unzip nginx git nano ncdu -y
snap install dashkiosk
snap install ubuntu-frame wpe-webkit-mir-kiosk
snap set wpe-webkit-mir-kiosk daemon=true
snap set wpe-webkit-mir-kiosk url=http://localhost:9400/receiver
exit
```
```bash Thu Jul 25 2024 16:44:09 GMT-0700 (Mountain Standard Time)
wpe-webkit-mir-kiosk.cog http://localhost:9400/receiver
# ^C
/snap/wpe-webkit-mir-kiosk/current/bin/setup.sh
wpe-webkit-mir-kiosk.cog http://localhost:9400/receiver
# ^C
snap set ubuntu-frame daemon=true
exit
reboot
```
### Podman Verify
```bash Thu Jul 25 2024 16:58:14 GMT-0700 (Mountain Standard Time)
# apt install systemd-container -y
# machinectl --help
sudo -iu podman
cd ~/
mkdir -p ~/.bashrc.d
echo "export XDG_RUNTIME_DIR=/run/user/$(id -u)" > ~/.bashrc.d/systemd
source ~/.bashrc.d/systemd
loginctl enable-linger 1002
podman ps -a
systemctl --user daemon-reload
podman image prune
podman volume prune
podman container prune
chown -R podman:podman /home/podman/.config/containers/systemd/
rm -R /home/podman/.config/containers/systemd/*.ignore
rm -R /home/podman/.config/containers/systemd/*.volume
rm -R /home/podman/.config/containers/systemd/*.container
```
### Free File Sync - * Select - A
```bash Thu Jul 25 2024 16:49:21 GMT-0700 (Mountain Standard Time)
# sftp://root@free.file.sync.root/etc|chan=10|keyfile=C:\Users\phares\.ssh\id_ed25519
# L:\Git\Linux-Ubuntu-Server\etc
```
### Backup
- [x] Rescuezilla Fri Jul 26 2024 10:45:27 GMT-0700 (Mountain Standard Time)
### Restore
- [x] Rescuezilla Fri Jul 26 2024 10:45:27 GMT-0700 (Mountain Standard Time)
### Disable IPv6 (Move up next time!!!)
```bash Fri Jul 26 2024 10:45:27 GMT-0700 (Mountain Standard Time)
# https://intercom.help/privatevpn/en/articles/6440374-how-to-disable-ipv6-on-ubuntu-and-fedora-linux
nano /etc/sysctl.conf
```
```conf Fri Jul 26 2024 10:45:30 GMT-0700 (Mountain Standard Time)
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
```
```bash Fri Jul 26 2024 10:45:34 GMT-0700 (Mountain Standard Time)
sysctl -p
cat /proc/sys/net/ipv6/conf/all/disable_ipv6
exit
reboot
```
```bash Fri Jul 26 2024 10:45:38 GMT-0700 (Mountain Standard Time)
nano /etc/default/grub
```
### Fix Unbond (Move up next time!!!)
```conf Fri Jul 26 2024 10:45:41 GMT-0700 (Mountain Standard Time)
service unbound restart
# http://beelink:8005/admin/settings.php?tab=dns
# https://docs.pi-hole.net/guides/dns/unbound/#configure-pi-hole
127.0.0.1#5335
```
```bash Fri Jul 26 2024 10:45:44 GMT-0700 (Mountain Standard Time)
journalctl -fu unbound-resolvconf.service
systemctl disable --now unbound-resolvconf.service
service unbound restart
```
```conf Fri Jul 26 2024 10:45:47 GMT-0700 (Mountain Standard Time)
# https://opensource.com/article/22/8/disable-ipv6
# GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash"
# GRUB_CMDLINE_LINUX=""
GRUB_CMDLINE_LINUX="ipv6.disable=1"
```
```bash Fri Jul 26 2024 10:45:51 GMT-0700 (Mountain Standard Time)
grub-mkconfig
exit
reboot
```
### Cockpit (Move up next time!!!)
- [cockpit](https://cockpit-project.org/)
```bash Fri Jul 26 2024 10:45:55 GMT-0700 (Mountain Standard Time)
# apt install chkservice -y
apt-cache rdepends cockpit
apt install cockpit -y
passwd phares
# https://192.168.11.2:9090
# https://blog.while-true-do.io/podman-web-ui-via-cockpit/
apt-get install cockpit cockpit-podman -y
systemctl enable --now cockpit.socket
```
### Podman Create
```bash Fri Jul 26 2024 10:46:01 GMT-0700 (Mountain Standard Time)
# apt install systemd-container -y
# machinectl --help
sudo -iu podman
cd ~/
mkdir -p ~/.bashrc.d
echo "export XDG_RUNTIME_DIR=/run/user/$(id -u)" > ~/.bashrc.d/systemd
source ~/.bashrc.d/systemd
loginctl enable-linger 1002
podman ps -a
systemctl --user daemon-reload
podman pull docker.io/dpage/pgadmin4:latest
podman pull docker.io/gitea/act_runner:nightly
podman pull docker.io/gitea/gitea:latest
podman pull docker.io/library/postgres:13
podman pull docker.io/library/postgres:14
podman pull docker.io/library/postgres:16
podman pull docker.io/library/postgres:16
podman pull docker.io/library/redis:6.2-alpine@sha256:d6c2911ac51b289db208767581a5d154544f2b2fe4914ea5056443f62dc6e900
podman pull docker.io/odoo:15.0
podman pull docker.io/odoo:16.0
podman pull docker.io/vaultwarden/server:latest
podman pull ghcr.io/immich-app/immich-machine-learning:release
podman pull ghcr.io/immich-app/immich-server:release
```
```conf Fri Jul 26 2024 10:57:44 GMT-0700 (Mountain Standard Time)
# sftp://root@free.file.sync.root/home/podman|chan=10|keyfile=C:\Users\phares\.ssh\id_ed25519
# L:\Git\Linux-Ubuntu-Server\home\podman
```
```bash Fri Jul 26 2024 11:01:22 GMT-0700 (Mountain Standard Time)
# ... .service is transient or generated.
# WantedBy=multi-user.target
systemctl --user daemon-reload
systemctl --user start gitea-db
# systemctl --user start gitea-runner
systemctl --user start gitea-server
systemctl --user start immich-db
systemctl --user start immich-learning
systemctl --user start immich-redis
# systemctl --user start immich-server
systemctl --user start odoo-db
systemctl --user start odoo-server
systemctl --user start pgadmin
systemctl --user start vaultwarden-server
podman ps -a --sort names
smartctl -i /dev/sda
```
```yaml Fri Jul 26 2024 11:55:37 GMT-0700 (Mountain Standard Time)
Device Model: 256GB SSD
Serial Number: CM42ABH1005410
LU WWN Device Id: 5 3a5a27 0100c22ca
Firmware Version: SN11842
User Capacity: 256,060,514,304 bytes [256 GB]
Sector Size: 512 bytes logical/physical
Rotation Rate: Solid State Device
Form Factor: M.2
TRIM Command: Available, deterministic, zeroed
Device is: Not in smartctl database 7.3/5528
ATA Version is: ACS-4 (minor revision not indicated)
SATA Version is: SATA 3.2, 6.0 Gb/s (current: 6.0 Gb/s)
Local Time is: Fri Jul 26 11:55:12 2024 MST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
```
### Copy Slideshow Photos
```bash Fri Jul 26 2024 10:57:44 GMT-0700 (Mountain Standard Time)
lvs -a
lsblk -I 8 -o NAME,SIZE,TYPE,FSUSED,FSUSE%
mkdir /mnt/usb
mount /dev/sdb2 /mnt/usb
```
```conf Fri Jul 26 2024 10:57:44 GMT-0700 (Mountain Standard Time)
# cp -R ... ...
# sftp://root@free.file.sync.root/mnt/usb/var/www/html/Images-c9dbce3b-Results/thumbs|chan=10|keyfile=C:\Users\phares\.ssh\id_ed25519
# sftp://root@free.file.sync.root/var/www/html/Images-c9dbce3b-Results/thumbs|chan=10|keyfile=C:\Users\phares\.ssh\id_ed25519
```
```bash Fri Jul 26 2024 13:34:48 GMT-0700 (Mountain Standard Time)
OS-var-thumbs-server 7/26/2024 11:59:57 AM
Completed successfully
Warnings: 2
Items processed: 156,388 (35.7 GB)
Total time: 01:31:53
Errors and warnings:
11:59:58 AM Warning: The following folders do not yet exist:
sftp://root@free.file.sync.root/var/www/html/Images-c9dbce3b-Results/thumbs
The folders are created automatically when needed.
12:00:30 PM Warning: Database file is not av
```
```bash Fri Jul 26 2024 13:34:52 GMT-0700 (Mountain Standard Time)
umount /mnt/usb
# http://192.168.11.2:9400/admin
# Slideshow
# http://127.0.0.1:8080/slideshow/index.html?nocache=2024-07-01-11-36
# Local
# http://192.168.11.2:8080/slideshow/index.html?nocache=2024-07-01-11-36
```
### Free File Sync - * Select - B
```conf Fri Jul 26 2024 13:34:57 GMT-0700 (Mountain Standard Time)
# sftp://root@free.file.sync.root/etc|chan=10|keyfile=C:\Users\phares\.ssh\id_ed25519
# L:\Git\Linux-Ubuntu-Server\etc
```
```bash Fri Jul 26 2024 13:35:01 GMT-0700 (Mountain Standard Time)
cp ~/.bash_history /etc/bash_history_2024-07-26.txt
exit
reboot
```
### Backup
- [x] Rescuezilla Fri Jul 26 2024 13:35:04 GMT-0700 (Mountain Standard Time)
## Common
```bash
nginx -t
nginx -s reload
cat /etc/crontab
systemctl restart nginx
cat /etc/ssh/sshd_config
lsof -i -P -n | grep LISTEN
netstat -tulpn | grep LISTEN
lsblk -I 8 -o NAME,SIZE,TYPE,FSUSED,FSUSE%
(echo >/dev/tcp/localhost/5433) &>/dev/null && echo "Open 5433" || echo "Close 5433"
```

4
etc/dhcpcd.conf
View File

@ -46,3 +46,7 @@ require dhcp_server_identifier
#slaac hwaddr
# OR generate Stable Private IPv6 Addresses based from the DUID
slaac private
interface enp2s0
static ip_address=192.168.11.2/25
static routers=192.168.11.1
static domain_name_servers=

39
etc/dnsmasq.d/01-pihole.conf Normal file
View File

@ -0,0 +1,39 @@
# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Dnsmasq config for Pi-hole's FTLDNS
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.
###############################################################################
# FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
# #
# IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN: #
# /etc/pihole/setupVars.conf #
# #
# ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE #
# WITHIN /etc/dnsmasq.d/yourname.conf #
###############################################################################
addn-hosts=/etc/pihole/local.list
addn-hosts=/etc/pihole/custom.list
localise-queries
no-resolv
log-queries
log-facility=/var/log/pihole/pihole.log
log-async
cache-size=10000
server=127.0.0.1#5335
domain-needed
expand-hosts
bogus-priv
local-service

42
etc/dnsmasq.d/06-rfc6761.conf Normal file
View File

@ -0,0 +1,42 @@
# Pi-hole: A black hole for Internet advertisements
# (c) 2021 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# RFC 6761 config file for Pi-hole
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.
###############################################################################
# FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
# #
# CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE #
# WITHIN /etc/dnsmasq.d/yourname.conf #
###############################################################################
# RFC 6761: Caching DNS servers SHOULD recognize
# test, localhost, invalid
# names as special and SHOULD NOT attempt to look up NS records for them, or
# otherwise query authoritative DNS servers in an attempt to resolve these
# names.
server=/test/
server=/localhost/
server=/invalid/
# The same RFC requests something similar for
# 10.in-addr.arpa. 21.172.in-addr.arpa. 27.172.in-addr.arpa.
# 16.172.in-addr.arpa. 22.172.in-addr.arpa. 28.172.in-addr.arpa.
# 17.172.in-addr.arpa. 23.172.in-addr.arpa. 29.172.in-addr.arpa.
# 18.172.in-addr.arpa. 24.172.in-addr.arpa. 30.172.in-addr.arpa.
# 19.172.in-addr.arpa. 25.172.in-addr.arpa. 31.172.in-addr.arpa.
# 20.172.in-addr.arpa. 26.172.in-addr.arpa. 168.192.in-addr.arpa.
# Pi-hole implements this via the dnsmasq option "bogus-priv" (see
# 01-pihole.conf) because this also covers IPv6.
# OpenWRT furthermore blocks bind, local, onion domains
# see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD
# and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml
# We do not include the ".local" rule ourselves, see https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972
server=/bind/
server=/onion/

67
etc/group Normal file
View File

@ -0,0 +1,67 @@
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:syslog,phares
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:phares
floppy:x:25:
tape:x:26:
sudo:x:27:phares,podman
audio:x:29:
dip:x:30:phares
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:phares
staff:x:50:
games:x:60:
users:x:100:pihole,podman,lphares,bmiller
nogroup:x:65534:
systemd-journal:x:999:
systemd-network:x:998:
systemd-timesync:x:997:
input:x:996:
sgx:x:995:
kvm:x:994:
render:x:993:
lxd:x:101:phares
messagebus:x:102:
systemd-resolve:x:992:
_ssh:x:103:
polkitd:x:991:
crontab:x:990:
syslog:x:104:
uuidd:x:105:
rdma:x:106:
tcpdump:x:107:
tss:x:108:
landscape:x:109:
fwupd-refresh:x:989:
netdev:x:110:
phares:x:1000:
pihole:x:1001:www-data
podman:x:1002:
lphares:x:1003:bmiller
bmiller:x:1004:
unbound:x:111:
cockpit-ws:x:112:
cockpit-wsinstance:x:113:

66
etc/group- Normal file
View File

@ -0,0 +1,66 @@
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:syslog,phares
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:phares
floppy:x:25:
tape:x:26:
sudo:x:27:phares,podman
audio:x:29:
dip:x:30:phares
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:phares
staff:x:50:
games:x:60:
users:x:100:pihole,podman,lphares,bmiller
nogroup:x:65534:
systemd-journal:x:999:
systemd-network:x:998:
systemd-timesync:x:997:
input:x:996:
sgx:x:995:
kvm:x:994:
render:x:993:
lxd:x:101:phares
messagebus:x:102:
systemd-resolve:x:992:
_ssh:x:103:
polkitd:x:991:
crontab:x:990:
syslog:x:104:
uuidd:x:105:
rdma:x:106:
tcpdump:x:107:
tss:x:108:
landscape:x:109:
fwupd-refresh:x:989:
netdev:x:110:
phares:x:1000:
pihole:x:1001:www-data
podman:x:1002:
lphares:x:1003:bmiller
bmiller:x:1004:
unbound:x:111:
cockpit-ws:x:112:

67
etc/gshadow Normal file
View File

@ -0,0 +1,67 @@
root:*::
daemon:*::
bin:*::
sys:*::
adm:*::syslog,phares
tty:*::
disk:*::
lp:*::
mail:*::
news:*::
uucp:*::
man:*::
proxy:*::
kmem:*::
dialout:*::
fax:*::
voice:*::
cdrom:*::phares
floppy:*::
tape:*::
sudo:*::phares,podman
audio:*::
dip:*::phares
www-data:*::
backup:*::
operator:*::
list:*::
irc:*::
src:*::
shadow:*::
utmp:*::
video:*::
sasl:*::
plugdev:*::phares
staff:*::
games:*::
users:*::pihole,podman,lphares,bmiller
nogroup:*::
systemd-journal:!*::
systemd-network:!*::
systemd-timesync:!*::
input:!*::
sgx:!*::
kvm:!*::
render:!*::
lxd:!::phares
messagebus:!::
systemd-resolve:!*::
_ssh:!::
polkitd:!*::
crontab:!*::
syslog:!::
uuidd:!::
rdma:!::
tcpdump:!::
tss:!::
landscape:!::
fwupd-refresh:!*::
netdev:!::
phares:!::
pihole:!::www-data
podman:!::
lphares:!::bmiller
bmiller:!::
unbound:!::
cockpit-ws:!::
cockpit-wsinstance:!::

66
etc/gshadow- Normal file
View File

@ -0,0 +1,66 @@
root:*::
daemon:*::
bin:*::
sys:*::
adm:*::syslog,phares
tty:*::
disk:*::
lp:*::
mail:*::
news:*::
uucp:*::
man:*::
proxy:*::
kmem:*::
dialout:*::
fax:*::
voice:*::
cdrom:*::phares
floppy:*::
tape:*::
sudo:*::phares,podman
audio:*::
dip:*::phares
www-data:*::
backup:*::
operator:*::
list:*::
irc:*::
src:*::
shadow:*::
utmp:*::
video:*::
sasl:*::
plugdev:*::phares
staff:*::
games:*::
users:*::pihole,podman,lphares,bmiller
nogroup:*::
systemd-journal:!*::
systemd-network:!*::
systemd-timesync:!*::
input:!*::
sgx:!*::
kvm:!*::
render:!*::
lxd:!::phares
messagebus:!::
systemd-resolve:!*::
_ssh:!::
polkitd:!*::
crontab:!*::
syslog:!::
uuidd:!::
rdma:!::
tcpdump:!::
tss:!::
landscape:!::
fwupd-refresh:!*::
netdev:!::
phares:!::
pihole:!::www-data
podman:!::
lphares:!::bmiller
bmiller:!::
unbound:!::
cockpit-ws:!::

2
etc/hosts
View File

@ -1,5 +1,5 @@
127.0.0.1 localhost
127.0.1.1 server
127.0.1.1 beelink
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback

1
etc/letsencrypt/.updated-options-ssl-nginx-conf-digest.txt Normal file
View File

@ -0,0 +1 @@
5e21cc66989f26ec46116d979421e538131cf8ab33ffff3f682fbfe491b0ace8

1
etc/letsencrypt/.updated-ssl-dhparams-pem-digest.txt Normal file
View File

@ -0,0 +1 @@
9ba6429597aeed2d8617a7705b56e96d044f64b07971659382e426675105654b

1
etc/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/159b515664ccbe1f7ef4c20da490029c/meta.json Normal file
View File

@ -0,0 +1 @@
{"creation_dt": "2024-07-26T23:59:42Z", "creation_host": "beelink"}

1
etc/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/159b515664ccbe1f7ef4c20da490029c/private_key.json Normal file
View File

@ -0,0 +1 @@
{"n": "kg7W5UNvS0rGXFBdlzyOJwwsbJMDICMbV5uZNmBg57SbPycsdhY7q6E5i0Uwgnm9BZCym_x8xHSJm8h6YBOqaWfgtI3akPUUREaW4lfUK73cQqrSkcuytVKzaz1fPnzNX0uoxa5Z3llc7BuFbUWknWPB1TFBJH7puneKIAsq6RkNJ_ykT49mzK6QB_mIjnDDJfv066Hs5-y2k7Mve4ntBgxOCO2sGBuiYOad2CX8pn0bRBLg3_JoAMc2eozDeXPbSqTfta5iCiV_39942RhWctDsk2May-EhQDWBRsjTKDnQ--OkYNA23unqq8Hwjb7ROSP1Mo4ryD7epS0lkAuyLw", "e": "AQAB", "d": "RR9HvT2CRMAxCwwvlrzeS4V72rBieMmUjYwCYNUQ12dGV4drB8Gy4KFO8eW_NOh3N9SIasD9rR236CVjIOf9rJ-wHNLLXvHVcxBzJNBLBZ53SIe-WqhrvVtTtQtY8WIv8YsFZvSB7HQfQVAu_41HgALvfz0tpp93brtW_545YxG0fNnuK3WZEJnIF30a99gWFVK2iSVPCUK-SpJ5Pa2w1rGhB_IdT2WxXJ-1Ni-emxCeFYcaUs7D7luxFEFkbJce_bvsJJ92CdRUIRDnJymVtb1WBaWL5nbkp9KlUNdF1-FJjfS1FN5a1ESQcW0yg4nR4-AN6gENPp6i6hYTFw-c4Q", "p": "wiCyc7wN7fNPgB9ghgP5vd-RO5_F4qKn5K0KaCCOitev1nhVNzbBWmB_heaA7FEOi_B0Roa2PFaDnuQanL21wGLL3FrzpNDLj7y-jAhddrpcWJZOL28dkH1bRWVc3SyyVc7muMG3UcpjuA5wROSaUo07k2Bx2yga0zqh_Tt6ceE", "q": "wJwGxGz-qudJ6wgpyufXXYO4dvXpncjNIAFjMglKB_EWntDY3CQdVx21LmddJAWfaef9o9ZTrQHlI4NTbbzuSFx9Kx4MvZ4pcT8FxI5lLr21aR0ZIfQtBVq_SJ3SPO6fhGS0OkfnNneUodHlPCTZjcQv6ZfpkVOl_orWUx8rxg8", "dp": "ja7_j6i5IeprI7_C2w0bwZDilvnNm9PLZgNFjSn13y_8jjPVPi8gf63eZQQPJGskis48jxzS9MbP2a_yHGP5uyhgUbuwB6K8b3P6Pon8bSMnMyDAf65Bjatwaf3JAUQWBLq1ejMocPGeRj-DgUS3vXiG-tFxR9rFeVVZ1VEL1QE", "dq": "nXWwjppwY7Url8oXqHp6dUe-4PnO36AOGZEoz_oKHI36qSEheG7J0bNGsEXuPgmetkzi7TLFO1WmRq8Q4FCpGF0MMtihH88SIDOeen7StzB-Aw23wytENvFmGW50Nj36CJjvQgoQOlXuG5BlcBLMC_qMFNKNLrKMrJhB-Lgt5_8", "qi": "WlkLosxwdKVCthqALtlpQnU8sc6uh1AiRFhKw-YBZLNP0HxMJDS0llTk517Gx8gS2bbxZ0XwqIASxFiskSGR6JsmO2kAeuCvaRvfXuTZZ_2b0-wJEiqU11uphr5Sd_USPyeuoyeaYexoip7s0Gxv1gn4Z7Xo-E1y46obtOAHRyI", "kty": "RSA"}

1
etc/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/159b515664ccbe1f7ef4c20da490029c/regr.json Normal file
View File

@ -0,0 +1 @@
{"body": {}, "uri": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/157190503"}

1
etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/0dc29e2da338706a1a356c4f2ef0c15b/meta.json Normal file
View File

@ -0,0 +1 @@
{"creation_dt": "2024-07-26T23:57:42Z", "creation_host": "beelink"}

1
etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/0dc29e2da338706a1a356c4f2ef0c15b/private_key.json Normal file
View File

@ -0,0 +1 @@
{"n": "vVHUQWRpoK-vQwGXGnZM2ArwzgHYVRege39FvhwWeMZS1MaQIrGYfm8I9IIRPHCPTysK2CccuQLWDZBDeDSrljq68VLVd7Q5Mx7C0TD6bzRHe70Ur8FKDtGh-d2aAjdVevOUgcykJ0pmKWYBmDbAqeKPt7bFoqeXi-oMvjz6NHF_2weiDyC-Exv8galKoK7uJbcAL1KJt39gAUzkOuDAMhb_e2s8QCnBHmP-yhyAWz5Q_A2dKuI4Focg5PmKBPh_XerYnXCeoMaNSySiaS4NorIYpLBU65P9qebfXj4SMfIS1QtU6e8pnUqTWs57ApMSWeYxvNry74YE0fiHFq4mHw", "e": "AQAB", "d": "BeO4TFOhALvGa4K3zAcE1Im8Tr_DhC4oxSNVY5jcPK0vWFcPBGi2ZIkZCJPx2cCQGnebQEIMX-npdYWPm8RajnNfInDpLUoTOb_TBGpFAVWgO2HdrD0vMIqvZzi-HW0bHE1u21lwDr0jj8Nr-NlU6lQMyzuFAgVyQPiqydGyzhPM9Qa0_ikHJz_xsB9xPJz4dnP2PLOy5wu_oyPzS49n9tifa8vHahX-fDoS_1GGuAO2QJL6iqgbgAozmCBNs-3lFEZrN0sw3ko4MR4PEsJLoap8g6z3DsY5-jq1aj029v4AOx6VWD462lSRhtoUDtHPduWEUEDsvBzrhs9jpEKYBQ", "p": "7JPbQoYU97li3KH4AVOF2A_auQzP-A0CH6UWuem_Mb7pTA3HAGxVwt3K6Jw_RZlWoiKyumUsEOaZjDsOj8leK5LuWDmLjX3hcuNHAI3EosdylPR-cDEXGA_kewSGDhy819tIs_96vMXus0F7BRcuIen4Dml-fs94LBzDKKnPRMU", "q": "zNzBHtLCTEHs4g0z0drzenvx_Fce7dhBs5_zqzeLXBpCNxNMonwbBu70k8-25EPWaUbtIKZdRzuNqL-1D1ECJDx9Amdp0EaEdxxuubpzFOvKORv304XeDXJ1vbt7UxUBhf6ZksaUJSm6-1tFMYRylMaXHzza6G3ym7nkUFNHlZM", "dp": "WptWQmgv56Cs6GtwHLHsdQ-9aVoq3Im-4nfL-HA5tce0elhceyECx5tCd0xAP1u2_mnjodfVxLNM45RKw28QDgg8GLYRaKNpkSLSsreZM-7HR51MP5PNkH2luCfHX-hJuzJU6ftS-rGj9iuB_jUeigad5oco11CGaf6qEAzZQTE", "dq": "c5ImMKldi3-1j2E7Vqxap0K9JUpQ3IUfq6IU6QaQzAjUShXNKe0xohu0Rp7r4qKSlxm4NK8l-EWUiRp9noJo3uBw9aY5f5IIsNmNbaHNwoOytb0ddmsS9isYWU0nKZu0HE-he7gjY0PDhIHc6y55JY1TPAAszusX7tpT_yy8OZk", "qi": "QjLmAyTADP4e2MlXLLfJDejLnIfHutxHUfNBt3WYvC2jvX0AH8nJcgccCVOchDFjAK0m5wzBQ2SJH4CAIzgNqkyKc42vLNGEF6wK6k8tdw0BVDveWl5O2-0D8NEgb8WrLhWZBFAOPWASvrsVfl9VetbThYqfmNCaPTW9w3tP4zk", "kty": "RSA"}

1
etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/0dc29e2da338706a1a356c4f2ef0c15b/regr.json Normal file
View File

@ -0,0 +1 @@
{"body": {}, "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/1859007847"}

25
etc/letsencrypt/archive/phares3757.ddns.net/cert1.pem Normal file
View File

@ -0,0 +1,25 @@
-----BEGIN CERTIFICATE-----
MIIEODCCA7+gAwIBAgISBGZxfACT5sYQIkJkWF9VAy3IMAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NjAeFw0yNDA3MjYyMjU4NTlaFw0yNDEwMjQyMjU4NThaMB4xHDAaBgNVBAMTE3Bo
YXJlczM3NTcuZGRucy5uZXQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATHcFj7
f+XaIh7OYwyOptBrsxy3WB8KGoc9O2XSSnzeXioX1ddrGnDomfJgM0OZFxsTZ+8O
Qr8NnFfTcSO4xbb+o4ICxzCCAsMwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR5wkKi
B1hhrOLCQDYCn6MshPzG/TAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU
0jBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNi5vLmxlbmNy
Lm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U2LmkubGVuY3Iub3JnLzCBzwYDVR0R
BIHHMIHEgg9hZmZpcm0uZGRucy5uZXSCGGdpdGVhLnBoYXJlcy5kdWNrZG5zLm9y
Z4IZaW1taWNoLnBoYXJlcy5kdWNrZG5zLm9yZ4IYbXVzaWMucGhhcmVzLmR1Y2tk
bnMub3JnghJwaGFyZXMuZHVja2Rucy5vcmeCE3BoYXJlczM3NTcuZGRucy5uZXSC
GXF1YXJ0ei5waGFyZXMuZHVja2Rucy5vcmeCHnZhdWx0d2FyZGVuLnBoYXJlcy5k
dWNrZG5zLm9yZzATBgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIE
gfUEgfIA8AB2AN/hVuuqBa+1nA+GcY2owDJOrlbZbqf1pWoB0cE7vlJcAAABkPF7
y3UAAAQDAEcwRQIgfqj7WK/yXqpQHgKdhsKjFbhWA/6wFy4iMd6m1WeA7XsCIQDX
ASLBpFnKw3Mg37Jqo4Y5teLOB1pSyFPwR+k9lwrAIgB2AEiw42vapkc0D+VqAvqd
MOscUgHLVt0sgdm7v6s52IRzAAABkPF7yqEAAAQDAEcwRQIhAMswhuEwLAuW4652
GSH14dozTPJhZqrZ/FPbuv9zO/j2AiAbisEfkTkP8D/gnfhzDOTMoHKNtQ7jlmV5
Vs7GWzeqZzAKBggqhkjOPQQDAwNnADBkAjAv5mUnVLx+WJKepoOeQi+qQLLPvkdx
spMeWv6NF+guT5vqRpeMJvMrxnMAl7SrUE4CMFMVjNtzVRmBTRI1QhVJ/RJBGgdU
Qslpc60kIftFxNqqw3n/OUle+OBKX71YyGFC/g==
-----END CERTIFICATE-----

26
etc/letsencrypt/archive/phares3757.ddns.net/chain1.pem Normal file
View File

@ -0,0 +1,26 @@
-----BEGIN CERTIFICATE-----
MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
Ig46v9mFmBvyH04=
-----END CERTIFICATE-----

51
etc/letsencrypt/archive/phares3757.ddns.net/fullchain1.pem Normal file
View File

@ -0,0 +1,51 @@
-----BEGIN CERTIFICATE-----
MIIEODCCA7+gAwIBAgISBGZxfACT5sYQIkJkWF9VAy3IMAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NjAeFw0yNDA3MjYyMjU4NTlaFw0yNDEwMjQyMjU4NThaMB4xHDAaBgNVBAMTE3Bo
YXJlczM3NTcuZGRucy5uZXQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATHcFj7
f+XaIh7OYwyOptBrsxy3WB8KGoc9O2XSSnzeXioX1ddrGnDomfJgM0OZFxsTZ+8O
Qr8NnFfTcSO4xbb+o4ICxzCCAsMwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR5wkKi
B1hhrOLCQDYCn6MshPzG/TAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU
0jBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNi5vLmxlbmNy
Lm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U2LmkubGVuY3Iub3JnLzCBzwYDVR0R
BIHHMIHEgg9hZmZpcm0uZGRucy5uZXSCGGdpdGVhLnBoYXJlcy5kdWNrZG5zLm9y
Z4IZaW1taWNoLnBoYXJlcy5kdWNrZG5zLm9yZ4IYbXVzaWMucGhhcmVzLmR1Y2tk
bnMub3JnghJwaGFyZXMuZHVja2Rucy5vcmeCE3BoYXJlczM3NTcuZGRucy5uZXSC
GXF1YXJ0ei5waGFyZXMuZHVja2Rucy5vcmeCHnZhdWx0d2FyZGVuLnBoYXJlcy5k
dWNrZG5zLm9yZzATBgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIE
gfUEgfIA8AB2AN/hVuuqBa+1nA+GcY2owDJOrlbZbqf1pWoB0cE7vlJcAAABkPF7
y3UAAAQDAEcwRQIgfqj7WK/yXqpQHgKdhsKjFbhWA/6wFy4iMd6m1WeA7XsCIQDX
ASLBpFnKw3Mg37Jqo4Y5teLOB1pSyFPwR+k9lwrAIgB2AEiw42vapkc0D+VqAvqd
MOscUgHLVt0sgdm7v6s52IRzAAABkPF7yqEAAAQDAEcwRQIhAMswhuEwLAuW4652
GSH14dozTPJhZqrZ/FPbuv9zO/j2AiAbisEfkTkP8D/gnfhzDOTMoHKNtQ7jlmV5
Vs7GWzeqZzAKBggqhkjOPQQDAwNnADBkAjAv5mUnVLx+WJKepoOeQi+qQLLPvkdx
spMeWv6NF+guT5vqRpeMJvMrxnMAl7SrUE4CMFMVjNtzVRmBTRI1QhVJ/RJBGgdU
Qslpc60kIftFxNqqw3n/OUle+OBKX71YyGFC/g==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
Ig46v9mFmBvyH04=
-----END CERTIFICATE-----

5
etc/letsencrypt/archive/phares3757.ddns.net/privkey1.pem Normal file
View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgl3/wvigSQRZX75ZL
c/kcKHbCnM4Jees44nHIhikPm26hRANCAATHcFj7f+XaIh7OYwyOptBrsxy3WB8K
Goc9O2XSSnzeXioX1ddrGnDomfJgM0OZFxsTZ+8OQr8NnFfTcSO4xbb+
-----END PRIVATE KEY-----

5
etc/letsencrypt/cli.ini Normal file
View File

@ -0,0 +1,5 @@
# Because we are using logrotate for greater flexibility, disable the
# internal certbot logrotation.
max-log-backups = 0
# Adjust interactive output regarding automated renewal
preconfigured-renewal = True

14
etc/letsencrypt/live/README Normal file
View File

@ -0,0 +1,14 @@
This directory contains your keys and certificates.
`[cert name]/privkey.pem` : the private key for your certificate.
`[cert name]/fullchain.pem`: the certificate file used in most server software.
`[cert name]/chain.pem` : used for OCSP stapling in Nginx >=1.3.7.
`[cert name]/cert.pem` : will break many server configurations, and should not be used
without reading further documentation (see link below).
WARNING: DO NOT MOVE OR RENAME THESE FILES!
Certbot expects these files to remain in this location in order
to function properly!
We recommend not moving these files. For more information, see the Certbot
User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates.

14
etc/letsencrypt/live/phares3757.ddns.net/README Normal file
View File

@ -0,0 +1,14 @@
This directory contains your keys and certificates.
`privkey.pem` : the private key for your certificate.
`fullchain.pem`: the certificate file used in most server software.
`chain.pem` : used for OCSP stapling in Nginx >=1.3.7.
`cert.pem` : will break many server configurations, and should not be used
without reading further documentation (see link below).
WARNING: DO NOT MOVE OR RENAME THESE FILES!
Certbot expects these files to remain in this location in order
to function properly!
We recommend not moving these files. For more information, see the Certbot
User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates.

14
etc/letsencrypt/options-ssl-nginx.conf Normal file
View File

@ -0,0 +1,14 @@
# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file. Contents are based on https://ssl-config.mozilla.org
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";

15
etc/letsencrypt/renewal/phares3757.ddns.net.conf Normal file
View File

@ -0,0 +1,15 @@
# renew_before_expiry = 30 days
version = 2.11.0
archive_dir = /etc/letsencrypt/archive/phares3757.ddns.net
cert = /etc/letsencrypt/live/phares3757.ddns.net/cert.pem
privkey = /etc/letsencrypt/live/phares3757.ddns.net/privkey.pem
chain = /etc/letsencrypt/live/phares3757.ddns.net/chain.pem
fullchain = /etc/letsencrypt/live/phares3757.ddns.net/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = 0dc29e2da338706a1a356c4f2ef0c15b
authenticator = nginx
installer = nginx
server = https://acme-v02.api.letsencrypt.org/directory
key_type = ecdsa

8
etc/letsencrypt/ssl-dhparams.pem Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
-----END DH PARAMETERS-----

61
etc/lighttpd/lighttpd.conf Normal file
View File

@ -0,0 +1,61 @@
### Documentation
# https://wiki.lighttpd.net/
#
### Configuration Syntax
# https://wiki.lighttpd.net/Docs_Configuration
#
### Configuration Options
# https://wiki.lighttpd.net/Docs_ConfigurationOptions
#
### Debian lighttpd base configuration
server.modules = (
"mod_indexfile",
"mod_access",
"mod_alias",
"mod_redirect",
)
server.document-root = "/var/www/html"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 8005
# strict parsing and normalization of URL for consistency and security
# https://wiki.lighttpd.net/Server_http-parseoptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable"
# if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
"header-strict" => "enable",# default
"host-strict" => "enable",# default
"host-normalize" => "enable",# default
"url-normalize-unreserved"=> "enable",# recommended highly
"url-normalize-required" => "enable",# recommended
"url-ctrls-reject" => "enable",# recommended
"url-path-2f-decode" => "enable",# recommended highly (unless breaks app)
#"url-path-2f-reject" => "enable",
"url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app)
#"url-path-dotseg-reject" => "enable",
#"url-query-20-plus" => "enable",# consistency in query string
"url-invalid-utf8-reject" => "enable",# recommended highly (unless breaks app)
)
index-file.names = ( "index.php", "index.html" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"
# default listening port for IPv6 is same as default IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
### Customizations
# customizations should generally be placed in separate files such as
# /etc/lighttpd/conf-available/00_vars.conf # override variables for *.conf
# /etc/lighttpd/conf-available/99_custom.conf # override *.conf settings
# and then enabled using lighty-enable-mod (1)

117
etc/nginx/sites-available/default
View File

@ -1,91 +1,42 @@
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
listen 8080 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
include /etc/nginx/include/affirm.conf;
# include /etc/nginx/include/ansible.conf;
# include /etc/nginx/include/assistant.conf;
# include /etc/nginx/include/casa.conf;
include /etc/nginx/include/codeserver.conf;
include /etc/nginx/include/dashkiosk.conf;
# include /etc/nginx/include/dockge.conf;
# include /etc/nginx/include/docmost.conf;
# include /etc/nginx/include/emby.conf;
# include /etc/nginx/include/filebrowser.conf;
# include /etc/nginx/include/gogs.conf;
include /etc/nginx/include/gitea.conf;
include /etc/nginx/include/immich.conf;
include /etc/nginx/include/incus.conf;
# include /etc/nginx/include/invoice.conf;
include /etc/nginx/include/lxconsole.conf;
include /etc/nginx/include/kestra.conf;
include /etc/nginx/include/music.conf;
# include /etc/nginx/include/nextcloud.conf;
# include /etc/nginx/include/owncast.conf;
include /etc/nginx/include/phares.conf;
include /etc/nginx/include/pgadmin.conf;
# include /etc/nginx/include/photoprism.conf;
# include /etc/nginx/include/pihole.conf;
# include /etc/nginx/include/proxmox.conf;
include /etc/nginx/include/quartz.conf;
# include /etc/nginx/include/readeck.conf;
# include /etc/nginx/include/syncthing.conf;
# include /etc/nginx/include/terraform.conf;
# include /etc/nginx/include/uptimekuma.conf;
include /etc/nginx/include/vaultwarden.conf;
# include /etc/nginx/include/vscodium.conf;
# include /etc/nginx/include/wekan.conf;

26
etc/passwd
View File

@ -19,10 +19,24 @@ nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-network:x:998:998:systemd Network Management:/:/usr/sbin/nologin
systemd-timesync:x:997:997:systemd Time Synchronization:/:/usr/sbin/nologin
dhcpcd:x:100:65534:DHCP Client Daemon,,,:/usr/lib/dhcpcd:/bin/false
messagebus:x:101:106::/nonexistent:/usr/sbin/nologin
systemd-resolve:x:996:996:systemd Resolver:/:/usr/sbin/nologin
messagebus:x:101:102::/nonexistent:/usr/sbin/nologin
systemd-resolve:x:992:992:systemd Resolver:/:/usr/sbin/nologin
pollinate:x:102:1::/var/cache/pollinate:/bin/false
polkitd:x:995:995:polkit:/nonexistent:/usr/sbin/nologin
usbmux:x:103:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
sshd:x:104:65534::/run/sshd:/usr/sbin/nologin
mike:x:1000:1000:Mike Phares:/home/mike:/bin/bash
polkitd:x:991:991:User for polkitd:/:/usr/sbin/nologin
syslog:x:103:104::/nonexistent:/usr/sbin/nologin
uuidd:x:104:105::/run/uuidd:/usr/sbin/nologin
tcpdump:x:105:107::/nonexistent:/usr/sbin/nologin
tss:x:106:108:TPM software stack,,,:/var/lib/tpm:/bin/false
landscape:x:107:109::/var/lib/landscape:/usr/sbin/nologin
fwupd-refresh:x:989:989:Firmware update daemon:/var/lib/fwupd:/usr/sbin/nologin
usbmux:x:108:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
sshd:x:109:65534::/run/sshd:/usr/sbin/nologin
phares:x:1000:1000:Mike Phares:/home/phares:/bin/bash
pihole:x:1001:1001:Pi-hole,,,:/home/pihole:/bin/bash
podman:x:1002:1002:Podman,,,:/home/podman:/bin/bash
lphares:x:1003:1003:Logan Phares,,,:/home/lphares:/bin/bash
bmiller:x:1004:1004:Bill Miller,,,:/home/bmiller:/bin/bash
unbound:x:110:111::/var/lib/unbound:/usr/sbin/nologin
dnsmasq:x:999:65534:dnsmasq:/var/lib/misc:/usr/sbin/nologin
cockpit-ws:x:111:112::/nonexistent:/usr/sbin/nologin
cockpit-wsinstance:x:112:113::/nonexistent:/usr/sbin/nologin

41
etc/passwd- Normal file
View File

@ -0,0 +1,41 @@
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-network:x:998:998:systemd Network Management:/:/usr/sbin/nologin
systemd-timesync:x:997:997:systemd Time Synchronization:/:/usr/sbin/nologin
dhcpcd:x:100:65534:DHCP Client Daemon,,,:/usr/lib/dhcpcd:/bin/false
messagebus:x:101:102::/nonexistent:/usr/sbin/nologin
systemd-resolve:x:992:992:systemd Resolver:/:/usr/sbin/nologin
pollinate:x:102:1::/var/cache/pollinate:/bin/false
polkitd:x:991:991:User for polkitd:/:/usr/sbin/nologin
syslog:x:103:104::/nonexistent:/usr/sbin/nologin
uuidd:x:104:105::/run/uuidd:/usr/sbin/nologin
tcpdump:x:105:107::/nonexistent:/usr/sbin/nologin
tss:x:106:108:TPM software stack,,,:/var/lib/tpm:/bin/false
landscape:x:107:109::/var/lib/landscape:/usr/sbin/nologin
fwupd-refresh:x:989:989:Firmware update daemon:/var/lib/fwupd:/usr/sbin/nologin
usbmux:x:108:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
sshd:x:109:65534::/run/sshd:/usr/sbin/nologin
phares:x:1000:1000:Mike Phares:/home/phares:/bin/bash
pihole:x:1001:1001:Pi-hole,,,:/home/pihole:/bin/bash
podman:x:1002:1002:Podman,,,:/home/podman:/bin/bash
lphares:x:1003:1003:Logan Phares,,,:/home/lphares:/bin/bash
bmiller:x:1004:1004:Bill Miller,,,:/home/bmiller:/bin/bash
unbound:x:110:111::/var/lib/unbound:/usr/sbin/nologin
dnsmasq:x:999:65534:dnsmasq:/var/lib/misc:/usr/sbin/nologin
cockpit-ws:x:111:112::/nonexistent:/usr/sbin/nologin

0
etc/pihole/dhcp.leases Normal file
View File

14
etc/pihole/setupVars.conf Normal file
View File

@ -0,0 +1,14 @@
PIHOLE_INTERFACE=enp2s0
QUERY_LOGGING=true
INSTALL_WEB_SERVER=true
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=true
CACHE_SIZE=10000
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSMASQ_LISTENING=local
WEBPASSWORD=4f2f4f253d64a90315c0ace8a61b6b6e828f8d8d996b0a0b0e153230617bedd3
BLOCKING_ENABLED=true
PIHOLE_DNS_1=127.0.0.1#5335
DNSSEC=false
REV_SERVER=false

42
etc/shadow Normal file
View File

@ -0,0 +1,42 @@
root:*:19836:0:99999:7:::
daemon:*:19836:0:99999:7:::
bin:*:19836:0:99999:7:::
sys:*:19836:0:99999:7:::
sync:*:19836:0:99999:7:::
games:*:19836:0:99999:7:::
man:*:19836:0:99999:7:::
lp:*:19836:0:99999:7:::
mail:*:19836:0:99999:7:::
news:*:19836:0:99999:7:::
uucp:*:19836:0:99999:7:::
proxy:*:19836:0:99999:7:::
www-data:*:19836:0:99999:7:::
backup:*:19836:0:99999:7:::
list:*:19836:0:99999:7:::
irc:*:19836:0:99999:7:::
_apt:*:19836:0:99999:7:::
nobody:*:19836:0:99999:7:::
systemd-network:!*:19836::::::
systemd-timesync:!*:19836::::::
dhcpcd:!:19836::::::
messagebus:!:19836::::::
systemd-resolve:!*:19836::::::
pollinate:!:19836::::::
polkitd:!*:19836::::::
syslog:!:19836::::::
uuidd:!:19836::::::
tcpdump:!:19836::::::
tss:!:19836::::::
landscape:!:19836::::::
fwupd-refresh:!*:19836::::::
usbmux:!:19929::::::
sshd:!:19929::::::
phares:$y$j9T$mk3Fb5hENQkN//RvJPyB6.$xdsox1L6gnbZibmeEsveAMNjZ22J7sIEz.W957Osj1A:19930:0:99999:7:::
pihole:$y$j9T$k223Uf777oEQZtuag6kXO1$vfa4e7EdalU7A9ECEoPJ7QHnN9Bkylct7kNIHZYXGP8:19929:0:99999:7:::
podman:$y$j9T$kuuH4dAlA8LAbBASzBA6y/$9xVT4/nstOeIVTVoil/WSUKMIyePo8dKBXDByMm.qG5:19929:0:99999:7:::
lphares:$y$j9T$m33.tZHwrEl7X.ovXN.a7/$z2We2A72fQMDkSQIYetbXuNNTk8YHNEvQeisSwtmo6C:19929:0:99999:7:::
bmiller:$y$j9T$sYFlvEEV1yntCl3CeN8M70$CpuMQrO3K9NFF122NsJWvM5nxnQK8EXvmD3C41.JZm8:19929:0:99999:7:::
unbound:!:19929::::::
dnsmasq:!:19930::::::
cockpit-ws:!:19930::::::
cockpit-wsinstance:!:19930::::::

41
etc/shadow- Normal file
View File

@ -0,0 +1,41 @@
root:*:19836:0:99999:7:::
daemon:*:19836:0:99999:7:::
bin:*:19836:0:99999:7:::
sys:*:19836:0:99999:7:::
sync:*:19836:0:99999:7:::
games:*:19836:0:99999:7:::
man:*:19836:0:99999:7:::
lp:*:19836:0:99999:7:::
mail:*:19836:0:99999:7:::
news:*:19836:0:99999:7:::
uucp:*:19836:0:99999:7:::
proxy:*:19836:0:99999:7:::
www-data:*:19836:0:99999:7:::
backup:*:19836:0:99999:7:::
list:*:19836:0:99999:7:::
irc:*:19836:0:99999:7:::
_apt:*:19836:0:99999:7:::
nobody:*:19836:0:99999:7:::
systemd-network:!*:19836::::::
systemd-timesync:!*:19836::::::
dhcpcd:!:19836::::::
messagebus:!:19836::::::
systemd-resolve:!*:19836::::::
pollinate:!:19836::::::
polkitd:!*:19836::::::
syslog:!:19836::::::
uuidd:!:19836::::::
tcpdump:!:19836::::::
tss:!:19836::::::
landscape:!:19836::::::
fwupd-refresh:!*:19836::::::
usbmux:!:19929::::::
sshd:!:19929::::::
phares:$6$X.bTmW8z9/2WwB08$pivFW7YtPuGBou4Ut7eB1Y1ELwOVumy5tJYMf/RTQgkdUWzkKs9jndwfuVzTRlknbyGzA4A1lPImVtVHOCyBs/:19929:0:99999:7:::
pihole:$y$j9T$k223Uf777oEQZtuag6kXO1$vfa4e7EdalU7A9ECEoPJ7QHnN9Bkylct7kNIHZYXGP8:19929:0:99999:7:::
podman:$y$j9T$kuuH4dAlA8LAbBASzBA6y/$9xVT4/nstOeIVTVoil/WSUKMIyePo8dKBXDByMm.qG5:19929:0:99999:7:::
lphares:$y$j9T$m33.tZHwrEl7X.ovXN.a7/$z2We2A72fQMDkSQIYetbXuNNTk8YHNEvQeisSwtmo6C:19929:0:99999:7:::
bmiller:$y$j9T$sYFlvEEV1yntCl3CeN8M70$CpuMQrO3K9NFF122NsJWvM5nxnQK8EXvmD3C41.JZm8:19929:0:99999:7:::
unbound:!:19929::::::
dnsmasq:!:19930::::::
cockpit-ws:!:19930::::::

10
etc/sysctl.conf
View File

@ -42,7 +42,7 @@
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
#net.ipv4.conf.default.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
@ -51,10 +51,6 @@
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
@ -66,3 +62,7 @@
# for what other values do
#kernel.sysrq=438
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

11
etc/systemd/resolved.conf
View File

@ -6,9 +6,11 @@
# any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file, or by creating "drop-ins" in
# the resolved.conf.d/ subdirectory. The latter is generally recommended.
# Defaults can be restored by simply deleting this file and all drop-ins.
# should be created by either modifying this file (or a copy of it placed in
# /etc/ if the original file is shipped in /usr/), or by creating "drop-ins" in
# the /etc/systemd/resolved.conf.d/ directory. The latter is generally
# recommended. Defaults can be restored by simply deleting the main
# configuration file and all drop-ins located in /etc/.
#
# Use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.
#
@ -28,7 +30,8 @@
#LLMNR=no
#Cache=no-negative
#CacheFromLocalhost=no
#DNSStubListener=yes
DNSStubListener=no
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no
#StaleRetentionSec=0

16
etc/systemd/system/snap.certbot.renew.service Normal file
View File

@ -0,0 +1,16 @@
[Unit]
# Auto-generated, DO NOT EDIT
Description=Service for snap application certbot.renew
Requires=snap-certbot-3834.mount
Wants=network.target
After=snap-certbot-3834.mount network.target snapd.apparmor.service
X-Snappy=yes
[Service]
EnvironmentFile=-/etc/environment
ExecStart=/usr/bin/snap run --timer="00:00~24:00/2" certbot.renew
SyslogIdentifier=certbot.renew
Restart=no
WorkingDirectory=/var/snap/certbot/3834
TimeoutStopSec=30
Type=oneshot

14
etc/systemd/system/snap.certbot.renew.timer Normal file
View File

@ -0,0 +1,14 @@
[Unit]
# Auto-generated, DO NOT EDIT
Description=Timer renew for snap application certbot.renew
Requires=snap-certbot-3834.mount
After=snap-certbot-3834.mount
X-Snappy=yes
[Timer]
Unit=snap.certbot.renew.service
OnCalendar=*-*-* 05:54
OnCalendar=*-*-* 14:00
[Install]
WantedBy=timers.target

19
etc/systemd/system/snap.dashkiosk.dashkiosk.service Normal file
View File

@ -0,0 +1,19 @@
[Unit]
# Auto-generated, DO NOT EDIT
Description=Service for snap application dashkiosk.dashkiosk
Requires=snap-dashkiosk-10.mount
Wants=network.target
After=snap-dashkiosk-10.mount network.target snapd.apparmor.service
X-Snappy=yes
[Service]
EnvironmentFile=-/etc/environment
ExecStart=/usr/bin/snap run dashkiosk
SyslogIdentifier=dashkiosk.dashkiosk
Restart=on-failure
WorkingDirectory=/var/snap/dashkiosk/10
TimeoutStopSec=30
Type=simple
[Install]
WantedBy=multi-user.target

20
etc/systemd/system/snap.ubuntu-frame.daemon.service Normal file
View File

@ -0,0 +1,20 @@
[Unit]
# Auto-generated, DO NOT EDIT
Description=Service for snap application ubuntu-frame.daemon
Requires=snap-ubuntu\x2dframe-9750.mount
Wants=network.target
After=snap-ubuntu\x2dframe-9750.mount network.target snapd.apparmor.service
X-Snappy=yes
[Service]
EnvironmentFile=-/etc/environment
ExecStart=/usr/bin/snap run ubuntu-frame.daemon
SyslogIdentifier=ubuntu-frame.daemon
Restart=on-failure
RestartSec=3
WorkingDirectory=/var/snap/ubuntu-frame/9750
TimeoutStopSec=30
Type=simple
[Install]
WantedBy=multi-user.target

20
etc/systemd/system/snap.wpe-webkit-mir-kiosk.daemon.service Normal file
View File

@ -0,0 +1,20 @@
[Unit]
# Auto-generated, DO NOT EDIT
Description=Service for snap application wpe-webkit-mir-kiosk.daemon
Requires=snap-wpe\x2dwebkit\x2dmir\x2dkiosk-102.mount
Wants=network.target
After=snap-wpe\x2dwebkit\x2dmir\x2dkiosk-102.mount network.target snapd.apparmor.service
X-Snappy=yes
[Service]
EnvironmentFile=-/etc/environment
ExecStart=/usr/bin/snap run wpe-webkit-mir-kiosk.daemon
SyslogIdentifier=wpe-webkit-mir-kiosk.daemon
Restart=always
RestartSec=3
WorkingDirectory=/var/snap/wpe-webkit-mir-kiosk/102
TimeoutStopSec=30
Type=simple
[Install]
WantedBy=multi-user.target

19
etc/systemd/system/snap.wpe-webkit-mir-kiosk.restart-watcher.service Normal file
View File

@ -0,0 +1,19 @@
[Unit]
# Auto-generated, DO NOT EDIT
Description=Service for snap application wpe-webkit-mir-kiosk.restart-watcher
Requires=snap-wpe\x2dwebkit\x2dmir\x2dkiosk-102.mount
Wants=network.target
After=snap-wpe\x2dwebkit\x2dmir\x2dkiosk-102.mount network.target snapd.apparmor.service
X-Snappy=yes
[Service]
EnvironmentFile=-/etc/environment
ExecStart=/usr/bin/snap run wpe-webkit-mir-kiosk.restart-watcher
SyslogIdentifier=wpe-webkit-mir-kiosk.restart-watcher
Restart=always
WorkingDirectory=/var/snap/wpe-webkit-mir-kiosk/102
TimeoutStopSec=30
Type=simple
[Install]
WantedBy=multi-user.target

10
etc/unbound/unbound.conf Normal file
View File

@ -0,0 +1,10 @@
# Unbound configuration file for Debian.
#
# See the unbound.conf(5) man page.
#
# See /usr/share/doc/unbound/examples/unbound.conf for a commented
# reference config file.
#
# The following line includes additional configuration files from the
# /etc/unbound/unbound.conf.d directory.
include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"

66
etc/unbound/unbound.conf.d/pi-hole.conf Normal file
View File

@ -0,0 +1,66 @@
server:
# If no logfile is specified, syslog is used
# logfile: "/var/log/unbound/unbound.log"
verbosity: 0
interface: 127.0.0.1
port: 5335
do-ip4: yes
do-udp: yes
do-tcp: yes
# May be set to yes if you have IPv6 connectivity
do-ip6: no
# You want to leave this to no unless you have *native* IPv6. With 6to4 and
# Terredo tunnels your web browser should favor IPv4 for the same reasons
prefer-ip6: no
# Use this only when you downloaded the list of primary root servers!
# If you use the default dns-root-data package, unbound will find it automatically
#root-hints: "/var/lib/unbound/root.hints"
# Trust glue only if it is within the server's authority
harden-glue: yes
# Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
harden-dnssec-stripped: yes
# Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
# see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
use-caps-for-id: no
# Reduce EDNS reassembly buffer size.
# IP fragmentation is unreliable on the Internet today, and can cause
# transmission failures when large DNS messages are sent via UDP. Even
# when fragmentation does work, it may not be secure; it is theoretically
# possible to spoof parts of a fragmented DNS message, without easy
# detection at the receiving end. Recently, there was an excellent study
# >>> Defragmenting DNS - Determining the optimal maximum UDP response size for DNS <<<
# by Axel Koolhaas, and Tjeerd Slokker (https://indico.dns-oarc.net/event/36/contributions/776/)
# in collaboration with NLnet Labs explored DNS using real world data from the
# the RIPE Atlas probes and the researchers suggested different values for
# IPv4 and IPv6 and in different scenarios. They advise that servers should
# be configured to limit DNS messages sent over UDP to a size that will not
# trigger fragmentation on typical network links. DNS servers can switch
# from UDP to TCP when a DNS response is too big to fit in this limited
# buffer size. This value has also been suggested in DNS Flag Day 2020.
edns-buffer-size: 1232
# Perform prefetching of close to expired message cache entries
# This only applies to domains that have been frequently queried
prefetch: yes
# One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
num-threads: 1
# Ensure kernel buffer is large enough to not lose messages in traffic spikes
so-rcvbuf: 1m
# Ensure privacy of local IP ranges
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-address: fd00::/8
private-address: fe80::/10

1
home/podman/.config/containers/systemd/gitea-db-data.volume Normal file
View File

@ -0,0 +1 @@
[Volume]

28
home/podman/.config/containers/systemd/gitea-db.container Normal file
View File

@ -0,0 +1,28 @@
[Container]
AutoUpdate=registry
ContainerName=gitea-db
Environment="POSTGRES_DB=gitea"
Environment="POSTGRES_PASSWORD=gitea"
Environment="POSTGRES_USER=gitea"
Image=docker.io/library/postgres:14
# Network=gitea.network
# Pod=gitea.pod
PublishPort=5433:5432
Volume=gitea-db-data.volume:/var/lib/postgresql/data:Z
[Service]
Restart=no
[Install]
WantedBy=multi-user.target default.target
# podman pull docker.io/library/postgres:14
# systemctl --user daemon-reload
# systemctl --user start gitea-db
# systemctl --user status gitea-db
# journalctl -fu gitea-db.service
# podman logs gitea-db
# systemctl --user stop gitea-db
# systemctl --user disable gitea-db
# podman exec -ti gitea-db /bin/sh
# podman exec -ti gitea-db /bin/bash

1
home/podman/.config/containers/systemd/gitea-server-config.volume Normal file
View File

@ -0,0 +1 @@
[Volume]

1
home/podman/.config/containers/systemd/gitea-server-data.volume Normal file
View File

@ -0,0 +1 @@
[Volume]

50
home/podman/.config/containers/systemd/gitea-server.container Normal file
View File

@ -0,0 +1,50 @@
[Container]
# AutoUpdate=registry
ContainerName=gitea-server
Environment="GITEA__database__DB_TYPE=postgres"
Environment="GITEA__database__HOST=192.168.11.2:5433"
Environment="GITEA__database__NAME=gitea"
Environment="GITEA__database__PASSWD=gitea"
Environment="GITEA__database__USER=gitea"
Environment="GITEA__oauth2__JWT_SECRET=KUT-1Y6jrgw0hAHeCQ6XwyYzv_IfLG6zzRgi56kHNR4"
Environment="GITEA__repository__DEFAULT_BRANCH=master"
Environment="GITEA__repository__DEFAULT_PUSH_CREATE_PRIVATE=false"
Environment="GITEA__repository__ENABLE_PUSH_CREATE_ORG=true"
Environment="GITEA__repository__ENABLE_PUSH_CREATE_USER=true"
Environment="GITEA__security__INSTALL_LOCK=true"
Environment="GITEA__security__INTERNAL_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE3MjIwNTg2NzJ9.A8qHgZk3QALse398h7YtIOtHhm-Uefi50QApfKR5sic"
Environment="GITEA__security__PASSWORD_HASH_ALGO=pbkdf2"
Environment="GITEA__security__SECRET_KEY="
Environment="GITEA__server__DOMAIN=gitea.phares.duckdns.org"
Environment="GITEA__server__LFS_JWT_SECRET=WgTjm7nPHRtxHWrWi9EInaNnQGENsECgCqi2e9H37W0"
Environment="GITEA__server__ROOT_URL=https://gitea.phares.duckdns.org/"
Environment="GITEA__server__SSH_DOMAIN=gitea.phares.duckdns.org"
Image=docker.io/gitea/gitea:1.22.1-rootless
# Network=gitea.network
# Pod=gitea.pod
PublishPort=3000:3000
Volume=/etc/localtime:/etc/localtime:ro
Volume=/etc/timezone:/etc/timezone:ro
Volume=gitea-server-config.volume:/etc/gitea
Volume=gitea-server-data.volume:/var/lib/gitea:Z
[Unit]
Requires=gitea-db.service
After=gitea-db.service
[Service]
Restart=no
[Install]
WantedBy=multi-user.target default.target
# podman pull docker.io/gitea/gitea:1.22.1-rootless
# systemctl --user daemon-reload
# systemctl --user start gitea-server
# systemctl --user status gitea-server
# journalctl -fu gitea-server.service
# podman logs gitea-server
# systemctl --user stop gitea-server
# systemctl --user disable gitea-server
# podman exec -ti gitea-server /bin/sh
# podman exec -ti gitea-server /bin/bash

1
home/podman/.config/containers/systemd/immich-db-data.volume Normal file
View File

@ -0,0 +1 @@
[Volume]

53
home/podman/.config/containers/systemd/immich-db.container Normal file
View File

@ -0,0 +1,53 @@
[Container]
AutoUpdate=registry
ContainerName=immich-db
Environment="POSTGRES_DB=immich"
Environment="POSTGRES_INITDB_ARGS=--data-checksums"
Environment="POSTGRES_PASSWORD=postgres"
Environment="POSTGRES_USER=postgres"
Image=docker.io/library/postgres:16
# Network=immich.network
# Pod=immich.pod
PublishPort=5432:5432
Volume=immich-db-data.volume:/var/lib/postgresql/data:Z
[Service]
Restart=no
[Install]
WantedBy=multi-user.target default.target
# healthcheck:
# test: pg_isready --dbname='${DB_DATABASE_NAME}' || exit 1; Chksum="$$(psql
# --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only
# --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM
# pg_stat_database')"; echo "checksum failure count is $$Chksum"; [
# "$$Chksum" = '0' ] || exit 1
# interval: 5m
# start_interval: 30s
# start_period: 5m
# command:
# - postgres
# - -c
# - shared_preload_libraries=vectors.so
# - -c
# - search_path="$$user", public, vectors
# - -c
# - logging_collector=on
# - -c
# - max_wal_size=2GB
# - -c
# - shared_buffers=512MB
# - -c
# - wal_compression=on
# podman pull docker.io/library/postgres:16
# systemctl --user daemon-reload
# systemctl --user start immich-db
# systemctl --user status immich-db
# journalctl -fu immich-db.service
# podman logs immich-db
# systemctl --user stop immich-db
# systemctl --user disable immich-db
# podman exec -ti immich-db /bin/sh
# podman exec -ti immich-db /bin/bash

1
home/podman/.config/containers/systemd/immich-learning-cache.volume Normal file
View File

@ -0,0 +1 @@
[Volume]

29
home/podman/.config/containers/systemd/immich-learning.container Normal file
View File

@ -0,0 +1,29 @@
[Container]
AutoUpdate=registry
ContainerName=immich-learning
Image=ghcr.io/immich-app/immich-machine-learning:release
# Network=immich.network
# Pod=immich.pod
PublishPort=3003:3003
Volume=immich-learning-cache.volume:/cache:Z
[Service]
Restart=no
[Unit]
Requires=immich-redis.service
After=immich-redis.service
[Install]
WantedBy=multi-user.target default.target
# podman pull ghcr.io/immich-app/immich-machine-learning:release
# systemctl --user daemon-reload
# systemctl --user start immich-learning
# systemctl --user status immich-learning
# journalctl -fu immich-learning.service
# podman logs immich-learning
# systemctl --user stop immich-learning
# systemctl --user disable immich-learning
# podman exec -ti immich-learning /bin/sh
# podman exec -ti immich-learning /bin/bash

31
home/podman/.config/containers/systemd/immich-redis.container Normal file
View File

@ -0,0 +1,31 @@
[Container]
AutoUpdate=registry
ContainerName=immich-redis
Image=docker.io/library/redis:6.2-alpine@sha256:d6c2911ac51b289db208767581a5d154544f2b2fe4914ea5056443f62dc6e900
# Network=immich.network
# Pod=immich.pod
PublishPort=6379:6379
[Service]
Restart=no
[Unit]
Requires=immich-db.service
After=immich-db.service
[Install]
WantedBy=multi-user.target default.target
# healthcheck:
# test: redis-cli ping || exit 1
# podman pull docker.io/library/redis:6.2-alpine@sha256:d6c2911ac51b289db208767581a5d154544f2b2fe4914ea5056443f62dc6e900
# systemctl --user daemon-reload
# systemctl --user start immich-redis
# systemctl --user status immich-redis
# journalctl -fu immich-redis.service
# podman logs immich-redis
# systemctl --user stop immich-redis
# systemctl --user disable immich-redis
# podman exec -ti immich-redis /bin/sh
# podman exec -ti immich-redis /bin/bash

1
home/podman/.config/containers/systemd/immich-server-external.volume Normal file
View File

@ -0,0 +1 @@
[Volume]

1
home/podman/.config/containers/systemd/immich-server-upload.volume Normal file
View File

@ -0,0 +1 @@
[Volume]

37
home/podman/.config/containers/systemd/immich-server.container Normal file
View File

@ -0,0 +1,37 @@
[Container]
AutoUpdate=registry
ContainerName=immich-server
Environment="DB_DATABASE_NAME=immich"
Environment="DB_HOST=192.168.11.2"
Environment="DB_PASSWORD=postgres"
Environment="DB_USERNAME=postgres"
Image=ghcr.io/immich-app/immich-server:release
# Network=immich.network
# Pod=immich.pod
PublishPort=3001:3001
Volume=/etc/localtime:/etc/localtime:ro
Volume=immich-server-upload.volume:/usr/src/app/upload:Z
Volume=immich-server-external.volume:/usr/src/app/external:Z
[Service]
Restart=no
[Unit]
Requires=immich-learning.service
After=immich-learning.service
[Install]
WantedBy=multi-user.target default.target
# https://immich.app/docs/install/environment-variables
# podman pull ghcr.io/immich-app/immich-server:release
# systemctl --user daemon-reload
# systemctl --user start immich-server
# systemctl --user status immich-server
# journalctl -fu immich-server.service
# podman logs immich-server
# systemctl --user stop immich-server
# systemctl --user disable immich-server
# podman exec -ti immich-server /bin/sh
# podman exec -ti immich-server /bin/bash

11
home/podman/.config/containers/systemd/mysleep.container Normal file
View File

@ -0,0 +1,11 @@
[Unit]
Description=The sleep container
After=local-fs.target
[Container]
Image=registry.access.redhat.com/ubi9-minimal:latest
Exec=sleep 1000
[Install]
# Start by default on boot
WantedBy=multi-user.target default.target multi-user.target

1
home/podman/.config/containers/systemd/odoo-db-data.volume Normal file
View File

@ -0,0 +1 @@
[Volume]

31
home/podman/.config/containers/systemd/odoo-db.container Normal file
View File

@ -0,0 +1,31 @@
[Container]
AutoUpdate=registry
ContainerName=odoo-db
Environment="PGDATA=/var/lib/postgresql/data/pgdata"
Environment="POSTGRES_DB=postgres"
Environment="POSTGRES_PASSWORD=9UvN6k0m#c6cKtONLm59"
Environment="POSTGRES_USER=odoo"
# Image=docker.io/library/postgres:13
Image=docker.io/library/postgres:16
# Network=odoo.network
# Pod=odoo.pod
PublishPort=5434:5432
Volume=odoo-db-data.volume:/var/lib/postgresql/data/pgdata:Z
[Service]
Restart=no
[Install]
WantedBy=multi-user.target default.target
# podman pull docker.io/library/postgres:13
# podman pull docker.io/library/postgres:16
# systemctl --user daemon-reload
# systemctl --user start odoo-db
# systemctl --user status odoo-db
# journalctl -fu odoo-db.service
# podman logs odoo-db
# systemctl --user stop odoo-db
# systemctl --user disable odoo-db
# podman exec -ti odoo-db /bin/sh
# podman exec -ti odoo-db /bin/bash

1
home/podman/.config/containers/systemd/odoo-server-data.volume Normal file
View File

@ -0,0 +1 @@
[Volume]

36
home/podman/.config/containers/systemd/odoo-server.container Normal file
View File

@ -0,0 +1,36 @@
[Container]
AutoUpdate=registry
ContainerName=odoo-server
# Image=docker.io/odoo:15.0
Image=docker.io/odoo:16.0
# Network=odoo.network
# Pod=odoo.pod
PublishPort=8069:8069
Volume=odoo-server-data.volume:/var/lib/odoo:Z
Environment="ADMIN_PASSWD=jEKJJHBQ3ByX#JJcjauy"
Environment="HOST=192.168.11.2"
Environment="PASSWORD=9UvN6k0m#c6cKtONLm59"
Environment="PORT=5434"
Environment="USER=odoo"
[Service]
Restart=no
[Unit]
Requires=odoo-db.service
After=odoo-db.service
[Install]
WantedBy=multi-user.target default.target
# podman pull docker.io/odoo:15.0
# podman pull docker.io/odoo:16.0
# systemctl --user daemon-reload
# systemctl --user start odoo-server
# systemctl --user status odoo-server
# journalctl -fu odoo-server.service
# podman logs odoo-server
# systemctl --user stop odoo-server
# systemctl --user disable odoo-server
# podman exec -ti odoo-server /bin/sh
# podman exec -ti odoo-server /bin/bash

1
home/podman/.config/containers/systemd/pgadmin-data.volume Normal file
View File

@ -0,0 +1 @@
[Volume]

27
home/podman/.config/containers/systemd/pgadmin.container Normal file
View File

@ -0,0 +1,27 @@
[Container]
AutoUpdate=registry
ContainerName=pgadmin
Environment="PGADMIN_DEFAULT_EMAIL=mikepharesjr@msn.com"
Environment="PGADMIN_DEFAULT_PASSWORD=Vm1jZ4mzdaF1q#pn4v1b"
Image=docker.io/dpage/pgadmin4:latest
# Network=gitea.network
# Pod=gitea.pod
PublishPort=5007:80
Volume=pgadmin-data.volume:/var/lib/pgadmin/:Z
[Service]
Restart=no
[Install]
WantedBy=multi-user.target default.target
# podman pull docker.io/library/postgres:14
# systemctl --user daemon-reload
# systemctl --user start pgadmin
# systemctl --user status pgadmin
# journalctl -fu pgadmin.service
# podman logs pgadmin
# systemctl --user stop pgadmin
# systemctl --user disable pgadmin
# podman exec -ti pgadmin /bin/sh
# podman exec -ti pgadmin /bin/bash

1
home/podman/.config/containers/systemd/vaultwarden-server-data.volume Normal file
View File

@ -0,0 +1 @@
[Volume]

35
home/podman/.config/containers/systemd/vaultwarden-server.container Normal file
View File

@ -0,0 +1,35 @@
[Container]
AutoUpdate=registry
ContainerName=vaultwarden-server
Image=docker.io/vaultwarden/server:latest
# Network=vaultwarden.network
# Pod=vaultwarden.pod
PublishPort=5008:80
Volume=vaultwarden-server-data.volume:/data:rw
Environment="ADMIN_TOKEN=7jrceE25+m5vPMK9jmVT8VsMM/0Svoiz4YEpLYHHT2hSaJPIlXcP8lOXwR5GpdaM"
Environment="DOMAIN=https://vaultwarden.phares.duckdns.org"
Environment="SIGNUPS_ALLOWED=true"
Environment="SMTP_FROM=user@example.com"
Environment="SMTP_HOST=smtp-relay.sendinblue.com"
Environment="SMTP_PASSWORD=sendinblue password"
Environment="SMTP_PORT=587"
Environment="SMTP_SSL=true"
Environment="SMTP_USERNAME=user@example.com"
Environment="WEBSOCKET_ENABLED=true"
[Service]
Restart=no
[Install]
WantedBy=multi-user.target default.target
# podman pull docker.io/vaultwarden/server:latest
# systemctl --user daemon-reload
# systemctl --user start vaultwarden-server
# systemctl --user status vaultwarden-server
# journalctl -fu vaultwarden-server.service
# podman logs vaultwarden-server
# systemctl --user stop vaultwarden-server
# systemctl --user disable vaultwarden-server
# podman exec -ti vaultwarden-server /bin/sh
# podman exec -ti vaultwarden-server /bin/bash