Moved some to ignore

.gitignore

@@ -55,6 +55,8 @@
 !opt/copy/**/*
 !opt/dockge/**/*.yaml
 
+!var/spool/cron/crontabs/**/*
+
 !root/**/*container
 !home/podman/**/*volume
 !home/podman/**/*container
@@ -64,4 +66,4 @@
 # !usr/local/etc/gogs/conf/app.ini
 # !usr/local/etc/no-ip2.conf
 # !var/snap/nextcloud/current/nextcloud/config/*
-# !var/www/html/.well-known/acme-challenge/*
+# !var/www/html/.well-known/acme-challenge/*

.vscode/settings.json

@@ -2,25 +2,36 @@
     "files.associations": {
         "*.container": "ini",
         "*.org": "ini",
-        "*.net": "ini"
+        "*.net": "ini",
+        "podman": "ini",
+        "default": "ini"
     },
     "cSpell.words": [
         "ASPNETCORE",
+        "autoindex",
         "bchs",
         "blinko",
         "dashkiosk",
         "dockge",
         "docmost",
+        "dorico",
         "duckdns",
+        "fauth",
+        "fullchain",
         "gitea",
         "gogs",
         "immich",
         "journalctl",
+        "kanbn",
         "kestra",
+        "keyout",
         "linkwarden",
         "localtime",
+        "lphares",
         "neko",
+        "newkey",
         "odoo",
+        "personalised",
         "pgadmin",
         "phares",
         "umbrel",

.vscode/tasks.json

@@ -0,0 +1,20 @@
+{
+    "version": "2.0.0",
+    "tasks": [
+        {
+            "label": "File-Folder-Helper AOT s X Day-Helper-2025-01-01",
+            "type": "shell",
+            "command": "L:/DevOps/Mesa_FI/File-Folder-Helper/bin/Release/net9.0/win-x64/publish/File-Folder-Helper.exe",
+            "args": [
+                "s",
+                "X",
+                "D:/6-Other-Large-Z/Linux-Ubuntu-Phares/home/podman/cron-backup",
+                "Day-Helper-2025-01-01",
+                "*.tar",
+                "-202",
+                "-Delete"
+            ],
+            "problemMatcher": []
+        }
+    ]
+}

etc/bash_history_2024-01-03_podman.txt

@@ -0,0 +1,500 @@
+podman exec -ti immich-to-slideshow-server /bin/bash
+cp -R /var/www/html-slideshow/Images-c9dbce3b-Results/F\)Random/c9dbce3b/\[\]/* /var/www/html-slideshow/slideshow/random-results/
+exit
+ls -al /var/www/html-slideshow/slideshow/random-results
+exit
+podman exec -ti immich-to-slideshow-server /bin/bash
+exit
+systemctl --user start immich-to-slideshow-server
+exit
+exit
+systemctl --user start immich-to-slideshow-server
+podman exec -ti immich-to-slideshow-server /bin/bash
+exit
+systemctl --user start immich-to-slideshow-server
+exit
+podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest
+systemctl --user start immich-to-slideshow-server
+exit
+podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest
+systemctl --user start immich-to-slideshow-server
+exit
+systemctl --user start immich-to-slideshow-server
+exit
+systemctl --user start immich-to-slideshow-server
+exit
+podman exec -ti immich-to-slideshow-server /bin/bash
+systemctl --user start immich-to-slideshow-server
+podman exec -ti immich-to-slideshow-server /bin/bash
+exit
+systemctl --user start immich-to-slideshow-server
+podman exec -ti immich-to-slideshow-server /bin/bash
+exit
+podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest
+systemctl --user start immich-to-slideshow-server
+exit
+podman pull docker.io/damongolding/immich-kiosk:latest
+exit
+systemctl --user start immich-kiosk
+exit
+systemctl --user start immich-kiosk
+exit
+systemctl --user start immich-kiosk
+exit
+systemctl --user start immich-kiosk
+exit
+systemctl --user start immich-kiosk
+exit
+systemctl --user start immich-to-slideshow-server
+systemctl --user status immich-to-slideshow-server
+exit
+systemctl --user status immich-to-slideshow-server
+systemctl --user start immich-to-slideshow-server
+nano ~/.microsoft/usersecrets/cc24ad7a-1d95-4c47-a3ea-0d8475ab06da/secrets.json
+exit
+podman pull gitea.phares.duckdns.org:443/phares3757/immich-to-slideshow:latest
+exit
+systemctl --user start immich-to-slideshow-server
+exit
+podman pull tananaev/traccar:latest
+podman pull tananaev.org/traccar:latest
+podman pull traccar.org/traccar:latest
+podman pull docker.io/traccar/traccar:latest
+exit
+systemctl --user start traccar-server
+systemctl --user status traccar-server --lines=999
+ls -la /opt/traccar/
+ls -la /opt/traccar/logs/
+exit
+systemctl --user status traccar-server --lines=999
+systemctl --user start traccar-server
+nano /opt/traccar/traccar.xml
+exit
+nano /opt/traccar/traccar.xml
+systemctl --user start traccar-server
+systemctl --user status traccar-server --lines=999
+nano /opt/traccar/traccar.xml
+nano /opt/traccar/traccar.xml
+systemctl --user start traccar-server
+systemctl --user status traccar-server --lines=999
+podman pull ghcr.io/linkwarden/linkwarden:latest
+podman pull ghcr.io/linkwarden/linkwarden:latest
+podman pull docker.io/postgres:16-alpine
+podman pull docker.io/postgres:16-alpine
+podman pull ghcr.io/linkwarden/linkwarden:latest
+podman pull ghcr.io/linkwarden/linkwarden:latest
+exit
+systemctl --user start linkwarden-db
+systemctl --user start linkwarden-server
+systemctl --user status linkwarden-server --lines=9999
+exit
+systemctl --user start linkwarden-server
+systemctl --user status linkwarden-server --lines=9999
+exit
+systemctl --user start linkwarden-server
+systemctl --user status linkwarden-server --lines=9999
+exit
+podman pull docker.io/blinkospace/blinko:latest
+podman pull docker.io/postgres:14
+systemctl --user start blinko-server
+systemctl --user status blinko-server --lines=9999
+systemctl --user start blinko-db
+systemctl --user status blinko-db
+systemctl --user start blinko-db
+systemctl --user start blinko-server
+systemctl --user status blinko-server --lines=9999
+exit
+podman volunme ls
+podman volume ls
+podman volume prune
+podman volume ls
+podman volume rm systemd-odoo-server-data
+podman volume rm systemd-odoo-db-data
+podman volume rm one-review_postgres_data
+podman volume prune
+podman volume rm systemd-vaultwarden-server-data
+podman volume prune
+exit
+exit
+exit
+podman exec -ti mattermost-server /bin/bash
+podman volume ls
+podman volume inspect systemd-mattermost-server-config
+nano /home/podman/.local/share/containers/storage/volumes/systemd-mattermost-server-config/_data/config.json 
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+podman volume prune
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+docker system prune --volumes
+podman system prune --volumes
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start linkwarden-server
+systemctl --user status linkwarden-server --lines=9999
+podman volume prune
+podman volume prune
+podman image prune
+podman image prune
+podman container prune
+podman volume prune
+podman container prune
+exit
+exit
+podman exec -ti linkwarden-server /bin/bash
+podman pull docker.io/mattermost/mattermost-team-edition:release-10.3
+podman pull docker.io/mattermost/mattermost-team-edition:release-10.3
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+curl -f http://localhost:8065/api/v4/system/ping || exit 1
+systemctl --user start mattermost-server
+podman exec -ti mattermost-server /bin/sh
+exit
+systemctl --user start mattermost-server
+exit
+systemctl --user start mattermost-server
+exit
+systemctl --user start mattermost-server
+exit
+podman volume ls
+podman volume prune
+podman volume inspect systemd-blinko-server-data
+sudo -i root
+sudo -i
+podman exec -ti blinko-server /bin/bash
+podman exec -ti blinko-server /bin/sh
+exit
+sudo -i
+exit
+sudo -i
+exit
+exit
+systemctl --user start linkwarden-server
+exit
+podman volume list
+podman volume info systemd-blinko-server-data
+podman volume systemd-blinko-server-data info
+podman volume systemd-blinko-server-data
+podman volume --help
+podman volume inspect systemd-blinko-server-data
+ls /home/podman/.local/share/containers/storage/volumes/systemd-blinko-server-data/_data
+mkdir -p /home/podman/backup-blinko
+podman volume export blinko-server-data --output /home/podman/backup-blinko/blinko-server-data.tar
+podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/blinko-server-data.tar
+podman volume export systemd-baikal-server-data --output /home/podman/backup-baikal/baikal-server-data.tar
+mkdir -p /home/podman/backup-baikal
+podman volume export systemd-baikal-server-data --output /home/podman/backup-baikal/baikal-server-data.tar
+now=$(date +'%Y-%m-%d_%H-%M-%S')
+podman volume export systemd-baikal-server-data --output /home/podman/backup-baikal/baikal-server-data-${now}.tar
+crontab -e
+exit
+crontab -e
+crontab -e
+crontab -r
+exit
+podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"\%Y\%m\%d-\%H\%M\%S")'.tar'
+exit
+podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"%Y-%m-%d--%H-%M-%S")'.tar'
+exit
+crontab -e
+exit
+chrontab -e
+crontab -e
+crontab -e
+exit
+podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"%Y-%m-%d--%H-%M-%S")'.tar'
+whereis podman
+/usr/bin/podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"%Y-%m-%d--%H-%M-%S")'.tar'
+crontab -e
+crontab -e
+crontab -e
+grep CRON /var/log/syslog
+nano /var/log/syslog
+cat /var/log/syslog
+exit
+crontab -l
+crontab -r
+crontab -e
+cat /etc/cron.allow
+cat /etc/cron.d/cron.allow
+crontab -l -u podman
+nano /etc/cron. d/cron
+nano /etc/cron
+nano /etc/cron.d/cron.allow
+crontab -r
+crontab -l
+exit
+crontab -l
+crontab -e
+systemctl status cron
+sudo -i
+systemctl status cron
+crontab -e
+crontab -e
+systemctl status cron
+systemctl status cron
+systemctl status cron
+crontab -l
+crontab -e
+systemctl status cron
+systemctl status cron
+service cron status
+crontab -e
+service cron status
+crontab -l
+crontab -e
+/home/podman/cron-backup
+mkdir /home/podman/cron-backup
+crontab -e
+crontab -e
+crontab -e
+crontab -e
+tar --list \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar
+tar --list --file \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar
+tar \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar
+tar --list --file \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar /etc
+tar -tf \home\podman\cron-backup\immich-server-upload-2024-12-23--11-24-01.tar
+tar --list --file /home/podman/cron-backup/immich-server-upload-2024-12-23--11-24-01.tar
+tar --list --file /home/podman/cron-backup/immich-server-upload-2024-12-23--11-24-01.tar thumbs/5f0b1052-466d-44de-a554-226d7256850d/33/c5/
+crontab -e
+tar --list --directory /home/podman/cron-backup/immich-server-upload-2024-12-23--11-24-01.tar
+tar --list --file /home/podman/cron-backup/immich-server-upload-2024-12-23--11-24-01.tar
+crontab -e
+exit
+systemctl --user start linkwarden-server
+exit
+podman pull docker.io/actualbudget/actual-server:latest
+systemctl --user start actual-server
+exit
+exit
+exit
+exit
+exit
+systemctl --user start linkwarden-server
+exit
+id
+exit
+nano ~/.bash_profile
+nano ~/.bash_profile
+exit
+exit
+systemctl --user start uptime-kuma-server
+exit
+systemctl --user start uptime-kuma-server
+podman pull docker.io/2fauth/2fauth
+exit
+systemctl --user start 2fauth-server
+exit
+systemctl --user start 2fauth-server
+exit
+systemctl --user start 2fauth-server
+exit
+podman volumn prune
+podman volume prune
+podman volume prune
+exit
+systemctl --user start 2fauth-server
+exit
+systemctl --user start 2fauth-server
+systemctl --user status 2fauth-server
+exit
+systemctl --user start 2fauth-server
+exit
+exit
+systemctl --user start 2fauth-server
+exit
+podman exec -ti 2fauth-server /bin/bash
+podman exec -ti 2fauth-server /bin/sh
+nc -zv localhost 8000
+nc -zv localhost 443
+podman exec -ti 2fauth-server /bin/sh
+podman exec -ti 2fauth-server /bin/sh
+nc -zv localhost 8000
+nc -zv localhost 5015
+nc -zv localhost 5016
+nc -zv localhost 5015
+nc -zv localhost 5015
+systemctl --user start 2fauth-server
+nc -zv localhost 5015
+exit
+podman exec -ti 2fauth-server /bin/sh
+exit
+systemctl --user start 2fauth-server
+podman exec -ti 2fauth-server /bin/sh
+exit
+systemctl --user start 2fauth-server
+exit
+systemctl --user start 2fauth-server
+exit
+podman exec -ti 2fauth-server /bin/sh
+exit
+systemctl --user start 2fauth-server
+podman exec -ti 2fauth-server /bin/sh
+podman exec -ti 2fauth-server /bin/sh
+exit
+podman exec -ti 2fauth-server /bin/sh
+exit
+podman exec -ti 2fauth-server /bin/sh
+systemctl --user start 2fauth-server
+podman exec -ti 2fauth-server /bin/sh
+exit
+systemctl --user start 2fauth-server
+exit
+systemctl --user start 2fauth-server
+exit
+podman pull docker.io/gotify/server
+systemctl --user start gotify-server
+exiot
+exit
+systemctl --user start uptime-kuma-server
+nano /etc/hostname
+exit
+podman pull ghcr.io/goauthentik/server:2024.12.1
+exit
+podman pull docker.io/library/redis:7.4.1
+exit
+podman pull docker.io/library/redis:7.4.1
+exit
+podman pull docker.io/library/postgres:16.6
+exit
+exit
+systemctl --user start authentik-db
+systemctl --user status authentik-db
+exit
+systemctl --user start authentik-db
+systemctl --user status authentik-db
+systemctl --user start authentik-redis
+systemctl --user status authentik-redis
+systemctl --user start authentik-worker
+systemctl --user status authentik-worker
+exit
+systemctl --user status authentik-worker
+exit
+systemctl --user start authentik-worker
+systemctl --user status authentik-worker
+nc -zv localhost 5021
+redis-cli ping 
+redis-cli -h localhost -p 6379 PING
+redis-cli -h localhost -p 5021 PING
+podman exec -ti authentik-redis /bin/bash
+redis-cli -h localhost -p 5021 PING
+exit
+exit
+systemctl --user start authentik-redis
+systemctl --user status authentik-redis
+exit
+systemctl --user start authentik-redis
+systemctl --user status authentik-redis
+podman exec -ti authentik-redis /bin/bash
+podman exec -ti authentik-redis /bin/sh
+exit
+exit
+systemctl --user start authentik-redis
+systemctl --user start authentik-redis
+podman exec -ti authentik-redis /bin/sh
+podman exec -ti authentik-redis /bin/bash
+exit
+exit
+systemctl --user start authentik-redis
+exit
+systemctl --user start authentik-redis
+systemctl --user start authentik-redis
+exit
+systemctl --user start authentik-redis
+exit
+systemctl --user start authentik-redis
+podman exec -ti authentik-redis /bin/bash
+exit
+systemctl --user start authentik-redis
+exit
+systemctl --user start authentik-redis
+exit
+systemctl --user start mattermost-server
+exit
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+podman volume prune
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+systemctl --user start mattermost-server
+systemctl --user status mattermost-server --lines=999
+exit
+crontab -e
+crontab -e
+exit
+crontab -e
+exit
+podman volume import systemd-mattermost-server-logs /home/podman/cron-backup/mattermost-server-logs-2024-12-23--11-28-01.tar
+podman volume import systemd-mattermost-server-plugins /home/podman/cron-backup/mattermost-server-plugins-2024-12-23--11-29-02.tar
+podman volume import systemd-mattermost-server-config /home/podman/cron-backup/mattermost-server-config-2024-12-23--11-27-01.tar
+podman volume import systemd-mattermost-server-client-plugins /home/podman/cron-backup/mattermost-server-client-plugins-2024-12-23--11-26-01.tar
+podman volume import systemd-mattermost-server-bleve /home/podman/cron-backup/mattermost-server-bleve-2024-12-23--11-25-01.tar
+podman volume import systemd-mattermost-server-data /home/podman/cron-backup/mattermost-server-data-2024-12-23--11-18-01.tar
+podman volume import systemd-mattermost-db-data /home/podman/cron-backup/mattermost-db-data-2024-12-24--12-17-01.tar
+exit
+systemctl --user start mattermost-server
+systemctl --user start mattermost-db
+exit
+systemctl --user start mattermost-db
+systemctl --user start mattermost-db
+systemctl --user start mattermost-server
+exit
+systemctl --user status mattermost-server --lines=999
+exit
+podman volume import systemd-mattermost-db-data /home/podman/cron-backup/mattermost-db-data-2024-12-24--12-17-01.tar
+podman volume import systemd-mattermost-server-data /home/podman/cron-backup/mattermost-server-data-2024-12-23--11-18-01.tar
+podman volume import systemd-mattermost-server-bleve /home/podman/cron-backup/mattermost-server-bleve-2024-12-23--11-25-01.tar
+podman volume import systemd-mattermost-server-client-plugins /home/podman/cron-backup/mattermost-server-client-plugins-2024-12-23--11-26-01.tar
+podman volume import systemd-mattermost-server-config /home/podman/cron-backup/mattermost-server-config-2024-12-23--11-27-01.tar
+podman volume import systemd-mattermost-server-plugins /home/podman/cron-backup/mattermost-server-plugins-2024-12-23--11-29-02.tar
+podman volume import systemd-mattermost-server-logs /home/podman/cron-backup/mattermost-server-logs-2024-12-23--11-28-01.tar
+exit
+podman volume import systemd-mattermost-server-data /home/podman/cron-backup/mattermost-server-data-2024-12-23--11-18-01.tar
+systemctl --user start mattermost-db
+systemctl --user start mattermost-server
+exit
+systemctl --user start mattermost-server
+podman exec -ti mattermost-server /bin/bash
+exit
+systemctl --user start mattermost-server
+exit
+exit
+exit
+/usr/libexec/podman/quadlet --user /home/podman/libexec-podman-quadlet-output
+/usr/libexec/podman/quadlet -dryrun --user
+exit
+exit
+exit
+systemctl --user start mattermost-server
+exit
+systemctl --user status mattermost-server --lines=999
+exit

etc/bash_history_2025-01-03.txt

@@ -0,0 +1,500 @@
+mv /mnt/free-file-sync/iso/images-a/DisneyWorld\\\\ 2019/ /mnt/free-file-sync/iso/images-a/DisneyWorld\\ 2019/
+mv /mnt/free-file-sync/iso/images-a/DisneyWorld\\\ 2019 /mnt/free-file-sync/iso/images-a/DisneyWorld\\ 2019/
+rm -R /mnt/free-file-sync/iso/images-a/DisneyWorld\\\ 2019/
+rm -R /mnt/free-file-sync/iso/images-a/All\\\ Pictures\\\ from\\\ Wedding\\\ Originals\\\ 2006
+rm -R /mnt/free-file-sync/iso/images-a/All\\\ Pictures\\\ from\\\ Wedding\\\ Originals\\\ 2006\ \\\!9
+exit
+rm -R /mnt/free-file-sync/iso/images-a/Phares\\\ Slides\\\ ####
+exit
+mount /mnt/free-file-sync/iso/Edited.iso /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Edited/2024-12-18-17-56-37-119.iso /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Facebook/2024-12-18-17-32-32-487.iso /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/All\ Pictures\ from\ Wedding\ Originals\ 2006/2024-12-18-18-10-19-693.iso /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Phares\ Slides\ ####/2024-12-18-18-13-54-579.iso /mnt/iso-compare
+rm -R /mnt/free-file-sync/iso/images-a/Scanned\ Grandma\\\'s\ Quilt\ ####/
+rm -R /mnt/free-file-sync/iso/images-a/Event
+rm -R /mnt/free-file-sync/iso/images-a/Question/
+mount /mnt/free-file-sync/iso/images-a/All\ Pictures\ from\ Wedding\ Originals\ 2006/2024-12-18-18-10-19-693.iso /mnt/iso-compare
+rm -R /mnt/free-file-sync/iso/images-a/All\ Pictures\ from\ Wedding\ Originals\ 2006/
+mount /mnt/free-file-sync/iso/images-a/Edited/2024-12-18-17-56-37-119.iso /mnt/iso-compare
+umount /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Edited/2024-12-18-17-56-37-119.iso /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Edited/2024-12-18-17-56-37-119.iso /mnt/iso-compare
+umount /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Facebook/2024-12-18-17-32-32-487.iso /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Facebook/2024-12-18-17-32-32-487.iso /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+rm -R /mnt/free-file-sync/iso/images-a/Facebook
+mount /mnt/free-file-sync/iso/images-a/Rex\ Memorial\ ####/2024-12-18-18-15-40-537.iso /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/Scanned\ Norman\ Herman/2024-12-18-18-15-43-097.iso /mnt/iso-compare
+umount /mnt/iso-compare
+rm -R /mnt/free-file-sync/iso/images-a/Scanned*
+rm -R /mnt/free-file-sync/iso/images-a/Phares\ Slides\ ####/
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+mount /mnt/free-file-sync/iso/images-a/DisneyWorld\ 2019/2024-12-18-18-42-26-222.iso /mnt/iso-compare
+umount /mnt/iso-compare
+umount /mnt/iso-compare
+exit
+ls -al /mnt/free-file-sync/iso/images-a
+rm -R /mnt/free-file-sync/iso/images-a/Slide in N*
+rm -R /mnt/free-file-sync/iso/images-a/Slide\\ in\\ N*
+ls -al /mnt/free-file-sync/iso/images-a/Sli*
+ls -al /mnt/free-file-sync/iso/images-a/Slide *
+ls -al /mnt/free-file-sync/iso/images-a/Slide\\ *
+ls -al /mnt/free-file-sync/iso/images-a
+rm -R /mnt/free-file-sync/iso/images-a/'Slide in Name Order Originals \(622\) ####'
+mkdir /mnt/free-file-sync/iso/videos-b
+exit
+lsblk
+lsblk -o NAME,SIZE,TYPE,FSUSED,FSUSE%
+rm /mnt/free-file-sync/iso/videos-b/Home\ Videos\ 1998\ -\ 2002/2024-12-18-19-49-52-202.iso 
+lsblk -o NAME,SIZE,TYPE,FSUSED,FSUSE%
+exit
+nano /root/.ssh/authorized_keys 
+exit
+nano /root/.ssh/authorized_keys 
+exit
+nano /root/.ssh/authorized_keys 
+exit
+nano /root/.ssh/authorized_keys 
+nano /root/.ssh/authorized_keys 
+exit
+exit
+exit
+lsblk
+lsblk -o NAME,SIZE,TYPE,FSUSED,FSUSE%,MOUNTPOINT
+exit
+lsblk -b -o NAME,SIZE,TYPE,VENDOR,MODEL,SERIAL,MOUNTPOINT
+lsblk -o NAME,SIZE,TYPE,FSUSED,FSUSE%,MOUNTPOINT
+exit
+reboot
+aptget update
+apt-get update
+apt-get upgrade
+ls
+nano t
+nano t
+exit
+sudo -iu podman
+exit
+mv -R /home/lphares/gdrive/ /mnt/free-file-sync/logan-google-drive
+mv /home/lphares/gdrive/ /mnt/free-file-sync/logan-google-drive
+mv /mnt/free-file-sync/logan-google-drive /mnt/free-file-sync/google-drive-logan
+exit
+nano /root/.ssh/authorized_keys 
+exit
+sudo -iu podman
+crontab -e
+sudo -iu podman
+/etc/duckdns/duck.sh >/dev/null 2>&1
+"/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
+cd /root/jackyzha0-quartz-phares && /snap/bin/npx quartz build
+cd /
+podman volume export systemd-blinko-server-data --output /home/podman/backup-blinko/'blinko-server-data-'$(date +"\%Y\%m\%d-\%H\%M\%S")'.tar'
+sudo -iu podman
+ls /home/podman/backup-blinko/
+sudo -iu podman
+ls /home/podman/backup-blinko/
+rm /home/podman/backup-blinko/*
+ls /home/podman/backup-blinko/
+sudo -iu podman
+exit
+ls /home/podman/backup-blinko/
+exit
+sudo -iu podman
+nano /run/podman/podman.sock
+ls /run/podman/podman.sock
+sudo -iu podman
+cat /var/log/syslog
+grep "ERROR" /var/log/cron
+sudo -iu podman
+crontab -e
+crontab -l
+crontab -e
+crontab -l
+systemctl status cron
+crontab -e
+systemctl status cron
+systemctl status cron
+systemctl status cron
+systemctl status cron
+systemctl status cron
+systemctl log cron
+systemctl status cron
+systemctl status cron
+crontab -e
+systemctl status cron
+ls /home/podman/backup-blinko/
+ls /home/podman/backup-blinko/
+systemctl status cron
+crontab -e
+systemctl status cron
+sudo -iu podman
+exit
+snap list vaultwarden 
+reboot
+nginx -t
+nginx -s reload
+exit
+sudo -iu podman
+exit
+sudo -iu podman
+exit
+su lphares
+exit
+exit
+exit
+exit
+exit
+nginx -t
+nginx -t
+nginx -s reload
+nginx -t
+ls -la /home/lphares/dorico
+ls -la /home/lphares
+ls -la /home/lphares/dorico/
+nginx -t
+nginx -s reload
+nginx -s reload
+ls /var/www/html-
+nginx -s reload
+nginx -t
+ls /etc/netplan/
+nginx -s reload
+nginx -s reload
+nginx -s reload
+nginx -t
+nginx -t
+nginx -s reload
+nginx -s reload
+ls /etc/ModemManager/ -la
+ls /etc/ModemManager -la
+ls /etc/ModemManager
+ls /etc/ModemManager -
+ls /etc/ModemManager -l
+ls /etc/ModemManager --time-style
+ls /etc/ModemManager -lT
+ls /etc/ModemManager --time-style=full
+ls /etc/ModemManager/ --time-style=full
+ls /etc/ModemManager/
+ls /etc/ModemManager -l -T
+ls /etc/ModemManager  -l --time-style=+"%b %d %Y %H:%M:%S"
+ls /etc/ModemManager/  -l --time-style=+"%b %d %Y %H:%M:%S"
+ls /etc/ModemManager/  -l --time-style=+"%b %d %Y %H:%M:%S%zz"
+ls /etc/ModemManager/  -l --time-style=+"%b %d %Y %H:%M:%S %z"
+ls /etc/ModemManager/  -l --time-style=+"%b %d %Y %HH:%M:%S %z"
+ls /etc/ModemManager/  -l --time-style=+"%b %d %Y %h:%M:%S %z"
+ls /etc/ModemManager/  -l --time-style=+"%b %d %Y %H:%M:%S %z"
+ls /etc/ModemManager/ -la -D '%Y-%m-%dT%H:%M:%S'
+ls /etc/ModemManager/ -la -D '%Y-%m-%dT     %H:%M:%S'
+nginx -t
+nginx -s reload
+ufw status
+ufw number status
+ufw numbered status
+ufw status numbered
+ufw active
+ufw enable
+ufw status numbered
+ls
+ufw disable
+ip a
+ufw allow                                   53/tcp comment "01) DNS TCP"
+ufw status numbered
+ufw allow                                   53/udp comment "02) DNS UDP"
+ufw allow                                   67/tcp comment "03) DHCP TCP"
+ufw allow                                   67/udp comment "04) DHCP UDP"
+ufw allow from       0.0.0.0/0 to any port 443/tcp comment "05) HTTPS"
+ufw allow from 192.168.11.0/25 to any port  22/tcp comment "06) SSH"
+ufw allow from 192.168.21.0/25 to any port  22/tcp comment "07) SSH"
+ufw allow from 192.168.31.0/25 to any port  22/tcp comment "08) SSH"
+ufw allow from 192.168.41.0/25 to any port  22/tcp comment "09) SSH"
+ufw allow from 192.168.42.0/25 to any port  22/tcp comment "10) SSH"
+ufw allow from 192.168.43.0/25 to any port  22/tcp comment "11) SSH"
+ufw allow to         0.0.0.0/0        port  22/tcp comment "12) SSH"
+ufw enable
+ufw status numbered
+ufw disable
+ufw allow from       0.0.0.0/0 443/tcp comment "05) HTTPS"
+ufw allow from       0.0.0.0/0 port 443/tcp comment "05) HTTPS"
+ufw allow from       0.0.0.0/0 port 443 comment "05) HTTPS"
+ufw reset
+ufw status numbered
+ufw allow                      port 53/tcp comment "01) DNS TCP"
+ufw allow                           53/tcp comment "01) DNS TCP"
+ufw allow                           53/udp comment "02) DNS UDP"
+ufw allow                           67/tcp comment "03) DHCP TCP"
+ufw allow                           67/udp comment "04) DHCP UDP"
+ufw allow from       0.0.0.0/0 port 443/tcp comment "05) HTTPS"
+ufw allow from 192.168.11.0/25 port  22/tcp comment "06) SSH"
+ufw allow from 192.168.21.0/25 port  22/tcp comment "07) SSH"
+ufw allow from 192.168.31.0/25 port  22/tcp comment "08) SSH"
+ufw allow from 192.168.41.0/25 port  22/tcp comment "09) SSH"
+ufw allow from 192.168.42.0/25 port  22/tcp comment "10) SSH"
+ufw allow from 192.168.43.0/25 port  22/tcp comment "11) SSH"
+ufw allow to         0.0.0.0/0 port  22/tcp comment "12) SSH"
+ufw allow from       0.0.0.0/0 port 443/tcp comment "05) HTTPS"
+ufw allow from       0.0.0.0/0 443/tcp comment "05) HTTPS"
+ufw allow from       0.0.0.0/0 port 443 comment "05) HTTPS"
+ufw reset
+ufw allow                           53/tcp comment "01) DNS TCP"
+ufw allow                           53/udp comment "02) DNS UDP"
+ufw allow                           67/tcp comment "03) DHCP TCP"
+ufw allow                           67/udp comment "04) DHCP UDP"
+ufw allow from       0.0.0.0/0 443/tcp comment "05) HTTPS"
+ufw allow from       0.0.0.0/0         443 comment "05) HTTPS"
+ufw allow from 0.0.0.0/0 443 comment "05) HTTPS"
+ufw allow from       0.0.0.0/0    port 443 comment "05) HTTPS"
+ufw allow from 192.168.11.0/25    port  22 comment "06) SSH"
+ufw allow from 192.168.21.0/25    port  22 comment "07) SSH"
+ufw allow from 192.168.31.0/25    port  22 comment "08) SSH"
+ufw allow from 192.168.41.0/25    port  22 comment "09) SSH"
+ufw allow from 192.168.42.0/25    port  22 comment "10) SSH"
+ufw allow from 192.168.43.0/25    port  22 comment "11) SSH"
+ufw allow to         0.0.0.0/0    port  22 comment "12) SSH"
+ufw enable
+ufw status numbered
+ufw delete 12
+ufw status numbered
+ufw disable
+ufw allow to   192.168.11.0/25    port  22 comment "12) SSH"
+ufw allow to   192.168.21.0/25    port  22 comment "13) SSH"
+ufw allow to   192.168.31.0/25    port  22 comment "14) SSH"
+ufw allow to   192.168.41.0/25    port  22 comment "15) SSH"
+ufw allow to   192.168.42.0/25    port  22 comment "16) SSH"
+ufw allow to   192.168.43.0/25    port  22 comment "17) SSH"
+ufw enable
+ufw status numbered
+ufw status numbered
+ufw disable
+cat /etc/passwd
+top
+pcap
+ps -ef | grep cr[o]n
+ps -ef | grep nginx
+usermod -a -G lphares www-data
+exit
+chmod -R 774 /home/lphares/dorico
+nginx -t
+nginx -s reload
+nginx -s reload
+rm -r /home/lphares/dorico
+su lphares
+exit
+exit
+exit
+ufw status numbered
+ufw enabled
+ufw enable
+ufw status numbered
+ufw disable
+ufw allow from       0.0.0.0/0    port 443 comment "18) HTTPS"
+ufw enable
+ufw disable
+ufw reset
+ufw disable
+ufw allow                           53/tcp comment "01) DNS TCP"
+ufw allow                           53/udp comment "02) DNS UDP"
+ufw allow                           67/tcp comment "03) DHCP TCP"
+ufw allow                           67/udp comment "04) DHCP UDP"
+ufw allow from       0.0.0.0/0    port 443 comment "05) HTTPS"
+ufw allow to         0.0.0.0/0    port 443 comment "06) HTTPS"
+ufw enable
+ufw allow from 192.168.11.0/25    port  22 comment "07) SSH"
+ufw allow from 192.168.21.0/25    port  22 comment "08) SSH"
+ufw allow from 192.168.31.0/25    port  22 comment "09) SSH"
+ufw allow from 192.168.41.0/25    port  22 comment "10) SSH"
+ufw allow from 192.168.42.0/25    port  22 comment "11) SSH"
+ufw allow from 192.168.43.0/25    port  22 comment "12) SSH"
+ufw allow to   192.168.11.0/25    port  22 comment "13) SSH"
+ufw allow to   192.168.21.0/25    port  22 comment "14) SSH"
+ufw allow to   192.168.31.0/25    port  22 comment "15) SSH"
+ufw allow to   192.168.41.0/25    port  22 comment "16) SSH"
+ufw allow to   192.168.42.0/25    port  22 comment "17) SSH"
+ufw allow to   192.168.43.0/25    port  22 comment "18) SSH"
+ufw enable
+ufw status numbered
+exit
+ufw disable
+top[
+top
+systemctl list-timers
+systemctl list-timers
+apt-get remove certbot
+snap remove certbot
+systemctl list-timers
+exit
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+reboot
+sudo -iu podman
+exit
+exit
+grep sshd.\*Failed /var/log/auth.log | less
+grep sshd.\*Failed /var/log/auth.log | less
+grep sshd.\* /var/log/auth.log
+grep sshd.\*publickey /var/log/auth.log | less
+grep sshd.\*publickey /var/log/auth.log
+grep sshd.\*publickey /var/log/auth.log | less
+apt update
+apt install fail2ban -y
+systemctl status fail2ban.service
+cd /etc/fail2ban
+ls
+head -20 jail.conf
+cp jail.conf jail.local
+nano jail.local
+nano jail.local
+nano jail.local
+systemctl enable fail2ban
+systemctl start fail2ban
+systemctl status fail2ban
+reboot
+apt-get update
+apt upgrade
+sudo -iu podman
+exit
+snap info adguard-home 
+exit
+tail /var/log/auth.log -f
+exit
+ufw status numbered
+exit
+ip a
+exit
+id
+su phares
+su podman
+exit
+exit
+exit
+sudo -iu podman
+exit
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+exit
+ip a
+ip a l | grep inet6
+cat /proc/sys/net/ipv6/conf/all/disable_ipv6
+cat /proc/sys/net/ipv6/conf/all/disable_ipv6
+cat /boot/firmware/cmdline.txt
+nano /boot/firmware/cmdline.txt
+exit
+snap restart adguard-home 
+exit
+nano /etc/duckdns/duck.sh
+exit
+nano /etc/duckdns/duck.sh
+cat duck.log
+chmod 700 /etc/duckdns/duck.sh
+cd /etc/duckdns
+./duck.sh
+cat duck.log
+ps -ef | grep cr[o]n
+crontab -e
+cat duck.log
+xit
+exit
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+nginx -t
+nginx -s reload
+nginx -s reload
+sudo -iu podman
+sudo -iu podman
+nginx -t
+nginx -s reload
+links http://192.168.11.2:5015/
+sudo -iu podman
+sudo -iu podman
+links http://192.168.11.2:5015/
+sudo -iu podman
+links http://192.168.11.2:5015/
+sudo -iu podman
+sudo -iu podman
+links http://192.168.11.2:5015/
+links http://192.168.11.2:5015/
+sudo -iu podman
+nginx -t
+nginx -s reload
+links http://192.168.11.2:5015/
+sudo -iu podman
+chown podman:podman /home/podman/2fauth -R
+sudo -iu podman
+sudo -iu podman
+chown podman:podman /home/podman/2fauth -R
+sudo -iu podman
+nginx -t
+nginx -s reload
+sudo -iu podman
+sudo -iu podman
+nc -zv localhost 5015
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+sudo -iu podman
+exit
+nano /home/persa/.ssh/authorized_keys 
+nano /home/persa/.ssh/authorized_keys 
+nano /root/.ssh/authorized_keys 
+exit
+nano /root/.ssh/authorized_keys 
+nano /home/lphares/.ssh/authorized_keys 
+nano /home/bmiller/.ssh/authorized_keys 
+nano /home/podman/.ssh/authorized_keys 
+exit
+nano /home/podman/.ssh/authorized_keys 
+nano /home/bmiller/.ssh/authorized_keys 
+nano /home/lphares/.ssh/authorized_keys 
+nano /root/.ssh/authorized_keys 
+nano /home/persa/.ssh/authorized_keys 
+nano /home/phares/.ssh/authorized_keys 
+exit\
+exit
+sudo -iu podman
+nano /etc/hostname 
+nano /etc/hosts
+exit
+nginx -t
+nginx -s reload
+sudo -iu podman
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nginx -t
+nginx -s reload
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -t
+nginx -s reload
+nginx -s reload
+nginx -t
+reboot
+exit

etc/group

@@ -59,7 +59,7 @@ fwupd-refresh:x:989:
 netdev:x:110:
 phares:x:1001:
 podman:x:1000:
-lphares:x:1003:bmiller,persa
+lphares:x:1003:bmiller,persa,www-data
 bmiller:x:1004:
 unbound:x:111:
 cockpit-ws:x:112:

etc/group-

@@ -68,7 +68,7 @@ pcp:x:988:
 persa:x:1002:
 redis:x:114:
 swtpm:x:115:
-libvirt:x:116:phares,podman
+libvirt:x:116:phares,podman,libvirtdbus
 libvirt-qemu:x:64055:libvirt-qemu
 libvirt-dnsmasq:x:117:
 libvirtdbus:x:118:

etc/gshadow

@@ -59,7 +59,7 @@ fwupd-refresh:!*::
 netdev:!::
 phares:!::
 podman:!::
-lphares:!::bmiller,persa
+lphares:!::bmiller,persa,www-data
 bmiller:!::
 unbound:!::
 cockpit-ws:!::

etc/gshadow-

@@ -68,7 +68,7 @@ pcp:!::
 persa:!::
 redis:!::
 swtpm:!::
-libvirt:!::phares,podman
+libvirt:!::phares,podman,libvirtdbus
 libvirt-qemu:!::libvirt-qemu
 libvirt-dnsmasq:!::
 libvirtdbus:!::

etc/hosts

@@ -1,5 +1,5 @@
 127.0.0.1 localhost
-127.0.1.1 trigkey-green-g4
+127.0.1.1 phares.duckdns.org
 
 # The following lines are desirable for IPv6 capable hosts
 ::1     ip6-localhost ip6-loopback

etc/letsencrypt/archive/gitea.jumpingcrab.com/cert1.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDjDCCAxKgAwIBAgISBMFGragC9OgIAiG4P5naLK3mMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NjAeFw0yNTAxMTMyMDQxMTFaFw0yNTA0MTMyMDQxMTBaMCAxHjAcBgNVBAMTFWdp
+dGVhLmp1bXBpbmdjcmFiLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMxa
+tycX56D91JSQtdSYG/pPlyqrlka+qhfoYd4IzEjz23n3aqbdHWp4kzKgfdfo99vJ
+16AAUgK4LV2eWk6ZddijggIYMIICFDAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYw
+FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFN/q
+GV5U2yPWTWBmlfvAp0crrMC0MB8GA1UdIwQYMBaAFJMnRpgDqVFojpjWxEJI2yO/
+WJTSMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL2U2Lm8ubGVu
+Y3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vZTYuaS5sZW5jci5vcmcvMCAGA1Ud
+EQQZMBeCFWdpdGVhLmp1bXBpbmdjcmFiLmNvbTATBgNVHSAEDDAKMAgGBmeBDAEC
+ATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB3AN6FgddQJHxrzcuvVjfF54HGTORu
+1hdjn480pybJ4r03AAABlGGbth0AAAQDAEgwRgIhAKS2r6FtEv17AjuJYICWvsK7
+R54pf8/pJL5UGIhy23UkAiEAn2DdIAEg5o1g8ULtoG2mUYt+YTbDBdH1coEoe/Cd
+XRoAdgDPEVbu1S58r/OHW9lpLpvpGnFnSrAX7KwB0lt3zsw7CAAAAZRhm7ZHAAAE
+AwBHMEUCIGuSi8pZgdi3bLYsYg+a44ZYSQM2YSDdhau+P+V2m8DaAiEA4fqy8KEg
+S9vH8b9B+Gz+i5dRKchD1S4ydzOdhZTR1DMwCgYIKoZIzj0EAwMDaAAwZQIxANUl
+PQW7UOTQOgd0KKqZeygvPCY7qvSr6V2ZR2Yx6e4wXt9i/bhXVjNvYMyffCjh1gIw
+ETtUf366hIClR7HmTjEG3vdjinqgVKvkAZqufAPnijbKKtnsNXhACWl18UXngBG6
+-----END CERTIFICATE-----

etc/letsencrypt/archive/gitea.jumpingcrab.com/chain1.pem

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
+h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
+6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
+v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
+MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
+pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
+eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
+pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
+s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
+h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
+YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
+ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
+LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
+EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
+Ig46v9mFmBvyH04=
+-----END CERTIFICATE-----

etc/letsencrypt/archive/gitea.jumpingcrab.com/fullchain1.pem

@@ -0,0 +1,47 @@
+-----BEGIN CERTIFICATE-----
+MIIDjDCCAxKgAwIBAgISBMFGragC9OgIAiG4P5naLK3mMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NjAeFw0yNTAxMTMyMDQxMTFaFw0yNTA0MTMyMDQxMTBaMCAxHjAcBgNVBAMTFWdp
+dGVhLmp1bXBpbmdjcmFiLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMxa
+tycX56D91JSQtdSYG/pPlyqrlka+qhfoYd4IzEjz23n3aqbdHWp4kzKgfdfo99vJ
+16AAUgK4LV2eWk6ZddijggIYMIICFDAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYw
+FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFN/q
+GV5U2yPWTWBmlfvAp0crrMC0MB8GA1UdIwQYMBaAFJMnRpgDqVFojpjWxEJI2yO/
+WJTSMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL2U2Lm8ubGVu
+Y3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vZTYuaS5sZW5jci5vcmcvMCAGA1Ud
+EQQZMBeCFWdpdGVhLmp1bXBpbmdjcmFiLmNvbTATBgNVHSAEDDAKMAgGBmeBDAEC
+ATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB3AN6FgddQJHxrzcuvVjfF54HGTORu
+1hdjn480pybJ4r03AAABlGGbth0AAAQDAEgwRgIhAKS2r6FtEv17AjuJYICWvsK7
+R54pf8/pJL5UGIhy23UkAiEAn2DdIAEg5o1g8ULtoG2mUYt+YTbDBdH1coEoe/Cd
+XRoAdgDPEVbu1S58r/OHW9lpLpvpGnFnSrAX7KwB0lt3zsw7CAAAAZRhm7ZHAAAE
+AwBHMEUCIGuSi8pZgdi3bLYsYg+a44ZYSQM2YSDdhau+P+V2m8DaAiEA4fqy8KEg
+S9vH8b9B+Gz+i5dRKchD1S4ydzOdhZTR1DMwCgYIKoZIzj0EAwMDaAAwZQIxANUl
+PQW7UOTQOgd0KKqZeygvPCY7qvSr6V2ZR2Yx6e4wXt9i/bhXVjNvYMyffCjh1gIw
+ETtUf366hIClR7HmTjEG3vdjinqgVKvkAZqufAPnijbKKtnsNXhACWl18UXngBG6
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
+h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
+6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
+v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
+MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
+pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
+eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
+pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
+s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
+h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
+YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
+ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
+LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
+EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
+Ig46v9mFmBvyH04=
+-----END CERTIFICATE-----

etc/letsencrypt/archive/gitea.jumpingcrab.com/privkey1.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIOJMe824fldC1I31j9QPXW2rqnkUK+EzwImja0V5U4dioAoGCCqGSM49
+AwEHoUQDQgAEzFq3JxfnoP3UlJC11Jgb+k+XKquWRr6qF+hh3gjMSPPbefdqpt0d
+aniTMqB91+j328nXoABSArgtXZ5aTpl12A==
+-----END EC PRIVATE KEY-----

etc/letsencrypt/archive/gitea.phares.redirectme.net/cert1.pem

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAx2gAwIBAgISBNrhyPO9lURJq4y8TIOmcZinMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NjAeFw0yNTAxMTMxOTU4NTRaFw0yNTA0MTMxOTU4NTNaMCYxJDAiBgNVBAMTG2dp
+dGVhLnBoYXJlcy5yZWRpcmVjdG1lLm5ldDBZMBMGByqGSM49AgEGCCqGSM49AwEH
+A0IABOqlBmpoQ7TPHnoZaMTrwcx53iahLDpybzAWCZZFr50Ser3tQw060EtC//7k
+pE1JN3ANVfZxfM1L3LhQW+EzpVKjggIdMIICGTAOBgNVHQ8BAf8EBAMCB4AwHQYD
+VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
+BBYEFMdzVvO/xfepKV9aYkOlfpu3HK8vMB8GA1UdIwQYMBaAFJMnRpgDqVFojpjW
+xEJI2yO/WJTSMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL2U2
+Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vZTYuaS5sZW5jci5vcmcv
+MCYGA1UdEQQfMB2CG2dpdGVhLnBoYXJlcy5yZWRpcmVjdG1lLm5ldDATBgNVHSAE
+DDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AM8RVu7VLnyv
+84db2Wkum+kacWdKsBfsrAHSW3fOzDsIAAABlGF0/SEAAAQDAEYwRAIgWBCl2+1d
+/RKxIOoy3hBIj8NU6gUXRhGdvD0mtlt6BNoCIHOitA5tz2bRHIfI8XoUPBgG1w66
+kfAvq2g4/Lkr+2+MAHcA4JKz/AwdyOdoNh/eYbmWTQpSeBmKctZyxLBNpW1vVAQA
+AAGUYXT9lwAABAMASDBGAiEA+n9nrUsAEONOgh12+m16djdSnPdCOs6k7uhXvxv2
+ENECIQDKodCwTeNIN7AqMWGXP2zcxHsst4sFjM449Hdk1NdjSDAKBggqhkjOPQQD
+AwNpADBmAjEAtLOSbXY3QES7JgOMUBJYOypax4o2fH+VAeCvfZSSMYwGWKf2x3GR
+yL+gqJrn0b1MAjEA9oxyQCGzjIH67qBJGlmp4DOI3N14Ml7kkQZeJ4JmdeexQjVc
+QElF18a/Ngw3qS4D
+-----END CERTIFICATE-----

etc/letsencrypt/archive/gitea.phares.redirectme.net/chain1.pem

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
+h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
+6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
+v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
+MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
+pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
+eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
+pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
+s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
+h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
+YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
+ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
+LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
+EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
+Ig46v9mFmBvyH04=
+-----END CERTIFICATE-----

etc/letsencrypt/archive/gitea.phares.redirectme.net/fullchain1.pem

@@ -0,0 +1,48 @@
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAx2gAwIBAgISBNrhyPO9lURJq4y8TIOmcZinMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NjAeFw0yNTAxMTMxOTU4NTRaFw0yNTA0MTMxOTU4NTNaMCYxJDAiBgNVBAMTG2dp
+dGVhLnBoYXJlcy5yZWRpcmVjdG1lLm5ldDBZMBMGByqGSM49AgEGCCqGSM49AwEH
+A0IABOqlBmpoQ7TPHnoZaMTrwcx53iahLDpybzAWCZZFr50Ser3tQw060EtC//7k
+pE1JN3ANVfZxfM1L3LhQW+EzpVKjggIdMIICGTAOBgNVHQ8BAf8EBAMCB4AwHQYD
+VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
+BBYEFMdzVvO/xfepKV9aYkOlfpu3HK8vMB8GA1UdIwQYMBaAFJMnRpgDqVFojpjW
+xEJI2yO/WJTSMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL2U2
+Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vZTYuaS5sZW5jci5vcmcv
+MCYGA1UdEQQfMB2CG2dpdGVhLnBoYXJlcy5yZWRpcmVjdG1lLm5ldDATBgNVHSAE
+DDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AM8RVu7VLnyv
+84db2Wkum+kacWdKsBfsrAHSW3fOzDsIAAABlGF0/SEAAAQDAEYwRAIgWBCl2+1d
+/RKxIOoy3hBIj8NU6gUXRhGdvD0mtlt6BNoCIHOitA5tz2bRHIfI8XoUPBgG1w66
+kfAvq2g4/Lkr+2+MAHcA4JKz/AwdyOdoNh/eYbmWTQpSeBmKctZyxLBNpW1vVAQA
+AAGUYXT9lwAABAMASDBGAiEA+n9nrUsAEONOgh12+m16djdSnPdCOs6k7uhXvxv2
+ENECIQDKodCwTeNIN7AqMWGXP2zcxHsst4sFjM449Hdk1NdjSDAKBggqhkjOPQQD
+AwNpADBmAjEAtLOSbXY3QES7JgOMUBJYOypax4o2fH+VAeCvfZSSMYwGWKf2x3GR
+yL+gqJrn0b1MAjEA9oxyQCGzjIH67qBJGlmp4DOI3N14Ml7kkQZeJ4JmdeexQjVc
+QElF18a/Ngw3qS4D
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
+h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
+6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
+v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
+MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
+pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
+eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
+pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
+s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
+h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
+YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
+ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
+LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
+EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
+Ig46v9mFmBvyH04=
+-----END CERTIFICATE-----

etc/letsencrypt/archive/gitea.phares.redirectme.net/privkey1.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEILSambH2O8RFkT6eZn+bwQQ2oB6AFtjkHKsC+t0eWflroAoGCCqGSM49
+AwEHoUQDQgAE6qUGamhDtM8eehloxOvBzHneJqEsOnJvMBYJlkWvnRJ6ve1DDTrQ
+S0L//uSkTUk3cA1V9nF8zUvcuFBb4TOlUg==
+-----END EC PRIVATE KEY-----

etc/letsencrypt/archive/gitea.phares3757.ddns.net/cert1.pem

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDkTCCAxigAwIBAgISA84Tzt2T/OnITRhOVEVQQnpqMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NTAeFw0yNTAxMTMxOTU3MzlaFw0yNTA0MTMxOTU3MzhaMCQxIjAgBgNVBAMTGWdp
+dGVhLnBoYXJlczM3NTcuZGRucy5uZXQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
+AATZO9CC5BKrZD48/oCt4GBwB4VUUC2YqQ1en+gAEf6VQmGle3d0LIDz2Htj7YDc
+Mi+LfHoTetMdBZ3AkHdPfiSko4ICGjCCAhYwDgYDVR0PAQH/BAQDAgeAMB0GA1Ud
+JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
+BBSn8ip83SQYa2IBACHAIrXq5Y3HwzAfBgNVHSMEGDAWgBSfK1/PPCFPnQS37Sss
+xMZwi9LXDTBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNS5v
+LmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U1LmkubGVuY3Iub3JnLzAk
+BgNVHREEHTAbghlnaXRlYS5waGFyZXMzNzU3LmRkbnMubmV0MBMGA1UdIAQMMAow
+CAYGZ4EMAQIBMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHYA3oWB11AkfGvNy69W
+N8XngcZM5G7WF2OfjzSnJsnivTcAAAGUYXPZOQAABAMARzBFAiEA2UyYzjMITIYL
+335nk+mnTgVXH8GaAr5HHDVIx8FXwzUCIEfMHAQwAp/1NIGood7c5XaPD1V67qe2
+xs70tDAC62gOAHUATnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8AAAGU
+YXPZOAAABAMARjBEAiBAqRtkyRrpLLqZEVQ1UyMOR+40BlDeUjhYEEIzdizH2gIg
+Lv8Rm+yvyToL81CmVRxT7pI58JsHEyt/y3LOr7MwVCQwCgYIKoZIzj0EAwMDZwAw
+ZAIweZ1tC6rNSS4tFpv/oMM7NpnpBqLlOMvyRRWP2IwOqK3KfT89kDEueu4VPbl9
+sCkZAjBFlsSvVwP3/ZSN3SA1G6OrHtoa6G2e37y+CD/mgrD/gegtn6ysqmqpVbAZ
+Rap1c5A=
+-----END CERTIFICATE-----

etc/letsencrypt/archive/gitea.phares3757.ddns.net/chain1.pem

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK
+a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO
+VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw
+i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C
+2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+
+bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG
+6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV
+XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO
+koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq
+cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI
+E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e
+K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX
+GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL
+sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd
+VQD9F6Na/+zmXCc=
+-----END CERTIFICATE-----

etc/letsencrypt/archive/gitea.phares3757.ddns.net/fullchain1.pem

@@ -0,0 +1,48 @@
+-----BEGIN CERTIFICATE-----
+MIIDkTCCAxigAwIBAgISA84Tzt2T/OnITRhOVEVQQnpqMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NTAeFw0yNTAxMTMxOTU3MzlaFw0yNTA0MTMxOTU3MzhaMCQxIjAgBgNVBAMTGWdp
+dGVhLnBoYXJlczM3NTcuZGRucy5uZXQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
+AATZO9CC5BKrZD48/oCt4GBwB4VUUC2YqQ1en+gAEf6VQmGle3d0LIDz2Htj7YDc
+Mi+LfHoTetMdBZ3AkHdPfiSko4ICGjCCAhYwDgYDVR0PAQH/BAQDAgeAMB0GA1Ud
+JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
+BBSn8ip83SQYa2IBACHAIrXq5Y3HwzAfBgNVHSMEGDAWgBSfK1/PPCFPnQS37Sss
+xMZwi9LXDTBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNS5v
+LmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U1LmkubGVuY3Iub3JnLzAk
+BgNVHREEHTAbghlnaXRlYS5waGFyZXMzNzU3LmRkbnMubmV0MBMGA1UdIAQMMAow
+CAYGZ4EMAQIBMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHYA3oWB11AkfGvNy69W
+N8XngcZM5G7WF2OfjzSnJsnivTcAAAGUYXPZOQAABAMARzBFAiEA2UyYzjMITIYL
+335nk+mnTgVXH8GaAr5HHDVIx8FXwzUCIEfMHAQwAp/1NIGood7c5XaPD1V67qe2
+xs70tDAC62gOAHUATnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8AAAGU
+YXPZOAAABAMARjBEAiBAqRtkyRrpLLqZEVQ1UyMOR+40BlDeUjhYEEIzdizH2gIg
+Lv8Rm+yvyToL81CmVRxT7pI58JsHEyt/y3LOr7MwVCQwCgYIKoZIzj0EAwMDZwAw
+ZAIweZ1tC6rNSS4tFpv/oMM7NpnpBqLlOMvyRRWP2IwOqK3KfT89kDEueu4VPbl9
+sCkZAjBFlsSvVwP3/ZSN3SA1G6OrHtoa6G2e37y+CD/mgrD/gegtn6ysqmqpVbAZ
+Rap1c5A=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK
+a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO
+VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw
+i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C
+2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+
+bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG
+6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV
+XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO
+koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq
+cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI
+E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e
+K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX
+GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL
+sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd
+VQD9F6Na/+zmXCc=
+-----END CERTIFICATE-----

etc/letsencrypt/archive/gitea.phares3757.ddns.net/privkey1.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEICp+cx+weOdcPOsxTzhwkByo3hGKxTBrHBXiKjWAg6IqoAoGCCqGSM49
+AwEHoUQDQgAE2TvQguQSq2Q+PP6AreBgcAeFVFAtmKkNXp/oABH+lUJhpXt3dCyA
+89h7Y+2A3DIvi3x6E3rTHQWdwJB3T34kpA==
+-----END EC PRIVATE KEY-----

etc/letsencrypt/archive/gitea.twilightparadox.com/cert1.pem

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDlDCCAxqgAwIBAgISA3Ok6Ntju67loYMAKR/g+jLeMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NjAeFw0yNTAxMTMyMDQwMzFaFw0yNTA0MTMyMDQwMzBaMCQxIjAgBgNVBAMTGWdp
+dGVhLnR3aWxpZ2h0cGFyYWRveC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
+AAQVdWh6MowWiRToNvHG28xfT+1oTn2xrA0FISfw24MLIaKPRIQK46EwNhZ0qoja
+mMWWlT7e3ehDGyzVxToczVxno4ICHDCCAhgwDgYDVR0PAQH/BAQDAgeAMB0GA1Ud
+JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
+BBTJ3cuhp8zFW76E3iky8x9/qEZVmzAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRC
+SNsjv1iU0jBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNi5v
+LmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U2LmkubGVuY3Iub3JnLzAk
+BgNVHREEHTAbghlnaXRlYS50d2lsaWdodHBhcmFkb3guY29tMBMGA1UdIAQMMAow
+CAYGZ4EMAQIBMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHcA3oWB11AkfGvNy69W
+N8XngcZM5G7WF2OfjzSnJsnivTcAAAGUYZsYPgAABAMASDBGAiEAhkETK0ZiN8tB
+3hjE6rySGk3wp4X8SqXepvnXMyY9j80CIQC65yd+ajVHVPytJW1ved+27893Vi0r
+pwLYDkstSWym+wB2AMz7D2qFcQll/pWbU87psnwi6YVcDZeNtql+VMD+TA2wAAAB
+lGGbGEwAAAQDAEcwRQIgHA5eiA3Sw93hrOX2I/3CPsLGGTd+Dp8JC9xooozQi+kC
+IQCwwikwSLbNPHHf6A9MUiQZWcTbY1l6fGsY8z/PdYVw/TAKBggqhkjOPQQDAwNo
+ADBlAjAybTS423x/olK67bsVMuv2g5moz/g2o3Ty3brMkOZZXGqeqZ1f2KoGfWuo
+k+uF5wMCMQCGu8qFcofoKl+IUtyLfn9vyq/lOHA7vorqZx4he+eY/aY8VuCdDUCU
+a70klI5vl7U=
+-----END CERTIFICATE-----

etc/letsencrypt/archive/gitea.twilightparadox.com/chain1.pem

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
+h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
+6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
+v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
+MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
+pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
+eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
+pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
+s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
+h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
+YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
+ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
+LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
+EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
+Ig46v9mFmBvyH04=
+-----END CERTIFICATE-----

etc/letsencrypt/archive/gitea.twilightparadox.com/fullchain1.pem

@@ -0,0 +1,48 @@
+-----BEGIN CERTIFICATE-----
+MIIDlDCCAxqgAwIBAgISA3Ok6Ntju67loYMAKR/g+jLeMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NjAeFw0yNTAxMTMyMDQwMzFaFw0yNTA0MTMyMDQwMzBaMCQxIjAgBgNVBAMTGWdp
+dGVhLnR3aWxpZ2h0cGFyYWRveC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
+AAQVdWh6MowWiRToNvHG28xfT+1oTn2xrA0FISfw24MLIaKPRIQK46EwNhZ0qoja
+mMWWlT7e3ehDGyzVxToczVxno4ICHDCCAhgwDgYDVR0PAQH/BAQDAgeAMB0GA1Ud
+JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
+BBTJ3cuhp8zFW76E3iky8x9/qEZVmzAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRC
+SNsjv1iU0jBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNi5v
+LmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U2LmkubGVuY3Iub3JnLzAk
+BgNVHREEHTAbghlnaXRlYS50d2lsaWdodHBhcmFkb3guY29tMBMGA1UdIAQMMAow
+CAYGZ4EMAQIBMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHcA3oWB11AkfGvNy69W
+N8XngcZM5G7WF2OfjzSnJsnivTcAAAGUYZsYPgAABAMASDBGAiEAhkETK0ZiN8tB
+3hjE6rySGk3wp4X8SqXepvnXMyY9j80CIQC65yd+ajVHVPytJW1ved+27893Vi0r
+pwLYDkstSWym+wB2AMz7D2qFcQll/pWbU87psnwi6YVcDZeNtql+VMD+TA2wAAAB
+lGGbGEwAAAQDAEcwRQIgHA5eiA3Sw93hrOX2I/3CPsLGGTd+Dp8JC9xooozQi+kC
+IQCwwikwSLbNPHHf6A9MUiQZWcTbY1l6fGsY8z/PdYVw/TAKBggqhkjOPQQDAwNo
+ADBlAjAybTS423x/olK67bsVMuv2g5moz/g2o3Ty3brMkOZZXGqeqZ1f2KoGfWuo
+k+uF5wMCMQCGu8qFcofoKl+IUtyLfn9vyq/lOHA7vorqZx4he+eY/aY8VuCdDUCU
+a70klI5vl7U=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
+h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
+6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
+v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
+MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
+pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
+eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
+pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
+s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
+h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
+YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
+ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
+LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
+EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
+Ig46v9mFmBvyH04=
+-----END CERTIFICATE-----

etc/letsencrypt/archive/gitea.twilightparadox.com/privkey1.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIKZQjFNsE08Z94g8u3DeGSogHW7nidfFzJY4MjF3s1UfoAoGCCqGSM49
+AwEHoUQDQgAEFXVoejKMFokU6DbxxtvMX0/taE59sawNBSEn8NuDCyGij0SECuOh
+MDYWdKqI2pjFlpU+3t3oQxss1cU6HM1cZw==
+-----END EC PRIVATE KEY-----

etc/letsencrypt/live/gitea.jumpingcrab.com/README

@@ -0,0 +1,14 @@
+This directory contains your keys and certificates.
+
+`privkey.pem`  : the private key for your certificate.
+`fullchain.pem`: the certificate file used in most server software.
+`chain.pem`    : used for OCSP stapling in Nginx >=1.3.7.
+`cert.pem`     : will break many server configurations, and should not be used
+                 without reading further documentation (see link below).
+
+WARNING: DO NOT MOVE OR RENAME THESE FILES!
+         Certbot expects these files to remain in this location in order
+         to function properly!
+
+We recommend not moving these files. For more information, see the Certbot
+User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates.

etc/letsencrypt/live/gitea.phares.redirectme.net/README

@@ -0,0 +1,14 @@
+This directory contains your keys and certificates.
+
+`privkey.pem`  : the private key for your certificate.
+`fullchain.pem`: the certificate file used in most server software.
+`chain.pem`    : used for OCSP stapling in Nginx >=1.3.7.
+`cert.pem`     : will break many server configurations, and should not be used
+                 without reading further documentation (see link below).
+
+WARNING: DO NOT MOVE OR RENAME THESE FILES!
+         Certbot expects these files to remain in this location in order
+         to function properly!
+
+We recommend not moving these files. For more information, see the Certbot
+User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates.

etc/letsencrypt/live/gitea.phares3757.ddns.net/README

@@ -0,0 +1,14 @@
+This directory contains your keys and certificates.
+
+`privkey.pem`  : the private key for your certificate.
+`fullchain.pem`: the certificate file used in most server software.
+`chain.pem`    : used for OCSP stapling in Nginx >=1.3.7.
+`cert.pem`     : will break many server configurations, and should not be used
+                 without reading further documentation (see link below).
+
+WARNING: DO NOT MOVE OR RENAME THESE FILES!
+         Certbot expects these files to remain in this location in order
+         to function properly!
+
+We recommend not moving these files. For more information, see the Certbot
+User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates.

etc/letsencrypt/live/gitea.twilightparadox.com/README

@@ -0,0 +1,14 @@
+This directory contains your keys and certificates.
+
+`privkey.pem`  : the private key for your certificate.
+`fullchain.pem`: the certificate file used in most server software.
+`chain.pem`    : used for OCSP stapling in Nginx >=1.3.7.
+`cert.pem`     : will break many server configurations, and should not be used
+                 without reading further documentation (see link below).
+
+WARNING: DO NOT MOVE OR RENAME THESE FILES!
+         Certbot expects these files to remain in this location in order
+         to function properly!
+
+We recommend not moving these files. For more information, see the Certbot
+User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates.

etc/letsencrypt/renewal/gitea.jumpingcrab.com.conf

@@ -0,0 +1,15 @@
+# renew_before_expiry = 30 days
+version = 3.1.0
+archive_dir = /etc/letsencrypt/archive/gitea.jumpingcrab.com
+cert = /etc/letsencrypt/live/gitea.jumpingcrab.com/cert.pem
+privkey = /etc/letsencrypt/live/gitea.jumpingcrab.com/privkey.pem
+chain = /etc/letsencrypt/live/gitea.jumpingcrab.com/chain.pem
+fullchain = /etc/letsencrypt/live/gitea.jumpingcrab.com/fullchain.pem
+
+# Options used in the renewal process
+[renewalparams]
+account = 0dc29e2da338706a1a356c4f2ef0c15b
+authenticator = nginx
+installer = nginx
+server = https://acme-v02.api.letsencrypt.org/directory
+key_type = ecdsa

etc/letsencrypt/renewal/gitea.phares.redirectme.net.conf

@@ -0,0 +1,15 @@
+# renew_before_expiry = 30 days
+version = 3.1.0
+archive_dir = /etc/letsencrypt/archive/gitea.phares.redirectme.net
+cert = /etc/letsencrypt/live/gitea.phares.redirectme.net/cert.pem
+privkey = /etc/letsencrypt/live/gitea.phares.redirectme.net/privkey.pem
+chain = /etc/letsencrypt/live/gitea.phares.redirectme.net/chain.pem
+fullchain = /etc/letsencrypt/live/gitea.phares.redirectme.net/fullchain.pem
+
+# Options used in the renewal process
+[renewalparams]
+account = 0dc29e2da338706a1a356c4f2ef0c15b
+authenticator = nginx
+installer = nginx
+server = https://acme-v02.api.letsencrypt.org/directory
+key_type = ecdsa

etc/letsencrypt/renewal/gitea.phares3757.ddns.net.conf

@@ -0,0 +1,15 @@
+# renew_before_expiry = 30 days
+version = 3.1.0
+archive_dir = /etc/letsencrypt/archive/gitea.phares3757.ddns.net
+cert = /etc/letsencrypt/live/gitea.phares3757.ddns.net/cert.pem
+privkey = /etc/letsencrypt/live/gitea.phares3757.ddns.net/privkey.pem
+chain = /etc/letsencrypt/live/gitea.phares3757.ddns.net/chain.pem
+fullchain = /etc/letsencrypt/live/gitea.phares3757.ddns.net/fullchain.pem
+
+# Options used in the renewal process
+[renewalparams]
+account = 0dc29e2da338706a1a356c4f2ef0c15b
+authenticator = nginx
+installer = nginx
+server = https://acme-v02.api.letsencrypt.org/directory
+key_type = ecdsa

etc/letsencrypt/renewal/gitea.twilightparadox.com.conf

@@ -0,0 +1,15 @@
+# renew_before_expiry = 30 days
+version = 3.1.0
+archive_dir = /etc/letsencrypt/archive/gitea.twilightparadox.com
+cert = /etc/letsencrypt/live/gitea.twilightparadox.com/cert.pem
+privkey = /etc/letsencrypt/live/gitea.twilightparadox.com/privkey.pem
+chain = /etc/letsencrypt/live/gitea.twilightparadox.com/chain.pem
+fullchain = /etc/letsencrypt/live/gitea.twilightparadox.com/fullchain.pem
+
+# Options used in the renewal process
+[renewalparams]
+account = 0dc29e2da338706a1a356c4f2ef0c15b
+authenticator = nginx
+installer = nginx
+server = https://acme-v02.api.letsencrypt.org/directory
+key_type = ecdsa

etc/nginx/include/2fauth.conf

@@ -0,0 +1,20 @@
+server {
+    # touch /etc/nginx/include/2fauth.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/2fauth.phares.duckdns.org.key -out /etc/nginx/include/2fauth.phares.duckdns.org.crt -config /etc/nginx/include/2fauth.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name 2fauth.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              https://192.168.11.2:5015/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/include/actual.conf

@@ -0,0 +1,20 @@
+server {
+    # touch /etc/nginx/include/actual.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/actual.phares.duckdns.org.key -out /etc/nginx/include/actual.phares.duckdns.org.crt -config /etc/nginx/include/actual.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name actual.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:5013/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}

etc/nginx/include/adguard.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/adguard.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/adguard.phares.duckdns.org.key -out /etc/nginx/include/adguard.phares.duckdns.org.crt -config /etc/nginx/include/adguard.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name adguard.phares.duckdns.org;
@@ -13,7 +13,7 @@ server {
         proxy_set_header        X-Real-IP $remote_addr;
         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass              http://192.168.11.2:3002/;
+        proxy_pass              https://192.168.11.2:5014/;
         proxy_read_timeout      600s;
         proxy_send_timeout      600s;
     }

etc/nginx/include/affirm.conf

@@ -1,9 +1,6 @@
 server {
-    # touch /etc/nginx/include/affirm.duckdns.org
+    ssl_certificate /home/podman/wild-affirm/fullchain.cer;
-    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/affirm.duckdns.org.key -out /etc/nginx/include/affirm.phares.duckdns.org.crt -config /etc/nginx/include/affirm.phares.duckdns.org
+    ssl_certificate_key /home/podman/wild-affirm/affirm.duckdns.org.key;
-    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name *.affirm.duckdns.org;

etc/nginx/include/authentik.conf

@@ -0,0 +1,23 @@
+server {
+    # touch /etc/nginx/include/authentik.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/authentik.phares.duckdns.org.key -out /etc/nginx/include/authentik.phares.duckdns.org.crt -config /etc/nginx/include/authentik.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name authentik.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              https://192.168.11.2:5018/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+        proxy_connect_timeout   600s;
+        proxy_set_header        Upgrade $http_upgrade;
+        proxy_set_header        Connection "upgrade";
+    }
+}

etc/nginx/include/baikal.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/baikal.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/baikal.phares.duckdns.org.key -out /etc/nginx/include/baikal.phares.duckdns.org.crt -config /etc/nginx/include/baikal.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name baikal.phares.duckdns.org;

etc/nginx/include/bchs.conf

@@ -1,9 +1,6 @@
 server {
-    # touch /etc/nginx/include/bchs.duckdns.org
+    ssl_certificate /home/podman/wild-bchs/fullchain.pem;
-    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/bchs.duckdns.org.key -out /etc/nginx/include/bchs.phares.duckdns.org.crt -config /etc/nginx/include/bchs.phares.duckdns.org
+    ssl_certificate_key /home/podman/wild-bchs/privkey.pem;
-    ssl_certificate /root/.acme.sh/wild-bchs/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-bchs/bchs.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-bchs/bchs.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name *.bchs.duckdns.org;

etc/nginx/include/beszel.conf

@@ -0,0 +1,23 @@
+server {
+    # touch /etc/nginx/include/beszel.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/beszel.phares.duckdns.org.key -out /etc/nginx/include/beszel.phares.duckdns.org.crt -config /etc/nginx/include/beszel.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name beszel.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:5023/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+        proxy_connect_timeout   600s;
+        proxy_set_header        Upgrade $http_upgrade;
+        proxy_set_header        Connection "upgrade";
+    }
+}

etc/nginx/include/blinko.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/blinko.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/blinko.phares.duckdns.org.key -out /etc/nginx/include/blinko.phares.duckdns.org.crt -config /etc/nginx/include/blinko.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name blinko.phares.duckdns.org;

etc/nginx/include/cockpit.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/cockpit.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/cockpit.phares.duckdns.org.key -out /etc/nginx/include/cockpit.phares.duckdns.org.crt -config /etc/nginx/include/cockpit.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name cockpit.phares.duckdns.org;

etc/nginx/include/dashkiosk.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/dashkiosk.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/dashkiosk.phares.duckdns.org.key -out /etc/nginx/include/dashkiosk.phares.duckdns.org.crt -config /etc/nginx/include/dashkiosk.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name dashkiosk.phares.duckdns.org;

etc/nginx/include/dorico.conf

@@ -0,0 +1,17 @@
+server {
+    # touch /etc/nginx/include/dorico.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/dorico.phares.duckdns.org.key -out /etc/nginx/include/dorico.phares.duckdns.org.crt -config /etc/nginx/include/dorico.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name dorico.phares.duckdns.org;
+    root /home/lphares/dorico;
+    # usermod -a -G lphares www-data
+    location / {
+        autoindex on;
+        disable_symlinks on;
+        autoindex_format json;
+    }
+}

etc/nginx/include/firefox.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/firefox.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/firefox.phares.duckdns.org.key -out /etc/nginx/include/firefox.phares.duckdns.org.crt -config /etc/nginx/include/firefox.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name firefox.phares.duckdns.org;

etc/nginx/include/gitea.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/gitea.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/gitea.phares.duckdns.org.key -out /etc/nginx/include/gitea.phares.duckdns.org.crt -config /etc/nginx/include/gitea.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name gitea.phares.duckdns.org;
@@ -17,4 +17,89 @@ server {
         proxy_read_timeout      600s;
         proxy_send_timeout      600s;
     }
+}
+server {
+    ssl_certificate /etc/letsencrypt/live/gitea.phares3757.ddns.net/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/gitea.phares3757.ddns.net/privkey.pem;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name gitea.phares3757.ddns.net;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:3000/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}
+server {
+    ssl_certificate /etc/letsencrypt/live/gitea.phares.redirectme.net/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/gitea.phares.redirectme.net/privkey.pem;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name gitea.phares.redirectme.net;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:3000/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}
+server {
+    ssl_certificate /etc/letsencrypt/live/gitea.phares.redirectme.net/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/gitea.phares.redirectme.net/privkey.pem;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name gitea.chickenkiller.com;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:3000/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}
+server {
+    ssl_certificate /etc/letsencrypt/live/gitea.jumpingcrab.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/gitea.jumpingcrab.com/privkey.pem;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name gitea.jumpingcrab.com;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:3000/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}
+server {
+    ssl_certificate /etc/letsencrypt/live/gitea.twilightparadox.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/gitea.twilightparadox.com/privkey.pem;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name gitea.twilightparadox.com;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:3000/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
 }

etc/nginx/include/gotify.conf

@@ -0,0 +1,23 @@
+server {
+    # touch /etc/nginx/include/gotify.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/gotify.phares.duckdns.org.key -out /etc/nginx/include/gotify.phares.duckdns.org.crt -config /etc/nginx/include/gotify.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name gotify.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:5016/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+        proxy_connect_timeout   600s;
+        proxy_set_header        Upgrade $http_upgrade;
+        proxy_set_header        Connection "upgrade";
+    }
+}

etc/nginx/include/immich-kiosk.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/immich-kiosk.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/immich-kiosk.phares.duckdns.org.key -out /etc/nginx/include/immich-kiosk.phares.duckdns.org.crt -config /etc/nginx/include/immich-kiosk.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name immich-kiosk.phares.duckdns.org;

etc/nginx/include/immich-to-slideshow.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/immich-to-slideshow.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/immich-to-slideshow.phares.duckdns.org.key -out /etc/nginx/include/immich-to-slideshow.phares.duckdns.org.crt -config /etc/nginx/include/immich-to-slideshow.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name immich-to-slideshow.phares.duckdns.org;

etc/nginx/include/immich.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/immich.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/immich.phares.duckdns.org.key -out /etc/nginx/include/immich.phares.duckdns.org.crt -config /etc/nginx/include/immich.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name immich.phares.duckdns.org;

etc/nginx/include/jmlc.conf

@@ -0,0 +1,12 @@
+server {
+    ssl_certificate /home/podman/wild-jmlc/fullchain.cer;
+    ssl_certificate_key /home/podman/wild-jmlc/jmlc.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name *.jmlc.duckdns.org;
+    root /var/www/html-jmlc;
+    index index.html index.htm;
+    location / {
+        try_files $uri $uri.html $uri/ =404;
+    }
+}

etc/nginx/include/kanbn-to-quartz.conf

@@ -0,0 +1,20 @@
+server {
+    # touch /etc/nginx/include/kanbn-to-quartz.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/kanbn-to-quartz.phares.duckdns.org.key -out /etc/nginx/include/kanbn-to-quartz.phares.duckdns.org.crt -config /etc/nginx/include/kanbn-to-quartz.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name kanbn-to-quartz.phares.duckdns.org;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:5024/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+		add_header Access-Control-Allow-Origin *;
+    }
+}

etc/nginx/include/kuma.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/kuma.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/kuma.phares.duckdns.org.key -out /etc/nginx/include/kuma.phares.duckdns.org.crt -config /etc/nginx/include/kuma.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name kuma.phares.duckdns.org;

etc/nginx/include/linkwarden.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/linkwarden.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/linkwarden.phares.duckdns.org.key -out /etc/nginx/include/linkwarden.phares.duckdns.org.crt -config /etc/nginx/include/linkwarden.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name linkwarden.phares.duckdns.org;

etc/nginx/include/mattermost.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/mattermost.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/mattermost.phares.duckdns.org.key -out /etc/nginx/include/mattermost.phares.duckdns.org.crt -config /etc/nginx/include/mattermost.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name mattermost.phares.duckdns.org;

etc/nginx/include/neko.conf

@@ -1,24 +0,0 @@
-server {
-    # touch /etc/nginx/include/neko.phares.duckdns.org
-    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/neko.phares.duckdns.org.key -out /etc/nginx/include/neko.phares.duckdns.org.crt -config /etc/nginx/include/neko.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
-    ssl_protocols TLSv1.2 TLSv1.3;
-    listen 443 ssl http2;
-    server_name neko.phares.duckdns.org;
-    location / {
-        # https://neko.m1k1o.net/#/getting-started/reverse-proxy
-        proxy_pass http://192.168.11.2:8082/;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_read_timeout 86400;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $remote_addr;
-        proxy_set_header X-Forwarded-Host $host;
-        proxy_set_header X-Forwarded-Port $server_port;
-        proxy_set_header X-Forwarded-Protocol $scheme;
-    }
-}

etc/nginx/include/odoo.conf

@@ -1,19 +0,0 @@
-server {
-    # touch /etc/nginx/include/odoo.ddns.net
-    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/odoo.ddns.net.key -out /etc/nginx/include/odoo.ddns.net.crt -config /etc/nginx/include/odoo.ddns.net
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
-    ssl_protocols TLSv1.2 TLSv1.3;
-    listen 443 ssl http2;
-    server_name odoo.phares.duckdns.org;
-    location / {
-        proxy_set_header        Host $host;
-        proxy_set_header        X-Real-IP $remote_addr;
-        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass              http://192.168.11.2:8069/;
-        proxy_read_timeout      600s;
-        proxy_send_timeout      600s;
-    }
-}

etc/nginx/include/passed.conf

@@ -0,0 +1,23 @@
+server {
+    # touch /etc/nginx/include/passed.phares.duckdns.org
+    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/passed.phares.duckdns.org.key -out /etc/nginx/include/passed.phares.duckdns.org.crt -config /etc/nginx/include/passed.phares.duckdns.org
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    listen 443 ssl http2;
+    server_name passed.phares.duckdns.org;
+    client_max_body_size 5000m;
+    location / {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://192.168.11.2:5022/;
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+        proxy_connect_timeout   600s;
+        proxy_set_header        Upgrade $http_upgrade;
+        proxy_set_header        Connection "upgrade";
+    }
+}

etc/nginx/include/pgadmin.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/pgadmin.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/pgadmin.phares.duckdns.org.key -out /etc/nginx/include/pgadmin.phares.duckdns.org.crt -config /etc/nginx/include/pgadmin.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name pgadmin.phares.duckdns.org;

etc/nginx/include/phares.conf

@@ -1,12 +1,12 @@
-# server {
+server {
-# listen 80 default_server;
+    listen 80 default_server;
-# root /var/www/certbot;
+    root /var/www/certbot;
-# index index.html index.htm index.nginx-debian.html;
+    index index.html index.htm index.nginx-debian.html;
-# server_name phares.duckdns.org;
+    server_name _;
-# location / {
+    location / {
-# try_files $uri $uri/ =404;
+        try_files $uri $uri/ =404;
-# }
+    }
-# }
+}
 server {
 	listen 8083 default_server;
 	root /var/www/html-nginx;
@@ -19,9 +19,9 @@ server {
 server {
     # touch /etc/nginx/include/phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/phares.duckdns.org.key -out /etc/nginx/include/phares.duckdns.org.crt -config /etc/nginx/include/phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name phares.duckdns.org;

etc/nginx/include/quartz.conf

@@ -10,9 +10,9 @@ server {
 server {
     # touch /etc/nginx/include/quartz.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/quartz.phares.duckdns.org.key -out /etc/nginx/include/quartz.phares.duckdns.org.crt -config /etc/nginx/include/quartz.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name quartz.phares.duckdns.org;

etc/nginx/include/slideshow.conf

@@ -11,9 +11,9 @@ server {
 server {
     # touch /etc/nginx/include/slideshow.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/slideshow.phares.duckdns.org.key -out /etc/nginx/include/slideshow.phares.duckdns.org.crt -config /etc/nginx/include/slideshow.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name slideshow.phares.duckdns.org;

etc/nginx/include/vaultwarden.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/vaultwarden.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/vaultwarden.phares.duckdns.org.key -out /etc/nginx/include/vaultwarden.phares.duckdns.org.crt -config /etc/nginx/include/vaultwarden.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     # server_tokens off;

etc/nginx/include/warden.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/warden.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/warden.phares.duckdns.org.key -out /etc/nginx/include/warden.phares.duckdns.org.crt -config /etc/nginx/include/warden.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     # server_tokens off;

etc/nginx/include/xandikos.conf

@@ -1,9 +1,9 @@
 server {
     # touch /etc/nginx/include/xandikos.phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/xandikos.phares.duckdns.org.key -out /etc/nginx/include/xandikos.phares.duckdns.org.crt -config /etc/nginx/include/xandikos.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name xandikos.phares.duckdns.org;

etc/nginx/sites-available/default

@@ -1,33 +1,9 @@
-include /etc/nginx/include/adguard.conf; # https://adguard.phares.duckdns.org # http://192.168.11.2:3002/
-include /etc/nginx/include/affirm.conf; # https://*.affirm.duckdns.org # /var/www/html-affirm
-include /etc/nginx/include/baikal.conf; # https://baikal.phares.duckdns.org # http://192.168.11.2:8001/
-include /etc/nginx/include/bchs.conf; # https://*.bchs.duckdns.org # /var/www/html-bchs
-include /etc/nginx/include/blinko.conf; # https://blinko.phares.duckdns.org # http://192.168.11.2:5012/
-include /etc/nginx/include/cockpit.conf; # https://cockpit.phares.duckdns.org # https://127.0.0.1:9090/
-include /etc/nginx/include/dashkiosk.conf; # https://dashkiosk.phares.duckdns.org # http://192.168.11.2:9400/
-include /etc/nginx/include/firefox.conf; # https://firefox.phares.duckdns.org # http://192.168.11.2:5800/
-include /etc/nginx/include/gitea.conf; # https://gitea.phares.duckdns.org # http://192.168.11.2:3000/
-include /etc/nginx/include/immich-kiosk.conf; # https://immich-kiosk.phares.duckdns.org # http://192.168.11.2:5010/
-include /etc/nginx/include/immich-to-slideshow.conf; # https://immich-to-slideshow.phares.duckdns.org # http://192.168.11.2:5009/
-include /etc/nginx/include/immich.conf; # https://immich.phares.duckdns.org # http://192.168.11.2:3001/
-include /etc/nginx/include/kuma.conf; # https://kuma.phares.duckdns.org # https://192.168.11.2:3004/
-include /etc/nginx/include/linkwarden.conf; # https://linkwarden.phares.duckdns.org # http://192.168.11.2:5011/
-include /etc/nginx/include/mattermost.conf; # https://mattermost.phares.duckdns.org # https://192.168.11.2:8443/
-include /etc/nginx/include/neko.conf; # https://neko.phares.duckdns.org # http://192.168.11.2:8082/
-include /etc/nginx/include/odoo.conf; # https://odoo.phares.duckdns.org # http://192.168.11.2:8069/
-include /etc/nginx/include/pgadmin.conf; # https://pgadmin.phares.duckdns.org # https://192.168.11.2:5007/
-include /etc/nginx/include/phares.conf; # https://phares.duckdns.org # /var/www/html-nginx
-include /etc/nginx/include/quartz.conf; # https://quartz.phares.duckdns.org # /var/www/html-quartz
-include /etc/nginx/include/slideshow.conf; # https://slideshow.phares.duckdns.org # /var/www/html-slideshow
-include /etc/nginx/include/vaultwarden.conf; # https://vaultwarden.phares.duckdns.org # https://192.168.11.2:5008/
-include /etc/nginx/include/warden.conf; # https://warden.phares.duckdns.org # https://192.168.11.2:5008/
-include /etc/nginx/include/xandikos.conf; # https://xandikos.phares.duckdns.org # http://192.168.11.2:8000/
 server {
     # touch /etc/nginx/include/phares.duckdns.org
     # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/phares.duckdns.org.key -out /etc/nginx/include/phares.duckdns.org.crt -config /etc/nginx/include/phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
+    ssl_certificate /home/podman/wild-phares/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
+    # ssl_certificate /home/podman/wild-phares/phares.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
+    ssl_certificate_key /home/podman/wild-phares/phares.duckdns.org.key;
     ssl_protocols TLSv1.2 TLSv1.3;
     listen 443 ssl http2;
     server_name *.phares.duckdns.org;
@@ -37,4 +13,34 @@ server {
         try_files $uri $uri.html $uri/ =404;
     }
 }
+include /etc/nginx/include/2fauth.conf; # https://2fauth.phares.duckdns.org # https://192.168.11.2:5015/
+include /etc/nginx/include/adguard.conf; # https://adguard.phares.duckdns.org # http://192.168.11.2:5014/
+include /etc/nginx/include/authentik.conf; # https://authentik.phares.duckdns.org # https://192.168.11.2:5018/
+include /etc/nginx/include/affirm.conf; # https://*.affirm.duckdns.org # /var/www/html-affirm
+include /etc/nginx/include/baikal.conf; # https://baikal.phares.duckdns.org # http://192.168.11.2:8001/
+include /etc/nginx/include/beszel.conf; # https://beszel.phares.duckdns.org # http://192.168.11.2:5023/
+include /etc/nginx/include/bchs.conf; # https://*.bchs.duckdns.org # /var/www/html-bchs
+include /etc/nginx/include/blinko.conf; # https://blinko.phares.duckdns.org # http://192.168.11.2:5012/
+include /etc/nginx/include/cockpit.conf; # https://cockpit.phares.duckdns.org # https://127.0.0.1:9090/
+include /etc/nginx/include/dashkiosk.conf; # https://dashkiosk.phares.duckdns.org # http://192.168.11.2:9400/
+include /etc/nginx/include/dorico.conf; # https://dorico.phares.duckdns.org # /home/lphares/dorico
+include /etc/nginx/include/firefox.conf; # https://firefox.phares.duckdns.org # http://192.168.11.2:5800/
+include /etc/nginx/include/gitea.conf; # https://gitea.phares.duckdns.org # http://192.168.11.2:3000/
+include /etc/nginx/include/gotify.conf; # https://gotify.phares.duckdns.org # http://192.168.11.2:5016/
+include /etc/nginx/include/immich-kiosk.conf; # https://immich-kiosk.phares.duckdns.org # http://192.168.11.2:5010/
+include /etc/nginx/include/immich-to-slideshow.conf; # https://immich-to-slideshow.phares.duckdns.org # http://192.168.11.2:5009/
+include /etc/nginx/include/immich.conf; # https://immich.phares.duckdns.org # http://192.168.11.2:3001/
+include /etc/nginx/include/jmlc.conf; # https://*.jmlc.duckdns.org # /var/www/html-jmlc
+include /etc/nginx/include/kanbn-to-quartz.conf; # https://kanbn-to-quartz.phares.duckdns.org # http://192.168.11.2:5024/
+include /etc/nginx/include/kuma.conf; # https://kuma.phares.duckdns.org # https://192.168.11.2:3004/
+include /etc/nginx/include/linkwarden.conf; # https://linkwarden.phares.duckdns.org # http://192.168.11.2:5011/
+include /etc/nginx/include/mattermost.conf; # https://mattermost.phares.duckdns.org # https://192.168.11.2:8443/
+include /etc/nginx/include/passed.conf; # https://passed.phares.duckdns.org # http://192.168.11.2:5022/
+include /etc/nginx/include/pgadmin.conf; # https://pgadmin.phares.duckdns.org # https://192.168.11.2:5007/
+include /etc/nginx/include/phares.conf; # https://phares.duckdns.org # /var/www/html-nginx
+include /etc/nginx/include/quartz.conf; # https://quartz.phares.duckdns.org # /var/www/html-quartz
+include /etc/nginx/include/slideshow.conf; # https://slideshow.phares.duckdns.org # /var/www/html-slideshow
+include /etc/nginx/include/vaultwarden.conf; # https://vaultwarden.phares.duckdns.org # https://192.168.11.2:5008/
+include /etc/nginx/include/warden.conf; # https://warden.phares.duckdns.org # https://192.168.11.2:5008/
+include /etc/nginx/include/xandikos.conf; # https://xandikos.phares.duckdns.org # http://192.168.11.2:8000/
 # ssh root@free.file.sync.root -i C:/Users/phares/.ssh/id_ed25519

etc/systemd/system/snap.adguard-home.adguard-home.service

@@ -1,9 +1,9 @@
 [Unit]
 # Auto-generated, DO NOT EDIT
 Description=Service for snap application adguard-home.adguard-home
-Requires=snap-adguard\x2dhome-7577.mount
+Requires=snap-adguard\x2dhome-7701.mount
 Wants=network.target
-After=snap-adguard\x2dhome-7577.mount network.target snapd.apparmor.service
+After=snap-adguard\x2dhome-7701.mount network.target snapd.apparmor.service
 X-Snappy=yes
 
 [Service]
@@ -11,7 +11,7 @@ EnvironmentFile=-/etc/environment
 ExecStart=/usr/bin/snap run adguard-home
 SyslogIdentifier=adguard-home.adguard-home
 Restart=always
-WorkingDirectory=/var/snap/adguard-home/7577
+WorkingDirectory=/var/snap/adguard-home/7701
 TimeoutStopSec=30
 Type=simple
 

etc/systemd/system/snap.certbot.renew.service

@@ -1,9 +1,9 @@
 [Unit]
 # Auto-generated, DO NOT EDIT
 Description=Service for snap application certbot.renew
-Requires=snap-certbot-4193.mount
+Requires=snap-certbot-4325.mount
 Wants=network.target
-After=snap-certbot-4193.mount network.target snapd.apparmor.service
+After=snap-certbot-4325.mount network.target snapd.apparmor.service
 X-Snappy=yes
 
 [Service]
@@ -11,6 +11,6 @@ EnvironmentFile=-/etc/environment
 ExecStart=/usr/bin/snap run --timer="00:00~24:00/2" certbot.renew
 SyslogIdentifier=certbot.renew
 Restart=no
-WorkingDirectory=/var/snap/certbot/4193
+WorkingDirectory=/var/snap/certbot/4325
 TimeoutStopSec=30
 Type=oneshot

etc/systemd/system/snap.certbot.renew.timer

@@ -1,14 +1,14 @@
 [Unit]
 # Auto-generated, DO NOT EDIT
 Description=Timer renew for snap application certbot.renew
-Requires=snap-certbot-4193.mount
+Requires=snap-certbot-4325.mount
-After=snap-certbot-4193.mount
+After=snap-certbot-4325.mount
 X-Snappy=yes
 
 [Timer]
 Unit=snap.certbot.renew.service
-OnCalendar=*-*-* 06:46
+OnCalendar=*-*-* 11:01
-OnCalendar=*-*-* 14:10
+OnCalendar=*-*-* 12:54
 
 [Install]
 WantedBy=timers.target

etc/systemd/system/snap.vaultwarden.vaultwarden.service

@@ -1,9 +1,9 @@
 [Unit]
 # Auto-generated, DO NOT EDIT
 Description=Service for snap application vaultwarden.vaultwarden
-Requires=snap-vaultwarden-155.mount
+Requires=snap-vaultwarden-158.mount
 Wants=network.target
-After=snap-vaultwarden-155.mount network.target snapd.apparmor.service
+After=snap-vaultwarden-158.mount network.target snapd.apparmor.service
 X-Snappy=yes
 
 [Service]
@@ -11,7 +11,7 @@ EnvironmentFile=-/etc/environment
 ExecStart=/usr/bin/snap run vaultwarden
 SyslogIdentifier=vaultwarden.vaultwarden
 Restart=on-failure
-WorkingDirectory=/var/snap/vaultwarden/155
+WorkingDirectory=/var/snap/vaultwarden/158
 TimeoutStopSec=30
 Type=simple
 

etc/ufw/user.rules

@@ -2,10 +2,102 @@
 :ufw-user-input - [0:0]
 :ufw-user-output - [0:0]
 :ufw-user-forward - [0:0]
+:ufw-before-logging-input - [0:0]
+:ufw-before-logging-output - [0:0]
+:ufw-before-logging-forward - [0:0]
+:ufw-user-logging-input - [0:0]
+:ufw-user-logging-output - [0:0]
+:ufw-user-logging-forward - [0:0]
+:ufw-after-logging-input - [0:0]
+:ufw-after-logging-output - [0:0]
+:ufw-after-logging-forward - [0:0]
+:ufw-logging-deny - [0:0]
+:ufw-logging-allow - [0:0]
 :ufw-user-limit - [0:0]
 :ufw-user-limit-accept - [0:0]
 ### RULES ###
+
+### tuple ### allow tcp 53 0.0.0.0/0 any 0.0.0.0/0 in comment=30312920444e5320544350
+-A ufw-user-input -p tcp --dport 53 -j ACCEPT
+
+### tuple ### allow udp 53 0.0.0.0/0 any 0.0.0.0/0 in comment=30322920444e5320554450
+-A ufw-user-input -p udp --dport 53 -j ACCEPT
+
+### tuple ### allow tcp 67 0.0.0.0/0 any 0.0.0.0/0 in comment=303329204448435020544350
+-A ufw-user-input -p tcp --dport 67 -j ACCEPT
+
+### tuple ### allow udp 67 0.0.0.0/0 any 0.0.0.0/0 in comment=303429204448435020554450
+-A ufw-user-input -p udp --dport 67 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 443 0.0.0.0/0 in comment=303529204854545053
+-A ufw-user-input -p tcp --sport 443 -j ACCEPT
+-A ufw-user-input -p udp --sport 443 -j ACCEPT
+
+### tuple ### allow any 443 0.0.0.0/0 any 0.0.0.0/0 in comment=303629204854545053
+-A ufw-user-input -p tcp --dport 443 -j ACCEPT
+-A ufw-user-input -p udp --dport 443 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 22 192.168.11.0/25 in comment=30372920535348
+-A ufw-user-input -p tcp -s 192.168.11.0/25 --sport 22 -j ACCEPT
+-A ufw-user-input -p udp -s 192.168.11.0/25 --sport 22 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 22 192.168.21.0/25 in comment=30382920535348
+-A ufw-user-input -p tcp -s 192.168.21.0/25 --sport 22 -j ACCEPT
+-A ufw-user-input -p udp -s 192.168.21.0/25 --sport 22 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 22 192.168.31.0/25 in comment=30392920535348
+-A ufw-user-input -p tcp -s 192.168.31.0/25 --sport 22 -j ACCEPT
+-A ufw-user-input -p udp -s 192.168.31.0/25 --sport 22 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 22 192.168.41.0/25 in comment=31302920535348
+-A ufw-user-input -p tcp -s 192.168.41.0/25 --sport 22 -j ACCEPT
+-A ufw-user-input -p udp -s 192.168.41.0/25 --sport 22 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 22 192.168.42.0/25 in comment=31312920535348
+-A ufw-user-input -p tcp -s 192.168.42.0/25 --sport 22 -j ACCEPT
+-A ufw-user-input -p udp -s 192.168.42.0/25 --sport 22 -j ACCEPT
+
+### tuple ### allow any any 0.0.0.0/0 22 192.168.43.0/25 in comment=31322920535348
+-A ufw-user-input -p tcp -s 192.168.43.0/25 --sport 22 -j ACCEPT
+-A ufw-user-input -p udp -s 192.168.43.0/25 --sport 22 -j ACCEPT
+
+### tuple ### allow any 22 192.168.11.0/25 any 0.0.0.0/0 in comment=31332920535348
+-A ufw-user-input -p tcp -d 192.168.11.0/25 --dport 22 -j ACCEPT
+-A ufw-user-input -p udp -d 192.168.11.0/25 --dport 22 -j ACCEPT
+
+### tuple ### allow any 22 192.168.21.0/25 any 0.0.0.0/0 in comment=31342920535348
+-A ufw-user-input -p tcp -d 192.168.21.0/25 --dport 22 -j ACCEPT
+-A ufw-user-input -p udp -d 192.168.21.0/25 --dport 22 -j ACCEPT
+
+### tuple ### allow any 22 192.168.31.0/25 any 0.0.0.0/0 in comment=31352920535348
+-A ufw-user-input -p tcp -d 192.168.31.0/25 --dport 22 -j ACCEPT
+-A ufw-user-input -p udp -d 192.168.31.0/25 --dport 22 -j ACCEPT
+
+### tuple ### allow any 22 192.168.41.0/25 any 0.0.0.0/0 in comment=31362920535348
+-A ufw-user-input -p tcp -d 192.168.41.0/25 --dport 22 -j ACCEPT
+-A ufw-user-input -p udp -d 192.168.41.0/25 --dport 22 -j ACCEPT
+
+### tuple ### allow any 22 192.168.42.0/25 any 0.0.0.0/0 in comment=31372920535348
+-A ufw-user-input -p tcp -d 192.168.42.0/25 --dport 22 -j ACCEPT
+-A ufw-user-input -p udp -d 192.168.42.0/25 --dport 22 -j ACCEPT
+
+### tuple ### allow any 22 192.168.43.0/25 any 0.0.0.0/0 in comment=31382920535348
+-A ufw-user-input -p tcp -d 192.168.43.0/25 --dport 22 -j ACCEPT
+-A ufw-user-input -p udp -d 192.168.43.0/25 --dport 22 -j ACCEPT
+
+### END RULES ###
+
+### LOGGING ###
+-A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+-A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+-A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+-A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+### END LOGGING ###
+
+### RATE LIMITING ###
 -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] "
 -A ufw-user-limit -j REJECT
 -A ufw-user-limit-accept -j ACCEPT
+### END RATE LIMITING ###
 COMMIT

home/podman/.config/containers/ignore/2fauth-server.container

@@ -0,0 +1,173 @@
+[Container]
+# AutoUpdate=registry
+ContainerName=2fauth-server
+# You can change the name of the app
+Environment="APP_NAME=2FAuth"
+# You can leave this on "local". If you change it to production most console commands will ask for extra confirmation.
+# Never set it to "testing".
+Environment="APP_ENV=local"
+# The timezone for your application, which is used to record dates and times to database. This global setting can be
+# overridden by users via in-app settings for a personalised dates and times display.
+# If this setting is changed while the application is already running, existing records in the database won't be updated
+Environment="APP_TIMEZONE=UTC"
+# Set to true if you want to see debug information in error screens.
+Environment="APP_DEBUG=false"
+# This should be your email address
+Environment="SITE_OWNER=mikepharesjr@msn.com"
+# The encryption key for  our database and sessions. Keep this very secure.
+# If you generate a new one all existing data must be considered LOST.
+# Change it to a string of exactly 32 chars or use command `php artisan key:generate` to generate it
+Environment="APP_KEY=uvL37oiI1By0J#5t5kZwYB~17CXI2J9A"
+# This variable must match your installation's external address.
+# Webauthn won't work otherwise.
+# Environment="APP_URL=http://localhost"
+# Environment="APP_URL=http://192.168.11.2"
+# Environment="APP_URL=http://192.168.11.2:5015"
+Environment="APP_URL=https://2fauth.phares.duckdns.org"
+# If you want to serve js assets from a CDN (like https://cdn.example.com),
+# uncomment the following line and set this var with the CDN url.
+# Otherwise, let this line commented.
+# - ASSET_URL=http://localhost
+#
+# Turn this to true if you want your app to react like a demo.
+# The Demo mode reset the app content every hours and set a generic demo user.
+Environment="IS_DEMO_APP=false"
+# The log channel defines where your log entries go to.
+# 'daily' is the default logging mode giving you 7 daily rotated log files in /storage/logs/.
+# Also available are 'errorlog', 'syslog', 'stderr', 'papertrail', 'slack' and a 'stack' channel
+# to combine multiple channels into a single one.
+Environment="LOG_CHANNEL=daily"
+# Log level. You can set this from least severe to most severe:
+# debug, info, notice, warning, error, critical, alert, emergency
+# If you set it to debug your logs will grow large, and fast. If you set it to emergency probably
+# nothing will get logged, ever.
+Environment="LOG_LEVEL=notice"
+# Database config (can only be sqlite)
+Environment="DB_DATABASE=/srv/database/database.sqlite"
+# If you're looking for performance improvements, you could install memcached.
+Environment="CACHE_DRIVER=file"
+Environment="SESSION_DRIVER=file"
+# Mail settings
+# Refer your email provider documentation to configure your mail settings
+# Set a value for every available setting to avoid issue
+Environment="MAIL_MAILER=log"
+Environment="MAIL_HOST=smtp.centurylink.net"
+Environment="MAIL_PORT=587"
+Environment="MAIL_USERNAME=phares@centurylink.net"
+Environment="MAIL_PASSWORD=Q7rOkv6#YdLCx4SBvMIAw"
+Environment="MAIL_ENCRYPTION=null"
+Environment="MAIL_FROM_NAME=Mik Phares"
+Environment="MAIL_FROM_ADDRESS=noreply@phares.duckdns.org"
+# SSL peer verification.
+# Set this to false to disable the SSL certificate validation.
+# WARNING
+# Disabling peer verification can result in a major security flaw.
+# Change it only if you know what you're doing.
+Environment="MAIL_VERIFY_SSL_PEER=false"
+# API settings
+# The maximum number of API calls in a minute from the same IP.
+# Once reached, all requests from this IP will be rejected until the minute has elapsed.
+# Set to null to disable the API throttling.
+Environment="THROTTLE_API=60"
+# Authentication settings
+# The number of times per minute a user can fail to log in before being locked out.
+# Once reached, all login attempts will be rejected until the minute has elapsed.
+# This setting applies to both email/password and webauthn login attempts.
+Environment="LOGIN_THROTTLE=5"
+# The default authentication guard
+# Supported:
+#   'web-guard' : The Laravel built-in auth system (default if nulled)
+#   'reverse-proxy-guard' : When 2FAuth is deployed behind a reverse-proxy that handle authentication
+# WARNING
+# When using 'reverse-proxy-guard' 2FAuth only look for the dedicated headers and skip all other built-in
+# authentication checks. That means your proxy is fully responsible of the authentication process, 2FAuth will
+# trust him as long as headers are presents.
+Environment="AUTHENTICATION_GUARD=web-guard"
+# Authentication log retention time, in days.
+# Log entries older than that are automatically deleted.
+Environment="AUTHENTICATION_LOG_RETENTION=365"
+# Name of the HTTP headers sent by the reverse proxy that identifies the authenticated user at proxy level.
+# Check your proxy documentation to find out how these headers are named (i.e 'REMOTE_USER', 'REMOTE_EMAIL', etc...)
+# (only relevant when AUTHENTICATION_GUARD is set to 'reverse-proxy-guard')
+Environment="AUTH_PROXY_HEADER_FOR_USER=null"
+Environment="AUTH_PROXY_HEADER_FOR_EMAIL=null"
+# Custom logout URL to open when using an auth proxy.
+Environment="PROXY_LOGOUT_URL=null"
+# WebAuthn settings
+# Relying Party name, aka the name of the application. If blank, defaults to APP_NAME. Do not set to null.
+Environment="WEBAUTHN_NAME=2FAuth"
+# Relying Party ID, should equal the site domain (i.e 2fauth.example.com).
+# If null, the device will fill it internally (recommended)
+# See https://webauthn-doc.spomky-labs.com/prerequisites/the-relying-party#how-to-determine-the-relying-party-id
+Environment="WEBAUTHN_ID=null"
+# Use this setting to control how user verification behave during the
+# WebAuthn authentication flow.
+#
+# Most authenticators and smartphones will ask the user to actively verify
+# themselves for log in. For example, through a touch plus pin code,
+# password entry, or biometric recognition (e.g., presenting a fingerprint).
+# The intent is to distinguish one user from any other.
+#
+# Supported:
+#   'required': Will ALWAYS ask for user verification
+#   'preferred' (default) : Will ask for user verification IF POSSIBLE
+#   'discouraged' : Will NOT ask for user verification (for example, to minimize disruption to the user interaction flow)
+Environment="WEBAUTHN_USER_VERIFICATION=preferred"
+#### SSO settings (for Socialite) ####
+# Uncomment and complete lines for the OAuth providers you want to enable.
+# - OPENID_AUTHORIZE_URL=
+# - OPENID_TOKEN_URL=
+# - OPENID_USERINFO_URL=
+# - OPENID_CLIENT_ID=
+# - OPENID_CLIENT_SECRET=
+# - GITHUB_CLIENT_ID=
+# - GITHUB_CLIENT_SECRET=
+# Use this setting to declare trusted proxied.
+# Supported:
+#   '*': to trust any proxy
+#   A comma separated IP list: The list of proxies IP to trust
+Environment="TRUSTED_PROXIES=null"
+# Proxy for outgoing requests like new releases detection or logo fetching.
+# You can provide a proxy URL that contains a scheme, username, and password.
+# For example, "http://username:password@192.168.16.1:10".
+Environment="PROXY_FOR_OUTGOING_REQUESTS=null"
+# Leave the following configuration vars as is.
+# Unless you like to tinker and know what you're doing.
+Environment="BROADCAST_DRIVER=log"
+Environment="QUEUE_DRIVER=sync"
+Environment="SESSION_LIFETIME=120"
+Environment="REDIS_HOST=127.0.0.1"
+Environment="REDIS_PASSWORD=null"
+Environment="REDIS_PORT=6379"
+Environment="PUSHER_APP_ID="
+Environment="PUSHER_APP_KEY="
+Environment="PUSHER_APP_SECRET="
+Environment="PUSHER_APP_CLUSTER=mt1"
+Environment="VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}""
+Environment="VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}""
+Environment="MIX_ENV=local"
+Image=docker.io/2fauth/2fauth
+# Network=2fauth.network
+# Pod=2fauth.pod
+PublishPort=5015:44311
+Volume=2fauth-server-data:/2fauth:Z
+Volume=/home/podman/2fauth/nginx.conf:/etc/nginx/nginx.conf:ro
+Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro
+Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro
+
+[Service]
+Restart=no
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull docker.io/2fauth/2fauth
+# systemctl --user daemon-reload
+# systemctl --user start 2fauth-server
+# systemctl --user status 2fauth-server --lines=999
+# journalctl -fu 2fauth-server.service
+# podman logs 2fauth-server
+# systemctl --user stop 2fauth-server
+# systemctl --user disable 2fauth-server
+# podman exec -ti 2fauth-server /bin/sh
+# podman exec -ti 2fauth-server /bin/bash

home/podman/.config/containers/ignore/actual-server.container

@@ -0,0 +1,36 @@
+[Container]
+AutoUpdate=registry
+ContainerName=actual-server
+Environment="ACTUAL_HOSTNAME=0.0.0.0"
+# Environment="ACTUAL_HTTPS_CERT=/certs/server.cert"
+# Environment="ACTUAL_HTTPS_KEY=/certs/server"
+# Environment="ACTUAL_PORT=5006"
+# Environment="ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB=20"
+# Environment="ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB=20"
+# Environment="ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SYNC_SIZE_LIMIT_MB=50"
+Image=docker.io/actualbudget/actual-server:latest
+# Network=actual.network
+# Pod=actual.pod
+PublishPort=5013:5006
+Volume=/etc/localtime:/etc/localtime:ro
+Volume=/etc/timezone:/etc/timezone:ro
+Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro
+Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro
+Volume=actual-server-data.volume:/data:rw
+
+[Service]
+Restart=no
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull docker.io/actualbudget/actual-server:latest
+# systemctl --user daemon-reload
+# systemctl --user start actual-server
+# systemctl --user status actual-server --lines=999
+# journalctl -fu actual-server.service
+# podman logs actual-server
+# systemctl --user stop actual-server
+# systemctl --user disable actual-server
+# podman exec -ti actual-server /bin/sh
+# podman exec -ti actual-server /bin/bash

home/podman/.config/containers/ignore/authentik-db.container

@@ -0,0 +1,36 @@
+[Container]
+# AutoUpdate=registry
+ContainerName=authentik-db
+Environment="POSTGRES_USER=authentik"
+Environment="POSTGRES_PASSWORD=OCxfxtWadNuXslBbfWw9c0JXLMu+bWngv+qk9Ya65sw="
+Environment="POSTGRES_DB=authentik"
+Environment="TZ=America/Phoenix"
+Image=docker.io/library/postgres:16.6
+HealthCmd=pg_isready -U authentik
+HealthInterval=30s
+HealthRetries=5
+HealthStartPeriod=20s
+HealthTimeout=3s
+# Network=authentik.network
+# Pod=authentik.pod
+PublishPort=5439:5432
+Volume=/etc/localtime:/etc/localtime:ro
+Volume=/etc/timezone:/etc/timezone:ro
+Volume=authentik-db-data:/data:Z
+
+[Service]
+Restart=no
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull docker.io/library/postgres:16.6
+# systemctl --user daemon-reload
+# systemctl --user start authentik-db
+# systemctl --user status authentik-db --lines=999
+# journalctl -fu authentik-db.service
+# podman logs authentik-db
+# systemctl --user stop authentik-db
+# systemctl --user disable authentik-db
+# podman exec -ti authentik-db /bin/sh
+# podman exec -ti authentik-db /bin/bash

home/podman/.config/containers/ignore/authentik-redis.container

@@ -0,0 +1,36 @@
+[Container]
+# AutoUpdate=registry
+ContainerName=authentik-redis
+Exec=--save 60 1 --loglevel warning
+# Environment="AUTHENTIK_REDIS__HOST=192.168.11.2"
+HealthCmd=/usr/local/bin/redis-cli ping || grep PONG
+HealthInterval=30s
+HealthRetries=5
+HealthStartPeriod=20s
+HealthTimeout=3s
+Image=docker.io/library/redis:7.4.1
+# Network=authentik.network
+# Pod=authentik.pod
+PublishPort=5021:6379
+Volume=authentik-redis-data:/data:Z
+
+[Service]
+Restart=no
+
+[Unit]
+Requires=authentik-db.service
+After=authentik-db.service
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull docker.io/library/redis:7.4.1
+# systemctl --user daemon-reload
+# systemctl --user start authentik-redis
+# systemctl --user status authentik-redis --lines=999
+# journalctl -fu authentik-redis.service
+# podman logs authentik-redis
+# systemctl --user stop authentik-redis
+# systemctl --user disable authentik-redis
+# podman exec -ti authentik-redis /bin/sh
+# podman exec -ti authentik-redis /bin/bash

home/podman/.config/containers/ignore/authentik-server.container

@@ -0,0 +1,55 @@
+[Container]
+ContainerName=authentik-server
+Environment="AUTHENTIK_POSTGRESQL__CONN_MAX_AGE=0"
+Environment="AUTHENTIK_POSTGRESQL__HOST=192.168.11.2"
+Environment="AUTHENTIK_POSTGRESQL__NAME=authentik"
+Environment="AUTHENTIK_POSTGRESQL__PASSWORD=OCxfxtWadNuXslBbfWw9c0JXLMu+bWngv+qk9Ya65sw="
+Environment="AUTHENTIK_POSTGRESQL__PORT=5439"
+Environment="AUTHENTIK_POSTGRESQL__USER=authentik"
+Environment="AUTHENTIK_REDIS__HOST=192.168.11.2"
+Environment="AUTHENTIK_REDIS__PORT=5021"
+# (Required)  To generate a secret key run the following command:
+#             echo $(openssl rand -base64 32)
+Environment="AUTHENTIK_SECRET_KEY=mlZ57mWthun9b8SPaS7Ptl0bBQX4OvyRanbqdQ+5e/k="
+# (Optional)  Enable Error Reporting
+# Environment="AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false}"
+# (Optional)  Enable Email Sending
+# Environment="AUTHENTIK_EMAIL__HOST=smtp.centurylink.net"
+# Environment="AUTHENTIK_EMAIL__PORT=587"
+# Environment="AUTHENTIK_EMAIL__USERNAME=phares@centurylink.net"
+# Environment="AUTHENTIK_EMAIL__PASSWORD=Q7rOkv6#YdLCx4SBvMIAw"
+# Environment="AUTHENTIK_EMAIL__USE_TLS=false"
+# Environment="AUTHENTIK_EMAIL__USE_SSL=false"
+# Environment="AUTHENTIK_EMAIL__TIMEOUT=10"
+# Environment="AUTHENTIK_EMAIL__FROM=noreply@phares.duckdns.org"
+Exec=server
+Image=ghcr.io/goauthentik/server:2024.12.1
+PublishPort=5017:9000
+PublishPort=5018:9443
+Volume=/etc/localtime:/etc/localtime:ro
+Volume=/etc/timezone:/etc/timezone:ro
+Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro
+Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro
+Volume=authentik-server-media:/media:Z
+Volume=authentik-server-templates:/templates:Z
+
+[Service]
+Restart=no
+
+[Unit]
+Requires=authentik-worker.service
+After=authentik-worker.service
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull ghcr.io/goauthentik/server:2024.12.1
+# systemctl --user daemon-reload
+# systemctl --user start authentik-server
+# systemctl --user status authentik-server --lines=999
+# journalctl -fu authentik-server.service
+# podman logs authentik-server
+# systemctl --user stop authentik-server
+# systemctl --user disable authentik-server
+# podman exec -ti authentik-server /bin/sh
+# podman exec -ti authentik-server /bin/bash

home/podman/.config/containers/ignore/authentik-worker.container

@@ -0,0 +1,57 @@
+[Container]
+ContainerName=authentik-worker
+Environment="AUTHENTIK_POSTGRESQL__CONN_MAX_AGE=0"
+Environment="AUTHENTIK_POSTGRESQL__HOST=192.168.11.2"
+Environment="AUTHENTIK_POSTGRESQL__NAME=authentik"
+Environment="AUTHENTIK_POSTGRESQL__PASSWORD=OCxfxtWadNuXslBbfWw9c0JXLMu+bWngv+qk9Ya65sw="
+Environment="AUTHENTIK_POSTGRESQL__PORT=5439"
+Environment="AUTHENTIK_POSTGRESQL__USER=authentik"
+Environment="AUTHENTIK_REDIS__HOST=192.168.11.2"
+Environment="AUTHENTIK_REDIS__PORT=5021"
+# (Required)  To generate a secret key run the following command:
+#             echo $(openssl rand -base64 32)
+Environment="AUTHENTIK_SECRET_KEY=QvqdN5Pn4piWcoof1yPDa0FcaGnOL1gHAiSImJjEGZl6pypRgE2nCps8DTd4R9UHqfFuOtR9jhCelmQ2"
+# (Optional)  Enable Error Reporting
+# Environment="AUTHENTIK_ERROR_REPORTING__ENABLED=true"
+# (Optional)  Enable Email Sending
+# Environment="AUTHENTIK_EMAIL__HOST=smtp.centurylink.net"
+# Environment="AUTHENTIK_EMAIL__PORT=587"
+# Environment="AUTHENTIK_EMAIL__USERNAME=phares@centurylink.net"
+# Environment="AUTHENTIK_EMAIL__PASSWORD=Q7rOkv6#YdLCx4SBvMIAw"
+# Environment="AUTHENTIK_EMAIL__USE_TLS=false"
+# Environment="AUTHENTIK_EMAIL__USE_SSL=false"
+# Environment="AUTHENTIK_EMAIL__TIMEOUT=10"
+# Environment="AUTHENTIK_EMAIL__FROM=noreply@phares.duckdns.org"
+Exec=worker
+Image=ghcr.io/goauthentik/server:2024.12.1
+PublishPort=5019:9000
+PublishPort=5020:9443
+Volume=/etc/localtime:/etc/localtime:ro
+Volume=/etc/timezone:/etc/timezone:ro
+Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro
+Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro
+Volume=authentik-server-media:/media:Z
+Volume=authentik-server-templates:/templates:Z
+
+[Service]
+Restart=no
+
+[Unit]
+Requires=authentik-db.service
+Requires=authentik-redis.service
+After=authentik-db.service
+After=authentik-redis.service
+
+[Install]
+WantedBy=multi-user.target default.target
+
+# podman pull ghcr.io/goauthentik/server:2024.12.1
+# systemctl --user daemon-reload
+# systemctl --user start authentik-worker
+# systemctl --user status authentik-worker --lines=999
+# journalctl -fu authentik-worker.service
+# podman logs authentik-worker
+# systemctl --user stop authentik-worker
+# systemctl --user disable authentik-worker
+# podman exec -ti authentik-worker /bin/sh
+# podman exec -ti authentik-worker /bin/bash

home/podman/.config/containers/ignore/mattermost-server-config.volume

@@ -0,0 +1 @@
+[Volume]

home/podman/.config/containers/ignore/mattermost-server-data.volume

@@ -0,0 +1 @@
+[Volume]

home/podman/.config/containers/ignore/mattermost-server-logs.volume

@@ -0,0 +1 @@
+[Volume]

home/podman/.config/containers/ignore/mattermost-server-plugins.volume

@@ -0,0 +1 @@
+[Volume]

home/podman/.config/containers/ignore/mattermost-server.container

@@ -7,9 +7,9 @@ Environment="MM_SERVICESETTINGS_SITEURL=https://mattermost.phares.duckdns.org"
 Environment="MM_SQLSETTINGS_DATASOURCE=postgres://mmuser:mmuser_password@192.168.11.2:5436/mattermost?sslmode=disable&connect_timeout=10"
 Environment="MM_SQLSETTINGS_DRIVERNAME=postgres"
 Environment="TZ=US/Arizona"
-# HealthCmd="curl -f http://192.168.11.2:8443/api/v4/system/ping || exit 1"
+# HealthCmd=ls
-# HealthCmd="curl -f https://mattermost.phares.duckdns.org/api/v4/system/ping || exit 1"
+# HealthCmd=curl -f http://0.0.0.0:8065/api/v4/system/ping || exit 1
-HealthCmd="ls"
+# HealthCmd=curl -f https://mattermost.phares.duckdns.org/api/v4/system/ping || exit 1
 # Image=docker.io/mattermost/mattermost-team-edition:9.11.2
 Image=docker.io/mattermost/mattermost-team-edition:release-10.3
 # Network=mattermost.network
@@ -47,4 +47,4 @@ WantedBy=multi-user.target default.target
 # systemctl --user stop mattermost-server
 # systemctl --user disable mattermost-server
 # podman exec -ti mattermost-server /bin/sh
-# podman exec -ti mattermost-server /bin/bash
+# podman exec -ti mattermost-server /bin/bash

home/podman/.config/containers/ignore/odoo-db-data.volume

@@ -0,0 +1 @@
+[Volume]