Differences

This shows you the differences between two versions of the page.

--- projectinsanity:server_setup [2022/06/02 00:38] – [host.pi] 10.25.0.100
+++ projectinsanity:server_setup [2022/08/12 20:20] (current) – [host.pi] 10.25.0.100
@@ Line 1: / Line 1: @@
- ====== host.pi ======
+====== host.pi ======
 ===== Specs =====
 x Dedicated Root Server SB32 (hetzner)
@@ Line 32: / Line 32: @@
   * IPv6: 2a01:4f8:191:327::2
 Im Rescue system:
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 installimage -a -n project-insanity -b grub -r yes -l 0 -i root/.oldroot/nfs/images/archlinux-latest-64-minimal.tar.gz -p /boot:ext4:2G,lvm:vg0:all -v vg0:swap:swap:swap:3G,vg0:root:/:btrfs:40G -f yes -s en
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ==== systemd-networkd ====
 on the installed host machine, had to change ''2a01:4f8:191:327::2/64'' to ''2a01:4f8:191:327::2/128''. Also ''Address=144.76.16.40'' to ''Address=144.76.16.40/32'':
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/networkd/10-enp3s0.network&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/networkd/10-enp3s0.network>
 ### Hetzner Online GmbH installimage
 [Match]
@@ Line 51: / Line 51: @@
 Peer=144.76.16.33/32
 IPForward=ipv4
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/networkd/25-bridge.netdev&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/networkd/25-bridge.netdev>
 [NetDev]
 Name=br-internal
 Kind=bridge
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/networkd/25-bridge.network&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/networkd/25-bridge.network>
 [Match]
 Name=br-internal
@@ Line 65: / Line 65: @@
 Address=10.25.0.1/24
 ConfigureWithoutCarrier=true
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 ==== core system ====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S mosh tmux htop dmidecode fail2ban openvpn qemu openbsd-netcat openssh easy-rsa fish pacman-contrib
 chsh -s $(which fish)
@@ Line 81: / Line 81: @@
 sed -i 's/^#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
 systemctl enable --now sshd fail2ban systemd-networkd systemd-resolved
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 dnsmasq settings, ready to listen on wireguard subnet
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/dnsmasq.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/dnsmasq.conf>
 [...]
 listen-address=127.0.0.1,10.25.0.1,10.25.40.1
@@ Line 92: / Line 92: @@
 server=8.8.8.8
 server=8.8.4.4
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 systemd resolved dns resolver settings
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/resolved.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/resolved.conf>
 [...]
 [resolve]
 DNSStubListener=no
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/resolved.conf.d/dns_over_tls.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/resolved.conf.d/dns_over_tls.conf>
 [Resolve]
 DNSOverTLS=opportunistic
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/resolved.conf.d/dnssec.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/resolved.conf.d/dnssec.conf>
 [Resolve]
 DNSSEC=true
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/resolved.conf.d/dns_servers.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/resolved.conf.d/dns_servers.conf>
 [Resolve]
 DNS=2620:fe::fe 9.9.9.9
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/hosts&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/hosts>
 [...]
 .25.0.1 host.pi
@@ Line 139: / Line 139: @@
 a01:4f8:191:327::102 neutrino neutrino.pi
 a01:4f8:191:327::103 arne arne.pi
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 custom pi archlinux repo
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/pacman.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/pacman.conf>
 ...
 [projectinsanity]
 SigLevel = PackageOptional
 Server = https://onny.project-insanity.org/archlinux
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 archlinux auto update
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/pacman.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/pacman.conf>
 ...
 [projectinsanity]
 SigLevel = PackageOptional
 Server = https://onny.project-insanity.org/archlinux
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/autoupdate.service&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;[Unit]
+<file - /etc/systemd/system/autoupdate.service>[Unit]
 Description=Automatic Update
 After=network-online.target
@@ Line 160: / Line 160: @@
 [Service]
 Type=simple
-ExecStart=/usr/bin/sh -c &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;/usr/bin/pacman -Syuq --noconfirm --needed --noprogressbar &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; rm /var/cache/pacman/pkg/*.zst&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+ExecStart=/usr/bin/sh -c "/usr/bin/pacman -Syuq --noconfirm --needed --noprogressbar && rm /var/cache/pacman/pkg/*.zst"
 TimeoutStopSec=180
 KillMode=process
@@ Line 167: / Line 167: @@
 [Install]
 WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/autoupdate.timer&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/system/autoupdate.timer>
 [Unit]
  Description=Automatic Update when booted up after 5 minutes then check the system for updates every 60 minutes
@@ Line 179: / Line 179: @@
 [Install]
  WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 systemctl enable --now autoupdate.timer
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 automatic timed reboot after kernel upgrade
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/pacman.d/hooks/linux.hook&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/pacman.d/hooks/linux.hook>
 [Trigger]
 Operation = Install
@@ Line 195: / Line 195: @@
 When = PostTransaction
 Exec = /usr/bin/systemctl start kernel-upgrade.timer
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/kernel-upgrade.timer&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/system/kernel-upgrade.timer>
 [Unit]
 Description=Reboot in the morning after kernel upgrade
@@ Line 206: / Line 206: @@
 [Install]
 WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/kernel-upgrade.service&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/system/kernel-upgrade.service>
 [Unit]
 Description=Reboot after kernel upgrade
@@ Line 217: / Line 217: @@
 [Install]
 WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 ==== nftables ====
-nftables firewall &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; routing
+nftables firewall & routing
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/nftables.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/nftables.conf>
 define TCP_PORT_QUAKEJS_DS = 27960
 define TCP_PORT_IMAPS = 993
@@ Line 255: / Line 255: @@
 		type filter hook input priority filter; policy drop;
 		jump base_checks
-		iifname &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;lo&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; accept
+		iifname "lo" accept
 		ip protocol icmp icmp type { echo-reply, destination-unreachable, echo-request, time-exceeded, parameter-problem } accept
 		ip6 nexthdr ipv6-icmp icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, echo-reply, mld-listener-query, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
@@ Line 283: / Line 283: @@
 		type nat hook prerouting priority filter; policy accept;
-		iif &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;enp3s0&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; tcp dport { $TCP_PORT_HTTP, $TCP_PORT_HTTPS } dnat to $HOST_HTTP_PI
+		iif "enp3s0" tcp dport { $TCP_PORT_HTTP, $TCP_PORT_HTTPS } dnat to $HOST_HTTP_PI
 		# Forward web traffic to http.pi
@@ Line 289: / Line 289: @@
 		# Forward mail traffic to mail.pi
-		iif &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;enp3s0&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; tcp dport { $TCP_PORT_SMTP, $TCP_PORT_SMTPS, $TCP_PORT_IMAPS } dnat to $HOST_MAIL_PI
+		iif "enp3s0" tcp dport { $TCP_PORT_SMTP, $TCP_PORT_SMTPS, $TCP_PORT_IMAPS } dnat to $HOST_MAIL_PI
-		iif &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;enp3s0&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; tcp dport { $TCP_PORT_QUAKEJS_DS } dnat to $HOST_PLAYGROUND_PI
+		iif "enp3s0" tcp dport { $TCP_PORT_QUAKEJS_DS } dnat to $HOST_PLAYGROUND_PI
 	}
 	chain postrouting {
 		type nat hook postrouting priority srcnat; policy accept;
-		ip saddr 10.25.0.0/24 oif {&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;enp3s0&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;, &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;br-internal&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;} snat 144.76.16.40
+		ip saddr 10.25.0.0/24 oif {"enp3s0", "br-internal"} snat 144.76.16.40
 	}
 }
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - nftables.service.d/overwrite.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - nftables.service.d/overwrite.conf>
 [Unit]
 Wants=
@@ Line 311: / Line 311: @@
 Restart=always
 RestartSec=5
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S nftables
 systemctl enable --now nftables
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ==== libvirtd ====
 libvirt network configuration file
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /tmp/net-internal.xml&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /tmp/net-internal.xml>
-network connections='6'&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+network connections='6'>
-  &amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;name&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;internal&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/name&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+  <name>internal</name>
-  &amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;uuid&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;0a2dff47-afc7-4d27-91b0-5f61a1f5cbaa&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/uuid&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+  <uuid>0a2dff47-afc7-4d27-91b0-5f61a1f5cbaa</uuid>
-  &amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;forward mode='bridge'/&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+  <forward mode='bridge'/>
-  &amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;bridge name='br-internal'/&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+  <bridge name='br-internal'/>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/network&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</network>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 libvirt qemu hook
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S libvirt virt-install dnsmasq glusterfs
 virsh pool-define-as --name 'vg0' --type 'logical' --source-format 'lvm2' --target '/dev/vg0'
@@ Line 336: / Line 336: @@
 virsh net-autostart internal
 systemctl enable --now libvirtd
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ==== wireguard ====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S wireguard-tools
 cd /etc/wireguard
-wg genkey | tee privatekey | wg pubkey &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; publickey
+wg genkey | tee privatekey | wg pubkey > publickey
 chmod 600 privatekey
 chown root:root privatekey
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/network/99-server.netdev&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/network/99-server.netdev>
 [NetDev]
 Name = wg0
@@ Line 380: / Line 380: @@
 PublicKey = [PICLOUD_PUBKEY]
 AllowedIPs = 10.25.40.6/32
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/network/99-server.network&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/network/99-server.network>
 [Match]
 Name = wg0
@@ Line 390: / Line 390: @@
 DNSSEC=false
 IPForward=ipv4
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 === client ===
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S wireguard-tools
 cd /etc/wireguard
-wg genkey | tee privatekey | wg pubkey &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; publickey
+wg genkey | tee privatekey | wg pubkey > publickey
 chmod 600 privatekey
 chown root:root privatekey
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/network/99-client.netdev&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/network/99-client.netdev>
 [NetDev]
 Name = wg0
@@ Line 414: / Line 414: @@
 Endpoint = 144.76.16.40:51820
 PersistentKeepalive = 25
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/network/99-client.network&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/network/99-client.network>
 [Match]
 Name = wg0
@@ Line 421: / Line 421: @@
 [Network]
 Address = 10.25.40.2/16
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 systemctl restart systemd-networkd
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ==== systemd-journal logging server ====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/journal-remote.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/journal-remote.conf>
 [Remote]
 SplitMode=host
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/systemd-journal-remote.service&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/system/systemd-journal-remote.service>
 [Unit]
 Description=Journal Remote Sink Service
@@ Line 447: / Line 447: @@
 [Install]
 Also=systemd-journal-remote.socket
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 mkdir -p /var/log/journal/remote
 chown -R systemd-journal-remote:systemd-journal-remote /var/log/journal/remote
@@ Line 454: / Line 454: @@
 ufw allow from 10.25.0.0/24 to any proto tcp port 19532
 systemctl enable --now systemd-journal-remote
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ===== ArchLinux Gastsystem =====
 ==== Erstellen ====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 virt-install --video qxl --channel spicevmc --graphics spice,listen=127.0.0.1 --name=http --vcpus 4 --memory 8048 --disk pool=vg0,size=1000,bus=virtio --cdrom /var/lib/libvirt/images/archlinux-2018.06.01-x86_64.iso --network network:internal,model=virtio --virt-type kvm --autostart --noautoconsole
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ==== Löschen ====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 virsh destroy http
 virsh undefine http
 lvremove /dev/vg0/http
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ==== Speicher vergrößern ====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;virsh shutdown http
+<code bash>virsh shutdown http
 lvresize -L +20G vg0/http
-virsh start http&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+virsh start http</code>
 Auf dem Gastsystem ausführen:
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;sgdisk -og -a 1024 -n 1:1024:2047 -c 1:&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;BIOS Boot Partition&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; -t 1:ef02 /dev/vda
+<code bash>sgdisk -og -a 1024 -n 1:1024:2047 -c 1:"BIOS Boot Partition" -t 1:ef02 /dev/vda
-sgdisk -n2:2048:0 -c2:&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;ArchRoot&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; -p /dev/vda
+sgdisk -n2:2048:0 -c2:"ArchRoot" -p /dev/vda
 shutdown -h now # then start again after that
-btrfs filesystem resize max /&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+btrfs filesystem resize max /</code>
-Bei neueren Version von libguestfs-tools (&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;1.16.34) könnte man auch die Partitionstabelle und Dateisystem [[http://blog.oneiroi.co.uk/linux/kvm/virt-resize/RHEL/LVM/kvm-linux-expanding-a-lvm-guest-file-system-using-virt-resize/|von dem Host aus resizen]] und müsste dafür nicht das Gastsystem neustarten.
+Bei neueren Version von libguestfs-tools (>1.16.34) könnte man auch die Partitionstabelle und Dateisystem [[http://blog.oneiroi.co.uk/linux/kvm/virt-resize/RHEL/LVM/kvm-linux-expanding-a-lvm-guest-file-system-using-virt-resize/|von dem Host aus resizen]] und müsste dafür nicht das Gastsystem neustarten.
 ==== Backup ====
 Raw backup logical volume to picloud (homeserver onnuex)
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 lvcreate -s -n playground_snap -L 20G /dev/vg0/playground
-dd if=/dev/vg0/playground.img_snap bs=4096 | pv | gpg --batch --passphrase &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;my_secret_password&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; --symmetric --compress-algo zlib | ssh picloud@picloud.sexypump.de 'dd of=/mnt/backups/project-insanity/playground_$(date +&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;%Y-%m-%d&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;).img.gpg bs=4096'
+dd if=/dev/vg0/playground.img_snap bs=4096 | pv | gpg --batch --passphrase "my_secret_password" --symmetric --compress-algo zlib | ssh picloud@picloud.sexypump.de 'dd of=/mnt/backups/project-insanity/playground_$(date +"%Y-%m-%d").img.gpg bs=4096'
 lvremove /dev/vg0/playground_snap
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 Recover backup
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 gpg -o /mnt/playground.img -d /mnt/playground.img.gpg
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 Unfinished backup script:
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
-sas=&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;$1&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+sas="$1"
-password=&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;$2&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+password="$2"
-for vol in `lvs | cut -f3 -d &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; | tail -n+2`
+for vol in `lvs | cut -f3 -d " " | tail -n+2`
-	do echo &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;Backing up $vol&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+	do echo "Backing up $vol"
-	lvcreate -s -n &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;${vol}_snap&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; -L 20G &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;/dev/vg0/${vol}&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+	lvcreate -s -n "${vol}_snap" -L 20G "/dev/vg0/${vol}"
-	pv -cN source &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;/dev/vg0/${vol}_snap&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; | gpg --batch --passphrase &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;${password}&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; --symmetric --compress-algo zlib | azcopy cp &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;https://myaccount.blob.core.windows.net/mycontainer/${vol}_$(date +&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;%Y-%m-%d&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;).img.gpg?${sas}&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+	pv -cN source "/dev/vg0/${vol}_snap" | gpg --batch --passphrase "${password}" --symmetric --compress-algo zlib | azcopy cp "https://myaccount.blob.core.windows.net/mycontainer/${vol}_$(date +"%Y-%m-%d").img.gpg?${sas}"
-	lvremove &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;/dev/vg0/${vol}_snap&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+	lvremove "/dev/vg0/${vol}_snap"
 done
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ==== Einrichten ====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 mkfs.btrfs /dev/sda
 ifconfig eth0 10.25.0.120 up
@@ Line 508: / Line 508: @@
 ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
 pacstrap /mnt base base-devel tmux mosh yajl wipe rsync procps neovim lsof strace htop net-tools pkgfile dnsutils iotop aria2 tcpdump nload grub btrfs-progs gptfdisk ntp wget rxvt-unicode-terminfo pwgen mlocate fail2ban pv expac openssh git devtools fish nftables ripgrep bat fd pacman-contrib
-genfstab -p /mnt &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; /mnt/etc/fstab
+genfstab -p /mnt >> /mnt/etc/fstab
 arch-chroot /mnt
 chsh -s $(which fish)
@@ Line 517: / Line 517: @@
 mkdir /etc/pacman.d/hooks
 ln -s /usr/share/libalpm/hooks/30-systemd-daemon-reload.hook /etc/pacman.d/hooks/
-echo &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;http-pub2&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; /etc/hostname
+echo "http-pub2" >> /etc/hostname
 ln -sf /usr/share/zoneinfo/UTC /etc/localtime
 sed -i 's/#en_US.UTF-8/en_US.UTF-8/' /etc/locale.gen
 locale-gen
-echo 'LANG=&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;en_US.UTF-8&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;' &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; /etc/locale.conf
+echo 'LANG="en_US.UTF-8"' > /etc/locale.conf
-echo &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;KEYMAP=de&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; /etc/vconsole.conf
+echo "KEYMAP=de" > /etc/vconsole.conf
 mkinitcpio -p linux
 sed -i '/GRUB_TIMEOUT/s/5/0/' /etc/default/grub
@@ Line 536: / Line 536: @@
 updatedb
 pkgfile --update
-echo &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;UserParameter=archlinuxupdates,if [ -d /tmp/pacmandb ]; then fakeroot pacman -Syup --dbpath /tmp/pacmandb | grep &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;pkg.tar.xz&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; -c; else mkdir /tmp/pacmandb &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; ln -s /var/lib/pacman/local /tmp/pacmandb &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; fakeroot pacman -Syup --dbpath /tmp/pacmandb | grep &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;pkg.tar.xz&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; -c; fi&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; /etc/zabbix/zabbix_agentd.conf
+echo "UserParameter=archlinuxupdates,if [ -d /tmp/pacmandb ]; then fakeroot pacman -Syup --dbpath /tmp/pacmandb | grep "pkg.tar.xz" -c; else mkdir /tmp/pacmandb && ln -s /var/lib/pacman/local /tmp/pacmandb && fakeroot pacman -Syup --dbpath /tmp/pacmandb | grep "pkg.tar.xz" -c; fi" >> /etc/zabbix/zabbix_agentd.conf
 sed -i 's/^Server=.*$/Server=http-new.pi/g' /etc/zabbix/zabbix_agentd.conf
 systemctl enable --now sshd systemd-networkd nftables fail2ban systemd-resolved
@@ Line 542: / Line 542: @@
 exit
 reboot
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 === nftables ===
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/nftables.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/nftables.conf>
 table inet filter {
         set tcp_accepted {
@@ Line 566: / Line 566: @@
                 type filter hook input priority filter; policy drop;
                 jump base_checks
-                iifname &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;lo&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; accept
+                iifname "lo" accept
                 ip protocol icmp icmp type { echo-reply, destination-unreachable, echo-request, time-exceeded, parameter-problem } accept
                 ip6 nexthdr ipv6-icmp icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, echo-reply, mld-listener-query, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
@@ Line 583: / Line 583: @@
         }
 }
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 === systemd-networkd ===
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/network/ens3.network&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/network/ens3.network>
 [Match]
 Name=ens3
@@ Line 599: / Line 599: @@
 LinkLocalAddressing = no
 IPv6AcceptRA = no
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 === pacman ===
 project-insanity build server repo
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/pacman.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/pacman.conf>
 [...]
@@ Line 608: / Line 608: @@
 SigLevel = PackageOptional
 Server = https://onny.project-insanity.org/archlinux
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 archlinux auto update
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/autoupdate.service&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/system/autoupdate.service>
 [Unit]
  Description=Automatic Update
@@ Line 624: / Line 624: @@
 [Install]
  WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/autoupdate.timer&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/system/autoupdate.timer>
 [Unit]
  Description=Automatic Update when booted up after 5 minutes then check the system for updates every 60 minutes
@@ Line 636: / Line 636: @@
 [Install]
  WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 systemctl enable --now autoupdate.timer
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 === systemd-journald ===
 systemd logging upload
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/journal-upload.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/journal-upload.conf>
 [Upload]
 URL=http://10.25.0.1:19532
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/systemd-journal-upload.service&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/system/systemd-journal-upload.service>
 [Unit]
 Description=Journal Remote Upload Service
@@ Line 676: / Line 676: @@
 [Install]
 WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 useradd systemd-journal-upload
 mkdir /var/lib/systemd/journal-upload
 chown -R systemd-journal-upload:systemd-journal-upload /var/lib/systemd/journal-upload
 systemctl enable --now systemd-journal-upload
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ==== Maintainance ====
 Update configs
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 sudo pacdiff
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ====== mail.pi ======
 on mail.pi
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S maddy
 systemctl enable --now maddy
@@ Line 697: / Line 697: @@
 nft add rule inet filter input position 17 tcp dport smtp accept
 nft add rule inet filter input position 17 tcp dport imaps accept
-nft list ruleset &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; /etc/nftables.conf
+nft list ruleset > /etc/nftables.conf
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;on
+</code>on
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/maddy/maddy.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/maddy/maddy.conf>
 ...
 $(hostname) = turbotux.de
@@ Line 707: / Line 707: @@
 tls /etc/maddy/certs/$(hostname)/fullchain.pem /etc/maddy/certs/$(hostname)/privkey.pem
 ...
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 maddyctl users create postmaster
 maddyctl users create onny@turbotux.de
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 turbotux.de dns record. get dkim key in ''/var/lib/maddy/dkim-keys/turbotux.de-default.dns''
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code>
 turbotux.de.    A     144.76.16.40
 turbotux.de.    AAAA  2a01:4f8:191:327::10
 turbotux.de.    MX    10 turbotux.de
-turbotux.de.    TXT   &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;v=spf1 mx -all&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+turbotux.de.    TXT   "v=spf1 mx -all"
-_dmarc.turbotux.de.    TXT    &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;v=DMARC1; p=none; ruf=postmaster@turbotux.de&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+_dmarc.turbotux.de.    TXT    "v=DMARC1; p=none; ruf=postmaster@turbotux.de"
-default._domainkey.turbotux.de    TXT   &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;v=DKIM1; k=ed25519; p=nAcUUozPlhc4VPhp7hZl+owES7j7OlEv0laaDEDBAqg=&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+default._domainkey.turbotux.de    TXT   "v=DKIM1; k=ed25519; p=nAcUUozPlhc4VPhp7hZl+owES7j7OlEv0laaDEDBAqg="
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 forwarding/nat on host.pi
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 nft add rule inet filter input position 19 tcp dport smtps accept
 nft add rule inet filter input position 19 tcp dport smtp accept
 nft add rule inet filter input position 19 tcp dport imaps accept
-nft add rule ip nat prerouting position 4 iifname &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;enp3s0&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; tcp dport imaps dnat to 10.25.0.102
+nft add rule ip nat prerouting position 4 iifname "enp3s0" tcp dport imaps dnat to 10.25.0.102
-nft add rule ip nat prerouting position 4 iifname &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;enp3s0&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; tcp dport smtp dnat to 10.25.0.102
+nft add rule ip nat prerouting position 4 iifname "enp3s0" tcp dport smtp dnat to 10.25.0.102
-nft add rule ip nat prerouting position 4 iifname &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;enp3s0&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; tcp dport smtps dnat to 10.25.0.102
+nft add rule ip nat prerouting position 4 iifname "enp3s0" tcp dport smtps dnat to 10.25.0.102
-nft list ruleset &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; /etc/nftables.conf
+nft list ruleset > /etc/nftables.conf
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 tls. on mail.pi
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 chmod +x /var/lib/private
 sudo -u maddy ssh-keygen # all default values
 cat /var/lib/maddy/.ssh/id_rsa.pub
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 on http.pi
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 useradd -m maddy
 mkdir /home/maddy/.ssh
@@ Line 745: / Line 745: @@
 urbotux.de/turbotux.de.crt /var/lib/caddy/acme/acme-v02.api.letsencrypt.org/sites/turbotux.de/turbotux
 .de.key # this does not work so well yet :(
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ====== mysql.pi ======
 ===== mariadb =====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S mariadb
 mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql
@@ Line 756: / Line 756: @@
 nft add rule inet filter input position 17 ip saddr 10.25.0.0/24 tcp dport mysql accept
 nft add rule inet filter input position 17 ip6 saddr 2a01:4f8:191:327::0/64 tcp dport mysql accept
-nft list ruleset &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; /etc/nftables.conf
+nft list ruleset > /etc/nftables.conf
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/pacman.d/hooks/40-mariadb.hook&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/pacman.d/hooks/40-mariadb.hook>
 # Restart mariadb service
@@ Line 770: / Line 770: @@
 Description = Restarting mariadb service
 When = PostTransaction
-Exec = /usr/bin/sh -c &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;/usr/bin/mysql_upgrade -u root -p'****' &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; /usr/bin/systemctl restart mariadb&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+Exec = /usr/bin/sh -c "/usr/bin/mysql_upgrade -u root -p'****' && /usr/bin/systemctl restart mariadb"
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 chmod 600 /etc/pacman.d/hooks/40-mariadb.hook
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 temporary workaround to get nextcloud to work, see: https://github.com/nextcloud/server/issues/27085
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/my.cnf.d/server.cnf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/my.cnf.d/server.cnf>
 [...]
 [server]
@@ Line 782: / Line 782: @@
 innodb_read_only_compressed=0
 [...]
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 ===== postgresql =====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S postgresql postgresql-old-upgrade
-sudo su - postgres -c &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;initdb -D /var/lib/postgres/data&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+sudo su - postgres -c "initdb -D /var/lib/postgres/data"
 systemctl enable --now postgresql
 nft add rule inet filter input position 17 ip saddr 10.25.0.0/24 tcp dport postgresql accept
 nft add rule inet filter input position 17 ip6 saddr 2a01:4f8:191:327::0/64 tcp dport postgresql accept
-nft list ruleset &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; /etc/nftables.conf
+nft list ruleset > /etc/nftables.conf
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /var/lib/postgres/data/postgresql.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /var/lib/postgres/data/postgresql.conf>
 [...]
 listen_addresses = '*'
 [...]
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /var/lib/postgres/data/pg_hba.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /var/lib/postgres/data/pg_hba.conf>
 [...]
 host    all             all             10.25.0.0/24            md5
 host    all             all             2a01:4f8:191:327::/64           md5
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/pacman.d/hooks/postgresql.hook&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/pacman.d/hooks/postgresql.hook>
 # Restart postgresql service
@@ Line 815: / Line 815: @@
 When = PostTransaction
 Exec = /usr/bin/systemctl restart postgresql
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 ====== http.pi ======
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S caddy dokuwiki gitlab php-fpm php-apcu phpmyadmin wordpress nginx
 systemctl enable --now caddy php-fpm
-nft add rule inet filter input position 17 tcp dport &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;{http, https}&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; accept
+nft add rule inet filter input position 17 tcp dport "{http, https}" accept
-nft list ruleset &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; /etc/nftables.conf
+nft list ruleset > /etc/nftables.conf
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/pacman.d/hooks/php.hook&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/pacman.d/hooks/php.hook>
 # Restart php service
@@ Line 837: / Line 837: @@
 When = PostTransaction
 Exec = /usr/bin/systemctl restart php-fpm
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 custom caddy installation
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacaur -d caddy
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - ~/.cache/pacaur/caddy/PKGBUILD&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - ~/.cache/pacaur/caddy/PKGBUILD>
 [...]
 #    'http.hugo'
@@ Line 848: / Line 848: @@
 #    'http.jekyll'
 [...]
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 cd ~/.cache/pacaur/caddy
 makepkg -i --skipinteg
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/caddy.service.d/override.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/system/caddy.service.d/override.conf>
 [Service]
 ProtectHome=false
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 ===== caddy =====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S caddy
 gpasswd -a caddy http
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/caddy/Caddyfile&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/caddy/Caddyfile>
 import /etc/caddy/conf.d/*
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/ausstellung-virtuell.de.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/caddy/conf.d/ausstellung-virtuell.de.conf>
 www.ausstellung-virtuell.de ausstellung-virtuell.de {
@@ Line 876: / Line 876: @@
 }
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/blog.project-insanity.org.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/caddy/conf.d/blog.project-insanity.org.conf>
 blog.project-insanity.org {
@@ Line 901: / Line 901: @@
 }
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/git.project-insanity.org.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/caddy/conf.d/git.project-insanity.org.conf>
 git.project-insanity.org {
@@ Line 913: / Line 913: @@
 }
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/jhartung.sinewell.de.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/caddy/conf.d/jhartung.sinewell.de.conf>
 jhartung.sinewell.de {
@@ Line 925: / Line 925: @@
 }
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/nextcloud.project-insanity.org.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/caddy/conf.d/nextcloud.project-insanity.org.conf>
 nextcloud.project-insanity.org {
@@ Line 966: / Line 966: @@
 }
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/onny.project-insanity.org.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/caddy/conf.d/onny.project-insanity.org.conf>
 onny.project-insanity.org {
@@ Line 978: / Line 978: @@
 }
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/wiki.project-insanity.org.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/caddy/conf.d/wiki.project-insanity.org.conf>
 wiki.project-insanity.org {
@@ Line 1011: / Line 1011: @@
       path_regexp export /([^/]+)/(.*)
     }
-    rewrite @allow_export /doku.php?do=export_{http.regexp.export.1}&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;id={http.regexp.export.2}
+    rewrite @allow_export /doku.php?do=export_{http.regexp.export.1}&id={http.regexp.export.2}
-    try_files {path} {path}/ /doku.php?id={path}&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;{query}
+    try_files {path} {path}/ /doku.php?id={path}&{query}
 }
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/http.pi.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/caddy/conf.d/http.pi.conf>
 http://http.pi {
@@ Line 1028: / Line 1028: @@
         php_fastcgi unix//var/run/php-fpm/http.pi_php-fpm.sock
 }
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/saai.digital&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/caddy/conf.d/saai.digital>
 beta.saai.digital {
@@ Line 1040: / Line 1040: @@
 }
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/office.project-insanity.org.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/caddy/conf.d/office.project-insanity.org.conf>
 office.project-insanity.org {
@@ Line 1069: / Line 1069: @@
 }
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 need to convert
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/turbotux.de.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/caddy/conf.d/turbotux.de.conf>
 www.turbotux.de turbotux.de {
     log /var/log/caddy/turbotux.de_access.log
@@ Line 1081: / Line 1081: @@
     }
 }
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 ===== php-fpm =====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 cp /etc/php/php-fpm.d/www.conf /etc/php/php-fpm.d/http.pi.conf
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/php/php-fpm.d/www.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/php/php-fpm.d/www.conf>
 [...]
 pm.max_children = 16
@@ Line 1100: / Line 1100: @@
 env[TEMP] = /tmp
 [...]
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/php/php-fpm.d/http.pi.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/php/php-fpm.d/http.pi.conf>
 [...]
 [http.pi]
@@ Line 1107: / Line 1107: @@
 listen = /run/php-fpm/http.pi_php-fpm.sock
 [...]
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/php-fpm.service.d/overwrite-rw-path.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;[Service]
+<file - /etc/systemd/system/php-fpm.service.d/overwrite-rw-path.conf>[Service]
 ReadWritePaths = /usr/share/webapps/nextcloud/data
 ReadWritePaths = /usr/share/webapps/nextcloud/apps
@@ Line 1116: / Line 1116: @@
 ReadWritePaths = /usr/share/webapps/invoiceplane/uploads/archive
 ReadWritePaths = /usr/share/webapps/invoiceplane/uploads/customer_files
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 ===== wordpress =====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S wordpress wp-cli wordpress-plugin-antispam-bee wordpress-plugin-code-syntax-block wordpress-plugin-jetpack-lite wordpress-plugin-lightbox-photoswipe wordpress-plugin-wp-gdpr-compliance wordpress-plugin-wp-statistics wordpress-plugin-co-authors-plus wordpress-theme-geist wordpress-plugin-wp-user-avatar wordpress-plugin-opengraph wordpress-plugin-simple-login-captcha wordpress-plugin-disable-xml-rpc wordpress-plugin-async-javascript wordpress-plugin-breeze wordpress-plugin-webp-converter-for-media
 chown -R http:http /usr/share/webapps/wordpress/wp-admin /usr/share/webapps/wordpress/wp-includes
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/php/conf.d/wordpress.ini&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/php/conf.d/wordpress.ini>
 extension=mysqli
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file php /home/pi_wordpress/wordpress/wp-config.php&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file php /home/pi_wordpress/wordpress/wp-config.php>
 define('DB_NAME', '****');
 define('DB_USER', '****');
@@ Line 1147: / Line 1147: @@
 $_SERVER['HTTPS']='on';
 define( 'WP_AUTO_UPDATE_CORE', true );
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/pacman.d/hooks/wordpress.hook&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/pacman.d/hooks/wordpress.hook>
 # Update Wordpress when core or plugins get updated
@@ Line 1161: / Line 1161: @@
 Description = Updating Wordpress installation
 When = PostTransaction
-Exec = /usr/bin/sh -c &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;/usr/bin/sudo -u http /usr/bin/bash -c 'wp core update-db --path=/usr/share/webapps/wordpress; wp plugin activate --path=/usr/share/webapps/wordpress antispam-bee code-syntax-block jetpack jetpack-lite lightbox-photoswipe wp-gdpr-compliance wp-statistics co-authors-plus wp-user-avatar opengraph simple-login-captcha disable-xml-rpc async-javascript breeze webp-converter-for-media'&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+Exec = /usr/bin/sh -c "/usr/bin/sudo -u http /usr/bin/bash -c 'wp core update-db --path=/usr/share/webapps/wordpress; wp plugin activate --path=/usr/share/webapps/wordpress antispam-bee code-syntax-block jetpack jetpack-lite lightbox-photoswipe wp-gdpr-compliance wp-statistics co-authors-plus wp-user-avatar opengraph simple-login-captcha disable-xml-rpc async-javascript breeze webp-converter-for-media'"
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 sudo -u http wp plugin activate --path=/usr/share/webapps/wordpress antispam-bee code-syntax-block jetpack jetpack-lite lightbox-photoswipe wp-gdpr-compliance wp-statistics co-authors-plus wp-user-avatar opengraph simple-login-captcha disable-xml-rpc async-javascript breeze webp-converter-for-media
 sudo -u http wp theme activate --path=/usr/share/webapps/wordpress geist
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 Additional CSS for Geist theme
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code css&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code css>
 @media (max-width: 1400px) {
-	.single-post .post-content &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; p:first-child {
+	.single-post .post-content > p:first-child {
 		font-size: 1em;
 	}
-	.single-post .post-content &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; p, ul {
+	.single-post .post-content > p, ul {
 		font-size: 0.8em;
 	}
-	.single-post .post-content &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; h3 {
+	.single-post .post-content > h3 {
 		padding-bottom: 0.8em;
 	}
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 Misc settings
   * WP Statistics
-    * Settings -&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; privacy: &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;Hash IP Addresses&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; (GDPR)
+    * Settings -> privacy: "Hash IP Addresses" (GDPR)
   * Lightbox with PhotoSwipe
-    * Enable &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;Show caption if available&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+    * Enable "Show caption if available"
-    * Enable &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;Get image captions from the database&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+    * Enable "Get image captions from the database"
     * Spacing between pictures: 12%
-  * Settings -&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; Permalinks -&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; Custom structure: ''/%year%/%monthnum%/%day%/%postname%/''
+  * Settings -> Permalinks -> Custom structure: ''/%year%/%monthnum%/%day%/%postname%/''
-  * Settings -&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; General -&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; 8 posts per page
+  * Settings -> General -> 8 posts per page
-  * Settings -&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; Discussion -&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; Show avatar
+  * Settings -> Discussion -> Show avatar
-    * Default Avatar -&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; Mytery Man
+    * Default Avatar -> Mytery Man
-  * Users -&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; Your Profile -&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; Avatar: Choose picture
+  * Users -> Your Profile -> Avatar: Choose picture
-  * Dark mode is not enabled by default. To enable this feature go to Appearance &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; Customize &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; Dark Mode.
+  * Dark mode is not enabled by default. To enable this feature go to Appearance > Customize > Dark Mode.
 Additional CSS for Ghost theme:
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code css&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code css>
 @media (max-width: 1400px) {
-	.single-post .post-content &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; p:first-child {
+	.single-post .post-content > p:first-child {
 		font-size: 1em;
 	}
-	.single-post .post-content &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; p, ul {
+	.single-post .post-content > p, ul {
 		font-size: 0.8em;
 	}
-	.single-post .post-content &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; h3 {
+	.single-post .post-content > h3 {
 		padding-bottom: 0.8em;
 	}
@@ Line 1214: / Line 1214: @@
 	margin-bottom: 0.8em;
 }
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ==== co-authors-plus plugin ====
 template-Anpassung \\
 [[https://www.wpbeginner.com/plugins/allow-multiple-authors-to-be-associated-with-a-post-in-wordpress/|How to Add Multiple Authors (Co-Authors) for Posts in WordPress]]
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file php /home/pi_wordpress/wordpress/functions-content.php&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file php /home/pi_wordpress/wordpress/functions-content.php>
 if ( function_exists( 'coauthors_posts_links' ) ) {
     coauthors_posts_links();
@@ Line 1224: / Line 1224: @@
     the_author_posts_link();
 }
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 ===== invoiceninja =====
 on mysql.pi
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code sql&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code sql>
 CREATE SCHEMA `ninja` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
 CREATE USER 'ninja'@'http.pi' IDENTIFIED BY '****';
 GRANT ALL PRIVILEGES ON `ninja`.* TO 'ninja'@'http.pi';
 FLUSH PRIVILEGES;
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 on http.pi
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S invoiceninja
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/php/conf.d/composer.ini&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/php/conf.d/composer.ini>
 extension=gmp
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 cd /usr/share/webapps/invoiceninja
 sudo chown -R http:http storage public/logo bootstrap
 sudo chown http:http .
 sudo -u http composer install
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/http.pi.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/caddy/conf.d/http.pi.conf>
 http://http.pi/invoiceninja {
         log /var/log/caddy/http.pi_access.log
@@ Line 1267: / Line 1267: @@
 }
 [...]
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 Settings
   * Localization
@@ Line 1278: / Line 1278: @@
     * First Month of the Year: January
 ===== invoiceplane =====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S invoiceplane composer grunt-cli
 cd /usr/share/webapps/invoiceplane
@@ Line 1286: / Line 1286: @@
 sudo -u http grunt build
 cp ipconfig.php.example ipconfig.php
-wget &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;https://git.project-insanity.org/onny/invoiceplane-vtdirektmarketing/-/raw/master/vtdirektmarketing.php&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; -O /usr/share/webapps/invoiceplane/application/views/invoice_templates/pdf/vtdirektmarketing.php
+wget "https://git.project-insanity.org/onny/invoiceplane-vtdirektmarketing/-/raw/master/vtdirektmarketing.php" -O /usr/share/webapps/invoiceplane/application/views/invoice_templates/pdf/vtdirektmarketing.php
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 Visit installation wizard at http://http.pi/invoiceplane/index.php/setup
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /usr/share/webapps/invoiceplane/ipconfig.php&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /usr/share/webapps/invoiceplane/ipconfig.php>
 [...]
 SETUP_COMPLETED=true
@@ Line 1297: / Line 1297: @@
 DB_DATABASE=invoiceplane
 DISABLE_SETUP=true
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/php-fpm.service.d/overwrite-rw-path.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/system/php-fpm.service.d/overwrite-rw-path.conf>
 [Service]
 [...]
@@ Line 1304: / Line 1304: @@
 ReadWritePaths = /usr/share/webapps/invoiceplane/uploads/archive
 ReadWritePaths = /usr/share/webapps/invoiceplane/uploads/customer_files
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 Custom settings
-  * Products -&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; Product units
+  * Products -> Product units
     * Add: ''Stk.'', ''Std.''
-  * System-Einstellungen -&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; Rechnungen
+  * System-Einstellungen -> Rechnungen
     * Standard PDF Vorlage: vtdirektmarketing
 ===== firefox account server =====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacaur -S mozilla-firefox-account-server
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ===== podcasttune =====
 not yet stable
 ===== dokuwiki =====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S dokuwiki dokuwiki-plugin-dw2pdf dokuwiki-template-argon
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file php /etc/webapps/dokuwiki/local.php&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file php /etc/webapps/dokuwiki/local.php>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;?php
+<?php
 $conf['title'] = 'Project-Insanity';
 $conf['userewrite']  = 1;
 $conf['template']    = 'argon';
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /usr/lib/dokuwiki/plugins/dw2pdf/conf/default.php&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /usr/lib/dokuwiki/plugins/dw2pdf/conf/default.php>
 [...]
 $conf['doublesided']      = 0;
 [...]
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /usr/lib/dokuwiki/plugins/dw2pdf/tpl/default/style.css&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /usr/lib/dokuwiki/plugins/dw2pdf/tpl/default/style.css>
 @page {
     margin-left: 100px;
@@ Line 1337: / Line 1337: @@
 [...]
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 usage: ''https://wiki.project-insanity.org/onny?do=export_pdf''
   * Todo
     * DSGVO complience
 ===== gitlab =====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S yarn sendmail gitlab
 ln -s /usr/bin/vendor_perl/exiftool /usr/bin/exiftool # fix for https://gitlab.com/gitlab-org/gitlab-foss/-/issues/60853
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 disable backups
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/webapps/gitlab/gitlab.yml&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/webapps/gitlab/gitlab.yml>
 [...]
   gitlab:
@@ Line 1356: / Line 1356: @@
 [...]
   #backup:
-  #  path: &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;/var/lib/gitlab/backups&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;   # Relative paths are relative to Rails.root (default: tmp/backups/)
+  #  path: "/var/lib/gitlab/backups"   # Relative paths are relative to Rails.root (default: tmp/backups/)
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 configure database connection
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/webapps/gitlab/database.yml&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/webapps/gitlab/database.yml>
 production:
   adapter: postgresql
@@ Line 1366: / Line 1366: @@
   pool: 10
   username: gitlab
-  password: &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;****&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+  password: "****"
   host: mysql.pi
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 on mysql.pi
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
-sudo -u postgres psql -d template1 -c &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;CREATE USER gitlab CREATEDB;&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+sudo -u postgres psql -d template1 -c "CREATE USER gitlab CREATEDB;"
-sudo -u postgres psql -d template1 -c &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;CREATE EXTENSION IF NOT EXISTS pg_trgm;&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+sudo -u postgres psql -d template1 -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
-sudo -u postgres psql -d template1 -c &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;CREATE DATABASE gitlabhq_production OWNER gitlab;&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+sudo -u postgres psql -d template1 -c "CREATE DATABASE gitlabhq_production OWNER gitlab;"
-sudo -u postgres psql -d template1 -c &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;ALTER USER gitlab WITH SUPERUSER;&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+sudo -u postgres psql -d template1 -c "ALTER USER gitlab WITH SUPERUSER;"
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 on http.pi
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
  cd /usr/share/webapps/gitlab
  sudo -u gitlab -H bundle exec rake assets:precompile RAILS_ENV=production
  sudo -u gitlab -H bundle exec rake gitlab:setup RAILS_ENV=production
  systemctl enable --now gitlab-workhorse redis gitlab-puma gitlab-sidekiq gitlab-gitaly
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 Enable smtp, mail delivery
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file ruby /etc/webapps/gitlab/smtp_settings.rb&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file ruby /etc/webapps/gitlab/smtp_settings.rb>
 # To enable smtp email delivery for your GitLab instance do the following:
 # 1. Rename this file to smtp_settings.rb
@@ Line 1399: / Line 1399: @@
   ActionMailer::Base.delivery_method = :smtp
   ActionMailer::Base.smtp_settings = {
-    address: &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;mail.pi&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;,
+    address: "mail.pi",
     port: 25,
-    user_name: &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;git@project-insanity.org&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;,
+    user_name: "git@project-insanity.org",
-    password: &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;****&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;,
+    password: "****",
-    domain: &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;project-insanity.org&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;,
+    domain: "project-insanity.org",
     authentication: :login,
     enable_starttls_auto: false,
@@ Line 1409: / Line 1409: @@
   }
 end
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 further general mail settings
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/webapps/gitlab/gitlab.yml&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/webapps/gitlab/gitlab.yml>
    ## Email settings
     # Uncomment and set to false if you need to disable email sending from GitLab (default: true)
     email_enabled: true
-    # Email address used in the &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;From&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; field in mails sent by GitLab
+    # Email address used in the "From" field in mails sent by GitLab
     email_from: noreply@project-insanity.org
     email_display_name: GitLab
     email_reply_to: noreply@project-insanity.org
     email_subject_suffix: ''
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 Auto migrate on pacman update
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/pacman.d/hooks/gitlab.hook&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/pacman.d/hooks/gitlab.hook>
 # Update Gitlab when core or other Gitlab daemons are touched
@@ Line 1435: / Line 1435: @@
 Description = Updating Gitlab installation
 When = PostTransaction
-Exec = /usr/bin/sh -c &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;/usr/bin/systemctl restart gitlab-workhorse gitlab-puma gitlab-sidekiq gitlab-gitaly &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; cd /usr/share/webapps/gitlab &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; /usr/bin/sudo -u gitlab $(cat /usr/share/webapps/gitlab/environment | xargs) /usr/bin/bash -c 'cd /usr/share/webapps/gitlab; bundle-2.7 exec rake db:migrate'&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+Exec = /usr/bin/sh -c "/usr/bin/systemctl restart gitlab-workhorse gitlab-puma gitlab-sidekiq gitlab-gitaly && cd /usr/share/webapps/gitlab && /usr/bin/sudo -u gitlab $(cat /usr/share/webapps/gitlab/environment | xargs) /usr/bin/bash -c 'cd /usr/share/webapps/gitlab; bundle-2.7 exec rake db:migrate'"
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/webapps/gitlab/secrets.yml&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/webapps/gitlab/secrets.yml>
 ****
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
-hexdump -v -n 64 -e '1/1 &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;%02x&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;' /dev/urandom &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; /etc/webapps/gitlab/secret
+hexdump -v -n 64 -e '1/1 "%02x"' /dev/urandom > /etc/webapps/gitlab/secret
-hexdump -v -n 64 -e '1/1 &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;%02x&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;' /dev/urandom &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; /etc/webapps/gitlab-shell/secret
+hexdump -v -n 64 -e '1/1 "%02x"' /dev/urandom > /etc/webapps/gitlab-shell/secret
 chown root:gitlab /etc/webapps/gitlab/secret /etc/webapps/gitlab-shell/secret
 chmod 640 /etc/webapps/gitlab/secret /etc/webapps/gitlab-shell/secret
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 misc settings:
   * enable recaptcha for registration https://docs.gitlab.com/ee/integration/recaptcha.html
-  * disable ssh git protocol: Admin -&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; Settings -&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; Expand &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;Visibility and access controls&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; -&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; For &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;Enabled Git access protocols&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; select &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;Only HTTP(S)&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+  * disable ssh git protocol: Admin -> Settings -> Expand "Visibility and access controls" -> For "Enabled Git access protocols" select "Only HTTP(S)"
 ===== onlyoffice documentserver =====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S npm nodejs rabbitmq redis onlyoffice-documentserver
 ln -s /usr/share/libalpm/hooks/onlyoffice-documentserver.hook /etc/pacman.d/hooks/
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 on mysql.pi
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
-sudo -i -u postgres psql -c &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;CREATE DATABASE onlyoffice;&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+sudo -i -u postgres psql -c "CREATE DATABASE onlyoffice;"
-sudo -i -u postgres psql -c &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;CREATE USER onlyoffice WITH password 'onlyoffice';&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+sudo -i -u postgres psql -c "CREATE USER onlyoffice WITH password 'onlyoffice';"
-sudo -i -u postgres psql -c &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+sudo -i -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;"
 psql -hmysql.pi -Uonlyoffice -d onlyoffice -f /usr/share/webapps/onlyoffice/documentserver/server/schema/postgresql/createdb.sql
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/office.project-insanity.org.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/caddy/conf.d/office.project-insanity.org.conf>
 office.project-insanity.org {
     log /var/log/caddy/office.project-insanity.org_access.log
@@ Line 1487: / Line 1487: @@
     }
 }
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/webapps/onlyoffice/documentserver/default.json&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/webapps/onlyoffice/documentserver/default.json>
 [...]
-                        &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;sql&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;: {
+                        "sql": {
-                                &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;type&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;: &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;postgres&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;,
+                                "type": "postgres",
-                                &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;tableChanges&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;: &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;doc_changes&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;,
+                                "tableChanges": "doc_changes",
-                                &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;tableResult&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;: &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;task_result&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;,
+                                "tableResult": "task_result",
-                                &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;dbHost&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;: &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;mysql.pi&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;,
+                                "dbHost": "mysql.pi",
-                                &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;dbPort&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;: 5432,
+                                "dbPort": 5432,
-                                &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;dbName&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;: &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;onlyoffice&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;,
+                                "dbName": "onlyoffice",
-                                &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;dbUser&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;: &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;onlyoffice&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;,
+                                "dbUser": "onlyoffice",
-                                &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;dbPass&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;: &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;onlyoffice&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;,
+                                "dbPass": "onlyoffice",
-                                &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;charset&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;: &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;utf8&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;,
+                                "charset": "utf8",
-                                &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;connectionlimit&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;: 10,
+                                "connectionlimit": 10,
-                                &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;max_allowed_packet&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;: 1048575
+                                "max_allowed_packet": 1048575
                         },
 [...]
-       &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;SpellChecker&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;: {
+       "SpellChecker": {
-                &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;server&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;: {
+                "server": {
-                        &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;port&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;: 8081,
+                        "port": 8081,
-                        &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;mode&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;: &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;development&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+                        "mode": "development"
                 }
         }
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/hosts&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/hosts>
 .25.0.100 nextcloud.project-insanity.org
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 systemctl enable --now rabbitmq redis onlyoffice-docservice onlyoffice-fileconverter onlyoffice-spellchecker
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ==== officepad ====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/officepad.service&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/system/officepad.service>
 [Unit]
 Description=Documentserver integration example
@@ Line 1529: / Line 1529: @@
 [Install]
 WantedBy=basic.target
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 sudo git clone git clone https://git.project-insanity.org/onny/officepad.git /usr/share/webapps/officepad
 sudo chown -R http:http /usr/share/webapps/officepad
 systemd daemon-reload
 systemctl enable --now officepad
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /usr/share/webapps/officepad/config/default.json&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /usr/share/webapps/officepad/config/default.json>
 [...]
-siteUrl&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;: &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;https://bwsas-prod-oo-02.lsdf.kit.edu/&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+siteUrl": "https://bwsas-prod-oo-02.lsdf.kit.edu/"
 [...]
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
  ===== nextcloud =====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S php-imagick php-intl nextcloud nextcloud-app-twofactor-gateway nextcloud-app-audioplayer nextcloud-app-polls nextcloud-app-extract nextcloud-app-suspicious-login nextcloud nextcloud-app-mail nextcloud-app-news nextcloud-app-calendar nextcloud-app-contacts nextcloud-app-keeweb nextcloud-app-deck nextcloud-app-onlyoffice nextcloud-app-bookmarks nextcloud-app-notes nextcloud-app-talk nextcloud-integration-github nextcloud-integration-twitter nextcloud-integration-reddit nextcloud-integration-discourse nextcloud-app-radio nextcloud-app-podcast
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/php/php-fpm.d/www.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/php/php-fpm.d/www.conf>
 env[PATH] = /usr/local/bin:/usr/bin:/bin
 env[TMP] = /tmp
 env[TMPDIR] = /tmp
 env[TEMP] = /tmp
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 php performance optimizations
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/php/conf.d/nextcloud.ini&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/php/conf.d/nextcloud.ini>
 memory_limit = 512M
@@ Line 1574: / Line 1574: @@
 apc.enable_cli=1
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /usr/share/webapps/nextcloud/conf/config.php&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /usr/share/webapps/nextcloud/conf/config.php>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;?php
+<?php
 $CONFIG = array (
-  'instanceid' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; '****',
+  'instanceid' => '****',
-  'passwordsalt' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; '****',
+  'passwordsalt' => '****',
-  'datadirectory' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; '/usr/share/webapps/nextcloud/data',
+  'datadirectory' => '/usr/share/webapps/nextcloud/data',
-  'dbtype' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; 'mysql',
+  'dbtype' => 'mysql',
-  'version' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; '19.0.0.12',
+  'version' => '19.0.0.12',
-  'dbname' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; 'nextcloud',
+  'dbname' => 'nextcloud',
-  'dbhost' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; 'mysql.pi',
+  'dbhost' => 'mysql.pi',
-  'dbtableprefix' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; 'oc_',
+  'dbtableprefix' => 'oc_',
-  'mysql.utf8mb4' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; true,
+  'mysql.utf8mb4' => true,
-  'dbuser' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; 'nextcloud',
+  'dbuser' => 'nextcloud',
-  'dbpassword' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; '****',
+  'dbpassword' => '****',
-  'installed' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; true,
+  'installed' => true,
-  'theme' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; '',
+  'theme' => '',
-  'maintenance' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; false,
+  'maintenance' => false,
-  'loglevel' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; 0,
+  'loglevel' => 0,
-  'cron_log' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; true,
+  'cron_log' => true,
-  'maxZipInputSize' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; 5145728000,
+  'maxZipInputSize' => 5145728000,
-  'allowZipDownload' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; true,
+  'allowZipDownload' => true,
-  'memcache.local' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; '\\OC\\Memcache\\APCu',
+  'memcache.local' => '\\OC\\Memcache\\APCu',
-  'allow_local_remote_servers' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; true,
+  'allow_local_remote_servers' => true,
-  'trusted_domains' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+  'trusted_domains' =>
   array (
-=&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; 'nextcloud.project-insanity.org',
+=> 'nextcloud.project-insanity.org',
-=&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; 'http.pi',
+=> 'http.pi',
-=&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; 'office.project-insanity.org',
+=> 'office.project-insanity.org',
   ),
-  'secret' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; '****',
+  'secret' => '****',
-  'mail_domain' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; 'project-insanity.org',
+  'mail_domain' => 'project-insanity.org',
-  'mail_smtpmode' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; 'php',
+  'mail_smtpmode' => 'php',
-  'mail_from_address' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; 'nextcloud',
+  'mail_from_address' => 'nextcloud',
-  'trashbin_retention_obligation' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; 'auto',
+  'trashbin_retention_obligation' => 'auto',
-  'updatechecker' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; false,
+  'updatechecker' => false,
-  'has_internet_connection' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; false,
+  'has_internet_connection' => false,
-  'app.mail.verify-tls-peer' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; false,
+  'app.mail.verify-tls-peer' => false,
-  'app_install_overwrite' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+  'app_install_overwrite' =>
   array (
-=&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; 'apporder',
+=> 'apporder',
-=&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; 'keeweb',
+=> 'keeweb',
-=&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; 'tasks',
+=> 'tasks',
-=&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; 'weather',
+=> 'weather',
-=&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; 'audioplayer',
+=> 'audioplayer',
-=&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; 'files_ebookreader',
+=> 'files_ebookreader',
-=&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; 'extract',
+=> 'extract',
-=&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; 'polls',
+=> 'polls',
-=&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; 'onlyoffice',
+=> 'onlyoffice',
-=&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; 'drawio',
+=> 'drawio',
   ),
 );
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-Due to [[https://bugs.archlinux.org/task/64689?project=5&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;string=nextcloud|packaging bug]] and hardened php-fpm.service file, an unit file overwrite is required:
+Due to [[https://bugs.archlinux.org/task/64689?project=5&string=nextcloud|packaging bug]] and hardened php-fpm.service file, an unit file overwrite is required:
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/php-fpm.service.d/overwrite-rw-path.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/system/php-fpm.service.d/overwrite-rw-path.conf>
 [Service]
 [...]
@@ Line 1635: / Line 1635: @@
 ReadWritePaths = /etc/webapps/nextcloud/config/
 ReadWritePaths = /usr/share/webapps/wordpress/wp-content
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 Auto upgrade on pacman update
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 ln -sv /usr/share/doc/nextcloud/nextcloud.hook /etc/pacman.d/hooks/
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/pacman.d/hooks/nextcloud-enable-apps.hook&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/pacman.d/hooks/nextcloud-enable-apps.hook>
 # Update Nextcloud when core or -apps are touched
@@ Line 1653: / Line 1653: @@
 Description = Updating Nextcloud installation
 When = PostTransaction
-Exec = /usr/bin/sh -c &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;/usr/bin/chown -R nextcloud:nextcloud /usr/share/webapps/nextcloud/apps &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; /usr/bin/sudo -u nextcloud /usr/bin/php /usr/share/webapps/nextcloud/occ app:enable twofactor_gateway audioplayer polls extract suspicious_login mail news calendar contacts keeweb deck onlyoffice bookmarks notes talk integration_github integration_twitter integration_reddit integration_discourse radio podcast&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+Exec = /usr/bin/sh -c "/usr/bin/chown -R nextcloud:nextcloud /usr/share/webapps/nextcloud/apps && /usr/bin/sudo -u nextcloud /usr/bin/php /usr/share/webapps/nextcloud/occ app:enable twofactor_gateway audioplayer polls extract suspicious_login mail news calendar contacts keeweb deck onlyoffice bookmarks notes talk integration_github integration_twitter integration_reddit integration_discourse radio podcast"
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 Nextcloud background job (cron)
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file -/etc/systemd/system/nextcloudcron.service&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file -/etc/systemd/system/nextcloudcron.service>
 [Unit]
 Description=Nextcloud cron.php job
@@ Line 1666: / Line 1666: @@
 [Install]
 WantedBy=basic.target
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/nextcloudcron.timer&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/system/nextcloudcron.timer>
 [Unit]
 Description=Run Nextcloud cron.php every 15 minutes
@@ Line 1678: / Line 1678: @@
 [Install]
 WantedBy=timers.target
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 systemctl enable --now nextcloudcron.timer
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 Add additional mimetype for keeweb app
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 cd /usr/share/webapps/nextcloud
 cp resources/config/mimetypemapping.dist.json config/mimetypemapping.json
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 add kdbx line to json config
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /usr/share/webapps/nextcloud/config/mimetypemapping.json&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /usr/share/webapps/nextcloud/config/mimetypemapping.json>
 [...]
-        &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;_comment4&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;: &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;Any changes you make here will be overwritten on an update of Nextcloud&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;,
+        "_comment4": "Any changes you make here will be overwritten on an update of Nextcloud",
-        &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;_comment5&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;: &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;Put any custom mappings in a new file mimetypemapping.json in the config/ folder of Nextcloud&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;,
+        "_comment5": "Put any custom mappings in a new file mimetypemapping.json in the config/ folder of Nextcloud",
-        &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;kdbx&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;: [&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;x-application/kdbx&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;],
+        "kdbx": ["x-application/kdbx"],
-        &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;3gp&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;: [&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;video/3gpp&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;],
+        "3gp": ["video/3gpp"],
-        &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;7z&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;: [&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;application/x-7z-compressed&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;],
+        "7z": ["application/x-7z-compressed"],
 [...]
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 occ app:enable twofactor_gateway audioplayer polls extract suspicious_login mail news calendar contacts keeweb deck onlyoffice bookmarks notes talk integration_github integration_twitter integration_reddit integration_discourse radio podcast
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ==== mail ====
 disable ssl verification of imap/smpt host
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /usr/share/webapps/nextcloud/config/config.php&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /usr/share/webapps/nextcloud/config/config.php>
 [...]
-  'app.mail.verify-tls-peer' =&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; false,
+  'app.mail.verify-tls-peer' => false,
 [...]
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 ==== twofactor_gateway ====
 disposible phone number registration http://www.getsmscode.com
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/webapps/signal-web-gateway/config.yml&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/webapps/signal-web-gateway/config.yml>
 [...]
-tel: &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;+1774****&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+tel: "+1774****"
 [...]
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 cd /usr/share/webapps/nextcloud
 sudo -u http ./occ twofactorauth:gateway:configure signal # leave default options (press return)
@@ Line 1721: / Line 1721: @@
 sudo -u signal signal-web-gateway # enter verification
 systemctl enable --now signal-web-gateway
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-  * Activate 2FA in ''Settings -&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; Security (User)''
+  * Activate 2FA in ''Settings -> Security (User)''
     * Enter your phone number and press verify
 ==== onlyoffice ====
-  * Paste in ''Settings -&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; ONLYOFFICE'' the ''Document Editing Service address'' to ''https://office.project-insanity.org''
+  * Paste in ''Settings -> ONLYOFFICE'' the ''Document Editing Service address'' to ''https://office.project-insanity.org''
 ==== mantainance ====
 Run file integrity checks
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 sudo -u http /usr/share/webapps/nextcloud/occ integrity:check-app
 sudo -u http /usr/share/webapps/nextcloud/occ integrity:check-core
 sudo -u http /usr/share/webapps/nextcloud/occ files:scan --all
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ===== phpmyadmin =====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/webapps/phpmyadmin/config.inc.php&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/webapps/phpmyadmin/config.inc.php>
 [...]
 /* Server parameters */
@@ Line 1741: / Line 1741: @@
 $cfg['Servers'][$i]['compress'] = false;
 [...]
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 ===== cockpit =====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S cockpit
 systemctl enable --now cockpit pmcd
@@ Line 1752: / Line 1752: @@
 nft add rule inet filter input position 17 ip saddr 10.25.40.0/24 tcp dport 9090 accept
 nft add rule inet filter input position 17 ip6 saddr 2a01:4f8:191:327::0/64 tcp dport 9090 accept
-nft list ruleset &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; /etc/nftables.conf
+nft list ruleset > /etc/nftables.conf
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/sudoers&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/sudoers>
 [...]
 cockpit ALL=(ALL) ALL
 [...]
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/pam.d/cockpit&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/pam.d/cockpit>
 #%PAM-1.0
@@ Line 1776: / Line 1776: @@
 session   required  pam_unix.so
 session   optional  pam_permit.so
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 ===== outline =====
 on http.pi
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S outline
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/webapps/outline/.env&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/webapps/outline/.env>
 [...]
 SECRET_KEY=****
@@ Line 1790: / Line 1790: @@
 URL=http://playground.pi:3000
 FORCE_HTTPS=false
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 on mysql.pi
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
-sudo -i -u postgres psql -c &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;CREATE DATABASE outline;&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+sudo -i -u postgres psql -c "CREATE DATABASE outline;"
-sudo -i -u postgres psql -c &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;CREATE USER outline WITH password 'outline';&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+sudo -i -u postgres psql -c "CREATE USER outline WITH password 'outline';"
-sudo -i -u postgres psql -c &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;GRANT ALL privileges ON DATABASE outline TO outline;&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+sudo -i -u postgres psql -c "GRANT ALL privileges ON DATABASE outline TO outline;"
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 on http.pi
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 cd /usr/share/webapps/outline
 npm run sequelize:migrate
 systemctl enable --now outline
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ====== storage.pi ======
 ===== kol ha campus archive radio stream =====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S vlc pulseaudio
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/106fm_archive_stream.service&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/system/106fm_archive_stream.service>
 [Unit]
 Description=160fm.co.il archive radio stream server
@@ Line 1817: / Line 1817: @@
 User=onny
 Type=simple
-ExecStart=/usr/bin/cvlc -A pulse,none /home/onny/bash-kolhaas-archive/archived --loop --random --sout-keep --sout '#transcode{acodec=opus}:duplicate{dst=display{delay=6000},dst=gather:std{mux=ffmpeg{mux=opus},dst=:8080,access=http},select=&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;novideo&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;}'
+ExecStart=/usr/bin/cvlc -A pulse,none /home/onny/bash-kolhaas-archive/archived --loop --random --sout-keep --sout '#transcode{acodec=opus}:duplicate{dst=display{delay=6000},dst=gather:std{mux=ffmpeg{mux=opus},dst=:8080,access=http},select="novideo"}'
 Restart=on-abort
 [Install]
 WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /usr/lib/systemd/system/pulseaudio.service&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /usr/lib/systemd/system/pulseaudio.service>
 [Unit]
 Description=PulseAudio system server
@@ Line 1833: / Line 1833: @@
 [Install]
 WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /usr/share/dbus-1/system.d/pulseaudio.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /usr/share/dbus-1/system.d/pulseaudio.conf>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;?xml version=&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;1.0&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;?&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; &amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;!--*-nxml-*--&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<?xml version="1.0"?> <!--*-nxml-*-->
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;!DOCTYPE busconfig PUBLIC &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
- &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;busconfig&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<busconfig>
-    &amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;policy group=&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;pulse&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+    <policy group="pulse">
-        &amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;allow own=&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;org.pulseaudio.Server&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;/&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+        <allow own="org.pulseaudio.Server"/>
-    &amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/policy&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+    </policy>
-    &amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;policy context=&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;default&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+    <policy context="default">
-        &amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;allow send_destination=&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;org.pulseaudio.Server&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;/&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+        <allow send_destination="org.pulseaudio.Server"/>
-        &amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;allow receive_sender=&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;org.pulseaudio.Server&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;/&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+        <allow receive_sender="org.pulseaudio.Server"/>
-    &amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/policy&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+    </policy>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/busconfig&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</busconfig>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
-echo &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;default-server = /var/run/pulse/native&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; /etc/pulse/client.conf
+echo "default-server = /var/run/pulse/native" >> /etc/pulse/client.conf
-echo &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;autospawn = no&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; /etc/pulse/client.conf
+echo "autospawn = no" >> /etc/pulse/client.conf
 systemctl daemon-reload
 groupadd --system pulse
@@ Line 1860: / Line 1860: @@
 nft add rule inet filter input position 17 ip saddr 10.25.0.0/24 tcp dport 8080 accept
 nft add rule inet filter input position 17 ip6 saddr 2a01:4f8:191:327::0/64 tcp dport 8080 accept
-nft list ruleset &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; /etc/nftables.conf
+nft list ruleset > /etc/nftables.conf
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 also added a caddy rule on http.pi for the url: https://blog.project-insanity.org/106fm
 ===== bitcoind =====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S bitcoin-daemon
 systemctl start bitcoind
 systemctl enable bitcoind
 ufw allow from 10.25.0.0/24 to any port 8333
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 https://bitcoin.stackexchange.com/a/75312
 ====== playground.pi ======
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S devtools
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ===== beta.saai.digital =====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S iptables-nft
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/nftables.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/nftables.conf>
 [...]
 chain forward {
@@ Line 1890: / Line 1890: @@
   }
 }
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 systemctl enable --now docker
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ===== QuakeJS =====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S quakejs-git
 cd /usr/share/webapps/quakejs
 chown -R quakejs:quakejs .
 sudo -u quakejs node build/ioq3ded.js +set fs_game baseq3 +set dedicated 2
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/conf.d/quakejs&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/conf.d/quakejs>
-QUAKEJS_DS_PARAMS=&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;+set fs_cdn cdn.quake.turbotux.de +set fs_game baseq3 +set dedicated 1 +exec server.cfg&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+QUAKEJS_DS_PARAMS="+set fs_cdn cdn.quake.turbotux.de +set fs_game baseq3 +set dedicated 1 +exec server.cfg"
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /usr/share/webapps/quakejs/base/baseq3/server.cfg&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /usr/share/webapps/quakejs/base/baseq3/server.cfg>
-seta sv_hostname &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;Project-Insanity.org QuakeJS&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+seta sv_hostname "Project-Insanity.org QuakeJS"
 seta sv_maxclients 12
-seta g_motd &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;Welcome to PI Quake 3 battleground&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+seta g_motd "Welcome to PI Quake 3 battleground"
 seta g_quadfactor 3
 seta g_gametype 0
@@ Line 1915: / Line 1915: @@
 seta g_inactivity 3000
 seta g_forcerespawn 0
-seta rconpassword &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;CHANGE_ME&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+seta rconpassword "CHANGE_ME"
-set d1 &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;map q3dm17 ; set nextmap vstr d2&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+set d1 "map q3dm17 ; set nextmap vstr d2"
-set d2 &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;map q3tourney3 ; set nextmap vstr d3&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+set d2 "map q3tourney3 ; set nextmap vstr d3"
-set d3 &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;map q3tourney1 ; set nextmap vstr d1&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+set d3 "map q3tourney1 ; set nextmap vstr d1"
 vstr d1
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/webapps/quakejs/web.json&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/webapps/quakejs/web.json>
 {
-        &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;content&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;: &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;cdn.quake.turbotux.de&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;,
+        "content": "cdn.quake.turbotux.de",
-        &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;port&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;: 8081
+        "port": 8081
 }
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 systemctl enable --now quakejs-ds quakejs quakejs-cdn
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ===== PI ArchLinux Repository =====
 build and install auruitls from source
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 cd /tmp
-curl &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;https://aur.archlinux.org/cgit/aur.git/snapshot/aurutils.tar.gz&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot; | tar xz
+curl "https://aur.archlinux.org/cgit/aur.git/snapshot/aurutils.tar.gz" | tar xz
 cd aurutils
 gpg --recv-keys DBE7D3DD8C81D58D0A13D0E76BC26A17B9B7018A
 makepkg -i
 pacman --root=/var/lib/aurbuild/x86_64/root -S git
-pacman --root=/var/lib/aurbuild/x86_64/root -S python2-setuptools # workaround for zeronet -&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; python-pyelliptic
+pacman --root=/var/lib/aurbuild/x86_64/root -S python2-setuptools # workaround for zeronet -> python-pyelliptic
 pacman --root=/var/lib/aurbuild/x86_64/root -S wayland # workaround for dmenu-wayland-git
 sudo /usr/share/devtools/pacman-extra.conf /etc/aurutils/pacman-projectinsanity.conf
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 configure custom repository
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/pacman.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/pacman.conf>
 [...]
 Include = /etc/pacman.d/projectinsanity
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/pacman.d/projectinsanity&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/pacman.d/projectinsanity>
 [options]
 CacheDir = /var/cache/pacman/pkgwf
@@ Line 1957: / Line 1957: @@
 SigLevel = Optional TrustAll
 Server = file:///var/cache/pacman/projectinsanity
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/suders&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/suders>
 [...]
 aur ALL = NOPASSWD: SETENV: /usr/bin/makechrootpkg
 aur ALL = NOPASSWD: /usr/bin/arch-nspawn
 [...]
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 sudo useradd -m aur
 sudo install -d /var/cache/pacman/projectinsanity -o aur
@@ Line 1971: / Line 1971: @@
 sudo -u aur gpg --recv-keys 6BC26A17B9B7018A
 sudo -u aur gpg --recv-keys 1D1F0DC78F173680
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/aurupdate.service&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/system/aurupdate.service>
 [Unit]
  Description=Automatic update AUR repository.
@@ Line 1987: / Line 1987: @@
 [Install]
  WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /usr/bin/pi-archlinuxrepo-update.sh&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /usr/bin/pi-archlinuxrepo-update.sh>
 #!/bin/bash
 for package in $(pacman -Sql projectinsanity)
@@ Line 1994: / Line 1994: @@
   aur sync --no-view -c $package
 done
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/aurupdate.timer&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/system/aurupdate.timer>
 [Unit]
  Description=Automatic update AUR repository when booted up after 5 minutes then check for updates every 60 minutes.
@@ Line 2006: / Line 2006: @@
 [Install]
  WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 systemctl enable --now aurupdate.timer
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 sudo -u aur gpg --recv-keys 2A349DD577D586A5
 sudo -u aur aur sync -d projectinsanity -c librewolf pkgbuild-introspection tor-browser-en r128gain split2flac id3ted redshift-wlr-gamma-control-git krop wcalc anbox-git ocenaudio-bin smloadr soulseekqt aurutils downgrade maddy wp-cli wordpress-plugin-antispam-bee wordpress-plugin-code-syntax-block wordpress-plugin-jetpack-lite wordpress-plugin-lightbox-photoswipe wordpress-plugin-wp-gdpr-compliance wordpress-plugin-wp-statistics jellyfin onlyoffice-documentserver nextcloud-app-twofactor-gateway nextcloud-app-audioplayer nextcloud-app-polls nextcloud-app-extract nextcloud-app-suspicious-login nextcloud-app-keeweb nextcloud-app-radio nextcloud-app-onlyoffice fdroidserver android-sdk android-sdk-build-tools gplaycli vlc-bittorrent qlcplus signal-web-gateway-git invoiceninja invoiceplane python-gspread-git etcher zeronet teamviewer scrcpy ttyd wdisplays-git dmenu-wayland-git python-soundcard python-soundfile pacaur archivemount micro python-rpi.gpio python-pad4pi python-pulse-control python-rplcd python-vlc python-mpv pmbootstrap wordpress-theme-geist linux-libre opensnitch-git powerpill osmctools tilemaker nextcloud-app-talk xerox-phaser-6000-6010 dokuwiki-plugin-captcha dokuwiki-plugin-dw2pdf dokuwiki-template-argon nextcloud-integration-github nextcloud-integration-twitter nextcloud-integration-reddit nextcloud-integration-discourse wordpress-plugin-opengraph nextcloud-app-podcast wordpress-plugin-simple-login-captcha wordpress-plugin-disable-xml-rpc wordpress-plugin-async-javascript wordpress-plugin-breeze wordpress-plugin-webp-converter-for-media
@@ Line 2018: / Line 2018: @@
 nft add rule inet filter input position 17 ip saddr 10.25.0.0/24 tcp dport http accept
 nft add rule inet filter input position 17 ip6 saddr 2a01:4f8:191:327::0/64 tcp dport http accept
-nft list ruleset &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; /etc/nftables.conf
+nft list ruleset > /etc/nftables.conf
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 caddy configuration
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/caddy/Caddyfile
+<file - /etc/caddy/Caddyfile
 import conf.d/*.conf
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/onny.project-insanity.org.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/caddy/conf.d/onny.project-insanity.org.conf>
 http://onny.project-insanity.org {
@@ Line 2043: / Line 2043: @@
 }
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 systemctl restart caddy
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 caddy configuration on http-pub.pi:
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/onny.project-insanity.org.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/caddy/conf.d/onny.project-insanity.org.conf>
 [...]
     proxy /archlinux playground.pi {
@@ Line 2054: / Line 2054: @@
     }
 [...]
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 systemctl restart caddy
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ====== http-pub.pi ======
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S caddy php-fpm
 systemctl enable --now caddy php-fpm
 nft add rule inet filter input position 17 ip saddr 10.25.0.0/24 tcp dport http accept
 nft add rule inet filter input position 17 ip6 saddr 2a01:4f8:191:327::0/64 tcp dport http accept
-nft list ruleset &amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; /etc/nftables.conf
+nft list ruleset > /etc/nftables.conf
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/pacman.d/hooks/php.hook&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/pacman.d/hooks/php.hook>
 # Restart php service
@@ Line 2080: / Line 2080: @@
 When = PostTransaction
 Exec = /usr/bin/systemctl restart php-fpm
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 custom caddy installation
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacaur -d caddy
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - ~/.cache/pacaur/caddy/PKGBUILD&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - ~/.cache/pacaur/caddy/PKGBUILD>
 [...]
 #    'http.expires'
@@ Line 2091: / Line 2091: @@
 #    'http.filter'
 [...]
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 cd ~/.cache/pacaur/caddy
 makepkg -i --skipinteg
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ===== caddy =====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S caddy
 gpasswd -a caddy http
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/caddy/Caddyfile&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/caddy/Caddyfile>
 import /etc/caddy/conf.d/*
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/ausstellung-virtuell.de.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/caddy/conf.d/ausstellung-virtuell.de.conf>
 http://ausstellung-virtuell.de {
     redir https://www.ausstellung-virtuell.de{uri}
@@ Line 2125: / Line 2125: @@
         rewrite @mainpage /index.php?page={http.regexp.path.1}
 }
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/onny.project-insanity.org.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/caddy/conf.d/onny.project-insanity.org.conf>
 http://onny.project-insanity.org {
@@ Line 2141: / Line 2141: @@
 }
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/caddy.service.d/overwride.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/system/caddy.service.d/overwride.conf>
 [Service]
 ProtectHome=false
 LimitNOFILE=infinity
 LimitNPROC=infinity
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 systemctl daemon-reload
 systemctl restart caddy
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 Overwrite php-fpm.service configuration, allow access to home directories:
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - php-fpm.service.d/overwrite.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - php-fpm.service.d/overwrite.conf>
 [Service]
 ProtectHome=false
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 ===== wordpress =====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/php/conf.d/wordpress.ini&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/php/conf.d/wordpress.ini>
 extension=mysqli
 upload_max_filesize = 64M
 post_max_size = 64M
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 ===== uwsgi =====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S uwsgi-plugin-python python-bottle
 mkdir /etc/uwsgi/systemd
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/uwsgi-private@.service&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/system/uwsgi-private@.service>
 [Unit]
 Description=uWSGI service unit
@@ Line 2193: / Line 2193: @@
 [Install]
 WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/uwsgi-private@.socket&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/system/uwsgi-private@.socket>
 [Unit]
 Description=Socket for uWSGI %I
@@ Line 2204: / Line 2204: @@
 [Install]
 WantedBy=sockets.target
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 ==== getmetadata ====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S python-requests
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/uwsgi/getmetadata.ini&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/uwsgi/getmetadata.ini>
 [uwsgi]
 http-socket = /run/uwsgi/%n.sock
@@ Line 2218: / Line 2218: @@
 plugins = python
 file = streammetadata-api.py
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/uwsgi/systemd/getmetadata.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/uwsgi/systemd/getmetadata.conf>
-rw_directory=&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;/usr/share/webapps/getmetadata&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+rw_directory="/usr/share/webapps/getmetadata"
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 systemctl enable uwsgi-private@getmetadata
 systemctl start uwsgi-private@getmetadata
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ==== biolaedle-etiketten-generator ====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S python-pandas python-reportlab python-xlrd python-bottle
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/uwsgi/biolaedle-etiketten-generator.ini&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/uwsgi/biolaedle-etiketten-generator.ini>
 [uwsgi]
 http-socket = /run/uwsgi/%n.sock
@@ Line 2239: / Line 2239: @@
 plugins = python
 file = label.py
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 systemctl enable --now uwsgi@biolaedle\\x2detiketten\\x2dgenerator
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ==== feeds ====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S python-feedparser python-beautifulsoup4 python-pyrss2gen python-dateutil python-lxml
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/uwsgi/feeds.ini&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/uwsgi/feeds.ini>
 [uwsgi]
 http-socket = /run/uwsgi/%n.sock
@@ Line 2257: / Line 2257: @@
 plugins = python
 file = app.py
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/uwsgi/systemd/feeds.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/uwsgi/systemd/feeds.conf>
-rw_directory=&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;/usr/share/webapps/feeds&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+rw_directory="/usr/share/webapps/feeds"
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 systemctl enable uwsgi-private@feeds
 systemctl start uwsgi-private@feeds
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ==== pishare ====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S nodejs
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/uwsgi/pishare.ini&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/uwsgi/pishare.ini>
 [uwsgi]
 httpsocket = /run/uwsgi/%n.sock
@@ Line 2280: / Line 2280: @@
 file = pishare.py
 lazy-apps = true
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 systenmctl enable --now uwsgi@pishare
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ===== arch-upstream =====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S python-progressbar python-jinja
 ln -s /usr/share/webapps/arch-upstream /var/www/onny.sexypump.de/
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/arch-upstream.service&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/system/arch-upstream.service>
 [Unit]
 Description=Arch-Upstream
@@ Line 2307: / Line 2307: @@
 WorkingDirectory=/usr/share/webapps/arch-upstream
 ExecStart=/usr/share/webapps/arch-upstream/main.py
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/arch-upstream.timer&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/system/arch-upstream.timer>
 [Unit]
 Description=Run arch-upstream every 12 hours
@@ Line 2321: / Line 2321: @@
 [Install]
 WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 systemctl enable arch-upstream.timer
 systemctl start arch-upstream.timer
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 ===== fdroid repo gplay mirror =====
 http-pub.pi
 enable multilib
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/pacman.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/pacman.conf>
 [...]
 #[multilib-testing]
@@ Line 2341: / Line 2341: @@
 # tips on creating your own repositories.
 [...]
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 pacman -S fdroidserver android-sdk android-sdk-build-tools gplaycli
 cd www
@@ Line 2348: / Line 2348: @@
 cd fdroid
 env ANDROID_HOME=/opt/android-sdk fdroid init
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - www/fdroid/config.py&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - www/fdroid/config.py>
 [...]
-repo_url = &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;https://onny.project-insanity.org/fdroid/repo&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+repo_url = "https://onny.project-insanity.org/fdroid/repo"
-repo_name = &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;Project-Insanity F-Droid repo&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+repo_name = "Project-Insanity F-Droid repo"
-repo_icon = &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;fdroid-icon.png&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+repo_icon = "fdroid-icon.png"
-repo_description = &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;This is a private F-Droid repository for the PI-crew :)&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+repo_description = "This is a private F-Droid repository for the PI-crew :)"
 [...]
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 env ANDROID_HOME=/opt/android-sdk fdroid update --create-metadata
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 mkdir ~/.config/gplaycli
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - ~/.config/gplaycli/gplaycli.conf&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - ~/.config/gplaycli/gplaycli.conf>
 [Credentials]
 gmail_address=****@gmail.com
 gmail_password=****
 token=False
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - ~/.config/gplaycli/apk.list&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - ~/.config/gplaycli/apk.list>
 org.thoughtcrime.securesms
 de.nextbike
@@ Line 2401: / Line 2401: @@
 com.zhiliaoapp.musically
 com.lynxspa.prontotreno
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/gplaycli.service&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/system/gplaycli.service>
 [Unit]
 Description=Gplaycli automatic APK mirror
@@ Line 2410: / Line 2410: @@
 Type=simple
 User=onny
-ExecStart=/usr/bin/sh -c &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;rm -f /home/onny/.cache/gplaycli/token &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; /usr/bin/gplaycli -v -dc shamu --file /home/onny/.config/gplaycli/apk.list --folder /home/onny/www/fdroid/repo/ -c /home/onny/.config/gplaycli/gplaycli.conf &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; cd /home/onny/www/fdroid &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp; env ANDROID_HOME=/opt/android-sdk fdroid update --create-metadata&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+ExecStart=/usr/bin/sh -c "rm -f /home/onny/.cache/gplaycli/token && /usr/bin/gplaycli -v -dc shamu --file /home/onny/.config/gplaycli/apk.list --folder /home/onny/www/fdroid/repo/ -c /home/onny/.config/gplaycli/gplaycli.conf && cd /home/onny/www/fdroid && env ANDROID_HOME=/opt/android-sdk fdroid update --create-metadata"
 TimeoutStopSec=180
 KillMode=process
@@ Line 2417: / Line 2417: @@
 [Install]
 WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/gplaycli.timer&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/systemd/system/gplaycli.timer>
 [Unit]
 Description=Gplaycli automatic APK mirror
@@ Line 2429: / Line 2429: @@
 [Install]
 WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 systemctl daemon-reload
 systemctl --now enable gplaycli.timer
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 Notes:
   * Manually put Threema apk into repo folder
 ===== public hosting =====
 Create user for hosting site
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 useradd -m example
 mkdir /home/example/www
 ln -s /home/example/www /var/www/example.de
 chmod +x /home/example
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 Copy php-fpm profile
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 cp /etc/php/php-fpm.d/sexypump.de.conf /etc/php/php-fpm.d/example.com
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 Replace all occurences from the domain (''sexypump.de'') and the user (''sexypump'') with your domain and user. Now restart ''php-fpm'':
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 systemctl restart php-fpm
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 Create nginx webserver configuration:
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/nginx/sites-available/example.de&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/nginx/sites-available/example.de>
 server {
     server_name example.de www.example.de;
@@ Line 2473: / Line 2473: @@
     }
 }
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 Enable webserver configuration:
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 ln -s /etc/nginx/sites-available/example.de /etc/nginx/sites-enabled/
 systemctl restart nginx
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 Enable SSL caddy proxy on ''http.pi''. Edit as user ''caddy'' and append following part:
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /opt/caddy/Caddyfile&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /opt/caddy/Caddyfile>
 www.example.de example.de {
         log /var/log/caddy/example.de_access.log
@@ Line 2489: / Line 2489: @@
                 header_upstream X-Real-IP {remote}
                 header_upstream X-Forwarded-Proto {scheme}
-                header_downstream -Server &amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;&amp;amp;amp;amp;amp;amp;amp;amp;amp;quot;
+                header_downstream -Server ""
         }
 }
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 Restart caddy process after that. Depending on the permissions of your webroot, you can run:
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 sudo gpasswd -a example http
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
 Mysql database creation on ''mysql.pi'':
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code sql&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code sql>
 CREATE DATABASE IF NOT EXISTS sexypump;
 GRANT ALL PRIVILEGES ON sexypump.* TO 'sexypump'@'http-pub' IDENTIFIED BY '****';
 FLUSH PRIVILEGES;
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;file - /etc/conf.d/ballisticc.de.ini&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<file - /etc/conf.d/ballisticc.de.ini>
 upload_max_filesize = 1000M
 post_max_size = 1000M
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</file>
 ===== podcast feeds =====
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+<code bash>
 sudo cp /home/onny/www/laboumdeluxe/laboumdeluxe_* /etc/systemd/system/
 sudo cp /home/onny/www/bounce/bounce_* /etc/systemd/system/
 systemctl enable --now bounce_feed.timer laboumdeluxe_feed.timer kampus_hakatze_feed.timer
-&amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
+</code>