Site Tools


Hotfix release available: 2024-02-06a "Kaos". upgrade now! [55.1] (what's this?)
New release available: 2024-02-06 "Kaos". upgrade now! [55] (what's this?)
projectinsanity:server_setup

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
projectinsanity:server_setup [2022/04/07 08:05] – [host.pi] 159.203.181.211projectinsanity:server_setup [2022/08/12 20:20] (current) – [host.pi] 10.25.0.100
Line 1: Line 1:
- ====== host.pi ======+====== host.pi ======
 ===== Specs ===== ===== Specs =====
  1 x Dedicated Root Server SB32 (hetzner)  1 x Dedicated Root Server SB32 (hetzner)
Line 32: Line 32:
   * IPv6: 2a01:4f8:191:327::2   * IPv6: 2a01:4f8:191:327::2
 Im Rescue system: Im Rescue system:
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 installimage -a -n project-insanity -b grub -r yes -l 0 -i root/.oldroot/nfs/images/archlinux-latest-64-minimal.tar.gz -p /boot:ext4:2G,lvm:vg0:all -v vg0:swap:swap:swap:3G,vg0:root:/:btrfs:40G -f yes -s en installimage -a -n project-insanity -b grub -r yes -l 0 -i root/.oldroot/nfs/images/archlinux-latest-64-minimal.tar.gz -p /boot:ext4:2G,lvm:vg0:all -v vg0:swap:swap:swap:3G,vg0:root:/:btrfs:40G -f yes -s en
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 ==== systemd-networkd ==== ==== systemd-networkd ====
 on the installed host machine, had to change ''2a01:4f8:191:327::2/64'' to ''2a01:4f8:191:327::2/128''. Also ''Address=144.76.16.40'' to ''Address=144.76.16.40/32'': on the installed host machine, had to change ''2a01:4f8:191:327::2/64'' to ''2a01:4f8:191:327::2/128''. Also ''Address=144.76.16.40'' to ''Address=144.76.16.40/32'':
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/networkd/10-enp3s0.network&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/networkd/10-enp3s0.network>
 ### Hetzner Online GmbH installimage ### Hetzner Online GmbH installimage
 [Match] [Match]
Line 51: Line 51:
 Peer=144.76.16.33/32 Peer=144.76.16.33/32
 IPForward=ipv4 IPForward=ipv4
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/networkd/25-bridge.netdev&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/networkd/25-bridge.netdev>
 [NetDev] [NetDev]
 Name=br-internal Name=br-internal
 Kind=bridge Kind=bridge
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/networkd/25-bridge.network&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/networkd/25-bridge.network>
 [Match] [Match]
 Name=br-internal Name=br-internal
Line 65: Line 65:
 Address=10.25.0.1/24 Address=10.25.0.1/24
 ConfigureWithoutCarrier=true ConfigureWithoutCarrier=true
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 ==== core system ==== ==== core system ====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S mosh tmux htop dmidecode fail2ban openvpn qemu openbsd-netcat openssh easy-rsa fish pacman-contrib pacman -S mosh tmux htop dmidecode fail2ban openvpn qemu openbsd-netcat openssh easy-rsa fish pacman-contrib
 chsh -s $(which fish) chsh -s $(which fish)
Line 81: Line 81:
 sed -i 's/^#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config sed -i 's/^#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
 systemctl enable --now sshd fail2ban systemd-networkd systemd-resolved systemctl enable --now sshd fail2ban systemd-networkd systemd-resolved
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 dnsmasq settings, ready to listen on wireguard subnet dnsmasq settings, ready to listen on wireguard subnet
-&amp;amp;amp;amp;amp;lt;file - /etc/dnsmasq.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/dnsmasq.conf>
 [...] [...]
 listen-address=127.0.0.1,10.25.0.1,10.25.40.1 listen-address=127.0.0.1,10.25.0.1,10.25.40.1
Line 92: Line 92:
 server=8.8.8.8 server=8.8.8.8
 server=8.8.4.4 server=8.8.4.4
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 systemd resolved dns resolver settings systemd resolved dns resolver settings
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/resolved.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/resolved.conf>
 [...] [...]
 [resolve] [resolve]
 DNSStubListener=no DNSStubListener=no
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/resolved.conf.d/dns_over_tls.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/resolved.conf.d/dns_over_tls.conf>
 [Resolve] [Resolve]
 DNSOverTLS=opportunistic DNSOverTLS=opportunistic
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/resolved.conf.d/dnssec.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/resolved.conf.d/dnssec.conf>
 [Resolve] [Resolve]
 DNSSEC=true DNSSEC=true
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/resolved.conf.d/dns_servers.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/resolved.conf.d/dns_servers.conf>
 [Resolve] [Resolve]
 DNS=2620:fe::fe 9.9.9.9 DNS=2620:fe::fe 9.9.9.9
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/hosts&amp;amp;amp;amp;amp;gt;+<file - /etc/hosts>
 [...] [...]
 10.25.0.1 host.pi 10.25.0.1 host.pi
Line 139: Line 139:
 2a01:4f8:191:327::102 neutrino neutrino.pi 2a01:4f8:191:327::102 neutrino neutrino.pi
 2a01:4f8:191:327::103 arne arne.pi 2a01:4f8:191:327::103 arne arne.pi
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 custom pi archlinux repo custom pi archlinux repo
-&amp;amp;amp;amp;amp;lt;file - /etc/pacman.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/pacman.conf>
 ... ...
 [projectinsanity] [projectinsanity]
 SigLevel = PackageOptional SigLevel = PackageOptional
 Server = https://onny.project-insanity.org/archlinux Server = https://onny.project-insanity.org/archlinux
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 archlinux auto update archlinux auto update
-&amp;amp;amp;amp;amp;lt;file - /etc/pacman.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/pacman.conf>
 ... ...
 [projectinsanity] [projectinsanity]
 SigLevel = PackageOptional SigLevel = PackageOptional
 Server = https://onny.project-insanity.org/archlinux Server = https://onny.project-insanity.org/archlinux
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/autoupdate.service&amp;amp;amp;amp;amp;gt;[Unit]+<file - /etc/systemd/system/autoupdate.service>[Unit]
 Description=Automatic Update Description=Automatic Update
 After=network-online.target  After=network-online.target 
Line 160: Line 160:
 [Service] [Service]
 Type=simple Type=simple
-ExecStart=/usr/bin/sh -c &amp;amp;amp;amp;amp;quot;/usr/bin/pacman -Syuq --noconfirm --needed --noprogressbar &amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp; rm /var/cache/pacman/pkg/*.zst&amp;amp;amp;amp;amp;quot;+ExecStart=/usr/bin/sh -c "/usr/bin/pacman -Syuq --noconfirm --needed --noprogressbar && rm /var/cache/pacman/pkg/*.zst"
 TimeoutStopSec=180 TimeoutStopSec=180
 KillMode=process KillMode=process
Line 167: Line 167:
 [Install] [Install]
 WantedBy=multi-user.target WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/autoupdate.timer&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/system/autoupdate.timer>
 [Unit] [Unit]
  Description=Automatic Update when booted up after 5 minutes then check the system for updates every 60 minutes  Description=Automatic Update when booted up after 5 minutes then check the system for updates every 60 minutes
Line 179: Line 179:
 [Install] [Install]
  WantedBy=multi-user.target  WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 systemctl enable --now autoupdate.timer systemctl enable --now autoupdate.timer
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 automatic timed reboot after kernel upgrade automatic timed reboot after kernel upgrade
-&amp;amp;amp;amp;amp;lt;file - /etc/pacman.d/hooks/linux.hook&amp;amp;amp;amp;amp;gt;+<file - /etc/pacman.d/hooks/linux.hook>
 [Trigger] [Trigger]
 Operation = Install Operation = Install
Line 195: Line 195:
 When = PostTransaction When = PostTransaction
 Exec = /usr/bin/systemctl start kernel-upgrade.timer Exec = /usr/bin/systemctl start kernel-upgrade.timer
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/kernel-upgrade.timer&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/system/kernel-upgrade.timer>
 [Unit] [Unit]
 Description=Reboot in the morning after kernel upgrade Description=Reboot in the morning after kernel upgrade
Line 206: Line 206:
 [Install] [Install]
 WantedBy=multi-user.target WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/kernel-upgrade.service&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/system/kernel-upgrade.service>
 [Unit] [Unit]
 Description=Reboot after kernel upgrade Description=Reboot after kernel upgrade
Line 217: Line 217:
 [Install] [Install]
 WantedBy=multi-user.target WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 ==== nftables ==== ==== nftables ====
-nftables firewall &amp;amp;amp;amp;amp;amp; routing +nftables firewall & routing 
-&amp;amp;amp;amp;amp;lt;file - /etc/nftables.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/nftables.conf>
 define TCP_PORT_QUAKEJS_DS = 27960 define TCP_PORT_QUAKEJS_DS = 27960
 define TCP_PORT_IMAPS = 993 define TCP_PORT_IMAPS = 993
Line 255: Line 255:
  type filter hook input priority filter; policy drop;  type filter hook input priority filter; policy drop;
  jump base_checks  jump base_checks
- iifname &amp;amp;amp;amp;amp;quot;lo&amp;amp;amp;amp;amp;quot; accept+ iifname "loaccept
  ip protocol icmp icmp type { echo-reply, destination-unreachable, echo-request, time-exceeded, parameter-problem } accept  ip protocol icmp icmp type { echo-reply, destination-unreachable, echo-request, time-exceeded, parameter-problem } accept
  ip6 nexthdr ipv6-icmp icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, echo-reply, mld-listener-query, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept  ip6 nexthdr ipv6-icmp icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, echo-reply, mld-listener-query, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
Line 283: Line 283:
  type nat hook prerouting priority filter; policy accept;  type nat hook prerouting priority filter; policy accept;
  
- iif &amp;amp;amp;amp;amp;quot;enp3s0&amp;amp;amp;amp;amp;quot; tcp dport { $TCP_PORT_HTTP, $TCP_PORT_HTTPS } dnat to $HOST_HTTP_PI+ iif "enp3s0tcp dport { $TCP_PORT_HTTP, $TCP_PORT_HTTPS } dnat to $HOST_HTTP_PI
  
  # Forward web traffic to http.pi  # Forward web traffic to http.pi
Line 289: Line 289:
  
  # Forward mail traffic to mail.pi  # Forward mail traffic to mail.pi
- iif &amp;amp;amp;amp;amp;quot;enp3s0&amp;amp;amp;amp;amp;quot; tcp dport { $TCP_PORT_SMTP, $TCP_PORT_SMTPS, $TCP_PORT_IMAPS } dnat to $HOST_MAIL_PI+ iif "enp3s0tcp dport { $TCP_PORT_SMTP, $TCP_PORT_SMTPS, $TCP_PORT_IMAPS } dnat to $HOST_MAIL_PI
  
- iif &amp;amp;amp;amp;amp;quot;enp3s0&amp;amp;amp;amp;amp;quot; tcp dport { $TCP_PORT_QUAKEJS_DS } dnat to $HOST_PLAYGROUND_PI+ iif "enp3s0tcp dport { $TCP_PORT_QUAKEJS_DS } dnat to $HOST_PLAYGROUND_PI
  }  }
  
  chain postrouting {  chain postrouting {
  type nat hook postrouting priority srcnat; policy accept;  type nat hook postrouting priority srcnat; policy accept;
- ip saddr 10.25.0.0/24 oif {&amp;amp;amp;amp;amp;quot;enp3s0&amp;amp;amp;amp;amp;quot;&amp;amp;amp;amp;amp;quot;br-internal&amp;amp;amp;amp;amp;quot;} snat 144.76.16.40+ ip saddr 10.25.0.0/24 oif {"enp3s0""br-internal"} snat 144.76.16.40
  }  }
 } }
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - nftables.service.d/overwrite.conf&amp;amp;amp;amp;amp;gt;+<file - nftables.service.d/overwrite.conf>
 [Unit] [Unit]
 Wants= Wants=
Line 311: Line 311:
 Restart=always Restart=always
 RestartSec=5 RestartSec=5
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S nftables pacman -S nftables
 systemctl enable --now nftables systemctl enable --now nftables
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 ==== libvirtd ==== ==== libvirtd ====
 libvirt network configuration file libvirt network configuration file
-&amp;amp;amp;amp;amp;lt;file - /tmp/net-internal.xml&amp;amp;amp;amp;amp;gt; +<file - /tmp/net-internal.xml> 
-network connections='6'&amp;amp;amp;amp;amp;gt; +network connections='6'> 
-  &amp;amp;amp;amp;amp;lt;name&amp;amp;amp;amp;amp;gt;internal&amp;amp;amp;amp;amp;lt;/name&amp;amp;amp;amp;amp;gt; +  <name>internal</name> 
-  &amp;amp;amp;amp;amp;lt;uuid&amp;amp;amp;amp;amp;gt;0a2dff47-afc7-4d27-91b0-5f61a1f5cbaa&amp;amp;amp;amp;amp;lt;/uuid&amp;amp;amp;amp;amp;gt; +  <uuid>0a2dff47-afc7-4d27-91b0-5f61a1f5cbaa</uuid> 
-  &amp;amp;amp;amp;amp;lt;forward mode='bridge'/&amp;amp;amp;amp;amp;gt; +  <forward mode='bridge'/> 
-  &amp;amp;amp;amp;amp;lt;bridge name='br-internal'/&amp;amp;amp;amp;amp;gt; +  <bridge name='br-internal'/> 
-&amp;amp;amp;amp;amp;lt;/network&amp;amp;amp;amp;amp;gt; +</network> 
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 libvirt qemu hook libvirt qemu hook
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S libvirt virt-install dnsmasq glusterfs pacman -S libvirt virt-install dnsmasq glusterfs
 virsh pool-define-as --name 'vg0' --type 'logical' --source-format 'lvm2' --target '/dev/vg0' virsh pool-define-as --name 'vg0' --type 'logical' --source-format 'lvm2' --target '/dev/vg0'
Line 336: Line 336:
 virsh net-autostart internal virsh net-autostart internal
 systemctl enable --now libvirtd systemctl enable --now libvirtd
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
  
 ==== wireguard ==== ==== wireguard ====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S wireguard-tools pacman -S wireguard-tools
 cd /etc/wireguard cd /etc/wireguard
-wg genkey | tee privatekey | wg pubkey &amp;amp;amp;amp;amp;gt; publickey+wg genkey | tee privatekey | wg pubkey publickey
 chmod 600 privatekey chmod 600 privatekey
 chown root:root privatekey chown root:root privatekey
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/network/99-server.netdev&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/network/99-server.netdev>
 [NetDev] [NetDev]
 Name = wg0 Name = wg0
Line 380: Line 380:
 PublicKey = [PICLOUD_PUBKEY] PublicKey = [PICLOUD_PUBKEY]
 AllowedIPs = 10.25.40.6/32 AllowedIPs = 10.25.40.6/32
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/network/99-server.network&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/network/99-server.network>
 [Match] [Match]
 Name = wg0 Name = wg0
Line 390: Line 390:
 DNSSEC=false DNSSEC=false
 IPForward=ipv4 IPForward=ipv4
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 === client === === client ===
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S wireguard-tools pacman -S wireguard-tools
 cd /etc/wireguard cd /etc/wireguard
-wg genkey | tee privatekey | wg pubkey &amp;amp;amp;amp;amp;gt; publickey+wg genkey | tee privatekey | wg pubkey publickey
 chmod 600 privatekey chmod 600 privatekey
 chown root:root privatekey chown root:root privatekey
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/network/99-client.netdev&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/network/99-client.netdev>
 [NetDev] [NetDev]
 Name = wg0 Name = wg0
Line 414: Line 414:
 Endpoint = 144.76.16.40:51820 Endpoint = 144.76.16.40:51820
 PersistentKeepalive = 25 PersistentKeepalive = 25
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/network/99-client.network&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/network/99-client.network>
 [Match] [Match]
 Name = wg0 Name = wg0
Line 421: Line 421:
 [Network] [Network]
 Address = 10.25.40.2/16 Address = 10.25.40.2/16
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 systemctl restart systemd-networkd systemctl restart systemd-networkd
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 ==== systemd-journal logging server ==== ==== systemd-journal logging server ====
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/journal-remote.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/journal-remote.conf>
 [Remote] [Remote]
 SplitMode=host SplitMode=host
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/systemd-journal-remote.service&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/system/systemd-journal-remote.service>
 [Unit] [Unit]
 Description=Journal Remote Sink Service Description=Journal Remote Sink Service
Line 447: Line 447:
 [Install] [Install]
 Also=systemd-journal-remote.socket Also=systemd-journal-remote.socket
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 mkdir -p /var/log/journal/remote mkdir -p /var/log/journal/remote
 chown -R systemd-journal-remote:systemd-journal-remote /var/log/journal/remote chown -R systemd-journal-remote:systemd-journal-remote /var/log/journal/remote
Line 454: Line 454:
 ufw allow from 10.25.0.0/24 to any proto tcp port 19532 ufw allow from 10.25.0.0/24 to any proto tcp port 19532
 systemctl enable --now systemd-journal-remote systemctl enable --now systemd-journal-remote
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 ===== ArchLinux Gastsystem ===== ===== ArchLinux Gastsystem =====
 ==== Erstellen ==== ==== Erstellen ====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 virt-install --video qxl --channel spicevmc --graphics spice,listen=127.0.0.1 --name=http --vcpus 4 --memory 8048 --disk pool=vg0,size=1000,bus=virtio --cdrom /var/lib/libvirt/images/archlinux-2018.06.01-x86_64.iso --network network:internal,model=virtio --virt-type kvm --autostart --noautoconsole virt-install --video qxl --channel spicevmc --graphics spice,listen=127.0.0.1 --name=http --vcpus 4 --memory 8048 --disk pool=vg0,size=1000,bus=virtio --cdrom /var/lib/libvirt/images/archlinux-2018.06.01-x86_64.iso --network network:internal,model=virtio --virt-type kvm --autostart --noautoconsole
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 ==== Löschen ==== ==== Löschen ====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 virsh destroy http virsh destroy http
 virsh undefine http virsh undefine http
 lvremove /dev/vg0/http lvremove /dev/vg0/http
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 ==== Speicher vergrößern ==== ==== Speicher vergrößern ====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;virsh shutdown http+<code bash>virsh shutdown http
 lvresize -L +20G vg0/http lvresize -L +20G vg0/http
-virsh start http&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+virsh start http</code>
 Auf dem Gastsystem ausführen: Auf dem Gastsystem ausführen:
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;sgdisk -og -a 1024 -n 1:1024:2047 -c 1:&amp;amp;amp;amp;amp;quot;BIOS Boot Partition&amp;amp;amp;amp;amp;quot; -t 1:ef02 /dev/vda +<code bash>sgdisk -og -a 1024 -n 1:1024:2047 -c 1:"BIOS Boot Partition-t 1:ef02 /dev/vda 
-sgdisk -n2:2048:0 -c2:&amp;amp;amp;amp;amp;quot;ArchRoot&amp;amp;amp;amp;amp;quot; -p /dev/vda+sgdisk -n2:2048:0 -c2:"ArchRoot-p /dev/vda
 shutdown -h now # then start again after that shutdown -h now # then start again after that
-btrfs filesystem resize max /&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +btrfs filesystem resize max /</code> 
-Bei neueren Version von libguestfs-tools (&amp;amp;amp;amp;amp;gt;1.16.34) könnte man auch die Partitionstabelle und Dateisystem [[http://blog.oneiroi.co.uk/linux/kvm/virt-resize/RHEL/LVM/kvm-linux-expanding-a-lvm-guest-file-system-using-virt-resize/|von dem Host aus resizen]] und müsste dafür nicht das Gastsystem neustarten.+Bei neueren Version von libguestfs-tools (>1.16.34) könnte man auch die Partitionstabelle und Dateisystem [[http://blog.oneiroi.co.uk/linux/kvm/virt-resize/RHEL/LVM/kvm-linux-expanding-a-lvm-guest-file-system-using-virt-resize/|von dem Host aus resizen]] und müsste dafür nicht das Gastsystem neustarten.
  
 ==== Backup ==== ==== Backup ====
 Raw backup logical volume to picloud (homeserver onnuex) Raw backup logical volume to picloud (homeserver onnuex)
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 lvcreate -s -n playground_snap -L 20G /dev/vg0/playground lvcreate -s -n playground_snap -L 20G /dev/vg0/playground
-dd if=/dev/vg0/playground.img_snap bs=4096 | pv | gpg --batch --passphrase &amp;amp;amp;amp;amp;quot;my_secret_password&amp;amp;amp;amp;amp;quot; --symmetric --compress-algo zlib | ssh picloud@picloud.sexypump.de 'dd of=/mnt/backups/project-insanity/playground_$(date +&amp;amp;amp;amp;amp;quot;%Y-%m-%d&amp;amp;amp;amp;amp;quot;).img.gpg bs=4096'+dd if=/dev/vg0/playground.img_snap bs=4096 | pv | gpg --batch --passphrase "my_secret_password--symmetric --compress-algo zlib | ssh picloud@picloud.sexypump.de 'dd of=/mnt/backups/project-insanity/playground_$(date +"%Y-%m-%d").img.gpg bs=4096'
 lvremove /dev/vg0/playground_snap lvremove /dev/vg0/playground_snap
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 Recover backup Recover backup
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 gpg -o /mnt/playground.img -d /mnt/playground.img.gpg gpg -o /mnt/playground.img -d /mnt/playground.img.gpg
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 Unfinished backup script: Unfinished backup script:
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt; +<code bash> 
-sas=&amp;amp;amp;amp;amp;quot;$1&amp;amp;amp;amp;amp;quot; +sas="$1" 
-password=&amp;amp;amp;amp;amp;quot;$2&amp;amp;amp;amp;amp;quot;+password="$2"
  
-for vol in `lvs | cut -f3 -d &amp;amp;amp;amp;amp;quot; &amp;amp;amp;amp;amp;quot; | tail -n+2` +for vol in `lvs | cut -f3 -d " " | tail -n+2` 
- do echo &amp;amp;amp;amp;amp;quot;Backing up $vol&amp;amp;amp;amp;amp;quot; + do echo "Backing up $vol" 
- lvcreate -s -n &amp;amp;amp;amp;amp;quot;${vol}_snap&amp;amp;amp;amp;amp;quot; -L 20G &amp;amp;amp;amp;amp;quot;/dev/vg0/${vol}&amp;amp;amp;amp;amp;quot; + lvcreate -s -n "${vol}_snap-L 20G "/dev/vg0/${vol}" 
- pv -cN source &amp;amp;amp;amp;amp;quot;/dev/vg0/${vol}_snap&amp;amp;amp;amp;amp;quot; | gpg --batch --passphrase &amp;amp;amp;amp;amp;quot;${password}&amp;amp;amp;amp;amp;quot; --symmetric --compress-algo zlib | azcopy cp &amp;amp;amp;amp;amp;quot;https://myaccount.blob.core.windows.net/mycontainer/${vol}_$(date +&amp;amp;amp;amp;amp;quot;%Y-%m-%d&amp;amp;amp;amp;amp;quot;).img.gpg?${sas}&amp;amp;amp;amp;amp;quot; + pv -cN source "/dev/vg0/${vol}_snap| gpg --batch --passphrase "${password}--symmetric --compress-algo zlib | azcopy cp "https://myaccount.blob.core.windows.net/mycontainer/${vol}_$(date +"%Y-%m-%d").img.gpg?${sas}" 
- lvremove &amp;amp;amp;amp;amp;quot;/dev/vg0/${vol}_snap&amp;amp;amp;amp;amp;quot;+ lvremove "/dev/vg0/${vol}_snap"
 done done
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 ==== Einrichten ==== ==== Einrichten ====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 mkfs.btrfs /dev/sda mkfs.btrfs /dev/sda
 ifconfig eth0 10.25.0.120 up ifconfig eth0 10.25.0.120 up
Line 508: Line 508:
 ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
 pacstrap /mnt base base-devel tmux mosh yajl wipe rsync procps neovim lsof strace htop net-tools pkgfile dnsutils iotop aria2 tcpdump nload grub btrfs-progs gptfdisk ntp wget rxvt-unicode-terminfo pwgen mlocate fail2ban pv expac openssh git devtools fish nftables ripgrep bat fd pacman-contrib pacstrap /mnt base base-devel tmux mosh yajl wipe rsync procps neovim lsof strace htop net-tools pkgfile dnsutils iotop aria2 tcpdump nload grub btrfs-progs gptfdisk ntp wget rxvt-unicode-terminfo pwgen mlocate fail2ban pv expac openssh git devtools fish nftables ripgrep bat fd pacman-contrib
-genfstab -p /mnt &amp;amp;amp;amp;amp;gt;&amp;amp;amp;amp;amp;gt; /mnt/etc/fstab+genfstab -p /mnt >> /mnt/etc/fstab
 arch-chroot /mnt arch-chroot /mnt
 chsh -s $(which fish) chsh -s $(which fish)
Line 517: Line 517:
 mkdir /etc/pacman.d/hooks mkdir /etc/pacman.d/hooks
 ln -s /usr/share/libalpm/hooks/30-systemd-daemon-reload.hook /etc/pacman.d/hooks/ ln -s /usr/share/libalpm/hooks/30-systemd-daemon-reload.hook /etc/pacman.d/hooks/
-echo &amp;amp;amp;amp;amp;quot;http-pub2&amp;amp;amp;amp;amp;quot; &amp;amp;amp;amp;amp;gt;&amp;amp;amp;amp;amp;gt; /etc/hostname+echo "http-pub2" >> /etc/hostname
 ln -sf /usr/share/zoneinfo/UTC /etc/localtime ln -sf /usr/share/zoneinfo/UTC /etc/localtime
 sed -i 's/#en_US.UTF-8/en_US.UTF-8/' /etc/locale.gen sed -i 's/#en_US.UTF-8/en_US.UTF-8/' /etc/locale.gen
 locale-gen locale-gen
-echo 'LANG=&amp;amp;amp;amp;amp;quot;en_US.UTF-8&amp;amp;amp;amp;amp;quot;&amp;amp;amp;amp;amp;gt; /etc/locale.conf +echo 'LANG="en_US.UTF-8"/etc/locale.conf 
-echo &amp;amp;amp;amp;amp;quot;KEYMAP=de&amp;amp;amp;amp;amp;quot; &amp;amp;amp;amp;amp;gt; /etc/vconsole.conf+echo "KEYMAP=de" > /etc/vconsole.conf
 mkinitcpio -p linux mkinitcpio -p linux
 sed -i '/GRUB_TIMEOUT/s/5/0/' /etc/default/grub sed -i '/GRUB_TIMEOUT/s/5/0/' /etc/default/grub
Line 536: Line 536:
 updatedb updatedb
 pkgfile --update pkgfile --update
-echo &amp;amp;amp;amp;amp;quot;UserParameter=archlinuxupdates,if [ -d /tmp/pacmandb ]; then fakeroot pacman -Syup --dbpath /tmp/pacmandb | grep &amp;amp;amp;amp;amp;quot;pkg.tar.xz&amp;amp;amp;amp;amp;quot; -c; else mkdir /tmp/pacmandb &amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp; ln -s /var/lib/pacman/local /tmp/pacmandb &amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp; fakeroot pacman -Syup --dbpath /tmp/pacmandb | grep &amp;amp;amp;amp;amp;quot;pkg.tar.xz&amp;amp;amp;amp;amp;quot; -c; fi&amp;amp;amp;amp;amp;quot; &amp;amp;amp;amp;amp;gt;&amp;amp;amp;amp;amp;gt; /etc/zabbix/zabbix_agentd.conf+echo "UserParameter=archlinuxupdates,if [ -d /tmp/pacmandb ]; then fakeroot pacman -Syup --dbpath /tmp/pacmandb | grep "pkg.tar.xz-c; else mkdir /tmp/pacmandb && ln -s /var/lib/pacman/local /tmp/pacmandb && fakeroot pacman -Syup --dbpath /tmp/pacmandb | grep "pkg.tar.xz-c; fi" >> /etc/zabbix/zabbix_agentd.conf
 sed -i 's/^Server=.*$/Server=http-new.pi/g' /etc/zabbix/zabbix_agentd.conf sed -i 's/^Server=.*$/Server=http-new.pi/g' /etc/zabbix/zabbix_agentd.conf
 systemctl enable --now sshd systemd-networkd nftables fail2ban systemd-resolved systemctl enable --now sshd systemd-networkd nftables fail2ban systemd-resolved
Line 542: Line 542:
 exit exit
 reboot reboot
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 === nftables === === nftables ===
-&amp;amp;amp;amp;amp;lt;file - /etc/nftables.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/nftables.conf>
 table inet filter { table inet filter {
         set tcp_accepted {         set tcp_accepted {
Line 566: Line 566:
                 type filter hook input priority filter; policy drop;                 type filter hook input priority filter; policy drop;
                 jump base_checks                 jump base_checks
-                iifname &amp;amp;amp;amp;amp;quot;lo&amp;amp;amp;amp;amp;quot; accept+                iifname "loaccept
                 ip protocol icmp icmp type { echo-reply, destination-unreachable, echo-request, time-exceeded, parameter-problem } accept                 ip protocol icmp icmp type { echo-reply, destination-unreachable, echo-request, time-exceeded, parameter-problem } accept
                 ip6 nexthdr ipv6-icmp icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, echo-reply, mld-listener-query, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept                 ip6 nexthdr ipv6-icmp icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, echo-reply, mld-listener-query, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
Line 583: Line 583:
         }         }
 } }
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 === systemd-networkd === === systemd-networkd ===
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/network/ens3.network&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/network/ens3.network>
 [Match] [Match]
 Name=ens3 Name=ens3
Line 599: Line 599:
 LinkLocalAddressing = no LinkLocalAddressing = no
 IPv6AcceptRA = no IPv6AcceptRA = no
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 === pacman === === pacman ===
 project-insanity build server repo project-insanity build server repo
-&amp;amp;amp;amp;amp;lt;file - /etc/pacman.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/pacman.conf>
 [...] [...]
  
Line 608: Line 608:
 SigLevel = PackageOptional SigLevel = PackageOptional
 Server = https://onny.project-insanity.org/archlinux Server = https://onny.project-insanity.org/archlinux
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 archlinux auto update archlinux auto update
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/autoupdate.service&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/system/autoupdate.service>
 [Unit] [Unit]
  Description=Automatic Update  Description=Automatic Update
Line 624: Line 624:
 [Install] [Install]
  WantedBy=multi-user.target  WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/autoupdate.timer&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/system/autoupdate.timer>
 [Unit] [Unit]
  Description=Automatic Update when booted up after 5 minutes then check the system for updates every 60 minutes  Description=Automatic Update when booted up after 5 minutes then check the system for updates every 60 minutes
Line 636: Line 636:
 [Install] [Install]
  WantedBy=multi-user.target  WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 systemctl enable --now autoupdate.timer systemctl enable --now autoupdate.timer
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 === systemd-journald === === systemd-journald ===
 systemd logging upload systemd logging upload
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/journal-upload.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/journal-upload.conf>
 [Upload] [Upload]
 URL=http://10.25.0.1:19532 URL=http://10.25.0.1:19532
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/systemd-journal-upload.service&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/system/systemd-journal-upload.service>
 [Unit] [Unit]
 Description=Journal Remote Upload Service Description=Journal Remote Upload Service
Line 676: Line 676:
 [Install] [Install]
 WantedBy=multi-user.target WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 useradd systemd-journal-upload useradd systemd-journal-upload
 mkdir /var/lib/systemd/journal-upload mkdir /var/lib/systemd/journal-upload
 chown -R systemd-journal-upload:systemd-journal-upload /var/lib/systemd/journal-upload chown -R systemd-journal-upload:systemd-journal-upload /var/lib/systemd/journal-upload
 systemctl enable --now systemd-journal-upload systemctl enable --now systemd-journal-upload
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
  
 ==== Maintainance ==== ==== Maintainance ====
 Update configs Update configs
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 sudo pacdiff sudo pacdiff
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 ====== mail.pi ====== ====== mail.pi ======
 on mail.pi on mail.pi
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S maddy pacman -S maddy
 systemctl enable --now maddy systemctl enable --now maddy
Line 697: Line 697:
 nft add rule inet filter input position 17 tcp dport smtp accept nft add rule inet filter input position 17 tcp dport smtp accept
 nft add rule inet filter input position 17 tcp dport imaps accept nft add rule inet filter input position 17 tcp dport imaps accept
-nft list ruleset &amp;amp;amp;amp;amp;gt; /etc/nftables.conf +nft list ruleset /etc/nftables.conf 
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;on +</code>on 
-&amp;amp;amp;amp;amp;lt;file - /etc/maddy/maddy.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/maddy/maddy.conf>
 ... ...
 $(hostname) = turbotux.de $(hostname) = turbotux.de
Line 707: Line 707:
 tls /etc/maddy/certs/$(hostname)/fullchain.pem /etc/maddy/certs/$(hostname)/privkey.pem tls /etc/maddy/certs/$(hostname)/fullchain.pem /etc/maddy/certs/$(hostname)/privkey.pem
 ... ...
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 maddyctl users create postmaster maddyctl users create postmaster
 maddyctl users create onny@turbotux.de maddyctl users create onny@turbotux.de
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 turbotux.de dns record. get dkim key in ''/var/lib/maddy/dkim-keys/turbotux.de-default.dns'' turbotux.de dns record. get dkim key in ''/var/lib/maddy/dkim-keys/turbotux.de-default.dns''
-&amp;amp;amp;amp;amp;lt;code&amp;amp;amp;amp;amp;gt;+<code>
 turbotux.de.    A     144.76.16.40 turbotux.de.    A     144.76.16.40
 turbotux.de.    AAAA  2a01:4f8:191:327::10 turbotux.de.    AAAA  2a01:4f8:191:327::10
 turbotux.de.    MX    10 turbotux.de turbotux.de.    MX    10 turbotux.de
-turbotux.de.    TXT   &amp;amp;amp;amp;amp;quot;v=spf1 mx -all&amp;amp;amp;amp;amp;quot; +turbotux.de.    TXT   "v=spf1 mx -all" 
-_dmarc.turbotux.de.    TXT    &amp;amp;amp;amp;amp;quot;v=DMARC1; p=none; ruf=postmaster@turbotux.de&amp;amp;amp;amp;amp;quot; +_dmarc.turbotux.de.    TXT    "v=DMARC1; p=none; ruf=postmaster@turbotux.de" 
-default._domainkey.turbotux.de    TXT   &amp;amp;amp;amp;amp;quot;v=DKIM1; k=ed25519; p=nAcUUozPlhc4VPhp7hZl+owES7j7OlEv0laaDEDBAqg=&amp;amp;amp;amp;amp;quot; +default._domainkey.turbotux.de    TXT   "v=DKIM1; k=ed25519; p=nAcUUozPlhc4VPhp7hZl+owES7j7OlEv0laaDEDBAqg=" 
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 forwarding/nat on host.pi forwarding/nat on host.pi
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 nft add rule inet filter input position 19 tcp dport smtps accept nft add rule inet filter input position 19 tcp dport smtps accept
 nft add rule inet filter input position 19 tcp dport smtp accept nft add rule inet filter input position 19 tcp dport smtp accept
 nft add rule inet filter input position 19 tcp dport imaps accept nft add rule inet filter input position 19 tcp dport imaps accept
-nft add rule ip nat prerouting position 4 iifname &amp;amp;amp;amp;amp;quot;enp3s0&amp;amp;amp;amp;amp;quot; tcp dport imaps dnat to 10.25.0.102 +nft add rule ip nat prerouting position 4 iifname "enp3s0tcp dport imaps dnat to 10.25.0.102 
-nft add rule ip nat prerouting position 4 iifname &amp;amp;amp;amp;amp;quot;enp3s0&amp;amp;amp;amp;amp;quot; tcp dport smtp dnat to 10.25.0.102 +nft add rule ip nat prerouting position 4 iifname "enp3s0tcp dport smtp dnat to 10.25.0.102 
-nft add rule ip nat prerouting position 4 iifname &amp;amp;amp;amp;amp;quot;enp3s0&amp;amp;amp;amp;amp;quot; tcp dport smtps dnat to 10.25.0.102 +nft add rule ip nat prerouting position 4 iifname "enp3s0tcp dport smtps dnat to 10.25.0.102 
-nft list ruleset &amp;amp;amp;amp;amp;gt; /etc/nftables.conf +nft list ruleset /etc/nftables.conf 
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 tls. on mail.pi tls. on mail.pi
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 chmod +x /var/lib/private chmod +x /var/lib/private
 sudo -u maddy ssh-keygen # all default values sudo -u maddy ssh-keygen # all default values
 cat /var/lib/maddy/.ssh/id_rsa.pub cat /var/lib/maddy/.ssh/id_rsa.pub
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 on http.pi on http.pi
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 useradd -m maddy useradd -m maddy
 mkdir /home/maddy/.ssh mkdir /home/maddy/.ssh
Line 745: Line 745:
 urbotux.de/turbotux.de.crt /var/lib/caddy/acme/acme-v02.api.letsencrypt.org/sites/turbotux.de/turbotux urbotux.de/turbotux.de.crt /var/lib/caddy/acme/acme-v02.api.letsencrypt.org/sites/turbotux.de/turbotux
 .de.key # this does not work so well yet :( .de.key # this does not work so well yet :(
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 ====== mysql.pi ====== ====== mysql.pi ======
 ===== mariadb ===== ===== mariadb =====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S mariadb pacman -S mariadb
 mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql
Line 756: Line 756:
 nft add rule inet filter input position 17 ip saddr 10.25.0.0/24 tcp dport mysql accept nft add rule inet filter input position 17 ip saddr 10.25.0.0/24 tcp dport mysql accept
 nft add rule inet filter input position 17 ip6 saddr 2a01:4f8:191:327::0/64 tcp dport mysql accept nft add rule inet filter input position 17 ip6 saddr 2a01:4f8:191:327::0/64 tcp dport mysql accept
-nft list ruleset &amp;amp;amp;amp;amp;gt; /etc/nftables.conf +nft list ruleset /etc/nftables.conf 
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/pacman.d/hooks/40-mariadb.hook&amp;amp;amp;amp;amp;gt;+<file - /etc/pacman.d/hooks/40-mariadb.hook>
 # Restart mariadb service # Restart mariadb service
  
Line 770: Line 770:
 Description = Restarting mariadb service Description = Restarting mariadb service
 When = PostTransaction When = PostTransaction
-Exec = /usr/bin/sh -c &amp;amp;amp;amp;amp;quot;/usr/bin/mysql_upgrade -u root -p'****' &amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp; /usr/bin/systemctl restart mariadb&amp;amp;amp;amp;amp;quot; +Exec = /usr/bin/sh -c "/usr/bin/mysql_upgrade -u root -p'****' && /usr/bin/systemctl restart mariadb" 
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 chmod 600 /etc/pacman.d/hooks/40-mariadb.hook chmod 600 /etc/pacman.d/hooks/40-mariadb.hook
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 temporary workaround to get nextcloud to work, see: https://github.com/nextcloud/server/issues/27085 temporary workaround to get nextcloud to work, see: https://github.com/nextcloud/server/issues/27085
-&amp;amp;amp;amp;amp;lt;file - /etc/my.cnf.d/server.cnf&amp;amp;amp;amp;amp;gt;+<file - /etc/my.cnf.d/server.cnf>
 [...] [...]
 [server] [server]
Line 782: Line 782:
 innodb_read_only_compressed=0 innodb_read_only_compressed=0
 [...] [...]
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 ===== postgresql ===== ===== postgresql =====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S postgresql postgresql-old-upgrade pacman -S postgresql postgresql-old-upgrade
-sudo su - postgres -c &amp;amp;amp;amp;amp;quot;initdb -D /var/lib/postgres/data&amp;amp;amp;amp;amp;quot;+sudo su - postgres -c "initdb -D /var/lib/postgres/data"
 systemctl enable --now postgresql systemctl enable --now postgresql
 nft add rule inet filter input position 17 ip saddr 10.25.0.0/24 tcp dport postgresql accept nft add rule inet filter input position 17 ip saddr 10.25.0.0/24 tcp dport postgresql accept
 nft add rule inet filter input position 17 ip6 saddr 2a01:4f8:191:327::0/64 tcp dport postgresql accept nft add rule inet filter input position 17 ip6 saddr 2a01:4f8:191:327::0/64 tcp dport postgresql accept
-nft list ruleset &amp;amp;amp;amp;amp;gt; /etc/nftables.conf +nft list ruleset /etc/nftables.conf 
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /var/lib/postgres/data/postgresql.conf&amp;amp;amp;amp;amp;gt;+<file - /var/lib/postgres/data/postgresql.conf>
 [...] [...]
 listen_addresses = '*' listen_addresses = '*'
 [...] [...]
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /var/lib/postgres/data/pg_hba.conf&amp;amp;amp;amp;amp;gt;+<file - /var/lib/postgres/data/pg_hba.conf>
 [...] [...]
 host    all             all             10.25.0.0/24            md5 host    all             all             10.25.0.0/24            md5
 host    all             all             2a01:4f8:191:327::/64           md5 host    all             all             2a01:4f8:191:327::/64           md5
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/pacman.d/hooks/postgresql.hook&amp;amp;amp;amp;amp;gt;+<file - /etc/pacman.d/hooks/postgresql.hook>
 # Restart postgresql service # Restart postgresql service
  
Line 815: Line 815:
 When = PostTransaction When = PostTransaction
 Exec = /usr/bin/systemctl restart postgresql Exec = /usr/bin/systemctl restart postgresql
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 ====== http.pi ====== ====== http.pi ======
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S caddy dokuwiki gitlab php-fpm php-apcu phpmyadmin wordpress nginx pacman -S caddy dokuwiki gitlab php-fpm php-apcu phpmyadmin wordpress nginx
 systemctl enable --now caddy php-fpm systemctl enable --now caddy php-fpm
-nft add rule inet filter input position 17 tcp dport &amp;amp;amp;amp;amp;quot;{http, https}&amp;amp;amp;amp;amp;quot; accept +nft add rule inet filter input position 17 tcp dport "{http, https}accept 
-nft list ruleset &amp;amp;amp;amp;amp;gt; /etc/nftables.conf +nft list ruleset /etc/nftables.conf 
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/pacman.d/hooks/php.hook&amp;amp;amp;amp;amp;gt;+<file - /etc/pacman.d/hooks/php.hook>
 # Restart php service # Restart php service
  
Line 837: Line 837:
 When = PostTransaction When = PostTransaction
 Exec = /usr/bin/systemctl restart php-fpm Exec = /usr/bin/systemctl restart php-fpm
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 custom caddy installation custom caddy installation
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacaur -d caddy pacaur -d caddy
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - ~/.cache/pacaur/caddy/PKGBUILD&amp;amp;amp;amp;amp;gt;+<file - ~/.cache/pacaur/caddy/PKGBUILD>
 [...] [...]
 #    'http.hugo' #    'http.hugo'
Line 848: Line 848:
 #    'http.jekyll' #    'http.jekyll'
 [...] [...]
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 cd ~/.cache/pacaur/caddy cd ~/.cache/pacaur/caddy
 makepkg -i --skipinteg makepkg -i --skipinteg
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/caddy.service.d/override.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/system/caddy.service.d/override.conf>
 [Service] [Service]
 ProtectHome=false ProtectHome=false
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 ===== caddy ===== ===== caddy =====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S caddy pacman -S caddy
 gpasswd -a caddy http gpasswd -a caddy http
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/caddy/Caddyfile&amp;amp;amp;amp;amp;gt;+<file - /etc/caddy/Caddyfile>
 import /etc/caddy/conf.d/* import /etc/caddy/conf.d/*
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/ausstellung-virtuell.de.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/caddy/conf.d/ausstellung-virtuell.de.conf>
 www.ausstellung-virtuell.de ausstellung-virtuell.de { www.ausstellung-virtuell.de ausstellung-virtuell.de {
  
Line 876: Line 876:
  
 } }
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/blog.project-insanity.org.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/caddy/conf.d/blog.project-insanity.org.conf>
 blog.project-insanity.org { blog.project-insanity.org {
  
Line 901: Line 901:
 } }
  
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/git.project-insanity.org.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/caddy/conf.d/git.project-insanity.org.conf>
 git.project-insanity.org { git.project-insanity.org {
  
Line 913: Line 913:
  
 } }
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/jhartung.sinewell.de.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/caddy/conf.d/jhartung.sinewell.de.conf>
 jhartung.sinewell.de { jhartung.sinewell.de {
  
Line 925: Line 925:
  
 } }
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/nextcloud.project-insanity.org.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/caddy/conf.d/nextcloud.project-insanity.org.conf>
 nextcloud.project-insanity.org { nextcloud.project-insanity.org {
  
Line 966: Line 966:
  
 } }
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/onny.project-insanity.org.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/caddy/conf.d/onny.project-insanity.org.conf>
 onny.project-insanity.org { onny.project-insanity.org {
  
Line 978: Line 978:
  
 } }
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/wiki.project-insanity.org.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/caddy/conf.d/wiki.project-insanity.org.conf>
 wiki.project-insanity.org { wiki.project-insanity.org {
  
Line 1011: Line 1011:
       path_regexp export /([^/]+)/(.*)       path_regexp export /([^/]+)/(.*)
     }     }
-    rewrite @allow_export /doku.php?do=export_{http.regexp.export.1}&amp;amp;amp;amp;amp;amp;id={http.regexp.export.2}+    rewrite @allow_export /doku.php?do=export_{http.regexp.export.1}&id={http.regexp.export.2}
  
-    try_files {path} {path}/ /doku.php?id={path}&amp;amp;amp;amp;amp;amp;{query}+    try_files {path} {path}/ /doku.php?id={path}&{query}
 } }
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/http.pi.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/caddy/conf.d/http.pi.conf>
 http://http.pi { http://http.pi {
  
Line 1028: Line 1028:
         php_fastcgi unix//var/run/php-fpm/http.pi_php-fpm.sock         php_fastcgi unix//var/run/php-fpm/http.pi_php-fpm.sock
 } }
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/saai.digital&amp;amp;amp;amp;amp;gt;+<file - /etc/caddy/conf.d/saai.digital>
 beta.saai.digital { beta.saai.digital {
  
Line 1040: Line 1040:
  
 } }
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/office.project-insanity.org.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/caddy/conf.d/office.project-insanity.org.conf>
 office.project-insanity.org { office.project-insanity.org {
  
Line 1069: Line 1069:
  
 } }
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 need to convert need to convert
-&amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/turbotux.de.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/caddy/conf.d/turbotux.de.conf>
 www.turbotux.de turbotux.de { www.turbotux.de turbotux.de {
     log /var/log/caddy/turbotux.de_access.log     log /var/log/caddy/turbotux.de_access.log
Line 1081: Line 1081:
     }     }
 } }
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 ===== php-fpm ===== ===== php-fpm =====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 cp /etc/php/php-fpm.d/www.conf /etc/php/php-fpm.d/http.pi.conf cp /etc/php/php-fpm.d/www.conf /etc/php/php-fpm.d/http.pi.conf
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/php/php-fpm.d/www.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/php/php-fpm.d/www.conf>
 [...] [...]
 pm.max_children = 16 pm.max_children = 16
Line 1100: Line 1100:
 env[TEMP] = /tmp env[TEMP] = /tmp
 [...] [...]
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/php/php-fpm.d/http.pi.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/php/php-fpm.d/http.pi.conf>
 [...] [...]
 [http.pi] [http.pi]
Line 1107: Line 1107:
 listen = /run/php-fpm/http.pi_php-fpm.sock listen = /run/php-fpm/http.pi_php-fpm.sock
 [...] [...]
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/php-fpm.service.d/overwrite-rw-path.conf&amp;amp;amp;amp;amp;gt;[Service]+<file - /etc/systemd/system/php-fpm.service.d/overwrite-rw-path.conf>[Service]
 ReadWritePaths = /usr/share/webapps/nextcloud/data ReadWritePaths = /usr/share/webapps/nextcloud/data
 ReadWritePaths = /usr/share/webapps/nextcloud/apps ReadWritePaths = /usr/share/webapps/nextcloud/apps
Line 1116: Line 1116:
 ReadWritePaths = /usr/share/webapps/invoiceplane/uploads/archive ReadWritePaths = /usr/share/webapps/invoiceplane/uploads/archive
 ReadWritePaths = /usr/share/webapps/invoiceplane/uploads/customer_files ReadWritePaths = /usr/share/webapps/invoiceplane/uploads/customer_files
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
  
 ===== wordpress ===== ===== wordpress =====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S wordpress wp-cli wordpress-plugin-antispam-bee wordpress-plugin-code-syntax-block wordpress-plugin-jetpack-lite wordpress-plugin-lightbox-photoswipe wordpress-plugin-wp-gdpr-compliance wordpress-plugin-wp-statistics wordpress-plugin-co-authors-plus wordpress-theme-geist wordpress-plugin-wp-user-avatar wordpress-plugin-opengraph wordpress-plugin-simple-login-captcha wordpress-plugin-disable-xml-rpc wordpress-plugin-async-javascript wordpress-plugin-breeze wordpress-plugin-webp-converter-for-media pacman -S wordpress wp-cli wordpress-plugin-antispam-bee wordpress-plugin-code-syntax-block wordpress-plugin-jetpack-lite wordpress-plugin-lightbox-photoswipe wordpress-plugin-wp-gdpr-compliance wordpress-plugin-wp-statistics wordpress-plugin-co-authors-plus wordpress-theme-geist wordpress-plugin-wp-user-avatar wordpress-plugin-opengraph wordpress-plugin-simple-login-captcha wordpress-plugin-disable-xml-rpc wordpress-plugin-async-javascript wordpress-plugin-breeze wordpress-plugin-webp-converter-for-media
 chown -R http:http /usr/share/webapps/wordpress/wp-admin /usr/share/webapps/wordpress/wp-includes chown -R http:http /usr/share/webapps/wordpress/wp-admin /usr/share/webapps/wordpress/wp-includes
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/php/conf.d/wordpress.ini&amp;amp;amp;amp;amp;gt;+<file - /etc/php/conf.d/wordpress.ini>
 extension=mysqli extension=mysqli
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file php /home/pi_wordpress/wordpress/wp-config.php&amp;amp;amp;amp;amp;gt;+<file php /home/pi_wordpress/wordpress/wp-config.php>
 define('DB_NAME', '****'); define('DB_NAME', '****');
 define('DB_USER', '****'); define('DB_USER', '****');
Line 1147: Line 1147:
 $_SERVER['HTTPS']='on'; $_SERVER['HTTPS']='on';
 define( 'WP_AUTO_UPDATE_CORE', true ); define( 'WP_AUTO_UPDATE_CORE', true );
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/pacman.d/hooks/wordpress.hook&amp;amp;amp;amp;amp;gt;+<file - /etc/pacman.d/hooks/wordpress.hook>
 # Update Wordpress when core or plugins get updated # Update Wordpress when core or plugins get updated
  
Line 1161: Line 1161:
 Description = Updating Wordpress installation Description = Updating Wordpress installation
 When = PostTransaction When = PostTransaction
-Exec = /usr/bin/sh -c &amp;amp;amp;amp;amp;quot;/usr/bin/sudo -u http /usr/bin/bash -c 'wp core update-db --path=/usr/share/webapps/wordpress; wp plugin activate --path=/usr/share/webapps/wordpress antispam-bee code-syntax-block jetpack jetpack-lite lightbox-photoswipe wp-gdpr-compliance wp-statistics co-authors-plus wp-user-avatar opengraph simple-login-captcha disable-xml-rpc async-javascript breeze webp-converter-for-media'&amp;amp;amp;amp;amp;quot; +Exec = /usr/bin/sh -c "/usr/bin/sudo -u http /usr/bin/bash -c 'wp core update-db --path=/usr/share/webapps/wordpress; wp plugin activate --path=/usr/share/webapps/wordpress antispam-bee code-syntax-block jetpack jetpack-lite lightbox-photoswipe wp-gdpr-compliance wp-statistics co-authors-plus wp-user-avatar opengraph simple-login-captcha disable-xml-rpc async-javascript breeze webp-converter-for-media'" 
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 sudo -u http wp plugin activate --path=/usr/share/webapps/wordpress antispam-bee code-syntax-block jetpack jetpack-lite lightbox-photoswipe wp-gdpr-compliance wp-statistics co-authors-plus wp-user-avatar opengraph simple-login-captcha disable-xml-rpc async-javascript breeze webp-converter-for-media sudo -u http wp plugin activate --path=/usr/share/webapps/wordpress antispam-bee code-syntax-block jetpack jetpack-lite lightbox-photoswipe wp-gdpr-compliance wp-statistics co-authors-plus wp-user-avatar opengraph simple-login-captcha disable-xml-rpc async-javascript breeze webp-converter-for-media
 sudo -u http wp theme activate --path=/usr/share/webapps/wordpress geist sudo -u http wp theme activate --path=/usr/share/webapps/wordpress geist
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 Additional CSS for Geist theme Additional CSS for Geist theme
-&amp;amp;amp;amp;amp;lt;code css&amp;amp;amp;amp;amp;gt;+<code css>
 @media (max-width: 1400px) { @media (max-width: 1400px) {
- .single-post .post-content &amp;amp;amp;amp;amp;gt; p:first-child {+ .single-post .post-content p:first-child {
  font-size: 1em;  font-size: 1em;
  }  }
  
- .single-post .post-content &amp;amp;amp;amp;amp;gt; p, ul {+ .single-post .post-content p, ul {
  font-size: 0.8em;  font-size: 0.8em;
  }  }
   
- .single-post .post-content &amp;amp;amp;amp;amp;gt; h3 {+ .single-post .post-content h3 {
  padding-bottom: 0.8em;  padding-bottom: 0.8em;
  }  }
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 Misc settings Misc settings
   * WP Statistics   * WP Statistics
-    * Settings -&amp;amp;amp;amp;amp;gt; privacy: &amp;amp;amp;amp;amp;quot;Hash IP Addresses&amp;amp;amp;amp;amp;quot; (GDPR)+    * Settings -privacy: "Hash IP Addresses(GDPR)
   * Lightbox with PhotoSwipe   * Lightbox with PhotoSwipe
-    * Enable &amp;amp;amp;amp;amp;quot;Show caption if available&amp;amp;amp;amp;amp;quot; +    * Enable "Show caption if available" 
-    * Enable &amp;amp;amp;amp;amp;quot;Get image captions from the database&amp;amp;amp;amp;amp;quot;+    * Enable "Get image captions from the database"
     * Spacing between pictures: 12%     * Spacing between pictures: 12%
-  * Settings -&amp;amp;amp;amp;amp;gt; Permalinks -&amp;amp;amp;amp;amp;gt; Custom structure: ''/%year%/%monthnum%/%day%/%postname%/'' +  * Settings -Permalinks -Custom structure: ''/%year%/%monthnum%/%day%/%postname%/'' 
-  * Settings -&amp;amp;amp;amp;amp;gt; General -&amp;amp;amp;amp;amp;gt; 8 posts per page +  * Settings -General -8 posts per page 
-  * Settings -&amp;amp;amp;amp;amp;gt; Discussion -&amp;amp;amp;amp;amp;gt; Show avatar +  * Settings -Discussion -Show avatar 
-    * Default Avatar -&amp;amp;amp;amp;amp;gt; Mytery Man +    * Default Avatar -Mytery Man 
-  * Users -&amp;amp;amp;amp;amp;gt; Your Profile -&amp;amp;amp;amp;amp;gt; Avatar: Choose picture +  * Users -Your Profile -Avatar: Choose picture 
-  * Dark mode is not enabled by default. To enable this feature go to Appearance &amp;amp;amp;amp;amp;gt; Customize &amp;amp;amp;amp;amp;gt; Dark Mode.+  * Dark mode is not enabled by default. To enable this feature go to Appearance Customize Dark Mode.
 Additional CSS for Ghost theme: Additional CSS for Ghost theme:
-&amp;amp;amp;amp;amp;lt;code css&amp;amp;amp;amp;amp;gt;+<code css>
 @media (max-width: 1400px) { @media (max-width: 1400px) {
- .single-post .post-content &amp;amp;amp;amp;amp;gt; p:first-child {+ .single-post .post-content p:first-child {
  font-size: 1em;  font-size: 1em;
  }  }
  
- .single-post .post-content &amp;amp;amp;amp;amp;gt; p, ul {+ .single-post .post-content p, ul {
  font-size: 0.8em;  font-size: 0.8em;
  }  }
   
- .single-post .post-content &amp;amp;amp;amp;amp;gt; h3 {+ .single-post .post-content h3 {
  padding-bottom: 0.8em;  padding-bottom: 0.8em;
  }  }
Line 1214: Line 1214:
  margin-bottom: 0.8em;  margin-bottom: 0.8em;
 } }
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 ==== co-authors-plus plugin ==== ==== co-authors-plus plugin ====
 template-Anpassung \\ template-Anpassung \\
 [[https://www.wpbeginner.com/plugins/allow-multiple-authors-to-be-associated-with-a-post-in-wordpress/|How to Add Multiple Authors (Co-Authors) for Posts in WordPress]] [[https://www.wpbeginner.com/plugins/allow-multiple-authors-to-be-associated-with-a-post-in-wordpress/|How to Add Multiple Authors (Co-Authors) for Posts in WordPress]]
-&amp;amp;amp;amp;amp;lt;file php /home/pi_wordpress/wordpress/functions-content.php&amp;amp;amp;amp;amp;gt; +<file php /home/pi_wordpress/wordpress/functions-content.php
 if ( function_exists( 'coauthors_posts_links' ) ) { if ( function_exists( 'coauthors_posts_links' ) ) {
     coauthors_posts_links();     coauthors_posts_links();
Line 1224: Line 1224:
     the_author_posts_link();     the_author_posts_link();
 } }
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 ===== invoiceninja ===== ===== invoiceninja =====
 on mysql.pi on mysql.pi
-&amp;amp;amp;amp;amp;lt;code sql&amp;amp;amp;amp;amp;gt;+<code sql>
 CREATE SCHEMA `ninja` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci; CREATE SCHEMA `ninja` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
 CREATE USER 'ninja'@'http.pi' IDENTIFIED BY '****'; CREATE USER 'ninja'@'http.pi' IDENTIFIED BY '****';
 GRANT ALL PRIVILEGES ON `ninja`.* TO 'ninja'@'http.pi'; GRANT ALL PRIVILEGES ON `ninja`.* TO 'ninja'@'http.pi';
 FLUSH PRIVILEGES; FLUSH PRIVILEGES;
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 on http.pi on http.pi
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S invoiceninja pacman -S invoiceninja
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/php/conf.d/composer.ini&amp;amp;amp;amp;amp;gt;+<file - /etc/php/conf.d/composer.ini>
 extension=gmp extension=gmp
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 cd /usr/share/webapps/invoiceninja cd /usr/share/webapps/invoiceninja
 sudo chown -R http:http storage public/logo bootstrap sudo chown -R http:http storage public/logo bootstrap
 sudo chown http:http . sudo chown http:http .
 sudo -u http composer install sudo -u http composer install
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/http.pi.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/caddy/conf.d/http.pi.conf>
 http://http.pi/invoiceninja { http://http.pi/invoiceninja {
         log /var/log/caddy/http.pi_access.log         log /var/log/caddy/http.pi_access.log
Line 1267: Line 1267:
 } }
 [...] [...]
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 Settings Settings
   * Localization   * Localization
Line 1278: Line 1278:
     * First Month of the Year: January     * First Month of the Year: January
 ===== invoiceplane ===== ===== invoiceplane =====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S invoiceplane composer grunt-cli pacman -S invoiceplane composer grunt-cli
 cd /usr/share/webapps/invoiceplane cd /usr/share/webapps/invoiceplane
Line 1286: Line 1286:
 sudo -u http grunt build sudo -u http grunt build
 cp ipconfig.php.example ipconfig.php cp ipconfig.php.example ipconfig.php
-wget &amp;amp;amp;amp;amp;quot;https://git.project-insanity.org/onny/invoiceplane-vtdirektmarketing/-/raw/master/vtdirektmarketing.php&amp;amp;amp;amp;amp;quot; -O /usr/share/webapps/invoiceplane/application/views/invoice_templates/pdf/vtdirektmarketing.php +wget "https://git.project-insanity.org/onny/invoiceplane-vtdirektmarketing/-/raw/master/vtdirektmarketing.php-O /usr/share/webapps/invoiceplane/application/views/invoice_templates/pdf/vtdirektmarketing.php 
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 Visit installation wizard at http://http.pi/invoiceplane/index.php/setup Visit installation wizard at http://http.pi/invoiceplane/index.php/setup
-&amp;amp;amp;amp;amp;lt;file - /usr/share/webapps/invoiceplane/ipconfig.php&amp;amp;amp;amp;amp;gt;+<file - /usr/share/webapps/invoiceplane/ipconfig.php>
 [...] [...]
 SETUP_COMPLETED=true SETUP_COMPLETED=true
Line 1297: Line 1297:
 DB_DATABASE=invoiceplane DB_DATABASE=invoiceplane
 DISABLE_SETUP=true DISABLE_SETUP=true
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/php-fpm.service.d/overwrite-rw-path.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/system/php-fpm.service.d/overwrite-rw-path.conf>
 [Service] [Service]
 [...] [...]
Line 1304: Line 1304:
 ReadWritePaths = /usr/share/webapps/invoiceplane/uploads/archive ReadWritePaths = /usr/share/webapps/invoiceplane/uploads/archive
 ReadWritePaths = /usr/share/webapps/invoiceplane/uploads/customer_files ReadWritePaths = /usr/share/webapps/invoiceplane/uploads/customer_files
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 Custom settings Custom settings
-  * Products -&amp;amp;amp;amp;amp;gt; Product units+  * Products -Product units
     * Add: ''Stk.'', ''Std.''     * Add: ''Stk.'', ''Std.''
-  * System-Einstellungen -&amp;amp;amp;amp;amp;gt; Rechnungen+  * System-Einstellungen -Rechnungen
     * Standard PDF Vorlage: vtdirektmarketing     * Standard PDF Vorlage: vtdirektmarketing
 ===== firefox account server ===== ===== firefox account server =====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacaur -S mozilla-firefox-account-server pacaur -S mozilla-firefox-account-server
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 ===== podcasttune ===== ===== podcasttune =====
 not yet stable not yet stable
 ===== dokuwiki ===== ===== dokuwiki =====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S dokuwiki dokuwiki-plugin-dw2pdf dokuwiki-template-argon pacman -S dokuwiki dokuwiki-plugin-dw2pdf dokuwiki-template-argon
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file php /etc/webapps/dokuwiki/local.php&amp;amp;amp;amp;amp;gt; +<file php /etc/webapps/dokuwiki/local.php> 
-&amp;amp;amp;amp;amp;lt;?php+<?php
 $conf['title'] = 'Project-Insanity'; $conf['title'] = 'Project-Insanity';
 $conf['userewrite' = 1; $conf['userewrite' = 1;
 $conf['template'   = 'argon'; $conf['template'   = 'argon';
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /usr/lib/dokuwiki/plugins/dw2pdf/conf/default.php&amp;amp;amp;amp;amp;gt;+<file - /usr/lib/dokuwiki/plugins/dw2pdf/conf/default.php>
 [...] [...]
 $conf['doublesided'     = 0; $conf['doublesided'     = 0;
 [...] [...]
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /usr/lib/dokuwiki/plugins/dw2pdf/tpl/default/style.css&amp;amp;amp;amp;amp;gt;+<file - /usr/lib/dokuwiki/plugins/dw2pdf/tpl/default/style.css>
 @page { @page {
     margin-left: 100px;     margin-left: 100px;
Line 1337: Line 1337:
  
 [...] [...]
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 usage: ''https://wiki.project-insanity.org/onny?do=export_pdf'' usage: ''https://wiki.project-insanity.org/onny?do=export_pdf''
   * Todo   * Todo
     * DSGVO complience     * DSGVO complience
 ===== gitlab ===== ===== gitlab =====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S yarn sendmail gitlab pacman -S yarn sendmail gitlab
 ln -s /usr/bin/vendor_perl/exiftool /usr/bin/exiftool # fix for https://gitlab.com/gitlab-org/gitlab-foss/-/issues/60853 ln -s /usr/bin/vendor_perl/exiftool /usr/bin/exiftool # fix for https://gitlab.com/gitlab-org/gitlab-foss/-/issues/60853
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 disable backups disable backups
-&amp;amp;amp;amp;amp;lt;file - /etc/webapps/gitlab/gitlab.yml&amp;amp;amp;amp;amp;gt;+<file - /etc/webapps/gitlab/gitlab.yml>
 [...] [...]
   gitlab:   gitlab:
Line 1356: Line 1356:
 [...] [...]
   #backup:   #backup:
-  #  path: &amp;amp;amp;amp;amp;quot;/var/lib/gitlab/backups&amp;amp;amp;amp;amp;quot;   # Relative paths are relative to Rails.root (default: tmp/backups/+  #  path: "/var/lib/gitlab/backups  # Relative paths are relative to Rails.root (default: tmp/backups/
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 configure database connection configure database connection
-&amp;amp;amp;amp;amp;lt;file - /etc/webapps/gitlab/database.yml&amp;amp;amp;amp;amp;gt;+<file - /etc/webapps/gitlab/database.yml>
 production: production:
   adapter: postgresql   adapter: postgresql
Line 1366: Line 1366:
   pool: 10   pool: 10
   username: gitlab   username: gitlab
-  password: &amp;amp;amp;amp;amp;quot;****&amp;amp;amp;amp;amp;quot;+  password: "****"
   host: mysql.pi   host: mysql.pi
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 on mysql.pi on mysql.pi
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt; +<code bash> 
-sudo -u postgres psql -d template1 -c &amp;amp;amp;amp;amp;quot;CREATE USER gitlab CREATEDB;&amp;amp;amp;amp;amp;quot; +sudo -u postgres psql -d template1 -c "CREATE USER gitlab CREATEDB;" 
-sudo -u postgres psql -d template1 -c &amp;amp;amp;amp;amp;quot;CREATE EXTENSION IF NOT EXISTS pg_trgm;&amp;amp;amp;amp;amp;quot; +sudo -u postgres psql -d template1 -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;" 
-sudo -u postgres psql -d template1 -c &amp;amp;amp;amp;amp;quot;CREATE DATABASE gitlabhq_production OWNER gitlab;&amp;amp;amp;amp;amp;quot; +sudo -u postgres psql -d template1 -c "CREATE DATABASE gitlabhq_production OWNER gitlab;" 
-sudo -u postgres psql -d template1 -c &amp;amp;amp;amp;amp;quot;ALTER USER gitlab WITH SUPERUSER;&amp;amp;amp;amp;amp;quot; +sudo -u postgres psql -d template1 -c "ALTER USER gitlab WITH SUPERUSER;" 
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 on http.pi on http.pi
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
  cd /usr/share/webapps/gitlab  cd /usr/share/webapps/gitlab
  sudo -u gitlab -H bundle exec rake assets:precompile RAILS_ENV=production  sudo -u gitlab -H bundle exec rake assets:precompile RAILS_ENV=production
  sudo -u gitlab -H bundle exec rake gitlab:setup RAILS_ENV=production  sudo -u gitlab -H bundle exec rake gitlab:setup RAILS_ENV=production
  systemctl enable --now gitlab-workhorse redis gitlab-puma gitlab-sidekiq gitlab-gitaly  systemctl enable --now gitlab-workhorse redis gitlab-puma gitlab-sidekiq gitlab-gitaly
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 Enable smtp, mail delivery Enable smtp, mail delivery
-&amp;amp;amp;amp;amp;lt;file ruby /etc/webapps/gitlab/smtp_settings.rb&amp;amp;amp;amp;amp;gt;+<file ruby /etc/webapps/gitlab/smtp_settings.rb>
 # To enable smtp email delivery for your GitLab instance do the following: # To enable smtp email delivery for your GitLab instance do the following:
 # 1. Rename this file to smtp_settings.rb # 1. Rename this file to smtp_settings.rb
Line 1399: Line 1399:
   ActionMailer::Base.delivery_method = :smtp   ActionMailer::Base.delivery_method = :smtp
   ActionMailer::Base.smtp_settings = {   ActionMailer::Base.smtp_settings = {
-    address: &amp;amp;amp;amp;amp;quot;mail.pi&amp;amp;amp;amp;amp;quot;,+    address: "mail.pi",
     port: 25,     port: 25,
-    user_name: &amp;amp;amp;amp;amp;quot;git@project-insanity.org&amp;amp;amp;amp;amp;quot;+    user_name: "git@project-insanity.org"
-    password: &amp;amp;amp;amp;amp;quot;****&amp;amp;amp;amp;amp;quot;+    password: "****"
-    domain: &amp;amp;amp;amp;amp;quot;project-insanity.org&amp;amp;amp;amp;amp;quot;,+    domain: "project-insanity.org",
     authentication: :login,     authentication: :login,
     enable_starttls_auto: false,     enable_starttls_auto: false,
Line 1409: Line 1409:
   }   }
 end end
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 further general mail settings further general mail settings
-&amp;amp;amp;amp;amp;lt;file - /etc/webapps/gitlab/gitlab.yml&amp;amp;amp;amp;amp;gt;+<file - /etc/webapps/gitlab/gitlab.yml>
    ## Email settings    ## Email settings
     # Uncomment and set to false if you need to disable email sending from GitLab (default: true)     # Uncomment and set to false if you need to disable email sending from GitLab (default: true)
     email_enabled: true     email_enabled: true
-    # Email address used in the &amp;amp;amp;amp;amp;quot;From&amp;amp;amp;amp;amp;quot; field in mails sent by GitLab+    # Email address used in the "Fromfield in mails sent by GitLab
     email_from: noreply@project-insanity.org     email_from: noreply@project-insanity.org
     email_display_name: GitLab     email_display_name: GitLab
     email_reply_to: noreply@project-insanity.org     email_reply_to: noreply@project-insanity.org
     email_subject_suffix: ''     email_subject_suffix: ''
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 Auto migrate on pacman update Auto migrate on pacman update
-&amp;amp;amp;amp;amp;lt;file - /etc/pacman.d/hooks/gitlab.hook&amp;amp;amp;amp;amp;gt;+<file - /etc/pacman.d/hooks/gitlab.hook>
 # Update Gitlab when core or other Gitlab daemons are touched # Update Gitlab when core or other Gitlab daemons are touched
  
Line 1435: Line 1435:
 Description = Updating Gitlab installation Description = Updating Gitlab installation
 When = PostTransaction When = PostTransaction
-Exec = /usr/bin/sh -c &amp;amp;amp;amp;amp;quot;/usr/bin/systemctl restart gitlab-workhorse gitlab-puma gitlab-sidekiq gitlab-gitaly &amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp; cd /usr/share/webapps/gitlab &amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp; /usr/bin/sudo -u gitlab $(cat /usr/share/webapps/gitlab/environment | xargs) /usr/bin/bash -c 'cd /usr/share/webapps/gitlab; bundle-2.7 exec rake db:migrate'&amp;amp;amp;amp;amp;quot; +Exec = /usr/bin/sh -c "/usr/bin/systemctl restart gitlab-workhorse gitlab-puma gitlab-sidekiq gitlab-gitaly && cd /usr/share/webapps/gitlab && /usr/bin/sudo -u gitlab $(cat /usr/share/webapps/gitlab/environment | xargs) /usr/bin/bash -c 'cd /usr/share/webapps/gitlab; bundle-2.7 exec rake db:migrate'" 
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/webapps/gitlab/secrets.yml&amp;amp;amp;amp;amp;gt;+<file - /etc/webapps/gitlab/secrets.yml>
 **** ****
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt; +<code bash> 
-hexdump -v -n 64 -e '1/&amp;amp;amp;amp;amp;quot;%02x&amp;amp;amp;amp;amp;quot;' /dev/urandom &amp;amp;amp;amp;amp;gt; /etc/webapps/gitlab/secret +hexdump -v -n 64 -e '1/"%02x"' /dev/urandom /etc/webapps/gitlab/secret 
-hexdump -v -n 64 -e '1/&amp;amp;amp;amp;amp;quot;%02x&amp;amp;amp;amp;amp;quot;' /dev/urandom &amp;amp;amp;amp;amp;gt; /etc/webapps/gitlab-shell/secret+hexdump -v -n 64 -e '1/"%02x"' /dev/urandom /etc/webapps/gitlab-shell/secret
 chown root:gitlab /etc/webapps/gitlab/secret /etc/webapps/gitlab-shell/secret chown root:gitlab /etc/webapps/gitlab/secret /etc/webapps/gitlab-shell/secret
 chmod 640 /etc/webapps/gitlab/secret /etc/webapps/gitlab-shell/secret chmod 640 /etc/webapps/gitlab/secret /etc/webapps/gitlab-shell/secret
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 misc settings: misc settings:
   * enable recaptcha for registration https://docs.gitlab.com/ee/integration/recaptcha.html   * enable recaptcha for registration https://docs.gitlab.com/ee/integration/recaptcha.html
-  * disable ssh git protocol: Admin -&amp;amp;amp;amp;amp;gt; Settings -&amp;amp;amp;amp;amp;gt; Expand &amp;amp;amp;amp;amp;quot;Visibility and access controls&amp;amp;amp;amp;amp;quot; -&amp;amp;amp;amp;amp;gt; For &amp;amp;amp;amp;amp;quot;Enabled Git access protocols&amp;amp;amp;amp;amp;quot; select &amp;amp;amp;amp;amp;quot;Only HTTP(S)&amp;amp;amp;amp;amp;quot;+  * disable ssh git protocol: Admin -Settings -Expand "Visibility and access controls-For "Enabled Git access protocolsselect "Only HTTP(S)"
 ===== onlyoffice documentserver ===== ===== onlyoffice documentserver =====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S npm nodejs rabbitmq redis onlyoffice-documentserver pacman -S npm nodejs rabbitmq redis onlyoffice-documentserver
 ln -s /usr/share/libalpm/hooks/onlyoffice-documentserver.hook /etc/pacman.d/hooks/ ln -s /usr/share/libalpm/hooks/onlyoffice-documentserver.hook /etc/pacman.d/hooks/
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 on mysql.pi on mysql.pi
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt; +<code bash> 
-sudo -i -u postgres psql -c &amp;amp;amp;amp;amp;quot;CREATE DATABASE onlyoffice;&amp;amp;amp;amp;amp;quot; +sudo -i -u postgres psql -c "CREATE DATABASE onlyoffice;" 
-sudo -i -u postgres psql -c &amp;amp;amp;amp;amp;quot;CREATE USER onlyoffice WITH password 'onlyoffice';&amp;amp;amp;amp;amp;quot; +sudo -i -u postgres psql -c "CREATE USER onlyoffice WITH password 'onlyoffice';" 
-sudo -i -u postgres psql -c &amp;amp;amp;amp;amp;quot;GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;&amp;amp;amp;amp;amp;quot;+sudo -i -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;"
 psql -hmysql.pi -Uonlyoffice -d onlyoffice -f /usr/share/webapps/onlyoffice/documentserver/server/schema/postgresql/createdb.sql psql -hmysql.pi -Uonlyoffice -d onlyoffice -f /usr/share/webapps/onlyoffice/documentserver/server/schema/postgresql/createdb.sql
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/office.project-insanity.org.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/caddy/conf.d/office.project-insanity.org.conf>
 office.project-insanity.org { office.project-insanity.org {
     log /var/log/caddy/office.project-insanity.org_access.log     log /var/log/caddy/office.project-insanity.org_access.log
Line 1487: Line 1487:
     }     }
 } }
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/webapps/onlyoffice/documentserver/default.json&amp;amp;amp;amp;amp;gt;+<file - /etc/webapps/onlyoffice/documentserver/default.json>
 [...] [...]
-                        &amp;amp;amp;amp;amp;quot;sql&amp;amp;amp;amp;amp;quot;: { +                        "sql": { 
-                                &amp;amp;amp;amp;amp;quot;type&amp;amp;amp;amp;amp;quot;&amp;amp;amp;amp;amp;quot;postgres&amp;amp;amp;amp;amp;quot;+                                "type""postgres"
-                                &amp;amp;amp;amp;amp;quot;tableChanges&amp;amp;amp;amp;amp;quot;&amp;amp;amp;amp;amp;quot;doc_changes&amp;amp;amp;amp;amp;quot;+                                "tableChanges""doc_changes"
-                                &amp;amp;amp;amp;amp;quot;tableResult&amp;amp;amp;amp;amp;quot;&amp;amp;amp;amp;amp;quot;task_result&amp;amp;amp;amp;amp;quot;+                                "tableResult""task_result"
-                                &amp;amp;amp;amp;amp;quot;dbHost&amp;amp;amp;amp;amp;quot;&amp;amp;amp;amp;amp;quot;mysql.pi&amp;amp;amp;amp;amp;quot;+                                "dbHost""mysql.pi"
-                                &amp;amp;amp;amp;amp;quot;dbPort&amp;amp;amp;amp;amp;quot;: 5432, +                                "dbPort": 5432, 
-                                &amp;amp;amp;amp;amp;quot;dbName&amp;amp;amp;amp;amp;quot;&amp;amp;amp;amp;amp;quot;onlyoffice&amp;amp;amp;amp;amp;quot;+                                "dbName""onlyoffice"
-                                &amp;amp;amp;amp;amp;quot;dbUser&amp;amp;amp;amp;amp;quot;&amp;amp;amp;amp;amp;quot;onlyoffice&amp;amp;amp;amp;amp;quot;+                                "dbUser""onlyoffice"
-                                &amp;amp;amp;amp;amp;quot;dbPass&amp;amp;amp;amp;amp;quot;&amp;amp;amp;amp;amp;quot;onlyoffice&amp;amp;amp;amp;amp;quot;+                                "dbPass""onlyoffice"
-                                &amp;amp;amp;amp;amp;quot;charset&amp;amp;amp;amp;amp;quot;&amp;amp;amp;amp;amp;quot;utf8&amp;amp;amp;amp;amp;quot;+                                "charset""utf8"
-                                &amp;amp;amp;amp;amp;quot;connectionlimit&amp;amp;amp;amp;amp;quot;: 10, +                                "connectionlimit": 10, 
-                                &amp;amp;amp;amp;amp;quot;max_allowed_packet&amp;amp;amp;amp;amp;quot;: 1048575+                                "max_allowed_packet": 1048575
                         },                         },
 [...] [...]
-       &amp;amp;amp;amp;amp;quot;SpellChecker&amp;amp;amp;amp;amp;quot;: { +       "SpellChecker": { 
-                &amp;amp;amp;amp;amp;quot;server&amp;amp;amp;amp;amp;quot;: { +                "server": { 
-                        &amp;amp;amp;amp;amp;quot;port&amp;amp;amp;amp;amp;quot;: 8081, +                        "port": 8081, 
-                        &amp;amp;amp;amp;amp;quot;mode&amp;amp;amp;amp;amp;quot;&amp;amp;amp;amp;amp;quot;development&amp;amp;amp;amp;amp;quot;+                        "mode""development"
                 }                 }
         }         }
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/hosts&amp;amp;amp;amp;amp;gt;+<file - /etc/hosts>
 10.25.0.100 nextcloud.project-insanity.org 10.25.0.100 nextcloud.project-insanity.org
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 systemctl enable --now rabbitmq redis onlyoffice-docservice onlyoffice-fileconverter onlyoffice-spellchecker systemctl enable --now rabbitmq redis onlyoffice-docservice onlyoffice-fileconverter onlyoffice-spellchecker
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 ==== officepad ==== ==== officepad ====
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/officepad.service&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/system/officepad.service>
 [Unit] [Unit]
 Description=Documentserver integration example Description=Documentserver integration example
Line 1529: Line 1529:
 [Install] [Install]
 WantedBy=basic.target WantedBy=basic.target
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 sudo git clone git clone https://git.project-insanity.org/onny/officepad.git /usr/share/webapps/officepad sudo git clone git clone https://git.project-insanity.org/onny/officepad.git /usr/share/webapps/officepad
 sudo chown -R http:http /usr/share/webapps/officepad sudo chown -R http:http /usr/share/webapps/officepad
 systemd daemon-reload systemd daemon-reload
 systemctl enable --now officepad systemctl enable --now officepad
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /usr/share/webapps/officepad/config/default.json&amp;amp;amp;amp;amp;gt;+<file - /usr/share/webapps/officepad/config/default.json>
 [...] [...]
-siteUrl&amp;amp;amp;amp;amp;quot;&amp;amp;amp;amp;amp;quot;https://bwsas-prod-oo-02.lsdf.kit.edu/&amp;amp;amp;amp;amp;quot;+siteUrl""https://bwsas-prod-oo-02.lsdf.kit.edu/"
 [...] [...]
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
  ===== nextcloud =====  ===== nextcloud =====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S php-imagick php-intl nextcloud nextcloud-app-twofactor-gateway nextcloud-app-audioplayer nextcloud-app-polls nextcloud-app-extract nextcloud-app-suspicious-login nextcloud nextcloud-app-mail nextcloud-app-news nextcloud-app-calendar nextcloud-app-contacts nextcloud-app-keeweb nextcloud-app-deck nextcloud-app-onlyoffice nextcloud-app-bookmarks nextcloud-app-notes nextcloud-app-talk nextcloud-integration-github nextcloud-integration-twitter nextcloud-integration-reddit nextcloud-integration-discourse nextcloud-app-radio nextcloud-app-podcast pacman -S php-imagick php-intl nextcloud nextcloud-app-twofactor-gateway nextcloud-app-audioplayer nextcloud-app-polls nextcloud-app-extract nextcloud-app-suspicious-login nextcloud nextcloud-app-mail nextcloud-app-news nextcloud-app-calendar nextcloud-app-contacts nextcloud-app-keeweb nextcloud-app-deck nextcloud-app-onlyoffice nextcloud-app-bookmarks nextcloud-app-notes nextcloud-app-talk nextcloud-integration-github nextcloud-integration-twitter nextcloud-integration-reddit nextcloud-integration-discourse nextcloud-app-radio nextcloud-app-podcast
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/php/php-fpm.d/www.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/php/php-fpm.d/www.conf>
 env[PATH] = /usr/local/bin:/usr/bin:/bin env[PATH] = /usr/local/bin:/usr/bin:/bin
 env[TMP] = /tmp env[TMP] = /tmp
 env[TMPDIR] = /tmp env[TMPDIR] = /tmp
 env[TEMP] = /tmp env[TEMP] = /tmp
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 php performance optimizations php performance optimizations
-&amp;amp;amp;amp;amp;lt;file - /etc/php/conf.d/nextcloud.ini&amp;amp;amp;amp;amp;gt;+<file - /etc/php/conf.d/nextcloud.ini>
 memory_limit = 512M memory_limit = 512M
  
Line 1574: Line 1574:
  
 apc.enable_cli=1 apc.enable_cli=1
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /usr/share/webapps/nextcloud/conf/config.php&amp;amp;amp;amp;amp;gt; +<file - /usr/share/webapps/nextcloud/conf/config.php> 
-&amp;amp;amp;amp;amp;lt;?php+<?php
 $CONFIG = array ( $CONFIG = array (
-  'instanceid' =&amp;amp;amp;amp;amp;gt; '****', +  'instanceid' ='****', 
-  'passwordsalt' =&amp;amp;amp;amp;amp;gt; '****', +  'passwordsalt' ='****', 
-  'datadirectory' =&amp;amp;amp;amp;amp;gt; '/usr/share/webapps/nextcloud/data', +  'datadirectory' ='/usr/share/webapps/nextcloud/data', 
-  'dbtype' =&amp;amp;amp;amp;amp;gt; 'mysql', +  'dbtype' ='mysql', 
-  'version' =&amp;amp;amp;amp;amp;gt; '19.0.0.12', +  'version' ='19.0.0.12', 
-  'dbname' =&amp;amp;amp;amp;amp;gt; 'nextcloud', +  'dbname' ='nextcloud', 
-  'dbhost' =&amp;amp;amp;amp;amp;gt; 'mysql.pi', +  'dbhost' ='mysql.pi', 
-  'dbtableprefix' =&amp;amp;amp;amp;amp;gt; 'oc_', +  'dbtableprefix' ='oc_', 
-  'mysql.utf8mb4' =&amp;amp;amp;amp;amp;gt; true, +  'mysql.utf8mb4' =true, 
-  'dbuser' =&amp;amp;amp;amp;amp;gt; 'nextcloud', +  'dbuser' ='nextcloud', 
-  'dbpassword' =&amp;amp;amp;amp;amp;gt; '****', +  'dbpassword' ='****', 
-  'installed' =&amp;amp;amp;amp;amp;gt; true, +  'installed' =true, 
-  'theme' =&amp;amp;amp;amp;amp;gt; '', +  'theme' ='', 
-  'maintenance' =&amp;amp;amp;amp;amp;gt; false, +  'maintenance' =false, 
-  'loglevel' =&amp;amp;amp;amp;amp;gt; 0, +  'loglevel' =0, 
-  'cron_log' =&amp;amp;amp;amp;amp;gt; true, +  'cron_log' =true, 
-  'maxZipInputSize' =&amp;amp;amp;amp;amp;gt; 5145728000, +  'maxZipInputSize' =5145728000, 
-  'allowZipDownload' =&amp;amp;amp;amp;amp;gt; true, +  'allowZipDownload' =true, 
-  'memcache.local' =&amp;amp;amp;amp;amp;gt; '\\OC\\Memcache\\APCu', +  'memcache.local' ='\\OC\\Memcache\\APCu', 
-  'allow_local_remote_servers' =&amp;amp;amp;amp;amp;gt; true, +  'allow_local_remote_servers' =true, 
-  'trusted_domains' =&amp;amp;amp;amp;amp;gt; +  'trusted_domains' =
   array (   array (
-    0 =&amp;amp;amp;amp;amp;gt; 'nextcloud.project-insanity.org', +    0 ='nextcloud.project-insanity.org', 
-    1 =&amp;amp;amp;amp;amp;gt; 'http.pi', +    1 ='http.pi', 
-    2 =&amp;amp;amp;amp;amp;gt; 'office.project-insanity.org',+    2 ='office.project-insanity.org',
   ),   ),
-  'secret' =&amp;amp;amp;amp;amp;gt; '****', +  'secret' ='****', 
-  'mail_domain' =&amp;amp;amp;amp;amp;gt; 'project-insanity.org', +  'mail_domain' ='project-insanity.org', 
-  'mail_smtpmode' =&amp;amp;amp;amp;amp;gt; 'php', +  'mail_smtpmode' ='php', 
-  'mail_from_address' =&amp;amp;amp;amp;amp;gt; 'nextcloud', +  'mail_from_address' ='nextcloud', 
-  'trashbin_retention_obligation' =&amp;amp;amp;amp;amp;gt; 'auto', +  'trashbin_retention_obligation' ='auto', 
-  'updatechecker' =&amp;amp;amp;amp;amp;gt; false, +  'updatechecker' =false, 
-  'has_internet_connection' =&amp;amp;amp;amp;amp;gt; false, +  'has_internet_connection' =false, 
-  'app.mail.verify-tls-peer' =&amp;amp;amp;amp;amp;gt; false, +  'app.mail.verify-tls-peer' =false, 
-  'app_install_overwrite' =&amp;amp;amp;amp;amp;gt; +  'app_install_overwrite' =
   array (   array (
-    0 =&amp;amp;amp;amp;amp;gt; 'apporder', +    0 ='apporder', 
-    1 =&amp;amp;amp;amp;amp;gt; 'keeweb', +    1 ='keeweb', 
-    2 =&amp;amp;amp;amp;amp;gt; 'tasks', +    2 ='tasks', 
-    3 =&amp;amp;amp;amp;amp;gt; 'weather', +    3 ='weather', 
-    4 =&amp;amp;amp;amp;amp;gt; 'audioplayer', +    4 ='audioplayer', 
-    5 =&amp;amp;amp;amp;amp;gt; 'files_ebookreader', +    5 ='files_ebookreader', 
-    6 =&amp;amp;amp;amp;amp;gt; 'extract', +    6 ='extract', 
-    7 =&amp;amp;amp;amp;amp;gt; 'polls', +    7 ='polls', 
-    8 =&amp;amp;amp;amp;amp;gt; 'onlyoffice', +    8 ='onlyoffice', 
-    9 =&amp;amp;amp;amp;amp;gt; 'drawio',+    9 ='drawio',
   ),   ),
 ); );
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-Due to [[https://bugs.archlinux.org/task/64689?project=5&amp;amp;amp;amp;amp;amp;string=nextcloud|packaging bug]] and hardened php-fpm.service file, an unit file overwrite is required: +Due to [[https://bugs.archlinux.org/task/64689?project=5&string=nextcloud|packaging bug]] and hardened php-fpm.service file, an unit file overwrite is required: 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/php-fpm.service.d/overwrite-rw-path.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/system/php-fpm.service.d/overwrite-rw-path.conf>
 [Service] [Service]
 [...] [...]
Line 1635: Line 1635:
 ReadWritePaths = /etc/webapps/nextcloud/config/ ReadWritePaths = /etc/webapps/nextcloud/config/
 ReadWritePaths = /usr/share/webapps/wordpress/wp-content ReadWritePaths = /usr/share/webapps/wordpress/wp-content
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 Auto upgrade on pacman update Auto upgrade on pacman update
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 ln -sv /usr/share/doc/nextcloud/nextcloud.hook /etc/pacman.d/hooks/ ln -sv /usr/share/doc/nextcloud/nextcloud.hook /etc/pacman.d/hooks/
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/pacman.d/hooks/nextcloud-enable-apps.hook&amp;amp;amp;amp;amp;gt;+<file - /etc/pacman.d/hooks/nextcloud-enable-apps.hook>
 # Update Nextcloud when core or -apps are touched # Update Nextcloud when core or -apps are touched
  
Line 1653: Line 1653:
 Description = Updating Nextcloud installation Description = Updating Nextcloud installation
 When = PostTransaction When = PostTransaction
-Exec = /usr/bin/sh -c &amp;amp;amp;amp;amp;quot;/usr/bin/chown -R nextcloud:nextcloud /usr/share/webapps/nextcloud/apps &amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp; /usr/bin/sudo -u nextcloud /usr/bin/php /usr/share/webapps/nextcloud/occ app:enable twofactor_gateway audioplayer polls extract suspicious_login mail news calendar contacts keeweb deck onlyoffice bookmarks notes talk integration_github integration_twitter integration_reddit integration_discourse radio podcast&amp;amp;amp;amp;amp;quot; +Exec = /usr/bin/sh -c "/usr/bin/chown -R nextcloud:nextcloud /usr/share/webapps/nextcloud/apps && /usr/bin/sudo -u nextcloud /usr/bin/php /usr/share/webapps/nextcloud/occ app:enable twofactor_gateway audioplayer polls extract suspicious_login mail news calendar contacts keeweb deck onlyoffice bookmarks notes talk integration_github integration_twitter integration_reddit integration_discourse radio podcast" 
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 Nextcloud background job (cron) Nextcloud background job (cron)
-&amp;amp;amp;amp;amp;lt;file -/etc/systemd/system/nextcloudcron.service&amp;amp;amp;amp;amp;gt;+<file -/etc/systemd/system/nextcloudcron.service>
 [Unit] [Unit]
 Description=Nextcloud cron.php job Description=Nextcloud cron.php job
Line 1666: Line 1666:
 [Install] [Install]
 WantedBy=basic.target WantedBy=basic.target
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/nextcloudcron.timer&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/system/nextcloudcron.timer>
 [Unit] [Unit]
 Description=Run Nextcloud cron.php every 15 minutes Description=Run Nextcloud cron.php every 15 minutes
Line 1678: Line 1678:
 [Install] [Install]
 WantedBy=timers.target WantedBy=timers.target
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 systemctl enable --now nextcloudcron.timer systemctl enable --now nextcloudcron.timer
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 Add additional mimetype for keeweb app Add additional mimetype for keeweb app
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 cd /usr/share/webapps/nextcloud cd /usr/share/webapps/nextcloud
 cp resources/config/mimetypemapping.dist.json config/mimetypemapping.json cp resources/config/mimetypemapping.dist.json config/mimetypemapping.json
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 add kdbx line to json config add kdbx line to json config
-&amp;amp;amp;amp;amp;lt;file - /usr/share/webapps/nextcloud/config/mimetypemapping.json&amp;amp;amp;amp;amp;gt;+<file - /usr/share/webapps/nextcloud/config/mimetypemapping.json>
 [...] [...]
-        &amp;amp;amp;amp;amp;quot;_comment4&amp;amp;amp;amp;amp;quot;&amp;amp;amp;amp;amp;quot;Any changes you make here will be overwritten on an update of Nextcloud&amp;amp;amp;amp;amp;quot;+        "_comment4""Any changes you make here will be overwritten on an update of Nextcloud"
-        &amp;amp;amp;amp;amp;quot;_comment5&amp;amp;amp;amp;amp;quot;&amp;amp;amp;amp;amp;quot;Put any custom mappings in a new file mimetypemapping.json in the config/ folder of Nextcloud&amp;amp;amp;amp;amp;quot;,+        "_comment5""Put any custom mappings in a new file mimetypemapping.json in the config/ folder of Nextcloud",
  
-        &amp;amp;amp;amp;amp;quot;kdbx&amp;amp;amp;amp;amp;quot;: [&amp;amp;amp;amp;amp;quot;x-application/kdbx&amp;amp;amp;amp;amp;quot;], +        "kdbx": ["x-application/kdbx"], 
-        &amp;amp;amp;amp;amp;quot;3gp&amp;amp;amp;amp;amp;quot;: [&amp;amp;amp;amp;amp;quot;video/3gpp&amp;amp;amp;amp;amp;quot;], +        "3gp": ["video/3gpp"], 
-        &amp;amp;amp;amp;amp;quot;7z&amp;amp;amp;amp;amp;quot;: [&amp;amp;amp;amp;amp;quot;application/x-7z-compressed&amp;amp;amp;amp;amp;quot;],+        "7z": ["application/x-7z-compressed"],
 [...] [...]
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 occ app:enable twofactor_gateway audioplayer polls extract suspicious_login mail news calendar contacts keeweb deck onlyoffice bookmarks notes talk integration_github integration_twitter integration_reddit integration_discourse radio podcast occ app:enable twofactor_gateway audioplayer polls extract suspicious_login mail news calendar contacts keeweb deck onlyoffice bookmarks notes talk integration_github integration_twitter integration_reddit integration_discourse radio podcast
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 ==== mail ==== ==== mail ====
 disable ssl verification of imap/smpt host disable ssl verification of imap/smpt host
-&amp;amp;amp;amp;amp;lt;file - /usr/share/webapps/nextcloud/config/config.php&amp;amp;amp;amp;amp;gt;+<file - /usr/share/webapps/nextcloud/config/config.php>
 [...] [...]
-  'app.mail.verify-tls-peer' =&amp;amp;amp;amp;amp;gt; false,+  'app.mail.verify-tls-peer' =false,
 [...] [...]
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 ==== twofactor_gateway ==== ==== twofactor_gateway ====
 disposible phone number registration http://www.getsmscode.com disposible phone number registration http://www.getsmscode.com
-&amp;amp;amp;amp;amp;lt;file - /etc/webapps/signal-web-gateway/config.yml&amp;amp;amp;amp;amp;gt;+<file - /etc/webapps/signal-web-gateway/config.yml>
 [...] [...]
-tel: &amp;amp;amp;amp;amp;quot;+1774****&amp;amp;amp;amp;amp;quot;+tel: "+1774****"
 [...] [...]
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 cd /usr/share/webapps/nextcloud cd /usr/share/webapps/nextcloud
 sudo -u http ./occ twofactorauth:gateway:configure signal # leave default options (press return) sudo -u http ./occ twofactorauth:gateway:configure signal # leave default options (press return)
Line 1721: Line 1721:
 sudo -u signal signal-web-gateway # enter verification sudo -u signal signal-web-gateway # enter verification
 systemctl enable --now signal-web-gateway systemctl enable --now signal-web-gateway
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-  * Activate 2FA in ''Settings -&amp;amp;amp;amp;amp;gt; Security (User)''+  * Activate 2FA in ''Settings -Security (User)''
     * Enter your phone number and press verify     * Enter your phone number and press verify
  
 ==== onlyoffice ==== ==== onlyoffice ====
-  * Paste in ''Settings -&amp;amp;amp;amp;amp;gt; ONLYOFFICE'' the ''Document Editing Service address'' to ''https://office.project-insanity.org''+  * Paste in ''Settings -ONLYOFFICE'' the ''Document Editing Service address'' to ''https://office.project-insanity.org''
 ==== mantainance ==== ==== mantainance ====
 Run file integrity checks Run file integrity checks
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 sudo -u http /usr/share/webapps/nextcloud/occ integrity:check-app sudo -u http /usr/share/webapps/nextcloud/occ integrity:check-app
 sudo -u http /usr/share/webapps/nextcloud/occ integrity:check-core sudo -u http /usr/share/webapps/nextcloud/occ integrity:check-core
 sudo -u http /usr/share/webapps/nextcloud/occ files:scan --all sudo -u http /usr/share/webapps/nextcloud/occ files:scan --all
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 ===== phpmyadmin ===== ===== phpmyadmin =====
-&amp;amp;amp;amp;amp;lt;file - /etc/webapps/phpmyadmin/config.inc.php&amp;amp;amp;amp;amp;gt;+<file - /etc/webapps/phpmyadmin/config.inc.php>
 [...] [...]
 /* Server parameters */ /* Server parameters */
Line 1741: Line 1741:
 $cfg['Servers'][$i]['compress'] = false; $cfg['Servers'][$i]['compress'] = false;
 [...] [...]
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
  
  
 ===== cockpit ===== ===== cockpit =====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S cockpit pacman -S cockpit
 systemctl enable --now cockpit pmcd systemctl enable --now cockpit pmcd
Line 1752: Line 1752:
 nft add rule inet filter input position 17 ip saddr 10.25.40.0/24 tcp dport 9090 accept nft add rule inet filter input position 17 ip saddr 10.25.40.0/24 tcp dport 9090 accept
 nft add rule inet filter input position 17 ip6 saddr 2a01:4f8:191:327::0/64 tcp dport 9090 accept nft add rule inet filter input position 17 ip6 saddr 2a01:4f8:191:327::0/64 tcp dport 9090 accept
-nft list ruleset &amp;amp;amp;amp;amp;gt; /etc/nftables.conf +nft list ruleset /etc/nftables.conf 
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/sudoers&amp;amp;amp;amp;amp;gt;+<file - /etc/sudoers>
 [...] [...]
 cockpit ALL=(ALL) ALL cockpit ALL=(ALL) ALL
 [...] [...]
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/pam.d/cockpit&amp;amp;amp;amp;amp;gt;+<file - /etc/pam.d/cockpit>
 #%PAM-1.0 #%PAM-1.0
  
Line 1776: Line 1776:
 session   required  pam_unix.so session   required  pam_unix.so
 session   optional  pam_permit.so session   optional  pam_permit.so
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
  
 ===== outline ===== ===== outline =====
 on http.pi on http.pi
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S outline pacman -S outline
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/webapps/outline/.env&amp;amp;amp;amp;amp;gt;+<file - /etc/webapps/outline/.env>
 [...] [...]
 SECRET_KEY=**** SECRET_KEY=****
Line 1790: Line 1790:
 URL=http://playground.pi:3000 URL=http://playground.pi:3000
 FORCE_HTTPS=false FORCE_HTTPS=false
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 on mysql.pi on mysql.pi
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt; +<code bash> 
-sudo -i -u postgres psql -c &amp;amp;amp;amp;amp;quot;CREATE DATABASE outline;&amp;amp;amp;amp;amp;quot; +sudo -i -u postgres psql -c "CREATE DATABASE outline;" 
-sudo -i -u postgres psql -c &amp;amp;amp;amp;amp;quot;CREATE USER outline WITH password 'outline';&amp;amp;amp;amp;amp;quot; +sudo -i -u postgres psql -c "CREATE USER outline WITH password 'outline';" 
-sudo -i -u postgres psql -c &amp;amp;amp;amp;amp;quot;GRANT ALL privileges ON DATABASE outline TO outline;&amp;amp;amp;amp;amp;quot; +sudo -i -u postgres psql -c "GRANT ALL privileges ON DATABASE outline TO outline;" 
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 on http.pi on http.pi
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 cd /usr/share/webapps/outline cd /usr/share/webapps/outline
 npm run sequelize:migrate npm run sequelize:migrate
 systemctl enable --now outline systemctl enable --now outline
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
  
 ====== storage.pi ====== ====== storage.pi ======
 ===== kol ha campus archive radio stream ===== ===== kol ha campus archive radio stream =====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S vlc pulseaudio pacman -S vlc pulseaudio
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/106fm_archive_stream.service&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/system/106fm_archive_stream.service>
 [Unit] [Unit]
 Description=160fm.co.il archive radio stream server Description=160fm.co.il archive radio stream server
Line 1817: Line 1817:
 User=onny User=onny
 Type=simple Type=simple
-ExecStart=/usr/bin/cvlc -A pulse,none /home/onny/bash-kolhaas-archive/archived --loop --random --sout-keep --sout '#transcode{acodec=opus}:duplicate{dst=display{delay=6000},dst=gather:std{mux=ffmpeg{mux=opus},dst=:8080,access=http},select=&amp;amp;amp;amp;amp;quot;novideo&amp;amp;amp;amp;amp;quot;}'+ExecStart=/usr/bin/cvlc -A pulse,none /home/onny/bash-kolhaas-archive/archived --loop --random --sout-keep --sout '#transcode{acodec=opus}:duplicate{dst=display{delay=6000},dst=gather:std{mux=ffmpeg{mux=opus},dst=:8080,access=http},select="novideo"}'
 Restart=on-abort Restart=on-abort
  
 [Install] [Install]
 WantedBy=multi-user.target WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /usr/lib/systemd/system/pulseaudio.service&amp;amp;amp;amp;amp;gt;+<file - /usr/lib/systemd/system/pulseaudio.service>
 [Unit] [Unit]
 Description=PulseAudio system server Description=PulseAudio system server
Line 1833: Line 1833:
 [Install] [Install]
 WantedBy=multi-user.target WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /usr/share/dbus-1/system.d/pulseaudio.conf&amp;amp;amp;amp;amp;gt; +<file - /usr/share/dbus-1/system.d/pulseaudio.conf> 
-&amp;amp;amp;amp;amp;lt;?xml version=&amp;amp;amp;amp;amp;quot;1.0&amp;amp;amp;amp;amp;quot;?&amp;amp;amp;amp;amp;gt; &amp;amp;amp;amp;amp;lt;!--*-nxml-*--&amp;amp;amp;amp;amp;gt; +<?xml version="1.0"?> <!--*-nxml-*--> 
-&amp;amp;amp;amp;amp;lt;!DOCTYPE busconfig PUBLIC &amp;amp;amp;amp;amp;quot;-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN&amp;amp;amp;amp;amp;quot; +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" 
- &amp;amp;amp;amp;amp;quot;http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd&amp;amp;amp;amp;amp;quot;&amp;amp;amp;amp;amp;gt; + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> 
-&amp;amp;amp;amp;amp;lt;busconfig&amp;amp;amp;amp;amp;gt; +<busconfig> 
-    &amp;amp;amp;amp;amp;lt;policy group=&amp;amp;amp;amp;amp;quot;pulse&amp;amp;amp;amp;amp;quot;&amp;amp;amp;amp;amp;gt; +    <policy group="pulse"> 
-        &amp;amp;amp;amp;amp;lt;allow own=&amp;amp;amp;amp;amp;quot;org.pulseaudio.Server&amp;amp;amp;amp;amp;quot;/&amp;amp;amp;amp;amp;gt; +        <allow own="org.pulseaudio.Server"/> 
-    &amp;amp;amp;amp;amp;lt;/policy&amp;amp;amp;amp;amp;gt;+    </policy>
  
-    &amp;amp;amp;amp;amp;lt;policy context=&amp;amp;amp;amp;amp;quot;default&amp;amp;amp;amp;amp;quot;&amp;amp;amp;amp;amp;gt; +    <policy context="default"> 
-        &amp;amp;amp;amp;amp;lt;allow send_destination=&amp;amp;amp;amp;amp;quot;org.pulseaudio.Server&amp;amp;amp;amp;amp;quot;/&amp;amp;amp;amp;amp;gt; +        <allow send_destination="org.pulseaudio.Server"/> 
-        &amp;amp;amp;amp;amp;lt;allow receive_sender=&amp;amp;amp;amp;amp;quot;org.pulseaudio.Server&amp;amp;amp;amp;amp;quot;/&amp;amp;amp;amp;amp;gt; +        <allow receive_sender="org.pulseaudio.Server"/> 
-    &amp;amp;amp;amp;amp;lt;/policy&amp;amp;amp;amp;amp;gt; +    </policy> 
-&amp;amp;amp;amp;amp;lt;/busconfig&amp;amp;amp;amp;amp;gt; +</busconfig> 
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt; +<code bash> 
-echo &amp;amp;amp;amp;amp;quot;default-server = /var/run/pulse/native&amp;amp;amp;amp;amp;quot; &amp;amp;amp;amp;amp;gt;&amp;amp;amp;amp;amp;gt; /etc/pulse/client.conf +echo "default-server = /var/run/pulse/native" >> /etc/pulse/client.conf 
-echo &amp;amp;amp;amp;amp;quot;autospawn = no&amp;amp;amp;amp;amp;quot; &amp;amp;amp;amp;amp;gt;&amp;amp;amp;amp;amp;gt; /etc/pulse/client.conf+echo "autospawn = no" >> /etc/pulse/client.conf
 systemctl daemon-reload systemctl daemon-reload
 groupadd --system pulse groupadd --system pulse
Line 1860: Line 1860:
 nft add rule inet filter input position 17 ip saddr 10.25.0.0/24 tcp dport 8080 accept nft add rule inet filter input position 17 ip saddr 10.25.0.0/24 tcp dport 8080 accept
 nft add rule inet filter input position 17 ip6 saddr 2a01:4f8:191:327::0/64 tcp dport 8080 accept nft add rule inet filter input position 17 ip6 saddr 2a01:4f8:191:327::0/64 tcp dport 8080 accept
-nft list ruleset &amp;amp;amp;amp;amp;gt; /etc/nftables.conf +nft list ruleset /etc/nftables.conf 
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 also added a caddy rule on http.pi for the url: https://blog.project-insanity.org/106fm also added a caddy rule on http.pi for the url: https://blog.project-insanity.org/106fm
 ===== bitcoind ===== ===== bitcoind =====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S bitcoin-daemon pacman -S bitcoin-daemon
 systemctl start bitcoind systemctl start bitcoind
 systemctl enable bitcoind systemctl enable bitcoind
 ufw allow from 10.25.0.0/24 to any port 8333 ufw allow from 10.25.0.0/24 to any port 8333
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 https://bitcoin.stackexchange.com/a/75312 https://bitcoin.stackexchange.com/a/75312
 ====== playground.pi ====== ====== playground.pi ======
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S devtools pacman -S devtools
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 ===== beta.saai.digital ===== ===== beta.saai.digital =====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S iptables-nft pacman -S iptables-nft
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/nftables.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/nftables.conf>
 [...] [...]
 chain forward { chain forward {
Line 1890: Line 1890:
   }   }
 } }
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 systemctl enable --now docker systemctl enable --now docker
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 ===== QuakeJS ===== ===== QuakeJS =====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S quakejs-git pacman -S quakejs-git
 cd /usr/share/webapps/quakejs cd /usr/share/webapps/quakejs
 chown -R quakejs:quakejs . chown -R quakejs:quakejs .
 sudo -u quakejs node build/ioq3ded.js +set fs_game baseq3 +set dedicated 2 sudo -u quakejs node build/ioq3ded.js +set fs_game baseq3 +set dedicated 2
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/conf.d/quakejs&amp;amp;amp;amp;amp;gt; +<file - /etc/conf.d/quakejs> 
-QUAKEJS_DS_PARAMS=&amp;amp;amp;amp;amp;quot;+set fs_cdn cdn.quake.turbotux.de +set fs_game baseq3 +set dedicated 1 +exec server.cfg&amp;amp;amp;amp;amp;quot; +QUAKEJS_DS_PARAMS="+set fs_cdn cdn.quake.turbotux.de +set fs_game baseq3 +set dedicated 1 +exec server.cfg" 
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /usr/share/webapps/quakejs/base/baseq3/server.cfg&amp;amp;amp;amp;amp;gt; +<file - /usr/share/webapps/quakejs/base/baseq3/server.cfg> 
-seta sv_hostname &amp;amp;amp;amp;amp;quot;Project-Insanity.org QuakeJS&amp;amp;amp;amp;amp;quot;+seta sv_hostname "Project-Insanity.org QuakeJS"
 seta sv_maxclients 12 seta sv_maxclients 12
-seta g_motd &amp;amp;amp;amp;amp;quot;Welcome to PI Quake 3 battleground&amp;amp;amp;amp;amp;quot;+seta g_motd "Welcome to PI Quake 3 battleground"
 seta g_quadfactor 3 seta g_quadfactor 3
 seta g_gametype 0 seta g_gametype 0
Line 1915: Line 1915:
 seta g_inactivity 3000 seta g_inactivity 3000
 seta g_forcerespawn 0 seta g_forcerespawn 0
-seta rconpassword &amp;amp;amp;amp;amp;quot;CHANGE_ME&amp;amp;amp;amp;amp;quot; +seta rconpassword "CHANGE_ME" 
-set d1 &amp;amp;amp;amp;amp;quot;map q3dm17 ; set nextmap vstr d2&amp;amp;amp;amp;amp;quot; +set d1 "map q3dm17 ; set nextmap vstr d2" 
-set d2 &amp;amp;amp;amp;amp;quot;map q3tourney3 ; set nextmap vstr d3&amp;amp;amp;amp;amp;quot; +set d2 "map q3tourney3 ; set nextmap vstr d3" 
-set d3 &amp;amp;amp;amp;amp;quot;map q3tourney1 ; set nextmap vstr d1&amp;amp;amp;amp;amp;quot;+set d3 "map q3tourney1 ; set nextmap vstr d1"
 vstr d1 vstr d1
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/webapps/quakejs/web.json&amp;amp;amp;amp;amp;gt;+<file - /etc/webapps/quakejs/web.json>
  
-        &amp;amp;amp;amp;amp;quot;content&amp;amp;amp;amp;amp;quot;&amp;amp;amp;amp;amp;quot;cdn.quake.turbotux.de&amp;amp;amp;amp;amp;quot;+        "content""cdn.quake.turbotux.de"
-        &amp;amp;amp;amp;amp;quot;port&amp;amp;amp;amp;amp;quot;: 8081+        "port": 8081
 } }
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 systemctl enable --now quakejs-ds quakejs quakejs-cdn systemctl enable --now quakejs-ds quakejs quakejs-cdn
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 ===== PI ArchLinux Repository ===== ===== PI ArchLinux Repository =====
 build and install auruitls from source build and install auruitls from source
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 cd /tmp cd /tmp
-curl &amp;amp;amp;amp;amp;quot;https://aur.archlinux.org/cgit/aur.git/snapshot/aurutils.tar.gz&amp;amp;amp;amp;amp;quot; | tar xz+curl "https://aur.archlinux.org/cgit/aur.git/snapshot/aurutils.tar.gz| tar xz
 cd aurutils cd aurutils
 gpg --recv-keys DBE7D3DD8C81D58D0A13D0E76BC26A17B9B7018A  gpg --recv-keys DBE7D3DD8C81D58D0A13D0E76BC26A17B9B7018A 
 makepkg -i makepkg -i
 pacman --root=/var/lib/aurbuild/x86_64/root -S git pacman --root=/var/lib/aurbuild/x86_64/root -S git
-pacman --root=/var/lib/aurbuild/x86_64/root -S python2-setuptools # workaround for zeronet -&amp;amp;amp;amp;amp;gt; python-pyelliptic+pacman --root=/var/lib/aurbuild/x86_64/root -S python2-setuptools # workaround for zeronet -python-pyelliptic
 pacman --root=/var/lib/aurbuild/x86_64/root -S wayland # workaround for dmenu-wayland-git pacman --root=/var/lib/aurbuild/x86_64/root -S wayland # workaround for dmenu-wayland-git
 sudo /usr/share/devtools/pacman-extra.conf /etc/aurutils/pacman-projectinsanity.conf sudo /usr/share/devtools/pacman-extra.conf /etc/aurutils/pacman-projectinsanity.conf
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 configure custom repository configure custom repository
-&amp;amp;amp;amp;amp;lt;file - /etc/pacman.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/pacman.conf>
 [...] [...]
 Include = /etc/pacman.d/projectinsanity Include = /etc/pacman.d/projectinsanity
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/pacman.d/projectinsanity&amp;amp;amp;amp;amp;gt;+<file - /etc/pacman.d/projectinsanity>
 [options] [options]
 CacheDir = /var/cache/pacman/pkgwf CacheDir = /var/cache/pacman/pkgwf
Line 1957: Line 1957:
 SigLevel = Optional TrustAll SigLevel = Optional TrustAll
 Server = file:///var/cache/pacman/projectinsanity Server = file:///var/cache/pacman/projectinsanity
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/suders&amp;amp;amp;amp;amp;gt;+<file - /etc/suders>
 [...] [...]
 aur ALL = NOPASSWD: SETENV: /usr/bin/makechrootpkg aur ALL = NOPASSWD: SETENV: /usr/bin/makechrootpkg
 aur ALL = NOPASSWD: /usr/bin/arch-nspawn aur ALL = NOPASSWD: /usr/bin/arch-nspawn
 [...] [...]
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 sudo useradd -m aur sudo useradd -m aur
 sudo install -d /var/cache/pacman/projectinsanity -o aur sudo install -d /var/cache/pacman/projectinsanity -o aur
Line 1971: Line 1971:
 sudo -u aur gpg --recv-keys 6BC26A17B9B7018A sudo -u aur gpg --recv-keys 6BC26A17B9B7018A
 sudo -u aur gpg --recv-keys 1D1F0DC78F173680 sudo -u aur gpg --recv-keys 1D1F0DC78F173680
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/aurupdate.service&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/system/aurupdate.service>
 [Unit] [Unit]
  Description=Automatic update AUR repository.  Description=Automatic update AUR repository.
Line 1987: Line 1987:
 [Install] [Install]
  WantedBy=multi-user.target  WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /usr/bin/pi-archlinuxrepo-update.sh&amp;amp;amp;amp;amp;gt;+<file - /usr/bin/pi-archlinuxrepo-update.sh>
 #!/bin/bash #!/bin/bash
 for package in $(pacman -Sql projectinsanity)  for package in $(pacman -Sql projectinsanity) 
Line 1994: Line 1994:
   aur sync --no-view -c $package   aur sync --no-view -c $package
 done done
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/aurupdate.timer&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/system/aurupdate.timer>
 [Unit] [Unit]
  Description=Automatic update AUR repository when booted up after 5 minutes then check for updates every 60 minutes.  Description=Automatic update AUR repository when booted up after 5 minutes then check for updates every 60 minutes.
Line 2006: Line 2006:
 [Install] [Install]
  WantedBy=multi-user.target  WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 systemctl enable --now aurupdate.timer systemctl enable --now aurupdate.timer
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 sudo -u aur gpg --recv-keys 2A349DD577D586A5 sudo -u aur gpg --recv-keys 2A349DD577D586A5
 sudo -u aur aur sync -d projectinsanity -c librewolf pkgbuild-introspection tor-browser-en r128gain split2flac id3ted redshift-wlr-gamma-control-git krop wcalc anbox-git ocenaudio-bin smloadr soulseekqt aurutils downgrade maddy wp-cli wordpress-plugin-antispam-bee wordpress-plugin-code-syntax-block wordpress-plugin-jetpack-lite wordpress-plugin-lightbox-photoswipe wordpress-plugin-wp-gdpr-compliance wordpress-plugin-wp-statistics jellyfin onlyoffice-documentserver nextcloud-app-twofactor-gateway nextcloud-app-audioplayer nextcloud-app-polls nextcloud-app-extract nextcloud-app-suspicious-login nextcloud-app-keeweb nextcloud-app-radio nextcloud-app-onlyoffice fdroidserver android-sdk android-sdk-build-tools gplaycli vlc-bittorrent qlcplus signal-web-gateway-git invoiceninja invoiceplane python-gspread-git etcher zeronet teamviewer scrcpy ttyd wdisplays-git dmenu-wayland-git python-soundcard python-soundfile pacaur archivemount micro python-rpi.gpio python-pad4pi python-pulse-control python-rplcd python-vlc python-mpv pmbootstrap wordpress-theme-geist linux-libre opensnitch-git powerpill osmctools tilemaker nextcloud-app-talk xerox-phaser-6000-6010 dokuwiki-plugin-captcha dokuwiki-plugin-dw2pdf dokuwiki-template-argon nextcloud-integration-github nextcloud-integration-twitter nextcloud-integration-reddit nextcloud-integration-discourse wordpress-plugin-opengraph nextcloud-app-podcast wordpress-plugin-simple-login-captcha wordpress-plugin-disable-xml-rpc wordpress-plugin-async-javascript wordpress-plugin-breeze wordpress-plugin-webp-converter-for-media sudo -u aur aur sync -d projectinsanity -c librewolf pkgbuild-introspection tor-browser-en r128gain split2flac id3ted redshift-wlr-gamma-control-git krop wcalc anbox-git ocenaudio-bin smloadr soulseekqt aurutils downgrade maddy wp-cli wordpress-plugin-antispam-bee wordpress-plugin-code-syntax-block wordpress-plugin-jetpack-lite wordpress-plugin-lightbox-photoswipe wordpress-plugin-wp-gdpr-compliance wordpress-plugin-wp-statistics jellyfin onlyoffice-documentserver nextcloud-app-twofactor-gateway nextcloud-app-audioplayer nextcloud-app-polls nextcloud-app-extract nextcloud-app-suspicious-login nextcloud-app-keeweb nextcloud-app-radio nextcloud-app-onlyoffice fdroidserver android-sdk android-sdk-build-tools gplaycli vlc-bittorrent qlcplus signal-web-gateway-git invoiceninja invoiceplane python-gspread-git etcher zeronet teamviewer scrcpy ttyd wdisplays-git dmenu-wayland-git python-soundcard python-soundfile pacaur archivemount micro python-rpi.gpio python-pad4pi python-pulse-control python-rplcd python-vlc python-mpv pmbootstrap wordpress-theme-geist linux-libre opensnitch-git powerpill osmctools tilemaker nextcloud-app-talk xerox-phaser-6000-6010 dokuwiki-plugin-captcha dokuwiki-plugin-dw2pdf dokuwiki-template-argon nextcloud-integration-github nextcloud-integration-twitter nextcloud-integration-reddit nextcloud-integration-discourse wordpress-plugin-opengraph nextcloud-app-podcast wordpress-plugin-simple-login-captcha wordpress-plugin-disable-xml-rpc wordpress-plugin-async-javascript wordpress-plugin-breeze wordpress-plugin-webp-converter-for-media
Line 2018: Line 2018:
 nft add rule inet filter input position 17 ip saddr 10.25.0.0/24 tcp dport http accept nft add rule inet filter input position 17 ip saddr 10.25.0.0/24 tcp dport http accept
 nft add rule inet filter input position 17 ip6 saddr 2a01:4f8:191:327::0/64 tcp dport http accept nft add rule inet filter input position 17 ip6 saddr 2a01:4f8:191:327::0/64 tcp dport http accept
-nft list ruleset &amp;amp;amp;amp;amp;gt; /etc/nftables.conf +nft list ruleset /etc/nftables.conf 
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 caddy configuration caddy configuration
-&amp;amp;amp;amp;amp;lt;file - /etc/caddy/Caddyfile+<file - /etc/caddy/Caddyfile
 import conf.d/*.conf import conf.d/*.conf
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/onny.project-insanity.org.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/caddy/conf.d/onny.project-insanity.org.conf>
 http://onny.project-insanity.org { http://onny.project-insanity.org {
  
Line 2043: Line 2043:
  
 } }
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 systemctl restart caddy systemctl restart caddy
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 caddy configuration on http-pub.pi: caddy configuration on http-pub.pi:
-&amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/onny.project-insanity.org.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/caddy/conf.d/onny.project-insanity.org.conf>
 [...] [...]
     proxy /archlinux playground.pi {     proxy /archlinux playground.pi {
Line 2054: Line 2054:
     }     }
 [...] [...]
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 systemctl restart caddy systemctl restart caddy
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 ====== http-pub.pi ====== ====== http-pub.pi ======
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S caddy php-fpm pacman -S caddy php-fpm
 systemctl enable --now caddy php-fpm systemctl enable --now caddy php-fpm
 nft add rule inet filter input position 17 ip saddr 10.25.0.0/24 tcp dport http accept nft add rule inet filter input position 17 ip saddr 10.25.0.0/24 tcp dport http accept
 nft add rule inet filter input position 17 ip6 saddr 2a01:4f8:191:327::0/64 tcp dport http accept nft add rule inet filter input position 17 ip6 saddr 2a01:4f8:191:327::0/64 tcp dport http accept
-nft list ruleset &amp;amp;amp;amp;amp;gt; /etc/nftables.conf +nft list ruleset /etc/nftables.conf 
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/pacman.d/hooks/php.hook&amp;amp;amp;amp;amp;gt;+<file - /etc/pacman.d/hooks/php.hook>
 # Restart php service # Restart php service
  
Line 2080: Line 2080:
 When = PostTransaction When = PostTransaction
 Exec = /usr/bin/systemctl restart php-fpm Exec = /usr/bin/systemctl restart php-fpm
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 custom caddy installation custom caddy installation
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacaur -d caddy pacaur -d caddy
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - ~/.cache/pacaur/caddy/PKGBUILD&amp;amp;amp;amp;amp;gt;+<file - ~/.cache/pacaur/caddy/PKGBUILD>
 [...] [...]
 #    'http.expires' #    'http.expires'
Line 2091: Line 2091:
 #    'http.filter' #    'http.filter'
 [...] [...]
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 cd ~/.cache/pacaur/caddy cd ~/.cache/pacaur/caddy
 makepkg -i --skipinteg makepkg -i --skipinteg
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 ===== caddy ===== ===== caddy =====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S caddy pacman -S caddy
 gpasswd -a caddy http gpasswd -a caddy http
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/caddy/Caddyfile&amp;amp;amp;amp;amp;gt;+<file - /etc/caddy/Caddyfile>
 import /etc/caddy/conf.d/* import /etc/caddy/conf.d/*
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/ausstellung-virtuell.de.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/caddy/conf.d/ausstellung-virtuell.de.conf>
 http://ausstellung-virtuell.de { http://ausstellung-virtuell.de {
     redir https://www.ausstellung-virtuell.de{uri}     redir https://www.ausstellung-virtuell.de{uri}
Line 2125: Line 2125:
         rewrite @mainpage /index.php?page={http.regexp.path.1}         rewrite @mainpage /index.php?page={http.regexp.path.1}
 } }
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/caddy/conf.d/onny.project-insanity.org.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/caddy/conf.d/onny.project-insanity.org.conf>
 http://onny.project-insanity.org { http://onny.project-insanity.org {
  
Line 2141: Line 2141:
  
 } }
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/caddy.service.d/overwride.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/system/caddy.service.d/overwride.conf>
 [Service] [Service]
 ProtectHome=false ProtectHome=false
 LimitNOFILE=infinity LimitNOFILE=infinity
 LimitNPROC=infinity LimitNPROC=infinity
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 systemctl daemon-reload systemctl daemon-reload
 systemctl restart caddy systemctl restart caddy
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 Overwrite php-fpm.service configuration, allow access to home directories: Overwrite php-fpm.service configuration, allow access to home directories:
-&amp;amp;amp;amp;amp;lt;file - php-fpm.service.d/overwrite.conf&amp;amp;amp;amp;amp;gt;+<file - php-fpm.service.d/overwrite.conf>
 [Service] [Service]
 ProtectHome=false ProtectHome=false
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
  
 ===== wordpress ===== ===== wordpress =====
-&amp;amp;amp;amp;amp;lt;file - /etc/php/conf.d/wordpress.ini&amp;amp;amp;amp;amp;gt;+<file - /etc/php/conf.d/wordpress.ini>
 extension=mysqli extension=mysqli
  
 upload_max_filesize = 64M upload_max_filesize = 64M
 post_max_size = 64M post_max_size = 64M
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
  
 ===== uwsgi ===== ===== uwsgi =====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S uwsgi-plugin-python python-bottle pacman -S uwsgi-plugin-python python-bottle
 mkdir /etc/uwsgi/systemd mkdir /etc/uwsgi/systemd
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/uwsgi-private@.service&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/system/uwsgi-private@.service>
 [Unit] [Unit]
 Description=uWSGI service unit Description=uWSGI service unit
Line 2193: Line 2193:
 [Install] [Install]
 WantedBy=multi-user.target WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/uwsgi-private@.socket&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/system/uwsgi-private@.socket>
 [Unit] [Unit]
 Description=Socket for uWSGI %I Description=Socket for uWSGI %I
Line 2204: Line 2204:
 [Install] [Install]
 WantedBy=sockets.target WantedBy=sockets.target
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 ==== getmetadata ==== ==== getmetadata ====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S python-requests pacman -S python-requests
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/uwsgi/getmetadata.ini&amp;amp;amp;amp;amp;gt;+<file - /etc/uwsgi/getmetadata.ini>
 [uwsgi] [uwsgi]
 http-socket = /run/uwsgi/%n.sock http-socket = /run/uwsgi/%n.sock
Line 2218: Line 2218:
 plugins = python plugins = python
 file = streammetadata-api.py file = streammetadata-api.py
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/uwsgi/systemd/getmetadata.conf&amp;amp;amp;amp;amp;gt; +<file - /etc/uwsgi/systemd/getmetadata.conf> 
-rw_directory=&amp;amp;amp;amp;amp;quot;/usr/share/webapps/getmetadata&amp;amp;amp;amp;amp;quot; +rw_directory="/usr/share/webapps/getmetadata" 
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 systemctl enable uwsgi-private@getmetadata systemctl enable uwsgi-private@getmetadata
 systemctl start uwsgi-private@getmetadata systemctl start uwsgi-private@getmetadata
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 ==== biolaedle-etiketten-generator ==== ==== biolaedle-etiketten-generator ====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S python-pandas python-reportlab python-xlrd python-bottle pacman -S python-pandas python-reportlab python-xlrd python-bottle
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/uwsgi/biolaedle-etiketten-generator.ini&amp;amp;amp;amp;amp;gt;+<file - /etc/uwsgi/biolaedle-etiketten-generator.ini>
 [uwsgi] [uwsgi]
 http-socket = /run/uwsgi/%n.sock http-socket = /run/uwsgi/%n.sock
Line 2239: Line 2239:
 plugins = python plugins = python
 file = label.py file = label.py
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 systemctl enable --now uwsgi@biolaedle\\x2detiketten\\x2dgenerator systemctl enable --now uwsgi@biolaedle\\x2detiketten\\x2dgenerator
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
  
 ==== feeds ==== ==== feeds ====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S python-feedparser python-beautifulsoup4 python-pyrss2gen python-dateutil python-lxml pacman -S python-feedparser python-beautifulsoup4 python-pyrss2gen python-dateutil python-lxml
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/uwsgi/feeds.ini&amp;amp;amp;amp;amp;gt;+<file - /etc/uwsgi/feeds.ini>
 [uwsgi] [uwsgi]
 http-socket = /run/uwsgi/%n.sock http-socket = /run/uwsgi/%n.sock
Line 2257: Line 2257:
 plugins = python plugins = python
 file = app.py file = app.py
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/uwsgi/systemd/feeds.conf&amp;amp;amp;amp;amp;gt; +<file - /etc/uwsgi/systemd/feeds.conf> 
-rw_directory=&amp;amp;amp;amp;amp;quot;/usr/share/webapps/feeds&amp;amp;amp;amp;amp;quot; +rw_directory="/usr/share/webapps/feeds" 
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 systemctl enable uwsgi-private@feeds systemctl enable uwsgi-private@feeds
 systemctl start uwsgi-private@feeds systemctl start uwsgi-private@feeds
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 ==== pishare ==== ==== pishare ====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S nodejs pacman -S nodejs
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/uwsgi/pishare.ini&amp;amp;amp;amp;amp;gt;+<file - /etc/uwsgi/pishare.ini>
 [uwsgi]  [uwsgi] 
 httpsocket = /run/uwsgi/%n.sock httpsocket = /run/uwsgi/%n.sock
Line 2280: Line 2280:
 file = pishare.py file = pishare.py
 lazy-apps = true lazy-apps = true
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 systenmctl enable --now uwsgi@pishare systenmctl enable --now uwsgi@pishare
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
  
 ===== arch-upstream ===== ===== arch-upstream =====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S python-progressbar python-jinja pacman -S python-progressbar python-jinja
 ln -s /usr/share/webapps/arch-upstream /var/www/onny.sexypump.de/ ln -s /usr/share/webapps/arch-upstream /var/www/onny.sexypump.de/
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/arch-upstream.service&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/system/arch-upstream.service>
 [Unit] [Unit]
 Description=Arch-Upstream Description=Arch-Upstream
Line 2307: Line 2307:
 WorkingDirectory=/usr/share/webapps/arch-upstream WorkingDirectory=/usr/share/webapps/arch-upstream
 ExecStart=/usr/share/webapps/arch-upstream/main.py ExecStart=/usr/share/webapps/arch-upstream/main.py
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/arch-upstream.timer&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/system/arch-upstream.timer>
 [Unit] [Unit]
 Description=Run arch-upstream every 12 hours Description=Run arch-upstream every 12 hours
Line 2321: Line 2321:
 [Install] [Install]
 WantedBy=multi-user.target WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 systemctl enable arch-upstream.timer systemctl enable arch-upstream.timer
 systemctl start arch-upstream.timer systemctl start arch-upstream.timer
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 ===== fdroid repo gplay mirror ===== ===== fdroid repo gplay mirror =====
 http-pub.pi http-pub.pi
  
 enable multilib enable multilib
-&amp;amp;amp;amp;amp;lt;file - /etc/pacman.conf&amp;amp;amp;amp;amp;gt;+<file - /etc/pacman.conf>
 [...] [...]
 #[multilib-testing] #[multilib-testing]
Line 2341: Line 2341:
 # tips on creating your own repositories. # tips on creating your own repositories.
 [...] [...]
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 pacman -S fdroidserver android-sdk android-sdk-build-tools gplaycli pacman -S fdroidserver android-sdk android-sdk-build-tools gplaycli
 cd www cd www
Line 2348: Line 2348:
 cd fdroid cd fdroid
 env ANDROID_HOME=/opt/android-sdk fdroid init env ANDROID_HOME=/opt/android-sdk fdroid init
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - www/fdroid/config.py&amp;amp;amp;amp;amp;gt;+<file - www/fdroid/config.py>
 [...] [...]
-repo_url = &amp;amp;amp;amp;amp;quot;https://onny.project-insanity.org/fdroid/repo&amp;amp;amp;amp;amp;quot; +repo_url = "https://onny.project-insanity.org/fdroid/repo" 
-repo_name = &amp;amp;amp;amp;amp;quot;Project-Insanity F-Droid repo&amp;amp;amp;amp;amp;quot; +repo_name = "Project-Insanity F-Droid repo" 
-repo_icon = &amp;amp;amp;amp;amp;quot;fdroid-icon.png&amp;amp;amp;amp;amp;quot; +repo_icon = "fdroid-icon.png" 
-repo_description = &amp;amp;amp;amp;amp;quot;This is a private F-Droid repository for the PI-crew :)&amp;amp;amp;amp;amp;quot;+repo_description = "This is a private F-Droid repository for the PI-crew :)"
 [...] [...]
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 env ANDROID_HOME=/opt/android-sdk fdroid update --create-metadata env ANDROID_HOME=/opt/android-sdk fdroid update --create-metadata
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 mkdir ~/.config/gplaycli mkdir ~/.config/gplaycli
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - ~/.config/gplaycli/gplaycli.conf&amp;amp;amp;amp;amp;gt;+<file - ~/.config/gplaycli/gplaycli.conf>
 [Credentials] [Credentials]
 gmail_address=****@gmail.com gmail_address=****@gmail.com
 gmail_password=**** gmail_password=****
 token=False token=False
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - ~/.config/gplaycli/apk.list&amp;amp;amp;amp;amp;gt;+<file - ~/.config/gplaycli/apk.list>
 org.thoughtcrime.securesms org.thoughtcrime.securesms
 de.nextbike de.nextbike
Line 2401: Line 2401:
 com.zhiliaoapp.musically com.zhiliaoapp.musically
 com.lynxspa.prontotreno com.lynxspa.prontotreno
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/gplaycli.service&amp;amp;amp;amp;amp;gt; +<file - /etc/systemd/system/gplaycli.service
 [Unit] [Unit]
 Description=Gplaycli automatic APK mirror Description=Gplaycli automatic APK mirror
Line 2410: Line 2410:
 Type=simple Type=simple
 User=onny User=onny
-ExecStart=/usr/bin/sh -c &amp;amp;amp;amp;amp;quot;rm -f /home/onny/.cache/gplaycli/token &amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp; /usr/bin/gplaycli -v -dc shamu --file /home/onny/.config/gplaycli/apk.list --folder /home/onny/www/fdroid/repo/ -c /home/onny/.config/gplaycli/gplaycli.conf &amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp; cd /home/onny/www/fdroid &amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp; env ANDROID_HOME=/opt/android-sdk fdroid update --create-metadata&amp;amp;amp;amp;amp;quot;+ExecStart=/usr/bin/sh -c "rm -f /home/onny/.cache/gplaycli/token && /usr/bin/gplaycli -v -dc shamu --file /home/onny/.config/gplaycli/apk.list --folder /home/onny/www/fdroid/repo/ -c /home/onny/.config/gplaycli/gplaycli.conf && cd /home/onny/www/fdroid && env ANDROID_HOME=/opt/android-sdk fdroid update --create-metadata"
 TimeoutStopSec=180 TimeoutStopSec=180
 KillMode=process KillMode=process
Line 2417: Line 2417:
 [Install] [Install]
 WantedBy=multi-user.target WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;file - /etc/systemd/system/gplaycli.timer&amp;amp;amp;amp;amp;gt;+<file - /etc/systemd/system/gplaycli.timer>
 [Unit] [Unit]
 Description=Gplaycli automatic APK mirror Description=Gplaycli automatic APK mirror
Line 2429: Line 2429:
 [Install] [Install]
 WantedBy=multi-user.target WantedBy=multi-user.target
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt; +</file> 
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 systemctl daemon-reload systemctl daemon-reload
 systemctl --now enable gplaycli.timer systemctl --now enable gplaycli.timer
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 Notes: Notes:
   * Manually put Threema apk into repo folder   * Manually put Threema apk into repo folder
 ===== public hosting ===== ===== public hosting =====
 Create user for hosting site Create user for hosting site
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 useradd -m example useradd -m example
 mkdir /home/example/www mkdir /home/example/www
 ln -s /home/example/www /var/www/example.de ln -s /home/example/www /var/www/example.de
 chmod +x /home/example chmod +x /home/example
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 Copy php-fpm profile Copy php-fpm profile
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 cp /etc/php/php-fpm.d/sexypump.de.conf /etc/php/php-fpm.d/example.com cp /etc/php/php-fpm.d/sexypump.de.conf /etc/php/php-fpm.d/example.com
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 Replace all occurences from the domain (''sexypump.de'') and the user (''sexypump'') with your domain and user. Now restart ''php-fpm'': Replace all occurences from the domain (''sexypump.de'') and the user (''sexypump'') with your domain and user. Now restart ''php-fpm'':
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 systemctl restart php-fpm systemctl restart php-fpm
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 Create nginx webserver configuration: Create nginx webserver configuration:
-&amp;amp;amp;amp;amp;lt;file - /etc/nginx/sites-available/example.de&amp;amp;amp;amp;amp;gt;+<file - /etc/nginx/sites-available/example.de>
 server { server {
     server_name example.de www.example.de;     server_name example.de www.example.de;
Line 2473: Line 2473:
     }     }
 } }
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 Enable webserver configuration: Enable webserver configuration:
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 ln -s /etc/nginx/sites-available/example.de /etc/nginx/sites-enabled/ ln -s /etc/nginx/sites-available/example.de /etc/nginx/sites-enabled/
 systemctl restart nginx systemctl restart nginx
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 Enable SSL caddy proxy on ''http.pi''. Edit as user ''caddy'' and append following part: Enable SSL caddy proxy on ''http.pi''. Edit as user ''caddy'' and append following part:
-&amp;amp;amp;amp;amp;lt;file - /opt/caddy/Caddyfile&amp;amp;amp;amp;amp;gt;+<file - /opt/caddy/Caddyfile>
 www.example.de example.de { www.example.de example.de {
         log /var/log/caddy/example.de_access.log         log /var/log/caddy/example.de_access.log
Line 2489: Line 2489:
                 header_upstream X-Real-IP {remote}                 header_upstream X-Real-IP {remote}
                 header_upstream X-Forwarded-Proto {scheme}                 header_upstream X-Forwarded-Proto {scheme}
-                header_downstream -Server &amp;amp;amp;amp;amp;quot;&amp;amp;amp;amp;amp;quot;+                header_downstream -Server ""
         }               }      
  
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 Restart caddy process after that. Depending on the permissions of your webroot, you can run: Restart caddy process after that. Depending on the permissions of your webroot, you can run:
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 sudo gpasswd -a example http sudo gpasswd -a example http
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
 Mysql database creation on ''mysql.pi'': Mysql database creation on ''mysql.pi'':
-&amp;amp;amp;amp;amp;lt;code sql&amp;amp;amp;amp;amp;gt;+<code sql>
 CREATE DATABASE IF NOT EXISTS sexypump; CREATE DATABASE IF NOT EXISTS sexypump;
 GRANT ALL PRIVILEGES ON sexypump.* TO 'sexypump'@'http-pub' IDENTIFIED BY '****'; GRANT ALL PRIVILEGES ON sexypump.* TO 'sexypump'@'http-pub' IDENTIFIED BY '****';
 FLUSH PRIVILEGES; FLUSH PRIVILEGES;
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt; +</code> 
-&amp;amp;amp;amp;amp;lt;file - /etc/conf.d/ballisticc.de.ini&amp;amp;amp;amp;amp;gt;+<file - /etc/conf.d/ballisticc.de.ini>
 upload_max_filesize = 1000M upload_max_filesize = 1000M
 post_max_size = 1000M post_max_size = 1000M
-&amp;amp;amp;amp;amp;lt;/file&amp;amp;amp;amp;amp;gt;+</file>
 ===== podcast feeds ===== ===== podcast feeds =====
-&amp;amp;amp;amp;amp;lt;code bash&amp;amp;amp;amp;amp;gt;+<code bash>
 sudo cp /home/onny/www/laboumdeluxe/laboumdeluxe_* /etc/systemd/system/ sudo cp /home/onny/www/laboumdeluxe/laboumdeluxe_* /etc/systemd/system/
 sudo cp /home/onny/www/bounce/bounce_* /etc/systemd/system/ sudo cp /home/onny/www/bounce/bounce_* /etc/systemd/system/
 systemctl enable --now bounce_feed.timer laboumdeluxe_feed.timer kampus_hakatze_feed.timer systemctl enable --now bounce_feed.timer laboumdeluxe_feed.timer kampus_hakatze_feed.timer
  
-&amp;amp;amp;amp;amp;lt;/code&amp;amp;amp;amp;amp;gt;+</code>
  
projectinsanity/server_setup.1649318730.txt.gz · Last modified: 2022/04/07 08:05 by 159.203.181.211