From ad9179fe520a8913f72ca54ac10b446342720d2e Mon Sep 17 00:00:00 2001 From: Danilo Reyes Date: Thu, 5 Feb 2026 12:06:28 -0600 Subject: [PATCH] testing on lebubu --- caddy/Caddyfile | 36 ++ caddy/Caddyfile.d/10-nextcloud.caddyfile | 20 + caddy/Caddyfile.d/15-private.caddyfile | 18 + caddy/Caddyfile.d/15-private.caddyfile__ | 29 + caddy/Caddyfile.d/20-servers.caddyfile | 79 +++ caddy/Caddyfile.d/25-static.caddyfile | 98 ++++ caddy/Caddyfile.d/40-jellyfin.caddyfile | 13 + caddy/Caddyfile.d/5-keycloak.caddyfile | 9 + caddy/Caddyfile.d/75-qbittorrent.caddyfile | 4 + caddy/client_ca.pem | 33 ++ hosts/vps/toggles.nix | 1 - jawz_hist | 634 +++++++++++++++++++++ modules/servers/nextcloud.nix | 1 - secrets/ssh/ed25519_nixvps | 7 + sudo_hist | 457 +++++++++++++++ 15 files changed, 1437 insertions(+), 2 deletions(-) create mode 100644 caddy/Caddyfile create mode 100644 caddy/Caddyfile.d/10-nextcloud.caddyfile create mode 100644 caddy/Caddyfile.d/15-private.caddyfile create mode 100644 caddy/Caddyfile.d/15-private.caddyfile__ create mode 100644 caddy/Caddyfile.d/20-servers.caddyfile create mode 100644 caddy/Caddyfile.d/25-static.caddyfile create mode 100644 caddy/Caddyfile.d/40-jellyfin.caddyfile create mode 100644 caddy/Caddyfile.d/5-keycloak.caddyfile create mode 100644 caddy/Caddyfile.d/75-qbittorrent.caddyfile create mode 100644 caddy/client_ca.pem create mode 100644 jawz_hist create mode 100644 secrets/ssh/ed25519_nixvps create mode 100644 sudo_hist diff --git a/caddy/Caddyfile b/caddy/Caddyfile new file mode 100644 index 0000000..e36677f --- /dev/null +++ b/caddy/Caddyfile @@ -0,0 +1,36 @@ +# The Caddyfile is an easy way to configure your Caddy web server. +# +# https://caddyserver.com/docs/caddyfile + + +# The configuration below serves a welcome page over HTTP on port 80. To use +# your own domain name with automatic HTTPS, ensure your A/AAAA DNS record is +# pointing to this machine's public IP, then replace `http://` with your domain +# name. Refer to the documentation for full instructions on the address +# specification. +# +# https://caddyserver.com/docs/caddyfile/concepts#addresses +http:// { + + # Set this path to your site's directory. + root * /usr/share/caddy + + # Enable the static file server. + file_server + + # Another common task is to set up a reverse proxy: + # reverse_proxy localhost:8080 + + # Or serve a PHP site through php-fpm: + # php_fastcgi localhost:9000 + + # Refer to the directive documentation for more options. + # https://caddyserver.com/docs/caddyfile/directives + +} + + +# As an alternative to editing the above site block, you can add your own site +# block files in the Caddyfile.d directory, and they will be included as long +# as they use the .caddyfile extension. +import Caddyfile.d/*.caddyfile diff --git a/caddy/Caddyfile.d/10-nextcloud.caddyfile b/caddy/Caddyfile.d/10-nextcloud.caddyfile new file mode 100644 index 0000000..0289d5f --- /dev/null +++ b/caddy/Caddyfile.d/10-nextcloud.caddyfile @@ -0,0 +1,20 @@ +cloud.lebubu.org cloud.rotehaare.art { + redir /.well-known/carddav /remote.php/dav/ 301 + redir /.well-known/caldav /remote.php/dav/ 301 + reverse_proxy 10.77.0.2:8081 { + header_up Host {upstream_hostport} + header_up X-Real-IP {remote_host} + header_up X-Forwarded-For {remote_host} + header_up X-Forwarded-Proto {scheme} + } + + header { + X-Frame-Options "SAMEORIGIN" + X-Content-Type-Options "nosniff" + X-Permitted-Cross-Domain-Policies "none" + X-XSS-Protection "1; mode=block" + Referrer-Policy "no-referrer-when-downgrade" + Strict-Transport-Security "max-age=15552000; includeSubDomains" + -Server + } +} diff --git a/caddy/Caddyfile.d/15-private.caddyfile b/caddy/Caddyfile.d/15-private.caddyfile new file mode 100644 index 0000000..2489441 --- /dev/null +++ b/caddy/Caddyfile.d/15-private.caddyfile @@ -0,0 +1,18 @@ +(secure_mtls) { + tls { + client_auth { + mode require_and_verify + trusted_ca_cert_file /etc/caddy/client_ca.pem + } + } +} + +home.lebubu.org, indexer.lebubu.org, xxx.lebubu.org { + import secure_mtls + + @home host home.lebubu.org + @indexer host indexer.lebubu.org + + reverse_proxy @home 10.77.0.2:8082 + reverse_proxy @indexer 10.77.0.2:9696 +} diff --git a/caddy/Caddyfile.d/15-private.caddyfile__ b/caddy/Caddyfile.d/15-private.caddyfile__ new file mode 100644 index 0000000..b1a5c13 --- /dev/null +++ b/caddy/Caddyfile.d/15-private.caddyfile__ @@ -0,0 +1,29 @@ +(oauth2_common) { + @oauth2path path /oauth2/* + handle @oauth2path { + reverse_proxy 10.77.0.2:4180 + } + + handle { + forward_auth 10.77.0.2:4180 { + uri /oauth2/auth + copy_headers X-Auth-Request-User X-Auth-Request-Email + } + } +} + +auth-proxy.lebubu.org { + reverse_proxy 10.77.0.2:4180 +} + +home.lebubu.org, indexer.lebubu.org, xxx.lebubu.org { + import oauth2_common + @home host home.lebubu.org + @indexer host indexer.lebubu.org + @xxx host xxx.lebubu.org + handle { + reverse_proxy @home 10.77.0.2:8082 + reverse_proxy @indexer 10.77.0.2:9696 + reverse_proxy @xxx 10.77.0.2:9999 + } +} diff --git a/caddy/Caddyfile.d/20-servers.caddyfile b/caddy/Caddyfile.d/20-servers.caddyfile new file mode 100644 index 0000000..a48e298 --- /dev/null +++ b/caddy/Caddyfile.d/20-servers.caddyfile @@ -0,0 +1,79 @@ +analytics.lebubu.org { + reverse_proxy 10.77.0.2:8439 +} + +cache.lebubu.org { + reverse_proxy 10.77.0.2:2343 +} + +audiobooks.lebubu.org { + reverse_proxy 10.77.0.2:5687 +} + +mealie.lebubu.org { + reverse_proxy 10.77.0.2:9925 +} + +git.lebubu.org { + reverse_proxy 10.77.0.2:9083 +} + +subs.lebubu.org { + reverse_proxy 10.77.0.2:6767 +} + +collabora.lebubu.org { + reverse_proxy 10.77.0.2:9980 +} + +library.lebubu.org { + reverse_proxy 10.77.0.2:5000 +} + +music.lebubu.org { + reverse_proxy 10.77.0.2:8686 +} + +maloja.lebubu.org { + reverse_proxy 10.77.0.2:42010 +} + +copy.lebubu.org { + reverse_proxy 10.77.0.2:8086 +} + +scrobble.lebubu.org { + reverse_proxy 10.77.0.2:9078 +} + +plex.lebubu.org plex.rotehaare.art { + reverse_proxy 10.77.0.2:32400 +} + +movies.lebubu.org { + reverse_proxy 10.77.0.2:7878 +} + +laters.lebubu.org { + reverse_proxy 10.77.0.2:9546 +} + +links.lebubu.org { + reverse_proxy 10.77.0.2:3000 +} + +tracker.lebubu.org { + reverse_proxy 10.77.0.2:8765 +} + +series.lebubu.org { + reverse_proxy 10.77.0.2:8989 +} + +vault.lebubu.org { + reverse_proxy 10.77.0.2:8222 +} + +bajameesta.lebubu.org { + reverse_proxy 10.77.0.2:8881 +} diff --git a/caddy/Caddyfile.d/25-static.caddyfile b/caddy/Caddyfile.d/25-static.caddyfile new file mode 100644 index 0000000..00fc2ec --- /dev/null +++ b/caddy/Caddyfile.d/25-static.caddyfile @@ -0,0 +1,98 @@ +(hugo_common) { + encode zstd gzip + + header { + X-Frame-Options "SAMEORIGIN" + X-Content-Type-Options "nosniff" + X-XSS-Protection "1; mode=block" + Referrer-Policy "strict-origin-when-cross-origin" + Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" + } + + @static { + path *.jpg *.jpeg *.png *.gif *.ico *.css *.js *.svg *.woff *.woff2 *.ttf *.xml + } + + handle @static { + file_server + header { + Cache-Control "public, max-age=31536000, immutable" + } + } + @html { + path *.html + } + handle @html { + file_server + try_files {path} {path}/ /index.html + } + + handle { + file_server + try_files {path} {path}/ /index.html + } + + @hidden { + path_regexp ^.*/\..*$ + } + respond @hidden 404 + + handle /js/script.js { + rewrite * /js/script.file-downloads.hash.outbound-links.js + reverse_proxy https://analytics.lebubu.org { + header_up Host analytics.lebubu.org + } + } + + handle /api/event { + reverse_proxy https://analytics.lebubu.org { + header_up Host analytics.lebubu.org + } + } +} + +www.danilo-reyes.com { + redir https://danilo-reyes.com{uri} +} + +www.blog.danilo-reyes.com { + redir https://blog.danilo-reyes.com{uri} +} + +danilo-reyes.com { + root * /var/www/html/portfolio + import hugo_common +} + +blog.danilo-reyes.com { + route { + handle_path /isso* { + reverse_proxy 10.77.0.2:8180 + } + root * /var/www/html/blog + import hugo_common + } +} + +mb-report.lebubu.org { + root * /var/www/html/lidarr-mb-gap + file_server + encode gzip zstd + + try_files {path} /missing_albums.html + + @html { + path *.html + } + header @html Content-Type "text/html; charset=utf-8" + + @json { + path *.json + } + header @json Content-Type "application/json" + + header { + X-Content-Type-Options "nosniff" + X-Frame-Options "SAMEORIGIN" + } +} diff --git a/caddy/Caddyfile.d/40-jellyfin.caddyfile b/caddy/Caddyfile.d/40-jellyfin.caddyfile new file mode 100644 index 0000000..131b1c9 --- /dev/null +++ b/caddy/Caddyfile.d/40-jellyfin.caddyfile @@ -0,0 +1,13 @@ +flix.lebubu.org { + reverse_proxy 10.77.0.2:8096 { + header_up Host {host} + header_up X-Real-IP {remote_host} + header_up X-Forwarded-For {remote_host} + header_up X-Forwarded-Proto {scheme} + header_up X-Forwarded-Host {host} + + # WebSocket support (automatic in Caddy, but explicit is fine) + header_up Connection {>Connection} + header_up Upgrade {>Upgrade} + } +} diff --git a/caddy/Caddyfile.d/5-keycloak.caddyfile b/caddy/Caddyfile.d/5-keycloak.caddyfile new file mode 100644 index 0000000..e50b196 --- /dev/null +++ b/caddy/Caddyfile.d/5-keycloak.caddyfile @@ -0,0 +1,9 @@ +auth.lebubu.org { + tls internal + reverse_proxy 10.77.0.2:8090 { + header_up X-Forwarded-Proto https + header_up X-Forwarded-For {remote_host} + header_up X-Forwarded-Host {host} + header_up Host {host} + } +} diff --git a/caddy/Caddyfile.d/75-qbittorrent.caddyfile b/caddy/Caddyfile.d/75-qbittorrent.caddyfile new file mode 100644 index 0000000..66e7da3 --- /dev/null +++ b/caddy/Caddyfile.d/75-qbittorrent.caddyfile @@ -0,0 +1,4 @@ +torrent.lebubu.org { + reverse_proxy 127.0.0.1:9345 +} + diff --git a/caddy/client_ca.pem b/caddy/client_ca.pem new file mode 100644 index 0000000..7fc8ae9 --- /dev/null +++ b/caddy/client_ca.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFmzCCA4OgAwIBAgIUPBgrOAnSgT+y9+zaFaCuVkwi/M4wDQYJKoZIhvcNAQEL +BQAwXTELMAkGA1UEBhMCTVgxEjAQBgNVBAgMCVNvbWVTdGF0ZTERMA8GA1UEBwwI +U29tZUNpdHkxEDAOBgNVBAoMB0phd1pEZXYxFTATBgNVBAMMDEphd1ogUm9vdCBD +QTAeFw0yNTA3MTYxOTMxMTBaFw0zNTA3MTQxOTMxMTBaMF0xCzAJBgNVBAYTAk1Y +MRIwEAYDVQQIDAlTb21lU3RhdGUxETAPBgNVBAcMCFNvbWVDaXR5MRAwDgYDVQQK +DAdKYXdaRGV2MRUwEwYDVQQDDAxKYXdaIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQDwcWfnMDBzdukPZUa0pbY3tHG2ONEZMDUsxo5T5veq +KrMfsu7U9tE8AY+AVl0Qz9hpBHN+GmktXQlimPkm4tSVKJMjk0iWYgZn8tTMB+AL +i3gl/bt7qP+59U7gQbojkp6B0xCMCynPlsgcMiIcZWFmNVrG6ehh4B+wuG52gWVw +TrwhDjHhxsrc66DkgC/59Pm60JqHlBhuhv9HB/q9JM3HLQ63XUwhvTVJ29tSiJZl +WpKFr5s8nfE2FIXIHzi+o+Lo3n9wvdCzNfaRUStLWbROzF97jY4VIxIDk/loQH4T +6oXBGlRe8M+G1XL/waRDySxL26jRVG8bUEv4mh/Hd9Rs0JcUOl6lFiGndJMjMyom +ZgAlhi2Id2AzkT28utdYQqKUuaTy1SwLkrcOu9k2/dw7Uf7aK5WCraOth5ys+lw+ +mzga4gNGc3Am9soFHjI56Qxvhf+Aa5tlASwpzrjsc7PJEZJXorE40uZsB/q1PafP +AIqVsSoT+Q6h6bld0EuQ5W4i1LTipZEPUaF673tGCXuI40AeTI44SFKcGm9XG1ic +I25OxuIKyl5sCANkryOHjNKY4SkzXKSpML3PYbfSKK7xDpeFofIYKnRfJm4qmBNd +lKT+ti4Hnvr8NZDRWyxC5SIDF1fdkslNu/HoAoL8JdXPYnitlTL7A5mF5PVPHom7 +XwIDAQABo1MwUTAdBgNVHQ4EFgQUhquhsVpNS4shC+7DMxOK4/wYYEswHwYDVR0j +BBgwFoAUhquhsVpNS4shC+7DMxOK4/wYYEswDwYDVR0TAQH/BAUwAwEB/zANBgkq +hkiG9w0BAQsFAAOCAgEAU8nSV6DqCZSDxWpa8JSBmZFnO2oZIRF9Nw/1QcpMOGUR +pnWyQ03QtEgXYMwvxN/FOcGvYwg0LyYy07rzlpe5n2wRBaTrPCZ928f5j0nhADjC +GYutxhbO4WYvBKUY88qYCrJRa1Aw1B/CsGCmH5f+aND6fyxZ6Lx9CQ8O43f+QCOE +ltkbHRvjxYyVpDkgccDwetMDURKKrzkibUskeCPt0TjZbLKUq/cDspdAjSJgIJrz +a50JbniKUG5Qcav3P2aA6NluOKFJfYh+146uafC6WofUtx2Vv5lViYMlIDnqN4L0 +xUzN5hB1kwF+4v1PO9/olafKqmgZ8FD/ipMYq2aYX4u9RJHLD6hMPUJpgKPRhGfi +ul9rYv6rC+pQNIn4s287sAPru5IgIzPBBCbqXSkoue7V/mpqRuZZRX84V6CzlYDc +0knoG2TL6aEWO+vj1mROgOuagyqyb3NZvgySE7GieW4tdvZhdYJJxdXh/tBQCg9E +iVcQH0rNJ+0jsybFWPqdOIZ6sH78SvY+J4KhqZ3Il/WCxCTs/Ccb/RMkhRm+bfSX +1FxoKF20b3RJ6g9N1oOj+12oK8jwMpUbaG/oAZh0TgZf1FUKic2f6jhMZLus8fGe +nyHza9mHbN1M8d9hX7U3gkepY8RVhSNL5erNp1zsBtZ4UNmouGm53wgjYZPYkrc= +-----END CERTIFICATE----- + diff --git a/hosts/vps/toggles.nix b/hosts/vps/toggles.nix index 0156271..d8808fb 100644 --- a/hosts/vps/toggles.nix +++ b/hosts/vps/toggles.nix @@ -9,7 +9,6 @@ let mkEnabledProxyIp = inputs.self.lib.mkEnabledProxyIp wgServerIp; in { - domain = "servidos.lat"; enableProxy = true; enableContainers = true; apps.dictionaries.enable = true; diff --git a/jawz_hist b/jawz_hist new file mode 100644 index 0000000..2510093 --- /dev/null +++ b/jawz_hist @@ -0,0 +1,634 @@ +exit +cd +ls +ls .ssh +ls ~/.ssh/ +ls -lag +ls -la +sudo chown -R jawz:jawz ./ +ls -lag +ls -la +ls .ssh/ +ls .ssh/ -la +sudo systemctl enable --now wg-quick@wg0 +sudo nano /etc/sysctl.d/99-ipforward.conf +ls +sudo -i +sudo systemctl status sshd.service +sudo systemctl restart sshd.service +journalctl -xeu sshd +sudo -i +sudo systemctl status sshd +sudo ss -ltnp | grep ssh +sudo semanage port -l | grep ssh_port_t +sudo ss -ltnp | grep 3456 || sudo ss -ltnp | grep sshd +ping google.com +sudo systemctl stop wg-quick@wg0.service +ping google.com +sudo systemctl disable wg-quick@wg0.service +exi +exit +sudo rmdir /etc/caddy/Caddyfile.d/ +sudo -i +exit +ls +rm histfile +rm iptables* +ls +rm sudo_histfile +cat syncthingblocked +rm syncthingblocked +ls +exit +sudoedit /etc/wireguard/wg0.conf +export TERM=xterm-256color +sudoedit /etc/wireguard/wg0.conf +sudo systemctl restart wg-quick +sudo systemctl restart wg-quick@wg0.service +sudoedit /etc/wireguard/wg0.conf +sudo -i +sudo tcpdump +sudo dnf install tcpdump +sudo tcpdump -i wg0 host 10.77.0.2 -n -v +sudoedit /etc/sysconfig/iptables +export TERM=xterm-256color +sudoedit /etc/sysconfig/iptables +sudo systemctl restart iptables.service +ping google.com +sudo ss -ltnp | grep 3456 || sudo ss -ltnp | grep sshd +sudo sed -n '1,200p' /etc/ssh/sshd_config /etc/ssh/sshd_config.d/*.conf 2>/dev/null | egrep -n '^(Port|ListenAddress)' +sudo iptables -S +cat /etc/sysconfig/iptables +sudo cat /etc/sysconfig/iptables +sudo systemctl enable --now iptables +sudo systemctl start iptables +sudo systemctl restart iptables +sudo iptables -S +sudo systemctl enable wg-quick@wg0 +sudo systemctl start wg-quick@wg0 +ping google.com +sudo -i +sudo wg sow +sudo wg show +ls +cd /etc/caddy/Caddyfile.d/ +ls +cat fun.caddyfile__ +ls +clear +mv portfolio.caddyfile_bkp portfolio.caddyfile +sudo mv portfolio.caddyfile_bkp portfolio.caddyfile +sudo systemctl restart caddy +clear +export TERM=xterm-256color +iptables-s +sudo iptables -S +sudo iptables -s +sudo iptables -S +clear +cat /etc/sysconfig/iptables +sudo cat /etc/sysconfig/iptables +sudo -i +sudo reboot +exit +ping google.com +sudo systemctl restart iptables +sudo systemctl enable iptables +exit +sudo -i +exit +sudo iptables -vnL FORWARD | grep 22000 +sudo -i +sudo iptables -L FORWARD -n -v --line-numbers +cat /etc/sysconfig/iptables +sudo cat /etc/sysconfig/iptables +sudoedit /etc/sysconfig/iptables +export TERM=xterm-256color +sudoedit /etc/sysconfig/iptables +clear +sudo cat /etc/sysconfig/iptables +sudoedit /etc/sysconfig/iptables +sudo systemctl restart iptables.service +sudoedit /etc/sysconfig/iptables +wg show +sudo wg show +ping -c 3 10.8.0.2 +nc -zv 10.77.0.2 22000 +sudo -i +exit +sudo -i +exit +sudo systemctl disable iptables +sudo systemctl enable iptables +sudo systemctl status iptables +sudo systemctl start iptables +sudo -i +exit +sudo dnf install starship +sudo dnf copr enable atim/starship +sudo dnf install starship +nano .bashrc +export TERM=xterm-256color +nano .bashrc +bash +exit +nano /etc/hostname +export TERM=xterm-256color +nano /etc/hostname +sudoedit /etc/hostname +exit +sudoedit /etc/caddy/Caddyfile.d/20-servers.caddyfile +export TERM=xterm-256color +sudoedit /etc/caddy/Caddyfile.d/20-servers.caddyfile +export EDITOR=neovim +sudoedit /etc/caddy/Caddyfile.d/20-servers.caddyfile +EDITOR=neovim sudoedit /etc/caddy/Caddyfile.d/20-servers.caddyfile +EDITOR=nvim sudoedit /etc/caddy/Caddyfile.d/20-servers.caddyfile +sudo -i +exit +sudoedit /etc/caddy/Caddyfile.d/20-servers.caddyfile +exit +sudoedit /etc/caddy/Caddyfile.d/20-servers.caddyfile +sudo -i +exit +export TERM=xterm-256color +sudoedit /etc/caddy/Caddyfile.d/20-servers.caddyfile +sudo systemctl restart caddy +export TERM=xterm-256color +sudoedit /etc/caddy/Caddyfile.d/20-servers.caddyfile +sudo systemctl restart caddy +sudo -i +exit +sudo mkdir -p /var/www/html +sudo mkdir -p /var/www/html/lidarr-mb-gap +sudo useradd -m -s /bin/bash lidarr-reports +sudo chown -R lidarr-reports:lidarr-reports /var/www/html/lidarr-mb-gap/ +exit +sudo -u lidarr-reports bash +exit +sudo -u lidarr-reports +sudo -u lidarr-reports bash +sudo -i +exit +sudo -u lidarr-mb-gap cat /var/lib/lidarr-mb-gap/.ssh/id_ed25519.pub +exit +sudo -u lidarr-reports +sudo -u lidarr-reports bash +exit +sudo -u lidarr-reports ssh-keygen -l -f /home/lidarr-reports/.ssh/ed25519_lidarr-mb-gap.pub +exit +sudo -u lidarr-reports -u bash +sudo -u lidarr-reports bash +exit +sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile +exit +sudo dnf install rsync +sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile +sudo systemctl restart caddy.service +ls +cd /var/www/html/lidarr-mb-gap/ +ls +sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile +sudo systemctl restart caddy.service +nc -zv 10.77.0.2 8999 +sudo nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile +sudo nvim /etc/caddy/Caddyfile.d/5-keycloak.caddyfile +sudo nvim /etc/caddy/Caddyfile.d/10-nextcloud.caddyfile +sudo nvim /etc/caddy/Caddyfile.d/5-keycloak.caddyfile +sudo systemctl restart caddy +ls +cd /etc/wireguard/ +sudo -i +exit +cd /etc/caddy/Caddyfile.d/ +ls +nvim 15-private.caddyfile +mv 15-private.caddyfile 15-private.caddyfile_ +sudo mv 15-private.caddyfile 15-private.caddyfile_ +nvim 15-private.caddyfile +sudo nvim 15-private.caddyfile +sudo systemctl restart caddy +exit +cd /etc/caddy/Caddyfile.d/ +sudo nvim 15-private.caddyfile +sudo systemctl restart caddy +exit +cd /etc/caddy/Caddyfile.d/ +sudo nvim 15-private.caddyfile +sudo systemctl restart caddy +sudo nvim 15-private.caddyfile +sudo systemctl restart caddy +exit +sudo nvim /etc/caddy/Caddyfile.d/5-keycloak.caddyfile +sudo nvim /etc/caddy/Caddyfile.d/10-nextcloud.caddyfile +sudo nvim /etc/caddy/Caddyfile.d/5-keycloak.caddyfile +sudo systemctl restart caddy +sudo nvim 15-private.caddyfile +cd /etc/caddy/Caddyfile.d/ +sudo nvim 15-private.caddyfile +sudo systemctl restart caddy +sudo nvim 15-private.caddyfile +cat 15-private.caddyfile +sudo nvim 15-private.caddyfile +sudo systemctl restart caddy +sudo nvim 15-private.caddyfile +sudo nvim 15-private.caddyfile_ +sudo nvim 15-private.caddyfile +sudo systemctl restart caddy +exit +sudo systemctl restart caddy +sudo nvim +cd /etc/caddy/Caddyfile.d/ +sudo nvim 15-private.caddyfile +cat 15-private.caddyfile_ +sudo nvim 15-private.caddyfile +cat 15-private.caddyfile +sudo nvim 15-private.caddyfile +sudo systemctl restart caddy +sudo nvim 15-private.caddyfile +sudo nvim /etc/caddy/Caddyfile.d/15-private.caddyfile +sudo systemctl restart caddy +systemctl status caddy +sudo nvim /etc/caddy/Caddyfile.d/15-private.caddyfile +sudo systemctl restart caddy +cd /etc/caddy/Caddyfile.d/ +ls +sudo nvim 20-servers.caddyfile +sudo nvim 40-jellyfin.caddyfile +sudo systemctl restart jel +sudo systemctl restart caddy +cd /etc/caddy/Caddyfile.d/ +ls +mv 15-private.caddyfile 15-private.caddyfile__ +sudo mv 15-private.caddyfile 15-private.caddyfile__ +sudo mv 15-private.caddyfile_ 15-private.caddyfile +sudo systemctl restart caddy +exit +dig servidos.lat A +sudo dnf install dig +dig servidos.lat A +exit +curl servidos.lat +exit +curl servidos.lat +dig servidos.lat A +curl -v 130.211.27.102 +curl -v 130.211.27.102:443 +curl -v https://130.211.27.102 +curl servidos.lat +curl https://servidos.lat +curl-v https://servidos.lat +curl -v https://servidos.lat +dig servidos.lat A +exit +dig servidos.lat A +exit +dig servidos.lat A +exit +dig servidos.lat A +exit +dig servidos.lat A +exit +dig servidos.lat A +curl -v https://servidos.lat +exit +sudo useradd -m -s /bin/bash deploy +sudo groupadd -f www-data +sudo usermod -aG www-data deploy +ls -lag /var/www/html/ +sudo mkdir /var/www/html/portfolio +sudo chown -R root:www-data /var/www/html/portfolio/ +sudo chmod -R 775 /var/www/html/portfolio/ +ssh-keygen -t ed25519 -C "deploy@portfolio" -f ~/.ssh/portfolio_deploy +cat ~/.ssh/portfolio_deploy.pub +sudo -u deploy +sudo -u deploy bash +ls +ls -lag +cat ~/.ssh/portfolio_deploy +exit +su +sudo -u +sudo -i +cat ~/.ssh/portfolio_deploy +exit +sudo systemctl restart iptables +exit +ls +ls ~/.ssh/authorized_keys +cat ~/.ssh/authorized_keys +sudo systemctl restart iptables.service +sudo systemctl status iptables.service +cat /etc/sysconfig/iptables +sudo cat /etc/sysconfig/iptables +exit +ls +exit +cd /var/www/html/portfolio/ +ls -lag +ls +sudo -u deploy bash +ls +exit +sudo systemctl restart caddy +cd /var/www/html/portfolio/ +ls +sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile +sudo systemctl restart caddy +sudo chown -R deploy:www-data /var/www/html/portfo +sudo chown -R deploy:www-data /var/www/html/portfolio/ +exit +sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile +sudo mkdir /var/www/html/blog +sudo chown deploy:www-data /var/www/html/blog/ -R +sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile +sudo cat /etc/caddy/Caddyfile.d/25-static.caddyfile +sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile +sudo systemctl restart caddy +sudo chmod -R 775 /var/www/html/portfolio +ls -la /var/www/html/portfolio/ +sudo chown -$ deploy:www-data /var/www/html/portfolio/ +sudo chown -R deploy:www-data /var/www/html/portfolio/ +sudo -i +ls -la /var/www/html/portfolio/friends/ | grep "001_chicken_hu" +sudo cat /etc/caddy/Caddyfile.d/25-static.caddyfile +df -h +sudo nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile +sudo systemctl restart caddy && exit +sudo nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile +sudo systemctl restart caddy && exit +sudo nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile +sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile +sudo systemctl restart caddy +journalctl -xeu caddy.service +sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile +sudo systemctl restart caddy +journalctl -xeu caddy.service +sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile +sudo systemctl restart caddy +sudo nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile +sudo systemctl restart caddy +sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile +sudo nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile +sudo systemctl restart caddy && exit +sudo nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile +curl -sI "https://danilo-reyes.com/isso/js/embed.min.js" +sudo nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile +sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile +sudo systemctl restart caddy && exit +curl -sI "https://danilo-reyes.com/isso/js/embed.min.js" +curl -vkI https://blog.danilo-reyes.com/isso/js/embed.min.js +sudo cat /etc/caddy/Caddyfile.d/25-static.caddyfile +sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile +sudo systemctl restart caddy +sudo cat /etc/caddy/Caddyfile.d/25-static.caddyfile +sudo systemctl restart caddy +curl -vkI https://blog.danilo-reyes.com/isso/ +curl -vkI https://blog.danilo-reyes.com/isso/js/embed.min.js +curl -vkI http://10.77.0.2:8180/ +curl -vkI http://10.77.0.2:8180/js/embed.min.js +curl -vkI http://10.77.0.2:8180/ +curl -vkI http://10.77.0.2:8180/js/embed.min.js +curl -vkI https://blog.danilo-reyes.com/isso/js/embed.min.js +curl -vkI https://blog.danilo-reyes.com/isso/ +curl -vkI https://blog.danilo-reyes.com/isso +9;6u +timedatectl status +date-u +date -u +sudo nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile +sudo systemctl restart caddy +sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile +sudo systemctl restart caddy +exit +sudo cat /etc/caddy/Caddyfile.d/25-static.caddyfile +sudo nvim /etc/caddy/Caddyfile.d/25-static.caddyfile +sudo systemctl restart caddy +exit +sudo cat /etc/caddy/Caddyfile.d/25-static.caddyfile +sudo cat /etc/caddy/Caddyfile.d/20-servers.caddyfile +sudo dnf search opentracker +sudo dnf install -y git gcc make libowfat-devel +git clone https://erdgeist.org/gitweb/opentracker +cd opentracker/ +make +sudo dnf install -y libowfat-devel +make clean +make CFLAGS="-I/usr/include/libowfat" +sudo dnf install -y zlib-devel +make CFLAGS="-I/usr/include/libowfat" +git submodule update --init +make clean +make +ls +cd .. +git clone git@github.com:masroore/libowfat.git +sudo dnf install libowfat +git clone git@github.com:masroore/libowfat.git +podman +docker +exit +sudo dnf copr enable dlk/rpms +sudo dnf install opentracker +rm opentracker/ +rm opentracker/ -rf +sudo systemctl enable --now opentracker +sudo systemctl status opentracker +sudo cat /etc/opentracker.conf +sudo nvim /etc/opentracker.conf +sudo nvim /etc/caddy/Caddyfile.d/15-private.caddyfile +sudo grep -r 6969 /etc/caddy/Caddyfile.d/ +sudo nvim /etc/opentracker.conf +sudo systemctl restart opentracker.service +sudo systemctl status opentracker +sudo nvim /etc/opentracker.conf +sudo systemctl restart opentracker.service +sudo systemctl status opentracker +sudo install -d -m 0750 /var/lib/opentracker +sudo install -m 0640 /dev/null /var/lib/opentracker/whitelist +sudo install -m 0640 /dev/null /var/lib/opentracker/blacklist +sudo systemctl restart opentracker.service +sudo systemctl status opentracker +ls -lag /var/lib/opentracker/ +sudo ls -lag /var/lib/opentracker/ +sudo nvim /etc/opentracker.conf +sudo systemctl restart opentracker.service +sudo systemctl status opentracker +sudo chmod 666 /var/lib/opentracker/blacklist +sudo systemctl restart opentracker.service +sudo systemctl status opentracker +sudo iptables -A INPUT -p tcp --dport 6969 -j ACCEPT +sudo iptables -A INPUT -p udp --dport 6969 -j ACCEPT +sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT +sudo iptables -L INPUT -n -v --line-numbers | grep 6969 +sudo service iptables save +exit +ls /etc/wireguard/ +sudo ls /etc/wireguard/ +sudo cat /etc/wireguard/wg0.conf +cat /etc/sysctl.d/99-forward.conf +sudo ls /etc/sysctl.d +cat /etc/sysctl.d/99-ipforward.conf +sudo sysctl net.ipv4.ip_forward +sudo -i +sudo systemctl status opentracker +journalctl -xefu opentracker +ss -tnp | grep 6969 +sudo sysctl -w net.ipv4.conf.all.rp_filter=0 +sudo sysctl -w net.ipv4.conf.eth0.rp_filter=0 +sudo sysctl -w net.ipv4.conf.wg0.rp_filter=0 +journalctl -xefu opentracker +sudo cat /etc/sysconfig/iptables +sysctl -w net.ipv4.ip_forward=1 +# ---- NAT (insert at top) ---- +iptables -t nat -I PREROUTING 1 -i eth0 -p tcp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412 +iptables -t nat -I PREROUTING 2 -i eth0 -p udp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412 +iptables -t nat -I POSTROUTING 1 -s 10.77.0.0/24 -o eth0 -j MASQUERADE +# ---- FORWARD ---- +iptables -I FORWARD 1 -i eth0 -o wg0 -p tcp -d 10.77.0.2 --dport 51412 -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT +iptables -I FORWARD 2 -i eth0 -o wg0 -p udp -d 10.77.0.2 --dport 51412 -j ACCEPT +iptables -I FORWARD 3 -i wg0 -o eth0 -s 10.77.0.2 -p tcp --sport 51412 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT +iptables -I FORWARD 4 -i wg0 -o eth0 -s 10.77.0.2 -p udp --sport 51412 -j ACCEPT +iptables -I FORWARD 5 -i wg0 -o eth0 -j ACCEPT +iptables -I FORWARD 6 -i eth0 -o wg0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT +net.ipv4.ip_forward = 1 +sudo -i +mkfs.ext4 "/dev/disk/by-id/scsi-0Linode_Volume_box" +sudo -i +mkdir /mnt/box/downloads +sudo mkdir /mnt/box/downloads +sudo chown jawz:users /mnt/box/downloads/ +ls -la +sudo chown jawz:jawz /mnt/box/downloads/ +qbittorrent-nox +sudo useradd --system --create-home --home-dir /var/lib/qbittorrent --shell /sbin/nologin qbittorrent +sudo mkdir -p /srv/torrents/{downloads,incomplete,watch} +sudo chown -R qbittorrent:qbittorrent /srv/torrents /var/lib/qbittorrent +sudo tee /etc/systemd/system/qbittorrent-nox.service >/dev/null <<'EOF' +[Unit] +Description=qBittorrent (nox) +After=network-online.target +Wants=network-online.target + +[Service] +Type=simple +User=qbittorrent +Group=qbittorrent +UMask=0027 +WorkingDirectory=/var/lib/qbittorrent +ExecStart=/usr/bin/qbittorrent-nox --profile=/var/lib/qbittorrent +Restart=on-failure +RestartSec=3 +LimitNOFILE=65536 + +[Install] +WantedBy=multi-user.target +EOF + +sudo systemctl daemon-reload +sudo systemctl enable --now qbittorrent-nox +sudo systemctl status qbittorrent-nox --no-pager +sudo -u qbittorrent nano /var/lib/qbittorrent/qBittorrent/config/qBittorrent.conf +sudo systemctl restart qbittorrent-nox +sudo nvim /etc/caddy/Caddyfile.d/75-qbittorrent.caddyfile +sudo -u qbittorrent nano /var/lib/qbittorrent/qBittorrent/config/qBittorrent.conf +sudo systemctl stop qbittorrent-nox +sudo -u qbittorrent nano /var/lib/qbittorrent/qBittorrent/config/qBittorrent.conf +sudo systemctl start qbittorrent-nox +sudo -u qbittorrent nano /var/lib/qbittorrent/qBittorrent/config/qBittorrent.conf +sudo nvim /etc/caddy/Caddyfile.d/75-qbittorrent.caddyfile +sudo systemctl restart caddy +sudo systemctl status qbittorrent-nox --no-pager +ls +cat /etc/sysconfig/iptables +sudo cat /etc/sysconfig/iptables +ls /mnt/ +ls /mnt/box/ +rm /mnt/box/downloads/ +rmdir /mnt/box/downloads/ +sudo rmdir /mnt/box/downloads/ +sudo mv /srv/torrents/* /mnt/box/ +sudo umount /mnt/box +sudo nvim /etc/fstab +sudo mount -a +sudo systemctl daemon-reload +sudo mount -a +ls -lag /srv/torrents/ +sudo -u qbittorrent nano /var/lib/qbittorrent/qBittorrent/config/qBittorrent.conf +cd /var/lib/qbittorrent/ +sudo -i +exit +sudo -i +ssh server +exitr +exit +ls /srv/torrents/ +sudo mkdir /srv/torrents/tits +sudo chown jawz:jawz /srv/torrents/tits/ +ls /srv/torrents/tits/ +sudo -i +sudo nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile +sudo systemctl restart caddy +exit +ls +df -h +ssh server +exit +clear +sudoedit /etc/sysconfig/iptables +exit +sudo grep 6060 /etc/ +sudo grep 6060 /etc/ -r +sudo grep -r 6969 /etc/ +sudo cat /etc/ssh/sshd_config +ls +clear +exit +cat /etc/sysconfig/iptables +sudo cat /etc/sysconfig/iptables +sudo ls /etc/wireguard/ +sudo cat /etc/wireguard/wg0.conf +sudo -i +exit +sudo -i +sudo -i +sudo -i +iptables -S +sudo iptables -S +sudo nvim /etc/wireguard/wg0.conf +exit +curl # Test paperless (should fail) +curl -v --connect-timeout 5 http://192.168.100.15:8000 +# Test sabnzbd (should fail) +curl -v --connect-timeout 5 http://192.168.100.15:3399 +curl -v --connect-timeout 5 http://192.168.100.15:8686 +sudo wg show +exit +sudo systemctl restart wg-quick@wg0.service +exit +sudo nvim /etc/wireguard/wg0.conf +sudo systemctl restart wg-quick@wg0.service +sudo nvim /etc/wireguard/wg0.conf +exit +sudo wg show +exit +sudo nvim /etc/sysconfig/iptables +sudo systemctl restart iptables.service +exit +sudo systemctl restart wg-quick@wg0.service +sudo nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile +sudo systemctl restart caddy +z nixos +exit +cat .ssh/id_ed25519.pub +cat .ssh/id_ed25519 +exit +cat /etc/sysconfig/iptables +sudo cat /etc/sysconfig/iptables +exit +sudo -i +ls +cat vps_public.key +ls .ssh/authorized_keys +cat .ssh/authorized_keys +exit diff --git a/modules/servers/nextcloud.nix b/modules/servers/nextcloud.nix index 387d5c7..34f4bb3 100644 --- a/modules/servers/nextcloud.nix +++ b/modules/servers/nextcloud.nix @@ -171,7 +171,6 @@ in enableACME = false; http2 = false; serverAliases = [ - "cloud.servidos.lat" "cloud.rotehaare.art" ]; listen = [ diff --git a/secrets/ssh/ed25519_nixvps b/secrets/ssh/ed25519_nixvps new file mode 100644 index 0000000..11d511b --- /dev/null +++ b/secrets/ssh/ed25519_nixvps @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACAg2NEQIaCDPaucUAqi1iUIppNyQJH2AHGm8RhZ8ZjQagAAAJggRAEdIEQB +HQAAAAtzc2gtZWQyNTUxOQAAACAg2NEQIaCDPaucUAqi1iUIppNyQJH2AHGm8RhZ8ZjQag +AAAECI12wNotU67+KnPGhWMcLUxotEQdz4jry+aijaiHP26CDY0RAhoIM9q5xQCqLWJQim +k3JAkfYAcabxGFnxmNBqAAAAEGphd3pAd29ya3N0YXRpb24BAgMEBQ== +-----END OPENSSH PRIVATE KEY----- diff --git a/sudo_hist b/sudo_hist new file mode 100644 index 0000000..8ee2b6a --- /dev/null +++ b/sudo_hist @@ -0,0 +1,457 @@ +clear +exit +clear +dnf install wireguard-tools neovim caddy +systemctl enable --now caddy +systemctl enable --now iptables +dnf install iptables-services +systemctl enable --now iptables + +ls /home/ +ls /home/fedora +nano /etc/ssh/sshd_config +nano /etc/wireguard/wg0.conf +nano /etc/wireguard/home_private.key +sudo useradd -m -s /bin/bash jawz +sudo passwd jawz +sudo usermod -aG wheel jawz +visudo +ls +su jawz +cat /home/jawz/iptables /etc/sysconfig/iptables +cat /home/jawz/iptables > /etc/sysconfig/iptables +cat /home/jawz/iptables-config /etc/sysconfig/iptables-config +cat /home/jawz/iptables-config > /etc/sysconfig/iptables-config +sudo systemctl restart iptables.service +nano /etc/hosts +ls +sudoedit /etc/ssh/sshd_config +ls +sudo reboot +mv /home/jawz/Caddyfile.d/ /etc/caddy/ +ls /etc/caddy/ +ls /etc/caddy/ -la +sudo chown root:root /etc/caddy/Caddyfile -R +ls /etc/caddy/ -la +chown root:root -R /etc/caddy/Caddyfile +ls /etc/caddy/ -la +chown root:root -R /etc/caddy/Caddyfile.d/ +ls /etc/caddy/ -la +sudo systemctl restart caddy +exit +528491 +clear +export TERM=xterm-256color +clear +sudo iptables -S +ping google.com +sudoedit /etc/sysconfig/iptables +sudo systemctl restart iptables.service +sudo systemctl restart wg-quick@wg0.service +sudo iptables -L FORWARD -n -v --line-numbers +sudoedit /etc/sysconfig/iptables +sudo systemctl restart iptables.service +sudoedit /etc/sysconfig/iptables +sudo systemctl restart iptables.service +sudoedit /etc/sysconfig/iptables +sudo iptables-save > /root/iptables-backup-$(date +%s) +sudo iptables -F FORWARD +sudo iptables-restore < /tmp/iptables +sudo iptables -D FORWARD 4 +sudo iptables -S +sudo systemctl restart iptables.service +sudo iptables -S +sudoedit /etc/sysconfig/iptables +sud nvim /etc/sysconfig/iptables +sudo nvim /etc/sysconfig/iptables +sudo systemctl restart iptables.service +sudo journalctl -xeu iptables +sudo nvim /etc/sysconfig/iptables +sudo systemctl restart iptables.service +sudo systemctl restart caddy +cd /etc/caddy/Caddyfile.d/ +ls +mv portfolio.caddyfile portfolio.caddyfile_ +sudo systemctl restart caddy +sudoedit /etc/wireguard/wg0.conf +sudo systemctl restart wg-quick@wg0.service +ping 10.77.0.2:80 +sudoedit /etc/wireguard/wg0.conf +ping 10.77.0.2 +sudo journalctl -xefu wg-quick@wg0 +ping 10.77.0.2 +ping server +wg show +sudoedit /etc/wireguard/wg0.conf +wg show +cd /etc/caddy/Caddyfile.d/ +mv portfolio.caddyfile_ portfolio.caddyfile +mv portfolio.caddyfile portfolio.caddyfile_ +cat /etc/sysconfig/iptables +sudo nvim /etc/sysconfig/iptables +sudo systemctl restart iptables.service +journalctl -xeu iptables +sudo nvim /etc/sysconfig/iptables +sudo systemctl restart iptables.service +sudo iptables -L FORWARD -n -v --line-numbers +# In one terminal, watch the iptables counters +sudo watch -n1 'iptables -L FORWARD -n -v --line-numbers' +export TERM=xterm-256color +sudo watch -n1 'iptables -L FORWARD -n -v --line-numbers' +sudo tcpdump -i any icmp -n +ip addr show wg0 +sudo iptables -I FORWARD 6 -s 10.8.0.0/24 -d 10.77.0.2/32 -p icmp -j ACCEPT +sudo iptables -I FORWARD 7 -s 10.77.0.2/32 -d 10.8.0.0/24 -p icmp -j ACCEPT +sudo iptables -L FORWARD -n -v --line-numbers +sudo iptables-save > /etc/sysconfig/iptables +nano /etc/wireguard/wg0.conf +export TERM=xterm-256color +nano /etc/wireguard/wg0.conf +systemctl restart wg-quick.target +systemctl restart wg-quick@wg0 +cat /etc/wireguard/wg0.conf +sudo nvim /etc/wireguard/wg0.conf +sudo systemctl restart wg-quick@wg0.service +wg show +sudo nvim /etc/wireguard/wg0.conf +sudo systemctl restart wg-quick@wg0.service +wg show +sudo systemctl enable ip6tables +sudo systemctl disable --now nftables 2>/dev/null || true +sudo systemctl mask nftables 2>/dev/null || true +exit +export TERM=xterm-256color +sudo nano /etc/sysconfig/iptables +cd /etc/caddy/Caddyfile.d/ +ls +cat fun.caddyfile__ +rm fun.caddyfile__ +ls +nano simple.caddyfile +export TERM=xterm-256color +nano simple.caddyfile +nvim simple.caddyfile +mv simple.caddyfile servers.caddyfile +systemctl restart caddy +ls +exit +export TERM=xterm-256color +cd /etc/caddy/Caddyfile.d/ +nvim servers.caddyfile +sudo systemctl restart caddy +journalctl -xeu caddy +cd /etc/caddy/Caddyfile.d/ +nvim redirect.caddyfile +sudo systemctl restart caddy +nvim redirect.caddyfile +sudo journalctl -u caddy -f +ls +nvim redirect.caddyfile +mv redirect.caddyfile 10-redirect.caddyfile +nvim 00-allowlist.caddyfile +mv servers.caddyfile 20-servers.caddyfile +cd .. +ls +nvim Caddyfile +sudo systemctl restart caddy +sudo journalctl -u caddy -f +nvim Caddyfile +sudo systemctl restart caddy +nvim Caddyfile +ls +cd Caddyfile.d/ +ls +mv 00-allowlist.caddyfile 00-allowlist.caddyfile_ +mv 10-redirect.caddyfile 10-redirect.caddyfile_ +sudo systemctl restart caddy +exit +cd /etc/caddy/Caddyfile.d/ +nvim servers.caddyfile +nvim redirect.caddyfile +sudo caddy fmt --overwrite redirect.caddyfile +sudo caddy validate --config redirect.caddyfile +nvim /etc/caddy/Caddyfile.d/servers.caddyfile +systemctl restart caddy +cd /etc/caddy/Caddyfile.d/ +ls +rm 00-allowlist.caddyfile_ 10-redirect.caddyfile_ portfolio.caddyfile_ +ls +mv portfolio.caddyfile_ 30-portfolio.caddyfile_ +nvim 30-portfolio.caddyfile_ +ls +cat 20-servers.caddyfile +nvim 20-servers.caddyfile +systemctl restart caddy +nvim 20-servers.caddyfile +nvim 10-nextcloud.caddyfile +nvim 20-servers.caddyfile +cd .. +cat Caddyfile.d/20-servers.caddyfile +cat Caddyfile.d/20-servers.caddyfile | head -n 30 +cat Caddyfile.d/20-servers.caddyfile | head -n 10 +nvim /etc/caddy/client_ca.pem +nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile +systemctl restart caddy +cat Caddyfile.d/20-servers.caddyfile | head -n 10 +exit +nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile +nvim /etc/caddy/Caddyfile.d/15-private.caddyfile +sudo systemctl restart caddy +nvim /etc/caddy/Caddyfile.d/10-nextcloud.caddyfile +nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile +cat /etc/caddy/Caddyfile.d/20-servers.caddyfile +exit +cd /etc/ +ls +cd sysconfig/ +ls +nvim iptables +cat iptables +curl 10.77.0.2:8999 +nvim iptables +sudo systemctl restart iptables.service +exit +curl 10.77.0.2:8999 +curl 10.8.0.2:8999 +curl 10.8.0.1:8999 +exit +cd /etc/wireguard/ +ls +cat wg0.conf +exit +cd /etc/caddy/ +ls +cd Caddyfile.d/ +ls +mv 30-portfolio.caddyfile_ 30-portfolio.caddyfile +cat 15-private.caddyfile__ +ls +cat 25-static.caddyfile +cat 30-portfolio.caddyfile +rm 30-portfolio.caddyfile +nvim 25-static.caddyfile +systemctl restart caddy +exit +cat /etc/caddy/Caddyfile.d/25-static.caddyfile +nvim /etc/caddy/Caddyfile.d/25-static.caddyfile +sudo systemctl restart caddy +nvim /etc/caddy/Caddyfile.d/25-static.caddyfile +sudo systemctl restart caddy +cat /etc/caddy/Caddyfile.d/25-static.caddyfile +nvim /etc/caddy/Caddyfile.d/25-static.caddyfile +sudo systemctl restart caddy +cat /etc/caddy/Caddyfile.d/25-static.caddyfile +caddy validate --config /etc/caddy/Caddyfile.d/25-static.caddyfile +caddy fmt --overwrite /etc/caddy/Caddyfile.d/* +caddy fmt --overwrite /etc/caddy/Caddyfile.d/25-static.caddyfile +find -tf /etc/caddy/Caddyfile.d/25-static.caddyfile +find -type f /etc/caddy/Caddyfile.d/ +find /etc/caddy/Caddyfile.d/ -type f +find /etc/caddy/Caddyfile.d/ -type f -exec caddy fmt --overwrite {} +find /etc/caddy/Caddyfile.d/ -type f -exec caddy fmt --overwrite {} \; +caddy validate --config /etc/caddy/Caddyfile.d/25-static.caddyfile +ls -la /var/www/html/portfolio/ +ls -la /var/www/html/portfolio/images/ +ls -la /var/www/html/portfolio/old_ijwbs/ +du -sh /var/www/html/portfolio/ +ls -la /var/www/html/portfolio/ +ls -la /var/www/html/portfolio/friends/ +cd /etc/sysconfig/ +ls +cat iptables +rg 51413 +rg 51412 +cat iptables +sudo tcpdump -ni eth0 port 51412 +sudo tcpdump -ni wg0 port 51412 +sudo tcpdump -ni eth0 port 51412 +ss -ltnp | grep ":51412" +sysctl -w net.ipv4.ip_forward=1 +# ---- NAT (insert at top) ---- +iptables -t nat -I PREROUTING 1 -i eth0 -p tcp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412 +iptables -t nat -I PREROUTING 2 -i eth0 -p udp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412 +iptables -t nat -I POSTROUTING 1 -s 10.77.0.0/24 -o eth0 -j MASQUERADE +# ---- FORWARD ---- +iptables -I FORWARD 1 -i eth0 -o wg0 -p tcp -d 10.77.0.2 --dport 51412 -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT +iptables -I FORWARD 2 -i eth0 -o wg0 -p udp -d 10.77.0.2 --dport 51412 -j ACCEPT +iptables -I FORWARD 3 -i wg0 -o eth0 -s 10.77.0.2 -p tcp --sport 51412 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT +iptables -I FORWARD 4 -i wg0 -o eth0 -s 10.77.0.2 -p udp --sport 51412 -j ACCEPT +iptables -I FORWARD 5 -i wg0 -o eth0 -j ACCEPT +iptables -I FORWARD 6 -i eth0 -o wg0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT +net.ipv4.ip_forward = 1 +sysctl -w net.ipv4.ip_forward=1 +iptables -t nat -I PREROUTING 1 -i eth0 -p tcp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412 +iptables -t nat -I PREROUTING 2 -i eth0 -p udp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412 +iptables -t nat -I POSTROUTING 1 -s 10.77.0.0/24 -o eth0 -j MASQUERADE +iptables -I FORWARD 1 -i eth0 -o wg0 -p tcp -d 10.77.0.2 --dport 51412 -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT +iptables -I FORWARD 2 -i eth0 -o wg0 -p udp -d 10.77.0.2 --dport 51412 -j ACCEPT +iptables -I FORWARD 3 -i wg0 -o eth0 -s 10.77.0.2 -p tcp --sport 51412 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT +iptables -I FORWARD 4 -i wg0 -o eth0 -s 10.77.0.2 -p udp --sport 51412 -j ACCEPT +iptables -I FORWARD 5 -i wg0 -o eth0 -j ACCEPT +iptables -I FORWARD 6 -i eth0 -o wg0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT +iptables -L FORWARD -n -v --line-numbers +iptables -t nat -L -n -v --line-numbers +iptables -L FORWARD -n -v --line-numbers +iptables -t nat -L -n -v --line-numbers +sudo tcpdump -ni eth0 port 51412 +curl -4 ifconfig.me +tcpdump -ni eth0 port 51412 +ss -lntup | grep 51412 +iptables -t raw -I PREROUTING 1 -p tcp --dport 51412 -j NOTRACK +iptables -t raw -I PREROUTING 1 -p udp --dport 51412 -j NOTRACK +iptables -t nat -I PREROUTING 1 -i eth0 -p tcp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412 +iptables -t nat -I PREROUTING 2 -i eth0 -p udp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412 +iptables -I FORWARD 1 -i eth0 -o wg0 -p tcp -d 10.77.0.2 --dport 51412 -j ACCEPT +iptables -I FORWARD 2 -i eth0 -o wg0 -p udp -d 10.77.0.2 --dport 51412 -j ACCEPT +iptables -I FORWARD 3 -i wg0 -o eth0 -s 10.77.0.2 --sport 51412 -j ACCEPT +iptables -t nat -I POSTROUTING 1 -s 10.77.0.2 -o eth0 -j MASQUERADE +tcpdump -ni wg0 port 51412 +sysctl net.ipv4.ip_forward +iptables -t raw -I PREROUTING 1 -p tcp --dport 51412 -j NOTRACK +iptables -t raw -I PREROUTING 2 -p udp --dport 51412 -j NOTRACK +iptables -t nat -I PREROUTING 1 -i eth0 -p tcp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412 +iptables -t nat -I PREROUTING 2 -i eth0 -p udp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412 +iptables -I FORWARD 1 -i eth0 -o wg0 -p tcp -d 10.77.0.2 --dport 51412 -j ACCEPT +iptables -I FORWARD 2 -i eth0 -o wg0 -p udp -d 10.77.0.2 --dport 51412 -j ACCEPT +iptables -I FORWARD 3 -i wg0 -o eth0 -s 10.77.0.2 --sport 51412 -j ACCEPT +iptables -t nat -I POSTROUTING 1 -s 10.77.0.2 -o eth0 -j MASQUERADE +tcpdump -ni wg0 port 51412 +tcpdump -ni eth0 'tcp port 51412' +sysctl net.ipv4.conf.eth0.route_localnet +sysctl -w net.ipv4.conf.eth0.route_localnet=1 +ip rule add fwmark 0x1 lookup 100 +ip route add default dev wg0 table 100 +iptables -t mangle -I PREROUTING 1 -i eth0 -p tcp --dport 51412 -j MARK --set-mark 1 +iptables -t mangle -I PREROUTING 2 -i eth0 -p udp --dport 51412 -j MARK --set-mark 1 +tcpdump -ni eth0 'tcp port 51412' +reboot +mkfs.ext4 "/dev/disk/by-id/scsi-0Linode_Volume_box" +mkdir /mnt/box +mount "/dev/disk/by-id/scsi-0Linode_Volume_box" "/mnt/box" +nvim /etc/fstab +cd /mnt/box/ +ls -lag +sudo dnf install -y qbittorrent-nox +exit +cd /srv/torrents/downloads/ +ls +cd The.Sims.4.Jenny/ +ls +du -sh +rm rune +rm rune.nfo +exit +cd /srv/torrents/downloads/ +ls +ls ../incomplete/ +ls +ls in +ls ../incomplete/ +ls +ls -lag +cd .. +su -sh +dh -sh +du -sh +df -h +ls +rm -rf incomplete/The.Sims.4.Jenny/ +exit +cd +cd /srv/torrents/ +ls -lag +du -sh +ls +mv tits/The.Sims.4.Jenny/ incomplete/ +rmdir tits/ +chown -R qbittorrent:qbittorrent incomplete/ +cd /etc/sysconfig/ +ls +cp iptables iptables_working +nvim iptables +systemctl restart iptables.service +journal -xeu iptables +journalctl -xeu iptables +nvim iptables +systemctl restart iptables.service +journalctl -xeu iptables +exit +nvim iptables +cd /etc/sysconfig/ +nvim iptables +cd /etc/wireguard/ +ls +nvim wg0.conf +nvim /etc/sysconfig/iptables +cd /etc/wireguard/ +ls +wg genkey | tee privatekey | wg pubkey > publickey +ls +rm privatekey publickey +ls +mkdir friend +cd friend/ +wg genkey | tee privatekey | wg pubkey > publickey +ls +cat privatekey +cat publickey +nvim ../wg0.conf +cat privatekey +nvim ../wg0.conf +systemctl restart wireguard +systemctl restart wg-quick@wg0.service +nvim /etc/sysconfig/iptables +nvim ../wg0.conf +systemctl restart wg-quick@wg0.service +nvim ../wg0.conf +wg show +nvim ../wg0.conf +nvim /etc/sysconfig/iptables +sudo systemctl restart iptables.service +nvim ../wg0.conf +cd /etc/wireguard/ +ls +cd friend/ +ls +rm * +wg genkey | tee privatekey | wg pubkey > publickey +cat publickey +nvim ../wg0.conf +cat privatekey +nvim ../wg0.conf +rm * +wg genkey | tee privatekey | wg pubkey > publickey +cat publickey +nvim ../wg0.conf +cat privatekey +rm * +wg genkey | tee privatekey | wg pubkey > publickey +cat publickey +nvim ../wg0.conf +cat privatekey +nvim /etc/sysconfig/iptables +sudo reboot +cd /etc/caddy/Caddyfile.d/ +ls +rg xxx +nvim 15-private.caddyfile +sudo systemctl restart caddy +nvim 15-private.caddyfile +nvim 15-private.caddyfile__ +exit +cd /etc/wireguard/ +ls +cat wg0.conf +ls +ls friend/ +rm friend/ -rf +ls +cd /var/www/html/ +ls -lag blog/ lidarr-mb-gap/ portfolio/ +ls -lag +ls -la +ls +cd +su deploy +su lidarr-reports +exit