diff --git a/hosts/server/default.nix b/hosts/server/default.nix index 10cc8ef..0681dbc 100644 --- a/hosts/server/default.nix +++ b/hosts/server/default.nix @@ -159,6 +159,7 @@ in { nix-bash-completions nixfmt pkg-config + podman poppler_utils ruby sops diff --git a/hosts/w1/caddy/Caddyfile b/hosts/w1/caddy/Caddyfile new file mode 100644 index 0000000..465b23e --- /dev/null +++ b/hosts/w1/caddy/Caddyfile @@ -0,0 +1,84 @@ +w1.duckland.org { + tls duck@duckland.org + root * /srv/duckland + encode gzip + file_server + header / { + Content-Security-Policy = "upgrade-insecure-requests; default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; object-src 'self'; worker-src 'self'; manifest-src 'self';" + Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload" + X-Xss-Protection = "1; mode=block" + X-Frame-Options = "DENY" + X-Content-Type-Options = "nosniff" + Referrer-Policy = "strict-origin-when-cross-origin" + Permissions-Policy = "fullscreen=(self)" + cache-control = "max-age=0,no-cache,no-store,must-revalidate" + } +} + +w1.donharper.org { + tls duck@duckland.org + root * /srv/donharper + encode gzip + file_server + header / { + Content-Security-Policy = "upgrade-insecure-requests; default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; object-src 'self'; worker-src 'self'; manifest-src 'self';" + Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload" + X-Xss-Protection = "1; mode=block" + X-Frame-Options = "DENY" + X-Content-Type-Options = "nosniff" + Referrer-Policy = "strict-origin-when-cross-origin" + Permissions-Policy = "fullscreen=(self)" + cache-control = "max-age=0,no-cache,no-store,must-revalidate" + } +} + +w1.donaldharper.com { + tls duck@duckland.org + root * /srv/donaldharper + encode gzip + file_server + header / { + Content-Security-Policy = "upgrade-insecure-requests; default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; object-src 'self'; worker-src 'self'; manifest-src 'self';" + Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload" + X-Xss-Protection = "1; mode=block" + X-Frame-Options = "DENY" + X-Content-Type-Options = "nosniff" + Referrer-Policy = "strict-origin-when-cross-origin" + Permissions-Policy = "fullscreen=(self)" + cache-control = "max-age=0,no-cache,no-store,must-revalidate" + } +} + +travel.donaldharper.com { + tls duck@duckland.org + root * /srv/travel + encode gzip + file_server + header / { + Content-Security-Policy = "upgrade-insecure-requests; default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; object-src 'self'; worker-src 'self'; manifest-src 'self';" + Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload" + X-Xss-Protection = "1; mode=block" + X-Frame-Options = "DENY" + X-Content-Type-Options = "nosniff" + Referrer-Policy = "strict-origin-when-cross-origin" + Permissions-Policy = "fullscreen=(self)" + cache-control = "max-age=0,no-cache,no-store,must-revalidate" + } +} + +p365.donaldharper.com { + tls duck@duckland.org + root * /srv/p365 + encode gzip + file_server + header / { + Content-Security-Policy = "upgrade-insecure-requests; default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; object-src 'self'; worker-src 'self'; manifest-src 'self';" + Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload" + X-Xss-Protection = "1; mode=block" + X-Frame-Options = "DENY" + X-Content-Type-Options = "nosniff" + Referrer-Policy = "strict-origin-when-cross-origin" + Permissions-Policy = "fullscreen=(self)" + cache-control = "max-age=0,no-cache,no-store,must-revalidate" + } +} diff --git a/hosts/w1/caddy/config/autosave.json b/hosts/w1/caddy/config/autosave.json new file mode 100644 index 0000000..7212f87 --- /dev/null +++ b/hosts/w1/caddy/config/autosave.json @@ -0,0 +1 @@ +{"apps":{"http":{"servers":{"srv0":{"listen":[":443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"vars","root":"/srv/travel"}]},{"handle":[{"handler":"headers","response":{"replace":{"Content-Security-Policy":[{"replace":"upgrade-insecure-requests; default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; object-src 'self'; worker-src 'self'; manifest-src 'self';","search_regexp":"="}],"Permissions-Policy":[{"replace":"fullscreen=(self)","search_regexp":"="}],"Referrer-Policy":[{"replace":"strict-origin-when-cross-origin","search_regexp":"="}],"Strict-Transport-Security":[{"replace":"max-age=63072000; includeSubDomains; preload","search_regexp":"="}],"X-Content-Type-Options":[{"replace":"nosniff","search_regexp":"="}],"X-Frame-Options":[{"replace":"DENY","search_regexp":"="}],"X-Xss-Protection":[{"replace":"1; mode=block","search_regexp":"="}],"cache-control":[{"replace":"max-age=0,no-cache,no-store,must-revalidate","search_regexp":"="}]}}}],"match":[{"path":["/"]}]},{"handle":[{"encodings":{"gzip":{}},"handler":"encode","prefer":["gzip"]},{"handler":"file_server","hide":["/etc/caddy/Caddyfile"]}]}]}],"match":[{"host":["travel.donaldharper.com"]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"vars","root":"/srv/p365"}]},{"handle":[{"handler":"headers","response":{"replace":{"Content-Security-Policy":[{"replace":"upgrade-insecure-requests; default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; object-src 'self'; worker-src 'self'; manifest-src 'self';","search_regexp":"="}],"Permissions-Policy":[{"replace":"fullscreen=(self)","search_regexp":"="}],"Referrer-Policy":[{"replace":"strict-origin-when-cross-origin","search_regexp":"="}],"Strict-Transport-Security":[{"replace":"max-age=63072000; includeSubDomains; preload","search_regexp":"="}],"X-Content-Type-Options":[{"replace":"nosniff","search_regexp":"="}],"X-Frame-Options":[{"replace":"DENY","search_regexp":"="}],"X-Xss-Protection":[{"replace":"1; mode=block","search_regexp":"="}],"cache-control":[{"replace":"max-age=0,no-cache,no-store,must-revalidate","search_regexp":"="}]}}}],"match":[{"path":["/"]}]},{"handle":[{"encodings":{"gzip":{}},"handler":"encode","prefer":["gzip"]},{"handler":"file_server","hide":["/etc/caddy/Caddyfile"]}]}]}],"match":[{"host":["p365.donaldharper.com"]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"vars","root":"/srv/donaldharper"}]},{"handle":[{"handler":"headers","response":{"replace":{"Content-Security-Policy":[{"replace":"upgrade-insecure-requests; default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; object-src 'self'; worker-src 'self'; manifest-src 'self';","search_regexp":"="}],"Permissions-Policy":[{"replace":"fullscreen=(self)","search_regexp":"="}],"Referrer-Policy":[{"replace":"strict-origin-when-cross-origin","search_regexp":"="}],"Strict-Transport-Security":[{"replace":"max-age=63072000; includeSubDomains; preload","search_regexp":"="}],"X-Content-Type-Options":[{"replace":"nosniff","search_regexp":"="}],"X-Frame-Options":[{"replace":"DENY","search_regexp":"="}],"X-Xss-Protection":[{"replace":"1; mode=block","search_regexp":"="}],"cache-control":[{"replace":"max-age=0,no-cache,no-store,must-revalidate","search_regexp":"="}]}}}],"match":[{"path":["/"]}]},{"handle":[{"encodings":{"gzip":{}},"handler":"encode","prefer":["gzip"]},{"handler":"file_server","hide":["/etc/caddy/Caddyfile"]}]}]}],"match":[{"host":["www.donaldharper.com"]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"vars","root":"/srv/donharper"}]},{"handle":[{"handler":"headers","response":{"replace":{"Content-Security-Policy":[{"replace":"upgrade-insecure-requests; default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; object-src 'self'; worker-src 'self'; manifest-src 'self';","search_regexp":"="}],"Permissions-Policy":[{"replace":"fullscreen=(self)","search_regexp":"="}],"Referrer-Policy":[{"replace":"strict-origin-when-cross-origin","search_regexp":"="}],"Strict-Transport-Security":[{"replace":"max-age=63072000; includeSubDomains; preload","search_regexp":"="}],"X-Content-Type-Options":[{"replace":"nosniff","search_regexp":"="}],"X-Frame-Options":[{"replace":"DENY","search_regexp":"="}],"X-Xss-Protection":[{"replace":"1; mode=block","search_regexp":"="}],"cache-control":[{"replace":"max-age=0,no-cache,no-store,must-revalidate","search_regexp":"="}]}}}],"match":[{"path":["/"]}]},{"handle":[{"encodings":{"gzip":{}},"handler":"encode","prefer":["gzip"]},{"handler":"file_server","hide":["/etc/caddy/Caddyfile"]}]}]}],"match":[{"host":["www.donharper.org"]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"vars","root":"/srv/duckland"}]},{"handle":[{"handler":"headers","response":{"replace":{"Content-Security-Policy":[{"replace":"upgrade-insecure-requests; default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; object-src 'self'; worker-src 'self'; manifest-src 'self';","search_regexp":"="}],"Permissions-Policy":[{"replace":"fullscreen=(self)","search_regexp":"="}],"Referrer-Policy":[{"replace":"strict-origin-when-cross-origin","search_regexp":"="}],"Strict-Transport-Security":[{"replace":"max-age=63072000; includeSubDomains; preload","search_regexp":"="}],"X-Content-Type-Options":[{"replace":"nosniff","search_regexp":"="}],"X-Frame-Options":[{"replace":"DENY","search_regexp":"="}],"X-Xss-Protection":[{"replace":"1; mode=block","search_regexp":"="}],"cache-control":[{"replace":"max-age=0,no-cache,no-store,must-revalidate","search_regexp":"="}]}}}],"match":[{"path":["/"]}]},{"handle":[{"encodings":{"gzip":{}},"handler":"encode","prefer":["gzip"]},{"handler":"file_server","hide":["/etc/caddy/Caddyfile"]}]}]}],"match":[{"host":["www.duckland.org"]}],"terminal":true}]}}},"tls":{"automation":{"policies":[{"issuers":[{"email":"duck@duckland.org","module":"acme"},{"ca":"https://acme.zerossl.com/v2/DV90","email":"duck@duckland.org","module":"acme"}],"subjects":["travel.donaldharper.com","p365.donaldharper.com","www.donaldharper.com","www.donharper.org","www.duckland.org"]}]}}}} \ No newline at end of file diff --git a/hosts/w1/caddy/data/acme/acme-v02.api.letsencrypt.org-directory/users/duck@duckland.org/duck.json b/hosts/w1/caddy/data/acme/acme-v02.api.letsencrypt.org-directory/users/duck@duckland.org/duck.json new file mode 100644 index 0000000..80c36ce --- /dev/null +++ b/hosts/w1/caddy/data/acme/acme-v02.api.letsencrypt.org-directory/users/duck@duckland.org/duck.json @@ -0,0 +1,9 @@ +{ + "status": "valid", + "contact": [ + "mailto:duck@duckland.org" + ], + "termsOfServiceAgreed": true, + "orders": "", + "location": "https://acme-v02.api.letsencrypt.org/acme/acct/1889063386" +} \ No newline at end of file diff --git a/hosts/w1/caddy/data/acme/acme-v02.api.letsencrypt.org-directory/users/duck@duckland.org/duck.key b/hosts/w1/caddy/data/acme/acme-v02.api.letsencrypt.org-directory/users/duck@duckland.org/duck.key new file mode 100644 index 0000000..7114ecb --- /dev/null +++ b/hosts/w1/caddy/data/acme/acme-v02.api.letsencrypt.org-directory/users/duck@duckland.org/duck.key @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIIlW508VCo9g2ry0ZctG4v45Lno7V2lvZvaDkTXn3JFPoAoGCCqGSM49 +AwEHoUQDQgAEaGMseDmCsS4C/Ka5A/F3diaWkr+PoOuw6H3nEzdU/F2zA4zIO2c1 +CqIVVzAnjC16N/lfZGe8t52KX4waKICrZg== +-----END EC PRIVATE KEY----- diff --git a/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/p365.donaldharper.com/p365.donaldharper.com.crt b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/p365.donaldharper.com/p365.donaldharper.com.crt new file mode 100644 index 0000000..1f87b02 --- /dev/null +++ b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/p365.donaldharper.com/p365.donaldharper.com.crt @@ -0,0 +1,48 @@ +-----BEGIN CERTIFICATE----- +MIIDijCCAxCgAwIBAgISA9AhiM16asrfpZIUmj/tzKp8MAoGCCqGSM49BAMDMDIx +CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF +NjAeFw0yNDEyMTAwMTAwNTNaFw0yNTAzMTAwMTAwNTJaMCAxHjAcBgNVBAMTFXAz +NjUuZG9uYWxkaGFycGVyLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNWS +1VHfp3F7+crfQK4lpoAwntU3Lhs3TxetipHHQfk/roFHluEdjo5lm1OXcA2QojRh +qbehDd6h8UguY72Ts7CjggIWMIICEjAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYw +FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFPv4 +Idl1KymM8yvZzlIK+ma9NVfFMB8GA1UdIwQYMBaAFJMnRpgDqVFojpjWxEJI2yO/ +WJTSMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL2U2Lm8ubGVu +Y3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vZTYuaS5sZW5jci5vcmcvMCAGA1Ud +EQQZMBeCFXAzNjUuZG9uYWxkaGFycGVyLmNvbTATBgNVHSAEDDAKMAgGBmeBDAEC +ATCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AHMgIg8IFor588SmiwqyappKAO71 +d4WKCE0FANSlQkRZAAABk65K4SYAAAQDAEcwRQIhAO7+AAp91RRrB8lmjIRAJonN +EEZyqrQhWs0mxnA8QP0ZAiBDv3Ho0slivZ2f6VNl9VkHjq7RiQ9dH328LnIl2vvB +mwB1AKLjCuRF772tm3447Udnd1PXgluElNcrXhssxLlQpEfnAAABk65K4SUAAAQD +AEYwRAIgMyzTNdujxAMGoCCcJ4Ed2WhJSZx4YDYqX6p/MZHPF2UCIEioRkKrPKNn +1cpl5Z4lS3VtG0GjdhtEq9afVuxQvsWUMAoGCCqGSM49BAMDA2gAMGUCMGs6iyFq +h0jGjOuEzrjOd5KxKYdGyrDiNYlxAjVnOGyDEtAHEyMg6R8qo+8sZ3PS1wIxAJbD +l+KnzG7smHrakPH4WI32dTD15kvuLjA/lPy6Co4IRrGYGYGU/PCAjGdNv+yP4g== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw +WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg +RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G +h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV +6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw +gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD +ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj +v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB +AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g +BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu +Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc +MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL +pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp +eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH +pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7 +s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu +h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv +YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8 +ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0 +LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+ +EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY +Ig46v9mFmBvyH04= +-----END CERTIFICATE----- diff --git a/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/p365.donaldharper.com/p365.donaldharper.com.json b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/p365.donaldharper.com/p365.donaldharper.com.json new file mode 100644 index 0000000..9366c6c --- /dev/null +++ b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/p365.donaldharper.com/p365.donaldharper.com.json @@ -0,0 +1,18 @@ +{ + "sans": [ + "p365.donaldharper.com" + ], + "issuer_data": { + "url": "https://acme-v02.api.letsencrypt.org/acme/cert/03d02188cd7a6acadfa592149a3fedccaa7c", + "ca": "https://acme-v02.api.letsencrypt.org/directory", + "renewal_info": { + "suggestedWindow": { + "start": "2025-02-07T01:20:22Z", + "end": "2025-02-09T01:20:22Z" + }, + "_uniqueIdentifier": "kydGmAOpUWiOmNbEQkjbI79YlNI.A9AhiM16asrfpZIUmj_tzKp8", + "_retryAfter": "2024-12-26T08:30:19.198659209Z", + "_selectedTime": "2025-02-08T01:47:23Z" + } + } +} \ No newline at end of file diff --git a/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/p365.donaldharper.com/p365.donaldharper.com.key b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/p365.donaldharper.com/p365.donaldharper.com.key new file mode 100644 index 0000000..d1f94fb --- /dev/null +++ b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/p365.donaldharper.com/p365.donaldharper.com.key @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEILtBFECtXZrLH/F6Arlk4NX7/uOeoGUfiCkJXhGiqGxtoAoGCCqGSM49 +AwEHoUQDQgAE1ZLVUd+ncXv5yt9AriWmgDCe1TcuGzdPF62KkcdB+T+ugUeW4R2O +jmWbU5dwDZCiNGGpt6EN3qHxSC5jvZOzsA== +-----END EC PRIVATE KEY----- diff --git a/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/travel.donaldharper.com/travel.donaldharper.com.crt b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/travel.donaldharper.com/travel.donaldharper.com.crt new file mode 100644 index 0000000..3df8286 --- /dev/null +++ b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/travel.donaldharper.com/travel.donaldharper.com.crt @@ -0,0 +1,49 @@ +-----BEGIN CERTIFICATE----- +MIIDjjCCAxSgAwIBAgISA6cj2ogy1b1c/9HKJyFDAVgAMAoGCCqGSM49BAMDMDIx +CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF +NjAeFw0yNDEyMTEwMDUwNTNaFw0yNTAzMTEwMDUwNTJaMCIxIDAeBgNVBAMTF3Ry +YXZlbC5kb25hbGRoYXJwZXIuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE +gUu8L7lOH3i3aUvnEdbkRYTC+OQBLVtXhp40mZBoUqHcDFAr7LQZf9K8cN2rKPJQ +qvhu+9xa2Zybo/Dx98m4V6OCAhgwggIUMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUE +FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU +JdWr7AwAb5+4OvILFf8ktQS5ZrEwHwYDVR0jBBgwFoAUkydGmAOpUWiOmNbEQkjb +I79YlNIwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vZTYuby5s +ZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9lNi5pLmxlbmNyLm9yZy8wIgYD +VR0RBBswGYIXdHJhdmVsLmRvbmFsZGhhcnBlci5jb20wEwYDVR0gBAwwCjAIBgZn +gQwBAgEwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgDehYHXUCR8a83Lr1Y3xeeB +xkzkbtYXY5+PNKcmyeK9NwAAAZOzaBYyAAAEAwBHMEUCIQC9Rg9CyhIx0tpY/t0s +Cf8zDNywoEDVUKKOzRcX53byEAIgFsvBUqKQwv/3zRpQUjrWGfe9W6/wGSU/u5gJ +rhivzswAdQATSt8atZhCCXgMb+9MepGkFrcjSc5YV2rfrtqnwqvgIgAAAZOzaBb3 +AAAEAwBGMEQCIAFwHu8t1lIStGV4On/z3K5xUFlc4Nnca23szRrZPrRVAiBUzcLd +o/DUEd/WmvD3GOFPoIss1xERfBM4LrPiHSbdLzAKBggqhkjOPQQDAwNoADBlAjEA +ty1AOHFbXPGniJkt1HD7Xsnurb/5U4U0d3gCUlPA8tqrLEs+h5PuOAettlqQOVaL +AjAWZZpwPF/Ecjg2EAxYCIlTbplpeoJqe3D6sc2W5JBfFLujPPLtsFMDJ/x6eZcz +4Aw= +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw +WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg +RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G +h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV +6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw +gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD +ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj +v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB +AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g +BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu +Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc +MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL +pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp +eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH +pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7 +s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu +h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv +YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8 +ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0 +LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+ +EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY +Ig46v9mFmBvyH04= +-----END CERTIFICATE----- diff --git a/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/travel.donaldharper.com/travel.donaldharper.com.json b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/travel.donaldharper.com/travel.donaldharper.com.json new file mode 100644 index 0000000..d603d3f --- /dev/null +++ b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/travel.donaldharper.com/travel.donaldharper.com.json @@ -0,0 +1,18 @@ +{ + "sans": [ + "travel.donaldharper.com" + ], + "issuer_data": { + "url": "https://acme-v02.api.letsencrypt.org/acme/cert/03a723da8832d5bd5cffd1ca272143015800", + "ca": "https://acme-v02.api.letsencrypt.org/directory", + "renewal_info": { + "suggestedWindow": { + "start": "2025-02-08T01:10:22Z", + "end": "2025-02-10T01:10:22Z" + }, + "_uniqueIdentifier": "kydGmAOpUWiOmNbEQkjbI79YlNI.A6cj2ogy1b1c_9HKJyFDAVgA", + "_retryAfter": "2024-12-26T08:30:19.156733927Z", + "_selectedTime": "2025-02-08T14:40:53Z" + } + } +} \ No newline at end of file diff --git a/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/travel.donaldharper.com/travel.donaldharper.com.key b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/travel.donaldharper.com/travel.donaldharper.com.key new file mode 100644 index 0000000..2255395 --- /dev/null +++ b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/travel.donaldharper.com/travel.donaldharper.com.key @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIOPgazRldWjnT192j4o9L3NB6SGGMW9G6e9/uhYBr0rroAoGCCqGSM49 +AwEHoUQDQgAEgUu8L7lOH3i3aUvnEdbkRYTC+OQBLVtXhp40mZBoUqHcDFAr7LQZ +f9K8cN2rKPJQqvhu+9xa2Zybo/Dx98m4Vw== +-----END EC PRIVATE KEY----- diff --git a/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.donaldharper.com/www.donaldharper.com.crt b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.donaldharper.com/www.donaldharper.com.crt new file mode 100644 index 0000000..7c085c7 --- /dev/null +++ b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.donaldharper.com/www.donaldharper.com.crt @@ -0,0 +1,48 @@ +-----BEGIN CERTIFICATE----- +MIIDizCCAxCgAwIBAgISAxIfFeHq7d/qbhPQ8mGDDF9BMAoGCCqGSM49BAMDMDIx +CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF +NTAeFw0yNDEyMTAxODMwNTNaFw0yNTAzMTAxODMwNTJaMB8xHTAbBgNVBAMTFHd3 +dy5kb25hbGRoYXJwZXIuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbcs3 +IFu6lFKbf4UGFyFvDbW+LvaA5inRGC2iY11df3r540YlkIQ0NPovYWUufjgpOCjc +oQIF6ysRfkexcBlpzqOCAhcwggITMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAU +BggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUKYMN +oaOF6mRLo0QXS3wtGHkoKHgwHwYDVR0jBBgwFoAUnytfzzwhT50Et+0rLMTGcIvS +1w0wVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vZTUuby5sZW5j +ci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9lNS5pLmxlbmNyLm9yZy8wHwYDVR0R +BBgwFoIUd3d3LmRvbmFsZGhhcnBlci5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEw +ggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgDM+w9qhXEJZf6Vm1PO6bJ8IumFXA2X +jbapflTA/kwNsAAAAZOyDC7KAAAEAwBHMEUCIQDfnYVHGlAyg7hUlEIvmyMw4Csn +nggQRSi32nDPwWbUDAIgcKqw7MJ370My5Eg3JA85GqJD/uxhPyUp8dMml/nKMJYA +dwDPEVbu1S58r/OHW9lpLpvpGnFnSrAX7KwB0lt3zsw7CAAAAZOyDC7PAAAEAwBI +MEYCIQCxT+mGc02Uo3v2C3jPWyiSTQXtQ9EyhSWKqpyqvDgamgIhAPC63QIQAviK +adYZCLAR7o1UEg2CcD1tc7Py8mYufljZMAoGCCqGSM49BAMDA2kAMGYCMQDlnmBZ +ByVSn5SxGkur6YHd4ujxmyLkRFLZ7DR/IILkllzd9bRtDQNUhr74isDPZG8CMQC8 +p0RPjAliZconPgNJsFw5Ja2GJ7G7a7aXMJ6gIbtkB63spTn5aHWLi3JsN/QiGHY= +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw +WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg +RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK +a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO +VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw +gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD +ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw +i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB +AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g +BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu +Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C +2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+ +bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG +6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV +XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO +koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq +cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI +E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e +K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX +GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL +sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd +VQD9F6Na/+zmXCc= +-----END CERTIFICATE----- diff --git a/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.donaldharper.com/www.donaldharper.com.json b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.donaldharper.com/www.donaldharper.com.json new file mode 100644 index 0000000..e96744b --- /dev/null +++ b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.donaldharper.com/www.donaldharper.com.json @@ -0,0 +1,18 @@ +{ + "sans": [ + "www.donaldharper.com" + ], + "issuer_data": { + "url": "https://acme-v02.api.letsencrypt.org/acme/cert/03121f15e1eaeddfea6e13d0f261830c5f41", + "ca": "https://acme-v02.api.letsencrypt.org/directory", + "renewal_info": { + "suggestedWindow": { + "start": "2025-02-07T18:50:22Z", + "end": "2025-02-09T18:50:22Z" + }, + "_uniqueIdentifier": "nytfzzwhT50Et-0rLMTGcIvS1w0.AxIfFeHq7d_qbhPQ8mGDDF9B", + "_retryAfter": "2024-12-26T08:30:18.978537601Z", + "_selectedTime": "2025-02-08T10:00:26Z" + } + } +} \ No newline at end of file diff --git a/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.donaldharper.com/www.donaldharper.com.key b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.donaldharper.com/www.donaldharper.com.key new file mode 100644 index 0000000..2abe088 --- /dev/null +++ b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.donaldharper.com/www.donaldharper.com.key @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEILiXVwvp5AeESeU39H8DsC4v5jDw/UuK70Elcxgp73JRoAoGCCqGSM49 +AwEHoUQDQgAEbcs3IFu6lFKbf4UGFyFvDbW+LvaA5inRGC2iY11df3r540YlkIQ0 +NPovYWUufjgpOCjcoQIF6ysRfkexcBlpzg== +-----END EC PRIVATE KEY----- diff --git a/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.donharper.org/www.donharper.org.crt b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.donharper.org/www.donharper.org.crt new file mode 100644 index 0000000..5bdd373 --- /dev/null +++ b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.donharper.org/www.donharper.org.crt @@ -0,0 +1,48 @@ +-----BEGIN CERTIFICATE----- +MIIDgzCCAwmgAwIBAgISBD+eusFX00dYKStdrSgtlfMqMAoGCCqGSM49BAMDMDIx +CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF +NTAeFw0yNDEyMDkyMDMwNTNaFw0yNTAzMDkyMDMwNTJaMBwxGjAYBgNVBAMTEXd3 +dy5kb25oYXJwZXIub3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDuXgP4vg +W9hY1+VhLz/GKCQViDJ8NRRzYl1o0/ckIE5QyGKoE47ETgbyquvkF5+y4rS/l3DR +p8o+ZBXFY/6fPaOCAhMwggIPMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggr +BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUscmu957l +hK4urPE5zduhEaUS9QYwHwYDVR0jBBgwFoAUnytfzzwhT50Et+0rLMTGcIvS1w0w +VQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vZTUuby5sZW5jci5v +cmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9lNS5pLmxlbmNyLm9yZy8wHAYDVR0RBBUw +E4IRd3d3LmRvbmhhcnBlci5vcmcwEwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgor +BgEEAdZ5AgQCBIH1BIHyAPAAdgBzICIPCBaK+fPEposKsmqaSgDu9XeFighNBQDU +pUJEWQAAAZOtU7COAAAEAwBHMEUCIHttPVU/eoZ+6lwBfg0FT+1bepVZkiFLTM63 +TI6BDqMFAiEApeuHA9M3aD/UeXIXI6A9maL/43nzkL0GbgeJnsP6S+QAdgCi4wrk +Re+9rZt+OO1HZ3dT14JbhJTXK14bLMS5UKRH5wAAAZOtU7CEAAAEAwBHMEUCIQCn +BZRzxfCoPncfHsSVEs7uqSyAdo4LDjNWNVb5OUnCwwIgEh4xOwN3qddNNPsY3frf +1fiTrMVBY4a7X/FA15CN9yowCgYIKoZIzj0EAwMDaAAwZQIwF86s6VCXh0TLqpSD +zwRKNrSRy4ltCPQHAGbkym3or5g1tWLfc93ylCg8v/R0eLIxAjEAgpAb4B2tq9o1 +qxhUG3H/zxrkjNrf5d15HvQ7cB1+I38GvVjnKARamiGsUEn2NqiV +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw +WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg +RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK +a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO +VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw +gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD +ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw +i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB +AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g +BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu +Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C +2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+ +bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG +6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV +XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO +koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq +cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI +E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e +K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX +GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL +sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd +VQD9F6Na/+zmXCc= +-----END CERTIFICATE----- diff --git a/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.donharper.org/www.donharper.org.json b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.donharper.org/www.donharper.org.json new file mode 100644 index 0000000..fcb3ca9 --- /dev/null +++ b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.donharper.org/www.donharper.org.json @@ -0,0 +1,18 @@ +{ + "sans": [ + "www.donharper.org" + ], + "issuer_data": { + "url": "https://acme-v02.api.letsencrypt.org/acme/cert/043f9ebac157d34758292b5dad282d95f32a", + "ca": "https://acme-v02.api.letsencrypt.org/directory", + "renewal_info": { + "suggestedWindow": { + "start": "2025-02-06T20:50:22Z", + "end": "2025-02-08T20:50:22Z" + }, + "_uniqueIdentifier": "nytfzzwhT50Et-0rLMTGcIvS1w0.BD-eusFX00dYKStdrSgtlfMq", + "_retryAfter": "2024-12-26T08:30:19.042233283Z", + "_selectedTime": "2025-02-08T16:23:16Z" + } + } +} \ No newline at end of file diff --git a/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.donharper.org/www.donharper.org.key b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.donharper.org/www.donharper.org.key new file mode 100644 index 0000000..be65071 --- /dev/null +++ b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.donharper.org/www.donharper.org.key @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIK0D/H0GAPP4zU7g2bnOhdV5E1PbIW5ckfJG0MRBn6M4oAoGCCqGSM49 +AwEHoUQDQgAEDuXgP4vgW9hY1+VhLz/GKCQViDJ8NRRzYl1o0/ckIE5QyGKoE47E +TgbyquvkF5+y4rS/l3DRp8o+ZBXFY/6fPQ== +-----END EC PRIVATE KEY----- diff --git a/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.duckland.org/www.duckland.org.crt b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.duckland.org/www.duckland.org.crt new file mode 100644 index 0000000..768160d --- /dev/null +++ b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.duckland.org/www.duckland.org.crt @@ -0,0 +1,48 @@ +-----BEGIN CERTIFICATE----- +MIIDgjCCAwigAwIBAgISBBMdm8FmlqLkw6jcv4yelfCcMAoGCCqGSM49BAMDMDIx +CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF +NjAeFw0yNDEyMTAxNTEwNTJaFw0yNTAzMTAxNTEwNTFaMBsxGTAXBgNVBAMTEHd3 +dy5kdWNrbGFuZC5vcmcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATGVvF8A3IB +xWNUbsPnyhlOieqgs5rkH8/l4GzvPhG9MVYVWpK0yvZh29vEAhYjzaJlY00QgYMk +4fkHjlTQAgx/o4ICEzCCAg8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsG +AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQT8anyGsMQ +FeudW1VZxSN6gqJgbzAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU0jBV +BggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNi5vLmxlbmNyLm9y +ZzAiBggrBgEFBQcwAoYWaHR0cDovL2U2LmkubGVuY3Iub3JnLzAbBgNVHREEFDAS +ghB3d3cuZHVja2xhbmQub3JnMBMGA1UdIAQMMAowCAYGZ4EMAQIBMIIBBQYKKwYB +BAHWeQIEAgSB9gSB8wDxAHYAouMK5EXvva2bfjjtR2d3U9eCW4SU1yteGyzEuVCk +R+cAAAGTsVUT5wAABAMARzBFAiBT1yALbBJX6QCumeOR4taxzxqLkk+Mraajc9lw ++0U1YgIhAIUUoTepW8TBGQhfVq3kCvXfTLH/i3edRs/eGOsE/Pa0AHcAzPsPaoVx +CWX+lZtTzumyfCLphVwNl422qX5UwP5MDbAAAAGTsVUT9QAABAMASDBGAiEA1+Zv +PDtfBzuFAWGhTkXU8PCN6LihcNwYqfbCh2tMq+ECIQDzfTzzHeqnGe4R7RqiYNQD +NjYkFOxzc6eT9B9YNVQBaDAKBggqhkjOPQQDAwNoADBlAjAgxx+9MUIykmFsFJSa +TG8Em46MO5tFMarEFoTYm1l8/cHvrRTQD9I1wvPI/mD7qzwCMQCxNcii+67VzcuL +vrErEdKeSpOaSf7l/2fJEetyexS5U1VWngiIrMVINRALVu5cDJA= +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw +WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg +RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G +h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV +6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw +gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD +ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj +v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB +AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g +BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu +Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc +MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL +pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp +eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH +pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7 +s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu +h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv +YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8 +ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0 +LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+ +EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY +Ig46v9mFmBvyH04= +-----END CERTIFICATE----- diff --git a/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.duckland.org/www.duckland.org.json b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.duckland.org/www.duckland.org.json new file mode 100644 index 0000000..4f7db15 --- /dev/null +++ b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.duckland.org/www.duckland.org.json @@ -0,0 +1,18 @@ +{ + "sans": [ + "www.duckland.org" + ], + "issuer_data": { + "url": "https://acme-v02.api.letsencrypt.org/acme/cert/04131d9bc16696a2e4c3a8dcbf8c9e95f09c", + "ca": "https://acme-v02.api.letsencrypt.org/directory", + "renewal_info": { + "suggestedWindow": { + "start": "2025-02-07T15:30:21Z", + "end": "2025-02-09T15:30:21Z" + }, + "_uniqueIdentifier": "kydGmAOpUWiOmNbEQkjbI79YlNI.BBMdm8FmlqLkw6jcv4yelfCc", + "_retryAfter": "2024-12-26T08:30:19.096054251Z", + "_selectedTime": "2025-02-07T17:51:47Z" + } + } +} \ No newline at end of file diff --git a/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.duckland.org/www.duckland.org.key b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.duckland.org/www.duckland.org.key new file mode 100644 index 0000000..1554e91 --- /dev/null +++ b/hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.duckland.org/www.duckland.org.key @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIBZOyltUpUSokf/skLpum+m+plBactR3qz/eG7Aum6epoAoGCCqGSM49 +AwEHoUQDQgAExlbxfANyAcVjVG7D58oZTonqoLOa5B/P5eBs7z4RvTFWFVqStMr2 +YdvbxAIWI82iZWNNEIGDJOH5B45U0AIMfw== +-----END EC PRIVATE KEY----- diff --git a/hosts/w1/caddy/data/instance.uuid b/hosts/w1/caddy/data/instance.uuid new file mode 100644 index 0000000..388d8cb --- /dev/null +++ b/hosts/w1/caddy/data/instance.uuid @@ -0,0 +1 @@ +7f753271-4b8e-420d-9ac6-6ae744654045 \ No newline at end of file diff --git a/hosts/w1/caddy/data/last_clean.json b/hosts/w1/caddy/data/last_clean.json new file mode 100644 index 0000000..8e31191 --- /dev/null +++ b/hosts/w1/caddy/data/last_clean.json @@ -0,0 +1 @@ +{"tls":{"timestamp":"2024-12-24T21:40:18.896076102Z","instance_id":"7f753271-4b8e-420d-9ac6-6ae744654045"}} \ No newline at end of file diff --git a/hosts/w1/caddy/data/ocsp/p365.donaldharper.com-46c0eb4 b/hosts/w1/caddy/data/ocsp/p365.donaldharper.com-46c0eb4 new file mode 100644 index 0000000..11dfb6c Binary files /dev/null and b/hosts/w1/caddy/data/ocsp/p365.donaldharper.com-46c0eb4 differ diff --git a/hosts/w1/caddy/data/ocsp/p365.donaldharper.com-df6dc11c b/hosts/w1/caddy/data/ocsp/p365.donaldharper.com-df6dc11c new file mode 100644 index 0000000..e9b0fef Binary files /dev/null and b/hosts/w1/caddy/data/ocsp/p365.donaldharper.com-df6dc11c differ diff --git a/hosts/w1/caddy/data/ocsp/travel.donaldharper.com-4e37c0a b/hosts/w1/caddy/data/ocsp/travel.donaldharper.com-4e37c0a new file mode 100644 index 0000000..bbb3b0e Binary files /dev/null and b/hosts/w1/caddy/data/ocsp/travel.donaldharper.com-4e37c0a differ diff --git a/hosts/w1/caddy/data/ocsp/travel.donaldharper.com-eba93d02 b/hosts/w1/caddy/data/ocsp/travel.donaldharper.com-eba93d02 new file mode 100644 index 0000000..a1c0bf7 Binary files /dev/null and b/hosts/w1/caddy/data/ocsp/travel.donaldharper.com-eba93d02 differ diff --git a/hosts/w1/caddy/data/ocsp/www.donaldharper.com-b6106bcd b/hosts/w1/caddy/data/ocsp/www.donaldharper.com-b6106bcd new file mode 100644 index 0000000..411f1a5 Binary files /dev/null and b/hosts/w1/caddy/data/ocsp/www.donaldharper.com-b6106bcd differ diff --git a/hosts/w1/caddy/data/ocsp/www.donharper.org-6e16a0c2 b/hosts/w1/caddy/data/ocsp/www.donharper.org-6e16a0c2 new file mode 100644 index 0000000..c48afd5 Binary files /dev/null and b/hosts/w1/caddy/data/ocsp/www.donharper.org-6e16a0c2 differ diff --git a/hosts/w1/caddy/data/ocsp/www.donharper.org-a623b98 b/hosts/w1/caddy/data/ocsp/www.donharper.org-a623b98 new file mode 100644 index 0000000..4005c0f Binary files /dev/null and b/hosts/w1/caddy/data/ocsp/www.donharper.org-a623b98 differ diff --git a/hosts/w1/caddy/data/ocsp/www.duckland.org-3ed8210c b/hosts/w1/caddy/data/ocsp/www.duckland.org-3ed8210c new file mode 100644 index 0000000..96b0efc Binary files /dev/null and b/hosts/w1/caddy/data/ocsp/www.duckland.org-3ed8210c differ diff --git a/hosts/w1/caddy/data/ocsp/www.duckland.org-c8e87754 b/hosts/w1/caddy/data/ocsp/www.duckland.org-c8e87754 new file mode 100644 index 0000000..3a49322 Binary files /dev/null and b/hosts/w1/caddy/data/ocsp/www.duckland.org-c8e87754 differ diff --git a/hosts/w1/default.nix b/hosts/w1/default.nix index eebffb6..3f70091 100644 --- a/hosts/w1/default.nix +++ b/hosts/w1/default.nix @@ -3,6 +3,7 @@ ./hardware-configuration.nix ./network.nix ../server + ./podman.nix # ../server/searxng.nix ]; networking.hostName = "w1"; diff --git a/hosts/w1/docker-compose.yml b/hosts/w1/docker-compose.yml new file mode 100644 index 0000000..aba8c9a --- /dev/null +++ b/hosts/w1/docker-compose.yml @@ -0,0 +1,20 @@ +--- +services: + caddy: + image: docker.io/library/caddy:latest + container_name: caddy + hostname: caddy + user: "1000" + ports: + - 443:443 + - 80:80 + - 2020:2020 + volumes: + - ./caddy/config:/config/caddy + - ./caddy/data:/data/caddy + - ./caddy/Caddyfile:/etc/caddy/Caddyfile + - /home/don/www/www.duckland.org:/srv/duckland + - /home/don/www/www.donharper.org:/srv/donharper + - /home/don/www/www.donaldharper.com:/srv/donaldharper + - /home/don/www/p365:/srv/p365 + - /home/don/www/travel.donaldharper.com:/srv/travel diff --git a/hosts/w1/podman.nix b/hosts/w1/podman.nix index 39be8e0..ceb5ab8 100644 --- a/hosts/w1/podman.nix +++ b/hosts/w1/podman.nix @@ -1,5 +1,7 @@ -# Auto-generated using compose2nix v0.1.6. -{ pkgs, lib, ... }: { +# Auto-generated using compose2nix v0.3.1. +{ pkgs, lib, ... }: + +{ # Runtime virtualisation.podman = { enable = true; @@ -10,111 +12,72 @@ dns_enabled = true; }; }; + + # Enable container name DNS for non-default Podman networks. + # https://github.com/NixOS/nixpkgs/issues/226365 + networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + virtualisation.oci-containers.backend = "podman"; # Containers - virtualisation.oci-containers.containers."bandwidth" = { - image = "lscr.io/linuxserver/speedtest-tracker:latest"; - environment = { - DB_CONNECTION = "mysql"; - DB_DATABASE = "speedtest_tracker"; - DB_HOST = "bandwidth-db"; - DB_PASSWORD = "password"; - DB_PORT = "3306"; - DB_USERNAME = "speedy"; - PGID = "1000"; - PUID = "1000"; - TZ = "America/Chicago"; - }; + virtualisation.oci-containers.containers."caddy" = { + image = "docker.io/library/caddy:latest"; volumes = [ - "/etc/localtime:/etc/localtime:ro" - "/home/don/docker/speedtest/config:/config:rw" - "/home/don/docker/speedtest/web:/etc/ssl/web:rw" + "/home/don/podman/caddy/Caddyfile:/etc/caddy/Caddyfile:rw" + "/home/don/podman/caddy/config:/config/caddy:rw" + "/home/don/podman/caddy/data:/data/caddy:rw" + "/home/don/www/p365:/srv/p365:rw" + "/home/don/www/travel.donaldharper.com:/srv/travel:rw" + "/home/don/www/www.donaldharper.com:/srv/donaldharper:rw" + "/home/don/www/www.donharper.org:/srv/donharper:rw" + "/home/don/www/www.duckland.org:/srv/duckland:rw" ]; - dependsOn = [ "bandwidth-db" "bandwidth-ts" ]; - log-driver = "journald"; - extraOptions = [ "--network=container:bandwidth-ts" ]; - }; - systemd.services."podman-bandwidth" = { - serviceConfig = { Restart = lib.mkOverride 500 "always"; }; - partOf = [ "podman-compose-tstest-root.target" ]; - unitConfig.UpheldBy = - [ "podman-bandwidth-db.service" "podman-bandwidth-ts.service" ]; - wantedBy = [ "podman-compose-tstest-root.target" ]; - }; - virtualisation.oci-containers.containers."bandwidth-db" = { - image = "mariadb:10"; - environment = { - MARIADB_DATABASE = "speedtest_tracker"; - MARIADB_PASSWORD = "password"; - MARIADB_RANDOM_ROOT_PASSWORD = "true"; - MARIADB_USER = "speedy"; - PGID = "1000"; - PUID = "1000"; - }; - volumes = [ "/home/don/docker/speedtest-db:/var/lib/mysql:rw" ]; - dependsOn = [ "bandwidth-ts" ]; - log-driver = "journald"; - extraOptions = [ "--network=container:bandwidth-ts" ]; - }; - systemd.services."podman-bandwidth-db" = { - serviceConfig = { Restart = lib.mkOverride 500 "always"; }; - partOf = [ "podman-compose-tstest-root.target" ]; - unitConfig.UpheldBy = [ "podman-bandwidth-ts.service" ]; - wantedBy = [ "podman-compose-tstest-root.target" ]; - }; - virtualisation.oci-containers.containers."bandwidth-ts" = { - image = "tailscale/tailscale"; - environment = { - PGID = "1000"; - PUID = "1000"; - TS_ACCEPT_DNS = "true"; - TS_AUTHKEY = - "tskey-auth-k6qutwuAk221CNTRL-9L2MS7sw2SVtH2kYKCcVNVsUHKYSX5UjH"; - TS_HOSTNAME = "fred-bw"; - TS_STATE_DIR = "/var/lib/tailscale"; - }; - volumes = [ - "/dev/net/tun:/dev/net/tun:rw" - "/home/don/docker/tailscale/var_lib:/var/lib:rw" - ]; - cmd = [ "tailscaled" ]; + ports = [ "443:443/tcp" "80:80/tcp" "2020:2020/tcp" ]; + user = "1000"; log-driver = "journald"; extraOptions = [ - "--cap-add=net_admin" - "--cap-add=sys_module" - "--network-alias=bandwidth-ts" - "--network=tstest-default" - "--privileged" + "--hostname=caddy" + "--network-alias=caddy" + "--network=websites_default" ]; }; - systemd.services."podman-bandwidth-ts" = { - serviceConfig = { Restart = lib.mkOverride 500 "no"; }; - after = [ "podman-network-tstest-default.service" ]; - requires = [ "podman-network-tstest-default.service" ]; - partOf = [ "podman-compose-tstest-root.target" ]; - wantedBy = [ "podman-compose-tstest-root.target" ]; + systemd.services."podman-caddy" = { + serviceConfig = { Restart = lib.mkOverride 90 "no"; }; + after = [ "podman-network-websites_default.service" ]; + requires = [ "podman-network-websites_default.service" ]; + partOf = [ "podman-compose-websites-root.target" ]; + wantedBy = [ "podman-compose-websites-root.target" ]; + unitConfig.RequiresMountsFor = [ + "/home/don/podman/caddy/Caddyfile" + "/home/don/podman/caddy/config" + "/home/don/podman/caddy/data" + "/home/don/www/p365" + "/home/don/www/travel.donaldharper.com" + "/home/don/www/www.donaldharper.com" + "/home/don/www/www.donharper.org" + "/home/don/www/www.duckland.org" + ]; }; # Networks - systemd.services."podman-network-tstest-default" = { + systemd.services."podman-network-websites_default" = { path = [ pkgs.podman ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; - ExecStop = "${pkgs.podman}/bin/podman network rm -f tstest-default"; + ExecStop = "podman network rm -f websites_default"; }; script = '' - podman network inspect tstest-default || podman network create tstest-default --opt isolate=true + podman network inspect websites_default || podman network create websites_default ''; - partOf = [ "podman-compose-tstest-root.target" ]; - wantedBy = [ "podman-compose-tstest-root.target" ]; + partOf = [ "podman-compose-websites-root.target" ]; + wantedBy = [ "podman-compose-websites-root.target" ]; }; # Root service # When started, this will automatically create all resources and start # the containers. When stopped, this will teardown all resources. - systemd.targets."podman-compose-tstest-root" = { + systemd.targets."podman-compose-websites-root" = { unitConfig = { Description = "Root target generated by compose2nix."; }; wantedBy = [ "multi-user.target" ]; };