new stuff

2025-07-02 11:56:40 +00:00 · 2025-03-23 22:18:10 +01:00 · 2025-03-23 22:18:10 +01:00 · 4b83409dde
commit 4b83409dde
parent 8f33f954b7
50 changed files with 2049 additions and 86 deletions
--- a/Maintainers.drawio.bkp
+++ b/Maintainers.drawio.bkp
@ -1,6 +1,6 @@
 <mxfile host="Electron" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/25.0.2 Chrome/128.0.6613.186 Electron/32.2.5 Safari/537.36" version="25.0.2">
  <diagram name="Page-1" id="vMjjuHkOJo03Q6ZeuYE7">
-    <mxGraphModel dx="3016" dy="1975" grid="0" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="0" pageScale="1" pageWidth="850" pageHeight="1100" math="0" shadow="0">
+    <mxGraphModel dx="2684" dy="1619" grid="0" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="0" pageScale="1" pageWidth="850" pageHeight="1100" math="0" shadow="0">
      <root>
        <mxCell id="0" />
        <mxCell id="1" parent="0" />
--- a/Maintainers.drawio
+++ b/Maintainers.drawio
@ -1,6 +1,6 @@
 <mxfile host="Electron" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/25.0.2 Chrome/128.0.6613.186 Electron/32.2.5 Safari/537.36" version="25.0.2">
  <diagram name="Page-1" id="vMjjuHkOJo03Q6ZeuYE7">
-    <mxGraphModel dx="2370" dy="1283" grid="0" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="0" pageScale="1" pageWidth="850" pageHeight="1100" math="0" shadow="0">
+    <mxGraphModel dx="3016" dy="1975" grid="0" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="0" pageScale="1" pageWidth="850" pageHeight="1100" math="0" shadow="0">
      <root>
        <mxCell id="0" />
        <mxCell id="1" parent="0" />
--- a/opsec/contribute/14.png
+++ b/opsec/contribute/14.png
--- a/opsec/contribute/15.png
+++ b/opsec/contribute/15.png
--- a/opsec/maintainers/10.png
+++ b/opsec/maintainers/10.png
--- a/opsec/maintainers/11.png
+++ b/opsec/maintainers/11.png
--- a/opsec/maintainers/2.png
+++ b/opsec/maintainers/2.png
--- a/opsec/maintainers/7.png
+++ b/opsec/maintainers/7.png
--- a/opsec/maintainers/8.png
+++ b/opsec/maintainers/8.png
--- a/opsec/maintainers/9.png
+++ b/opsec/maintainers/9.png
--- a/opsec/maintainers/index.html
+++ b/opsec/maintainers/index.html
@ -63,7 +63,7 @@
  					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@Mainpc-PrivateVM-Debian12 - 2025-03-21</ba></p>
 <h1>How to become a Maintainer </h1>
 <img src="0.png" class="imgRz">
-<p>Becoming a Maintainer is the next step to contribute to the Opsec blog and Darknet Lantern projects, where you get to assist the other contributors contribute just like you did.</p>
+<p>Becoming a Maintainer is the next step to contribute to the Opsec blog and Darknet Lantern projects, where you get to assist the other contributors contribute just like you did. The requirement is simple: <b>You should have contributed at least 3 times, having submitted contributions that were already nearly finished (95%) in one go.</b> If you are still submitting contributions that are 75% finished in one go, you are not ready to become a maintainer yet, maintainers are supposed to know the quality standard perfectly, therefore i expect that they show that they understand it.</p>
          
 	       </div>
 			</div><!-- /row -->
@ -82,8 +82,13 @@
 <img src="1.png" class="imgRz">
 <p>In the Contributors chatroom, the contributors will be able to communicate with maintainers directly:</p>
 <img src="2.png" class="imgRz">
-<p>For example, to brainstorm and adjust todolists:</p>
+<p>For example, to brainstorm with the contributors and adjust todolists:</p>
 <img src="3.png" class="imgRz">
+<p>As a maintainer, you are getting rewarded 2 euros per todolist that you correctly write for each git issue, so if you edit one, please make sure that you save the link to the todolists you wrote so that you get to recieve payment at the end of the month for them.</p>
+<img src="7.png" class="imgRz">
+<p>If there are any valid criticisms to tutorials that are supposed to be finished, write the todolist on the issue (in the completed column), and move it back to the "to be assigned" column</p>
+
+<p>Make sure that you also take part in the criticisms and debates in <a href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FBD4qkVq8lJUgjHt0kUaxeQBYsKaxDejeecxm6-2vOwI%3D%40b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion%2FdXQ3FLM5ufTNQxgXU6jm07fRXSq9Ujkt%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAzABUDXe4g0bjXyPcNOU0QzWxMYMMGgR3kcOQacoEaQ0%253D&data=%7B%22groupLinkId%22%3A%22G3yklv9753AcNA7lGV3FBw%3D%3D%22%7D">the public OPSEC chatroom</a>, as this is the place where you'll see the most criticism coming from, so if there are any valid criticisms coming from there, make sure that the criticism is at least saved somewhere (ideally on the targeted git issue, or on a new one that you created yourself.)</p>

 	       </div>
 			</div><!-- /row -->
@ -96,13 +101,12 @@
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
          <h2><b>Assigning contributors onto todolists</b></h2>
-<p>Or to assign people to work on todolists:</p>
+<p>As a maintainer you also get to assign people to work on todolists:</p>
 <img src="4.png" class="imgRz">
-<p>As a maintainer, you get to have authority on what todolists get to contain, you can validate them or edit them however you wish. In fact as it takes time to convert valid criticism into todolist, there is also incentive to write them as a maintainer (at the end of each month you'll get rewarded 2 euros per todolist that you correctly write)</p>
+<p>You get to have authority on deciding what todolists get to contain (with only the other maintainers and administrators being able to overrule your decisions), you can validate them or edit them however you wish, only if they are not yet assigned (do not change a todolist if there's already someone working on it).</p>
 <img src="5.png" class="imgRz">
 <p>(don't forget to move the issue into the "assigned" column on the <a href="http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/projects/1">project board</a> aswell:</p>
 <img src="6.png" class="imgRz">
-
 	       </div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->
@ -114,94 +118,72 @@
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
          <h2><b>Reviewing Contributions</b></h2>
-<p>And lastly, the maintainer's role is to review contributions whenever a contributor submits one.</p>
-<p>As you are most likely already aware since you are supposed to already be a contributor, whenever someone submits a contribution, they need to follow <a href="../qualitystandard/index.html">the quality standard.</a></p>
-<p></p>
-<p></p>
-<p></p>
-<p></p>
-<p></p>
-<p></p>
-<p></p>
-<p></p>
-<img src="" class="imgRz">
+<p>And lastly, the maintainer's role is to review contributions whenever a contributor submits one, That's probably the most time consumming part. For example, we have the following contributor that's assigned on <a href="http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/233">this issue</a>:</p>
+<img src="8.png" class="imgRz">
+<p>As you are most likely already aware since you are supposed to already be a contributor, whenever someone submits a contribution, they need to follow <a href="../qualitystandard/index.html">the quality standard</a>, <b>as a maintainer, you are supposed to make sure that they follow it whenever they try to contribute new content.</b></p>
+
+<p>Here for example, the contributor "optimist" submits a contribution after having followed the <a href="../contribute/index.html">"how to contribute"</a> guide, and lets you know in the contributors chatroom:</p>
+<img src="9.png" class="imgRz">
+<p>Going there you see that the contributor correctly made a PR, but you need to git clone it to review the changes:</p>
+<img src="10.png" class="imgRz">
+<pre><code class="nim">
+[ Mainpc-PrivateVM-Debian12 ] [ /dev/pts/11 ] [~]
+→ cd Documents
+
+[ Mainpc-PrivateVM-Debian12 ] [ /dev/pts/11 ] [~/Documents]
+→ torsocks git clone http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/optimist/blog-contributions blog-contributions.optimist
+Cloning into 'blog-contributions'...
+remote: Enumerating objects: 6608, done.
+remote: Counting objects: 100% (6608/6608), done.
+remote: Compressing objects: 100% (5362/5362), done.
+remote: Total 6608 (delta 3302), reused 3611 (delta 1133), pack-reused 0 (from 0)
+Receiving objects: 100% (6608/6608), 342.55 MiB | 522.00 KiB/s, done.
+Resolving deltas: 100% (3302/3302), done.
+
+[ Mainpc-PrivateVM-Debian12 ] [ /dev/pts/11 ] [~/Documents]
+→ cd blog-contributions.optimist
+</pre></code>
+
+<p>If they wrote their changes in a separate git branch, switch to the correct branch like so:</p>
 <pre><code class="nim">

-</code></pre>
+</pre></code>
+[ Mainpc-PrivateVM-Debian12 ] [ /dev/pts/11 ] [blog-contributions.optimist/opsec/nextcloud]
+→ git switch branchname

-<p></p>
-<img src="" class="imgRz">
 <pre><code class="nim">

-</code></pre>
+[ Mainpc-PrivateVM-Debian12 ] [ /dev/pts/11 ] [~/Documents/blog-contributions.optimist]
+→ cd opsec/nextcloud

-<p></p>
-<img src="" class="imgRz">
+[ Mainpc-PrivateVM-Debian12 ] [ /dev/pts/11 ] [blog-contributions.optimist/opsec/nextcloud]
+→ pwd
+/home/nihilist/Documents/blog-contributions.optimist/opsec/nextcloud
+
+</pre></code>
+<p>And in there from your local browser you can assess if the contribution is completed, and if it follows the quality standard: </p>
+<img src="11.png" class="imgRz">
+<p>Here as you can see, this is clearly garbage, so you can make the following assessment:</p>
+<p>Then they push some more commits to fix their mistakes and ask for a second review, so since you already git cloned their repository you just need to do a git clone to pull their new commits:</p>
 <pre><code class="nim">
+[ Mainpc-PrivateVM-Debian12 ] [ /dev/pts/11 ] [blog-contributions.optimist/opsec/nextcloud]
+→ cd ../..

-</code></pre>
+[ Mainpc-PrivateVM-Debian12 ] [ /dev/pts/11 ] [~/Documents/blog-contributions.optimist]
+→ torsocks git pull
+
+</pre></code>
+
+<p>Then, locally you can do a git pull to review their updates: </p>
+<p>From there, there are still a few minor mistakes that they can improve on:</p>
+<p>And lastly they fixed the remaining issues and now upon reviewing that's now an OK contribution:</p>
+<p>So on the issue you mark it as good to go, and you add the label "good to merge" so that the administrators knows that it's good to be merged.</p>
+<p>Then the administrator issues payment for both the contributor and to you the maintainer, for correctly reviewing a contribution.</p>
 				</div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->
 	</div><!-- /white -->

-  <div id="anon2">
-	    <div class="container">
-			<div class="row">
-				<div class="col-lg-8 col-lg-offset-2">
-          <h2><b>How to become a m</b></h2> </br> </br>
-<p></p>
-<img src="" class="imgRz">
-<pre><code class="nim">
-	
-</code></pre>
-
-<p></p>
-<img src="" class="imgRz">
-<pre><code class="nim">
-	
-</code></pre>
-
-<p></p>
-<img src="" class="imgRz">
-<pre><code class="nim">
-	
-</code></pre>
-
-				</div>
-			</div><!-- /row -->
-	    </div> <!-- /container -->
-	</div><!-- /white -->
-
-
-  <!-- +++++ Second Post +++++ -->
-	<div id="anon1">
-	    <div class="container">
-			<div class="row">
-				<div class="col-lg-8 col-lg-offset-2">
-          <h2><b>Setup</b></h2> </br> </br>
-<p></p>
-<pre><code class="nim">
-	
-</code></pre>
-
-<p></p>
-<pre><code class="nim">
-	
-</code></pre>
-
-<p></p>
-<pre><code class="nim">
-	
-</code></pre>
-
-				</div>
-			</div><!-- /row -->
-	    </div> <!-- /container -->
-	</div><!-- /white -->
-
-	<!-- +++++ Footer Section +++++ -->
-
 	<div id="anonb">
 		<div class="container">
 			<div class="row">
--- a/opsec/nextcloud/0.png
+++ b/opsec/nextcloud/0.png
--- a/opsec/nextcloud/1.png
+++ b/opsec/nextcloud/1.png
--- a/opsec/nextcloud/10.png
+++ b/opsec/nextcloud/10.png
--- a/opsec/nextcloud/2.png
+++ b/opsec/nextcloud/2.png
--- a/opsec/nextcloud/20.png
+++ b/opsec/nextcloud/20.png
--- a/opsec/nextcloud/21.png
+++ b/opsec/nextcloud/21.png
--- a/opsec/nextcloud/22.png
+++ b/opsec/nextcloud/22.png
--- a/opsec/nextcloud/23.png
+++ b/opsec/nextcloud/23.png
--- a/opsec/nextcloud/25.png
+++ b/opsec/nextcloud/25.png
--- a/opsec/nextcloud/26.png
+++ b/opsec/nextcloud/26.png
--- a/opsec/nextcloud/27.png
+++ b/opsec/nextcloud/27.png
--- a/opsec/nextcloud/28.png
+++ b/opsec/nextcloud/28.png
--- a/opsec/nextcloud/29.png
+++ b/opsec/nextcloud/29.png
--- a/opsec/nextcloud/3.png
+++ b/opsec/nextcloud/3.png
--- a/opsec/nextcloud/30.png
+++ b/opsec/nextcloud/30.png
--- a/opsec/nextcloud/31.png
+++ b/opsec/nextcloud/31.png
--- a/opsec/nextcloud/32.png
+++ b/opsec/nextcloud/32.png
--- a/opsec/nextcloud/4.png
+++ b/opsec/nextcloud/4.png
--- a/opsec/nextcloud/41.png
+++ b/opsec/nextcloud/41.png
--- a/opsec/nextcloud/42.png
+++ b/opsec/nextcloud/42.png
--- a/opsec/nextcloud/43.png
+++ b/opsec/nextcloud/43.png
--- a/opsec/nextcloud/44.png
+++ b/opsec/nextcloud/44.png
--- a/opsec/nextcloud/45.png
+++ b/opsec/nextcloud/45.png
--- a/opsec/nextcloud/46.png
+++ b/opsec/nextcloud/46.png
--- a/opsec/nextcloud/47.png
+++ b/opsec/nextcloud/47.png
--- a/opsec/nextcloud/5.png
+++ b/opsec/nextcloud/5.png
--- a/opsec/nextcloud/6.png
+++ b/opsec/nextcloud/6.png
--- a/opsec/nextcloud/7.png
+++ b/opsec/nextcloud/7.png
--- a/opsec/nextcloud/8.png
+++ b/opsec/nextcloud/8.png
--- a/opsec/nextcloud/9.png
+++ b/opsec/nextcloud/9.png
--- a/opsec/nextcloud/WIP.html
+++ b/opsec/nextcloud/WIP.html
@ -0,0 +1,332 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="">
+    <meta name="author" content="">
+    <link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
+
+    <title>Nextcloud .onion server</title>
+
+    <!-- Bootstrap core CSS -->
+    <link href="../../assets/css/bootstrap.css" rel="stylesheet">
+	<link href="../../assets/css/xt256.css" rel="stylesheet">
+    
+    
+
+
+    <!-- Custom styles for this template -->
+    <link href="../../assets/css/main.css" rel="stylesheet">
+
+    
+
+    <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
+    <!--[if lt IE 9]>
+      <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
+      <script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
+    <![endif]-->
+  </head>
+
+  <body>
+
+    <!-- Static navbar -->
+    <div class="navbar navbar-inverse-anon navbar-static-top">
+      <div class="container">
+        <div class="navbar-header">
+          <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+          </button>
+          <a class="navbar-brand-anon" href="\index.html">The Nihilism Blog</a>
+        </div>
+        <div class="navbar-collapse collapse">
+          <ul class="nav navbar-nav navbar-right">
+
+            <li><a  href="/about.html">About</a></li>
+            <li><a  href="/blog.html">Categories</a></li>
+<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
+            <li><a  href="/contact.html">Contact</a></li>
+          </ul>
+        </div><!--/.nav-collapse -->
+        
+      </div>
+    </div>
+
+	<!-- +++++ Posts Lists +++++ -->
+	<!-- +++++ First Post +++++ -->
+	<div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+  					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>Optimist - 23 / 03 / 2025</ba></p>
+					<h1>Nextcloud .onion server</h1>
+					<img src="../nextcloud/logo.png" class="imgRz">
+		  <p> In this tutorial we're going to cover how you can install an .onion only Nextcloud instance, it is a FOSS software meant to replace popular websites like google drive, which can be ideal to make sure that your files are backed up somewhere, all while preserving anonymity. </p>
+          
+	       </div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /grey -->
+
+	<!-- +++++ Second Post +++++ -->
+	<div id="anon3">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Serverside Setup </b></h2>
+
+<p>So for this tutorial we're going to go with a Debian server to install nextcloud via snap: </p>
+<pre><code>
+su -
+apt update -y
+<!--apt install snapd sudo ufw fuse squashfuse -y-->
+apt install snapd sudo curl mlocate nginx -y
+/sbin/usermod -aG sudo [NAME OF THE NON-PRIVILEGED USER]
+/sbin/ufw enable
+snap install core
+
+</code></pre>
+
+<p>Using snap, installing nextcloud is fairly simple:</p>
+<pre><code>
+snap install nextcloud
+
+ip a | grep inet
+curl ifconfig.me
+
+</code></pre>
+<p> you can verify that the nextcloud server works by going at the ip adress of the server http://server_ip/ where you'll create the administrator account.</p>
+<img src="41.png" class="imgRz">
+<p>Once that's done you should have access to your nextcloud instance, but instead of accessing it through the ip address, we'll set it up in such a way that we can access it through an .onion domain name. </p>
+<p>So we follow <a href="../torwebsite/index.html">this tutorial</a> to have our own custom .domain name:</p>
+<pre><code class="nim">
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ cat /etc/tor/torrc
+
+HiddenServiceDir /var/lib/tor/onions/nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/
+HiddenServicePort 80 127.0.0.1:4443
+SocksPort 127.0.0.1:9050
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ systemctl restart tor@default
+
+</pre></code>
+<p>Then we setup a reverse nginx proxy to make sure that the onion requests get redirected to the correct IP: </p>
+<pre><code class="nim">
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ rm /etc/nginx/sites-*/default
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ cat /etc/nginx/sites-available/cloud.conf
+upstream cloudbackend {
+        server 192.168.100.130:80;
+}
+
+server {
+        ######## TOR WEBSITE ########
+        listen 4443;
+        listen [::]:4443;
+        server_name cloud.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion;
+
+        location / {
+                proxy_pass http://cloudbackend;
+                proxy_http_version 1.1;
+                proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Connection "Upgrade";
+                client_max_body_size 20G;
+        }
+}
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ ln -s /etc/nginx/sites-available/cloud.conf /etc/nginx/sites-enabled/
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ nginx -s reload
+ 
+</pre></code>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+  <div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Configuring Nextcloud</b></h2> </br> </br>
+<p>Now that we have the domain name pointing to the public ip address of the nextcloud server, we can setup the https certificate using let'sencrypt, just
+	ssh into your server once more and run the following commands: </p>
+<pre><code>
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ /var/snap/nextcloud/common/nextcloud/data# PATH=$PATH:/snap/bin/
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ /var/snap/nextcloud/common/nextcloud/data# which nextcloud.occ
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ /snap/bin/nextcloud.occ
+
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ /snap/bin/nextcloud.disable-https
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ /snap/bin/nextcloud.occ config:system:set trusted_domains 1 --value=cloud.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ /snap/bin/nextcloud.occ config:system:set overwritehost --value="cloud.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion"
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ /snap/bin/nextcloud.occ config:system:set overwriteprotocol --value="http"
+
+</code></pre>
+<p> And once that's done, you can access your nextcloud instance from your onion domain:</p>
+<img src="42.png" class="imgRz">
+<p>In order to upgrade your nextcloud, you can run the following, and also add it to cron to run automatically every day at midnight: </p>
+<pre><code class="nim">
+root@cloud:~# sudo snap refresh nextcloud
+snap "nextcloud" has no updates available
+
+root@cloud:~# crontab -e
+
+[...]
+
+0 0 * * * /usr/bin/snap refresh nextcloud
+
+:wq
+
+
+--2022-12-17 20:34:07--  https://github.com/cronitorio/cronitor-cli/releases/download/28.8/linux_amd64.tar.gz
+Resolving github.com (github.com)... 140.82.121.3
+Connecting to github.com (github.com)|140.82.121.3|:443... connected.
+HTTP request sent, awaiting response... 302 Found
+Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/274548350/682877d8-1d52-4029-9777-425f3da0f77c?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20221217%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221217T193407Z&X-Amz-Expires=300&X-Amz-Signature=1bf21514b0120917047558bc2d6de9d2f900d34dba04cfd3d30838b59ae4701e&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=274548350&response-content-disposition=attachment%3B%20filename%3Dlinux_amd64.tar.gz&response-content-type=application%2Foctet-stream [following]
+--2022-12-17 20:34:07--  https://objects.githubusercontent.com/github-production-release-asset-2e65be/274548350/682877d8-1d52-4029-9777-425f3da0f77c?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20221217%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221217T193407Z&X-Amz-Expires=300&X-Amz-Signature=1bf21514b0120917047558bc2d6de9d2f900d34dba04cfd3d30838b59ae4701e&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=274548350&response-content-disposition=attachment%3B%20filename%3Dlinux_amd64.tar.gz&response-content-type=application%2Foctet-stream
+Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.110.133, 185.199.108.133, 185.199.109.133, ...
+Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.110.133|:443... connected.
+HTTP request sent, awaiting response... 200 OK
+Length: 6326130 (6.0M) [application/octet-stream]
+Saving to: ‘linux_amd64.tar.gz’
+
+linux_amd64.tar.gz                                           100%[===========================================================================================================================================>]   6.03M  6.47MB/s    in 0.9s
+
+2022-12-17 20:34:09 (6.47 MB/s) - ‘linux_amd64.tar.gz’ saved [6326130/6326130]
+
+root@cloud:~# sudo tar xvf linux_amd64.tar.gz -C /usr/bin/
+cronitor
+root@cloud:~# sudo cronitor configure --api-key 1234567890
+
+Configuration File:
+/etc/cronitor/cronitor.json
+
+Version:
+28.8
+
+API Key:
+1234567890
+
+Ping API Key:
+Not Set
+
+Environment:
+Not Set
+
+Hostname:
+cloud
+
+Timezone Location:
+{Europe/Paris}
+
+Debug Log:
+Off
+root@cloud:~# cronitor select
+
+✔ /usr/bin/snap refresh nextcloud
+----► Running command: /usr/bin/snap refresh nextcloud
+
+snap "nextcloud" has no updates available
+
+----► ✔ Command successful    Elapsed time 0.451s
+</pre></code>
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+
+  <!-- +++++ Second Post +++++ -->
+	<div id="anon1">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+		  <h2><b>Clientside Setup</b></h2> </br> </br>
+
+<p>Now you can install the official nextcloud client <a href="https://nextcloud.com/install/#install-clients">here</a></p>
+<pre><code class="nim">
+[ cloud ] [ /dev/pts/1 ] [/snap/bin]
+→ apt install tor nextcloud-desktop -y
+
+</pre></code>
+<img src="25.png" class="imgRz">
+<p>Here as you try to login you'll first see that it can't resolve the .onion domain, which is normal as you need to tell nextcloud to use the local tor socks5 proxy, available on 127.0.01:9050</p>
+<img src="43.png" class="imgRz">
+<p>Afterward, you need to copy the authorization link into the tor browser to validate the request:</p>
+<img src="44.png" class="imgRz">
+<img src="45.png" class="imgRz">
+<img src="46.png" class="imgRz">
+<p>Once you have granted access, you can start to sync your nextcloud instance files locally:</p>
+<img src="47.png" class="imgRz">
+
+<p>Once logged in you can check the progress in the system tray:</p>
+<img src="31.png" class="imgRz">
+<p>Then let it sync, it can take a while due to the low bandwidth of Tor.</p>
+<img src="32.png" class="imgRz">
+<p>And that's it ! You now have a local folder that is synchronized with your nextcloud instance.</p>
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+	<!-- +++++ Footer Section +++++ -->
+
+	<div id="anonb">
+		<div class="container">
+			<div class="row">
+				<div class="col-lg-4">
+					<h4>Nihilism</h4>
+          <p>
+						Until there is Nothing left.</p></br></br><p>Creative Commons Zero: <a href="../../../../opsec/runtheblog/index.html">No Rights Reserved</a></br><img src="\CC0.png">
+						
+					</p>
+				</div><!-- /col-lg-4 -->
+
+				<div class="col-lg-4">
+					<h4>My Links</h4>
+					<p>
+
+						<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FBD4qkVq8lJUgjHt0kUaxeQBYsKaxDejeecxm6-2vOwI%3D%40b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion%2FpyfV2wlxrcepw8g2OHINsMNuVmpsZsAo%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAgePBM9B_duSC7yFaBWI8Dp_jJO62NpTwJN2wsAXeQis%253D&data=%7B%22groupLinkId%22%3A%22rrxS6sZIQHHjO9RUJsjrVA%3D%3D%22%7D">SimpleX Chat</a><br/>
+
+					</p>
+				</div><!-- /col-lg-4 -->
+
+				<div class="col-lg-4">
+					<h4>About nihilist</h4>
+					<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@contact.nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
+				</div><!-- /col-lg-4 -->
+
+			</div>
+
+		</div>
+	</div>
+
+
+    <!-- Bootstrap core JavaScript
+    ================================================== -->
+    <!-- Placed at the end of the document so the pages load faster -->
+    
+  </body>
+</html>
--- a/opsec/nextcloud/arch.html
+++ b/opsec/nextcloud/arch.html
@ -0,0 +1,703 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="">
+    <meta name="author" content="">
+    <link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
+
+    <title>NGINX Nextcloud Server Setup</title>
+
+<!-- Bootstrap core CSS -->
+<link href="../../assets/css/bootstrap.css" rel="stylesheet">
+<link href="../../assets/css/xt256.css" rel="stylesheet">
+
+
+
+
+    <!-- Custom styles for this template -->
+    <link href="../../assets/css/main.css" rel="stylesheet">
+
+    
+
+    <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
+    <!--[if lt IE 9]>
+      <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
+      <script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
+    <![endif]-->
+  </head>
+
+  <body>
+
+    <!-- Static navbar -->
+    <div class="navbar navbar-inverse-cis navbar-static-top">
+      <div class="container">
+        <div class="navbar-header">
+          <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+          </button>
+          <a class="navbar-brand-cis" href="\index.html">The Nihilism Blog</a>
+        </div>
+        <div class="navbar-collapse collapse">
+          <ul class="nav navbar-nav navbar-right">
+
+            <li><a  href="/about.html">About</a></li>
+            <li><a  href="/blog.html">Categories</a></li>
+<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
+            <li><a  href="/contact.html">Contact</a></li>
+          </ul>
+        </div><!--/.nav-collapse -->
+        
+      </div>
+    </div>
+
+	<!-- +++++ Posts Lists +++++ -->
+	<!-- +++++ First Post +++++ -->
+	<div id="cis2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+  					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist - 07 / 11 / 2022</ba></p>
+					<h1>Nginx Nextcloud Server Setup (on arch linux)</h1>
+					<img src="../nextcloud/logo.png" class="imgRz">
+		  <p> Rent a VPS with debian 10+ (or just run it yourself, but make sure it is correctly port forwarded so that public ip points to the machine like a vps).</p>
+<p>click <a href="index.html">here</a> for the debian version</p>
+		  <p> Once you have ssh'd into your debian server, we can start:</p>
+          
+	       </div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /grey -->
+
+	<!-- +++++ Second Post +++++ -->
+	<div id="cis3">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+					<h2><b>Setting up php7.3 and pgsql</b></h2> </br> </br>
+<p>First we get every package we need:</p>
+<pre><code class="nim">
+[ nihilism ] [ /dev/pts/12 ] [~]
+→ pacman -Syy
+:: Synchronizing package databases...
+ core                                                                                                                                                                                           157.4 KiB   283 KiB/s 00:01 [------------------------------------------------------------------------------------------------------------------------------------------] 100%
+ extra                                                                                                                                                                                         1720.9 KiB  2.45 MiB/s 00:01 [------------------------------------------------------------------------------------------------------------------------------------------] 100%
+ community                                                                                                                                                                                        6.7 MiB  7.82 MiB/s 00:01 [------------------------------------------------------------------------------------------------------------------------------------------] 100%
+ multilib                                                                                                                                                                                       172.6 KiB   528 KiB/s 00:00 [------------------------------------------------------------------------------------------------------------------------------------------] 100%
+
+[ nihilism ] [ /dev/pts/12 ] [~]
+→ pacman -S nextcloud
+resolving dependencies...
+:: There are 2 providers available for php-interpreter 8.2:
+:: Repository extra
+   1) php  2) php7
+
+Enter a number (default=1):
+looking for conflicting packages...
+
+Package (9)          New Version       Net Change  Download Size
+
+extra/gd             2.3.3-4             0.67 MiB       0.15 MiB
+community/libavif    0.10.1-2            0.32 MiB       0.11 MiB
+extra/libde265       1.0.8-2             1.06 MiB       0.34 MiB
+extra/libheif        1.12.0-3            0.77 MiB       0.24 MiB
+extra/libxpm         3.5.13-3            0.14 MiB       0.05 MiB
+community/libyuv     r2322+3aebf69d-1    1.65 MiB       0.26 MiB
+extra/php            8.1.8-1            24.04 MiB       4.21 MiB
+extra/php-gd         8.1.8-1             0.10 MiB       0.03 MiB
+community/nextcloud  24.0.2-1          345.65 MiB      98.34 MiB
+
+Total Download Size:   103.73 MiB
+Total Installed Size:  374.39 MiB
+
+:: Proceed with installation? [Y/n] y
+
+[ nihilism ] [ /dev/pts/12 ] [~]
+→ pacman -S php-imagick php-intl
+
+resolving dependencies...
+:: There are 8 providers available for ttf-font:
+:: Repository extra
+   1) gnu-free-fonts  2) noto-fonts  3) ttf-bitstream-vera  4) ttf-croscore
+:: Repository community
+   5) ttf-dejavu  6) ttf-droid  7) ttf-ibm-plex  8) ttf-liberation
+
+Enter a number (default=1):
+looking for conflicting packages...
+
+Package (6)            New Version  Net Change  Download Size
+
+extra/gnu-free-fonts   20120503-8     6.65 MiB       3.23 MiB
+extra/imagemagick      7.1.0.43-1    10.89 MiB       2.84 MiB
+extra/liblqr           0.4.2-3        0.09 MiB       0.03 MiB
+extra/libraqm          0.9.0-1        0.15 MiB       0.03 MiB
+community/php-imagick  3.7.0-2        0.51 MiB       0.12 MiB
+extra/php-intl         8.1.8-1        0.47 MiB       0.14 MiB
+
+Total Download Size:    6.39 MiB
+Total Installed Size:  18.75 MiB
+
+</pre></code>
+<p></p>
+<pre><code class="nim">
+[ nihilism ] [ /dev/pts/12 ] [~]
+→ vim /etc/php/php.ini
+
+[ nihilism ] [ /dev/pts/12 ] [~]
+→ cat /etc/php/php.ini
+
+[...]
+
+memory_limit = 512M
+
+[...]
+
+extension=pdo_mysql
+extension=bcmath
+extension=bz2
+extension=exif
+extension=gd
+extension=iconv
+; in case you installed php-imagick (as recommended)
+extension=imagick
+; in case you also installed php-intl (as recommended)
+extension=intl
+
+[...]
+
+[Date]
+date.timezone = America/New_York
+
+:wq
+
+[ nihilism ] [ /dev/pts/12 ] [~]
+→  cp /etc/php/php.ini /etc/webapps/nextcloud/php.ini
+
+[ nihilism ] [ /dev/pts/12 ] [~]
+→ export NEXTCLOUD_PHP_CONFIG=/etc/webapps/nextcloud/php.ini
+
+[ nihilism ] [ /dev/pts/12 ] [~]
+→ echo 'export NEXTCLOUD_PHP_CONFIG=/etc/webapps/nextcloud/php.ini' >> ~/.zshrc
+
+[ nihilism ] [ /dev/pts/12 ] [~]
+→ install --owner=nextcloud --group=nextcloud --mode=700 -d /var/lib/nextcloud/sessions
+
+
+</pre></code>
+<p>Then we setup the database:</p>
+<pre><code class="nim">
+[ nihilism ] [ /dev/pts/12 ] [~]
+→ mysql -u root -p
+Enter password:
+Welcome to the MariaDB monitor.  Commands end with ; or \g.
+Your MariaDB connection id is 632
+Server version: 10.8.3-MariaDB Arch Linux
+
+Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
+
+Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
+
+MariaDB [(none)]> CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'xxxxxxxx';
+Query OK, 0 rows affected (0.257 sec)
+
+MariaDB [(none)]> CREATE DATABASE IF NOT EXISTS nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
+Query OK, 1 row affected (0.012 sec)
+
+MariaDB [(none)]> GRANT ALL PRIVILEGES on nextcloud.* to 'nextcloud'@'localhost';
+Query OK, 0 rows affected (0.039 sec)
+
+MariaDB [(none)]> FLUSH privileges;
+Query OK, 0 rows affected (0.051 sec)
+
+MariaDB [(none)]> exit
+Bye
+
+</pre></code>
+<p>Now to configure php-fpm:</p>
+<pre><code class="nim">
+[ nihilism ] [ /dev/pts/12 ] [~]
+→ pacman -S php-fpm
+
+[ nihilism ] [ /dev/pts/12 ] [~]
+→ cp /etc/php/php.ini /etc/php/php-fpm.ini
+
+[ nihilism ] [ /dev/pts/12 ] [~]
+→ vim /etc/php/php-fpm.ini
+
+[...]
+
+zend_extension=opcache
+
+[...]
+
+[opcache]
+opcache.enable = 1
+opcache.interned_strings_buffer = 8
+opcache.max_accelerated_files = 10000
+opcache.memory_consumption = 128
+opcache.save_comments = 1
+opcache.revalidate_freq = 1
+
+[...]
+<!--
+[ nihilism ] [ /dev/pts/12 ] [~]
+→ curl https://gist.githubusercontent.com/wolegis/0d9c83acd0c8bf83bcfb3983931bc364/raw/44ebeef205cb35d4514d0895c333e1582ccbb8e5/nextcloud.conf > /etc/php/php-fpm.d/nextcloud.conf
+#or my version:
+→ curl https://blog.nowhere.moe/servers/nextcloud/nextcloud.conf > /etc/php/php-fpm.d/nextcloud.conf
+-->
+[ nihilism ] [ /dev/pts/12 ] [share/webapps/nextcloud]
+→ cat /etc/php/php-fpm.d/nextcloud.conf
+[nextcloud]
+
+user = nextcloud
+group = nextcloud
+
+listen = /run/php/nextcloud.sock
+
+listen.owner = nextcloud
+listen.group = http
+listen.mode = 0660
+pm = dynamic
+
+pm.max_children = 5
+
+pm.start_servers = 2
+
+pm.min_spare_servers = 1
+
+pm.max_spare_servers = 3
+
+;pm.max_spawn_rate = 32
+
+;pm.process_idle_timeout = 10s;
+
+access.log = /var/log/php-fpm/access/$pool.log
+
+access.format = "%{%Y-%m-%dT%H:%M:%S%z}t %R: \"%m %r%Q%q\" %s %f %{milli}d %{kilo}M %C%%"
+
+chdir = /usr/share/webapps/$pool
+
+env[HOSTNAME] = $HOSTNAME
+env[PATH] = /usr/local/bin:/usr/bin
+env[TMP] = /tmp
+env[TMPDIR] = /tmp
+env[TEMP] = /tmp
+
+php_value[date.timezone] = Europe/Berlin
+
+php_value[open_basedir] = /var/lib/$pool:/tmp:/usr/share/webapps/$pool:/etc/webapps/$pool:/dev/urandom:/usr/lib/php/modules:/var/log/$pool:/proc/meminfo
+
+php_value[session.save_path] = /var/lib/$pool/sessions
+php_value[session.gc_maxlifetime] = 21600
+php_value[session.gc_divisor] = 500
+php_value[session.gc_probability] = 1
+
+php_flag[expose_php] = false
+php_value[post_max_size] = 1000M
+php_value[upload_max_filesize] = 1000M
+
+php_flag[output_buffering] = off
+php_value[max_input_time] = 120
+php_value[max_execution_time] = 60
+
+php_value[memory_limit] = 768M
+
+php_value[apc.ttl] = 7200
+php_flag[apc.enable_cli] = 1
+
+php_value[extension] = bcmath
+php_value[extension] = bz2
+php_value[extension] = exif
+php_value[extension] = gd
+php_value[extension] = gmp
+; uncomment if php-imagick is installed and used
+php_value[extension] = imagick
+; uncomment if php-imap is installed and used
+; php_value[extension] = imap
+; recommended to enable
+php_value[extension] = intl
+php_value[extension] = iconv
+; uncomment if php-memcached is installed and used
+; php_value[extension] = memcached
+; uncomment exactly one of the pdo extensions
+php_value[extension] = pdo_mysql
+; php_value[extension] = pdo_pgsql
+; php_value[extension] = pdo_sqlite
+; uncomment if php-igbinary is installed and used
+; php_value[extension] = igbinary
+; uncomment if php-redis is installed and used (requires php-igbinary)
+; php_value[extension] = redis
+; uncomment if php-xsl is installed and used
+; php_value[extension] = xsl
+
+[ nihilism ] [ /dev/pts/12 ] [~]
+→ mkdir -p /etc/systemd/system/php-fpm.service.d/
+
+[ nihilism ] [ /dev/pts/12 ] [~]
+→ vim /etc/systemd/system/php-fpm.service.d/override.conf
+
+[ nihilism ] [ /dev/pts/12 ] [~]
+→ cat /etc/systemd/system/php-fpm.service.d/override.conf
+[Service]
+ExecStart=
+ExecStart=/usr/bin/php-fpm --nodaemonize --fpm-config /etc/php/php-fpm.conf --php-ini /etc/php/php-fpm.ini
+ReadWritePaths=/var/lib/nextcloud
+ReadWritePaths=/etc/webapps/nextcloud/config
+
+[ nihilism ] [ /dev/pts/12 ] [~]
+→ mkdir /var/log/php-fpm/access/ -p
+
+[ nihilism ] [ /dev/pts/12 ] [~]
+→ systemctl enable --now php-fpm
+
+[ nihilism ] [ /dev/pts/12 ] [~]
+→ systemctl status php-fpm
+● php-fpm.service - The PHP FastCGI Process Manager
+     Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; vendor preset: disabled)
+    Drop-In: /etc/systemd/system/php-fpm.service.d
+             └─override.conf
+     Active: active (running) since Mon 2022-07-11 16:01:22 UTC; 6s ago
+   Main PID: 3396418 (php-fpm)
+     Status: "Ready to handle connections"
+      Tasks: 5 (limit: 11902)
+     Memory: 13.1M
+        CPU: 713ms
+     CGroup: /system.slice/php-fpm.service
+             ├─3396418 "php-fpm: master process (/etc/php/php-fpm.conf)"
+             ├─3396435 "php-fpm: pool nextcloud"
+             ├─3396436 "php-fpm: pool nextcloud"
+             ├─3396437 "php-fpm: pool www"
+             └─3396438 "php-fpm: pool www"
+
+Jul 11 16:01:15 nihilism systemd[1]: Starting The PHP FastCGI Process Manager...
+Jul 11 16:01:22 nihilism php-fpm[3396418]: [NOTICE] fpm is running, pid 3396418
+Jul 11 16:01:22 nihilism php-fpm[3396418]: [NOTICE] ready to handle connections
+Jul 11 16:01:22 nihilism systemd[1]: Started The PHP FastCGI Process Manager.
+Jul 11 16:01:22 nihilism php-fpm[3396418]: [NOTICE] systemd monitor interval set to 10000ms
+
+[ nihilism ] [ /dev/pts/12 ] [share/webapps/nextcloud]
+→ chown nextcloud:www-data /run/php/nextcloud.sock
+
+[ nihilism ] [ /dev/pts/12 ] [share/webapps/nextcloud]
+→ vim config/config.php
+
+[ nihilism ] [ /dev/pts/12 ] [share/webapps/nextcloud]
+→ cat config/config.php
+<<b></b>?php
+$CONFIG = array (
+  'datadirectory' => '/var/lib/nextcloud/data',
+  'logfile' => '/var/log/nextcloud/nextcloud.log',
+  'apps_paths' =>
+
+[...]
+
+  'trusted_domains' =>
+  array (
+    0 => 'localhost',
+    1 => 'cloud.nowhere.moe',
+  ),
+  'dbtype' => 'mysql',
+
+[...]
+
+
+</pre></code>
+<p></p>
+<pre><code class="nim">
+
+[ nihilism ] [ /dev/pts/12 ] [share/webapps/nextcloud]
+→ occ
+Nextcloud is not installed - only a limited number of commands are available
+Nextcloud 24.0.2
+
+Usage:
+  command [options] [arguments]
+
+[ nihilism ] [ /dev/pts/12 ] [share/webapps/nextcloud]
+→ occ maintenance:install \
+    --database=mysql \
+    --database-name=nextcloud \
+    --database-host=localhost:/run/mysqld/mysqld.sock \
+    --database-user=nextcloud \
+>   --database-pass=xxxxx \
+>   --admin-pass=xxxxx \
+>   --admin-email=nihilist@nowhere.moe \
+>   --data-dir=/var/lib/nextcloud/data
+
+Nextcloud was successfully installed
+
+[ nihilism ] [ /dev/pts/12 ] [share/webapps/nextcloud]
+→ systemctl restart nginx php-fpm mysql
+
+</pre></code>
+<p>Then just login with the admin credentials you specified above</p>
+<img src="20.png" class="imgRz">
+<pre><code class="nim">
+
+</pre></code>
+<p></p>
+<pre><code class="nim">
+
+</pre></code>
+<p></p>
+<pre><code class="nim">
+
+</pre></code>
+<p></p>
+<pre><code class="nim">
+
+</pre></code>
+<p></p>
+<pre><code class="nim">
+
+</pre></code>
+<p></p>
+<pre><code class="nim">
+
+</pre></code>
+<p></p>
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+  <div id="cis2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+					<h2><b>Certbot Certificate and Nginx Configuration</b></h2> </br> </br>
+<p>From here we need to install our letsencrypt certificate. If you don't have a domain name yet, go get one, or just go for the free alternative <a href="https://www.duckdns.org">DuckDNS</a>
+and get one, mine currently is ech2.duckdns.org</p>
+<pre><code class="nim">
+
+</pre></code>
+<p></p>
+<pre><code class="nim">
+
+</pre></code>
+<p></p>
+<pre><code class="nim">
+
+</pre></code>
+<p></p>
+<pre><code class="nim">
+
+</pre></code>
+<p></p>
+<pre><code class="nim">
+
+</pre></code>
+<p></p>
+<pre><code class="nim">
+
+</pre></code>
+<p></p>
+<pre><code class="nim">
+
+</pre></code>
+<p></p>
+<pre><code class="nim">
+
+</pre></code>
+<p></p>
+<pre><code class="nim">
+
+</pre></code>
+<p></p>
+<pre><code class="nim">
+
+</pre></code>
+<p></p>
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+
+  <!-- +++++ Second Post +++++ -->
+	<div id="cis1">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Post-Installation</b></h2> </br> </br>
+<p>	Now from here you can make backups just in case if the server goes down or harddrive gets corrupted, etc. You could use a script like this: </p>
+<pre><code class="nim">
+#!/bin/bash
+#this must run as root !
+if [ "$EUID" -ne 0 ]
+then
+        echo 'MUST RUN AS ROOT!'
+        exit
+fi
+
+cd /var/www/nextcloud/data/nothing/files/
+#make sure the path to your  user is correct!
+
+#run it at 3AM
+cooldate=$(date --iso-8601)
+echo $cooldate
+
+rm backup*.zip
+rm backup-$cooldate.zip
+zip -r backup-$cooldate.zip /var/www/nextcloud/data/nothing/files/
+
+#rsync backup-$cooldate.zip nothing@10.0.0.10:/home/nothing/backup/
+rsync backup-$cooldate.zip nothing@mainpc:/home/nothing/backup/
+
+rm backup*.zip
+
+#crontab -e
+#0 3 * * * /bin/bash /var/www/nextcloud/data/nothing/files/backup.sh
+
+#chmod u+x backup.shg
+
+#BACKUP_SERVER (here its 10.0.0.10)
+#https://git.void.yt/nothing/serverside/blob/master/ssh/ssh.sh
+#use this script to setup the key based ssh authentication, and then make sure your nextcloud server's root user has the private ssh key.
+
+</code></pre>
+<p>Here i can make rsync login via ssh to my mainpc host thanks to the private key ssh authentication specified in ~/.ssh/config:</p>
+<pre><code class="nim">
+root@home:/var/www/nextcloud/data/nothing/files# apt install rsync -y
+root@home:/var/www/nextcloud/data/nothing/files# cat ~/.ssh/config
+Host mainpc
+        Hostname 10.0.0.10
+        IdentityFile ~/.ssh/mainpc-10.pkey
+        User nothing
+
+</pre></code>
+<p>of course you would have created the ssh keys on your remote host (in this case : 192.168.0.18) and placed the private key in the server's /root/.ssh/ folder.
+	as comments at the end of the script imply, you can setup the cronjob to run backup.sh every day at 3 AM.g
+</p>
+
+<p>Now in order to mount your files as a webdav share on linux you can do the following:</p>
+<pre><code class="nim">
+[ 10.55.55.2/32 ] [ /dev/pts/42 ] [~]
+→ apt-get install davfs2
+
+ [ 10.55.55.2/32 ] [ /dev/pts/42 ] [~]
+→ sudo mkdir /mnt/cloud.void.yt
+
+[ 10.55.55.2/32 ] [ /dev/pts/42 ] [~]
+→ sudo chown -R nothing:nothing /mnt/cloud.void.yt
+
+[ 10.55.55.2/32 ] [ /dev/pts/42 ] [~]
+→ sudo mount -t davfs -o noexec https://cloud.void.yt/remote.php/webdav/ /mnt/cloud.void.yt/
+Please enter the username to authenticate with server
+https://cloud.void.yt/remote.php/webdav/ or hit enter for none.
+  Username: nothing
+Please enter the password to authenticate user nothing with server
+https://cloud.void.yt/remote.php/webdav/ or hit enter for none.
+  Password:
+/usr/bin/mount.davfs: warning: the server does not support locks
+
+[ 10.55.55.2/32 ] [ /dev/pts/42 ] [~]
+→ cd /mnt/cloud.void.yt
+
+[ 10.55.55.2/32 ] [ /dev/pts/42 ] [/mnt/cloud.void.yt]
+→ ls
+ backup.sh   Caldera   Certs   Cours   Crypto   Documents   id_ed25519   KEEPASS.txt   lost+found   Notes   nothing.ovpn   Passwords.kdbx   Photos   Random_Files   Readme.md   SSH   Templates  'void.yt setup'
+
+</pre></code>
+
+<p>Now in order to make it persistant accross reboots, you need to make a fstab entry:</p>
+<pre><code class="nim">
+[ 10.55.55.2/32 ] [ /dev/pts/42 ] [~]
+→ sudo vim /etc/fstab
+
+[ 10.55.55.2/32 ] [ /dev/pts/42 ] [~]
+→ cat /etc/fstab
+
+#webdav entry
+https://cloud.void.yt/remote.php/webdav/ /mnt/cloud.void.yt davfs _netdev,noauto,user,uid=nothing,gid=nothing 0 0
+
+[ 10.55.55.2/32 ] [ /dev/pts/42 ] [~]
+→ sudo vim /etc/davfs2/secrets
+
+[ 10.55.55.2/32 ] [ /dev/pts/42 ] [~]
+→ sudo cat /etc/davfs2/secrets | tail -n2
+# personal webdav, nextcloud application password
+/mnt/cloud.void.yt nothing "mypassword"
+
+[ 10.55.55.2/32 ] [ /dev/pts/42 ] [~]
+→ sudo mount /mnt/cloud.void.yt/
+/usr/bin/mount.davfs: warning: the server does not support locks
+
+</pre></code>
+<p>And that's it ! your nextcloud files have been mounted on a linux host.</p>
+<pre><code class="nim">
+[ 10.55.55.2/32 ] [ /dev/pts/42 ] [~]
+→ cd /mnt/cloud.void.yt
+
+[ 10.55.55.2/32 ] [ /dev/pts/42 ] [/mnt/cloud.void.yt]
+→ ls -l
+total 46
+-rw-r--r-- 1 nothing nothing   859 Apr  7  2021  backup.sh
+drwxr-xr-x 3 nothing nothing     0 Feb 16 13:14  Caldera
+drwxr-xr-x 9 nothing nothing     0 Jan 20 20:54  Certs
+drwxr-xr-x 8 nothing nothing     0 Mar 21 20:34  Cours
+drwxr-xr-x 2 nothing nothing     0 Oct 27 09:05  Crypto
+drwxr-xr-x 2 nothing nothing     0 Apr  7  2021  Documents
+-rw-r--r-- 1 nothing nothing   411 Apr  7  2021  id_ed25519
+-rw-r--r-- 1 nothing nothing    55 Apr  7  2021  KEEPASS.txt
+drwx------ 2 nothing nothing     0 Mar 27 14:07  lost+found
+drwxr-xr-x 2 nothing nothing     0 Aug 23  2021  Notes
+-rw-r--r-- 1 nothing nothing  2914 Apr  7  2021  nothing.ovpn
+-rw-r--r-- 1 nothing nothing 40510 Mar 26 21:40  Passwords.kdbx
+drwxr-xr-x 2 nothing nothing     0 Apr  7  2021  Photos
+drwxr-xr-x 9 nothing nothing     0 Mar 25 09:42  Random_Files
+-rw-r--r-- 1 nothing nothing     1 May 27  2021  Readme.md
+drwxr-xr-x 7 nothing nothing     0 Jul  1  2021  SSH
+drwxr-xr-x 2 nothing nothing     0 Apr  7  2021  Templates
+drwxr-xr-x 2 nothing nothing     0 Jun  6  2021 'void.yt setup'
+</pre></code>
+
+<p>Special thanks to skid9000 from the <a href="https://anjara.eu/">anjara.eu</a> staff for helping me update this tutorial. (23/09/2020)</p>
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+	<!-- +++++ Footer Section +++++ -->
+
+	<div id="cisb">
+		<div class="container">
+			<div class="row">
+				<div class="col-lg-4">
+					<h4>Nihilism</h4>
+          <p>
+						Until there is Nothing left.</p></br></br><p>Creative Commons Zero: <a href="../../../../opsec/runtheblog/index.html">No Rights Reserved</a></br><img src="\CC0.png">
+						
+					</p>
+				</div><!-- /col-lg-4 -->
+
+				<div class="col-lg-4">
+					<h4>My Links</h4>
+					<p>
+
+						<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FBD4qkVq8lJUgjHt0kUaxeQBYsKaxDejeecxm6-2vOwI%3D%40b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion%2FpyfV2wlxrcepw8g2OHINsMNuVmpsZsAo%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAgePBM9B_duSC7yFaBWI8Dp_jJO62NpTwJN2wsAXeQis%253D&data=%7B%22groupLinkId%22%3A%22rrxS6sZIQHHjO9RUJsjrVA%3D%3D%22%7D">SimpleX Chat</a><br/>
+
+					</p>
+				</div><!-- /col-lg-4 -->
+
+				<div class="col-lg-4">
+					<h4>About nihilist</h4>
+					<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@contact.nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
+				</div><!-- /col-lg-4 -->
+
+			</div>
+
+		</div>
+	</div>
+
+
+    <!-- Bootstrap core JavaScript
+    ================================================== -->
+    <!-- Placed at the end of the document so the pages load faster -->
+    
+  </body>
+</html>
--- a/opsec/nextcloud/index.html
+++ b/opsec/nextcloud/index.html
@ -0,0 +1,332 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="">
+    <meta name="author" content="">
+    <link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
+
+    <title>Nextcloud .onion server</title>
+
+    <!-- Bootstrap core CSS -->
+    <link href="../../assets/css/bootstrap.css" rel="stylesheet">
+	<link href="../../assets/css/xt256.css" rel="stylesheet">
+    
+    
+
+
+    <!-- Custom styles for this template -->
+    <link href="../../assets/css/main.css" rel="stylesheet">
+
+    
+
+    <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
+    <!--[if lt IE 9]>
+      <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
+      <script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
+    <![endif]-->
+  </head>
+
+  <body>
+
+    <!-- Static navbar -->
+    <div class="navbar navbar-inverse-anon navbar-static-top">
+      <div class="container">
+        <div class="navbar-header">
+          <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+          </button>
+          <a class="navbar-brand-anon" href="\index.html">The Nihilism Blog</a>
+        </div>
+        <div class="navbar-collapse collapse">
+          <ul class="nav navbar-nav navbar-right">
+
+            <li><a  href="/about.html">About</a></li>
+            <li><a  href="/blog.html">Categories</a></li>
+<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
+            <li><a  href="/contact.html">Contact</a></li>
+          </ul>
+        </div><!--/.nav-collapse -->
+        
+      </div>
+    </div>
+
+	<!-- +++++ Posts Lists +++++ -->
+	<!-- +++++ First Post +++++ -->
+	<div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+  					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>Optimist - 23 / 03 / 2025</ba></p>
+					<h1>Nextcloud .onion server</h1>
+					<img src="../nextcloud/logo.png" class="imgRz">
+		  <p> In this tutorial we're going to cover how you can install an .onion only Nextcloud instance, it is a FOSS software meant to replace popular websites like google drive, which can be ideal to make sure that your files are backed up somewhere, all while preserving anonymity. </p>
+          
+	       </div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /grey -->
+
+	<!-- +++++ Second Post +++++ -->
+	<div id="anon3">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Serverside Setup </b></h2>
+
+<p>So for this tutorial we're going to go with a Debian server to install nextcloud via snap: </p>
+<pre><code>
+su -
+apt update -y
+<!--apt install snapd sudo ufw fuse squashfuse -y-->
+apt install snapd sudo curl mlocate nginx -y
+/sbin/usermod -aG sudo [NAME OF THE NON-PRIVILEGED USER]
+/sbin/ufw enable
+snap install core
+
+</code></pre>
+
+<p>Using snap, installing nextcloud is fairly simple:</p>
+<pre><code>
+snap install nextcloud
+
+ip a | grep inet
+curl ifconfig.me
+
+</code></pre>
+<p> you can verify that the nextcloud server works by going at the ip adress of the server http://server_ip/ where you'll create the administrator account.</p>
+<img src="41.png" class="imgRz">
+<p>Once that's done you should have access to your nextcloud instance, but instead of accessing it through the ip address, we'll set it up in such a way that we can access it through an .onion domain name. </p>
+<p>So we follow <a href="../torwebsite/index.html">this tutorial</a> to have our own custom .domain name:</p>
+<pre><code class="nim">
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ cat /etc/tor/torrc
+
+HiddenServiceDir /var/lib/tor/onions/nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/
+HiddenServicePort 80 127.0.0.1:4443
+SocksPort 127.0.0.1:9050
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ systemctl restart tor@default
+
+</pre></code>
+<p>Then we setup a reverse nginx proxy to make sure that the onion requests get redirected to the correct IP: </p>
+<pre><code class="nim">
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ rm /etc/nginx/sites-*/default
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ cat /etc/nginx/sites-available/cloud.conf
+upstream cloudbackend {
+        server 192.168.100.130:80;
+}
+
+server {
+        ######## TOR WEBSITE ########
+        listen 4443;
+        listen [::]:4443;
+        server_name cloud.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion;
+
+        location / {
+                proxy_pass http://cloudbackend;
+                proxy_http_version 1.1;
+                proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Connection "Upgrade";
+                client_max_body_size 20G;
+        }
+}
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ ln -s /etc/nginx/sites-available/cloud.conf /etc/nginx/sites-enabled/
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ nginx -s reload
+ 
+</pre></code>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+  <div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Configuring Nextcloud</b></h2> </br> </br>
+<p>Now that we have the domain name pointing to the public ip address of the nextcloud server, we can setup the https certificate using let'sencrypt, just
+	ssh into your server once more and run the following commands: </p>
+<pre><code>
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ /var/snap/nextcloud/common/nextcloud/data# PATH=$PATH:/snap/bin/
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ /var/snap/nextcloud/common/nextcloud/data# which nextcloud.occ
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ /snap/bin/nextcloud.occ
+
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ /snap/bin/nextcloud.disable-https
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ /snap/bin/nextcloud.occ config:system:set trusted_domains 1 --value=cloud.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ /snap/bin/nextcloud.occ config:system:set overwritehost --value="cloud.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion"
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ /snap/bin/nextcloud.occ config:system:set overwriteprotocol --value="http"
+
+</code></pre>
+<p> And once that's done, you can access your nextcloud instance from your onion domain:</p>
+<img src="42.png" class="imgRz">
+<p>In order to upgrade your nextcloud, you can run the following, and also add it to cron to run automatically every day at midnight: </p>
+<pre><code class="nim">
+root@cloud:~# sudo snap refresh nextcloud
+snap "nextcloud" has no updates available
+
+root@cloud:~# crontab -e
+
+[...]
+
+0 0 * * * /usr/bin/snap refresh nextcloud
+
+:wq
+
+
+--2022-12-17 20:34:07--  https://github.com/cronitorio/cronitor-cli/releases/download/28.8/linux_amd64.tar.gz
+Resolving github.com (github.com)... 140.82.121.3
+Connecting to github.com (github.com)|140.82.121.3|:443... connected.
+HTTP request sent, awaiting response... 302 Found
+Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/274548350/682877d8-1d52-4029-9777-425f3da0f77c?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20221217%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221217T193407Z&X-Amz-Expires=300&X-Amz-Signature=1bf21514b0120917047558bc2d6de9d2f900d34dba04cfd3d30838b59ae4701e&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=274548350&response-content-disposition=attachment%3B%20filename%3Dlinux_amd64.tar.gz&response-content-type=application%2Foctet-stream [following]
+--2022-12-17 20:34:07--  https://objects.githubusercontent.com/github-production-release-asset-2e65be/274548350/682877d8-1d52-4029-9777-425f3da0f77c?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20221217%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221217T193407Z&X-Amz-Expires=300&X-Amz-Signature=1bf21514b0120917047558bc2d6de9d2f900d34dba04cfd3d30838b59ae4701e&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=274548350&response-content-disposition=attachment%3B%20filename%3Dlinux_amd64.tar.gz&response-content-type=application%2Foctet-stream
+Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.110.133, 185.199.108.133, 185.199.109.133, ...
+Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.110.133|:443... connected.
+HTTP request sent, awaiting response... 200 OK
+Length: 6326130 (6.0M) [application/octet-stream]
+Saving to: ‘linux_amd64.tar.gz’
+
+linux_amd64.tar.gz                                           100%[===========================================================================================================================================>]   6.03M  6.47MB/s    in 0.9s
+
+2022-12-17 20:34:09 (6.47 MB/s) - ‘linux_amd64.tar.gz’ saved [6326130/6326130]
+
+root@cloud:~# sudo tar xvf linux_amd64.tar.gz -C /usr/bin/
+cronitor
+root@cloud:~# sudo cronitor configure --api-key 1234567890
+
+Configuration File:
+/etc/cronitor/cronitor.json
+
+Version:
+28.8
+
+API Key:
+1234567890
+
+Ping API Key:
+Not Set
+
+Environment:
+Not Set
+
+Hostname:
+cloud
+
+Timezone Location:
+{Europe/Paris}
+
+Debug Log:
+Off
+root@cloud:~# cronitor select
+
+✔ /usr/bin/snap refresh nextcloud
+----► Running command: /usr/bin/snap refresh nextcloud
+
+snap "nextcloud" has no updates available
+
+----► ✔ Command successful    Elapsed time 0.451s
+</pre></code>
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+
+  <!-- +++++ Second Post +++++ -->
+	<div id="anon1">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+		  <h2><b>Clientside Setup</b></h2> </br> </br>
+
+<p>Now you can install the official nextcloud client <a href="https://nextcloud.com/install/#install-clients">here</a></p>
+<pre><code class="nim">
+[ cloud ] [ /dev/pts/1 ] [/snap/bin]
+→ apt install tor nextcloud-desktop -y
+
+</pre></code>
+<img src="25.png" class="imgRz">
+<p>Here as you try to login you'll first see that it can't resolve the .onion domain, which is normal as you need to tell nextcloud to use the local tor socks5 proxy, available on 127.0.01:9050</p>
+<img src="43.png" class="imgRz">
+<p>Afterward, you need to copy the authorization link into the tor browser to validate the request:</p>
+<img src="44.png" class="imgRz">
+<img src="45.png" class="imgRz">
+<img src="46.png" class="imgRz">
+<p>Once you have granted access, you can start to sync your nextcloud instance files locally:</p>
+<img src="47.png" class="imgRz">
+
+<p>Once logged in you can check the progress in the system tray:</p>
+<img src="31.png" class="imgRz">
+<p>Then let it sync, it can take a while due to the low bandwidth of Tor.</p>
+<img src="32.png" class="imgRz">
+<p>And that's it ! You now have a local folder that is synchronized with your nextcloud instance.</p>
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+	<!-- +++++ Footer Section +++++ -->
+
+	<div id="anonb">
+		<div class="container">
+			<div class="row">
+				<div class="col-lg-4">
+					<h4>Nihilism</h4>
+          <p>
+						Until there is Nothing left.</p></br></br><p>Creative Commons Zero: <a href="../../../../opsec/runtheblog/index.html">No Rights Reserved</a></br><img src="\CC0.png">
+						
+					</p>
+				</div><!-- /col-lg-4 -->
+
+				<div class="col-lg-4">
+					<h4>My Links</h4>
+					<p>
+
+						<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FBD4qkVq8lJUgjHt0kUaxeQBYsKaxDejeecxm6-2vOwI%3D%40b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion%2FpyfV2wlxrcepw8g2OHINsMNuVmpsZsAo%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAgePBM9B_duSC7yFaBWI8Dp_jJO62NpTwJN2wsAXeQis%253D&data=%7B%22groupLinkId%22%3A%22rrxS6sZIQHHjO9RUJsjrVA%3D%3D%22%7D">SimpleX Chat</a><br/>
+
+					</p>
+				</div><!-- /col-lg-4 -->
+
+				<div class="col-lg-4">
+					<h4>About nihilist</h4>
+					<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@contact.nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
+				</div><!-- /col-lg-4 -->
+
+			</div>
+
+		</div>
+	</div>
+
+
+    <!-- Bootstrap core JavaScript
+    ================================================== -->
+    <!-- Placed at the end of the document so the pages load faster -->
+    
+  </body>
+</html>
--- a/opsec/nextcloud/logo.png
+++ b/opsec/nextcloud/logo.png
--- a/opsec/nextcloud/nextcloud.conf
+++ b/opsec/nextcloud/nextcloud.conf
@ -0,0 +1,23 @@
+[nextcloud]
+
+listen = /run/php/nextcloud.sock
+listen.owner = www-data
+listen.group = www-data
+listen.mode = 0660
+
+user = nextcloud
+group = www-data
+
+pm = dynamic
+pm.max_children = 120
+pm.start_servers = 12
+pm.min_spare_servers = 6
+pm.max_spare_servers = 18
+
+chdir = /
+
+pm.status_path = /status
+
+env[HOSTNAME] = $HOSTNAME
+env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
--- a/opsec/nextcloud/nextcloud_http.conf
+++ b/opsec/nextcloud/nextcloud_http.conf
@ -0,0 +1,121 @@
+
+upstream php-handler {
+    server unix:/run/php/nextcloud.sock;
+}
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name ech1.duckdns.org
+
+    # Remove X-Powered-By, which is an information leak
+    fastcgi_hide_header X-Powered-By;
+
+    # Path to the root of your installation
+    root /var/www/nextcloud;
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    # The following 2 rules are only needed for the user_webfinger app.
+    # Uncomment it if you're planning to use this app.
+    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
+
+    # The following rule is only needed for the Social app.
+    # Uncomment it if you're planning to use this app.
+    #rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
+
+    location = /.well-known/carddav {
+      return 301 $scheme://$host:$server_port/remote.php/dav;
+    }
+    location = /.well-known/caldav {
+      return 301 $scheme://$host:$server_port/remote.php/dav;
+    }
+
+    # set max upload size
+    client_max_body_size 512M;
+    fastcgi_buffers 64 4K;
+
+    # Enable gzip but do not remove ETag headers
+    gzip on;
+    gzip_vary on;
+    gzip_comp_level 4;
+    gzip_min_length 256;
+    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+
+    # Uncomment if your server is build with the ngx_pagespeed module
+    # This module is currently not supported.
+    #pagespeed off;
+
+    location / {
+        rewrite ^ /index.php;
+    }
+
+    location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
+        deny all;
+    }
+    location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
+        deny all;
+    }
+
+    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
+        fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
+        set $path_info $fastcgi_path_info;
+        try_files $fastcgi_script_name =404;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $path_info;
+        #fastcgi_param HTTPS on;
+        # Avoid sending the security headers twice
+        fastcgi_param modHeadersAvailable true;
+        # Enable pretty urls
+        fastcgi_param front_controller_active true;
+        fastcgi_pass php-handler;
+        fastcgi_intercept_errors on;
+        fastcgi_request_buffering off;
+    }
+
+    location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
+        try_files $uri/ =404;
+        index index.php;
+    }
+
+    # Adding the cache control header for js, css and map files
+    # Make sure it is BELOW the PHP block
+    location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
+        try_files $uri /index.php$request_uri;
+        add_header Cache-Control "public, max-age=15778463";
+        # Add headers to serve security related headers (It is intended to
+        # have those duplicated to the ones above)
+        # Before enabling Strict-Transport-Security headers please read into
+        # this topic first.
+        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
+        #
+        # WARNING: Only add the preload option once you read about
+        # the consequences in https://hstspreload.org/. This option
+        # will add the domain to a hardcoded list that is shipped
+        # in all major browsers and getting removed from this list
+        # could take several months.
+        add_header Referrer-Policy "no-referrer" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header X-Download-Options "noopen" always;
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header X-Permitted-Cross-Domain-Policies "none" always;
+        add_header X-Robots-Tag "none" always;
+        add_header X-XSS-Protection "1; mode=block" always;
+
+        # Optional: Don't log access to assets
+        access_log off;
+    }
+
+    location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
+        try_files $uri /index.php$request_uri;
+        # Optional: Don't log access to other assets
+        access_log off;
+    }
+}
--- a/opsec/nextcloud/nginx.conf
+++ b/opsec/nextcloud/nginx.conf
@ -0,0 +1,182 @@
+upstream php-handler {
+    server unix:/run/php/nextcloud.sock;
+}
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name cloud.void.yt;
+    # enforce https
+    return 301 https://$server_name$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name cloud.void.yt;
+
+    # Use Mozilla's guidelines for SSL/TLS settings
+    # https://mozilla.github.io/server-side-tls/ssl-config-generator/
+    # NOTE: some settings below might be redundant
+    ssl_certificate /root/.acme.sh/cloud.void.yt/fullchain.cer;
+    ssl_trusted_certificate /root/.acme.sh/cloud.void.yt/cloud.void.yt.cer;
+    ssl_certificate_key /root/.acme.sh/cloud.void.yt/cloud.void.yt.key;
+
+    # Add headers to serve security related headers
+    # Before enabling Strict-Transport-Security headers please read into this
+    # topic first.
+    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
+    #
+    # WARNING: Only add the preload option once you read about
+    # the consequences in https://hstspreload.org/. This option
+    # will add the domain to a hardcoded list that is shipped
+    # in all major browsers and getting removed from this list
+    # could take several months.
+
+    ssl_protocols TLSv1.3 TLSv1.2;
+        ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+        ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
+        ssl_session_timeout 10m;
+        ssl_session_tickets off;
+        ssl_ecdh_curve auto;
+        ssl_stapling on;
+        ssl_stapling_verify on;
+        resolver 80.67.188.188 80.67.169.40 valid=300s;
+        resolver_timeout 10s;
+
+    add_header Referrer-Policy "no-referrer" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-Download-Options "noopen" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Permitted-Cross-Domain-Policies "none" always;
+    add_header X-Robots-Tag "none" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
+
+    # Remove X-Powered-By, which is an information leak
+    fastcgi_hide_header X-Powered-By;
+
+    # Path to the root of your installation
+    root /var/www/nextcloud;
+
+    location ^~ /.well-known {
+        # The following 6 rules are borrowed from `.htaccess`
+
+        location = /.well-known/carddav     { return 301 /remote.php/dav/; }
+        location = /.well-known/caldav      { return 301 /remote.php/dav/; }
+        # Anything else is dynamically handled by Nextcloud
+        location ^~ /.well-known            { return 301 /index.php$uri; }
+
+        try_files $uri $uri/ =404;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    # The following 2 rules are only needed for the user_webfinger app.
+    # Uncomment it if you're planning to use this app.
+    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
+
+    # The following rule is only needed for the Social app.
+    # Uncomment it if you're planning to use this app.
+    #rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
+
+    location = /.well-known/carddav {
+      return 301 $scheme://$host:$server_port/remote.php/dav;
+    }
+    location = /.well-known/caldav {
+      return 301 $scheme://$host:$server_port/remote.php/dav;
+    }
+
+    # set max upload size
+    client_max_body_size 512M;
+    fastcgi_buffers 64 4K;
+
+    # Enable gzip but do not remove ETag headers
+    gzip on;
+    gzip_vary on;
+    gzip_comp_level 4;
+    gzip_min_length 256;
+    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+
+    # Uncomment if your server is build with the ngx_pagespeed module
+    # This module is currently not supported.
+    #pagespeed off;
+
+    location / {
+        rewrite ^ /index.php;
+    }
+
+    location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
+        deny all;
+    }
+    location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
+        deny all;
+    }
+
+    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
+        fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
+        set $path_info $fastcgi_path_info;
+        try_files $fastcgi_script_name =404;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $path_info;
+        fastcgi_param HTTPS on;
+        # Avoid sending the security headers twice
+        fastcgi_param modHeadersAvailable true;
+        # Enable pretty urls
+        fastcgi_param front_controller_active true;
+        fastcgi_pass php-handler;
+        fastcgi_intercept_errors on;
+        fastcgi_request_buffering off;
+    }
+
+    location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
+        try_files $uri/ =404;
+        index index.php;
+    }
+
+    # Adding the cache control header for js, css and map files
+    # Make sure it is BELOW the PHP block
+    location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
+        try_files $uri /index.php$request_uri;
+        add_header Cache-Control "public, max-age=15778463";
+        # Add headers to serve security related headers (It is intended to
+        # have those duplicated to the ones above)
+        # Before enabling Strict-Transport-Security headers please read into
+        # this topic first.
+        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
+        #
+        # WARNING: Only add the preload option once you read about
+        # the consequences in https://hstspreload.org/. This option
+        # will add the domain to a hardcoded list that is shipped
+        # in all major browsers and getting removed from this list
+        # could take several months.
+        add_header Referrer-Policy "no-referrer" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header X-Download-Options "noopen" always;
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header X-Permitted-Cross-Domain-Policies "none" always;
+        add_header X-Robots-Tag "none" always;
+        add_header X-XSS-Protection "1; mode=block" always;
+
+        # Optional: Don't log access to assets
+        access_log off;
+    }
+
+    location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
+        try_files $uri /index.php$request_uri;
+        # Optional: Don't log access to other assets
+        access_log off;
+    }
+}
+
+
+
+
--- a/opsec/nextcloud/nginx2.conf
+++ b/opsec/nextcloud/nginx2.conf
@ -0,0 +1,182 @@
+stream php-handler {
+    server unix:/run/php/nextcloud.sock;
+}
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name cloud.void.yt;
+    # enforce https
+    return 301 https://$server_name$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name cloud.void.yt;
+
+    # Use Mozilla's guidelines for SSL/TLS settings
+    # https://mozilla.github.io/server-side-tls/ssl-config-generator/
+    # NOTE: some settings below might be redundant
+    ssl_certificate /root/.acme.sh/cloud.void.yt/fullchain.cer;
+    ssl_trusted_certificate /root/.acme.sh/cloud.void.yt/cloud.void.yt.cer;
+    ssl_certificate_key /root/.acme.sh/cloud.void.yt/cloud.void.yt.key;
+
+    # Add headers to serve security related headers
+    # Before enabling Strict-Transport-Security headers please read into this
+    # topic first.
+    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
+    #
+    # WARNING: Only add the preload option once you read about
+    # the consequences in https://hstspreload.org/. This option
+    # will add the domain to a hardcoded list that is shipped
+    # in all major browsers and getting removed from this list
+    # could take several months.
+
+    ssl_protocols TLSv1.3 TLSv1.2;
+        ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+        ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
+        ssl_session_timeout 10m;
+        ssl_session_tickets off;
+        ssl_ecdh_curve auto;
+        ssl_stapling on;
+        ssl_stapling_verify on;
+        resolver 80.67.188.188 80.67.169.40 valid=300s;
+        resolver_timeout 10s;
+
+    add_header Referrer-Policy "no-referrer" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-Download-Options "noopen" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Permitted-Cross-Domain-Policies "none" always;
+    add_header X-Robots-Tag "none" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
+
+    # Remove X-Powered-By, which is an information leak
+    fastcgi_hide_header X-Powered-By;
+
+    # Path to the root of your installation
+    root /var/www/nextcloud;
+
+    location ^~ /.well-known {
+        # The following 6 rules are borrowed from `.htaccess`
+
+        location = /.well-known/carddav     { return 301 /remote.php/dav/; }
+        location = /.well-known/caldav      { return 301 /remote.php/dav/; }
+        # Anything else is dynamically handled by Nextcloud
+        location ^~ /.well-known            { return 301 /index.php$uri; }
+
+        try_files $uri $uri/ =404;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    # The following 2 rules are only needed for the user_webfinger app.
+    # Uncomment it if you're planning to use this app.
+    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
+
+    # The following rule is only needed for the Social app.
+    # Uncomment it if you're planning to use this app.
+    #rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
+
+    location = /.well-known/carddav {
+      return 301 $scheme://$host:$server_port/remote.php/dav;
+    }
+    location = /.well-known/caldav {
+      return 301 $scheme://$host:$server_port/remote.php/dav;
+    }
+
+    # set max upload size
+    client_max_body_size 512M;
+    fastcgi_buffers 64 4K;
+
+    # Enable gzip but do not remove ETag headers
+    gzip on;
+    gzip_vary on;
+    gzip_comp_level 4;
+    gzip_min_length 256;
+    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+
+    # Uncomment if your server is build with the ngx_pagespeed module
+    # This module is currently not supported.
+    #pagespeed off;
+
+    location / {
+        rewrite ^ /index.php;
+    }
+
+    location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
+        deny all;
+    }
+    location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
+        deny all;
+    }
+
+    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
+        fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
+        set $path_info $fastcgi_path_info;
+        try_files $fastcgi_script_name =404;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $path_info;
+        fastcgi_param HTTPS on;
+        # Avoid sending the security headers twice
+        fastcgi_param modHeadersAvailable true;
+        # Enable pretty urls
+        fastcgi_param front_controller_active true;
+        fastcgi_pass php-handler;
+        fastcgi_intercept_errors on;
+        fastcgi_request_buffering off;
+    }
+
+    location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
+        try_files $uri/ =404;
+        index index.php;
+    }
+
+    # Adding the cache control header for js, css and map files
+    # Make sure it is BELOW the PHP block
+    location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
+        try_files $uri /index.php$request_uri;
+        add_header Cache-Control "public, max-age=15778463";
+        # Add headers to serve security related headers (It is intended to
+        # have those duplicated to the ones above)
+        # Before enabling Strict-Transport-Security headers please read into
+        # this topic first.
+        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
+        #
+        # WARNING: Only add the preload option once you read about
+        # the consequences in https://hstspreload.org/. This option
+        # will add the domain to a hardcoded list that is shipped
+        # in all major browsers and getting removed from this list
+        # could take several months.
+        add_header Referrer-Policy "no-referrer" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header X-Download-Options "noopen" always;
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header X-Permitted-Cross-Domain-Policies "none" always;
+        add_header X-Robots-Tag "none" always;
+        add_header X-XSS-Protection "1; mode=block" always;
+
+        # Optional: Don't log access to assets
+        access_log off;
+    }
+
+    location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
+        try_files $uri /index.php$request_uri;
+        # Optional: Don't log access to other assets
+        access_log off;
+    }
+}
+
+
+
+
--- a/opsec/nextcloud/notes.sh
+++ b/opsec/nextcloud/notes.sh
@ -0,0 +1,106 @@
+#!/bin/bash
+
+if [ "$(whoami)" != "root" ]; then
+SUDO=sudo
+fi
+
+
+apt-get -y install apt-transport-https lsb-release ca-certificates curl -y
+wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
+sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
+apt-get update -y
+
+sudo apt install php7.4-fpm php7.4-curl php7.4-cli php7.4-mysql php7.4-gd php7.4-common php7.4-xml php7.4-json php7.4-intl php7.4-dev php7.4-common php7.4-mbstring php7.4-zip php7.4-soap php7.4-bz2 -y
+
+
+sudo apt update
+sudo apt install nginx -y
+
+systemctl start nginx
+systemctl enable nginx
+systemctl status nginx
+
+cd /etc/php/7.4/
+
+echo 'date.timezone = Europe/Paris' >> fpm/php.ini
+echo 'date.timezone = Europe/Paris' >> cli/php.ini
+
+echo 'cgi.fix_pathinfo=0' >> fpm/php.ini
+echo 'cgi.fix_pathinfo=0' >> cli/php.ini
+
+echo 'env[HOSTNAME] = $HOSTNAME' >> fpm/pool.d/www.conf
+echo 'env[PATH] = /usr/local/bin:/usr/bin:/bin' >> fpm/pool.d/www.conf
+echo 'env[TMP] = /tmp' >> fpm/pool.d/www.conf
+echo 'env[TMPDIR] = /tmp' >> fpm/pool.d/www.conf
+echo 'env[TEMP] = /tmp' >> fpm/pool.d/www.conf
+
+systemctl restart php7.4-fpm
+systemctl enable php7.4-fpm
+
+ss -xa | grep php
+systemctl status php7.4-fpm
+
+sudo apt install mariadb-server -y
+systemctl start mariadb
+systemctl enable mariadb
+systemctl status mariadb
+
+
+mysql_secure_installation
+#Enter current password for root (enter for none): Press Enter
+#Set root password? [Y/n] Y
+#Remove anonymous users? [Y/n] Y
+#Disallow root login remotely? [Y/n] Y
+#Remove test database and access to it? [Y/n] Y
+#Reload privilege tables now? [Y/n] Y
+
+mysql -u root -p
+#TYPE THE MYSQL ROOT PASSWORD
+
+#create database nextcloud_db;
+#create user nextclouduser@localhost identified by 'P@SSW0RD';
+#grant all privileges on nextcloud_db.* to nextclouduser@localhost identified by 'P@SSW0RD';
+#flush privileges;
+ 
+#CREDENTIALS FOR NEXTCLOUD_DB : nextclouduser:P@SSW0RD (needed for later)
+
+apt install certbot -y
+systemctl stop nginx
+
+#sign in with github to https://www.duckdns.org/
+certbot certonly --standalone -d ech2.duckdns.org
+ 
+sudo apt install wget unzip zip -y
+
+cd /var/www/
+wget -q https://download.nextcloud.com/server/releases/latest.zip
+
+unzip -qq latest.zip
+sudo chown -R www-data:www-data /var/www/nextcloud
+
+cd /etc/nginx/sites-available/
+wget https://ech1.netlify.app/servers/nextcloud/nginx.conf -O nextcloud
+nano nextcloud
+#edit the ech2 to something else (CTRL+W ech2 then enter)
+#once ur done do ctrl+X to quit
+
+ln -s /etc/nginx/sites-available/nextcloud /etc/nginx/sites-enabled/
+nginx -t
+
+systemctl restart nginx
+systemctl restart php7.4-fpm
+
+apt install ufw
+
+ufw allow ssh
+ufw allow http
+ufw allow https
+
+ufw enable
+ufw status numbered
+
+
+#https://ech2.duckdns.org
+
+#new creds for admin user
+#then the mysql creds (nextclouduser:P@SSW0RD)