========== PI SNAPSHOT ========== === SYSTEM === PRETTY_NAME="Debian GNU/Linux 13 (trixie)" NAME="Debian GNU/Linux" VERSION_ID="13" VERSION="13 (trixie)" VERSION_CODENAME=trixie DEBIAN_VERSION_FULL=13.3 ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" Linux sosopi 6.12.62+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.12.62-1+rpt1 (2025-12-18) aarch64 GNU/Linux Revision : d04171 Model : Raspberry Pi 5 Model B Rev 1.1 --- Memory --- total used free shared buff/cache available Mem: 7.9Gi 2.1Gi 278Mi 154Mi 5.9Gi 5.7Gi Swap: 2.0Gi 83Mi 1.9Gi --- Disk --- Filesystem Size Used Avail Use% Mounted on udev 3.9G 0 3.9G 0% /dev tmpfs 1.6G 20M 1.6G 2% /run /dev/mmcblk0p2 59G 20G 36G 36% / tmpfs 4.0G 0 4.0G 0% /dev/shm tmpfs 5.0M 48K 5.0M 1% /run/lock tmpfs 1.0M 0 1.0M 0% /run/credentials/systemd-journald.service tmpfs 4.0G 0 4.0G 0% /tmp /dev/mmcblk0p1 510M 66M 445M 13% /boot/firmware /dev/sdb1 916G 41G 830G 5% /mnt/storage /dev/sda2 916G 485G 385G 56% /mnt/backup tmpfs 1.0M 0 1.0M 0% /run/credentials/getty@tty1.service tmpfs 1.0M 0 1.0M 0% /run/credentials/serial-getty@ttyAMA10.service overlay 59G 20G 36G 36% /var/lib/docker/rootfs/overlayfs/904aede0f2879d36a17e66edea1cee2935f13c91a9a48bfcd98eed12eee6e3b7 overlay 59G 20G 36G 36% /var/lib/docker/rootfs/overlayfs/4393061109fecc009dc862212e80ee2deb4b4f0839fa9f201cd1fea7c3ac71c6 overlay 59G 20G 36G 36% /var/lib/docker/rootfs/overlayfs/b9558cf183f93aaa6b91709ec318e9991e11f2886307c90283cac3d480b83aee overlay 59G 20G 36G 36% /var/lib/docker/rootfs/overlayfs/669e90978ffce2915fa4addaaa25c887f294bdac1fd0662c52dea5ef812d53fb overlay 59G 20G 36G 36% /var/lib/docker/rootfs/overlayfs/10d3c6f60e0ec0b4844066a5b5522c9ad70769f75c7a1f3f32bf6e677f4e569e overlay 59G 20G 36G 36% /var/lib/docker/rootfs/overlayfs/b2506ba7fbbeac3e96da9d538dc67f125f3bcc4d291069220397aa821892b925 overlay 59G 20G 36G 36% /var/lib/docker/rootfs/overlayfs/fd1aea43b9f220d5867b85ad220b81c0eeea2d5674e0b0832d12ffa74ad2732b tmpfs 807M 32K 807M 1% /run/user/1000 === RUNNING SERVICES === AdGuardHome.service loaded active running AdGuard Home: Network-level blocker avahi-daemon.service loaded active running Avahi mDNS/DNS-SD Stack bluetooth.service loaded active running Bluetooth service cafedash.service loaded active running Cafe Dash App containerd.service loaded active running containerd container runtime cron.service loaded active running Regular background program processing daemon dbus.service loaded active running D-Bus System Message Bus docker.service loaded active running Docker Application Container Engine getty@tty1.service loaded active running Getty on tty1 ModemManager.service loaded active running Modem Manager NetworkManager.service loaded active running Network Manager nmbd.service loaded active running Samba NMB Daemon polkit.service loaded active running Authorization Manager serial-getty@ttyAMA10.service loaded active running Serial Getty on ttyAMA10 smbd.service loaded active running Samba SMB Daemon ssh.service loaded active running OpenBSD Secure Shell server systemd-journald.service loaded active running Journal Service systemd-logind.service loaded active running User Login Management systemd-timesyncd.service loaded active running Network Time Synchronization systemd-udevd.service loaded active running Rule-based Manager for Device Events and Files tailscaled.service loaded active running Tailscale node agent user@1000.service loaded active running User Manager for UID 1000 winbind.service loaded active running Samba Winbind Daemon wpa_supplicant.service loaded active running WPA supplicant === LISTENING PORTS === State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess LISTEN 0 100 0.0.0.0:21064 0.0.0.0:* users:(("python3",pid=2152,fd=57)) LISTEN 0 100 0.0.0.0:21065 0.0.0.0:* users:(("python3",pid=2152,fd=62)) LISTEN 0 100 0.0.0.0:21066 0.0.0.0:* users:(("python3",pid=2152,fd=39)) LISTEN 0 128 0.0.0.0:5000 0.0.0.0:* users:(("python",pid=1148,fd=3)) LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=1169,fd=6)) LISTEN 0 50 0.0.0.0:139 0.0.0.0:* users:(("smbd",pid=1275,fd=31)) LISTEN 0 50 0.0.0.0:445 0.0.0.0:* users:(("smbd",pid=1275,fd=30)) LISTEN 0 4096 127.0.0.1:18554 0.0.0.0:* users:(("go2rtc",pid=2448,fd=6)) LISTEN 0 4096 0.0.0.0:2283 0.0.0.0:* users:(("docker-proxy",pid=2056,fd=8)) LISTEN 0 4096 100.95.1.86:62751 0.0.0.0:* users:(("tailscaled",pid=1153,fd=21)) LISTEN 0 128 0.0.0.0:8123 0.0.0.0:* users:(("python3",pid=2152,fd=11)) LISTEN 0 4096 0.0.0.0:8080 0.0.0.0:* users:(("docker-proxy",pid=1996,fd=8)) LISTEN 0 100 [::]:21064 [::]:* users:(("python3",pid=2152,fd=59)) LISTEN 0 100 [::]:21065 [::]:* users:(("python3",pid=2152,fd=63)) LISTEN 0 100 [::]:21066 [::]:* users:(("python3",pid=2152,fd=54)) LISTEN 0 4096 *:53 *:* users:(("AdGuardHome",pid=1223,fd=13)) LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=1169,fd=7)) LISTEN 0 50 [::]:139 [::]:* users:(("smbd",pid=1275,fd=29)) LISTEN 0 50 [::]:445 [::]:* users:(("smbd",pid=1275,fd=28)) LISTEN 0 4096 [fd7a:115c:a1e0::d801:1a9]:39208 [::]:* users:(("tailscaled",pid=1153,fd=23)) LISTEN 0 4096 *:3000 *:* users:(("AdGuardHome",pid=1223,fd=12)) LISTEN 0 4096 *:18555 *:* users:(("go2rtc",pid=2448,fd=9)) LISTEN 0 4096 [::]:2283 [::]:* users:(("docker-proxy",pid=2062,fd=8)) LISTEN 0 128 [::]:8123 [::]:* users:(("python3",pid=2152,fd=12)) LISTEN 0 4096 [::]:8080 [::]:* users:(("docker-proxy",pid=2002,fd=8)) === DOCKER CONTAINERS === NAMES IMAGE PORTS STATUS nextcloud-db-1 mariadb 3306/tcp Up 41 hours nextcloud-nextcloud-1 nextcloud 0.0.0.0:8080->80/tcp, [::]:8080->80/tcp Up 41 hours immich_server ghcr.io/immich-app/immich-server:release 0.0.0.0:2283->2283/tcp, [::]:2283->2283/tcp Up 41 hours (healthy) immich_postgres ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0 5432/tcp Up 41 hours (healthy) immich_machine_learning ghcr.io/immich-app/immich-machine-learning:release Up 41 hours (healthy) immich_redis valkey/valkey:9 6379/tcp Up 41 hours (healthy) homeassistant ghcr.io/home-assistant/home-assistant:stable Up 41 hours === DOCKER COMPOSE FILES === === ENV FILES (AUTO-REDACTED) === === CUSTOM SYSTEMD SERVICES === --- /etc/systemd/system/AdGuardHome.service --- [Unit] Description=AdGuard Home: Network-level blocker ConditionFileIsExecutable=/opt/AdGuardHome/AdGuardHome After=syslog.target network-online.target [Service] StartLimitInterval=5 StartLimitBurst=10 ExecStart=/opt/AdGuardHome/AdGuardHome "-s" "run" WorkingDirectory=/opt/AdGuardHome StandardOutput=journal StandardError=journal Restart=always RestartSec=10 EnvironmentFile=-/etc/sysconfig/AdGuardHome [Install] WantedBy=multi-user.target --- /etc/systemd/system/cafedash.service --- [Unit] Description=Cafe Dash App After=network.target [Service] User=admin WorkingDirectory=/home/admin/cozy_coffee ExecStart=/home/admin/cozy_coffee/venv/bin/python /home/admin/cozy_coffee/cafe_dash.py Restart=always [Install] WantedBy=multi-user.target --- /etc/systemd/system/dbus-fi.w1.wpa_supplicant1.service --- [Unit] Description=WPA supplicant Before=network.target After=dbus.service Wants=network.target IgnoreOnIsolate=true [Service] Type=dbus BusName=fi.w1.wpa_supplicant1 ExecStart=/usr/sbin/wpa_supplicant -u -s -O "DIR=/run/wpa_supplicant GROUP=netdev" ExecReload=/bin/kill -HUP $MAINPID Group=netdev RuntimeDirectory=wpa_supplicant RuntimeDirectoryMode=0750 [Install] WantedBy=multi-user.target Alias=dbus-fi.w1.wpa_supplicant1.service --- /etc/systemd/system/dbus-org.bluez.service --- [Unit] Description=Bluetooth service Documentation=man:bluetoothd(8) ConditionPathIsDirectory=/sys/class/bluetooth [Service] Type=dbus BusName=org.bluez ExecStart=/usr/libexec/bluetooth/bluetoothd NotifyAccess=main #WatchdogSec=10 Restart=on-failure CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE LimitNPROC=1 # Filesystem lockdown ProtectHome=true ProtectSystem=strict PrivateTmp=true ProtectKernelTunables=true ProtectControlGroups=true StateDirectory=bluetooth StateDirectoryMode=0700 ConfigurationDirectory=bluetooth ConfigurationDirectoryMode=0555 # Execute Mappings MemoryDenyWriteExecute=true # Privilege escalation NoNewPrivileges=true # Real-time RestrictRealtime=true [Install] WantedBy=bluetooth.target Alias=dbus-org.bluez.service --- /etc/systemd/system/dbus-org.freedesktop.Avahi.service --- # This file is part of avahi. # # avahi is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as # published by the Free Software Foundation; either version 2 of the # License, or (at your option) any later version. # # avahi is distributed in the hope that it will be useful, but WITHOUT # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public # License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with avahi; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 # USA. [Unit] Description=Avahi mDNS/DNS-SD Stack Requires=avahi-daemon.socket [Service] Type=dbus BusName=org.freedesktop.Avahi ExecStart=/usr/sbin/avahi-daemon -s ExecReload=/usr/sbin/avahi-daemon -r NotifyAccess=main [Install] WantedBy=multi-user.target Also=avahi-daemon.socket Alias=dbus-org.freedesktop.Avahi.service --- /etc/systemd/system/dbus-org.freedesktop.ModemManager1.service --- [Unit] Description=Modem Manager After=polkit.service Requires=polkit.service ConditionVirtualization=!container [Service] Type=dbus BusName=org.freedesktop.ModemManager1 ExecStart=/usr/sbin/ModemManager StandardError=null Restart=on-abort CapabilityBoundingSet=CAP_SYS_ADMIN CAP_NET_ADMIN ProtectSystem=true ProtectHome=true PrivateTmp=true RestrictAddressFamilies=AF_NETLINK AF_UNIX AF_QIPCRTR NoNewPrivileges=true User=root [Install] WantedBy=multi-user.target Alias=dbus-org.freedesktop.ModemManager1.service --- /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service --- [Unit] Description=Network Manager Script Dispatcher Service Documentation=man:NetworkManager-dispatcher.service(8) [Service] Type=dbus BusName=org.freedesktop.nm_dispatcher ExecStart=/usr/libexec/nm-dispatcher NotifyAccess=main # Enable debug logging in dispatcher service. Note that dispatcher # also honors debug logging requests from NetworkManager, so you # can also control logging requests with # `nmcli general logging domain DISPATCHER level TRACE`. #Environment=NM_DISPATCHER_DEBUG_LOG=1 # We want to allow scripts to spawn long-running daemons, so tell # systemd to not clean up when nm-dispatcher exits KillMode=process [Install] Alias=dbus-org.freedesktop.nm-dispatcher.service --- /etc/systemd/system/dbus-org.freedesktop.timesync1.service --- # SPDX-License-Identifier: LGPL-2.1-or-later # # This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. [Unit] Description=Network Time Synchronization Documentation=man:systemd-timesyncd.service(8) ConditionCapability=CAP_SYS_TIME ConditionVirtualization=!container DefaultDependencies=no After=systemd-sysusers.service Before=time-set.target sysinit.target shutdown.target Conflicts=shutdown.target Wants=time-set.target [Service] AmbientCapabilities=CAP_SYS_TIME BusName=org.freedesktop.timesync1 CapabilityBoundingSet=CAP_SYS_TIME # Turn off DNSSEC validation for hostname look-ups, since those need the # correct time to work, but we likely won't acquire that without NTP. Let's # break this chicken-and-egg cycle here. Environment=SYSTEMD_NSS_RESOLVE_VALIDATE=0 ExecStart=!!/usr/lib/systemd/systemd-timesyncd LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes PrivateDevices=yes PrivateTmp=disconnected ProtectProc=invisible ProtectControlGroups=yes ProtectHome=yes ProtectHostname=yes ProtectKernelLogs=yes ProtectKernelModules=yes ProtectKernelTunables=yes ProtectSystem=strict Restart=always RestartSec=0 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 RestrictNamespaces=yes RestrictRealtime=yes RestrictSUIDSGID=yes RuntimeDirectory=systemd/timesync StateDirectory=systemd/timesync SystemCallArchitectures=native SystemCallErrorNumber=EPERM SystemCallFilter=@system-service @clock Type=notify User=systemd-timesync WatchdogSec=3min [Install] WantedBy=sysinit.target Alias=dbus-org.freedesktop.timesync1.service --- /etc/systemd/system/nmb.service --- [Unit] Description=Samba NMB Daemon Documentation=man:nmbd(8) man:samba(7) man:smb.conf(5) Wants=network-online.target After=network.target network-online.target [Service] Type=notify PIDFile=/run/samba/nmbd.pid Environment=NMBDOPTIONS= EnvironmentFile=-/etc/default/samba ExecStart=/usr/sbin/nmbd --foreground --no-process-group $NMBDOPTIONS ExecReload=/bin/kill -HUP $MAINPID LimitCORE=infinity ExecCondition=/usr/share/samba/is-configured nmb [Install] WantedBy=multi-user.target # Upstream name: Alias=nmb.service --- /etc/systemd/system/samba.service --- [Unit] Description=Samba AD Daemon Documentation=man:samba(8) man:samba(7) man:smb.conf(5) Wants=network-online.target After=network.target network-online.target [Service] Type=notify PIDFile=/run/samba/samba.pid LimitNOFILE=16384 Environment=SAMBAOPTIONS= EnvironmentFile=-/etc/default/samba ExecStart=/usr/sbin/samba --foreground --no-process-group $SAMBAOPTIONS ExecReload=/bin/kill -HUP $MAINPID ExecCondition=/usr/share/samba/is-configured samba [Install] WantedBy=multi-user.target # Upstream name: Alias=samba.service --- /etc/systemd/system/smb.service --- [Unit] Description=Samba SMB Daemon Documentation=man:smbd(8) man:samba(7) man:smb.conf(5) Wants=network-online.target After=network.target network-online.target nmb.service winbind.service [Service] Type=notify PIDFile=/run/samba/smbd.pid LimitNOFILE=16384 Environment=SMBDOPTIONS= EnvironmentFile=-/etc/default/samba ExecStartPre=/usr/share/samba/update-apparmor-samba-profile ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS ExecReload=/bin/kill -HUP $MAINPID LimitCORE=infinity ExecCondition=/usr/share/samba/is-configured smb [Install] WantedBy=multi-user.target # Upstream name: Alias=smb.service --- /etc/systemd/system/sshd.service --- [Unit] Description=OpenBSD Secure Shell server Documentation=man:sshd(8) man:sshd_config(5) After=network.target nss-user-lookup.target auditd.service ConditionPathExists=!/etc/ssh/sshd_not_to_be_run [Service] EnvironmentFile=-/etc/default/ssh ExecStartPre=/usr/sbin/sshd -t ExecStart=/usr/sbin/sshd -D $SSHD_OPTS ExecReload=/usr/sbin/sshd -t ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=on-failure RestartPreventExitStatus=255 Type=notify RuntimeDirectory=sshd RuntimeDirectoryMode=0755 [Install] WantedBy=multi-user.target Alias=sshd.service === CRON JOBS === -- User cron -- 0 3 * * * /usr/local/bin/nightly-backup.sh -- Root cron -- 0 3 * * * /usr/local/bin/nightly-backup.sh === NGINX CONFIGS === === NETWORK === 10.0.0.50 100.95.1.86 172.18.0.1 172.19.0.1 172.17.0.1 fd46:e0e2:d825:49a9:2ecf:67ff:feca:9a28 fd7a:115c:a1e0::d801:1a9 default via 10.0.0.1 dev wlan0 proto static metric 600 10.0.0.0/24 dev wlan0 proto kernel scope link src 10.0.0.50 metric 600 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 172.18.0.0/16 dev br-09e914c9b7ba proto kernel scope link src 172.18.0.1 172.19.0.0/16 dev br-9d5285fe1444 proto kernel scope link src 172.19.0.1 ========== END SNAPSHOT ==========