Remove deprecated files related to homelab architecture, container context, and various scripts. This cleanup includes the removal of configuration files for Nextcloud, Gitea, and VPN setups, as well as documentation files that are no longer relevant. This helps streamline the project and eliminate outdated references.

scripts/npm-add-proxy.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+# Add docs.katykhin.ru → 192.168.1.104:8000 via NPM API
+# Usage: NPM_EMAIL=admin@example.com NPM_PASSWORD=xxx ./npm-add-proxy.sh
+
+set -e
+NPM_URL="${NPM_URL:-http://192.168.1.100:81}"
+API="$NPM_URL/api"
+
+if [ -z "$NPM_EMAIL" ] || [ -z "$NPM_PASSWORD" ]; then
+  echo "Set NPM_EMAIL and NPM_PASSWORD"
+  exit 1
+fi
+
+echo "Getting token..."
+TOKEN=$(curl -s -X POST "$API/tokens" \
+  -H "Content-Type: application/json" \
+  -d "{\"identity\":\"$NPM_EMAIL\",\"secret\":\"$NPM_PASSWORD\"}" \
+  | jq -r '.token // empty')
+
+if [ -z "$TOKEN" ]; then
+  echo "Failed to get token"
+  exit 1
+fi
+
+echo "Finding certificate for docs.katykhin.ru..."
+CERT_ID=$(curl -s -H "Authorization: Bearer $TOKEN" "$API/nginx/certificates" \
+  | jq -r '.[] | select(.domain_names[]? == "docs.katykhin.ru") | .id' | head -1)
+
+PAYLOAD=$(jq -n \
+  --arg cert "$CERT_ID" \
+  '{
+    domain_names: ["docs.katykhin.ru"],
+    forward_host: "192.168.1.104",
+    forward_port: "8000",
+    forward_scheme: "http",
+    enabled: true,
+    allow_websocket_upgrade: true,
+    http2_support: true,
+    block_exploits: true,
+    certificate_id: (if $cert != "" and $cert != "null" then ($cert | tonumber) else null end),
+    ssl_forced: ($cert != "" and $cert != "null")
+  }')
+
+echo "Creating proxy host..."
+RESP=$(curl -s -w "\n%{http_code}" -X POST "$API/nginx/proxy-hosts" \
+  -H "Authorization: Bearer $TOKEN" \
+  -H "Content-Type: application/json" \
+  -d "$PAYLOAD")
+HTTP_CODE=$(echo "$RESP" | tail -1)
+BODY=$(echo "$RESP" | sed '$d')
+
+if [ "$HTTP_CODE" = "201" ]; then
+  echo "Proxy host created: docs.katykhin.ru -> 192.168.1.104:8000"
+  echo "$BODY" | jq .
+else
+  echo "Failed (HTTP $HTTP_CODE):"
+  echo "$BODY" | jq . 2>/dev/null || echo "$BODY"
+  exit 1
+fi

scripts/npm-cert-cloud.sh

@@ -0,0 +1,98 @@
+#!/bin/bash
+# Выпуск сертификата cloud.katykhin.ru через certbot DNS-01 Beget и подключение к NPM
+# Usage: BEGET_USER=логин BEGET_PASS=пароль ./npm-cert-cloud.sh
+
+set -e
+DOMAIN="cloud.katykhin.ru"
+EMAIL="j3tears100@gmail.com"
+# Запуск: ssh root@PROXMOX "pct exec 100 -- bash -s" < npm-cert-cloud.sh
+# Или: BEGET_USER=xxx BEGET_PASS=xxx pct exec 100 -- bash -c 'eval "$(cat)"' < npm-cert-cloud.sh
+NPM_URL="${NPM_URL:-http://127.0.0.1:81}"
+API="$NPM_URL/api"
+NPM_EMAIL="j3tears100@gmail.com"
+NPM_PASSWORD="kqEUubVq02DJTS8"
+
+if [ -z "$BEGET_USER" ] || [ -z "$BEGET_PASS" ]; then
+  echo "Укажите BEGET_USER и BEGET_PASS (логин и пароль Beget API)"
+  exit 1
+fi
+
+echo "1. Создание credentials для certbot..."
+CRED_DIR="/root/.secrets/certbot"
+mkdir -p "$CRED_DIR"
+cat > "$CRED_DIR/beget.ini" << EOF
+dns_beget_api_username = $BEGET_USER
+dns_beget_api_password = $BEGET_PASS
+EOF
+chmod 600 "$CRED_DIR/beget.ini"
+
+echo "2. Запрос сертификата Let's Encrypt (DNS-01)..."
+certbot certonly \
+  --authenticator dns-beget-api \
+  --dns-beget-api-credentials "$CRED_DIR/beget.ini" \
+  --dns-beget-api-propagation-seconds 120 \
+  -d "$DOMAIN" \
+  --non-interactive \
+  --agree-tos \
+  --email "$EMAIL"
+
+CERT_DIR="/etc/letsencrypt/live/$DOMAIN"
+CERT=$(cat "$CERT_DIR/fullchain.pem")
+KEY=$(cat "$CERT_DIR/privkey.pem")
+
+echo "3. Добавление сертификата в NPM..."
+TOKEN=$(curl -s -X POST "$API/tokens" \
+  -H "Content-Type: application/json" \
+  -d "{\"identity\":\"$NPM_EMAIL\",\"secret\":\"$NPM_PASSWORD\"}" \
+  | jq -r '.token // empty')
+
+if [ -z "$TOKEN" ]; then
+  echo "Ошибка: не удалось получить токен NPM"
+  exit 1
+fi
+
+# Экранируем для JSON
+CERT_ESC=$(echo "$CERT" | jq -Rs .)
+KEY_ESC=$(echo "$KEY" | jq -Rs .)
+
+RESP=$(curl -s -w "\n%{http_code}" -X POST "$API/nginx/certificates" \
+  -H "Authorization: Bearer $TOKEN" \
+  -H "Content-Type: application/json" \
+  -d "{\"provider\":\"other\",\"domain_names\":[\"$DOMAIN\"],\"nice_name\":\"$DOMAIN\",\"meta\":{\"certificate\":$CERT_ESC,\"certificate_key\":$KEY_ESC}}")
+
+HTTP_CODE=$(echo "$RESP" | tail -1)
+BODY=$(echo "$RESP" | sed '$d')
+
+if [ "$HTTP_CODE" != "201" ]; then
+  echo "Ошибка добавления сертификата (HTTP $HTTP_CODE):"
+  echo "$BODY" | jq . 2>/dev/null || echo "$BODY"
+  exit 1
+fi
+
+CERT_ID=$(echo "$BODY" | jq -r '.id')
+echo "Сертификат добавлен, ID: $CERT_ID"
+
+echo "4. Подключение сертификата к proxy host cloud.katykhin.ru..."
+PROXY_ID=$(curl -s -H "Authorization: Bearer $TOKEN" "$API/nginx/proxy-hosts" \
+  | jq -r '.[] | select(.domain_names[]? == "cloud.katykhin.ru") | .id')
+
+if [ -z "$PROXY_ID" ]; then
+  echo "Proxy host для $DOMAIN не найден"
+  exit 1
+fi
+
+PROXY=$(curl -s -H "Authorization: Bearer $TOKEN" "$API/nginx/proxy-hosts/$PROXY_ID")
+UPD=$(echo "$PROXY" | jq --argjson cid "$CERT_ID" '
+  .certificate_id = $cid |
+  .ssl_forced = true |
+  del(.owner, .certificate, .access_list)
+')
+# domain_names должен быть массив
+UPD=$(echo "$UPD" | jq '.domain_names = ["cloud.katykhin.ru"]')
+
+curl -s -X PUT "$API/nginx/proxy-hosts/$PROXY_ID" \
+  -H "Authorization: Bearer $TOKEN" \
+  -H "Content-Type: application/json" \
+  -d "$UPD" | jq .
+
+echo "Готово. Сертификат подключён к https://$DOMAIN"