2025.04.30-20:50

nixos_24.11_wlin001/home/ansible.nix

@@ -0,0 +1,120 @@
+{ config, pkgs, ... }:
+
+{
+
+  home.file = {
+  "/home/zulumann/Ansible/ansible.cfg" = {
+    executable = true;
+    text = ''
+      [defaults]
+      inventory = /home/zulumann/Ansible/hosts
+
+      # The directory containing the playbooks
+      playbook_dir = /home/zulumann/Ansible/playbooks
+
+      # Timeout for the connection
+      timeout = 30
+
+      host_key_checking=False
+    '';
+    };
+  };
+
+  home.file = {
+  "/home/zulumann/Ansible/hosts" = {
+    executable = true;
+    text = ''
+      # Consolidation of all groups
+      [hosts:children]
+      pve01
+      internet
+
+      [pve01]
+      jdownloader         ansible_host=192.168.10.51
+      fileserver01        ansible_host=192.168.10.52
+      checkmk             ansible_host=192.168.10.53
+      pbs01               ansible_host=192.168.10.54
+      docker-lan          ansible_host=192.168.10.55
+      mail                ansible_host=192.168.10.120
+      vserver01           ansible_host=192.168.10.180
+      seedbox             ansible_host=192.168.20.10
+      aptcache            ansible_host=192.168.50.10
+      rustdesk            ansible_host=192.168.50.12
+      radicale            ansible_host=192.168.50.13
+      mumble              ansible_host=192.168.50.14
+      meet                ansible_host=192.168.50.15
+      freshrss            ansible_host=192.168.50.17
+      owncloud            ansible_host=192.168.50.18
+      webserver01         ansible_host=192.168.50.19
+      webserver02         ansible_host=192.168.50.20
+      gitea               ansible_host=192.168.50.21
+      bookshelf           ansible_host=192.168.50.22
+      #crowdsec            ansible_host=192.168.50.23
+      syncthing           ansible_host=192.168.50.24
+      sftpgo              ansible_host=192.168.50.25
+      jellyfin            ansible_host=192.168.60.20
+      adgurd              ansible_host=192.168.178.10
+
+      [internet]
+      strato           ansible_host=85.215.43.109
+
+      [pve01:vars]
+      ansible_user=root
+      ansible_port=22
+      ansible_python_interpreter=/usr/bin/python3
+      #ansible_ssh_private_key_file = ~/.ssh/id_rsa
+
+      [internet:vars]
+      ansible_user=root
+      ansible_port=63007
+      ansible_python_interpreter=/usr/bin/python3
+      #ansible_ssh_pass=password
+    '';
+    };
+  };
+
+
+  home.file = {
+  "/home/zulumann/Ansible/playbooks/apt-dist.yml" = {
+    executable = true;
+    text = ''
+      - name: apt dist-upgrade Debian based servers
+        hosts:
+        - pve01
+        - strato
+        tasks:
+          - name: Update package lists
+            apt:
+             update_cache: yes
+
+          - name: Only run "update_cache=yes" if the last one is more than 3600 seconds ago
+            apt:
+             update_cache: yes
+             cache_valid_time: 3600
+
+          - name: Upgrade all Packages
+            apt:
+             upgrade: dist
+
+          - name: Pass options to dpkg on run
+            apt:
+             upgrade: dist
+             update_cache: yes
+             dpkg_options: 'force-confold,force-confdef'
+
+          - name: Autoremove unused packages
+            become: yes
+            command: apt -y autoremove
+
+          - name: Removes all packages from the package cache
+            become: yes
+            command: apt -y clean
+      '';
+    };
+  };
+
+  home.shellAliases = { 
+    lxc-update = "ansible-playbook ~/Ansible/playbooks/apt-dist.yml -i ~/Ansible/hosts";
+  };
+
+}

nixos_24.11_wlin001/home/config-profile.nix

@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+
+{
+
+  home.file = {
+    ".profile" = {
+      text = ''
+        export GTK_THEME=Arc-Dark 
+     '';
+    };
+  };
+} 

nixos_24.11_wlin001/home/config-rsync.nix

@@ -0,0 +1,80 @@
+{ config, pkgs, ... }:
+
+{
+
+  home.file = {
+    ".rsync-backup.sh" = {
+      executable = true;
+      text = ''
+      #!/bin/sh
+      #
+      ################################################################################
+      #
+      # Push Home Zulumann to Fileserver01/Backup/$HOSTNAME/
+      # 
+      ################################################################################
+      #    -a (Kurzversion für --archive): gleiche Bedeutung wie -rlptgoD
+      #    -r (Kurzversion für --recursive): Unterverzeichnisse kopieren
+      #    -l (Kurzversion für --links): symbolische Links kopierenrsync 
+      #    -p (Kurzversion für --perms): Rechte der Quelldatei beibehalten
+      #    -t (Kurzversion für --times): Zeiten der Quelldatei beibehalten
+      #    -g (Kurzversion für --group): Gruppenrechte der Quelldatei beibehalten
+      #    -o (Kurzversion für --owner): Besitzrechte der Quelldatei beibehalten (nur als root User möglich)
+      #    -D (Kurzversion für --devices --specials): Gerätedateien der Quelldatei beibehalten (nur als root User möglich) 
+      #    -v (Kurzversion für --verbose): zeigt während der Ausführung an welche Dateien synchronisiert werden
+      #    -z
+      #    --delete: entfernt Dateien im Zielverzeichnis die mittelerweile im Quellverzeichnis nicht mehr vorhanden sind 
+      #    rsync --dry-run
+      ################################################################################
+      #   rsync -rdt rsync://192.168.10.52/
+      #
+      rsync -a -v --exclude-from=/home/$USER/.rsync-exlude --delete --progress --partial /home/$USER/ rsync://192.168.10.52:873/Backup/$HOSTNAME/ -b --backup-dir=01rsync-trash/ 2>&1 | tee /home/$USER/.rsync-backup.log
+      '';
+    };
+  };
+
+
+  home.file = {
+    ".rsync-exlude" = {
+      text = ''
+        - Downloads
+        - Games
+        - Share-Cloud
+        - Share-Priv
+        - Share-SMB
+        - Share-VM
+        - Sync
+        - VM-Image
+        - Code Cache
+        - cache*
+        - Cache*
+        - Cache_*
+        - *_cache
+        - *Cache
+        - DawnGraphiteCache
+        - log*
+        - logs
+        - tmp
+        - Trash
+        + .config
+        - .config/syncthing
+        - .config/unity3d
+        - .config/ownCloud
+        + .local
+        - .local/state
+        - .local/share/containers
+        - .local/share/flatpak
+        - .local/share/keyrings
+        - .local/share/nomic.ai
+        - .local/share/Steam
+        + .jd2
+        + .conkyrc
+        - .*
+        - *.LOG
+        - LOG
+        - *.old
+      '';
+    };
+  };
+
+} 

nixos_24.11_wlin001/home/config-ssh.nix

@@ -0,0 +1,180 @@
+{ config, pkgs, ... }:
+
+{
+
+  programs.ssh = {
+    enable = true;
+      matchBlocks = {
+
+        ### Network Hosts ###
+        htpc01 = {
+          hostname = "htpc01.local";
+          user = "kodi";
+          port = 22;
+          # identityFile = "~/.ssh/id_rsa.pub";          
+        };
+
+        nas = {
+          hostname = "192.168.20.90";
+          user = "root";
+          port = 22;
+        };
+
+        pve01 = {
+          hostname = "192.168.10.50";
+          user = "root";
+          port = 22;
+        };
+
+        ### Proxmox PVE01 LAN ###
+        pfsense = {
+          hostname = "192.168.10.1";
+          user = "admin";
+          port = 22;
+        };
+
+        opnsense = {
+          hostname = "192.168.10.1";
+          user = "root";
+          port = 22;
+        };
+
+        fileserver01 = {
+          hostname = "192.168.10.52";
+          user = "root";
+          port = 22;
+        };
+
+         checkmk = {
+          hostname = "192.168.50.53";
+          user = "root";
+          port = 22;    
+        };
+
+        pbs01 = {
+          hostname = "192.168.10.54";
+          user = "root";
+          port = 22;
+        };        
+
+        docker-lan = {
+          hostname = "192.168.10.55";
+          user = "root";
+          port = 22;  
+        };
+
+        jdownloader = {
+          hostname = "192.168.10.57";
+          user = "root";
+          port = 22;
+        };
+ 
+        vserver01 = {
+          hostname = "192.168.10.180";
+          user = "root";
+          port = 22;
+        };
+
+        adgurd = {
+          hostname = "192.168.178.10";
+          user = "root";
+          port = 22;
+        };        
+
+        ### Proxmox PVE01 DMZ ###
+        aptcache = {
+          hostname = "192.168.50.10";
+          user = "root";
+          port = 22;
+        };
+
+        docker-dmz = {
+          hostname = "192.168.50.11";
+          user = "root";
+          port = 22;
+        };
+
+        rustdesk = {
+          hostname = "192.168.50.12";
+          user = "root";
+          port = 22;
+        };        
+
+        radicale = {
+          hostname = "192.168.50.13";
+          user = "root";
+          port = 22;
+        };
+
+        mumble = {
+          hostname = "192.168.50.14";
+          user = "root";
+          port = 22;
+        };        
+
+        meet = {
+          hostname = "192.168.50.15";
+          user = "root";
+          port = 22;
+        };
+
+        mail = {
+          hostname = "192.168.50.16";
+          user = "root";
+          port = 22;
+        };
+
+        freshrss = {
+          hostname = "192.168.50.17";
+          user = "root";
+          port = 22;  
+        };
+
+        owncloud = {
+          hostname = "192.168.50.18";
+          user = "root";
+          port = 22;
+        };        
+
+        websrv01 = {
+          hostname = "192.168.50.19";
+          user = "root";
+          port = 22;
+        };
+
+        websrv02 = {
+          hostname = "192.168.50.20";
+          user = "root";
+          port = 22;
+        };
+
+        gitea = {
+          hostname = "192.168.50.21";
+          user = "root";
+          port = 22; 
+        };
+
+        ### Proxmox PVE01 IOT ###
+        jellyfin = {
+          hostname = "192.168.60.20";
+          user = "root";
+          port = 22;
+        };
+
+        ### Proxmox PVE01 VPN ###
+        seedbox = {
+          hostname = "192.168.20.10";
+          user = "root";
+          port = 22;
+        };
+
+        ### Internet Hosts ###
+        strato = {
+          hostname = "85.215.43.109";
+          user = "root";
+          port = 63007;
+        };
+      };
+    };
+  
+}

nixos_24.11_wlin001/home/default.nix

@@ -0,0 +1,16 @@
+{ pkgs, config, ... }:
+
+{
+  imports = [
+    # Enable &/ Configure Programs
+    ./ansible.nix
+    ./config-profile.nix
+    ./config-rsync.nix
+    ./config-ssh.nix
+    ./psd.nix
+
+    # Place Home Files Like Pictures
+    #./files.nix
+  ];
+
+}

nixos_24.11_wlin001/home/profile

@@ -0,0 +1 @@
+export GTK_THEME=Arc-Dark

nixos_24.11_wlin001/home/psd.nix

@@ -0,0 +1,56 @@
+{ config, pkgs, ... }:
+
+{
+  services.psd = {
+    enable = true;
+    resyncTimer = "30min";
+  };
+
+  home.file = {
+  ".config/psd/psd.conf" = {
+    text = ''
+    # $XDG_CONFIG_HOME/psd/psd.conf
+    #
+    # For documentation, refer man 1 psd or to the wiki page
+    # https://wiki.archlinux.org/index.php/Profile-sync-daemon
+
+    ## NOTE the following:
+    ## To protect data from corruption, in the event that you do make an edit while
+    ## psd is active, any changes made will be applied the next time you start psd.
+
+    # Uncomment and set to "yes" to use overlayfs instead of a full copy to reduce
+    # the memory costs and to improve sync/unsync operations. Note that your kernel
+    # MUST have this module available in order to use this mode.
+    USE_OVERLAYFS="yes"
+
+    # Uncomment and set to "yes" to resync on suspend to reduce potential data loss.
+    # Note that your system MUST have gdbus from glib2 installed to use this mode.
+    USE_SUSPSYNC="yes"
+
+    # List any browsers in the array below to have managed by psd. Useful if you do
+    # not wish to have all possible browser profiles managed which is the default if
+    # this array is left commented.
+    # Possible values:
+    #  chromium
+    #  firefox
+    #  firefox-trunk
+    #  vivaldi
+    #  vivaldi-snapshot
+    BROWSERS=(firefox)
+    # Uncomment and set to "no" to completely disable the crash recovery feature.
+    #
+    # The default is to create crash recovery backups if the system is ungracefully
+    # powered-down due to a kernel panic, hitting the reset switch, battery going
+    # dead, etc. Some users keep very diligent backups and don't care to have this
+    # feature enabled.
+    USE_BACKUPS="yes"
+
+    # Uncomment and set to an integer that is the maximum number of crash recovery
+    # snapshots to keep (the oldest ones are deleted first).
+    # The default is to save the most recent 5 crash recovery snapshots.
+    BACKUP_LIMIT=5
+    '';
+    };
+  };
+
+}