diff --git a/base/init.sls b/base/init.sls
index 27138f0..eb1ac11 100644
--- a/base/init.sls
+++ b/base/init.sls
@@ -5,9 +5,7 @@
 include:
   - .packages
   - .pki
-  #- .gluster.client
   - sysctl
-  - rsyslog
   - sudoers
   - systemd
   - .timezone
diff --git a/base/packages/common.sls b/base/packages/common.sls
index 7f37f9a..f1d3162 100644
--- a/base/packages/common.sls
+++ b/base/packages/common.sls
@@ -26,15 +26,14 @@ common-installed:
      - bzip2
      - gzip
      - unzip
-     - libwww-perl
      - bind9-host
      - dnsutils
      - tcpdump
      - file
-     - python-pip
-     - python-dev
-     - python-pyinotify
-     - python-m2crypto
+     - python3-pip
+     - python3-dev
+     - python3-pyinotify
+     - python3-m2crypto
      - python3-m2crypto
      - lockfile-progs
      - virt-what
diff --git a/base/pki/host.sls b/base/pki/host.sls
index f464441..41ed2c7 100644
--- a/base/pki/host.sls
+++ b/base/pki/host.sls
@@ -14,6 +14,7 @@
     - ca_server: tumor.chaos 
     - signing_policy: host
     - public_key: /etc/pki/private.key
+    - CN: {{ grains['fqdn'] }}
     - subjectAltName: 'DNS:{{ grains['fqdn'] }}'
     - days_remaining: 5
     - backup: True
@@ -29,6 +30,7 @@
     - public_key: /etc/pki/private.key
     - days_remaining: 5
     - backup: False
+    - CN: {{ grains['fqdn'] }}
     - subjectAltName: 'DNS:{{ cn }}'
     - require:
       - x509: /etc/pki/private.key
diff --git a/base/rsyslog/client.sls b/base/rsyslog/client.sls
new file mode 100644
index 0000000..d350c21
--- /dev/null
+++ b/base/rsyslog/client.sls
@@ -0,0 +1,4 @@
+include:
+  - rsyslog
+  - .service
+  
\ No newline at end of file
diff --git a/base/rsyslog/files/logrotate-server.conf b/base/rsyslog/files/logrotate-server.conf
new file mode 100644
index 0000000..9f2a938
--- /dev/null
+++ b/base/rsyslog/files/logrotate-server.conf
@@ -0,0 +1,39 @@
+/data/logs/*/syslog
+{
+        rotate 10 
+        daily
+        minsize 50M
+        missingok
+        notifempty
+        delaycompress
+        compress
+        postrotate
+                invoke-rc.d rsyslog rotate > /dev/null
+        endscript
+}
+
+/data/logs/*/mail.info
+/data/logs/*/mail.warn
+/data/logs/*/mail.err
+/data/logs/*/mail.log
+/data/logs/*/daemon.log
+/data/logs/*/kern.log
+/data/logs/*/auth.log
+/data/logs/*/user.log
+/data/logs/*/lpr.log
+/data/logs/*/cron.log
+/data/logs/*/debug
+/data/logs/*/messages
+{
+        rotate 5 
+        daily   
+        minsize 100M
+        missingok
+        notifempty
+        compress
+        delaycompress
+        sharedscripts
+        postrotate
+                invoke-rc.d rsyslog rotate > /dev/null
+        endscript
+}
diff --git a/base/rsyslog/files/server.conf b/base/rsyslog/files/server.conf
new file mode 100644
index 0000000..b1d7f20
--- /dev/null
+++ b/base/rsyslog/files/server.conf
@@ -0,0 +1,82 @@
+#
+# SALT managed.
+#
+
+# Load UDP module
+$ModLoad imudp
+
+# Load TCP module
+$ModLoad imtcp
+
+# Load RELP module
+$ModLoad imrelp
+
+
+#
+# Use traditional timestamp format.
+#
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+
+# Switch to remote ruleset
+$RuleSet remote
+
+
+# Log files are stored in directories matching the short hostname, excluding numbers
+# i.e. web01 web02 and web03 will all log to a the web directory
+
+# Templates
+$Template dynAuditLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/audit.log"
+$Template dynAuthLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/auth.log"
+$Template dynSyslog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/syslog"
+$Template dynCronLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/cron.log"
+$Template dynDaemonLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/daemon.log"
+$Template dynKernLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/kern.log"
+$Template dynUserLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/user.log"
+$Template dynMailLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/mail.log"
+$Template dynDebug,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/debug"
+$Template dynMessages,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/messages"
+$Template dynLocal0daemon,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/daemon.local0.log"
+
+# Rules
+auth,authpriv.*         ?dynAuthLog
+*.*;auth.none,authpriv.none,mail.none,cron.none,kern.none,user.none,daemon.none     -?dynSyslog
+cron.*              ?dynCronLog
+kern.*              -?dynKernLog
+mail.*              -?dynMailLog
+user.*              -?dynUserLog
+#*.=info;*.=notice;*.=warn;\
+#
+#    auth.none,authpriv.none;\
+#    cron.none,daemon.none;\
+#    mail.none,news.none     -?dynMessages
+#hier gibts drachen / here are dragons
+#if $syslogfacility-text == 'local0' then /var/log/somelog
+
+daemon.*            -?dynDaemonLog
+
+# drachen sind put / dragons borked
+#
+# Special format to keep audit logs as sent.
+$Template auditFormat,"%msg%\n"
+
+# Catch messages from audispd and send to audit log.
+:programname,   isequal,        "audispd"       -?dynAuditLog;auditFormat
+:programname,   isequal,        "audispd"       stop
+
+
+
+# Switch back to default ruleset
+$RuleSet RSYSLOG_DefaultRuleset
+
+$InputUDPServerBindRuleset remote
+$UDPServerRun 514
+$UDPServerAddress *
+
+$InputTCPServerBindRuleset remote
+$InputTCPServerRun 514
+
+$InputRELPServerBindRuleset remote
+$InputRELPServerRun 20514
+
+
diff --git a/base/rsyslog/server.sls b/base/rsyslog/server.sls
new file mode 100644
index 0000000..6e878f6
--- /dev/null
+++ b/base/rsyslog/server.sls
@@ -0,0 +1,22 @@
+include:
+  - rsyslog
+  - .service
+
+rsyslog-server.conf:
+  file.managed:
+    - name: /etc/rsyslog.d/01-server.conf
+    - source: salt://base/rsyslog/files/server.conf
+    - user: root
+    - group: root
+    - onchange:
+      - service: rsyslog
+
+lograte-rsyslog-logs:
+  file.managed:
+    - name: /etc/logrotate.d/rsyslog-HOSTS-logs
+    - source: salt://base/rsyslog/files/logrotate-server.conf
+    - user: root
+    - group: root
+    
+ 
+  
\ No newline at end of file
diff --git a/base/rsyslog/service.sls b/base/rsyslog/service.sls
new file mode 100644
index 0000000..952e70d
--- /dev/null
+++ b/base/rsyslog/service.sls
@@ -0,0 +1,5 @@
+
+rsyslog:
+  service.running:
+    - enable: True
+    - reload: False
diff --git a/k8s/podman.sls b/k8s/podman.sls
index 48f0f53..2202708 100644
--- a/k8s/podman.sls
+++ b/k8s/podman.sls
@@ -9,6 +9,7 @@ podman_pkgs:
     - pkgs:
       - podman
       - runc
+      - containers-storage
     - require:
       - pkgrepo: repo_debian-bullseye
 
diff --git a/top.sls b/top.sls
index 23532af..b365594 100644
--- a/top.sls
+++ b/top.sls
@@ -6,9 +6,16 @@ base:
   '*':
     - base
     - hardware
-    - ignore_missing: True
   'tumor*':
     - base.pki.ca
+  'adm01.wks':
+    - base.rsyslog.server
+    - base.packages.haproxy
+    - k8s.podman
+    - systemd.units 
+  'not G@fqdn:adm01.wks':
+    - match: compound
+    - base.rsyslog.client 
   'G@osarch:arm64 or G@osarch:armhf or G@osarch:armel':
     - match: compound
     - base.packages.arch.arm