diff --git a/base/hostconfig/auto02.sls b/base/hostconfig/auto02.sls new file mode 100644 index 0000000..682d299 --- /dev/null +++ b/base/hostconfig/auto02.sls @@ -0,0 +1,108 @@ +systemd: + service: + homeassistant: + Unit: + Description: Homeassistant + After: base.target + Service: + ExecStart: /usr/bin/podman start -a homeassistant + ExecStop: /usr/bin/podman stop -t 2 homeassistant + Install: + WantedBy: multi-user.target + homeassistant-configurator: + Unit: + Description: Homeassistant-configurator + After: base.target + Service: + ExecStart: /usr/bin/podman start -a homeassistant-configurator + ExecStop: /usr/bin/podman stop -t 2 homeassistant-configurator + Install: + WantedBy: multi-user.target + pihole: + Unit: + Description: pihole + After: base.target + Service: + ExecStart: /usr/bin/podman start -a pihole + ExecStop: /usr/bin/podman stop -t 2 pihole + Install: + WantedBy: multi-user.target + docker-registry: + Unit: + Description: Docker Registry + After: base.target + Service: + ExecStart: /usr/bin/podman start -a docker-registry + ExecStop: /usr/bin/podman stop -t 2 docker-registry + Install: + WantedBy: multi-user.target +haproxy: + enabled: True + overwrite: True + global: + stats: + enable: True + socketpath: /var/lib/haproxy/stats + mode: 660 + level: admin + # Optional extra bind parameter, for example to set the owner/group on the socket file + extra: user haproxy group haproxy + ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384" + ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11" + + user: haproxy + group: haproxy + chroot: + enable: True + path: /var/lib/haproxy + daemon: True + defaults: + stats: + - enable + - uri: '/admin?stats' + - realm: 'Haproxy\ Statistics' + - auth: 'admin1:AdMiN123' + errorfiles: + 400: /etc/haproxy/errors/400.http + 403: /etc/haproxy/errors/403.http + 408: /etc/haproxy/errors/408.http + 500: /etc/haproxy/errors/500.http + 502: /etc/haproxy/errors/502.http + 503: /etc/haproxy/errors/503.http + 504: /etc/haproxy/errors/504.http + resolvers: + local_dns: + options: + - nameserver resolvconf 192.168.10.1:53 + - resolve_retries 3 + - timeout retry 1s + - hold valid 10s + listens: + stats: + bind: + - "0.0.0.0:8998" + mode: http + stats: + enable: True + uri: "/admin?stats" + refresh: "20s" + frontends: + frontend1: + name: auto + bind: "*:80" + default_backend: auto + acls: + - host_auto hdr_beg(host) -i auto. + use_backends: + - auto if host_auto + backends: + backend1: + name: auto + balance: roundrobin + servers: + server1: + name: auto02 + host: 127.0.0.1 + port: 8123 + check: check + \ No newline at end of file diff --git a/base/init.sls b/base/init.sls index a4d13c4..26e59eb 100644 --- a/base/init.sls +++ b/base/init.sls @@ -7,3 +7,5 @@ include: - base.hardware - base.sys.sysctl - base.hostconfig + - saltmine + - prometheus.node_exporter diff --git a/base/sys/sysctl.sls b/base/sys/sysctl.sls index f62da7e..66c3aaf 100644 --- a/base/sys/sysctl.sls +++ b/base/sys/sysctl.sls @@ -7,7 +7,7 @@ sysctl: config: location: '/etc/sysctl.d' params: - vm.swappiness: 60 + vm.swappiness: 10 net.ipv4.ip_forward: 1 net.core.rmem_max: value: 16777216 diff --git a/top.sls b/top.sls index 75aeaa2..345f139 100644 --- a/top.sls +++ b/top.sls @@ -5,8 +5,6 @@ base: '*': - base - - saltmine - - prometheus.node_exporter 'G@osarch:arm64 or G@osarch:armel': - match: compound - base.log.rsyslog.client @@ -15,8 +13,6 @@ base: - base.log.rsyslog.client 'pine*': - k8s - 'kubeadm*': - - k8s - 'auto*': + 'auto01*': - packages.openhab