diff --git a/base/hostconfig/adm01.sls b/base/hostconfig/adm01.sls
index db63572..c6655dc 100644
--- a/base/hostconfig/adm01.sls
+++ b/base/hostconfig/adm01.sls
@@ -4,6 +4,7 @@ pki:
   - gcr-mirror.lan
   - dr-mirror.lan
   - docker-registry.lan
+  - ups.wks
 systemd:
   service:
     container-dr-mirror:
diff --git a/base/hostconfig/auto02.sls b/base/hostconfig/auto02.sls
index 528f0e6..f0830bb 100644
--- a/base/hostconfig/auto02.sls
+++ b/base/hostconfig/auto02.sls
@@ -68,6 +68,16 @@ systemd:
         ExecStop: /usr/bin/podman stop mosquitto-mqtt
       Install:
         WantedBy: multi-user.target
+    container-mosquitto-prometheus-exporter:
+      Unit:
+        Description: mosquitto-prometeus-exporter - yes
+        After: network-online.target local-fs.target
+        Before: haproxy.service
+      Service:
+        ExecStart: /usr/bin/podman start -a mosquitto-exporter
+        ExecStop: /usr/bin/podman stop mosquitto-exporter
+      Install:
+        WantedBy: multi-user.target
 haproxy:
   enabled: True
   overwrite: True
diff --git a/base/hostconfig/truhe.sls b/base/hostconfig/truhe.sls
new file mode 100644
index 0000000..c6e4e0f
--- /dev/null
+++ b/base/hostconfig/truhe.sls
@@ -0,0 +1,94 @@
+systemd:
+  service:
+    container-rompr:
+      Unit:
+        Description: Rompr
+        After: network-online.target local-fs.target
+        Before: haproxy.service
+      Service:
+        ExecStart: /usr/bin/podman start -a rompr
+        ExecStop: /usr/bin/podman stop rompr
+      Install:
+        WantedBy: multi-user.target
+        
+haproxy:
+  enabled: True
+  overwrite: True
+  global:
+    stats:
+      enable: True
+      socketpath: /var/lib/haproxy/stats
+      mode: 660
+      level: admin
+      # Optional extra bind parameter, for example to set the owner/group on the socket file
+      extra: user haproxy group haproxy
+    ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
+    ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"
+
+    user: haproxy
+    group: haproxy
+    chroot:
+      enable: True
+      path: /var/lib/haproxy
+    daemon: True
+  defaults:
+    mode: http
+    stats:
+      - enable
+      - uri: '/haproxy-status'
+    options:
+      - httplog
+      - dontlognull
+      - forwardfor
+    timeouts:
+      - connect 5000
+      - client 50000
+      - server 50000
+      - tunnel 80000 #longer timeouts for websockets
+      - http-request 5s
+    errorfiles:
+      400: /etc/haproxy/errors/400.http
+      403: /etc/haproxy/errors/403.http
+      408: /etc/haproxy/errors/408.http
+      500: /etc/haproxy/errors/500.http
+      502: /etc/haproxy/errors/502.http
+      503: /etc/haproxy/errors/503.http
+      504: /etc/haproxy/errors/504.http
+  #resolvers:
+  #  local_dns:
+  #    options:
+  #      - nameserver resolvconf 192.168.10.1:53
+  #      - resolve_retries 3
+  #      - timeout retry 1s
+  #      - hold valid 10s
+  listens:
+    stats:
+      bind:
+        - "127.0.0.1:9110"
+      mode: http
+      stats:
+        enable: True
+        uri: "/haproxy-status"
+        refresh: "20s"
+  frontends:
+    frontend1:
+      name: www-http 
+      bind: 
+       - "*:80"
+       - "*:443 ssl crt /etc/pki/chain ca-file /etc/pki/intca.crt"
+      default_backend: auto
+      acls: 
+        - host_rompr hdr_beg(host) -i truhe.
+      use_backends: 
+        - rompr if host_truhe
+  backends:
+    backend1:
+      name: rompr
+      balance: roundrobin
+      servers:
+        server1:
+          name: rompr
+          host: 127.0.0.1
+          port: 8080
+          check: check
+ 
\ No newline at end of file