diff --git a/base/hostconfig/auto02.sls b/base/hostconfig/auto02.sls index dc5a4a6..71d1f00 100644 --- a/base/hostconfig/auto02.sls +++ b/base/hostconfig/auto02.sls @@ -4,6 +4,7 @@ systemd: Unit: Description: Homeassistant After: network-online.target local-fs.target + Before: haproxy.service Requires: io.podman.service Service: ExecStart: /usr/bin/podman start -a homeassistant @@ -14,6 +15,7 @@ systemd: Unit: Description: Homeassistant Configurator After: network-online.target local-fs.target + Before: haproxy.service Requires: io.podman.service Service: ExecStart: /usr/bin/podman start -a homeassistant-configurator @@ -24,6 +26,7 @@ systemd: Unit: Description: pihole After: network-online.target local-fs.target + Before: haproxy.service Requires: io.podman.service Service: ExecStart: /usr/bin/podman start -a pihole @@ -34,6 +37,7 @@ systemd: Unit: Description: Docker Registry After: network-online.target local-fs.target + Before: haproxy.service Requires: io.podman.service Service: ExecStart: /usr/bin/podman start -a docker-registry @@ -44,107 +48,145 @@ systemd: Unit: Description: zwave2mqtt - yes After: network-online.target local-fs.target + Before: haproxy.service Requires: io.podman.service Service: ExecStart: /usr/bin/podman start -a zwave2mqtt ExecStop: /usr/bin/podman stop zwave2mqtt Install: WantedBy: multi-user.target -nginx: - install_from_repo: False - server: - config: - events: - worker_connections: 100 - servers: - managed: - default: - enabled: false - status: - enabled: true - config: - - server: - - server_name: _ - - listen: - - 127.0.0.1:80 - - location /stub_status: - - stub_status: '' - proxy_auto: - enabled: true - config: - - server: - - server_name: auto2 auto2.chaos - - listen: - - 80 default_server - - location /: - - proxy_pass: http://127.0.0.1:8123 - - proxy_set_header: "Host $host" - - proxy_http_version: "1.1" - - proxy_set_header: "X-Real-IP $remote_addr" - - proxy_set_header: "X-Forwarded-For $proxy_add_x_forwarded_for" - - proxy_set_header: "Ugrade $http_upgrade" - - proxy_set_header: "Connection \"Upgrade\"" - - location /api/websocket: - - proxy_pass: http://127.0.0.1:8123/api/websocket - - proxy_set_header: "Host $host" - - proxy_http_version: "1.1" - - proxy_set_header: "X-Real-IP $remote_addr" - - proxy_set_header: "X-Forwarded-For $proxy_add_x_forwarded_for" - - proxy_set_header: "Ugrade $http_upgrade" - - proxy_set_header: "Connection \"Upgrade\"" - proxy_auto-conf: - enabled: true - config: - - server: - - server_name: auto-conf auto-conf.chaos - - listen: - - '80' - - location /: - - proxy_redirect: "off" - - proxy_pass: http://127.0.0.1:3218 - proxy_pihole: - enabled: true - config: - - server: - - server_name: pihole pihole.chaos - - listen: - - '80' - - location /admin: - - proxy_redirect: "off" - - proxy_pass: http://127.0.0.1:8080/admin - - add_header: 'Access-Control-Allow-Origin: "*"' - - proxy_set_header: 'Access-Control-Allow-Origin: "*"' - proxy_docker-reg: - enabled: true - config: - - server: - - server_name: docker-registry docker-registry.chaos docker-registry.lan - - listen: - - '80' - - location /: - - proxy_redirect: "off" - - proxy_pass: http://127.0.0.1:5000 - - client_max_body_size: '10G' - - proxy_set_header: 'Host $host' - - proxy_set_header: 'X-Forwarded-For $remote_addr' - - proxy_set_header: 'Proxy-Connection ""' - - proxy_set_header: 'Access-Control-Allow-Origin "*"' - - proxy_set_header: 'Access-Control-Allow-Methods "HEAD, GET, OPTIONS, DELETE"' - - proxy_set_header: 'Access-Control-Allow-Headers "Authorization, Accept"' - - proxy_set_header: 'Access-Control-Allow-Credentials true' - - proxy_set_header: 'Access-Control-Expose-Headers "Docker-Content-Digest"' - - add_header: 'Access-Control-Allow-Origin "*"' - - add_header: 'Access-Control-Allow-Methods "HEAD, GET, OPTIONS, DELETE"' - - add_header: 'Access-Control-Allow-Headers "Authorization, Accept"' - - add_header: 'Access-Control-Allow-Credentials true' - - add_header: 'Access-Control-Expose-Headers "Docker-Content-Digest"' - proxy_zwave2mqtt: - enabled: true - config: - - server: - - server_name: zwave2mqtt zwave2mqtt.chaos - - listen: - - '80' - - location /: - - proxy_redirect: "off" - - proxy_pass: http://127.0.0.1:8091 +haproxy: + enabled: True + overwrite: True + global: + stats: + enable: True + socketpath: /var/lib/haproxy/stats + mode: 660 + level: admin + # Optional extra bind parameter, for example to set the owner/group on the socket file + extra: user haproxy group haproxy + ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384" + ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11" + + user: haproxy + group: haproxy + chroot: + enable: True + path: /var/lib/haproxy + daemon: True + defaults: + mode: http + stats: + - enable + - uri: '/admin?stats' + - realm: 'Haproxy\ Statistics' + - auth: 'admin1:AdMiN123' + options: + - httplog + - dontlognull + - forwardfor + timeouts: + - connect 5000 + - client 50000 + - server 50000 + - tunnel 60000 #longer timeouts for websockets + - http-request 5s + errorfiles: + 400: /etc/haproxy/errors/400.http + 403: /etc/haproxy/errors/403.http + 408: /etc/haproxy/errors/408.http + 500: /etc/haproxy/errors/500.http + 502: /etc/haproxy/errors/502.http + 503: /etc/haproxy/errors/503.http + 504: /etc/haproxy/errors/504.http + #resolvers: + # local_dns: + # options: + # - nameserver resolvconf 192.168.10.1:53 + # - resolve_retries 3 + # - timeout retry 1s + # - hold valid 10s + listens: + stats: + bind: + - "127.0.0.1:8998" + mode: http + stats: + enable: True + uri: "/admin?stats" + refresh: "20s" + frontends: + frontend1: + name: www-http + bind: "*:80" + default_backend: auto + acls: + - host_auto hdr_beg(host) -i auto. + - host_auto-conf hdr_beg(host) -i auto-conf. + - host_z2m hdr_beg(host) -i zwave2mqtt. + - host_pihole hdr_beg(host) -i pihole. + - host_docker-registry hdr_beg(host) -i docker-registry. + use_backends: + - auto if host_auto + - auto-conf if host_auto-conf + - z2m if host_z2m + - pihole if host_pihole + - docker-registry if host_docker-registry + backends: + backend1: + name: auto + balance: roundrobin + servers: + server1: + name: auto02 + host: 127.0.0.1 + port: 8123 + check: check + backend2: + name: auto-conf + balance: roundrobin + servers: + server1: + name: auto02 + host: 127.0.0.1 + port: 3218 + check: check + backend3: + name: z2m + balance: roundrobin + servers: + server1: + name: auto02 + host: 127.0.0.1 + port: 8091 + check: check + backend4: + name: pihole + balance: roundrobin + servers: + server1: + name: auto02 + host: 127.0.0.1 + port: 8080 + check: check + backend5: + name: docker-registry + balance: roundrobin + servers: + server1: + name: auto02 + host: 127.0.0.1 + port: 5000 + check: check + options: + - http-server-close + extra: + #- http-request add-header Access-Control-Allow-Origin "http://docker-registry.lan" + - http-response add-header Access-Control-Allow-Origin "*" + - http-response add-header Access-Control-Allow-Methods "HEAD, GET, OPTIONS, DELETE" + - http-response add-header Access-Control-Allow-Headers "Authorization, Accept" + - http-response add-header Access-Control-Allow-Credentials true + - http-response add-header Access-Control-Expose-Headers "Docker-Content-Digest" + + \ No newline at end of file diff --git a/base/init.sls b/base/init.sls index 26e59eb..a59719a 100644 --- a/base/init.sls +++ b/base/init.sls @@ -5,7 +5,7 @@ include: - base.services - base.hardware - - base.sys.sysctl + - base.sys - base.hostconfig - saltmine - prometheus.node_exporter