removed k8s stuff

.gitignore

@@ -1,3 +1,5 @@
+**/.ptp-sync
+**/.ptp-sync-folder
 .project
 .pydevproject
 .settings

base/hardware/init.sls

@@ -1,4 +1,3 @@
-
-include:
-  - base.hardware.{{ grains.get('hardware') | lower }}
-
+{% include 'base/hardware/' + salt['grains.get']('hardware') | lower + '.sls' ignore missing %} 
+#include:
+#  - base.hardware.{{ grains.get('hardware') | lower }}

base/hardware/unknown.sls

@@ -0,0 +1 @@
+#just a placeholder

base/hostconfig/adm01.sls

@@ -0,0 +1,183 @@
+pki:
+  cns:
+  - cr.wks
+  - gcr-mirror.wks
+  - dr-mirror.wks
+  - docker-registry.wks
+  #- ups.wks
+systemd:
+  service:
+    container-dr-mirror:
+      Unit:
+        Description: docker.io mirror
+        After: network-online.target local-fs.target podman.socket
+        Before: haproxy.service
+      Service:
+        ExecStart: /usr/bin/podman start container-docker-mirror
+        ExecStop: /usr/bin/podman stop container-docker-mirror
+      Install:
+        WantedBy: multi-user.target
+    container-container-registry:
+      Unit:
+        Description: Container Registry
+        After: network-online.target local-fs.target podman.socket
+        Before: haproxy.service
+      Service:
+        ExecStart: /usr/bin/podman start -a container-registry
+        ExecStop: /usr/bin/podman stop container-registry
+      Install:
+        WantedBy: multi-user.target
+    container-registry-garbage-collect:
+      Unit:
+        Description: Container Registry garbage collect
+      Service:
+        ExecStart: /usr/bin/podman exec container-registry /bin/registry garbage-collect /etc/docker/registry/config.yml -m
+    container-docker-mirror-garbage-collect:
+      Unit:
+        Description: Container Docker mirror garbage collect
+      Service:
+        ExecStart: /usr/bin/podman exec container-docker-mirror /bin/registry garbage-collect /etc/docker/registry/config.yml -m
+  timer:
+    container-registry-garbage-collect:
+      Unit:
+        Description: Timer for registry-garbage-collect
+      Timer:
+        OnCalendar: weekly
+        Persistent: true
+      Install:
+        WantedBy: timers.target
+    container-docker-mirror-garbage-collect:
+      Unit:
+        Description: Timer for docker-mirror-garbage-collect
+      Timer:
+        OnCalendar: weekly
+        Persistent: true
+      Install:
+        WantedBy: timers.target
+haproxy:
+  enabled: True
+  overwrite: True
+  global:
+    stats:
+      enable: True
+      socketpath: /var/lib/haproxy/stats
+      mode: 660
+      level: admin
+      # Optional extra bind parameter, for example to set the owner/group on the socket file
+      extra: user haproxy group haproxy
+    ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
+    ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"
+
+    user: haproxy
+    group: haproxy
+    chroot:
+      enable: True
+      path: /var/lib/haproxy
+    daemon: True
+  defaults:
+    mode: http
+    stats:
+      - enable
+      - uri: '/haproxy-status'
+    options:
+      - httplog
+      - dontlognull
+      - forwardfor
+    timeouts:
+      - connect 5000
+      - client 50000
+      - server 50000
+      - tunnel 80000 #longer timeouts for websockets
+      - http-request 5s
+    errorfiles:
+      400: /etc/haproxy/errors/400.http
+      403: /etc/haproxy/errors/403.http
+      408: /etc/haproxy/errors/408.http
+      500: /etc/haproxy/errors/500.http
+      502: /etc/haproxy/errors/502.http
+      503: /etc/haproxy/errors/503.http
+      504: /etc/haproxy/errors/504.http
+  #resolvers:
+  #  local_dns:
+  #    options:
+  #      - nameserver resolvconf 192.168.10.1:53
+  #      - resolve_retries 3
+  #      - timeout retry 1s
+  #      - hold valid 10s
+  listens:
+    stats:
+      bind:
+        - "127.0.0.1:9110"
+      mode: http
+      stats:
+        enable: True
+        uri: "/haproxy-status"
+        refresh: "20s"
+  frontends:
+    frontend1:
+      name: www-http 
+      bind: 
+       - "*:80"
+       - "*:443 ssl crt /etc/pki/chain ca-file /etc/pki/intca.crt"
+      default_backend: container-registry
+      acls: 
+        - host_cr hdr_beg(host) -i cr. docker-registry.
+        - host_gcr-mirror hdr_beg(host) -i gcr-mirror.
+        - host_dr-mirror hdr_beg(host) -i dr-mirror.
+      use_backends: 
+        - container-registry if host_cr
+        - gcr-mirror if host_gcr-mirror
+        - dr-mirror if host_dr-mirror
+  backends:
+    backend1:
+      name: container-registry
+      balance: roundrobin
+      servers:
+        server1:
+          name: adm01
+          host: 127.0.0.1
+          port: 5000
+          check: check
+      options:
+        - http-server-close
+      extra:
+        - http-response add-header Access-Control-Allow-Origin "*"
+        - http-response add-header Access-Control-Allow-Methods "HEAD, GET, OPTIONS, DELETE"
+        - http-response add-header Access-Control-Allow-Headers "Authorization, Accept"
+        - http-response add-header Access-Control-Allow-Credentials true
+        - http-response add-header Access-Control-Expose-Headers "Docker-Content-Digest"
+    backend2:
+      name: dr-mirror
+      balance: roundrobin
+      servers:
+        server1:
+          name: adm01
+          host: 127.0.0.1
+          port: 5001
+          check: check
+      options:
+        - http-server-close
+      extra:
+        - http-response add-header Access-Control-Allow-Origin "*"
+        - http-response add-header Access-Control-Allow-Methods "HEAD, GET, OPTIONS"
+        - http-response add-header Access-Control-Allow-Headers "Authorization, Accept"
+        - http-response add-header Access-Control-Allow-Credentials true
+        - http-response add-header Access-Control-Expose-Headers "Docker-Content-Digest"
+    backend3:
+      name: gcr-mirror
+      balance: roundrobin
+      servers:
+        server1:
+          name: adm01
+          host: 127.0.0.1
+          port: 5600
+          check: check
+      options:
+        - http-server-close
+      extra:
+        - http-response add-header Access-Control-Allow-Origin "*"
+        - http-response add-header Access-Control-Allow-Methods "HEAD, GET, OPTIONS"
+        - http-response add-header Access-Control-Allow-Headers "Authorization, Accept"
+        - http-response add-header Access-Control-Allow-Credentials true
+        - http-response add-header Access-Control-Expose-Headers "Docker-Content-Digest"
+    

base/hostconfig/auto01.sls

@@ -0,0 +1,94 @@
+pki:
+  cns:
+  - genie.chaos
+  - genie2.chaos
+haproxy:
+  enabled: True
+  overwrite: True
+  global:
+    stats:
+      enable: True
+      socketpath: /var/lib/haproxy/stats
+      mode: 660
+      level: admin
+      # Optional extra bind parameter, for example to set the owner/group on the socket file
+      extra: user haproxy group haproxy
+    ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
+    ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"
+
+    user: haproxy
+    group: haproxy
+    chroot:
+      enable: True
+      path: /var/lib/haproxy
+    daemon: True
+  defaults:
+    mode: http
+    stats:
+      - enable
+      - uri: '/haproxy-status'
+    options:
+      - httplog
+      - dontlognull
+      - forwardfor
+    timeouts:
+      - connect 5000
+      - client 50000
+      - server 50000
+      - tunnel 80000 #longer timeouts for websockets
+      - http-request 5s
+    errorfiles:
+      400: /etc/haproxy/errors/400.http
+      403: /etc/haproxy/errors/403.http
+      408: /etc/haproxy/errors/408.http
+      500: /etc/haproxy/errors/500.http
+      502: /etc/haproxy/errors/502.http
+      503: /etc/haproxy/errors/503.http
+      504: /etc/haproxy/errors/504.http
+  #resolvers:
+  #  local_dns:
+  #    options:
+  #      - nameserver resolvconf 192.168.10.1:53
+  #      - resolve_retries 3
+  #      - timeout retry 1s
+  #      - hold valid 10s
+  listens:
+    stats:
+      bind:
+        - "127.0.0.1:9110"
+      mode: http
+      stats:
+        enable: True
+        uri: "/haproxy-status"
+        refresh: "20s"
+  frontends:
+    frontend1:
+      name: www-http 
+      bind: 
+       - "*:80"
+      default_backend: genie
+      acls: 
+        - host_genie hdr_beg(host) -i genie.
+        - host_genie2 hdr_beg(host) -i genie2.
+      use_backends: 
+        - genie if host_genie
+        - genie2 if host_genie2
+  backends:
+    backend1:
+      name: genie
+      balance: roundrobin
+      servers:
+        server1:
+          name: genie
+          host: 127.0.0.1
+          port: 3000
+          check: check
+    backend2:
+      name: genie2
+      balance: roundrobin
+      servers:
+        server1:
+          name: genie2
+          host: 127.0.0.1
+          port: 8000
+          check: check

base/hostconfig/auto02.sls

@@ -1,18 +1,42 @@
 pki:
   cns:
-  - docker-registry.lan
   - zwave2mqtt.chaos
   - auto.chaos
   - auto-conf.chaos
   - pihole.chaos
+  - nodered.chaos
+  - rompr.chaos
+  
+os:
+  release: bookworm
+  
 systemd:
   service:
+    container-rompr:
+      Unit:
+        Description: Rompr
+        After: network-online.target local-fs.target
+        Before: haproxy.service
+      Service:
+        ExecStart: /usr/bin/podman start -a rompr
+        ExecStop: /usr/bin/podman stop rompr
+      Install:
+        WantedBy: multi-user.target
+    container-node-red:
+      Unit:
+        Description: Node Red
+        After: network-online.target local-fs.target
+        Before: haproxy.service
+      Service:
+        ExecStart: /usr/bin/podman start -a node-red
+        ExecStop: /usr/bin/podman stop node-red
+      Install:
+        WantedBy: multi-user.target
     container-homeassistant:
       Unit:
         Description: Homeassistant
         After: network-online.target local-fs.target
         Before: haproxy.service
-        Requires: io.podman.service
       Service:
         ExecStart: /usr/bin/podman start -a homeassistant
         ExecStop: /usr/bin/podman stop homeassistant
@@ -23,7 +47,6 @@ systemd:
         Description: Homeassistant Configurator
         After: network-online.target local-fs.target
         Before: haproxy.service
-        Requires: io.podman.service
       Service:
         ExecStart: /usr/bin/podman start -a homeassistant-configurator
         ExecStop: /usr/bin/podman stop homeassistant-configurator
@@ -34,29 +57,16 @@ systemd:
         Description: pihole
         After: network-online.target local-fs.target
         Before: haproxy.service
-        Requires: io.podman.service
       Service:
         ExecStart: /usr/bin/podman start -a pihole
         ExecStop: /usr/bin/podman stop pihole
       Install:
         WantedBy: multi-user.target
-    container-docker-registry:
-      Unit:
-        Description: Docker Registry
-        After: network-online.target local-fs.target
-        Before: haproxy.service
-        Requires: io.podman.service
-      Service:
-        ExecStart: /usr/bin/podman start -a docker-registry
-        ExecStop: /usr/bin/podman stop docker-registry
-      Install:
-        WantedBy: multi-user.target
     container-zwave2mqtt:
       Unit:
         Description: zwave2mqtt - yes
         After: network-online.target local-fs.target
         Before: haproxy.service
-        Requires: io.podman.service
       Service:
         ExecStart: /usr/bin/podman start -a zwave2mqtt
         ExecStop: /usr/bin/podman stop zwave2mqtt
@@ -67,12 +77,21 @@ systemd:
         Description: mosquitto-mqtt - yes
         After: network-online.target local-fs.target
         Before: haproxy.service
-        Requires: io.podman.service
       Service:
         ExecStart: /usr/bin/podman start -a mosquitto-mqtt
         ExecStop: /usr/bin/podman stop mosquitto-mqtt
       Install:
         WantedBy: multi-user.target
+    container-mosquitto-prometheus-exporter:
+      Unit:
+        Description: mosquitto-prometeus-exporter - yes
+        After: network-online.target local-fs.target
+        Before: haproxy.service
+      Service:
+        ExecStart: /usr/bin/podman start -a mosquitto-exporter
+        ExecStop: /usr/bin/podman stop mosquitto-exporter
+      Install:
+        WantedBy: multi-user.target
 haproxy:
   enabled: True
   overwrite: True
@@ -137,20 +156,26 @@ haproxy:
       name: www-http 
       bind: 
        - "*:80"
-       - "*:443 ssl crt /etc/pki/chain ca-file /etc/pki/intca.crt"
+       #- "*:443 ssl crt /etc/pki/chain ca-file /etc/pki/intca.crt"
       default_backend: auto
       acls: 
         - host_auto hdr_beg(host) -i auto.
         - host_auto-conf hdr_beg(host) -i auto-conf.
         - host_z2m hdr_beg(host) -i zwave2mqtt.
+        - host_z2m-ws hdr_beg(host) -i zwave2mqtt-ws.
         - host_pihole hdr_beg(host) -i pihole.
-        - host_docker-registry hdr_beg(host) -i docker-registry.
+        - host_nodered hdr_beg(host) -i nodered.
+        - host_rompr hdr_beg(host) -i rompr.
+        - host_salt hdr_beg(host) -i salt.
       use_backends: 
         - auto if host_auto
         - auto-conf if host_auto-conf
         - z2m if host_z2m
+        - z2m-ws if host_z2m-ws
         - pihole if host_pihole
-        - docker-registry if host_docker-registry 
+        - nodered if host_nodered
+        - rompr if host_rompr
+        - saltgui if host_salt
   backends:
     backend1:
       name: auto
@@ -161,7 +186,7 @@ haproxy:
         - location /lovelace if deprecated
       servers:
         server1:
-          name: auto02
+          name: auto
           host: 127.0.0.1
           port: 8123
           check: check
@@ -170,7 +195,7 @@ haproxy:
       balance: roundrobin
       servers:
         server1:
-          name: auto02
+          name: auto-conf
           host: 127.0.0.1
           port: 3218
           check: check
@@ -179,36 +204,53 @@ haproxy:
       balance: roundrobin
       servers:
         server1:
-          name: auto02
+          name: zwave2mqtt
           host: 127.0.0.1
           port: 8091
           check: check
+    backend31:
+      name: z2m-ws
+      balance: roundrobin
+      servers:
+        server1:
+          name: zwave2mqtt-ws
+          host: 127.0.0.1
+          port: 3000
+          check: check
     backend4:
       name: pihole
       balance: roundrobin
       servers:
         server1:
-          name: auto02
+          name: pihole
           host: 127.0.0.1
           port: 8080
           check: check
     backend5:
-      name: docker-registry
+      name: nodered
       balance: roundrobin
       servers:
         server1:
-          name: auto02
+          name: nodered
           host: 127.0.0.1
-          port: 5000
+          port: 1880
           check: check
-      options:
-        - http-server-close
-      extra:
-        #- http-request add-header Access-Control-Allow-Origin "http://docker-registry.lan"
-        - http-response add-header Access-Control-Allow-Origin "*"
-        - http-response add-header Access-Control-Allow-Methods "HEAD, GET, OPTIONS, DELETE"
-        - http-response add-header Access-Control-Allow-Headers "Authorization, Accept"
-        - http-response add-header Access-Control-Allow-Credentials true
-        - http-response add-header Access-Control-Expose-Headers "Docker-Content-Digest"
-        
-        
+    backend6:
+      name: rompr
+      balance: roundrobin
+      servers:
+        server1:
+          name: rompr
+          host: 127.0.0.1
+          port: 8081
+          check: check
+    backend7:
+      name: saltgui
+      balance: roundrobin
+      servers:
+        server1:
+          name: saltgui
+          host: 127.0.0.1
+          port: 3333
+          check: check
+ 

base/hostconfig/init.sls

@@ -1,4 +1,7 @@
 
-include:
-  - base.hostconfig.{{ grains.get('nodename') }}
- 
+{% if salt['grains.get']('host') | regex_match('.*[0-9][0-9]') %}
+  {% set canonical_name = salt['grains.get']('host') | regex_replace('[0-9]', '', ignorecase=True) %}  
+  {% include './' + canonical_name + '.sls' ignore missing %}
+{% endif %}
+{% include './' + salt['grains.get']('host') + '.sls' ignore missing %} 
+   

base/hostconfig/pine.sls

@@ -0,0 +1,8 @@
+pki:
+  cns:
+  - auth.lan 
+  - public.auth.lan
+  - secure.auth.lan
+  - nc.lan
+  - git-ui.lan
+  - hassio.lan

base/hostconfig/truhe.sls

@@ -0,0 +1,2 @@
+os:
+  release: bullseye

base/hostconfig/yori.sls

@@ -0,0 +1,2 @@
+os:
+  release: sid

base/init.sls

@@ -3,9 +3,9 @@
 ---
 
 include:
-  - base.services
-  - base.hardware
-  - base.hostconfig
-  - base.sysctl
+  - .services
+  - .hardware
+  - .hostconfig
+  - .sysctl
   - saltmine
-  - prometheus.node_exporter
+  #- prometheus.node_exporter

base/log/rsyslog/client.sls

@@ -10,7 +10,7 @@ rsyslog:
     output:
       remote:
         log.chaos:
-          action: '@log'
+          action: '@log.lan'
           filter: "*.*"
           enabled: true
         #  target: 192.168.10.2                   # omit if you do not want to forward logs

base/services.sls

@@ -3,6 +3,6 @@
 # which services are available?
 #
 services:
-{%- if grains.get('domain') in ['lan', 'wks'] %}
-  - apt-cache: apt-cache.lan/ 
+{%- if grains.get('domain') in ['lan', 'wks', 'nr5', 'consul'] %}
+  - apt-cache: apt-cache.service.nr5/ 
 {%- endif %}

prometheus/node_exporter.sls

@@ -13,7 +13,8 @@ prometheus:
       args:
         web.listen-address: :9100
         collector.textfile.directory: /tmp/textfile-collector
-        collector.diskstats.ignored-devices: ^(ram|loop|fd)\d+$
+        collector.diskstats.ignored-devices: ^(ram|loop|fd|zram)\d+$
         collector.filesystem.ignored-mount-points: ^/(sys|proc|dev|run)($|/)
         collector.filesystem.ignored-fs-types: ^(nfs|cifs|glusterfs|autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs|tmpfs)$
-        no-collector.systemd: 
+        no-collector.systemd:
+        no-collector.rapl:

top.sls

@@ -5,14 +5,13 @@
 base:
   '*':
     - base
+    - ignore_missing: True
   'G@osarch:arm64 or G@osarch:armel':
     - match: compound 
     - base.log.rsyslog.client 
-  'G@osarch:armhf and not G@fqdn:tumor.chaos':
+  'G@osarch:armhf and not G@fqdn:adm01.wks':
     - match: compound
     - base.log.rsyslog.client 
-  'pine*':
-    - k8s 
-  'auto01*':
-    - packages.openhab
+ # 'pine*':
+ #   - k8s