haproxy with chain.pem ssl

disable nagging kernel messages
auto02 and haproxy
2021-02-01 16:41:52 +01:00 · 2021-01-31 16:55:16 +01:00 · 2021-01-31 16:54:54 +01:00 · 2021-01-31 12:56:57 +01:00
5 changed files with 116 additions and 58 deletions
--- a/base/hostconfig/auto02.sls
+++ b/base/hostconfig/auto02.sls
@@ -1,45 +1,60 @@
 systemd:
  service:
-   homeassistant:
+    container-homeassistant:
      Unit:
        Description: Homeassistant
        After: network-online.target local-fs.target
+        Before: haproxy.service
        Requires: io.podman.service
      Service:
        ExecStart: /usr/bin/podman start -a homeassistant
-        ExecStop: /usr/bin/podman stop homeassistant 
+        ExecStop: /usr/bin/podman stop homeassistant
      Install:
        WantedBy: multi-user.target
-   homeassistant-configurator:
+    container-homeassistant-configurator:
      Unit:
        Description: Homeassistant Configurator
        After: network-online.target local-fs.target
+        Before: haproxy.service
        Requires: io.podman.service
      Service:
        ExecStart: /usr/bin/podman start -a homeassistant-configurator
        ExecStop: /usr/bin/podman stop homeassistant-configurator
      Install:
        WantedBy: multi-user.target
-   pihole:
+    container-pihole:
      Unit:
        Description: pihole
        After: network-online.target local-fs.target
+        Before: haproxy.service
        Requires: io.podman.service
      Service:
        ExecStart: /usr/bin/podman start -a pihole
-        ExecStop: /usr/bin/podman stop pihole 
+        ExecStop: /usr/bin/podman stop pihole
      Install:
        WantedBy: multi-user.target
-   docker-registry:
+    container-docker-registry:
      Unit:
        Description: Docker Registry
        After: network-online.target local-fs.target
+        Before: haproxy.service
        Requires: io.podman.service
      Service:
        ExecStart: /usr/bin/podman start -a docker-registry
        ExecStop: /usr/bin/podman stop docker-registry
      Install:
-        WantedBy: multi-user.target        
+        WantedBy: multi-user.target
+    container-zwave2mqtt:
+      Unit:
+        Description: zwave2mqtt - yes
+        After: network-online.target local-fs.target
+        Before: haproxy.service
+        Requires: io.podman.service
+      Service:
+        ExecStart: /usr/bin/podman start -a zwave2mqtt
+        ExecStop: /usr/bin/podman stop zwave2mqtt
+      Install:
+        WantedBy: multi-user.target
 haproxy:
  enabled: True
  overwrite: True
@@ -61,11 +76,22 @@ haproxy:
      path: /var/lib/haproxy
    daemon: True
  defaults:
+    mode: http
    stats:
      - enable
      - uri: '/admin?stats'
      - realm: 'Haproxy\ Statistics'
      - auth: 'admin1:AdMiN123'
+    options:
+      - httplog
+      - dontlognull
+      - forwardfor
+    timeouts:
+      - connect 5000
+      - client 50000
+      - server 50000
+      - tunnel 80000 #longer timeouts for websockets
+      - http-request 5s
    errorfiles:
      400: /etc/haproxy/errors/400.http
      403: /etc/haproxy/errors/403.http
@@ -74,17 +100,17 @@ haproxy:
      502: /etc/haproxy/errors/502.http
      503: /etc/haproxy/errors/503.http
      504: /etc/haproxy/errors/504.http
-  resolvers:
-    local_dns:
-      options:
-        - nameserver resolvconf 192.168.10.1:53
-        - resolve_retries 3
-        - timeout retry 1s
-        - hold valid 10s
+  #resolvers:
+  #  local_dns:
+  #    options:
+  #      - nameserver resolvconf 192.168.10.1:53
+  #      - resolve_retries 3
+  #      - timeout retry 1s
+  #      - hold valid 10s
  listens:
    stats:
      bind:
-        - "0.0.0.0:8998"
+        - "127.0.0.1:8998"
      mode: http
      stats:
        enable: True
@@ -92,13 +118,23 @@ haproxy:
        refresh: "20s"
  frontends:
    frontend1:
-      name: auto 
-      bind: "*:80"
+      name: www-http 
+      bind: 
+       - "*:80"
+       - "*:443 ssl crt /etc/pki/chain.pem"
      default_backend: auto
      acls: 
        - host_auto hdr_beg(host) -i auto.
+        - host_auto-conf hdr_beg(host) -i auto-conf.
+        - host_z2m hdr_beg(host) -i zwave2mqtt.
+        - host_pihole hdr_beg(host) -i pihole.
+        - host_docker-registry hdr_beg(host) -i docker-registry.
      use_backends: 
        - auto if host_auto
+        - auto-conf if host_auto-conf
+        - z2m if host_z2m
+        - pihole if host_pihole
+        - docker-registry if host_docker-registry 
  backends:
    backend1:
      name: auto
@@ -109,4 +145,50 @@ haproxy:
          host: 127.0.0.1
          port: 8123
          check: check
+    backend2:
+      name: auto-conf
+      balance: roundrobin
+      servers:
+        server1:
+          name: auto02
+          host: 127.0.0.1
+          port: 3218
+          check: check
+    backend3:
+      name: z2m
+      balance: roundrobin
+      servers:
+        server1:
+          name: auto02
+          host: 127.0.0.1
+          port: 8091
+          check: check
+    backend4:
+      name: pihole
+      balance: roundrobin
+      servers:
+        server1:
+          name: auto02
+          host: 127.0.0.1
+          port: 8080
+          check: check
+    backend5:
+      name: docker-registry
+      balance: roundrobin
+      servers:
+        server1:
+          name: auto02
+          host: 127.0.0.1
+          port: 5000
+          check: check
+      options:
+        - http-server-close
+      extra:
+        #- http-request add-header Access-Control-Allow-Origin "http://docker-registry.lan"
+        - http-response add-header Access-Control-Allow-Origin "*"
+        - http-response add-header Access-Control-Allow-Methods "HEAD, GET, OPTIONS, DELETE"
+        - http-response add-header Access-Control-Allow-Headers "Authorization, Accept"
+        - http-response add-header Access-Control-Allow-Credentials true
+        - http-response add-header Access-Control-Expose-Headers "Docker-Content-Digest"
+        
        
--- a/base/init.sls
+++ b/base/init.sls
@@ -5,7 +5,7 @@
 include:
  - base.services
  - base.hardware
-  - base.sys.sysctl
+  - base.sys
  - base.hostconfig
  - saltmine
  - prometheus.node_exporter
--- a/base/sys/cp15_barrier.sls
+++ b/base/sys/cp15_barrier.sls
@@ -0,0 +1,13 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+{%- if grains.get('cpuarch') in ['aarch64'] %}
+sysctl:
+  lookup:
+    config:
+      location: '/etc/sysctl.d'
+  params:
+    abi.cp15_barrier:
+      value: 2
+{%- endif %}
+
--- a/base/sys/init.sls
+++ b/base/sys/init.sls
@@ -0,0 +1,3 @@
+include:
+  - .sysctl
+  - .cp15_barrier
--- a/grafana.sls
+++ b/grafana.sls
@@ -1,40 +0,0 @@
-# -*- coding: utf-8 -*-
-# vim: ft=yaml
---
-
-grafana:
-  pkg:
-    name: grafana
-    use_upstream_archive: false
-    repo:
-      humanname: grafana_official
-      name: deb https://packages.grafana.com/oss/deb stable main
-      file: /etc/apt/sources.list.d/grafana.list
-      key_url: https://packages.grafana.com/gpg.key
-
-  config_file: /etc/grafana/grafana.ini
-  service:
-    name: grafana-server
-  config:
-    default:
-      app_mode: production
-      instance_name: stats
-    server:
-      domain: chaos
-    security:
-      admin_user: admin
-      allow_embedding: true
-    users:
-      allow_signup: false
-    auth:
-      login_maximum_inactive_lifetime_days: 21
-      login_maximumx_lifetime_days: 60
-      token_rotation_interval: 240
-    auth.anonymous:
-      enabled: true
-      org_name: Dahoam
-      org_role: Viewer
-    log:
-      level: error
-      mode: syslog
-
Author	SHA1	Message	Date
do	f3c1bf67fe	haproxy with chain.pem ssl	2021-02-01 16:41:52 +01:00
do	10d9fcbc7c	disable nagging kernel messages	2021-01-31 16:55:16 +01:00
do	fa6c62c1f6	auto02 and haproxy	2021-01-31 16:54:54 +01:00
do	50ce8787a2	auot02 with frakin' nginx doesnt work	2021-01-31 12:56:57 +01:00