247 lines
6.5 KiB
Plaintext
247 lines
6.5 KiB
Plaintext
pki:
|
|
cns:
|
|
- docker-registry.lan
|
|
- zwave2mqtt.chaos
|
|
- auto.chaos
|
|
- auto-conf.chaos
|
|
- pihole.chaos
|
|
- nodered.chaos
|
|
- rompr.chaos
|
|
|
|
os:
|
|
release: bullseye
|
|
|
|
systemd:
|
|
service:
|
|
container-rompr:
|
|
Unit:
|
|
Description: Rompr
|
|
After: network-online.target local-fs.target
|
|
Before: haproxy.service
|
|
Service:
|
|
ExecStart: /usr/bin/podman start -a rompr
|
|
ExecStop: /usr/bin/podman stop rompr
|
|
Install:
|
|
WantedBy: multi-user.target
|
|
container-node-red:
|
|
Unit:
|
|
Description: Node Red
|
|
After: network-online.target local-fs.target
|
|
Before: haproxy.service
|
|
Service:
|
|
ExecStart: /usr/bin/podman start -a node-red
|
|
ExecStop: /usr/bin/podman stop node-red
|
|
Install:
|
|
WantedBy: multi-user.target
|
|
container-homeassistant:
|
|
Unit:
|
|
Description: Homeassistant
|
|
After: network-online.target local-fs.target
|
|
Before: haproxy.service
|
|
Service:
|
|
ExecStart: /usr/bin/podman start -a homeassistant
|
|
ExecStop: /usr/bin/podman stop homeassistant
|
|
Install:
|
|
WantedBy: multi-user.target
|
|
container-homeassistant-configurator:
|
|
Unit:
|
|
Description: Homeassistant Configurator
|
|
After: network-online.target local-fs.target
|
|
Before: haproxy.service
|
|
Service:
|
|
ExecStart: /usr/bin/podman start -a homeassistant-configurator
|
|
ExecStop: /usr/bin/podman stop homeassistant-configurator
|
|
Install:
|
|
WantedBy: multi-user.target
|
|
container-pihole:
|
|
Unit:
|
|
Description: pihole
|
|
After: network-online.target local-fs.target
|
|
Before: haproxy.service
|
|
Service:
|
|
ExecStart: /usr/bin/podman start -a pihole
|
|
ExecStop: /usr/bin/podman stop pihole
|
|
Install:
|
|
WantedBy: multi-user.target
|
|
container-zwave2mqtt:
|
|
Unit:
|
|
Description: zwave2mqtt - yes
|
|
After: network-online.target local-fs.target
|
|
Before: haproxy.service
|
|
Service:
|
|
ExecStart: /usr/bin/podman start -a zwave2mqtt
|
|
ExecStop: /usr/bin/podman stop zwave2mqtt
|
|
Install:
|
|
WantedBy: multi-user.target
|
|
container-mosquitto-mqtt:
|
|
Unit:
|
|
Description: mosquitto-mqtt - yes
|
|
After: network-online.target local-fs.target
|
|
Before: haproxy.service
|
|
Service:
|
|
ExecStart: /usr/bin/podman start -a mosquitto-mqtt
|
|
ExecStop: /usr/bin/podman stop mosquitto-mqtt
|
|
Install:
|
|
WantedBy: multi-user.target
|
|
container-mosquitto-prometheus-exporter:
|
|
Unit:
|
|
Description: mosquitto-prometeus-exporter - yes
|
|
After: network-online.target local-fs.target
|
|
Before: haproxy.service
|
|
Service:
|
|
ExecStart: /usr/bin/podman start -a mosquitto-exporter
|
|
ExecStop: /usr/bin/podman stop mosquitto-exporter
|
|
Install:
|
|
WantedBy: multi-user.target
|
|
haproxy:
|
|
enabled: True
|
|
overwrite: True
|
|
global:
|
|
stats:
|
|
enable: True
|
|
socketpath: /var/lib/haproxy/stats
|
|
mode: 660
|
|
level: admin
|
|
# Optional extra bind parameter, for example to set the owner/group on the socket file
|
|
extra: user haproxy group haproxy
|
|
ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
|
|
ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"
|
|
|
|
user: haproxy
|
|
group: haproxy
|
|
chroot:
|
|
enable: True
|
|
path: /var/lib/haproxy
|
|
daemon: True
|
|
defaults:
|
|
mode: http
|
|
stats:
|
|
- enable
|
|
- uri: '/haproxy-status'
|
|
options:
|
|
- httplog
|
|
- dontlognull
|
|
- forwardfor
|
|
timeouts:
|
|
- connect 5000
|
|
- client 50000
|
|
- server 50000
|
|
- tunnel 80000 #longer timeouts for websockets
|
|
- http-request 5s
|
|
errorfiles:
|
|
400: /etc/haproxy/errors/400.http
|
|
403: /etc/haproxy/errors/403.http
|
|
408: /etc/haproxy/errors/408.http
|
|
500: /etc/haproxy/errors/500.http
|
|
502: /etc/haproxy/errors/502.http
|
|
503: /etc/haproxy/errors/503.http
|
|
504: /etc/haproxy/errors/504.http
|
|
#resolvers:
|
|
# local_dns:
|
|
# options:
|
|
# - nameserver resolvconf 192.168.10.1:53
|
|
# - resolve_retries 3
|
|
# - timeout retry 1s
|
|
# - hold valid 10s
|
|
listens:
|
|
stats:
|
|
bind:
|
|
- "127.0.0.1:9110"
|
|
mode: http
|
|
stats:
|
|
enable: True
|
|
uri: "/haproxy-status"
|
|
refresh: "20s"
|
|
frontends:
|
|
frontend1:
|
|
name: www-http
|
|
bind:
|
|
- "*:80"
|
|
#- "*:443 ssl crt /etc/pki/chain ca-file /etc/pki/intca.crt"
|
|
default_backend: auto
|
|
acls:
|
|
- host_auto hdr_beg(host) -i auto.
|
|
- host_auto-conf hdr_beg(host) -i auto-conf.
|
|
- host_z2m hdr_beg(host) -i zwave2mqtt.
|
|
- host_z2m-ws hdr_beg(host) -i zwave2mqtt-ws.
|
|
- host_pihole hdr_beg(host) -i pihole.
|
|
- host_nodered hdr_beg(host) -i nodered.
|
|
- host_rompr hdr_beg(host) -i rompr.
|
|
use_backends:
|
|
- auto if host_auto
|
|
- auto-conf if host_auto-conf
|
|
- z2m if host_z2m
|
|
- z2m-ws if host_z2m-ws
|
|
- pihole if host_pihole
|
|
- nodered if host_nodered
|
|
- rompr if host_rompr
|
|
backends:
|
|
backend1:
|
|
name: auto
|
|
balance: roundrobin
|
|
acls:
|
|
- deprecated path_beg /habpanel /paperui
|
|
redirect:
|
|
- location /lovelace if deprecated
|
|
servers:
|
|
server1:
|
|
name: auto
|
|
host: 127.0.0.1
|
|
port: 8123
|
|
check: check
|
|
backend2:
|
|
name: auto-conf
|
|
balance: roundrobin
|
|
servers:
|
|
server1:
|
|
name: auto-conf
|
|
host: 127.0.0.1
|
|
port: 3218
|
|
check: check
|
|
backend3:
|
|
name: z2m
|
|
balance: roundrobin
|
|
servers:
|
|
server1:
|
|
name: zwave2mqtt
|
|
host: 127.0.0.1
|
|
port: 8091
|
|
check: check
|
|
backend31:
|
|
name: z2m-ws
|
|
balance: roundrobin
|
|
servers:
|
|
server1:
|
|
name: zwave2mqtt-ws
|
|
host: 127.0.0.1
|
|
port: 3000
|
|
check: check
|
|
backend4:
|
|
name: pihole
|
|
balance: roundrobin
|
|
servers:
|
|
server1:
|
|
name: pihole
|
|
host: 127.0.0.1
|
|
port: 8080
|
|
check: check
|
|
backend5:
|
|
name: nodered
|
|
balance: roundrobin
|
|
servers:
|
|
server1:
|
|
name: nodered
|
|
host: 127.0.0.1
|
|
port: 1880
|
|
check: check
|
|
backend6:
|
|
name: rompr
|
|
balance: roundrobin
|
|
servers:
|
|
server1:
|
|
name: rompr
|
|
host: 127.0.0.1
|
|
port: 8081
|
|
check: check
|
|
|