salt-pillar/base/hostconfig/auto02.sls

pki:
  cns:
  - zwave2mqtt.chaos
  - auto.chaos
  - auto-conf.chaos
  - pihole.chaos
  - nodered.chaos
  - rompr.chaos
  
os:
  release: bookworm
  
systemd:
  service:
    container-rompr:
      Unit:
        Description: Rompr
        After: network-online.target local-fs.target
        Before: haproxy.service
      Service:
        ExecStart: /usr/bin/podman start -a rompr
        ExecStop: /usr/bin/podman stop rompr
      Install:
        WantedBy: multi-user.target
    container-node-red:
      Unit:
        Description: Node Red
        After: network-online.target local-fs.target
        Before: haproxy.service
      Service:
        ExecStart: /usr/bin/podman start -a node-red
        ExecStop: /usr/bin/podman stop node-red
      Install:
        WantedBy: multi-user.target
    container-homeassistant:
      Unit:
        Description: Homeassistant
        After: network-online.target local-fs.target
        Before: haproxy.service
      Service:
        ExecStart: /usr/bin/podman start -a homeassistant
        ExecStop: /usr/bin/podman stop homeassistant
      Install:
        WantedBy: multi-user.target
    container-homeassistant-configurator:
      Unit:
        Description: Homeassistant Configurator
        After: network-online.target local-fs.target
        Before: haproxy.service
      Service:
        ExecStart: /usr/bin/podman start -a homeassistant-configurator
        ExecStop: /usr/bin/podman stop homeassistant-configurator
      Install:
        WantedBy: multi-user.target
    container-pihole:
      Unit:
        Description: pihole
        After: network-online.target local-fs.target
        Before: haproxy.service
      Service:
        ExecStart: /usr/bin/podman start -a pihole
        ExecStop: /usr/bin/podman stop pihole
      Install:
        WantedBy: multi-user.target
    container-zwave2mqtt:
      Unit:
        Description: zwave2mqtt - yes
        After: network-online.target local-fs.target
        Before: haproxy.service
      Service:
        ExecStart: /usr/bin/podman start -a zwave2mqtt
        ExecStop: /usr/bin/podman stop zwave2mqtt
      Install:
        WantedBy: multi-user.target
    container-mosquitto-mqtt:
      Unit:
        Description: mosquitto-mqtt - yes
        After: network-online.target local-fs.target
        Before: haproxy.service
      Service:
        ExecStart: /usr/bin/podman start -a mosquitto-mqtt
        ExecStop: /usr/bin/podman stop mosquitto-mqtt
      Install:
        WantedBy: multi-user.target
    container-mosquitto-prometheus-exporter:
      Unit:
        Description: mosquitto-prometeus-exporter - yes
        After: network-online.target local-fs.target
        Before: haproxy.service
      Service:
        ExecStart: /usr/bin/podman start -a mosquitto-exporter
        ExecStop: /usr/bin/podman stop mosquitto-exporter
      Install:
        WantedBy: multi-user.target
haproxy:
  enabled: True
  overwrite: True
  global:
    stats:
      enable: True
      socketpath: /var/lib/haproxy/stats
      mode: 660
      level: admin
      # Optional extra bind parameter, for example to set the owner/group on the socket file
      extra: user haproxy group haproxy
    ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
    ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"

    user: haproxy
    group: haproxy
    chroot:
      enable: True
      path: /var/lib/haproxy
    daemon: True
  defaults:
    mode: http
    stats:
      - enable
      - uri: '/haproxy-status'
    options:
      - httplog
      - dontlognull
      - forwardfor
    timeouts:
      - connect 5000
      - client 50000
      - server 50000
      - tunnel 80000 #longer timeouts for websockets
      - http-request 5s
    errorfiles:
      400: /etc/haproxy/errors/400.http
      403: /etc/haproxy/errors/403.http
      408: /etc/haproxy/errors/408.http
      500: /etc/haproxy/errors/500.http
      502: /etc/haproxy/errors/502.http
      503: /etc/haproxy/errors/503.http
      504: /etc/haproxy/errors/504.http
  #resolvers:
  #  local_dns:
  #    options:
  #      - nameserver resolvconf 192.168.10.1:53
  #      - resolve_retries 3
  #      - timeout retry 1s
  #      - hold valid 10s
  listens:
    stats:
      bind:
        - "127.0.0.1:9110"
      mode: http
      stats:
        enable: True
        uri: "/haproxy-status"
        refresh: "20s"
  frontends:
    frontend1:
      name: www-http 
      bind: 
       - "*:80"
       #- "*:443 ssl crt /etc/pki/chain ca-file /etc/pki/intca.crt"
      default_backend: auto
      acls: 
        - host_auto hdr_beg(host) -i auto.
        - host_auto-conf hdr_beg(host) -i auto-conf.
        - host_z2m hdr_beg(host) -i zwave2mqtt.
        - host_z2m-ws hdr_beg(host) -i zwave2mqtt-ws.
        - host_pihole hdr_beg(host) -i pihole.
        - host_nodered hdr_beg(host) -i nodered.
        - host_rompr hdr_beg(host) -i rompr.
        - host_salt hdr_beg(host) -i salt.
      use_backends: 
        - auto if host_auto
        - auto-conf if host_auto-conf
        - z2m if host_z2m
        - z2m-ws if host_z2m-ws
        - pihole if host_pihole
        - nodered if host_nodered
        - rompr if host_rompr
        - saltgui if host_salt
  backends:
    backend1:
      name: auto
      balance: roundrobin
      acls:
        - deprecated path_beg /habpanel /paperui
      redirect:
        - location /lovelace if deprecated
      servers:
        server1:
          name: auto
          host: 127.0.0.1
          port: 8123
          check: check
    backend2:
      name: auto-conf
      balance: roundrobin
      servers:
        server1:
          name: auto-conf
          host: 127.0.0.1
          port: 3218
          check: check
    backend3:
      name: z2m
      balance: roundrobin
      servers:
        server1:
          name: zwave2mqtt
          host: 127.0.0.1
          port: 8091
          check: check
    backend31:
      name: z2m-ws
      balance: roundrobin
      servers:
        server1:
          name: zwave2mqtt-ws
          host: 127.0.0.1
          port: 3000
          check: check
    backend4:
      name: pihole
      balance: roundrobin
      servers:
        server1:
          name: pihole
          host: 127.0.0.1
          port: 8080
          check: check
    backend5:
      name: nodered
      balance: roundrobin
      servers:
        server1:
          name: nodered
          host: 127.0.0.1
          port: 1880
          check: check
    backend6:
      name: rompr
      balance: roundrobin
      servers:
        server1:
          name: rompr
          host: 127.0.0.1
          port: 8081
          check: check
    backend7:
      name: saltgui
      balance: roundrobin
      servers:
        server1:
          name: saltgui
          host: 127.0.0.1
          port: 3333
          check: check