diff --git a/.saltstack/master b/.saltstack/master
deleted file mode 100644
index a8f23a125c1472bb2c720d747947d4fdce6eedfa..0000000000000000000000000000000000000000
--- a/.saltstack/master
+++ /dev/null
@@ -1 +0,0 @@
-auto_accept: True
diff --git a/.saltstack/minion b/.saltstack/minion
deleted file mode 100644
index 2792fe4874655685a425f312d53bd87074cd8a08..0000000000000000000000000000000000000000
--- a/.saltstack/minion
+++ /dev/null
@@ -1 +0,0 @@
-master: 10.0.0.5
diff --git a/.saltstack/pillar/postgrest.sls b/.saltstack/pillar/postgrest.sls
deleted file mode 120000
index 837da91dd71cbc57b1d2a0a45e7613f778e3dc81..0000000000000000000000000000000000000000
--- a/.saltstack/pillar/postgrest.sls
+++ /dev/null
@@ -1 +0,0 @@
-../../pillar.example
\ No newline at end of file
diff --git a/.saltstack/pillar/sslcert/cert.pem b/.saltstack/pillar/sslcert/cert.pem
deleted file mode 100644
index 76afb154effad405769c028c5315586d42ee6568..0000000000000000000000000000000000000000
--- a/.saltstack/pillar/sslcert/cert.pem
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFuTCCA6GgAwIBAgIUcUudURLszmTKTnF9Q3W009BYOsQwDQYJKoZIhvcNAQEL
-BQAwdjELMAkGA1UEBhMCREUxFjAUBgNVBAgMDU5pZWRlcnNhY2hzZW4xETAPBgNV
-BAcMCEhhbm5vdmVyMRwwGgYDVQQKDBNIb2Noc2NodWxlIEhhbm5vdmVyMR4wHAYD
-VQQDDBVhcGl2Mi5wb3N0Z3Jlc3QubG9jYWwwHhcNMTkwNDA4MDkzNDMzWhcNMjkw
-NDA1MDkzNDMzWjB2MQswCQYDVQQGEwJERTEWMBQGA1UECAwNTmllZGVyc2FjaHNl
-bjERMA8GA1UEBwwISGFubm92ZXIxHDAaBgNVBAoME0hvY2hzY2h1bGUgSGFubm92
-ZXIxHjAcBgNVBAMMFWFwaXYyLnBvc3RncmVzdC5sb2NhbDCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBAObvehl12k5JFRDPZaHx8O4CiVXYfUbtg7m8Qq6+
-Ng4hINs0kUfOZxzd7NWCEZZw3OToRaPPEazoWkh852jD/tJ3iublpcTiZp9Kyg0S
-o1J040sPyTZ+beic8kUEWtpKAyu9q0rln9+YsFfleZE1kt3RTXB6+xorLVxcUajw
-IAAqBIISKyRIi9dGTJakir1QtyxPRWiKfNZ+Wwm4C7UBnGOUn2SjavxZPRP0wk57
-Eq7AwyyuDic9dMD5T/qaWiKUY0OzzP3OuM8evNyrAV8NarT9IiloG3TBh+qHKK5F
-5p/DtgGOdW+Z+P4n1avdkfEdZETuLTcE8O6yUV+nGEGuWDPySpze4TWkf5DfFQCD
-rtrtHXsDIDQhmCBhwK6Fxcby51rhtmd1FMOUx/T0GsngTCACJNJ8e8CKkNX387Jk
-UcSHSUt/1wip4WCC1z7YuKMyMas12WRyN82NCeWT7lVbFGNVnGUjOulCJsMAYDZX
-NLVs2SIBy6LDSOVeiCOvJWft5nkpnPtSEy7qaiufB2IMtv0TNzsmfJiGqzMCaQNt
-sx0bgFQPA2dSF855/MIG01OszLdIs4W+sFxGQEWiJ28KiCgh0pr+0g7CWaac+0AE
-U01iuaE7KaaV8NhzOtW9JQRo7SWhmiWF6VuN+YNgBlIePcg0fVxCIDg07tDT3l44
-2eY3AgMBAAGjPzA9MDsGA1UdEQQ0MDKCFWFwaXYyLnBvc3RncmVzdC5sb2NhbIIZ
-aWNtc2NhY2hlLnBvc3RncmVzdC5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEApOJ4
-o0YwOvR534c9EvAKN4tiXgQKEmyjmdfS0741JH0t3gAhrEX6KVAX7Vf99x6CZcS1
-x+czf1my3EIZpwQolBEpf73Xtjppn1Y5GlEVb3S15pIW8Pglj262p3XtpzSlfq8v
-mcYiC9JOaruseSIKc8xKuTmwgU8n6rQTKfMvg3wetTlgGji/GeD40+paGDSqtikP
-E+pve0cgcQqDA3cYwT9LNvN2BGhi4KU9O0poSJYMqXR4ErzI+ZAxj82vkcsxmDba
-T1tjvrmUscZ2LX2dIrgs/jbRSugQiPUmuhE0s4TJfLtJCPOnvPzDmiCf47oiOz+G
-R6FJo/yDZr0tdS5RNoFZsngS/N6rbPkooQrfPfHVnlRHR3foUR2bJQp2PKxqqtLQ
-ENjbdeLDQCqMDo0BMXvZvgGek4vA+W21FteqskTnOKU+Yv3sUTJVKHmxtTXciz6a
-nmKCOYtTB+kHbNyz+ovGUZ/oRK4t8xwgpKL6c09OX7k/pvnb8VnYeUDLE1wfW+n4
-2o3fk+oiPkFU79g5u748ZGDE2U3Pl460hsAfV31QjERbSHr7DwVF7dpnE9jH+tu+
-/FWMLpovASWCdh9tDoR9XzonmF72E+gKcYww2M1GSGQQm/4oJYmNIlAZd8lEB4Wh
-Gz30Lx+MReUNuzvChwap0oSq0axECnEsVPvRYUs=
------END CERTIFICATE-----
diff --git a/.saltstack/pillar/sslcert/dhparam.pem b/.saltstack/pillar/sslcert/dhparam.pem
deleted file mode 100644
index 1e0056f136cc5f7bb2476ed1dba68ef8fa74251f..0000000000000000000000000000000000000000
--- a/.saltstack/pillar/sslcert/dhparam.pem
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIIBCAKCAQEA9b8X8Plp+vLeVpQf8Nz2u9+lt8eF6BYj517XzJX8MsgPI1XU7dA4
-j75yitn1kd3R8q/PyTQgmbRdh54EfNEfiCnbY/2X+0c4L1rZqXx+GeUdAAXgjuye
-LjA/zd0RprK6TOpIOYQ7MO4P35T8Ora8jDXvf/Q386vCRQ5fiuVR5+nH9R4KBi7H
-iqM9N5dyhRNJIZZMeQ0T+zmeywazeicYszKunJqjQ0jZ1D+J1UUTHjH6/Lp1lVqA
-kJHCWa7GkBOfROmYFjeJ3v5Hfjkry/uXtvVoVfFIUGA4dPoCBRLzfNAGMhPzx0Gr
-kaW8ir0Mykld8mdgoCThKuHPhUnJ3wWamwIBAg==
------END DH PARAMETERS-----
diff --git a/.saltstack/pillar/sslcert/key.pem b/.saltstack/pillar/sslcert/key.pem
deleted file mode 100644
index 1c8cde8cd3b545f8fefc3e5001126764380c246e..0000000000000000000000000000000000000000
--- a/.saltstack/pillar/sslcert/key.pem
+++ /dev/null
@@ -1,52 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDm73oZddpOSRUQ
-z2Wh8fDuAolV2H1G7YO5vEKuvjYOISDbNJFHzmcc3ezVghGWcNzk6EWjzxGs6FpI
-fOdow/7Sd4rm5aXE4mafSsoNEqNSdONLD8k2fm3onPJFBFraSgMrvatK5Z/fmLBX
-5XmRNZLd0U1wevsaKy1cXFGo8CAAKgSCEiskSIvXRkyWpIq9ULcsT0VoinzWflsJ
-uAu1AZxjlJ9ko2r8WT0T9MJOexKuwMMsrg4nPXTA+U/6mloilGNDs8z9zrjPHrzc
-qwFfDWq0/SIpaBt0wYfqhyiuReafw7YBjnVvmfj+J9Wr3ZHxHWRE7i03BPDuslFf
-pxhBrlgz8kqc3uE1pH+Q3xUAg67a7R17AyA0IZggYcCuhcXG8uda4bZndRTDlMf0
-9BrJ4EwgAiTSfHvAipDV9/OyZFHEh0lLf9cIqeFggtc+2LijMjGrNdlkcjfNjQnl
-k+5VWxRjVZxlIzrpQibDAGA2VzS1bNkiAcuiw0jlXogjryVn7eZ5KZz7UhMu6mor
-nwdiDLb9Ezc7JnyYhqszAmkDbbMdG4BUDwNnUhfOefzCBtNTrMy3SLOFvrBcRkBF
-oidvCogoIdKa/tIOwlmmnPtABFNNYrmhOymmlfDYczrVvSUEaO0loZolhelbjfmD
-YAZSHj3INH1cQiA4NO7Q095eONnmNwIDAQABAoICAAJp7F/JwI9i6ipz0H8h1T/X
-nPHdwml0YBUX56aF7HC3Xe2MnhwfByrhEvGkW2S0J0rpNpkgt/GTuCXb0Fti+Q3g
-G/6P1ey55RKzKGt8j2J0QE/viU3dgm6U/V9FTWHMtj3FzL2KquIeaXFxv5SJ99AD
-uQh88JT0cJPvjxbx85Os3MEzSWomq/eDD5fffme+KTv4VCRklitzxKXUW6L3slfE
-HOpjXuHmWOIVg9ZoKOjUsPWNmC5G0SqXMIPRCzIjVOpHPdRFTd80VgsEao5AyKW9
-o5bFNMxCnZYQ9ZbkuiVfWU6o24dgF58ocW5LcZQQl5S03JofnhkQmhMi3vkIxnk3
-cNy5lOob4OcVH8Mlc/TmMaSOhQgp6BVee90CV+mQLvrvpNWFnv0hBsneKfQwHrWa
-Z3crGYEOKcxwemdZKhQokjoLjwuklwnEO/BOH0rkSHgCZ6z+G/KILZSjUMI8Ke4z
-T8Hlss600QfPsxjMLkj67qI+p7o9NQAsSfHydrdV2e9Lzk+3rTUSNvrMfhsZENp8
-pfbeskreu+IGxpUi1WBTU7GlqYAUMSTkv/XcrfdhZOq+tKlmBaufSHMpGDnB1QGz
-R/oSjO40rhdltmFSM+7T7U2KarOvnbW29ogaB/pgKzZsQoRHZIo3RQtglxq/mc6G
-NRNYHG8Gv5NaYApzupGJAoIBAQD07Q0SGxaVYg09llbjKT6I3zrA/5ZYMHyL0iAj
-G0ccTezl0KTDS+zVzzPQ7iqR+3L4Xj+cQJiqFYAhxMcuVtI1Y0Db6Zeua5r7ACns
-2G2lw6E6ntk+LuqJ3ySlNU5lFdQzY5OeeVWNEjvWQ5eGZt5hTdDaLfO6L9ZBlHJR
-eZ4CFvV0GnYPmvqGE/h48DnxkUDXHL/q52EaS2aD7BXLvrbSi1gLAvA5inWRgInv
-Ci9RQT7A3wywl7Gi+HeLlMJgU35/IR9LaYrJGa/LDi3SGcw3gH0d/bPsAdjF9S3B
-IFiPTwtn14OUiwsUQ6NC6mAu+U9MPT97XwBtkOGeuIQsYKPLAoIBAQDxYH1SU+C5
-h0rQpE67ZDfNzdqLh+HTxtYTgl25ZiSdN3g3CBS+TNs5lWI6yRSgko36Db2kjs/N
-ef0pNVZBx6A7VM6NGLfAh/NlkV4l9ALhgP1SbHlYTugylnRbs5bfgljae6MBsJuy
-MFKSCn7yCNP5YEXVx/Qy3X6/eiURLwpc8pbdpRTGDEsIAhttgdIV7vcYbmAT6FhN
-EubIQem9ay8Vv+zvBKxHjs9q+BD8kW9XUpzsNZoPkMOx1CizBLcbiC1zuZKsrh53
-dQD73bxlVGav2Iu9aHPaXp5B6/BGu6SxyHxWjzsz9XHO0mkIX9YD/Qtmt98K2vQR
-I5iFuYlpJjHFAoIBAAFCasvKCd6wx2KmsEGwx5qKk1HEvrArZ6iMZw/nJwF1QR+Z
-aA99B3W+AAU2BFAF2/x895TFHEPbonIKAgAyABi4LvAyjk4eTYi24oBOSJoOnHih
-snpIYXpeBGE5GfMZHqM5AtxQwWjdTCN464GMa95SOR22GMe/UTm7Gq9ikbZvCcoU
-DMFdyaYA2kk86v9cANpaUn5RvEUXWCqbfy0yCNyiTMyZskSJertJzuvEwKOJU1pI
-i1cpIIe3AV5dYHaAV2kt8WxA2a7ZC/deVkv7R/qNFZee41r2U3gJH7gbg3kRLfzV
-td6ArIjpJCDG9cGoFIlO01G+FlF56j8Xsc5MnOsCggEAWBds5VTzWQKFTWwJx94l
-d5i/P9kRk+anTmtvpTAgALizyPHMED+gan2YYffs7UVPR4koQxxTvpvcxuNOXadr
-VPv4fgodVcjIDbNl9tf9DSu0SBaKmq4BlCTQxn7eeyfpIaOps/4udHOqTt5Bwjdy
-lTqLgh/9gWrQzTTYvlK6p31pje6njDgEUiHivK56a8LQrzvpGJrdTxOs4j0b/yNV
-Bc0LvZepAFygWlu6Z1L0nZvq5VISrceZhBb3243G/edPH0MEwryxJcuv1jvwe9K3
-v0l6hl/OmE2b2FcxU787th6DMlwHsUjMhjzIVGQViVMajBxi7GVIWdDx4yv5eESW
-OQKCAQEA5OYP+oCi5mmuLHqQJzYetbq9wIg01gpQpKkQK5n2B/6A13IVxoBppd8p
-+xH3UekLrTw7TymqAYKWYORap2vD3vjcUqOJ3AxXsiXX49Ook6Q6qHlL5Ynhxuob
-pf0vvP8eRR+SGdueVfbcMHb3NjaOAoJKDlpee6bxYmDVOWWyIoQ42IaniOn9ar37
-hzxz0Xa2XsBcIc9quXtFcR/u7gGqXs+EjZPzdFirTUXywc0d3rPXDRlQvHDuedhn
-gEo51PZ0A8srnCglRqm1oV2++meng89A5O48MEjgWlvhAcD2ck4ToChEmhWoZAxR
-tJE4tKgPbG4Vctz6vNkdEkG5oAVYQQ==
------END PRIVATE KEY-----
diff --git a/.saltstack/pillar/sslcert/new_cert.sh b/.saltstack/pillar/sslcert/new_cert.sh
deleted file mode 100755
index 65d2af7aa0510812f9dce201157eef796c1130aa..0000000000000000000000000000000000000000
--- a/.saltstack/pillar/sslcert/new_cert.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/bash
-openssl req -newkey rsa:4096 -x509 -keyout key.pem -new -out cert.pem -reqexts SAN -extensions SAN -days 3650 -nodes -subj "/C=DE/ST=Niedersachsen/L=Hannover/O=Hochschule Hannover/CN=apiv2.postgrest.local" -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:apiv2.postgrest.local,DNS:icmscache.postgrest.local"))
-openssl dhparam -out dhparam.pem 2048
diff --git a/.saltstack/pillar/sslcert/postgrest.sls b/.saltstack/pillar/sslcert/postgrest.sls
deleted file mode 100644
index dde8eb4f0135da66b192a58def6cfd0b6d6fe278..0000000000000000000000000000000000000000
--- a/.saltstack/pillar/sslcert/postgrest.sls
+++ /dev/null
@@ -1,101 +0,0 @@
-sslcert:
- postgrest:
- fqdns:
- - apiv2.postgrest.local
- - icmscache.postgrest.local
- key: |
- -----BEGIN PRIVATE KEY-----
- MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDm73oZddpOSRUQ
- z2Wh8fDuAolV2H1G7YO5vEKuvjYOISDbNJFHzmcc3ezVghGWcNzk6EWjzxGs6FpI
- fOdow/7Sd4rm5aXE4mafSsoNEqNSdONLD8k2fm3onPJFBFraSgMrvatK5Z/fmLBX
- 5XmRNZLd0U1wevsaKy1cXFGo8CAAKgSCEiskSIvXRkyWpIq9ULcsT0VoinzWflsJ
- uAu1AZxjlJ9ko2r8WT0T9MJOexKuwMMsrg4nPXTA+U/6mloilGNDs8z9zrjPHrzc
- qwFfDWq0/SIpaBt0wYfqhyiuReafw7YBjnVvmfj+J9Wr3ZHxHWRE7i03BPDuslFf
- pxhBrlgz8kqc3uE1pH+Q3xUAg67a7R17AyA0IZggYcCuhcXG8uda4bZndRTDlMf0
- 9BrJ4EwgAiTSfHvAipDV9/OyZFHEh0lLf9cIqeFggtc+2LijMjGrNdlkcjfNjQnl
- k+5VWxRjVZxlIzrpQibDAGA2VzS1bNkiAcuiw0jlXogjryVn7eZ5KZz7UhMu6mor
- nwdiDLb9Ezc7JnyYhqszAmkDbbMdG4BUDwNnUhfOefzCBtNTrMy3SLOFvrBcRkBF
- oidvCogoIdKa/tIOwlmmnPtABFNNYrmhOymmlfDYczrVvSUEaO0loZolhelbjfmD
- YAZSHj3INH1cQiA4NO7Q095eONnmNwIDAQABAoICAAJp7F/JwI9i6ipz0H8h1T/X
- nPHdwml0YBUX56aF7HC3Xe2MnhwfByrhEvGkW2S0J0rpNpkgt/GTuCXb0Fti+Q3g
- G/6P1ey55RKzKGt8j2J0QE/viU3dgm6U/V9FTWHMtj3FzL2KquIeaXFxv5SJ99AD
- uQh88JT0cJPvjxbx85Os3MEzSWomq/eDD5fffme+KTv4VCRklitzxKXUW6L3slfE
- HOpjXuHmWOIVg9ZoKOjUsPWNmC5G0SqXMIPRCzIjVOpHPdRFTd80VgsEao5AyKW9
- o5bFNMxCnZYQ9ZbkuiVfWU6o24dgF58ocW5LcZQQl5S03JofnhkQmhMi3vkIxnk3
- cNy5lOob4OcVH8Mlc/TmMaSOhQgp6BVee90CV+mQLvrvpNWFnv0hBsneKfQwHrWa
- Z3crGYEOKcxwemdZKhQokjoLjwuklwnEO/BOH0rkSHgCZ6z+G/KILZSjUMI8Ke4z
- T8Hlss600QfPsxjMLkj67qI+p7o9NQAsSfHydrdV2e9Lzk+3rTUSNvrMfhsZENp8
- pfbeskreu+IGxpUi1WBTU7GlqYAUMSTkv/XcrfdhZOq+tKlmBaufSHMpGDnB1QGz
- R/oSjO40rhdltmFSM+7T7U2KarOvnbW29ogaB/pgKzZsQoRHZIo3RQtglxq/mc6G
- NRNYHG8Gv5NaYApzupGJAoIBAQD07Q0SGxaVYg09llbjKT6I3zrA/5ZYMHyL0iAj
- G0ccTezl0KTDS+zVzzPQ7iqR+3L4Xj+cQJiqFYAhxMcuVtI1Y0Db6Zeua5r7ACns
- 2G2lw6E6ntk+LuqJ3ySlNU5lFdQzY5OeeVWNEjvWQ5eGZt5hTdDaLfO6L9ZBlHJR
- eZ4CFvV0GnYPmvqGE/h48DnxkUDXHL/q52EaS2aD7BXLvrbSi1gLAvA5inWRgInv
- Ci9RQT7A3wywl7Gi+HeLlMJgU35/IR9LaYrJGa/LDi3SGcw3gH0d/bPsAdjF9S3B
- IFiPTwtn14OUiwsUQ6NC6mAu+U9MPT97XwBtkOGeuIQsYKPLAoIBAQDxYH1SU+C5
- h0rQpE67ZDfNzdqLh+HTxtYTgl25ZiSdN3g3CBS+TNs5lWI6yRSgko36Db2kjs/N
- ef0pNVZBx6A7VM6NGLfAh/NlkV4l9ALhgP1SbHlYTugylnRbs5bfgljae6MBsJuy
- MFKSCn7yCNP5YEXVx/Qy3X6/eiURLwpc8pbdpRTGDEsIAhttgdIV7vcYbmAT6FhN
- EubIQem9ay8Vv+zvBKxHjs9q+BD8kW9XUpzsNZoPkMOx1CizBLcbiC1zuZKsrh53
- dQD73bxlVGav2Iu9aHPaXp5B6/BGu6SxyHxWjzsz9XHO0mkIX9YD/Qtmt98K2vQR
- I5iFuYlpJjHFAoIBAAFCasvKCd6wx2KmsEGwx5qKk1HEvrArZ6iMZw/nJwF1QR+Z
- aA99B3W+AAU2BFAF2/x895TFHEPbonIKAgAyABi4LvAyjk4eTYi24oBOSJoOnHih
- snpIYXpeBGE5GfMZHqM5AtxQwWjdTCN464GMa95SOR22GMe/UTm7Gq9ikbZvCcoU
- DMFdyaYA2kk86v9cANpaUn5RvEUXWCqbfy0yCNyiTMyZskSJertJzuvEwKOJU1pI
- i1cpIIe3AV5dYHaAV2kt8WxA2a7ZC/deVkv7R/qNFZee41r2U3gJH7gbg3kRLfzV
- td6ArIjpJCDG9cGoFIlO01G+FlF56j8Xsc5MnOsCggEAWBds5VTzWQKFTWwJx94l
- d5i/P9kRk+anTmtvpTAgALizyPHMED+gan2YYffs7UVPR4koQxxTvpvcxuNOXadr
- VPv4fgodVcjIDbNl9tf9DSu0SBaKmq4BlCTQxn7eeyfpIaOps/4udHOqTt5Bwjdy
- lTqLgh/9gWrQzTTYvlK6p31pje6njDgEUiHivK56a8LQrzvpGJrdTxOs4j0b/yNV
- Bc0LvZepAFygWlu6Z1L0nZvq5VISrceZhBb3243G/edPH0MEwryxJcuv1jvwe9K3
- v0l6hl/OmE2b2FcxU787th6DMlwHsUjMhjzIVGQViVMajBxi7GVIWdDx4yv5eESW
- OQKCAQEA5OYP+oCi5mmuLHqQJzYetbq9wIg01gpQpKkQK5n2B/6A13IVxoBppd8p
- +xH3UekLrTw7TymqAYKWYORap2vD3vjcUqOJ3AxXsiXX49Ook6Q6qHlL5Ynhxuob
- pf0vvP8eRR+SGdueVfbcMHb3NjaOAoJKDlpee6bxYmDVOWWyIoQ42IaniOn9ar37
- hzxz0Xa2XsBcIc9quXtFcR/u7gGqXs+EjZPzdFirTUXywc0d3rPXDRlQvHDuedhn
- gEo51PZ0A8srnCglRqm1oV2++meng89A5O48MEjgWlvhAcD2ck4ToChEmhWoZAxR
- tJE4tKgPbG4Vctz6vNkdEkG5oAVYQQ==
- -----END PRIVATE KEY-----
- pem: |
- -----BEGIN CERTIFICATE-----
- MIIFuTCCA6GgAwIBAgIUcUudURLszmTKTnF9Q3W009BYOsQwDQYJKoZIhvcNAQEL
- BQAwdjELMAkGA1UEBhMCREUxFjAUBgNVBAgMDU5pZWRlcnNhY2hzZW4xETAPBgNV
- BAcMCEhhbm5vdmVyMRwwGgYDVQQKDBNIb2Noc2NodWxlIEhhbm5vdmVyMR4wHAYD
- VQQDDBVhcGl2Mi5wb3N0Z3Jlc3QubG9jYWwwHhcNMTkwNDA4MDkzNDMzWhcNMjkw
- NDA1MDkzNDMzWjB2MQswCQYDVQQGEwJERTEWMBQGA1UECAwNTmllZGVyc2FjaHNl
- bjERMA8GA1UEBwwISGFubm92ZXIxHDAaBgNVBAoME0hvY2hzY2h1bGUgSGFubm92
- ZXIxHjAcBgNVBAMMFWFwaXYyLnBvc3RncmVzdC5sb2NhbDCCAiIwDQYJKoZIhvcN
- AQEBBQADggIPADCCAgoCggIBAObvehl12k5JFRDPZaHx8O4CiVXYfUbtg7m8Qq6+
- Ng4hINs0kUfOZxzd7NWCEZZw3OToRaPPEazoWkh852jD/tJ3iublpcTiZp9Kyg0S
- o1J040sPyTZ+beic8kUEWtpKAyu9q0rln9+YsFfleZE1kt3RTXB6+xorLVxcUajw
- IAAqBIISKyRIi9dGTJakir1QtyxPRWiKfNZ+Wwm4C7UBnGOUn2SjavxZPRP0wk57
- Eq7AwyyuDic9dMD5T/qaWiKUY0OzzP3OuM8evNyrAV8NarT9IiloG3TBh+qHKK5F
- 5p/DtgGOdW+Z+P4n1avdkfEdZETuLTcE8O6yUV+nGEGuWDPySpze4TWkf5DfFQCD
- rtrtHXsDIDQhmCBhwK6Fxcby51rhtmd1FMOUx/T0GsngTCACJNJ8e8CKkNX387Jk
- UcSHSUt/1wip4WCC1z7YuKMyMas12WRyN82NCeWT7lVbFGNVnGUjOulCJsMAYDZX
- NLVs2SIBy6LDSOVeiCOvJWft5nkpnPtSEy7qaiufB2IMtv0TNzsmfJiGqzMCaQNt
- sx0bgFQPA2dSF855/MIG01OszLdIs4W+sFxGQEWiJ28KiCgh0pr+0g7CWaac+0AE
- U01iuaE7KaaV8NhzOtW9JQRo7SWhmiWF6VuN+YNgBlIePcg0fVxCIDg07tDT3l44
- 2eY3AgMBAAGjPzA9MDsGA1UdEQQ0MDKCFWFwaXYyLnBvc3RncmVzdC5sb2NhbIIZ
- aWNtc2NhY2hlLnBvc3RncmVzdC5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEApOJ4
- o0YwOvR534c9EvAKN4tiXgQKEmyjmdfS0741JH0t3gAhrEX6KVAX7Vf99x6CZcS1
- x+czf1my3EIZpwQolBEpf73Xtjppn1Y5GlEVb3S15pIW8Pglj262p3XtpzSlfq8v
- mcYiC9JOaruseSIKc8xKuTmwgU8n6rQTKfMvg3wetTlgGji/GeD40+paGDSqtikP
- E+pve0cgcQqDA3cYwT9LNvN2BGhi4KU9O0poSJYMqXR4ErzI+ZAxj82vkcsxmDba
- T1tjvrmUscZ2LX2dIrgs/jbRSugQiPUmuhE0s4TJfLtJCPOnvPzDmiCf47oiOz+G
- R6FJo/yDZr0tdS5RNoFZsngS/N6rbPkooQrfPfHVnlRHR3foUR2bJQp2PKxqqtLQ
- ENjbdeLDQCqMDo0BMXvZvgGek4vA+W21FteqskTnOKU+Yv3sUTJVKHmxtTXciz6a
- nmKCOYtTB+kHbNyz+ovGUZ/oRK4t8xwgpKL6c09OX7k/pvnb8VnYeUDLE1wfW+n4
- 2o3fk+oiPkFU79g5u748ZGDE2U3Pl460hsAfV31QjERbSHr7DwVF7dpnE9jH+tu+
- /FWMLpovASWCdh9tDoR9XzonmF72E+gKcYww2M1GSGQQm/4oJYmNIlAZd8lEB4Wh
- Gz30Lx+MReUNuzvChwap0oSq0axECnEsVPvRYUs=
- -----END CERTIFICATE-----
- dhparam: |
- -----BEGIN DH PARAMETERS-----
- MIIBCAKCAQEA9b8X8Plp+vLeVpQf8Nz2u9+lt8eF6BYj517XzJX8MsgPI1XU7dA4
- j75yitn1kd3R8q/PyTQgmbRdh54EfNEfiCnbY/2X+0c4L1rZqXx+GeUdAAXgjuye
- LjA/zd0RprK6TOpIOYQ7MO4P35T8Ora8jDXvf/Q386vCRQ5fiuVR5+nH9R4KBi7H
- iqM9N5dyhRNJIZZMeQ0T+zmeywazeicYszKunJqjQ0jZ1D+J1UUTHjH6/Lp1lVqA
- kJHCWa7GkBOfROmYFjeJ3v5Hfjkry/uXtvVoVfFIUGA4dPoCBRLzfNAGMhPzx0Gr
- kaW8ir0Mykld8mdgoCThKuHPhUnJ3wWamwIBAg==
- -----END DH PARAMETERS-----
diff --git a/.saltstack/pillar/top.sls b/.saltstack/pillar/top.sls
deleted file mode 100644
index 0d06fcbf2268355b5f9e82edc9aae1d8c146aa27..0000000000000000000000000000000000000000
--- a/.saltstack/pillar/top.sls
+++ /dev/null
@@ -1,4 +0,0 @@
-base:
- postgrest*:
- - sslcert.postgrest
- - postgrest
diff --git a/.saltstack/salt/postgrest b/.saltstack/salt/postgrest
deleted file mode 120000
index 80c3ce9694b7813db6ae0e4cee1c30591b0a0637..0000000000000000000000000000000000000000
--- a/.saltstack/salt/postgrest
+++ /dev/null
@@ -1 +0,0 @@
-../../postgrest
\ No newline at end of file
diff --git a/.saltstack/salt/sslcert.sls b/.saltstack/salt/sslcert.sls
deleted file mode 100644
index adfa0fde1830f01e91889a9cc8ab9c80392bbbb8..0000000000000000000000000000000000000000
--- a/.saltstack/salt/sslcert.sls
+++ /dev/null
@@ -1,59 +0,0 @@
-{% if salt['pillar.get']('sslcert') %}
-
-sslcert_create_dir:
- file.directory:
- - name: /root/certs/
- - user: root
- - group: root
-
-{% for app_name, cert in salt['pillar.get']('sslcert').iteritems() %}
-
-sslcert_{{ app_name }}_pem:
- file.managed:
- - name: /root/certs/{{ app_name }}.pem
- - user: root
- - group: root
- - mode: 600
- - show_diff: False
- - contents_pillar: sslcert:{{ app_name }}:pem
- - requires:
- - file: sslcert_create_dir
-
-sslcert_{{ app_name }}_key:
- file.managed:
- - name: /root/certs/{{ app_name }}.key
- - user: root
- - group: root
- - mode: 600
- - show_diff: False
- - contents_pillar: sslcert:{{ app_name }}:key
- - requires:
- - file: sslcert_create_dir
-
-{% if cert.dhparam is defined %}
-sslcert_{{ app_name }}_dhparam:
- file.managed:
- - name: /root/certs/{{ app_name }}.dhparam.pem
- - user: root
- - group: root
- - mode: 600
- - show_diff: False
- - contents_pillar: sslcert:{{ app_name }}:dhparam
- - requires:
- - file: sslcert_create_dir
-{% endif %}
-
-{% if cert.client_ca is defined %}
-ssl_cert_{{ app_name }}_client_ca:
- file.managed:
- - name: /root/certs/{{ app_name }}.client_ca.pem
- - user: root
- - group: root
- - mode: 600
- - show_diff: False
- - contents_pillar: sslcert:{{ app_name }}:client_ca
- - requires:
- - file: sslcert_create_dir
-{% endif %}
-{% endfor %}
-{% endif %}
diff --git a/.saltstack/salt/top.sls b/.saltstack/salt/top.sls
deleted file mode 100644
index 079c7595a9d93dda4965de2480cdd51fd8f1962e..0000000000000000000000000000000000000000
--- a/.saltstack/salt/top.sls
+++ /dev/null
@@ -1,4 +0,0 @@
-base:
- 'postgrest*':
- - postgrest
- - sslcert
diff --git a/README.md b/README.md
index ce8ed22f61c2ce86a63a9bd545dbd951c72f2c0e..396e19f6f2d977196c51d117478ac2fb3f92d596 100644
--- a/README.md
+++ b/README.md
@@ -4,13 +4,13 @@ The postgrest-formula is used to deploy postgREST instances.
Have a look at the pillar.example (which is used for testing as well) to get an idea of how it works.
-**/srv/pillar/postgrest/your\_instance.sls:**
+**/srv/pillar/postgrest/your_instance.sls:**
```yaml
postgrest:
your_instance:
tag: v5.2.0
- hash: '5f564d1c6dfad2fd25d5394c2cae42ebe0d736342eba25742cd45d2cbf61cf38'
+ hash: "5f564d1c6dfad2fd25d5394c2cae42ebe0d736342eba25742cd45d2cbf61cf38"
config:
db-uri: "postgres://api_v2_authenticator@127.0.0.1/api_db"
db-schema: "api_v2"
@@ -23,7 +23,7 @@ postgrest:
```yaml
base:
- 'your_instance*':
+ "your_instance*":
- postgrest.your_instance
```
@@ -40,6 +40,7 @@ base:
`config`: This is postgREST specific configuration as explained [here](http://postgrest.org/en/stable/install.html#configuration)
#### How do I know the `jwt-secret` though?
+
You don't. You generate it: `pwgen -sn 32`
## Development
@@ -76,8 +77,4 @@ You can access your PostgREST instances at:
### nginx
-This formula is capable of installing and configuring nginx.
-Therefore you need to have an `nginx` block below your instance configuration as
-you can see in `pillar.example`.
-If you omit this block the formula does not care about nginx.
-This is useful, if you want to use the nginx formula.
+Use the nginx-formula to get an TLS terminating reverse proxy in front.
diff --git a/Vagrantfile b/Vagrantfile
deleted file mode 100644
index fcf48651a629e0c588f8b066df6b5707257ae94e..0000000000000000000000000000000000000000
--- a/Vagrantfile
+++ /dev/null
@@ -1,40 +0,0 @@
-# -*- mode: ruby -*-
-# vi: set ft=ruby :
-
-Vagrant.configure("2") do |config|
- # salt master
- config.vm.define "saltmaster" do |saltmaster_cfg|
- saltmaster_cfg.vm.box = "debian/jessie64"
-
- saltmaster_cfg.vm.synced_folder ".saltstack/salt/", "/srv/salt", type: "rsync"
- saltmaster_cfg.vm.synced_folder ".saltstack/pillar/", "/srv/pillar", type: "rsync"
-
- saltmaster_cfg.vm.hostname = "saltmaster"
- saltmaster_cfg.vm.network "private_network", ip: "10.0.0.5"
- saltmaster_cfg.vm.provision :salt do |salt|
- salt.install_master = true
- salt.no_minion = true
- salt.master_config = ".saltstack/master"
- end
- end
-
- # postgrest test minion
- (1..2).each do |i|
- config.vm.define "postgrest-0#{i}" do |postgrest|
- postgrest.vm.box = "debian/jessie64"
- postgrest.vm.hostname = "postgrest-0#{i}"
- postgrest.vm.network "forwarded_port", guest: 80, host: "800#{i}".to_i, host_ip:"127.0.0.1"
- postgrest.vm.network "forwarded_port", guest: 443, host: "443#{i}".to_i, host_ip:"127.0.0.1"
- postgrest.vm.network "private_network", type: "dhcp"
- postgrest.vm.provision :salt do |salt|
- salt.install_master = false
- salt.minion_config = ".saltstack/minion"
- salt.run_highstate = false
- end
- # Ensure these states are run in the correct order, highstating does not work here
- postgrest.vm.provision "shell", inline: "salt-call state.sls sslcert,postgrest"
- postgrest.vm.provision "shell", inline: "systemctl start api_v2-postgrest.service"
- postgrest.vm.provision "shell", inline: "systemctl start icmscache-postgrest.service"
- end
- end
-end
diff --git a/pillar.example b/pillar.example
index 029ca4b9079501781afe6a599f668cd1d65d4a31..252151129bf38f661b58e355284c8a6fb43b9d71 100644
--- a/pillar.example
+++ b/pillar.example
@@ -9,14 +9,6 @@ postgrest:
jwt-secret: "aimi6fiep2ohPahqu6Jithahphai1aJe"
db-anon-role: "api_v2_anonymous"
- nginx:
- ssl_cert_name: postgrest
- http: false
- https: true
- redirect_to_https: true
- fqdn: apiv2.postgrest.local
-
-
icmscache:
tag: v5.2.0
hash: '5f564d1c6dfad2fd25d5394c2cae42ebe0d736342eba25742cd45d2cbf61cf38'
@@ -26,10 +18,3 @@ postgrest:
jwt-secret: "aimi6fiep2ohPahqu6Jithahphai1aJe"
db-anon-role: "icmscache_anonymous"
server-port: 3001
-
- nginx:
- ssl_cert_name: postgrest
- http: false
- https: true
- redirect_to_https: true
- fqdn: icmscache.postgrest.local
diff --git a/postgrest/init.sls b/postgrest/init.sls
index 5af9fa9985e2dd94bb3e6f0b6e9335f9f72fcd6d..a7577b4dea9e217a0b9ab879b1f6354d770bf2e2 100644
--- a/postgrest/init.sls
+++ b/postgrest/init.sls
@@ -1,4 +1,3 @@
include:
- postgrest.common
- - postgrest.nginx
- postgrest.postgrest
diff --git a/postgrest/nginx.sls b/postgrest/nginx.sls
deleted file mode 100644
index a03710362e35c50a8fb659abdb003ee134da07bc..0000000000000000000000000000000000000000
--- a/postgrest/nginx.sls
+++ /dev/null
@@ -1,36 +0,0 @@
-{% for instance_name, instance_conf in salt['pillar.get']("postgrest:instances").items() %}
-{% if instance_conf.nginx is defined %}
-
-postgrest_nginx_package:
- pkg.installed:
- - pkgs:
- - nginx
-
-postgrest_{{ instance_name }}_nginx_conf:
- file.managed:
- - name: /etc/nginx/sites-available/{{ instance_name }}.conf
- - source: salt://postgrest/tpl/nginx.conf
- - template: jinja
- - context:
- nginx_conf: {{ instance_conf.nginx }}
- postgrest_port: {{ instance_conf.config.get('server-port', '3000') }}
- instance_name: {{ instance_name }}
- - mode: 644
- - user: root
- - group: root
- - require:
- - pkg: postgrest_packages
-
-postgrest_{{ instance_name }}_nginx_enable:
- file.symlink:
- - name: /etc/nginx/sites-enabled/{{ instance_name }}.conf
- - target: /etc/nginx/sites-available/{{ instance_name }}.conf
-
-postgrest_{{ instance_name }}_nginx_running:
- service.running:
- - name: nginx
- - reload: True
- - watch:
- - file: /etc/nginx/sites-enabled/*
-{% endif %}
-{% endfor %}
diff --git a/postgrest/tpl/nginx.conf b/postgrest/tpl/nginx.conf
deleted file mode 100644
index e7e8acc310367447b0c415283d4b1e7e6d4de896..0000000000000000000000000000000000000000
--- a/postgrest/tpl/nginx.conf
+++ /dev/null
@@ -1,97 +0,0 @@
-# This file is written by salt. Don't even think about it.
-upstream postgrest_{{ instance_name }} {
- server 127.0.0.1:{{ postgrest_port }};
- keepalive 64;
-}
-
-{% if nginx_conf.http or nginx_conf.redirect_to_https %}
-server {
- listen {{ nginx_conf.get('http_port', '80') }};
- server_name {{ nginx_conf.fqdn }};
- {% if nginx_conf.redirect_to_https %}
- return 301 https://$server_name$request_uri;
- {% elif nginx_conf.http %}
- location / {
- default_type application/json;
- proxy_hide_header Content-Location;
- add_header Content-Location /$upstream_http_content_location;
- proxy_pass http://postgrest_{{ instance_name }};
- proxy_set_header X-Real-IP $remote_addr;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- }
- {% endif %}
-}
-{% endif %}
-
-{% if nginx_conf.https %}
-server {
- server_name {{ nginx_conf.fqdn }};
- listen {{ nginx_conf.get('https_port', '443') }};
-
- ssl_session_cache shared:SSL:50m;
- ssl_session_timeout 5m;
-
- ssl on;
- ssl_certificate /etc/hsh-certs/{{ nginx_conf.get('ssl_cert_name', instance_name) }}.fullchain.pem;
- ssl_certificate_key /etc/hsh-certs/{{ nginx_conf.get('ssl_cert_name', instance_name) }}.key;
-
- # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
- ssl_dhparam /etc/hsh-certs/{{ nginx_conf.get('ssl_cert_name', instance_name) }}.dhparam.pem;
- {% if nginx_conf.client_ca is defined %}
- ssl_verify_client on;
- ssl_client_certificate /etc/hsh-certs/{{ nginx_conf.get('ssl_cert_name'), instance_name }}
- {% endif %}
-
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_prefer_server_ciphers on;
- ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
-
- # don't send the nginx version number in error pages and Server header
- server_tokens off;
- # config to don't allow the browser to render the page inside an frame or iframe
- # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
- # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
- # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
- add_header X-Frame-Options SAMEORIGIN;
-
- # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
- # to disable content-type sniffing on some browsers.
- # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
- # currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
- # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
- # 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020
- add_header X-Content-Type-Options nosniff;
-
- # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
- # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for
- # this particular website if it was disabled by the user.
- # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
- add_header X-XSS-Protection "1; mode=block";
-
- # be as restrictive as possible
- add_header Content_Security_Policy "default-src 'none'";
-
- # config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
- # to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping
- add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
-
- location / {
- default_type application/json;
- proxy_hide_header Content-Location;
- add_header Content-Location /$upstream_http_content_location;
- proxy_pass http://postgrest_{{ instance_name }};
- proxy_set_header X-Real-IP $remote_addr;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- }
-}
-{% endif %}