README.md

 # Warpzone Infrastruktur Konfiguration
 
 Die Infrastruktur der Warpzone wird nach und nach durch das Konfigurationstool Ansible aufgebaut.
-Diese Konfiguration wird von den verschiedenen Teams gemeinschaftlich genutzt und soll als zentrale Dokumentation dienen.
-
+Diese Konfiguration soll als zentrale Dokumentation dienen.
 
 ## Aktueller Status
 
-Aktuell ist nur der neue Websserver in der Konfiguration erfasst.
-Weitere Dienste (wie z.B. der bestehende Webserver und die interne Infrastruktur) sind noch nicht abgebildet.
+Alle Server sind erfasst
 
 ## Vorraussetzungen
 Installiertes ansible
@@ -22,7 +20,7 @@ ansible-galaxy collection install community.docker
 
 Ausführen von Rollen per
 ```
-ansible-playbook  site.yml -l webserver -t hackmd
+ansible-playbook -i hosts.yml site.yml -l webserver -t hackmd
 ```
 
 mit -l wird der hosts eingeschränkt mit -t der tag bzw die Rolle, alle tags stehen in der site.yml

ansible.cfg

 [defaults]
 # some default values for ansible
-inventory = hosts
+inventory = hosts.yml
 interpreter_python = /usr/bin/python3

common/docker_traefik/tasks/main.yml

 
-- include: ../functions/get_secret.yml
+- include_tasks: ../functions/get_secret.yml
   with_items:
     - { path: "{{ basedir }}/letsencrypt_notification_email",  length: -1 }
   when: selfSignedCN is not defined 

common/docker_traefik/templates/docker-compose.yml

@@ -3,7 +3,7 @@ version: '2.4'
 services:
 
     app:
-        image: traefik:v3.0
+        image: traefik:v3.0.0-beta3
         restart: always
         ports:
             - "80:80"

common/wireguard/tasks/main.yml

@@ -53,6 +53,11 @@
   ansible.builtin.systemd:
     daemon_reload: true
 
+- name: "Stop systemd service for wg0"
+  ansible.builtin.systemd:
+    name: "wg-quick@wg0"
+    state: stopped
+
 - name: "Start systemd service for wg0"
   ansible.builtin.systemd:
     name: "wg-quick@wg0"

common/wireguard/templates/webserver.conf

+[Interface]
+PrivateKey = {{ privatekey }}
+Address = 10.43.1.1 
+ListenPort = 51821
+
+[Peer]
+PublicKey = 9FLaGBXWjInPv4PFRuAJPPrPWruzocVrXg9lsmwGdX4=
+AllowedIPs = 10.43.1.2, 192.168.0.0/24, 10.0.0.0/22

group_vars/prod

@@ -32,40 +32,40 @@ global_domains:
 # Globale Mail konfiguration 
 mail_domains:
   warpzonems:
-    maildomain: warpzone.ms 
-    mxserver: mailserver.warpzone.ms
-    mxhostname: webserver
-    spf: "v=spf1 mx a:{{ mail_domains.warpzonems.mxserver }} ip4:{{ hostvars['webserver'].ext_ip4 }} ip6:{{ hostvars['webserver'].ext_ip6 }} -all"
+    maildomain: "warpzone.ms" 
+    mxserver: "mailserver.warpzone.ms"
+    mxhostname: "webserver"
+    spf: "v=spf1 mx a:mailserver.warpzone.ms ip4:{{ hostvars['webserver'].ext_ip4 }} ip6:{{ hostvars['webserver'].ext_ip6 }} -all"
     dmarc: "v=DMARC1; p=none;"
     dkim:
       - { selector: "dkim", value: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNnNZElbWq9EonFULbr8vWWykKmZEylRwjo4lYx/lXsGDFWBuNh2s6gFF10OuHWtavokjvh/7sFidNaRYQkn3uwHmylBWFn7Jr2lPWY8PBEoIeAZZx5qHaDWxJVgzE7maFyXAswDGXcR/DRTn2xR6osNXOovjGeYXq/atR/45iwfgkhqAaXaV1uP/K9y\" \"y2sZ2dRtGEwCKsWbP26cOZ6MUcADszgUTEp59iKey79m0uwi0IpA8WjEKVwbMcf/6fBw1ejIEjVUX+bami2fQ6RPl4uEyloco4paV3w/vww2hh4VchCFLYAEKMkZOZs/eTDGsjaMguwHbPeVJjkpX2T6WQIDAQAB" }
   member_warpzonems:
-    maildomain: "member.{{ mail_domains.warpzonems.maildomain }}" 
-    mxserver: "{{ mail_domains.warpzonems.mxserver }}"
-    mxhostname: "{{ mail_domains.warpzonems.mxhostname }}"
-    spf: "{{ mail_domains.warpzonems.spf }}"
+    maildomain: "member.warpzone.ms" 
+    mxserver: "mailserver.warpzone.ms"
+    mxhostname: "webserver"
+    spf: "v=spf1 mx a:mailserver.warpzone.ms ip4:{{ hostvars['webserver'].ext_ip4 }} ip6:{{ hostvars['webserver'].ext_ip6 }} -all"
     dkim:
       - { selector: "dkim", value: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu334a+uJ5b7D8UTz3Up6A8EjZhEnXaIpiIcKAGPXXD2ZBGmkWfUNcwDcfMoDErH6ntXzf0uH2VMvaajB/wdKLyly1irDKoyjLA3hJb5wnF9Gh0anL1qxY6UA189vWsw+2JlZJWyQ3IcaQ720SM3OrrK4AL3gRItieSEQ+23m5aW0P6sgUuMXTmmKLbd4\" \"DzZ14Emw293TD2p4gJtgxW/6EfIfcUU+/jP1NNm9gksyzynH1pJXPwVruo9u4QujEQiPqtVsVtrtUm1kbnW+pexj3eKOLLEHGZ+p5AZ/jtALk9pJfNumm/XHFK5PTZDBIipXOYvuG8RdwsaCQRezGKy04QIDAQAB" }
   lists_warpzonems:
-    maildomain: "lists.{{ mail_domains.warpzonems.maildomain }}" 
-    mxserver: "{{ mail_domains.warpzonems.mxserver }}"
-    mxhostname: "{{ mail_domains.warpzonems.mxhostname }}"
-    spf: "{{ mail_domains.warpzonems.spf }}"
+    maildomain: "lists.warpzone.ms" 
+    mxserver: "mailserver.warpzone.ms"
+    mxhostname: "webserver"
+    spf: "v=spf1 mx a:mailserver.warpzone.ms ip4:{{ hostvars['webserver'].ext_ip4 }} ip6:{{ hostvars['webserver'].ext_ip6 }} -all"
     dkim:
       - { selector: "dkim", value: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoO7SXkUkM17Y1Vi/cvO48IJmlReGWSaYHY+wEldLHt80TiXP0AGZ8nG+DshXi1J2D5xjn8cJu4VqgDrLFnsRJyGYKmi7yVukANVg6gjYlET4y5+UU7Vk2W3xhN2U/8F0rcyynALzQa8i4Y/wEI0qkgHyE6+lITmglJvlj6tgp4YYK2TBH3Zo//PukOmU\" \"6gG/qu0+6p+CepvqzfGT2l1duov5a2+DJJzlJTULJ5D5Blsmg/0GeC81gZ4QDC3S8aaM5Pw3I3lQCSJT4Q4Ge6Ues4ccagNrdnZhtHNaVFGdL1mR1k+G784gpMZphPj5MylNEpA3V4bD7/Ygf4GuAvHdMwIDAQAB" }
 #  chaostreffmuensterde:
 #    maildomain: chaostreff-muenster.de 
-#    mxserver: "{{ mail_domains.warpzonems.mxserver }}"
-#    mxhostname: "{{ mail_domains.warpzonems.mxhostname }}"
-#    spf: "{{ mail_domains.warpzonems.spf }}"
+#    mxserver: "mailserver.warpzone.ms"
+#    mxhostname: "webserver"
+#    spf: "v=spf1 mx a:mailserver.warpzone.ms ip4:{{ hostvars['webserver'].ext_ip4 }} ip6:{{ hostvars['webserver'].ext_ip6 }} -all"
 #    dmarc: v=DMARC1; p=none;
 #    dkim:
 #      - { selector: "dkim", value: "v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/OBnxYygjhKeZVyvhDAO1/O1XwyYEhQx3bW/rO/Wmp8ZzP/eQh3dljDEibj1KsfdUhfgTIU8CnTKLayb8B07MMzhBklpg8WUV2LrDmpndfhixizjaxzwBj/dhtiZE7e4BwhOPOmdBQ0cCIvNhMcQcCa1RgCpX/g5Ii0AtQ2zCPMTSOW5YWn+VY" }
 #  lists_chaostreffmuensterde:
-#    maildomain: "lists.{{ mail_domains.chaostreffmuensterde.maildomain }}"
-#    mxserver: "{{ mail_domains.chaostreffmuensterde.mxserver }}"
-#    mxhostname: "{{ mail_domains.chaostreffmuensterde.mxhostname }}"
-#    spf: "{{ mail_domains.chaostreffmuensterde.spf }}"
+#    maildomain: "lists.chaostreff-muenster.de"
+#    mxserver: "mailserver.warpzone.ms"
+#    mxhostname: "webserver"
+#    spf: "v=spf1 mx a:mailserver.warpzone.ms ip4:{{ hostvars['webserver'].ext_ip4 }} ip6:{{ hostvars['webserver'].ext_ip6 }} -all"
 #    dmarc: v=DMARC1; p=none;
 
 
@@ -114,8 +114,9 @@ esphome_devices:
   - { id: "status",        name: "Status/Strom",  groups: "gHauptraum",     sensors: [ "stromverbrauch", "warpzone_status" ] }
   - { id: "vortragsraum",  name: "Vortragsraum",  groups: "gVortragsraum",  sensors: [ "Temp", "pressure", "humidity" ] }
 
-#Global Homematic configuration 
-homematic:
-  ccu2_host: 192.168.0.15
+# Global eQ3 Max configuration 
+eq3max:
+  cube_host: 192.168.0.15
   devices_heizung:
-    - { name: "HeizungKlo", id: "OEQ0663079" }
+    - { name: "E-Werkstatt-Mitte", id: "MEQ1814738" }
+#    - { name: "HeizungKlo", id: "OEQ0663079" }

host_vars/carrot

@@ -6,9 +6,9 @@ motd_lines:
   - "Haupt-IP @ eth0: {{ansible_eth0.ipv4.address}}"
 
 debian_sources:
-  - "deb http://ftp2.de.debian.org/debian/ bullseye main contrib non-free"
-  - "deb http://ftp.debian.org/debian bullseye-updates main contrib non-free"
-  - "deb http://security.debian.org/ bullseye-security main contrib non-free"
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free"
 
 debian_keys_id:
 

host_vars/hex

@@ -6,15 +6,15 @@ motd_lines:
   - "IPs: {{ansible_vmbr0.ipv4.address}}"
 
 debian_sources: 
-  - "deb http://deb.debian.org/debian/ bullseye main non-free contrib"
-  - "deb http://security.debian.org/debian-security bullseye-security main contrib non-free"
-  - "deb http://deb.debian.org/debian/ bullseye-updates main contrib non-free"
-  - "deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription"
+  - "deb http://deb.debian.org/debian/ bookworm main non-free contrib"
+  - "deb http://security.debian.org/debian-security bookworm-security main contrib non-free"
+  - "deb http://deb.debian.org/debian/ bookworm-updates main contrib non-free"
+  - "deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription"
 
 debian_keys_id:
 
 debian_keys_url:
-  - "https://enterprise.proxmox.com/debian/proxmox-release-bullseye.gpg"
+  - "https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg"
 
 
 # Art des Hosts: physical, vm, docker 

host_vars/hix

@@ -6,10 +6,10 @@ motd_lines:
   - "Haupt-IP @ eth0: {{ansible_eth0.ipv4.address}}"
 
 debian_sources:
-  - "deb http://ftp2.de.debian.org/debian/ bullseye main contrib non-free"
-  - "deb http://ftp.debian.org/debian bullseye-updates main contrib non-free"
-  - "deb http://security.debian.org/ bullseye-security main contrib non-free"
-  - "deb https://download.docker.com/linux/debian bullseye stable"
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free"
+  - "deb https://download.docker.com/linux/debian bookworm stable"
 
 debian_keys_id:
 

host_vars/ogg

@@ -6,10 +6,10 @@ motd_lines:
   - "Haupt-IP @ eth0: {{ansible_eth0.ipv4.address}}"
 
 debian_sources:
-  - "deb http://ftp2.de.debian.org/debian/ bullseye main contrib non-free"
-  - "deb http://ftp.debian.org/debian bullseye-updates main contrib non-free"
-  - "deb http://security.debian.org/ bullseye-security main contrib non-free"
-  - "deb https://download.docker.com/linux/debian bullseye stable"
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free"
+  - "deb https://download.docker.com/linux/debian bookworm stable"
 
 debian_keys_id:
 
@@ -57,15 +57,9 @@ alert:
     - { name: "esphome-dev_app_1" }    
     - { name: "fridgeserver_app_1" }    
     - { name: "grafana_app_1" }    
-    - { name: "graylog_graylog_1" }    
-    - { name: "graylog_mongodb_1" }    
-    - { name: "graylog_opensearch_1" }    
     - { name: "heimdall_app_1" }    
     - { name: "homeassistant_app_1" }    
     - { name: "homeassistant_influxdb_1" }    
-    - { name: "homematic_app_1" }    
-    - { name: "homematic_influxdb_1" }    
-    - { name: "homematic_telegraf_1" }    
     - { name: "mqtt_app_1" } 
     - { name: "mqtt_influxdb_1" } 
     - { name: "mqtt_tgbinary_1" } 

host_vars/tiffany

@@ -6,15 +6,15 @@ motd_lines:
   - "Öffentliche IPs: {{ansible_enp35s0.ipv4.address}} / {{ansible_enp35s0.ipv6[0].address}}"
 
 debian_sources: 
-  - "deb http://ftp2.de.debian.org/debian/ bullseye main contrib non-free"
-  - "deb http://ftp.debian.org/debian bullseye-updates main contrib non-free"
-  - "deb http://security.debian.org/ bullseye-security main contrib non-free"
-  - "deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription"
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free"
+  - "deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription"
 
 debian_keys_id:
 
 debian_keys_url:
-  - "http://download.proxmox.com/debian/proxmox-release-bullseye.gpg"
+  - "http://download.proxmox.com/debian/proxmox-release-bookworm.gpg"
 
 
 # Art des Hosts: physical, vm, docker 

host_vars/verwaltung

@@ -6,10 +6,10 @@ motd_lines:
   - "Öffentliche IPs: {{ansible_ens18.ipv4.address}} / {{ansible_ens18.ipv6[0].address}}"
 
 debian_sources: 
-  - "deb http://ftp2.de.debian.org/debian/ bullseye main contrib non-free"
-  - "deb http://ftp.debian.org/debian bullseye-updates main contrib non-free"
-  - "deb http://security.debian.org/ bullseye-security main contrib non-free"
-  - "deb https://download.docker.com/linux/debian bullseye stable"
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free"
+  - "deb https://download.docker.com/linux/debian bookworm stable"
 
 debian_keys_id:
   

host_vars/weatherwax

@@ -6,15 +6,15 @@ motd_lines:
   - "IPs: {{ansible_bond0.ipv4.address}}"
 
 debian_sources: 
-  - "deb http://deb.debian.org/debian/ bullseye main non-free contrib"
-  - "deb http://security.debian.org/debian-security bullseye-security main contrib non-free"
-  - "deb http://deb.debian.org/debian/ bullseye-updates main contrib non-free"
-  - "deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription"
+  - "deb http://deb.debian.org/debian/ bookworm main non-free contrib"
+  - "deb http://security.debian.org/debian-security bookworm-security main contrib non-free"
+  - "deb http://deb.debian.org/debian/ bookworm-updates main contrib non-free"
+  - "deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription"
 
 debian_keys_id:
 
 debian_keys_url:
-  - "https://enterprise.proxmox.com/debian/proxmox-release-bullseye.gpg"
+  - "https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg"
 
 
 # Art des Hosts: physical, vm, docker 

host_vars/webserver

@@ -6,10 +6,10 @@ motd_lines:
   - "Öffentliche IPs: {{ansible_ens18.ipv4.address}} / {{ansible_ens18.ipv6[0].address}}"
 
 debian_sources: 
-  - "deb http://ftp2.de.debian.org/debian/ bullseye main contrib non-free"
-  - "deb http://ftp.debian.org/debian bullseye-updates main contrib non-free"
-  - "deb http://security.debian.org/ bullseye-security main contrib non-free"
-  - "deb https://download.docker.com/linux/debian bullseye stable"
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free"
+  - "deb https://download.docker.com/linux/debian bookworm stable"
 
 debian_keys_id:
 
@@ -103,6 +103,7 @@ alert:
     - { name: "mail_mailman-nginx_1" }
     - { name: "matrix_ma1sd_1" }
     - { name: "matrix_db_1" }
+    - { name: "matrix_purgemediacache_1" }
     - { name: "matrix_synapse_1" }
     - { name: "matterbridge_cw_1" }
     - { name: "matterbridge_wz_1" }
@@ -120,7 +121,7 @@ alert:
     - { name: "workadventure_redis_1" }
   disks: 
     - { mountpoint: "/", warn: "5 GB", crit: "1 GB" }
-    - { mountpoint: "/srv", warn: "1 GB", crit: "500 MB" }
+    - { mountpoint: "/srv", warn: "5 GB", crit: "1 GB" }
   
 
 # Definition von Borgbackup Repositories 

hosts

-
-# Nameskonvention für Server: Pratchett Name/Charaktere
-# Namensliste: https://wiki.lspace.org/List_of_Pratchett_characters
-# Nächste freie Namen: vimes, cake, colon, detritus, dibbler, dorfl, gaspode, quirm, cherry, nobby, ramkin, ron, shoe, slant, angua, vetinary, bursar, coin, dean, worblehat, luggage. mustrum, rincewind, wrangler, stibbons, whitlow  
-
-[test]
-
-[prod]
-
-# Interner Proxmox-Server
-# Für Verbindungen über den Webserver als Jumphost folgende Parameter ergänzen: 
-# ansible_ssh_common_args='-o ForwardAgent=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ProxyCommand="ssh -W %h:%p -q 159.69.57.51"'
-weatherwax   ansible_ssh_host=192.168.0.200
-
-# Server für interne Dienste
-# Container auf dem internen Proxmox Server 
-# Wichtige Optionen: Nesting = Yes, keyctl = enabled
-ogg          ansible_ssh_host=192.168.0.201
-
-# Server für VPN Verbindung zum Webserver 
-# Container auf dem internen Proxmox Server 
-# Wichtige Optionen: Nesting = Yes, keyctl = enabled
-carrot       ansible_ssh_host=192.168.0.202
-
-# Externe Server Warpzone
-# Öffentlicher Root Server Warpzone bei Hetzner 
-tiffany     ansible_ssh_host=159.69.57.15
-
-# Öffentlicher Webserver Warpzone 
-# VM auf Tiffany
-webserver   ansible_ssh_host=159.69.57.51 
-
-# Vorstands-VM
-# VM auf Tiffany
-# Auch erreichbar unter verwaltung.warpzone.ms
-verwaltung ansible_ssh_host=195.201.179.60
-
-# Physischer Server für Veranstaltungen / Camps 
-# warpzone.remote Proxmox-Server
-hex         ansible_ssh_host=10.111.10.100
-
-# Virtueller Server für Infrastruktur-Dienste auf Veranstaltungen / Camps
-# Container auf dem warpzone.remote Proxmox-Server 
-# Wichtige Optionen: Nesting = Yes, keyctl = enabled
-hix         ansible_ssh_host=10.111.10.101

hosts.yml

@@ -12,11 +12,13 @@ prod:
         # ansible_ssh_common_args='-o ForwardAgent=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ProxyCommand="ssh -W %h:%p -q 159.69.57.51"'
         weatherwax:
           ansible_ssh_host: 192.168.0.200
+          ansible_user: root
 
         # Externe Server Warpzone
         # Öffentlicher Root Server Warpzone bei Hetzner
         tiffany:
           ansible_ssh_host: 159.69.57.15
+          ansible_user: root
 
     vms:
       children:
@@ -27,12 +29,14 @@ prod:
             # Wichtige Optionen: Nesting = Yes, keyctl = enabled
             ogg:
               ansible_ssh_host: 192.168.0.201
+              ansible_user: root
 
             # Server für VPN Verbindung zum Webserver
             # Container auf dem internen Proxmox Server
             # Wichtige Optionen: Nesting = Yes, keyctl = enabled
             carrot:
               ansible_ssh_host: 192.168.0.202
+              ansible_user: root
 
         tiffany-vms:
           hosts:
@@ -40,12 +44,14 @@ prod:
             # VM auf Tiffany
             webserver:
               ansible_ssh_host: 159.69.57.51
+              ansible_user: root
 
             # Vorstands-VM
             # VM auf Tiffany
             # Auch erreichbar unter verwaltung.warpzone.ms
             verwaltung:
               ansible_ssh_host: 195.201.179.60
+              ansible_user: root
 
 event:
   children:
@@ -55,6 +61,7 @@ event:
         # warpzone.remote Proxmox-Server
         hex:
           ansible_ssh_host: 10.111.10.100
+          ansible_user: root
 
     vms:
       hosts:
@@ -63,3 +70,4 @@ event:
         # Wichtige Optionen: Nesting = Yes, keyctl = enabled
         hix:
           ansible_ssh_host: 10.111.10.101
+          ansible_user: root
\ No newline at end of file

intern/docker_esphome/templates/config/esphome_plug02.yaml

@@ -19,6 +19,10 @@
       payload: "CLOSED"
       then:
         - switch.turn_off: relay
+    - topic: warpzone/door/status_once
+      payload: "OPEN"
+      then:
+        - switch.turn_on: relay
 
 status_led:
   pin:

intern/docker_esphome/templates/config/esphome_plug03.yaml

@@ -19,6 +19,10 @@
       payload: "CLOSED"
       then:
         - switch.turn_off: relay
+    - topic: warpzone/door/status_once
+      payload: "OPEN"
+      then:
+        - switch.turn_on: relay
 
 status_led:
   pin: