alcali / alcali formula unmaintained

[nerdoc]

Describe the bug
I am trying to install alcali since weeks now, without real success. Did id bare metal, using the docker file ("try" and production), and the salt formula. Nothing works out of the box, not even the docker "try" method mentioned in the docs. I'm not a newbie, and somehow experienced in programming, and am using Linux since 20+ years.

I managed to get it at least "running", after much effort, but the rest auth against alcali is close to impossible to manage.

To Reproduce
Steps to reproduce the behavior:
Choose any method you want. Noone works under Debian 12 / Ubuntu 22.04/24.04

Expected behavior
At least ONE method (the docker "try") method) must work.
When installing the salt formula (where documentation is rare to extract, but after a few days, it at least I got it "running"), the first time the alcali state is applied to salt master, it fails at the "alcali migrate" module. When doing the same state apply again, it exits without error, but only because the "migrate" module was "not changed". So it is a not-working state, and the module is not really idempotent.
After much configuration (there is NO helpful tutorial for a beginner that gives you a simple, working, step-by-step guide on how to install ansible on a Debian (12) server) , the following errors remain:

          ID: alcali-package-install-git-latest
    Function: git.latest
        Name: https://github.com/saltstack-formulas/alcali-formula.git
      Result: False
     Comment: Repository would be updated to e7c4496, but this is not a fast-forward merge. Set 'force_reset' to True to force this update.
     Started: 05:58:07.644633
    Duration: 1505.189 ms
     Changes:   
----------
          ID: alcali-package-install-virtualenv-managed
    Function: virtualenv.managed
        Name: /opt/alcali/.venv
      Result: False
     Comment: One or more requisite failed: alcali.package.install.alcali-package-install-git-latest
     Started: 05:58:09.151425
    Duration: 0.002 ms
     Changes:   
----------
          ID: alcali-package-install-db-pip-installed
    Function: pip.installed
        Name: mysqlclient
      Result: False
     Comment: One or more requisite failed: alcali.package.install.alcali-package-install-virtualenv-managed
     Started: 05:58:09.194973
    Duration: 0.005 ms
     Changes:   
----------
...
----------
          ID: alcali-config-migrate-db-provision-cmd-run
    Function: cmd.run
        Name: ./manage.py migrate
      Result: False
     Comment: One or more requisite failed: alcali.package.install.alcali-package-install-virtualenv-managed, alcali.package.install.alcali-package-install-git-latest
     Started: 05:58:09.202055
    Duration: 0.002 ms
     Changes:  

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: Debian 12
• Browser: Firefox
• Version 131

Additional context
My salt master configuration:

file_roots:
  base:
    - /srv/salt/
    - /srv/salt/formulas/alcali-formula

keep_acl_in_token: True
allow_uid_change: True
allow_gid_change: True

mysql.host: 'db'
mysql.user: 'salt'
mysql.pass: '<redacted>'
mysql.db: 'salt'
mysql.port: 3306

rest_cherrypy:
  port: 8080
  host: 0.0.0.0
  debug: True
  ssl_crt: /etc/pki/tls/certs/localhost.crt
  ssl_key: /etc/pki/tls/certs/localhost.key

external_auth: 
  pam:
    christian:
      - .*
      - '@runner'
      - '@wheel'
    alcali:
      - .*
      - '@runner':
        - jobs.active
        - jobs.list_job
        - jobs.list_jobs
        - manage.versions
      - '@wheel':
        - config.values
        - key.finger
        - key.list_all
        - minions.connected
  rest:
    ^url: http://127.0.0.1:8000/api/token/verify/
    christian:
      - .*
      - '@runner'
      - '@wheel'
    alcali:
      - .*
      - '@runner'
      - '@wheel'

netapi_enable_clients:
    - local
    - local_async
    - runner
    - wheel

My alcali formula pillar:

alcali:
  service:
    name: alcali
    init_delay: null  # Gunicorn may take some delay to pop, adjust here
  deploy:
    repository: https://github.com/saltstack-formulas/alcali-formula.git
    app_branch: "master"
    force_reset: False
    user: alcali
    group: alcali
    directory: /opt/alcali
    runtime: python3
    manage_user: True
  gunicorn:
    name: 'config.wsgi:application'
    host: '0.0.0.0'
    port: 5000
    workers: 2
    timeout: 300
  # All the items under this section will be converted into an environment file.
  config:
    allowed_hosts: '*'
    db_backend: mysql
    db_name: salt
    db_user: salt
    db_pass: "<redacted>"
    db_host: db.lan
    db_port: 3306
    master_minion_id: master
    secret_key: '<redacted>'
    salt_url: 'https://master:8080'
    salt_auth: rest

What works:

• alcali is running, I can log in using the Django created user.
• salt-api is running, I can curl against the API and login, receive a token. But with this token, I can't get further.

curl -sSk https://localhost:8080/login    \
     -H 'Accept: application/x-yaml' \
     -d username=christian \
     -d password=<redacted> \
     eauth=pam
return:
- eauth: pam
  expire: 1729042503.1914074
  perms:
  - .*
  - '@runner'
  - '@wheel'
  start: 1728999303.1914072
  token: 90afa7b103xxxxxxxxxxxxxxxx886dafa950bcd
  user: christian

This looks ok so far.

What doesn't work:

But with this token, I get an error:

...
        <h2>401 Unauthorized</h2>
        <p>Authorization error occurred.</p>
        <pre id="traceback">Traceback (most recent call last):
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/netapi/rest_cherrypy/app.py", line 860, in hypermedia_handler
    ret = cherrypy.serving.request._hypermedia_inner_handler(*args, **kwargs)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/cherrypy/_cpdispatch.py", line 54, in __call__
    return self.callable(*self.args, **self.kwargs)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/netapi/rest_cherrypy/app.py", line 1323, in POST
    return {"return": list(self.exec_lowstate(token=cherrypy.session.get("token")))}
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/netapi/rest_cherrypy/app.py", line 1220, in exec_lowstate
    ret = self.api.run(chunk)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/netapi/__init__.py", line 181, in run
    return l_fun(*f_call.get("args", ()), **f_call.get("kwargs", {}))
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/netapi/__init__.py", line 209, in local
    return client.cmd(*args, **kwargs)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/client/__init__.py", line 752, in cmd
    pub_data = self.run_job(
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/client/__init__.py", line 387, in run_job
    pub_data = self.pub(
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/client/__init__.py", line 1937, in pub
    raise AuthorizationError(err_msg)
salt.exceptions.AuthorizationError: Authorization error occurred.
During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/saltstack/salt/lib/python3.10/site-packages/cherrypy/_cprequest.py", line 638, in respond
    self._do_respond(path_info)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/cherrypy/_cprequest.py", line 697, in _do_respond
    response.body = self.handler()
  File "/opt/saltstack/salt/lib/python3.10/site-packages/cherrypy/lib/encoding.py", line 223, in __call__
    self.body = self.oldhandler(*args, **kwargs)
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/netapi/rest_cherrypy/app.py", line 868, in hypermedia_handler
    raise cherrypy.HTTPError(401, e.message)

And (i think due to this auth error), no minions/keys are seen in the UI - this seems to be the authentication problem above.

So this may be just "misconfiguration" yet, but really, I never had such a hard time with any software project just by setting it up. Never.

The last commit was a year ago.
So, before I start debugging and trying to help out providing documentation for first-time users, I just want to ask:

Is alcali and alcali-formula still maintained?

There are plenty of open bugs since years (which is ok) and plenty of really simple PRs (that fix errors like pointing to the wrong alcali-formula repo) that are not merged (which seems unmeintained to me).

Please just tell me whether it is worth contributing to this project or not.