aboutsummaryrefslogtreecommitdiffstats
path: root/roles/relayd/templates
diff options
context:
space:
mode:
authorRomain Gonçalves <me@rgoncalves.se>2021-04-17 17:57:45 +0200
committerRomain Gonçalves <me@rgoncalves.se>2021-04-17 17:57:45 +0200
commit7e53b549e4962ff0387e155adcfc307d16ff1277 (patch)
tree4cd054e469db01c3e0f53eefe59588a3674d25b0 /roles/relayd/templates
parent24edb45881ac7a469f0c3fdcda6fd26edb199120 (diff)
downloadinfrastructure-7e53b549e4962ff0387e155adcfc307d16ff1277.tar.gz
relayd: Use macros for shorter template
Diffstat (limited to 'roles/relayd/templates')
-rw-r--r--roles/relayd/templates/relayd.conf.j249
1 files changed, 18 insertions, 31 deletions
diff --git a/roles/relayd/templates/relayd.conf.j2 b/roles/relayd/templates/relayd.conf.j2
index e3a2db5..4871a38 100644
--- a/roles/relayd/templates/relayd.conf.j2
+++ b/roles/relayd/templates/relayd.conf.j2
@@ -1,24 +1,21 @@
+{% import 'macros.j2' as macros with context %}
# relayd ~~ /etc/relayd.conf
# managed by Ansible
+# general
+
+log connection errors
+
# hosts
table <local> { 127.0.0.1 }
-{% for h in groups["servers"] %}
-{% set h = dict(hostvars[h]) %}
-{##}
-{% if h.ip.in is defined %}
-# {{ h.ansible_host }}
+{% call(h) macros.loop_valid_hosts("servers") -%}
table <{{ h.ansible_host }}> { {{ h.ip.in }} }
{% for service in h.services if service.domain is defined %}
table <{{ h.ansible_host }}_{{ service.domain }}> { {{ h.ip.in }} }
{% endfor %}
-{% endif %}
-{##}
-{% endfor %}
-
-# services
+{%- endcall %}
# protocols
@@ -38,19 +35,15 @@ http protocol "https" {
tls keypair "{{ global.domain_name }}"
pass request quick header "Host" value "{{ global.domain_name }}" forward to <local>
-
-{% for h in groups["servers"] %}
-{% set h = dict(hostvars[h]) %}
-{##}
-{% if h.ip.in is defined %}
+{% call(h) macros.loop_valid_hosts("servers") -%}
{% for service in h.services if service.domain is defined %}
tls keypair "{{ service.domain }}.{{ global.domain_name }}"
pass request quick header "Host" value "{{ service.domain }}.{{ global.domain_name }}" forward to <{{ h.ansible_host }}_{{ service.domain }}>
-
-{% endfor %}
-{% endif %}
-{##}
{% endfor %}
+{%- endcall %}
+
+ block label "{{ relayd_block_msg }}"
+
return error
}
@@ -60,16 +53,12 @@ http protocol "http" {
pass request quick path "/.well-known/acme-challenge/*" forward to <local>
pass request quick header "Host" value "{{ global.domain_name }}" forward to <local>
-{% for h in groups["servers"] %}
-{% set h = dict(hostvars[h]) %}
-{##}
-{% if h.ip.in is defined %}
+{% call(h) macros.loop_valid_hosts("servers") -%}
{% for service in h.services if service.domain is defined %}
pass request quick header "Host" value "{{ service.domain }}.{{ global.domain_name }}" forward to <{{ h.ansible_host }}_{{ service.domain }}>
{% endfor %}
-{% endif %}
-{##}
-{% endfor %}
+{%- endcall %}
+
return error
}
@@ -86,11 +75,9 @@ relay "wwwtls" {
listen on egress port 443 tls
protocol "https"
forward to <local> port 80 check http "/" code 200
-{% for hostname in groups["servers"] %}
-{% set h = dict(hostvars[hostname]) %}
+{% call(h) macros.loop_valid_hosts("servers") -%}
{% for service in h.services if service.domain is defined %}
- forward to <{{ hostname }}_{{ service.domain }}> port {{ service.port }} check tcp
-{% endfor %}
+ forward to <{{ h.ansible_host }}_{{ service.domain }}> port {{ service.port }} check tcp
{% endfor %}
-
+{%- endcall %}
}
remember that computers suck.