aboutsummaryrefslogtreecommitdiffstats
path: root/roles/relayd
diff options
context:
space:
mode:
authorbinary <me@rgoncalves.se>2020-11-07 20:39:07 +0100
committerbinary <me@rgoncalves.se>2020-11-07 20:39:07 +0100
commit8ff8f1fa4037defebab29c7c7775ae3372cbe9a7 (patch)
treee395508f5a962fc9afce777cff08dbfecb0862d4 /roles/relayd
parent352c98322771af117a85904d580e1c062062d634 (diff)
downloadinfrastructure-8ff8f1fa4037defebab29c7c7775ae3372cbe9a7.tar.gz
Automate network deployment
Diffstat (limited to 'roles/relayd')
-rw-r--r--roles/relayd/tasks/main.yml15
-rw-r--r--roles/relayd/templates/relayd.conf.j258
2 files changed, 73 insertions, 0 deletions
diff --git a/roles/relayd/tasks/main.yml b/roles/relayd/tasks/main.yml
new file mode 100644
index 0000000..5de324c
--- /dev/null
+++ b/roles/relayd/tasks/main.yml
@@ -0,0 +1,15 @@
+
+# relayd ~~ tasks/main.yml
+
+---
+
+- name: Generate relayd configuration
+ template:
+ src: templates/relayd.conf.j2
+ dest: /etc/relayd.conf
+
+- name: Enable and restart relayd
+ service:
+ name: relayd
+ state: restarted
+ enabled: true
diff --git a/roles/relayd/templates/relayd.conf.j2 b/roles/relayd/templates/relayd.conf.j2
new file mode 100644
index 0000000..4b43c8e
--- /dev/null
+++ b/roles/relayd/templates/relayd.conf.j2
@@ -0,0 +1,58 @@
+
+# relayd ~~ /etc/relayd.conf
+# managed by Ansible
+
+# ====== #
+# tables
+# ====== #
+
+table <local> { 127.0.0.1 }
+{% for h in groups["all"] %}
+{% set h = dict(hostvars[h]) %}
+{##}
+{% if h.ip.in is defined %}
+table <{{ h.ansible_host }}> { {{ h.ip.in }} }
+{% endif %}
+{##}
+{% endfor %}
+
+# ================ #
+# filter for vhost
+# ================ #
+
+http protocol vhost {
+{% for h in groups["all"] %}
+{% set h = dict(hostvars[h]) %}
+{##}
+{% if h.ip.in is defined %}
+ pass request header "Host" value "{{ h.ansible_host }}.{{ _i.domain_name }}" forward to <{{ h.ansible_host }}>
+{% endif %}
+{##}
+{% endfor %}
+}
+
+# ======================= #
+# relays for all protocol
+# ======================= #
+
+{% set relays = {} %}
+{% for h in groups["servers"] %}
+ {% set h = dict(hostvars[h]) %}
+ {##}
+ {% for service in h.services | sort(attribute="port") if service.domain is defined %}
+ {% set _ = relays.update({ service.port : [] }) if relays[service.port] is not defined %}
+ {% set key_changer = { "host" : h.ansible_host, "domain" : service.domain } %}
+ {% set _ = relays[service.port].append(key_changer) %}
+ {% endfor %}
+ {##}
+{% endfor %}
+
+{% for relay in relays %}
+relay vhost_{{ relay }} {
+ listen on egress port {{ relay }}
+ protocol vhost
+{% for h in relays[relay] %}
+ forward to <{{ h.host }}> port {{ relay }} check icmp
+{% endfor %}
+}
+{% endfor %}
remember that computers suck.