diff options
-rw-r--r-- | roles/relayd/defaults/main.yml | 16 | ||||
-rw-r--r-- | roles/relayd/templates/relayd.conf.j2 | 49 | ||||
-rw-r--r-- | templates/macros.j2 | 15 |
3 files changed, 49 insertions, 31 deletions
diff --git a/roles/relayd/defaults/main.yml b/roles/relayd/defaults/main.yml new file mode 100644 index 0000000..2f1bd17 --- /dev/null +++ b/roles/relayd/defaults/main.yml @@ -0,0 +1,16 @@ + +--- + +relayd_transparent: true +relayd_block_msg: | + <hr> + <h2>Domain error!</h2> + <hr> + <p>Two possibilities:</p> + <ol> + <li>Backend servers are probably; <b>turned-off</b> / <b>in-maintenance</b></li> + <li>Routing error; <b>decomissioned service</b> / <b>invalid domain!</b></li> + </ol> + <p>Please refer to + <a href='https://{{ global.domain_name }}'>https://{{ global.domain_name }}</a> + </p> diff --git a/roles/relayd/templates/relayd.conf.j2 b/roles/relayd/templates/relayd.conf.j2 index e3a2db5..4871a38 100644 --- a/roles/relayd/templates/relayd.conf.j2 +++ b/roles/relayd/templates/relayd.conf.j2 @@ -1,24 +1,21 @@ +{% import 'macros.j2' as macros with context %} # relayd ~~ /etc/relayd.conf # managed by Ansible +# general + +log connection errors + # hosts table <local> { 127.0.0.1 } -{% for h in groups["servers"] %} -{% set h = dict(hostvars[h]) %} -{##} -{% if h.ip.in is defined %} -# {{ h.ansible_host }} +{% call(h) macros.loop_valid_hosts("servers") -%} table <{{ h.ansible_host }}> { {{ h.ip.in }} } {% for service in h.services if service.domain is defined %} table <{{ h.ansible_host }}_{{ service.domain }}> { {{ h.ip.in }} } {% endfor %} -{% endif %} -{##} -{% endfor %} - -# services +{%- endcall %} # protocols @@ -38,19 +35,15 @@ http protocol "https" { tls keypair "{{ global.domain_name }}" pass request quick header "Host" value "{{ global.domain_name }}" forward to <local> - -{% for h in groups["servers"] %} -{% set h = dict(hostvars[h]) %} -{##} -{% if h.ip.in is defined %} +{% call(h) macros.loop_valid_hosts("servers") -%} {% for service in h.services if service.domain is defined %} tls keypair "{{ service.domain }}.{{ global.domain_name }}" pass request quick header "Host" value "{{ service.domain }}.{{ global.domain_name }}" forward to <{{ h.ansible_host }}_{{ service.domain }}> - -{% endfor %} -{% endif %} -{##} {% endfor %} +{%- endcall %} + + block label "{{ relayd_block_msg }}" + return error } @@ -60,16 +53,12 @@ http protocol "http" { pass request quick path "/.well-known/acme-challenge/*" forward to <local> pass request quick header "Host" value "{{ global.domain_name }}" forward to <local> -{% for h in groups["servers"] %} -{% set h = dict(hostvars[h]) %} -{##} -{% if h.ip.in is defined %} +{% call(h) macros.loop_valid_hosts("servers") -%} {% for service in h.services if service.domain is defined %} pass request quick header "Host" value "{{ service.domain }}.{{ global.domain_name }}" forward to <{{ h.ansible_host }}_{{ service.domain }}> {% endfor %} -{% endif %} -{##} -{% endfor %} +{%- endcall %} + return error } @@ -86,11 +75,9 @@ relay "wwwtls" { listen on egress port 443 tls protocol "https" forward to <local> port 80 check http "/" code 200 -{% for hostname in groups["servers"] %} -{% set h = dict(hostvars[hostname]) %} +{% call(h) macros.loop_valid_hosts("servers") -%} {% for service in h.services if service.domain is defined %} - forward to <{{ hostname }}_{{ service.domain }}> port {{ service.port }} check tcp -{% endfor %} + forward to <{{ h.ansible_host }}_{{ service.domain }}> port {{ service.port }} check tcp {% endfor %} - +{%- endcall %} } diff --git a/templates/macros.j2 b/templates/macros.j2 new file mode 100644 index 0000000..e2aad96 --- /dev/null +++ b/templates/macros.j2 @@ -0,0 +1,15 @@ +{% macro loop_hosts(group) -%} +{% for h in groups[group] -%} +{% set h = dict(hostvars[h]) %} +{{ caller(h) }} +{%- endfor %} +{%- endmacro %} + +{% macro loop_valid_hosts(group) -%} +{% for h in groups[group] -%} +{% set h = dict(hostvars[h]) %} +{% if h.ip.in is defined and h.ip.out is defined -%} +{{ caller(h) }} +{%- endif %} +{%- endfor %} +{%- endmacro %} |