1 files changed, 58 insertions, 0 deletions

diff --git a/roles/relayd/templates/relayd.conf.j2 b/roles/relayd/templates/relayd.conf.j2
new file mode 100644
index 0000000..4b43c8e
--- /dev/null
+++ b/roles/relayd/templates/relayd.conf.j2
@@ -0,0 +1,58 @@
+
+# relayd ~~ /etc/relayd.conf
+# managed by Ansible
+
+# ====== #
+# tables
+# ====== #
+
+table <local> { 127.0.0.1 }
+{% for h in groups["all"] %}
+{% set h = dict(hostvars[h]) %}
+{##}
+{% if h.ip.in is defined %}
+table <{{ h.ansible_host }}> { {{ h.ip.in }} }
+{% endif %}
+{##}
+{% endfor %}
+
+# ================ #
+# filter for vhost
+# ================ #
+
+http protocol vhost {
+{% for h in groups["all"] %}
+{% set h = dict(hostvars[h]) %}
+{##}
+{% if h.ip.in is defined %}
+	pass request header "Host" value "{{ h.ansible_host }}.{{ _i.domain_name }}" forward to <{{ h.ansible_host }}>
+{% endif %}
+{##}
+{% endfor %}
+}
+
+# ======================= #
+# relays for all protocol
+# ======================= #
+
+{% set relays = {} %}
+{% for h in groups["servers"] %}
+	{% set h = dict(hostvars[h]) %}
+	{##}
+	{% for service in h.services | sort(attribute="port") if service.domain is defined %}
+		{% set _ = relays.update({ service.port : [] }) if relays[service.port] is not defined %}
+		{% set key_changer = { "host" : h.ansible_host, "domain" : service.domain } %}
+		{% set _ = relays[service.port].append(key_changer) %}
+	{% endfor %}
+	{##}
+{% endfor %}
+
+{% for relay in relays %}
+relay vhost_{{ relay }} {
+	listen on egress port {{ relay }}
+	protocol vhost
+{% for h in relays[relay] %}
+	forward to <{{ h.host }}> port {{ relay }} check icmp
+{% endfor %}
+}
+{% endfor %}