aboutsummaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/relayd/defaults/main.yml16
-rw-r--r--roles/relayd/templates/relayd.conf.j249
2 files changed, 34 insertions, 31 deletions
diff --git a/roles/relayd/defaults/main.yml b/roles/relayd/defaults/main.yml
new file mode 100644
index 0000000..2f1bd17
--- /dev/null
+++ b/roles/relayd/defaults/main.yml
@@ -0,0 +1,16 @@
+
+---
+
+relayd_transparent: true
+relayd_block_msg: |
+ <hr>
+ <h2>Domain error!</h2>
+ <hr>
+ <p>Two possibilities:</p>
+ <ol>
+ <li>Backend servers are probably; <b>turned-off</b> / <b>in-maintenance</b></li>
+ <li>Routing error; <b>decomissioned service</b> / <b>invalid domain!</b></li>
+ </ol>
+ <p>Please refer to
+ <a href='https://{{ global.domain_name }}'>https://{{ global.domain_name }}</a>
+ </p>
diff --git a/roles/relayd/templates/relayd.conf.j2 b/roles/relayd/templates/relayd.conf.j2
index e3a2db5..4871a38 100644
--- a/roles/relayd/templates/relayd.conf.j2
+++ b/roles/relayd/templates/relayd.conf.j2
@@ -1,24 +1,21 @@
+{% import 'macros.j2' as macros with context %}
# relayd ~~ /etc/relayd.conf
# managed by Ansible
+# general
+
+log connection errors
+
# hosts
table <local> { 127.0.0.1 }
-{% for h in groups["servers"] %}
-{% set h = dict(hostvars[h]) %}
-{##}
-{% if h.ip.in is defined %}
-# {{ h.ansible_host }}
+{% call(h) macros.loop_valid_hosts("servers") -%}
table <{{ h.ansible_host }}> { {{ h.ip.in }} }
{% for service in h.services if service.domain is defined %}
table <{{ h.ansible_host }}_{{ service.domain }}> { {{ h.ip.in }} }
{% endfor %}
-{% endif %}
-{##}
-{% endfor %}
-
-# services
+{%- endcall %}
# protocols
@@ -38,19 +35,15 @@ http protocol "https" {
tls keypair "{{ global.domain_name }}"
pass request quick header "Host" value "{{ global.domain_name }}" forward to <local>
-
-{% for h in groups["servers"] %}
-{% set h = dict(hostvars[h]) %}
-{##}
-{% if h.ip.in is defined %}
+{% call(h) macros.loop_valid_hosts("servers") -%}
{% for service in h.services if service.domain is defined %}
tls keypair "{{ service.domain }}.{{ global.domain_name }}"
pass request quick header "Host" value "{{ service.domain }}.{{ global.domain_name }}" forward to <{{ h.ansible_host }}_{{ service.domain }}>
-
-{% endfor %}
-{% endif %}
-{##}
{% endfor %}
+{%- endcall %}
+
+ block label "{{ relayd_block_msg }}"
+
return error
}
@@ -60,16 +53,12 @@ http protocol "http" {
pass request quick path "/.well-known/acme-challenge/*" forward to <local>
pass request quick header "Host" value "{{ global.domain_name }}" forward to <local>
-{% for h in groups["servers"] %}
-{% set h = dict(hostvars[h]) %}
-{##}
-{% if h.ip.in is defined %}
+{% call(h) macros.loop_valid_hosts("servers") -%}
{% for service in h.services if service.domain is defined %}
pass request quick header "Host" value "{{ service.domain }}.{{ global.domain_name }}" forward to <{{ h.ansible_host }}_{{ service.domain }}>
{% endfor %}
-{% endif %}
-{##}
-{% endfor %}
+{%- endcall %}
+
return error
}
@@ -86,11 +75,9 @@ relay "wwwtls" {
listen on egress port 443 tls
protocol "https"
forward to <local> port 80 check http "/" code 200
-{% for hostname in groups["servers"] %}
-{% set h = dict(hostvars[hostname]) %}
+{% call(h) macros.loop_valid_hosts("servers") -%}
{% for service in h.services if service.domain is defined %}
- forward to <{{ hostname }}_{{ service.domain }}> port {{ service.port }} check tcp
-{% endfor %}
+ forward to <{{ h.ansible_host }}_{{ service.domain }}> port {{ service.port }} check tcp
{% endfor %}
-
+{%- endcall %}
}
remember that computers suck.