--- - hosts: frontend vars: firewall: - { port: "{{ haproxy.ports.https }}", ipv: "v4", proto: "tcp" } - { port: "{{ haproxy.ports.https }}", ipv: "v6", proto: "tcp" } - { port: "2442", ipv: "v4", proto: "tcp" } - { port: "2442", ipv: "v6", proto: "tcp" } - { port: "6400", ipv: "v4", proto: "tcp" } - { port: "6400", ipv: "v6", proto: "tcp" } apt: packages: - { package: "haproxy", state: present } - { package: "hitch", state: present } - { package: "varnish", state: present } systemd: services: - { name: "haproxy", enabled: true, action: restarted } - { name: "hitch", enabled: true, action: restarted } - { name: "varnish", enabled: true, action: restarted } overrides: - "haproxy" - "hitch" - "varnish" haproxy: socketroot: "/run/haproxy" config: "/etc/haproxy/haproxy.cfg" user: "varnish" group: "varnish" ports: https: 443 tcp: - {expose: 2442, proxy: 2443, group: "dev"} # Gitea SSH - {expose: 6400, proxy: 6401, group: "social"} # Mumble #- {expose: 25565, proxy: 25575, group: "minecraft"} # Minecraft redirect: prefix: - { pfx: "/web", acl: '{ hdr_beg(host) -i seed } { url / }' } public: # These are load balanced, it doesn't matter what IP they point to - {domain: "stats", count: 5, service: "grafana", httpchk: true} - {domain: "social", count: 1, service: "pleroma", httpchk: true} - {domain: "git", count: 1, service: "gitea", httpchk: true} - {domain: "seed", count: 1, service: "transmission", httpchk: false} - {domain: "sd", count: 1, service: "seedown", httpchk: true} varnish: backend: sock: '{{ haproxy.socketroot }}/haproxy.sock' frontend: sock: '/var/run/varnish.sock' user: '_hitch' group: '_hitch' mode: '660' jail: user: 'varnish' hitch: backend: sock: '{{ varnish.frontend.sock }}' user: '_hitch' group: '_hitch' frontend: port: 443 roles: - apt - haproxy - varnish - hitch - systemd - firewall