roles/haproxy: added

inventory.example.yml

@@ -54,6 +54,9 @@ all:
     caddy:
       hosts:
         your_bastion_host:
+    haproxy:
+      hosts:
+        your_bastion_host:
     sshd:
       hosts:
         your_bastion_host:

roles/haproxy/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+
+- name: Install haproxy package
+  community.general.pacman:
+    name:
+      - haproxy
+
+- name: Deploy haproxy config
+  template:
+    src: haproxy.cfg.j2
+    dest: /etc/haproxy/haproxy.cfg
+
+- name: Enable haproxy service
+  systemd:
+    name: haproxy
+    enabled: yes
+    state: started

roles/haproxy/templates/haproxy.j2

@@ -0,0 +1,22 @@
+defaults
+	log global
+	mode tcp
+	timeout connect 10s
+	timeout client 36h
+	timeout server 36h
+
+{% if groups["gitea"] | length > 0 %}
+
+listen gitea_ssh
+	bind *:2499
+	balance leastconn
+	mode tcp
+
+	option tcp-check
+	tcp-check expect rstring SSH-2.0-OpenSSH.*
+
+{% for host in groups["gitea"] %}
+	server {{ host }} {{ host_vars[host]["local_ip"] }}:2499
+{% endfor %}
+
+{% endif %}

run.yml

@@ -69,6 +69,11 @@
         - caddy
       when: "caddy" in group_names
 
+    - role: haproxy
+      tags:
+        - haproxy
+      when: "haproxy" in group_names
+
     - role: dotfiles
       tags:
         - dotfiles