From 788dfae081d18188dda57eacd956c7dbd6e1f645 Mon Sep 17 00:00:00 2001
From: VC <veretcle+framagit@mateu.be>
Date: Fri, 5 Jul 2024 11:53:35 +0200
Subject: [PATCH] feat: remove unneeded webservers load-balancing + treat
 backend as static IPv4 addresses instead of dynamic IPv6 addresses

---
 loadbalancinghttp.yml                  |  7 +++++++
 production.yml                         |  4 ++++
 roles/haproxy/templates/haproxy.cfg.j2 | 10 +++++-----
 3 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/loadbalancinghttp.yml b/loadbalancinghttp.yml
index 0336e65..27e3d17 100644
--- a/loadbalancinghttp.yml
+++ b/loadbalancinghttp.yml
@@ -1,5 +1,12 @@
 ---
 
+- name: Retrieve network info
+  hosts: webservers:!disabled_loadbalanced_webservers
+  gather_facts: true
+  gather_subset:
+    - network
+  tasks: []
+
 - name: Load balancers
   hosts: loadbalancers
   diff: true
diff --git a/production.yml b/production.yml
index 29d05e8..cbb37fd 100644
--- a/production.yml
+++ b/production.yml
@@ -234,6 +234,10 @@ muninservers:
   hosts:
     munin.dmz.mateu.be:
 
+disabled_loadbalanced_webservers:
+  hosts:
+    20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud:
+
 disabled_munin:
   hosts:
     baybay-ponay.mateu.be:
diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2
index 07ced7d..66db401 100644
--- a/roles/haproxy/templates/haproxy.cfg.j2
+++ b/roles/haproxy/templates/haproxy.cfg.j2
@@ -41,7 +41,7 @@ frontend http
 	tcp-request inspect-delay 3s
 	acl letsencrypt path_beg /.well-known/acme-challenge
 	redirect scheme https code 301 if !letsencrypt
-{% for server in groups['webservers'] %}
+{% for server in groups['webservers'] | difference(groups['disabled_loadbalanced_webservers']) %}
 {% for hostname in hostvars[server]['web_hostname'] %}
 	## {{ hostname }} configuration
 	acl host_{{ hostname }} hdr(host) -i {{ hostname }}
@@ -56,7 +56,7 @@ frontend https
 	bind *:443 name frontend-https
 	tcp-request inspect-delay 3s
 	tcp-request content accept if { req.ssl_hello_type 1 }
-{% for server in groups['webservers'] %}
+{% for server in groups['webservers'] | difference(groups['disabled_loadbalanced_webservers']) %}
 {% for hostname in hostvars[server]['web_hostname'] %}
 	## {{ hostname }} configuration
 	acl host_{{ hostname }} req.ssl_sni -i {{ hostname }}
@@ -65,15 +65,15 @@ frontend https
 {% endfor %}
 {% endfor %}
 
-{% for server in groups['webservers'] %}
+{% for server in groups['webservers'] | difference(groups['disabled_loadbalanced_webservers']) %}
 ## {{ server }} configuration
 backend http_{{ server }}
 	mode http
-	server host_{{ server.split('.')|join('_') }} {{ server }}:80
+	server host_{{ server.split('.')|join('_') }} {{ hostvars[server]['ansible_default_ipv4']['address'] }}:80
 
 backend https_{{ server }}
 	mode tcp
-	server host_{{ server.split('.')|join('_') }} {{ server }}:443
+	server host_{{ server.split('.')|join('_') }} {{ hostvars[server]['ansible_default_ipv4']['address'] }}:443
 
 {% endfor %}