From 2dd556391f284085cf856bb84484dcf119550343 Mon Sep 17 00:00:00 2001
From: Paul <paul@paulbsd.com>
Date: Thu, 14 Mar 2024 21:25:46 +0100
Subject: [PATCH] updated haproxy state

---
 states/haproxy/defaults.yaml            | 1 +
 states/haproxy/templates/haproxy.cfg.j2 | 8 +++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/states/haproxy/defaults.yaml b/states/haproxy/defaults.yaml
index eb3ca12..2302ec4 100644
--- a/states/haproxy/defaults.yaml
+++ b/states/haproxy/defaults.yaml
@@ -88,6 +88,7 @@ haproxy:
     https_port: 443
     capture_length: 200
     admin: false
+    quic: true
     api:
       enable: true
       filesocket: /var/run/haproxy-admin.sock
diff --git a/states/haproxy/templates/haproxy.cfg.j2 b/states/haproxy/templates/haproxy.cfg.j2
index b1b4c1a..17ada5e 100644
--- a/states/haproxy/templates/haproxy.cfg.j2
+++ b/states/haproxy/templates/haproxy.cfg.j2
@@ -81,7 +81,7 @@ backend admin from {{ haproxy.config.namespace }}
   {%- endmacro %}
 
 {%- macro geoip() %}
-  # GeoIP
+# GeoIP
   http-request set-var(txn.country) lua.country(req.src)
   http-request return status 200 content-type "text/html; charset=utf-8" lf-string "<html><body><p>ip: %[var(req.src)]</p><p>country: %[lua.country(req.src)]</p><p>city: %[lua.city(req.src)]<p></body></html>" if self_host path_location
   acl allowed_country var(txn.country),map_str(/etc/haproxy/maps/countries,OK) OK
@@ -115,10 +115,12 @@ global
 
   tune.lua.maxmem {{ haproxy.config.lua_max_mem }}
 
+{% if haproxy.config.quic|default(true) %}
   expose-experimental-directives
 .if feature(QUIC)
   limited-quic
 .endif
+{% endif %}
 
 # Defaults values
 defaults {{ haproxy.config.namespace }}
@@ -188,9 +190,11 @@ frontend fe_http from {{ haproxy.config.namespace }}
 
 # Default HTTPS frontend
 frontend fe_https from {{ haproxy.config.namespace }}
+{% if haproxy.config.quic|default(true) %}
 .if feature(QUIC)
   bind quic4@*:{{ haproxy.config.https_port }},quic6@:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h3,h2,http/1.1{% endif %} name https
 .endif
+{% endif %}
   bind *:{{ haproxy.config.https_port }},:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h2,http/1.1{% endif %} name https
   mode http
   option httplog
@@ -249,9 +253,11 @@ frontend fe_https from {{ haproxy.config.namespace }}
   http-response set-header Server "{{ haproxy.config.servername }}"
   http-response set-header X-Random "%[var(txn.random)]"
   http-response set-header X-Robots-Tag noindex
+{% if haproxy.config.quic|default(true) %}
 .if feature(QUIC)
   http-response set-header Alt-Svc "h3=\":443\"; ma=3600"
 .endif
+{% endif %}
 
   http-request redirect location %[req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects)] code 301 if { req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects) -m found }
   http-request deny deny_status 404 unless domains || ua