From 5a6b48a7f62bf8f0b5f0737b534320fc031175b8 Mon Sep 17 00:00:00 2001
From: Paul Lecuq <paul@paulbsd.com>
Date: Sat, 15 Jul 2023 19:54:00 +0200
Subject: [PATCH] updated haproxy state

---
 states/haproxy/defaults.yaml            | 1 +
 states/haproxy/templates/haproxy.cfg.j2 | 6 ++++--
 states/haproxy/templates/maps/ua.j2     | 7 +++++++
 3 files changed, 12 insertions(+), 2 deletions(-)
 create mode 100644 states/haproxy/templates/maps/ua.j2

diff --git a/states/haproxy/defaults.yaml b/states/haproxy/defaults.yaml
index 9daef81..8d7f31b 100644
--- a/states/haproxy/defaults.yaml
+++ b/states/haproxy/defaults.yaml
@@ -14,6 +14,7 @@ haproxy:
     - countries
     - domains
     - redirects
+    - ua
     - vhosts
   acme: false
   hatop:
diff --git a/states/haproxy/templates/haproxy.cfg.j2 b/states/haproxy/templates/haproxy.cfg.j2
index 114cc3c..6970c85 100644
--- a/states/haproxy/templates/haproxy.cfg.j2
+++ b/states/haproxy/templates/haproxy.cfg.j2
@@ -159,6 +159,7 @@ frontend fe_https from {{ haproxy.config.namespace }}
   ## ACLs
   acl internal src -f {{ haproxy.config.dir }}/maps/access
   acl domains req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/domains) -m found
+  acl ua req.hdr(User-Agent),map_beg(/etc/haproxy/maps/ua) -m found
   acl security_txt path /.well-known/security.txt
   acl robots_txt path /robots.txt
   acl max_req_rate sc_http_req_rate(0) gt {{ haproxy.config.ddos.maxrequests|default(200) }}
@@ -213,11 +214,12 @@ frontend fe_https from {{ haproxy.config.namespace }}
   http-response set-header X-Random "%[var(txn.random)]"
 
   http-request redirect location %[req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects)] code 301 if { req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects) -m found }
-  http-request deny deny_status 404 unless domains
+  http-request deny deny_status 404 unless domains || ua
 {%- if haproxy.config.admin %}
   use_backend admin if self_host internal
 {%- endif %}
-  use_backend %[req.hdr(Host),lower,map({{ haproxy.config.dir }}/maps/vhosts,nginx)]
+  use_backend %[req.hdr(Host),lower,map({{ haproxy.config.dir }}/maps/vhosts)] if domains
+  use_backend %[req.hdr(User-Agent),map_beg({{ haproxy.config.dir }}/maps/ua)] if ua
   default_backend {{ ns.default_backend }}
 
   monitor-uri /dead_or_alive
diff --git a/states/haproxy/templates/maps/ua.j2 b/states/haproxy/templates/maps/ua.j2
new file mode 100644
index 0000000..defd1c7
--- /dev/null
+++ b/states/haproxy/templates/maps/ua.j2
@@ -0,0 +1,7 @@
+## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
+{%- from "haproxy/map.jinja" import haproxy with context %}
+{%- for name, values in haproxy.config.vhosts.items() %}
+{%- if not values.redirect|default(false) and values.ua|default(false) %}
+{{ values.ua }} {{ name }}
+{%- endif %}
+{%- endfor %}