---
haproxy:
  enabled: true
  packages:
    - haproxy
    - libcurl4-openssl-dev
    - libmaxminddb-dev
    - libjansson-dev
  maps:
    - access
    - domains
    - redirects
    - vhosts
  acme: false
  config:
    dir: /etc/haproxy
    configfile: haproxy.cfg
    peers:
    dirs:
      - geoip
      - maps
      - scripts
      - mods
      - errors
    scripts:
      - name: scripts/json.lua
        lib: true
      - name: scripts/collector.lua
        lib: false
      - name: scripts/weight.lua
        lib: false
    namespace: paulbsd
    user: haproxy
    group: haproxy
    servername: High-performance Web Server
    http2: true
    defaults:
      #log: global
      #log: 127.0.0.1 local0
      log: stdout format raw daemon info
      retries: 2
      timeout check: 4s
      timeout client: 60m
      timeout connect: 2s
      timeout server: 60m
      unique-id-format: "%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid"
    balance: roundrobin
    check: true
    http_port: 80
    https_port: 443
    capture_length: 200
    admin: false
    api:
      enable: true
      filesocket: /var/run/haproxy-admin.sock
      tcpsocket: ipv4@127.0.0.1:9990
    acme_dir: /etc/acme
    acme_fullchains_dir: /etc/acme/fullchains
    acme_dh_dir: /etc/acme/dh
    ssl_ciphers:
      - EECDH+AESGCM
      - EECDH+CHACHA20
    ssl_options:
      - no-sslv3
      - no-tls-tickets
    gzip_mime_types:
      - text/html
      - text/plain
      - text/css
      - text/javascript
      - application/json
    cache:
      size: 50000
      file_types:
        - .css
        - .js
        - .png
        - .jpg
    ddos:
      timeperiod: 10s
      maxrequests: 200
      size: 1m
    domains: {}
    vhosts: {}
    services: {}
    spoe: {}