Merge branch 'master' into archlinux

Author: uubk

defaults/main.yml

@@ -2,6 +2,11 @@ haproxy_ssl_bind_ciphers: 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES1
 haproxy_ssl_bind_options: 'no-sslv3'
 haproxy_ssl_server_ciphers: 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS'
 haproxy_ssl_server_options: 'no-sslv3'
+
 haproxy_chroot: True
 
-haproxy_debian_release: "{{ ansible_distribution_release }}"
+haproxy_maxconn: 512
+haproxy_own_file_limit: 25
+haproxy_limit_no_file: "{{ haproxy_maxconn + haproxy_own_file_limit }}"
+
+haproxy_debian_release: "{{ ansible_distribution_release }}"

tasks/main.yml

@@ -33,7 +33,7 @@
 
   - name: Configure haproxy to use conf.d-style configs
     become: True
-    copy: src=haproxy-systemd.conf dest=/etc/systemd/system/haproxy.service.d/ansible.conf owner=root group=root mode=0644
+    template: src=systemd.service.j2 dest=/etc/systemd/system/haproxy.service.d/ansible.conf owner=root group=root mode=0644
     register: dropindir
 
   - name: Setup chroot

templates/01-defaults.conf.j2

@@ -1,3 +1,6 @@
+# Managed by ansible (role: haproxy)
+# DO NOT EDIT!
+
 global
 	log /dev/log	local0 notice
 	log /dev/log	local1 notice
@@ -14,6 +17,8 @@ global
 	ca-base /etc/ssl/certs
 	crt-base /etc/ssl/private
 
+	maxconn {{ haproxy_maxconn }}
+
 	# Default ciphers to use on SSL-enabled listening sockets.
 	# For more information, see ciphers(1SSL). This list is from:
 	#  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/

files/haproxy-systemd.conf renamed to templates/systemd.service.j2

@@ -1,4 +1,8 @@
+# Managed by ansible (role: haproxy)
+# DO NOT EDIT!
+
 [Service]
+LimitNOFILE={{ haproxy_limit_no_file }}
 ExecStartPre=
 ExecStartPre=/etc/haproxy/gen-conf.sh
 ExecStartPre=/usr/sbin/haproxy -f ${CONFIG} -c -q $EXTRAOPTS