# {{ ansible_managed }}

global
        log /dev/log local0
        chroot /var/lib/haproxy
        user haproxy
        group haproxy
        daemon
        maxconn {{ haproxy_maxconn }}
{% for key, value in ((_haproxy_default_tuning_params | default({})) | combine(haproxy_tuning_params)).items() %}
        {{ key }} {{ value }}
{% endfor %}
        stats socket /var/run/haproxy.stat level admin mode 600
        {% if haproxy_ssl | bool %}
        ssl-default-bind-options {{ haproxy_ssl_bind_options }}
        ssl-default-server-options {{ haproxy_ssl_server_options }}
        {% if haproxy_ssl_cipher_suite_tls13 != "" -%}
        ssl-default-bind-ciphersuites {{ haproxy_ssl_cipher_suite_tls13 }}
        ssl-default-server-ciphersuites {{ haproxy_ssl_cipher_suite_tls13 }}
        {% endif -%}
        {% if haproxy_ssl_cipher_suite_tls12 != "" -%}
        ssl-default-bind-ciphers {{ haproxy_ssl_cipher_suite_tls12 }}
        ssl-default-server-ciphers {{ haproxy_ssl_cipher_suite_tls12 }}
        {% endif -%}
        tune.ssl.default-dh-param {{ haproxy_ssl_dh_param }}
        {% endif %}

defaults
        log global
        option dontlognull
        option redispatch
        option {{ haproxy_keepalive_mode }}
        retries {{ haproxy_retries }}
        timeout client {{ haproxy_client_timeout }}
        timeout connect {{ haproxy_connect_timeout }}
        timeout http-request {{ haproxy_http_request_timeout }}
        timeout server {{ haproxy_server_timeout }}
        maxconn {{ haproxy_maxconn }}
{% for value in haproxy_errorfiles %}
        errorfile {{ value.code }} {{ value.path }}
{% endfor %}
{% if haproxy_stats_enabled | bool %}
{% set haproxy_ssl_path = haproxy_ssl_cert_path + "/haproxy_" + (haproxy_host | default(ansible_facts['hostname'])) + "-" + ((haproxy_bind_internal_lb_vip_interface is truthy) | ternary(haproxy_bind_internal_lb_vip_address ~ '-' ~ haproxy_bind_internal_lb_vip_interface, haproxy_bind_internal_lb_vip_address)) + ".pem" %}
listen stats
    bind {{ haproxy_stats_bind_address }}:{{ haproxy_stats_port }} {% if haproxy_stats_ssl | bool %}ssl crt {{ haproxy_stats_ssl_cert_path | default(haproxy_ssl_path) }} {% if haproxy_stats_ssl_client_cert_ca is defined %}verify required ca-file {{ haproxy_stats_ssl_client_cert_ca }}{% endif %}{% endif %}

    mode http
{% if haproxy_stats_prometheus_enabled | bool %}
    http-request use-service prometheus-exporter if { path /metrics }
{% endif %}
    stats enable
    stats hide-version
    stats realm Haproxy\ Statistics
    stats uri /
    stats show-node
    stats show-legends
    stats auth {{ haproxy_username }}:{{ haproxy_stats_password }}
    stats admin if TRUE
    stats refresh {{ haproxy_stats_refresh_interval }}s
{% endif %}