Set allowlist

tasks/configuration.yml

@@ -142,6 +142,21 @@
       when: userlists.changed
       ignore_errors: true
 
+- name: "Set allowed ips"
+  ansible.builtin.template:
+    src: etc/haproxy/allowed.ips.j2
+    dest: /etc/haproxy/allowed.ips
+    mode: '0644'
+    owner: root
+    group: root
+  notify:
+    - Reload HAProxy
+  when:
+    - hap_allowedips is defined
+  tags:
+    - configuration
+    - config
+
 - name: "Generate certificate for frontends"
   include_tasks: generate_certificate.yml 
   when:

templates/etc/haproxy/allowed.ips.j2

@@ -0,0 +1,5 @@
+{% if hap_allowedips is defined %}
+{% for ip in hap_allowedips %}
+{{ ip }}
+{% endfor %}
+{% endif %}

templates/etc/haproxy/haproxy.d/userlists.j2

@@ -1,8 +1,9 @@
 {% if hap_userlists is defined %}
 {% for userlist in hap_userlists %}
-userlist {{ userlist.name -}}
+userlist {{ userlist.name }}
 	{% for user in userlist.users %}
 	user {{ user.name }} password {{ user.password }}
+
 	{% endfor %}
 {% endfor %}
 {% endif %}