add haproxy settings

roles/setup_install_haproxy/templates/haproxy.cfg.j2

@@ -0,0 +1,87 @@
+# Global settings
+global
+    log 127.0.0.1 local0
+    chroot /var/lib/haproxy
+    pidfile /var/run/haproxy.pid
+    maxconn 250000
+    user haproxy
+    group haproxy
+    daemon
+    nbthread 8
+    server-state-base /opt/haproxy/state/
+    tune.bufsize 131072
+    stats socket /var/run/haproxy.sock mode 600 level admin
+    stats timeout 2m
+
+# Defaults
+defaults
+    log global
+    mode tcp
+    retries 3
+    maxconn 250000
+    timeout connect 5s
+    timeout client 300s
+    timeout server 300s
+    timeout queue 25s
+
+# Stats
+frontend stats
+    bind *:8404
+    mode http
+    stats enable
+    stats uri /stats
+    stats refresh 10s
+
+# SSL Frontend
+frontend ssl-frontend
+    bind *:443
+    mode tcp
+    timeout client 300s
+
+    tcp-request inspect-delay 5s
+    tcp-request content accept if { req_ssl_hello_type 1 }
+
+    # IBP routing
+    acl is_rpc_dotters_network req_ssl_sni -i rpc.dotters.network
+    acl is_rpc_ibp_network req_ssl_sni -i rpc.ibp.network
+
+    acl is_payload_polka payload(0,0) -m sub /polkadot
+    acl is_payload_kusama payload(0,0) -m sub /kusama
+    acl is_payload_westend payload(0,0) -m sub /westend
+
+    use_backend polkadot_backend if is_rpc_dotters_network is_payload_polka
+    use_backend polkadot_backend if is_rpc_ibp_network is_payload_polka
+
+    use_backend kusama_backend if is_rpc_dotters_network is_payload_kusama
+    use_backend kusama_backend if is_rpc_ibp_network is_payload_kusama
+
+    use_backend westend_backend if is_rpc_dotters_network is_payload_westend
+    use_backend westend_backend if is_rpc_ibp_network is_payload_westend
+
+    # Rotko Networks routing
+    acl is_polkadot req_ssl_sni -i polkadot.rotko.net
+    acl is_kusama req_ssl_sni -i kusama.rotko.net
+    acl is_westend req_ssl_sni -i westend.rotko.net
+
+    use_backend polkadot_backend if is_polkadot
+    use_backend kusama_backend if is_kusama
+    use_backend westend_backend if is_westend
+
+# Polkadot Backend Configurations
+backend polkadot_backend
+    mode tcp
+    balance leastconn
+    server polkadot1 192.168.69.13:42313 check
+    server polkadot2 192.168.69.14:42314 check
+
+backend kusama_backend
+    mode tcp
+    balance leastconn
+    server kusama1 192.168.69.23:42323 check
+    server kusama2 192.168.69.24:42324 check
+
+backend westend_backend
+    mode tcp
+    balance leastconn
+    server westend1 192.168.69.33:42333 check
+    server westend2 192.168.69.34:42334 check

roles/setup_install_haproxy/templates/haproxy.service.j2

@@ -0,0 +1,36 @@
+# /etc/systemd/system/haproxy.service
+[Unit]
+Description=HAProxy Load Balancer
+After=network.target
+
+[Service]
+Environment="CONFIG=/etc/haproxy/haproxy.cfg"
+ExecStartPre=/usr/local/sbin/haproxy -f $CONFIG -c -q
+ExecStart=/usr/local/sbin/haproxy -Ws -f $CONFIG -d
+ExecReload=/usr/local/sbin/haproxy -f $CONFIG -c -q
+ExecReload=/bin/kill -USR2 $MAINPID
+KillMode=mixed
+Restart=always
+SuccessExitStatus=143
+Type=notify
+
+# The following lines leverage SystemD's sandboxing options to provide
+# defense in depth protection at the expense of restricting some flexibility
+# in your setup (e.g. placement of your configuration files) or possibly
+# reduced performance. See systemd.service(5) and systemd.exec(5) for further
+# information.
+
+# NoNewPrivileges=true
+# ProtectHome=true
+# If you want to use 'ProtectSystem=strict' you should whitelist the PIDFILE,
+# any state files and any other files written using 'ReadWritePaths' or
+# 'RuntimeDirectory'.
+# ProtectSystem=true
+# ProtectKernelTunables=true
+# ProtectKernelModules=true
+# ProtectControlGroups=true
+# If your SystemD version supports them, you can add: @reboot, @swap, @sync
+# SystemCallFilter=~@cpu-emulation @keyring @module @obsolete @raw-io
+
+[Install]
+WantedBy=multi-user.target