From 465a1a9eebe1a693c6103892ef95d4bf7ba77e20 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Thu, 2 Sep 2021 16:55:44 +0000
Subject: [PATCH] Add http/https endpoints for relayed hosts

---
 group_vars/relay.yml |  2 ++
 playbooks/relay.yml  | 14 ++++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/group_vars/relay.yml b/group_vars/relay.yml
index ae13579..b48a3a2 100644
--- a/group_vars/relay.yml
+++ b/group_vars/relay.yml
@@ -37,5 +37,7 @@ firewall_raw:
   - pass quick proto carp
 firewall_in:
   - {proto: tcp, port: 22, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 80}
+  - {proto: tcp, port: 443}
   - {proto: tcp, port: 636}
   - {proto: tcp, port: 6514}
diff --git a/playbooks/relay.yml b/playbooks/relay.yml
index 99af8ab..2111f32 100644
--- a/playbooks/relay.yml
+++ b/playbooks/relay.yml
@@ -13,3 +13,17 @@
     - base
     - ifstated
     - relayd
+    - nginx/server
+
+  tasks:
+    - include_role:
+        name: nginx/site
+      vars:
+        site: "{{ sitename }}"
+        redirect: https://www.foo.sh/
+      with_items:
+        - ldap.foo.sh
+        - ldap01.foo.sh
+        - loghost.foo.sh
+      loop_control:
+        loop_var: sitename