puppet-prod/site/profiles/manifests/stalwart/haproxy.pp

# enable external access via haproxy
class profiles::stalwart::haproxy (
  Boolean $enable = false,
){

  # webadmin
  profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_443":
    service => 'be_stalwart_webadmin',
    ports   => [443],
    options => [
      "cookie ${facts['networking']['hostname']}",
      'ssl',
      'verify none',
      'check',
      'inter 2s',
      'rise 3',
      'fall 2',
      'send-proxy-v2',
    ]
  }

  # imap
  profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_143":
    service => 'be_stalwart_imap',
    ports   => [143],
    options => [
      'check',
      'inter 3s',
      'rise 2',
      'fall 3',
      'send-proxy-v2',
    ]
  }

  # imaps
  profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_993":
    service => 'be_stalwart_imaps',
    ports   => [993],
    options => [
      'check',
      'ssl',
      'verify none',
      'inter 3s',
      'rise 2',
      'fall 3',
      'send-proxy-v2',
    ]
  }

  # smtp
  profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_25":
    service => 'be_stalwart_smtp',
    ports   => [25],
    options => [
      'check',
      'inter 3s',
      'rise 2',
      'fall 3',
      'send-proxy-v2',
    ]
  }

  # smtp submission
  profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_587":
    service => 'be_stalwart_submission',
    ports   => [587],
    options => [
      'check',
      'inter 3s',
      'rise 2',
      'fall 3',
      'send-proxy-v2',
    ]
  }

}