roles/dch-proxy: Add haproxy config for Bitwarden

This commit adds an HAProxy backend for Bitwarden, and adds ACL rules to
the frontend to proxy traffic to *bitwarden.pyrocufflink.blue* or
*bitwarden.pyrocufflink.net* to it.

roles/dch-proxy/tasks/main.yml

@@ -19,6 +19,13 @@
     mode=0644
   notify: reload haproxy
 
+- name: ensure bitwarden haproxy backend is configured
+  template:
+    src=backend-bitwarden.haproxy.cfg.j2
+    dest=/etc/haproxy/70-backend-bitwarden.cfg
+    mode=0644
+  notify: reload haproxy
+
 - name: ensure openvpn haproxy backend is configured
   template:
     src=backend-openvpn.haproxy.cfg.j2

roles/dch-proxy/templates/backend-bitwarden.haproxy.cfg.j2

@@ -0,0 +1,7 @@
+backend bitwarden
+	server bitwarden bitwarden.pyrocufflink.blue:80 check
+
+
+backend bitwarden-tls
+	mode tcp
+	server bitwarden bitwarden.pyrocufflink.blue:443 check

roles/dch-proxy/templates/frontend-main.haproxy.cfg.j2

@@ -5,6 +5,8 @@ frontend main
     use_backend gitea if { hdr(host) -i git.pyrocufflink.net }
     use_backend jenkins if { hdr(host) -i jenkins.pyrocufflink.blue }
     use_backend jenkins if { hdr(host) -i jenkins.pyrocufflink.net }
+    use_backend bitwarden if { hdr(host) -i bitwarden.pyrocufflink.blue }
+    use_backend bitwarden if { hdr(host) -i bitwarden.pyrocufflink.net }
     default_backend web
 
 
@@ -20,6 +22,8 @@ frontend main-tls
     use_backend gitea-tls if { req_ssl_sni -i git.pyrocufflink.net }
     use_backend jenkins-tls if { req_ssl_sni -i jenkins.pyrocufflink.blue }
     use_backend jenkins-tls if { req_ssl_sni -i jenkins.pyrocufflink.net }
+    use_backend bitwarden-tls if { req_ssl_sni -i bitwarden.pyrocufflink.blue }
+    use_backend bitwarden-tls if { req_ssl_sni -i bitwarden.pyrocufflink.net }
     use_backend web-tls if { req_ssl_sni -i darkchestofwonders.us }
     use_backend web-tls if { req_ssl_sni -i pyrocufflink.net }
     default_backend openvpn