{%- set sslbase = '/etc/ssl' -%}
{%- from 'macros.jinja' import nginx_crtkeypair with context -%}
{%- from 'macros.jinja' import firewall_interfaces, listeners -%}
{%- set firewall_interfaces = firewall_interfaces -%}
{%- set listeners = listeners -%}
{%- set nginx_crtkeypair = nginx_crtkeypair -%}
{%- set minion = grains['id'] -%}

{#- START Listener detection logic -#}

{%- set listen_ips = [] -%}
{%- set listen_ips4 = [] -%}
{%- set listen_ips6 = [] -%}
{%- set minion = grains['id'] -%}
{%- set legal6s = ('fd29', '2a01:4f8:11e:2200') -%}
{%- set ip4s = salt.saltutil.runner('mine.get', tgt=minion, fun='network.ip_addrs', tgt_type='glob') -%}
{%- set ip6s = salt.saltutil.runner('mine.get', tgt=minion, fun='network.ip_addrs6', tgt_type='glob') -%}
{%- if minion in ip4s -%}{%- for ip in ip4s[minion] -%}
{%- if salt['network.is_private'](ip) -%}
{%- do listen_ips.append(ip) -%}
{%- do listen_ips4.append(ip) -%}
{%- endif -%}
{%- endfor -%}{%- endif -%}
{%- if minion in ip6s -%}{%- for ip in ip6s[minion] -%}
{%- if ip.startswith(legal6s) -%}
{%- do listen_ips.append(ip) -%}
{%- do listen_ips6.append(ip) -%}
{%- endif -%}
{%- endfor -%}{%- endif -%}

{#- END Listener detection logic -%}


{#- START Interface mapping logic -#}

{%- set public = [] -%}
{%- set internal = [] -%}
{%- set backend = [] -%}

{%- set internal6s = ('2a01:4f8:11e:2200') -%}
{%- set backend6s = ('fd29:8e45:f292:ff80') -%}
{#- to-do: get rid of illegal backend4s -#}
{%- set backend4s = ('172.168.100') -%}
{%- set excluded_interfaces = ('lo') -%}
{%- set interfaces = salt.saltutil.runner('mine.get', tgt=minion, fun='network.interfaces', tgt_type='glob') -%}

{%- if minion in interfaces -%}{%- for interface, ifconfig in interfaces[minion].items() -%}
{%- if not interface.startswith(excluded_interfaces) -%}

{%- if 'inet' in ifconfig -%}
{%- for inetconf in ifconfig['inet'] -%}
{%- set ip4 = inetconf['address'] -%}

{%- if salt['network.is_private'](ip4) -%}

{%- if not interface in internal -%}
{%- do internal.append(interface) -%}
{%- endif -%}

{%- elif ip4.startswith(backend4s) -%}

{%- if not interface in backend -%}
{%- do backend.append(interface) -%}
{%- endif -%}

{%- else -%}

{%- if not interface in public -%}
{%- do public.append(interface) -%}
{%- endif -%}

{%- endif %}

{%- endfor %}
{%- endif %}

{%- if 'inet6' in ifconfig -%}
{%- for inet6conf in ifconfig['inet6'] -%}
{%- set ip6 = inet6conf['address'] -%}

{%- if ip6.startswith(internal6s) -%}

{%- if not interface in internal -%}
{%- do internal.append(interface) -%}
{%- endif -%}

{%- elif ip6.startswith(backend6s) -%}

{%- if not interface in backend -%}
{%- do backend.append(interface) -%}
{%- endif -%}

{%- endif -%}

{%- endfor -%}
{%- endif -%}

{%- endif -%}
{%- endfor -%}{%- endif -%}

{#- END Interface mapping logic -#}