iiab/roles/network/tasks/squid.yml

- name: Install Squid packages
  package:
    name: "{{ item }}"
    state: present
  with_items:
    - "{{ proxy }}"
    - cadaver
  tags:
    - download

- name: Bigger hammer for Ubuntu
  command: /etc/init.d/squid stop
  when: is_ubuntu

- name: Stop Squid
  service:
    name: "{{ proxy }}"
    state: stopped
  when: not installing

- name: Create the Squid user
  user:
    name: "{{ proxy_user }}"
    createhome: False
    shell: /bin/false

- name: Copy init script and config file
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: "{{ item.owner }}"
    group: "{{ item.group }}"
    mode: "{{ item.mode }}"
  with_items:
    - src: roles/network/templates/squid/squid.sysconfig
      dest: /etc/sysconfig/squid
      owner: root
      group: root
      mode: 0755
    - src: roles/network/templates/squid/sites.whitelist.txt
      dest: "/etc/{{ proxy }}/sites.whitelist.txt"
      owner: "{{ proxy_user }}"
      group: "{{ proxy_user }}"
      mode: 0644
    - src: roles/network/templates/squid/allowregex.rules
      dest: "/etc/{{ proxy }}/allowregex.rules"
      owner: "{{ proxy_user }}"
      group: "{{ proxy_user }}"
      mode: 0644
    - src: roles/network/templates/squid/denyregex.rules
      dest: "/etc/{{ proxy }}/denyregex.rules"
      owner: "{{ proxy_user }}"
      group: "{{ proxy_user }}"
      mode: 0644
    - src: roles/network/templates/squid/dstaddress.rules
      dest: "/etc/{{ proxy }}/dstaddress.rules"
      owner: "{{ proxy_user }}"
      group: "{{ proxy_user }}"
      mode: 0644
    - src: roles/network/templates/squid/iiab-httpcache.j2
      dest: /usr/bin/iiab-httpcache
      owner: root
      group: root
      mode: 0755

- name: Create Squid cache directory
  file:
    path: /library/cache
    owner: "{{ proxy_user }}"
    group: "{{ proxy_user }}"
    mode: 0750
    state: directory

- name: Create Squid log directory
  file:
    path: "/var/log/{{ proxy }}"
    owner: "{{ proxy_user }}"
    group: "{{ proxy_user }}"
    mode: 0750
    state: directory

- include_tasks: roles/network/tasks/dansguardian.yml
  when: dansguardian_install

# {{ proxy }} is normally "squid", but is "squid3" on raspbian-8 & debian-8
- name: Add '{{ proxy }}' to list of services at /etc/iiab/iiab.ini
  ini_file:
    dest: "{{ service_filelist }}"
    section: "{{ proxy }}"
    option: "{{ item.option }}"
    value: "{{ item.value }}"
  with_items:
    - option: name
      value: Squid
    - option: description
      value: '"Squid caches web pages the first time they are accessed, and pulls them from the cache thereafter."'
    - option: enabled
      value: "{{ squid_enabled }}"

- name: Add 'dansguardian' to list of services at /etc/iiab/iiab.ini
  ini_file:
    dest: "{{ service_filelist }}"
    section: dansguardian
    option: "{{ item.option }}"
    value: "{{ item.value }}"
  with_items:
    - option: name
      value: DansGuardian
    - option: description
      value: '"DansGuardian searches web content for objectionable references and denies access when found."'
    - option: enabled
      value: "{{ dansguardian_enabled }}"
cleaner messaging 2017-10-27 17:36:33 +00:00			`- name: Install Squid packages`
Update squid.yml 2017-12-08 10:47:21 +00:00			`package:`
			`name: "{{ item }}"`
			`state: present`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`with_items:`
			`- "{{ proxy }}"`
			`- cadaver`
			`tags:`
			`- download`

Ubuntu - bigger hammer to stop squid on ubuntu with DG enabled 2017-11-03 00:33:33 +00:00			`- name: Bigger hammer for Ubuntu`
			`command: /etc/init.d/squid stop`
			`when: is_ubuntu`

Ubuntu - stop squid before replacing the stock config files otherwise stock service does not stop with replacement files already in place 2017-11-02 21:56:31 +00:00			`- name: Stop Squid`
Update squid.yml 2017-12-08 10:47:21 +00:00			`service:`
			`name: "{{ proxy }}"`
			`state: stopped`
Ubuntu - stop squid before replacing the stock config files otherwise stock service does not stop with replacement files already in place 2017-11-02 21:56:31 +00:00			`when: not installing`

cleaner messaging 2017-10-27 17:36:33 +00:00			`- name: Create the Squid user`
Update squid.yml 2017-12-08 10:47:21 +00:00			`user:`
			`name: "{{ proxy_user }}"`
			`createhome: False`
			`shell: /bin/false`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
			`- name: Copy init script and config file`
Update squid.yml 2017-12-08 10:47:21 +00:00			`template:`
			`src: "{{ item.src }}"`
			`dest: "{{ item.dest }}"`
			`owner: "{{ item.owner }}"`
			`group: "{{ item.group }}"`
			`mode: "{{ item.mode }}"`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`with_items:`
Update squid.yml 2017-12-08 11:01:33 +00:00			`- src: roles/network/templates/squid/squid.sysconfig`
			`dest: /etc/sysconfig/squid`
			`owner: root`
			`group: root`
			`mode: 0755`
			`- src: roles/network/templates/squid/sites.whitelist.txt`
Update squid.yml 2017-12-08 11:04:39 +00:00			`dest: "/etc/{{ proxy }}/sites.whitelist.txt"`
			`owner: "{{ proxy_user }}"`
			`group: "{{ proxy_user }}"`
Update squid.yml 2017-12-08 11:01:33 +00:00			`mode: 0644`
			`- src: roles/network/templates/squid/allowregex.rules`
Update squid.yml 2017-12-08 11:04:39 +00:00			`dest: "/etc/{{ proxy }}/allowregex.rules"`
			`owner: "{{ proxy_user }}"`
			`group: "{{ proxy_user }}"`
Update squid.yml 2017-12-08 11:01:33 +00:00			`mode: 0644`
			`- src: roles/network/templates/squid/denyregex.rules`
Update squid.yml 2017-12-08 11:04:39 +00:00			`dest: "/etc/{{ proxy }}/denyregex.rules"`
			`owner: "{{ proxy_user }}"`
			`group: "{{ proxy_user }}"`
Update squid.yml 2017-12-08 11:01:33 +00:00			`mode: 0644`
			`- src: roles/network/templates/squid/dstaddress.rules`
Update squid.yml 2017-12-08 11:04:39 +00:00			`dest: "/etc/{{ proxy }}/dstaddress.rules"`
			`owner: "{{ proxy_user }}"`
			`group: "{{ proxy_user }}"`
Update squid.yml 2017-12-08 11:01:33 +00:00			`mode: 0644`
			`- src: roles/network/templates/squid/iiab-httpcache.j2`
			`dest: /usr/bin/iiab-httpcache`
			`owner: root`
			`group: root`
			`mode: 0755`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
cleaner messaging 2017-10-27 17:36:33 +00:00			`- name: Create Squid cache directory`
Update squid.yml 2017-12-08 10:47:21 +00:00			`file:`
			`path: /library/cache`
			`owner: "{{ proxy_user }}"`
			`group: "{{ proxy_user }}"`
			`mode: 0750`
			`state: directory`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
cleaner messaging 2017-10-27 17:36:33 +00:00			`- name: Create Squid log directory`
Update squid.yml 2017-12-08 10:47:21 +00:00			`file:`
			`path: "/var/log/{{ proxy }}"`
			`owner: "{{ proxy_user }}"`
			`group: "{{ proxy_user }}"`
			`mode: 0750`
			`state: directory`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
move network package install - double check after rebase 2017-10-31 09:10:46 +00:00			`- include_tasks: roles/network/tasks/dansguardian.yml`
make DG and squid respect *_install and default dansguardian_install to False 2017-08-09 05:29:40 +00:00			`when: dansguardian_install`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Update squid.yml 2017-12-08 11:08:14 +00:00			`# {{ proxy }} is normally "squid", but is "squid3" on raspbian-8 & debian-8`
			`- name: Add '{{ proxy }}' to list of services at /etc/iiab/iiab.ini`
Update squid.yml 2017-12-08 10:47:21 +00:00			`ini_file:`
			`dest: "{{ service_filelist }}"`
Update squid.yml 2017-12-08 11:08:14 +00:00			`section: "{{ proxy }}"`
Update squid.yml 2017-12-08 10:47:21 +00:00			`option: "{{ item.option }}"`
			`value: "{{ item.value }}"`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`with_items:`
			`- option: name`
Update squid.yml 2017-12-08 10:47:21 +00:00			`value: Squid`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`- option: description`
bringing all pkg descriptions into same format 2017-11-13 19:25:06 +00:00			`value: '"Squid caches web pages the first time they are accessed, and pulls them from the cache thereafter."'`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`- option: enabled`
			`value: "{{ squid_enabled }}"`

Update squid.yml 2017-12-08 10:47:21 +00:00			`- name: Add 'dansguardian' to list of services at /etc/iiab/iiab.ini`
			`ini_file:`
			`dest: "{{ service_filelist }}"`
			`section: dansguardian`
			`option: "{{ item.option }}"`
			`value: "{{ item.value }}"`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`with_items:`
			`- option: name`
Update squid.yml 2017-12-08 10:47:21 +00:00			`value: DansGuardian`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`- option: description`
obectionable -> objectionable 2017-11-02 05:20:13 +00:00			`value: '"DansGuardian searches web content for objectionable references and denies access when found."'`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`- option: enabled`
			`value: "{{ dansguardian_enabled }}"`