diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index b95879b12..e42bcacdf 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -63,7 +63,7 @@ # # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc -- name: Set vars_checklist for 42 + 42 + 38 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked +- name: Set vars_checklist for 43 + 43 + 39 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked set_fact: vars_checklist: - hostapd @@ -78,7 +78,7 @@ #- nginx # MANDATORY #- apache # Unmaintained - former dependency #- mysql # MANDATORY - #- squid # Unmaintained + - squid #- dansguardian # Unmaintained - cups - samba diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 2f52446c6..bc8a139e1 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -34,10 +34,10 @@ include_tasks: roles/network/tasks/dhcpd.yml when: dhcpd_install is defined and dhcpd_install -# UNMAINTAINED -# - name: Install Squid (and DansGuardian if dansguardian_install) -# include_tasks: roles/network/tasks/squid.yml -# when: squid_install is defined and squid_install +# LESS MAINTAINED +- name: Install Squid # (and DansGuardian if dansguardian_install) + include_tasks: roles/network/tasks/squid.yml + when: squid_install is defined and squid_install - name: Install Bluetooth - only on Raspberry Pi diff --git a/roles/network/tasks/computed_services.yml b/roles/network/tasks/computed_services.yml index 4b1c75cac..47c3cd7cc 100644 --- a/roles/network/tasks/computed_services.yml +++ b/roles/network/tasks/computed_services.yml @@ -1,7 +1,7 @@ - name: No LAN configured - 'Appliance' mode set_fact: # dansguardian_enabled: False - # squid_enabled: False + squid_enabled: False # wondershaper_enabled: False hostapd_enabled: False iiab_network_mode: "Appliance" @@ -10,7 +10,7 @@ - name: LAN configured - 'LanController' mode set_fact: # dansguardian_enabled: False - # squid_enabled: False + squid_enabled: False # wondershaper_enabled: False iiab_network_mode: "LanController" when: iiab_lan_iface != "none" and iiab_wan_iface == "none" diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index 9284b546c..4151d8a13 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -134,55 +134,55 @@ # enabled: no # when: (dansguardian_install or dansguardian_installed is defined) and not dansguardian_enabled -# - name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }}, if squid_enabled -# lineinfile: -# path: "{{ iiab_env_file }}" -# regexp: '^HTTPCACHE_ON=*' -# line: 'HTTPCACHE_ON=True' -# state: present -# when: squid_install and squid_enabled +- name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }}, if squid_enabled + lineinfile: + path: "{{ iiab_env_file }}" + regexp: '^HTTPCACHE_ON=*' + line: 'HTTPCACHE_ON=True' + state: present + when: squid_install and squid_enabled -# - name: Enable Squid systemd service ({{ proxy }}) if squid_enabled -# systemd: -# name: "{{ proxy }}" -# enabled: yes -# when: squid_install and squid_enabled +- name: Enable Squid systemd service ({{ proxy }}) if squid_enabled + systemd: + name: "{{ proxy }}" + enabled: yes + when: squid_install and squid_enabled -# - name: Install /etc/{{ proxy }}/squid-iiab.conf from template, owned by {{ proxy_user }}:{{ proxy_user }} -# template: -# src: "{{ item.src }}" -# dest: "{{ item.dest }}" -# owner: "{{ item.owner }}" -# group: "{{ item.group }}" -# mode: "{{ item.mode }}" -# with_items: -# - src: squid/squid-iiab.conf.j2 -# dest: "/etc/{{ proxy }}/squid-iiab.conf" -# owner: "{{ proxy_user }}" -# group: "{{ proxy_user }}" -# mode: 0644 -# when: squid_install and squid_enabled +- name: Install /etc/{{ proxy }}/squid-iiab.conf from template, owned by {{ proxy_user }}:{{ proxy_user }} + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ item.owner }}" + group: "{{ item.group }}" + mode: "{{ item.mode }}" + with_items: + - src: squid/squid-iiab.conf.j2 + dest: "/etc/{{ proxy }}/squid-iiab.conf" + owner: "{{ proxy_user }}" + group: "{{ proxy_user }}" + mode: 0644 + when: squid_install and squid_enabled -# - name: Point to Squid config file from startup file, if squid_enabled (debuntu) -# lineinfile: -# regexp: '^CONFIG' -# line: "CONFIG=/etc/{{ proxy }}/squid-iiab.conf" -# path: "/etc/init.d/{{ proxy }}" -# when: squid_install and squid_enabled and is_debuntu +- name: Point to Squid config file from startup file, if squid_enabled (debuntu) + lineinfile: + regexp: '^CONFIG' + line: "CONFIG=/etc/{{ proxy }}/squid-iiab.conf" + path: "/etc/init.d/{{ proxy }}" + when: squid_install and squid_enabled and is_debuntu -# - name: Disable Squid service, if not squid_enabled -# systemd: -# name: "{{ proxy }}" -# enabled: no -# when: (squid_install or squid_installed is defined) and not squid_enabled +- name: Disable Squid service, if not squid_enabled + systemd: + name: "{{ proxy }}" + enabled: no + when: (squid_install or squid_installed is defined) and not squid_enabled -# - name: Revert to 'HTTPCACHE_ON=False' if not squid_enabled -# lineinfile: -# path: "{{ iiab_env_file }}" -# regexp: '^HTTPCACHE_ON=*' -# line: 'HTTPCACHE_ON=False' -# state: present -# when: squid_install and not squid_enabled +- name: Revert to 'HTTPCACHE_ON=False' if not squid_enabled + lineinfile: + path: "{{ iiab_env_file }}" + regexp: '^HTTPCACHE_ON=*' + line: 'HTTPCACHE_ON=False' + state: present + when: squid_install and not squid_enabled # - name: Enable Wondershaper service, if wondershaper_enabled # systemd: @@ -217,18 +217,18 @@ - gateway/iiab-internet-off -# - name: Add 'squid' variable values to {{ iiab_ini_file }} -# ini_file: -# path: "{{ iiab_ini_file }}" -# section: squid -# option: "{{ item.option }}" -# value: "{{ item.value | string }}" -# with_items: -# - option: squid_install -# value: "{{ squid_install }}" -# - option: squid_enabled -# value: "{{ squid_enabled }}" -# when: squid_installed is defined +- name: Add 'squid' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: squid + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: squid_install + value: "{{ squid_install }}" + - option: squid_enabled + value: "{{ squid_enabled }}" + when: squid_installed is defined # - name: Add 'dansguardian' variable values to {{ iiab_ini_file }} # ini_file: diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index ea7de3b47..d849cebaf 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -33,9 +33,9 @@ include_tasks: dhcpd.yml when: dhcpd_install and FQDN_changed and iiab_stage|int == 9 -# - name: (Re)Install Squid -# include_tasks: squid.yml -# when: squid_install and FQDN_changed and iiab_stage|int == 9 +- name: (Re)Install Squid + include_tasks: squid.yml + when: squid_install and FQDN_changed and iiab_stage|int == 9 #preprep for backends - name: Netplan in use on Ubuntu 18.04+ diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 362485baa..d286e987c 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -16,12 +16,12 @@ state: restarted when: named_enabled and named_install -# - name: Stop Squid service -# systemd: -# name: "{{ proxy }}" -# state: stopped -# async: 120 -# when: squid_install or squid_installed is defined +- name: Stop Squid service + systemd: + name: "{{ proxy }}" + state: stopped + async: 120 + when: squid_install or squid_installed is defined # - name: Stop DansGuardian # systemd: @@ -35,12 +35,12 @@ # state: restarted # when: dansguardian_enabled and dansguardian_install and ( not is_ubuntu and iiab_stage|int < 4 ) -# # Squid get re-loaded with dispatcher.d -# - name: Restart Squid service ({{ proxy }}) -# systemd: -# name: "{{ proxy }}" -# state: restarted -# when: squid_enabled and squid_install +# Squid get re-loaded with dispatcher.d +- name: Restart Squid service ({{ proxy }}) + systemd: + name: "{{ proxy }}" + state: restarted + when: squid_enabled and squid_install # - name: Restart Wondershaper service (wondershaper) # systemd: diff --git a/roles/network/tasks/squid.yml.unused b/roles/network/tasks/squid.yml similarity index 82% rename from roles/network/tasks/squid.yml.unused rename to roles/network/tasks/squid.yml index 586e0a5be..0190f2e0d 100644 --- a/roles/network/tasks/squid.yml.unused +++ b/roles/network/tasks/squid.yml @@ -78,8 +78,8 @@ state: directory -- include_tasks: roles/network/tasks/dansguardian.yml - when: dansguardian_install +# - include_tasks: roles/network/tasks/dansguardian.yml +# when: dansguardian_install # RECORD Squid AS INSTALLED @@ -112,18 +112,18 @@ - option: squid_enabled value: "{{ squid_enabled }}" -- name: Add 'dansguardian' variable values to {{ iiab_ini_file }} - ini_file: - dest: "{{ iiab_ini_file }}" - section: dansguardian - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: DansGuardian - - option: description - value: '"DansGuardian searches web content for objectionable references and denies access when found."' - - option: dansguardian_install - value: "{{ dansguardian_install }}" - - option: dansguardian_enabled - value: "{{ dansguardian_enabled }}" +# - name: Add 'dansguardian' variable values to {{ iiab_ini_file }} +# ini_file: +# dest: "{{ iiab_ini_file }}" +# section: dansguardian +# option: "{{ item.option }}" +# value: "{{ item.value | string }}" +# with_items: +# - option: name +# value: DansGuardian +# - option: description +# value: '"DansGuardian searches web content for objectionable references and denies access when found."' +# - option: dansguardian_install +# value: "{{ dansguardian_install }}" +# - option: dansguardian_enabled +# value: "{{ dansguardian_enabled }}" diff --git a/roles/network/templates/squid.unused/allowregex.rules b/roles/network/templates/squid/allowregex.rules similarity index 100% rename from roles/network/templates/squid.unused/allowregex.rules rename to roles/network/templates/squid/allowregex.rules diff --git a/roles/network/templates/squid.unused/dansguardian.conf.centos.j2 b/roles/network/templates/squid/dansguardian.conf.centos.j2.unused similarity index 100% rename from roles/network/templates/squid.unused/dansguardian.conf.centos.j2 rename to roles/network/templates/squid/dansguardian.conf.centos.j2.unused diff --git a/roles/network/templates/squid.unused/dansguardian.conf.debian.j2 b/roles/network/templates/squid/dansguardian.conf.debian.j2.unused similarity index 100% rename from roles/network/templates/squid.unused/dansguardian.conf.debian.j2 rename to roles/network/templates/squid/dansguardian.conf.debian.j2.unused diff --git a/roles/network/templates/squid.unused/dansguardian.conf.j2 b/roles/network/templates/squid/dansguardian.conf.j2.unused similarity index 100% rename from roles/network/templates/squid.unused/dansguardian.conf.j2 rename to roles/network/templates/squid/dansguardian.conf.j2.unused diff --git a/roles/network/templates/squid.unused/denyregex.rules b/roles/network/templates/squid/denyregex.rules similarity index 100% rename from roles/network/templates/squid.unused/denyregex.rules rename to roles/network/templates/squid/denyregex.rules diff --git a/roles/network/templates/squid.unused/dstaddress.rules b/roles/network/templates/squid/dstaddress.rules similarity index 100% rename from roles/network/templates/squid.unused/dstaddress.rules rename to roles/network/templates/squid/dstaddress.rules diff --git a/roles/network/templates/squid.unused/iiab-httpcache.j2 b/roles/network/templates/squid/iiab-httpcache.j2 similarity index 100% rename from roles/network/templates/squid.unused/iiab-httpcache.j2 rename to roles/network/templates/squid/iiab-httpcache.j2 diff --git a/roles/network/templates/squid.unused/sites.whitelist.txt b/roles/network/templates/squid/sites.whitelist.txt similarity index 100% rename from roles/network/templates/squid.unused/sites.whitelist.txt rename to roles/network/templates/squid/sites.whitelist.txt diff --git a/roles/network/templates/squid.unused/squid-iiab.conf.j2 b/roles/network/templates/squid/squid-iiab.conf.j2 similarity index 98% rename from roles/network/templates/squid.unused/squid-iiab.conf.j2 rename to roles/network/templates/squid/squid-iiab.conf.j2 index 1bce0547d..c78487e02 100644 --- a/roles/network/templates/squid.unused/squid-iiab.conf.j2 +++ b/roles/network/templates/squid/squid-iiab.conf.j2 @@ -4,11 +4,11 @@ ############################### # Network Interface -{% if dansguardian_enabled %} -http_port 127.0.0.1:3130 -{% else %} +# {% if dansguardian_enabled %} +# http_port 127.0.0.1:3130 +# {% else %} http_port 0.0.0.0:3128 transparent -{% endif %} +# {% endif %} icp_port 0 diff --git a/roles/network/templates/squid.unused/squid.sysconfig b/roles/network/templates/squid/squid.sysconfig similarity index 100% rename from roles/network/templates/squid.unused/squid.sysconfig rename to roles/network/templates/squid/squid.sysconfig diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 2fbf8b817..68d203e13 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -123,7 +123,7 @@ wifi_up_down: True # Creates a 2nd virtual WiFi adapter for upstream WiFi # Set True if client machines should have "passthrough" access to WAN/Internet: iiab_gateway_enabled: False -# gw_squid_whitelist: False +gw_squid_whitelist: False gw_block_https: False # Gateway mode @@ -257,9 +257,9 @@ nginx_log_dir: /var/log/nginx # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. -# UNMAINTAINED as of July 2021 -# squid_install: False -# squid_enabled: False +# LESS MAINTAINED as of July 2021 +squid_install: False +squid_enabled: False # UNMAINTAINED as of July 2021 # DansGuardian REQUIRES Squid (above) be installed & enabled.