Reinstate Squid, cutting out DansGuardian

2025-03-09 15:40:17 +00:00 · 2021-08-15 07:59:35 -04:00 · 2021-08-15 07:59:35 -04:00 · 724f64e85a
commit 724f64e85a
parent 0d0a81352c
18 changed files with 104 additions and 104 deletions
--- a/roles/0-init/tasks/validate_vars.yml
+++ b/roles/0-init/tasks/validate_vars.yml
@ -63,7 +63,7 @@
 #
 # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc
- name: Set vars_checklist for 42 + 42 + 38 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked
+- name: Set vars_checklist for 43 + 43 + 39 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked
  set_fact:
    vars_checklist:
      - hostapd
@ -78,7 +78,7 @@
      #- nginx              # MANDATORY
      #- apache             # Unmaintained - former dependency
      #- mysql              # MANDATORY
-      #- squid              # Unmaintained
+      - squid
      #- dansguardian       # Unmaintained
      - cups
      - samba
--- a/roles/4-server-options/tasks/main.yml
+++ b/roles/4-server-options/tasks/main.yml
@ -34,10 +34,10 @@
  include_tasks: roles/network/tasks/dhcpd.yml
  when: dhcpd_install is defined and dhcpd_install
-# UNMAINTAINED
+# LESS MAINTAINED
-# - name: Install Squid (and DansGuardian if dansguardian_install)
+- name: Install Squid    # (and DansGuardian if dansguardian_install)
-#   include_tasks: roles/network/tasks/squid.yml
+  include_tasks: roles/network/tasks/squid.yml
-#   when: squid_install is defined and squid_install
+  when: squid_install is defined and squid_install
 - name: Install Bluetooth - only on Raspberry Pi
--- a/roles/network/tasks/computed_services.yml
+++ b/roles/network/tasks/computed_services.yml
@ -1,7 +1,7 @@
 - name: No LAN configured - 'Appliance' mode
  set_fact:
    # dansguardian_enabled: False
-    # squid_enabled: False
+    squid_enabled: False
    # wondershaper_enabled: False
    hostapd_enabled: False
    iiab_network_mode: "Appliance"
@ -10,7 +10,7 @@
 - name: LAN configured - 'LanController' mode
  set_fact:
    # dansguardian_enabled: False
-    # squid_enabled: False
+    squid_enabled: False
    # wondershaper_enabled: False
    iiab_network_mode: "LanController"
  when: iiab_lan_iface != "none" and iiab_wan_iface == "none"
--- a/roles/network/tasks/enable_services.yml
+++ b/roles/network/tasks/enable_services.yml
@ -134,55 +134,55 @@
 #     enabled: no
 #   when: (dansguardian_install or dansguardian_installed is defined) and not dansguardian_enabled
-# - name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }}, if squid_enabled
+- name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }}, if squid_enabled
-#   lineinfile:
+  lineinfile:
-#     path: "{{ iiab_env_file }}"
+    path: "{{ iiab_env_file }}"
-#     regexp: '^HTTPCACHE_ON=*'
+    regexp: '^HTTPCACHE_ON=*'
-#     line: 'HTTPCACHE_ON=True'
+    line: 'HTTPCACHE_ON=True'
-#     state: present
+    state: present
-#   when: squid_install and squid_enabled
+  when: squid_install and squid_enabled
-# - name: Enable Squid systemd service ({{ proxy }}) if squid_enabled
+- name: Enable Squid systemd service ({{ proxy }}) if squid_enabled
-#   systemd:
+  systemd:
-#     name: "{{ proxy }}"
+    name: "{{ proxy }}"
-#     enabled: yes
+    enabled: yes
-#   when: squid_install and squid_enabled
+  when: squid_install and squid_enabled
-# - name: Install /etc/{{ proxy }}/squid-iiab.conf from template, owned by {{ proxy_user }}:{{ proxy_user }}
+- name: Install /etc/{{ proxy }}/squid-iiab.conf from template, owned by {{ proxy_user }}:{{ proxy_user }}
-#   template:
+  template:
-#     src: "{{ item.src }}"
+    src: "{{ item.src }}"
-#     dest: "{{ item.dest }}"
+    dest: "{{ item.dest }}"
-#     owner: "{{ item.owner }}"
+    owner: "{{ item.owner }}"
-#     group: "{{ item.group }}"
+    group: "{{ item.group }}"
-#     mode: "{{ item.mode }}"
+    mode: "{{ item.mode }}"
-#   with_items:
+  with_items:
-#     - src: squid/squid-iiab.conf.j2
+    - src: squid/squid-iiab.conf.j2
-#       dest: "/etc/{{ proxy }}/squid-iiab.conf"
+      dest: "/etc/{{ proxy }}/squid-iiab.conf"
-#       owner: "{{ proxy_user }}"
+      owner: "{{ proxy_user }}"
-#       group: "{{ proxy_user }}"
+      group: "{{ proxy_user }}"
-#       mode: 0644
+      mode: 0644
-#   when: squid_install and squid_enabled
+  when: squid_install and squid_enabled
-# - name: Point to Squid config file from startup file, if squid_enabled (debuntu)
+- name: Point to Squid config file from startup file, if squid_enabled (debuntu)
-#   lineinfile:
+  lineinfile:
-#     regexp: '^CONFIG'
+    regexp: '^CONFIG'
-#     line: "CONFIG=/etc/{{ proxy }}/squid-iiab.conf"
+    line: "CONFIG=/etc/{{ proxy }}/squid-iiab.conf"
-#     path: "/etc/init.d/{{ proxy }}"
+    path: "/etc/init.d/{{ proxy }}"
-#   when: squid_install and squid_enabled and is_debuntu
+  when: squid_install and squid_enabled and is_debuntu
-# - name: Disable Squid service, if not squid_enabled
+- name: Disable Squid service, if not squid_enabled
-#   systemd:
+  systemd:
-#     name: "{{ proxy }}"
+    name: "{{ proxy }}"
-#     enabled: no
+    enabled: no
-#   when: (squid_install or squid_installed is defined) and not squid_enabled
+  when: (squid_install or squid_installed is defined) and not squid_enabled
-# - name: Revert to 'HTTPCACHE_ON=False' if not squid_enabled
+- name: Revert to 'HTTPCACHE_ON=False' if not squid_enabled
-#   lineinfile:
+  lineinfile:
-#     path: "{{ iiab_env_file }}"
+    path: "{{ iiab_env_file }}"
-#     regexp: '^HTTPCACHE_ON=*'
+    regexp: '^HTTPCACHE_ON=*'
-#     line: 'HTTPCACHE_ON=False'
+    line: 'HTTPCACHE_ON=False'
-#     state: present
+    state: present
-#   when: squid_install and not squid_enabled
+  when: squid_install and not squid_enabled
 # - name: Enable Wondershaper service, if wondershaper_enabled
 #   systemd:
@ -217,18 +217,18 @@
    - gateway/iiab-internet-off
-# - name: Add 'squid' variable values to {{ iiab_ini_file }}
+- name: Add 'squid' variable values to {{ iiab_ini_file }}
-#   ini_file:
+  ini_file:
-#     path: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
-#     section: squid
+    section: squid
-#     option: "{{ item.option }}"
+    option: "{{ item.option }}"
-#     value: "{{ item.value | string }}"
+    value: "{{ item.value | string }}"
-#   with_items:
+  with_items:
-#     - option: squid_install
+    - option: squid_install
-#       value: "{{ squid_install }}"
+      value: "{{ squid_install }}"
-#     - option: squid_enabled
+    - option: squid_enabled
-#       value: "{{ squid_enabled }}"
+      value: "{{ squid_enabled }}"
-#   when: squid_installed is defined
+  when: squid_installed is defined
 # - name: Add 'dansguardian' variable values to {{ iiab_ini_file }}
 #   ini_file:
--- a/roles/network/tasks/main.yml
+++ b/roles/network/tasks/main.yml
@ -33,9 +33,9 @@
  include_tasks: dhcpd.yml
  when: dhcpd_install and FQDN_changed and iiab_stage|int == 9
-# - name: (Re)Install Squid
+- name: (Re)Install Squid
-#   include_tasks: squid.yml
+  include_tasks: squid.yml
-#   when: squid_install and FQDN_changed and iiab_stage|int == 9
+  when: squid_install and FQDN_changed and iiab_stage|int == 9
 #preprep for backends
 - name: Netplan in use on Ubuntu 18.04+
--- a/roles/network/tasks/restart.yml
+++ b/roles/network/tasks/restart.yml
@ -16,12 +16,12 @@
    state: restarted
  when: named_enabled and named_install
-# - name: Stop Squid service
+- name: Stop Squid service
-#   systemd:
+  systemd:
-#     name: "{{ proxy }}"
+    name: "{{ proxy }}"
-#     state: stopped
+    state: stopped
-#   async: 120
+  async: 120
-#   when: squid_install or squid_installed is defined
+  when: squid_install or squid_installed is defined
 # - name: Stop DansGuardian
 #   systemd:
@ -35,12 +35,12 @@
 #     state: restarted
 #   when: dansguardian_enabled and dansguardian_install and ( not is_ubuntu and iiab_stage|int < 4 )
-# # Squid get re-loaded with dispatcher.d
+# Squid get re-loaded with dispatcher.d
-# - name: Restart Squid service ({{ proxy }})
+- name: Restart Squid service ({{ proxy }})
-#   systemd:
+  systemd:
-#     name: "{{ proxy }}"
+    name: "{{ proxy }}"
-#     state: restarted
+    state: restarted
-#   when: squid_enabled and squid_install
+  when: squid_enabled and squid_install
 # - name: Restart Wondershaper service (wondershaper)
 #   systemd:
--- a/roles/network/tasks/squid.yml.unused
+++ b/roles/network/tasks/squid.yml.unused
@ -78,8 +78,8 @@
    state: directory
- include_tasks: roles/network/tasks/dansguardian.yml
+# - include_tasks: roles/network/tasks/dansguardian.yml
-  when: dansguardian_install
+#   when: dansguardian_install
 # RECORD Squid AS INSTALLED
@ -112,18 +112,18 @@
    - option: squid_enabled
      value: "{{ squid_enabled }}"
- name: Add 'dansguardian' variable values to {{ iiab_ini_file }}
+# - name: Add 'dansguardian' variable values to {{ iiab_ini_file }}
-  ini_file:
+#   ini_file:
-    dest: "{{ iiab_ini_file }}"
+#     dest: "{{ iiab_ini_file }}"
-    section: dansguardian
+#     section: dansguardian
-    option: "{{ item.option }}"
+#     option: "{{ item.option }}"
-    value: "{{ item.value | string }}"
+#     value: "{{ item.value | string }}"
-  with_items:
+#   with_items:
-    - option: name
+#     - option: name
-      value: DansGuardian
+#       value: DansGuardian
-    - option: description
+#     - option: description
-      value: '"DansGuardian searches web content for objectionable references and denies access when found."'
+#       value: '"DansGuardian searches web content for objectionable references and denies access when found."'
-    - option: dansguardian_install
+#     - option: dansguardian_install
-      value: "{{ dansguardian_install }}"
+#       value: "{{ dansguardian_install }}"
-    - option: dansguardian_enabled
+#     - option: dansguardian_enabled
-      value: "{{ dansguardian_enabled }}"
+#       value: "{{ dansguardian_enabled }}"
--- a/roles/network/templates/squid.unused/allowregex.rules
+++ b/roles/network/templates/squid.unused/allowregex.rules
--- a/roles/network/templates/squid/dansguardian.conf.centos.j2.unused
+++ b/roles/network/templates/squid/dansguardian.conf.centos.j2.unused
--- a/roles/network/templates/squid/dansguardian.conf.debian.j2.unused
+++ b/roles/network/templates/squid/dansguardian.conf.debian.j2.unused
--- a/roles/network/templates/squid/dansguardian.conf.j2.unused
+++ b/roles/network/templates/squid/dansguardian.conf.j2.unused
--- a/roles/network/templates/squid.unused/denyregex.rules
+++ b/roles/network/templates/squid.unused/denyregex.rules
--- a/roles/network/templates/squid.unused/dstaddress.rules
+++ b/roles/network/templates/squid.unused/dstaddress.rules
--- a/roles/network/templates/squid.unused/iiab-httpcache.j2
+++ b/roles/network/templates/squid.unused/iiab-httpcache.j2
--- a/roles/network/templates/squid.unused/sites.whitelist.txt
+++ b/roles/network/templates/squid.unused/sites.whitelist.txt
--- a/roles/network/templates/squid.unused/squid-iiab.conf.j2
+++ b/roles/network/templates/squid.unused/squid-iiab.conf.j2
@ -4,11 +4,11 @@
 ###############################
 #  Network Interface
-{% if dansguardian_enabled %}
+# {% if dansguardian_enabled %}
-http_port 127.0.0.1:3130 
+# http_port 127.0.0.1:3130
-{% else %}
+# {% else %}
 http_port 0.0.0.0:3128 transparent
-{% endif %}
+# {% endif %}
 icp_port 0
--- a/roles/network/templates/squid.unused/squid.sysconfig
+++ b/roles/network/templates/squid.unused/squid.sysconfig
--- a/vars/default_vars.yml
+++ b/vars/default_vars.yml
@ -123,7 +123,7 @@ wifi_up_down: True    # Creates a 2nd virtual WiFi adapter for upstream WiFi
 # Set True if client machines should have "passthrough" access to WAN/Internet:
 iiab_gateway_enabled: False
-# gw_squid_whitelist: False
+gw_squid_whitelist: False
 gw_block_https: False
 # Gateway mode
@ -257,9 +257,9 @@ nginx_log_dir: /var/log/nginx
 # DNS prep (named &/or dhcpd) used to run here.  See dnsmasq in 1-PREP above.
-# UNMAINTAINED as of July 2021
+# LESS MAINTAINED as of July 2021
-# squid_install: False
+squid_install: False
-# squid_enabled: False
+squid_enabled: False
 # UNMAINTAINED as of July 2021
 # DansGuardian REQUIRES Squid (above) be installed & enabled.