mirror of
https://github.com/iiab/iiab.git
synced 2025-03-09 15:40:17 +00:00
Squid clarifs in local_vars.yml, enable_services.yml etc
This commit is contained in:
parent
dfd1ff8b1b
commit
7c6494b31a
8 changed files with 59 additions and 26 deletions
|
@ -34,7 +34,7 @@
|
|||
include_tasks: roles/network/tasks/dhcpd.yml
|
||||
when: dhcpd_install is defined and dhcpd_install
|
||||
|
||||
# LESS MAINTAINED
|
||||
# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879
|
||||
- name: Install Squid # (and DansGuardian if dansguardian_install)
|
||||
include_tasks: roles/network/tasks/squid.yml
|
||||
when: squid_install is defined and squid_install
|
||||
|
|
|
@ -134,43 +134,43 @@
|
|||
# enabled: no
|
||||
# when: (dansguardian_install or dansguardian_installed is defined) and not dansguardian_enabled
|
||||
|
||||
- name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }}, if squid_enabled
|
||||
- debug:
|
||||
var: squid_install
|
||||
- debug:
|
||||
var: squid_enabled
|
||||
- debug:
|
||||
var: squid_installed
|
||||
|
||||
- name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }} - if squid_install and squid_enabled
|
||||
lineinfile:
|
||||
path: "{{ iiab_env_file }}"
|
||||
regexp: '^HTTPCACHE_ON=*'
|
||||
line: 'HTTPCACHE_ON=True'
|
||||
state: present
|
||||
when: squid_install and squid_enabled
|
||||
|
||||
- name: Enable Squid systemd service ({{ proxy }}) if squid_enabled
|
||||
- name: Enable Squid systemd service ({{ proxy }}) - if squid_install and squid_enabled
|
||||
systemd:
|
||||
name: "{{ proxy }}"
|
||||
name: "{{ proxy }}" # squid (or squid3 on old OS's vars/debian-8.yml & vars/raspbian-8.yml)
|
||||
enabled: yes
|
||||
when: squid_install and squid_enabled
|
||||
|
||||
- name: Install /etc/{{ proxy }}/squid-iiab.conf from template, owned by {{ proxy_user }}:{{ proxy_user }}
|
||||
- name: Install /etc/{{ proxy }}/squid-iiab.conf from template, owned by {{ proxy_user }}:{{ proxy_user }} (0644 by default) - if squid_install and squid_enabled
|
||||
template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: "{{ item.owner }}"
|
||||
group: "{{ item.group }}"
|
||||
mode: "{{ item.mode }}"
|
||||
with_items:
|
||||
- src: squid/squid-iiab.conf.j2
|
||||
dest: "/etc/{{ proxy }}/squid-iiab.conf"
|
||||
owner: "{{ proxy_user }}"
|
||||
group: "{{ proxy_user }}"
|
||||
mode: 0644
|
||||
src: squid/squid-iiab.conf.j2
|
||||
dest: "/etc/{{ proxy }}/squid-iiab.conf"
|
||||
owner: "{{ proxy_user }}" # proxy (or "squid" on vars/centos-7.yml, vars/fedora-18.yml, vars/fedora-12.yml)
|
||||
group: "{{ proxy_user }}"
|
||||
# mode: 0644
|
||||
when: squid_install and squid_enabled
|
||||
|
||||
- name: Point to Squid config file from startup file, if squid_enabled (debuntu)
|
||||
- name: Point to Squid config file from startup file - if squid_install and squid_enabled
|
||||
lineinfile:
|
||||
regexp: '^CONFIG'
|
||||
line: "CONFIG=/etc/{{ proxy }}/squid-iiab.conf"
|
||||
path: "/etc/init.d/{{ proxy }}"
|
||||
when: squid_install and squid_enabled and is_debuntu
|
||||
when: squid_install and squid_enabled
|
||||
|
||||
- name: Disable Squid service, if not squid_enabled
|
||||
- name: Disable Squid service, if not squid_enabled - if (squid_install or squid_installed is defined) and not squid_enabled
|
||||
systemd:
|
||||
name: "{{ proxy }}"
|
||||
enabled: no
|
||||
|
@ -181,7 +181,6 @@
|
|||
path: "{{ iiab_env_file }}"
|
||||
regexp: '^HTTPCACHE_ON=*'
|
||||
line: 'HTTPCACHE_ON=False'
|
||||
state: present
|
||||
when: squid_install and not squid_enabled
|
||||
|
||||
# - name: Enable Wondershaper service, if wondershaper_enabled
|
||||
|
@ -219,7 +218,7 @@
|
|||
|
||||
- name: Add 'squid' variable values to {{ iiab_ini_file }}
|
||||
ini_file:
|
||||
path: "{{ iiab_ini_file }}"
|
||||
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
|
||||
section: squid
|
||||
option: "{{ item.option }}"
|
||||
value: "{{ item.value | string }}"
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
.translate.google.com
|
||||
.gstatic.com
|
||||
.unleashkids.org
|
||||
.iiab.io.org
|
||||
.iiab.io
|
||||
.hopeforhaitischildren.org
|
||||
.lenouvelliste.com
|
||||
.voanouvel.com
|
||||
|
|
|
@ -123,8 +123,6 @@ wifi_up_down: True # Creates a 2nd virtual WiFi adapter for upstream WiFi
|
|||
|
||||
# Set True if client machines should have "passthrough" access to WAN/Internet:
|
||||
iiab_gateway_enabled: False
|
||||
gw_squid_whitelist: False
|
||||
gw_block_https: False
|
||||
|
||||
# Gateway mode
|
||||
iiab_lan_enabled: True
|
||||
|
@ -257,9 +255,13 @@ nginx_log_dir: /var/log/nginx
|
|||
|
||||
# DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above.
|
||||
|
||||
# LESS MAINTAINED as of July 2021
|
||||
# Proxy Cache and basic site blocking using /etc/squid/sites.whitelist.txt
|
||||
# e.g. /opt/iiab/iiab/roles/network/templates/squid/sites.whitelist.txt
|
||||
# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879
|
||||
squid_install: False
|
||||
squid_enabled: False
|
||||
gw_squid_whitelist: False # Only HTTP sites can be blocked, not HTTPS sites
|
||||
gw_block_https: False # SEE ABOVE: iiab_gateway_enabled
|
||||
|
||||
# UNMAINTAINED as of July 2021
|
||||
# DansGuardian REQUIRES Squid (above) be installed & enabled.
|
||||
|
|
|
@ -147,6 +147,14 @@ pi_swap_file_size: 1024
|
|||
|
||||
# DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above.
|
||||
|
||||
# Proxy Cache and basic site blocking using /etc/squid/sites.whitelist.txt
|
||||
# e.g. /opt/iiab/iiab/roles/network/templates/squid/sites.whitelist.txt
|
||||
# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879
|
||||
squid_install: False
|
||||
squid_enabled: False
|
||||
gw_squid_whitelist: False # Only HTTP sites can be blocked, not HTTPS sites
|
||||
gw_block_https: False # SEE ABOVE: iiab_gateway_enabled
|
||||
|
||||
# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
|
||||
bluetooth_install: True
|
||||
bluetooth_enabled: False
|
||||
|
|
|
@ -147,6 +147,14 @@ pi_swap_file_size: 1024
|
|||
|
||||
# DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above.
|
||||
|
||||
# Proxy Cache and basic site blocking using /etc/squid/sites.whitelist.txt
|
||||
# e.g. /opt/iiab/iiab/roles/network/templates/squid/sites.whitelist.txt
|
||||
# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879
|
||||
squid_install: False
|
||||
squid_enabled: False
|
||||
gw_squid_whitelist: False # Only HTTP sites can be blocked, not HTTPS sites
|
||||
gw_block_https: False # SEE ABOVE: iiab_gateway_enabled
|
||||
|
||||
# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
|
||||
bluetooth_install: True
|
||||
bluetooth_enabled: False
|
||||
|
|
|
@ -147,6 +147,14 @@ pi_swap_file_size: 1024
|
|||
|
||||
# DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above.
|
||||
|
||||
# Proxy Cache and basic site blocking using /etc/squid/sites.whitelist.txt
|
||||
# e.g. /opt/iiab/iiab/roles/network/templates/squid/sites.whitelist.txt
|
||||
# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879
|
||||
squid_install: False
|
||||
squid_enabled: False
|
||||
gw_squid_whitelist: False # Only HTTP sites can be blocked, not HTTPS sites
|
||||
gw_block_https: False # SEE ABOVE: iiab_gateway_enabled
|
||||
|
||||
# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
|
||||
bluetooth_install: True
|
||||
bluetooth_enabled: False
|
||||
|
|
|
@ -147,6 +147,14 @@ pi_swap_file_size: 1024
|
|||
|
||||
# DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above.
|
||||
|
||||
# Proxy Cache and basic site blocking using /etc/squid/sites.whitelist.txt
|
||||
# e.g. /opt/iiab/iiab/roles/network/templates/squid/sites.whitelist.txt
|
||||
# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879
|
||||
squid_install: False
|
||||
squid_enabled: False
|
||||
gw_squid_whitelist: False # Only HTTP sites can be blocked, not HTTPS sites
|
||||
gw_block_https: False # SEE ABOVE: iiab_gateway_enabled
|
||||
|
||||
# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
|
||||
bluetooth_install: False
|
||||
bluetooth_enabled: False
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue