1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00

Squid clarifs in local_vars.yml, enable_services.yml etc

This commit is contained in:
root 2021-08-15 10:06:01 -04:00
parent dfd1ff8b1b
commit 7c6494b31a
8 changed files with 59 additions and 26 deletions

View file

@ -34,7 +34,7 @@
include_tasks: roles/network/tasks/dhcpd.yml
when: dhcpd_install is defined and dhcpd_install
# LESS MAINTAINED
# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879
- name: Install Squid # (and DansGuardian if dansguardian_install)
include_tasks: roles/network/tasks/squid.yml
when: squid_install is defined and squid_install

View file

@ -134,43 +134,43 @@
# enabled: no
# when: (dansguardian_install or dansguardian_installed is defined) and not dansguardian_enabled
- name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }}, if squid_enabled
- debug:
var: squid_install
- debug:
var: squid_enabled
- debug:
var: squid_installed
- name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }} - if squid_install and squid_enabled
lineinfile:
path: "{{ iiab_env_file }}"
regexp: '^HTTPCACHE_ON=*'
line: 'HTTPCACHE_ON=True'
state: present
when: squid_install and squid_enabled
- name: Enable Squid systemd service ({{ proxy }}) if squid_enabled
- name: Enable Squid systemd service ({{ proxy }}) - if squid_install and squid_enabled
systemd:
name: "{{ proxy }}"
name: "{{ proxy }}" # squid (or squid3 on old OS's vars/debian-8.yml & vars/raspbian-8.yml)
enabled: yes
when: squid_install and squid_enabled
- name: Install /etc/{{ proxy }}/squid-iiab.conf from template, owned by {{ proxy_user }}:{{ proxy_user }}
- name: Install /etc/{{ proxy }}/squid-iiab.conf from template, owned by {{ proxy_user }}:{{ proxy_user }} (0644 by default) - if squid_install and squid_enabled
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "{{ item.mode }}"
with_items:
- src: squid/squid-iiab.conf.j2
dest: "/etc/{{ proxy }}/squid-iiab.conf"
owner: "{{ proxy_user }}"
group: "{{ proxy_user }}"
mode: 0644
src: squid/squid-iiab.conf.j2
dest: "/etc/{{ proxy }}/squid-iiab.conf"
owner: "{{ proxy_user }}" # proxy (or "squid" on vars/centos-7.yml, vars/fedora-18.yml, vars/fedora-12.yml)
group: "{{ proxy_user }}"
# mode: 0644
when: squid_install and squid_enabled
- name: Point to Squid config file from startup file, if squid_enabled (debuntu)
- name: Point to Squid config file from startup file - if squid_install and squid_enabled
lineinfile:
regexp: '^CONFIG'
line: "CONFIG=/etc/{{ proxy }}/squid-iiab.conf"
path: "/etc/init.d/{{ proxy }}"
when: squid_install and squid_enabled and is_debuntu
when: squid_install and squid_enabled
- name: Disable Squid service, if not squid_enabled
- name: Disable Squid service, if not squid_enabled - if (squid_install or squid_installed is defined) and not squid_enabled
systemd:
name: "{{ proxy }}"
enabled: no
@ -181,7 +181,6 @@
path: "{{ iiab_env_file }}"
regexp: '^HTTPCACHE_ON=*'
line: 'HTTPCACHE_ON=False'
state: present
when: squid_install and not squid_enabled
# - name: Enable Wondershaper service, if wondershaper_enabled
@ -219,7 +218,7 @@
- name: Add 'squid' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}"
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: squid
option: "{{ item.option }}"
value: "{{ item.value | string }}"

View file

@ -10,7 +10,7 @@
.translate.google.com
.gstatic.com
.unleashkids.org
.iiab.io.org
.iiab.io
.hopeforhaitischildren.org
.lenouvelliste.com
.voanouvel.com

View file

@ -123,8 +123,6 @@ wifi_up_down: True # Creates a 2nd virtual WiFi adapter for upstream WiFi
# Set True if client machines should have "passthrough" access to WAN/Internet:
iiab_gateway_enabled: False
gw_squid_whitelist: False
gw_block_https: False
# Gateway mode
iiab_lan_enabled: True
@ -257,9 +255,13 @@ nginx_log_dir: /var/log/nginx
# DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above.
# LESS MAINTAINED as of July 2021
# Proxy Cache and basic site blocking using /etc/squid/sites.whitelist.txt
# e.g. /opt/iiab/iiab/roles/network/templates/squid/sites.whitelist.txt
# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879
squid_install: False
squid_enabled: False
gw_squid_whitelist: False # Only HTTP sites can be blocked, not HTTPS sites
gw_block_https: False # SEE ABOVE: iiab_gateway_enabled
# UNMAINTAINED as of July 2021
# DansGuardian REQUIRES Squid (above) be installed & enabled.

View file

@ -147,6 +147,14 @@ pi_swap_file_size: 1024
# DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above.
# Proxy Cache and basic site blocking using /etc/squid/sites.whitelist.txt
# e.g. /opt/iiab/iiab/roles/network/templates/squid/sites.whitelist.txt
# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879
squid_install: False
squid_enabled: False
gw_squid_whitelist: False # Only HTTP sites can be blocked, not HTTPS sites
gw_block_https: False # SEE ABOVE: iiab_gateway_enabled
# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
bluetooth_install: True
bluetooth_enabled: False

View file

@ -147,6 +147,14 @@ pi_swap_file_size: 1024
# DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above.
# Proxy Cache and basic site blocking using /etc/squid/sites.whitelist.txt
# e.g. /opt/iiab/iiab/roles/network/templates/squid/sites.whitelist.txt
# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879
squid_install: False
squid_enabled: False
gw_squid_whitelist: False # Only HTTP sites can be blocked, not HTTPS sites
gw_block_https: False # SEE ABOVE: iiab_gateway_enabled
# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
bluetooth_install: True
bluetooth_enabled: False

View file

@ -147,6 +147,14 @@ pi_swap_file_size: 1024
# DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above.
# Proxy Cache and basic site blocking using /etc/squid/sites.whitelist.txt
# e.g. /opt/iiab/iiab/roles/network/templates/squid/sites.whitelist.txt
# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879
squid_install: False
squid_enabled: False
gw_squid_whitelist: False # Only HTTP sites can be blocked, not HTTPS sites
gw_block_https: False # SEE ABOVE: iiab_gateway_enabled
# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
bluetooth_install: True
bluetooth_enabled: False

View file

@ -147,6 +147,14 @@ pi_swap_file_size: 1024
# DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above.
# Proxy Cache and basic site blocking using /etc/squid/sites.whitelist.txt
# e.g. /opt/iiab/iiab/roles/network/templates/squid/sites.whitelist.txt
# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879
squid_install: False
squid_enabled: False
gw_squid_whitelist: False # Only HTTP sites can be blocked, not HTTPS sites
gw_block_https: False # SEE ABOVE: iiab_gateway_enabled
# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
bluetooth_install: False
bluetooth_enabled: False