diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index bc8a139e1..6c61af512 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -34,7 +34,7 @@ include_tasks: roles/network/tasks/dhcpd.yml when: dhcpd_install is defined and dhcpd_install -# LESS MAINTAINED +# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879 - name: Install Squid # (and DansGuardian if dansguardian_install) include_tasks: roles/network/tasks/squid.yml when: squid_install is defined and squid_install diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index 4151d8a13..8105688e2 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -134,43 +134,43 @@ # enabled: no # when: (dansguardian_install or dansguardian_installed is defined) and not dansguardian_enabled -- name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }}, if squid_enabled +- debug: + var: squid_install +- debug: + var: squid_enabled +- debug: + var: squid_installed + +- name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }} - if squid_install and squid_enabled lineinfile: path: "{{ iiab_env_file }}" regexp: '^HTTPCACHE_ON=*' line: 'HTTPCACHE_ON=True' - state: present when: squid_install and squid_enabled -- name: Enable Squid systemd service ({{ proxy }}) if squid_enabled +- name: Enable Squid systemd service ({{ proxy }}) - if squid_install and squid_enabled systemd: - name: "{{ proxy }}" + name: "{{ proxy }}" # squid (or squid3 on old OS's vars/debian-8.yml & vars/raspbian-8.yml) enabled: yes when: squid_install and squid_enabled -- name: Install /etc/{{ proxy }}/squid-iiab.conf from template, owned by {{ proxy_user }}:{{ proxy_user }} +- name: Install /etc/{{ proxy }}/squid-iiab.conf from template, owned by {{ proxy_user }}:{{ proxy_user }} (0644 by default) - if squid_install and squid_enabled template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: "{{ item.owner }}" - group: "{{ item.group }}" - mode: "{{ item.mode }}" - with_items: - - src: squid/squid-iiab.conf.j2 - dest: "/etc/{{ proxy }}/squid-iiab.conf" - owner: "{{ proxy_user }}" - group: "{{ proxy_user }}" - mode: 0644 + src: squid/squid-iiab.conf.j2 + dest: "/etc/{{ proxy }}/squid-iiab.conf" + owner: "{{ proxy_user }}" # proxy (or "squid" on vars/centos-7.yml, vars/fedora-18.yml, vars/fedora-12.yml) + group: "{{ proxy_user }}" + # mode: 0644 when: squid_install and squid_enabled -- name: Point to Squid config file from startup file, if squid_enabled (debuntu) +- name: Point to Squid config file from startup file - if squid_install and squid_enabled lineinfile: regexp: '^CONFIG' line: "CONFIG=/etc/{{ proxy }}/squid-iiab.conf" path: "/etc/init.d/{{ proxy }}" - when: squid_install and squid_enabled and is_debuntu + when: squid_install and squid_enabled -- name: Disable Squid service, if not squid_enabled +- name: Disable Squid service, if not squid_enabled - if (squid_install or squid_installed is defined) and not squid_enabled systemd: name: "{{ proxy }}" enabled: no @@ -181,7 +181,6 @@ path: "{{ iiab_env_file }}" regexp: '^HTTPCACHE_ON=*' line: 'HTTPCACHE_ON=False' - state: present when: squid_install and not squid_enabled # - name: Enable Wondershaper service, if wondershaper_enabled @@ -219,7 +218,7 @@ - name: Add 'squid' variable values to {{ iiab_ini_file }} ini_file: - path: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini section: squid option: "{{ item.option }}" value: "{{ item.value | string }}" diff --git a/roles/network/templates/squid/sites.whitelist.txt b/roles/network/templates/squid/sites.whitelist.txt index da2b29330..e03fc419d 100644 --- a/roles/network/templates/squid/sites.whitelist.txt +++ b/roles/network/templates/squid/sites.whitelist.txt @@ -10,7 +10,7 @@ .translate.google.com .gstatic.com .unleashkids.org -.iiab.io.org +.iiab.io .hopeforhaitischildren.org .lenouvelliste.com .voanouvel.com diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 68d203e13..d9ab19049 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -123,8 +123,6 @@ wifi_up_down: True # Creates a 2nd virtual WiFi adapter for upstream WiFi # Set True if client machines should have "passthrough" access to WAN/Internet: iiab_gateway_enabled: False -gw_squid_whitelist: False -gw_block_https: False # Gateway mode iiab_lan_enabled: True @@ -257,9 +255,13 @@ nginx_log_dir: /var/log/nginx # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. -# LESS MAINTAINED as of July 2021 +# Proxy Cache and basic site blocking using /etc/squid/sites.whitelist.txt +# e.g. /opt/iiab/iiab/roles/network/templates/squid/sites.whitelist.txt +# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879 squid_install: False squid_enabled: False +gw_squid_whitelist: False # Only HTTP sites can be blocked, not HTTPS sites +gw_block_https: False # SEE ABOVE: iiab_gateway_enabled # UNMAINTAINED as of July 2021 # DansGuardian REQUIRES Squid (above) be installed & enabled. diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index bec17fe2d..f626fcd7b 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -147,6 +147,14 @@ pi_swap_file_size: 1024 # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. +# Proxy Cache and basic site blocking using /etc/squid/sites.whitelist.txt +# e.g. /opt/iiab/iiab/roles/network/templates/squid/sites.whitelist.txt +# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879 +squid_install: False +squid_enabled: False +gw_squid_whitelist: False # Only HTTP sites can be blocked, not HTTPS sites +gw_block_https: False # SEE ABOVE: iiab_gateway_enabled + # Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS bluetooth_install: True bluetooth_enabled: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 8ba598c9a..3224e3b5b 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -147,6 +147,14 @@ pi_swap_file_size: 1024 # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. +# Proxy Cache and basic site blocking using /etc/squid/sites.whitelist.txt +# e.g. /opt/iiab/iiab/roles/network/templates/squid/sites.whitelist.txt +# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879 +squid_install: False +squid_enabled: False +gw_squid_whitelist: False # Only HTTP sites can be blocked, not HTTPS sites +gw_block_https: False # SEE ABOVE: iiab_gateway_enabled + # Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS bluetooth_install: True bluetooth_enabled: False diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 7e6df0985..b80eac23c 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -147,6 +147,14 @@ pi_swap_file_size: 1024 # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. +# Proxy Cache and basic site blocking using /etc/squid/sites.whitelist.txt +# e.g. /opt/iiab/iiab/roles/network/templates/squid/sites.whitelist.txt +# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879 +squid_install: False +squid_enabled: False +gw_squid_whitelist: False # Only HTTP sites can be blocked, not HTTPS sites +gw_block_https: False # SEE ABOVE: iiab_gateway_enabled + # Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS bluetooth_install: True bluetooth_enabled: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 87d04ebf6..cf74d9919 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -147,6 +147,14 @@ pi_swap_file_size: 1024 # DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above. +# Proxy Cache and basic site blocking using /etc/squid/sites.whitelist.txt +# e.g. /opt/iiab/iiab/roles/network/templates/squid/sites.whitelist.txt +# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879 +squid_install: False +squid_enabled: False +gw_squid_whitelist: False # Only HTTP sites can be blocked, not HTTPS sites +gw_block_https: False # SEE ABOVE: iiab_gateway_enabled + # Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS bluetooth_install: False bluetooth_enabled: False