Squid clarifs in local_vars.yml, enable_services.yml etc

roles/4-server-options/tasks/main.yml

@@ -34,7 +34,7 @@
   include_tasks: roles/network/tasks/dhcpd.yml
   when: dhcpd_install is defined and dhcpd_install
 
-# LESS MAINTAINED
+# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879
 - name: Install Squid    # (and DansGuardian if dansguardian_install)
   include_tasks: roles/network/tasks/squid.yml
   when: squid_install is defined and squid_install

roles/network/tasks/enable_services.yml

@@ -134,43 +134,43 @@
 #     enabled: no
 #   when: (dansguardian_install or dansguardian_installed is defined) and not dansguardian_enabled
 
-- name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }}, if squid_enabled
+- debug:
+    var: squid_install
+- debug:
+    var: squid_enabled
+- debug:
+    var: squid_installed
+
+- name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }} - if squid_install and squid_enabled
   lineinfile:
     path: "{{ iiab_env_file }}"
     regexp: '^HTTPCACHE_ON=*'
     line: 'HTTPCACHE_ON=True'
-    state: present
   when: squid_install and squid_enabled
 
-- name: Enable Squid systemd service ({{ proxy }}) if squid_enabled
+- name: Enable Squid systemd service ({{ proxy }}) - if squid_install and squid_enabled
   systemd:
-    name: "{{ proxy }}"
+    name: "{{ proxy }}"    # squid (or squid3 on old OS's vars/debian-8.yml & vars/raspbian-8.yml)
     enabled: yes
   when: squid_install and squid_enabled
 
-- name: Install /etc/{{ proxy }}/squid-iiab.conf from template, owned by {{ proxy_user }}:{{ proxy_user }}
+- name: Install /etc/{{ proxy }}/squid-iiab.conf from template, owned by {{ proxy_user }}:{{ proxy_user }} (0644 by default) - if squid_install and squid_enabled
   template:
-    src: "{{ item.src }}"
+    src: squid/squid-iiab.conf.j2
-    dest: "{{ item.dest }}"
+    dest: "/etc/{{ proxy }}/squid-iiab.conf"
-    owner: "{{ item.owner }}"
+    owner: "{{ proxy_user }}"    # proxy (or "squid" on vars/centos-7.yml, vars/fedora-18.yml, vars/fedora-12.yml)
-    group: "{{ item.group }}"
+    group: "{{ proxy_user }}"
-    mode: "{{ item.mode }}"
+    # mode: 0644
-  with_items:
-    - src: squid/squid-iiab.conf.j2
-      dest: "/etc/{{ proxy }}/squid-iiab.conf"
-      owner: "{{ proxy_user }}"
-      group: "{{ proxy_user }}"
-      mode: 0644
   when: squid_install and squid_enabled
 
-- name: Point to Squid config file from startup file, if squid_enabled (debuntu)
+- name: Point to Squid config file from startup file - if squid_install and squid_enabled
   lineinfile:
     regexp: '^CONFIG'
     line: "CONFIG=/etc/{{ proxy }}/squid-iiab.conf"
     path: "/etc/init.d/{{ proxy }}"
-  when: squid_install and squid_enabled and is_debuntu
+  when: squid_install and squid_enabled
 
-- name: Disable Squid service, if not squid_enabled
+- name: Disable Squid service, if not squid_enabled - if (squid_install or squid_installed is defined) and not squid_enabled
   systemd:
     name: "{{ proxy }}"
     enabled: no
@@ -181,7 +181,6 @@
     path: "{{ iiab_env_file }}"
     regexp: '^HTTPCACHE_ON=*'
     line: 'HTTPCACHE_ON=False'
-    state: present
   when: squid_install and not squid_enabled
 
 # - name: Enable Wondershaper service, if wondershaper_enabled
@@ -219,7 +218,7 @@
 
 - name: Add 'squid' variable values to {{ iiab_ini_file }}
   ini_file:
-    path: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
     section: squid
     option: "{{ item.option }}"
     value: "{{ item.value | string }}"

roles/network/templates/squid/sites.whitelist.txt

@@ -10,7 +10,7 @@
 .translate.google.com
 .gstatic.com
 .unleashkids.org
-.iiab.io.org
+.iiab.io
 .hopeforhaitischildren.org
 .lenouvelliste.com
 .voanouvel.com

vars/default_vars.yml

@@ -123,8 +123,6 @@ wifi_up_down: True    # Creates a 2nd virtual WiFi adapter for upstream WiFi
 
 # Set True if client machines should have "passthrough" access to WAN/Internet:
 iiab_gateway_enabled: False
-gw_squid_whitelist: False
-gw_block_https: False
 
 # Gateway mode
 iiab_lan_enabled: True
@@ -257,9 +255,13 @@ nginx_log_dir: /var/log/nginx
 
 # DNS prep (named &/or dhcpd) used to run here.  See dnsmasq in 1-PREP above.
 
-# LESS MAINTAINED as of July 2021
+# Proxy Cache and basic site blocking using /etc/squid/sites.whitelist.txt
+# e.g. /opt/iiab/iiab/roles/network/templates/squid/sites.whitelist.txt
+# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879
 squid_install: False
 squid_enabled: False
+gw_squid_whitelist: False    # Only HTTP sites can be blocked, not HTTPS sites
+gw_block_https: False        # SEE ABOVE: iiab_gateway_enabled
 
 # UNMAINTAINED as of July 2021
 # DansGuardian REQUIRES Squid (above) be installed & enabled.

vars/local_vars_big.yml

@@ -147,6 +147,14 @@ pi_swap_file_size: 1024
 
 # DNS prep (named &/or dhcpd) used to run here.  See dnsmasq in 1-PREP above.
 
+# Proxy Cache and basic site blocking using /etc/squid/sites.whitelist.txt
+# e.g. /opt/iiab/iiab/roles/network/templates/squid/sites.whitelist.txt
+# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879
+squid_install: False
+squid_enabled: False
+gw_squid_whitelist: False    # Only HTTP sites can be blocked, not HTTPS sites
+gw_block_https: False        # SEE ABOVE: iiab_gateway_enabled
+
 # Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
 bluetooth_install: True
 bluetooth_enabled: False

vars/local_vars_medium.yml

@@ -147,6 +147,14 @@ pi_swap_file_size: 1024
 
 # DNS prep (named &/or dhcpd) used to run here.  See dnsmasq in 1-PREP above.
 
+# Proxy Cache and basic site blocking using /etc/squid/sites.whitelist.txt
+# e.g. /opt/iiab/iiab/roles/network/templates/squid/sites.whitelist.txt
+# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879
+squid_install: False
+squid_enabled: False
+gw_squid_whitelist: False    # Only HTTP sites can be blocked, not HTTPS sites
+gw_block_https: False        # SEE ABOVE: iiab_gateway_enabled
+
 # Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
 bluetooth_install: True
 bluetooth_enabled: False

vars/local_vars_min.yml

@@ -147,6 +147,14 @@ pi_swap_file_size: 1024
 
 # DNS prep (named &/or dhcpd) used to run here.  See dnsmasq in 1-PREP above.
 
+# Proxy Cache and basic site blocking using /etc/squid/sites.whitelist.txt
+# e.g. /opt/iiab/iiab/roles/network/templates/squid/sites.whitelist.txt
+# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879
+squid_install: False
+squid_enabled: False
+gw_squid_whitelist: False    # Only HTTP sites can be blocked, not HTTPS sites
+gw_block_https: False        # SEE ABOVE: iiab_gateway_enabled
+
 # Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
 bluetooth_install: True
 bluetooth_enabled: False

vars/local_vars_unittest.yml

@@ -147,6 +147,14 @@ pi_swap_file_size: 1024
 
 # DNS prep (named &/or dhcpd) used to run here.  See dnsmasq in 1-PREP above.
 
+# Proxy Cache and basic site blocking using /etc/squid/sites.whitelist.txt
+# e.g. /opt/iiab/iiab/roles/network/templates/squid/sites.whitelist.txt
+# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879
+squid_install: False
+squid_enabled: False
+gw_squid_whitelist: False    # Only HTTP sites can be blocked, not HTTPS sites
+gw_block_https: False        # SEE ABOVE: iiab_gateway_enabled
+
 # Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
 bluetooth_install: False
 bluetooth_enabled: False