mirror of
https://github.com/iiab/iiab.git
synced 2025-03-09 15:40:17 +00:00
Squid clarifs in local_vars.yml, enable_services.yml etc
This commit is contained in:
parent
dfd1ff8b1b
commit
7c6494b31a
8 changed files with 59 additions and 26 deletions
|
@ -34,7 +34,7 @@
|
||||||
include_tasks: roles/network/tasks/dhcpd.yml
|
include_tasks: roles/network/tasks/dhcpd.yml
|
||||||
when: dhcpd_install is defined and dhcpd_install
|
when: dhcpd_install is defined and dhcpd_install
|
||||||
|
|
||||||
# LESS MAINTAINED
|
# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879
|
||||||
- name: Install Squid # (and DansGuardian if dansguardian_install)
|
- name: Install Squid # (and DansGuardian if dansguardian_install)
|
||||||
include_tasks: roles/network/tasks/squid.yml
|
include_tasks: roles/network/tasks/squid.yml
|
||||||
when: squid_install is defined and squid_install
|
when: squid_install is defined and squid_install
|
||||||
|
|
|
@ -134,43 +134,43 @@
|
||||||
# enabled: no
|
# enabled: no
|
||||||
# when: (dansguardian_install or dansguardian_installed is defined) and not dansguardian_enabled
|
# when: (dansguardian_install or dansguardian_installed is defined) and not dansguardian_enabled
|
||||||
|
|
||||||
- name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }}, if squid_enabled
|
- debug:
|
||||||
|
var: squid_install
|
||||||
|
- debug:
|
||||||
|
var: squid_enabled
|
||||||
|
- debug:
|
||||||
|
var: squid_installed
|
||||||
|
|
||||||
|
- name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }} - if squid_install and squid_enabled
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: "{{ iiab_env_file }}"
|
path: "{{ iiab_env_file }}"
|
||||||
regexp: '^HTTPCACHE_ON=*'
|
regexp: '^HTTPCACHE_ON=*'
|
||||||
line: 'HTTPCACHE_ON=True'
|
line: 'HTTPCACHE_ON=True'
|
||||||
state: present
|
|
||||||
when: squid_install and squid_enabled
|
when: squid_install and squid_enabled
|
||||||
|
|
||||||
- name: Enable Squid systemd service ({{ proxy }}) if squid_enabled
|
- name: Enable Squid systemd service ({{ proxy }}) - if squid_install and squid_enabled
|
||||||
systemd:
|
systemd:
|
||||||
name: "{{ proxy }}"
|
name: "{{ proxy }}" # squid (or squid3 on old OS's vars/debian-8.yml & vars/raspbian-8.yml)
|
||||||
enabled: yes
|
enabled: yes
|
||||||
when: squid_install and squid_enabled
|
when: squid_install and squid_enabled
|
||||||
|
|
||||||
- name: Install /etc/{{ proxy }}/squid-iiab.conf from template, owned by {{ proxy_user }}:{{ proxy_user }}
|
- name: Install /etc/{{ proxy }}/squid-iiab.conf from template, owned by {{ proxy_user }}:{{ proxy_user }} (0644 by default) - if squid_install and squid_enabled
|
||||||
template:
|
template:
|
||||||
src: "{{ item.src }}"
|
src: squid/squid-iiab.conf.j2
|
||||||
dest: "{{ item.dest }}"
|
dest: "/etc/{{ proxy }}/squid-iiab.conf"
|
||||||
owner: "{{ item.owner }}"
|
owner: "{{ proxy_user }}" # proxy (or "squid" on vars/centos-7.yml, vars/fedora-18.yml, vars/fedora-12.yml)
|
||||||
group: "{{ item.group }}"
|
group: "{{ proxy_user }}"
|
||||||
mode: "{{ item.mode }}"
|
# mode: 0644
|
||||||
with_items:
|
|
||||||
- src: squid/squid-iiab.conf.j2
|
|
||||||
dest: "/etc/{{ proxy }}/squid-iiab.conf"
|
|
||||||
owner: "{{ proxy_user }}"
|
|
||||||
group: "{{ proxy_user }}"
|
|
||||||
mode: 0644
|
|
||||||
when: squid_install and squid_enabled
|
when: squid_install and squid_enabled
|
||||||
|
|
||||||
- name: Point to Squid config file from startup file, if squid_enabled (debuntu)
|
- name: Point to Squid config file from startup file - if squid_install and squid_enabled
|
||||||
lineinfile:
|
lineinfile:
|
||||||
regexp: '^CONFIG'
|
regexp: '^CONFIG'
|
||||||
line: "CONFIG=/etc/{{ proxy }}/squid-iiab.conf"
|
line: "CONFIG=/etc/{{ proxy }}/squid-iiab.conf"
|
||||||
path: "/etc/init.d/{{ proxy }}"
|
path: "/etc/init.d/{{ proxy }}"
|
||||||
when: squid_install and squid_enabled and is_debuntu
|
when: squid_install and squid_enabled
|
||||||
|
|
||||||
- name: Disable Squid service, if not squid_enabled
|
- name: Disable Squid service, if not squid_enabled - if (squid_install or squid_installed is defined) and not squid_enabled
|
||||||
systemd:
|
systemd:
|
||||||
name: "{{ proxy }}"
|
name: "{{ proxy }}"
|
||||||
enabled: no
|
enabled: no
|
||||||
|
@ -181,7 +181,6 @@
|
||||||
path: "{{ iiab_env_file }}"
|
path: "{{ iiab_env_file }}"
|
||||||
regexp: '^HTTPCACHE_ON=*'
|
regexp: '^HTTPCACHE_ON=*'
|
||||||
line: 'HTTPCACHE_ON=False'
|
line: 'HTTPCACHE_ON=False'
|
||||||
state: present
|
|
||||||
when: squid_install and not squid_enabled
|
when: squid_install and not squid_enabled
|
||||||
|
|
||||||
# - name: Enable Wondershaper service, if wondershaper_enabled
|
# - name: Enable Wondershaper service, if wondershaper_enabled
|
||||||
|
@ -219,7 +218,7 @@
|
||||||
|
|
||||||
- name: Add 'squid' variable values to {{ iiab_ini_file }}
|
- name: Add 'squid' variable values to {{ iiab_ini_file }}
|
||||||
ini_file:
|
ini_file:
|
||||||
path: "{{ iiab_ini_file }}"
|
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
|
||||||
section: squid
|
section: squid
|
||||||
option: "{{ item.option }}"
|
option: "{{ item.option }}"
|
||||||
value: "{{ item.value | string }}"
|
value: "{{ item.value | string }}"
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
.translate.google.com
|
.translate.google.com
|
||||||
.gstatic.com
|
.gstatic.com
|
||||||
.unleashkids.org
|
.unleashkids.org
|
||||||
.iiab.io.org
|
.iiab.io
|
||||||
.hopeforhaitischildren.org
|
.hopeforhaitischildren.org
|
||||||
.lenouvelliste.com
|
.lenouvelliste.com
|
||||||
.voanouvel.com
|
.voanouvel.com
|
||||||
|
|
|
@ -123,8 +123,6 @@ wifi_up_down: True # Creates a 2nd virtual WiFi adapter for upstream WiFi
|
||||||
|
|
||||||
# Set True if client machines should have "passthrough" access to WAN/Internet:
|
# Set True if client machines should have "passthrough" access to WAN/Internet:
|
||||||
iiab_gateway_enabled: False
|
iiab_gateway_enabled: False
|
||||||
gw_squid_whitelist: False
|
|
||||||
gw_block_https: False
|
|
||||||
|
|
||||||
# Gateway mode
|
# Gateway mode
|
||||||
iiab_lan_enabled: True
|
iiab_lan_enabled: True
|
||||||
|
@ -257,9 +255,13 @@ nginx_log_dir: /var/log/nginx
|
||||||
|
|
||||||
# DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above.
|
# DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above.
|
||||||
|
|
||||||
# LESS MAINTAINED as of July 2021
|
# Proxy Cache and basic site blocking using /etc/squid/sites.whitelist.txt
|
||||||
|
# e.g. /opt/iiab/iiab/roles/network/templates/squid/sites.whitelist.txt
|
||||||
|
# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879
|
||||||
squid_install: False
|
squid_install: False
|
||||||
squid_enabled: False
|
squid_enabled: False
|
||||||
|
gw_squid_whitelist: False # Only HTTP sites can be blocked, not HTTPS sites
|
||||||
|
gw_block_https: False # SEE ABOVE: iiab_gateway_enabled
|
||||||
|
|
||||||
# UNMAINTAINED as of July 2021
|
# UNMAINTAINED as of July 2021
|
||||||
# DansGuardian REQUIRES Squid (above) be installed & enabled.
|
# DansGuardian REQUIRES Squid (above) be installed & enabled.
|
||||||
|
|
|
@ -147,6 +147,14 @@ pi_swap_file_size: 1024
|
||||||
|
|
||||||
# DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above.
|
# DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above.
|
||||||
|
|
||||||
|
# Proxy Cache and basic site blocking using /etc/squid/sites.whitelist.txt
|
||||||
|
# e.g. /opt/iiab/iiab/roles/network/templates/squid/sites.whitelist.txt
|
||||||
|
# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879
|
||||||
|
squid_install: False
|
||||||
|
squid_enabled: False
|
||||||
|
gw_squid_whitelist: False # Only HTTP sites can be blocked, not HTTPS sites
|
||||||
|
gw_block_https: False # SEE ABOVE: iiab_gateway_enabled
|
||||||
|
|
||||||
# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
|
# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
|
||||||
bluetooth_install: True
|
bluetooth_install: True
|
||||||
bluetooth_enabled: False
|
bluetooth_enabled: False
|
||||||
|
|
|
@ -147,6 +147,14 @@ pi_swap_file_size: 1024
|
||||||
|
|
||||||
# DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above.
|
# DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above.
|
||||||
|
|
||||||
|
# Proxy Cache and basic site blocking using /etc/squid/sites.whitelist.txt
|
||||||
|
# e.g. /opt/iiab/iiab/roles/network/templates/squid/sites.whitelist.txt
|
||||||
|
# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879
|
||||||
|
squid_install: False
|
||||||
|
squid_enabled: False
|
||||||
|
gw_squid_whitelist: False # Only HTTP sites can be blocked, not HTTPS sites
|
||||||
|
gw_block_https: False # SEE ABOVE: iiab_gateway_enabled
|
||||||
|
|
||||||
# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
|
# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
|
||||||
bluetooth_install: True
|
bluetooth_install: True
|
||||||
bluetooth_enabled: False
|
bluetooth_enabled: False
|
||||||
|
|
|
@ -147,6 +147,14 @@ pi_swap_file_size: 1024
|
||||||
|
|
||||||
# DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above.
|
# DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above.
|
||||||
|
|
||||||
|
# Proxy Cache and basic site blocking using /etc/squid/sites.whitelist.txt
|
||||||
|
# e.g. /opt/iiab/iiab/roles/network/templates/squid/sites.whitelist.txt
|
||||||
|
# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879
|
||||||
|
squid_install: False
|
||||||
|
squid_enabled: False
|
||||||
|
gw_squid_whitelist: False # Only HTTP sites can be blocked, not HTTPS sites
|
||||||
|
gw_block_https: False # SEE ABOVE: iiab_gateway_enabled
|
||||||
|
|
||||||
# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
|
# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
|
||||||
bluetooth_install: True
|
bluetooth_install: True
|
||||||
bluetooth_enabled: False
|
bluetooth_enabled: False
|
||||||
|
|
|
@ -147,6 +147,14 @@ pi_swap_file_size: 1024
|
||||||
|
|
||||||
# DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above.
|
# DNS prep (named &/or dhcpd) used to run here. See dnsmasq in 1-PREP above.
|
||||||
|
|
||||||
|
# Proxy Cache and basic site blocking using /etc/squid/sites.whitelist.txt
|
||||||
|
# e.g. /opt/iiab/iiab/roles/network/templates/squid/sites.whitelist.txt
|
||||||
|
# LESS MAINTAINED as of July 2019: https://github.com/iiab/iiab/issues/1879
|
||||||
|
squid_install: False
|
||||||
|
squid_enabled: False
|
||||||
|
gw_squid_whitelist: False # Only HTTP sites can be blocked, not HTTPS sites
|
||||||
|
gw_block_https: False # SEE ABOVE: iiab_gateway_enabled
|
||||||
|
|
||||||
# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
|
# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS
|
||||||
bluetooth_install: False
|
bluetooth_install: False
|
||||||
bluetooth_enabled: False
|
bluetooth_enabled: False
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue