network/tasks/squid.yml: Contextualize /etc/squid/squid.conf, allowlists + Stop svc during install

2025-02-13 03:32:12 +00:00 · 2021-08-24 09:10:54 -04:00 · 2021-08-24 09:10:54 -04:00 · 87ec19cafe
commit 87ec19cafe
parent cb337418b3
1 changed files with 3 additions and 3 deletions
--- a/roles/network/tasks/squid.yml
+++ b/roles/network/tasks/squid.yml
@ -1,4 +1,4 @@
- name: "Install package: {{ proxy }}"
+- name: "Install package {{ proxy }} -- IIAB will later overwrite its /etc/squid/squid.conf"
  package:
    name: "{{ proxy }}"    # squid (or 'squid3' on vars/debian-8.yml, vars/raspbian-8.yml)
      # - cadaver
@ -12,7 +12,7 @@
  systemd:
    name: "{{ proxy }}"
    state: stopped
-  when: squid_installed is undefined
+  # when: squid_installed is undefined

 # 2021-08-17: This stanza is gratuitous on most distros, where the user 'proxy'
 # or 'squid' is preinstalled (typically with UID and GID 13 in /etc/passwd) but
@ -44,7 +44,7 @@
    group: "{{ proxy_user }}"
    mode: 0750

- name: Install site allowlists/whitelists /etc/{{ proxy }}/allow_dst_domains, /etc/{{ proxy }}/allow_url_regexs from template (root:root, 0644 by default)
+- name: "Install site allowlists /etc/{{ proxy }}/allow_dst_domains, /etc/{{ proxy }}/allow_url_regexs from template (root:root, 0644 by default) -- activated for HTTP/80 if you set 'gw_squid_whitelist: True' in /etc/iiab/local_vars.yml -- SEE https://wiki.squid-cache.org/SquidFaq/SquidAcl"
  template:
    src: "{{ item }}"
    dest: /etc/{{ proxy }}/