From 04314d719c9841d9818eb3de242ad34473ad13ed Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Tue, 4 Apr 2017 11:52:08 +0200
Subject: [PATCH] squid: add whitelist entries

---
 squid/README.md         | 1 +
 squid/defaults/main.yml | 1 +
 squid/handlers/main.yml | 5 +++++
 squid/tasks/main.yml    | 9 +++++++++
 4 files changed, 16 insertions(+)

diff --git a/squid/README.md b/squid/README.md
index c286e604..d25e85c0 100644
--- a/squid/README.md
+++ b/squid/README.md
@@ -11,6 +11,7 @@ A blank file is created at `/etc/squid3/whitelist-custom.conf` to add addresses
 ## Available variables
 
 * `squid_address` : IP address for internal/outgoing traffic (default: Ansible detected IPv4 address) ;
+* `squid_whitelist_items` : list of URL to add to the whitelist (default: `[]`) ;
 * `general_alert_email`: email address to send various alert messages (default: `root@localhost`).
 * `log2mail_alert_email`: email address to send Log2mail messages to (default: `general_alert_email`).
 
diff --git a/squid/defaults/main.yml b/squid/defaults/main.yml
index 35b4a91f..8964de16 100644
--- a/squid/defaults/main.yml
+++ b/squid/defaults/main.yml
@@ -3,3 +3,4 @@ general_alert_email: "root@localhost"
 log2mail_alert_email: Null
 
 squid_address: "{{ ansible_default_ipv4.address }}"
+squid_whitelist_items: []
diff --git a/squid/handlers/main.yml b/squid/handlers/main.yml
index da5cf20f..fb902977 100644
--- a/squid/handlers/main.yml
+++ b/squid/handlers/main.yml
@@ -14,6 +14,11 @@
     name: squid3
     state: restarted
 
+- name: reload squid3
+  service:
+    name: squid3
+    state: reloaded
+
 - name: restart log2mail
   service:
     name: log2mail
diff --git a/squid/tasks/main.yml b/squid/tasks/main.yml
index 57ecf31b..2d42551f 100644
--- a/squid/tasks/main.yml
+++ b/squid/tasks/main.yml
@@ -29,6 +29,15 @@
     force: no
   notify: "restart {{ squid_daemon }}"
 
+- name: add some URL in whitelist
+  lineinfile:
+    insertafter: EOF
+    dest: "{{ squid_conf_path }}/whitelist-custom.conf"
+    line: "{{ item }}"
+    state: present
+  with_items: '{{ squid_whitelist_items }}'
+  notify: reload squid
+
 - include: logrotate.yml
 
 - include: minifirewall.yml