squid: add whitelist entries

2017-04-04 11:52:08 +02:00 · 2017-04-04 11:52:08 +02:00 · 04314d719c
parent acc3f90bae
commit 04314d719c
4 changed files with 16 additions and 0 deletions
--- a/squid/README.md
+++ b/squid/README.md
@ -11,6 +11,7 @@ A blank file is created at `/etc/squid3/whitelist-custom.conf` to add addresses
 ## Available variables

 * `squid_address` : IP address for internal/outgoing traffic (default: Ansible detected IPv4 address) ;
+* `squid_whitelist_items` : list of URL to add to the whitelist (default: `[]`) ;
 * `general_alert_email`: email address to send various alert messages (default: `root@localhost`).
 * `log2mail_alert_email`: email address to send Log2mail messages to (default: `general_alert_email`).

--- a/squid/defaults/main.yml
+++ b/squid/defaults/main.yml
@ -3,3 +3,4 @@ general_alert_email: "root@localhost"
 log2mail_alert_email: Null

 squid_address: "{{ ansible_default_ipv4.address }}"
+squid_whitelist_items: []
--- a/squid/handlers/main.yml
+++ b/squid/handlers/main.yml
@ -14,6 +14,11 @@
    name: squid3
    state: restarted

+- name: reload squid3
+  service:
+    name: squid3
+    state: reloaded
+
 - name: restart log2mail
  service:
    name: log2mail
--- a/squid/tasks/main.yml
+++ b/squid/tasks/main.yml
@ -29,6 +29,15 @@
    force: no
  notify: "restart {{ squid_daemon }}"

+- name: add some URL in whitelist
+  lineinfile:
+    insertafter: EOF
+    dest: "{{ squid_conf_path }}/whitelist-custom.conf"
+    line: "{{ item }}"
+    state: present
+  with_items: '{{ squid_whitelist_items }}'
+  notify: reload squid
+
 - include: logrotate.yml

 - include: minifirewall.yml