7c632352a0
The behaviour of the `include` module is badly defined (it try to choose between statically importing the tasks and dynamically including them) and can cause problems depending on any number of constraints (mostly if it choose the wrong behaviour). Replace it with the `import_tasks` (always statically import tasks) unless the `include` is in a loop in which case we replace it with `include_tasks` (always dynamically include tasks).
167 lines
4.6 KiB
YAML
167 lines
4.6 KiB
YAML
---
|
|
|
|
- fail:
|
|
msg: only compatible with Debian >= 8
|
|
when:
|
|
- ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<')
|
|
|
|
- name: "Set squid name (jessie)"
|
|
set_fact:
|
|
squid_daemon_name: squid3
|
|
when: ansible_distribution_release == "jessie"
|
|
|
|
- name: "Set squid name (Debian 9 or later)"
|
|
set_fact:
|
|
squid_daemon_name: squid
|
|
when: ansible_distribution_major_version is version('9', '>=')
|
|
|
|
- name: "Install Squid packages"
|
|
apt:
|
|
name:
|
|
- "{{ squid_daemon_name }}"
|
|
- squidclient
|
|
state: present
|
|
|
|
- name: Fetch packages
|
|
package_facts:
|
|
manager: auto
|
|
|
|
- debug:
|
|
var: ansible_facts.packages[squid_daemon_name]
|
|
|
|
- name: "Set alternative config file (Debian 9 or later)"
|
|
copy:
|
|
src: default_squid
|
|
dest: /etc/default/squid
|
|
when: ansible_distribution_major_version is version('9', '>=')
|
|
|
|
- name: "squid.conf is present (jessie)"
|
|
template:
|
|
src: squid.conf.j2
|
|
dest: /etc/squid3/squid.conf
|
|
notify: "restart squid3"
|
|
when: ansible_distribution_release == "jessie"
|
|
|
|
- name: "evolix whitelist is present (jessie)"
|
|
copy:
|
|
src: whitelist-evolinux.conf
|
|
dest: /etc/squid3/whitelist.conf
|
|
force: no
|
|
notify: "reload squid3"
|
|
when: ansible_distribution_release == "jessie"
|
|
|
|
- name: "evolinux defaults squid file (Debian 9 or later)"
|
|
copy:
|
|
src: evolinux-defaults.conf
|
|
dest: /etc/squid/evolinux-defaults.conf
|
|
notify: "restart squid"
|
|
when: ansible_distribution_major_version is version('9', '>=')
|
|
|
|
- name: "evolinux defaults whitelist (Debian 9 or later)"
|
|
copy:
|
|
src: evolinux-whitelist-defaults.conf
|
|
dest: /etc/squid/evolinux-whitelist-defaults.conf
|
|
notify: "reload squid"
|
|
when: ansible_distribution_major_version is version('9', '>=')
|
|
|
|
- name: "evolinux custom whitelist (Debian 9 or later)"
|
|
copy:
|
|
dest: /etc/squid/evolinux-whitelist-custom.conf
|
|
content: |
|
|
# Put customized values here.
|
|
force: no
|
|
when: ansible_distribution_major_version is version('9', '>=')
|
|
|
|
- name: "evolinux acl for local proxy (Debian 9 or later)"
|
|
template:
|
|
src: evolinux-acl.conf.j2
|
|
dest: /etc/squid/evolinux-acl.conf
|
|
force: no
|
|
notify: "reload squid"
|
|
when:
|
|
- squid_localproxy_enable | bool
|
|
- ansible_distribution_major_version is version('9', '>=')
|
|
|
|
- name: "evolinux custom acl (Debian 9 or later)"
|
|
copy:
|
|
dest: /etc/squid/evolinux-acl.conf
|
|
content: |
|
|
# Put customized values here.
|
|
force: no
|
|
when:
|
|
- not (squid_localproxy_enable | bool)
|
|
- ansible_distribution_major_version is version('9', '>=')
|
|
|
|
- name: "evolinux http_access for local proxy (Debian 9 or later)"
|
|
copy:
|
|
src: evolinux-httpaccess.conf
|
|
dest: /etc/squid/evolinux-httpaccess.conf
|
|
force: no
|
|
notify: "reload squid"
|
|
when:
|
|
- squid_localproxy_enable | bool
|
|
- ansible_distribution_major_version is version('9', '>=')
|
|
|
|
- name: "evolinux custom http_access (Debian 9 or later)"
|
|
copy:
|
|
dest: /etc/squid/evolinux-httpaccess.conf
|
|
content: |
|
|
# Put customized values here.
|
|
force: no
|
|
when:
|
|
- not (squid_localproxy_enable | bool)
|
|
- ansible_distribution_major_version is version('9', '>=')
|
|
|
|
- name: "evolinux overrides for local proxy (Debian 9 or later)"
|
|
template:
|
|
src: evolinux-custom.conf.j2
|
|
dest: /etc/squid/evolinux-custom.conf
|
|
force: no
|
|
notify: "reload squid"
|
|
when:
|
|
- squid_localproxy_enable | bool
|
|
- ansible_distribution_major_version is version('9', '>=')
|
|
|
|
- name: "evolinux custom overrides (Debian 9 or later)"
|
|
copy:
|
|
dest: /etc/squid/evolinux-custom.conf
|
|
content: |
|
|
# Put customized values here.
|
|
force: no
|
|
when:
|
|
- not (squid_localproxy_enable | bool)
|
|
- ansible_distribution_major_version is version('9', '>=')
|
|
|
|
- name: add some URL in whitelist (Debian 8)
|
|
lineinfile:
|
|
insertafter: EOF
|
|
dest: /etc/squid3/whitelist.conf
|
|
line: "{{ item }}"
|
|
state: present
|
|
loop: '{{ squid_whitelist_items }}'
|
|
notify: "reload squid3"
|
|
when: ansible_distribution_major_version == '8'
|
|
|
|
- name: add some URL in whitelist (Debian 9 or later)
|
|
lineinfile:
|
|
insertafter: EOF
|
|
dest: /etc/squid/evolinux-whitelist-custom.conf
|
|
line: "{{ item }}"
|
|
state: present
|
|
loop: '{{ squid_whitelist_items }}'
|
|
notify: "reload squid"
|
|
when: ansible_distribution_major_version is version('9', '>=')
|
|
|
|
- import_tasks: systemd.yml
|
|
when: ansible_distribution_major_version is version('10', '>=')
|
|
|
|
- import_tasks: logrotate_jessie.yml
|
|
when: ansible_distribution_release == "jessie"
|
|
|
|
- import_tasks: logrotate_stretch.yml
|
|
when: ansible_distribution_major_version is version('9', '>=')
|
|
|
|
- import_tasks: minifirewall.yml
|
|
|
|
- import_tasks: log2mail.yml
|