diff --git a/host_vars/gw1.pyrocufflink.blue/squid.yml b/host_vars/gw1.pyrocufflink.blue/squid.yml
index 235fd67..05cf9ee 100644
--- a/host_vars/gw1.pyrocufflink.blue/squid.yml
+++ b/host_vars/gw1.pyrocufflink.blue/squid.yml
@@ -5,6 +5,8 @@ squid_acl:
     - 'src 192.168.0.0/16		# RFC 1918 local private network (LAN)'
     - 'src fc00::/7       	# RFC 4193 local private network range'
     - 'src fe80::/10      	# RFC 4291 link-local (directly plugged) machines'
+  trusted:
+  - src 172.30.0.0/26
   SSL_ports:
   - port 443
   Safe_ports:
@@ -12,6 +14,8 @@ squid_acl:
   - 'port 443		# https'
   CONNECT:
   - method CONNECT
+  kickstart:
+  - url_regex rosalina.pyrocufflink.blue/~dustin/kickstart/.*\.ks$
   fcos_updates:
   - dstdomain updates.coreos.fedoraproject.org
   - dstdomain ostree.fedoraproject.org
@@ -34,6 +38,14 @@ squid_http_access:
 - allow localnet fedora_repo
 - allow localnet grafana_rpm
 - allow google_fonts
+- allow trusted kickstart
 - deny all
 
-squid_cache_dir: []
+squid_cache_dir:
+- ufs /var/cache/squid 20480 16 256
+
+squid_refresh_pattern:
+- \.{{ ansible_domain|replace('.', '\.') }} 0 0% 0
+- repomd\.xml$ 0 0% 0
+- (vmlinuz|(initrd|squashfs|install)\.img)$ 480 20% 10080
+- \.rpm$ 86400 80% 2592000