From 6359a140acdb5a876cd955d113b0273e9d7311e4 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sat, 12 Jul 2025 16:12:59 -0500
Subject: [PATCH] gw1/squid: Allow proxy access from kube network

Since we use the proxy when PXE booting to speed up Live OS image and
RPM package downloads, we need to allow machines using it to access the
kickstart files which are now hosted on the PXE server.  Virtual
machines on the Kubernetes network (_pyrocufflink.black_ also need
access to those kickstarts, so we need to mark that subnet as trusted.
---
 host_vars/gw1.pyrocufflink.blue/squid.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/host_vars/gw1.pyrocufflink.blue/squid.yml b/host_vars/gw1.pyrocufflink.blue/squid.yml
index 9e3ff35..f89594f 100644
--- a/host_vars/gw1.pyrocufflink.blue/squid.yml
+++ b/host_vars/gw1.pyrocufflink.blue/squid.yml
@@ -12,6 +12,7 @@ squid_acl:
     - 'src fe80::/10      	# RFC 4291 link-local (directly plugged) machines'
   trusted:
   - src 172.30.0.0/26
+  - src 172.30.0.160/27
   - src 172.30.0.211/32
   - src 172.30.0.214/32
   - src 172.31.1.0/24