- name: ensure squid is installed
  package:
    name=squid
    state=present
  tags:
  - install

- name: ensure squid cache dir exists
  file:
    path: '{{ item.split()[1] }}'
    owner: squid
    group: squid
    mode: u=rwx,g=rx,o=
    setype: squid_cache_t
    state: directory
  loop: '{{ squid_cache_dir|d([]) }}'
  notify:
  - initialize squid cache directories

- name: ensure squid is configured
  template:
    src=squid.conf.j2
    dest=/etc/squid/squid.conf
    mode=0640
    owner=root
    group=squid
    setype=squid_conf_t
  notify:
  - initialize squid cache directories
  - reload squid

- name: ensure squid systemd unit drop-in directory exists
  file:
    path: /etc/systemd/system/squid.service.d
    owner: root
    group: root
    mode: u=rwx,go=rx
    state: directory
  tags:
  - systemd
- name: ensure squid private tmp is configured
  copy:
    src: private-tmp.conf
    dest: /etc/systemd/system/squid.service.d/private-tmp.conf
    owner: root
    group: root
    mode: u=rw,go=r
  notify:
  - reload systemd
  tags:
  - systemd

- meta: flush_handlers
- name: ensure squid service starts at boot
  service:
    name=squid
    enabled=yes
- name: ensure squid is running
  service:
    name=squid
    state=started

- name: ensure proxy is allowed through firewall
  firewalld:
    port=3128/tcp
    permanent=no
    immediate=yes
    state=enabled
  notify: save firewalld configuration
  when: host_uses_firewalld|d(true)
  tags:
  - firewall