72 lines
1.4 KiB
YAML
72 lines
1.4 KiB
YAML
- name: ensure squid is installed
|
|
package:
|
|
name=squid
|
|
state=present
|
|
tags:
|
|
- install
|
|
|
|
- name: ensure squid cache dir exists
|
|
file:
|
|
path: '{{ item.split()[1] }}'
|
|
owner: squid
|
|
group: squid
|
|
mode: u=rwx,g=rx,o=
|
|
setype: squid_cache_t
|
|
state: directory
|
|
loop: '{{ squid_cache_dir|d([]) }}'
|
|
notify:
|
|
- restart squid
|
|
|
|
- name: ensure squid is configured
|
|
template:
|
|
src=squid.conf.j2
|
|
dest=/etc/squid/squid.conf
|
|
mode=0640
|
|
owner=root
|
|
group=squid
|
|
setype=squid_conf_t
|
|
notify:
|
|
- reload squid
|
|
|
|
- name: ensure squid systemd unit drop-in directory exists
|
|
file:
|
|
path: /etc/systemd/system/squid.service.d
|
|
owner: root
|
|
group: root
|
|
mode: u=rwx,go=rx
|
|
state: directory
|
|
tags:
|
|
- systemd
|
|
- name: ensure squid private tmp is configured
|
|
copy:
|
|
src: private-tmp.conf
|
|
dest: /etc/systemd/system/squid.service.d/private-tmp.conf
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,go=r
|
|
notify:
|
|
- reload systemd
|
|
tags:
|
|
- systemd
|
|
|
|
- meta: flush_handlers
|
|
- name: ensure squid service starts at boot
|
|
service:
|
|
name=squid
|
|
enabled=yes
|
|
- name: ensure squid is running
|
|
service:
|
|
name=squid
|
|
state=started
|
|
|
|
- name: ensure proxy is allowed through firewall
|
|
firewalld:
|
|
port=3128/tcp
|
|
permanent=no
|
|
immediate=yes
|
|
state=enabled
|
|
notify: save firewalld configuration
|
|
when: host_uses_firewalld|d(true)
|
|
tags:
|
|
- firewall
|