jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-07-26 15:55:56 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2022-03-07 15:00

Browse Source
This commit is contained in:
Daniel Berteaud
2022-03-07 15:00:06 +01:00
parent 8b7e505180
commit be6bc20783
25 changed files with 253 additions and 120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
roles/squid/tasks/main.yml
View File

@@ -12,23 +12,23 @@
- name: Identify intercept HTTP ports (if any)
set_fact: squid_intercept_http_ports={{ squid_http_ports | selectattr('port','defined') | selectattr('mode','defined') | selectattr('mode','equalto','intercept') | map(attribute='port') | list }}
tags: [firewall,proxy]
tags: firewall,proxy
- name: Identify intercept HTTPS ports (if any)
set_fact: squid_intercept_https_ports={{ squid_https_ports | selectattr('port','defined') | selectattr('mode','defined') | selectattr('mode','equalto','intercept') | map(attribute='port') | list }}
tags: [firewall,proxy]
tags: firewall,proxy
- name: List HTTP ports
set_fact: squid_http_ports_list={{ squid_http_ports | selectattr('port','defined') | map(attribute='port') | list }}
tags: [firewall,proxy]
tags: firewall,proxy
- name: List HTTPS ports
set_fact: squid_https_ports_list={{ squid_https_ports | selectattr('port','defined') | map(attribute='port') | list }}
tags: [firewall,proxy]
tags: firewall,proxy
- name: List TCP port to handle
set_fact: squid_ports={{ squid_http_ports_list + squid_https_ports_list }}
tags: [firewall,proxy]
tags: firewall,proxy
- name: Add a NAT rule for transparent proxying of clear HTTP
iptables_raw:
@@ -37,7 +37,7 @@
table: nat
rules: "-A PREROUTING -p tcp -m multiport --dports {{ squid_nat_http_ports | join(',') }} ! -d {{ ansible_default_ipv4.address }} -j DNAT --to {{ ansible_default_ipv4.address }}:{{ squid_intercept_http_ports | first }}"
when: iptables_manage | default(True)
tags: [firewall,proxy]
tags: firewall,proxy
- name: Add a NAT rule for transparent proxying of HTTPS
iptables_raw:
@@ -46,7 +46,7 @@
table: nat
rules: "-A PREROUTING -p tcp -m multiport --dports {{ squid_nat_https_ports | join(',') }} ! -d {{ ansible_default_ipv4.address }} -j DNAT --to {{ ansible_default_ipv4.address }}:{{ squid_intercept_https_ports | first }}"
when: iptables_manage | default(True)
tags: [firewall,proxy]
tags: firewall,proxy
- name: Handle squid ports
iptables_raw:
@@ -54,7 +54,7 @@
state: "{{ (squid_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ squid_ports | join(',') }} -s {{ squid_src_ip | join(',') }} -j ACCEPT"
when: iptables_manage | default(True)
tags: [firewall,proxy]
tags: firewall,proxy
- name: Create TLS directory
file: path=/etc/squid/tls state=directory group=squid mode=750
@@ -182,8 +182,9 @@
when: squid_clam_unit.changed or squid_c_icap_unit.changed or squid_unit.changed
tags: proxy
- include: selinux.yml
- include_tasks: selinux.yml
when: ansible_selinux.status == 'enabled'
tags: always
- name: Create ufdbGuard log directory
file: path=/var/log/ufdbguard state=directory owner=ufdb group=ufdb mode=750
@@ -255,4 +256,5 @@
service: name={{ squid_ufdb_unit.stat.exists | ternary('ufdbGuard','ufdb') }} state={{ squid_filter_url | ternary('started','stopped') }} enabled={{ squid_filter_url | ternary(True,False) }}
tags: proxy
- include: filebeat.yml
- include_tasks: filebeat.yml
tags: always