From 0c070c9807500f37a9d18abad7152f056ce20fc2 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sat, 29 Mar 2025 08:01:14 -0500
Subject: [PATCH] gw1/squid: Allow Unifi controller to internal repos

I've move the Unifi controller back to running on a Fedora Linux
machine.  It therefore needs access to Fedora RPM repositories, as well
as the internal "dch" RPM repository, for system packages.

I also created a new custom container image for the Unifi Network
software (the linuxserver.io one sucks), so the server needs access to
the OCI repo on Gitea.
---
 host_vars/gw1.pyrocufflink.blue/squid.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/host_vars/gw1.pyrocufflink.blue/squid.yml b/host_vars/gw1.pyrocufflink.blue/squid.yml
index c085d1a..df8b5dd 100644
--- a/host_vars/gw1.pyrocufflink.blue/squid.yml
+++ b/host_vars/gw1.pyrocufflink.blue/squid.yml
@@ -87,6 +87,10 @@ squid_http_access:
 - allow unifi_controller dockerhub
 - allow unifi_controller ghcr
 - allow unifi_controller linuxserverio
+- allow unifi_controller gitea
+- allow unifi_controller fedora_repo
+- allow unifi_controller dch_repo
+- allow unifi_controller grafana_rpm
 - allow trusted frigate github_api
 - deny all