r/squid: Support custom cache rules

Instead of hard-coding a single cache directory and a set of refresh patterns, the *squid* role can now have custom cache rules defined with the `squid_cache_dir` variable (which now takes a list of `cache_dir` settings) and the `squid_refresh_pattern` variable (which takes a list of refresh patterns). If neither of these are defined, the default configuration is used. This is a breaking change, since `squid_cache_dir` used to refer to a directory, and the previous default was to configure one cache path. There are no extant users of this role, though, so it doesn't really matter.
2024-01-27 19:57:19 -06:00
parent af18a575d1
commit 1d94dc9528
4 changed files with 34 additions and 18 deletions
--- a/roles/squid/tasks/main.yml
+++ b/roles/squid/tasks/main.yml
@@ -7,12 +7,15 @@

 - name: ensure squid cache dir exists
  file:
-    path={{ squid_cache_dir }}
-    owner=squid
-    group=squid
-    mode=0750
-    setype=squid_cache_t
-    state=directory
+    path: '{{ item.split()[1] }}'
+    owner: squid
+    group: squid
+    mode: u=rwx,g=rx,o=
+    setype: squid_cache_t
+    state: directory
+  loop: '{{ squid_cache_dir|d([]) }}'
+  notify:
+  - initialize squid cache directories

 - name: ensure squid is configured
  template:
@@ -22,12 +25,9 @@
    owner=root
    group=squid
    setype=squid_conf_t
-  notify: reload squid
-
- name: ensure squid cache directory exists
-  command:
-    /usr/sbin/squid -N -z -F -f /etc/squid/squid.conf
-    creates={{ squid_cache_dir }}/00
+  notify:
+  - initialize squid cache directories
+  - reload squid

 - meta: flush_handlers
 - name: ensure squid service starts at boot
@@ -46,3 +46,6 @@
    immediate=yes
    state=enabled
  notify: save firewalld configuration
+  when: host_uses_firewalld|d(true)
+  tags:
+  - firewall