From 3250628cd1bc68f77978a21fbdc8501d42373ebc Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Mon, 12 Aug 2024 18:07:31 -0500 Subject: [PATCH] gw1/squid: Allow NVR servers access to repos The Frigate NVR servers, prod & test, need to be able to access Fedora COPR (for the *gasket-dkms* package) and Github Container Registry (for Frigate itself). --- host_vars/gw1.pyrocufflink.blue/squid.yml | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/host_vars/gw1.pyrocufflink.blue/squid.yml b/host_vars/gw1.pyrocufflink.blue/squid.yml index 05ab766..90d36f6 100644 --- a/host_vars/gw1.pyrocufflink.blue/squid.yml +++ b/host_vars/gw1.pyrocufflink.blue/squid.yml @@ -7,6 +7,8 @@ squid_acl: - 'src fe80::/10 # RFC 4291 link-local (directly plugged) machines' trusted: - src 172.30.0.0/26 + - src 172.30.0.211/32 + - src 172.30.0.214/32 kubernetes: - src 172.30.0.160/28 unifi_controller: @@ -29,6 +31,9 @@ squid_acl: - dstdomain dl.fedoraproject.org - dstdomain fedoraproject-updates-archive.fedoraproject.org - dstdomain mirrors.fedoraproject.org + fedora_copr: + - dstdomain copr.fedorainfracloud.org + - dstdomain download.copr.fedorainfracloud.org dch_repo: - url_regex files.pyrocufflink.blue/yum/.+ google_fonts: @@ -43,10 +48,11 @@ squid_acl: - dstdomain docker.io - dstdomain auth.docker.io - dstdomain production.cloudflare.docker.com - linuxserverio: - - dstdomain lscr.io + ghcr: - dstdomain ghcr.io - dstdomain pkg-containers.githubusercontent.com + linuxserverio: + - dstdomain lscr.io squid_http_access: - 'deny !Safe_ports' @@ -56,12 +62,15 @@ squid_http_access: - deny to_localhost - allow localnet fcos_updates - allow localnet fedora_repo +- allow localnet fedora_copr - allow localnet grafana_rpm - allow google_fonts - allow trusted kickstart - allow trusted dch_repo +- allow trusted ghcr - allow kubernetes stripe_api - allow unifi_controller dockerhub +- allow unifi_controller ghcr - allow unifi_controller linuxserverio - deny all