dustin/configpolicy
1
1
Fork 0
Code Issues Releases Activity

gw1: squid: Allow access to FCOS update servers

Browse Source 
*unifi2.pyrocufflink.blue*, which is connected to the management
network, can only access the Internet via the proxy.  In order for
Zincati/`rpm-ostree` to automatically update the machine, the proxy
needs to allow access to the FCOS update servers.
This commit is contained in:
Dustin
2024-06-12 18:52:54 -05:00
parent 74e4a4d898
commit 9365fd2dd5
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
host_vars/gw1.pyrocufflink.blue/squid.yml
View File

@@ -12,6 +12,9 @@ squid_acl:
- 'port 443 # https' - 'port 443 # https'
CONNECT: CONNECT:
- method CONNECT - method CONNECT
fcos_updates:
- dstdomain updates.coreos.fedoraproject.org
- dstdomain ostree.fedoraproject.org
fedora_repo: fedora_repo:
- dstdomain mirrors.fedoraproject.org - dstdomain mirrors.fedoraproject.org
- dstdomain dl.fedoraproject.org - dstdomain dl.fedoraproject.org
@@ -27,6 +30,7 @@ squid_http_access:
- allow localhost manager - allow localhost manager
- deny manager - deny manager
- deny to_localhost - deny to_localhost
- allow localnet fcos_updates
- allow localnet fedora_repo - allow localnet fedora_repo
- allow localnet grafana_rpm - allow localnet grafana_rpm
- allow google_fonts - allow google_fonts