r/squid: Support custom ACLs and rules

The default set of access control lists and access rules for Squid are
fine for allowing hosts on the local network access to the web in
general.  For other uses, such as web filtering, etc. more complex rules
may be needed.  To that end, the *squid* role now supports some
additional variables.  Notably, `squid_acl` contains a map of ACL names
to list entries and `squid_http_access` contains a list of access rules.
If these are set, their corresponding defaults are not included in the
rendered configuration file.

roles/squid/defaults/main.yml

@@ -5,3 +5,4 @@ squid_cache_dir: /var/cache/squid
 squid_cache_dir_max_size: 51200
 squid_cache_dir_l1: 16
 squid_cache_dir_l2: 256
+squid_access_log: syslog:daemon.info

roles/squid/templates/squid.conf.j2

@@ -1,3 +1,4 @@
+{% if squid_acl is not defined %}
 #
 # Recommended minimum configuration:
 #
@@ -23,8 +24,17 @@ acl Safe_ports port 488		# gss-http
 acl Safe_ports port 591		# filemaker
 acl Safe_ports port 777		# multiling http
 acl CONNECT method CONNECT
+{% else %}
+{% for name in squid_acl %}
 
-access_log syslog:daemon.info
+{% for acl in squid_acl[name] %}
+acl {{ name }} {{ acl }}
+{% endfor %}
+{% endfor %}
+{% endif %}
+
+access_log {{ squid_access_log }}
+{% if squid_http_access is not defined %}
 #
 # Recommended minimum Access Permission configuration:
 #
@@ -55,6 +65,11 @@ http_access allow localhost
 
 # And finally deny all other access to this proxy
 http_access deny all
+{% else %}
+{% for rule in squid_http_access %}
+http_access {{ rule }}
+{% endfor %}
+{% endif %}
 
 # Squid normally listens to port 3128
 http_port 3128