From fefa85c83bc43dc6fcfcae4d33ead5e75295bd57 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Thu, 3 Jul 2025 17:38:06 -0500
Subject: [PATCH] gw1: squid: Allow access to PXE/kickstarts

The PXE server now hosts the kickstart scripts.
---
 host_vars/gw1.pyrocufflink.blue/squid.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/host_vars/gw1.pyrocufflink.blue/squid.yml b/host_vars/gw1.pyrocufflink.blue/squid.yml
index df8b5dd..9e3ff35 100644
--- a/host_vars/gw1.pyrocufflink.blue/squid.yml
+++ b/host_vars/gw1.pyrocufflink.blue/squid.yml
@@ -19,6 +19,7 @@ squid_acl:
   - src 172.30.0.160/28
   unifi_controller:
   - src 172.30.0.242/32
+  - src 172.30.0.251/32
   SSL_ports:
   - port 443
   Safe_ports:
@@ -33,6 +34,7 @@ squid_acl:
   kickstart:
   - url_regex rosalina.pyrocufflink.blue/~dustin/kickstart/.*\.ks$
   - url_regex git.pyrocufflink.net/infra/kickstart/raw/.*/.*\.ks$
+  - url_regex pxe.pyrocufflink.blue/kickstart/.*/.*\.ks$
   fcos_updates:
   - dstdomain d2uk5hbyrobdzx.cloudfront.net
   - dstdomain ostree.fedoraproject.org