Dustin C. Hatch
74e4a4d898
The `squid.service` systemd unit now correctly initializes the configured cache directories, so we do not need to do it explicitly before starting the server.
72 lines
1.4 KiB
YAML
72 lines
1.4 KiB
YAML
- name: ensure squid is installed
|
|
package:
|
|
name=squid
|
|
state=present
|
|
tags:
|
|
- install
|
|
|
|
- name: ensure squid cache dir exists
|
|
file:
|
|
path: '{{ item.split()[1] }}'
|
|
owner: squid
|
|
group: squid
|
|
mode: u=rwx,g=rx,o=
|
|
setype: squid_cache_t
|
|
state: directory
|
|
loop: '{{ squid_cache_dir|d([]) }}'
|
|
notify:
|
|
- restart squid
|
|
|
|
- name: ensure squid is configured
|
|
template:
|
|
src=squid.conf.j2
|
|
dest=/etc/squid/squid.conf
|
|
mode=0640
|
|
owner=root
|
|
group=squid
|
|
setype=squid_conf_t
|
|
notify:
|
|
- reload squid
|
|
|
|
- name: ensure squid systemd unit drop-in directory exists
|
|
file:
|
|
path: /etc/systemd/system/squid.service.d
|
|
owner: root
|
|
group: root
|
|
mode: u=rwx,go=rx
|
|
state: directory
|
|
tags:
|
|
- systemd
|
|
- name: ensure squid private tmp is configured
|
|
copy:
|
|
src: private-tmp.conf
|
|
dest: /etc/systemd/system/squid.service.d/private-tmp.conf
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,go=r
|
|
notify:
|
|
- reload systemd
|
|
tags:
|
|
- systemd
|
|
|
|
- meta: flush_handlers
|
|
- name: ensure squid service starts at boot
|
|
service:
|
|
name=squid
|
|
enabled=yes
|
|
- name: ensure squid is running
|
|
service:
|
|
name=squid
|
|
state=started
|
|
|
|
- name: ensure proxy is allowed through firewall
|
|
firewalld:
|
|
port=3128/tcp
|
|
permanent=no
|
|
immediate=yes
|
|
state=enabled
|
|
notify: save firewalld configuration
|
|
when: host_uses_firewalld|d(true)
|
|
tags:
|
|
- firewall
|