-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsetup-squid-content-filter.sls
117 lines (103 loc) · 3.19 KB
/
setup-squid-content-filter.sls
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
{%- set squid_default_namespace = 't128-squid' %}
{%- set squid_default_interface = 'squid' %}
Install packages required for content filtering:
pkg.installed:
- pkgs:
- squid
- squidGuard
- lighttpd
Setup namespace variable:
file.managed:
- name: /etc/sysconfig/128T-squid-content-filter
contents: |
SQUID_NAMESPACE={{ pillar['squid-namespace'] | default(squid_default_namespace) }}
Setup squid config file:
file.managed:
- name: /etc/squid/squid.conf
user: root
group: squid
source: salt://files/squid.conf
Setup SquidGuard configuration:
file.managed:
- name: /etc/squid/squidGuard.conf
user: root
group: squid
source: salt://files/squidGuard.conf
Setup lighttpd configuration:
file.managed:
- name: /etc/lighttpd/lighttpd.conf
source: salt://files/lighttpd.conf
Setup squid KNI init script:
file.managed:
- name: /etc/128technology/plugins/network-scripts/host/{{ pillar['squid-interface'] | default(squid_default_interface) }}/init
source: salt://files/squid-content-filter-init
mode: 744
makedirs: True
Setup 128t-squid service:
file.managed:
- name: /etc/systemd/system/128t-squid-content-filter.service
source: salt://files/128t-squid-content-filter.service
Setup 128t-lighttpd service:
file.managed:
- name: /etc/systemd/system/128t-lighttpd-content-filter.service
source: salt://files/128t-lighttpd-content-filter.service
Setup lighttpd block page:
file.managed:
- name: /var/www/lighttpd/block.html
source: salt://files/block.html
Setup blocked-domains:
file.managed:
- name: /var/squidGuard/blacklists/blocked-domains
makedirs: True
user: squid
group: squid
{%- if pillar.get('squid_blocked_domains') %}
contents_pillar: squid_blocked_domains
{%- else %}
contents: ''
contents_newline: False
{%- endif %}
Setup blocked-urls:
file.managed:
- name: /var/squidGuard/blacklists/blocked-urls
makedirs: True
user: squid
group: squid
{%- if pillar.get('squid_blocked_urls') %}
contents_pillar: squid_blocked_urls
{%- else %}
contents: ''
contents_newline: False
{%- endif %}
Setup blocked-regex:
file.managed:
- name: /var/squidGuard/blacklists/blocked-regex
makedirs: True
user: squid
group: squid
{%- if pillar.get('squid_blocked_regex') %}
contents_pillar: squid_blocked_regex
{%- else %}
contents: ''
contents_newline: False
{%- endif %}
Recreate squid database:
cmd.run:
- name: /usr/bin/squidGuard -b -d -C all
onchanges:
- file: /var/squidGuard/blacklists/blocked-domains
- file: /var/squidGuard/blacklists/blocked-urls
- file: /var/squidGuard/blacklists/blocked-regex
Set ownership of SquidGuard databases:
cmd.run:
- name: /usr/bin/chown -R squid:squid /var/squidGuard/blacklists
onchanges:
- cmd: Recreate squid database
{%- if salt['service.status']('128t-squid-content-filter') %}
# Only do this if we detected the service is already running
Restarting squid to pickup changes:
service.running:
- name: 128t-squid-content-filter
watch:
- cmd: Recreate squid database
{%- endif %}