Add 'installbox' configuration.

roles/transparent-squid/files/store_id_regex.conf

@@ -0,0 +1,2 @@
+^http:\/\/.+\/(.+\.deb)	http://debian.mirrors.squid.internal/Archive-http/$1
+^http:\/\/.+\/(.+\.udeb)	http://debian.mirrors.squid.internal/Archive-http/$1

roles/transparent-squid/handlers/main.yml

@@ -0,0 +1,3 @@
+- name: restart squid
+  service: name=squid state=restarted enabled=yes
+  listen: "restart squid"

roles/transparent-squid/tasks/main.yml

@@ -0,0 +1,62 @@
+- name: install squid package
+  apt:
+    name: squid
+    state: latest
+
+- name: configure squid extra lines
+  lineinfile:
+    dest: /etc/squid/squid.conf
+    line: "{{ item.line }}"
+    insertafter: "{{ item.insertafter }}"
+  with_items:
+    - { line: "acl localnet src 192.168.0.0/16", insertafter: "#acl localnet src 192.168.0.0/16" }
+    - { line: "http_access allow localnet", insertafter: "#http_access allow localnet" }
+    - { line: "http_port 3129 intercept", insertafter: "http_port 3128" }
+    - { line: "maximum_object_size_in_memory 10240 KB", insertafter: "# maximum_object_size_in_memory" }
+    - { line: "maximum_object_size 512 MB", insertafter: "# maximum_object_size" }
+    - { line: "cache_dir aufs /var/spool/squid 20000 16 256", insertafter: "#cache_dir ufs /var/spool/squid" }
+  notify: "restart squid"
+
+- name: configure squid store IDs
+  blockinfile:
+    dest: /etc/squid/squid.conf
+    insertbefore: "TAG: store_miss"
+    block: |
+      store_id_program /usr/lib/squid/storeid_file_rewrite /etc/squid/store_id_regex.conf
+      store_id_bypass off
+      acl Ordinary http_status 200-299
+      send_hit deny !Ordinary
+      store_miss deny !Ordinary
+    marker: "# {mark} ANSIBLE MANAGED BLOCK store_id"
+  notify: "restart squid"
+
+- name: provide store_id_regex.conf
+  copy:
+    src: store_id_regex.conf
+    dest: /etc/squid/store_id_regex.conf
+  notify: "restart squid"
+
+- name: configure squid as package cache
+  blockinfile:
+    dest: /etc/squid/squid.conf
+    insertbefore: "# Add any of your own refresh_pattern entries above these."
+    block: |
+      # refresh pattern for debs and udebs
+      refresh_pattern deb$ 129600 100% 129600
+      refresh_pattern udeb$ 129600 100% 129600
+      refresh_pattern tar.gz$ 129600 100% 129600
+      refresh_pattern tar.xz$ 129600 100% 129600
+      refresh_pattern tar.bz2$ 129600 100% 129600
+      # always refresh Packages and Release files
+      refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
+      refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
+      refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
+      refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0
+    marker: "# {mark} ANSIBLE MANAGED BLOCK refresh_pattern"
+  notify: "restart squid"
+
+- name: redirect www traffic in shorewall
+  lineinfile:
+    dest: /etc/shorewall/rules
+    line: "REDIRECT	loc		3129		tcp	www"
+  notify: "restart shorewall"