Create own role for the usersquid http_proxy functionality

2025-03-31 18:13:50 +02:00 · 2025-03-31 18:13:50 +02:00 · ce40cb885f
commit ce40cb885f
parent 68215897a6
10 changed files with 584 additions and 535 deletions
--- a/roles/lmn_vm/files/usersquid.service
+++ b/roles/lmn_vm/files/usersquid.service
@ -1,11 +0,0 @@
-[Unit]
-Description=Run squid in usermode using user kerberos ticket
-
-[Service]
-Type=simple
-ExecStart=/usr/local/bin/startusersquid.sh
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=xdg-desktop-autostart.target
--- a/roles/lmn_vm/tasks/main.yml
+++ b/roles/lmn_vm/tasks/main.yml
@ -126,44 +126,6 @@
    content: |
      D /var/tmp/vm 1777 root root -

- name: Install squid
-  ansible.builtin.apt:
-    name:
-      - squid
-
- name: Disable squid
-  ansible.builtin.systemd:
-    name: squid
-    enabled: false
-    state: stopped
-
- name: Deploy squid user mode configuration
-  ansible.builtin.template:
-    src: "{{ item }}.j2"
-    dest: "/etc/squid/{{ item }}"
-    mode: '0644'
-  loop:
-    - squid-usermode.conf
-    - squid-usermode-external.conf
-
- name: Deploy startusersquid script
-  ansible.builtin.template:
-    src: startusersquid.sh.j2
-    dest: /usr/local/bin/startusersquid.sh
-    mode: '0755'
-
- name: Provide usersquid service
-  ansible.builtin.copy:
-    src: usersquid.service
-    dest: /etc/systemd/user/usersquid.service
-    mode: '0644'
-
- name: Enable usersquid service
-  ansible.builtin.systemd:
-    name: usersquid.service
-    scope: global
-    enabled: true
-
 - name: Deploy sudo configurations
  ansible.builtin.copy:
    src: "{{ item }}"
--- a/roles/lmn_vm/templates/squid-usermode-external.conf.j2
+++ b/roles/lmn_vm/templates/squid-usermode-external.conf.j2
@ -1,12 +0,0 @@
-acl local-servers dstdomain .{{ domain }}
-cache_peer firewall.{{ domain }} parent 3128 0 no-query default login=NEGOTIATE auth-no-keytab
-never_direct deny local-servers
-always_direct allow all
-#access_log stdio:/tmp/access.log squid
-access_log none
-cache_log /dev/null
-logfile_rotate 0
-pid_filename none
-http_port 192.168.122.1:3128
-http_port 127.0.0.1:3128
-http_access allow all
--- a/roles/lmn_vm/templates/squid-usermode.conf.j2
+++ b/roles/lmn_vm/templates/squid-usermode.conf.j2
@ -1,12 +0,0 @@
-acl local-servers dstdomain .{{ domain }}
-cache_peer firewall.{{ domain }} parent 3128 0 no-query default login=NEGOTIATE auth-no-keytab
-never_direct deny local-servers
-never_direct allow all
-#access_log stdio:/tmp/access.log squid
-access_log none
-cache_log /dev/null
-logfile_rotate 0
-pid_filename none
-http_port 192.168.122.1:3128
-http_port 127.0.0.1:3128
-http_access allow all
--- a/roles/lmn_vm/templates/startusersquid.sh.j2
+++ b/roles/lmn_vm/templates/startusersquid.sh.j2
@ -1,8 +0,0 @@
-#!/usr/bin/bash
-#
-
-if nslookup firewall.{{ domain }}; then
-   /usr/sbin/squid --foreground -f /etc/squid/squid-usermode.conf
-else
-   /usr/sbin/squid --foreground -f /etc/squid/squid-usermode-external.conf
-fi