added default config files for ubuntu+debian, make config files configurable

author: varac <varacanero@zeromail.org> 2013-07-31 11:09:44 +0200
committer: varac <varacanero@zeromail.org> 2013-07-31 11:09:44 +0200
commit: a67fdc33fee2e59d60ac08afe12d98812529c306 (patch)
tree: a83af040409304ddb65cc8d1d05e9dd5fa246055
parent: e796aac43aa9781069e167459253d040504c2092 (diff)
3 files changed, 194 insertions, 0 deletions
diff --git a/files/Debian/squid-deb-proxy.conf b/files/Debian/squid-deb-proxy.conf
new file mode 100644
index 0000000..2a528f8
--- /dev/null
+++ b/files/Debian/squid-deb-proxy.conf
@@ -0,0 +1,91 @@
+
+#       WELCOME TO SQUID DEB PROXY
+#       ------------------
+#
+#       This config file is a version of a squid proxy file optimized
+#	as a configuration for a caching proxy for Debian/Ubuntu systems.
+#
+#       More information about squid and its configuration can be found here
+#       http://www.squid-cache.org/ and in the FAQ
+
+# settings that you may want to customize
+# ---------------------------------------
+
+# this file contains private networks (10.0.0.0/8, 172.16.0.0/12,
+# 192.168.0.0/16) by default, you can add/remove additional allowed
+# source networks in it to customize it for your setup
+acl allowed_networks src "/etc/squid-deb-proxy/autogenerated/allowed-networks-src.acl"
+
+# this file contains the archive mirrors by default,
+# if you use a different mirror, add it there
+acl to_archive_mirrors dstdomain "/etc/squid-deb-proxy/autogenerated/mirror-dstdomain.acl"
+
+# this contains the package blacklist
+acl blockedpkgs urlpath_regex "/etc/squid-deb-proxy/autogenerated/pkg-blacklist-regexp.acl"
+
+# default to a different port than stock squid
+http_port 8000
+
+# -------------------------------------------------
+# settings below probably do not need customization
+
+# user visible name
+visible_hostname squid-deb-proxy
+
+# we need a big cache, some debs are huge
+maximum_object_size 512 MB
+
+# use a different dir than stock squid and default to 40G
+cache_dir aufs /var/cache/squid-deb-proxy 40000 16 256
+
+# use different logs
+cache_access_log /var/log/squid-deb-proxy/access.log
+cache_log /var/log/squid-deb-proxy/cache.log
+cache_store_log /var/log/squid-deb-proxy/store.log
+
+# tweaks to speed things up
+cache_mem 200 MB
+maximum_object_size_in_memory 10240 KB
+
+# pid
+pid_filename /var/run/squid-deb-proxy.pid
+
+# refresh pattern for debs and udebs
+refresh_pattern deb$   129600 100% 129600
+refresh_pattern udeb$   129600 100% 129600
+refresh_pattern tar.gz$  129600 100% 129600
+
+# always refresh Packages and Release files
+refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz)$ 0 0% 0
+refresh_pattern \/Release(|\.gpg)$ 0 0% 0
+refresh_pattern \/InRelease$ 0 0% 0
+
+# handle meta-release and changelogs.ubuntu.com special
+# (fine to have this on debian too)
+refresh_pattern changelogs.ubuntu.com/*  0  1% 1
+
+# only allow connects to ports for http, https
+acl Safe_ports port 80
+acl Safe_ports port 443 563   
+
+# only allow ports we trust
+http_access deny !Safe_ports
+
+# do not allow to download from the pkg blacklist
+http_access deny blockedpkgs
+
+# allow access only to official archive mirrors
+# uncomment the third and fouth line to permit any unlisted domain
+http_access deny !to_archive_mirrors
+#http_access allow !to_archive_mirrors
+
+# don't cache domains not listed in the mirrors file
+# uncomment the third and fourth line to cache any unlisted domains
+cache deny !to_archive_mirrors
+#cache allow !to_archive_mirrors
+
+# allow access from our network and localhost
+http_access allow allowed_networks
+
+# And finally deny all other access to this proxy
+http_access deny all
diff --git a/files/Ubuntu/squid-deb-proxy.conf b/files/Ubuntu/squid-deb-proxy.conf
new file mode 100644
index 0000000..ab5bac8
--- /dev/null
+++ b/files/Ubuntu/squid-deb-proxy.conf
@@ -0,0 +1,89 @@
+
+#       WELCOME TO SQUID DEB PROXY
+#       ------------------
+#
+#       This config file is a version of a squid proxy file optimized
+#	as a configuration for a caching proxy for Ubuntu systems.
+#
+#       More information about squid and its configuration can be found here
+#       http://www.squid-cache.org/ and in the FAQ
+
+# settings that you may want to customize
+# ---------------------------------------
+
+# this file contains private networks (10.0.0.0/8, 172.16.0.0/12,
+# 192.168.0.0/16) by default, you can add/remove additional allowed
+# source networks in it to customize it for your setup
+acl allowed_networks src "/etc/squid-deb-proxy/autogenerated/allowed-networks-src.acl"
+
+# this file contains the *archive.ubuntu.com mirrors by default,
+# if you use a different mirror, add it there
+acl to_ubuntu_mirrors dstdomain "/etc/squid-deb-proxy/autogenerated/mirror-dstdomain.acl"
+
+# this contains the package blacklist
+acl blockedpkgs urlpath_regex "/etc/squid-deb-proxy/autogenerated/pkg-blacklist-regexp.acl"
+
+# default to a different port than stock squid
+http_port 8000
+
+# -------------------------------------------------
+# settings below probably do not need customization
+
+# user visible name
+visible_hostname squid-deb-proxy
+
+# we need a big cache, some debs are huge
+maximum_object_size 512 MB
+
+# use a different dir than stock squid and default to 40G
+cache_dir aufs /var/cache/squid-deb-proxy 40000 16 256
+
+# use different logs
+cache_access_log /var/log/squid-deb-proxy/access.log
+cache_log /var/log/squid-deb-proxy/cache.log
+cache_store_log /var/log/squid-deb-proxy/store.log
+
+# tweaks to speed things up
+cache_mem 200 MB
+maximum_object_size_in_memory 10240 KB
+
+# pid
+pid_filename /var/run/squid-deb-proxy.pid
+
+# refresh pattern for debs and udebs
+refresh_pattern deb$   129600 100% 129600
+refresh_pattern udeb$   129600 100% 129600
+refresh_pattern tar.gz$  129600 100% 129600
+
+# always refresh Packages and Release files
+refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz)$ 0 0% 0
+refresh_pattern \/Release(|\.gpg)$ 0 0% 0
+
+# handle meta-release and changelogs.ubuntu.com special
+refresh_pattern changelogs.ubuntu.com/*  0  1% 1
+
+# only allow connects to ports for http, https
+acl Safe_ports port 80
+acl Safe_ports port 443 563   
+
+# only allow ports we trust
+http_access deny !Safe_ports
+
+# do not allow to download from the pkg blacklist
+http_access deny blockedpkgs
+
+# allow access only to official ubuntu mirrors
+# uncomment the third and fouth line to permit any unlisted domain
+http_access deny !to_ubuntu_mirrors
+#http_access allow !to_ubuntu_mirrors
+
+# don't cache domains not listed in the mirrors file
+# uncomment the third and fourth line to cache any unlisted domains
+cache deny !to_ubuntu_mirrors
+#cache allow !to_ubuntu_mirrors
+
+# allow access from our network and localhost
+http_access allow allowed_networks
+
+# And finally deny all other access to this proxy
+http_access deny all
diff --git a/manifests/server.pp b/manifests/server.pp
index 62d41c8..94e65f3 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -15,4 +15,18 @@ class squid_deb_proxy::server {
     notify  => Service[ 'squid-deb-proxy' ],
     require => Package[ 'squid-deb-proxy' ],
   }
+
+  file {'/etc/squid-deb-proxy/allowed-networks-src.acl.d/20-custom':
+    source  => [ 'puppet:///modules/site_squid_deb_proxy/allowed-networks-src.acl.d/20-custom',
+      'puppet:///modules/squid_deb_proxy/allowed-networks-src.acl.d/20-custom' ],
+    notify  => Service[ 'squid-deb-proxy' ],
+    require => Package[ 'squid-deb-proxy' ],
+  }
+
+  file { '/etc/squid-deb-proxy/squid-deb-proxy.conf':
+    source  => [ "puppet:///modules/site_squid_deb_proxy/${::operatingsystem}/squid-deb-proxy.conf",
+      "puppet:///modules/squid_deb_proxy/${::operatingsystem}/squid-deb-proxy.conf" ],
+    notify  => Service[ 'squid-deb-proxy' ],
+    require => Package[ 'squid-deb-proxy' ],
+  }
 }
author	varac <varacanero@zeromail.org>	2013-07-31 11:09:44 +0200
committer	varac <varacanero@zeromail.org>	2013-07-31 11:09:44 +0200
commit	a67fdc33fee2e59d60ac08afe12d98812529c306 (patch)
tree	a83af040409304ddb65cc8d1d05e9dd5fa246055
parent	e796aac43aa9781069e167459253d040504c2092 (diff)