Merge pull request saltstack-formulas#7 from 1exx/master

Little improvements
saw-leipzig · Jun 11, 2015 · 158597b · 158597b
2 parents 2323172 + 8766dbc
commit 158597b
Show file tree

Hide file tree

Showing 3 changed files with 81 additions and 33 deletions.
diff --git a/pillar.example b/pillar.example
@@ -1,20 +1,42 @@
 squid:
+  example_rule: True
+
+  http_port:
+     - 3128
+     - 127.0.0.1:8080
+
   cache_mgr_user: username
   cache_mgr_password: password
+
   src_acl:
-    aclname:
+    src_aclname:
       - src1
       - src2
-  post_acl:
-    aclname:
+
+  port_acl:
+    port_aclname:
       - port1
       - port2
-  deny:
-    - deny1
-    - deny2
-  allow:
-    - allow1
-    - allow2
+
+  dst_acl:
+    dst_aclname:
+      - dst1
+      - dst2
+
+  dstdomain_acl:
+    dstdomain_aclname:
+      - .example.com
+      - .example.org
+
+  http_access:
+    - allow src1
+    - deny src2 dstdomain_aclname
+    - allow all
+
+  cache_dir: cache_dir ufs /home/squid/cache 1000 16 256
+
+  visible_hostname: some.name
+
   extra_configuration: |
     refresh_pattern bla       0   20% 4320
     refresh_pattern foo       0   20% 4320
diff --git a/squid/files/squid.conf b/squid/files/squid.conf
@@ -1,3 +1,7 @@
+# This file managed by Salt , do not edit by hand!!
+{%- set cfg_squid = salt['pillar.get']('squid', {}) -%}
+{%- set example_rule = cfg_squid.get('example_rule', True) -%}
+{% from "squid/map.jinja" import map with context %}
 #
 # Recommended minimum configuration:
 #
@@ -30,30 +34,18 @@ acl Safe_ports port 777		# multiling http
 acl CONNECT method CONNECT
 
 # Set cache manager user and password
-{%- if salt['pillar.get']('squid:cache_mgr_user', False) %}
-cache_mgr {{ salt['pillar.get']('squid:cache_mgr_user', {}) }}
+{%- if cfg_squid.get('cache_mgr_user', False) %}
+cache_mgr {{ cfg_squid.get('cache_mgr_user', {}) }}
 {%- else %}
 # cache manager user was not defined
 {%- endif %}
 
-{%- if salt['pillar.get']('squid:cache_mgr_password', False) %}
-cachemgr_passwd {{ salt['pillar.get']('squid:cache_mgr_password', {}) }} all 
+{%- if cfg_squid.get('cache_mgr_password', False) %}
+cachemgr_passwd {{ cfg_squid.get('cache_mgr_password', {}) }} all
 {%- else %}
 # cache manager password was not defined
 {%- endif %}
 
-{% for acl, sources in salt['pillar.get']('squid:src_acl', {}) %}
-{% for src in sources %}
-acl {{acl}} src {{src}}
-{% endfor %}
-{% endfor %}
-
-{% for acl, ports in salt['pillar.get']('squid:port_acl', {}) %}
-{% for port in ports %}
-acl {{acl}} port {{port}}
-{% endfor %}
-{% endfor %}
-
 #
 # Recommended minimum Access Permission configuration:
 #
@@ -75,32 +67,56 @@ http_access deny manager
 #
 # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
 #
-
+{% if example_rule %}
 # Example rule allowing access from your local networks.
 # Adapt localnet in the ACL section to list your (internal) IP networks
 # from where browsing should be allowed
 http_access allow localnet
 http_access allow localhost
+{%  endif %}
 
-{% for deny in salt['pillar.get']('squid:deny', []) %}
-http_access deny {{deny}}
+{%- for acl, ports in cfg_squid.get('port_acl', {}).items() %}
+{%- for port in ports %}
+acl {{acl}} port {{port}}
+{%- endfor %}
+{% endfor %}
+
+{%- for acl, sources in cfg_squid.get('src_acl', {}).items() %}
+{%- for src in sources %}
+acl {{acl}} src {{src}}
+{%- endfor %}
 {% endfor %}
 
-{% for allow in salt['pillar.get']('squid:allow', []) %}
-http_access allow {{allow}}
+{%- for acl, destinations in cfg_squid.get('dst_acl', {}).items() %}
+{%- for dst in destinations %}
+acl {{acl}} dst {{dst}}
+{%- endfor %}
 {% endfor %}
 
+{%- for acl, domains in cfg_squid.get('dstdomain_acl', {}).items() %}
+{%- for domain in domains %}
+acl {{acl}} dstdomain {{domain}}
+{%- endfor %}
+{% endfor %}
+
+{%- for rule in cfg_squid.get('http_access', []) %}
+http_access {{rule}}
+{%- endfor %}
+
 # And finally deny all other access to this proxy
 http_access deny all
 
 # Squid normally listens to port 3128
-http_port 3128
+{%- for http_port in cfg_squid.get('http_port', ['3128']) %}
+http_port {{http_port}}
+{%- endfor %}
 
 # Uncomment and adjust the following to add a disk cache directory.
 #cache_dir ufs /var/cache/squid 256 16 256
+{{ cfg_squid.get('cache_dir', '') }}
 
 # Leave coredumps in the first cache dir
-coredump_dir /var/cache/squid
+coredump_dir {{map.cache}}
 
 #
 # Add any of your own refresh_pattern entries above these.
@@ -110,4 +126,6 @@ refresh_pattern ^gopher:	1440	0%	1440
 refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
 refresh_pattern .		0	20%	4320
 
-{{ salt['pillar.get']('squid:extra_configuration', '') }}
+{{ cfg_squid.get('extra_configuration', '') }}
+
+visible_hostname {{ cfg_squid.get('visible_hostname', salt['grains.get']('id')) }}
diff --git a/squid/map.jinja b/squid/map.jinja
@@ -4,5 +4,13 @@
         'service': 'squid3',
         'conf_dir': '/etc/squid3',
         'conf_file': 'squid.conf',
+        'cache': '/var/spool/squid',
     },
+    'FreeBSD': {
+        'pkgs': ['squid'],
+        'service': 'squid',
+        'conf_dir': '/usr/local/etc/squid',
+        'conf_file': 'squid.conf',
+        'cache': '/var/squid/cache',
+     },
 }, grain='os', merge=salt['pillar.get']('squid:lookup')) %}