#! /usr/bin/cfengine -qf

control:
	OutputPrefix	= ("${cf_prefix}")
	actionsequence	= ( editfiles )
	AddInstallable	= ( squid_reload )
	EditfileSize	= ( 150000 )

editfiles:
    any::
	{ /etc/squid/squid.conf
		DefineClasses "squid_reload"
		#
		# maximum_object_size 64 MB
		#
		WarnIfNoLineMatching "^#? ?maximum_object_size[[:blank:]].*"
		BeginGroupIfNoLineMatching "^#? ?maximum_object_size[[:blank:]].*"
			Append "maximum_object_size 64 MB # Added by CFengine $(date)"
		EndGroup
		LocateLineMatching "^#? ?maximum_object_size[[:blank:]].*"
		BeginGroupIfNoLineMatching "^[[:blank:]]*maximum_object_size[[:blank:]]+64 MB[[:blank:]]*(#.*)$"
			ReplaceLineWith "maximum_object_size 64 MB # Tweaked by CFengine $(date)"
		EndGroup
		#
		# cache_dir ufs /var/spool/squid 1000 16 256
		#
		ResetSearch "1"
		WarnIfNoLineMatching "^#? ?cache_dir[[:blank:]].*"
		BeginGroupIfNoLineMatching "^#? ?cache_dir[[:blank:]].*"
			Append "cache_dir ufs /var/spool/squid 1000 16 256 # Added by CFengine $(date)"
		EndGroup
		LocateLineMatching "^#? ?cache_dir[[:blank:]].*"
		BeginGroupIfNoLineMatching "^[[:blank:]]*cache_dir[[:blank:]]+ufs /var/spool/squid 1000 16 256[[:blank:]]*(#.*)$"
			ReplaceLineWith "cache_dir ufs /var/spool/squid 1000 16 256 # Tweaked by CFengine $(date)"
		EndGroup
		#
		# acl our_networks src 80.208.177.0/24 192.168.101.0/24 192.168.102.0/24 192.168.103.0/24
		# http_access allow our_networks
		#
		ResetSearch "1"
		WarnIfNoLineMatching "^#? ?acl[[:blank:]]+our_networks[[:blank:]]+src[[:blank:]].*"
		BeginGroupIfNoLineMatching "^#? ?acl[[:blank:]]+our_networks[[:blank:]]+src[[:blank:]].*"
			Append "acl our_networks src 80.208.177.0/24 192.168.101.0/24 192.168.102.0/24 192.168.103.0/24 # Added by CFengine $(date)"
		EndGroup
		LocateLineMatching "^#? ?acl[[:blank:]]+our_networks[[:blank:]]+src[[:blank:]].*"
		BeginGroupIfNoLineMatching "^[[:blank:]]*acl[[:blank:]]+our_networks[[:blank:]]+src[[:blank:]]80.208.177.0/24 192.168.101.0/24 192.168.102.0/24 192.168.103.0/24[[:blank:]]*(#.*)$"
			ReplaceLineWith "acl our_networks src 80.208.177.0/24 192.168.101.0/24 192.168.102.0/24 192.168.103.0/24 # Tweaked by CFengine $(date)"
		EndGroup
		WarnIfNoLineMatching "^#? ?http_access[[:blank:]]+allow[[:blank:]]+our_networks[[:blank:]]*(#.*)?$"
		BeginGroupIfNoLineMatching "^#? ?http_access[[:blank:]]+allow[[:blank:]]+our_networks[[:blank:]]*(#.*)?$"
			Append "http_access allow our_networks # Added by CFengine $(date)"
		EndGroup
		LocateLineMatching "^#? ?http_access[[:blank:]]+allow[[:blank:]]+our_networks[[:blank:]]*(#.*)?$"
		BeginGroupIfNoLineMatching "^http_access[[:blank:]]+allow[[:blank:]]+our_networks[[:blank:]]*(#.*)?$"
			ReplaceLineWith "acl our_networks src 192.168.0.0/16 # Tweaked by CFengine $(date)"
		EndGroup
	}
processes:
	"squid"	restart "/etc/init.d/squid restart"
shellcommands:
    squid_reload::
	"/etc/init.d/squid force-reload"