path: root/squid/squid.cf

#! /usr/bin/cfengine -qf

control:
    OutputPrefix    = ("${cf_prefix}")
    actionsequence  = ( editfiles )
    AddInstallable  = ( squid_reload )
    EditfileSize    = ( 150000 )

editfiles:
    any::
    { /etc/squid/squid.conf
        DefineClasses "squid_reload"
        #
        # maximum_object_size 64 MB
        #
        WarnIfNoLineMatching "^#? ?maximum_object_size[[:blank:]].*"
        BeginGroupIfNoLineMatching "^#? ?maximum_object_size[[:blank:]].*"
            Append "maximum_object_size 64 MB # Added by CFengine $(date)"
        EndGroup
        LocateLineMatching "^#? ?maximum_object_size[[:blank:]].*"
        BeginGroupIfNoLineMatching "^[[:blank:]]*maximum_object_size[[:blank:]]+64 MB[[:blank:]]*(#.*)$"
            ReplaceLineWith "maximum_object_size 64 MB # Tweaked by CFengine $(date)"
        EndGroup
        #
        # cache_dir ufs /var/spool/squid 1000 16 256
        #
        ResetSearch "1"
        WarnIfNoLineMatching "^#? ?cache_dir[[:blank:]].*"
        BeginGroupIfNoLineMatching "^#? ?cache_dir[[:blank:]].*"
            Append "cache_dir ufs /var/spool/squid 1000 16 256 # Added by CFengine $(date)"
        EndGroup
        LocateLineMatching "^#? ?cache_dir[[:blank:]].*"
        BeginGroupIfNoLineMatching "^[[:blank:]]*cache_dir[[:blank:]]+ufs /var/spool/squid 1000 16 256[[:blank:]]*(#.*)$"
            ReplaceLineWith "cache_dir ufs /var/spool/squid 1000 16 256 # Tweaked by CFengine $(date)"
        EndGroup
        #
        # acl our_networks src 80.208.177.0/24 192.168.101.0/24 192.168.102.0/24 192.168.103.0/24
        # http_access allow our_networks
        #
        ResetSearch "1"
        WarnIfNoLineMatching "^#? ?acl[[:blank:]]+our_networks[[:blank:]]+src[[:blank:]].*"
        BeginGroupIfNoLineMatching "^#? ?acl[[:blank:]]+our_networks[[:blank:]]+src[[:blank:]].*"
            Append "acl our_networks src 80.208.177.0/24 192.168.101.0/24 192.168.102.0/24 192.168.103.0/24 # Added by CFengine $(date)"
        EndGroup
        LocateLineMatching "^#? ?acl[[:blank:]]+our_networks[[:blank:]]+src[[:blank:]].*"
        BeginGroupIfNoLineMatching "^[[:blank:]]*acl[[:blank:]]+our_networks[[:blank:]]+src[[:blank:]]80.208.177.0/24 192.168.101.0/24 192.168.102.0/24 192.168.103.0/24[[:blank:]]*(#.*)$"
            ReplaceLineWith "acl our_networks src 80.208.177.0/24 192.168.101.0/24 192.168.102.0/24 192.168.103.0/24 # Tweaked by CFengine $(date)"
        EndGroup
        WarnIfNoLineMatching "^#? ?http_access[[:blank:]]+allow[[:blank:]]+our_networks[[:blank:]]*(#.*)?$"
        BeginGroupIfNoLineMatching "^#? ?http_access[[:blank:]]+allow[[:blank:]]+our_networks[[:blank:]]*(#.*)?$"
            Append "http_access allow our_networks # Added by CFengine $(date)"
        EndGroup
        LocateLineMatching "^#? ?http_access[[:blank:]]+allow[[:blank:]]+our_networks[[:blank:]]*(#.*)?$"
        BeginGroupIfNoLineMatching "^http_access[[:blank:]]+allow[[:blank:]]+our_networks[[:blank:]]*(#.*)?$"
            ReplaceLineWith "acl our_networks src 192.168.0.0/16 # Tweaked by CFengine $(date)"
        EndGroup
    }
processes:
    "squid" restart "/etc/init.d/squid restart"
shellcommands:
    squid_reload::
    "/etc/init.d/squid force-reload"