summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2017-08-26 17:32:18 +0200
committerJan Dittberner <jandd@cacert.org>2017-08-26 17:32:18 +0200
commita59e285093216a66e47364517cbf68de1206fc1d (patch)
tree5d5f068467b410cf5100df302c30da35b05f24bb
parent22ae2f3bc8c6359a71694380ee070640ebdf99ba (diff)
downloadcacert-puppet-a59e285093216a66e47364517cbf68de1206fc1d.tar.gz
cacert-puppet-a59e285093216a66e47364517cbf68de1206fc1d.tar.xz
cacert-puppet-a59e285093216a66e47364517cbf68de1206fc1d.zip
Fix hiera syntax, remove unwanted empty lines
-rw-r--r--hieradata/nodes/proxyout.yaml5
-rw-r--r--sitemodules/profiles/templates/squid/squid.conf.epp12
2 files changed, 8 insertions, 9 deletions
diff --git a/hieradata/nodes/proxyout.yaml b/hieradata/nodes/proxyout.yaml
index 27ff49b..c9b1bd6 100644
--- a/hieradata/nodes/proxyout.yaml
+++ b/hieradata/nodes/proxyout.yaml
@@ -4,12 +4,11 @@ classes:
profiles::base::admins:
- jandd
- law
-profiles::squid:
- acls:
+profiles::squid::acls:
- "localnet src 10.0.0.0/24"
- "debmirror dstdomain .debian.org"
- "debpgsql dstdomain apt.postgresql.org"
- "debpuppet dstdomain apt.puppetlabs.com"
- http_access:
+profiles::squid::http_access:
- "allow localnet debmirror"
- "allow localnet debpuppet"
diff --git a/sitemodules/profiles/templates/squid/squid.conf.epp b/sitemodules/profiles/templates/squid/squid.conf.epp
index da39138..4164e2d 100644
--- a/sitemodules/profiles/templates/squid/squid.conf.epp
+++ b/sitemodules/profiles/templates/squid/squid.conf.epp
@@ -984,9 +984,9 @@
#acl localnet src fc00::/7 # RFC 4193 local private network range
#acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
-<%- $acls.each |acl| { %>
-acl <%= $acl %>
-<% } -%>
+<%- $acls.each |$acl| { %>
+acl <%= $acl -%>
+<% } %>
acl SSL_ports port 443
acl Safe_ports port 80 # http
@@ -1199,9 +1199,9 @@ http_access deny to_localhost
# from where browsing should be allowed
#http_access allow localnet
http_access allow localhost
-<%- $http_access.each |access_rule| { %>
-http_access <%= $access_rule %>
-<% } -%>
+<%- $http_access.each |$access_rule| { %>
+http_access <%= $access_rule -%>
+<% } %>
# And finally deny all other access to this proxy
http_access deny all