Add ACLs for squid on proxyout

author: Jan Dittberner <jandd@cacert.org> 2017-08-26 17:18:38 +0200
committer: Jan Dittberner <jandd@cacert.org> 2017-08-26 17:18:38 +0200
commit: 22ae2f3bc8c6359a71694380ee070640ebdf99ba (patch)
tree: 7ae19e96d774fd1fdb756b8bb0f19e32347e7111 /hieradata/nodes
parent: 0971e020ea28a876b67b0b02c7cd5e8126ebb20b (diff)
download: cacert-puppet-22ae2f3bc8c6359a71694380ee070640ebdf99ba.tar.gz
cacert-puppet-22ae2f3bc8c6359a71694380ee070640ebdf99ba.tar.xz
cacert-puppet-22ae2f3bc8c6359a71694380ee070640ebdf99ba.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/hieradata/nodes/proxyout.yaml b/hieradata/nodes/proxyout.yaml
index 47c228c..27ff49b 100644
--- a/hieradata/nodes/proxyout.yaml
+++ b/hieradata/nodes/proxyout.yaml
@@ -4,3 +4,12 @@ classes:
 profiles::base::admins:
   - jandd
   - law
+profiles::squid:
+  acls:
+    - "localnet src 10.0.0.0/24"
+    - "debmirror dstdomain .debian.org"
+    - "debpgsql dstdomain apt.postgresql.org"
+    - "debpuppet dstdomain apt.puppetlabs.com"
+  http_access:
+    - "allow localnet debmirror"
+    - "allow localnet debpuppet"
author	Jan Dittberner <jandd@cacert.org>	2017-08-26 17:18:38 +0200
committer	Jan Dittberner <jandd@cacert.org>	2017-08-26 17:18:38 +0200
commit	22ae2f3bc8c6359a71694380ee070640ebdf99ba (patch)
tree	7ae19e96d774fd1fdb756b8bb0f19e32347e7111 /hieradata/nodes
parent	0971e020ea28a876b67b0b02c7cd5e8126ebb20b (diff)
download	cacert-puppet-22ae2f3bc8c6359a71694380ee070640ebdf99ba.tar.gz cacert-puppet-22ae2f3bc8c6359a71694380ee070640ebdf99ba.tar.xz cacert-puppet-22ae2f3bc8c6359a71694380ee070640ebdf99ba.zip