summaryrefslogtreecommitdiff
path: root/hieradata
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2017-08-26 17:18:38 +0200
committerJan Dittberner <jandd@cacert.org>2017-08-26 17:18:38 +0200
commit22ae2f3bc8c6359a71694380ee070640ebdf99ba (patch)
tree7ae19e96d774fd1fdb756b8bb0f19e32347e7111 /hieradata
parent0971e020ea28a876b67b0b02c7cd5e8126ebb20b (diff)
downloadcacert-puppet-22ae2f3bc8c6359a71694380ee070640ebdf99ba.tar.gz
cacert-puppet-22ae2f3bc8c6359a71694380ee070640ebdf99ba.tar.xz
cacert-puppet-22ae2f3bc8c6359a71694380ee070640ebdf99ba.zip
Add ACLs for squid on proxyout
Diffstat (limited to 'hieradata')
-rw-r--r--hieradata/nodes/proxyout.yaml9
1 files changed, 9 insertions, 0 deletions
diff --git a/hieradata/nodes/proxyout.yaml b/hieradata/nodes/proxyout.yaml
index 47c228c..27ff49b 100644
--- a/hieradata/nodes/proxyout.yaml
+++ b/hieradata/nodes/proxyout.yaml
@@ -4,3 +4,12 @@ classes:
profiles::base::admins:
- jandd
- law
+profiles::squid:
+ acls:
+ - "localnet src 10.0.0.0/24"
+ - "debmirror dstdomain .debian.org"
+ - "debpgsql dstdomain apt.postgresql.org"
+ - "debpuppet dstdomain apt.puppetlabs.com"
+ http_access:
+ - "allow localnet debmirror"
+ - "allow localnet debpuppet"