add squid-proxy role

roles/squid-proxy/handlers/main.yml

@@ -0,0 +1,10 @@
+---
+- name: Restart squid
+  systemd:
+    name: squid
+    state: restarted
+
+- name: Restart nginx
+  systemd:
+    name: nginx
+    state: restarted

roles/squid-proxy/tasks/main.yml

@@ -0,0 +1,44 @@
+---
+- name: Ensure packages are installed
+  yum:
+    name:
+      - nginx
+      - squid
+
+- name: Configure squid
+  template:
+    src: squid.conf.j2
+    dest: /etc/squid/squid.conf
+    owner: root
+    group: root
+    mode: '0644'
+  notify:
+   - Restart squid
+
+- name: Configure nginx
+  template:
+    src: squid-proxy.conf.j2
+    dest: /etc/nginx/default.d/squid-proxy.conf
+    owner: root
+    group: root
+    mode: '0644'
+  notify:
+    - Restart nginx
+
+- name: Ensure firewall ports are opened
+  firewalld:
+    service: "{{ item }}"
+    permanent: yes
+    state: enabled
+  with_items:
+    - squid
+    - http
+
+- name: Ensure services are enabled
+  systemd:
+    name: "{{ item }}"
+    enabled: yes
+    state: started
+  with_items:
+    - squid
+    - nginx

roles/squid-proxy/templates/squid-proxy.conf.j2

@@ -0,0 +1,7 @@
+{% for repo in squid_repos %}
+location /{{ repo.location }}/ {
+    proxy_pass http://localhost:3128/{{ repo.proxy_path }}/;
+    proxy_set_header Host $host;
+}
+
+{% endfor %}

roles/squid-proxy/templates/squid.conf.j2

@@ -0,0 +1,9 @@
+http_port 3128 accel allow-direct defaultsite={{ squid_mirror_hostname }}
+cache_peer {{ squid_mirror_hostname }} parent 80 0 no-query originserver
+http_access allow all
+
+cache_dir ufs /var/spool/squid {{ squid_cache_gb|int * 1024 }} 16 256
+maximum_object_size 535388 KB
+range_offset_limit -1
+
+access_log /var/log/squid/access.log

roles/squid-proxy/vars/main.yml

@@ -0,0 +1,10 @@
+---
+squid_mirror_hostname: mirrors.ocf.berkeley.edu
+squid_cache_gb: 10
+
+squid_repos:
+  - location: fedora
+    proxy_path: fedora/fedora
+
+  - location: rpmfusion
+    proxy_path: rpmfusion