Init proxy role

24 files changed, 395 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index 128b382..14e112d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,4 +5,5 @@ roles/mtaserver/files/credentials
 roles/reverseproxy/vars/email.yml
 roles/clients/files/credentials
 roles/proxy/files/certs
+roles/proxy/vars/email.yml
 .jabbersecrets
diff --git a/host_vars/192.168.0.25 b/host_vars/192.168.0.25
index 6c347e9..fcf0fec 100644
--- a/host_vars/192.168.0.25
+++ b/host_vars/192.168.0.25
@@ -19,3 +19,20 @@ domainhttps:
   - mirror.casperlefantom.net
   - nsa.admin.casperlefantom.net
   - bt1.admin.casperlefantom.net
+# proxy
+revport: 4435
+revports: 4433
+auxport:
+  - 4433
+  - 4434
+peers:
+  - [ '8085', 'onion1', 'vhost_onion1', 'd72vewh3wa4lwpaj.onion' ]
+  - [ '8087', 'casper-site', 'vhost_casper-site', 'casperlefantom.net blog.casperlefantom.net' ]
+  - [ '8084', 'dl', 'vhost_dl', 'dl.casperlefantom.net dl.home.casperlefantom.net mwyjtiphky5em4yp.onion' ]
+  - [ '8091', 'mirror', 'vhost_mirror', 'mirror.casperlefantom.net mirror.home.casperlefantom.net pmstfd4f6s5bm2xq.onion' ]
+  - [ '8089', 'searx', 'vhost_searx', 'search.casperlefantom.net nrybuqtxgxnavtla.onion search.home.casperlefantom.net' ]
+  - [ '9090', 'cockpit', 'vhost_cockpit', 'nsa.admin.casperlefantom.net' ]
+  - [ '8092', 'cirrus', 'vhost_cirrus', 'cirrus.casperlefantom.net w77rtjmn4c4oggn6.onion' ]
+peerssl:
+  - [ '8086', 'onion2', 'vhost_onion2', 'lfa3azuyprfdawxf.onion' ]
+  - [ '8088', 'jays-site', 'vhost_jays-site', 'jaysfoodventure.com www.jaysfoodventure.com admin.jaysfoodventure.com' ]
diff --git a/host_vars/51.15.179.153 b/host_vars/51.15.179.153
index 8c4ac94..afaf598 100644
--- a/host_vars/51.15.179.153
+++ b/host_vars/51.15.179.153
@@ -11,3 +11,8 @@ domainhttps:
   - ntp4.casperlefantom.net
   - nsd.admin.casperlefantom.net
   - bt2.admin.casperlefantom.net
+# proxy
+revport: 4435
+revports: 4433
+peers:
+  - [ '9090', 'cockpit', 'vhost_cockpit', 'nsd.admin.casperlefantom.net' ]
diff --git a/host_vars/bpr7drsao5vozzr5.onion b/host_vars/bpr7drsao5vozzr5.onion
index 8c4ac94..afaf598 100644
--- a/host_vars/bpr7drsao5vozzr5.onion
+++ b/host_vars/bpr7drsao5vozzr5.onion
@@ -11,3 +11,8 @@ domainhttps:
   - ntp4.casperlefantom.net
   - nsd.admin.casperlefantom.net
   - bt2.admin.casperlefantom.net
+# proxy
+revport: 4435
+revports: 4433
+peers:
+  - [ '9090', 'cockpit', 'vhost_cockpit', 'nsd.admin.casperlefantom.net' ]
diff --git a/host_vars/d72vewh3wa4lwpaj.onion b/host_vars/d72vewh3wa4lwpaj.onion
index 6c347e9..fcf0fec 100644
--- a/host_vars/d72vewh3wa4lwpaj.onion
+++ b/host_vars/d72vewh3wa4lwpaj.onion
@@ -19,3 +19,20 @@ domainhttps:
   - mirror.casperlefantom.net
   - nsa.admin.casperlefantom.net
   - bt1.admin.casperlefantom.net
+# proxy
+revport: 4435
+revports: 4433
+auxport:
+  - 4433
+  - 4434
+peers:
+  - [ '8085', 'onion1', 'vhost_onion1', 'd72vewh3wa4lwpaj.onion' ]
+  - [ '8087', 'casper-site', 'vhost_casper-site', 'casperlefantom.net blog.casperlefantom.net' ]
+  - [ '8084', 'dl', 'vhost_dl', 'dl.casperlefantom.net dl.home.casperlefantom.net mwyjtiphky5em4yp.onion' ]
+  - [ '8091', 'mirror', 'vhost_mirror', 'mirror.casperlefantom.net mirror.home.casperlefantom.net pmstfd4f6s5bm2xq.onion' ]
+  - [ '8089', 'searx', 'vhost_searx', 'search.casperlefantom.net nrybuqtxgxnavtla.onion search.home.casperlefantom.net' ]
+  - [ '9090', 'cockpit', 'vhost_cockpit', 'nsa.admin.casperlefantom.net' ]
+  - [ '8092', 'cirrus', 'vhost_cirrus', 'cirrus.casperlefantom.net w77rtjmn4c4oggn6.onion' ]
+peerssl:
+  - [ '8086', 'onion2', 'vhost_onion2', 'lfa3azuyprfdawxf.onion' ]
+  - [ '8088', 'jays-site', 'vhost_jays-site', 'jaysfoodventure.com www.jaysfoodventure.com admin.jaysfoodventure.com' ]
diff --git a/host_vars/manchester.casperlefantom.net b/host_vars/manchester.casperlefantom.net
index 6c347e9..fcf0fec 100644
--- a/host_vars/manchester.casperlefantom.net
+++ b/host_vars/manchester.casperlefantom.net
@@ -19,3 +19,20 @@ domainhttps:
   - mirror.casperlefantom.net
   - nsa.admin.casperlefantom.net
   - bt1.admin.casperlefantom.net
+# proxy
+revport: 4435
+revports: 4433
+auxport:
+  - 4433
+  - 4434
+peers:
+  - [ '8085', 'onion1', 'vhost_onion1', 'd72vewh3wa4lwpaj.onion' ]
+  - [ '8087', 'casper-site', 'vhost_casper-site', 'casperlefantom.net blog.casperlefantom.net' ]
+  - [ '8084', 'dl', 'vhost_dl', 'dl.casperlefantom.net dl.home.casperlefantom.net mwyjtiphky5em4yp.onion' ]
+  - [ '8091', 'mirror', 'vhost_mirror', 'mirror.casperlefantom.net mirror.home.casperlefantom.net pmstfd4f6s5bm2xq.onion' ]
+  - [ '8089', 'searx', 'vhost_searx', 'search.casperlefantom.net nrybuqtxgxnavtla.onion search.home.casperlefantom.net' ]
+  - [ '9090', 'cockpit', 'vhost_cockpit', 'nsa.admin.casperlefantom.net' ]
+  - [ '8092', 'cirrus', 'vhost_cirrus', 'cirrus.casperlefantom.net w77rtjmn4c4oggn6.onion' ]
+peerssl:
+  - [ '8086', 'onion2', 'vhost_onion2', 'lfa3azuyprfdawxf.onion' ]
+  - [ '8088', 'jays-site', 'vhost_jays-site', 'jaysfoodventure.com www.jaysfoodventure.com admin.jaysfoodventure.com' ]
diff --git a/host_vars/manchester.home.casperlefantom.net b/host_vars/manchester.home.casperlefantom.net
index 6c347e9..fcf0fec 100644
--- a/host_vars/manchester.home.casperlefantom.net
+++ b/host_vars/manchester.home.casperlefantom.net
@@ -19,3 +19,20 @@ domainhttps:
   - mirror.casperlefantom.net
   - nsa.admin.casperlefantom.net
   - bt1.admin.casperlefantom.net
+# proxy
+revport: 4435
+revports: 4433
+auxport:
+  - 4433
+  - 4434
+peers:
+  - [ '8085', 'onion1', 'vhost_onion1', 'd72vewh3wa4lwpaj.onion' ]
+  - [ '8087', 'casper-site', 'vhost_casper-site', 'casperlefantom.net blog.casperlefantom.net' ]
+  - [ '8084', 'dl', 'vhost_dl', 'dl.casperlefantom.net dl.home.casperlefantom.net mwyjtiphky5em4yp.onion' ]
+  - [ '8091', 'mirror', 'vhost_mirror', 'mirror.casperlefantom.net mirror.home.casperlefantom.net pmstfd4f6s5bm2xq.onion' ]
+  - [ '8089', 'searx', 'vhost_searx', 'search.casperlefantom.net nrybuqtxgxnavtla.onion search.home.casperlefantom.net' ]
+  - [ '9090', 'cockpit', 'vhost_cockpit', 'nsa.admin.casperlefantom.net' ]
+  - [ '8092', 'cirrus', 'vhost_cirrus', 'cirrus.casperlefantom.net w77rtjmn4c4oggn6.onion' ]
+peerssl:
+  - [ '8086', 'onion2', 'vhost_onion2', 'lfa3azuyprfdawxf.onion' ]
+  - [ '8088', 'jays-site', 'vhost_jays-site', 'jaysfoodventure.com www.jaysfoodventure.com admin.jaysfoodventure.com' ]
diff --git a/host_vars/ns4.casperlefantom.net b/host_vars/ns4.casperlefantom.net
index 8c4ac94..afaf598 100644
--- a/host_vars/ns4.casperlefantom.net
+++ b/host_vars/ns4.casperlefantom.net
@@ -11,3 +11,8 @@ domainhttps:
   - ntp4.casperlefantom.net
   - nsd.admin.casperlefantom.net
   - bt2.admin.casperlefantom.net
+# proxy
+revport: 4435
+revports: 4433
+peers:
+  - [ '9090', 'cockpit', 'vhost_cockpit', 'nsd.admin.casperlefantom.net' ]
diff --git a/proxy.yml b/proxy.yml
new file mode 100644
index 0000000..266817d
--- /dev/null
+++ b/proxy.yml
@@ -0,0 +1,5 @@
+- hosts: proxy
+  remote_user: root
+  any_errors_fatal: true
+  roles:
+    - proxy
diff --git a/roles/clients/tasks/host.yml b/roles/clients/tasks/host.yml
new file mode 100644
index 0000000..dbb9dad
--- /dev/null
+++ b/roles/clients/tasks/host.yml
@@ -0,0 +1,13 @@
+- name: Configuration du fichier hôtes IPv4 pour le dev
+  lineinfile:
+    path: /etc/hosts
+    create: yes
+    state: present
+    line: '127.0.0.1 casperdev.home.casperlefantom.net cirrusdev.home.casperlefantom.net jaydev.home.casperlefantom.net'
+
+- name: Configuration du fichier hôtes IPv6 pour le dev
+  lineinfile:
+    path: /etc/hosts
+    create: yes
+    state: present
+    line: '::1 casperdev.home.casperlefantom.net cirrusdev.home.casperlefantom.net jaydev.home.casperlefantom.net'
diff --git a/roles/clients/tasks/main.yml b/roles/clients/tasks/main.yml
index 03dbdee..d1478d7 100644
--- a/roles/clients/tasks/main.yml
+++ b/roles/clients/tasks/main.yml
@@ -7,6 +7,9 @@
 - name: Utilisation de la swap sysctl
   import_tasks: sysctl.yml
 
+- name: Configuration du fichier hôte
+  import_tasks: host.yml
+
 - name: Installation de KDE
   import_tasks: kde.yml
 
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 48e6964..f638e35 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -19,6 +19,7 @@
 ## ipv6 default address unavailable
 ##- name: Configuration du fichier hôte
 ##  import_tasks: host.yml
+## attention le template va écraser un setup depuis le role clients
 
 - name: Configurations variables fichier setvars
   import_tasks: setvars.yml
diff --git a/roles/proxy/defaults/main.yml b/roles/proxy/defaults/main.yml
new file mode 100644
index 0000000..53f1dec
--- /dev/null
+++ b/roles/proxy/defaults/main.yml
@@ -0,0 +1,15 @@
+fwdport: 8200
+revport: 80
+revports: 443
+crtversion: 1
+peers:
+  - [ '9090', 'cockpit', 'vhost_cockpit', 'localhost' ]
+  - [ '8101', 'casper-site-dev', 'vhost_casper-site', 'casperdev.home.casperlefantom.net' ]
+  - [ '8102', 'cirrus-dev', 'vhost_cirrus', 'cirrusdev.home.casperlefantom.net' ]
+peerssl:
+  - [ '8103', 'jays-site-dev', 'vhost_jays-site', 'jaydev.home.casperlefantom.net' ]
+iface:
+  - 127.0.0.1
+  - "[::1]"
+  - "{{ ansible_default_ipv4.address }}"
+  - "[{{ ansible_default_ipv6.address }}]"
diff --git a/roles/proxy/files/squid.service b/roles/proxy/files/squid.service
new file mode 100644
index 0000000..d8c2316
--- /dev/null
+++ b/roles/proxy/files/squid.service
@@ -0,0 +1,3 @@
+.include /lib/systemd/system/squid.service
+[Unit]
+Requires=network-online.target
diff --git a/roles/proxy/handlers/main.yml b/roles/proxy/handlers/main.yml
new file mode 100644
index 0000000..a7cdf5b
--- /dev/null
+++ b/roles/proxy/handlers/main.yml
@@ -0,0 +1,2 @@
+- import_tasks: squid.yml
+- import_tasks: systemd.yml
diff --git a/roles/proxy/handlers/squid.yml b/roles/proxy/handlers/squid.yml
new file mode 100644
index 0000000..83cd718
--- /dev/null
+++ b/roles/proxy/handlers/squid.yml
@@ -0,0 +1,9 @@
+- name: reload squid
+  service:
+    name: squid
+    state: reloaded
+
+- name: restart squid
+  service:
+    name: squid
+    state: restarted
diff --git a/roles/proxy/handlers/systemd.yml b/roles/proxy/handlers/systemd.yml
new file mode 100644
index 0000000..d81fdba
--- /dev/null
+++ b/roles/proxy/handlers/systemd.yml
@@ -0,0 +1,2 @@
+- name: reload systemd
+  command: /usr/bin/systemctl --system daemon-reload
diff --git a/roles/proxy/tasks/config.yml b/roles/proxy/tasks/config.yml
new file mode 100644
index 0000000..09d3767
--- /dev/null
+++ b/roles/proxy/tasks/config.yml
@@ -0,0 +1,38 @@
+- name: Configuration de squid
+  template: src=squid.conf.j2 dest=/etc/squid/squid.conf
+            owner=root
+            group=squid
+            mode=640
+  notify: restart squid
+
+- name: Installation de l'unité systemd
+  copy:
+    src: squid.service
+    dest: /etc/systemd/system/
+    owner: root
+    group: root
+    mode: 0644
+  notify: reload systemd
+
+# à voir pour restarter tous les services impactés si un changement
+# est détecté
+# ou bien mettre des tâches d'update de cert LE dans les rôles correspondants
+# aux services impactés (get file non-fatal)
+- name: Installation des fichiers certificat
+  copy:
+    src: "certs/{{ item }}"
+    dest: /etc/pki/tls/certs/
+    owner: root
+    group: root
+    mode: 0644
+  with_items:
+    - "casperlefantom.{{ crtversion }}.crt"
+    - dhparam-4096.pem
+
+- name: Installation des fichiers clé
+  copy:
+    src: "certs/casperlefantom.{{ crtversion }}.key"
+    dest: /etc/pki/tls/private/
+    owner: 0990
+    group: root
+    mode: 0440
diff --git a/roles/proxy/tasks/fw.yml b/roles/proxy/tasks/fw.yml
new file mode 100644
index 0000000..eef417a
--- /dev/null
+++ b/roles/proxy/tasks/fw.yml
@@ -0,0 +1,19 @@
+- name: Ouverture des ports principaux dans Firewalld
+  firewalld:
+    port: "{{ item }}/tcp"
+    permanent: true
+    state: enabled
+    immediate: true
+  with_items:
+    - "{{ revport }}"
+    - "{{ revports }}"
+
+- name: Ouverture des ports auxiliaires Firewalld
+  firewalld:
+    port: "{{ item }}/tcp"
+    permanent: true
+    state: enabled
+    immediate: true
+  with_items:
+    - "{{ auxport }}"
+  when: auxport is defined
diff --git a/roles/proxy/tasks/main.yml b/roles/proxy/tasks/main.yml
new file mode 100644
index 0000000..41f3f61
--- /dev/null
+++ b/roles/proxy/tasks/main.yml
@@ -0,0 +1,7 @@
+- name: Loading hidden variables
+  include_vars: email.yml
+
+- import_tasks: pkgs.yml
+- import_tasks: config.yml
+- import_tasks: fw.yml
+- import_tasks: services.yml
diff --git a/roles/proxy/tasks/pkgs.yml b/roles/proxy/tasks/pkgs.yml
new file mode 100644
index 0000000..036721c
--- /dev/null
+++ b/roles/proxy/tasks/pkgs.yml
@@ -0,0 +1,9 @@
+- name: Installation de squid
+  package:
+    name: squid
+    state: present
+
+- name: Installation de cockpit
+  package:
+    name: cockpit
+    state: present
diff --git a/roles/proxy/tasks/services.yml b/roles/proxy/tasks/services.yml
new file mode 100644
index 0000000..240ceee
--- /dev/null
+++ b/roles/proxy/tasks/services.yml
@@ -0,0 +1,14 @@
+- name: Activation et démarrage du service squid
+  service:
+    name: squid
+    state: started
+    enabled: yes
+
+- name: Activation et démarrage du service cockpit
+  service:
+    name: "{{ item }}"
+    state: started
+    enabled: yes
+  with_items:
+    - cockpit.service
+    - cockpit.socket
diff --git a/roles/proxy/templates/squid.conf.j2 b/roles/proxy/templates/squid.conf.j2
new file mode 100644
index 0000000..bc7c43d
--- /dev/null
+++ b/roles/proxy/templates/squid.conf.j2
@@ -0,0 +1,170 @@
+# Mode forward proxy
+##http_port {{ ansible_default_ipv4.address }}:{{ fwdport }}
+##http_port [{{ ansible_default_ipv6.address }}]:{{ fwdport }}
+
+
+# Mode reverse proxy
+{% if auxport is defined %}
+{% for item in auxport %}
+http_port 127.0.0.1:{{ item }} accel ignore-cc
+http_port [::1]:{{ item }} accel ignore-cc
+{% endfor %}
+{% endif %}
+
+
+{% for item in iface %}
+http_port {{ item }}:{{ revport }} accel ignore-cc
+https_port {{ item }}:{{ revports }} accel ignore-cc  \
+           cert=/etc/pki/tls/certs/casperlefantom.{{ crtversion }}.crt   \
+           key=/etc/pki/tls/private/casperlefantom.{{ crtversion }}.key  \
+           tls-dh=secp256k1:/etc/pki/tls/certs/dhparam-4096.pem  \
+           crlfile=/etc/pki/tls/certs/crt-crl.pem         \
+           cipher=HIGH:!aNULL:!MD5:!RC4                   \
+           options=NO_SSLv3,CIPHER_SERVER_PREFERENCE      \
+           sslflags=DELAYED_AUTH
+
+{% endfor %}
+
+
+{% for peer in peers %}
+cache_peer 127.0.0.1 parent {{ peer.0 }} 0 no-query originserver no-digest name={{ peer.1 }}
+acl {{ peer.2 }} dstdomain {{ peer.3 }}
+cache_peer_access {{ peer.1 }} allow {{ peer.2 }}
+http_access allow {{ peer.2 }}
+
+{% endfor %}
+
+{% for peer in peerssl %}
+cache_peer 127.0.0.1 parent {{ peer.0 }} 0 no-query originserver no-digest  \
+           tls                                                      \
+           sslflags=DONT_VERIFY_PEER                                \
+           name={{ peer.1 }}
+acl {{ peer.2 }} dstdomain {{ peer.3 }}
+cache_peer_access {{ peer.1 }} allow {{ peer.2 }}
+http_access allow {{ peer.2 }}
+
+{% endfor %}
+
+# remove headers
+reply_header_access Allow allow all
+reply_header_access WWW-Authenticate allow all
+reply_header_access Proxy-Authenticate allow all
+reply_header_access Cache-Control allow all
+reply_header_access Content-Encoding allow all
+reply_header_access Content-Length allow all
+reply_header_access Content-Type allow all
+reply_header_access Date allow all
+reply_header_access Expires allow all
+reply_header_access Last-Modified allow all
+reply_header_access Location allow all
+reply_header_access Pragma allow all
+reply_header_access Content-Language allow all
+reply_header_access Retry-After allow all
+reply_header_access Title allow all
+reply_header_access Content-Disposition allow all
+reply_header_access Connection allow all
+reply_header_access Link allow all
+reply_header_access Etag allow all
+reply_header_access Keep-Alive allow all
+reply_header_access Transfer-Encoding allow all
+reply_header_access X-Robots-Tag allow all
+reply_header_access Accept-Ranges allow all
+reply_header_access Set-Cookie allow all
+reply_header_access X-Frame-Options allow all
+reply_header_access Referrer-Policy allow all
+reply_header_access Content-Security-Policy allow all
+reply_header_access X-Pingback allow all
+reply_header_access All deny all
+
+
+# logs
+access_log syslog:daemon.info  \
+           logformat=combined
+cache_store_log syslog:daemon.info
+debug_options ALL,2
+
+# infos admin
+cache_mgr {{ email }}
+visible_hostname {{ ansible_hostname }}.casperlefantom.net
+httpd_suppress_version_string on
+
+# augmenter la taille des objets
+maximum_object_size 6 MB
+cache_dir aufs /var/spool/squid 2048 16 256
+
+#
+# Recommended minimum configuration:
+#
+
+# Example rule allowing access from your local networks.
+# Adapt to list your (internal) IP networks from where browsing
+# should be allowed
+acl localnet src 0.0.0.1-0.255.255.255	# RFC 1122 "this" network (LAN)
+acl localnet src 10.0.0.0/8		# RFC 1918 local private network (LAN)
+acl localnet src 100.64.0.0/10		# RFC 6598 shared address space (CGN)
+acl localhet src 169.254.0.0/16 	# RFC 3927 link-local (directly plugged) machines
+acl localnet src 172.16.0.0/12		# RFC 1918 local private network (LAN)
+acl localnet src 192.168.0.0/16		# RFC 1918 local private network (LAN)
+acl localnet src fc00::/7       	# RFC 4193 local private network range
+acl localnet src fe80::/10      	# RFC 4291 link-local (directly plugged) machines
+
+acl SSL_ports port 443
+acl Safe_ports port 80		# http
+acl Safe_ports port 21		# ftp
+acl Safe_ports port 443		# https
+acl Safe_ports port 70		# gopher
+acl Safe_ports port 210		# wais
+acl Safe_ports port 1025-65535	# unregistered ports
+acl Safe_ports port 280		# http-mgmt
+acl Safe_ports port 488		# gss-http
+acl Safe_ports port 591		# filemaker
+acl Safe_ports port 777		# multiling http
+acl CONNECT method CONNECT
+
+#
+# Recommended minimum Access Permission configuration:
+#
+# Deny requests to certain unsafe ports
+http_access deny !Safe_ports
+
+# Deny CONNECT to other than secure SSL ports
+http_access deny CONNECT !SSL_ports
+
+# Only allow cachemgr access from localhost
+http_access allow localhost manager
+http_access deny manager
+
+# We strongly recommend the following be uncommented to protect innocent
+# web applications running on the proxy server who think the only
+# one who can access services on "localhost" is a local user
+#http_access deny to_localhost
+
+#
+# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
+#
+
+# Example rule allowing access from your local networks.
+# Adapt localnet in the ACL section to list your (internal) IP networks
+# from where browsing should be allowed
+##http_access allow localnet
+http_access allow localhost
+
+# And finally deny all other access to this proxy
+http_access deny all
+
+# Squid normally listens to port 3128
+##http_port 3128
+
+# Uncomment and adjust the following to add a disk cache directory.
+#cache_dir ufs /var/spool/squid 100 16 256
+
+# Leave coredumps in the first cache dir
+coredump_dir /var/spool/squid
+
+#
+# Add any of your own refresh_pattern entries above these.
+#
+refresh_pattern ^ftp:		1440	20%	10080
+refresh_pattern ^gopher:	1440	0%	1440
+refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
+refresh_pattern .		0	20%	4320
diff --git a/site.yml b/site.yml
index adf64da..ab61d8d 100644
--- a/site.yml
+++ b/site.yml
@@ -12,6 +12,7 @@
 - import_playbook: dnsserver.yml
 - import_playbook: torrelay.yml
 - import_playbook: bittorrent.yml
+- import_playbook: proxy.yml
 - import_playbook: reverseproxy.yml
 # modules at and jabber not working
 #- import_playbook: update.yml