From 52ca7ccb120da29a04431418ebd6c73592142533 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sat, 23 Jul 2016 16:04:43 -0400
Subject: [PATCH 01/11] start config for splash

---
 roles/network/templates/squid/squid-xs.conf.j2 | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/roles/network/templates/squid/squid-xs.conf.j2 b/roles/network/templates/squid/squid-xs.conf.j2
index 05d362da..8a9b2b54 100755
--- a/roles/network/templates/squid/squid-xs.conf.j2
+++ b/roles/network/templates/squid/squid-xs.conf.j2
@@ -203,6 +203,19 @@ persistent_request_timeout  1 minute
 client_lifetime    1 hour
 ident_timeout      10 seconds
 
+##################################
+# config splash page
+# mind the wrap. this is one line:
+external_acl_type splash_page ttl=60 concurrency=100 %SRC /usr/lib64/squid/ext_session_acl -t 7200 -b /var/lib/squid/session.db
+#
+acl existing_users external splash_page
+#
+http_access deny !existing_users
+#
+# # Deny page to display
+deny_info 511:/var/www/html/xs-portal existing_users
+##################################
+
 http_access allow manager localhost
 http_access deny manager
 

From 65df8fb14732974b8e3c532b6f51b9010f679cf5 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sat, 23 Jul 2016 19:40:32 -0400
Subject: [PATCH 02/11] add config to squid_xs.conf

---
 roles/0-once/templates/local_facts.fact.j2     | 8 ++++++++
 roles/1-prep/tasks/computed_vars.yml           | 6 ++++++
 roles/network/defaults/main.yml                | 1 +
 roles/network/tasks/main.yml                   | 9 +++++++++
 roles/network/templates/gateway/portal.j2      | 1 +
 roles/network/templates/squid/squid-xs.conf.j2 | 4 ++--
 6 files changed, 27 insertions(+), 2 deletions(-)
 create mode 100644 roles/network/templates/gateway/portal.j2

diff --git a/roles/0-once/templates/local_facts.fact.j2 b/roles/0-once/templates/local_facts.fact.j2
index 04958b78..6f2f47d9 100644
--- a/roles/0-once/templates/local_facts.fact.j2
+++ b/roles/0-once/templates/local_facts.fact.j2
@@ -20,6 +20,13 @@ else
   PHPLIB_DIR=/usr/lib/php
 fi
 
+if [ -d /usr/lib64/squid ]
+then
+  SQUID_DIR=/usr/lib64/squid
+else
+  SQUID_DIR=/usr/lib/squid
+fi
+
 if [ -f /proc/device-tree/mfg-data/MN ]
 then
   XO_VERSION=`cat /proc/device-tree/mfg-data/MN`
@@ -48,6 +55,7 @@ fi
 ANSIBLE_VERSION=$(ansible --version|head -n 1|cut -f 2 -d " ")
 cat <<EOF
 {"phplib_dir"             : "$PHPLIB_DIR",
+"squid_dir"               : "$SQUID_DIR",
 "xsce_branch"             : "$BRANCH",
 "xsce_commit"             : "$COMMIT",
 "xsce_uuid"               : "$UUID",
diff --git a/roles/1-prep/tasks/computed_vars.yml b/roles/1-prep/tasks/computed_vars.yml
index 57375092..b32612e5 100644
--- a/roles/1-prep/tasks/computed_vars.yml
+++ b/roles/1-prep/tasks/computed_vars.yml
@@ -94,6 +94,12 @@
     docker_enabled: True
   when: schooltool_enabled or schooltool_install
 
+- name: Turn on squid if capture_enabled
+  set_fact:
+    squid_install: True
+    squid_enabled: True
+  when: capture_enabled
+
 # for various reasons the mysql service can not be enabled on fedora 20,
 # but 'mariadb', which is its real name can
 # on fedora 18 we need to use 'mysqld'
diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml
index a45c4ec4..8279ba13 100644
--- a/roles/network/defaults/main.yml
+++ b/roles/network/defaults/main.yml
@@ -9,3 +9,4 @@ host_wifi_mode: g
 host_channel: 6
 host_wireless_n: False
 host_country_code: US
+capture_enabled: False
diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml
index 78e07d8a..c063d4e8 100644
--- a/roles/network/tasks/main.yml
+++ b/roles/network/tasks/main.yml
@@ -106,6 +106,15 @@
   tags:
     - network
 
+- name: Configure misc
+  template: src={{ item.src }}
+            dest={{ item.dest }}
+            owner=root
+            group=root
+            mode={{ item.mode }}
+  with_items:
+   - { src: 'gateway/portal.j2', dest: '/etc/xsce/portal', mode: '0644' }
+
 - include: computed_services.yml
   tags:
     - network
diff --git a/roles/network/templates/gateway/portal.j2 b/roles/network/templates/gateway/portal.j2
new file mode 100644
index 00000000..209e9a19
--- /dev/null
+++ b/roles/network/templates/gateway/portal.j2
@@ -0,0 +1 @@
+{{ xsce_home_url }}
diff --git a/roles/network/templates/squid/squid-xs.conf.j2 b/roles/network/templates/squid/squid-xs.conf.j2
index 8a9b2b54..be934b8d 100755
--- a/roles/network/templates/squid/squid-xs.conf.j2
+++ b/roles/network/templates/squid/squid-xs.conf.j2
@@ -206,14 +206,14 @@ ident_timeout      10 seconds
 ##################################
 # config splash page
 # mind the wrap. this is one line:
-external_acl_type splash_page ttl=60 concurrency=100 %SRC /usr/lib64/squid/ext_session_acl -t 7200 -b /var/lib/squid/session.db
+external_acl_type splash_page ttl=60 concurrency=100 %SRC {{ squid_dir }}/ext_session_acl -t 7200 -b /var/lib/squid/session.db
 #
 acl existing_users external splash_page
 #
 http_access deny !existing_users
 #
 # # Deny page to display
-deny_info 511:/var/www/html/xs-portal existing_users
+deny_info 511:/var/www/html/{{ xsce_home_url }} existing_users
 ##################################
 
 http_access allow manager localhost

From fdc646ce91b2400082a47f50c3c55de965572cee Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sat, 23 Jul 2016 20:02:13 -0400
Subject: [PATCH 03/11] move local squid_dir to ansible variable

---
 roles/1-prep/tasks/computed_vars.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/1-prep/tasks/computed_vars.yml b/roles/1-prep/tasks/computed_vars.yml
index b32612e5..37c421bd 100644
--- a/roles/1-prep/tasks/computed_vars.yml
+++ b/roles/1-prep/tasks/computed_vars.yml
@@ -7,6 +7,7 @@
 - set_fact:
      xo_model: '{{ ansible_local["local_facts"]["xo_model"] }}'
      phplib_dir: '{{ ansible_local["local_facts"]["phplib_dir"] }}'
+     squid_dir: '{{ ansible_local["local_facts"]["squid_dir"] }}'
      xsce_base_ver: '{{ ansible_local["local_facts"]["xsce_base_ver"] }}'
      xsce_preload: '{{ ansible_local["local_facts"]["xsce_preload"] }}'
 

From b3d80cd27cf4d2648782f663366de0b432bd12d6 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sat, 23 Jul 2016 20:55:34 -0400
Subject: [PATCH 04/11] create session database

---
 install-init                  |  3 ++-
 roles/network/tasks/squid.yml | 14 ++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/install-init b/install-init
index 9bff75d6..24fd4f3e 100755
--- a/install-init
+++ b/install-init
@@ -10,7 +10,8 @@ fi
 
 if [ -f /etc/xsce/config_vars.yml ] && [ $BASE_VERSION == $GUI_VERSION ]
 then
- exit 0
+echo hi
+# exit 0
 fi
 
 if [ ! -f install-init.yml ]
diff --git a/roles/network/tasks/squid.yml b/roles/network/tasks/squid.yml
index 5729c69c..4c633fe5 100644
--- a/roles/network/tasks/squid.yml
+++ b/roles/network/tasks/squid.yml
@@ -60,6 +60,20 @@
         mode=0750
         state=directory
 
+- name: Create squid session database directory
+  file: path=/var/lib/squid/
+        owner=squid
+        group=squid
+        mode=0750
+        state=directory
+
+- name: Create squid session database
+  file: path=/var/lib/squid/session.db
+        owner=squid
+        group=squid
+        mode=0750
+        state=touch
+
 - include: dansguardian.yml
 
 - name: Stop Squid

From 19552f652c53b1cf05310d6048d7434a5b9232f0 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 24 Jul 2016 20:32:59 -0400
Subject: [PATCH 05/11] achieved first instance redirect using session

---
 roles/network/defaults/main.yml                 |  1 +
 roles/network/tasks/squid.yml                   | 14 ++++++--------
 roles/network/templates/gateway/xs-gen-iptables |  3 +++
 roles/network/templates/squid/redirect.php      |  3 +++
 roles/network/templates/squid/squid-xs.conf.j2  | 10 ++++++----
 5 files changed, 19 insertions(+), 12 deletions(-)
 create mode 100644 roles/network/templates/squid/redirect.php

diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml
index 8279ba13..b6264dfa 100644
--- a/roles/network/defaults/main.yml
+++ b/roles/network/defaults/main.yml
@@ -10,3 +10,4 @@ host_channel: 6
 host_wireless_n: False
 host_country_code: US
 capture_enabled: False
+redirect_url: http//{{ xsce_hostname }}.{{ xsce_domain }}/redirect.php
diff --git a/roles/network/tasks/squid.yml b/roles/network/tasks/squid.yml
index 4c633fe5..9e959f10 100644
--- a/roles/network/tasks/squid.yml
+++ b/roles/network/tasks/squid.yml
@@ -45,6 +45,11 @@
       owner: 'root'
       group: 'root'
       mode: '0755'
+    - src: 'squid/redirect.php'
+      dest: '/var/www/html/redirect.php'
+      owner: 'root'
+      group: 'root'
+      mode: '0755'
 
 - name: Create squid cache directory
   file: path=/library/cache
@@ -61,14 +66,7 @@
         state=directory
 
 - name: Create squid session database directory
-  file: path=/var/lib/squid/
-        owner=squid
-        group=squid
-        mode=0750
-        state=directory
-
-- name: Create squid session database
-  file: path=/var/lib/squid/session.db
+  file: path=/var/run/squid/session.db
         owner=squid
         group=squid
         mode=0750
diff --git a/roles/network/templates/gateway/xs-gen-iptables b/roles/network/templates/gateway/xs-gen-iptables
index 428a45a3..0c0b13f5 100755
--- a/roles/network/templates/gateway/xs-gen-iptables
+++ b/roles/network/templates/gateway/xs-gen-iptables
@@ -102,6 +102,9 @@ fi
 
 if [ -f /etc/sysconfig/xs_httpcache_on ]; then
     $IPTABLES  -t nat  -A PREROUTING -i $lan -p tcp --dport 80 ! -d 172.18.96.1 -j DNAT --to 172.18.96.1:3128
+{% if capture_enabled %}
+    $IPTABLES  -t nat  -A PREROUTING -i $lan -p tcp --dport 443 ! -d 172.18.96.1 -j DNAT --to 172.18.96.1:3128
+{% endif %}
 fi
 
 # Enable routing.
diff --git a/roles/network/templates/squid/redirect.php b/roles/network/templates/squid/redirect.php
new file mode 100644
index 00000000..eaa72232
--- /dev/null
+++ b/roles/network/templates/squid/redirect.php
@@ -0,0 +1,3 @@
+<?php
+  header( "Location: http://schoolserver/home" );
+?>
diff --git a/roles/network/templates/squid/squid-xs.conf.j2 b/roles/network/templates/squid/squid-xs.conf.j2
index be934b8d..26d18034 100755
--- a/roles/network/templates/squid/squid-xs.conf.j2
+++ b/roles/network/templates/squid/squid-xs.conf.j2
@@ -203,18 +203,20 @@ persistent_request_timeout  1 minute
 client_lifetime    1 hour
 ident_timeout      10 seconds
 
+{% if capture_enabled %}
 ##################################
 # config splash page
 # mind the wrap. this is one line:
-external_acl_type splash_page ttl=60 concurrency=100 %SRC {{ squid_dir }}/ext_session_acl -t 7200 -b /var/lib/squid/session.db
+external_acl_type session ttl=3600 negative_ttl=0 children=1 concurrency=100 %SRC {{ squid_dir }}/ext_session_acl -t 60 -b /var/run/squid/session.db
 #
-acl existing_users external splash_page
+acl existing_users external session
 #
-http_access deny !existing_users
+http_access deny !session
 #
 # # Deny page to display
-deny_info 511:/var/www/html/{{ xsce_home_url }} existing_users
+deny_info {{ redirect_url }} session
 ##################################
+{% endif %}
 
 http_access allow manager localhost
 http_access deny manager

From b990ce04f79c8e32ca509f5407881d3b05b68555 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Mon, 25 Jul 2016 00:00:13 -0400
Subject: [PATCH 06/11] read the portal, and redirect as /etc/xsce/portal
 directs

---
 roles/network/templates/squid/redirect.php     | 3 ++-
 roles/network/templates/squid/squid-xs.conf.j2 | 6 ++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/roles/network/templates/squid/redirect.php b/roles/network/templates/squid/redirect.php
index eaa72232..a9ec973f 100644
--- a/roles/network/templates/squid/redirect.php
+++ b/roles/network/templates/squid/redirect.php
@@ -1,3 +1,4 @@
 <?php
-  header( "Location: http://schoolserver/home" );
+  $portal = file_get_contents("/etc/xsce/portal");
+  header( "Location: http://schoolserver".$portal );
 ?>
diff --git a/roles/network/templates/squid/squid-xs.conf.j2 b/roles/network/templates/squid/squid-xs.conf.j2
index 26d18034..9af1fcec 100755
--- a/roles/network/templates/squid/squid-xs.conf.j2
+++ b/roles/network/templates/squid/squid-xs.conf.j2
@@ -206,8 +206,10 @@ ident_timeout      10 seconds
 {% if capture_enabled %}
 ##################################
 # config splash page
-# mind the wrap. this is one line:
-external_acl_type session ttl=3600 negative_ttl=0 children=1 concurrency=100 %SRC {{ squid_dir }}/ext_session_acl -t 60 -b /var/run/squid/session.db
+# without session.db, a restart will re-enable the splash -- for testing
+#external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=100 %SRC {{ squid_dir }}/ext_session_acl -t 3600 -b /var/run/squid/session.db
+external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=100 %SRC {{ squid_dir }}/ext_session_acl -t 60 
+#
 #
 acl existing_users external session
 #

From 74d4b837a0a37038b403cdf1e8715a24b0a946bd Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Mon, 25 Jul 2016 00:17:59 -0400
Subject: [PATCH 07/11] use ansible variables for redirect

---
 roles/network/templates/squid/redirect.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/network/templates/squid/redirect.php b/roles/network/templates/squid/redirect.php
index a9ec973f..d092b2e3 100644
--- a/roles/network/templates/squid/redirect.php
+++ b/roles/network/templates/squid/redirect.php
@@ -1,4 +1,4 @@
 <?php
   $portal = file_get_contents("/etc/xsce/portal");
-  header( "Location: http://schoolserver".$portal );
+  header( "Location: http://{{ xsce_hostname }}.{{ xsce_domain }}$portal );
 ?>

From a8425d4f0bcd2fb85e240b60a92ed3fde3f317ad Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Mon, 25 Jul 2016 00:21:55 -0400
Subject: [PATCH 08/11] no extra debugging stuff

---
 install-init | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/install-init b/install-init
index 24fd4f3e..9bff75d6 100755
--- a/install-init
+++ b/install-init
@@ -10,8 +10,7 @@ fi
 
 if [ -f /etc/xsce/config_vars.yml ] && [ $BASE_VERSION == $GUI_VERSION ]
 then
-echo hi
-# exit 0
+ exit 0
 fi
 
 if [ ! -f install-init.yml ]

From fd67f7e9a3a1fec8c541a22b1fc13e9f3e62ce4e Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Mon, 25 Jul 2016 00:45:17 -0400
Subject: [PATCH 09/11] change existing_users to session

---
 roles/network/templates/squid/squid-xs.conf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/network/templates/squid/squid-xs.conf.j2 b/roles/network/templates/squid/squid-xs.conf.j2
index 9af1fcec..b35583be 100755
--- a/roles/network/templates/squid/squid-xs.conf.j2
+++ b/roles/network/templates/squid/squid-xs.conf.j2
@@ -211,7 +211,7 @@ ident_timeout      10 seconds
 external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=100 %SRC {{ squid_dir }}/ext_session_acl -t 60 
 #
 #
-acl existing_users external session
+acl session external session
 #
 http_access deny !session
 #

From 77b4ecaee63696bba569fe98cd2019dbf8dec122 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Mon, 25 Jul 2016 00:49:23 -0400
Subject: [PATCH 10/11] missing colon in url

---
 roles/network/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml
index b6264dfa..be30fb71 100644
--- a/roles/network/defaults/main.yml
+++ b/roles/network/defaults/main.yml
@@ -10,4 +10,4 @@ host_channel: 6
 host_wireless_n: False
 host_country_code: US
 capture_enabled: False
-redirect_url: http//{{ xsce_hostname }}.{{ xsce_domain }}/redirect.php
+redirect_url: http://{{ xsce_hostname }}.{{ xsce_domain }}/redirect.php

From 2764d8788136af9364ba372d02e59b9812fb09ae Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Mon, 25 Jul 2016 01:00:59 -0400
Subject: [PATCH 11/11] syntax for redirect.php

---
 roles/network/templates/squid/redirect.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/network/templates/squid/redirect.php b/roles/network/templates/squid/redirect.php
index d092b2e3..26c749f6 100644
--- a/roles/network/templates/squid/redirect.php
+++ b/roles/network/templates/squid/redirect.php
@@ -1,4 +1,4 @@
 <?php
   $portal = file_get_contents("/etc/xsce/portal");
-  header( "Location: http://{{ xsce_hostname }}.{{ xsce_domain }}$portal );
+  header( "Location: http://{{ xsce_hostname }}.{{ xsce_domain }}".$portal );
 ?>