### generated by service_webproxy.py ###

{% macro sg_rule(category, rule, log, db_dir) %}
{% set domains = db_dir + '/' + category + '/domains' %}
{% set urls = db_dir + '/' + category + '/urls' %}
{% set expressions = db_dir + '/' + category + '/expressions' %}
dest {{ category }}-{{ rule }}{
{% if domains | is_file %}
        domainlist     {{ category }}/domains
{% endif %}
{% if urls | is_file %}
        urllist        {{ category }}/urls
{% endif %}
{% if expressions | is_file %}
        expressionlist {{ category }}/expressions
{% endif %}
{% if log is vyos_defined %}
        log            blacklist.log
{% endif %}
}
{% endmacro %}

{% if url_filtering is vyos_defined and url_filtering.disable is not vyos_defined %}
{%     if url_filtering.squidguard is vyos_defined %}
{%         set sg_config = url_filtering.squidguard %}
{%         set acl = namespace(value='') %}
{%         set acl.value = acl.value + ' !in-addr' if sg_config.allow_ipaddr_url is not defined else acl.value %}
{%         set ruleacls = {} %}
dbhome {{ squidguard_db_dir }}
logdir /var/log/squid

rewrite safesearch {
        s@(.*\.google\..*/(custom|search|images|groups|news)?.*q=.*)@\1\&safe=active@i
        s@(.*\..*/yandsearch?.*text=.*)@\1\&fyandex=1@i
        s@(.*\.yahoo\..*/search.*p=.*)@\1\&vm=r@i
        s@(.*\.live\..*/.*q=.*)@\1\&adlt=strict@i
        s@(.*\.msn\..*/.*q=.*)@\1\&adlt=strict@i
        s@(.*\.bing\..*/search.*q=.*)@\1\&adlt=strict@i
        log     rewrite.log
}

{%         if sg_config.local_ok is vyos_defined %}
{%             set acl.value = acl.value + ' local-ok-default' %}
dest local-ok-default {
        domainlist     local-ok-default/domains
}
{%         endif %}

{%         if sg_config.local_ok_url is vyos_defined %}
{%             set acl.value = acl.value + ' local-ok-url-default' %}
dest local-ok-url-default {
        urllist        local-ok-url-default/urls
}
{%         endif %}

{%         if sg_config.local_block is vyos_defined %}
{%             set acl.value = acl.value + ' !local-block-default' %}
dest local-block-default {
        domainlist     local-block-default/domains
}
{%         endif %}

{%         if sg_config.local_block_url is vyos_defined %}
{%             set acl.value = acl.value + ' !local-block-url-default' %}
dest local-block-url-default {
        urllist        local-block-url-default/urls
}
{%         endif %}

{%         if sg_config.local_block_keyword is vyos_defined %}
{%             set acl.value = acl.value + ' !local-block-keyword-default' %}
dest local-block-keyword-default {
        expressionlist local-block-keyword-default/expressions
}
{%         endif %}

{%         if sg_config.block_category is vyos_defined %}
{%             for category in sg_config.block_category %}
{{ sg_rule(category, 'default', sg_config.log, squidguard_db_dir) }}
{%                 set acl.value = acl.value + ' !' + category + '-default' %}
{%             endfor %}
{%         endif %}
{%         if sg_config.allow_category is vyos_defined %}
{%             for category in sg_config.allow_category %}
{{ sg_rule(category, 'default', False, squidguard_db_dir) }}
{%                 set acl.value = acl.value + ' ' + category + '-default' %}
{%             endfor %}
{%         endif %}


{%         if sg_config.rule is vyos_defined %}
{%             for rule, rule_config in sg_config.rule.items() %}
{%                 if rule_config.local_ok is vyos_defined %}
{%                     if rule in ruleacls %}
{%                         set _dummy = ruleacls.update({rule: ruleacls[rule] + ' local-ok-' + rule}) %}
{%                     else %}
{%                         set _dummy = ruleacls.update({rule:'local-ok-' + rule}) %}
{%                     endif %}
dest local-ok-{{ rule }} {
    domainlist     local-ok-{{ rule }}/domains
}
{%                 endif %}

{%                 if rule_config.local_ok_url is vyos_defined %}
{%                     if rule in ruleacls %}
{%                         set _dummy = ruleacls.update({rule: ruleacls[rule] + ' local-ok-url-' + rule}) %}
{%                     else    %}
{%                         set _dummy = ruleacls.update({rule:'local-ok-url-' + rule}) %}
{%                     endif   %}
dest local-ok-url-{{ rule }} {
    urllist     local-ok-url-{{ rule }}/urls
}
{%                 endif %}

{%                 if rule_config.local_block is vyos_defined %}
{%                     if rule in ruleacls %}
{%                         set _dummy = ruleacls.update({rule: ruleacls[rule] + ' !local-block-' + rule}) %}
{%                     else    %}
{%                         set _dummy = ruleacls.update({rule:'!local-block-' + rule}) %}
{%                     endif   %}
dest local-block-{{ rule }} {
    domainlist     local-block-{{ rule }}/domains
}
{%                 endif %}

{%                 if rule_config.local_block_url is vyos_defined %}
{%                     if rule in ruleacls %}
{%                         set _dummy = ruleacls.update({rule: ruleacls[rule] + ' !local-block-url-' + rule}) %}
{%                     else    %}
{%                         set _dummy = ruleacls.update({rule:'!ocal-block-url-' + rule}) %}
{%                     endif   %}
dest local-block-url-{{ rule }} {
    urllist     local-block-url-{{ rule }}/urls
}
{%                 endif %}

{%                 if rule_config.local_block_keyword is vyos_defined %}
{%                     if rule in ruleacls %}
{%                         set _dummy = ruleacls.update({rule: ruleacls[rule] + ' !local-block-keyword-' + rule}) %}
{%                     else    %}
{%                         set _dummy = ruleacls.update({rule:'!local-block-keyword-' + rule}) %}
{%                     endif   %}
dest local-block-keyword-{{ rule }} {
    expressionlist     local-block-keyword-{{ rule }}/expressions
}
{%                 endif %}

{%                 if rule_config.block_category is vyos_defined %}
{%                     for b_category in rule_config.block_category %}
{%                         if rule in ruleacls %}
{%                             set _dummy = ruleacls.update({rule: ruleacls[rule] + ' !' + b_category + '-' + rule}) %}
{%                         else    %}
{%                             set _dummy = ruleacls.update({rule:'!' + b_category + '-' + rule}) %}
{%                         endif   %}
{{ sg_rule(b_category, rule, sg_config.log, squidguard_db_dir) }}
{%                     endfor %}
{%                 endif   %}

{%                 if rule_config.allow_category is vyos_defined %}
{%                     for a_category in rule_config.allow_category %}
{%                         if rule in ruleacls %}
{%                             set _dummy = ruleacls.update({rule: ruleacls[rule] + ' ' + a_category + '-' + rule}) %}
{%                         else    %}
{%                             set _dummy = ruleacls.update({rule:a_category + '-' + rule}) %}
{%                         endif   %}
{{ sg_rule(a_category, rule, sg_config.log, squidguard_db_dir) }}
{%                     endfor %}
{%                 endif   %}
{%             endfor %}
{%         endif %}


{%         if sg_config.source_group is vyos_defined %}
{%             for sgroup, sg_config in sg_config.source_group.items() %}
{%                 if sg_config.address is vyos_defined %}
src {{ sgroup }} {
{%                     for address in sg_config.address %}
        ip {{ address }}
{%                     endfor %}
}
{%                 endif %}
{%             endfor %}
{%         endif %}

acl {
{%         if sg_config.rule is vyos_defined %}
{%             for rule, rule_config in sg_config.rule.items() %}
        {{ rule_config.source_group }} {
            pass {{ ruleacls[rule] }} {{ 'none' if rule_config.default_action is vyos_defined('block') else 'any' }}
        }
{%             endfor %}
{%         endif %}

        default {
{%         if sg_config.enable_safe_search is vyos_defined %}
            rewrite safesearch
{%         endif %}
            pass {{ acl.value }} {{ 'none' if sg_config.default_action is vyos_defined('block') else 'any' }}
            redirect 302:http://{{ sg_config.redirect_url }}
{%         if sg_config.log is vyos_defined %}
            log blacklist.log
{%         endif %}
        }
}
{%     endif %}
{% endif %}