### generated by service_webproxy.py ###

{% macro sg_rule(category, log, db_dir) %}
{%   set expressions = db_dir + '/' + category + '/expressions' %}
dest {{ category }}-default {
        domainlist     {{ category }}/domains
        urllist        {{ category }}/urls
{%   if expressions | is_file %}
        expressionlist {{ category }}/expressions
{%   endif %}
{%   if log is defined %}
        log            blacklist.log
{%   endif %}
{% endmacro %}

{% if url_filtering is defined and url_filtering.disable is not defined %}
{%   if url_filtering.squidguard is defined and url_filtering.squidguard is not none %}
{%     set sg_config = url_filtering.squidguard %}
{%     set acl = namespace(value='local-ok-default') %}
{%     set acl.value = acl.value + ' !in-addr' if sg_config.allow_ipaddr_url is not defined else acl.value %}
dbhome {{ squidguard_db_dir }}
logdir /var/log/squid

rewrite safesearch {
        log     rewrite.log

{%     if sg_config.local_ok is defined and sg_config.local_ok is not none %}
{%       set acl.value = acl.value + ' local-ok-default' %}
dest local-ok-default {
        domainlist     local-ok-default/domains
{% endif %}
{%     if sg_config.local_ok_url is defined and sg_config.local_ok_url is not none %}
{%       set acl.value = acl.value + ' local-ok-url-default' %}
dest local-ok-url-default {
        urllist        local-ok-url-default/urls
{% endif %}
{%     if sg_config.local_block is defined and sg_config.local_block is not none %}
{%       set acl.value = acl.value + ' !local-block-default' %}
dest local-block-default {
        domainlist     local-block-default/domains
{% endif %}
{%     if sg_config.local_block_url is defined and sg_config.local_block_url is not none %}
{%       set acl.value = acl.value + ' !local-block-url-default' %}
dest local-block-url-default {
        urllist        local-block-url-default/urls
{% endif %}
{%     if sg_config.local_block_keyword is defined and sg_config.local_block_keyword is not none %}
{%       set acl.value = acl.value + ' !local-block-keyword-default' %}
dest local-block-keyword-default {
        expressionlist local-block-keyword-default/expressions
{% endif %}

{%     if sg_config.block_category is defined and sg_config.block_category is not none %}
{%       for category in sg_config.block_category %}
{{ sg_rule(category, sg_config.log, squidguard_db_dir) }}
{%         set acl.value = acl.value + ' !' + category + '-default' %}
{%       endfor %}
{%     endif %}
{%     if sg_config.allow_category is defined and sg_config.allow_category is not none %}
{%       for category in sg_config.allow_category %}
{{ sg_rule(category, False, squidguard_db_dir) }}
{%         set acl.value = acl.value + ' ' + category + '-default' %}
{%       endfor %}
{%     endif %}
{%     if sg_config.source_group is defined and sg_config.source_group is not none %}
{%       for sgroup, sg_config in sg_config.source_group.items() %}
{%         if sg_config.address is defined and sg_config.address is not none %}
src {{ sgroup }} {
{%           for address in sg_config.address %}
        ip {{ address }}
{%           endfor %}

{%         endif %}
{%       endfor %}
{%     endif %}
{%     if sg_config.rule is defined and sg_config.rule is not none %}
{%       for rule, rule_config in sg_config.rule.items() %}
{%         for b_category in rule_config.block_category%}
dest {{ b_category }} {
        domainlist    {{ b_category }}/domains
        urllist       {{ b_category }}/urls
{%         endfor %}

{%       endfor %}
{%     endif %}
acl {
{%     if sg_config.rule is defined and sg_config.rule is not none %}
{%       for rule, rule_config in sg_config.rule.items() %}
        {{ rule_config.source_group }} {
{%         for b_category in rule_config.block_category%}
            pass local-ok-1 !in-addr !{{ b_category }} all
{%         endfor %}
{%       endfor %}
{%     endif %}

        default {
{%     if sg_config.enable_safe_search is defined %}
            rewrite safesearch
{%     endif %}
            pass {{ acl.value }} {{ 'none' if sg_config.default_action is defined and sg_config.default_action == 'block' else 'allow' }}
            redirect 302:http://{{ sg_config.redirect_url }}
{%     if sg_config.log is defined and sg_config.log is not none %}
            log blacklist.log
{%     endif %}
{%   endif %}
{% endif %}