From ead41006936bfa4ded1b26865dfb484ec8d22a51 Mon Sep 17 00:00:00 2001
From: Tom Laermans <tom.laermans@powersource.cx>
Date: Fri, 15 Jan 2016 12:47:50 +0100
Subject: [PATCH 1/4] Add options for Squid's built in SNMP support

This patch adds 2 new options: snmp_port and snmp_access, which both set their
respective options in the squid configuration. SNMP Access control definitions
are handled by the already existing 'acl' option. Defaults to no SNMP enabled.
---
 manifests/init.pp              |  2 ++
 templates/squid.conf.long.erb  |  8 +++++++-
 templates/squid.conf.short.erb | 13 +++++++++++++
 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index e27a043..a4a7355 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -5,10 +5,12 @@
   $use_deprecated_opts           = true,
   $http_port                     = [ '3128' ],
   $https_port                    = [],
+  $snmp_port                     = [],
   $acl                           = [],
   $ssl_ports                     = [ '443' ],
   $safe_ports                    = [ '80', '21', '443', '70', '210', '1025-65535', '280', '488', '591', '777', ],
   $http_access                   = [],
+  $snmp_access                   = [],
   $icp_access                    = [],
   $tcp_outgoing_address          = [],
   $cache_mem                     = '256 MB',
diff --git a/templates/squid.conf.long.erb b/templates/squid.conf.long.erb
index 8df1b62..2a1aa87 100644
--- a/templates/squid.conf.long.erb
+++ b/templates/squid.conf.long.erb
@@ -4083,6 +4083,9 @@ server_persistent_connections <%= @server_persistent_connections %>
 #		snmp_port 3401
 #Default:
 # snmp_port 0
+<% @snmp_port.each do |line| -%>
+snmp_port <%= line %>
+<% end -%>
 
 #  TAG: snmp_access
 #	Allowing or denying access to the SNMP port.
@@ -4098,7 +4101,10 @@ server_persistent_connections <%= @server_persistent_connections %>
 # snmp_access allow snmppublic localhost
 # snmp_access deny all
 #Default:
-# snmp_access deny all
+<% @snmp_access.each do |line| -%>
+snmp_access <%= line %>
+<% end -%>
+snmp_access deny all
 
 #  TAG: snmp_incoming_address
 #  TAG: snmp_outgoing_address
diff --git a/templates/squid.conf.short.erb b/templates/squid.conf.short.erb
index c92f057..127f290 100644
--- a/templates/squid.conf.short.erb
+++ b/templates/squid.conf.short.erb
@@ -39,6 +39,12 @@ http_access allow localnet
 http_access allow localhost
 http_access deny all
 
+# user-defined snmp_accesses
+<% @snmp_access.each do |line| -%>
+snmp_access <%= line %>
+<% end -%>
+snmp_access deny all
+
 # user-defined icp_access
 <% @icp_access.each do |line| -%>
 icp_access <%= line %>
@@ -51,6 +57,13 @@ http_port <%= line %>
 <% end -%>
 <% end -%>
 
+<% if @snmp_port -%>
+# user-defined snmp_port
+<% @snmp_port.each do |line| -%>
+snmp_port <%= line %>
+<% end -%>
+<% end -%>
+
 <% if @https_port -%>
 # user-defined https_port
 <% @https_port.each do |line| -%>

From 912afb7630e6657b4815d273f7519c2eac8c98c8 Mon Sep 17 00:00:00 2001
From: Tom Laermans <tom.laermans@boxed-it.com>
Date: Wed, 15 May 2024 17:35:31 +0200
Subject: [PATCH 2/4] Add support for Debian 11/Bullseye and higher

---
 manifests/params.pp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/manifests/params.pp b/manifests/params.pp
index 41eca8f..ac25873 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -16,7 +16,8 @@
       $coredump_dir   = '/var/spool/squid'
     }
     'Debian': {
-      if $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease,'16.04') >= 0 {
+      if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease,'16.04') >= 0) or
+         ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease,'11') >= 0) {
         $package_name   = 'squid'
         $service_name   = 'squid'
         $service_enable = false

From 6aaba3c0ba4cdbe1534d046d35d795e1a02726ee Mon Sep 17 00:00:00 2001
From: Tom Laermans <tom.laermans@boxed-it.com>
Date: Wed, 15 May 2024 17:35:58 +0200
Subject: [PATCH 3/4] Make not using deprecated options the default

---
 manifests/init.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index 5d8e2bd..39673a6 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -3,7 +3,7 @@
 class squid3 (
   # Options are in the same order they appear in squid.conf
   $auth_params                   = [],
-  $use_deprecated_opts           = true,
+  $use_deprecated_opts           = false,
   $use_default_localnet          = true,
   $http_port                     = [ '3128' ],
   $https_port                    = [],

From 49c78be0912999cabbe543b2e0b5b9d6f7d1adbf Mon Sep 17 00:00:00 2001
From: Tom Laermans <tom.laermans@boxed-it.com>
Date: Wed, 15 May 2024 17:36:41 +0200
Subject: [PATCH 4/4] Add missing comment denoting the default snmp_access
 configuration in the long template

---
 templates/squid.conf.long.erb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/templates/squid.conf.long.erb b/templates/squid.conf.long.erb
index 902de94..9377516 100644
--- a/templates/squid.conf.long.erb
+++ b/templates/squid.conf.long.erb
@@ -4109,6 +4109,7 @@ snmp_port <%= line %>
 # snmp_access allow snmppublic localhost
 # snmp_access deny all
 #Default:
+# snmp_access deny all
 <% @snmp_access.each do |line| -%>
 snmp_access <%= line %>
 <% end -%>