add a template that add princeton_allow

this was a missing file in config.txt that controls ip ranges Co-authored-by: Beck Davis <[email protected]> Co-authored-by: Vickie Karasic <[email protected]> Co-authored-by: Kevin Reiss <[email protected]>
pulibrary · Jan 10, 2025 · 823300a · 823300a
1 parent 5a1a4cf
commit 823300a
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 1 deletion.
diff --git a/roles/ezproxy/tasks/main.yml b/roles/ezproxy/tasks/main.yml
@@ -150,6 +150,14 @@
     owner: root
     group: root
 
+- name: Ezproxy | add shib config user
+  ansible.builtin.template:
+    src: "princeton_allow.txt.j2"
+    dest: /var/local/ezproxy/princeton_allow.txt
+    mode: "0644"
+    owner: root
+    group: root
+
 - name: Ezproxy | copy a systemd service
   ansible.builtin.template:
     src: "ezproxy.service.j2"

diff --git a/roles/ezproxy/templates/config.txt.j2 b/roles/ezproxy/templates/config.txt.j2
@@ -46,7 +46,7 @@ IncludeFile config/current/admin/non_proxy_stanzas.txt
 ###### Now add the default Group for all other databases #################################
 Group Default
 # Excluded campus IP ranges from proxying
-# IncludeFile princeton_allow.txt (this file does not exist)
+IncludeFile princeton_allow.txt
 
 # Stanzas that must appear at start of config
 IncludeFile config/current/includes/positiondependent.txt

diff --git a/roles/ezproxy/templates/princeton_allow.txt.j2 b/roles/ezproxy/templates/princeton_allow.txt.j2
@@ -0,0 +1,10 @@
+# {{ ansible_managed | comment }}
+Group Default
+# Excluded campus IP ranges from proxying
+IncludeIP 0.0.0.0 - 255.255.255.255
+ExcludeIP 128.112.0.0 - 128.112.255.255
+ExcludeIP 140.180.0.0 - 140.180.255.255
+ExcludeIP 198.35.0.0 - 198.35.15.255
+ExcludeIP 198.125.224.0 - 198.125.239.255
+### Permitted for Anywhere Access Support - Autologin is not otherwise used
+AutoLoginIP 35.153.163.236