add fetchACLs script from OPNsense to download URL blacklists and build squid ACL

Makefile

@@ -1,4 +1,6 @@
 cert-renew.sh = $(CHROOT)/etc/ssl/cert-renew.sh
+ca.pem = $(CHROOT)/etc/squid/ssl/ca.pem
+ssl_db = $(CHROOT)/var/lib/squid/ssl_db
 
 systemd-units: appliance/cert-renew.service appliance/cert-renew.timer
 	mkdir -p $(CHROOT)/usr/local/bin
@@ -8,6 +10,14 @@ $(cert-renew.sh): appliance/cert-renew.sh
 	mkdir -p $(CHROOT)/etc/ssl
 	cp $< $@
 
+$(ca.pem): 
+	mkdir -p $(CHROOT)/etc/squid/ssl
+	openssl req -new -newkey rsa:2048 -subj '/C=DE/CN=proxy.example.net' -days 3650 -nodes -x509 -keyout $@ -out $@
+
+$(ssl_db): 
+	RUN /usr/libexec/squid/security_file_certgen -c -s /var/lib/squid/ssl_db -M 20MB
+	RUN chown -R squid:squid /var/lib/squid/ssl_db
+
 preinstall:
 
-postinstall: systemd-units $(cert-renew.sh)
+postinstall: systemd-units $(cert-renew.sh) $(ca.pem) $(ssl_db)

package.use

@@ -1,6 +1,8 @@
 # Squid
 net-proxy/squid caps pam ldap samba sasl kerberos radius ssl snmp logrotate ecap ssl-crtd perl tproxy
 net-proxy/squidguard ldap
+net-proxy/c-icap berkdb ipv6 ldap
+net-proxy/c-icap-modules berkdb clamav
 
 # Apache
 www-servers/apache apache2_modules_proxy apache2_modules_proxy_ajp apache2_modules_proxy_connect apache2_modules_proxy_http apache2_modules_proxy_wstunnel

world

@@ -1,7 +1,10 @@
 app-crypt/certbot-apache
 app-crypt/certbot-nginx
+net-proxy/c-icap
+net-proxy/c-icap-modules
 net-proxy/e2guardian
 net-proxy/squid
+net-proxy/squid-opnsense-fetchacls
 net-proxy/squidguard
 net-proxy/ufdbguard
 www-apache/mod_wsgi