From 7d86e2d9ebb121307a343db405a48e81ad90f733 Mon Sep 17 00:00:00 2001
From: phivo0 <106560719+phivo0@users.noreply.github.com>
Date: Sat, 1 Nov 2025 07:03:55 +0100
Subject: [PATCH] Add HTTP proxy vars to server role.

---
 changelogs/fragments/http_proxy.yml |  2 ++
 roles/server/README.md              | 10 ++++++++++
 roles/server/defaults/main.yml      |  4 ++++
 roles/server/tasks/main.yml         |  6 ++++++
 4 files changed, 22 insertions(+)
 create mode 100644 changelogs/fragments/http_proxy.yml

diff --git a/changelogs/fragments/http_proxy.yml b/changelogs/fragments/http_proxy.yml
new file mode 100644
index 000000000..eed060a47
--- /dev/null
+++ b/changelogs/fragments/http_proxy.yml
@@ -0,0 +1,2 @@
+minor_changes:
+  - server role - Add support for optional use of a HTTP proxy for downloading the Checkmk Server Setup and GPG Key.
diff --git a/roles/server/README.md b/roles/server/README.md
index ba9526285..83a39af2a 100644
--- a/roles/server/README.md
+++ b/roles/server/README.md
@@ -136,6 +136,16 @@ Extension packages can also be listed to be installed on the specific central si
 
 **Attention!** If you are connecting to the remote host via an unprivileged user, you will run into permission issues explained [here](https://docs.ansible.com/ansible-core/2.18/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming-an-unprivileged-user). The easiest fix will probably be to install your distribution's `acl` package. But the right solution for your environment is entirely up to you.
 
+#### HTTP Proxy
+
+    checkmk_server_download_proxy: []
+
+The HTTP proxy used for downloading the Checkmk Server Setup.
+
+    checkmk_server_gpg_download_proxy: "{{ checkmk_server_download_proxy }}"
+
+The HTTP proxy used for downloading the Checkmk GPG Key.
+
 ### Site Updates
 
     checkmk_server_backup_on_update: true
diff --git a/roles/server/defaults/main.yml b/roles/server/defaults/main.yml
index 9423bc913..530b3d633 100644
--- a/roles/server/defaults/main.yml
+++ b/roles/server/defaults/main.yml
@@ -75,3 +75,7 @@ checkmk_server_backup_on_update: true  # Not recommended to disable this option
 checkmk_server_backup_dir: '/tmp'
 checkmk_server_backup_opts: '--no-past'
 checkmk_server_allow_downgrades: 'false'
+
+## HTTP Proxy
+checkmk_server_download_proxy: []
+checkmk_server_gpg_download_proxy: "{{ checkmk_server_download_proxy }}"
diff --git a/roles/server/tasks/main.yml b/roles/server/tasks/main.yml
index db704e36d..e0b6665e1 100644
--- a/roles/server/tasks/main.yml
+++ b/roles/server/tasks/main.yml
@@ -63,6 +63,9 @@
         mode: "0640"
         url_username: "{{ checkmk_server_download_user | default(omit) }}"
         url_password: "{{ checkmk_server_download_pass | default(omit) }}"
+      environment:
+        http_proxy: "{{ checkmk_server_download_proxy | default(omit, true) }}"
+        https_proxy: "{{ checkmk_server_download_proxy | default(omit, true) }}"
       retries: 3
       tags:
         - download-package
@@ -74,6 +77,9 @@
         mode: "0640"
         url_username: "{{ checkmk_server_gpg_download_user | default(omit) }}"
         url_password: "{{ checkmk_server_gpg_download_pass | default(omit) }}"
+      environment:
+        http_proxy: "{{ checkmk_server_gpg_download_proxy | default(omit, true) }}"
+        https_proxy: "{{ checkmk_server_gpg_download_proxy | default(omit, true) }}"
       when: checkmk_server_verify_setup | bool
       retries: 3
       tags: