Bad idea maintaining external smart proxy from only Foreman/Katello repos?

We try to keep most subnets dark (without Internet access) and this also includes the external smart proxy subnets.
I noticed installing a external smart proxy without access to Internet was not possible due to the way the installer is made. It spawns new repo files in /etc/yum.repos.d/ that points to Internet even if I made those repos available from the Foreman server.

However I thought, after the installation, I can perhaps maintain the smart proxy from Forman/Katello and kill the access to Internet.
So I have created these repos on the Foreman server and subscribed the smart proxy to them:
https://releases.ansible.com/ansible-runner/rpm/epel-8-x86_64/
https://yum.theforeman.org/katello/4.4/candlepin/el8/x86_64/
https://yum.theforeman.org/releases/3.2/el8/x86_64/
https://yum.theforeman.org/plugins/3.2/el8/x86_64/
https://yum.theforeman.org/katello/4.4/katello/el8/x86_64/
https://yum.theforeman.org/pulpcore/3.16/el8/x86_64/
https://yum.puppetlabs.com/puppet7/el/8/x86_64
So when new releases comes, I create new repos, adding also them to the smart proxy.
Is this a bad idea?

That shouldn’t be the case. The installer (by default) doesn’t manage repositories (with the exception of ansible-runner). The repos you mention come from the foreman-release and katello-repos RPMs, plus Puppet which you need to get “somehow”.

You can totally maintain a proxy (and also the main server) in a disconnected environment by mirroring the required repos yourself and configuring them on your own. To disable the runner repo, you’d need to pass --foreman-proxy-plugin-ansible-manage-runner-repo false, but that’s it.

Thanks for the suggestion about “–foreman-proxy-plugin-ansible-manage-runner-repo false”
Will try this with the next installation and see if it will work better.