first version of cups server role

roles/cups/server/files/cups-nginx.conf

@@ -0,0 +1,3 @@
+location / {
+  proxy_pass https://localhost:631;
+}

roles/cups/server/meta/main.yml

@@ -0,0 +1,5 @@
+---
+
+dependencies:
+  - {role: nginx/server}
+  - {role: kerberos/client}

roles/cups/server/tasks/main.yml

@@ -0,0 +1,56 @@
+---
+- name: install cups packages
+  package:
+    name: cups
+    state: installed
+
+- name: create cups systemd override directory
+  file:
+    path: /etc/systemd/system/cups.service.d
+    state: directory
+    mode: 0755
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: configure cups keytab location
+  copy:
+    dest: /etc/systemd/system/cups.service.d/keytab.conf
+    content: "[Service]\nEnvironment=KRB5_KTNAME=FILE:/etc/cups/cups.keytab\n"
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: copy cups keytab
+  copy:
+    dest: /etc/cups/cups.keytab
+    src: "{{ ansible_private }}/files/keytabs/cups.keytab"
+    mode: 0600
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: disable cups socket service
+  systemd:
+    name: cups.socket
+    enabled: false
+    state: stopped
+
+- name: enable cups service
+  service:
+    name: cups
+    enabled: true
+    state: started
+
+- name: allow nginx to connect cups
+  seboolean:
+    name: httpd_can_network_connect
+    persistent: true
+    state: true
+
+- name: configure nginx proxy
+  copy:
+    dest: "/etc/nginx/conf.d/{{ inventory_hostname }}/cups.conf"
+    src: cups-nginx.conf
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: restart nginx