From 3129b5e58cbf90a1301b9c68a2d2badec4578d8b Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Mon, 10 Jun 2019 19:23:36 +0300
Subject: [PATCH] first version of cups server role

---
 roles/cups/server/files/cups-nginx.conf |  3 ++
 roles/cups/server/meta/main.yml         |  5 +++
 roles/cups/server/tasks/main.yml        | 56 +++++++++++++++++++++++++
 3 files changed, 64 insertions(+)
 create mode 100644 roles/cups/server/files/cups-nginx.conf
 create mode 100644 roles/cups/server/meta/main.yml
 create mode 100644 roles/cups/server/tasks/main.yml

diff --git a/roles/cups/server/files/cups-nginx.conf b/roles/cups/server/files/cups-nginx.conf
new file mode 100644
index 0000000..81defa3
--- /dev/null
+++ b/roles/cups/server/files/cups-nginx.conf
@@ -0,0 +1,3 @@
+location / {
+  proxy_pass https://localhost:631;
+}
diff --git a/roles/cups/server/meta/main.yml b/roles/cups/server/meta/main.yml
new file mode 100644
index 0000000..d60a1ee
--- /dev/null
+++ b/roles/cups/server/meta/main.yml
@@ -0,0 +1,5 @@
+---
+
+dependencies:
+  - {role: nginx/server}
+  - {role: kerberos/client}
diff --git a/roles/cups/server/tasks/main.yml b/roles/cups/server/tasks/main.yml
new file mode 100644
index 0000000..cc3a4f8
--- /dev/null
+++ b/roles/cups/server/tasks/main.yml
@@ -0,0 +1,56 @@
+---
+- name: install cups packages
+  package:
+    name: cups
+    state: installed
+
+- name: create cups systemd override directory
+  file:
+    path: /etc/systemd/system/cups.service.d
+    state: directory
+    mode: 0755
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: configure cups keytab location
+  copy:
+    dest: /etc/systemd/system/cups.service.d/keytab.conf
+    content: "[Service]\nEnvironment=KRB5_KTNAME=FILE:/etc/cups/cups.keytab\n"
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: copy cups keytab
+  copy:
+    dest: /etc/cups/cups.keytab
+    src: "{{ ansible_private }}/files/keytabs/cups.keytab"
+    mode: 0600
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: disable cups socket service
+  systemd:
+    name: cups.socket
+    enabled: false
+    state: stopped
+
+- name: enable cups service
+  service:
+    name: cups
+    enabled: true
+    state: started
+
+- name: allow nginx to connect cups
+  seboolean:
+    name: httpd_can_network_connect
+    persistent: true
+    state: true
+
+- name: configure nginx proxy
+  copy:
+    dest: "/etc/nginx/conf.d/{{ inventory_hostname }}/cups.conf"
+    src: cups-nginx.conf
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: restart nginx