From 588f9e8918cdb308f3dbb02b17ec61c02894bfac Mon Sep 17 00:00:00 2001 From: Timo Makinen Date: Sun, 30 Oct 2022 16:37:41 +0000 Subject: [PATCH] cups_server: ansible-lint fixes --- roles/cups_server/handlers/main.yml | 3 +- roles/cups_server/tasks/main.yml | 58 ++++++++++++++--------------- 2 files changed, 30 insertions(+), 31 deletions(-) diff --git a/roles/cups_server/handlers/main.yml b/roles/cups_server/handlers/main.yml index f8aeecf..11c93a1 100644 --- a/roles/cups_server/handlers/main.yml +++ b/roles/cups_server/handlers/main.yml @@ -1,6 +1,5 @@ --- - -- name: restart cups +- name: Restart cups ansible.builtin.service: name: cups state: restarted diff --git a/roles/cups_server/tasks/main.yml b/roles/cups_server/tasks/main.yml index 943ee04..418a672 100644 --- a/roles/cups_server/tasks/main.yml +++ b/roles/cups_server/tasks/main.yml @@ -1,10 +1,10 @@ --- -- name: install cups packages +- name: Install cups packages ansible.builtin.package: name: cups state: installed -- name: create cups systemd override directory +- name: Create cups systemd override directory ansible.builtin.file: path: /etc/systemd/system/cups.service.d state: directory @@ -12,7 +12,7 @@ owner: root group: "{{ ansible_wheel }}" -- name: configure cups keytab location +- name: Configure cups keytab location ansible.builtin.copy: dest: /etc/systemd/system/cups.service.d/keytab.conf content: "[Service]\nEnvironment=KRB5_KTNAME=FILE:/etc/cups/cups.keytab\n" @@ -20,49 +20,49 @@ owner: root group: "{{ ansible_wheel }}" -- name: enable gssapi authentication from cups +- name: Enable gssapi authentication from cups ansible.builtin.lineinfile: path: /etc/cups/cupsd.conf regexp: "^DefaultAuthType .*" line: "DefaultAuthType Negotiate" - notify: restart cups + notify: Restart cups -- name: disable cups plain text port +- name: Disable cups plain text port ansible.builtin.lineinfile: path: /etc/cups/cupsd.conf regexp: "^#?Listen (.*:)?631" line: "#Listen 631" - notify: restart cups + notify: Restart cups -- name: set ssl listen port +- name: Set ssl listen port ansible.builtin.lineinfile: path: /etc/cups/cupsd.conf line: "SSLListen 631" insertafter: "Listen /var/run/cups/cups.sock" - notify: restart cups + notify: Restart cups -- name: require tls 1.3 +- name: Require tls 1.3 ansible.builtin.lineinfile: path: /etc/cups/cupsd.conf line: "SSLOptions MinTLS1.3" insertafter: "SSLListen 631" - notify: restart cups + notify: Restart cups -- name: write all requests to cups access log +- name: Write all requests to cups access log ansible.builtin.lineinfile: path: /etc/cups/cupsd.conf line: "AccessLogLevel all" insertafter: "LogLevel warn" - notify: restart cups + notify: Restart cups -- name: disable printer advertisements +- name: Disable printer advertisements ansible.builtin.lineinfile: path: /etc/cups/cupsd.conf regexp: "^BrowseLocalProtocols .*" line: "BrowseLocalProtocols none" - notify: restart cups + notify: Restart cups -- name: link private key +- name: Link private key ansible.builtin.file: dest: "/etc/cups/ssl/{{ inventory_hostname }}.key" src: "{{ tls_private }}/{{ inventory_hostname }}.key" @@ -71,9 +71,9 @@ group: "{{ ansible_wheel }}" follow: false force: true - notify: restart cups + notify: Restart cups -- name: link certificate +- name: Link certificate ansible.builtin.file: dest: "/etc/cups/ssl/{{ inventory_hostname }}.crt" src: "{{ tls_certs }}/{{ inventory_hostname }}.crt" @@ -82,32 +82,32 @@ group: "{{ ansible_wheel }}" follow: false force: true - notify: restart cups + notify: Restart cups -- name: disable printer advertising +- name: Disable printer advertising ansible.builtin.lineinfile: path: /etc/cups/cupsd.conf regexp: "^Browsing .*" line: "Browsing No" - notify: restart cups + notify: Restart cups -- name: disable unauthenticated access from cups +- name: Disable unauthenticated access from cups ansible.builtin.blockinfile: path: /etc/cups/cupsd.conf insertafter: "^" block: | AuthType Default Require user @foosh - notify: restart cups + notify: Restart cups -- name: configure cups admin group +- name: Configure cups admin group ansible.builtin.lineinfile: path: /etc/cups/cups-files.conf regexp: "^SystemGroup .*" line: "SystemGroup root sysadm" - notify: restart cups + notify: Restart cups -- name: add static files to cups web interface +- name: Add static files to cups web interface ansible.builtin.copy: dest: "/usr/share/cups/www/{{ item }}" src: "{{ item }}" @@ -118,7 +118,7 @@ - logo.png - local.css -- name: create custom header for cups web interface +- name: Create custom header for cups web interface ansible.builtin.copy: dest: /usr/share/cups/templates/header.tmpl src: header.tmpl @@ -126,13 +126,13 @@ owner: root group: "{{ ansible_wheel }}" -- name: disable cups socket service +- name: Disable cups socket service ansible.builtin.systemd: name: cups.socket enabled: false state: stopped -- name: enable cups service +- name: Enable cups service ansible.builtin.service: name: cups enabled: true