cups-server: Require SSL when connecting to CUPS

2021-09-02 22:19:12 +00:00 · 2021-09-02 22:19:12 +00:00 · bba8c8e446
commit bba8c8e446
parent 838efc0554
1 changed files with 17 additions and 3 deletions
--- a/roles/cups-server/tasks/main.yml
+++ b/roles/cups-server/tasks/main.yml
@ -27,11 +27,25 @@
    line: "DefaultAuthType Negotiate"
  notify: restart cups

- name: configure cups listen port
+- name: disable cups plain text port
  lineinfile:
    path: /etc/cups/cupsd.conf
-    regexp: "^Listen (.*:)?631"
-    line: "Listen 631"
+    regexp: "^#?Listen (.*:)?631"
+    line: "#Listen 631"
+  notify: restart cups
+
+- name: set ssl listen port
+  lineinfile:
+    path: /etc/cups/cupsd.conf
+    line: "SSLListen 631"
+    insertafter: "Listen /var/run/cups/cups.sock"
+  notify: restart cups
+
+- name: require tls 1.2
+  lineinfile:
+    path: /etc/cups/cupsd.conf
+    line: "SSLOptions MinTLS1.3"
+    insertafter: "SSLListen 631"
  notify: restart cups

 - name: write all requests to cups access log