From e345e29b19d2cf8a6880395ba77518f4be43b1ca Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Tue, 30 Mar 2021 16:14:52 +0000
Subject: [PATCH] cups/server: Remove nginx frontend proxy

---
 roles/cups/server/files/cups-nginx.conf |  3 --
 roles/cups/server/meta/main.yml         |  1 -
 roles/cups/server/tasks/main.yml        | 45 ++++++++++++++++---------
 3 files changed, 30 insertions(+), 19 deletions(-)
 delete mode 100644 roles/cups/server/files/cups-nginx.conf

diff --git a/roles/cups/server/files/cups-nginx.conf b/roles/cups/server/files/cups-nginx.conf
deleted file mode 100644
index 81defa3..0000000
--- a/roles/cups/server/files/cups-nginx.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-location / {
-  proxy_pass https://localhost:631;
-}
diff --git a/roles/cups/server/meta/main.yml b/roles/cups/server/meta/main.yml
index bd04327..f58cd56 100644
--- a/roles/cups/server/meta/main.yml
+++ b/roles/cups/server/meta/main.yml
@@ -1,6 +1,5 @@
 ---
 
 dependencies:
-  - {role: nginx/server}
   - {role: kerberos/client}
   - {role: ldap/nss}
diff --git a/roles/cups/server/tasks/main.yml b/roles/cups/server/tasks/main.yml
index 0edabd1..0662fb5 100644
--- a/roles/cups/server/tasks/main.yml
+++ b/roles/cups/server/tasks/main.yml
@@ -27,6 +27,36 @@
     line: "DefaultAuthType Negotiate"
   notify: restart cups
 
+- name: configure cups listen port
+  lineinfile:
+    path: /etc/cups/cupsd.conf
+    regexp: "^Listen (.*:)?631"
+    line: "Listen 631"
+  notify: restart cups
+
+- name: link private key
+  file:
+    dest: "/etc/cups/ssl/{{ inventory_hostname }}.key"
+    src: "{{ tls_private }}/{{ inventory_hostname }}.key"
+    state: link
+    owner: root
+    group: "{{ ansible_wheel }}"
+    follow: false
+    force: true
+  notify: restart cups
+
+
+- name: link certificate
+  file:
+    dest: "/etc/cups/ssl/{{ inventory_hostname }}.crt"
+    src: "{{ tls_certs }}/{{ inventory_hostname }}.crt"
+    state: link
+    owner: root
+    group: "{{ ansible_wheel }}"
+    follow: false
+    force: true
+  notify: restart cups
+
 - name: disable printer advertising
   lineinfile:
     path: /etc/cups/cupsd.conf
@@ -80,18 +110,3 @@
     name: cups
     enabled: true
     state: started
-
-- name: allow nginx to connect cups
-  seboolean:
-    name: httpd_can_network_connect
-    persistent: true
-    state: true
-
-- name: configure nginx proxy
-  copy:
-    dest: "/etc/nginx/conf.d/{{ inventory_hostname }}/cups.conf"
-    src: cups-nginx.conf
-    mode: 0644
-    owner: root
-    group: "{{ ansible_wheel }}"
-  notify: restart nginx