105 lines
2.3 KiB
YAML
105 lines
2.3 KiB
YAML
---
|
|
- name: install cups packages
|
|
package:
|
|
name: cups
|
|
state: installed
|
|
|
|
- name: create cups systemd override directory
|
|
file:
|
|
path: /etc/systemd/system/cups.service.d
|
|
state: directory
|
|
mode: 0755
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
|
|
- name: configure cups keytab location
|
|
copy:
|
|
dest: /etc/systemd/system/cups.service.d/keytab.conf
|
|
content: "[Service]\nEnvironment=KRB5_KTNAME=FILE:/etc/cups/cups.keytab\n"
|
|
mode: 0644
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
|
|
- name: copy cups keytab
|
|
copy:
|
|
dest: /etc/cups/cups.keytab
|
|
src: "{{ ansible_private }}/files/keytabs/cups.keytab"
|
|
mode: 0600
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
|
|
- name: enable gssapi authentication from cups
|
|
lineinfile:
|
|
path: /etc/cups/cupsd.conf
|
|
regexp: "^DefaultAuthType .*"
|
|
line: "DefaultAuthType Negotiate"
|
|
notify: restart cups
|
|
|
|
- name: disable printer advertising
|
|
lineinfile:
|
|
path: /etc/cups/cupsd.conf
|
|
regexp: "^Browsing .*"
|
|
line: "Browsing No"
|
|
notify: restart cups
|
|
|
|
- name: disable unauthenticated access from cups
|
|
blockinfile:
|
|
path: /etc/cups/cupsd.conf
|
|
insertafter: "^<Location />"
|
|
block: |
|
|
AuthType Default
|
|
Require user @foosh
|
|
notify: restart cups
|
|
|
|
- name: configure cups admin group
|
|
lineinfile:
|
|
path: /etc/cups/cups-files.conf
|
|
regexp: "^SystemGroup .*"
|
|
line: "SystemGroup root sysadm"
|
|
notify: restart cups
|
|
|
|
- name: add static files to cups web interface
|
|
copy:
|
|
dest: "/usr/share/cups/www/{{ item }}"
|
|
src: "{{ item }}"
|
|
mode: 0644
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
with_items:
|
|
- logo.png
|
|
- local.css
|
|
|
|
- name: create custom header for cups web interface
|
|
copy:
|
|
dest: /usr/share/cups/templates/header.tmpl
|
|
src: header.tmpl
|
|
mode: 0644
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
|
|
- name: disable cups socket service
|
|
systemd:
|
|
name: cups.socket
|
|
enabled: false
|
|
state: stopped
|
|
|
|
- name: enable cups service
|
|
service:
|
|
name: cups
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: allow nginx to connect cups
|
|
seboolean:
|
|
name: httpd_can_network_connect
|
|
persistent: true
|
|
state: true
|
|
|
|
- name: configure nginx proxy
|
|
copy:
|
|
dest: "/etc/nginx/conf.d/{{ inventory_hostname }}/cups.conf"
|
|
src: cups-nginx.conf
|
|
mode: 0644
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
notify: restart nginx
|