diff options
Diffstat (limited to 'roles/cups_server/tasks/main.yml')
-rw-r--r-- | roles/cups_server/tasks/main.yml | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/roles/cups_server/tasks/main.yml b/roles/cups_server/tasks/main.yml new file mode 100644 index 0000000..b03916e --- /dev/null +++ b/roles/cups_server/tasks/main.yml @@ -0,0 +1,70 @@ +- name: install cups + dnf: + name: cups + state: present + +- name: create certificate directory + file: + path: /etc/pki/tls/cups + state: directory + +- name: request TLS certificate + include_role: + name: getcert_request + vars: + certificate_service: cups + certificate_path: '{{ cups_certificate_path }}' + certificate_key_path: '{{ cups_certificate_key_path }}' + certificate_hook: systemctl restart cups + +- name: generate config files + template: + src: etc/cups/{{ item }}.j2 + dest: /etc/cups/{{ item }} + owner: root + group: lp + mode: 0640 + loop: + - cupsd.conf + - cups-files.conf + notify: restart cups + +- name: allow cups to listen on port 443 + seport: + ports: 443 + proto: tcp + setype: ipp_port_t + state: present + tags: selinux + +- import_tasks: freeipa.yml + tags: freeipa + +- name: enable cups + systemd: + name: cups + enabled: yes + state: started + +- name: forward port 80 to port 631 + firewalld: + permanent: yes + immediate: yes + rich_rule: 'rule family={{ item }} forward-port port=80 protocol=tcp to-port=631' + state: enabled + loop: + - ipv4 + - ipv6 + tags: firewalld + +- name: open firewall ports + firewalld: + permanent: yes + immediate: yes + service: '{{ item }}' + state: enabled + loop: + - ipp + - http + - https + tags: firewalld |