aboutsummaryrefslogtreecommitdiffstats
path: root/roles/cups_server/tasks/main.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/cups_server/tasks/main.yml')
-rw-r--r--roles/cups_server/tasks/main.yml70
1 files changed, 70 insertions, 0 deletions
diff --git a/roles/cups_server/tasks/main.yml b/roles/cups_server/tasks/main.yml
new file mode 100644
index 0000000..b03916e
--- /dev/null
+++ b/roles/cups_server/tasks/main.yml
@@ -0,0 +1,70 @@
+- name: install cups
+ dnf:
+ name: cups
+ state: present
+
+- name: create certificate directory
+ file:
+ path: /etc/pki/tls/cups
+ state: directory
+
+- name: request TLS certificate
+ include_role:
+ name: getcert_request
+ vars:
+ certificate_service: cups
+ certificate_path: '{{ cups_certificate_path }}'
+ certificate_key_path: '{{ cups_certificate_key_path }}'
+ certificate_hook: systemctl restart cups
+
+- name: generate config files
+ template:
+ src: etc/cups/{{ item }}.j2
+ dest: /etc/cups/{{ item }}
+ owner: root
+ group: lp
+ mode: 0640
+ loop:
+ - cupsd.conf
+ - cups-files.conf
+ notify: restart cups
+
+- name: allow cups to listen on port 443
+ seport:
+ ports: 443
+ proto: tcp
+ setype: ipp_port_t
+ state: present
+ tags: selinux
+
+- import_tasks: freeipa.yml
+ tags: freeipa
+
+- name: enable cups
+ systemd:
+ name: cups
+ enabled: yes
+ state: started
+
+- name: forward port 80 to port 631
+ firewalld:
+ permanent: yes
+ immediate: yes
+ rich_rule: 'rule family={{ item }} forward-port port=80 protocol=tcp to-port=631'
+ state: enabled
+ loop:
+ - ipv4
+ - ipv6
+ tags: firewalld
+
+- name: open firewall ports
+ firewalld:
+ permanent: yes
+ immediate: yes
+ service: '{{ item }}'
+ state: enabled
+ loop:
+ - ipp
+ - http
+ - https
+ tags: firewalld
generated by cgit (git 2.34.1) at 2024-09-19 11:58:43 -0400