Compare commits
30 Commits
30e0f8dc6c
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| 3343c87601 | |||
| 2909ff0ff4 | |||
| 9735ef4501 | |||
| c588cf829d | |||
| 7aedcd922a | |||
| 37ab9c1270 | |||
| f119d19906 | |||
| 6abbc06015 | |||
| 3b6d81b70a | |||
| 85007c7959 | |||
| 079ee4857e | |||
| 26fddbc7b5 | |||
| 6606e15444 | |||
| 69106fba43 | |||
| 2582b2eb06 | |||
| 5b3c05db53 | |||
| 774ed428f9 | |||
| 7d030cebed | |||
| 19a1669950 | |||
| 1c0ddd82c6 | |||
| 03ff69a6fb | |||
| 4128a54865 | |||
| 5537eb6562 | |||
| ae8f90de0f | |||
| 17ee5061df | |||
| 434bf3cbf3 | |||
| ad4259ebaa | |||
| 8809fa7e68 | |||
| 616e644f95 | |||
| c530598cc4 |
@ -8,9 +8,9 @@ all:
|
||||
# Hosts without special groups
|
||||
singlehosts:
|
||||
hosts:
|
||||
srv-print:
|
||||
ansible_host: 192.168.2.95
|
||||
ansible_user: ansible
|
||||
# srv-print:
|
||||
# ansible_host: 192.168.2.95
|
||||
# ansible_user: ansible
|
||||
|
||||
# All RPI hosts
|
||||
rpi:
|
||||
@ -30,5 +30,10 @@ rpi_rpios:
|
||||
ansible_host: 192.168.2.20
|
||||
naspi:
|
||||
ansible_host: 192.168.2.75
|
||||
# piprint:
|
||||
# ansible_host: 192.168.2.95
|
||||
gfs-ca:
|
||||
ansible_host: 192.168.2.72
|
||||
ansible_user: ansible
|
||||
|
||||
# Hosts that have no proper user yet
|
||||
staging:
|
||||
hosts:
|
||||
18
playbooks/ansible_user.yml
Normal file
18
playbooks/ansible_user.yml
Normal file
@ -0,0 +1,18 @@
|
||||
- hosts: staging
|
||||
become: yes
|
||||
tasks:
|
||||
|
||||
- name: user setup
|
||||
block:
|
||||
- name: create ansible user
|
||||
ansible.builtin.user:
|
||||
user: ansible
|
||||
state: present
|
||||
shell: /bin/bash
|
||||
groups: sudo
|
||||
|
||||
- name: add ansible ssh-key
|
||||
ansible.posix.authorized_key:
|
||||
user: ansible
|
||||
state: present
|
||||
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcB6Y1KvYdK2T4Ewg5ATE7dp67O+0RtPLWvfaiHfJoSJlipcgPKWcbFhxyAlKwQXYqILF03cfoaHXjMtNjiZpCWtUqlZVklNlQNtqyjYghn45PX1m+nmU4bMuBQw+b+J4N8KM5XfL5BAWlpFBMsWjTFEherkKCZs5ABMx6r9MiHaIb9gwjzsQBF+oqkqXAOLXd4kaSSYPHJcxfcWtKCW2S083+lfj+iwc3zwzwNoLcMeiE9eKpTXvDldCXZ5pvd762llNn24Zsa/O1i+HOGm3EkeoeBSW08sj5nGSV8CmjzM1eQI8FZzcteaTkL916Ny+NwgsZ7NogDtpZCBwdwnNE+APG060Mq1ul1sX6KblCOAXUIDyhmJCV2XuJZNd74pzTs4jZKTXjwYmG4Tq0pATw6lKaHQSC2DlwWWkToaFd+ewQ2Mct43vfPFUIGWJHxciLEALb1ZTomOkmG5v2ZTfqp9cUtCkX90ZaYa3ADk5afjKf/2lKgr0ffL0BQjvnZ5M= ansible@Septentrion"
|
||||
@ -1,59 +1,84 @@
|
||||
- hosts: srv-print
|
||||
become: yes
|
||||
tasks:
|
||||
- name: create admin user
|
||||
ansible.builtin.user:
|
||||
user: admin
|
||||
state: present
|
||||
shell: /bin/bash
|
||||
groups: sudo
|
||||
|
||||
- name: add admin ssh-key
|
||||
ansible.posix.authorized_key:
|
||||
user: admin
|
||||
state: present
|
||||
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsLI18nShd47L6o4dL2sIbhJAlWdXXc7BBSqhslTBMVziY6OBazW2jxxU0eN+Wi3RYEuOUd3xt6f56m6NgB96MxvRbfhD06FCetrEzEX/k7yWRVlvyMOSX0RjTr2UWPqOpXmLvbpOvTX4m4+rhpXlXJ1FB/jiZGNYvQEXot8PFTkMBdP0rHsdXiHhJvJy8Y/jDoErrCrK+Yger9ziCeskr3t/KET1nD6e/g4lQwVr7YftMw9s/0RiSVU4VQnUHjMiyXMpg8SD54YkmaQ8TJ14dQ3LVvMjXNGhg3fmmmxQMWot64oLe5HvNJigmKDfYxUzQuX8Ba2zAcnvHkLp/RpVB krumel@YatagarasuDrive"
|
||||
- name: user setup
|
||||
block:
|
||||
- name: create admin user
|
||||
ansible.builtin.user:
|
||||
user: admin
|
||||
state: present
|
||||
shell: /bin/bash
|
||||
groups: sudo
|
||||
|
||||
- name: install cups and printer drivers
|
||||
- name: add admin ssh-key
|
||||
ansible.posix.authorized_key:
|
||||
user: admin
|
||||
state: present
|
||||
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsLI18nShd47L6o4dL2sIbhJAlWdXXc7BBSqhslTBMVziY6OBazW2jxxU0eN+Wi3RYEuOUd3xt6f56m6NgB96MxvRbfhD06FCetrEzEX/k7yWRVlvyMOSX0RjTr2UWPqOpXmLvbpOvTX4m4+rhpXlXJ1FB/jiZGNYvQEXot8PFTkMBdP0rHsdXiHhJvJy8Y/jDoErrCrK+Yger9ziCeskr3t/KET1nD6e/g4lQwVr7YftMw9s/0RiSVU4VQnUHjMiyXMpg8SD54YkmaQ8TJ14dQ3LVvMjXNGhg3fmmmxQMWot64oLe5HvNJigmKDfYxUzQuX8Ba2zAcnvHkLp/RpVB krumel@YatagarasuDrive"
|
||||
|
||||
- name: install cups and some other required packages
|
||||
apt:
|
||||
pkg:
|
||||
- cups
|
||||
- printer-driver-splix
|
||||
- nginx
|
||||
- libnginx-mod-http-lua
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: allow access to cups from network
|
||||
replace:
|
||||
path: /etc/cups/cupsd.conf
|
||||
regexp: 'Listen localhost:631'
|
||||
replace: 'Listen 0.0.0.0:631'
|
||||
register: cupsd_mod1
|
||||
|
||||
- name: allow access to the webinterface
|
||||
replace:
|
||||
path: /etc/cups/cupsd.conf
|
||||
regexp: '<Location \/>[^<]*<\/Location>'
|
||||
replace: |
|
||||
<Location />
|
||||
Order allow,deny
|
||||
Allow all
|
||||
</Location>
|
||||
register: cupsd_mod2
|
||||
- name: cups setup
|
||||
block:
|
||||
- name: allow access to cups from network
|
||||
replace:
|
||||
path: /etc/cups/cupsd.conf
|
||||
regexp: 'Listen localhost:631'
|
||||
replace: 'Listen 0.0.0.0:631'
|
||||
|
||||
- name: configure admin acces for the webinterface
|
||||
replace:
|
||||
path: /etc/cups/cupsd.conf
|
||||
regexp: '<Location \/admin>[^<]*<\/Location>'
|
||||
replace: |
|
||||
<Location /admin>
|
||||
AuthType Default
|
||||
Require user @SYSTEM
|
||||
Order allow,deny
|
||||
</Location>
|
||||
register: cupsd_mod3
|
||||
- name: configure cups for remote access
|
||||
shell: cupsctl --remote-admin --remote-any --share-printers
|
||||
|
||||
- name:
|
||||
service:
|
||||
name: cups
|
||||
state: restarted
|
||||
when: cupsd_mod1.changed or cupsd_mod2.changed or cupsd_mod3.changed
|
||||
- name: restart cups
|
||||
service:
|
||||
name: cups
|
||||
state: restarted
|
||||
|
||||
- name: configure nginx to scan images on request
|
||||
block:
|
||||
- name: copy config to sites-available
|
||||
copy:
|
||||
src: templates/scan_image.conf
|
||||
dest: /etc/nginx/sites-available/
|
||||
|
||||
- name: link to sites-enabled
|
||||
file:
|
||||
src: /etc/nginx/sites-available/scan_image.conf
|
||||
dest: /etc/nginx/sites-enabled/scan_image.conf
|
||||
state: link
|
||||
|
||||
- name: ensure no default site is sites-enabled
|
||||
file:
|
||||
path: /etc/nginx/sites-enabled/default
|
||||
state: absent
|
||||
|
||||
- name: create scan directory and give www-data rights
|
||||
file:
|
||||
path: /srv/scans/
|
||||
state: directory
|
||||
owner: www-data
|
||||
|
||||
- name: add www-data to scanner
|
||||
user:
|
||||
name: www-data
|
||||
groups: scanner
|
||||
append: yes
|
||||
|
||||
- name: copy htpasswd
|
||||
copy:
|
||||
src: templates/htpasswd_scan
|
||||
dest: /etc/nginx/htpasswd/
|
||||
|
||||
- name: restart nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: restarted
|
||||
|
||||
1
playbooks/templates/htpasswd_scan
Normal file
1
playbooks/templates/htpasswd_scan
Normal file
@ -0,0 +1 @@
|
||||
scan:$2y$05$vibHqJBvSjz1YSdV2dV2Dut7p9bLiXAGQ/wcgSkmVQ7wlKeinWTLO
|
||||
21
playbooks/templates/scan_image.conf
Normal file
21
playbooks/templates/scan_image.conf
Normal file
@ -0,0 +1,21 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
auth_basic "";
|
||||
auth_basic_user_file /etc/nginx/htpasswd/htpasswd_scan;
|
||||
|
||||
location /scan {
|
||||
content_by_lua_block {
|
||||
epoc = ngx.time();
|
||||
os.execute("scanimage --format jpeg >/srv/scans/image"..epoc..".jpg");
|
||||
ngx.redirect("/scans/image"..epoc..".jpg");
|
||||
}
|
||||
}
|
||||
|
||||
location /scans {
|
||||
autoindex on;
|
||||
root /srv/;
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user