srv-print disabled for now

gfs-ca staging -> rpi_rpios, for real this time
oops, fixed playbook
2022-03-03 18:09:31 +01:00 · 2022-03-03 18:08:51 +01:00 · 2022-03-03 18:07:23 +01:00 · 2022-03-03 18:05:53 +01:00 · 2022-03-03 18:03:56 +01:00 · 2022-03-03 17:58:10 +01:00
8 changed files with 197 additions and 22 deletions
--- a/inventory.yml
+++ b/inventory.yml
@ -0,0 +1,39 @@
+---
+
+all:
+  children:
+    singlehosts:
+    rpi:
+
+# Hosts without special groups
+singlehosts:
+  hosts:
+    # srv-print:
+    #   ansible_host: 192.168.2.95
+    #   ansible_user: ansible
+
+# All RPI hosts
+rpi:
+  hosts:
+  children:
+    rpi_ubuntu:
+    rpi_rpios:
+
+# RPI hosts with RPIOS
+rpi_rpios:
+  vars:
+    ansible_user: pi
+  hosts:
+    octopi:
+      ansible_host: 192.168.2.99
+    pihole:
+      ansible_host: 192.168.2.20
+    naspi:
+      ansible_host: 192.168.2.75
+    gfs-ca:
+      ansible_host: 192.168.2.72
+      ansible_user: ansible
+
+# Hosts that have no proper user yet
+staging:
+  hosts:
--- a/playbooks/ansible_user.yml
+++ b/playbooks/ansible_user.yml
@ -0,0 +1,18 @@
+- hosts: staging
+  become: yes
+  tasks:
+
+    - name: user setup
+      block:
+      - name: create ansible user
+        ansible.builtin.user:
+          user: ansible
+          state: present
+          shell: /bin/bash
+          groups: sudo
+
+      - name: add ansible ssh-key
+        ansible.posix.authorized_key:
+          user: ansible
+          state: present
+          key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcB6Y1KvYdK2T4Ewg5ATE7dp67O+0RtPLWvfaiHfJoSJlipcgPKWcbFhxyAlKwQXYqILF03cfoaHXjMtNjiZpCWtUqlZVklNlQNtqyjYghn45PX1m+nmU4bMuBQw+b+J4N8KM5XfL5BAWlpFBMsWjTFEherkKCZs5ABMx6r9MiHaIb9gwjzsQBF+oqkqXAOLXd4kaSSYPHJcxfcWtKCW2S083+lfj+iwc3zwzwNoLcMeiE9eKpTXvDldCXZ5pvd762llNn24Zsa/O1i+HOGm3EkeoeBSW08sj5nGSV8CmjzM1eQI8FZzcteaTkL916Ny+NwgsZ7NogDtpZCBwdwnNE+APG060Mq1ul1sX6KblCOAXUIDyhmJCV2XuJZNd74pzTs4jZKTXjwYmG4Tq0pATw6lKaHQSC2DlwWWkToaFd+ewQ2Mct43vfPFUIGWJHxciLEALb1ZTomOkmG5v2ZTfqp9cUtCkX90ZaYa3ADk5afjKf/2lKgr0ffL0BQjvnZ5M= ansible@Septentrion"
--- a/playbooks/patches.yml
+++ b/playbooks/patches.yml
@ -0,0 +1,24 @@
+- hosts: all
+  tasks:
+  
+    - name: Update Debian-based systems
+      block:
+      - name: Apt Update
+        apt:
+          update_cache: yes
+
+      - name: Apt Upgrade
+        apt:
+          upgrade: safe
+
+      - name: Check if reboot required
+        stat:
+          path: /var/run/reboot-required
+        register: reboot_required_file
+
+      - name: Reboot if required
+        reboot:
+        when: reboot_required_file.stat.exists == true
+
+      become: yes
+      when: ansible_facts['ansible_os_family'] == 'Debian'
--- a/playbooks/rpi_patches.yml
+++ b/playbooks/rpi_patches.yml
@ -1,19 +0,0 @@
- hosts: rpi
-  become: yes
-  tasks:
-    - name: Apt Update
-      apt:
-        update_cache: yes
-
-    - name: Apt Upgrade
-      apt:
-        upgrade: safe
-
-    - name: Check if reboot required
-      stat:
-        path: /var/run/reboot-required
-      register: reboot_required_file
-
-    - name: Reboot if required
-      reboot:
-      when: reboot_required_file.stat.exists == true
--- a/playbooks/srv-print.yml
+++ b/playbooks/srv-print.yml
@ -0,0 +1,84 @@
+- hosts: srv-print
+  become: yes
+  tasks:
+
+    - name: user setup
+      block:
+      - name: create admin user
+        ansible.builtin.user:
+          user: admin
+          state: present
+          shell: /bin/bash
+          groups: sudo
+
+      - name: add admin ssh-key
+        ansible.posix.authorized_key:
+          user: admin
+          state: present
+          key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsLI18nShd47L6o4dL2sIbhJAlWdXXc7BBSqhslTBMVziY6OBazW2jxxU0eN+Wi3RYEuOUd3xt6f56m6NgB96MxvRbfhD06FCetrEzEX/k7yWRVlvyMOSX0RjTr2UWPqOpXmLvbpOvTX4m4+rhpXlXJ1FB/jiZGNYvQEXot8PFTkMBdP0rHsdXiHhJvJy8Y/jDoErrCrK+Yger9ziCeskr3t/KET1nD6e/g4lQwVr7YftMw9s/0RiSVU4VQnUHjMiyXMpg8SD54YkmaQ8TJ14dQ3LVvMjXNGhg3fmmmxQMWot64oLe5HvNJigmKDfYxUzQuX8Ba2zAcnvHkLp/RpVB krumel@YatagarasuDrive"
+
+    - name: install cups and some other required packages
+      apt:
+        pkg:
+          - cups
+          - printer-driver-splix
+          - nginx
+          - libnginx-mod-http-lua
+        state: present
+        update_cache: yes
+
+    - name: cups setup
+      block:
+      - name: allow access to cups from network
+        replace:
+          path: /etc/cups/cupsd.conf
+          regexp: 'Listen localhost:631'
+          replace: 'Listen 0.0.0.0:631'
+
+      - name: configure cups for remote access
+        shell: cupsctl --remote-admin --remote-any --share-printers
+
+      - name: restart cups
+        service:
+          name: cups
+          state: restarted
+
+    - name: configure nginx to scan images on request
+      block:
+      - name: copy config to sites-available
+        copy:
+          src: templates/scan_image.conf
+          dest: /etc/nginx/sites-available/
+
+      - name: link to sites-enabled
+        file:
+          src: /etc/nginx/sites-available/scan_image.conf
+          dest: /etc/nginx/sites-enabled/scan_image.conf
+          state: link
+      
+      - name: ensure no default site is sites-enabled
+        file:
+          path: /etc/nginx/sites-enabled/default
+          state: absent
+
+      - name: create scan directory and give www-data rights
+        file:
+          path: /srv/scans/
+          state: directory
+          owner: www-data
+
+      - name: add www-data to scanner
+        user:
+          name: www-data
+          groups: scanner
+          append: yes
+
+      - name: copy htpasswd
+        copy: 
+          src: templates/htpasswd_scan
+          dest: /etc/nginx/htpasswd/
+
+      - name: restart nginx
+        service:
+          name: nginx
+          state: restarted
--- a/playbooks/ssh_keys.yml
+++ b/playbooks/ssh_keys.yml
@ -1,9 +1,16 @@
- hosts: rpi
-  become: yes
+- become: yes
  tasks:

-    - name: add ansible@septentrion to authorized keys
+    - name: add ansible@septentrion to authorized keys for RaspberryPis
+      hosts: rpi
      ansible.posix.authorized_key:
        user: pi
        state: present
        key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcB6Y1KvYdK2T4Ewg5ATE7dp67O+0RtPLWvfaiHfJoSJlipcgPKWcbFhxyAlKwQXYqILF03cfoaHXjMtNjiZpCWtUqlZVklNlQNtqyjYghn45PX1m+nmU4bMuBQw+b+J4N8KM5XfL5BAWlpFBMsWjTFEherkKCZs5ABMx6r9MiHaIb9gwjzsQBF+oqkqXAOLXd4kaSSYPHJcxfcWtKCW2S083+lfj+iwc3zwzwNoLcMeiE9eKpTXvDldCXZ5pvd762llNn24Zsa/O1i+HOGm3EkeoeBSW08sj5nGSV8CmjzM1eQI8FZzcteaTkL916Ny+NwgsZ7NogDtpZCBwdwnNE+APG060Mq1ul1sX6KblCOAXUIDyhmJCV2XuJZNd74pzTs4jZKTXjwYmG4Tq0pATw6lKaHQSC2DlwWWkToaFd+ewQ2Mct43vfPFUIGWJHxciLEALb1ZTomOkmG5v2ZTfqp9cUtCkX90ZaYa3ADk5afjKf/2lKgr0ffL0BQjvnZ5M= ansible@Septentrion"
+
+    - name: add ansible@septentrion to authorized keys for single hosts
+      hosts: single-hosts
+      ansible.posix.authorized_key:
+        user: ansible
+        state: present
+        key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcB6Y1KvYdK2T4Ewg5ATE7dp67O+0RtPLWvfaiHfJoSJlipcgPKWcbFhxyAlKwQXYqILF03cfoaHXjMtNjiZpCWtUqlZVklNlQNtqyjYghn45PX1m+nmU4bMuBQw+b+J4N8KM5XfL5BAWlpFBMsWjTFEherkKCZs5ABMx6r9MiHaIb9gwjzsQBF+oqkqXAOLXd4kaSSYPHJcxfcWtKCW2S083+lfj+iwc3zwzwNoLcMeiE9eKpTXvDldCXZ5pvd762llNn24Zsa/O1i+HOGm3EkeoeBSW08sj5nGSV8CmjzM1eQI8FZzcteaTkL916Ny+NwgsZ7NogDtpZCBwdwnNE+APG060Mq1ul1sX6KblCOAXUIDyhmJCV2XuJZNd74pzTs4jZKTXjwYmG4Tq0pATw6lKaHQSC2DlwWWkToaFd+ewQ2Mct43vfPFUIGWJHxciLEALb1ZTomOkmG5v2ZTfqp9cUtCkX90ZaYa3ADk5afjKf/2lKgr0ffL0BQjvnZ5M= ansible@Septentrion"
--- a/playbooks/templates/htpasswd_scan
+++ b/playbooks/templates/htpasswd_scan
@ -0,0 +1 @@
+scan:$2y$05$vibHqJBvSjz1YSdV2dV2Dut7p9bLiXAGQ/wcgSkmVQ7wlKeinWTLO
--- a/playbooks/templates/scan_image.conf
+++ b/playbooks/templates/scan_image.conf
@ -0,0 +1,21 @@
+server {
+    listen 80;
+    listen [::]:80;
+
+    auth_basic "";
+    auth_basic_user_file /etc/nginx/htpasswd/htpasswd_scan;
+
+    location /scan {
+        content_by_lua_block {
+            epoc = ngx.time();
+            os.execute("scanimage --format jpeg >/srv/scans/image"..epoc..".jpg");
+            ngx.redirect("/scans/image"..epoc..".jpg");
+        }
+    }
+
+    location /scans {
+        autoindex on;
+        root /srv/;
+    }
+
+}
Author	SHA1	Message	Date
krumel	3343c87601	srv-print disabled for now	2022-03-03 18:09:31 +01:00
krumel	2909ff0ff4	gfs-ca staging -> rpi_rpios, for real this time	2022-03-03 18:08:51 +01:00
krumel	9735ef4501	oops, fixed playbook	2022-03-03 18:07:23 +01:00
krumel	c588cf829d	gfs-ca from staging to rpi_rpios	2022-03-03 18:05:53 +01:00
krumel	7aedcd922a	gfs-ca to staging	2022-03-03 18:03:56 +01:00
krumel	37ab9c1270	playbook to create ansible user	2022-03-03 17:58:10 +01:00
krumel	f119d19906	.	2022-02-27 18:46:08 +01:00
krumel	6abbc06015	fixed nginx template	2022-02-27 15:34:51 +01:00
krumel	3b6d81b70a	.	2022-02-27 15:22:27 +01:00
krumel	85007c7959	added debian samsung uld repo	2022-02-27 15:14:28 +01:00
krumel	079ee4857e	fixed nginx conf	2022-02-27 01:32:53 +01:00
krumel	26fddbc7b5	added lua module for nginx	2022-02-27 01:29:23 +01:00
krumel	6606e15444	small fixes	2022-02-27 01:27:21 +01:00
krumel	69106fba43	added nginx to trigger scanning	2022-02-27 01:25:23 +01:00
krumel	2582b2eb06	turns out splix actually FUCKING WORKS BUT IT JUST RESPONDS WITH A FUCKING ERROR	2022-02-27 00:58:39 +01:00
krumel	5b3c05db53	please work	2022-02-27 00:47:54 +01:00
krumel	774ed428f9	it was necessary	2022-02-27 00:41:49 +01:00
krumel	7d030cebed	i hate you samsung	2022-02-27 00:40:26 +01:00
krumel	19a1669950	who the fuck uses this function?	2022-02-27 00:34:15 +01:00
krumel	1c0ddd82c6	doireallyhavetofixeverythingmyself	2022-02-27 00:30:34 +01:00
krumel	03ff69a6fb	fuckyousamsung	2022-02-27 00:22:43 +01:00
krumel	4128a54865	.	2022-02-27 00:18:32 +01:00
krumel	5537eb6562	-	2022-02-27 00:15:11 +01:00
krumel	ae8f90de0f	fuck you ansible arent you fucking agentless	2022-02-27 00:14:24 +01:00
krumel	17ee5061df	.	2022-02-27 00:13:07 +01:00
krumel	434bf3cbf3	fuck you samsung with your shitty installer	2022-02-27 00:11:43 +01:00
krumel	ad4259ebaa	fuck you samsung	2022-02-27 00:08:45 +01:00
krumel	8809fa7e68	whyyyyy	2022-02-27 00:02:41 +01:00
krumel	616e644f95	use vendor driver instead of splix because splix is broken	2022-02-27 00:00:26 +01:00
krumel	c530598cc4	fuck you cups	2022-02-26 23:31:01 +01:00
krumel	30e0f8dc6c	configure admin acces for printserver	2022-02-26 23:18:46 +01:00
krumel	20ade83682	.	2022-02-26 23:16:26 +01:00
krumel	e9fe5072cf	regex fix	2022-02-26 23:15:11 +01:00
krumel	10ffe013c0	.	2022-02-26 23:11:20 +01:00
krumel	0765da4478	.	2022-02-26 23:10:45 +01:00
krumel	c7a226261f	.	2022-02-26 23:09:20 +01:00
krumel	7706f2843c	.	2022-02-26 23:03:23 +01:00
krumel	e726a571dd	srv-print cupsd webinterface	2022-02-26 23:00:42 +01:00
krumel	52a68730e3	cupsd config for srv-print	2022-02-26 22:45:19 +01:00
krumel	3f251ce158	printerserver setup	2022-02-26 22:28:59 +01:00
krumel	de05b7e312	prepared for update printerserver	2022-02-26 22:05:37 +01:00
ansible	7adcf81c0d	.	2022-02-26 21:55:21 +01:00
				`@ -0,0 +1 @@`
				`scan:$2y$05$vibHqJBvSjz1YSdV2dV2Dut7p9bLiXAGQ/wcgSkmVQ7wlKeinWTLO`