srv-print disabled for now

inventory.yml

@@ -8,9 +8,9 @@ all:
 # Hosts without special groups
 singlehosts:
   hosts:
-    srv-print:
+    # srv-print:
-      ansible_host: 192.168.2.95
+    #   ansible_host: 192.168.2.95
-      ansible_user: ansible
+    #   ansible_user: ansible
 
 # All RPI hosts
 rpi:
@@ -30,5 +30,10 @@ rpi_rpios:
       ansible_host: 192.168.2.20
     naspi:
       ansible_host: 192.168.2.75
-    # piprint:
+    gfs-ca:
-    #   ansible_host: 192.168.2.95
+      ansible_host: 192.168.2.72
+      ansible_user: ansible
+
+# Hosts that have no proper user yet
+staging:
+  hosts:

playbooks/ansible_user.yml

@@ -0,0 +1,18 @@
+- hosts: staging
+  become: yes
+  tasks:
+
+    - name: user setup
+      block:
+      - name: create ansible user
+        ansible.builtin.user:
+          user: ansible
+          state: present
+          shell: /bin/bash
+          groups: sudo
+
+      - name: add ansible ssh-key
+        ansible.posix.authorized_key:
+          user: ansible
+          state: present
+          key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcB6Y1KvYdK2T4Ewg5ATE7dp67O+0RtPLWvfaiHfJoSJlipcgPKWcbFhxyAlKwQXYqILF03cfoaHXjMtNjiZpCWtUqlZVklNlQNtqyjYghn45PX1m+nmU4bMuBQw+b+J4N8KM5XfL5BAWlpFBMsWjTFEherkKCZs5ABMx6r9MiHaIb9gwjzsQBF+oqkqXAOLXd4kaSSYPHJcxfcWtKCW2S083+lfj+iwc3zwzwNoLcMeiE9eKpTXvDldCXZ5pvd762llNn24Zsa/O1i+HOGm3EkeoeBSW08sj5nGSV8CmjzM1eQI8FZzcteaTkL916Ny+NwgsZ7NogDtpZCBwdwnNE+APG060Mq1ul1sX6KblCOAXUIDyhmJCV2XuJZNd74pzTs4jZKTXjwYmG4Tq0pATw6lKaHQSC2DlwWWkToaFd+ewQ2Mct43vfPFUIGWJHxciLEALb1ZTomOkmG5v2ZTfqp9cUtCkX90ZaYa3ADk5afjKf/2lKgr0ffL0BQjvnZ5M= ansible@Septentrion"

playbooks/srv-print.yml

@@ -1,47 +1,84 @@
 - hosts: srv-print
   become: yes
   tasks:
-    - name: create admin user
-      ansible.builtin.user:
-        user: admin
-        state: present
-        shell: /bin/bash
-        groups: sudo
 
-    - name: add admin ssh-key
+    - name: user setup
-      ansible.posix.authorized_key:
+      block:
-        user: admin
+      - name: create admin user
-        state: present
+        ansible.builtin.user:
-        key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsLI18nShd47L6o4dL2sIbhJAlWdXXc7BBSqhslTBMVziY6OBazW2jxxU0eN+Wi3RYEuOUd3xt6f56m6NgB96MxvRbfhD06FCetrEzEX/k7yWRVlvyMOSX0RjTr2UWPqOpXmLvbpOvTX4m4+rhpXlXJ1FB/jiZGNYvQEXot8PFTkMBdP0rHsdXiHhJvJy8Y/jDoErrCrK+Yger9ziCeskr3t/KET1nD6e/g4lQwVr7YftMw9s/0RiSVU4VQnUHjMiyXMpg8SD54YkmaQ8TJ14dQ3LVvMjXNGhg3fmmmxQMWot64oLe5HvNJigmKDfYxUzQuX8Ba2zAcnvHkLp/RpVB krumel@YatagarasuDrive"
+          user: admin
+          state: present
+          shell: /bin/bash
+          groups: sudo
 
-    - name: install cups and printer drivers
+      - name: add admin ssh-key
+        ansible.posix.authorized_key:
+          user: admin
+          state: present
+          key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsLI18nShd47L6o4dL2sIbhJAlWdXXc7BBSqhslTBMVziY6OBazW2jxxU0eN+Wi3RYEuOUd3xt6f56m6NgB96MxvRbfhD06FCetrEzEX/k7yWRVlvyMOSX0RjTr2UWPqOpXmLvbpOvTX4m4+rhpXlXJ1FB/jiZGNYvQEXot8PFTkMBdP0rHsdXiHhJvJy8Y/jDoErrCrK+Yger9ziCeskr3t/KET1nD6e/g4lQwVr7YftMw9s/0RiSVU4VQnUHjMiyXMpg8SD54YkmaQ8TJ14dQ3LVvMjXNGhg3fmmmxQMWot64oLe5HvNJigmKDfYxUzQuX8Ba2zAcnvHkLp/RpVB krumel@YatagarasuDrive"
+
+    - name: install cups and some other required packages
       apt:
         pkg:
           - cups
           - printer-driver-splix
+          - nginx
+          - libnginx-mod-http-lua
         state: present
         update_cache: yes
-    
-    - name: allow access to cups from network
-      replace:
-        path: /etc/cups/cupsd.conf
-        regexp: 'Listen localhost:631'
-        replace: 'Listen 0.0.0.0:631'
-      register: cupsd_mod1
 
-    - name: allow access to the webinterface
+    - name: cups setup
-      replace:
+      block:
-        path: /etc/cups/cupsd.conf
+      - name: allow access to cups from network
-        regexp: '<Location \/>[^<]*<\/Location>'
+        replace:
-        replace: |
+          path: /etc/cups/cupsd.conf
-          <Location \/>
+          regexp: 'Listen localhost:631'
-            Order allow,deny
+          replace: 'Listen 0.0.0.0:631'
-            Allow all
-          <\/Location>
-      register: cupsd_mod2
 
-    - name: 
+      - name: configure cups for remote access
-      service:
+        shell: cupsctl --remote-admin --remote-any --share-printers
-        name: cups
+
-        state: restarted
+      - name: restart cups
-      when: cupsd_mod1.changed or cupsd_mod2.changed
+        service:
+          name: cups
+          state: restarted
+
+    - name: configure nginx to scan images on request
+      block:
+      - name: copy config to sites-available
+        copy:
+          src: templates/scan_image.conf
+          dest: /etc/nginx/sites-available/
+
+      - name: link to sites-enabled
+        file:
+          src: /etc/nginx/sites-available/scan_image.conf
+          dest: /etc/nginx/sites-enabled/scan_image.conf
+          state: link
+      
+      - name: ensure no default site is sites-enabled
+        file:
+          path: /etc/nginx/sites-enabled/default
+          state: absent
+
+      - name: create scan directory and give www-data rights
+        file:
+          path: /srv/scans/
+          state: directory
+          owner: www-data
+
+      - name: add www-data to scanner
+        user:
+          name: www-data
+          groups: scanner
+          append: yes
+
+      - name: copy htpasswd
+        copy: 
+          src: templates/htpasswd_scan
+          dest: /etc/nginx/htpasswd/
+
+      - name: restart nginx
+        service:
+          name: nginx
+          state: restarted

playbooks/templates/htpasswd_scan

@@ -0,0 +1 @@
+scan:$2y$05$vibHqJBvSjz1YSdV2dV2Dut7p9bLiXAGQ/wcgSkmVQ7wlKeinWTLO

playbooks/templates/scan_image.conf

@@ -0,0 +1,21 @@
+server {
+    listen 80;
+    listen [::]:80;
+
+    auth_basic "";
+    auth_basic_user_file /etc/nginx/htpasswd/htpasswd_scan;
+
+    location /scan {
+        content_by_lua_block {
+            epoc = ngx.time();
+            os.execute("scanimage --format jpeg >/srv/scans/image"..epoc..".jpg");
+            ngx.redirect("/scans/image"..epoc..".jpg");
+        }
+    }
+
+    location /scans {
+        autoindex on;
+        root /srv/;
+    }
+
+}