Update cups

inventory/hosts.yml

@@ -10,24 +10,12 @@ all:
       ansible_host: 192.168.50.3
     home-assistant:
       ansible_host: 192.168.60.100
-    laptop.lan:
+    uatu:
-      ansible_host: 192.168.50.29
-    prusa:
-      ansible_host: 192.168.50.6
-    node-01.lan:
-      ansible_host: 192.168.50.101
-    node-02.lan:
-      ansible_host: 192.168.50.102
-    node-03.lan:
-      ansible_host: 192.168.50.103
-    node-04.lan:
-      ansible_host: 192.168.50.104
-    node-05.lan:
-      ansible_host: 192.168.50.105
-    uatu.lan:
       ansible_host: 192.168.50.106
-    node-x86.lan:
+    dymo:
-      ansible_host: 192.168.50.186
+      ansible_host: 192.168.50.109
+    node-cluster:
+      ansible_host: 192.168.50.151
     remote_server:
       ansible_host:
       ansible_become_password:
@@ -35,14 +23,10 @@ all:
   children:
     raspberry:
       hosts:
-        node-01.lan:
+        dymo:
-        node-02.lan:
+        uatu:
-        node-03.lan:
-        node-04.lan:
-        node-05.lan:
     lan:
       hosts:
-        router:
         bender:
         home-assistant:
         prusa:
@@ -50,8 +34,10 @@ all:
       children:
         docker_cluster:
           hosts:
-            node-01.lan:
+            node-cluster:
-            node-02.lan:
+    ubuntu:
-            node-03.lan:
+      hosts:
-            node-04.lan:
+        uatu:
-            node-05.lan:
+    debian:
+      hosts:
+        dymo:

main.yml

@@ -1,10 +1,4 @@
 ---
-- hosts: prusa
-  roles:
-    - ssh
-    - octoprint
-    - ubuntu
-
 - hosts: docker_cluster
   roles:
     - node_explorer
@@ -12,14 +6,6 @@
     - docker-cluster
     - ubuntu
 
-#- hosts: raspberry
-#  roles:
-#    - i2c-clock
-
-#- hosts: router.lan
-#  roles:
-#    - router
-
 - hosts: remote_server
   roles:
     - docker
@@ -33,7 +19,7 @@
     - duplicity
     - node_explorer
 
-
+- hosts: dymo
-- hosts: laptop.lan
   roles:
-    - node_explorer
+    - ssh
+    - cups-server

prusa.yml

@@ -1,6 +0,0 @@
----
-- hosts: prusa.lan
-  roles:
-#    - ssh
-    - octoprint
-#    - ubuntu

roles/cups-server/files/cupsd.conf

@@ -0,0 +1,153 @@
+#
+# Configuration file for the CUPS scheduler.  See "man cupsd.conf" for a
+# complete description of this file.
+#
+
+# Log general information in error_log - change "warn" to "debug"
+# for troubleshooting...
+LogLevel warn
+PageLogFormat
+
+# Specifies the maximum size of the log files before they are rotated.  The value "0" disables log rotation.
+MaxLogSize 0
+
+# Default error policy for printers
+ErrorPolicy retry-job
+
+# Allow remote access
+Port 631
+Listen /run/cups/cups.sock
+
+# Show shared printers on the local network.
+Browsing Yes
+BrowseLocalProtocols dnssd
+
+# Default authentication type, when authentication is required...
+DefaultAuthType Basic
+
+# Web interface setting...
+WebInterface Yes
+
+# Timeout after cupsd exits if idle (applied only if cupsd runs on-demand - with -l)
+IdleExitTimeout 60
+
+# Restrict access to the server...
+<Location />
+  # Allow remote access...
+  Order allow,deny
+  Allow all
+</Location>
+
+# Restrict access to the admin pages...
+<Location /admin>
+  Order allow,deny
+</Location>
+
+# Restrict access to configuration files...
+<Location /admin/conf>
+  AuthType Default
+  Require user @SYSTEM
+  Order allow,deny
+</Location>
+
+# Restrict access to log files...
+<Location /admin/log>
+  AuthType Default
+  Require user @SYSTEM
+  Order allow,deny
+</Location>
+
+# Set the default printer/job policies...
+<Policy default>
+  # Job/subscription privacy...
+  JobPrivateAccess default
+  JobPrivateValues default
+  SubscriptionPrivateAccess default
+  SubscriptionPrivateValues default
+
+  # Job-related operations must be done by the owner or an administrator...
+  <Limit Create-Job Print-Job Print-URI Validate-Job>
+    Order deny,allow
+  </Limit>
+
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  <Limit CUPS-Get-Document>
+    AuthType Default
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  # All administration operations require an administrator to authenticate...
+  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  # All printer operations require a printer operator to authenticate...
+  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  # Only the owner or an administrator can cancel or authenticate a job...
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  <Limit All>
+    Order deny,allow
+  </Limit>
+</Policy>
+
+# Set the authenticated printer/job policies...
+<Policy authenticated>
+  # Job/subscription privacy...
+  JobPrivateAccess default
+  JobPrivateValues default
+  SubscriptionPrivateAccess default
+  SubscriptionPrivateValues default
+
+  # Job-related operations must be done by the owner or an administrator...
+  <Limit Create-Job Print-Job Print-URI Validate-Job>
+    AuthType Default
+    Order deny,allow
+  </Limit>
+
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+    AuthType Default
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  # All administration operations require an administrator to authenticate...
+  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  # All printer operations require a printer operator to authenticate...
+  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  # Only the owner or an administrator can cancel or authenticate a job...
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    AuthType Default
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  <Limit All>
+    Order deny,allow
+  </Limit>
+</Policy>

roles/cups-server/tasks/config.yml

@@ -0,0 +1,12 @@
+- name: copy mysql backup
+  become: yes
+  copy:
+    src: "cupsd.conf"
+    dest: "/etc/cups/cupsd.conf"
+    owner: root
+    mode: '0600'
+
+- name: restart cups
+  systemd:
+    name: cups
+    state: restarted

roles/cups-server/tasks/install.yml

@@ -0,0 +1,15 @@
+---
+- become: yes
+  block:
+  - name: install needed packages
+    apt:
+      update_cache: yes
+      pkg:
+        - cups
+        - printer-driver-dymo
+
+  - name: add current user to lpadmin group
+    user:
+      name: "{{ ansible_user_id }}"
+      append: yes
+      groups: lpadmin

roles/cups-server/tasks/main.yml

@@ -0,0 +1,4 @@
+---
+- import_tasks: install.yml
+
+- import_tasks: config.yml

roles/ssh/files/authorized_keys

@@ -1,4 +1,3 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDwTqV2idle6AQj179tAuAxZzodtTb2aMJKIEnL+tXfdsKsoc8kfQV3JMtq53hk6jRcH/9+FamCBqP/2s1xT4elKAZ7GWYBMi4HqGr8Qr7I1sK2m9dydrmW+iepmhGNDdKlYkEFc8aM9blbCTEN9RqqJiSomzDAIZQWiV2E/18MIxu3WYKJ561uzILkmB9o7UJbdAgOGbk6+GkBIwGCX5CwlX4Ro8wLv/i55/bg03N1lAbsCeDqaZX7ikiy2hnxAFH/EuY2g2WK4x9yUjhUe1MnCZy5SealSP76b9BHyJVYrxGVyAZOtlnewEXzbJXnyHGQg00hXeT8YtTlMSXaQVih pgrondek@hulk
 
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj1W8hNeieD3mWKyzJ47RX5lxZDiQdt5+wcUuRaYe+3Q4LdI+SBPiAg31FD7COY4OBqOGTqc0XvOtyU6tqL3rgfHne5Uu98X7g5XdI8EJ6aAKqp+n1SWgcvHZefMWBXyVyKsF3fyw8Uj+Ho2zNVCQexQmBIsd/Vp9KLbA+g47BofTykKsB/ZHoJVv/zFfMlV7z10ky1hSoBBaIv/7YsyMLbpzuguhPlmVOJxL5c1w/7josio3Kt8Q+seIGEizFXeqU89Hci4U0Atndb1GOx/EHoWy+XKbC4v2abrSHok9HHQ7CQnIosdGorN6mnetHlqi9Mkwn0zH8nuOlV48itiesPL4iB7b8zpXB4AKPEgKvOOr9TdQxkKGltI8Q1sS+QQIWFXAoIaMfZGCCw4Zvb+RRay49+86JVJwQZyYa7HUTuxpjzbxLtiADXZKPrZeMCBxBFxzeUvH325qqQFw8N0vsuwKDVf5f0L83KUt23UIVUfNGjLI7rpMC2WKK8yozQr8= pgrondek@hawkeye
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILjWAJ3h6cc+gM3MaAW+1tKCvbM3OkZLDJT+140sB6jH pgrondek@hawkeye
-