crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update settings 

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
certbot_on_virtu
Yohann D'ANELLO 2022-03-21 00:25:59 +01:00
parent 068137d15a
commit c87c860ae5
Signed by: _ynerant
GPG Key ID: 3A75C55819C8CF85
3 changed files with 71 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
group_vars/printer.yml
View File

@ -27,12 +27,22 @@ glob_printer:
note_id: 2088 note_id: 2088
note_alias: 'Crans' note_alias: 'Crans'
printer_name: 'Lexmark_X950_Series' printer_name: 'Lexmark_X950_Series'
domain: "{{ query('ldap', 'ip', 'printer', 'lp') | ipv4 | first }}"
scan_server:
address: "{{ query('ldap', 'ip', ansible_hostname, 'lp') | ipv4 | first }}"
port: 9751
debug: false debug: false
owner: root owner: root
group: _nounou group: _nounou
version: main version: main
settings_local_owner: www-data settings_local_owner: www-data
settings_local_group: _nounou settings_local_group: _nounou
ldap:
uri: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/"
dn_template: uid=%(user)s,ou=passwd,dc=crans,dc=org
group_search: ou=group,dc=crans,dc=org
read_group: cn=_user,ou=group,dc=crans,dc=org
write_group: cn=_nounou,ou=group,dc=crans,dc=org
loc_nginx: loc_nginx:
service_name: printer service_name: printer
@ -43,14 +53,17 @@ loc_nginx:
server_name: server_name:
- "helloworld.crans.org" - "helloworld.crans.org"
- "imprimante.crans.org" - "imprimante.crans.org"
additional_params:
- "client_max_body_size 100M"
locations: locations:
- filter: "/static" - filter: "/static"
params: params:
- "alias {% if printer.version == 'main' %}/var/lib/django-printer/static/{% else %}/var/local/django-printer/static/{% endif %}" - "alias /var/lib/django-printer/static/"
- filter: "/media" - filter: "/protected/files"
params: params:
- "alias {% if printer.version == 'main' %}/var/lib/django-printer/media/{% else %}/var/local/django-printer/media/{% endif %}" - "internal"
- "alias /var/lib/django-printer/files/"
- filter: "/doc" - filter: "/doc"
params: params:

4
roles/printer/tasks/main.yml
View File

@ -12,12 +12,14 @@
- cups - cups
- gettext - gettext
- python3-authlib - python3-authlib
- python3-cups
- python3-django - python3-django
- python3-django-auth-ldap
- python3-django-crispy-forms
- python3-django-extensions - python3-django-extensions
- python3-docutils - python3-docutils
- python3-ipython - python3-ipython
- python3-pip - python3-pip
- python3-cups
- python3-psycopg2 - python3-psycopg2
- python3-pypdf2 - python3-pypdf2
- python3-requests - python3-requests

52
roles/printer/templates/django-printer/settings_local.py.j2
View File

@ -1,5 +1,9 @@
{{ ansible_header | comment }} {{ ansible_header | comment }}
# Uncomment if you use LDAP login
import ldap
from django_auth_ldap.config import LDAPSearch, PosixGroupType
# A secret key used by the server. # A secret key used by the server.
SECRET_KEY = "{{ printer.django_secret_key }}" SECRET_KEY = "{{ printer.django_secret_key }}"
@ -13,6 +17,10 @@ ADMINS = [{% for admin in printer.admins %}{{ admin }}, {% endfor %}]
# The list of hostname the server will respond to. # The list of hostname the server will respond to.
ALLOWED_HOSTS = [{% for host in printer.allowed_hosts %}'{{ host }}', {% endfor %}] ALLOWED_HOSTS = [{% for host in printer.allowed_hosts %}'{{ host }}', {% endfor %}]
OPTIONAL_APPS = [
'django_extensions',
]
# The storage systems parameters to use # The storage systems parameters to use
DATABASES = { DATABASES = {
'default': { # The DB 'default': { # The DB
@ -44,3 +52,47 @@ DEFAULT_FROM_EMAIL = '{{ printer.email.from_full }}'
NOTE_KFET_URL = "{{ printer.note.url }}" NOTE_KFET_URL = "{{ printer.note.url }}"
NOTE_KFET_CLIENT_ID = "{{ printer.note.client_id }}" NOTE_KFET_CLIENT_ID = "{{ printer.note.client_id }}"
NOTE_KFET_CLIENT_SECRET = "{{ printer.note.client_secret }}" NOTE_KFET_CLIENT_SECRET = "{{ printer.note.client_secret }}"
# This is the common name of the printer that is installed in the CUPS server
PRINTER_NAME = 'Lexmark_X950_Series'
# Is contacted for scanning. May be HTTP or HTTPS.
PRINTER_HTTP_SERVER = 'https://{{ printer.domain }}'
# Certificates may be not verified because they are unverifiable
# due to obsolete machines.
CHECK_HTTPS_CERTIFICATE = False
# To avoid spam, you can define the maximum scanning jobs a user can request.
# If set to 0, no limit is applied.
MAX_SIMULTANEOUS_SCANNING_JOBS = 5
# This address is the address of the server that will receive the scanned file.
# This may be allowed in your firewall and contactable by the printer.
SCANNER_SERVER_ADDRESS = {{ printer.scan_server.address|tojson }}
SCANNER_SERVER_PORT = {{ printer.scan_server.port }}
# Uncomment and adapt to use a LDAP server for authentication
AUTHENTICATION_BACKENDS = ["django_auth_ldap.backend.LDAPBackend"]
AUTH_LDAP_SERVER_URI = {{ printer.ldap.uri|tojson }}
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_ALLOW,
ldap.OPT_X_TLS_NEWCTX: 0,
ldap.OPT_REFERRALS: 0,
}
AUTH_LDAP_USER_DN_TEMPLATE = {{ printer.ldap.dn_template|tojson }}
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
{{ printer.ldap.group_search|tojson }},
ldap.SCOPE_SUBTREE,
"(objectClass=posixGroup)",
# )
AUTH_LDAP_GROUP_TYPE = PosixGroupType()
AUTH_LDAP_MIRROR_GROUPS = True
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_active": {{ printer.ldap.read_group|tojson }},
"is_staff": {{ printer.ldap.read_group|tojson }},
"is_superuser": {{ printer.ldap.write_group|tojson }},
}