Update settings

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2022-03-21 00:25:59 +01:00 · 2022-03-21 00:25:59 +01:00 · c87c860ae5
parent 068137d15a
commit c87c860ae5
3 changed files with 71 additions and 4 deletions
--- a/group_vars/printer.yml
+++ b/group_vars/printer.yml
@ -27,12 +27,22 @@ glob_printer:
    note_id: 2088
    note_alias: 'Crans'
  printer_name: 'Lexmark_X950_Series'
+  domain: "{{ query('ldap', 'ip', 'printer', 'lp') | ipv4 | first }}"
+  scan_server:
+    address: "{{ query('ldap', 'ip', ansible_hostname, 'lp') | ipv4 | first }}"
+    port: 9751
  debug: false
  owner: root
  group: _nounou
  version: main
  settings_local_owner: www-data
  settings_local_group: _nounou
+  ldap:
+    uri: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/"
+    dn_template: uid=%(user)s,ou=passwd,dc=crans,dc=org
+    group_search: ou=group,dc=crans,dc=org
+    read_group: cn=_user,ou=group,dc=crans,dc=org
+    write_group: cn=_nounou,ou=group,dc=crans,dc=org

 loc_nginx:
  service_name: printer
@ -43,14 +53,17 @@ loc_nginx:
      server_name:
        - "helloworld.crans.org"
        - "imprimante.crans.org"
+      additional_params:
+        - "client_max_body_size 100M"
      locations:
        - filter: "/static"
          params:
-            - "alias {% if printer.version == 'main' %}/var/lib/django-printer/static/{% else %}/var/local/django-printer/static/{% endif %}"
+            - "alias /var/lib/django-printer/static/"

-        - filter: "/media"
+        - filter: "/protected/files"
          params:
-            - "alias {% if printer.version == 'main' %}/var/lib/django-printer/media/{% else %}/var/local/django-printer/media/{% endif %}"
+            - "internal"
+            - "alias /var/lib/django-printer/files/"

        - filter: "/doc"
          params:
--- a/roles/printer/tasks/main.yml
+++ b/roles/printer/tasks/main.yml
@ -12,12 +12,14 @@
      - cups
      - gettext
      - python3-authlib
+      - python3-cups
      - python3-django
+      - python3-django-auth-ldap
+      - python3-django-crispy-forms
      - python3-django-extensions
      - python3-docutils
      - python3-ipython
      - python3-pip
-      - python3-cups
      - python3-psycopg2
      - python3-pypdf2
      - python3-requests
--- a/roles/printer/templates/django-printer/settings_local.py.j2
+++ b/roles/printer/templates/django-printer/settings_local.py.j2
@ -1,5 +1,9 @@
 {{ ansible_header | comment }}

+# Uncomment if you use LDAP login
+import ldap
+from django_auth_ldap.config import LDAPSearch, PosixGroupType
+
 # A secret key used by the server.
 SECRET_KEY = "{{ printer.django_secret_key }}"

@ -13,6 +17,10 @@ ADMINS = [{% for admin in printer.admins %}{{ admin }}, {% endfor %}]
 # The list of hostname the server will respond to.
 ALLOWED_HOSTS = [{% for host in printer.allowed_hosts %}'{{ host }}', {% endfor %}]

+OPTIONAL_APPS = [
+    'django_extensions',
+]
+
 # The storage systems parameters to use
 DATABASES = {
    'default': {  # The DB
@ -44,3 +52,47 @@ DEFAULT_FROM_EMAIL = '{{ printer.email.from_full }}'
 NOTE_KFET_URL = "{{ printer.note.url }}"
 NOTE_KFET_CLIENT_ID = "{{ printer.note.client_id }}"
 NOTE_KFET_CLIENT_SECRET = "{{ printer.note.client_secret }}"
+
+# This is the common name of the printer that is installed in the CUPS server
+PRINTER_NAME = 'Lexmark_X950_Series'
+
+# Is contacted for scanning. May be HTTP or HTTPS.
+PRINTER_HTTP_SERVER = 'https://{{ printer.domain }}'
+# Certificates may be not verified because they are unverifiable
+# due to obsolete machines.
+CHECK_HTTPS_CERTIFICATE = False
+
+# To avoid spam, you can define the maximum scanning jobs a user can request.
+# If set to 0, no limit is applied.
+MAX_SIMULTANEOUS_SCANNING_JOBS = 5
+
+# This address is the address of the server that will receive the scanned file.
+# This may be allowed in your firewall and contactable by the printer.
+SCANNER_SERVER_ADDRESS = {{ printer.scan_server.address|tojson }}
+SCANNER_SERVER_PORT = {{ printer.scan_server.port }}
+
+# Uncomment and adapt to use a LDAP server for authentication
+AUTHENTICATION_BACKENDS = ["django_auth_ldap.backend.LDAPBackend"]
+AUTH_LDAP_SERVER_URI = {{ printer.ldap.uri|tojson }}
+AUTH_LDAP_CONNECTION_OPTIONS = {
+    ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_ALLOW,
+    ldap.OPT_X_TLS_NEWCTX: 0,
+    ldap.OPT_REFERRALS: 0,
+}
+AUTH_LDAP_USER_DN_TEMPLATE = {{ printer.ldap.dn_template|tojson }}
+
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
+    {{ printer.ldap.group_search|tojson }},
+    ldap.SCOPE_SUBTREE,
+    "(objectClass=posixGroup)",
+# )
+
+AUTH_LDAP_GROUP_TYPE = PosixGroupType()
+
+AUTH_LDAP_MIRROR_GROUPS = True
+
+AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+    "is_active": {{ printer.ldap.read_group|tojson }},
+    "is_staff": {{ printer.ldap.read_group|tojson }},
+    "is_superuser": {{ printer.ldap.write_group|tojson }},
+}