1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00

cups/tasks/install.yml: Clarify explanations

This commit is contained in:
A Holt 2021-07-14 01:36:51 -04:00 committed by GitHub
parent 7fccd87fed
commit d0eb27f66c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -35,7 +35,7 @@
# 2021-07-12: lineinfile fails to insert the needed lines, as these same 2 lines
# already appear throughout /etc/cups/cupsd.conf -- so we use blockinfile below.
#
# - name: Insert 2 lines into /etc/cups/cupsd.conf to LOCK DOWN URL'S LIKE http://box/print/admin -- REQUIRING '{{ iiab_admin_user }}' AND ITS LINUX PASSWORD (to avoid accidental damage to /etc/cups/cupsd.conf and other CUPS settings)
# - name: Insert 2 lines into /etc/cups/cupsd.conf to LOCK DOWN URL'S LIKE http://localhost:631/admin -- REQUIRING '{{ iiab_admin_user }}' AND ITS LINUX PASSWORD (to avoid accidental damage to /etc/cups/cupsd.conf and other CUPS settings)
# lineinfile:
# path: /etc/cups/cupsd.conf
# #regexp:
@ -45,7 +45,7 @@
# - " Require user @SYSTEM" # Will appear BELOW, in /etc/cups/cupsd.conf
# - " AuthType Default" # Will appear ABOVE, in /etc/cups/cupsd.conf
- name: "CUPS web administration: Insert 2-line block into /etc/cups/cupsd.conf to LOCK DOWN URL'S LIKE http://box/print/admin TO LINUX GROUP 'lpadmin' -- to avoid accidental damage to /etc/cups/cupsd.conf and other CUPS settings. This uses 'SystemGroup lpadmin' in /etc/cups/cups-files.conf -- in coordination with ~14 -> ~15 '@SYSTEM' lines and 'DefaultAuthType Basic' in /etc/cups/cupsd.conf"
- name: "CUPS web administration: Insert 2-line block into /etc/cups/cupsd.conf to LOCK DOWN URL'S LIKE http://localhost:631/admin TO LINUX GROUP 'lpadmin' -- to avoid accidental damage to /etc/cups/cupsd.conf and other CUPS settings. This uses 'SystemGroup lpadmin' in /etc/cups/cups-files.conf -- in coordination with ~14 -> ~15 '@SYSTEM' lines and 'DefaultAuthType Basic' in /etc/cups/cupsd.conf"
blockinfile:
path: /etc/cups/cupsd.conf
insertafter: '^<Location /admin>$'
@ -76,14 +76,14 @@
name: cups
state: started
# - name: Run 'cupsctl --remote-admin --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://172.18.96.1:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf
# - name: "Authorize Nearby IP Addresses: Run 'cupsctl --remote-admin --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://172.18.96.1:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf"
# command: cupsctl --remote-admin --share-printers --user-cancel-any
# 2021-07-11: BOTH FLAGS *CANNOT* BE USED TOGETHER -- CHOOSE ONE OR THE OTHER:
# (1) '--remote-admin' AS ABOVE, OR (2) '--remote-any' AS BELOW.
# (RUN 'cupsctl' WITHOUT PARAMETERS TO CONFIRM THIS!)
- name: Run 'cupsctl --remote-any --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://172.18.96.1:631 AND http://10.8.0.y:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf
- name: "Authorize All IP Addresses: Run 'cupsctl --remote-any --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://172.18.96.1:631 AND http://10.8.0.y:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf"
command: cupsctl --remote-any --share-printers --user-cancel-any
# 2021-07-11: In theory 'cupsctl' stanzas could be put in enable-or-disable.yml