2025-06-26-13-33-49: Cronjob

roles/lmn_printer/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+printer_admin_group: ""

roles/lmn_printer/files/90-lmn-install-printers

@@ -0,0 +1,3 @@
+%examusers ALL=(root) NOPASSWD: /usr/local/bin/install-printers.sh
+%role-student ALL=(root) NOPASSWD: /usr/local/bin/install-printers.sh
+%role-teacher ALL=(root) NOPASSWD: /usr/local/bin/install-printers.sh

roles/lmn_printer/tasks/main.yml

@@ -0,0 +1,67 @@
+---
+- name: Install cups
+  ansible.builtin.apt:
+    name:
+      - cups
+
+- name: Disable cups printer browsing
+  ansible.builtin.lineinfile:
+    dest: /etc/cups/cupsd.conf
+    regexp: '^(Browsing ).*'
+    line: '\1No'
+    backrefs: true
+
+- name: Listen on all Interfaces
+  ansible.builtin.lineinfile:
+    dest: /etc/cups/cupsd.conf
+    line: 'Listen *:631'
+    regexp: '^Listen localhost'
+    state: present
+
+- name: Allow access from localhost and from VM
+  ansible.builtin.blockinfile:
+    dest: /etc/cups/cupsd.conf
+    block: |
+      Allow localhost
+      Allow 192.168.122.0/24
+    insertafter: "<Location {{ item }}>"
+    marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item }}"
+    state: present
+  loop:
+    - "/"
+    - "/admin"
+
+- name: Allow group role-teacher to manage printers
+  ansible.builtin.lineinfile:
+    dest: /etc/cups/cups-files.conf
+    line: "SystemGroup root lpadmin {{ printer_admin_group }}"
+    regexp: '^SystemGroup'
+    state: present
+  when: printer_admin_group | length > 0
+
+- name: Disable cups-browsed
+  ansible.builtin.systemd:
+    name: cups-browsed.service
+    state: stopped
+    enabled: false
+
+- name: Install install-printers.sh
+  ansible.builtin.template:
+    src: install-printers.sh.j2
+    dest: /usr/local/bin/install-printers.sh
+    mode: '0755'
+
+- name: Install lmn-install-printers sudoers
+  ansible.builtin.copy:
+    src: 90-lmn-install-printers
+    dest: /etc/sudoers.d/
+    mode: '0660'
+    owner: root
+    group: root
+
+- name: Run printer script from /etc/profile.d/
+  ansible.builtin.copy:
+    dest: /etc/profile.d/lmn-printer.sh
+    mode: '0644'
+    content: |
+      [[ "${UID}" -gt 10000 ]] && (sudo /usr/local/bin/install-printers.sh > /dev/null &)

roles/lmn_printer/templates/install-printers.sh.j2

@@ -0,0 +1,50 @@
+#!/usr/bin/bash
+
+set -eu
+
+## Exit if first printserver is not reachable
+ping -c1 -W1 {{ printservers | first }} || exit 0
+
+printservers="{{ printservers | join(' ') }}"
+hostgroup="$(id -Gn "${HOSTNAME^^}$")"
+usergroup="$(id -Gn "${SUDO_USER}")"
+installedprinters="$(lpstat -v | cut -f 3 -d" " | sed 's/:$//' )"
+
+cat <<EOF
+Hostgroups: ${hostgroup}
+Usergroups: ${usergroup}
+Local print queues:
+${installedprinters}
+
+EOF
+
+## Remove all printers not wanted:
+for p in $installedprinters ; do
+    printer_ip=$(lpstat -v "${p}" | sed -nE "s%.*ipp://(.+)/printers.*%\1%p")
+    if [[ -n $printer_ip ]] && (echo "${printservers}" | grep -w -q "${printer_ip}"); then
+	echo "Removing print queue '$p'."
+	lpadmin -x "$p"
+    fi
+done
+
+installedprinters="$(lpstat -v | cut -f 3 -d" " | sed 's/:$//' )"
+
+## Add all printers needed:
+for ps in $printservers ; do
+    echo "Checking print server '$ps' for available printers:"
+    printers="$(timeout 5 lpstat -h "$ps" -U "${SUDO_USER}" -v | sed -E 's/^.+ (\w+): .+$/\1/')"
+    echo -e "$printers\n"
+    for p in $printers; do
+	if [[ "${hostgroup}" =~ "$p" ]] || [[ "${usergroup}" =~ "$p" ]] ; then
+	    if [[ "$installedprinters" =~ "$p" ]] ; then
+		echo "Print queue '$p' already available."
+	    else
+		echo "Adding print queue '$p'."
+		timeout 10 lpadmin -p "$p" -E -v \
+			"ipp://$ps/printers/$p" \
+			-m "driverless:ipp://$ps/printers/$p" || echo "Adding queue '$p' failed."
+		installedprinters+=" $p"
+	    fi
+	fi
+    done
+done