From 2059c109d01e90c87a8fe07af0543eab3f1ed947 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Wed, 21 Aug 2019 09:54:57 +0200
Subject: [PATCH] fix group and user handling

---
 defaults/main.yml |  7 ++++---
 tasks/install.yml |  7 -------
 tasks/main.yml    |  1 +
 tasks/prepare.yml | 18 ++++++++++++++++++
 4 files changed, 23 insertions(+), 10 deletions(-)
 create mode 100644 tasks/prepare.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index ec7e188..97a8d34 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -13,8 +13,9 @@ cups_selinux_fcontext: []
 #   - -R /opt/brother
 cups_selinux_restorecon: []
 
-cups_admin_username: cupsadm
-cups_admin_password: secure
+cups_admin_group: printadmin
+cups_admin_users:
+  - { name: 'cupsadm', password: 'secure' }
 
 cups_bind_url:
   - localhost:631
@@ -25,8 +26,8 @@ cups_log_level: warn
 cups_server_admin: admin@example.com
 cups_remote_admin_enabled: False
 cups_system_groups:
-  - sys
   - root
+  - "{{ cups_admin_group }}"
 
 cups_iptables_enabled: False
 cups_open_ports:
diff --git a/tasks/install.yml b/tasks/install.yml
index 1c7c464..0f7d2ee 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -22,13 +22,6 @@
         - etc/cups/cups-files.conf
       notify: __cupsd_restart
 
-    - name: Create user '{{ cups_admin_username }}'
-      user:
-        comment: Cups Admin
-        name: "{{ cups_admin_username }}"
-        password: "{{ cups_admin_password | password_hash('sha512', inventory_hostname) }}"
-        groups: printadmin
-
     - name: Update pamd rule's control in /etc/pam.d/cups
       pamd:
         name: cups
diff --git a/tasks/main.yml b/tasks/main.yml
index 2a009c0..2f0990f 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,4 +1,5 @@
 ---
+- include_tasks: prepare.yml
 - include_tasks: install.yml
 - include_tasks: selinux.yml
   when: ansible_selinux.status == "enabled"
diff --git a/tasks/prepare.yml b/tasks/prepare.yml
new file mode 100644
index 0000000..4cac89d
--- /dev/null
+++ b/tasks/prepare.yml
@@ -0,0 +1,18 @@
+---
+- block:
+    - name: Create system groups
+      group:
+        name: "{{ item }}"
+        state: present
+      loop: "{{ cups_system_groups }}"
+
+    - name: Create cups admin users
+      user:
+        comment: Cups Admin
+        name: "{{ item.name }}"
+        password: "{{ item.password | password_hash('sha512', inventory_hostname) }}"
+        groups: "{{ cups_admin_group }}"
+        state: present
+      loop: "{{ cups_admin_users }}"
+  become: True
+  become_user: root