Browse Source

init

develop
Robin Thoni 2 years ago
commit
af872542ab
Signed by: Robin THONI <robin@rthoni.com> GPG Key ID: 4E09DEF46B99E61E
8 changed files with 277 additions and 0 deletions
  1. 2
    0
      .env
  2. 3
    0
      .gitignore
  3. 15
    0
      README.md
  4. 43
    0
      cups/Dockerfile
  5. 54
    0
      cups/bin/install_drivers
  6. 0
    0
      cups/drivers/.gitkeep
  7. 142
    0
      data_example/cups/config/cupsd.conf
  8. 18
    0
      docker-compose.yml

+ 2
- 0
.env View File

@@ -0,0 +1,2 @@
1
+ADMIN_USER=print
2
+ADMIN_PWD=print

+ 3
- 0
.gitignore View File

@@ -0,0 +1,3 @@
1
+/data
2
+/cups/drivers
3
+.idea

+ 15
- 0
README.md View File

@@ -0,0 +1,15 @@
1
+Installation
2
+============
3
+
4
+Replace/set the following in `.env`:
5
+- `ADMIN_USER`: The admin username
6
+- `ADMIN_PWD`: The password for the `${ADMIN_USER}` admin user
7
+
8
+Copy the default cups config and run compose.
9
+
10
+WARNING: Cups will fail and exit immediately if there is no valid `cupsd.conf` in `data/cups/config`.
11
+
12
+```shell
13
+cp -ar data_example data
14
+docker-compose up --build -d
15
+```

+ 43
- 0
cups/Dockerfile View File

@@ -0,0 +1,43 @@
1
+FROM debian:buster
2
+
3
+RUN apt-get update && \
4
+      DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -yq \
5
+      locales \
6
+      sudo \
7
+      whois \
8
+      cups \
9
+      printer-driver-all \
10
+      foomatic-db-compressed-ppds \
11
+      openprinting-ppds \
12
+      gutenprint-locales \
13
+      && \
14
+      apt-get clean && \
15
+      rm -rf /var/lib/apt/lists/*
16
+
17
+RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen en_US.UTF-8
18
+ENV LANG en_US.UTF-8
19
+ENV LANGUAGE en_US:en
20
+ENV LC_ALL en_US.UTF-8
21
+
22
+ARG ADMIN_USER=print
23
+ARG ADMIN_PWD=print
24
+
25
+RUN useradd \
26
+  --groups=sudo,lp,lpadmin \
27
+  --create-home \
28
+  --home-dir=/home/${ADMIN_USER} \
29
+  --shell=/bin/bash \
30
+  --password=$(mkpasswd ${ADMIN_PWD}) \
31
+  ${ADMIN_USER} \
32
+  && sed -i '/%sudo[[:space:]]/ s/ALL[[:space:]]*$/NOPASSWD:ALL/' /etc/sudoers
33
+
34
+COPY ./drivers /tmp/drivers
35
+
36
+COPY ./bin /usr/local/bin
37
+
38
+RUN install_drivers -d /tmp/drivers && \
39
+    rm -rf /tmp/drivers
40
+
41
+EXPOSE 631
42
+
43
+ENTRYPOINT ["/usr/sbin/cupsd", "-f"]

+ 54
- 0
cups/bin/install_drivers View File

@@ -0,0 +1,54 @@
1
+#! /bin/bash
2
+
3
+main() {
4
+
5
+  drivers_dir=""
6
+
7
+  while getopts "hd:" arg; do
8
+    case "${arg}" in
9
+    h)
10
+      echo '--help'
11
+      ;;
12
+    d)
13
+      drivers_dir="${OPTARG}"
14
+      ;;
15
+    *)
16
+      echo '??'
17
+      ;;
18
+    esac
19
+  done
20
+
21
+  shopt -s nullglob
22
+  set -e
23
+
24
+  echo "==== Driver dir: ${drivers_dir}"
25
+
26
+  for file in "${drivers_dir}"/*; do
27
+    echo "==== Processing ${file}..."
28
+    case "${file}" in
29
+    *.deb)
30
+      dpkg -i "${file}" || :
31
+      ;;
32
+    *.sh)
33
+      "${file}"
34
+      ;;
35
+    *.ppd)
36
+      cp "${file}" /usr/share/ppd/
37
+      ;;
38
+    *)
39
+      echo "==== Ignoring ${file}"
40
+      ;;
41
+    esac
42
+  done
43
+
44
+  if ! apt-get install; then
45
+    echo "==== Apt seems broken. Fixing..."
46
+    apt-get update &&
47
+      DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -yqf &&
48
+      apt-get clean &&
49
+      rm -rf /var/lib/apt/lists/*
50
+  fi
51
+
52
+}
53
+
54
+main "${@}"

+ 0
- 0
cups/drivers/.gitkeep View File


+ 142
- 0
data_example/cups/config/cupsd.conf View File

@@ -0,0 +1,142 @@
1
+#
2
+#
3
+# Sample configuration file for the CUPS scheduler.  See "man cupsd.conf" for a
4
+# complete description of this file.
5
+#
6
+
7
+ServerAlias *
8
+
9
+# Log general information in error_log - change "warn" to "debug"
10
+# for troubleshooting...
11
+LogLevel warn
12
+
13
+# Deactivate CUPS' internal logrotating, as we provide a better one, especially
14
+# LogLevel debug2 gets usable now
15
+MaxLogSize 0
16
+
17
+# Listen to all
18
+Port 631
19
+Listen /var/run/cups/cups.sock
20
+
21
+# Show shared printers on the local network.
22
+Browsing On
23
+BrowseLocalProtocols dnssd
24
+
25
+# Default authentication type, when authentication is required...
26
+DefaultAuthType Basic
27
+DefaultEncryption IfRequested
28
+
29
+# Web interface setting...
30
+WebInterface Yes
31
+
32
+# Restrict access to the server...
33
+<Location />
34
+  Order allow,deny
35
+  Allow all
36
+</Location>
37
+
38
+# Restrict access to the admin pages...
39
+<Location /admin>
40
+  Order allow,deny
41
+  Allow all
42
+</Location>
43
+
44
+# Restrict access to configuration files...
45
+<Location /admin/conf>
46
+  AuthType Default
47
+  Require user @SYSTEM
48
+  Order allow,deny
49
+  Allow all
50
+</Location>
51
+
52
+# Set the default printer/job policies...
53
+<Policy default>
54
+  # Job/subscription privacy...
55
+  JobPrivateAccess default
56
+  JobPrivateValues default
57
+  SubscriptionPrivateAccess default
58
+  SubscriptionPrivateValues default
59
+
60
+  # Job-related operations must be done by the owner or an administrator...
61
+  <Limit Create-Job Print-Job Print-URI Validate-Job>
62
+    Order deny,allow
63
+  </Limit>
64
+
65
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
66
+    Require user @OWNER @SYSTEM
67
+    Order deny,allow
68
+  </Limit>
69
+
70
+  # All administration operations require an administrator to authenticate...
71
+  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
72
+    AuthType Default
73
+    Require user @SYSTEM
74
+    Order deny,allow
75
+  </Limit>
76
+
77
+  # All printer operations require a printer operator to authenticate...
78
+  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
79
+    AuthType Default
80
+    Require user @SYSTEM
81
+    Order deny,allow
82
+  </Limit>
83
+
84
+  # Only the owner or an administrator can cancel or authenticate a job...
85
+  <Limit Cancel-Job CUPS-Authenticate-Job>
86
+    Require user @OWNER @SYSTEM
87
+    Order deny,allow
88
+  </Limit>
89
+
90
+  <Limit All>
91
+    Order deny,allow
92
+  </Limit>
93
+</Policy>
94
+
95
+# Set the authenticated printer/job policies...
96
+<Policy authenticated>
97
+  # Job/subscription privacy...
98
+  JobPrivateAccess default
99
+  JobPrivateValues default
100
+  SubscriptionPrivateAccess default
101
+  SubscriptionPrivateValues default
102
+
103
+  # Job-related operations must be done by the owner or an administrator...
104
+  <Limit Create-Job Print-Job Print-URI Validate-Job>
105
+    AuthType Default
106
+    Order deny,allow
107
+  </Limit>
108
+
109
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
110
+    AuthType Default
111
+    Require user @OWNER @SYSTEM
112
+    Order deny,allow
113
+  </Limit>
114
+
115
+  # All administration operations require an administrator to authenticate...
116
+  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
117
+    AuthType Default
118
+    Require user @SYSTEM
119
+    Order deny,allow
120
+  </Limit>
121
+
122
+  # All printer operations require a printer operator to authenticate...
123
+  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
124
+    AuthType Default
125
+    Require user @SYSTEM
126
+    Order deny,allow
127
+  </Limit>
128
+
129
+  # Only the owner or an administrator can cancel or authenticate a job...
130
+  <Limit Cancel-Job CUPS-Authenticate-Job>
131
+    AuthType Default
132
+    Require user @OWNER @SYSTEM
133
+    Order deny,allow
134
+  </Limit>
135
+
136
+  <Limit All>
137
+    Order deny,allow
138
+  </Limit>
139
+</Policy>
140
+
141
+#
142
+#

+ 18
- 0
docker-compose.yml View File

@@ -0,0 +1,18 @@
1
+version: '2'
2
+services:
3
+  cups:
4
+    build:
5
+      context: ./cups
6
+      args:
7
+        ADMIN_USER: ${ADMIN_USER}
8
+        ADMIN_PWD: ${ADMIN_PWD}
9
+    restart: unless-stopped
10
+    ports:
11
+      - "127.0.0.1:35631:631"
12
+    volumes:
13
+      - /var/run/dbus:/var/run/dbus
14
+      - /dev/bus/usb:/dev/bus/usb
15
+      - ./data/cups/config:/etc/cups
16
+      - ./data/cups/cache:/var/cache/cups
17
+      - ./data/cups/log:/var/log/cups
18
+    privileged: true

Loading…
Cancel
Save