diff --git a/scanservjs.conf b/scanservjs.conf new file mode 100644 index 0000000..1e9e440 --- /dev/null +++ b/scanservjs.conf @@ -0,0 +1,13 @@ + + ServerName printscan.hp3.kto.black + + SSLEngine on + SSLCertificateFile "/etc/ssl/cert.crt" + SSLCertificateKeyFile "/etc/ssl/cert.key" + + + ProxyPass "http://127.0.0.1:8080/" + ProxyPassReverse "http://127.0.0.1:8080/" + + + diff --git a/setup.sh b/setup.sh index 7125f20..f5b2c82 100644 --- a/setup.sh +++ b/setup.sh @@ -4,7 +4,7 @@ # This script is to be run as root. # (Keep in mind that default root password is 1234) -# Flash SBC's SD with Armbian and copy this script as well as conf-sync.sh to /root +# Flash SBC's SD with Armbian and clone this repository in /root # YOU SHOULD REMOVE THIS SCRIPT AFTER SETUP @@ -23,7 +23,7 @@ install_packages() { sed -i -e "s/$deb_apt_default_repo/$deb_apt_repo/g" /etc/apt/sources.list apt update apt upgrade -y - apt install -y vim tree tmux neofetch sane sane-utils hplip + apt install -y vim tree tmux neofetch sane sane-utils hplip apache2 } add_users() { @@ -60,11 +60,11 @@ rcs_links() { # NOTE this should be handled by an install script in rcs-general echo "Linking rcs" rm /home/$user/.bashrc rm /root/.bashrc - sudo -H -u $user ln -s $sync_directory_path/bashrc /home/$user/.bashrc + sudo -H -u $user ln -s $sync_directory_path/rcs-general/bashrc /home/$user/.bashrc ln -s /home/$user/.bashrc /root/.bashrc - sudo -H -u $user ln -s $sync_directory_path/vimrc /home/$user/.vimrc + sudo -H -u $user ln -s $sync_directory_path/rcs-general/vimrc /home/$user/.vimrc ln -s /home/$user/.vimrc /root/.vimrc - sudo -H -u $user ln -s $sync_directory_path/tmux.conf /home/$user/.tmux.conf + sudo -H -u $user ln -s $sync_directory_path/rcs-general/tmux.conf /home/$user/.tmux.conf ln -s /home/$user/.tmux.conf /root/.tmux.conf } @@ -75,6 +75,33 @@ ssh_pubkey() { sudo -H -u $user mv /home/$user/.ssh/$remote_pubkey /home/$user/.ssh/authorized_keys } +# based on https://github.com/sbs20/scanservjs/blob/master/docs/install.md +install_scanservjs() { + wget -O $run_directory_path/scanservjs.tar.gz $(curl -s \ + https://api.github.com/repos/sbs20/scanservjs/releases/latest | grep browser_download_url | cut -d '"' -f 4) + mkdir $run_directory_path/scanservjs + tar -xf scanservjs.tar.gz -C $run_directory_path/scanservjs/ + sudo $run_directory_path/scanservjs/installer.sh -i + rm $run_directory_path/scanservjs.tar.gz + rm -r $run_directory_path/scanservjs +} + +tls_cert() { + echo "Generating TLS certificate" + openssl req -newkey rsa:4096 -x509 -sha256 -days 999 -nodes -out $tls_directory/$cert -keyout $tls_directory/$cert_key -subj "/C=/ST=/L=/O=/OU=/CN=" + chmod o+r $tls_directory/$cert_key +} + +set_apache() { + echo "Setting up Apache HTTP Server" + cp $run_directory_path/scanservjs.conf $apache_sites_directory_path/ + a2dissite * + a2ensite scanservjs + a2enmod ssl proxy proxy_http proxy_http2 +} + +# TODO add a firewall rule to prevent access to http:8080 from other than local + # Only run if the user is root if [[ $USER != 'root' ]] ; then echo "You must run this script as root!" @@ -97,6 +124,11 @@ systemd_units_path='/etc/systemd/system' cups_conf_path='/etc/cups' remote_pubkey_location='https://keys.kto.black' remote_pubkey='home.pub' +scanservjs_dest='/srv/scanservjs' +tls_directory='/etc/ssl/' +cert='cert.crt' +cert_key='cert.key' +apache_sites_directory_path='/etc/apache2/sites-available' # Main process # You should comment below what you do not want to happen @@ -109,13 +141,15 @@ set_cups_conf set_sane_conf rcs_links ssh_pubkey +install_scanservjs +tls_cert +set_apache echo "" echo "We're all good here!" echo "You should now:" echo "* set $user's password" echo "* lock root account" -echo "* remove setup.sh" echo "* reboot the SBC" echo "And perhaps:" echo "* connect to http://$hostname:631/ and add a printer"