From 86233b2a0ac95a29e6877e8c11e78a18c95be137 Mon Sep 17 00:00:00 2001 From: Alexandre CATTEAU Date: Sat, 8 Jul 2023 14:38:38 +0200 Subject: [PATCH] Adapt script to only cover server setup --- README.md | 5 +- scanservjs-update.sh | 8 ++- setup.sh | 153 ++++++------------------------------------- 3 files changed, 29 insertions(+), 137 deletions(-) diff --git a/README.md b/README.md index b324975..9723d99 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Printscan server ## Version 3.1 -This repository contains files used to set up our printscan server on a freshly installed Armbian. Target is Bullseye. +This repository contains files used to set up our printscan server. ### Introduction (see wiki for need and concept explanation) @@ -15,7 +15,7 @@ Version 3.1 implementation works roughly as follows * [scanservjs](https://github.com/sbs20/scanservjs) runs on the SBC, providing a web interface for scan ### Files -Files in this repository cover all the SBC setup +Files in this repository cover only the server setup. SBC setup is now handled by `armbian-setup` #### Installation * `setup.sh` is a script automating the installation and configuration of required software * `cupsd.conf` is the config file for CUPS, set by setup script @@ -23,4 +23,3 @@ Files in this repository cover all the SBC setup ### TODO * Add a firewall rule to block access to port 8080 -* REVIEW THE SCRIPT TO ONLY SET UP PRINTSCAN, INSTALLATION IS DONE BY armbian-setup diff --git a/scanservjs-update.sh b/scanservjs-update.sh index 152ed53..f0fe8db 100755 --- a/scanservjs-update.sh +++ b/scanservjs-update.sh @@ -1,6 +1,12 @@ #!/usr/bin/env bash +if [[ $user != 'root' ]]; then + sudo="sudo" +else + sudo="" +fi + echo "Installing scanservjs directly from GitHub..." -curl -s https://raw.githubusercontent.com/sbs20/scanservjs/master/packages/server/installer.sh | bash -s -- -a +curl -s https://raw.githubusercontent.com/sbs20/scanservjs/master/packages/server/installer.sh | $sudo bash -s -- -a exit 0 diff --git a/setup.sh b/setup.sh index 00952e3..4e99592 100644 --- a/setup.sh +++ b/setup.sh @@ -1,144 +1,31 @@ #!/usr/bin/env bash -# The purpose of this script is to setup our print-scan server on a blank Armbian. -# This script is to be run as root. +run_directory=$(dirname $(readlink -f "$0")) -# (Keep in mind that default root password is 1234) -# Flash SBC's SD with Armbian and clone this repository in /root +if [[ $user != 'root' ]]; then + sudo="sudo" +else + sudo="" +fi -# YOU SHOULD REMOVE THIS SCRIPT AFTER SETUP +echo "Setting CUPS configuration" +$sudo mv /etc/cups/cupsd.conf /etc/cups/cupsd.conf.orig +$sudo cp $run_directory/cupsd.conf /etc/cups/cupsd.conf -# Functions -init() { - echo "Starting initialization" - echo $fqdn > /etc/hostname - #sed -i -e "s/$default_hostname/$fqdn $hostname/g" /etc/hosts - localectl set-keymap $keymap - timedatectl set-timezone $timezone - systemctl disable apt-daily-upgrade.timer -} +echo "Installing scanservjs directly from GitHub..." +curl -s https://raw.githubusercontent.com/sbs20/scanservjs/master/packages/server/installer.sh | $sudo bash -s -- -a -install_packages() { - echo "Starting packages installation" - sed -i -e "s/$deb_apt_default_repo/$deb_apt_repo/g" /etc/apt/sources.list - apt update - apt upgrade -y - apt install -y vim tree tmux neofetch sane sane-utils hplip apache2 -} +echo "Generating TLS certificate" +$sudo openssl req -newkey rsa:4096 -x509 -sha256 -days 999 -nodes -out /etc/ssl/cert.crt -keyout /etc/ssl/cert.key \ + -subj "/C=/ST=/L=/O=/OU=/CN=" +$sudo chmod o+r /etc/ssl/cert.key -add_users() { - echo "Adding users" - useradd -U -G sudo,lpadmin -m -s /bin/bash $user - chmod 700 /home/$user - echo "Let's define a password for $user as we are about to run sudo with it. It can of course be changed after setup." - passwd $user - usermod -a -G lp saned -} - -get_sync() { - echo "Getting and deploying sync configuration" - sudo -H -u $user mkdir $sync_directory_path - sudo -H -u $user git clone https://gitea.kto.black/adminconf/printscan-server.git \ - $sync_directory_path/printscan-server - sudo -H -u $user git clone https://gitea.kto.black/adminconf/rcs-general.git $sync_directory_path/rcs-general - sudo -H -u $user $sync_directory_path/rcs-general/install.sh - sudo -H -u $user git clone https://gitea.kto.black/adminconf/conf-sync.git $sync_directory_path/conf-sync - sudo -H -u $user cp $sync_directory_path/conf-sync/variables.conf.template \ - $sync_directory_path/conf-sync/variables.conf - sudo -H -u $user sed -i -e "s/\"desktop\"/\"server\"/g" $sync_directory_path/conf-sync/variables.conf - sudo -H -u $user $sync_directory_path/conf-sync/install.sh -} - -set_cups_conf() { - echo "Setting CUPS configuration" - mv $cups_conf_path/cupsd.conf $cups_conf_path/cupsd.conf.orig - cp $run_directory_path/cupsd.conf $cups_conf_path/cupsd.conf -} - -ssh_pubkey() { - echo "Getting SSH public key" - sudo -H -u $user mkdir /home/$user/.ssh - sudo -H -u $user wget -P /home/$user/.ssh $remote_pubkey_location/$remote_pubkey - sudo -H -u $user mv /home/$user/.ssh/$remote_pubkey /home/$user/.ssh/authorized_keys -} - -set_sshd_conf() { - echo "Editing OpenSSH daemon config..." - sed -i -e "s/#PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config - sed -i -e "s/PermitRootLogin yes/PermitRootLogin no/g" /etc/ssh/sshd_config -} - -install_scanservjs() { - echo "Installing scanservjs directly from GitHub..." - curl -s https://raw.githubusercontent.com/sbs20/scanservjs/master/packages/server/installer.sh | bash -s -- -a -} - -tls_cert() { - echo "Generating TLS certificate" - openssl req -newkey rsa:4096 -x509 -sha256 -days 999 -nodes -out $tls_directory/$cert -keyout \ - $tls_directory/$cert_key -subj "/C=/ST=/L=/O=/OU=/CN=" - chmod o+r $tls_directory/$cert_key -} - -set_apache() { - echo "Setting up Apache HTTP Server" - cp $run_directory_path/apache-sites/scanservjs.conf $apache_sites_directory_path/ - a2dissite 000-default - a2ensite scanservjs - a2enmod ssl proxy proxy_http proxy_http2 -} +echo "Setting up Apache HTTP Server" +$sudo cp $run_directory/apache-sites/scanservjs.conf /etc/apache2/sites-available/ +$sudo a2dissite 000-default +$sudo a2ensite scanservjs +$sudo a2enmod ssl proxy proxy_http proxy_http2 # TODO add a firewall rule to prevent access to http:8080 from other than local -# Only run if the user is root -if [[ $USER != 'root' ]] ; then - echo "You must run this script as root!" - exit 1 -fi - -run_directory_path=$(pwd) - -# Set parameters -#default_hostname='pine64' -#hostname='pn1' -fqdn='pn1.hr.kto.black' -keymap='fr' -timezone='Europe/Paris' -deb_apt_default_repo='deb.debian.org' -deb_apt_repo='ftp.fr.debian.org' -user='alex' -sync_directory_path="/home/$user/.sync" -systemd_units_path='/etc/systemd/system' -cups_conf_path='/etc/cups' -remote_pubkey_location='https://keys.kto.black' -remote_pubkey='home.pub' -scanservjs_dest='/srv/scanservjs' -tls_directory='/etc/ssl/' -cert='cert.crt' -cert_key='cert.key' -apache_sites_directory_path='/etc/apache2/sites-available' - -# Main process -# You should comment below what you do not want to happen -init -install_packages -add_users -get_sync -set_cups_conf -ssh_pubkey -set_sshd_conf -install_scanservjs -tls_cert -set_apache - -echo "" -echo "We're all good here!" -echo "You should now:" -echo "* lock root account" -echo "* reboot the SBC" -echo "And perhaps:" -echo "* set a new password for $user" -echo "* connect to http://$hostname:631/ and add a printer" -echo "* set htop at your convenience" -echo "* remove password for sudo" # TODO we should automate that, with a flag exit 0