Adapt script to only cover server setup

This commit is contained in:
Alexandre CATTEAU 2023-07-08 14:38:38 +02:00
parent d1b70a75dd
commit 86233b2a0a
3 changed files with 29 additions and 137 deletions

View File

@ -1,7 +1,7 @@
# Printscan server # Printscan server
## Version 3.1 ## Version 3.1
This repository contains files used to set up our printscan server on a freshly installed Armbian. Target is Bullseye. This repository contains files used to set up our printscan server.
### Introduction ### Introduction
(see wiki for need and concept explanation) (see wiki for need and concept explanation)
@ -15,7 +15,7 @@ Version 3.1 implementation works roughly as follows
* [scanservjs](https://github.com/sbs20/scanservjs) runs on the SBC, providing a web interface for scan * [scanservjs](https://github.com/sbs20/scanservjs) runs on the SBC, providing a web interface for scan
### Files ### Files
Files in this repository cover all the SBC setup Files in this repository cover only the server setup. SBC setup is now handled by `armbian-setup`
#### Installation #### Installation
* `setup.sh` is a script automating the installation and configuration of required software * `setup.sh` is a script automating the installation and configuration of required software
* `cupsd.conf` is the config file for CUPS, set by setup script * `cupsd.conf` is the config file for CUPS, set by setup script
@ -23,4 +23,3 @@ Files in this repository cover all the SBC setup
### TODO ### TODO
* Add a firewall rule to block access to port 8080 * Add a firewall rule to block access to port 8080
* REVIEW THE SCRIPT TO ONLY SET UP PRINTSCAN, INSTALLATION IS DONE BY armbian-setup

View File

@ -1,6 +1,12 @@
#!/usr/bin/env bash #!/usr/bin/env bash
if [[ $user != 'root' ]]; then
sudo="sudo"
else
sudo=""
fi
echo "Installing scanservjs directly from GitHub..." echo "Installing scanservjs directly from GitHub..."
curl -s https://raw.githubusercontent.com/sbs20/scanservjs/master/packages/server/installer.sh | bash -s -- -a curl -s https://raw.githubusercontent.com/sbs20/scanservjs/master/packages/server/installer.sh | $sudo bash -s -- -a
exit 0 exit 0

145
setup.sh
View File

@ -1,144 +1,31 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# The purpose of this script is to setup our print-scan server on a blank Armbian. run_directory=$(dirname $(readlink -f "$0"))
# This script is to be run as root.
# (Keep in mind that default root password is 1234) if [[ $user != 'root' ]]; then
# Flash SBC's SD with Armbian and clone this repository in /root sudo="sudo"
else
sudo=""
fi
# YOU SHOULD REMOVE THIS SCRIPT AFTER SETUP
# Functions
init() {
echo "Starting initialization"
echo $fqdn > /etc/hostname
#sed -i -e "s/$default_hostname/$fqdn $hostname/g" /etc/hosts
localectl set-keymap $keymap
timedatectl set-timezone $timezone
systemctl disable apt-daily-upgrade.timer
}
install_packages() {
echo "Starting packages installation"
sed -i -e "s/$deb_apt_default_repo/$deb_apt_repo/g" /etc/apt/sources.list
apt update
apt upgrade -y
apt install -y vim tree tmux neofetch sane sane-utils hplip apache2
}
add_users() {
echo "Adding users"
useradd -U -G sudo,lpadmin -m -s /bin/bash $user
chmod 700 /home/$user
echo "Let's define a password for $user as we are about to run sudo with it. It can of course be changed after setup."
passwd $user
usermod -a -G lp saned
}
get_sync() {
echo "Getting and deploying sync configuration"
sudo -H -u $user mkdir $sync_directory_path
sudo -H -u $user git clone https://gitea.kto.black/adminconf/printscan-server.git \
$sync_directory_path/printscan-server
sudo -H -u $user git clone https://gitea.kto.black/adminconf/rcs-general.git $sync_directory_path/rcs-general
sudo -H -u $user $sync_directory_path/rcs-general/install.sh
sudo -H -u $user git clone https://gitea.kto.black/adminconf/conf-sync.git $sync_directory_path/conf-sync
sudo -H -u $user cp $sync_directory_path/conf-sync/variables.conf.template \
$sync_directory_path/conf-sync/variables.conf
sudo -H -u $user sed -i -e "s/\"desktop\"/\"server\"/g" $sync_directory_path/conf-sync/variables.conf
sudo -H -u $user $sync_directory_path/conf-sync/install.sh
}
set_cups_conf() {
echo "Setting CUPS configuration" echo "Setting CUPS configuration"
mv $cups_conf_path/cupsd.conf $cups_conf_path/cupsd.conf.orig $sudo mv /etc/cups/cupsd.conf /etc/cups/cupsd.conf.orig
cp $run_directory_path/cupsd.conf $cups_conf_path/cupsd.conf $sudo cp $run_directory/cupsd.conf /etc/cups/cupsd.conf
}
ssh_pubkey() {
echo "Getting SSH public key"
sudo -H -u $user mkdir /home/$user/.ssh
sudo -H -u $user wget -P /home/$user/.ssh $remote_pubkey_location/$remote_pubkey
sudo -H -u $user mv /home/$user/.ssh/$remote_pubkey /home/$user/.ssh/authorized_keys
}
set_sshd_conf() {
echo "Editing OpenSSH daemon config..."
sed -i -e "s/#PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config
sed -i -e "s/PermitRootLogin yes/PermitRootLogin no/g" /etc/ssh/sshd_config
}
install_scanservjs() {
echo "Installing scanservjs directly from GitHub..." echo "Installing scanservjs directly from GitHub..."
curl -s https://raw.githubusercontent.com/sbs20/scanservjs/master/packages/server/installer.sh | bash -s -- -a curl -s https://raw.githubusercontent.com/sbs20/scanservjs/master/packages/server/installer.sh | $sudo bash -s -- -a
}
tls_cert() {
echo "Generating TLS certificate" echo "Generating TLS certificate"
openssl req -newkey rsa:4096 -x509 -sha256 -days 999 -nodes -out $tls_directory/$cert -keyout \ $sudo openssl req -newkey rsa:4096 -x509 -sha256 -days 999 -nodes -out /etc/ssl/cert.crt -keyout /etc/ssl/cert.key \
$tls_directory/$cert_key -subj "/C=/ST=/L=/O=/OU=/CN=" -subj "/C=/ST=/L=/O=/OU=/CN="
chmod o+r $tls_directory/$cert_key $sudo chmod o+r /etc/ssl/cert.key
}
set_apache() {
echo "Setting up Apache HTTP Server" echo "Setting up Apache HTTP Server"
cp $run_directory_path/apache-sites/scanservjs.conf $apache_sites_directory_path/ $sudo cp $run_directory/apache-sites/scanservjs.conf /etc/apache2/sites-available/
a2dissite 000-default $sudo a2dissite 000-default
a2ensite scanservjs $sudo a2ensite scanservjs
a2enmod ssl proxy proxy_http proxy_http2 $sudo a2enmod ssl proxy proxy_http proxy_http2
}
# TODO add a firewall rule to prevent access to http:8080 from other than local # TODO add a firewall rule to prevent access to http:8080 from other than local
# Only run if the user is root
if [[ $USER != 'root' ]] ; then
echo "You must run this script as root!"
exit 1
fi
run_directory_path=$(pwd)
# Set parameters
#default_hostname='pine64'
#hostname='pn1'
fqdn='pn1.hr.kto.black'
keymap='fr'
timezone='Europe/Paris'
deb_apt_default_repo='deb.debian.org'
deb_apt_repo='ftp.fr.debian.org'
user='alex'
sync_directory_path="/home/$user/.sync"
systemd_units_path='/etc/systemd/system'
cups_conf_path='/etc/cups'
remote_pubkey_location='https://keys.kto.black'
remote_pubkey='home.pub'
scanservjs_dest='/srv/scanservjs'
tls_directory='/etc/ssl/'
cert='cert.crt'
cert_key='cert.key'
apache_sites_directory_path='/etc/apache2/sites-available'
# Main process
# You should comment below what you do not want to happen
init
install_packages
add_users
get_sync
set_cups_conf
ssh_pubkey
set_sshd_conf
install_scanservjs
tls_cert
set_apache
echo ""
echo "We're all good here!"
echo "You should now:"
echo "* lock root account"
echo "* reboot the SBC"
echo "And perhaps:"
echo "* set a new password for $user"
echo "* connect to http://$hostname:631/ and add a printer"
echo "* set htop at your convenience"
echo "* remove password for sudo" # TODO we should automate that, with a flag
exit 0 exit 0