Adapt script to only cover server setup

2023-07-08 14:38:38 +02:00 · 2023-07-08 14:38:38 +02:00 · 86233b2a0a
commit 86233b2a0a
parent d1b70a75dd
3 changed files with 29 additions and 137 deletions
--- a/README.md
+++ b/README.md
@ -1,7 +1,7 @@
 # Printscan server
 ## Version 3.1

-This repository contains files used to set up our printscan server on a freshly installed Armbian. Target is Bullseye.
+This repository contains files used to set up our printscan server.

 ### Introduction
 (see wiki for need and concept explanation)
@ -15,7 +15,7 @@ Version 3.1 implementation works roughly as follows
 * [scanservjs](https://github.com/sbs20/scanservjs) runs on the SBC, providing a web interface for scan

 ### Files
-Files in this repository cover all the SBC setup
+Files in this repository cover only the server setup. SBC setup is now handled by `armbian-setup`
 #### Installation
 * `setup.sh` is a script automating the installation and configuration of required software
 * `cupsd.conf` is the config file for CUPS, set by setup script
@ -23,4 +23,3 @@ Files in this repository cover all the SBC setup

 ### TODO
 * Add a firewall rule to block access to port 8080
-* REVIEW THE SCRIPT TO ONLY SET UP PRINTSCAN, INSTALLATION IS DONE BY armbian-setup
--- a/scanservjs-update.sh
+++ b/scanservjs-update.sh
@ -1,6 +1,12 @@
 #!/usr/bin/env bash

+if [[ $user != 'root' ]]; then
+  sudo="sudo"
+else
+  sudo=""
+fi
+
 echo "Installing scanservjs directly from GitHub..."
-curl -s https://raw.githubusercontent.com/sbs20/scanservjs/master/packages/server/installer.sh | bash -s -- -a
+curl -s https://raw.githubusercontent.com/sbs20/scanservjs/master/packages/server/installer.sh | $sudo bash -s -- -a

 exit 0
--- a/setup.sh
+++ b/setup.sh
@ -1,144 +1,31 @@
 #!/usr/bin/env bash

-# The purpose of this script is to setup our print-scan server on a blank Armbian.
-# This script is to be run as root.
+run_directory=$(dirname $(readlink -f "$0"))

-# (Keep in mind that default root password is 1234)
-# Flash SBC's SD with Armbian and clone this repository in /root
+if [[ $user != 'root' ]]; then
+  sudo="sudo"
+else
+  sudo=""
+fi

-# YOU SHOULD REMOVE THIS SCRIPT AFTER SETUP
+echo "Setting CUPS configuration"
+$sudo mv /etc/cups/cupsd.conf /etc/cups/cupsd.conf.orig
+$sudo cp $run_directory/cupsd.conf /etc/cups/cupsd.conf

-# Functions
-init() {
-  echo "Starting initialization"
-  echo $fqdn > /etc/hostname
-  #sed -i -e "s/$default_hostname/$fqdn $hostname/g" /etc/hosts
-  localectl set-keymap $keymap
-  timedatectl set-timezone $timezone
-  systemctl disable apt-daily-upgrade.timer
-}
+echo "Installing scanservjs directly from GitHub..."
+curl -s https://raw.githubusercontent.com/sbs20/scanservjs/master/packages/server/installer.sh | $sudo bash -s -- -a

-install_packages() {
-  echo "Starting packages installation"
-  sed -i -e "s/$deb_apt_default_repo/$deb_apt_repo/g" /etc/apt/sources.list
-  apt update
-  apt upgrade -y
-  apt install -y vim tree tmux neofetch sane sane-utils hplip apache2
-}
+echo "Generating TLS certificate"
+$sudo openssl req -newkey rsa:4096 -x509 -sha256 -days 999 -nodes -out /etc/ssl/cert.crt -keyout /etc/ssl/cert.key \
+  -subj "/C=/ST=/L=/O=/OU=/CN="
+$sudo chmod o+r /etc/ssl/cert.key

-add_users() {
-  echo "Adding users"
-  useradd -U -G sudo,lpadmin -m -s /bin/bash $user
-  chmod 700 /home/$user
-  echo "Let's define a password for $user as we are about to run sudo with it. It can of course be changed after setup."
-  passwd $user
-  usermod -a -G lp saned
-}
-
-get_sync() {
-  echo "Getting and deploying sync configuration"
-  sudo -H -u $user mkdir $sync_directory_path
-  sudo -H -u $user git clone https://gitea.kto.black/adminconf/printscan-server.git \
-    $sync_directory_path/printscan-server
-  sudo -H -u $user git clone https://gitea.kto.black/adminconf/rcs-general.git $sync_directory_path/rcs-general
-  sudo -H -u $user $sync_directory_path/rcs-general/install.sh
-  sudo -H -u $user git clone https://gitea.kto.black/adminconf/conf-sync.git $sync_directory_path/conf-sync
-  sudo -H -u $user cp $sync_directory_path/conf-sync/variables.conf.template \
-    $sync_directory_path/conf-sync/variables.conf
-  sudo -H -u $user sed -i -e "s/\"desktop\"/\"server\"/g" $sync_directory_path/conf-sync/variables.conf
-  sudo -H -u $user $sync_directory_path/conf-sync/install.sh
-}
-
-set_cups_conf() {
-  echo "Setting CUPS configuration"
-  mv $cups_conf_path/cupsd.conf $cups_conf_path/cupsd.conf.orig
-  cp $run_directory_path/cupsd.conf $cups_conf_path/cupsd.conf
-}
-
-ssh_pubkey() {
-  echo "Getting SSH public key"
-  sudo -H -u $user mkdir /home/$user/.ssh
-  sudo -H -u $user wget -P /home/$user/.ssh $remote_pubkey_location/$remote_pubkey
-  sudo -H -u $user mv /home/$user/.ssh/$remote_pubkey /home/$user/.ssh/authorized_keys
-}
-
-set_sshd_conf() {
-  echo "Editing OpenSSH daemon config..."
-  sed -i -e "s/#PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config
-  sed -i -e "s/PermitRootLogin yes/PermitRootLogin no/g" /etc/ssh/sshd_config
-}
-
-install_scanservjs() {
-  echo "Installing scanservjs directly from GitHub..."
-  curl -s https://raw.githubusercontent.com/sbs20/scanservjs/master/packages/server/installer.sh | bash -s -- -a
-}
-
-tls_cert() {
-  echo "Generating TLS certificate"
-  openssl req -newkey rsa:4096 -x509 -sha256 -days 999 -nodes -out $tls_directory/$cert -keyout \
-    $tls_directory/$cert_key -subj "/C=/ST=/L=/O=/OU=/CN="
-  chmod o+r $tls_directory/$cert_key
-}
-
-set_apache() {
-  echo "Setting up Apache HTTP Server"
-  cp $run_directory_path/apache-sites/scanservjs.conf $apache_sites_directory_path/
-  a2dissite 000-default
-  a2ensite scanservjs
-  a2enmod ssl proxy proxy_http proxy_http2
-}
+echo "Setting up Apache HTTP Server"
+$sudo cp $run_directory/apache-sites/scanservjs.conf /etc/apache2/sites-available/
+$sudo a2dissite 000-default
+$sudo a2ensite scanservjs
+$sudo a2enmod ssl proxy proxy_http proxy_http2

 # TODO add a firewall rule to prevent access to http:8080 from other than local

-# Only run if the user is root
-if [[ $USER != 'root' ]] ; then
-  echo "You must run this script as root!"
-  exit 1
-fi
-
-run_directory_path=$(pwd)
-
-# Set parameters
-#default_hostname='pine64'
-#hostname='pn1'
-fqdn='pn1.hr.kto.black'
-keymap='fr'
-timezone='Europe/Paris'
-deb_apt_default_repo='deb.debian.org'
-deb_apt_repo='ftp.fr.debian.org'
-user='alex'
-sync_directory_path="/home/$user/.sync"
-systemd_units_path='/etc/systemd/system'
-cups_conf_path='/etc/cups'
-remote_pubkey_location='https://keys.kto.black'
-remote_pubkey='home.pub'
-scanservjs_dest='/srv/scanservjs'
-tls_directory='/etc/ssl/'
-cert='cert.crt'
-cert_key='cert.key'
-apache_sites_directory_path='/etc/apache2/sites-available'
-
-# Main process
-# You should comment below what you do not want to happen
-init
-install_packages
-add_users
-get_sync
-set_cups_conf
-ssh_pubkey
-set_sshd_conf
-install_scanservjs
-tls_cert
-set_apache
-
-echo ""
-echo "We're all good here!"
-echo "You should now:"
-echo "* lock root account"
-echo "* reboot the SBC"
-echo "And perhaps:"
-echo "* set a new password for $user"
-echo "* connect to http://$hostname:631/ and add a printer"
-echo "* set htop at your convenience"
-echo "* remove password for sudo" # TODO we should automate that, with a flag
 exit 0