Add printers.conf.pi2last

README.md

@@ -1,24 +1,28 @@
 # Printscan server
 ## Version 3.1
 
-This repository contains files used to set up our printscan server on a freshly installed Armbian. Target is Bullseye.
+This repository contains files used to set up our printscan server.
 
 ### Introduction
 (see wiki for need and concept explanation)
 
-Version 3.1 implementation works roughly as follows:
+Version 3.1 implementation works roughly as follows
 ##### SBC
-* the Armbian-based device is connected to local network, and an all-in-one printer is connected to it via USB;
-* SANE and CUPS services are installed and running on the device;
-* CUPS is configured to provide a remote printer to network;
-* SANE is configured to provide local scan;
-* [scanservjs](https://github.com/sbs20/scanservjs) runs on the SBC, providing a web interface for scan.
+* the Armbian-based device is connected to local network, and an all-in-one printer is connected to it via USB
+* SANE and CUPS services are installed and running on the device
+* CUPS is configured to provide a remote printer to network
+* SANE is configured to provide local scan
+* [scanservjs](https://github.com/sbs20/scanservjs) runs on the SBC, providing a web interface for scan
+  * if you need adjustments (as in https://github.com/sbs20/scanservjs/blob/master/docs/10-configuration.md), first do:
+  * `sudo ln -s /usr/share/webapps/scanservjs /usr/lib/scanservjs`
 
 ### Files
-Files in this repository cover all the SBC setup.
+Files in this repository cover only the server setup. SBC setup is now handled by `armbian-setup`
 #### Installation
 * `setup.sh` is a script automating the installation and configuration of required software
 * `cupsd.conf` is the config file for CUPS, set by setup script
+* `scanservjs.conf` is an Apache HTTP vhost file for scanservjs
+* `printers.conf.pi2last` is the last known working CUPS printers configuration which allowed to share HP printer
 
 ### TODO
-* When new conf-sync will be available, adapt functions `get_conf()` and `set_conf()`.
+* Add a firewall rule to block access to port 8080

apache-sites/scanservjs.conf

@@ -1,5 +1,5 @@
 <VirtualHost *:443>
-  ServerName printscan.hp3.kto.black
+  ServerName printscan
 
   SSLEngine on
   SSLCertificateFile "/etc/ssl/cert.crt"

printers.conf.pi2last

@@ -0,0 +1,24 @@
+# Printer configuration file for CUPS v2.4.1
+# Written by cupsd
+# DO NOT EDIT THIS FILE WHEN CUPSD IS RUNNING
+NextPrinterId 2
+<Printer Deskjet>
+PrinterId 1
+UUID urn:uuid:e05e1e4c-fd3d-38e2-5d3b-596903a56af4
+Info HP Deskjet 2050 J510 series
+Location 
+MakeModel HP Deskjet 2050 j510 Series, hpcups 3.21.12
+DeviceURI hp:/usb/Deskjet_2050_J510_series?serial=CN22T184ZP05QV
+State Idle
+StateTime 1723482301
+ConfigTime 1720358534
+Type 36876
+Accepting Yes
+Shared Yes
+JobSheets none none
+QuotaPeriod 0
+PageLimit 0
+KLimit 0
+OpPolicy default
+ErrorPolicy retry-job
+</Printer>

scanservjs-update.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+if [[ $user != 'root' ]]; then
+  sudo="sudo"
+else
+  sudo=""
+fi
+
+echo "Installing scanservjs directly from GitHub..."
+curl -s https://raw.githubusercontent.com/sbs20/scanservjs/master/bootstrap.sh | sudo bash -s -- -v latest
+
+exit 0

setup.sh

@@ -1,150 +1,69 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
-# The purpose of this script is to setup our print-scan server on a blank Armbian.
-# This script is to be run as root.
+run_directory=$(dirname $(readlink -f "$0"))
+user=$(whoami)
 
-# (Keep in mind that default root password is 1234)
-# Flash SBC's SD with Armbian and clone this repository in /root
+if [[ $user != 'root' ]]; then
+  sudo="sudo"
+else
+  sudo=""
+fi
 
-# YOU SHOULD REMOVE THIS SCRIPT AFTER SETUP
+distro=$(lsb_release -si)
 
-# Functions
-init() {
-  echo "Starting initialization"
-  echo $fqdn > /etc/hostname
-  sed -i -e "s/$default_hostname/$fqdn $hostname/g" /etc/hosts
-  localectl set-keymap $keymap
-  timedatectl set-timezone $timezone
-  systemctl disable apt-daily-upgrade.timer
-}
-
-install_packages() {
-  echo "Starting packages installation"
-  sed -i -e "s/$deb_apt_default_repo/$deb_apt_repo/g" /etc/apt/sources.list
-  apt update
-  apt upgrade -y
-  apt install -y vim tree tmux neofetch sane sane-utils hplip apache2
-}
-
-add_users() {
-  echo "Adding users"
-  useradd -U -G sudo,lpadmin -m -s /bin/bash $user
-  chmod 700 /home/$user
-  usermod -a -G lp saned
-}
-
-get_conf() { # TODO when new conf-sync will be available
-  echo "Getting configuration"
-  sudo -H -u $user mkdir $sync_directory_path
-  sudo -H -u $user git clone https://gitea.kto.black/adminconf/rcs-general.git $sync_directory_path/rcs-general
-  # git clone confsync-du-futur
-}
-
-set_conf() { # TODO when new conf-sync will be available
-  echo "Setting configuration"
-  sudo -H -u $user chmod u+x $sync_directoyy_path/rcs-general/install.sh
-  sudo -H -u $user $sync_directoyy_path/rcs-general/install.sh
-  # deploy confsync-du-futur
-}
-
-set_cups_conf() {
+# TODO if Arch
+if [[ $distro == "Debian" ]]; then
   echo "Setting CUPS configuration"
-  mv $cups_conf_path/cupsd.conf $cups_conf_path/cupsd.conf.orig
-  cp $run_directory_path/cupsd.conf $cups_conf_path/cupsd.conf
-}
+  $sudo mv /etc/cups/cupsd.conf /etc/cups/cupsd.conf.orig
+  $sudo cp $run_directory/cupsd.conf /etc/cups/cupsd.conf
+else
+  echo "TODO: Edit cupsd.conf so as to allow remote access (see Arch wiki)."
+fi
 
-set_sane_conf() {
-  systemctl enable saned.socket
-}
+if [[ $distro == "Debian" ]]; then
+  echo "Installing scanservjs directly from GitHub..."
+  curl -s https://raw.githubusercontent.com/sbs20/scanservjs/master/bootstrap.sh | sudo bash -s -- -v latest
+fi
+if [[ $distro == "Arch" ]]; then
+  echo "Starting and enabling scanservjs..."
+  $sudo systemctl enable --now scanservjs.service
+fi
 
-ssh_pubkey() {
-  echo "Getting SSH public key"
-  sudo -H -u $user mkdir /home/$user/.ssh
-  sudo -H -u $user wget -P /home/$user/.ssh $remote_pubkey_location/$remote_pubkey
-  sudo -H -u $user mv /home/$user/.ssh/$remote_pubkey /home/$user/.ssh/authorized_keys
-}
-
-# based on https://github.com/sbs20/scanservjs/blob/master/docs/install.md
-install_scanservjs() {
-  wget -O $run_directory_path/scanservjs.tar.gz $(curl -s \
-    https://api.github.com/repos/sbs20/scanservjs/releases/latest | grep browser_download_url | cut -d '"' -f 4)
-  mkdir $run_directory_path/scanservjs
-  tar -xf scanservjs.tar.gz -C $run_directory_path/scanservjs/
-  sudo $run_directory_path/scanservjs/installer.sh -i
-  rm $run_directory_path/scanservjs.tar.gz
-  rm -r $run_directory_path/scanservjs
-}
-
-tls_cert() {
 echo "Generating TLS certificate"
-  openssl req -newkey rsa:4096 -x509 -sha256 -days 999 -nodes -out $tls_directory/$cert -keyout $tls_directory/$cert_key -subj "/C=/ST=/L=/O=/OU=/CN="
-  chmod o+r $tls_directory/$cert_key
-}
+$sudo openssl req -newkey rsa:4096 -x509 -sha256 -days 999 -nodes -out /etc/ssl/cert.crt -keyout /etc/ssl/cert.key \
+  -subj "/C=/ST=/L=/O=/OU=/CN="
+$sudo chmod o+r /etc/ssl/cert.key
 
-set_apache() {
 echo "Setting up Apache HTTP Server"
-  cp $run_directory_path/scanservjs.conf $apache_sites_directory_path/
-  a2dissite *
-  a2ensite scanservjs
-  a2enmod ssl proxy proxy_http proxy_http2
-}
+if [[ $distro == "Arch" ]]; then
+  $sudo cp $run_directory/apache-sites/scanservjs.conf /etc/apache2/sites-available/scanservjs.conf
+  $sudo a2dissite 000-default
+  $sudo a2ensite scanservjs
+  $sudo a2enmod ssl proxy proxy_http proxy_http2
+fi
+if [[ $distro == "Arch" ]]; then
+  $sudo cp $run_directory/apache-sites/scanservjs.conf /etc/httpd/conf/scanservjs.conf
+  $sudo sed -i -e "s/#ServerName www.example.com:80/#ServerName www.example.com:80\nServerName mn2.hr.kto.black/g" \
+    /etc/httpd/conf/httpd.conf
+  $sudo sed -i -e "s:#LoadModule ssl_module modules/mod_ssl.so:LoadModule ssl_module modules/mod_ssl.so:g" \
+    /etc/httpd/conf/httpd.conf
+  $sudo sed -i -e "s:#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so:LoadModule socache_shmcb_module modules/mod_socache_shmcb.so:g" \
+    /etc/httpd/conf/httpd.conf
+  $sudo sed -i -e "s/Listen 80/Listen 443/g" /etc/httpd/conf/httpd.conf
+  $sudo sed -i -e "s:#LoadModule proxy_module modules/mod_proxy.so:LoadModule proxy_module modules/mod_proxy.so:g" \
+    /etc/httpd/conf/httpd.conf
+  $sudo sed -i -e "s:#LoadModule proxy_http_module modules/mod_proxy_http.so:LoadModule proxy_http_module modules/mod_proxy_http.so:g" \
+    /etc/httpd/conf/httpd.conf
+  $sudo sed -i -e "s:#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so:LoadModule proxy_balancer_module modules/mod_proxy_balancer.so:g" \
+    /etc/httpd/conf/httpd.conf
+  $sudo sed -i -e "s:#LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so:LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so:g" \
+    /etc/httpd/conf/httpd.conf
+  $sudo sed -i -e "s:#LoadModule watchdog_module modules/mod_watchdog.so:LoadModule watchdog_module modules/mod_watchdog.so:g" \
+    /etc/httpd/conf/httpd.conf
+  $sudo bash -c 'echo "Include conf/scanservjs.conf" >> /etc/httpd/conf/httpd.conf'
+  $sudo systemctl enable --now httpd.service
+fi
 
 # TODO add a firewall rule to prevent access to http:8080 from other than local
 
-# Only run if the user is root
-if [[ $USER != 'root' ]] ; then
-  echo "You must run this script as root!"
-  exit 1
-fi
-
-run_directory_path=$(pwd)
-
-# Set parameters
-default_hostname='pine64'
-hostname='pn1'
-fqdn='pn1.hr.kto.black'
-keymap='fr'
-timezone='Europe/Paris'
-deb_apt_default_repo='deb.debian.org'
-deb_apt_repo='ftp.fr.debian.org'
-user='alex'
-sync_directory_path="/home/$user/.sync"
-systemd_units_path='/etc/systemd/system'
-cups_conf_path='/etc/cups'
-remote_pubkey_location='https://keys.kto.black'
-remote_pubkey='home.pub'
-scanservjs_dest='/srv/scanservjs'
-tls_directory='/etc/ssl/'
-cert='cert.crt'
-cert_key='cert.key'
-apache_sites_directory_path='/etc/apache2/sites-available'
-
-# Main process
-# You should comment below what you do not want to happen
-init
-install_packages
-add_users
-get_conf
-set_conf
-set_cups_conf
-set_sane_conf
-ssh_pubkey
-install_scanservjs
-tls_cert
-set_apache
-
-echo ""
-echo "We're all good here!"
-echo "You should now:"
-echo "* set $user's password"
-echo "* lock root account"
-echo "* reboot the SBC"
-echo "And perhaps:"
-echo "* connect to http://$hostname:631/ and add a printer"
-echo "* set htop at your convenience"
-echo "* remove password for sudo" # TODO we should automate that, with a flag
-echo "* use below commands to edit SSH config:"
-echo "    sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config"
-echo "    sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config"
-echo "* MIND THAT CONF-SYNC IS NOT SET"
 exit 0