Compare commits

..

No commits in common. "6fa46da7634d7caa80d1dbea8ae14c8d1e864f05" and "f43d3d514f7a8a46deba873b983278fb3b264df8" have entirely different histories.

12 changed files with 190 additions and 24 deletions

View File

@ -1,23 +1,27 @@
# Printscan server # Printscan server
## Version 3 ## Version 2
This repository contains files used to set up our printscan server on a freshly installed Armbian. Target is Bullseye. This repository contains files used to set up our printscan server on a freshly installed Armbian. Confirmed to work
with Buster.
### Introduction ### Introduction
(see wiki for need and concept explanation) (see wiki for need and concept explanation)
Version 3 implementation works roughly as follows: Version 2 implementation works roughly as follows:
##### SBC
* the Armbian-based device is connected to local network, and an all-in-one printer is connected to it via USB; * the Armbian-based device is connected to local network, and an all-in-one printer is connected to it via USB;
* SANE and CUPS services are installed and running on the device; * SANE and CUPS services are installed and running on the device;
* CUPS is configured to provide a remote printer to network; * CUPS is configured to provide a remote printer to network;
* SANE is configured to provide network scan to a specific host only. * SANE is configured for local use only (default behaviour);
* An headless X server is activable via [noVNC](https://github.com/novnc/noVNC);
##### Applicative container * This X session presents [Simple Scan](https://github.com/GNOME/simple-scan) tool, allowing users to perform scans;
* this specific host is an applicative container running [scanservjs](https://github.com/sbs20/scanservjs); * The resulted document is automatically uploaded to Kloud, in a temporary directory;
* it is configured to use the scanner provided by the SBC. * Every night, the directory from previous day is removed from Kloud.
### Files ### Files
Files in this repository only cover the SBC setup.
#### Installation #### Installation
* `setup.sh` is a script automating the installation and configuration of required software * `setup.sh` is a script automating the installation and configuration of required software
#### Run
* `novnc.service`, `vnc.socket` and `vnc@.service` manage the headless X session
* `scan.mount` configures a tmpfs at boot where to store scanned documents before they're sent to Kloud
* `scan-to-cloud.{sh,service,path}` trigger and manage the upload to Kloud
* `clean-cloud.{sh,service,timer}` trigger and manage the removal of previous directory from Kloud

7
clean-cloud.service Normal file
View File

@ -0,0 +1,7 @@
[Unit]
Description=Clean remote dropbox
[Service]
User=scan
Type=oneshot
ExecStart=/home/scan/.sync/clean-cloud.sh

25
clean-cloud.sh Normal file
View File

@ -0,0 +1,25 @@
#!/bin/bash
# The purpose of this script is to automatically empty our remote sandbox.
# This script is not to be run as root, rather as the user responsible for scanning.
# Only run if the user is not root
if [[ $USER = 'root' ]] ; then
echo "You must not run this script as root!"
exit 1
fi
# Set parameters
remote_path='https://cloud.kto.black/remote.php/webdav/Scans'
remote_user='scan'
remote_passwd='rB2TgFpNXk3BbZ44'
subdirectories_prefix='scans'
yesterday=$(date -d "-1 days" +"%Y%m%d")
today=$(date +"%Y%m%d")
curl -s -u $remote_user:$remote_passwd -X DELETE $remote_path/$subdirectories_prefix-$yesterday
curl -s -u $remote_user:$remote_passwd -X MKCOL $remote_path/$subdirectories_prefix-$today
echo "Cleaning done."
exit 0

9
clean-cloud.timer Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Description=Run clean-cloud regularly
[Timer]
OnCalendar=*-*-* 02:00:00
Persistent=true
[Install]
WantedBy=timers.target

10
novnc.service Normal file
View File

@ -0,0 +1,10 @@
[Unit]
Description=noVNC proxy with Websockify
[Service]
User=scan
Type=simple
ExecStart=/usr/bin/websockify --ssl-only --cert /etc/ssl/cert.crt --key /etc/ssl/cert.key --web /usr/share/novnc 8080 localhost:5900
[Install]
WantedBy=default.target

8
scan-to-cloud.path Normal file
View File

@ -0,0 +1,8 @@
[Unit]
Description=Run scan-to-cloud when a new document is scanned
[Path]
DirectoryNotEmpty=/scan
[Install]
WantedBy=paths.target

7
scan-to-cloud.service Normal file
View File

@ -0,0 +1,7 @@
[Unit]
Description=Upload scanned document to dropbox
[Service]
User=scan
Type=oneshot
ExecStart=/home/scan/.sync/scan-to-cloud.sh

33
scan-to-cloud.sh Normal file
View File

@ -0,0 +1,33 @@
#!/bin/bash
# The purpose of this script is to automaticaly upload scanned documents to a remote dropbox.
# This script is not to be run as root, rather as the user responsible for scanning.
# Only run if the user is not root
if [[ $USER = 'root' ]] ; then
echo "You must not run this script as root!"
exit 1
fi
# Set parameters
scan_directory='/scan'
remote_path='https://cloud.kto.black/remote.php/webdav/Scans'
remote_user='scan'
remote_passwd='rB2TgFpNXk3BbZ44'
subdirectories_prefix='scans'
today=$(date +"%Y%m%d")
# The script is executed a bit too early, so we need to wait a few seconds.
sleep 5s
for filename in $scan_directory/*; do
#echo "Creating today's directory..." # I'd like to remove these 2 lines
#curl -s -u $remote_user:$remote_passwd -X MKCOL $remote_path/$subdirectories_prefix-$today
echo "Uploading $filename..."
curl -s -u $remote_user:$remote_passwd -T "$filename" $remote_path/$subdirectories_prefix-$today/
rm "$filename"
done
echo "Upload done."
exit 0

11
scan.mount Normal file
View File

@ -0,0 +1,11 @@
[Unit]
Description=tmpfs for scanned documents
[Mount]
What=tmpfs
Where=/scan
Type=tmpfs
Options=noatime,uid=1001,gid=1001
[Install]
WantedBy=default.target

View File

@ -23,14 +23,15 @@ install_packages() {
sed -i -e "s/$deb_apt_default_repo/$deb_apt_repo/g" /etc/apt/sources.list sed -i -e "s/$deb_apt_default_repo/$deb_apt_repo/g" /etc/apt/sources.list
apt update apt update
apt upgrade -y apt upgrade -y
apt install -y vim tree tmux neofetch sane sane-utils hplip apt install -y vim tree tmux neofetch simple-scan sane hplip novnc x11vnc xvfb xinit libglib2.0-bin dbus-x11
} }
add_users() { add_users() {
echo "Adding users" echo "Adding users"
useradd -U -G sudo,lpadmin -m -s /bin/bash $user useradd -U -G sudo,lpadmin -m -s /bin/bash $user
chmod 700 /home/$user chmod 700 /home/$user
usermod -a -G lp saned useradd -U -G scanner,lp -m -s /sbin/nologin $scan_user
chmod 700 /home/$scan_user
} }
get_conf() { get_conf() {
@ -44,10 +45,30 @@ get_conf() {
set_conf() { set_conf() {
echo "Setting configuration" echo "Setting configuration"
ln -s $sync_directory_path/conf-sync-server.timer $systemd_units_path/conf-sync.timer sudo -H -u $user chmod uo+x $sync_directory_path/clean-cloud.sh $sync_directory_path/scan-to-cloud.sh
ln -s $sync_directory_path/*.service $systemd_units_path/ ln -s $sync_directory_path/*.service $systemd_units_path/
ln -s $sync_directory_path/*.timer $systemd_units_path/
ln -s $sync_directory_path/*.socket $systemd_units_path/
ln -s $sync_directory_path/*.mount $systemd_units_path/
ln -s $sync_directory_path/*.path $systemd_units_path/
systemctl daemon-reload systemctl daemon-reload
systemctl enable conf-sync.timer systemctl enable novnc.service vnc.socket conf-sync.timer clean-cloud.timer scan.mount #scan-to-cloud.path
}
set_scan_conf() {
echo "Setting scan configuration"
sudo -H -u $scan_user sh -c "echo 'simple-scan' > $scan_user_home_directory/.xinitrc" # TODO this should be done another way
touch $passwd_file
chown $scan_user:$scan_user $passwd_file
sudo -H -u $scan_user x11vnc -storepasswd $vnc_passwd $passwd_file
touch $x11vnc_logfile
chown $scan_user:$scan_user $x11vnc_logfile
mkdir $scan_tmpfs
chown $scan_user:$scan_user $scan_tmpfs
sudo -H -u $scan_user gsettings set org.gnome.SimpleScan paper-height 2970 # those don't work
sudo -H -u $scan_user gsettings set org.gnome.SimpleScan paper-width 2100
sudo -H -u $scan_user gsettings set org.gnome.SimpleScan save-directory $scan_tmpfs
cp $novnc_webroot/vnc.html $novnc_webroot/index.html
} }
set_cups_conf() { set_cups_conf() {
@ -56,11 +77,6 @@ set_cups_conf() {
ln -s $sync_directory_path/cupsd.conf $cups_conf_path/cupsd.conf ln -s $sync_directory_path/cupsd.conf $cups_conf_path/cupsd.conf
} }
set_sane_conf() {
echo $printscan_container_ip >> /etc/sane.d/saned.conf
systemctl enable saned.socket
}
rcs_links() { rcs_links() {
echo "Linking rcs" echo "Linking rcs"
rm /home/$user/.bashrc rm /home/$user/.bashrc
@ -69,8 +85,6 @@ rcs_links() {
ln -s /home/$user/.bashrc /root/.bashrc ln -s /home/$user/.bashrc /root/.bashrc
sudo -H -u $user ln -s $sync_directory_path/vimrc /home/$user/.vimrc sudo -H -u $user ln -s $sync_directory_path/vimrc /home/$user/.vimrc
ln -s /home/$user/.vimrc /root/.vimrc ln -s /home/$user/.vimrc /root/.vimrc
sudo -H -u $user ln -s $sync_directory_path/tmux.conf /home/$user/.tmux.conf
ln -s /home/$user/.tmux.conf /root/.tmux.conf
} }
ssh_pubkey() { ssh_pubkey() {
@ -80,6 +94,12 @@ ssh_pubkey() {
sudo -H -u $user mv /home/$user/.ssh/$remote_pubkey /home/$user/.ssh/authorized_keys sudo -H -u $user mv /home/$user/.ssh/$remote_pubkey /home/$user/.ssh/authorized_keys
} }
tls_cert() {
echo "Generating TLS certificate"
openssl req -newkey rsa:4096 -x509 -sha256 -days 999 -nodes -out $tls_directory/$cert -keyout $tls_directory/$cert_key -subj "/C=/ST=/L=/O=/OU=/CN="
chmod o+r $tls_directory/$cert_key
}
# Only run if the user is root # Only run if the user is root
if [[ $USER != 'root' ]] ; then if [[ $USER != 'root' ]] ; then
echo "You must run this script as root!" echo "You must run this script as root!"
@ -102,9 +122,16 @@ scan_user_home_directory="/home/$scan_user"
sync_directory_path="/home/$user/.sync" sync_directory_path="/home/$user/.sync"
systemd_units_path='/etc/systemd/system' systemd_units_path='/etc/systemd/system'
cups_conf_path='/etc/cups' cups_conf_path='/etc/cups'
printscan_container_ip='192.168.0.91' vnc_passwd='windows'
passwd_file='/etc/passwdd'
x11vnc_logfile='/var/log/x11vnc.log'
scan_tmpfs='/scan'
novnc_webroot='/usr/share/novnc'
remote_pubkey_location='https://keys.kto.black' remote_pubkey_location='https://keys.kto.black'
remote_pubkey='home.pub' remote_pubkey='home.pub'
tls_directory='/etc/ssl/'
cert='cert.crt'
cert_key='cert.key'
# Main process # Main process
# You should comment below what you do not want to happen # You should comment below what you do not want to happen
@ -113,17 +140,18 @@ install_packages
add_users add_users
get_conf get_conf
set_conf set_conf
set_scan_conf
set_cups_conf set_cups_conf
set_sane_conf
rcs_links rcs_links
ssh_pubkey ssh_pubkey
tls_cert
echo "" echo ""
echo "We're all good here!" echo "We're all good here!"
echo "You should now:" echo "You should now:"
echo "* set $user's password" echo "* set $user's password"
echo "* lock root account" echo "* lock root account"
echo "* remove setup.sh and conf-sync.sh" echo "* remove setup.sh"
echo "* reboot the SBC" echo "* reboot the SBC"
echo "And perhaps:" echo "And perhaps:"
echo "* connect to http://$hostname:631/ and add a printer" echo "* connect to http://$hostname:631/ and add a printer"

10
vnc.socket Normal file
View File

@ -0,0 +1,10 @@
[Unit]
Description=VNC incoming socket
[Socket]
ListenStream=127.0.0.1:5900
Accept=yes
MaxConnections=5
[Install]
WantedBy=sockets.target

14
vnc@.service Normal file
View File

@ -0,0 +1,14 @@
# VNC password should be set in /etc/passwdd
# TODO we still need to handle session termination
[Unit]
Description=Specific x11vnc session
OnFailure=scan-to-cloud.service
[Service]
User=scan
Type=simple
ExecStart=/usr/bin/x11vnc -once -create -localhost -inetd -bg -o /var/log/x11vnc.log -rfbauth /etc/passwdd
#ExecStop=/usr/bin/x11vnc -R stop # TODO test that, unless it prevents OnFailure from working
StandardInput=socket
StandardError=syslog